Commit graph

47 commits

Author SHA1 Message Date
Stephen Smalley
f0ffff0bc9 Make the mediaserver domain enforcing.
Change-Id: Ib693b563c2db6abc02cf7dbeb12ed61c09734fa8
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-06-12 23:41:13 +00:00
Riley Spahn
f90c41f6e8 Add SELinux rules for service_manager.
Add a service_mananger class with the verb add.
Add a type that groups the services for each of the
processes that is allowed to start services in service.te
and an attribute for all services controlled by the service
manager. Add the service_contexts file which maps service
name to target label.

Bug: 12909011
Change-Id: I017032a50bc90c57b536e80b972118016d340c7d
2014-06-12 20:46:07 +00:00
Stephen Smalley
a16a59e2c7 Remove graphics_device access.
Neither mediaserver nor system_server appear to require
direct access to graphics_device, i.e. the framebuffer
device.  Drop it.

Change-Id: Ie9d1be3f9071584155cddf248ea85e174b7e50a6
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-05-14 18:47:49 +00:00
Stephen Smalley
efc7299169 Allow mediaserver to use app-created pipes.
Resolves denials such as:
 avc:  denied  { getattr } for  path="pipe:[167684]" dev="pipefs" ino=167684 scontext=u:r:mediaserver:s0 tcontext=u:r:untrusted_app:s0 tclass=fifo_file

Change-Id: I1120c8b130a592e40992c5233650345640a23a87
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-05-13 08:07:31 -04:00
Nick Kralevich
f42cc61879 Revert "Make the mediaserver domain enforcing."
I didn't fix unpublished denials before switching this into enforcing. Need to revert.

This reverts commit ae50551142.

Bug: 14844424
Change-Id: I01408b77a67ad43a8fb20be213d3ffbace658616
2014-05-13 02:33:44 +00:00
Stephen Smalley
ae50551142 Make the mediaserver domain enforcing.
Change-Id: Ib4b4ebda74a9ebf08f38d73521d67bf98cd0ee67
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-05-10 08:04:05 -07:00
Stephen Smalley
53cde700cd Report graphics_device accesses by system_server or mediaserver.
See if we can remove these allow rules by auditing any granting
of these permissions.  These rules may be a legacy of older Android
or some board where the gpu device lived under /dev/graphics too.

Change-Id: I5c5d99ca97402de5196d9b6dfd249294f4d95baa
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-05-07 15:01:51 -04:00
Stephen Smalley
3fbc536dfd Allow reading of radio data files passed over binder.
Addresses denials such as:
 avc:  denied  { read } for  pid=5114 comm="le.android.talk" path="/data/data/com.android.providers.telephony/app_parts/PART_1394223232515_recording88476874.amr" dev="mmcblk0p23" ino=64522 scontext=u:r:mediaserver:s0 tcontext=u:object_r:radio_data_file:s0 tclass=file
 avc:  denied  { getattr } for  pid=29199 comm="Binder_4" path="/data/data/com.android.providers.telephony/app_parts/PART_1394223232515_recording88476874.amr" dev="mmcblk0p23" ino=64522 scontext=u:r:mediaserver:s0 tcontext=u:object_r:radio_data_file:s0 tclass=file
 avc:  denied  { read } for  pid=29199 comm="Binder_4" path="/data/data/com.android.providers.telephony/app_parts/PART_1394223232515_recording88476874.amr" dev="mmcblk0p23" ino=64522 scontext=u:r:drmserver:s0 tcontext=u:object_r:radio_data_file:s0 tclass=file
 avc:  denied  { getattr } for  pid=9338 comm="MediaLoader" path="/data/data/com.android.providers.telephony/app_parts/PART_1394848620510_image.jpg" dev="mmcblk0p28" ino=287374 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:radio_data_file:s0 tclass=file
 avc:  denied  { read } for  pid=9896 comm="Binder_7" path="/data/data/com.android.providers.telephony/app_parts/PART_1394594346187_image.jpg" dev="mmcblk0p28" ino=287522 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:radio_data_file:s0 tclass=file

This does not allow write denials such as:
 avc:  denied  { write } for  pid=1728 comm="Binder_4" path="/data/data/com.android.providers.telephony/app_parts/PART_1394818738798_image.jpg" dev="mmcblk0p28" ino=82279 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:radio_data_file:s0 tclass=file

Need to understand whether write access is in fact required.

