tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
692 commits 1 branch 0 tags 50 MiB
Commit graph

16 commits

Author SHA1 Message Date
Stephen Smalley
55540755bc Label adb keys file and allow access to it. 
The /adb_keys entry will only take effect if a restorecon is
applied by init.rc on a kernel that includes the rootfs labeling
support, but does no harm otherwise.

The /data/misc/adb labeling ensures correct labeling of the adb_keys
file created if the device has ro.adb.secure=1 set.

Allow adbd to read the file.

Change-Id: I97b3d86a69681330bba549491a2fb39df6cf20ef
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 2013-10-01 09:08:28 -04:00
repo sync
77d4731e9d Make all domains unconfined. 
This prevents denials from being generated by the base policy.
Over time, these rules will be incrementally tightened to improve
security.

Change-Id: I4be1c987a5d69ac784a56d42fc2c9063c402de11
 2013-05-20 11:08:05 -07:00
Alex Klyubin
3b9fd5ffcd SELinux policy: let adbd drop Linux capabilities. 
Change-Id: Id41891b89c7b067919cbda06ab97d5eff2ad044f
 2013-05-10 00:30:23 +00:00
repo sync
9504a50740 Allow ADB to interact extensively with system_data_files. 
Long term this should be scoped down.

Change-Id: I261f05568566cca38bc5c43fbfa7ff1c816e5846
 2013-04-30 18:18:31 -07:00
Nick Kralevich
1e25b98074 Revert "Add the sysrq_file special file and give ADB write access." 
This rule doesn't work, as /proc/sysrq-trigger isn't properly labeled.
Revert this change for now.

This reverts commit bb2591e56f.
 2013-04-25 14:46:36 -07:00
Geremy Condra
bb2591e56f Add the sysrq_file special file and give ADB write access. 
Change-Id: Ief2d412dddf4cefdf43a26538c4be060df4cc787
 2013-04-05 13:13:52 -07:00
Stephen Smalley
81fe5f7c0f Allow all domains to read the log devices. 
Read access to /dev/log/* is no longer restricted.
Filtering on reads is performed per-uid by the kernel logger driver.

Change-Id: Ia986cbe66b84f3898e858c60f12c7f3d63ac47cf
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 2013-04-05 13:07:16 -07:00
Geremy Condra
2c831009a5 Fix various SELinux denials. 
Change-Id: I73a2b841ab3399b7528b8084a5c4736e6ecea48a
 2013-04-03 12:00:41 -07:00
Geremy Condra
e69552ba2d Revert "Revert "Various minor policy fixes based on CTS."" 
This reverts commit ba84bf1dec

Hidden dependency resolved.

Change-Id: I9f0844f643abfda8405db2c722a36c847882c392
 2013-03-27 20:34:51 +00:00
Geremy Condra
ba84bf1dec Revert "Various minor policy fixes based on CTS." 
This reverts commit 8a814a7604

Change-Id: Id1497cc42d07ee7ff2ca44ae4042fc9f2efc9aad
 2013-03-22 21:41:37 +00:00
Stephen Smalley
8a814a7604 Various minor policy fixes based on CTS. 
Change-Id: I5a3584b6cc5eda2b7d82e85452f9fe457877f1d1
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 2013-03-22 15:27:02 -04:00
Stephen Smalley
61c80d5ec8 Update policy for Android 4.2 / latest master. 
Update policy for Android 4.2 / latest master.
Primarily this consists of changes around the bluetooth subsystem.
The zygote also needs further permissions to set up /storage/emulated.
adbd service now gets a socket under /dev/socket.
keystore uses the binder.

Change-Id: I8c5aeb8d100313c75169734a0fa614aa974b3bfc
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 2012-11-19 09:55:10 -05:00
Stephen Smalley
2cb1b31f90 Allow adbd to access the qemu device and label /dev/eac correctly. 2012-04-03 15:30:28 -04:00
Stephen Smalley
c83d0087e4 Policy changes to support running the latest CTS. 2012-03-07 14:59:01 -05:00
Stephen Smalley
6261d6d823 Allow reading of properties area, which is now created before init has switched contexts. Revisit this later - we should explicitly label the properties file. 2012-01-12 08:57:50 -05:00
Stephen Smalley
2dd4e51d5c SE Android policy. 2012-01-04 12:33:27 -05:00