external/sepolicy.git -

Age	Commit message (Collapse)	Author
2012-10-17	Add a checkfc utility to check file_contexts validity and invoke it.tools_r21	Stephen Smalley
	Change-Id: I4b12dc3dcb432edbdf95dd3bc97f809912ce86d1 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2012-10-10	Remove HAVE_SELINUX guard	Kenny Root
	Change-Id: I45b4a749bf4fb085d96d912871bae33aa5288119
2012-09-24	Switch app_* and isolated to _app and _isolated in seapp_contexts.	Stephen Smalley
	The app_* syntax was a legacy of the original approach of looking up the username returned by getpwuid() and the original username encoding scheme by bionic. With the recent changes to move away from this approach, there is no reason to retain that syntax. Instead, just use _app to match app UIDs and _isolated to match isolated service UIDs. The underscore prefix is to signify that these are not real usernames and to avoid conflicts with any system usernames. Requires a corresponding change to libselinux. Change-Id: Ic388a12c1c9d3e47386c8849db607140ef8a3d75 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2012-09-20	Define security labeling for isolated processes.	Stephen Smalley
	Used when an app service is declared with android:isolatedProcess="true". Place such processes in a separate domain, and further isolate them from each other via categories. Change-Id: I1d64f8278f0619eedb448f9a741f1d2c31985325 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2012-09-18	Drop the use of a policy version suffix on the sepolicy file.	Stephen Smalley
	The policy version suffix support was carried over from conventional Linux distributions, where we needed to support simultaneous installation of multiple kernels and policies. This isn't required for Android, so get rid of it and thereby simplify the policy pathname. We still default to generating a specific policy version (the highest one supported by the emulator kernel), but this can be overridden by setting POLICYVERS on the make command-line or in the environment. Requires a corresponding change to libselinux. Change-Id: I40c88e13e8063ea37c2b9ab5b3ff8b0aa595402a Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2012-09-17	Merge changes I98fc14e1,If334ba73	Kenny Root
	* changes: Fix for segfault/jmp depends on unitialized variable Fix check_seapp segfault and undefined linking err
2012-09-17	Fix for segfault/jmp depends on unitialized variable	William Roberts
	When realloc creates the first block of memory, it must be initialized to NULL for the following strcat functions to operate correctly. Change-Id: I98fc14e1b19de5aa205354d16e54445293430d8e
2012-09-17	Fix check_seapp segfault and undefined linking err	William Roberts
	When LINK_SEPOL_STATIC was not defined, symbol log_warning was trying to be resolved by the linker. That symbol was not defined as it should have been log_warn and not log_warning. When a key would be validated in key_map_validate(), an unchecked key, like user, could cuase a segfault when the se_key was getting free'd no matter what at the end of the function, even if no se_key was alloc'd. Change-Id: If334ba7350e6d2ad1fa9bed142bb2fabe7caa057
2012-09-17	Merge "Allow domain access to /dev/ion"	Kenny Root

2012-09-13	Allow domain access to /dev/ion	William Roberts
	Change-Id: I87f81a632ed61f284f2fe09726f5c4529d36f252
2012-09-06	Correct spelling mistake	William Roberts
	Change-Id: If4deccfe740c8de6b88929a0d0439667c3ea340d
2012-09-05	Merge upstream sepolicy into AOSP	Jean-Baptiste Queru
	Change-Id: If3ed9998033378de5b47472315444f5b8bd4743e
2012-09-05	Merge checkseapp support.	seandroid

2012-09-05	Corrected gramatical issues	William Roberts
	Change-Id: I62ce62475f4a17d278243cc96db773872b2dc89c
2012-09-05	Added new line to end of file	William Roberts
	Change-Id: I4f0576a47ca2e99bca719bf321349c7d7d05cd3c
2012-09-05	Changed seapp_contexts temporary file naming	William Roberts
	Change-Id: I4f522869eeaa6f84771e4ee2328f65296dcc29db
2012-09-04	Fix mls checking code	William Roberts
	Change-Id: I614caa520e218f8f148eef641fed2301571da8e1
2012-09-04	Support overrides in seapp_contexts	William Roberts
	Provides support for overriding seapp_contexts declerations in per device seapp_contexts files. Change-Id: I23a0ffa1d24f1ce57825b168f29a2e885d3e1c51
2012-08-24	Add tf_daemon labeling support.	rpcraig

