Stephen Smalley
e02b536270
am a0c9d207
: Remove zygote security class declaration.
...
* commit 'a0c9d207b10c32fb3f312da36fce190fb75a1759':
Remove zygote security class declaration.
2015-05-26 20:37:39 +00:00
Stephen Smalley
20d0ad0ed8
Remove zygote security class declaration.
...
All uses were removed by I1c925d7facf19b3953b5deb85d992415344c4c9f;
this is just a dead definition.
(cherry-pick of commit: a0c9d207b1
)
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Change-Id: I2e17e522a78120c3658d81035e202aab861a3b22
2015-05-26 13:31:59 -07:00
Stephen Smalley
e8178b31e6
Remove unused userspace security classes.
...
These are all userspace security class definitions that are
unused in Android; they are only meaningful in Linux distributions.
Change-Id: I99738752da996d9a1c7793eea049d937ffe4255b
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-05-26 16:24:34 -04:00
Stephen Smalley
a0c9d207b1
Remove zygote security class declaration.
...
All uses were removed by I1c925d7facf19b3953b5deb85d992415344c4c9f;
this is just a dead definition.
Change-Id: Id6b08b624c9eea824f5a55d99b7a4ebf9c9f207e
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-05-26 14:39:38 -04:00
Bill Yi
2658ad2a6b
am 5ca3dfee
: Update MODULE_LICENSE
...
* commit '5ca3dfee93883c5dfacd155f0dc374aa2585b615':
Update MODULE_LICENSE
2015-05-22 17:54:18 +00:00
Bill Yi
5ca3dfee93
Update MODULE_LICENSE
...
Change-Id: Ic5935f8a6ab55c1aa02a0e5753c3baf4b948eda7
2015-05-22 10:31:21 -07:00
Jim Miller
e760216864
am 83554d2c
: Merge "Selinux: Allow system_server to create fpdata dir." into mnc-dev
...
* commit '83554d2c923b17b6d5ee811c278e2ab0bb65579d':
Selinux: Allow system_server to create fpdata dir.
2015-05-22 15:31:54 +00:00
Jim Miller
83554d2c92
Merge "Selinux: Allow system_server to create fpdata dir." into mnc-dev
2015-05-22 01:42:29 +00:00
Jim Miller
a39b131e9d
Selinux: Allow system_server to create fpdata dir.
...
Fixes avc errors;
avc: denied { relabelto } for name="fpdata" dev="mmcblk0p28" ino=586465 scontext=u:r:system_server:s0 tcontext=u:object_r:fingerprintd_data_file:s0 tclass=dir permissive=0
avc: denied { read } for name="fpdata" dev="mmcblk0p28" ino=586409 scontext=u:r:system_server:s0 tcontext=u:object_r:fingerprintd_data_file:s0 tclass=dir permissive=0
Change-Id: I3ba16af14632d803e09ac1490af9a0b652cba3a6
2015-05-21 17:43:28 -07:00
dcashman
4c1d471424
am 894911d7
: Expand rtc_device label to match all rtc class drivers.
...
* commit '894911d78f2a88261d9f853ed022327044bb3030':
Expand rtc_device label to match all rtc class drivers.
2015-05-21 23:33:28 +00:00
dcashman
894911d78f
Expand rtc_device label to match all rtc class drivers.
...
/dev/rtc0 is not the only possible rtc device node, make sure all are given the
rtc_device label.
(cherry-pick of 1b4b3b918b
)
Change-Id: Iea6e1271fb054ea7f44860724e04143875867d78
2015-05-21 15:39:11 -07:00
Eino-Ville Talvala
ad76b86651
Merge branch 'mnc-dev-plus-aosp' of https://googleplex-android.googlesource.com/_direct/platform/external/sepolicy into mnc-dev-plus-aosp
2015-05-21 18:53:09 +00:00
dcashman
0d525e66be
am a9bfc888
: Merge "Expand rtc_device label to match all rtc class drivers."
...
* commit 'a9bfc888143150126363b9b9676d6197965da66f':
Expand rtc_device label to match all rtc class drivers.
2015-05-21 18:51:42 +00:00
Chad Brubaker
c24f344b7e
am b3df4389
: Merge "Rename keystore methods and delete unused permissions" into mnc-dev
...
* commit 'b3df4389f31b5ae206fc2c1f50f1efe4de1bcf75':
Rename keystore methods and delete unused permissions
2015-05-21 18:49:24 +00:00
dcashman
a9bfc88814
Merge "Expand rtc_device label to match all rtc class drivers."
2015-05-21 18:19:29 +00:00
Bill Yi
99c71e50e8
am 7ceda717
: Add MODULE_LICENSE
...
* commit '7ceda71706ba35afd2753fb757fecd87ced2df68':
Add MODULE_LICENSE
2015-05-21 18:05:58 +00:00
Bill Yi
7ceda71706
Add MODULE_LICENSE
...
