Commits

Stephen Smalley  committed e8eded8 Merge with conflicts

Merge branch 'master' into seandroid

Conflicts:
surfaceflinger.te
system_server.te

  • Participants
  • Parent commits 9d6f462, cd95e0a
  • Branches seandroid, seandroid-4.3 1
    1. seandroid-4.4

Comments (0)

Files changed (7)

 type default_prop, property_type;
 type shell_prop, property_type;
+type debug_prop, property_type;
 type radio_prop, property_type;
 type system_prop, property_type;
 type vold_prop, property_type;

File property_contexts

 dhcp.                   u:object_r:system_prop:s0
 bluetooth.              u:object_r:bluetooth_prop:s0
 
-debug.                  u:object_r:shell_prop:s0
+debug.                  u:object_r:debug_prop:s0
 log.                    u:object_r:shell_prop:s0
 service.adb.root        u:object_r:shell_prop:s0
 service.adb.tcp.port    u:object_r:shell_prop:s0

File surfaceflinger.te

 init_daemon_domain(surfaceflinger)
 typeattribute surfaceflinger mlstrustedsubject;
 
-# mprotect RWX
-allow surfaceflinger self:process execmem;
-
 # Talk to init over the property socket.
 unix_socket_connect(surfaceflinger, property, init)
 

File system_app.te

 # Allow settings app to read from asec
 allow system_app asec_apk_file:dir search;
 allow system_app asec_apk_file:file r_file_perms;
+
+# Write to properties
+allow system_app system_prop:property_service set;

File system_server.te

 # Property Service write
 allow system_server system_prop:property_service set;
 allow system_server radio_prop:property_service set;
+allow system_server debug_prop:property_service set;
+allow system_server powerctl_prop:property_service set;
 
 # ctl interface
 allow system_server ctl_default_prop:property_service set;

File tools/Android.mk

 LOCAL_MODULE := checkseapp
 LOCAL_MODULE_TAGS := optional
 LOCAL_C_INCLUDES := external/libsepol/include/
-LOCAL_CFLAGS := -DLINK_SEPOL_STATIC
+LOCAL_CFLAGS := -DLINK_SEPOL_STATIC -Wall -Werror
 LOCAL_SRC_FILES := check_seapp.c
 LOCAL_STATIC_LIBRARIES := libsepol
 

File tools/check_seapp.c

  * @param rm
  * 	rule map to be freed.
  */
-static void rule_map_free(rule_map *rm, rule_map_switch s) {
+static void rule_map_free(rule_map *rm,
+		rule_map_switch s __attribute__((unused)) /* only glibc builds, ignored otherwise */) {
 
 	size_t i;
 	size_t len = rm->length;