Change-Id: I7693d16cb4f9855909d790d3f16f8bf281764468
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-03-27 09:51:18 -04:00
Stephen Smalley
721f1adf53 Allow drmserver and mediaserver to read apk files.
Required to support passing resources via open apk files over Binder.
Resolves denials such as:
 avc:  denied  { read } for  pid=31457 comm="SoundPoolThread" path="/mnt/asec/au.com.shiftyjelly.pocketcasts-1/pkg.apk" dev="dm-10" ino=12 scontext=u:r:mediaserver:s0 tcontext=u:object_r:asec_apk_file:s0 tclass=file
 avc:  denied  { read } for  pid=31439 comm="Binder_2" path="/mnt/asec/au.com.shiftyjelly.pocketcasts-1/pkg.apk" dev="dm-10" ino=12 scontext=u:r:drmserver:s0 tcontext=u:object_r:asec_apk_file:s0 tclass=file

We do not allow open as it is not required (i.e. the files
are passed as open files over Binder or local socket and opened by the
client).

Change-Id: Ib0941df1e9aac8d20621a356d2d212b98471abbc
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-03-15 02:42:55 +00:00
Stephen Smalley
dc88dca115 Get rid of separate platform_app_data_file type.
The original concept was to allow separation between /data/data/<pkgdir>
files of "platform" apps (signed by one of the four build keys) and
untrusted apps.  But we had to allow read/write to support passing of
open files via Binder or local socket for compatibilty, and it seems
that direct open by pathname is in fact used in Android as well,
only passing the pathname via Binder or local socket.  So there is no
real benefit to keeping it as a separate type.

Retain a type alias for platform_app_data_file to app_data_file until
restorecon /data/data support is in place to provide compatibility.

Change-Id: Ic15066f48765322ad40500b2ba2801bb3ced5489
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-03-13 13:02:06 +00:00
Stephen Smalley
ba745673aa Allow mediaserver to connect to tee service.
Resolves denials such as:

avc:  denied  { connectto } for  pid=7028 comm="wfd_looper" path=006D636461656D6F6E scontext=u:r:mediaserver:s0 tcontext=u:r:tee:s0 tclass=unix_stream_socket

This is a socket in the abstract namespace so no socket file is involved.

Change-Id: Ia0e384c08063466cfd0f17af3bccf294c7f9dbbd
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-03-06 15:00:59 -05:00
Stephen Smalley
0296b9434f Move qemud and /dev/qemu policy bits to emulator-specific sepolicy.
Change-Id: I620d4aef84a5d4565abb1695db54ce1653612bce
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-02-25 21:26:08 +00:00
Robert Craig
48b18832c4 Introduce asec_public_file type.
This new type will allow us to write finer-grained
policy concerning asec containers. Some files of
these containers need to be world readable.

Change-Id: Iefee74214d664acd262edecbb4f981d633ff96ce
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
2014-02-11 17:08:10 +00:00
rpcraig
e21871c8b7 Address screenrecord denials.
Steps to reproduce across devices.
  adb shell screenrecord --bit-rate 8000000 --time-limit 10 /data/local/tmp/test.mp4

* Allow surfaceflinger to talk to mediaserver
   avc:  denied  { call } for  pid=122 comm="surfaceflinger" scontext=u:r:surfaceflinger:s0 tcontext=u:r:mediaserver:s0 tclass=binder

* Give mediaserver access to gpu_device
   avc:  denied  { read write } for  pid=2793 comm="VideoEncMsgThre" name="kgsl-3d0" dev="tmpfs" ino=6556 scontext=u:r:mediaserver:s0 tcontext=u:object_r:gpu_device:s0 tclass=chr_file
   avc:  denied  { open } for  pid=2793 comm="VideoEncMsgThre" name="kgsl-3d0" dev="tmpfs" ino=6556 scontext=u:r:mediaserver:s0 tcontext=u:object_r:gpu_device:s0 tclass=chr_file
   avc:  denied  { ioctl } for  pid=2793 comm="VideoEncMsgThre" path="/dev/kgsl-3d0" dev="tmpfs" ino=6556 scontext=u:r:mediaserver:s0 tcontext=u:object_r:gpu_device:s0 tclass=chr_file

