vendor_replicant.git - vendor/replicant

	Commit message (Collapse)	Author	Age	Files	Lines
...
\| *	sepolicy: Split off /cache/recovery's permissions	Ricardo Cerqueira	2015-02-11	4	-0/+13
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	/cache/recovery is used by 2 domains: recovery and updater apps. Separate its perms from the rest of /cache and grant them to those 2 clients Change-Id: Iacde60744c07423f9876c2f8e3da900543e38ddf
\| *	sepolicy: allow userinit to set its property	Georg Veichtlbauer	2015-02-09	5	-0/+8
\| \| \| \| \| \| \| \|	Change-Id: I9d8270d889566d169077a1b1fdaee43059d11ee1
\| *	sepolicy: actually include mediaserver.te	Adam Farden	2015-02-04	1	-0/+1
\| \| \| \| \| \| \| \| \| \| \| \|	Added in patch e9c2de0679f16a8ba7291aaf2cd4286bef8b2886 but not included Change-Id: I2ae901a7c80fceb33dba2ed4122d2aa47bff5a51
\| *	cm: add torch service sepolicy entry	Roman Birg	2015-02-02	1	-0/+1
\| \| \| \| \| \| \| \| \| \|	Change-Id: I6e6feae5fe6b4092c137ee2337c4a15b390df45e Signed-off-by: Roman Birg <roman@cyngn.com>
\| *	sepolicy: Let drmserver scan themes	Steve Kondik	2015-01-25	2	-0/+2
\| \| \| \| \| \| \| \|	Change-Id: I7675b302723ef8700067ae9ef237daf6346a6627
\| *	sepolicy: Fix policy for keyhandler	Steve Kondik	2015-01-25	1	-1/+1
\| \| \| \| \| \| \| \|	Change-Id: I2860f469480b082511e30530aed8a9027e9fe4b9
\| *	sepolicy: Allow cmupdater/uncrypt access to media_rw_data_file	dhacker29	2015-01-24	2	-0/+2
\| \| \| \| \| \| \| \|	Change-Id: I800584af2919e3397b19d229fc28ad50cc4b2730
\| *	cm: sepolicy: Allow use of dexclassloader by systemserver	Steve Kondik	2015-01-22	1	-0/+3
\| \| \| \| \| \| \| \| \| \| \| \|	* Needed for custom keyhandler. Change-Id: Ifa57ad81951f9e1009eb291726cd8dfe36a3482e
\| *	sepolicy: Additional filesystem perms for recovery	Matt Mower	2015-01-16	2	-2/+11
\| \| \| \| \| \| \| \|	Change-Id: I66c785de7256ea64302a258af7c33cb717530343
\| *	sepolicy: Apps need to read themed resources	Clark Scheff	2015-01-14	5	-1/+16
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	Assets such as composed icons and ringtones need to be accessed by apps. This patch adds the policy needed to facilitate this. Change-Id: If47920b2cc5dbafe8d71a621782bb4a3351bd68c
\| *	sepolicy: new label for io scheduler sysfs nodes	Dan Pasanen	2015-01-13	3	-1/+5
\| \| \| \| \| \| \| \| \| \| \| \|	* needed for io scheduler in performance settings Change-Id: I818340ed62e3e1dd2674b93340b31723c7a985f4
\| *	sepolicy: Add policies for the new superuser sockets.	Ricardo Cerqueira	2015-01-04	2	-2/+3
\| \| \| \| \| \| \| \|	Change-Id: Ia3e1044616bee95eb4774254fb098487d983b5db
\| *	cm: sepolicy: fix performance settings	Pawit Pornkitprasan	2015-01-03	2	-0/+3
\| \| \| \| \| \| \| \|	Change-Id: Idea17856b4aef9258688a3ad58d0e5cac6d805a6
\| *	selinux: Allow recovery to do recursive deletes	Ricardo Cerqueira	2015-01-03	2	-1/+8
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	Our partial wipes (preserving media) require that recovery can rmdir dirs and getattr files Change-Id: I206f74131f9a37c5887ef30062adeabb58beaa3a
\| *	cm: Remove KSM permissions	Konsta	2015-01-01	1	-1/+0
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	CM12 doesn't have a KSM setting in performance settings anymore. KSM should be configured and enabled on device basis. Change-Id: I98a0cbe1b01a659eb28bcd459be55d78a88bda86
\| *	sepolicy: remove stray + in type statement	Matt Mower	2014-12-22	1	-1/+1
\| \| \| \| \| \| \| \|	Change-Id: Ic34c9ae32658541064a63153612145c6fd3d55b3
\| *	selinux: New rw privileges for themes	Andy Mast	2014-12-19	3	-0/+12
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	- New theme_data_file context for files under /data/system/theme - Permit systemserver to create files/dirs under /data/resource-cache - Permit systemserver to create files/dirs under /data/system/theme Change-Id: Id597fc20b477ea395a8631623f26a7edde280799
\| *	sepolicy: allow recovery read access to /data/media/ files and dirs	Dan Pasanen	2014-12-14	1	-0/+4
