replicant-vendor_replicant

ADHOC

Author	SHA1	Message	Date
Andy Mast	f274019100	selinux: New rw privileges for themes - New theme_data_file context for files under /data/system/theme - Permit systemserver to create files/dirs under /data/resource-cache - Permit systemserver to create files/dirs under /data/system/theme Change-Id: Id597fc20b477ea395a8631623f26a7edde280799	2014-12-19 10:35:48 -08:00
Dan Pasanen	e33cc1d37d	sepolicy: allow recovery read access to /data/media/ files and dirs Change-Id: I41173d72e86f9cf4d79f7c46166eeb71dc19d2f4	2014-12-14 10:44:53 -06:00
Ricardo Cerqueira	ebc1c942e7	selinux: Downgrade CMFM's domain the filemanager doesn't need to be in platform_app. Put it in untrusted_app, especially since it's a possible su client Change-Id: I164853f2c8721d86b5b90677cb33032a3b491ff5	2014-12-13 02:44:52 +00:00
Tom Marshall	d553a9f8b5	cm: sepolicy: Remove vold external sdcard rules, moved to main sepolicy Change-Id: I67756bad2c6e1361ecc0052003f2b4e5e4dbb007	2014-12-13 02:13:52 +00:00
Andy Mast	03555ad053	Sepolicy: Add theme service as system service Change-Id: Idfb690be5d35c03610165b914c0a3f2260e68956	2014-12-12 01:00:34 +00:00
Roman Birg	20114d672c	cm: add sepolicy entry for lockscreen wallpaper Change-Id: Ie779392ab8118d192873a01ec5c7de3e5938ed17 Signed-off-by: Roman Birg <roman@cyngn.com>	2014-12-11 18:17:04 +00:00
Ricardo Cerqueira	4df29e013d	selinux: Workaround for devices with PR_SET_NO_NEW_PRIVS enforcement PR_SET_NO_NEW_PRIVS blocks domain transitions from within app_process, unless the new domain is bounded by the app's context. So we can't switch to a domain that has perms not available to untrusted_app :( This means any app can talk to the daemon, bypassing the su executable client. That's not a good thing, and needs to be resolved. Change-Id: I85b74f90b8737caaa193a0555b5262e7392519b2	2014-12-10 20:38:34 +00:00
Ricardo Cerqueira	7cd698341f	Revert "SELinux: su: update policies" This reverts commit `04fd9192b0`. Change-Id: I69e51fb6c151a48972cf81947c1c59c6f26f60e9	2014-12-10 17:19:14 +00:00
Steve Kondik	06ec5853f3	sepolicy: More rules for recovery Change-Id: Ie50c04eb83cb9c62f679a1c1aa2ac482af159f7e	2014-12-09 22:20:14 +00:00
Pawit Pornkitprasan	04fd9192b0	SELinux: su: update policies - Integrate policies from domain.te (fixes ES File Manager which uses unix socket) - Allow platform_app to use su (fixes CM File Manager) Change-Id: I39dd55e63b44590575bbe6d889c8d77141ba8545	2014-12-08 05:43:14 +00:00
Diogo Ferreira	5c9f9efba6	sepolicy: Fix permissions for service.adb.tcp.port This makes the rule more specific by overriding the upstream sepolicy. Also adds the adbd context which is necessary for "adb tcpip". Change-Id: Ia17eb56fc1682ab248764329e88eebd2a4075c97	2014-12-01 20:36:13 +00:00
Pawit Pornkitprasan	e815923b0d	vendor: add policies for netd Required due to CAF's abc9c0f4fe574ee9847f118e5d2ae8c530bac650 in system/netd Fixes showing how many devices are connected to the tethered hotspot Change-Id: I1d83f7ac0b28efa6973e0baf429de2a398c471e3	2014-11-29 23:33:52 -08:00
Chirayu Desai	9e0dba30b7	SELinux: su: Remove extra quote in a comment * Fixes vendor/cm/sepolicy/su.te:46:WARNING 'unrecognized character' at token ''' Change-Id: I3957ba7ac05062766cbf6c8f3c3975f20c95532e	2014-11-30 03:05:41 +00:00
Ricardo Cerqueira	e4016afa72	Allow SystemServer to set service.adb.tcp.* properties Required for network adb enable/disable to function Change-Id: I3e2aacb6b8e9b107dcd229187a5dd76128e20001	2014-11-29 09:01:56 -08:00
Tom Marshall	39a4244c77	cm: sepolicy: Add contexts for cm recovery * Allow setup of secure adb (setup_adbd) * minivold in recovery Change-Id: Id1243154f4016b59e54890404cadea46a2aad212	2014-11-27 23:05:26 +00:00
Ricardo Cerqueira	d22efb80e1	selinux: Fix healthd's access to /dev nodes Our healthd's support for power-on alarms adds some steps that imply reading files its user doesn't own. Let it. Change-Id: I3d4735aaab8fbec7acc460f812bc21f1dfa516ab	2014-11-27 22:57:21 +00:00
Ricardo Cerqueira	fa63e50707	selinux: Add a rule to label the extended keyhandler dex files These should be treated as regular dex cache files, but they're expanded outside of the normal cache dir Change-Id: Id046e1b90116b35d2e7817ed4717fcef78135f08	2014-11-27 18:26:39 +00:00
