As AOSP does not support the device admin API or the older
SEManager system app, just drop the allow rules associated with
permitting SELinux management via device admin or a system app.
Change-Id: Icdf40c9e6d343b19c156e4c7aea4cfb8c5f234ad
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
The test gracefully handles unreadable directories, so
we do not need to allow this for all file types.
Change-Id: Ib5f5be7cacc3f0270b72c046200cc3d21f3fc374
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Redundant with other rules or not required for untrusted app.
Change-Id: Idb5d50326cc14696423cf133508c0d013c5928a6
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Read access to /dev/log/* is no longer restricted.
Filtering on reads is performed per-uid by the kernel logger driver.
Change-Id: Ia986cbe66b84f3898e858c60f12c7f3d63ac47cf
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Required for If8b8d66120453123c1371ce063b6f20e8b96b6ef .
Change-Id: I98871b957db8b291cbbb827b5eb39b4279ce4194
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
timerirq_device has been removed in favor
of using the existing sensors_device domain.
Change-Id: I503e4a511c2901890356559c0afb971392b4ec6f
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
Increase the SELinux policy version to 26. This is needed
for name-based transitions used by the manta sepolicy.
Requires kernel 3.0 or higher.
Change-Id: I046fa9f7122f77506c70b2c735345bc0194935df
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This feels like a hidden bug- it shouldn't be trying to
stat everything under /cache anyways- but allowing for now.
Change-Id: Ib5ddfbb408c9f0b6c6218c78a678fcdb09360ccd
Just allow them unconditionally for compatibility.
Change-Id: I85b56532c6389bdfa25731042b98d8f254bd80ee
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
A prior merge accidentally dropped the seinfo tag from the
release keys stanza.
Change-Id: I99f9ea8d0981c5324c3875896b0673552a03d2ca
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
Allow script to union mac_permissions.xml files
specified using the BOARD_SEPOLICY_DIRS and
BOARD_SEPOLICY_UNION constructs.
Change-Id: I4fc65fd1ab4c612f25e966f030247e54a270b614
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
Assortment of policy changes include:
* Bluetooth domain to talk to init and procfs.
* New device node domains.
* Allow zygote to talk to its executable.
* Update system domain access to new device node domains.
* Create a post-process sepolicy with dontaudits removed.
* Allow rild to use the tty device.
Change-Id: Ibb96b590d0035b8f6d1606cd5e4393c174d10ffb
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
This reverts commit cd4104e84b
This builds clean locally, but seems to explode on the build servers. Reverting until there's a solution.
Change-Id: I09200db37c193f39c77486d5957a8f5916e38aa0
This reverts commit b24c30b4ed
Reverting the changes that depend on insertkeys until the issues there are resolved.
Change-Id: Ie7e0d6657d8e7cfb44fc3efa2f99c8d1011a0fe1