\| \| \| \| \| \| \| \|	Change-Id: I41173d72e86f9cf4d79f7c46166eeb71dc19d2f4
\| *	selinux: Downgrade CMFM's domain	Ricardo Cerqueira	2014-12-13	1	-0/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	the filemanager doesn't need to be in platform_app. Put it in untrusted_app, especially since it's a possible su client Change-Id: I164853f2c8721d86b5b90677cb33032a3b491ff5
\| *	cm: sepolicy: Remove vold external sdcard rules, moved to main sepolicy	Tom Marshall	2014-12-13	1	-4/+0
\| \| \| \| \| \| \| \|	Change-Id: I67756bad2c6e1361ecc0052003f2b4e5e4dbb007
\| *	Sepolicy: Add theme service as system service	Andy Mast	2014-12-12	1	-0/+1
\| \| \| \| \| \| \| \|	Change-Id: Idfb690be5d35c03610165b914c0a3f2260e68956
\| *	cm: add sepolicy entry for lockscreen wallpaper	Roman Birg	2014-12-11	1	-0/+3
\| \| \| \| \| \| \| \| \| \|	Change-Id: Ie779392ab8118d192873a01ec5c7de3e5938ed17 Signed-off-by: Roman Birg <roman@cyngn.com>
\| *	selinux: Workaround for devices with PR_SET_NO_NEW_PRIVS enforcement	Ricardo Cerqueira	2014-12-10	1	-7/+10
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	PR_SET_NO_NEW_PRIVS blocks domain transitions from within app_process, unless the new domain is bounded by the app's context. So we can't switch to a domain that has perms not available to untrusted_app :( This means any app can talk to the daemon, bypassing the su executable client. That's not a good thing, and needs to be resolved. Change-Id: I85b74f90b8737caaa193a0555b5262e7392519b2
\| *	Revert "SELinux: su: update policies"	Ricardo Cerqueira	2014-12-10	1	-14/+1
\| \| \| \| \| \| \| \| \| \| \| \|	This reverts commit 04fd9192b05ae2655560a444711fe8859430f439. Change-Id: I69e51fb6c151a48972cf81947c1c59c6f26f60e9
\| *	sepolicy: More rules for recovery	Steve Kondik	2014-12-09	3	-0/+18
\| \| \| \| \| \| \| \|	Change-Id: Ie50c04eb83cb9c62f679a1c1aa2ac482af159f7e
\| *	SELinux: su: update policies	Pawit Pornkitprasan	2014-12-08	1	-1/+14
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	- Integrate policies from domain.te (fixes ES File Manager which uses unix socket) - Allow platform_app to use su (fixes CM File Manager) Change-Id: I39dd55e63b44590575bbe6d889c8d77141ba8545
\| *	sepolicy: Fix permissions for service.adb.tcp.port	Diogo Ferreira	2014-12-01	3	-1/+3
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	This makes the rule more specific by overriding the upstream sepolicy. Also adds the adbd context which is necessary for "adb tcpip". Change-Id: Ia17eb56fc1682ab248764329e88eebd2a4075c97
\| *	vendor: add policies for netd	Pawit Pornkitprasan	2014-11-29	4	-0/+9
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Required due to CAF's abc9c0f4fe574ee9847f118e5d2ae8c530bac650 in system/netd Fixes showing how many devices are connected to the tethered hotspot Change-Id: I1d83f7ac0b28efa6973e0baf429de2a398c471e3
\| *	SELinux: su: Remove extra quote in a comment	Chirayu Desai	2014-11-30	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	* Fixes vendor/cm/sepolicy/su.te:46:WARNING 'unrecognized character' at token ''' Change-Id: I3957ba7ac05062766cbf6c8f3c3975f20c95532e
\| *	Allow SystemServer to set service.adb.tcp.* properties	Ricardo Cerqueira	2014-11-29	5	-0/+9
\| \| \| \| \| \| \| \| \| \| \| \|	Required for network adb enable/disable to function Change-Id: I3e2aacb6b8e9b107dcd229187a5dd76128e20001
\| *	cm: sepolicy: Add contexts for cm recovery	Tom Marshall	2014-11-27	4	-0/+14
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	* Allow setup of secure adb (setup_adbd) * minivold in recovery Change-Id: Id1243154f4016b59e54890404cadea46a2aad212
\| *	selinux: Fix healthd's access to /dev nodes	Ricardo Cerqueira	2014-11-27	2	-0/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	Our healthd's support for power-on alarms adds some steps that imply reading files its user doesn't own. Let it. Change-Id: I3d4735aaab8fbec7acc460f812bc21f1dfa516ab
\| *	selinux: Add a rule to label the extended keyhandler dex files	Ricardo Cerqueira	2014-11-27	2	-0/+4
