tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
45661 commits 1 branch 0 tags 50 MiB
Commit graph

45661 commits

This branch
This branch
All branches
Author SHA1 Message Date
Zhihai Xu
acbded32b2 Merge "ISSUE 6849488 Bluedroid stack, remove system/bluetooth." into jb-mr1-dev 2012-09-20 16:45:49 -07:00
Stephen Smalley
c6c6aba0ec am 061f254d: Define security labeling for isolated processes. 
* commit '061f254def394fdc4784fe6c446bdd779cfec768':
  Define security labeling for isolated processes.
 2012-09-20 13:04:55 -07:00
Zhihai Xu
b620dc60b1 ISSUE 6849488 Bluedroid stack, remove system/bluetooth. 
remove system/bluetooth dependency.

bug 6849488

Change-Id: I259322385adafa4128deef5324e854bebef2b033
 2012-09-20 11:14:34 -07:00
Stephen Smalley
061f254def Define security labeling for isolated processes. 
Used when an app service is declared with android:isolatedProcess="true".
Place such processes in a separate domain, and further isolate them
from each other via categories.

Change-Id: I1d64f8278f0619eedb448f9a741f1d2c31985325
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 2012-09-20 11:00:43 -04:00
Stephen Smalley
9822c1d08f am 66a3e8d9: Drop the use of a policy version suffix on the sepolicy file. 
* commit '66a3e8d91ef6098dd7cab127530f1cdb7973f53e':
  Drop the use of a policy version suffix on the sepolicy file.
 2012-09-18 16:29:39 -07:00
Stephen Smalley
66a3e8d91e Drop the use of a policy version suffix on the sepolicy file. 
The policy version suffix support was carried over from conventional
Linux distributions, where we needed to support simultaneous installation
of multiple kernels and policies.  This isn't required for Android, so
get rid of it and thereby simplify the policy pathname.

We still default to generating a specific policy version (the highest
one supported by the emulator kernel), but this can be overridden
by setting POLICYVERS on the make command-line or in the environment.

Requires a corresponding change to libselinux.

Change-Id: I40c88e13e8063ea37c2b9ab5b3ff8b0aa595402a
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 2012-09-18 15:11:49 -04:00
Kenny Root
dfd4cfc32c am fc6b1032: Merge changes I98fc14e1,If334ba73 
* commit 'fc6b1032349381315bde67a82cf4312dbd53b9f4':
  Fix for segfault/jmp depends on unitialized variable
  Fix check_seapp segfault and undefined linking err
 2012-09-18 00:06:27 -07:00
Kenny Root
fc6b103234 Merge changes I98fc14e1,If334ba73 
* changes:
  Fix for segfault/jmp depends on unitialized variable
  Fix check_seapp segfault and undefined linking err
 2012-09-17 16:58:12 -07:00
William Roberts
b3ab56c2bf Fix for segfault/jmp depends on unitialized variable 
When realloc creates the first block of memory, it must
be initialized to NULL for the following strcat functions
to operate correctly.

Change-Id: I98fc14e1b19de5aa205354d16e54445293430d8e
 2012-09-17 16:45:48 -07:00
William Roberts
a53ccf39c2 Fix check_seapp segfault and undefined linking err 
When LINK_SEPOL_STATIC was not defined, symbol
log_warning was trying to be resolved by the linker.
That symbol was not defined as it should have been
log_warn and not log_warning.

When a key would be validated in key_map_validate(), an
unchecked key, like user, could cuase a segfault when
the se_key was getting free'd no matter what at the end
of the function, even if no se_key was alloc'd.

Change-Id: If334ba7350e6d2ad1fa9bed142bb2fabe7caa057
 2012-09-17 13:20:07 -07:00
Kenny Root
2e44ea3c1b am 9c08abbd: Merge "Allow domain access to /dev/ion" 
* commit '9c08abbd3b21f61544335d350b7b982a5cc54eee':
  Allow domain access to /dev/ion
 2012-09-17 12:07:03 -07:00
Kenny Root
9c08abbd3b Merge "Allow domain access to /dev/ion" 2012-09-17 11:46:46 -07:00
William Roberts
c2cb712a0d am c27d30a6: Correct spelling mistake 
* commit 'c27d30a6ad46963988ca1e312fa824196687e231':
  Correct spelling mistake
 2012-09-13 15:51:50 -07:00
William Roberts
ccc8271aba Allow domain access to /dev/ion 
Change-Id: I87f81a632ed61f284f2fe09726f5c4529d36f252
 2012-09-13 14:30:11 -07:00
William Roberts
c27d30a6ad Correct spelling mistake 
Change-Id: If4deccfe740c8de6b88929a0d0439667c3ea340d
 2012-09-06 19:38:39 -07:00
Jean-Baptiste Queru
d0f027ccc8 am 10f9a372: Merge upstream sepolicy into AOSP 
* commit '10f9a3727a5c46ef23f5f0385ae4ffec20cb46d9':
  Corrected gramatical issues
  Added new line to end of file
  Changed seapp_contexts temporary file naming
  Fix mls checking code
  Support overrides in seapp_contexts
  Add tf_daemon labeling support.
  Add ppp/mtp policy.
  per device seapp_context support
  dhcp policy.
  Trusted Execution Environment policy.
 2012-09-05 19:46:52 -07:00
Jean-Baptiste Queru
10f9a3727a Merge upstream sepolicy into AOSP 
Change-Id: If3ed9998033378de5b47472315444f5b8bd4743e
 2012-09-05 18:43:48 -07:00
seandroid
1148bc2a6b Merge checkseapp support. 2012-09-05 16:07:40 -04:00
William Roberts
ae23a1f36a Corrected gramatical issues 
Change-Id: I62ce62475f4a17d278243cc96db773872b2dc89c
 2012-09-05 12:53:52 -07:00
William Roberts
a861318074 Added new line to end of file 
Change-Id: I4f0576a47ca2e99bca719bf321349c7d7d05cd3c
 2012-09-05 11:23:40 -07:00
William Roberts
98ed392e68 Changed seapp_contexts temporary file naming 
Change-Id: I4f522869eeaa6f84771e4ee2328f65296dcc29db
 2012-09-05 11:23:19 -07:00
William Roberts
0ae3a8a2d5 Fix mls checking code 
Change-Id: I614caa520e218f8f148eef641fed2301571da8e1
 2012-09-04 11:51:04 -07:00
William Roberts
f0e0a94e03 Support overrides in seapp_contexts 
Provides support for overriding seapp_contexts declerations
in per device seapp_contexts files.

