Commit graph

17322 commits

Author SHA1 Message Date
Stephen Smalley
730957aef3 Rework the radio vs rild property split.
Only label properties with the ril. prefix with rild_prop.
Allow rild and system (and radio) to set radio_prop.
Only rild can set rild_prop presently.
2012-04-04 16:01:19 -04:00
Stephen Smalley
a883c38637 Allow apps to write to anr_data_file for /data/anr/traces.txt. 2012-04-04 16:00:11 -04:00
Stephen Smalley
124720a697 Add policy for property service.
New property_contexts file for property selabel backend.
New property.te file with property type declarations.
New property_service security class and set permission.
Allow rules for setting properties.
2012-04-04 10:11:16 -04:00
Stephen Smalley
2cb1b31f90 Allow adbd to access the qemu device and label /dev/eac correctly. 2012-04-03 15:30:28 -04:00
Stephen Smalley
f7948230ef Integrate nfc_power and rild rules from tuna sepolicy by Bryan Hinton. 2012-03-19 15:58:11 -04:00
Stephen Smalley
0e85c17e6e Rewrite MLS constraints to only constrain open for app_data_file, not read/write. 2012-03-19 10:32:24 -04:00
Stephen Smalley
f6cbbe255b Introduce a separate wallpaper_file type for the wallpaper file. 2012-03-19 10:29:36 -04:00
Stephen Smalley
59d28035a1 Introduce a separate apk_tmp_file type for the vmdl.*\.tmp files. 2012-03-19 10:24:52 -04:00
Stephen Smalley
b660916b0a Allow the shell to create files on the sdcard. 2012-03-08 11:17:45 -05:00
Stephen Smalley
d5a70a7f7c Drop redundant rules. 2012-03-07 15:01:53 -05:00
Stephen Smalley
c83d0087e4 Policy changes to support running the latest CTS. 2012-03-07 14:59:01 -05:00
Stephen Smalley
64935c7d87 Limit per-device policy files to a well-defined sepolicy prefix.
Avoid any future collisions with the use of .fc or .te suffixes in the
per-device directories.  If we want multiple file support, add a separate
subdirectory for sepolicy files.
2012-03-06 13:27:39 -05:00
Stephen Smalley
5b340befb4 Add support for per-device .te and .fc files. 2012-03-06 11:12:41 -05:00
Stephen Smalley
4c6f1ce8ee Allow Settings to set enforcing and booleans if settings_manage_selinux is true. 2012-02-02 13:28:44 -05:00
Stephen Smalley
7e8cf24f58 Do not build if HAVE_SELINUX=false. 2012-02-02 13:28:28 -05:00
Stephen Smalley
2b826fcbe8 Add a dependency on checkpolicy. 2012-01-24 08:46:13 -05:00
Ying Wang
02fb5f3c6a Rewrite Android.mk. 2012-01-18 14:01:08 -05:00
Stephen Smalley
beefbe5c4d Add explicit role declaration for newer checkpolicy versions. 2012-01-12 09:58:37 -05:00
Stephen Smalley
6261d6d823 Allow reading of properties area, which is now created before init has switched contexts. Revisit this later - we should explicitly label the properties file. 2012-01-12 08:57:50 -05:00
Stephen Smalley
0d76f4e5c2 Allow system server to set scheduling info for apps. 2012-01-10 13:24:21 -05:00
Stephen Smalley
c94e2392f6 Further policy for Motorola Xoom. 2012-01-06 10:25:53 -05:00
Stephen Smalley
2dd4e51d5c SE Android policy. 2012-01-04 12:33:27 -05:00