summaryrefslogtreecommitdiffstats
path: root/sepolicy
Commit message (Collapse)AuthorAgeFilesLines
...
* selinux: New rw privileges for themesAndy Mast2014-12-193-0/+12
| | | | | | | | - New theme_data_file context for files under /data/system/theme - Permit systemserver to create files/dirs under /data/resource-cache - Permit systemserver to create files/dirs under /data/system/theme Change-Id: Id597fc20b477ea395a8631623f26a7edde280799
* sepolicy: allow recovery read access to /data/media/ files and dirsDan Pasanen2014-12-141-0/+4
| | | | Change-Id: I41173d72e86f9cf4d79f7c46166eeb71dc19d2f4
* selinux: Downgrade CMFM's domainRicardo Cerqueira2014-12-131-0/+1
| | | | | | | the filemanager doesn't need to be in platform_app. Put it in untrusted_app, especially since it's a possible su client Change-Id: I164853f2c8721d86b5b90677cb33032a3b491ff5
* cm: sepolicy: Remove vold external sdcard rules, moved to main sepolicyTom Marshall2014-12-131-4/+0
| | | | Change-Id: I67756bad2c6e1361ecc0052003f2b4e5e4dbb007
* Sepolicy: Add theme service as system serviceAndy Mast2014-12-121-0/+1
| | | | Change-Id: Idfb690be5d35c03610165b914c0a3f2260e68956
* cm: add sepolicy entry for lockscreen wallpaperRoman Birg2014-12-111-0/+3
| | | | | Change-Id: Ie779392ab8118d192873a01ec5c7de3e5938ed17 Signed-off-by: Roman Birg <roman@cyngn.com>
* selinux: Workaround for devices with PR_SET_NO_NEW_PRIVS enforcementRicardo Cerqueira2014-12-101-7/+10
| | | | | | | | | | | PR_SET_NO_NEW_PRIVS blocks domain transitions from within app_process, unless the new domain is bounded by the app's context. So we can't switch to a domain that has perms not available to untrusted_app :( This means any app can talk to the daemon, bypassing the su executable client. That's not a good thing, and needs to be resolved. Change-Id: I85b74f90b8737caaa193a0555b5262e7392519b2
* Revert "SELinux: su: update policies"Ricardo Cerqueira2014-12-101-14/+1
| | | | | | This reverts commit 04fd9192b05ae2655560a444711fe8859430f439. Change-Id: I69e51fb6c151a48972cf81947c1c59c6f26f60e9
* sepolicy: More rules for recoverySteve Kondik2014-12-093-0/+18
| | | | Change-Id: Ie50c04eb83cb9c62f679a1c1aa2ac482af159f7e
* SELinux: su: update policiesPawit Pornkitprasan2014-12-081-1/+14
| | | | | | | - Integrate policies from domain.te (fixes ES File Manager which uses unix socket) - Allow platform_app to use su (fixes CM File Manager) Change-Id: I39dd55e63b44590575bbe6d889c8d77141ba8545
* sepolicy: Fix permissions for service.adb.tcp.portDiogo Ferreira2014-12-013-1/+3
| | | | | | | This makes the rule more specific by overriding the upstream sepolicy. Also adds the adbd context which is necessary for "adb tcpip". Change-Id: Ia17eb56fc1682ab248764329e88eebd2a4075c97
* vendor: add policies for netdPawit Pornkitprasan2014-11-294-0/+9
| | | | | | | | | Required due to CAF's abc9c0f4fe574ee9847f118e5d2ae8c530bac650 in system/netd Fixes showing how many devices are connected to the tethered hotspot Change-Id: I1d83f7ac0b28efa6973e0baf429de2a398c471e3
* SELinux: su: Remove extra quote in a commentChirayu Desai2014-11-301-1/+1
| | | | | | | * Fixes vendor/cm/sepolicy/su.te:46:WARNING 'unrecognized character' at token ''' Change-Id: I3957ba7ac05062766cbf6c8f3c3975f20c95532e
* Allow SystemServer to set service.adb.tcp.* propertiesRicardo Cerqueira2014-11-295-0/+9
| | | | | | Required for network adb enable/disable to function Change-Id: I3e2aacb6b8e9b107dcd229187a5dd76128e20001
* cm: sepolicy: Add contexts for cm recoveryTom Marshall2014-11-274-0/+14
| | | | | | | | * Allow setup of secure adb (setup_adbd) * minivold in recovery Change-Id: Id1243154f4016b59e54890404cadea46a2aad212
* selinux: Fix healthd's access to /dev nodesRicardo Cerqueira2014-11-272-0/+2
| | | | | | | Our healthd's support for power-on alarms adds some steps that imply reading files its user doesn't own. Let it. Change-Id: I3d4735aaab8fbec7acc460f812bc21f1dfa516ab
* selinux: Add a rule to label the extended keyhandler dex filesRicardo Cerqueira2014-11-272-0/+4
| | | | | | | These should be treated as regular dex cache files, but they're expanded outside of the normal cache dir Change-Id: Id046e1b90116b35d2e7817ed4717fcef78135f08
