tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
462 commits 1 branch 0 tags 50 MiB
Commit graph

462 commits

This branch
This branch
All branches
Author SHA1 Message Date
Geremy Condra
404fc4fa69 Merge "Add the sys_resource capability to sdcardd." into jb-mr2-dev 2013-04-03 21:16:37 +00:00
Geremy Condra
ee4426ae02 am 2c831009: Fix various SELinux denials. 
* commit '2c831009a59f122fc870bedb6ed084eb5aeea0b0':
  Fix various SELinux denials.
 2013-04-03 13:59:52 -07:00
Stephen Smalley
cebe6a653b Allow ueventd to relabel sysfs nodes. 
Required for If8b8d66120453123c1371ce063b6f20e8b96b6ef .

Change-Id: I98871b957db8b291cbbb827b5eb39b4279ce4194
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 2013-04-03 16:36:56 -04:00
Geremy Condra
2c831009a5 Fix various SELinux denials. 
Change-Id: I73a2b841ab3399b7528b8084a5c4736e6ecea48a
 2013-04-03 12:00:41 -07:00
Robert Craig
08ca8ad6d9 am 84c46de5: Remove unneeded device type. 
* commit '84c46de5251bbf567740d065c833cd3a3662e4f5':
  Remove unneeded device type.
 2013-04-02 12:33:03 -07:00
Robert Craig
84c46de525 Remove unneeded device type. 
timerirq_device has been removed in favor
of using the existing sensors_device domain.

Change-Id: I503e4a511c2901890356559c0afb971392b4ec6f
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
 2013-04-02 09:49:14 -04:00
Stephen Smalley
e267afa320 am e543a8bc: Increase policy version to 26. 
* commit 'e543a8bc2a2d08ff381e5ae9e34cc2a094acf895':
  Increase policy version to 26.
 2013-04-01 11:09:14 -07:00
Stephen Smalley
e543a8bc2a Increase policy version to 26. 
Increase the SELinux policy version to 26.  This is needed
for name-based transitions used by the manta sepolicy.
Requires kernel 3.0 or higher.

Change-Id: I046fa9f7122f77506c70b2c735345bc0194935df
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 2013-04-01 13:42:25 -04:00
Geremy Condra
1ac712f74c Add the sys_resource capability to sdcardd. 
Change-Id: I0b2ecdbddbed3d5ea1617c9ae9af7f8b1c9ace93
 2013-03-29 16:30:15 -07:00
Geremy Condra
4387956f26 Add the ability to stat files under /cache for media_app. 
This feels like a hidden bug- it shouldn't be trying to
stat everything under /cache anyways- but allowing for now.

Change-Id: Ib5ddfbb408c9f0b6c6218c78a678fcdb09360ccd
 2013-03-29 16:30:06 -07:00
Geremy Condra
06575ee40c Add remount capability to Zygote. 
This is a consequence of https://googleplex-android-review.googlesource.com/#/c/278069/

Change-Id: I9b310860534a80e7145950f6c632cf5ba0ad56a7
 2013-03-29 16:29:54 -07:00
Geremy Condra
020b5ff631 Add a key directory argument to insertkeys.py 
This allows us to better integrate key selection with our existing
build process.

Change-Id: I6e3eb5fbbfffb8e31c5edcf16f74df7c38abe537
 2013-03-29 16:29:43 -07:00
Geremy Condra
8abf01ac33 Drop MLS separation for compatibility. 
Change-Id: I555361d732b8f1bdc90c231a3183a85526a5a558
 2013-03-29 16:29:06 -07:00
Geremy Condra
c529c66f2c Add policy for __properties__ device. 
Change-Id: Ie9b391283362fb6930f1ae858f0a879835c91e32
 2013-03-29 12:59:21 -07:00
Geremy Condra
7c8e6d4a96 am f4d5f3e1: Merge "Add missing seinfo tag from mac_permissions.xml policy." 
* commit 'f4d5f3e1f6db56c80959428591bb3dbbe685b010':
  Add missing seinfo tag from mac_permissions.xml policy.
 2013-03-28 14:29:25 -07:00
Geremy Condra
f4d5f3e1f6 Merge "Add missing seinfo tag from mac_permissions.xml policy." 2013-03-28 21:10:11 +00:00
Stephen Smalley
7a80915f2a am 2ae799e4: Drop separate domain for browser. 
* commit '2ae799e44e6603c4b5edc941ce41df9eaa7785ae':
  Drop separate domain for browser.
 2013-03-28 13:55:47 -07:00
Stephen Smalley
882f7ee268 am 0ecb0f88: Eliminate most of the app policy booleans. 
* commit '0ecb0f886660da5ddfd6945e4b993048727caac8':
  Eliminate most of the app policy booleans.
 2013-03-28 13:55:46 -07:00
Stephen Smalley
2ae799e44e Drop separate domain for browser. 
Change-Id: Ib37b392cb6f6d3fb80852b9a2a6547ab86cd9bff
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 2013-03-28 12:41:32 -04:00
Stephen Smalley
0ecb0f8866 Eliminate most of the app policy booleans. 
Just allow them unconditionally for compatibility.

