tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/public
History
Mark Salyzyn d33a9a194b logd: restrict access to /dev/event-log-tags 
Create an event_log_tags_file label and use it for
/dev/event-log-tags.  Only trusted system log readers are allowed
direct read access to this file, no write access.  Untrusted domain
requests lack direct access, and are thus checked for credentials via
the "plan b" long path socket to the event log tag service.

Test: gTest logd-unit-tests, liblog-unit-tests and logcat-unit-tests
Bug: 31456426
Bug: 30566487
Change-Id: Ib9b71ca225d4436d764c9bc340ff7b1c9c252a9e
2017-01-31 15:50:15 +00:00
..
adbd.te more ephemeral_app cleanup 2017-01-20 14:35:17 +00:00
atrace.te Fix build. 2016-12-06 16:49:25 -08:00
attributes Preliminary policy for hal_keymaster (TREBLE) 2017-01-27 15:02:57 -08:00
audioserver.te te_macros: introduce add_service() macro 2017-01-26 04:43:16 +00:00
binderservicedomain.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
blkid.te remove more domain_deprecated 2016-12-09 19:57:43 -08:00
blkid_untrusted.te remove more domain_deprecated 2016-12-09 19:57:43 -08:00
bluetooth.te logd: restrict access to /dev/event-log-tags 2017-01-31 15:50:15 +00:00
bluetoothdomain.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
boot_control_hal.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
bootanim.te Add sepolicy for hwcomposer HAL 2016-11-14 01:54:33 +00:00
bootstat.te logd: restrict access to /dev/event-log-tags 2017-01-31 15:50:15 +00:00
cameraserver.te Camera: grant system file perm for Treble 2017-01-30 14:52:21 -08:00
charger.te healthd: create SEPolicy for 'charger' and reduce healthd's scope 2016-12-15 18:17:13 -08:00
clatd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
cppreopts.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
crash_dump.te Introduce crash_dump debugging helper. 2017-01-18 15:03:24 -08:00
device.te Auditing init and ueventd access to chr device files. 2017-01-13 17:38:39 +00:00
dex2oat.te SElinux policies for compiling secondary dex files 2017-01-24 14:28:07 -08:00
dhcp.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
dnsmasq.te remove more domain_deprecated 2016-12-09 19:57:43 -08:00
domain.te Add sepolicy for drm HALs 2017-01-25 11:21:03 -08:00
domain_deprecated.te Introduce crash_dump debugging helper. 2017-01-18 15:03:24 -08:00
drmserver.te te_macros: introduce add_service() macro 2017-01-26 04:43:16 +00:00
dumpstate.te logd: restrict access to /dev/event-log-tags 2017-01-31 15:50:15 +00:00
ephemeral_app.te Move ephemeral_app policy to private 2017-01-09 15:34:27 -08:00
file.te logd: restrict access to /dev/event-log-tags 2017-01-31 15:50:15 +00:00
fingerprintd.te te_macros: introduce add_service() macro 2017-01-26 04:43:16 +00:00
fsck.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
fsck_untrusted.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
gatekeeperd.te Remove hal_gatekeeper from gatekeeperd domain 2017-01-26 07:17:51 -08:00
global_macros Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
hal_allocator.te haldomain: add hwbinder_use 2017-01-18 09:47:50 -08:00
hal_audio.te haldomain: add hwbinder_use 2017-01-18 09:47:50 -08:00
hal_bluetooth.te haldomain: add hwbinder_use 2017-01-18 09:47:50 -08:00
hal_boot.te haldomain: add hwbinder_use 2017-01-18 09:47:50 -08:00
hal_camera.te haldomain: search for passthrough hals 2017-01-24 16:41:00 -08:00
hal_contexthub.te haldomain: add hwbinder_use 2017-01-18 09:47:50 -08:00
hal_drm.te Add sepolicy for drm HALs 2017-01-25 11:21:03 -08:00
