Properties under bluetooth. and persist.service.bdroid. are
considered Bluetooth-related properties.
Change-Id: Iee937d9a1184c2494deec46f9ed7090c643acda7
This reverts commit f51e900724
Looks like this caused a build breakage in master, may have a duplicate rule from AOSP.
Change-Id: I4ea83a47baec4ffa2840b5fe50b6f55e1eeda53c
/data/security is another location that policy
files can reside. In fact, these policy files
take precedence over their rootfs counterparts
under certain circumstances. Give the appropriate
players the rights to read these policy files.
Change-Id: I9951c808ca97c2e35a9adb717ce5cb98cda24c41
- Remove dac_read_search as it is no longer required by run-as.
- Introduce a separate type for /dev/tty so that we can allow use of own tty for
for a run-as shell without allowing access to other /dev/tty[0-9]* nodes.
- Allow sigchld notifications for death of run-as and its descendants by adbd.
- Drop redundant rules for executing shell or system commands from untrusted_app;
now covered by rules in app.te.
Change-Id: Ic3bf7bee9eeabf9ad4a20f61fbb142a64bb37c6c
/data/app-private is used when making an
app purchase or forward locking. Provide a
new label for the directory as well as the
tmp files that appear under it.
Change-Id: I910cd1aa63538253e10a8d80268212ad9fc9fca5
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
As AOSP does not support the device admin API or the older
SEManager system app, just drop the allow rules associated with
permitting SELinux management via device admin or a system app.
Change-Id: Icdf40c9e6d343b19c156e4c7aea4cfb8c5f234ad
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
The test gracefully handles unreadable directories, so
we do not need to allow this for all file types.
Change-Id: Ib5f5be7cacc3f0270b72c046200cc3d21f3fc374
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Redundant with other rules or not required for untrusted app.
Change-Id: Idb5d50326cc14696423cf133508c0d013c5928a6
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Read access to /dev/log/* is no longer restricted.
Filtering on reads is performed per-uid by the kernel logger driver.
Change-Id: Ia986cbe66b84f3898e858c60f12c7f3d63ac47cf
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Required for If8b8d66120453123c1371ce063b6f20e8b96b6ef .
Change-Id: I98871b957db8b291cbbb827b5eb39b4279ce4194
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
timerirq_device has been removed in favor
of using the existing sensors_device domain.
Change-Id: I503e4a511c2901890356559c0afb971392b4ec6f
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
Increase the SELinux policy version to 26. This is needed
for name-based transitions used by the manta sepolicy.
Requires kernel 3.0 or higher.
Change-Id: I046fa9f7122f77506c70b2c735345bc0194935df
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This feels like a hidden bug- it shouldn't be trying to
stat everything under /cache anyways- but allowing for now.
Change-Id: Ib5ddfbb408c9f0b6c6218c78a678fcdb09360ccd
