tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
137 commits 1 branch 0 tags 50 MiB
Commit graph

25 commits

Author SHA1 Message Date
Joshua Brindle
f26d813033 allow apps access to the keystore, dhcp/pptp fixes, wifi fixes and isolated_app access 
- allow all apps to connect to the keystore over unix socket
- dhcp runs scripts in /system/etc/dhcpcd/dhcpcd-hooks and creates/removes lease files
- mtp connects to dnsproxyd when a pptp vpn connection is established
- allow appdomain to also open qtaguid_proc and release_app to read qtaguid_device
- WifiWatchDog uses packet_socket when wifi comes up
- apps interact with isolated_apps when an app uses an isolated service and uses sockets for that interaction
- for apps with levelFromUid=true to interact with isolated_app, isolated_app must be an mlstrustedsubject

Change-Id: I09ff676267ab588ad4c73f04d8f23dba863c5949
Signed-off-by: Joshua Brindle <jbrindle@tresys.com>
 2012-10-16 09:48:40 -04:00
rpcraig
d49f7e6e36 Add ppp/mtp policy. 
Initial policy for Point-to-Point tunneling and
tunneling manager services.
 2012-08-20 06:19:36 -04:00
Stephen Smalley
fed246510c Allow debugfs access and setsched for mediaserver. 2012-08-09 08:36:10 -04:00
Stephen Smalley
1d19f7e356 Allow system_server to relabel /data/anr. 2012-07-31 09:45:01 -04:00
Haiqing Jiang
19e7fbeb25 mediaserver and system require abstract socket connnection 2012-07-27 16:22:14 -04:00
hqjiang
569f589aa6 external/sepolicy: system r/w udp_socket of appdomain 2012-07-24 09:00:32 -04:00
hqjiang
4c06d273bc Target the denials/policies over qtaguid file and device: 1. Relabel /proc/net/xt_qtaguid/ctrl from "qtaguid" to "qtaguid_proc"; 2. Label /dev/xt_qtaguid with "qtaguid_device"; 3. Allow mediaserver read/[write] to qtaguid_proc and qtaguid_device; 4. Allow media apps read/[write] to qtaguid_proc and qtaguid_device; 5. Allow system read/[write] to qtaguid_proc and qtaguid_device. 
Actually, some of policies related to qtaguid have been there already, but
we refind existing ones and add new ones.
 2012-07-19 16:11:24 -04:00
Stephen Smalley
1c7351652c Address various denials introduced by JB/4.1. 2012-07-12 13:26:15 -04:00
hqjiang
81039ab556 Corrected denials for LocationManager when accessing gps over uart. 2012-07-12 09:27:40 -04:00
Stephen Smalley
60e4f114ac Add key_socket class to socket_class_set macro. Allow system to trigger module auto-loading and to write to sockets created under /dev. 2012-06-28 14:28:24 -04:00
Stephen Smalley
965f2ff1b4 Allow system_app to set MAC enforcing mode and read MAC denials. 2012-06-28 13:59:07 -04:00
Stephen Smalley
35c8d4fdde system needs open permission to qtaguid ctrl file. 2012-06-27 09:15:38 -04:00
Stephen Smalley
322b37a96c Update system rule for qtaguid file. 2012-06-27 09:07:33 -04:00
Stephen Smalley
6c39ee00e1 Make wallpaper_file a mlstrustedobject to permit writes from any app level. 2012-06-27 08:50:27 -04:00
James Carter
a83fc379c6 Added policy to allow SEAndroidManager to read AVC messages. 2012-04-13 14:15:56 -04:00
Stephen Smalley
730957aef3 Rework the radio vs rild property split. 
Only label properties with the ril. prefix with rild_prop.
Allow rild and system (and radio) to set radio_prop.
Only rild can set rild_prop presently.
 2012-04-04 16:01:19 -04:00
Stephen Smalley
124720a697 Add policy for property service. 
New property_contexts file for property selabel backend.
New property.te file with property type declarations.
New property_service security class and set permission.
Allow rules for setting properties.
 2012-04-04 10:11:16 -04:00
Stephen Smalley
f7948230ef Integrate nfc_power and rild rules from tuna sepolicy by Bryan Hinton. 2012-03-19 15:58:11 -04:00
Stephen Smalley
f6cbbe255b Introduce a separate wallpaper_file type for the wallpaper file. 2012-03-19 10:29:36 -04:00
Stephen Smalley
59d28035a1 Introduce a separate apk_tmp_file type for the vmdl.*\.tmp files. 2012-03-19 10:24:52 -04:00
Stephen Smalley
c83d0087e4 Policy changes to support running the latest CTS. 2012-03-07 14:59:01 -05:00
Stephen Smalley
4c6f1ce8ee Allow Settings to set enforcing and booleans if settings_manage_selinux is true. 2012-02-02 13:28:44 -05:00
Stephen Smalley
0d76f4e5c2 Allow system server to set scheduling info for apps. 2012-01-10 13:24:21 -05:00
Stephen Smalley
c94e2392f6 Further policy for Motorola Xoom. 2012-01-06 10:25:53 -05:00
Stephen Smalley
2dd4e51d5c SE Android policy. 2012-01-04 12:33:27 -05:00