tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
462 commits 1 branch 0 tags 50 MiB
Commit graph

462 commits

This branch
This branch
All branches
Author SHA1 Message Date
gcondra@google.com
a77daf8779 am b77b3aff: Add the selinux policy version number. 
* commit 'b77b3aff2e19fb4d5a329f962fcf467fc7bbeb1a':
  Add the selinux policy version number.
 2013-05-14 23:49:14 -07:00
repo sync
b77b3aff2e Add the selinux policy version number. 
Bug: 8841348
Change-Id: I1acf355b8e700500eeb0ddcbb8203a4769bde3bc
 2013-05-14 13:13:17 -07:00
Geremy Condra
28dde0947e am 92f35dcc: Merge "Revert "Add a policy version."" into jb-mr2-dev 
* commit '92f35dccb5bddb778d3688b47a1a01c9ced01751':
  Revert "Add a policy version."
 2013-05-10 13:14:13 -07:00
Geremy Condra
92f35dccb5 Merge "Revert "Add a policy version."" into jb-mr2-dev 2013-05-10 20:09:31 +00:00
Alex Klyubin
d0a5e06d91 am c25023e1: Merge "SELinux policy: let vold write to device:dir." into jb-mr2-dev 
* commit 'c25023e1fa8ef90634218ba5e146ed9bf80a8456':
  SELinux policy: let vold write to device:dir.
 2013-05-10 13:07:20 -07:00
Geremy Condra
869edf0e79 Revert "Add a policy version." 
Faugh. Typo.

This reverts commit adb481dd8e

Change-Id: Id1ccc0a59cc79b8ad7171fcb6b3d8cb3aaf29bee
 2013-05-10 20:06:47 +00:00
Alex Klyubin
c25023e1fa Merge "SELinux policy: let vold write to device:dir." into jb-mr2-dev 2013-05-10 20:05:19 +00:00
gcondra@google.com
06dab1bf8c am bd77ab31: Merge "Add a policy version." into jb-mr2-dev 
* commit 'bd77ab31ac7e39f1bb517237b0148b9ab62dac8f':
  Add a policy version.
 2013-05-10 12:44:23 -07:00
repo sync
bd77ab31ac Merge "Add a policy version." into jb-mr2-dev 2013-05-10 17:45:38 +00:00
repo sync
adb481dd8e Add a policy version. 
Bug: 8841348
Change-Id: I83497c9b5346ba3b35e4e288190fc217a26be505
 2013-05-10 10:44:24 -07:00
Geremy Condra
31083f9031 am 1adb7ca3: Merge "SELinux policy: let vold create /data/tmp_mnt" into jb-mr2-dev 
* commit '1adb7ca34f1049e7bac48cf0b24c8320c34b17b6':
  SELinux policy: let vold create /data/tmp_mnt
 2013-05-09 23:40:32 -07:00
Alex Klyubin
dc3853f4bb am 3b9fd5ff: SELinux policy: let adbd drop Linux capabilities. 
* commit '3b9fd5ffcd3badffc08e3e71ba4cc41d3a73c9e4':
  SELinux policy: let adbd drop Linux capabilities.
 2013-05-09 23:40:32 -07:00
Geremy Condra
1adb7ca34f Merge "SELinux policy: let vold create /data/tmp_mnt" into jb-mr2-dev 2013-05-10 00:34:52 +00:00
Alex Klyubin
7de339a16a SELinux policy: let vold create /data/tmp_mnt 
Change-Id: I40f3ccd9813e0a337ced0a44e686ab489277d78b
 2013-05-09 17:33:49 -07:00
Alex Klyubin
3b9fd5ffcd SELinux policy: let adbd drop Linux capabilities. 
Change-Id: Id41891b89c7b067919cbda06ab97d5eff2ad044f
 2013-05-10 00:30:23 +00:00
Alex Klyubin
d050c79b64 SELinux policy: let vold write to device:dir. 
I have no idea what vold is doing when this operation is attempted
(when a full-disk encrypted device is booting up). Thus, I don't know
if there is a better way of restricting the policy.

