Commit graph

305 commits

Author SHA1 Message Date
Stephen Smalley
dc4837af0c am 7a80915f: am 2ae799e4: Drop separate domain for browser.
* commit '7a80915f2a741198dbbbfd963a401a3df881c716':
  Drop separate domain for browser.
2013-03-28 14:00:22 -07:00
Stephen Smalley
ff4002581e am 882f7ee2: am 0ecb0f88: Eliminate most of the app policy booleans.
* commit '882f7ee2685133049878d007cdb85354bc62faa1':
  Eliminate most of the app policy booleans.
2013-03-28 14:00:22 -07:00
Stephen Smalley
7a80915f2a am 2ae799e4: Drop separate domain for browser.
* commit '2ae799e44e6603c4b5edc941ce41df9eaa7785ae':
  Drop separate domain for browser.
2013-03-28 13:55:47 -07:00
Stephen Smalley
882f7ee268 am 0ecb0f88: Eliminate most of the app policy booleans.
* commit '0ecb0f886660da5ddfd6945e4b993048727caac8':
  Eliminate most of the app policy booleans.
2013-03-28 13:55:46 -07:00
Stephen Smalley
2ae799e44e Drop separate domain for browser.
Change-Id: Ib37b392cb6f6d3fb80852b9a2a6547ab86cd9bff
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-03-28 12:41:32 -04:00
Stephen Smalley
0ecb0f8866 Eliminate most of the app policy booleans.
Just allow them unconditionally for compatibility.

Change-Id: I85b56532c6389bdfa25731042b98d8f254bd80ee
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-03-28 10:14:25 -04:00
Geremy Condra
3ca322e6d4 Add the sys_resource capability to sdcardd.
Change-Id: I0b2ecdbddbed3d5ea1617c9ae9af7f8b1c9ace93
2013-03-27 21:14:31 -07:00
Geremy Condra
643b65e2a7 Add the ability to stat files under /cache for media_app.
This feels like a hidden bug- it shouldn't be trying to
stat everything under /cache anyways- but allowing for now.

Change-Id: Ib5ddfbb408c9f0b6c6218c78a678fcdb09360ccd
2013-03-27 20:59:14 -07:00
Geremy Condra
8b80fa890d Add remount capability to Zygote.
This is a consequence of https://googleplex-android-review.googlesource.com/#/c/278069/

Change-Id: I9b310860534a80e7145950f6c632cf5ba0ad56a7
2013-03-27 19:55:40 -07:00
Geremy Condra
7c89b6b0b0 Merge "Add a key directory argument to insertkeys.py" 2013-03-28 02:36:26 +00:00
Geremy Condra
51dd0339e3 Add a key directory argument to insertkeys.py
This allows us to better integrate key selection with our existing
build process.

Change-Id: I6e3eb5fbbfffb8e31c5edcf16f74df7c38abe537
2013-03-27 19:35:48 -07:00
Geremy Condra
b41fedcfd6 am c507c377: am 96c109e8: Merge "Revert "Revert "Rewrite mac_permissions.xml file."""
* commit 'c507c37707400aba90d6cb25962ca789bf8f4084':
  Revert "Revert "Rewrite mac_permissions.xml file.""
2013-03-27 17:51:12 -07:00
Geremy Condra
c507c37707 am 96c109e8: Merge "Revert "Revert "Rewrite mac_permissions.xml file."""
* commit '96c109e8f6de0a2541aabccacecec65bd5ec4c31':
  Revert "Revert "Rewrite mac_permissions.xml file.""
2013-03-27 17:45:23 -07:00
Geremy Condra
96c109e8f6 Merge "Revert "Revert "Rewrite mac_permissions.xml file.""" 2013-03-28 00:22:33 +00:00
Geremy Condra
59fd8d40de Revert "Revert "Rewrite mac_permissions.xml file.""
This reverts commit 31d1a40b2e

