tequilaOS/platform_system_sepolicy

Author	SHA1	Message	Date
Nick Kralevich	08f01a335d	debuggerd.te: Fix relabelto policy denial In `0c9708b2af`, we removed relabelto from unconfined.te. This broke debuggerd. Fixed. type=1400 audit(1373668537.550:5): avc: denied { relabelto } for pid=44 comm="debuggerd" name="tombstones" dev="mtdblock1" ino=71 scontext=u:r:debuggerd:s0 tcontext=u:object_r:tombstone_data_file:s0 tclass=dir Change-Id: Ic025cbc030d6e776d9d87b1df3240fdc5f0b53d5	2013-07-12 15:38:41 -07:00
repo sync	77d4731e9d	Make all domains unconfined. This prevents denials from being generated by the base policy. Over time, these rules will be incrementally tightened to improve security. Change-Id: I4be1c987a5d69ac784a56d42fc2c9063c402de11	2013-05-20 11:08:05 -07:00
repo sync	50e37b93ac	Move domains into per-domain permissive mode. Bug: 4070557 Change-Id: I027f76cff6df90e9909711cb81fbd17db95233c1	2013-05-14 21:36:32 -07:00
William Roberts	7bb2a55c47	Give domains read access to security_file domain. /data/security is another location that policy files can reside. In fact, these policy files take precedence over their rootfs counterparts under certain circumstances. Give the appropriate players the rights to read these policy files. Change-Id: I9951c808ca97c2e35a9adb717ce5cb98cda24c41	2013-04-05 13:11:23 -07:00
Stephen Smalley	81fe5f7c0f	Allow all domains to read the log devices. Read access to /dev/log/* is no longer restricted. Filtering on reads is performed per-uid by the kernel logger driver. Change-Id: Ia986cbe66b84f3898e858c60f12c7f3d63ac47cf Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>	2013-04-05 13:07:16 -07:00
rpcraig	abd977a79e	Additions for grouper/JB	2012-08-10 06:25:52 -04:00
Stephen Smalley	5f9917c136	Allow debuggerd to restorecon the tombstone directory.	2012-07-31 09:15:46 -04:00
Stephen Smalley	c83d0087e4	Policy changes to support running the latest CTS.	2012-03-07 14:59:01 -05:00
Stephen Smalley	2dd4e51d5c	SE Android policy.	2012-01-04 12:33:27 -05:00

9 commits