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	These should be treated as regular dex cache files, but they're expanded outside of the normal cache dir Change-Id: Id046e1b90116b35d2e7817ed4717fcef78135f08
\| *	Add selinux policies for superuser	Ricardo Cerqueira	2014-11-27	3	-0/+67
\| \| \| \| \| \| \| \|	Change-Id: I878eaa9d25feaedf46e89083f91d6a21f4aff37a
\| *	vendor: Update SELinux policy for sysinit	myfluxi	2014-11-24	3	-0/+14
\| \| \| \| \| \| \| \|	Change-Id: I41d4c25d9d6246cd2ca0a8ff3b5a4e114e3bc4d4
\| *	[1/2] SEPolicy: Add Edgegesture service.	Kyrylo Mikos	2014-11-19	2	-0/+2
\| \| \| \| \| \| \| \|	Change-Id: Id9fc2d68b954e1cd6792739309a0df40e2dc998c
\| *	selinux: Add rules for the audit daemon	Ricardo Cerqueira	2014-11-09	4	-0/+10
\| \| \| \| \| \| \| \|	Change-Id: I050a9ef39d58d2592d880d225d45eb64d8a40b7b
\| *	Updates for CM12	Ricardo Cerqueira	2014-11-06	4	-7/+2
\| \|
\| *	sepolicy: Allow relabeling after wallpaper change	Steve Kondik	2014-05-18	2	-0/+2
\| \| \| \| \| \| \| \|	Change-Id: I89220fae961f483dad8b92faaee9ed8fe6c8a7cf
\| *	cm: policy for ipv6 tethering	Steve Kondik	2014-05-11	3	-0/+7
\| \| \| \| \| \| \| \| \| \| \| \|	* Enable use of radish via netd for ipv6 tethering Change-Id: Ifa0e85686fc70f59c089ca40a78cea9935820185
\| *	cm: sepolicy: Allow ueventd to load WiFi and audio irmware	Steve Kondik	2014-04-05	1	-0/+8
\| \| \| \| \| \| \| \| \| \| \| \|	* Every device which uses Prima or WCD will hit this, so just allow it. Change-Id: Ie2303ad7fc3498276d41e567a738cd016f635453
\| *	cm: sepolicy: Allow ueventd to properly handle cpufreq changes	Steve Kondik	2014-04-05	3	-2/+8
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	* We need to allow relabeling since these files can pop in and out if the governor is changed. Change-Id: Id75099290e24dac9962d4fed8148ec2df9e256b2
\| *	sepolicy: allow vold to mount fuse-based sdcard	Pawit Pornkitprasan	2013-12-10	1	-0/+6
\| \| \| \| \| \| \| \| \| \| \| \|	exfat and NTFS-3g requires access to /dev/fuse Change-Id: I35b13ada586c8de3fbe04156c2d10bf5e3c07b3a
\| *	sepolicy: allow vold to mount ext4 sdcard	Pawit Pornkitprasan	2013-11-15	1	-0/+5
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	When vold mounts an ext4 sdcard, it needs to force the context to sdcard_external. avc: denied { relabelfrom } for pid=190 comm=vold scontext=u:r:vold:s0 tcontext=u:object_r:labeledfs:s0 tclass=filesystem avc: denied { relabelto } for pid=190 comm=vold scontext=u:r:vold:s0 tcontext=u:object_r:sdcard_external:s0 tclass=filesystem avc: denied { relabelfrom } for pid=190 comm=vold scontext=u:r:vold:s0 tcontext=u:object_r:sdcard_external:s0 tclass=filesystem Change-Id: I80f42fbdf738dee10958ce1bdc1893a41234f0d9
\| *	sepolicy: allow vold to create files on external sdcard	Pawit Pornkitprasan	2013-11-14	2	-0/+3
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	This is required for ASEC support. Vold can already create and access directories, but do not yet have the permission for files. Change-Id: I5082bbff692e5dc53c7000e4b3a293e42d33f901
\| *	sepolicy: allow installd to query ASEC size	Pawit Pornkitprasan	2013-11-13	2	-0/+4
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	installd need to query ASEC size on sdcard_external to show on the Settings -> Apps page correctly. Change-Id: I2d9a49b8f0652f05d73d0ff464a3835595e2cc3c
\| *	sepolicy: treat fuseblk as sdcard_external	Pawit Pornkitprasan	2013-11-13	2	-0/+2
\| \| \| \| \| \| \| \| \| \| \| \|	Allow fuse-mounted NTFS/exFAT file systems to be written to Change-Id: I1492914dd269a305e27aba58e61064d853adf2bc
\| *	selinux: Fix asec mounting	Ricardo Cerqueira	2013-11-12	2	-0/+3
\| \| \| \| \| \| \| \|	Change-Id: I92392f3d810dfaf8dfc35f5c9170178a651d28dc
\| *	sepolicy: f2fs: Allow fs_use_xattr	dhacker29	2013-11-10	2	-0/+4
\| \| \| \| \| \| \| \|	Change-Id: I458d464598777fa06751dad0aa9cfd4d903a4de1
\| *	selinux: Add missing seapp_contexts file	Ricardo Cerqueira	2013-11-06	1	-0/+1
\| \| \| \| \| \| \| \|	Change-Id: I6bda9e4876b9053ea16fe3c11c21b9c1e7acb17a