Change-Id: I70aab6f01b9a74512dcbd9bff167890747e54355
2013-03-28 00:19:52 +00:00
Geremy Condra
c0dc668017 Add policy for __properties__ device.
Change-Id: Ie9b391283362fb6930f1ae858f0a879835c91e32
2013-03-27 15:56:12 -07:00
Geremy Condra
17a41bdb65 Drop MLS separation for compatibility.
Change-Id: I555361d732b8f1bdc90c231a3183a85526a5a558
2013-03-27 15:14:48 -07:00
William Roberts
8b92506821 am e693ed7c: Remove the su domain from -user builds.
* commit 'e693ed7c187804b3b1ae49bf0d31bd43e7a19e08':
  Remove the su domain from -user builds.
2013-03-27 13:55:33 -07:00
Geremy Condra
2d580ddc16 am 16820182: Merge "Expand insertkeys.py script to allow union of files."
* commit '1682018210077f27a04cd992c660ab7b21a21afc':
  Expand insertkeys.py script to allow union of files.
2013-03-27 13:55:32 -07:00
Geremy Condra
ebbee43efb am e69552ba: Revert "Revert "Various minor policy fixes based on CTS.""
* commit 'e69552ba2d76174d443d1b8457295e4d72f2a986':
  Revert "Revert "Various minor policy fixes based on CTS.""
2013-03-27 13:55:32 -07:00
William Roberts
e693ed7c18 Remove the su domain from -user builds.
Change-Id: I86f2f28f7c558b8e9a70e5aa9ebcfa8bf26f9ef7
2013-03-27 13:39:12 -07:00
Robert Craig
350d2ae9c9 am 65d4f44c: Various policy updates.
* commit '65d4f44c1fd999d9cf9c4ef4dc65deb71bafcd8e':
  Various policy updates.
2013-03-27 13:37:13 -07:00
Geremy Condra
1682018210 Merge "Expand insertkeys.py script to allow union of files." 2013-03-27 20:36:07 +00:00
Geremy Condra
e69552ba2d Revert "Revert "Various minor policy fixes based on CTS.""
This reverts commit ba84bf1dec

Hidden dependency resolved.

Change-Id: I9f0844f643abfda8405db2c722a36c847882c392
2013-03-27 20:34:51 +00:00
Robert Craig
7f2392eeb0 Expand insertkeys.py script to allow union of files.
Allow script to union mac_permissions.xml files
specified using the BOARD_SEPOLICY_DIRS and
BOARD_SEPOLICY_UNION constructs.

Change-Id: I4fc65fd1ab4c612f25e966f030247e54a270b614
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
2013-03-27 20:34:29 +00:00
Robert Craig
65d4f44c1f Various policy updates.
Assortment of policy changes include:
 * Bluetooth domain to talk to init and procfs.
 * New device node domains.
 * Allow zygote to talk to its executable.
 * Update system domain access to new device node domains.
 * Create a post-process sepolicy with dontaudits removed.
 * Allow rild to use the tty device.

Change-Id: Ibb96b590d0035b8f6d1606cd5e4393c174d10ffb
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
2013-03-27 06:30:25 -04:00
Geremy Condra
d0d06251b9 am bf539bf3: Merge "Fix makefile error with ANDROID_BUILD_TOP"
* commit 'bf539bf363c0361e3bac8ffd5e15c7ec8c514fdb':
  Fix makefile error with ANDROID_BUILD_TOP
2013-03-26 16:51:13 -07:00
Geremy Condra
32866846e4 am edf7b4c8: Revert "Revert "Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml""""
* commit 'edf7b4c861144764d0bc17436064d52e7147f916':
  Revert "Revert "Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml""""
2013-03-26 16:51:13 -07:00
Geremy Condra
bf539bf363 Merge "Fix makefile error with ANDROID_BUILD_TOP" 2013-03-26 22:31:21 +00:00
Geremy Condra
edf7b4c861 Revert "Revert "Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml""""
This reverts commit 60d4d71ead

This should (finally) be fixed in https://android-review.googlesource.com/#/c/54730/

Change-Id: I3dd358560f7236f28387ffbe247fc2b004e303ea
2013-03-26 22:19:03 +00:00
William Roberts
52fc95d1b7 Fix makefile error with ANDROID_BUILD_TOP
Use TOP instead of ANDROID_BUILD_TOP

Fix spelling issues in keys.conf

Change-Id: Ib90b3041af5ef68f30f4ab78c768ad225987ef2d
2013-03-26 14:10:47 -07:00
Geremy Condra
9826c65676 am 60d4d71e: Revert "Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml"""
* commit '60d4d71ead9e9ac96e9cb81380c254bac3a9df4f':
  Revert "Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml"""
2013-03-26 13:03:45 -07:00
Geremy Condra
60d4d71ead Revert "Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml"""
This reverts commit cd4104e84b

This builds clean locally, but seems to explode on the build servers. Reverting until there's a solution.