Change-Id: I537b70b1abb73c36e5abf0357b766292f625e1af
 2013-05-09 17:07:22 -07:00
Alex Klyubin
e5e98aef40 resolved conflicts for merge of 77ec892b to jb-mr2-dev-plus-aosp 
Change-Id: Ia9f34580a35d3f5ff7ea0ac9a3784d2650e61b6a
 2013-05-09 14:05:10 -07:00
Alex Klyubin
77ec892be6 SELinux policy for users of libcutils klog_write. 
klog_write/init create /dev/__kmsg__ backed by a kernel character
device, keep the file descriptor, and then immediately unlink the
file.

Change-Id: I729d224347a003eaca29299d216a53c99cc3197c
 2013-05-09 12:39:32 -07:00
Geremy Condra
8eb7d6727b am 5d54d483: Merge "SELinux policy: let vold setsched of kernel processes." into jb-mr2-dev 
* commit '5d54d483a0f2907e0e32c798c908a4cea4a426eb':
  SELinux policy: let vold setsched of kernel processes.
 2013-05-09 10:53:46 -07:00
Geremy Condra
5d54d483a0 Merge "SELinux policy: let vold setsched of kernel processes." into jb-mr2-dev 2013-05-09 17:49:48 +00:00
Alex Klyubin
c341f23e1c SELinux policy: let vold setsched of kernel processes. 
Change-Id: I2b7bf3037c94de4fecf3c3081497e0ac1dfef8a9
 2013-05-08 14:41:45 -07:00
gcondra@google.com
6747682319 am 5a745c89: Merge "Add rules for asec containers." into jb-mr2-dev 
* commit '5a745c899b16d72411d4a5886108a4483ebeb8e4':
  Add rules for asec containers.
 2013-05-08 14:20:36 -07:00
repo sync
5a745c899b Merge "Add rules for asec containers." into jb-mr2-dev 2013-05-08 21:19:08 +00:00
repo sync
11153ef349 Add rules for asec containers. 
Change-Id: I91f6965dafad54e98e2f7deda956e86acf7d0c96
 2013-05-08 14:18:33 -07:00
Geremy Condra
a55505605e am 84beb00a: Merge "SELinux policy granting vold the capability to reboot." into jb-mr2-dev 
* commit '84beb00a47215805127c13b0bcda6facc8e889bb':
  SELinux policy granting vold the capability to reboot.
 2013-05-08 12:58:11 -07:00
Geremy Condra
84beb00a47 Merge "SELinux policy granting vold the capability to reboot." into jb-mr2-dev 2013-05-08 19:54:16 +00:00
Alex Klyubin
3b5923fe1b SELinux policy granting vold the capability to reboot. 
vold reboots needs to reboot the system when it succeeds or fails to
encrypt partitions.

Change-Id: Ibb1a5378228be60215162ae248e6c1049a16b830
 2013-05-08 12:42:50 -07:00
gcondra@google.com
e0d8570a2f am 2cb928ba: Remove special rules for interacting with sockets from init. 
* commit '2cb928ba4ecc6e267bf88d8f0085b9236f2a151c':
  Remove special rules for interacting with sockets from init.
 2013-05-08 05:17:10 -07:00
repo sync
2cb928ba4e Remove special rules for interacting with sockets from init. 
Change-Id: I544c0c1bbe84834970958a65fcef1d10e7e29047
 2013-05-07 22:12:59 -07:00
gcondra@google.com
1d6c682e87 am fb076f8b: Add temporary policy for wpa_supplicant. 
* commit 'fb076f8b115cf0bb888fcfdef4e9f1e54f101d88':
  Add temporary policy for wpa_supplicant.
 2013-05-07 17:01:29 -07:00
repo sync
fb076f8b11 Add temporary policy for wpa_supplicant. 
This allows wpa_supplicant to interact with the sockets created
for it by init. Eventually we'll want those to be properly
labelled, but allow until then.

Change-Id: I33fcd22173a8d47bbc4ada8d6aa62b4d159cbb15
 2013-05-07 16:58:01 -07:00
Geremy Condra
a1890d1f42 am 59e40a04: Merge "SELinux policy that separates "init_shell" from "shell"." into jb-mr2-dev 
* commit '59e40a04e2aa5b8e0dff9942cde04704d2ce3524':
  SELinux policy that separates "init_shell" from "shell".
 2013-05-06 15:53:39 -07:00
Geremy Condra
59e40a04e2 Merge "SELinux policy that separates "init_shell" from "shell"." into jb-mr2-dev 2013-05-06 22:51:51 +00:00
Jon Larimer
3cbc06c2e3 am c65b2ba3: Update wpa_supplicant policy 
* commit 'c65b2ba33871da9b241473b6f1a64775c9c49603':
  Update wpa_supplicant policy
 2013-05-06 15:43:58 -07:00
Alex Klyubin
8199123c8d SELinux policy that separates "init_shell" from "shell". 
"init_shell" is used for shell processes spawned by init.

