summaryrefslogtreecommitdiffstats
path: root/sepolicy/file_contexts
Commit message (Collapse)AuthorAgeFilesLines
* sepolicy: Put theme service in its own contextd34d2016-08-021-1/+1
| | | | | | | Allow the theme manager and its data to be sandboxed in its own context Change-Id: I7898663d1c196bfe04fa4c539d20191a43fde284
* sepolicy: Revert custom sdcardfs policy in favor of AOSPSteve Kondik2016-07-261-7/+0
| | | | | | | | | | | | | | | | | | | * Upstream policy showed up in AOSP this morning. Dropping ours in favor of AOSP. Revert "sepolicy: A few more denials" This reverts commit 522c421f6623be6437e444454cac58f7bbd5bc32. Revert "sepolicy: More policy for sdcardfs" This reverts commit 4a24ffeb6a44b2a044c2c3ce4e5aad8956e7157a. Revert "sepolicy: Add sdcardfs support" This reverts commit ba87877dd0b193a29a7b5293e4889c310dcdfc8a. Change-Id: I4f066b9bd5d8c899137fcaa12999f2547f9e0ec0
* sepolicy: More policy for sdcardfsSteve Kondik2016-07-251-0/+7
| | | | Change-Id: Iddc6f86bd1e4b9942139acf9b7e75279b3865b8a
* sepolicy: put bash in shell contextDan Pasanen2016-06-211-0/+3
| | | | | | | * Necessary for being able to execute commands such as 'su' from a non-root shell Change-Id: Icbaaa6ff7447add65441011944bdc5d13b788c86
* cm: Allow LiveDisplay to write to color_enhanceZhao Wei Liew2016-04-301-0/+1
| | | | | | | | | The proper permissions for the color_enhance sysfs node weren't being set, rendering the color enhancement switch useless. Set the proper permissions for LiveDisplay to toggle color enhancement. Change-Id: Ic8dba8953b73a497cb01a645834c0e7934092b38
* cm: Remove garbage from sepolicySteve Kondik2016-04-301-2/+2
| | | | | | * Not sure how the -- got here but it causes the rules to be invalid. Change-Id: Ib17217d14f844d7aa27bb554346183e32ff5ae13
* sepolicy: label exfat and ntfs mkfs executablescodeworkx2015-12-291-1/+3
| | | | Change-Id: Ic5e32818bc54993f4e8c2377cbec64f9444f6d8a
* sepolicy: Set the context for fsck.exfat/ntfs to fsck_execdhacker292015-12-171-0/+4
| | | | | | | This matches the policy for fsck.f2fs, although it still needs to run as fsck_untrusted for public volumes Change-Id: Ia04e7f8902e53a9926a87f0c99e603611cc39c5d
* sepolicy: Add domain for mkfs binariesKeith Mok2015-12-161-0/+3
| | | | | | | | | The init binary must transition to another domain when calling out to executables. Create the mkfs domain for mkfs.f2fs such that init can transition to it when formatting userdata/cache partitions if the "formattable" flag is set. Change-Id: I1046782386d171a59b1a3c5441ed265dc0824977
* vendor/cm: Fix up service contexts for sepolicy.Adnan Begovic2015-10-161-1/+0
| | | | Change-Id: Ibb04e967bd027c6d1118b8b471ec328c3b034d9d
* sepolicy: Underp the context for persistent storageRicardo Cerqueira2015-10-051-1/+1
| | | | | | | The dir's context need love, too TICKET: CYNGNOS-1185 Change-Id: I659b3ba06079825fe850cf66858a9d98b5f61c46
* cm: sepolicy: Create standard policy for LiveDisplaySteve Kondik2015-09-151-0/+6
| | | | Change-Id: Icb0047f261861c8fae99ffa4e9053de8d3aa8c73
* cm: SELinux policy for persistent properties APISteve Kondik2015-09-091-0/+3
| | | | | | * Set up persistent properties for devices with a /persist partition. Change-Id: I78974dd4e25831338462c91fc25e36e343795510
