tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
294 commits 1 branch 0 tags 50 MiB
Commit graph

294 commits

This branch
This branch
All branches
Author SHA1 Message Date
Geremy Condra
b41fedcfd6 am c507c377: am 96c109e8: Merge "Revert "Revert "Rewrite mac_permissions.xml file.""" 
* commit 'c507c37707400aba90d6cb25962ca789bf8f4084':
  Revert "Revert "Rewrite mac_permissions.xml file.""
 2013-03-27 17:51:12 -07:00
Geremy Condra
c507c37707 am 96c109e8: Merge "Revert "Revert "Rewrite mac_permissions.xml file.""" 
* commit '96c109e8f6de0a2541aabccacecec65bd5ec4c31':
  Revert "Revert "Rewrite mac_permissions.xml file.""
 2013-03-27 17:45:23 -07:00
Geremy Condra
96c109e8f6 Merge "Revert "Revert "Rewrite mac_permissions.xml file.""" 2013-03-28 00:22:33 +00:00
Geremy Condra
59fd8d40de Revert "Revert "Rewrite mac_permissions.xml file."" 
This reverts commit 31d1a40b2e

Change-Id: I70aab6f01b9a74512dcbd9bff167890747e54355
 2013-03-28 00:19:52 +00:00
Geremy Condra
c0dc668017 Add policy for __properties__ device. 
Change-Id: Ie9b391283362fb6930f1ae858f0a879835c91e32
 2013-03-27 15:56:12 -07:00
Geremy Condra
17a41bdb65 Drop MLS separation for compatibility. 
Change-Id: I555361d732b8f1bdc90c231a3183a85526a5a558
 2013-03-27 15:14:48 -07:00
William Roberts
8b92506821 am e693ed7c: Remove the su domain from -user builds. 
* commit 'e693ed7c187804b3b1ae49bf0d31bd43e7a19e08':
  Remove the su domain from -user builds.
 2013-03-27 13:55:33 -07:00
Geremy Condra
2d580ddc16 am 16820182: Merge "Expand insertkeys.py script to allow union of files." 
* commit '1682018210077f27a04cd992c660ab7b21a21afc':
  Expand insertkeys.py script to allow union of files.
 2013-03-27 13:55:32 -07:00
Geremy Condra
ebbee43efb am e69552ba: Revert "Revert "Various minor policy fixes based on CTS."" 
* commit 'e69552ba2d76174d443d1b8457295e4d72f2a986':
  Revert "Revert "Various minor policy fixes based on CTS.""
 2013-03-27 13:55:32 -07:00
William Roberts
e693ed7c18 Remove the su domain from -user builds. 
Change-Id: I86f2f28f7c558b8e9a70e5aa9ebcfa8bf26f9ef7
 2013-03-27 13:39:12 -07:00
Robert Craig
350d2ae9c9 am 65d4f44c: Various policy updates. 
* commit '65d4f44c1fd999d9cf9c4ef4dc65deb71bafcd8e':
  Various policy updates.
 2013-03-27 13:37:13 -07:00
Geremy Condra
1682018210 Merge "Expand insertkeys.py script to allow union of files." 2013-03-27 20:36:07 +00:00
Geremy Condra
e69552ba2d Revert "Revert "Various minor policy fixes based on CTS."" 
This reverts commit ba84bf1dec

Hidden dependency resolved.

Change-Id: I9f0844f643abfda8405db2c722a36c847882c392
 2013-03-27 20:34:51 +00:00
Robert Craig
7f2392eeb0 Expand insertkeys.py script to allow union of files. 
Allow script to union mac_permissions.xml files
specified using the BOARD_SEPOLICY_DIRS and
BOARD_SEPOLICY_UNION constructs.

Change-Id: I4fc65fd1ab4c612f25e966f030247e54a270b614
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
 2013-03-27 20:34:29 +00:00
Robert Craig
65d4f44c1f Various policy updates. 
Assortment of policy changes include:
 * Bluetooth domain to talk to init and procfs.
 * New device node domains.
 * Allow zygote to talk to its executable.
 * Update system domain access to new device node domains.
 * Create a post-process sepolicy with dontaudits removed.
 * Allow rild to use the tty device.