hal_dumpstate.te haldomain: add hwbinder_use 2017-01-18 09:47:50 -08:00
hal_fingerprint.te haldomain: search for passthrough hals 2017-01-24 16:41:00 -08:00
hal_gatekeeper.te haldomain: add hwbinder_use 2017-01-18 09:47:50 -08:00
hal_gnss.te haldomain: add hwbinder_use 2017-01-18 09:47:50 -08:00
hal_graphics_allocator.te haldomain: add hwbinder_use 2017-01-18 09:47:50 -08:00
hal_graphics_composer.te more ephemeral_app cleanup 2017-01-20 14:35:17 +00:00
hal_health.te haldomain: add hwbinder_use 2017-01-18 09:47:50 -08:00
hal_ir.te haldomain: add hwbinder_use 2017-01-18 09:47:50 -08:00
hal_keymaster.te Preliminary policy for hal_keymaster (TREBLE) 2017-01-27 15:02:57 -08:00
hal_light.te hal_light: add permission to sys/class/leds. 2017-01-20 00:17:11 +00:00
hal_nfc.te haldomain: add hwbinder_use 2017-01-18 09:47:50 -08:00
hal_telephony.te haldomain: add hwbinder_use 2017-01-18 09:47:50 -08:00
hal_thermal.te haldomain: add hwbinder_use 2017-01-18 09:47:50 -08:00
hal_usb.te sepolicy for usb hal 2017-01-27 00:05:19 +00:00
hal_vibrator.te haldomain: add hwbinder_use 2017-01-18 09:47:50 -08:00
hal_vr.te haldomain: add hwbinder_use 2017-01-18 09:47:50 -08:00
hal_wifi.te haldomain: add hwbinder_use 2017-01-18 09:47:50 -08:00
healthd.te te_macros: introduce add_service() macro 2017-01-26 04:43:16 +00:00
hostapd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
hwservicemanager.te hwbinder_use: allow for hwservicemanager callbacks. 2016-12-15 14:17:27 -08:00
idmap.te remove more domain_deprecated 2016-12-09 19:57:43 -08:00
init.te logd: restrict access to /dev/event-log-tags 2017-01-31 15:50:15 +00:00
inputflinger.te te_macros: introduce add_service() macro 2017-01-26 04:43:16 +00:00
install_recovery.te install_recovery.te: remove domain_deprecated 2017-01-09 16:47:36 +00:00
installd.te te_macros: introduce add_service() macro 2017-01-26 04:43:16 +00:00
ioctl_defines Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
ioctl_macros Add TCSETS to unpriv_tty_ioctls 2016-12-07 15:59:34 -08:00
isolated_app.te Move isolated_app policy to private 2017-01-05 16:06:54 -08:00
kernel.te kernel.te: tighten entrypoint / execute_no_trans neverallow 2016-10-30 18:46:44 -07:00
keystore.te Preliminary policy for hal_keymaster (TREBLE) 2017-01-27 15:02:57 -08:00
lmkd.te more ephemeral_app cleanup 2017-01-20 14:35:17 +00:00
logd.te logd: restrict access to /dev/event-log-tags 2017-01-31 15:50:15 +00:00
logpersist.te logpersist: do not permit dynamic transition to domain 2016-12-29 09:29:36 -08:00
mdnsd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
mediacodec.te te_macros: introduce add_service() macro 2017-01-26 04:43:16 +00:00
mediadrmserver.te te_macros: introduce add_service() macro 2017-01-26 04:43:16 +00:00
mediaextractor.te te_macros: introduce add_service() macro 2017-01-26 04:43:16 +00:00
mediametrics.te te_macros: introduce add_service() macro 2017-01-26 04:43:16 +00:00
mediaserver.te te_macros: introduce add_service() macro 2017-01-26 04:43:16 +00:00
mtp.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
net.te Allow ephemeral apps network connections 2016-11-14 12:24:51 -08:00
netd.te te_macros: introduce add_service() macro 2017-01-26 04:43:16 +00:00
neverallow_macros Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
nfc.te te_macros: introduce add_service() macro 2017-01-26 04:43:16 +00:00
otapreopt_chroot.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
otapreopt_slot.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
perfprofd.te Fix build. 2016-12-06 16:49:25 -08:00