* sepolicy: Permissions for userinitEmerson Pinter2015-03-171-0/+1
| | | | Change-Id: Icaf9d191841a6214925729e40d84a61a2ebf2296
* sepolicy: Split off /cache/recovery's permissionsRicardo Cerqueira2015-02-111-0/+2
| | | | | | | /cache/recovery is used by 2 domains: recovery and updater apps. Separate its perms from the rest of /cache and grant them to those 2 clients Change-Id: Iacde60744c07423f9876c2f8e3da900543e38ddf
* sepolicy: allow userinit to set its propertyGeorg Veichtlbauer2015-02-091-0/+2
| | | | Change-Id: I9d8270d889566d169077a1b1fdaee43059d11ee1
* sepolicy: new label for io scheduler sysfs nodesDan Pasanen2015-01-131-1/+1
| | | | | | * needed for io scheduler in performance settings Change-Id: I818340ed62e3e1dd2674b93340b31723c7a985f4
* sepolicy: Add policies for the new superuser sockets.Ricardo Cerqueira2015-01-041-2/+1
| | | | Change-Id: Ia3e1044616bee95eb4774254fb098487d983b5db
* cm: Remove KSM permissionsKonsta2015-01-011-1/+0
| | | | | | | CM12 doesn't have a KSM setting in performance settings anymore. KSM should be configured and enabled on device basis. Change-Id: I98a0cbe1b01a659eb28bcd459be55d78a88bda86
* selinux: New rw privileges for themesAndy Mast2014-12-191-0/+3
| | | | | | | | - New theme_data_file context for files under /data/system/theme - Permit systemserver to create files/dirs under /data/resource-cache - Permit systemserver to create files/dirs under /data/system/theme Change-Id: Id597fc20b477ea395a8631623f26a7edde280799
* cm: add sepolicy entry for lockscreen wallpaperRoman Birg2014-12-111-0/+3
| | | | | Change-Id: Ie779392ab8118d192873a01ec5c7de3e5938ed17 Signed-off-by: Roman Birg <roman@cyngn.com>
* cm: sepolicy: Add contexts for cm recoveryTom Marshall2014-11-271-0/+3
| | | | | | | | * Allow setup of secure adb (setup_adbd) * minivold in recovery Change-Id: Id1243154f4016b59e54890404cadea46a2aad212
* selinux: Add a rule to label the extended keyhandler dex filesRicardo Cerqueira2014-11-271-0/+3
| | | | | | | These should be treated as regular dex cache files, but they're expanded outside of the normal cache dir Change-Id: Id046e1b90116b35d2e7817ed4717fcef78135f08
* Add selinux policies for superuserRicardo Cerqueira2014-11-271-0/+5
| | | | Change-Id: I878eaa9d25feaedf46e89083f91d6a21f4aff37a
* vendor: Update SELinux policy for sysinitmyfluxi2014-11-241-0/+2
| | | | Change-Id: I41d4c25d9d6246cd2ca0a8ff3b5a4e114e3bc4d4
* selinux: Add rules for the audit daemonRicardo Cerqueira2014-11-091-0/+4
| | | | Change-Id: I050a9ef39d58d2592d880d225d45eb64d8a40b7b
* cm: policy for ipv6 tetheringSteve Kondik2014-05-111-0/+2
| | | | | | * Enable use of radish via netd for ipv6 tethering Change-Id: Ifa0e85686fc70f59c089ca40a78cea9935820185
* cm: sepolicy: Allow ueventd to properly handle cpufreq changesSteve Kondik2014-04-051-1/+1
| | | | | | | * We need to allow relabeling since these files can pop in and out if the governor is changed. Change-Id: Id75099290e24dac9962d4fed8148ec2df9e256b2
* selinux: Add CM-specific file_contextsRicardo Cerqueira2013-11-061-0/+8
Change-Id: Ie70c59acedbb7be2f5b34a83c1d3d011f440ba05
generated by cgit v1.1 at 2025-01-08 16:31:32 +0000