tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
35385 commits 1 branch 0 tags 50 MiB
Commit graph

35385 commits

This branch
This branch
All branches
Author SHA1 Message Date
William Roberts
4d3f1089aa Allow domain search/getattr access to security file 
Change-Id: I3b35b68247f35d5d9d9afd33c203aa97e437dc14
 2013-03-22 15:00:02 -04:00
William Roberts
e59451ae68 am 9e70c8bf: Move policy files 
* commit '9e70c8bf681aa51b2c0b870e817bf7a0276ff03c':
  Move policy files
 2013-03-22 11:52:36 -07:00
William Roberts
9e70c8bf68 Move policy files 
Update the file_contexts for the new location of
the policy files, as well as update the policy
for the management of these types.

Change-Id: Idc475901ed437efb325807897e620904f4ff03e9
 2013-03-22 10:42:10 -07:00
Stephen Smalley
058c474839 am 346cae27: bluetooth app requires net_admin for enabling bluetooth. 
* commit '346cae27813c803d3254871825e64c3805076d04':
  bluetooth app requires net_admin for enabling bluetooth.
 2013-03-21 14:11:16 -07:00
Geremy Condra
f0221d47f5 am cf141426: Merge "Strengthen setenforce and setbool assertions" 
* commit 'cf141426d45067f4a9709d3cf79eef3609d63ab1':
  Strengthen setenforce and setbool assertions
 2013-03-21 14:11:16 -07:00
Stephen Smalley
f1f4af695e am 9aea69c0: Require entrypoint to be explicitly granted for unconfined domains. 
* commit '9aea69c004b2c2ce12458374ae32482775f599f4':
  Require entrypoint to be explicitly granted for unconfined domains.
 2013-03-21 14:11:16 -07:00
Stephen Smalley
346cae2781 bluetooth app requires net_admin for enabling bluetooth. 
Change-Id: I571731169036a3203d0145af67f45b3d9eb6366b
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 2013-03-21 21:01:57 +00:00
Geremy Condra
cf141426d4 Merge "Strengthen setenforce and setbool assertions" 2013-03-21 20:59:47 +00:00
Stephen Smalley
9aea69c004 Require entrypoint to be explicitly granted for unconfined domains. 
Change-Id: Ieeaa002061c9e4224ea90dfa60dffb112aa152c2
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 2013-03-21 20:55:59 +00:00
William Roberts
193d1292fa Strengthen setenforce and setbool assertions 
Change-Id: I58f15889c248b49f9e29028a3c0a86b4c950ff07
 2013-03-21 13:59:12 -04:00
William Roberts
b633b4d3cd am 15b3ceda: Add BOARD_SEPOLICY_IGNORE 
* commit '15b3ceda5cd0fea1f0b5b19d4795d7290a75b39d':
  Add BOARD_SEPOLICY_IGNORE
 2013-03-20 20:17:06 -07:00
William Roberts
15b3ceda5c Add BOARD_SEPOLICY_IGNORE 
See README for further details.

Change-Id: I4599c7ecd5a552e38de89d0a9e496e047068fe05
 2013-03-21 02:55:49 +00:00
Colin Cross
464952419b sepolicy: add /vendor to file_contexts 
/vendor has the same permissions as /system/vendor for devices
that have a separate vendor partition.

Bug: 8341435
Change-Id: If0c78b31f8a6e8e5680f1d076c323d1628fb07b2
 2013-03-20 19:05:49 +00:00
Geremy Condra
862909f730 am acea73d5: Merge "Drop shell from having access to dmesg" 
* commit 'acea73d5dc42c4475f4f474343041765b558c5d4':
  Drop shell from having access to dmesg
 2013-03-19 20:08:18 -07:00
Geremy Condra
acea73d5dc Merge "Drop shell from having access to dmesg" 2013-03-20 02:26:32 +00:00
Stephen Smalley
f4c8ca6b7d am 38084146: Generalize levelFromUid support. 
* commit '38084146e0fd665b68c8c4ff131cae9d07ef5993':
  Generalize levelFromUid support.
 2013-03-19 19:01:39 -07:00
Geremy Condra
36c87bbdb8 am ae0fcf1f: Merge "watchdog security policy." 
* commit 'ae0fcf1fb60de1d63fc1944111398497b655224b':
  watchdog security policy.
 2013-03-19 19:01:39 -07:00
Geremy Condra
9050e3696c am 566553e3: Merge "Update binder-related policy." 
* commit '566553e3080c2f07a1a14dbf0ccdca8454492a6a':
  Update binder-related  policy.
 2013-03-19 19:01:38 -07:00
Stephen Smalley
38084146e0 Generalize levelFromUid support. 
Introduce a levelFrom=none|app|user|all syntax for specifying
per-app, per-user, or per-combination level assignment.
levelFromUid=true|false remains valid syntax but is deprecated.
levelFromUid=true is equivalent to levelFrom=app.

