tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
6188 commits 1 branch 0 tags 50 MiB
Commit graph

6 commits

Author SHA1 Message Date
Jeff Vander Stoep
23eef195db audioserver: Build up least privileged policy 
Remove all permissions not observed during testing.

Remove domain_deprecated

Bug: 27064332
Change-Id: Ie154af70aaf255721b46d29357e48d5337020b4b
 2016-02-23 15:41:31 -08:00
Jeff Vander Stoep
8d9eb644dc ioctls: move commonly used tty ioctls to macro 
Remove from unpriv_socket_ioctls but grant each user of unpriv_socket_ioctls
use of unpriv_tty_ioctls

Bug: 26990688
Change-Id: I998e09091de5a7234ad0049758d5dad0b35722f7
 2016-02-22 12:31:57 -08:00
Jeff Vander Stoep
a3266be968 audioserver: grant read perms to /proc 
In preparation of removing permissions from domain_deprecated.

Addresses:
avc: denied { read } for name="irq_affinity" dev="proc" ino=4026536760 scontext=u:r:audioserver:s0 tcontext=u:object_r:proc:s0 tclass=file
avc: denied { open } for path="/proc/asound/irq_affinity" dev="proc" ino=4026536760 scontext=u:r:audioserver:s0 tcontext=u:object_r:proc:s0 tclass=file
avc: denied { getattr } for path="/proc/asound/irq_affinity" dev="proc" ino=4026536760 scontext=u:r:audioserver:s0 tcontext=u:object_r:proc:s0 tclass=file

Change-Id: Iaa8843bb4e8b19d001520fcd45d35e666bf48271
 2016-01-27 09:37:36 -08:00
Jeff Vander Stoep
6730c591ad camera_device: remove type 
camera_device didn't really offer much in terms of control considering
that most domains that need camera_device, also need video_device and
vice versa.

Thus, drop camera_device from the policy.
Change-Id: If438610ac6998399719ab375210c023320d0b7ed
 2016-01-15 12:33:10 -08:00
Jeff Vander Stoep
0fd910ecfd audio/mediaserver: Restrict to unprivileged socket ioctls 
Neverallow access to privileged commands.

Change-Id: I443be5bbcd8cdf55e23c2c4d8fee93c4ebf30e55
 2016-01-06 11:34:02 -08:00
Marco Nelissen
b03831fe58 Add rules for running audio services in audioserver 
audioserver has the same rules as mediaserver so there is
no loss of rights or permissions.

media.log moves to audioserver.

TBD: Pare down permissions.

Bug: 24511453
Change-Id: I0fff24c14b712bb3d498f75e8fd66c2eb795171d
 2015-12-07 17:33:20 -08:00