Change-Id: Id1812ec95662f4b2433e2989f5fccce6a85c3a41
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
2014-02-06 06:13:24 -05:00
rpcraig
129f8df926 Allow mediaserver to create dirs under /data/mediadrm.
Addresses the following denial.
  avc:  denied  { create } for  pid=605 comm="Binder_2" name="IDM1013" scontext=u:r:mediaserver:s0 tcontext=u:object_r:media_data_file:s0 tclass=dir

Witnessed denial on grouper. Policy change
seems appropriate for core policy though. To
reproduce:
* erase data partition or just delete all dirs
  under /data/mediadrm
* start netflix app and watch a movie

Change-Id: I515a195d45223249847fae70dc2ea9c9b216042f
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
2014-01-21 15:58:48 -05:00
Stephen Smalley
09f6a99b66 Allow mediaserver to connect to bluetooth.
Re-purpose the existing bluetooth_socket type, originally
for /dev/socket/bluetooth used by bluetoothd in the old
bluetooth stack, for sockets created by bluedroid under
/data/misc/bluedroid, and allow mediaserver to connect
to such sockets.  This is required for playing audio
on paired BT devices.

Based on b/12417855.

Change-Id: I24ecdf407d066e7c4939ed2a0edb97222a1879f6
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-01-16 18:35:28 +00:00
Nick Kralevich
623975fa5a Support forcing permissive domains to unconfined.
Permissive domains are only intended for development.
When a device launches, we want to ensure that all
permissive domains are in, at a minimum, unconfined+enforcing.

Add FORCE_PERMISSIVE_TO_UNCONFINED to Android.mk. During
development, this flag is false, and permissive domains
are allowed. When SELinux new feature development has been
frozen immediately before release, this flag will be flipped
to true. Any previously permissive domains will move into
unconfined+enforcing.

This will ensure that all SELinux domains have at least a
minimal level of protection.

Unconditionally enable this flag for all user builds.

Change-Id: I1632f0da0022c80170d8eb57c82499ac13fd7858
2014-01-11 13:29:51 -08:00
Nick Kralevich
e45603d316 address denials when playing protected content.
When playing protected content on manta, surfaceflinger would crash.

  STEPS TO REPRODUCE:
  1. Launch Play Movies & TV
  2. Play any movie and observe

  OBSERVED RESULTS:
  Device reboot while playing movies

  EXPECTED RESULTS:
  No device reboot

Even though this only reproduces on manta, this seems appropriate
for a general policy.

Addresses the following denials:

<5>[   36.066819] type=1400 audit(1389141624.471:9): avc:  denied  { write } for  pid=1855 comm="TimedEventQueue" name="tlcd_sock" dev="mmcblk0p9" ino=627097 scontext=u:r:mediaserver:s0 tcontext=u:object_r:drmserver_socket:s0 tclass=sock_file
<5>[   36.066985] type=1400 audit(1389141624.471:10): avc:  denied  { connectto } for  pid=1855 comm="TimedEventQueue" path="/data/app/tlcd_sock" scontext=u:r:mediaserver:s0 tcontext=u:r:drmserver:s0 tclass=unix_stream_socket
<5>[   41.379708] type=1400 audit(1389141629.786:15): avc:  denied  { connectto } for  pid=120 comm="surfaceflinger" path=006D636461656D6F6E scontext=u:r:surfaceflinger:s0 tcontext=u:r:tee:s0 tclass=unix_stream_socket
<5>[   41.380051] type=1400 audit(1389141629.786:16): avc:  denied  { read write } for  pid=120 comm="surfaceflinger" name="mobicore-user" dev="tmpfs" ino=4117 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:tee_device:s0 tclass=chr_file
<5>[   41.380209] type=1400 audit(1389141629.786:17): avc:  denied  { open } for  pid=120 comm="surfaceflinger" name="mobicore-user" dev="tmpfs" ino=4117 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:tee_device:s0 tclass=chr_file
<5>[   41.380779] type=1400 audit(1389141629.786:18): avc:  denied  { ioctl } for  pid=120 comm="surfaceflinger" path="/dev/mobicore-user" dev="tmpfs" ino=4117 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:tee_device:s0 tclass=chr_file

Change-Id: I20286ec2a6cf0d190a84ad74e88e94468bab9fdb
Bug: 12434847
2014-01-08 11:29:06 -08:00
Nick Kralevich
b8ac06f379 Revert "Make mediaserver enforcing."
Too many bugs.