Change-Id: I09200db37c193f39c77486d5957a8f5916e38aa0
2013-03-26 19:45:18 +00:00
Geremy Condra
829944e85d am 82fe3d24: Merge "Revert "Rewrite mac_permissions.xml file.""
* commit '82fe3d249f40629fe40f4feed258cccd95b2a374':
  Revert "Rewrite mac_permissions.xml file."
2013-03-26 12:31:38 -07:00
Geremy Condra
82fe3d249f Merge "Revert "Rewrite mac_permissions.xml file."" 2013-03-26 19:12:17 +00:00
Geremy Condra
31d1a40b2e Revert "Rewrite mac_permissions.xml file."
This reverts commit b24c30b4ed

Reverting the changes that depend on insertkeys until the issues there are resolved.

Change-Id: Ie7e0d6657d8e7cfb44fc3efa2f99c8d1011a0fe1
2013-03-26 19:12:02 +00:00
Geremy Condra
2a6d0ace88 am 1620c671: Merge "Introduce security labels for 2 new device nodes."
* commit '1620c671f2b946333958d07420643caf98534a01':
  Introduce security labels for 2 new device nodes.
2013-03-26 11:58:08 -07:00
Robert Craig
5a55c1196c am b24c30b4: Rewrite mac_permissions.xml file.
* commit 'b24c30b4ed5304d3df41bbd9452762e8e3555c12':
  Rewrite mac_permissions.xml file.
2013-03-26 11:58:08 -07:00
Geremy Condra
1620c671f2 Merge "Introduce security labels for 2 new device nodes." 2013-03-26 18:46:40 +00:00
Geremy Condra
7a85285843 am cd4104e8: Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml""
* commit 'cd4104e84b438827fddd6a7fe6cb86e91392152d':
  Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml""
2013-03-26 11:41:44 -07:00
Robert Craig
b24c30b4ed Rewrite mac_permissions.xml file.
Rewrite all stanzas to only include seinfo tags.

Change-Id: I4d528ce092ec8d1aac15195ed3a8e307d604607e
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
2013-03-26 11:36:46 -07:00
Geremy Condra
cd4104e84b Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml""
This reverts commit 1446e714af

Hidden dependency has been resolved.

Change-Id: Ia535c0b9468ea5f705dff9813186a7fa8bab84ae
2013-03-26 18:19:34 +00:00
Robert Craig
f62af81817 Introduce security labels for 2 new device nodes.
iio: Industrial I/O subsystem
usb_accessory: accessory protocol for usb

Allow system access in both cases.

Change-Id: I02db9775ec2ddaaeda40fae6d5e56e320957b09c
Signed-off-by: Robert Craig <rpcraig@tycho.ncsc.mil>
2013-03-26 08:38:58 -04:00
Geremy Condra
a851e6dab9 am c3295802: Merge "New users need a wallpaper_file type."
* commit 'c3295802d7fb22213c073705480d1c1314d71d27':
  New users need a wallpaper_file type.
2013-03-22 18:43:41 -07:00
Geremy Condra
c3295802d7 Merge "New users need a wallpaper_file type." 2013-03-23 01:36:58 +00:00
Geremy Condra
56b2981db5 am eee138c2: Merge "Allow zygote to search tmpfs."
* commit 'eee138c2db6916a2b965819b1c25f10c490c329a':
  Allow zygote to search tmpfs.
2013-03-22 18:29:06 -07:00
rpcraig
b035d80ced am 41e53901: New dev_types and other minor adjustments.
* commit '41e539010df1fa58abf6b57959ea30a05ff80102':
  New dev_types and other minor adjustments.
2013-03-22 18:29:06 -07:00
Geremy Condra
eee138c2db Merge "Allow zygote to search tmpfs." 2013-03-23 01:23:13 +00:00
rpcraig
c5baaff7a6 New users need a wallpaper_file type.
Change-Id: I7ff4ed9f73f43918cac05a026af68cca8dbe02c3
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-03-22 18:17:04 -07:00
rpcraig
48b2a36cbf am 905e316d: Make ion_device mls trusted.
* commit '905e316d0b9f2a913f61a6344bc9bafe2fa66671':
  Make ion_device mls trusted.
2013-03-22 18:13:55 -07:00