tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
471 commits 1 branch 0 tags 50 MiB
Commit graph

471 commits

This branch
This branch
All branches
Author SHA1 Message Date
Richard Haines
1b46b2fe47 Fix insertkeys.py to resolve keys.conf path entries in a portable way 
Currently a path to a key in keys.conf must be fully qualified or have
the -d option appended. This fix will allow paths to have environment
variables that will be expanded. This will give portability to the
entries. For example the following entry will now be resolved correctly:
[@NET_APPS]
ALL : $ANDROID_BUILD_TOP/device/demo_vendor/demo_dev/security/net_apps.x509.pem

Change-Id: If4f169d9ed4f37b6ebd062508de058f3baeafead
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
 2013-08-08 15:13:29 +01:00
gcondra@google.com
95c960debc am 274d2927: Clean up remaining denials. 
* commit '274d2927a7ccbfd266c83d6da5e9e2772805fbd5':
  Clean up remaining denials.
 2013-05-23 19:16:15 -07:00
repo sync
274d2927a7 Clean up remaining denials. 
Bug: 8424461
Change-Id: I8f0b01cdb19b4a479d5de842f4e4844aeab00622
 2013-05-22 14:20:20 -07:00
gcondra@google.com
0f60427d2e am 77d4731e: Make all domains unconfined. 
* commit '77d4731e9d30c8971e076e2469d6957619019921':
  Make all domains unconfined.
 2013-05-20 15:52:25 -07:00
gcondra@google.com
eb2dc6d082 am 42cabf34: Revert "Add the selinux policy version number." 
* commit '42cabf341c8a600a218023ec69b3518e3d3d482c':
  Revert "Add the selinux policy version number."
 2013-05-20 15:52:25 -07:00
repo sync
77d4731e9d Make all domains unconfined. 
This prevents denials from being generated by the base policy.
Over time, these rules will be incrementally tightened to improve
security.

Change-Id: I4be1c987a5d69ac784a56d42fc2c9063c402de11
 2013-05-20 11:08:05 -07:00
repo sync
42cabf341c Revert "Add the selinux policy version number." 
This reverts commit b77b3aff2e.
 2013-05-17 12:45:05 -07:00
gcondra@google.com
92b8f14843 am 50e37b93: Move domains into per-domain permissive mode. 
* commit '50e37b93ac97631dcac6961285b92af5026557af':
  Move domains into per-domain permissive mode.
 2013-05-15 13:34:56 -07:00
gcondra@google.com
a77daf8779 am b77b3aff: Add the selinux policy version number. 
* commit 'b77b3aff2e19fb4d5a329f962fcf467fc7bbeb1a':
  Add the selinux policy version number.
 2013-05-14 23:49:14 -07:00
repo sync
50e37b93ac Move domains into per-domain permissive mode. 
Bug: 4070557
Change-Id: I027f76cff6df90e9909711cb81fbd17db95233c1
 2013-05-14 21:36:32 -07:00
repo sync
b77b3aff2e Add the selinux policy version number. 
Bug: 8841348
Change-Id: I1acf355b8e700500eeb0ddcbb8203a4769bde3bc
 2013-05-14 13:13:17 -07:00
Geremy Condra
28dde0947e am 92f35dcc: Merge "Revert "Add a policy version."" into jb-mr2-dev 
* commit '92f35dccb5bddb778d3688b47a1a01c9ced01751':
  Revert "Add a policy version."
 2013-05-10 13:14:13 -07:00
Geremy Condra
92f35dccb5 Merge "Revert "Add a policy version."" into jb-mr2-dev 2013-05-10 20:09:31 +00:00
Alex Klyubin
d0a5e06d91 am c25023e1: Merge "SELinux policy: let vold write to device:dir." into jb-mr2-dev 
* commit 'c25023e1fa8ef90634218ba5e146ed9bf80a8456':
  SELinux policy: let vold write to device:dir.
 2013-05-10 13:07:20 -07:00
Geremy Condra
869edf0e79 Revert "Add a policy version." 
Faugh. Typo.