Change-Id: Ibb96b590d0035b8f6d1606cd5e4393c174d10ffb
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
 2013-03-27 06:30:25 -04:00
Geremy Condra
d0d06251b9 am bf539bf3: Merge "Fix makefile error with ANDROID_BUILD_TOP" 
* commit 'bf539bf363c0361e3bac8ffd5e15c7ec8c514fdb':
  Fix makefile error with ANDROID_BUILD_TOP
 2013-03-26 16:51:13 -07:00
Geremy Condra
32866846e4 am edf7b4c8: Revert "Revert "Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml"""" 
* commit 'edf7b4c861144764d0bc17436064d52e7147f916':
  Revert "Revert "Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml""""
 2013-03-26 16:51:13 -07:00
Geremy Condra
bf539bf363 Merge "Fix makefile error with ANDROID_BUILD_TOP" 2013-03-26 22:31:21 +00:00
Geremy Condra
edf7b4c861 Revert "Revert "Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml"""" 
This reverts commit 60d4d71ead

This should (finally) be fixed in https://android-review.googlesource.com/#/c/54730/

Change-Id: I3dd358560f7236f28387ffbe247fc2b004e303ea
 2013-03-26 22:19:03 +00:00
William Roberts
52fc95d1b7 Fix makefile error with ANDROID_BUILD_TOP 
Use TOP instead of ANDROID_BUILD_TOP

Fix spelling issues in keys.conf

Change-Id: Ib90b3041af5ef68f30f4ab78c768ad225987ef2d
 2013-03-26 14:10:47 -07:00
Geremy Condra
9826c65676 am 60d4d71e: Revert "Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml""" 
* commit '60d4d71ead9e9ac96e9cb81380c254bac3a9df4f':
  Revert "Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml"""
 2013-03-26 13:03:45 -07:00
Geremy Condra
60d4d71ead Revert "Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml""" 
This reverts commit cd4104e84b

This builds clean locally, but seems to explode on the build servers. Reverting until there's a solution.

Change-Id: I09200db37c193f39c77486d5957a8f5916e38aa0
 2013-03-26 19:45:18 +00:00
Geremy Condra
829944e85d am 82fe3d24: Merge "Revert "Rewrite mac_permissions.xml file."" 
* commit '82fe3d249f40629fe40f4feed258cccd95b2a374':
  Revert "Rewrite mac_permissions.xml file."
 2013-03-26 12:31:38 -07:00
Geremy Condra
82fe3d249f Merge "Revert "Rewrite mac_permissions.xml file."" 2013-03-26 19:12:17 +00:00
Geremy Condra
31d1a40b2e Revert "Rewrite mac_permissions.xml file." 
This reverts commit b24c30b4ed

Reverting the changes that depend on insertkeys until the issues there are resolved.

Change-Id: Ie7e0d6657d8e7cfb44fc3efa2f99c8d1011a0fe1
 2013-03-26 19:12:02 +00:00
Geremy Condra
2a6d0ace88 am 1620c671: Merge "Introduce security labels for 2 new device nodes." 
* commit '1620c671f2b946333958d07420643caf98534a01':
  Introduce security labels for 2 new device nodes.
 2013-03-26 11:58:08 -07:00
Robert Craig
5a55c1196c am b24c30b4: Rewrite mac_permissions.xml file. 
* commit 'b24c30b4ed5304d3df41bbd9452762e8e3555c12':
  Rewrite mac_permissions.xml file.
 2013-03-26 11:58:08 -07:00
Geremy Condra
1620c671f2 Merge "Introduce security labels for 2 new device nodes." 2013-03-26 18:46:40 +00:00
Geremy Condra
7a85285843 am cd4104e8: Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml"" 
* commit 'cd4104e84b438827fddd6a7fe6cb86e91392152d':
  Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml""
 2013-03-26 11:41:44 -07:00
Robert Craig
b24c30b4ed Rewrite mac_permissions.xml file. 
Rewrite all stanzas to only include seinfo tags.

Change-Id: I4d528ce092ec8d1aac15195ed3a8e307d604607e
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
 2013-03-26 11:36:46 -07:00
Geremy Condra
cd4104e84b Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml"" 
This reverts commit 1446e714af

Hidden dependency has been resolved.

Change-Id: Ia535c0b9468ea5f705dff9813186a7fa8bab84ae
 2013-03-26 18:19:34 +00:00
Robert Craig
f62af81817 Introduce security labels for 2 new device nodes. 
iio: Industrial I/O subsystem
usb_accessory: accessory protocol for usb

Allow system access in both cases.

