Commits

Show all
Author Commit Message Labels Comments Date
Stephen Smalley
Revert "Added SELinux enforcing status and booleans keys to secure system settings." This reverts commit a44d69367c3843bdbc30131f09c7008f79c27b3d.
Joman Chu
Update constant names to match seandroid branch
Stephen Smalley
Regenerate current.txt
Joman Chu
Sync seandroid with Device Policy edits from master
Joman Chu
Fix bug where MMAC policy file could be removed by an unauthorized Device Admin
Joman Chu
Change policy methods to use handles De-duplicates code and simplifies the API. We now support deleting the five different policy files. Policy files in /data/system were being deleted on boot, even if there was no Device Admin. Policy files now should only be deleted if a Device Admin requests it or if the Device/SELinux/MMAC Admin is going away and that file was previously set by the Admin.
Robert Craig
Minor adjustment to per-package parsing of SELinuxMMAC. Ensure that we can't have package inside package.
Stephen Smalley
Revert "Minor adjustment to per-package parsing of SELinuxMMAC." This reverts commit 8d86b2e299c0056be5577febcb00ad3e9246dc2e.
Robert Craig
Minor adjustment to per-package parsing of SELinuxMMAC. Ensure that we can't have package inside package.
Robert Craig
Add inner per-package parsing to SELinuxMMAC. This patch covers the cases where an inner package stanza appears within a sig or default stanza. Also including some more unit tests.
robert craig
SELinuxMMAC additions for install policy. Add parsing for signature/default/package stanzas and more unit tests. Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
robert craig
Add seinfo parsing to PackageManagerService. This patch brings internal branch inline with patches submitted to AOSP. Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
Joman Chu
Support changing SELinux and MMAC settings by Device Admin apps
Robert Craig
Pass seinfo string when setting label on lib dir. Allow installd to include the seinfo string when setting the security context for newly created lib directories for each app.
Robert Craig
Changes per AOSP comments 38910.
Robert Craig
Proper labeling of multi-user data directories. When a new user is created, its data directories are created based on exisitng /data/data ones. However, the proper security label is not used during the creation (seinfo is null in these cases). These patches take the existing labels from the /data/data directories (getfilecon) and apply them to the newly created ones (setfilecon). The seinfo is not available within installd and therefore would a…
Robert Craig
restorecon /data/anr directory
Robert Craig
Have installd pass seinfo string to libselinux. Also rework PMS to have the seinfo string to default to the empty string ("") when not present in mac_permissions.xml.
Robert Craig
Allow seinfo to be passed to installd. When creating the data directories for apps, allow an additional string to be passed to installd to be used for selecting the type. This commit only augments the wire language for installd. No changes reflect actual policy adjustments or new labeling.
Robert Craig
Install-time MAC checking, including seinfo support. Conflicts: services/java/com/android/server/am/ActivityManagerService.java services/java/com/android/server/pm/PackageManagerService.java
Joshua Brindle
s/LOGE/ALOGE/ in HAVE_SELINUX blocks Change-Id: I626588589dd00775ba29f2a256ac29e481598dc3
Stephen Smalley
Added SELinux enforcing status and booleans keys to secure system settings. Conflicts: core/java/android/provider/Settings.java
Stephen Smalley
Modify the WallpaperManagerService to restorecon the wallpaper file. Conflicts: services/java/com/android/server/WallpaperManagerService.java
Stephen Smalley
Introduce a restorecon JNI binding and use it to label the vmdl.*\.tmp files and the final .apk file differently. Conflicts: services/java/com/android/server/pm/PackageManagerService.java
Stephen Smalley
Pass additional inputs when spawning apps via the Zygote and add SELinux permission checks. When spawning an app process, the ActivityManagerService has additional information about the app package that may be useful in setting a SELinux security context on the process. Extend the Process.start() interface to allow passing such information to the Zygote spawner. We originally considered using the existing zygoteArgs argument, but found that those arguments are appended after the class …
Stephen Smalley
Add JNI bindings for some of the libselinux interfaces. Change-Id: Ifcc68cb06f9f56a04f3bc64dd9906a9436fabc88 Conflicts: core/jni/Android.mk core/jni/AndroidRuntime.cpp
Stephen Smalley
Modify installd to set the SELinux security context on package directories. installd already sets the UID/GID/mode for package directories. Extend it to also call libselinux to set the SELinux security context. Change-Id: I22d38e3e7facdfcee20a34bf30f1412dbb87761f Conflicts: cmds/installd/commands.c
Christopher Tate
DO NOT MERGE - Full (local) restore security changes (1) Prevent full restore from creating files/directories that are accessible by other applications (2) Don't restore filesets from "system" packages; i.e. any that runs as a special uid, unless they define their own agent for handling the restore process. Bug 7168284 This is a cherry-pick from the originating tree. Change-Id: I9f39ada3c4c3b7ee63330b015e62745e84ccb58f
John Wang
Show plmn in emergency call allowed mode. When emergency call is allowed, plmn string is used to pass up the "Emergency calls only" string. This change set showPlmn to true in that situation regardless the SIMRecords.SPN_RULE_SHOW_PLMN value. bug:7103854 Change-Id: I35ce0cc265d648191cb3b5f87261895f862143db
Victoria Lease
Get your own cursor Drawables, WebViewClassic! These are shared resources! You can't just animate *everyone's* cursors! Bug: 7110290 Change-Id: Icdc86af4fba427a352019cd3e2017f97a3b9fdba
  1. Prev
  2. Next