tree: bd0c61a73513a978b924173e4ddd76e048a69eb6 [path history] [tgz]
  1. BUILD.gn
  2. OWNERS
  3. README.md
  4. build_info_allowlist_eng.txt
  5. component_event_provider_allowlist_eng.txt
  6. component_manager_policy.json5
  7. debug_resource_allowlist_eng.txt
  8. deprecated_ambient_replace_as_executable_allowlist_eng.txt
  9. deprecated_misc_storage_allowlist_eng.txt
  10. deprecated_shell_allowlist_eng.txt
  11. durable_data_allowlist_eng.txt
  12. factory_data_allowlist_eng.txt
  13. hub_allowlist_eng.txt
  14. hypervisor_resource_allowlist_eng.txt
  15. info_resource_allowlist_eng.txt
  16. ioport_resource_allowlist_eng.txt
  17. irq_resource_allowlist_eng.txt
  18. mmio_resource_allowlist_eng.txt
  19. package_cache_allowlist_eng.txt
  20. package_resolver_allowlist_eng.txt
  21. pkgfs_non_static_pkgs_allowlist_eng.txt
  22. pkgfs_versions_allowlist_eng.txt
  23. root_job_allowlist_eng.txt
  24. root_resource_allowlist_eng.txt
  25. smc_resource_allowlist_eng.txt
  26. system_updater_allowlist_eng.txt
  27. vmex_resource_allowlist_eng.txt
  28. weave_signer_allowlist_eng.txt
  29. zxcrypt/
src/security/policy/README.md

Runtime Allowlist Policies

This directory contains a set of allowlists that are read by the appmgr to limit which components can access certain services and features at runtime. This runtime enforcement enables the appmgr to block the launch of unauthorized components from requesting the RootResource service or the deprecated_ambient_replace_as_executable feature.

All allowlists in this directory are postfixed with _eng to indicate that they are intended for engineering builds. This means they may include additional components required for debugging and testing that are not required by a user build.