* Add selinux policies for superuserRicardo Cerqueira2014-11-273-0/+67
| | | | Change-Id: I878eaa9d25feaedf46e89083f91d6a21f4aff37a
* vendor: Update SELinux policy for sysinitmyfluxi2014-11-243-0/+14
| | | | Change-Id: I41d4c25d9d6246cd2ca0a8ff3b5a4e114e3bc4d4
* [1/2] SEPolicy: Add Edgegesture service.Kyrylo Mikos2014-11-192-0/+2
| | | | Change-Id: Id9fc2d68b954e1cd6792739309a0df40e2dc998c
* selinux: Add rules for the audit daemonRicardo Cerqueira2014-11-094-0/+10
| | | | Change-Id: I050a9ef39d58d2592d880d225d45eb64d8a40b7b
* Updates for CM12Ricardo Cerqueira2014-11-064-7/+2
|
* sepolicy: Allow relabeling after wallpaper changeSteve Kondik2014-05-182-0/+2
| | | | Change-Id: I89220fae961f483dad8b92faaee9ed8fe6c8a7cf
* cm: policy for ipv6 tetheringSteve Kondik2014-05-113-0/+7
| | | | | | * Enable use of radish via netd for ipv6 tethering Change-Id: Ifa0e85686fc70f59c089ca40a78cea9935820185
* cm: sepolicy: Allow ueventd to load WiFi and audio irmwareSteve Kondik2014-04-051-0/+8
| | | | | | * Every device which uses Prima or WCD will hit this, so just allow it. Change-Id: Ie2303ad7fc3498276d41e567a738cd016f635453
* cm: sepolicy: Allow ueventd to properly handle cpufreq changesSteve Kondik2014-04-053-2/+8
| | | | | | | * We need to allow relabeling since these files can pop in and out if the governor is changed. Change-Id: Id75099290e24dac9962d4fed8148ec2df9e256b2
* sepolicy: allow vold to mount fuse-based sdcardPawit Pornkitprasan2013-12-101-0/+6
| | | | | | exfat and NTFS-3g requires access to /dev/fuse Change-Id: I35b13ada586c8de3fbe04156c2d10bf5e3c07b3a
* sepolicy: allow vold to mount ext4 sdcardPawit Pornkitprasan2013-11-151-0/+5
| | | | | | | | | | | When vold mounts an ext4 sdcard, it needs to force the context to sdcard_external. avc: denied { relabelfrom } for pid=190 comm=vold scontext=u:r:vold:s0 tcontext=u:object_r:labeledfs:s0 tclass=filesystem avc: denied { relabelto } for pid=190 comm=vold scontext=u:r:vold:s0 tcontext=u:object_r:sdcard_external:s0 tclass=filesystem avc: denied { relabelfrom } for pid=190 comm=vold scontext=u:r:vold:s0 tcontext=u:object_r:sdcard_external:s0 tclass=filesystem Change-Id: I80f42fbdf738dee10958ce1bdc1893a41234f0d9
* sepolicy: allow vold to create files on external sdcardPawit Pornkitprasan2013-11-142-0/+3
| | | | | | | This is required for ASEC support. Vold can already create and access directories, but do not yet have the permission for files. Change-Id: I5082bbff692e5dc53c7000e4b3a293e42d33f901
* sepolicy: allow installd to query ASEC sizePawit Pornkitprasan2013-11-132-0/+4
| | | | | | | installd need to query ASEC size on sdcard_external to show on the Settings -> Apps page correctly. Change-Id: I2d9a49b8f0652f05d73d0ff464a3835595e2cc3c
* sepolicy: treat fuseblk as sdcard_externalPawit Pornkitprasan2013-11-132-0/+2
| | | | | | Allow fuse-mounted NTFS/exFAT file systems to be written to Change-Id: I1492914dd269a305e27aba58e61064d853adf2bc
* selinux: Fix asec mountingRicardo Cerqueira2013-11-122-0/+3
| | | | Change-Id: I92392f3d810dfaf8dfc35f5c9170178a651d28dc
* sepolicy: f2fs: Allow fs_use_xattrdhacker292013-11-102-0/+4
| | | | Change-Id: I458d464598777fa06751dad0aa9cfd4d903a4de1
* selinux: Add missing seapp_contexts fileRicardo Cerqueira2013-11-061-0/+1
| | | | Change-Id: I6bda9e4876b9053ea16fe3c11c21b9c1e7acb17a
* selinux: Add CM-specific file_contextsRicardo Cerqueira2013-11-062-0/+9
| | | | Change-Id: Ie70c59acedbb7be2f5b34a83c1d3d011f440ba05
* selinux: CM policies are now inserted lastRicardo Cerqueira2013-11-051-2/+3
| | | | | | | Inclusion of the makefile is done by the build system to enforce the wanted order Change-Id: I86d7c6fb08b6bb1f6e0385e951a54827345aaf84
* sepolicy: Start CM Common sepolicyWilliam Roberts2013-08-172-0/+27
Rather than having to maintain out of tree changes, it is often easier to maintain a hiearchy of changes, starting with the vendors common config file. From there, inheriting products can pick up a base and start to add or remove certain bits from it, making use of the BOARD_SEPOLICY_* functions documented in external/sepolicy/README. Change-Id: I28a4aaf6c126535f0a88001582641b234a750015
generated by cgit v1.1 at 2025-01-09 19:30:09 +0000