tequilaOS/platform_system_sepolicy

Author	SHA1	Message	Date
dcashman	d4c78f4b3f	Enforce more specific service access. Move the following services from tmp_system_server_service to appropriate attributes: battery bluetooth_manager clipboard commontime_management connectivity content country_detector device_policy deviceidle Bug: 18106000 Change-Id: I0d0f2a075c0509a783631d88ba453ac13399cdf2	2015-04-07 16:59:38 +00:00
Andres Morales	e207986ea0	SELinux permissions for gatekeeper TEE proxy sets up: - execute permissions - binder permission (system_server->gatekeeper->keystore) - prevents dumpstate and shell from finding GK binder service - neverallow rules for prohibited clients Change-Id: I1817933a91de625db469a20c7a4c8e2ca46efa1e	2015-04-06 16:46:58 -07:00
dcashman	d12993f084	Add system_api_service and app_api_service attributes. System services differ in designed access level. Add attributes reflecting this distinction and label services appropriately. Begin moving access to the newly labeled services by removing them from tmp_system_server_service into the newly made system_server_service attribute. Reflect the move of system_server_service from a type to an attribute by removing access to system_server_service where appropriate. Change-Id: I7fd06823328daaea6d6f96e4d6bd00332382230b	2015-04-03 11:20:00 -07:00
John Reck	e8064afb5e	Add graphicsstats service Change-Id: I156b139b57f46c695ece35b7b26a3087d87b25df	2015-03-27 19:10:58 +00:00
Jonathan Basseri	5360918dc3	Whitelist new carrier config service. This service will be implemented in packages/services/Telephony. Bug: 19483786 Change-Id: Ia9a90bc859108d8657cae551d657e2fcdc261f88	2015-03-25 14:46:54 -07:00
Dianne Hackborn	eac1011eaf	Add rule for new deviceidle service. Change-Id: I283663caea0ee1597645856fb31f13b26e902315	2015-03-19 10:50:31 -07:00
Ruben Brunk	8e89c8e9d2	am `6cfd9d13`: am `db1320f5`: Add security policy for ProcessInfoService. * commit '6cfd9d13197c35bc2a76cba3bda47a1a5e51855a': Add security policy for ProcessInfoService.	2015-01-29 23:33:51 +00:00
Ruben Brunk	db1320f550	Add security policy for ProcessInfoService. Bug: 19186859 Change-Id: Ic08858f346d6b66e7bfc9da6faa2c6e38d9b2e82	2015-01-29 14:58:24 -08:00
dcashman	61e82a2cfc	resolved conflicts for merge of `e55f2b81` to lmp-mr1-dev-plus-aosp Change-Id: If8473c40d1b3da93d1f0f74d24f40633b2209f5e	2015-01-14 15:05:04 -08:00
dcashman	4a89cdfa89	Make system_server_service an attribute. Temporarily give every system_server_service its own domain in preparation for splitting it and identifying special services or classes of services. Change-Id: I81ffbdbf5eea05e0146fd7fd245f01639b1ae0ef	2015-01-14 13:54:26 -08:00
Santos Cordon	18805ee179	am `56c08995`: (Telecom-system Part 3.b) Change telecom service context to "system" * commit '56c08995f30b85548ca23bbfbcf1b520eb7fe10a': (Telecom-system Part 3.b) Change telecom service context to "system"	2014-12-09 00:23:27 +00:00
Santos Cordon	56c08995f3	(Telecom-system Part 3.b) Change telecom service context to "system" Bug: 18112269 Change-Id: I801a3ecb42a2636b15612ff19a55150d06786363	2014-12-08 23:29:49 +00:00
dcashman	6963655194	Remove entropy from service_contexts. Commit: 9287e0dd272b85b475e33bcbd7d868517a0f98f9 removed the registration of EntropyMixer with servicemanager, so it no longer needs a context. Bug: 18106000 Cherry-pick of commit: `7cfef98ce7` Change-Id: I9aeb35e7ffde75090f4234ea193514fb883b1425	2014-11-26 13:52:04 -08:00
Tyler Gunn	69cdca91e7	Renaming Telecomm to Telecom. - Changing package from android.telecomm to android.telecom - Changing package from com.android.telecomm to com.android.server.telecomm. - Renaming TelecommManager to TelecomManager. Bug: 17364651 Change-Id: I70e9ecdab7482327f25387ecc6223f46e9cbe10e	2014-09-10 15:17:57 -07:00
Ye Wen	770910bb82	Implement broker pattern for imms (3/3) b/16324360 Change-Id: I4adacdb1d87badfaa109da200aae91869b9786a8	2014-07-29 16:32:28 -07:00