Update check_seapp to accept the new syntax.
Update seapp_contexts to document the new syntax and switch
from levelFromUid=true to levelFrom=app.  No change in behavior.

Change-Id: Ibaddeed9bc3e2586d524efc2f1faa5ce65dea470
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 2013-03-20 01:39:25 +00:00
Geremy Condra
ae0fcf1fb6 Merge "watchdog security policy." 2013-03-20 01:38:03 +00:00
Geremy Condra
566553e308 Merge "Update binder-related policy." 2013-03-20 01:36:22 +00:00
Geremy Condra
b5b4377f11 am 1446e714: Revert "Dynamic insertion of pubkey to mac_permissions.xml" 
* commit '1446e714af0b0c358b5ecf37c5d704c96c72cf7c':
  Revert "Dynamic insertion of pubkey to mac_permissions.xml"
 2013-03-19 16:51:25 -07:00
William Roberts
b4014d3939 am 5a2988fc: Remove duplicate paths from sepolicy_replace_paths 
* commit '5a2988fcb5f1b76c87d9bf8e671c38d1b03188ab':
  Remove duplicate paths from sepolicy_replace_paths
 2013-03-19 16:51:25 -07:00
Stephen Smalley
45ed43dd56 am 1f5939a9: Allow search of tmpfs mount for /storage/emulated. 
* commit '1f5939a97647bb71414588be8f26114773edceaf':
  Allow search of tmpfs mount for /storage/emulated.
 2013-03-19 16:51:25 -07:00
Stephen Smalley
c6bfb5c835 am 61362840: Permit fstat of property mapping. 
* commit '61362840813c3a396339a7f7b5d73ca825a83748':
  Permit fstat of property mapping.
 2013-03-19 16:51:24 -07:00
Stephen Smalley
cb6b5afd34 am aeb512d2: Disable debugfs access by default. 
* commit 'aeb512d2edda496eb768d4b84a7c7fc2e7d09202':
  Disable debugfs access by default.
 2013-03-19 16:51:24 -07:00
Stephen Smalley
9709395b61 am c8106f12: Only allow read/write not open on platform_app_data_file. 
* commit 'c8106f12c09dfffebebcff6b435d4974e6b2a9d7':
  Only allow read/write not open on platform_app_data_file.
 2013-03-19 16:51:24 -07:00
Geremy Condra
1d7081e3cc am d06104d8: Merge "property_contexts checks added to checkfc." 
* commit 'd06104d873a4256f8a6fb66ee0f930abbc15f8a1':
  property_contexts checks added to checkfc.
 2013-03-19 16:51:24 -07:00
Geremy Condra
e0c0ad2949 Revert "Dynamic insertion of pubkey to mac_permissions.xml" 
This reverts commit 22fc04103b

Change-Id: I2d91b1262e8d0e82a21ea7c5333b1e86f3ed9bee
 2013-03-19 16:40:08 -07:00
William Roberts
767abc077e Drop shell from having access to dmesg 
In normal, user builds, shell doesn't have the required
DAC permissions to acess the kernel log.

Change-Id: I001e6d65f508e07671bdb71ca2c0e1d53bc5b970
 2013-03-19 23:09:22 +00:00
Geremy Condra
1446e714af Revert "Dynamic insertion of pubkey to mac_permissions.xml" 
This reverts commit 22fc04103b

Change-Id: I2d91b1262e8d0e82a21ea7c5333b1e86f3ed9bee
 2013-03-19 22:56:46 +00:00
William Roberts
5a2988fcb5 Remove duplicate paths from sepolicy_replace_paths 
Change-Id: I5d5362ad0055275052b0c2ba535b599a8e26112e
 2013-03-19 22:49:13 +00:00
rpcraig
bac9992e86 watchdog security policy. 
Initial policy for software watchdog daemon
which is started by init.