This reverts commit adb481dd8e

Change-Id: Id1ccc0a59cc79b8ad7171fcb6b3d8cb3aaf29bee
 2013-05-10 20:06:47 +00:00
Alex Klyubin
c25023e1fa Merge "SELinux policy: let vold write to device:dir." into jb-mr2-dev 2013-05-10 20:05:19 +00:00
gcondra@google.com
06dab1bf8c am bd77ab31: Merge "Add a policy version." into jb-mr2-dev 
* commit 'bd77ab31ac7e39f1bb517237b0148b9ab62dac8f':
  Add a policy version.
 2013-05-10 12:44:23 -07:00
repo sync
bd77ab31ac Merge "Add a policy version." into jb-mr2-dev 2013-05-10 17:45:38 +00:00
repo sync
adb481dd8e Add a policy version. 
Bug: 8841348
Change-Id: I83497c9b5346ba3b35e4e288190fc217a26be505
 2013-05-10 10:44:24 -07:00
Geremy Condra
31083f9031 am 1adb7ca3: Merge "SELinux policy: let vold create /data/tmp_mnt" into jb-mr2-dev 
* commit '1adb7ca34f1049e7bac48cf0b24c8320c34b17b6':
  SELinux policy: let vold create /data/tmp_mnt
 2013-05-09 23:40:32 -07:00
Alex Klyubin
dc3853f4bb am 3b9fd5ff: SELinux policy: let adbd drop Linux capabilities. 
* commit '3b9fd5ffcd3badffc08e3e71ba4cc41d3a73c9e4':
  SELinux policy: let adbd drop Linux capabilities.
 2013-05-09 23:40:32 -07:00
Geremy Condra
1adb7ca34f Merge "SELinux policy: let vold create /data/tmp_mnt" into jb-mr2-dev 2013-05-10 00:34:52 +00:00
Alex Klyubin
7de339a16a SELinux policy: let vold create /data/tmp_mnt 
Change-Id: I40f3ccd9813e0a337ced0a44e686ab489277d78b
 2013-05-09 17:33:49 -07:00
Alex Klyubin
3b9fd5ffcd SELinux policy: let adbd drop Linux capabilities. 
Change-Id: Id41891b89c7b067919cbda06ab97d5eff2ad044f
 2013-05-10 00:30:23 +00:00
Alex Klyubin
d050c79b64 SELinux policy: let vold write to device:dir. 
I have no idea what vold is doing when this operation is attempted
(when a full-disk encrypted device is booting up). Thus, I don't know
if there is a better way of restricting the policy.

Change-Id: I537b70b1abb73c36e5abf0357b766292f625e1af
 2013-05-09 17:07:22 -07:00
Alex Klyubin
e5e98aef40 resolved conflicts for merge of 77ec892b to jb-mr2-dev-plus-aosp 
Change-Id: Ia9f34580a35d3f5ff7ea0ac9a3784d2650e61b6a
 2013-05-09 14:05:10 -07:00
Alex Klyubin
77ec892be6 SELinux policy for users of libcutils klog_write. 
klog_write/init create /dev/__kmsg__ backed by a kernel character
device, keep the file descriptor, and then immediately unlink the
file.

Change-Id: I729d224347a003eaca29299d216a53c99cc3197c
 2013-05-09 12:39:32 -07:00
Geremy Condra
8eb7d6727b am 5d54d483: Merge "SELinux policy: let vold setsched of kernel processes." into jb-mr2-dev 
* commit '5d54d483a0f2907e0e32c798c908a4cea4a426eb':
  SELinux policy: let vold setsched of kernel processes.
 2013-05-09 10:53:46 -07:00
Geremy Condra
5d54d483a0 Merge "SELinux policy: let vold setsched of kernel processes." into jb-mr2-dev 2013-05-09 17:49:48 +00:00
Alex Klyubin
c341f23e1c SELinux policy: let vold setsched of kernel processes. 
Change-Id: I2b7bf3037c94de4fecf3c3081497e0ac1dfef8a9
 2013-05-08 14:41:45 -07:00
gcondra@google.com
6747682319 am 5a745c89: Merge "Add rules for asec containers." into jb-mr2-dev 
* commit '5a745c899b16d72411d4a5886108a4483ebeb8e4':
  Add rules for asec containers.
 2013-05-08 14:20:36 -07:00
repo sync
5a745c899b Merge "Add rules for asec containers." into jb-mr2-dev 2013-05-08 21:19:08 +00:00
repo sync
11153ef349 Add rules for asec containers. 
Change-Id: I91f6965dafad54e98e2f7deda956e86acf7d0c96
 2013-05-08 14:18:33 -07:00
Geremy Condra
a55505605e am 84beb00a: Merge "SELinux policy granting vold the capability to reboot." into jb-mr2-dev 
* commit '84beb00a47215805127c13b0bcda6facc8e889bb':
  SELinux policy granting vold the capability to reboot.
 2013-05-08 12:58:11 -07:00
Geremy Condra
84beb00a47 Merge "SELinux policy granting vold the capability to reboot." into jb-mr2-dev 2013-05-08 19:54:16 +00:00
Alex Klyubin
3b5923fe1b SELinux policy granting vold the capability to reboot. 
vold reboots needs to reboot the system when it succeeds or fails to
encrypt partitions.

