Assortment of policy changes include:
* Bluetooth domain to talk to init and procfs.
* New device node domains.
* Allow zygote to talk to its executable.
* Update system domain access to new device node domains.
* Create a post-process sepolicy with dontaudits removed.
* Allow rild to use the tty device.
Change-Id: Ibb96b590d0035b8f6d1606cd5e4393c174d10ffb
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
iio: Industrial I/O subsystem
usb_accessory: accessory protocol for usb
Allow system access in both cases.
Change-Id: I02db9775ec2ddaaeda40fae6d5e56e320957b09c
Signed-off-by: Robert Craig <rpcraig@tycho.ncsc.mil>
Update the file_contexts for the new location of
the policy files, as well as update the policy
for the management of these types.
Change-Id: Idc475901ed437efb325807897e620904f4ff03e9
Initial policy for software watchdog daemon
which is started by init.
Change-Id: I042a5b1698bf53ce2e50ea06851c374e5123ee2c
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
Also labels /dev/mpu and /dev/mpuirq as gps device.
mpu is motion processing unit and is resposible for
gyroscope functionality.
Change-Id: If7f1a5752c550b72fac681566e1052f09e139ff0
Policy covers:
* backup_data_file type for labeling all
files/dirs under /data dealing with
backup mechanism.
* cache_backup_file type for labeling all
files/dirs under /cache dealing with
backup mechanism. This also covers the
the use of LocalTransport for local archive
and restore testing.
* the use of 'adb shell bmgr' to initiate
backup mechanism from shell.
* the use of 'adb backup/restore' to archive
and restore the device's data.
Change-Id: I700a92d8addb9bb91474bc07ca4bb71eb4fc840e
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
A prior change added an entry for adb_keys without any security context,
yielding warnings like the following during build:
out/target/product/manta/root/file_contexts: line 7 is missing fields, skipping
This adds the missing security context field.
Change-Id: If48731c8aa7d22a3f547d0854f288ff68f9006da
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
It may be useful to generate an ext4 image of the root filesystem
instead of using a ramdisk. Whitelist entries in file_contexts to
support selinux labeling a root filesystem image.
Change-Id: I91a38d0aee4408c46cbfe5dc5e6eda198572e90f
Add policy for run-as program and label it in file_contexts.
Drop MLS constraints on local socket checks other than create/relabel
as this interferes with connections with services, in particular for
adb forward.
Change-Id: Ib0c4abeb7cbef559e150a620c45a7c31e0531114
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Update policy for Android 4.2 / latest master.
Primarily this consists of changes around the bluetooth subsystem.
The zygote also needs further permissions to set up /storage/emulated.
adbd service now gets a socket under /dev/socket.
keystore uses the binder.
Change-Id: I8c5aeb8d100313c75169734a0fa614aa974b3bfc
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Creates 2 new types:
- asec_apk_file : files found under /mnt/asec
when the asec images are mounted
- asec_image_file : the actual encrypted apks under
/data/app-asec
Change-Id: I963472add1980ac068d3a6d36a24f27233022832
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>