Commits

Author Commit Message Labels Comments Date
joshua_brindle
Robert Craig
Update for lollipop. Change from passing a path to the policy bundle to using a file descriptor delivered via a FileProvider. The ConfigUpdater receiver for policy updates has changed to avoid needing a world-readable file.
Robert Craig
Switch the action of the intent broadcast for ifw updates. It seems that base/core/res/AndroidManifest.xml which describes the broadcast receiver for ifw updates already has a receiver stanza describing UPDATE_INTENT_FIREWALL versus our own UPDATE_IFW. Thus, switch the action string that is broadcast by this app.
Robert Craig
Drop references to updating mac_permissions.xml The abiltiy to update mac_permissions.xml has now be added to the general sepolicy update bundle.
Robert Craig
Restrict SEAdmin app from restricted profile users. The functionality inside SEAdmin shouldn't be available to restricted users. Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
Robert Craig
Force locked ops to always be in the off position. Locked ops from an eops.xml policy should be conveyed to the user in some manner. For now, simply force the switch of all locked ops to be in the off position. The user will be able to move the switch to the on position but have the switch quickly moved back to the off position. This code is simply a placeholder for now til an alternate solution can be achieved. Notice, at no time are any of the l…
Robert Craig
Add AppOps management console code. This will allow us to drop our Settings.apk changes and subsequently drop tracking that project. The functionality offered here is similar in nature. Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
Stephen Smalley
Fix a couple of typos. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Robert Craig
Rewrite SEAdmin b/c of DPMS deprecation. DevicePolicyManagerService has dropped all SELinux and MMAC interaction. This includes enforcing status change, boolean support, and policy file reload ability. This patch set rewrites SEAdmin with these new constraints.
Robert Craig
Drop more code references to SELinux, MMAC enforcing.
Robert Craig
Drop ability to toggle selinux enforcing. This ability was stripped by policy. Remove dead code to not confuse people.
Robert Craig
Drop MMAC enforcing ability. Recent changes to install-time MAC code means we're always in enforcing mode without the ability toggle.
Robert Craig
New update mechanism for intent firewall bundles.
Robert Craig
Use the isValidFragment override in our main Activity. This will allow us to move the targetSdkVersion beyond 18 and avoid the subsequent security exception that is thrown on 4.4 (api_19) devices.
Robert Craig
Make SEAdmin a PRIVILEGED_MODULE. Move SEAdmin to /system/priv-app so that system protected permissions are granted on install. This directly affects both the ACCESS_CACHE and WRITE_SECURE_SETTINGS permission requests.
Stephen Smalley
Target API version 18 until we can update the code. API 19 imposes a new requirement that crashes SEAdmin otherwise. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
robert craig
Add code to allow mmac policy updates. New code allows eops.xml and mac_permissions.xml updates via the buildbundle route b/c of new tools under external/sepolicy. New code hooks into the ConfigUpdateInstallReceiver are then used by to deliver the new policy bundles.
joshua_brindle
Re-enable property_context, file_context and seapp_context reload These now work on UMBGA I9505, though not necessarilly on other models.
Branches
samsung-API
Robert Craig
Update policy reload mechanism. Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
Robert Craig
Update SEAdmin to allow config updates. Add new option to allow OTA config bundle updates. Think about using the new buildbundle tool out in external/sepolicy/tools to help with the construction of the zip file. Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
joshua_brindle
Stephen Smalley
Revert "Add copyright notices." This reverts commit 2ace08d7f8f317346e4fad7817863b988ea78736. SEAdmin is public domain.
joshua_brindle
build outside of tree and use Samsung API's Change all resource id's to be local add android.os.SELinux to build outside of tree add stubs for SEAndroidPolicy switch API's to ones present on GS4 Add guava Add eclipse files
Branches
samsung-API
Stephen Smalley
Merge branch 'master' into intent_mac
Branches
intent_mac
Stephen Smalley
Rename and update strings for SEAdmin. Eliminate "SEAndroid" or "SE Android" from package name and strings. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Stephen Smalley
Merge branch 'dogfood-seandroid' into intent_mac
Branches
intent_mac
Robert Craig
Changes to reflect moving seinfo inside PMS. Moving seinfo inside PMS removes the exposed interface to toggle the SELinuxMMAC enforcing mode, or to query its status.
Stephen Smalley
Merge from rpcraig into intent_mac
Branches
intent_mac
Robert Craig
Modify code to use guava api. Simply update intent code to use guava api for reading into byte arrays. Signed-off-by: Robert Craig <rpcraig@tycho.ncsc.mil>
Branches
intent_mac
Robert Craig
Merge branch 'bitbucket/master' into dogfood-intent_mac
Branches
intent_mac
  1. Prev
  2. Next