Commits

Author Commit Message Labels Comments Date
Robert Craig
watchdog policy. Initial policy for software watchdog daemon which is started by init.
Branches
6 branches
Robert Craig
New users need a wallpaper_file type.
Branches
6 branches
Robert Craig
Allow Settings app to read sdcard for storage stats. This patch addresses a few denials when the 'Storage' option is selected in the Settings app.
Branches
6 branches
William Roberts
mediaserver.te refactor Change-Id: Ieaff9f3362c71e25e5c8e7204397a85ff14fff97
William Roberts
Label persist audio properties label all persist.audio.* properties and allow mediaserver access to them. Change-Id: If5755d9783dce298e66a25bcb7f17ff17bd83ea7
Stephen Smalley
Generalize levelFromUid support. Introduce a levelFrom=none|app|user|all syntax for specifying per-app, per-user, or per-combination level assignment. levelFromUid=true|false remains valid syntax but is deprecated. levelFromUid=true is equivalent to levelFrom=app. Update check_seapp to accept the new syntax. Update seapp_contexts to document the new syntax and switch from levelFromUid=true to levelFrom=app. No change in behavio…
Branches
6 branches
Joshua Brindle
3rd party VPN applications use a tun device Tun device is created by system and read/written to by the VPN app. This adds a boolean, app_vpn, to allow untrusted_app to act as a VPN client and vpn_app to use if a site wants to lock down 3rd party VPN access to a single, approved client. As an example there is a client signature added to mac_permissions.xml. Change-Id: I41c2c0d4c36029fb79cc28af3df252c285326e7c
Branches
6 branches
William Roberts
Whitespace and doxygen fix Change-Id: I7b6ad050051854120dc8031b17da6aec0e644be3
Stephen Smalley
Merge branch 'master' into seandroid
Branches
6 branches
Stephen Smalley
am e8848726: Add policy for run-as program. * commit 'e8848726553e3abee6033200c98a657c9ca7cdb8': Add policy for run-as program.
Kenny Root
am fdaa7869: Merge "README for configuration of selinux policy" * commit 'fdaa7869a5541b55413f59845dc5f7c56bab0614': README for configuration of selinux policy
William Roberts
am c34a2527: Allow shell to connect to property service * commit 'c34a2527837daeeef51cde0fe77582d51a3bc744': Allow shell to connect to property service
Stephen Smalley
Add policy for run-as program. Add policy for run-as program and label it in file_contexts. Drop MLS constraints on local socket checks other than create/relabel as this interferes with connections with services, in particular for adb forward. Change-Id: Ib0c4abeb7cbef559e150a620c45a7c31e0531114 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Kenny Root
Merge "README for configuration of selinux policy"
William Roberts
Allow shell to connect to property service Change-Id: I06ea2b400cc826c684b6ad25e12b021c2667b48a
Branches
6 branches
William Roberts
Allow shell to connect to property service Change-Id: I06ea2b400cc826c684b6ad25e12b021c2667b48a
William Roberts
README for configuration of selinux policy This README intends to document the various configuration options that exist for specifiying device specific additions to the policy. Change-Id: I7db708429a67deeb89b0c155a116606dcbbbc975
Stephen Smalley
Merge branch 'master' into seandroid
Branches
6 branches
Stephen Smalley
am 61c80d5e: Update policy for Android 4.2 / latest master. * commit '61c80d5ec8632cadcf754eed0986b23284217c06': Update policy for Android 4.2 / latest master.
Robert Craig
Update mac_permissions.xml for 4.2. com.android.providers.media needs MANAGE_USERS and INTERACT_ACROSS_USERS com.android.providers.contacts needs BIND_DIRECTORY_SEARCH
Branches
6 branches
Stephen Smalley
keystore uses the binder now, and adbd requires read to its entrypoint.
Branches
6 branches
Stephen Smalley
Update policy for Android 4.2 / latest master. Update policy for Android 4.2 / latest master. Primarily this consists of changes around the bluetooth subsystem. The zygote also needs further permissions to set up /storage/emulated. adbd service now gets a socket under /dev/socket. keystore uses the binder. Change-Id: I8c5aeb8d100313c75169734a0fa614aa974b3bfc Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Stephen Smalley
Cleanups. With fix for socket labeling, adb socket is labeled with adbd rather than init, so we no longer need the init:unix_stream_socket allow rules. We also can dontaudit zygote fsetid rather than allowing it.
Branches
6 branches
Stephen Smalley
Allow surfaceflinger to transfer reference to init on reply.
Branches
6 branches
Stephen Smalley
Allow binder reference transfer on server reply.
Branches
6 branches
Stephen Smalley
Kill extra whitespace.
Branches
6 branches
Stephen Smalley
Allow transferring refs to servicemanager.
Branches
6 branches
Stephen Smalley
Update for changes to binder security checking.
Branches
6 branches
Stephen Smalley
Further fixes for 4.2.
Branches
6 branches
Stephen Smalley
Policy changes for 4.2.
Branches
6 branches
  1. Prev
  2. Next