Change-Id: Iec14c79f060f3e54985828932112911067c973ea
2015-05-21 10:40:32 -07:00
dcashman
1b4b3b918b
Expand rtc_device label to match all rtc class drivers.
...
/dev/rtc0 is not the only possible rtc device node, make sure all are given the
rtc_device label.
Change-Id: I50d15aa62e87509e940acd168474433803b2115d
2015-05-21 10:35:57 -07:00
Chad Brubaker
b3df4389f3
Merge "Rename keystore methods and delete unused permissions" into mnc-dev
2015-05-21 17:26:54 +00:00
Jim Miller
523397621b
am 5d78c07d
: Merge "Add selinux policy for fingerprintd" into mnc-dev
...
* commit '5d78c07d4a463ec5ed0403850be718de670c9e97':
Add selinux policy for fingerprintd
2015-05-21 12:22:19 +00:00
Jim Miller
5d78c07d4a
Merge "Add selinux policy for fingerprintd" into mnc-dev
2015-05-21 00:57:37 +00:00
Ruben Brunk
3aaff8bdb5
am a983621f
: Merge "camera: Add AIDL interface for CameraServiceProxy." into mnc-dev
...
* commit 'a983621fbc04ee26f519fde68b9a8e6788facf49':
camera: Add AIDL interface for CameraServiceProxy.
2015-05-20 21:11:50 +00:00
Ruben Brunk
a983621fbc
Merge "camera: Add AIDL interface for CameraServiceProxy." into mnc-dev
2015-05-20 20:44:38 +00:00
Jim Miller
264eb6566a
Add selinux policy for fingerprintd
...
Change-Id: Ibcb714248c28abf21272986facaade376dcbd7ef
2015-05-19 18:28:45 -07:00
Ruben Brunk
e1edbe9c97
camera: Add AIDL interface for CameraServiceProxy.
...
- Update selinux policy for CameraServiceProxy.
Bug: 21267484
Change-Id: Ib821582794ddd1e3574b5dc6c79f7cb197b57f10
2015-05-19 17:26:31 -07:00
Jeff Sharkey
23f5610ecf
am 6e1f405c
: Allow MediaProvider to traverse /mnt/media_rw.
...
* commit '6e1f405c8b8b5d91a350ff14d1100930d7bff844':
Allow MediaProvider to traverse /mnt/media_rw.
2015-05-19 22:52:05 +00:00
Jeff Sharkey
6e1f405c8b
Allow MediaProvider to traverse /mnt/media_rw.
...
As an optimization, platform components like MediaProvider may choose
to shortcut past the FUSE daemon and return open file descriptors
directly pointing at the underlying storage device.
Now that we have a specific label for /mnt/media_rw, we need to grant
search access to untrusted apps like MediaProvider. The actual
access control is still managed by POSIX permissions on that
directory.
avc: denied { search } for name="media_rw" dev="tmpfs" ino=4150 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:mnt_media_rw_file:s0 tclass=dir permissive=0
Bug: 21017105
Change-Id: I6d51939668b39b43b91b1f0c24c98bc2205bf511
2015-05-19 14:12:28 -07:00
dcashman
5c2a5a1dca
am 807d8d02
: Label /dev/rtc0 as rtc_device.
...
* commit '807d8d0249f196e172f30b96b48699e3b10a3866':
Label /dev/rtc0 as rtc_device.
2015-05-18 22:21:45 +00:00
dcashman
53d3b99c5d
resolved conflicts for merge of c7594898
to mnc-dev-plus-aosp
...
Change-Id: I81937479a0cb37d4e781e076c2e5ff6551cbf822
2015-05-18 15:15:15 -07:00
dcashman
807d8d0249
Label /dev/rtc0 as rtc_device.
...
Grant access to system_server, as it is used by AlarmManagerService.
(cherry-pick of c7594898db
)
Change-Id: I8b5795cb4739bb7fb6b2673d0b1b12be40db7a7f
2015-05-18 14:18:11 -07:00
dcashman
c7594898db
Label /dev/rtc0 as rtc_device.
...
Grant access to system_server, as it is used by AlarmManagerService.
Change-Id: I4f099fe30ba206db07d636dd454d43d3df9d3015
2015-05-18 14:01:37 -07:00
Chad Brubaker
eaa1a1e975
Rename keystore methods and delete unused permissions
...
Keystore is going through an API cleanup to make names more clear and
remove unclear methods.
(cherry-picked from commit cbc8f79655
)
Change-Id: I06354ccd0a9a73fd20168bfce9350c451cfaced3
2015-05-18 12:19:19 -07:00
Nick Kralevich
610c1bacb0
am 72aeb012
: Merge "neverallow cache_file and derivatives execute"
...
* commit '72aeb0126a6e295d9b63793237100865080cfbe0':
neverallow cache_file and derivatives execute
2015-05-18 17:18:50 +00:00
Nick Kralevich
72aeb0126a
Merge "neverallow cache_file and derivatives execute"
2015-05-18 16:53:16 +00:00
Chad Brubaker
9647439e82
am 77a82460
: Add keystore user_changed permission
...
