tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
462 commits 1 branch 0 tags 50 MiB
Commit graph

462 commits

This branch
This branch
All branches
Author SHA1 Message Date
Geremy Condra
a851e6dab9 am c3295802: Merge "New users need a wallpaper_file type." 
* commit 'c3295802d7fb22213c073705480d1c1314d71d27':
  New users need a wallpaper_file type.
 2013-03-22 18:43:41 -07:00
Geremy Condra
c3295802d7 Merge "New users need a wallpaper_file type." 2013-03-23 01:36:58 +00:00
Geremy Condra
56b2981db5 am eee138c2: Merge "Allow zygote to search tmpfs." 
* commit 'eee138c2db6916a2b965819b1c25f10c490c329a':
  Allow zygote to search tmpfs.
 2013-03-22 18:29:06 -07:00
rpcraig
b035d80ced am 41e53901: New dev_types and other minor adjustments. 
* commit '41e539010df1fa58abf6b57959ea30a05ff80102':
  New dev_types and other minor adjustments.
 2013-03-22 18:29:06 -07:00
Geremy Condra
eee138c2db Merge "Allow zygote to search tmpfs." 2013-03-23 01:23:13 +00:00
rpcraig
c5baaff7a6 New users need a wallpaper_file type. 
Change-Id: I7ff4ed9f73f43918cac05a026af68cca8dbe02c3
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 2013-03-22 18:17:04 -07:00
rpcraig
48b2a36cbf am 905e316d: Make ion_device mls trusted. 
* commit '905e316d0b9f2a913f61a6344bc9bafe2fa66671':
  Make ion_device mls trusted.
 2013-03-22 18:13:55 -07:00
rpcraig
8b3b4fe756 Allow zygote to search tmpfs. 
Change-Id: Ib0bdcbc1a7e45e1d1a046c9fa8aff89183ebfe0d
 2013-03-22 18:03:31 -07:00
rpcraig
41e539010d New dev_types and other minor adjustments. 
Add new dev_type:
- ump_device : Unified Memory Provider driver.
       The file_contexts entry should be
       described on a per device basis.

Minor adjustments:
- tee needs netlink socket access.
- ueventd needs to grant file operations.

Change-Id: I915304da687d3a2b9aa417e6f91ea915bd697676
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
 2013-03-22 18:00:05 -07:00
rpcraig
905e316d0b Make ion_device mls trusted. 
Allow device node access irrespective
of MLS restrictions. Third party apps
(untrusted_app) domains need access too.

Change-Id: I132b8201bccb1ff31dc0c15a735f81f645c9836d
 2013-03-22 17:49:43 -07:00
Robert Craig
27382687cb am 18b5f87e: racoon policy. 
* commit '18b5f87ea18baaf7356a1f1729dc2737be3c141e':
  racoon policy.
 2013-03-22 17:24:52 -07:00
Robert Craig
18b5f87ea1 racoon policy. 
Initial policy for racoon (IKE key management).

Signed-off-by: Robert Craig <rpcraig@tycho.ncsc.mil>
Change-Id: If1e344f39ea914e42afbaa021b272ba1b7113479
 2013-03-22 17:09:26 -07:00
Geremy Condra
7dfe9956b3 am dbb82fd8: Merge "Revert "Various minor policy fixes based on CTS."" 
* commit 'dbb82fd8f063fdc5854f9d6359d2be0a570ad0cc':
  Revert "Various minor policy fixes based on CTS."
 2013-03-22 14:53:50 -07:00
Geremy Condra
dbb82fd8f0 Merge "Revert "Various minor policy fixes based on CTS."" 2013-03-22 21:41:50 +00:00
Geremy Condra
ba84bf1dec Revert "Various minor policy fixes based on CTS." 
This reverts commit 8a814a7604