This reverts commit cc9645436f.
2014-01-06 16:00:11 -08:00
Nick Kralevich
37339c763e fix mediaserver selinux denials.
mediaserver needs the ability to read media_rw_data_file files.
Allow it. Similarly, this is also needed for drmserver. Addresses
the following denials:

<5>[   22.812859] type=1400 audit(1389041093.955:17): avc:  denied  { read } for  pid=1655 comm="MediaScannerSer" path="/data/media/0/DCIM/Camera/VID_20140106_124115.mp4" dev="mmcblk0p28" ino=122204 scontext=u:r:mediaserver:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file
<5>[   22.813103] type=1400 audit(1389041093.955:18): avc:  denied  { getattr } for  pid=849 comm="Binder_2" path="/data/media/0/DCIM/Camera/VID_20140106_124115.mp4" dev="mmcblk0p28" ino=122204 scontext=u:r:mediaserver:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file
<5>[   22.832041] type=1400 audit(1389041093.975:19): avc:  denied  { read } for  pid=849 comm="Binder_2" path="/data/media/0/DCIM/Camera/VID_20140106_124115.mp4" dev="mmcblk0p28" ino=122204 scontext=u:r:drmserver:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file
<5>[   52.357470] type=1400 audit(1389041123.494:29): avc:  denied  { read } for  pid=2757 comm="ImageLoader" path="/data/media/0/DCIM/Camera/VID_20140106_124520.mp4" dev="mmcblk0p28" ino=122211 scontext=u:r:mediaserver:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file
<5>[   52.357717] type=1400 audit(1389041123.494:30): avc:  denied  { getattr } for  pid=849 comm="Binder_2" path="/data/media/0/DCIM/Camera/VID_20140106_124520.mp4" dev="mmcblk0p28" ino=122211 scontext=u:r:mediaserver:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file
<5>[   52.382276] type=1400 audit(1389041123.524:31): avc:  denied  { read } for  pid=849 comm="Binder_2" path="/data/media/0/DCIM/Camera/VID_20140106_124520.mp4" dev="mmcblk0p28" ino=122211 scontext=u:r:drmserver:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file

Allow anyone who has access to video_device:chr_file to also
have read access to video_device:dir. Otherwise, the
chracter devices may not be reachable.

Bug: 12416198
Change-Id: I649cd52ec7f1a25afb3aea479482e3f270bfe074
2014-01-06 12:43:47 -08:00
Stephen Smalley
cc9645436f Make mediaserver enforcing.
Change-Id: I3237c2f3629b2e9be7b2e20f5c3189313efd49e5
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-12-06 10:25:43 -05:00
Stephen Smalley
8510d31ed3 Rename camera_calibration_file and audio_firmware_file.
Use more general type names for the contents of /data/misc/camera and
/data/misc/audio.  These were the names used in our policy until 4.3
was released, at which point we switched to be consistent with AOSP.
However, the Galaxy S4 4.2.2 image, Galaxy S4 4.3 image, and
Galaxy Note 3 4.3 image all shipped with policies using _data_file names
because they were based on our older policy.  So we may as well switch
AOSP to these names.

Not sure if in fact these could be all coalesced to the new media_data_file
type for /data/misc/media introduced by
Ic374488f8b62bd4f8b3c90f30da0e8d1ed1a7343.

Options to fix already existing devices, which would only apply
to Nexus devices with 4.3 or 4.4 at this point:
1) Add restorecon_recursive /data/misc/audio /data/misc/camera to either
the system/core init.rc or to the device-specific init.*.rc files.
-or-
2) Add a typealias declaration in the policy to remap the old type names.
to the new ones.  Then existing types on persistent storage will be
remapped internally to the new ones.
-or-
3) Some sort of relabeld.

