tree: 3adb65687d4b9312c8e2ce1e1ea0de88e0dcd50c [path history] [tgz]
  1. BUILD.gn
  2. OWNERS
  3. README.md
  4. build_info_allowlist_eng.txt
  5. component_event_provider_allowlist_eng.txt
  6. deprecated_ambient_replace_as_executable_allowlist_eng.txt
  7. deprecated_misc_storage_allowlist_eng.txt
  8. deprecated_shell_allowlist_eng.txt
  9. global_data_allowlist_eng.txt
  10. hub_allowlist_eng.txt
  11. package_cache_allowlist_eng.txt
  12. package_resolver_allowlist_eng.txt
  13. pkgfs_non_static_pkgs_allowlist_eng.txt
  14. pkgfs_versions_allowlist_eng.txt
  15. root_job_allowlist_eng.txt
  16. root_resource_allowlist_eng.txt
src/security/policy/README.md

Runtime Allowlist Policies

This directory contains a set of allowlists that are read by the appmgr to limit which components can access certain services and features at runtime. This runtime enforcement enables the appmgr to block the launch of unauthorized components from requesting the RootResource service or the deprecated_ambient_replace_as_executable feature.

All allowlists in this directory are postfixed with _eng to indicate that they are intended for engineering builds. This means they may include additional components required for debugging and testing that are not required by a user build.