2012-08-20	Add ppp/mtp policy.	rpcraig
	Initial policy for Point-to-Point tunneling and tunneling manager services.
2012-08-16	per device seapp_context support	William Roberts

2012-08-15	dhcp policy.	rpcraig

2012-08-13	Merge upstream sepolicy into AOSP	Jean-Baptiste Queru
	Change-Id: Ia292607cbd06514a8ac3b0ad49eaefcdce12ef16
2012-08-13	Trusted Execution Environment policy.	rpcraig

2012-08-10	Define wake_alarm and block_suspect capabilities.	Stephen Smalley

2012-08-10	Additions for grouper/JB	rpcraig

2012-08-09	Allow debugfs access and setsched for mediaserver.	Stephen Smalley

2012-07-31	Merge asec changes.	Stephen Smalley

2012-07-31	Allow system_server to relabel /data/anr.	Stephen Smalley

2012-07-31	Allow debuggerd to restorecon the tombstone directory.	Stephen Smalley

2012-07-30	Untrusted_app gets route information	Haiqing Jiang

2012-07-30	domain writes to cgroup pseudo filesystem	Haiqing Jiang

2012-07-30	Introduce app_read_logs boolean.	Stephen Smalley

2012-07-30	untrusted_app reads logs when android_cts enabled	Haiqing Jiang

2012-07-30	read permission over lnk_file to devices when android_cts enabled	Haiqing Jiang

2012-07-30	New asec container labeling.	rpcraig
	This patchset covers the /mnt/asec variety only.
2012-07-30	Add mac_permissions.xml file.	rpcraig
	This was moved from external/mac-policy.git
2012-07-30	Allow CTS Test apps to access to system_data_file	Haiqing Jiang

2012-07-30	socket permissions to untrusted_app	Haiqing Jiang

2012-07-30	appdomain r/w apk_tmp_file and shell_data_file on android_cts enabled	Haiqing Jiang

2012-07-27	seinfo can be used to select types, and sebool is now supported.	Stephen Smalley

2012-07-27	allocate perms to platformappdomain over system_data_file	Haiqing Jiang

2012-07-27	mediaserver and system require abstract socket connnection	Haiqing Jiang

2012-07-27	installd unlink platform_app_data_file	Haiqing Jiang

2012-07-27	Platform app domain sdcard accesses	Haiqing Jiang

2012-07-27	Only enforce per-app process and file isolation via SELinux for third party ↵	Stephen Smalley
	apps, not platform apps. Platform (any of the apps signed by build keys, i.e. platform\|release\|shared\|media) apps expect to be able to share files with each other or with third party apps by passing open files or pathnames over Binder. Therefore, we switch to only enforcing the per-app process and file isolation via SELinux on third party apps, not platform apps. Make the platform app domains mlstrustedsubjects so that they can access any files created by third party apps. Introduce a new platform_app_data_file type for platform apps so that we can mark it as a mlstrustedobject and allow third party apps to read/write files created by the platform apps. Specify this new type for the platform app entries in seapp_contexts. Remove levelFromUid=true for the platform apps in seapp_contexts since we are no longer enforcing per-app separation among them.
2012-07-24	external/sepolicy: mediaserver open application data files	Haiqing Jiang

2012-07-24	external/sepolicy: system r/w udp_socket of appdomain	hqjiang

2012-07-24	external/sepolicy: install daemon unlink application data files	hqjiang

2012-07-19	Target the denials/policies over qtaguid file and device: 1. Relabel ↵	hqjiang
	/proc/net/xt_qtaguid/ctrl from "qtaguid" to "qtaguid_proc"; 2. Label /dev/xt_qtaguid with "qtaguid_device"; 3. Allow mediaserver read/[write] to qtaguid_proc and qtaguid_device; 4. Allow media apps read/[write] to qtaguid_proc and qtaguid_device; 5. Allow system read/[write] to qtaguid_proc and qtaguid_device. Actually, some of policies related to qtaguid have been there already, but we refind existing ones and add new ones.