Commit graph

2220 commits

Author SHA1 Message Date
Shiju Mathew
b47469fb83 sepolicy: Add policies for thermal-engine
Add security policies for the thermal-engine process
to access sysfs nodes, create, listen, and read from
network sockets.

Change-Id: I2907cb26a2f4e27a2ae229bce4de038412c92bae
Signed-off-by: Shiju Mathew <shijum@codeaurora.org>
2014-07-25 17:35:03 -07:00
Avijit Kanti Das
41f971c051 sepolicy: add contexts for the audio devices
Added the context for the various audio devices
to operate with other domains. We have also added
context for audiod.
Change-Id: Ibaa2beb2fc5ff4cc16481d8764b1d8c0bcfce16c
2014-07-25 17:35:02 -07:00
Avijit Kanti Das
2877d9f575 CNE: seandroid policy files
Adding seandroid policy files for CNE module.

Change-Id: I2e5a78c3dc9397d7eea14c52a30b728fd15e24ea
2014-07-25 17:34:59 -07:00
Avijit Kanti Das
a12415c9d1 SEAndroid: RILD Contexts and Policies
Added the contexts and policies for resources used by the RIL
daemon.

Change-Id: If3b62caca46fb4e11a294eada2a61300bbcecb3a
2014-07-25 17:34:47 -07:00
Subash Abhinov Kasiviswanathan
1c02a704e3 sepolicy: Add policies for IPv6 Tethering
Added security policies needed for IPv6 tethering functionality
to perform operations on sockets. Also enabled qmuxd to operate
with smd devices

CRs-fixed: 590265
Change-Id: I32a9dd089abec3b33f2fdeca02e3e259492f8785
2014-07-25 17:10:10 -07:00
Hariprasad Jayakumar
b0024e516a SEAndroid: Enable rild_oem socket policies for radio
Adding required SEAndroid policies to enable rild_oem socket connection
from QcrilMsgTunnel app (radio UID group) as it is currently denied
by SEAndroid module.

Change-Id: Ie1a1d2fdd0fe85095d8e33c8c6d5d335c3dc2042
2014-07-25 17:10:09 -07:00
Subash Abhinov Kasiviswanathan
774cabb3a2 sepolicy: Add policies for IPv6 Tethering
Added security policies needed for IPv6 tethering functionality
to perform operations on sockets

CRs-fixed: 628313
Change-Id: Ia5d88ecac78693aff672123492bf1cb3307110a8
2014-07-25 17:09:58 -07:00
Hariprasad Jayakumar
7c207594c1 SEAndroid: Add Atfwd daemon related policies
Add ATFWD daemon context and 'allow' policies in order for its
full functionality.

Change-Id: I9dcfdb94f6502a510331b3f11e8b4ecfe56a5931
2014-07-24 02:27:06 -07:00
Biswajit Paul
6f15851aa3 Add context for persist filesystem
Label perist firmware with seandroid context

Change-Id: I0943c4cc72f4afafb560ef3f318502b7fa94502c
2014-07-24 02:25:55 -07:00
Subash Abhinov Kasiviswanathan
44889b9b68 sepolicy: Modify domain transitions for qmuxd and netmgrd
Allow domain transitions from shell, su and adbd for qmuxd and
netmgrd in case of engineering and user debug builds only

CRs-fixed: 590265
Change-Id: Ibaad1d0d547dca13fa17f7c909c6347e59a24d97
2014-07-24 02:24:49 -07:00
Brent Hronik
13300ff5a4 sepolicy: add irsc_util SELinux rules
Confines irsc_util as well as defines rules to grant
it appropriate access.

Change-Id: I8749b012ee5ca513822a9f8543436fcc5e540e1b
2014-07-24 02:23:44 -07:00
Brent Hronik
ed327441fa sepolicy: add qmi SELinux rules
Confines qmi ping and test service tests as well as defines rules to grant
them appropriate access.

CRs-Fixed: 582040
Change-Id: I57c9a82d3efcd643a6d3ac26c4217cd51b1bb86b
2014-07-24 02:22:21 -07:00
Brent Hronik
e0ed6da68a sepolicy: Add smd device contexts and rules
Add the contexts for smd devices as well as the rules for smd pkt and
tty loopback modules.

Change-Id: Ie2ac21a4a8e67bd066a80274b39e99361ad9f698
2014-07-24 02:21:12 -07:00
Dinesh K Garg
daac6433ea SEAndroid changes for HW based disk encryption
HW based disk encryption wipes the data if user enters incorrect
password for a number of times. This requires that Vold has access
to cache file and recovery.

Change-Id: Ibb3069af6a15558202c02ae5454008bb8ecb62e9
2014-07-24 02:20:05 -07:00
Avijit Kanti Das
6ce45549d0 sepolicy: add contexts for qmuxd and netmgrd
Added the context for qmuxd and netmgrd to operate
in confined domain

CRs-fixed: 590265
Change-Id: I263e19710a9cc7d4bafdb5317d9fe47315205362
2014-07-24 02:18:46 -07:00
Avijit Kanti Das
f3d0776e2d sepolicy: add contexts for the qmux devices
Added the context for the various qmux devices
to operate with other domains

CRs-fixed: 590265
Change-Id: I4e590f6db38b756064089b72b8af339d4d16b81e
2014-07-24 02:17:39 -07:00
Biswajit Paul
fbba5a597f Make adbd permisive for userdebug and eng builds
Allow adbd to be permissive for userdebug or eng builds

Change-Id: I7f3b64d0ceda8b2f3c8613f77059c2a0bf1c0f43
2014-07-24 02:16:10 -07:00
Dinesh K Garg
ac98006b03 SEAndroid changes for device encryption
Device encryption requries fsck to be run while attempting to
mount userdata partition. For encrypted device, it runs in VOLD
context. Hence, VOLD needs permission to complete the job.

Change-Id: I804153253d241050cfe5f35b3f5c129f9b91a3c6
2014-07-24 02:09:28 -07:00
Biswajit Paul
b5222a1524 Add new context to firmware images
VFAT partition is set to sdcard_external. Add a new file_type
for firmware images

Change-Id: Ida97ba0c2dd018428277a542ebec36f728613ab3
2014-07-23 23:00:37 -07:00
Dinesh K Garg
579d22d539 SEAndroid Policy changes for HW based disk encryption
HW based disk encryption depends upon qseecom and module request
operation from kernel. Adding permission for VOLD for smooth
functionality of HW based disk encryption.

Change-Id: If938f1be1067ac14d5d2f685902643c5d580d94e
2014-07-23 17:30:24 -07:00