Change-Id: Id1497cc42d07ee7ff2ca44ae4042fc9f2efc9aad
 2013-03-22 21:41:37 +00:00
Geremy Condra
140a9a3870 am 9c0f2df1: Merge changes I5a3584b6,Ic7252a8e,I2d4ace75 
* commit '9c0f2df1832f82bd2867d2e2fa18dde31b05e63e':
  Various minor policy fixes based on CTS.
  Split internal and external sdcards
  Give sdcard sys_admin capability.
 2013-03-22 14:20:25 -07:00
Stephen Smalley
ddda5adca2 am f766c4d9: Allow bluetooth users to use socket provided by bluetooth app. 
* commit 'f766c4d9ee8e0d95755a8b54622b424a224830d1':
  Allow bluetooth users to use socket provided by bluetooth app.
 2013-03-22 14:20:24 -07:00
Geremy Condra
9c0f2df183 Merge changes I5a3584b6,Ic7252a8e,I2d4ace75 
* changes:
  Various minor policy fixes based on CTS.
  Split internal and external sdcards
  Give sdcard sys_admin capability.
 2013-03-22 21:13:59 +00:00
Jeff Sharkey
036baf6ae9 Remove uhid_device to fix build. 
Change-Id: Ifec28b8ae2f21e1765194bd698fc0b7f479a96d7
 2013-03-22 14:02:54 -07:00
Jeff Sharkey
04d7c71c2c Remove tun_device to fix build. 
Change-Id: I3d5e6a2fefc7b975baf849d1fd7a628e86a27222
 2013-03-22 13:56:21 -07:00
rpcraig
34a8d4c67d am ff7e5305: Create policy for PAN connections. 
* commit 'ff7e5305b87da76735add3444846814958c5d555':
  Create policy for PAN connections.
 2013-03-22 12:27:16 -07:00
William Roberts
83d80311d1 am 4d3f1089: Allow domain search/getattr access to security file 
* commit '4d3f1089aa3c763e4e2c2ccbce2ab23dd700ea48':
  Allow domain search/getattr access to security file
 2013-03-22 12:27:16 -07:00
Stephen Smalley
8a814a7604 Various minor policy fixes based on CTS. 
Change-Id: I5a3584b6cc5eda2b7d82e85452f9fe457877f1d1
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 2013-03-22 15:27:02 -04:00
William Roberts
c195ec3148 Split internal and external sdcards 
Two new types are introduced:
sdcard_internal
sdcard_external

The existing type of sdcard, is dropped and a new attribute
sdcard_type is introduced.

The boolean app_sdcard_rw has also been changed to allow for
controlling untrusted_app domain to use the internal and external
sdcards.

Change-Id: Ic7252a8e1703a43cb496413809d01cc6cacba8f5
 2013-03-22 15:26:39 -04:00
Robert Craig
1ed1effabf Give sdcard sys_admin capability. 
Change-Id: I2d4ace75f3e75f47f99e93d58922d5719b47fffe
 2013-03-22 15:21:25 -04:00
Stephen Smalley
f766c4d9ee Allow bluetooth users to use socket provided by bluetooth app. 
Change-Id: Ia061aa3b19229b96f643ca0285a7fa5fa06fd780
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 2013-03-22 15:06:57 -04:00
rpcraig
ff7e5305b8 Create policy for PAN connections. 
Policy to allow bluetooth tethering.

Change-Id: Ic24c97b0e1dc93395b8381b78ca4929baa30337c
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
 2013-03-22 15:05:44 -04:00
William Roberts
4d3f1089aa Allow domain search/getattr access to security file 
Change-Id: I3b35b68247f35d5d9d9afd33c203aa97e437dc14
 2013-03-22 15:00:02 -04:00
William Roberts
e59451ae68 am 9e70c8bf: Move policy files 
* commit '9e70c8bf681aa51b2c0b870e817bf7a0276ff03c':
  Move policy files
 2013-03-22 11:52:36 -07:00
William Roberts
9e70c8bf68 Move policy files 
Update the file_contexts for the new location of
the policy files, as well as update the policy
for the management of these types.