Change-Id: I02db9775ec2ddaaeda40fae6d5e56e320957b09c
Signed-off-by: Robert Craig <rpcraig@tycho.ncsc.mil>
 2013-03-26 08:38:58 -04:00
Geremy Condra
a851e6dab9 am c3295802: Merge "New users need a wallpaper_file type." 
* commit 'c3295802d7fb22213c073705480d1c1314d71d27':
  New users need a wallpaper_file type.
 2013-03-22 18:43:41 -07:00
Geremy Condra
c3295802d7 Merge "New users need a wallpaper_file type." 2013-03-23 01:36:58 +00:00
Geremy Condra
56b2981db5 am eee138c2: Merge "Allow zygote to search tmpfs." 
* commit 'eee138c2db6916a2b965819b1c25f10c490c329a':
  Allow zygote to search tmpfs.
 2013-03-22 18:29:06 -07:00
rpcraig
b035d80ced am 41e53901: New dev_types and other minor adjustments. 
* commit '41e539010df1fa58abf6b57959ea30a05ff80102':
  New dev_types and other minor adjustments.
 2013-03-22 18:29:06 -07:00
Geremy Condra
eee138c2db Merge "Allow zygote to search tmpfs." 2013-03-23 01:23:13 +00:00
rpcraig
c5baaff7a6 New users need a wallpaper_file type. 
Change-Id: I7ff4ed9f73f43918cac05a026af68cca8dbe02c3
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 2013-03-22 18:17:04 -07:00
rpcraig
48b2a36cbf am 905e316d: Make ion_device mls trusted. 
* commit '905e316d0b9f2a913f61a6344bc9bafe2fa66671':
  Make ion_device mls trusted.
 2013-03-22 18:13:55 -07:00
rpcraig
8b3b4fe756 Allow zygote to search tmpfs. 
Change-Id: Ib0bdcbc1a7e45e1d1a046c9fa8aff89183ebfe0d
 2013-03-22 18:03:31 -07:00
rpcraig
41e539010d New dev_types and other minor adjustments. 
Add new dev_type:
- ump_device : Unified Memory Provider driver.
       The file_contexts entry should be
       described on a per device basis.

Minor adjustments:
- tee needs netlink socket access.
- ueventd needs to grant file operations.

Change-Id: I915304da687d3a2b9aa417e6f91ea915bd697676
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
 2013-03-22 18:00:05 -07:00
rpcraig
905e316d0b Make ion_device mls trusted. 
Allow device node access irrespective
of MLS restrictions. Third party apps
(untrusted_app) domains need access too.

Change-Id: I132b8201bccb1ff31dc0c15a735f81f645c9836d
 2013-03-22 17:49:43 -07:00
Robert Craig
27382687cb am 18b5f87e: racoon policy. 
* commit '18b5f87ea18baaf7356a1f1729dc2737be3c141e':
  racoon policy.
 2013-03-22 17:24:52 -07:00
Robert Craig
18b5f87ea1 racoon policy. 
Initial policy for racoon (IKE key management).

Signed-off-by: Robert Craig <rpcraig@tycho.ncsc.mil>
Change-Id: If1e344f39ea914e42afbaa021b272ba1b7113479
 2013-03-22 17:09:26 -07:00
Geremy Condra
7dfe9956b3 am dbb82fd8: Merge "Revert "Various minor policy fixes based on CTS."" 
* commit 'dbb82fd8f063fdc5854f9d6359d2be0a570ad0cc':
  Revert "Various minor policy fixes based on CTS."
 2013-03-22 14:53:50 -07:00
Geremy Condra
dbb82fd8f0 Merge "Revert "Various minor policy fixes based on CTS."" 2013-03-22 21:41:50 +00:00
Geremy Condra
ba84bf1dec Revert "Various minor policy fixes based on CTS." 
This reverts commit 8a814a7604

Change-Id: Id1497cc42d07ee7ff2ca44ae4042fc9f2efc9aad
 2013-03-22 21:41:37 +00:00
Geremy Condra
140a9a3870 am 9c0f2df1: Merge changes I5a3584b6,Ic7252a8e,I2d4ace75 
* commit '9c0f2df1832f82bd2867d2e2fa18dde31b05e63e':
  Various minor policy fixes based on CTS.
  Split internal and external sdcards
  Give sdcard sys_admin capability.
 2013-03-22 14:20:25 -07:00
Stephen Smalley
ddda5adca2 am f766c4d9: Allow bluetooth users to use socket provided by bluetooth app. 
* commit 'f766c4d9ee8e0d95755a8b54622b424a224830d1':
  Allow bluetooth users to use socket provided by bluetooth app.
 2013-03-22 14:20:24 -07:00
Geremy Condra
9c0f2df183 Merge changes I5a3584b6,Ic7252a8e,I2d4ace75 
* changes:
  Various minor policy fixes based on CTS.
  Split internal and external sdcards
  Give sdcard sys_admin capability.
 2013-03-22 21:13:59 +00:00