tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
300 commits 1 branch 0 tags 50 MiB
Commit graph

14 commits

Author SHA1 Message Date
Geremy Condra
c529c66f2c Add policy for __properties__ device. 
Change-Id: Ie9b391283362fb6930f1ae858f0a879835c91e32
 2013-03-29 12:59:21 -07:00
Robert Craig
65d4f44c1f Various policy updates. 
Assortment of policy changes include:
 * Bluetooth domain to talk to init and procfs.
 * New device node domains.
 * Allow zygote to talk to its executable.
 * Update system domain access to new device node domains.
 * Create a post-process sepolicy with dontaudits removed.
 * Allow rild to use the tty device.

Change-Id: Ibb96b590d0035b8f6d1606cd5e4393c174d10ffb
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
 2013-03-27 06:30:25 -04:00
Robert Craig
f62af81817 Introduce security labels for 2 new device nodes. 
iio: Industrial I/O subsystem
usb_accessory: accessory protocol for usb

Allow system access in both cases.

Change-Id: I02db9775ec2ddaaeda40fae6d5e56e320957b09c
Signed-off-by: Robert Craig <rpcraig@tycho.ncsc.mil>
 2013-03-26 08:38:58 -04:00
rpcraig
905e316d0b Make ion_device mls trusted. 
Allow device node access irrespective
of MLS restrictions. Third party apps
(untrusted_app) domains need access too.

Change-Id: I132b8201bccb1ff31dc0c15a735f81f645c9836d
 2013-03-22 17:49:43 -07:00
Robert Craig
18b5f87ea1 racoon policy. 
Initial policy for racoon (IKE key management).

Signed-off-by: Robert Craig <rpcraig@tycho.ncsc.mil>
Change-Id: If1e344f39ea914e42afbaa021b272ba1b7113479
 2013-03-22 17:09:26 -07:00
rpcraig
bac9992e86 watchdog security policy. 
Initial policy for software watchdog daemon
which is started by init.

Change-Id: I042a5b1698bf53ce2e50ea06851c374e5123ee2c
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
 2013-03-19 22:48:38 +00:00
hqjiang
4c06d273bc Target the denials/policies over qtaguid file and device: 1. Relabel /proc/net/xt_qtaguid/ctrl from "qtaguid" to "qtaguid_proc"; 2. Label /dev/xt_qtaguid with "qtaguid_device"; 3. Allow mediaserver read/[write] to qtaguid_proc and qtaguid_device; 4. Allow media apps read/[write] to qtaguid_proc and qtaguid_device; 5. Allow system read/[write] to qtaguid_proc and qtaguid_device. 
Actually, some of policies related to qtaguid have been there already, but
we refind existing ones and add new ones.
 2012-07-19 16:11:24 -04:00
hqjiang
ee5f400562 Correct denies of rpmsg device when accessing to remote processors. 2012-07-12 09:28:33 -04:00
hqjiang
81039ab556 Corrected denials for LocationManager when accessing gps over uart. 2012-07-12 09:27:40 -04:00
William Roberts
07ef7227f9 ion fix 2012-06-20 08:03:16 -04:00
William Roberts
80ea1d2305 sdcard policy and fuse device label. 2012-05-31 09:44:51 -04:00
William Roberts
7fa2f9e0f5 Policy for hci_attach service. 2012-05-31 09:40:12 -04:00
Stephen Smalley
c94e2392f6 Further policy for Motorola Xoom. 2012-01-06 10:25:53 -05:00
Stephen Smalley
2dd4e51d5c SE Android policy. 2012-01-04 12:33:27 -05:00