Change-Id: I9e35d485bac91f3d0e4f3704acdbb9af7d617173
 2013-05-06 14:42:56 -07:00
Jon Larimer
c65b2ba338 Update wpa_supplicant policy 
Change-Id: I9b05f0f2ce6c6c52b4207cac3120f06565b7da30
 2013-05-06 16:29:42 -04:00
Alex Klyubin
b2aea99ffd am 3123b1ee: SELinux policy for Bluetooth properties. 
* commit '3123b1eef7c15dee0b0df72c6a3017f1797a278d':
  SELinux policy for Bluetooth properties.
 2013-05-06 11:12:06 -07:00
Alex Klyubin
3123b1eef7 SELinux policy for Bluetooth properties. 
Properties under bluetooth. and persist.service.bdroid. are
considered Bluetooth-related properties.

Change-Id: Iee937d9a1184c2494deec46f9ed7090c643acda7
 2013-05-06 10:18:27 -07:00
Geremy Condra
c6bd976cd3 am a3c29c5f: Merge "Expand permissions for 3 existing allow policies for rild and a new one for rild." into jb-mr2-dev 
* commit 'a3c29c5fe0b398fa560e6636c8eeff88d1c21f72':
  Expand permissions for 3 existing allow policies for rild and a new one for rild.
 2013-05-03 11:18:54 -07:00
Geremy Condra
e4c23f096b am 97ff811c: Merge "Add non_system_app_set" 
* commit '97ff811c0b4bfb18cd012587b7f8519e910920b0':
  Add non_system_app_set
 2013-05-03 10:50:04 -07:00
Geremy Condra
97ff811c0b Merge "Add non_system_app_set" 2013-05-03 17:38:44 +00:00
Geremy Condra
a3c29c5fe0 Merge "Expand permissions for 3 existing allow policies for rild and a new one for rild." into jb-mr2-dev 2013-05-03 00:58:30 +00:00
William Luh
b4ab72d52a Expand permissions for 3 existing allow policies for rild and a new one for rild. 
Change-Id: Iafe68ac1b742e40c1a23a2f6cfd6373ea89cc07b
 2013-05-02 17:57:14 -07:00
gcondra@google.com
b40d5972a1 am ca326e2c: Add policy for ping. 
* commit 'ca326e2c64f2e3ea0e68809bba9d53cd9627d971':
  Add policy for ping.
 2013-05-02 14:38:50 -07:00
repo sync
ca326e2c64 Add policy for ping. 
Change-Id: I168f681d8c67f470b6e639f0b1bf39346c4eb396
 2013-05-02 14:35:41 -07:00
William Roberts
5f4e6ee379 am 63297211: Support strict duplicate checking 
* commit '632972117a754dc64102cf81154ae6aed86febf3':
  Support strict duplicate checking
 2013-05-02 13:36:00 -07:00
William Roberts
3e273da29d am 1e8c061b: Fix segfault on -v with duplicates 
* commit '1e8c061b053cdfd808c7a7649c78df4c33ded63d':
  Fix segfault on -v with duplicates
 2013-05-02 13:36:00 -07:00
William Roberts
8cd20ef9fa Add non_system_app_set 
Change-Id: I889e8eb1851b01ac9a8c8789ba1cc56c9154cecd
 2013-05-02 11:58:39 -07:00
gcondra@google.com
9f14fca6c1 am 49dca3f0: Add rule to allow system to write to the adbd socket. 
* commit '49dca3f0a418496c6814230ed57c21feb4afa0b4':
  Add rule to allow system to write to the adbd socket.
 2013-05-01 11:24:57 -07:00
repo sync
49dca3f0a4 Add rule to allow system to write to the adbd socket. 
Change-Id: I56e3ddae08b0c3d5e6b2492a6754899cc4e25a21
 2013-05-01 10:57:15 -07:00