Change-Id: I23a0ffa1d24f1ce57825b168f29a2e885d3e1c51
 2012-09-04 10:55:38 -07:00
rpcraig
a363683c57 Add tf_daemon labeling support. 2012-08-24 08:23:20 -04:00
rpcraig
d49f7e6e36 Add ppp/mtp policy. 
Initial policy for Point-to-Point tunneling and
tunneling manager services.
 2012-08-20 06:19:36 -04:00
William Roberts
171a062571 per device seapp_context support 2012-08-16 14:00:19 -04:00
rpcraig
867ae0561c dhcp policy. 2012-08-15 06:25:14 -04:00
Jean-Baptiste Queru
aa7fb3be1b resolved conflicts for merge of 0c2e5705 to jb-mr1-dev 
Change-Id: Iee1d877788b9397ca29a6cfe7bc3015c3edbe5ac
 2012-08-13 09:06:44 -07:00
Jean-Baptiste Queru
0c2e5705d8 Merge upstream sepolicy into AOSP 
Change-Id: Ia292607cbd06514a8ac3b0ad49eaefcdce12ef16
 2012-08-13 07:50:58 -07:00
rpcraig
e07b8a56b9 Trusted Execution Environment policy. 2012-08-13 06:09:39 -04:00
Stephen Smalley
a1ce2fa221 Define wake_alarm and block_suspect capabilities. 2012-08-10 09:23:21 -04:00
rpcraig
abd977a79e Additions for grouper/JB 2012-08-10 06:25:52 -04:00
Stephen Smalley
fed246510c Allow debugfs access and setsched for mediaserver. 2012-08-09 08:36:10 -04:00
Stephen Smalley
6cce6199c3 Merge asec changes. 2012-07-31 09:52:17 -04:00
Stephen Smalley
1d19f7e356 Allow system_server to relabel /data/anr. 2012-07-31 09:45:01 -04:00
Stephen Smalley
5f9917c136 Allow debuggerd to restorecon the tombstone directory. 2012-07-31 09:15:46 -04:00
Haiqing Jiang
901cc36664 Untrusted_app gets route information 2012-07-30 16:54:24 -04:00
Haiqing Jiang
c70dc4e3c7 domain writes to cgroup pseudo filesystem 2012-07-30 16:40:03 -04:00
Stephen Smalley
d28714c6f9 Introduce app_read_logs boolean. 2012-07-30 16:04:47 -04:00
Haiqing Jiang
3261feef97 untrusted_app reads logs when android_cts enabled 2012-07-30 16:02:44 -04:00
Haiqing Jiang
173cbdd352 read permission over lnk_file to devices when android_cts enabled 2012-07-30 16:02:36 -04:00
rpcraig
e7e65d474f New asec container labeling. 
This patchset covers the /mnt/asec variety only.
 2012-07-30 14:20:40 -04:00
rpcraig
b19665c39d Add mac_permissions.xml file. 
This was moved from external/mac-policy.git
 2012-07-30 09:33:03 -04:00
Haiqing Jiang
1f0f77fcdf Allow CTS Test apps to access to system_data_file 2012-07-30 08:26:53 -04:00
Haiqing Jiang
59e9680825 socket permissions to untrusted_app 2012-07-30 08:26:47 -04:00
Haiqing Jiang
1ce0fe382a appdomain r/w apk_tmp_file and shell_data_file on android_cts enabled 2012-07-30 08:26:40 -04:00
Stephen Smalley
dd31ddfd87 seinfo can be used to select types, and sebool is now supported. 2012-07-27 17:08:21 -04:00
Haiqing Jiang
2b47c3fc35 allocate perms to platformappdomain over system_data_file 2012-07-27 17:01:33 -04:00
Haiqing Jiang
19e7fbeb25 mediaserver and system require abstract socket connnection 2012-07-27 16:22:14 -04:00
Haiqing Jiang
f6ca1605bc installd unlink platform_app_data_file 2012-07-27 16:16:39 -04:00