Commits · kitkat-mr2.1-release · halo / external_sepolicy

20 May, 2013 1 commit

repo sync authored 12 years ago

This prevents denials from being generated by the base policy.
Over time, these rules will be incrementally tightened to improve
security.

Change-Id: I4be1c987a5d69ac784a56d42fc2c9063c402de11

77d4731e

06 May, 2013 1 commit

SELinux policy that separates "init_shell" from "shell". · 8199123c

Alex Klyubin authored 12 years ago

"init_shell" is used for shell processes spawned by init.

Change-Id: I9e35d485bac91f3d0e4f3704acdbb9af7d617173

8199123c

05 Apr, 2013 1 commit

Allow all domains to read the log devices. · 81fe5f7c

Stephen Smalley authored 12 years ago


Read access to /dev/log/* is no longer restricted.
Filtering on reads is performed per-uid by the kernel logger driver.

Change-Id: Ia986cbe66b84f3898e858c60f12c7f3d63ac47cf
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

81fe5f7c

04 Apr, 2013 1 commit

Allow all domains to read the log devices. · 2b732237

Stephen Smalley authored 12 years ago


Read access to /dev/log/* is no longer restricted.
Filtering on reads is performed per-uid by the kernel logger driver.

Change-Id: Ia986cbe66b84f3898e858c60f12c7f3d63ac47cf
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

2b732237

27 Mar, 2013 1 commit

Revert "Revert "Various minor policy fixes based on CTS."" · e69552ba

Geremy Condra authored 12 years ago

This reverts commit ba84bf1d

Hidden dependency resolved.

Change-Id: I9f0844f643abfda8405db2c722a36c847882c392

e69552ba

22 Mar, 2013 3 commits

Revert "Various minor policy fixes based on CTS." · ba84bf1d
Geremy Condra authored 12 years ago
```
This reverts commit 8a814a76

Change-Id: Id1497cc42d07ee7ff2ca44ae4042fc9f2efc9aad
```
ba84bf1d

Various minor policy fixes based on CTS. · 8a814a76

Stephen Smalley authored 12 years ago


Change-Id: I5a3584b6cc5eda2b7d82e85452f9fe457877f1d1
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

8a814a76

Split internal and external sdcards · c195ec31

William Roberts authored 12 years ago

Two new types are introduced:
sdcard_internal
sdcard_external

The existing type of sdcard, is dropped and a new attribute
sdcard_type is introduced.

The boolean app_sdcard_rw has also been changed to allow for
controlling untrusted_app domain to use the internal and external
sdcards.

Change-Id: Ic7252a8e1703a43cb496413809d01cc6cacba8f5

c195ec31

19 Mar, 2013 1 commit

Drop shell from having access to dmesg · 767abc07

William Roberts authored 12 years ago

In normal, user builds, shell doesn't have the required
DAC permissions to acess the kernel log.

Change-Id: I001e6d65f508e07671bdb71ca2c0e1d53bc5b970

767abc07

27 Nov, 2012 2 commits

Add policy for run-as program. · e8848726

Stephen Smalley authored 12 years ago


Add policy for run-as program and label it in file_contexts.
Drop MLS constraints on local socket checks other than create/relabel
as this interferes with connections with services, in particular for
adb forward.

Change-Id: Ib0c4abeb7cbef559e150a620c45a7c31e0531114
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

e8848726

Allow shell to connect to property service · c34a2527
William Roberts authored 12 years ago
```
Change-Id: I06ea2b400cc826c684b6ad25e12b021c2667b48a
```
c34a2527

04 Apr, 2012 1 commit

Add policy for property service. · 124720a6

Stephen Smalley authored 13 years ago

New property_contexts file for property selabel backend.
New property.te file with property type declarations.
New property_service security class and set permission.
Allow rules for setting properties.

124720a6

08 Mar, 2012 1 commit
- Allow the shell to create files on the sdcard. · b660916b
  Stephen Smalley authored 13 years ago
  
  b660916b
07 Mar, 2012 2 commits
- Drop redundant rules. · d5a70a7f
  Stephen Smalley authored 13 years ago
  
  d5a70a7f
- Policy changes to support running the latest CTS. · c83d0087
  Stephen Smalley authored 13 years ago
  
  c83d0087
12 Jan, 2012 1 commit

Allow reading of properties area, which is now created before init has... · 6261d6d8

Stephen Smalley authored 13 years ago

Allow reading of properties area, which is now created before init has switched contexts.  Revisit this later - we should explicitly label the properties file.

6261d6d8

04 Jan, 2012 1 commit
- SE Android policy. · 2dd4e51d
  Stephen Smalley authored 13 years ago
  
  2dd4e51d