Change-Id: Idc475901ed437efb325807897e620904f4ff03e9
 2013-03-22 10:42:10 -07:00
Stephen Smalley
058c474839 am 346cae27: bluetooth app requires net_admin for enabling bluetooth. 
* commit '346cae27813c803d3254871825e64c3805076d04':
  bluetooth app requires net_admin for enabling bluetooth.
 2013-03-21 14:11:16 -07:00
Geremy Condra
f0221d47f5 am cf141426: Merge "Strengthen setenforce and setbool assertions" 
* commit 'cf141426d45067f4a9709d3cf79eef3609d63ab1':
  Strengthen setenforce and setbool assertions
 2013-03-21 14:11:16 -07:00
Stephen Smalley
f1f4af695e am 9aea69c0: Require entrypoint to be explicitly granted for unconfined domains. 
* commit '9aea69c004b2c2ce12458374ae32482775f599f4':
  Require entrypoint to be explicitly granted for unconfined domains.
 2013-03-21 14:11:16 -07:00
Stephen Smalley
346cae2781 bluetooth app requires net_admin for enabling bluetooth. 
Change-Id: I571731169036a3203d0145af67f45b3d9eb6366b
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 2013-03-21 21:01:57 +00:00
Geremy Condra
cf141426d4 Merge "Strengthen setenforce and setbool assertions" 2013-03-21 20:59:47 +00:00
Stephen Smalley
9aea69c004 Require entrypoint to be explicitly granted for unconfined domains. 
Change-Id: Ieeaa002061c9e4224ea90dfa60dffb112aa152c2
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 2013-03-21 20:55:59 +00:00
William Roberts
193d1292fa Strengthen setenforce and setbool assertions 
Change-Id: I58f15889c248b49f9e29028a3c0a86b4c950ff07
 2013-03-21 13:59:12 -04:00
William Roberts
b633b4d3cd am 15b3ceda: Add BOARD_SEPOLICY_IGNORE 
* commit '15b3ceda5cd0fea1f0b5b19d4795d7290a75b39d':
  Add BOARD_SEPOLICY_IGNORE
 2013-03-20 20:17:06 -07:00
William Roberts
15b3ceda5c Add BOARD_SEPOLICY_IGNORE 
See README for further details.

Change-Id: I4599c7ecd5a552e38de89d0a9e496e047068fe05
 2013-03-21 02:55:49 +00:00
Colin Cross
464952419b sepolicy: add /vendor to file_contexts 
/vendor has the same permissions as /system/vendor for devices
that have a separate vendor partition.

Bug: 8341435
Change-Id: If0c78b31f8a6e8e5680f1d076c323d1628fb07b2
 2013-03-20 19:05:49 +00:00
Geremy Condra
862909f730 am acea73d5: Merge "Drop shell from having access to dmesg" 
* commit 'acea73d5dc42c4475f4f474343041765b558c5d4':
  Drop shell from having access to dmesg
 2013-03-19 20:08:18 -07:00
Geremy Condra
acea73d5dc Merge "Drop shell from having access to dmesg" 2013-03-20 02:26:32 +00:00
Stephen Smalley
f4c8ca6b7d am 38084146: Generalize levelFromUid support. 
* commit '38084146e0fd665b68c8c4ff131cae9d07ef5993':
  Generalize levelFromUid support.
 2013-03-19 19:01:39 -07:00
Geremy Condra
36c87bbdb8 am ae0fcf1f: Merge "watchdog security policy." 
* commit 'ae0fcf1fb60de1d63fc1944111398497b655224b':
  watchdog security policy.
 2013-03-19 19:01:39 -07:00
Geremy Condra
9050e3696c am 566553e3: Merge "Update binder-related policy." 
* commit '566553e3080c2f07a1a14dbf0ccdca8454492a6a':
  Update binder-related  policy.
 2013-03-19 19:01:38 -07:00
Stephen Smalley
38084146e0 Generalize levelFromUid support. 
Introduce a levelFrom=none|app|user|all syntax for specifying
per-app, per-user, or per-combination level assignment.
levelFromUid=true|false remains valid syntax but is deprecated.
levelFromUid=true is equivalent to levelFrom=app.

Update check_seapp to accept the new syntax.
Update seapp_contexts to document the new syntax and switch
from levelFromUid=true to levelFrom=app.  No change in behavior.

Change-Id: Ibaddeed9bc3e2586d524efc2f1faa5ce65dea470
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 2013-03-20 01:39:25 +00:00
Geremy Condra
ae0fcf1fb6 Merge "watchdog security policy." 2013-03-20 01:38:03 +00:00
Geremy Condra
566553e308 Merge "Update binder-related policy." 2013-03-20 01:36:22 +00:00
Geremy Condra
b5b4377f11 am 1446e714: Revert "Dynamic insertion of pubkey to mac_permissions.xml" 
* commit '1446e714af0b0c358b5ecf37c5d704c96c72cf7c':
  Revert "Dynamic insertion of pubkey to mac_permissions.xml"
 2013-03-19 16:51:25 -07:00
William Roberts
b4014d3939 am 5a2988fc: Remove duplicate paths from sepolicy_replace_paths 
* commit '5a2988fcb5f1b76c87d9bf8e671c38d1b03188ab':
  Remove duplicate paths from sepolicy_replace_paths
 2013-03-19 16:51:25 -07:00