Change-Id: I042a5b1698bf53ce2e50ea06851c374e5123ee2c
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
 2013-03-19 22:48:38 +00:00
Stephen Smalley
9ce99e3908 Update binder-related policy. 
The binder_transfer_binder hook was changed in the kernel, obsoleting
the receive permission and changing the target of the transfer permission.
Update the binder-related policy to match the revised permission checking.

Change-Id: I1ed0dadfde2efa93296e967eb44ca1314cf28586
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 2013-03-19 22:48:17 +00:00
Stephen Smalley
1f5939a976 Allow search of tmpfs mount for /storage/emulated. 
Change-Id: Ie79ff3fb9c0a893e348c4adb2f457cae42d7800f
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 2013-03-19 22:47:20 +00:00
Stephen Smalley
6136284081 Permit fstat of property mapping. 
Change-Id: Ie58185519252dad29a23d0d3d54b1cbafea83a83
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 2013-03-19 22:46:42 +00:00
Stephen Smalley
aeb512d2ed Disable debugfs access by default. 
Change-Id: I8265e34a76913a76eedd2d7a6fe3b14945fde924
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 2013-03-19 22:45:53 +00:00
Stephen Smalley
c8106f12c0 Only allow read/write not open on platform_app_data_file. 
Change-Id: Iad4ad43ce7ba3c00b69b7aac752b40bc2d3be002
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 2013-03-19 22:45:12 +00:00
Geremy Condra
a74dd1f0ea am 6d6c617f: Merge "Whitespace and doxygen fix" 
* commit '6d6c617f6d6644c71bd83a0a17d258b4041c98cf':
  Whitespace and doxygen fix
 2013-03-19 15:43:58 -07:00
Stephen Smalley
85f5972c4b am ee80bfb9: Add policy assertions (neverallow rules). 
* commit 'ee80bfb9cf5727ce9938f76d88ac50833edee48c':
  Add policy assertions (neverallow rules).
 2013-03-19 15:43:57 -07:00
Geremy Condra
8b206260b4 am c0890c89: Merge "Allow domain to random_device" 
* commit 'c0890c899f572785b6a14a91bae6122b72db4416':
  Allow domain to random_device
 2013-03-19 15:43:57 -07:00
William Roberts
9a35a01401 am 6a64897a: Do not allow access to device:chr_file for system 
* commit '6a64897a4b098e834f7b6679c0c5b85fdbb752b2':
  Do not allow access to device:chr_file for system
 2013-03-19 15:43:57 -07:00
rpcraig
842a9dce5a am 1c8464e1: App data backup security policy. 
* commit '1c8464e1365950538e9e4647a4f220910f79ab1e':
  App data backup security policy.
 2013-03-19 15:43:56 -07:00
Geremy Condra
2886640128 am c57dbccb: Merge "Change security policy so all apps can read /dev/xt_qtaguid." 
* commit 'c57dbccb50ff804f2e002df8bd6db54b0477b877':
  Change security policy so all apps can read /dev/xt_qtaguid.
 2013-03-19 15:43:56 -07:00
Geremy Condra
2b7e767cc9 am 5988bbf8: Merge "Dynamic insertion of pubkey to mac_permissions.xml" 
* commit '5988bbf8a2b6c4b7f329ee007e75004269d71817':
  Dynamic insertion of pubkey to mac_permissions.xml
 2013-03-19 15:43:56 -07:00
Geremy Condra
61dddba79f am 04598de8: Merge "Replaceable mac_permission.xml support" 
* commit '04598de87251c433594f1073ebcd8116cee49345':
  Replaceable mac_permission.xml support
 2013-03-19 15:43:56 -07:00
Geremy Condra
62495abcdc am 669f6792: Merge "mediaserver.te refactor" 
* commit '669f679243431084adaaacd6e4857e2eed92b93a':
  mediaserver.te refactor
 2013-03-19 15:43:55 -07:00
Geremy Condra
cc32a792c0 am eeafabde: Merge "Label persist audio properties" 
* commit 'eeafabde6188a21d7df741fa93ab5156e1c10414':
  Label persist audio properties
 2013-03-19 15:43:55 -07:00
Geremy Condra
d06104d873 Merge "property_contexts checks added to checkfc." 2013-03-19 22:42:19 +00:00
Geremy Condra
6d6c617f6d Merge "Whitespace and doxygen fix" 2013-03-19 22:35:44 +00:00