platform_app.te Move platform_app policy to private 2017-01-09 14:52:59 -08:00
postinstall.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
postinstall_dexopt.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
ppp.te domain_deprecated.te: remove /proc/net access 2016-11-30 15:23:26 -08:00
preopt2cachename.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
priv_app.te Move priv_app policy to private 2017-01-05 15:44:32 -08:00
profman.te profman/debuggerd: allow libart_file:file r_file_perms 2016-11-08 09:28:28 -08:00
property.te property: add persist.hal.binderization 2017-01-26 06:06:24 +00:00
racoon.te racoon: Add SIOCSIFNETMASK 2017-01-24 17:12:58 -08:00
radio.te te_macros: introduce add_service() macro 2017-01-26 04:43:16 +00:00
recovery.te recovery: Allow accessing sysfs_leds. 2017-01-30 14:25:32 -08:00
recovery_persist.te sepolicy: add version_policy tool and version non-platform policy. 2016-12-06 08:56:02 -08:00
recovery_refresh.te sepolicy: add version_policy tool and version non-platform policy. 2016-12-06 08:56:02 -08:00
rild.te Grant rild and gatekeeperd access to hwservicemanager 2017-01-20 13:01:47 -08:00
roles sepolicy: add version_policy tool and version non-platform policy. 2016-12-06 08:56:02 -08:00
runas.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
sdcardd.te Allow sdcardd to remount sdcardfs 2016-11-28 16:10:27 -08:00
service.te rename mediaanalytics->mediametrics, wider access 2017-01-24 16:57:19 -08:00
servicemanager.te Remove domain_deprecated from some domains. 2016-11-25 17:37:30 -08:00
sgdisk.te remove more domain_deprecated 2016-12-09 19:57:43 -08:00
shared_relro.te Restore app_domain macro and move to private use. 2016-12-08 14:42:43 -08:00
shell.te property: add persist.hal.binderization 2017-01-26 06:06:24 +00:00
slideshow.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
su.te Introduce crash_dump debugging helper. 2017-01-18 15:03:24 -08:00
surfaceflinger.te logd: restrict access to /dev/event-log-tags 2017-01-31 15:50:15 +00:00
system_app.te Move system_app policy to private 2017-01-05 17:20:28 -08:00
system_server.te logd: restrict access to /dev/event-log-tags 2017-01-31 15:50:15 +00:00
te_macros logd: restrict access to /dev/event-log-tags 2017-01-31 15:50:15 +00:00
tee.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
tombstoned.te tombstoned: temporarily allow write to anr_data_file. 2017-01-23 12:54:03 -08:00
toolbox.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
tzdatacheck.te remove more domain_deprecated 2016-12-09 19:57:43 -08:00
ueventd.te Auditing init and ueventd access to chr device files. 2017-01-13 17:38:39 +00:00
uncrypt.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
untrusted_app.te Move untrusted_app policy to private 2017-01-05 14:39:52 -08:00
update_engine.te te_macros: introduce add_service() macro 2017-01-26 04:43:16 +00:00
update_engine_common.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
update_verifier.te update_verifier: read dir perms 2017-01-24 20:45:18 +00:00
vdc.te remove more domain_deprecated 2016-12-09 19:57:43 -08:00
vold.te Preliminary policy for hal_keymaster (TREBLE) 2017-01-27 15:02:57 -08:00
watchdogd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
webview_zygote.te Move webview_zygote policy to private 2017-01-27 17:01:43 +00:00
wificond.te te_macros: introduce add_service() macro 2017-01-26 04:43:16 +00:00
wpa.te hal_wifi: Allow system_server to access wifi HIDL services 2016-12-12 10:40:14 -08:00
zygote.te Move zygote policy to private 2017-01-26 13:31:16 -08:00