Commit graph

43296 commits

Author SHA1 Message Date
Stephen Smalley
60e4f114ac Add key_socket class to socket_class_set macro. Allow system to trigger module auto-loading and to write to sockets created under /dev. 2012-06-28 14:28:24 -04:00
Stephen Smalley
965f2ff1b4 Allow system_app to set MAC enforcing mode and read MAC denials. 2012-06-28 13:59:07 -04:00
William Roberts
03d2803c54 media app should have rw access to sdcard dir and files. 2012-06-28 10:56:43 -04:00
Stephen Smalley
f3b587cab0 Rewrite app domains and seapp_contexts to leverage new seinfo tags. 2012-06-28 10:56:28 -04:00
Bob Craig
92495b38d5 Add persist.mac_enforcing_mode context 2012-06-28 10:51:25 -04:00
Stephen Smalley
35c8d4fdde system needs open permission to qtaguid ctrl file. 2012-06-27 09:15:38 -04:00
Stephen Smalley
322b37a96c Update system rule for qtaguid file. 2012-06-27 09:07:33 -04:00
Stephen Smalley
e4682a63ab Allow apps to write to /proc/net/xt_qtaguid/ctrl. 2012-06-27 08:54:53 -04:00
Stephen Smalley
6c39ee00e1 Make wallpaper_file a mlstrustedobject to permit writes from any app level. 2012-06-27 08:50:27 -04:00
William Roberts
56ad8c7322 This patch fixes rild trying to access the bluetooth efs dir with read
perms.
2012-06-27 08:45:51 -04:00
Joshua Brindle
70d4fc2243 Add selinux network script to policy
Signed-off-by: Joshua Brindle <jbrindle@tresys.com>
2012-06-21 09:19:43 -04:00
William Roberts
07ef7227f9 ion fix 2012-06-20 08:03:16 -04:00
Stephen Smalley
e8bc32b46e Public domain notice 2012-06-19 07:29:55 -04:00
William Roberts
f6f87105d4 Remove all denials caused by rild on tuna devices.
Tested on a maguro variant.
2012-06-07 11:52:51 -04:00
William Roberts
80ea1d2305 sdcard policy and fuse device label. 2012-05-31 09:44:51 -04:00
William Roberts
7fa2f9e0f5 Policy for hci_attach service. 2012-05-31 09:40:12 -04:00
Stephen Smalley
efd6d6e0da Apply m4 to file_contexts and property_contexts to support includes. 2012-05-18 08:24:25 -04:00
Stephen Smalley
4e85633384 Merge branch 'aosp' 2012-04-19 10:10:22 -04:00
James Carter
a83fc379c6 Added policy to allow SEAndroidManager to read AVC messages. 2012-04-13 14:15:56 -04:00
The Android Open Source Project
d045eaec2c am f5f899c3: Merge from upstream sepolicy
* commit 'f5f899c3c0f684ffba6950b343e652abd78d0fd9':
  Rework the radio vs rild property split. Only label properties with the ril. prefix with rild_prop. Allow rild and system (and radio) to set radio_prop. Only rild can set rild_prop presently.
  Allow apps to write to anr_data_file for /data/anr/traces.txt.
  Add policy for property service. New property_contexts file for property selabel backend. New property.te file with property type declarations. New property_service security class and set permission. Allow rules for setting properties.
  Allow adbd to access the qemu device and label /dev/eac correctly.
  Integrate nfc_power and rild rules from tuna sepolicy by Bryan Hinton.
  Rewrite MLS constraints to only constrain open for app_data_file, not read/write.
  Introduce a separate wallpaper_file type for the wallpaper file.
  Introduce a separate apk_tmp_file type for the vmdl.*\.tmp files.
  Allow the shell to create files on the sdcard.
  Drop redundant rules.
  Policy changes to support running the latest CTS.
  Limit per-device policy files to a well-defined sepolicy prefix.
  Add support for per-device .te and .fc files.
2012-04-10 11:31:37 -07:00
Ying Wang
911dd71d68 am f4ea5b25: Use the checkpolicy built from source.
* commit 'f4ea5b25399e4c6a10aa353b0c3d40564f78e89c':
  Use the checkpolicy built from source.
