Haiqing Jiang
3296dea427
external/sepolicy: mediaserver open application data files
2012-07-24 09:01:02 -04:00
hqjiang
569f589aa6
external/sepolicy: system r/w udp_socket of appdomain
2012-07-24 09:00:32 -04:00
hqjiang
8f781f5767
external/sepolicy: install daemon unlink application data files
2012-07-24 08:59:27 -04:00
hqjiang
4c06d273bc
Target the denials/policies over qtaguid file and device: 1. Relabel /proc/net/xt_qtaguid/ctrl from "qtaguid" to "qtaguid_proc"; 2. Label /dev/xt_qtaguid with "qtaguid_device"; 3. Allow mediaserver read/[write] to qtaguid_proc and qtaguid_device; 4. Allow media apps read/[write] to qtaguid_proc and qtaguid_device; 5. Allow system read/[write] to qtaguid_proc and qtaguid_device.
...
Actually, some of policies related to qtaguid have been there already, but
we refind existing ones and add new ones.
2012-07-19 16:11:24 -04:00
hqjiang
20d6963ac2
allow camera calibration
2012-07-19 16:09:58 -04:00
Matt Finifter
af56ac1954
Include su.te only for userdebug/eng builds.
...
Change-Id: Ia544f13910abbe5e9f6a6cafae397415a41a7a94
2012-07-18 13:25:23 -07:00
Stephen Smalley
1c7351652c
Address various denials introduced by JB/4.1.
2012-07-12 13:26:15 -04:00
Stephen Smalley
c331d0fefa
Restore devnull initial sid context.
2012-07-12 10:14:38 -04:00
William Roberts
dc1072365e
Support for ocontexts per device.
...
ocontexts was split up into 4 files:
1.fs_use
2.genfs_contexts
3.initial_sid_contexts
4.port_contexts
Each file has their respective declerations in them.
Devices, in their respective device directory, can now specify sepolicy.fs_use, sepolicy.genfs_contexts, sepolicy.port_contexts, and sepolicy.initial_sid_contexts. These declerations will be added right behind their respective sepolicy counterparts in the concatenated configuration file.
2012-07-12 10:02:45 -04:00
Michal Mašek
96bf505962
Fix the app_ndk policy boolean allow rule.
2012-07-12 09:57:32 -04:00
hqjiang
e1c545d82f
correct denies of inter system processes communication over named pipe
2012-07-12 09:28:44 -04:00
hqjiang
ee5f400562
Correct denies of rpmsg device when accessing to remote processors.
2012-07-12 09:28:33 -04:00
hqjiang
81039ab556
Corrected denials for LocationManager when accessing gps over uart.
2012-07-12 09:27:40 -04:00
Stephen Smalley
60e4f114ac
Add key_socket class to socket_class_set macro. Allow system to trigger module auto-loading and to write to sockets created under /dev.
2012-06-28 14:28:24 -04:00
Stephen Smalley
965f2ff1b4
Allow system_app to set MAC enforcing mode and read MAC denials.
2012-06-28 13:59:07 -04:00
William Roberts
03d2803c54
media app should have rw access to sdcard dir and files.
2012-06-28 10:56:43 -04:00
Stephen Smalley
f3b587cab0
Rewrite app domains and seapp_contexts to leverage new seinfo tags.
2012-06-28 10:56:28 -04:00
Bob Craig
92495b38d5
Add persist.mac_enforcing_mode context
2012-06-28 10:51:25 -04:00
Stephen Smalley
35c8d4fdde
system needs open permission to qtaguid ctrl file.
2012-06-27 09:15:38 -04:00
Stephen Smalley
322b37a96c
Update system rule for qtaguid file.
2012-06-27 09:07:33 -04:00
Stephen Smalley
e4682a63ab
Allow apps to write to /proc/net/xt_qtaguid/ctrl.
2012-06-27 08:54:53 -04:00
Stephen Smalley
6c39ee00e1
Make wallpaper_file a mlstrustedobject to permit writes from any app level.
2012-06-27 08:50:27 -04:00
William Roberts
56ad8c7322
This patch fixes rild trying to access the bluetooth efs dir with read
...
perms.
2012-06-27 08:45:51 -04:00
Joshua Brindle
70d4fc2243
Add selinux network script to policy
...
Signed-off-by: Joshua Brindle <jbrindle@tresys.com>
2012-06-21 09:19:43 -04:00
William Roberts
07ef7227f9
ion fix
2012-06-20 08:03:16 -04:00
Stephen Smalley
e8bc32b46e
Public domain notice
2012-06-19 07:29:55 -04:00
William Roberts
f6f87105d4
Remove all denials caused by rild on tuna devices.
...
Tested on a maguro variant.
2012-06-07 11:52:51 -04:00
William Roberts
80ea1d2305
sdcard policy and fuse device label.
2012-05-31 09:44:51 -04:00
William Roberts
7fa2f9e0f5
Policy for hci_attach service.