* commit '77a824600bfe80abccc9fdcab8d1566380b43ce4':
Add keystore user_changed permission
2015-05-18 15:55:54 +00:00
Chad Brubaker
77a824600b
Add keystore user_changed permission
...
user_changed will be used for state change methods around android user
creation/deletion.
(cherry-picked from commit 520bb816b8
)
Change-Id: I295ca9adfc4907b5d7bcf0555f6e5a9a3379635b
2015-05-18 16:26:41 +01:00
Jeff Vander Stoep
1f4fb025b7
am 929c8587
: Merge "Allow tty and wireless extensions ioctls" into mnc-dev
...
* commit '929c85870a7aba08963ad0c592bd66f4aea9bedc':
Allow tty and wireless extensions ioctls
2015-05-15 23:40:09 +00:00
Jeff Vander Stoep
929c85870a
Merge "Allow tty and wireless extensions ioctls" into mnc-dev
2015-05-15 23:15:35 +00:00
Jeff Vander Stoep
a0fbeb97c0
Allow tty and wireless extensions ioctls
...
Allow tty ioctls TIOCOUTQ 0x5411 and FIOCLEX 0x5451.
Allow/audit all wireless extension ioctls.
Bug: 21120188
Change-Id: Icd447ee40351c615c236f041931d210751e0f0c3
2015-05-15 22:59:34 +00:00
Jeff Sharkey
cf010b55e1
am e5acc38f
: Merge "drop_caches label, vold scratch space on expanded." into mnc-dev
...
* commit 'e5acc38f09e4375c8cb9fced716e3242505d2400':
drop_caches label, vold scratch space on expanded.
2015-05-15 22:22:34 +00:00
Jeff Sharkey
e5acc38f09
Merge "drop_caches label, vold scratch space on expanded." into mnc-dev
2015-05-15 21:56:03 +00:00
Jeffrey Vander Stoep
db688133ae
am a7621f80
: Merge "make unix_socket_connect() for property service a warning"
...
* commit 'a7621f808ed7bd5104af0616b80d14c3a8d4b3e9':
make unix_socket_connect() for property service a warning
2015-05-15 21:43:54 +00:00
Jeffrey Vander Stoep
a7621f808e
Merge "make unix_socket_connect() for property service a warning"
2015-05-15 21:23:32 +00:00
Chad Brubaker
2e4726dd12
am cbc8f796
: Rename keystore methods and delete unused permissions
...
* commit 'cbc8f796551151c0d9651500d5d9f116177a07dc':
Rename keystore methods and delete unused permissions
2015-05-15 20:17:53 +00:00
Than McIntosh
328c95380a
am aee12c37
: Tweak perfprofd sepolicy to include ipc_lock self capability.
...
* commit 'aee12c37229e2ceb61cad91ad0c76557492eebd4':
Tweak perfprofd sepolicy to include ipc_lock self capability.
2015-05-15 20:11:16 +00:00
William Roberts
6c30016136
neverallow cache_file and derivatives execute
...
Change-Id: I45002cfd05e4e184bfc66039b3ae9a4af057adb1
Signed-off-by: William Roberts <william.c.roberts@linux.intel.com>
2015-05-15 18:39:56 +00:00
Than McIntosh
aee12c3722
Tweak perfprofd sepolicy to include ipc_lock self capability.
...
Bug: http://b/19483574
Change-Id: Id39a5aaf531d2a75a22647bdafb34a6ef18201c8
(cherry picked from commit 728fe3d491
)
2015-05-15 12:59:05 -04:00
Jeff Sharkey
c960596cc3
drop_caches label, vold scratch space on expanded.
...
Define an explicit label for /proc/sys/vm/drop_caches and grant to
the various people who need it, including vold which uses it when
performing storage benchmarks.
Also let vold create new directories under it's private storage area
where the benchmarks will be carried out. Mirror the definition of
the private storage area on expanded media.
avc: denied { write } for name="drop_caches" dev="proc" ino=20524 scontext=u:r:vold:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0
Bug: 21172095
Change-Id: I300b1cdbd235ff60e64064d3ba6e5ea783baf23f
2015-05-14 20:55:33 -07:00
Chad Brubaker
cbc8f79655
Rename keystore methods and delete unused permissions
...
Keystore is going through an API cleanup to make names more clear and
remove unclear methods.
Change-Id: I06354ccd0a9a73fd20168bfce9350c451cfaced3
2015-05-14 13:49:24 -07:00
Than McIntosh
8b3cbee1dd
am e5916eb6
: Merge "Tweak perfprofd sepolicy to include ipc_lock self capability."
...
* commit 'e5916eb67b0dc6ac49456d1fb722194e2e7e7012':
Tweak perfprofd sepolicy to include ipc_lock self capability.
2015-05-14 20:21:55 +00:00