2012-04-10 11:31:37 -07:00
The Android Open Source Project
f5f899c3c0 Merge from upstream sepolicy
Change-Id: I99085d575e3d884fb04ac03ac998eb3c53eb2d9f
2012-04-10 09:52:59 -07:00
Ying Wang
f4ea5b2539 Use the checkpolicy built from source.
Change-Id: I22f49db3d59b50ed8975d8c1146bb9c322adbf7e
2012-04-10 09:11:08 -07:00
Ying Wang
f7741483b9 Use the checkpolicy built from source.
Change-Id: I22f49db3d59b50ed8975d8c1146bb9c322adbf7e
2012-04-09 15:31:03 -07:00
Stephen Smalley
730957aef3 Rework the radio vs rild property split.
Only label properties with the ril. prefix with rild_prop.
Allow rild and system (and radio) to set radio_prop.
Only rild can set rild_prop presently.
2012-04-04 16:01:19 -04:00
Stephen Smalley
a883c38637 Allow apps to write to anr_data_file for /data/anr/traces.txt. 2012-04-04 16:00:11 -04:00
Stephen Smalley
124720a697 Add policy for property service.
New property_contexts file for property selabel backend.
New property.te file with property type declarations.
New property_service security class and set permission.
Allow rules for setting properties.
2012-04-04 10:11:16 -04:00
Stephen Smalley
2cb1b31f90 Allow adbd to access the qemu device and label /dev/eac correctly. 2012-04-03 15:30:28 -04:00
Stephen Smalley
f7948230ef Integrate nfc_power and rild rules from tuna sepolicy by Bryan Hinton. 2012-03-19 15:58:11 -04:00
Stephen Smalley
0e85c17e6e Rewrite MLS constraints to only constrain open for app_data_file, not read/write. 2012-03-19 10:32:24 -04:00
Stephen Smalley
f6cbbe255b Introduce a separate wallpaper_file type for the wallpaper file. 2012-03-19 10:29:36 -04:00
Stephen Smalley
59d28035a1 Introduce a separate apk_tmp_file type for the vmdl.*\.tmp files. 2012-03-19 10:24:52 -04:00
Stephen Smalley
b660916b0a Allow the shell to create files on the sdcard. 2012-03-08 11:17:45 -05:00
Stephen Smalley
d5a70a7f7c Drop redundant rules. 2012-03-07 15:01:53 -05:00
Stephen Smalley
c83d0087e4 Policy changes to support running the latest CTS. 2012-03-07 14:59:01 -05:00
Stephen Smalley
64935c7d87 Limit per-device policy files to a well-defined sepolicy prefix.
Avoid any future collisions with the use of .fc or .te suffixes in the
per-device directories.  If we want multiple file support, add a separate
subdirectory for sepolicy files.
2012-03-06 13:27:39 -05:00
Stephen Smalley
5b340befb4 Add support for per-device .te and .fc files. 2012-03-06 11:12:41 -05:00
Stephen Smalley
4c6f1ce8ee Allow Settings to set enforcing and booleans if settings_manage_selinux is true. 2012-02-02 13:28:44 -05:00
Stephen Smalley
7e8cf24f58 Do not build if HAVE_SELINUX=false. 2012-02-02 13:28:28 -05:00
Stephen Smalley
2b826fcbe8 Add a dependency on checkpolicy. 2012-01-24 08:46:13 -05:00
Ying Wang
02fb5f3c6a Rewrite Android.mk. 2012-01-18 14:01:08 -05:00
Stephen Smalley
beefbe5c4d Add explicit role declaration for newer checkpolicy versions. 2012-01-12 09:58:37 -05:00
Stephen Smalley
6261d6d823 Allow reading of properties area, which is now created before init has switched contexts. Revisit this later - we should explicitly label the properties file. 2012-01-12 08:57:50 -05:00
Stephen Smalley
0d76f4e5c2 Allow system server to set scheduling info for apps. 2012-01-10 13:24:21 -05:00
Stephen Smalley
c94e2392f6 Further policy for Motorola Xoom. 2012-01-06 10:25:53 -05:00
Stephen Smalley
2dd4e51d5c SE Android policy. 2012-01-04 12:33:27 -05:00