Ricardo Cerqueira	09159ac7ce	Add selinux policies for superuser Change-Id: I878eaa9d25feaedf46e89083f91d6a21f4aff37a	2014-11-27 01:45:53 +00:00
myfluxi	12daaee8a5	vendor: Update SELinux policy for sysinit Change-Id: I41d4c25d9d6246cd2ca0a8ff3b5a4e114e3bc4d4	2014-11-24 15:37:52 +01:00
Kyrylo Mikos	319b556868	[1/2] SEPolicy: Add Edgegesture service. Change-Id: Id9fc2d68b954e1cd6792739309a0df40e2dc998c	2014-11-19 10:04:18 +02:00
Ricardo Cerqueira	15df17f9ac	selinux: Add rules for the audit daemon Change-Id: I050a9ef39d58d2592d880d225d45eb64d8a40b7b	2014-11-09 17:20:54 +00:00
Ricardo Cerqueira	49a30e7d17	Updates for CM12	2014-11-06 14:54:32 +00:00
Steve Kondik	3325783298	sepolicy: Allow relabeling after wallpaper change Change-Id: I89220fae961f483dad8b92faaee9ed8fe6c8a7cf	2014-05-18 18:16:12 -07:00
Steve Kondik	fdf1aff5ad	cm: policy for ipv6 tethering * Enable use of radish via netd for ipv6 tethering Change-Id: Ifa0e85686fc70f59c089ca40a78cea9935820185	2014-05-11 03:49:18 -07:00
Steve Kondik	d3827c4f41	cm: sepolicy: Allow ueventd to load WiFi and audio irmware * Every device which uses Prima or WCD will hit this, so just allow it. Change-Id: Ie2303ad7fc3498276d41e567a738cd016f635453	2014-04-05 14:56:09 -07:00
Steve Kondik	002b4f0a4f	cm: sepolicy: Allow ueventd to properly handle cpufreq changes * We need to allow relabeling since these files can pop in and out if the governor is changed. Change-Id: Id75099290e24dac9962d4fed8148ec2df9e256b2	2014-04-05 14:05:13 -07:00
Pawit Pornkitprasan	54c91b849c	sepolicy: allow vold to mount fuse-based sdcard exfat and NTFS-3g requires access to /dev/fuse Change-Id: I35b13ada586c8de3fbe04156c2d10bf5e3c07b3a	2013-12-10 17:10:50 +07:00
Pawit Pornkitprasan	9a19f575a4	sepolicy: allow vold to mount ext4 sdcard When vold mounts an ext4 sdcard, it needs to force the context to sdcard_external. avc: denied { relabelfrom } for pid=190 comm=vold scontext=u:r:vold:s0 tcontext=u:object_r:labeledfs:s0 tclass=filesystem avc: denied { relabelto } for pid=190 comm=vold scontext=u:r:vold:s0 tcontext=u:object_r:sdcard_external:s0 tclass=filesystem avc: denied { relabelfrom } for pid=190 comm=vold scontext=u:r:vold:s0 tcontext=u:object_r:sdcard_external:s0 tclass=filesystem Change-Id: I80f42fbdf738dee10958ce1bdc1893a41234f0d9	2013-11-15 10:02:25 +07:00
Pawit Pornkitprasan	ef907713b7	sepolicy: allow vold to create files on external sdcard This is required for ASEC support. Vold can already create and access directories, but do not yet have the permission for files. Change-Id: I5082bbff692e5dc53c7000e4b3a293e42d33f901	2013-11-14 10:48:08 +07:00
Pawit Pornkitprasan	1b6aa84f9d	sepolicy: allow installd to query ASEC size installd need to query ASEC size on sdcard_external to show on the Settings -> Apps page correctly. Change-Id: I2d9a49b8f0652f05d73d0ff464a3835595e2cc3c	2013-11-13 22:35:17 +07:00
Pawit Pornkitprasan	a30ec115e3	sepolicy: treat fuseblk as sdcard_external Allow fuse-mounted NTFS/exFAT file systems to be written to Change-Id: I1492914dd269a305e27aba58e61064d853adf2bc	2013-11-13 09:37:42 +07:00
Ricardo Cerqueira	98c81ead7a	selinux: Fix asec mounting Change-Id: I92392f3d810dfaf8dfc35f5c9170178a651d28dc	2013-11-12 21:05:31 +00:00
dhacker29	26a925919b	sepolicy: f2fs: Allow fs_use_xattr Change-Id: I458d464598777fa06751dad0aa9cfd4d903a4de1	2013-11-10 15:01:44 -06:00
Ricardo Cerqueira	e58e23e131	selinux: Add missing seapp_contexts file Change-Id: I6bda9e4876b9053ea16fe3c11c21b9c1e7acb17a	2013-11-06 11:39:24 +00:00
Ricardo Cerqueira	ac8d09538e	selinux: Add CM-specific file_contexts Change-Id: Ie70c59acedbb7be2f5b34a83c1d3d011f440ba05	2013-11-06 03:00:16 +00:00
Ricardo Cerqueira	8521d46944	selinux: CM policies are now inserted last Inclusion of the makefile is done by the build system to enforce the wanted order Change-Id: I86d7c6fb08b6bb1f6e0385e951a54827345aaf84	2013-11-05 22:19:33 +00:00
William Roberts	9642d1dd8b	sepolicy: Start CM Common sepolicy Rather than having to maintain out of tree changes, it is often easier to maintain a hiearchy of changes, starting with the vendors common config file. From there, inheriting products can pick up a base and start to add or remove certain bits from it, making use of the BOARD_SEPOLICY_* functions documented in external/sepolicy/README. Change-Id: I28a4aaf6c126535f0a88001582641b234a750015	2013-08-17 22:27:45 +01:00

1 2 3

137 Commits