Commits

Author Commit Message Labels Comments Date
Robert Craig
Update for lollipop. Change from passing a path to the policy bundle to using a file descriptor delivered via a FileProvider. The ConfigUpdater receiver for policy updates has changed to avoid needing a world-readable file.
Robert Craig
Switch the action of the intent broadcast for ifw updates. It seems that base/core/res/AndroidManifest.xml which describes the broadcast receiver for ifw updates already has a receiver stanza describing UPDATE_INTENT_FIREWALL versus our own UPDATE_IFW. Thus, switch the action string that is broadcast by this app.
Robert Craig
Drop references to updating mac_permissions.xml The abiltiy to update mac_permissions.xml has now be added to the general sepolicy update bundle.
Robert Craig
Restrict SEAdmin app from restricted profile users. The functionality inside SEAdmin shouldn't be available to restricted users. Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
Robert Craig
Force locked ops to always be in the off position. Locked ops from an eops.xml policy should be conveyed to the user in some manner. For now, simply force the switch of all locked ops to be in the off position. The user will be able to move the switch to the on position but have the switch quickly moved back to the off position. This code is simply a placeholder for now til an alternate solution can be achieved. Notice, at no time are any of the l…
Robert Craig
Add AppOps management console code. This will allow us to drop our Settings.apk changes and subsequently drop tracking that project. The functionality offered here is similar in nature. Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
Stephen Smalley
Fix a couple of typos. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Robert Craig
Rewrite SEAdmin b/c of DPMS deprecation. DevicePolicyManagerService has dropped all SELinux and MMAC interaction. This includes enforcing status change, boolean support, and policy file reload ability. This patch set rewrites SEAdmin with these new constraints.
Robert Craig
Drop more code references to SELinux, MMAC enforcing.
Robert Craig
Drop ability to toggle selinux enforcing. This ability was stripped by policy. Remove dead code to not confuse people.
Robert Craig
Drop MMAC enforcing ability. Recent changes to install-time MAC code means we're always in enforcing mode without the ability toggle.
Robert Craig
New update mechanism for intent firewall bundles.
Robert Craig
Use the isValidFragment override in our main Activity. This will allow us to move the targetSdkVersion beyond 18 and avoid the subsequent security exception that is thrown on 4.4 (api_19) devices.
Robert Craig
Make SEAdmin a PRIVILEGED_MODULE. Move SEAdmin to /system/priv-app so that system protected permissions are granted on install. This directly affects both the ACCESS_CACHE and WRITE_SECURE_SETTINGS permission requests.
Stephen Smalley
Target API version 18 until we can update the code. API 19 imposes a new requirement that crashes SEAdmin otherwise. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
robert craig
Add code to allow mmac policy updates. New code allows eops.xml and mac_permissions.xml updates via the buildbundle route b/c of new tools under external/sepolicy. New code hooks into the ConfigUpdateInstallReceiver are then used by to deliver the new policy bundles.
Stephen Smalley
Merge branch 'master' into intent_mac Conflicts: src/com/android/seandroid_admin/SEAndroidAdminActivity.java
Branches
intent_mac
Robert Craig
Update policy reload mechanism. Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
Robert Craig
Update SEAdmin to allow config updates. Add new option to allow OTA config bundle updates. Think about using the new buildbundle tool out in external/sepolicy/tools to help with the construction of the zip file. Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
Stephen Smalley
Revert "Add copyright notices." This reverts commit 3a16f83de87d5fece20acba0671c23c18895c694. SEAdmin is public domain.
Branches
intent_mac
Stephen Smalley
Revert "Add copyright notices." This reverts commit 2ace08d7f8f317346e4fad7817863b988ea78736. SEAdmin is public domain.
Stephen Smalley
Merge branch 'master' into intent_mac
Branches
intent_mac
Stephen Smalley
Rename and update strings for SEAdmin. Eliminate "SEAndroid" or "SE Android" from package name and strings. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Stephen Smalley
Merge branch 'dogfood-seandroid' into intent_mac
Branches
intent_mac
Robert Craig
Changes to reflect moving seinfo inside PMS. Moving seinfo inside PMS removes the exposed interface to toggle the SELinuxMMAC enforcing mode, or to query its status.
Stephen Smalley
Merge from rpcraig into intent_mac
Branches
intent_mac
Robert Craig
Modify code to use guava api. Simply update intent code to use guava api for reading into byte arrays. Signed-off-by: Robert Craig <rpcraig@tycho.ncsc.mil>
Branches
intent_mac
Robert Craig
Merge branch 'bitbucket/master' into dogfood-intent_mac
Branches
intent_mac
Robert Craig
Correctly display current selinux/mmac states. Allow the app to determine enforcement states based off the direct JNI or SELlinuxMMAC calls. Signed-off-by: Robert Craig <rpcraig@tycho.ncsc.mil>
Robert Craig
Add copyright notices. Signed-off-by: Robert Craig <rpcraig@tycho.ncsc.mil>
Branches
intent_mac
  1. Prev
  2. Next