Skip to content
Snippets Groups Projects
Select Git revision
  • test default
1 result
Search by author
  • Any Author
  • Admin, Lime Admin, Lime lime_admin
  • CodeLinaro CodeLinaro codelinaro
  • CodeLinaro Hoperun CodeLinaro Hoperun hoperun
  • Joshua S. (Stage) Joshua S. (Stage) joshua.sickmeyer
  • Park, Jae Woo Park, Jae Woo jaewpark
5 authors
  1. Apr 06, 2015
    • Andres Morales's avatar
      SELinux permissions for gatekeeper TEE proxy · e207986e
      Andres Morales authored 
      sets up:
- execute permissions
- binder permission (system_server->gatekeeper->keystore)
- prevents dumpstate and shell from finding GK binder service
- neverallow rules for prohibited clients

Change-Id: I1817933a91de625db469a20c7a4c8e2ca46efa1e
      e207986e
    • dcashman's avatar
      Assign app_api_service attribute to services. · 4cdea7fc
      dcashman authored 
      Assign the alarm, appwidget, assetatlas, audio, backup and batterystats services
the appropriate service access levels and move into enforcing.

Bug: 18106000
Change-Id: If3210bb25f3076edfdb6eec36ef6521ace1bd8d7
      4cdea7fc
  3. Apr 03, 2015
    • dcashman's avatar
      Assign app_api_service attribute to services. · b075338d
      dcashman authored 
      Move accessibility, account, appops and activity services into enforcing with
app_api_service level of access, with additional grants to mediaserver and
isolated app.

Bug: 18106000
Change-Id: I1d5a79b9223026415f1690e8e9325ec4c270e3dd
      b075338d
    • dcashman's avatar
      Add system_api_service and app_api_service attributes. · d12993f0
      dcashman authored 
      System services differ in designed access level.  Add attributes reflecting this
distinction and label services appropriately.  Begin moving access to the newly
labeled services by removing them from tmp_system_server_service into the newly
made system_server_service attribute.  Reflect the move of system_server_service
from a type to an attribute by removing access to system_server_service where
appropriate.

Change-Id: I7fd06823328daaea6d6f96e4d6bd00332382230b
      d12993f0
  5. Mar 27, 2015
  7. Mar 19, 2015
  9. Jan 29, 2015
  11. Jan 14, 2015
    • dcashman's avatar
      Make system_server_service an attribute. · 4a89cdfa
      dcashman authored 
      Temporarily give every system_server_service its own
domain in preparation for splitting it and identifying
special services or classes of services.

Change-Id: I81ffbdbf5eea05e0146fd7fd245f01639b1ae0ef
      4a89cdfa
  13. Jul 01, 2014
    • Riley Spahn's avatar
      Add imms service and system_app_service type. · b1ec3dfa
      Riley Spahn authored 
      Map imms to system_app_service in service_contexts and add
the system_app_service type and allow system_app to add the
system_app_service.

Bug: 16005467
Change-Id: I06ca75e2602f083297ed44960767df2e78991140
      b1ec3dfa
  15. Jun 26, 2014
  17. Jun 12, 2014
    • Riley Spahn's avatar
      Add SELinux rules for service_manager. · f90c41f6
      Riley Spahn authored 
      Add a service_mananger class with the verb add.
Add a type that groups the services for each of the
processes that is allowed to start services in service.te
and an attribute for all services controlled by the service
manager. Add the service_contexts file which maps service
name to target label.

Bug: 12909011
Change-Id: I017032a50bc90c57b536e80b972118016d340c7d
      f90c41f6