Change-Id: I85b56532c6389bdfa25731042b98d8f254bd80ee
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 2013-03-28 10:14:25 -04:00
Robert Craig
65911e8d5d Add missing seinfo tag from mac_permissions.xml policy. 
A prior merge accidentally dropped the seinfo tag from the
release keys stanza.

Change-Id: I99f9ea8d0981c5324c3875896b0673552a03d2ca
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
 2013-03-28 06:48:27 -04:00
Geremy Condra
c507c37707 am 96c109e8: Merge "Revert "Revert "Rewrite mac_permissions.xml file.""" 
* commit '96c109e8f6de0a2541aabccacecec65bd5ec4c31':
  Revert "Revert "Rewrite mac_permissions.xml file.""
 2013-03-27 17:45:23 -07:00
Geremy Condra
96c109e8f6 Merge "Revert "Revert "Rewrite mac_permissions.xml file.""" 2013-03-28 00:22:33 +00:00
Geremy Condra
59fd8d40de Revert "Revert "Rewrite mac_permissions.xml file."" 
This reverts commit 31d1a40b2e

Change-Id: I70aab6f01b9a74512dcbd9bff167890747e54355
 2013-03-28 00:19:52 +00:00
William Roberts
8b92506821 am e693ed7c: Remove the su domain from -user builds. 
* commit 'e693ed7c187804b3b1ae49bf0d31bd43e7a19e08':
  Remove the su domain from -user builds.
 2013-03-27 13:55:33 -07:00
Geremy Condra
2d580ddc16 am 16820182: Merge "Expand insertkeys.py script to allow union of files." 
* commit '1682018210077f27a04cd992c660ab7b21a21afc':
  Expand insertkeys.py script to allow union of files.
 2013-03-27 13:55:32 -07:00
Geremy Condra
ebbee43efb am e69552ba: Revert "Revert "Various minor policy fixes based on CTS."" 
* commit 'e69552ba2d76174d443d1b8457295e4d72f2a986':
  Revert "Revert "Various minor policy fixes based on CTS.""
 2013-03-27 13:55:32 -07:00
William Roberts
e693ed7c18 Remove the su domain from -user builds. 
Change-Id: I86f2f28f7c558b8e9a70e5aa9ebcfa8bf26f9ef7
 2013-03-27 13:39:12 -07:00
Robert Craig
350d2ae9c9 am 65d4f44c: Various policy updates. 
* commit '65d4f44c1fd999d9cf9c4ef4dc65deb71bafcd8e':
  Various policy updates.
 2013-03-27 13:37:13 -07:00
Geremy Condra
1682018210 Merge "Expand insertkeys.py script to allow union of files." 2013-03-27 20:36:07 +00:00
Geremy Condra
e69552ba2d Revert "Revert "Various minor policy fixes based on CTS."" 
This reverts commit ba84bf1dec

Hidden dependency resolved.

Change-Id: I9f0844f643abfda8405db2c722a36c847882c392
 2013-03-27 20:34:51 +00:00
Robert Craig
7f2392eeb0 Expand insertkeys.py script to allow union of files. 
Allow script to union mac_permissions.xml files
specified using the BOARD_SEPOLICY_DIRS and
BOARD_SEPOLICY_UNION constructs.

Change-Id: I4fc65fd1ab4c612f25e966f030247e54a270b614
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
 2013-03-27 20:34:29 +00:00
Robert Craig
65d4f44c1f Various policy updates. 
Assortment of policy changes include:
 * Bluetooth domain to talk to init and procfs.
 * New device node domains.
 * Allow zygote to talk to its executable.
 * Update system domain access to new device node domains.
 * Create a post-process sepolicy with dontaudits removed.
 * Allow rild to use the tty device.