Option #2 is implemented by this change.

Change-Id: Id36203f5bb66b5200efc1205630b5b260ef97496
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-11-12 17:01:44 -05:00
Stephen Smalley
a771671877 Label /data/misc/media and allow mediaserver access to it.
Otherwise we get denials like these on 4.4:

type=1400 audit(1383590170.360:29): avc:  denied  { write } for  pid=61 comm="mediaserver" name="media" dev="mtdblock1" ino=6416 scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir
type=1400 audit(1383590170.360:29): avc:  denied  { add_name } for  pid=61 comm="mediaserver" name="emulator.camera.hotplug.0" scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir
type=1400 audit(1383590170.360:29): avc:  denied  { create } for  pid=61 comm="mediaserver" name="emulator.camera.hotplug.0" scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=file
type=1400 audit(1383590170.360:29): avc:  denied  { write open } for  pid=61 comm="mediaserver" name="emulator.camera.hotplug.0" dev="mtdblock1" ino=6431 scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=file
type=1400 audit(1383590255.100:231): avc:  denied  { write } for  pid=832 comm="mediaserver" name="emulator.camera.hotplug.0" dev="mtdblock1" ino=6431 scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=file
type=1400 audit(1383590255.100:231): avc:  denied  { open } for  pid=832 comm="mediaserver" name="emulator.camera.hotplug.0" dev="mtdblock1" ino=6431 scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=file

Change-Id: Ic374488f8b62bd4f8b3c90f30da0e8d1ed1a7343
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-11-07 16:22:50 -08:00
Stephen Smalley
a7c8ea864e Move audio_firmware_file and /data/misc/audio entry to core sepolicy.
Change-Id:  Ib8c96ab9e19d34e8e34a4c859528345763be4906
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-11-06 13:00:52 -05:00
Stephen Smalley
af9238c9b8 Confine mediaserver, but leave it permissive for now.
Confine the mediaserver domain, restoring our rules for it,
but leave it permissive until sufficient testing has been
performed.

Change-Id: I3d10ee16f5125b11295bc40ff6f2e14080b4bd00
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-10-23 14:23:43 -04:00
Nick Kralevich
353c72e3b0 Move unconfined domains out of permissive mode.
This change removes the permissive line from unconfined
domains. Unconfined domains can do (mostly) anything, so moving
these domains into enforcing should be a no-op.

The following domains were deliberately NOT changed:
1) kernel
2) init

In the future, this gives us the ability to tighten up the
rules in unconfined, and have those tightened rules actually
work.

When we're ready to tighten up the rules for these domains,
we can:

1) Remove unconfined_domain and re-add the permissive line.
2) Submit the domain in permissive but NOT unconfined.
3) Remove the permissive line
4) Wait a few days and submit the no-permissive change.

For instance, if we were ready to do this for adb, we'd identify
a list of possible rules which allow adbd to work, re-add
the permissive line, and then upload those changes to AOSP.
After sufficient testing, we'd then move adb to enforcing.
We'd repeat this for each domain until everything is enforcing
and out of unconfined.

Change-Id: If674190de3262969322fb2e93d9a0e734f8b9245
2013-10-21 12:52:03 -07:00
repo sync
77d4731e9d Make all domains unconfined.
This prevents denials from being generated by the base policy.
Over time, these rules will be incrementally tightened to improve
security.

Change-Id: I4be1c987a5d69ac784a56d42fc2c9063c402de11
2013-05-20 11:08:05 -07:00
repo sync
50e37b93ac Move domains into per-domain permissive mode.
Bug: 4070557
Change-Id: I027f76cff6df90e9909711cb81fbd17db95233c1
2013-05-14 21:36:32 -07:00
Geremy Condra
e69552ba2d Revert "Revert "Various minor policy fixes based on CTS.""
This reverts commit ba84bf1dec

Hidden dependency resolved.