2012-05-31 09:40:12 -04:00
Stephen Smalley
efd6d6e0da
Apply m4 to file_contexts and property_contexts to support includes.
2012-05-18 08:24:25 -04:00
Stephen Smalley
4e85633384
Merge branch 'aosp'
2012-04-19 10:10:22 -04:00
James Carter
a83fc379c6
Added policy to allow SEAndroidManager to read AVC messages.
2012-04-13 14:15:56 -04:00
The Android Open Source Project
d045eaec2c
am f5f899c3
: Merge from upstream sepolicy
...
* commit 'f5f899c3c0f684ffba6950b343e652abd78d0fd9':
Rework the radio vs rild property split. Only label properties with the ril. prefix with rild_prop. Allow rild and system (and radio) to set radio_prop. Only rild can set rild_prop presently.
Allow apps to write to anr_data_file for /data/anr/traces.txt.
Add policy for property service. New property_contexts file for property selabel backend. New property.te file with property type declarations. New property_service security class and set permission. Allow rules for setting properties.
Allow adbd to access the qemu device and label /dev/eac correctly.
Integrate nfc_power and rild rules from tuna sepolicy by Bryan Hinton.
Rewrite MLS constraints to only constrain open for app_data_file, not read/write.
Introduce a separate wallpaper_file type for the wallpaper file.
Introduce a separate apk_tmp_file type for the vmdl.*\.tmp files.
Allow the shell to create files on the sdcard.
Drop redundant rules.
Policy changes to support running the latest CTS.
Limit per-device policy files to a well-defined sepolicy prefix.
Add support for per-device .te and .fc files.
2012-04-10 11:31:37 -07:00
Ying Wang
911dd71d68
am f4ea5b25
: Use the checkpolicy built from source.
...
* commit 'f4ea5b25399e4c6a10aa353b0c3d40564f78e89c':
Use the checkpolicy built from source.
2012-04-10 11:31:37 -07:00
The Android Open Source Project
f5f899c3c0
Merge from upstream sepolicy
...
Change-Id: I99085d575e3d884fb04ac03ac998eb3c53eb2d9f
2012-04-10 09:52:59 -07:00
Ying Wang
f4ea5b2539
Use the checkpolicy built from source.
...
Change-Id: I22f49db3d59b50ed8975d8c1146bb9c322adbf7e
2012-04-10 09:11:08 -07:00
Ying Wang
f7741483b9
Use the checkpolicy built from source.
...
Change-Id: I22f49db3d59b50ed8975d8c1146bb9c322adbf7e
2012-04-09 15:31:03 -07:00
Stephen Smalley
730957aef3
Rework the radio vs rild property split.
...
Only label properties with the ril. prefix with rild_prop.
Allow rild and system (and radio) to set radio_prop.
Only rild can set rild_prop presently.
2012-04-04 16:01:19 -04:00
Stephen Smalley
a883c38637
Allow apps to write to anr_data_file for /data/anr/traces.txt.
2012-04-04 16:00:11 -04:00
Stephen Smalley
124720a697
Add policy for property service.
...
New property_contexts file for property selabel backend.
New property.te file with property type declarations.
New property_service security class and set permission.
Allow rules for setting properties.
2012-04-04 10:11:16 -04:00
Stephen Smalley
2cb1b31f90
Allow adbd to access the qemu device and label /dev/eac correctly.
2012-04-03 15:30:28 -04:00
Stephen Smalley
f7948230ef
Integrate nfc_power and rild rules from tuna sepolicy by Bryan Hinton.
2012-03-19 15:58:11 -04:00
Stephen Smalley
0e85c17e6e
Rewrite MLS constraints to only constrain open for app_data_file, not read/write.
2012-03-19 10:32:24 -04:00
Stephen Smalley
f6cbbe255b
Introduce a separate wallpaper_file type for the wallpaper file.
2012-03-19 10:29:36 -04:00
Stephen Smalley
59d28035a1
Introduce a separate apk_tmp_file type for the vmdl.*\.tmp files.
2012-03-19 10:24:52 -04:00
Stephen Smalley
b660916b0a
Allow the shell to create files on the sdcard.
2012-03-08 11:17:45 -05:00
Stephen Smalley
d5a70a7f7c
Drop redundant rules.
2012-03-07 15:01:53 -05:00
Stephen Smalley
c83d0087e4
Policy changes to support running the latest CTS.
2012-03-07 14:59:01 -05:00
Stephen Smalley
64935c7d87
Limit per-device policy files to a well-defined sepolicy prefix.
...
Avoid any future collisions with the use of .fc or .te suffixes in the
per-device directories. If we want multiple file support, add a separate
subdirectory for sepolicy files.
2012-03-06 13:27:39 -05:00
Stephen Smalley
5b340befb4
Add support for per-device .te and .fc files.
2012-03-06 11:12:41 -05:00