Vinit Deshpande	fab00f7487	Add rttmanager in sepolicy's whitelist Looks like system server doesn't let you start a service without white listing anymore. Bug: 16628456 Change-Id: I0f6df8fd2afa24f4a1758a90cb5f8e451e0edb6a	2014-07-28 13:38:17 -07:00
Ye Wen	eb8d86c0c8	Move MmsService into phone process (2/2) b/16324360 Change-Id: If79f293a547deef570a80a5569ff8eb973ce29be	2014-07-21 14:22:39 -07:00
Michael Wright	08ac1247d9	Merge "Add MediaProjectionManagerService to service list DO NOT MERGE" into lmp-dev	2014-07-17 02:40:09 +00:00
Riley Spahn	ac47ee26c5	Add com.android.net.IProxyService to service_contexts. Add com.android.net.IProxyService as a system_server_service to service_contexts. Bug: 16369427 (cherry picked from commit `26d6371c5a`) Change-Id: I3e58681971683bdc7f26a1d130c8bcf8ffcb89e2	2014-07-17 09:05:49 -07:00
Michael Wright	0ccfd5da80	Add MediaProjectionManagerService to service list DO NOT MERGE Change-Id: I66a88b5dafc295e6daa9f4c0225aa593c97fe187	2014-07-16 16:28:29 -07:00
Torne (Richard Coles)	64940d884e	Add "webviewupdate" system server service. Define the service context for "webviewupdate", a new service that will run in the system server. Bug: 13005501 Change-Id: I841437c59b362fda88d130be2f2871aef87d9231	2014-07-16 11:21:27 -07:00
Andres Morales	254953d9fe	am `9c52a78c`: am `e844113b`: Allow SystemServer to start PersistentDataBlockService * commit '9c52a78c6062a472f2dff96019a6a50f44bd0034': Allow SystemServer to start PersistentDataBlockService	2014-07-09 17:57:55 +00:00
Andres Morales	e844113bc1	Allow SystemServer to start PersistentDataBlockService Change-Id: I0e8433c4fcbce04e2693a0f8cf1dd89c95684c24	2014-07-08 17:57:34 -07:00
Nick Kralevich	1393ec3499	am `f5ad1b79`: am `40b8fb9b`: Merge "Add imms service and system_app_service type." * commit 'f5ad1b79777055edb7b411ac0484d14d10dba656': Add imms service and system_app_service type.	2014-07-01 16:33:50 +00:00
Riley Spahn	b1ec3dfacd	Add imms service and system_app_service type. Map imms to system_app_service in service_contexts and add the system_app_service type and allow system_app to add the system_app_service. Bug: 16005467 Change-Id: I06ca75e2602f083297ed44960767df2e78991140	2014-07-01 16:17:59 +00:00
Nick Kralevich	24866a1042	am `ab925f11`: am `166c09e5`: Merge "Preemptively adding services for pending commits." * commit 'ab925f11dbf3b892884856add4b282e33651a9a0': Preemptively adding services for pending commits.	2014-06-30 17:50:41 +00:00
Nick Kralevich	6982f3ecfb	am `0f972174`: am `c491d5c0`: Merge "Add missing services to service_contexts." * commit '0f9721740e71aef941a42a8ed641896611173e55': Add missing services to service_contexts.	2014-06-26 19:57:59 +00:00
Riley Spahn	182498e8fc	Preemptively adding services for pending commits. Adding services to service_contexts for the pending commits Icf5997dd6a6ba5e1de675cf5f4334c78c2c037f1 and Ibe79be30b80c18ec45ff69db7527c7a4adf0ee08. Change-Id: Ie898866d1ab3abba6211943e87bcec77ba568567	2014-06-27 13:23:53 -07:00
Riley Spahn	2b4c4f3941	Add missing services to service_contexts. Add missing services related to battery, bluetooth, time, and radio to service_contexts. Change-Id: I8bf05feb173d49637048c779757013806837fede	2014-06-26 12:36:43 -07:00
Riley Spahn	c9febc7baa	Add fingerprint to service_contexts. Add fingerprint to map to system_server_service. Change-Id: I8fbb13df981794d52d30b963eeea2df36fb09a42	2014-06-25 19:48:45 +00:00
Riley Spahn	3f06ad96c3	Add missing services to service_contexts. Add missing services to service_contexts that we did not include in earlier patch that added SELinux checks in service_manager. Change-Id: I889d999bf0b745bfcb75a3553b207777dc5700b7	2014-06-17 08:13:36 -07:00
Riley Spahn	f90c41f6e8	Add SELinux rules for service_manager. Add a service_mananger class with the verb add. Add a type that groups the services for each of the processes that is allowed to start services in service.te and an attribute for all services controlled by the service manager. Add the service_contexts file which maps service name to target label. Bug: 12909011 Change-Id: I017032a50bc90c57b536e80b972118016d340c7d	2014-06-12 20:46:07 +00:00

32 commits