Change-Id: I9f0844f643abfda8405db2c722a36c847882c392
2013-03-27 20:34:51 +00:00
Robert Craig
65d4f44c1f Various policy updates.
Assortment of policy changes include:
 * Bluetooth domain to talk to init and procfs.
 * New device node domains.
 * Allow zygote to talk to its executable.
 * Update system domain access to new device node domains.
 * Create a post-process sepolicy with dontaudits removed.
 * Allow rild to use the tty device.

Change-Id: Ibb96b590d0035b8f6d1606cd5e4393c174d10ffb
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
2013-03-27 06:30:25 -04:00
Geremy Condra
ba84bf1dec Revert "Various minor policy fixes based on CTS."
This reverts commit 8a814a7604

Change-Id: Id1497cc42d07ee7ff2ca44ae4042fc9f2efc9aad
2013-03-22 21:41:37 +00:00
Stephen Smalley
8a814a7604 Various minor policy fixes based on CTS.
Change-Id: I5a3584b6cc5eda2b7d82e85452f9fe457877f1d1
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-03-22 15:27:02 -04:00
William Roberts
c195ec3148 Split internal and external sdcards
Two new types are introduced:
sdcard_internal
sdcard_external

The existing type of sdcard, is dropped and a new attribute
sdcard_type is introduced.

The boolean app_sdcard_rw has also been changed to allow for
controlling untrusted_app domain to use the internal and external
sdcards.

Change-Id: Ic7252a8e1703a43cb496413809d01cc6cacba8f5
2013-03-22 15:26:39 -04:00
Stephen Smalley
9ce99e3908 Update binder-related policy.
The binder_transfer_binder hook was changed in the kernel, obsoleting
the receive permission and changing the target of the transfer permission.
Update the binder-related policy to match the revised permission checking.

Change-Id: I1ed0dadfde2efa93296e967eb44ca1314cf28586
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-03-19 22:48:17 +00:00
William Roberts
4e030c2a0f mediaserver.te refactor
Change-Id: Ieaff9f3362c71e25e5c8e7204397a85ff14fff97
2012-11-28 12:18:30 -08:00
William Roberts
e2ad318e45 Label persist audio properties
label all persist.audio.* properties
and allow mediaserver access to them.

Change-Id: If5755d9783dce298e66a25bcb7f17ff17bd83ea7
2012-11-28 12:15:02 -08:00
William Roberts
ccc8271aba Allow domain access to /dev/ion
Change-Id: I87f81a632ed61f284f2fe09726f5c4529d36f252
2012-09-13 14:30:11 -07:00
rpcraig
e07b8a56b9 Trusted Execution Environment policy. 2012-08-13 06:09:39 -04:00
rpcraig
abd977a79e Additions for grouper/JB 2012-08-10 06:25:52 -04:00
Haiqing Jiang
19e7fbeb25 mediaserver and system require abstract socket connnection 2012-07-27 16:22:14 -04:00
Haiqing Jiang
3296dea427 external/sepolicy: mediaserver open application data files 2012-07-24 09:01:02 -04:00
hqjiang
4c06d273bc Target the denials/policies over qtaguid file and device: 1. Relabel /proc/net/xt_qtaguid/ctrl from "qtaguid" to "qtaguid_proc"; 2. Label /dev/xt_qtaguid with "qtaguid_device"; 3. Allow mediaserver read/[write] to qtaguid_proc and qtaguid_device; 4. Allow media apps read/[write] to qtaguid_proc and qtaguid_device; 5. Allow system read/[write] to qtaguid_proc and qtaguid_device.
Actually, some of policies related to qtaguid have been there already, but
we refind existing ones and add new ones.
2012-07-19 16:11:24 -04:00
hqjiang
20d6963ac2 allow camera calibration 2012-07-19 16:09:58 -04:00
hqjiang
e1c545d82f correct denies of inter system processes communication over named pipe 2012-07-12 09:28:44 -04:00
hqjiang
ee5f400562 Correct denies of rpmsg device when accessing to remote processors. 2012-07-12 09:28:33 -04:00
William Roberts
07ef7227f9 ion fix 2012-06-20 08:03:16 -04:00
Stephen Smalley
2dd4e51d5c SE Android policy. 2012-01-04 12:33:27 -05:00