1. 29 Oct, 2015 2 commits
    • Nick Kralevich's avatar
      Create a new SELinux type for /data/nativetest · 6dd7d3cd
      Nick Kralevich authored
      am: e9d261ff
      
      * commit 'e9d261ff':
        Create a new SELinux type for /data/nativetest
      6dd7d3cd
    • Nick Kralevich's avatar
      Create a new SELinux type for /data/nativetest · e9d261ff
      Nick Kralevich authored
      1) Don't use the generic "system_data_file" for the files in /data/nativetest.
      Rather, ensure it has it's own special label. This allows us to distinguish
      these files from other files in SELinux policy.
      
      2) Allow the shell user to execute files from /data/nativetest, on
      userdebug or eng builds only.
      
      3) Add a neverallow rule (compile time assertion + CTS test) that nobody
      is allowed to execute these files on user builds, and only the shell user
      is allowed to execute these files on userdebug/eng builds.
      
      Bug: 25340994
      Change-Id: I3e292cdd1908f342699d6c52f8bbbe6065359413
      e9d261ff
  2. 28 Oct, 2015 2 commits
  3. 27 Oct, 2015 4 commits
  4. 23 Oct, 2015 4 commits
  5. 19 Oct, 2015 9 commits
  6. 18 Oct, 2015 1 commit
  7. 17 Oct, 2015 1 commit
    • Jeff Vander Stoep's avatar
      Give services app_api_service attribute · 734e4d7c
      Jeff Vander Stoep authored
      avc:  denied  { find } for service=network_management pid=4503 uid=10070 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:network_management_service:s0 tclass=service_manager
      avc:  denied  { find } for service=netstats pid=4503 uid=10070 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:netstats_service:s0 tclass=service_manager permissive=0
      
      Bug: 25022496
      Change-Id: Ib6eac76b680fed3eca7e4942c6b0e375f12b6496
      734e4d7c
  8. 16 Oct, 2015 6 commits
  9. 15 Oct, 2015 7 commits
  10. 14 Oct, 2015 4 commits