- Mar 20, 2013
-
-
Geremy Condra authored
-
Stephen Smalley authored
Introduce a levelFrom=none|app|user|all syntax for specifying per-app, per-user, or per-combination level assignment. levelFromUid=true|false remains valid syntax but is deprecated. levelFromUid=true is equivalent to levelFrom=app. Update check_seapp to accept the new syntax. Update seapp_contexts to document the new syntax and switch from levelFromUid=true to levelFrom=app. No change in behavior. Change-Id: Ibaddeed9bc3e2586d524efc2f1faa5ce65dea470 Signed-off-by:Stephen Smalley <sds@tycho.nsa.gov>
-
Geremy Condra authored
-
Geremy Condra authored
-
- Mar 19, 2013
-
-
William Roberts authored
In normal, user builds, shell doesn't have the required DAC permissions to acess the kernel log. Change-Id: I001e6d65f508e07671bdb71ca2c0e1d53bc5b970
-
Geremy Condra authored
This reverts commit 22fc0410 Change-Id: I2d91b1262e8d0e82a21ea7c5333b1e86f3ed9bee
-
William Roberts authored
Change-Id: I5d5362ad0055275052b0c2ba535b599a8e26112e
-
rpcraig authored
Initial policy for software watchdog daemon which is started by init. Change-Id: I042a5b1698bf53ce2e50ea06851c374e5123ee2c Signed-off-by:rpcraig <rpcraig@tycho.ncsc.mil>
-
Stephen Smalley authored
The binder_transfer_binder hook was changed in the kernel, obsoleting the receive permission and changing the target of the transfer permission. Update the binder-related policy to match the revised permission checking. Change-Id: I1ed0dadfde2efa93296e967eb44ca1314cf28586 Signed-off-by: -
Stephen Smalley authored
Change-Id: Ie79ff3fb9c0a893e348c4adb2f457cae42d7800f Signed-off-by: -
Stephen Smalley authored
Change-Id: Ie58185519252dad29a23d0d3d54b1cbafea83a83 Signed-off-by: -
Stephen Smalley authored
Change-Id: I8265e34a76913a76eedd2d7a6fe3b14945fde924 Signed-off-by: -
Stephen Smalley authored
Change-Id: Iad4ad43ce7ba3c00b69b7aac752b40bc2d3be002 Signed-off-by: -
Geremy Condra authored
-
Geremy Condra authored
-
Stephen Smalley authored
Change-Id: I384ea9516a5ed2369f7fa703499e284e29a2c0eb Signed-off-by: -
Geremy Condra authored
-
Robert Craig authored
Change-Id: If361ea93fabd343728196eed2663fd572ecaa70b Signed-off-by: -
William Roberts authored
Also labels /dev/mpu and /dev/mpuirq as gps device. mpu is motion processing unit and is resposible for gyroscope functionality. Change-Id: If7f1a5752c550b72fac681566e1052f09e139ff0
-
rpcraig authored
Policy covers: * backup_data_file type for labeling all files/dirs under /data dealing with backup mechanism. * cache_backup_file type for labeling all files/dirs under /cache dealing with backup mechanism. This also covers the the use of LocalTransport for local archive and restore testing. * the use of 'adb shell bmgr' to initiate backup mechanism from shell. * the use of 'adb backup/restore' to archive and restore the device's data. Change-Id: I700a92d8addb9bb91474bc07ca4bb71eb4fc840e Signed-off-by: -
Geremy Condra authored
-
Geremy Condra authored
-
Geremy Condra authored
-
Geremy Condra authored
-
Geremy Condra authored
-
- Feb 19, 2013
-
-
Stephen Smalley authored
I8560fa5ad125bf31f0d13be513431697bc7d22bb changed the zygote to limit the bounding capability set to CAP_NET_RAW. This triggers a CAP_SETPCAP check by the kernel, which requires SELinux setpcap permission. Change-Id: Ib910d97dcf708273e2806e2824f4abe9fc239d6d Signed-off-by:
-
- Jan 30, 2013
-
-
William Roberts authored
Change-Id: I1a728cbc78e30c0b43309acc125169528d352f11
-
- Jan 11, 2013
-
-
Stephen Smalley authored
A prior change added an entry for adb_keys without any security context, yielding warnings like the following during build: out/target/product/manta/root/file_contexts: line 7 is missing fields, skipping This adds the missing security context field. Change-Id: If48731c8aa7d22a3f547d0854f288ff68f9006da Signed-off-by:
-
- Dec 21, 2012
-
-
Colin Cross authored
It may be useful to generate an ext4 image of the root filesystem instead of using a ramdisk. Whitelist entries in file_contexts to support selinux labeling a root filesystem image. Change-Id: I91a38d0aee4408c46cbfe5dc5e6eda198572e90f
-
- Dec 08, 2012
-
-
William Roberts authored
Support the inseretion of the public key from pem files into the mac_permissions.xml file at build time. Change-Id: Ia42b6cba39bf93723ed3fb85236eb8f80a08962a
-
- Dec 05, 2012
-
-
William Roberts authored
Support overriding ma_permissions.xml in BOARD_SEPOLICY_REPLACE Change-Id: If0bca8bf29bc431a291b6d7b20de132e68cd6a79
-
rpcraig authored
Generic init.rc allows any process to use socket tagging. Adjust app policy to ensure that any app can read from the misc device. Change-Id: I4076f0fbc1795f57a4227492f6bfc39a4398ffa5 Signed-off-by:
-
- Nov 28, 2012
-
-
William Roberts authored
Change-Id: Ieaff9f3362c71e25e5c8e7204397a85ff14fff97
-
William Roberts authored
label all persist.audio.* properties and allow mediaserver access to them. Change-Id: If5755d9783dce298e66a25bcb7f17ff17bd83ea7
-
- Nov 27, 2012
-
-
William Roberts authored
Change-Id: I7b6ad050051854120dc8031b17da6aec0e644be3
-
Stephen Smalley authored
Add policy for run-as program and label it in file_contexts. Drop MLS constraints on local socket checks other than create/relabel as this interferes with connections with services, in particular for adb forward. Change-Id: Ib0c4abeb7cbef559e150a620c45a7c31e0531114 Signed-off-by: -
Kenny Root authored
-
William Roberts authored
Change-Id: I06ea2b400cc826c684b6ad25e12b021c2667b48a
-
William Roberts authored
This README intends to document the various configuration options that exist for specifiying device specific additions to the policy. Change-Id: I7db708429a67deeb89b0c155a116606dcbbbc975
-
- Nov 19, 2012
-
-
Stephen Smalley authored
Update policy for Android 4.2 / latest master. Primarily this consists of changes around the bluetooth subsystem. The zygote also needs further permissions to set up /storage/emulated. adbd service now gets a socket under /dev/socket. keystore uses the binder. Change-Id: I8c5aeb8d100313c75169734a0fa614aa974b3bfc Signed-off-by:
-
