Commits · kitkat-mr2.2-release · halo / external_sepolicy

20 May, 2013 1 commit

repo sync authored 12 years ago

This prevents denials from being generated by the base policy.
Over time, these rules will be incrementally tightened to improve
security.

Change-Id: I4be1c987a5d69ac784a56d42fc2c9063c402de11

77d4731e

15 May, 2013 1 commit
- Move domains into per-domain permissive mode. · 50e37b93
  repo sync authored 12 years ago
```
Bug: 4070557
Change-Id: I027f76cff6df90e9909711cb81fbd17db95233c1
```
  50e37b93
09 May, 2013 1 commit

SELinux policy for users of libcutils klog_write. · 77ec892b

Alex Klyubin authored 12 years ago

klog_write/init create /dev/__kmsg__ backed by a kernel character
device, keep the file descriptor, and then immediately unlink the
file.

Change-Id: I729d224347a003eaca29299d216a53c99cc3197c

77ec892b

05 Apr, 2013 3 commits

Give domains read access to security_file domain. · 7bb2a55c

William Roberts authored 12 years ago

/data/security is another location that policy
files can reside. In fact, these policy files
take precedence over their rootfs counterparts
under certain circumstances. Give the appropriate
players the rights to read these policy files.

Change-Id: I9951c808ca97c2e35a9adb717ce5cb98cda24c41

7bb2a55c

Allow ueventd to relabel sysfs nodes. · 4e0e74ed

Stephen Smalley authored 12 years ago


Required for If8b8d66120453123c1371ce063b6f20e8b96b6ef .

Change-Id: I98871b957db8b291cbbb827b5eb39b4279ce4194
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

4e0e74ed

Give domains read access to security_file domain. · 6c4c27e6

William Roberts authored 12 years ago

/data/security is another location that policy
files can reside. In fact, these policy files
take precedence over their rootfs counterparts
under certain circumstances. Give the appropriate
players the rights to read these policy files.

Change-Id: I9951c808ca97c2e35a9adb717ce5cb98cda24c41

6c4c27e6

03 Apr, 2013 1 commit

Allow ueventd to relabel sysfs nodes. · cebe6a65

Stephen Smalley authored 12 years ago


Required for If8b8d66120453123c1371ce063b6f20e8b96b6ef .

Change-Id: I98871b957db8b291cbbb827b5eb39b4279ce4194
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

cebe6a65

23 Mar, 2013 1 commit

New dev_types and other minor adjustments. · 41e53901

rpcraig authored 12 years ago


Add new dev_type:
- ump_device : Unified Memory Provider driver.
       The file_contexts entry should be
       described on a per device basis.

Minor adjustments:
- tee needs netlink socket access.
- ueventd needs to grant file operations.

Change-Id: I915304da687d3a2b9aa417e6f91ea915bd697676
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>

41e53901

07 Jun, 2012 1 commit
- Remove all denials caused by rild on tuna devices. · f6f87105
  William Roberts authored 13 years ago
```
Tested on a maguro variant.
```
  f6f87105
07 Mar, 2012 1 commit
- Policy changes to support running the latest CTS. · c83d0087
  Stephen Smalley authored 13 years ago
  
  c83d0087
12 Jan, 2012 1 commit

Allow reading of properties area, which is now created before init has... · 6261d6d8

Stephen Smalley authored 13 years ago

Allow reading of properties area, which is now created before init has switched contexts.  Revisit this later - we should explicitly label the properties file.

6261d6d8

04 Jan, 2012 1 commit
- SE Android policy. · 2dd4e51d
  Stephen Smalley authored 13 years ago
  
  2dd4e51d