Change-Id: Ibb96b590d0035b8f6d1606cd5e4393c174d10ffb
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
 2013-03-27 06:30:25 -04:00
Geremy Condra
d0d06251b9 am bf539bf3: Merge "Fix makefile error with ANDROID_BUILD_TOP" 
* commit 'bf539bf363c0361e3bac8ffd5e15c7ec8c514fdb':
  Fix makefile error with ANDROID_BUILD_TOP
 2013-03-26 16:51:13 -07:00
Geremy Condra
32866846e4 am edf7b4c8: Revert "Revert "Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml"""" 
* commit 'edf7b4c861144764d0bc17436064d52e7147f916':
  Revert "Revert "Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml""""
 2013-03-26 16:51:13 -07:00
Geremy Condra
bf539bf363 Merge "Fix makefile error with ANDROID_BUILD_TOP" 2013-03-26 22:31:21 +00:00
Geremy Condra
edf7b4c861 Revert "Revert "Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml"""" 
This reverts commit 60d4d71ead

This should (finally) be fixed in https://android-review.googlesource.com/#/c/54730/

Change-Id: I3dd358560f7236f28387ffbe247fc2b004e303ea
 2013-03-26 22:19:03 +00:00
William Roberts
52fc95d1b7 Fix makefile error with ANDROID_BUILD_TOP 
Use TOP instead of ANDROID_BUILD_TOP

Fix spelling issues in keys.conf

Change-Id: Ib90b3041af5ef68f30f4ab78c768ad225987ef2d
 2013-03-26 14:10:47 -07:00
Geremy Condra
9826c65676 am 60d4d71e: Revert "Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml""" 
* commit '60d4d71ead9e9ac96e9cb81380c254bac3a9df4f':
  Revert "Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml"""
 2013-03-26 13:03:45 -07:00
Geremy Condra
60d4d71ead Revert "Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml""" 
This reverts commit cd4104e84b

This builds clean locally, but seems to explode on the build servers. Reverting until there's a solution.

Change-Id: I09200db37c193f39c77486d5957a8f5916e38aa0
 2013-03-26 19:45:18 +00:00
Geremy Condra
829944e85d am 82fe3d24: Merge "Revert "Rewrite mac_permissions.xml file."" 
* commit '82fe3d249f40629fe40f4feed258cccd95b2a374':
  Revert "Rewrite mac_permissions.xml file."
 2013-03-26 12:31:38 -07:00
Geremy Condra
82fe3d249f Merge "Revert "Rewrite mac_permissions.xml file."" 2013-03-26 19:12:17 +00:00
Geremy Condra
31d1a40b2e Revert "Rewrite mac_permissions.xml file." 
This reverts commit b24c30b4ed

Reverting the changes that depend on insertkeys until the issues there are resolved.

Change-Id: Ie7e0d6657d8e7cfb44fc3efa2f99c8d1011a0fe1
 2013-03-26 19:12:02 +00:00
Geremy Condra
2a6d0ace88 am 1620c671: Merge "Introduce security labels for 2 new device nodes." 
* commit '1620c671f2b946333958d07420643caf98534a01':
  Introduce security labels for 2 new device nodes.
 2013-03-26 11:58:08 -07:00
Robert Craig
5a55c1196c am b24c30b4: Rewrite mac_permissions.xml file. 
* commit 'b24c30b4ed5304d3df41bbd9452762e8e3555c12':
  Rewrite mac_permissions.xml file.
 2013-03-26 11:58:08 -07:00
Geremy Condra
1620c671f2 Merge "Introduce security labels for 2 new device nodes." 2013-03-26 18:46:40 +00:00
Geremy Condra
7a85285843 am cd4104e8: Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml"" 
* commit 'cd4104e84b438827fddd6a7fe6cb86e91392152d':
  Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml""
 2013-03-26 11:41:44 -07:00
Robert Craig
b24c30b4ed Rewrite mac_permissions.xml file. 
Rewrite all stanzas to only include seinfo tags.

Change-Id: I4d528ce092ec8d1aac15195ed3a8e307d604607e
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
 2013-03-26 11:36:46 -07:00
Geremy Condra
cd4104e84b Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml"" 
This reverts commit 1446e714af

Hidden dependency has been resolved.

Change-Id: Ia535c0b9468ea5f705dff9813186a7fa8bab84ae
 2013-03-26 18:19:34 +00:00
Robert Craig
f62af81817 Introduce security labels for 2 new device nodes. 
iio: Industrial I/O subsystem
usb_accessory: accessory protocol for usb

Allow system access in both cases.

Change-Id: I02db9775ec2ddaaeda40fae6d5e56e320957b09c
Signed-off-by: Robert Craig <rpcraig@tycho.ncsc.mil>
 2013-03-26 08:38:58 -04:00