Change-Id: Ibb1a5378228be60215162ae248e6c1049a16b830
 2013-05-08 12:42:50 -07:00
gcondra@google.com
e0d8570a2f am 2cb928ba: Remove special rules for interacting with sockets from init. 
* commit '2cb928ba4ecc6e267bf88d8f0085b9236f2a151c':
  Remove special rules for interacting with sockets from init.
 2013-05-08 05:17:10 -07:00
repo sync
2cb928ba4e Remove special rules for interacting with sockets from init. 
Change-Id: I544c0c1bbe84834970958a65fcef1d10e7e29047
 2013-05-07 22:12:59 -07:00
gcondra@google.com
1d6c682e87 am fb076f8b: Add temporary policy for wpa_supplicant. 
* commit 'fb076f8b115cf0bb888fcfdef4e9f1e54f101d88':
  Add temporary policy for wpa_supplicant.
 2013-05-07 17:01:29 -07:00
repo sync
fb076f8b11 Add temporary policy for wpa_supplicant. 
This allows wpa_supplicant to interact with the sockets created
for it by init. Eventually we'll want those to be properly
labelled, but allow until then.

Change-Id: I33fcd22173a8d47bbc4ada8d6aa62b4d159cbb15
 2013-05-07 16:58:01 -07:00
Geremy Condra
a1890d1f42 am 59e40a04: Merge "SELinux policy that separates "init_shell" from "shell"." into jb-mr2-dev 
* commit '59e40a04e2aa5b8e0dff9942cde04704d2ce3524':
  SELinux policy that separates "init_shell" from "shell".
 2013-05-06 15:53:39 -07:00
Geremy Condra
59e40a04e2 Merge "SELinux policy that separates "init_shell" from "shell"." into jb-mr2-dev 2013-05-06 22:51:51 +00:00
Jon Larimer
3cbc06c2e3 am c65b2ba3: Update wpa_supplicant policy 
* commit 'c65b2ba33871da9b241473b6f1a64775c9c49603':
  Update wpa_supplicant policy
 2013-05-06 15:43:58 -07:00
Alex Klyubin
8199123c8d SELinux policy that separates "init_shell" from "shell". 
"init_shell" is used for shell processes spawned by init.

Change-Id: I9e35d485bac91f3d0e4f3704acdbb9af7d617173
 2013-05-06 14:42:56 -07:00
Jon Larimer
c65b2ba338 Update wpa_supplicant policy 
Change-Id: I9b05f0f2ce6c6c52b4207cac3120f06565b7da30
 2013-05-06 16:29:42 -04:00
Alex Klyubin
b2aea99ffd am 3123b1ee: SELinux policy for Bluetooth properties. 
* commit '3123b1eef7c15dee0b0df72c6a3017f1797a278d':
  SELinux policy for Bluetooth properties.
 2013-05-06 11:12:06 -07:00
Alex Klyubin
3123b1eef7 SELinux policy for Bluetooth properties. 
Properties under bluetooth. and persist.service.bdroid. are
considered Bluetooth-related properties.

Change-Id: Iee937d9a1184c2494deec46f9ed7090c643acda7
 2013-05-06 10:18:27 -07:00
Geremy Condra
c6bd976cd3 am a3c29c5f: Merge "Expand permissions for 3 existing allow policies for rild and a new one for rild." into jb-mr2-dev 
* commit 'a3c29c5fe0b398fa560e6636c8eeff88d1c21f72':
  Expand permissions for 3 existing allow policies for rild and a new one for rild.
 2013-05-03 11:18:54 -07:00
Geremy Condra
e4c23f096b am 97ff811c: Merge "Add non_system_app_set" 
* commit '97ff811c0b4bfb18cd012587b7f8519e910920b0':
  Add non_system_app_set
 2013-05-03 10:50:04 -07:00
Geremy Condra
97ff811c0b Merge "Add non_system_app_set" 2013-05-03 17:38:44 +00:00