Commits · 4974855824ed16aa5a68868406b6451e756e58f9 · halo / external_sepolicy

12 Jul, 2013 1 commit

debuggerd.te: Fix relabelto policy denial · 08f01a33

Nick Kralevich authored 11 years ago

In 0c9708b2, we removed relabelto
from unconfined.te. This broke debuggerd. Fixed.

type=1400 audit(1373668537.550:5): avc: denied { relabelto } for pid=44 comm="debuggerd" name="tombstones" dev="mtdblock1" ino=71 scontext=u:r:debuggerd:s0 tcontext=u:object_r:tombstone_data_file:s0 tclass=dir

Change-Id: Ic025cbc030d6e776d9d87b1df3240fdc5f0b53d5

08f01a33

20 May, 2013 1 commit

Make all domains unconfined. · 77d4731e

repo sync authored 12 years ago

This prevents denials from being generated by the base policy.
Over time, these rules will be incrementally tightened to improve
security.

Change-Id: I4be1c987a5d69ac784a56d42fc2c9063c402de11

77d4731e

15 May, 2013 1 commit
- Move domains into per-domain permissive mode. · 50e37b93
  repo sync authored 12 years ago
```
Bug: 4070557
Change-Id: I027f76cff6df90e9909711cb81fbd17db95233c1
```
  50e37b93
05 Apr, 2013 3 commits

Give domains read access to security_file domain. · 7bb2a55c

William Roberts authored 12 years ago

/data/security is another location that policy
files can reside. In fact, these policy files
take precedence over their rootfs counterparts
under certain circumstances. Give the appropriate
players the rights to read these policy files.

Change-Id: I9951c808ca97c2e35a9adb717ce5cb98cda24c41

7bb2a55c

Allow all domains to read the log devices. · 81fe5f7c

Stephen Smalley authored 12 years ago


Read access to /dev/log/* is no longer restricted.
Filtering on reads is performed per-uid by the kernel logger driver.

Change-Id: Ia986cbe66b84f3898e858c60f12c7f3d63ac47cf
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

81fe5f7c

Give domains read access to security_file domain. · 6c4c27e6

William Roberts authored 12 years ago

/data/security is another location that policy
files can reside. In fact, these policy files
take precedence over their rootfs counterparts
under certain circumstances. Give the appropriate
players the rights to read these policy files.

Change-Id: I9951c808ca97c2e35a9adb717ce5cb98cda24c41

6c4c27e6

04 Apr, 2013 1 commit

Allow all domains to read the log devices. · 2b732237

Stephen Smalley authored 12 years ago


Read access to /dev/log/* is no longer restricted.
Filtering on reads is performed per-uid by the kernel logger driver.

Change-Id: Ia986cbe66b84f3898e858c60f12c7f3d63ac47cf
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

2b732237

10 Aug, 2012 1 commit
- Additions for grouper/JB · abd977a7
  rpcraig authored 12 years ago
  
  abd977a7
31 Jul, 2012 1 commit
- Allow debuggerd to restorecon the tombstone directory. · 5f9917c1
  Stephen Smalley authored 12 years ago
  
  5f9917c1
07 Mar, 2012 1 commit
- Policy changes to support running the latest CTS. · c83d0087
  Stephen Smalley authored 13 years ago
  
  c83d0087
04 Jan, 2012 1 commit
- SE Android policy. · 2dd4e51d
  Stephen Smalley authored 13 years ago
  
  2dd4e51d