ADHOC
/
replicant-vendor_replicant
3
0
Fork 0
Code Issues 6 Pull Requests Releases Activity
2,889 Commits 2 Branches 0 Tags 430 MiB
Commit Graph

29 Commits

Author SHA1 Message Date
d34d 79eda9ebb8 sepolicy: Put theme service in its own context 
Allow the theme manager and its data to be sandboxed in
its own context

Change-Id: I7898663d1c196bfe04fa4c539d20191a43fde284
 2016-08-02 12:15:34 -07:00
Steve Kondik 6905134e76 sepolicy: Revert custom sdcardfs policy in favor of AOSP 
* Upstream policy showed up in AOSP this morning. Dropping
   ours in favor of AOSP.

Revert "sepolicy: A few more denials"

This reverts commit 522c421f66.

Revert "sepolicy: More policy for sdcardfs"

This reverts commit 4a24ffeb6a.

Revert "sepolicy: Add sdcardfs support"

This reverts commit ba87877dd0.

Change-Id: I4f066b9bd5d8c899137fcaa12999f2547f9e0ec0
 2016-07-26 18:43:41 -07:00
Steve Kondik 4a24ffeb6a sepolicy: More policy for sdcardfs 
Change-Id: Iddc6f86bd1e4b9942139acf9b7e75279b3865b8a
 2016-07-25 22:11:33 -07:00
Dan Pasanen 2b8c4b27fe sepolicy: put bash in shell context 
* Necessary for being able to execute commands such as 'su'
  from a non-root shell

Change-Id: Icbaaa6ff7447add65441011944bdc5d13b788c86
 2016-06-21 12:23:51 -07:00
Zhao Wei Liew de1ad36765 cm: Allow LiveDisplay to write to color_enhance 
The proper permissions for the color_enhance sysfs node weren't
being set, rendering the color enhancement switch useless.

Set the proper permissions for LiveDisplay to toggle color enhancement.

Change-Id: Ic8dba8953b73a497cb01a645834c0e7934092b38
 2016-04-30 17:06:13 -07:00
Steve Kondik 7a92949668 cm: Remove garbage from sepolicy 
* Not sure how the -- got here but it causes the rules to be invalid.

Change-Id: Ib17217d14f844d7aa27bb554346183e32ff5ae13
 2016-04-30 02:32:02 -07:00
codeworkx 053b1805da sepolicy: label exfat and ntfs mkfs executables 
Change-Id: Ic5e32818bc54993f4e8c2377cbec64f9444f6d8a
 2015-12-29 21:51:32 +01:00
dhacker29 076a1ea54a sepolicy: Set the context for fsck.exfat/ntfs to fsck_exec 
This matches the policy for fsck.f2fs, although it still needs to run
as fsck_untrusted for public volumes

Change-Id: Ia04e7f8902e53a9926a87f0c99e603611cc39c5d
 2015-12-17 15:43:00 -08:00
Keith Mok fcfc13ac6f sepolicy: Add domain for mkfs binaries 
The init binary must transition to another domain when calling out to
executables. Create the mkfs domain for mkfs.f2fs such that init can
transition to it when formatting userdata/cache partitions if the
"formattable" flag is set.

Change-Id: I1046782386d171a59b1a3c5441ed265dc0824977
 2015-12-16 10:40:28 -08:00
Adnan Begovic c3d3969971 vendor/cm: Fix up service contexts for sepolicy. 
Change-Id: Ibb04e967bd027c6d1118b8b471ec328c3b034d9d
 2015-10-16 13:20:33 -07:00
Ricardo Cerqueira b026605629 sepolicy: Underp the context for persistent storage 
The dir's context need love, too

TICKET: CYNGNOS-1185
Change-Id: I659b3ba06079825fe850cf66858a9d98b5f61c46
 2015-10-05 13:18:31 -07:00
Steve Kondik b5dbbdf9cb cm: sepolicy: Create standard policy for LiveDisplay 
Change-Id: Icb0047f261861c8fae99ffa4e9053de8d3aa8c73
 2015-09-15 15:31:19 -07:00
Steve Kondik a385501738 cm: SELinux policy for persistent properties API 
* Set up persistent properties for devices with a /persist partition.

Change-Id: I78974dd4e25831338462c91fc25e36e343795510
 2015-09-09 11:53:23 -07:00
Emerson Pinter dc699fb190 sepolicy: Permissions for userinit 
Change-Id: Icaf9d191841a6214925729e40d84a61a2ebf2296
 2015-03-17 12:12:59 +00:00
Ricardo Cerqueira c75446d072 sepolicy: Split off /cache/recovery's permissions 
/cache/recovery is used by 2 domains: recovery and updater apps. Separate
its perms from the rest of /cache and grant them to those 2 clients

Change-Id: Iacde60744c07423f9876c2f8e3da900543e38ddf
 2015-02-11 19:44:43 +00:00
Georg Veichtlbauer 2ccd36c73f sepolicy: allow userinit to set its property 
Change-Id: I9d8270d889566d169077a1b1fdaee43059d11ee1
 2015-02-09 21:03:35 +00:00
Dan Pasanen afbfad59d6 sepolicy: new label for io scheduler sysfs nodes 
* needed for io scheduler in performance settings

Change-Id: I818340ed62e3e1dd2674b93340b31723c7a985f4
 2015-01-13 22:34:16 +00:00
Ricardo Cerqueira a7dfa18fd5 sepolicy: Add policies for the new superuser sockets. 
Change-Id: Ia3e1044616bee95eb4774254fb098487d983b5db
 2015-01-04 01:16:25 +00:00
Konsta 444ce4a6b1 cm: Remove KSM permissions 
CM12 doesn't have a KSM setting in performance settings anymore.
KSM should be configured and enabled on device basis.

Change-Id: I98a0cbe1b01a659eb28bcd459be55d78a88bda86
 2015-01-01 00:40:37 +00:00
Andy Mast f274019100 selinux: New rw privileges for themes 
- New theme_data_file context for files under /data/system/theme
- Permit systemserver to create files/dirs under /data/resource-cache
- Permit systemserver to create files/dirs under /data/system/theme

Change-Id: Id597fc20b477ea395a8631623f26a7edde280799
 2014-12-19 10:35:48 -08:00
Roman Birg 20114d672c cm: add sepolicy entry for lockscreen wallpaper 
Change-Id: Ie779392ab8118d192873a01ec5c7de3e5938ed17
Signed-off-by: Roman Birg <roman@cyngn.com>
 2014-12-11 18:17:04 +00:00
Tom Marshall 39a4244c77 cm: sepolicy: Add contexts for cm recovery 
* Allow setup of secure adb (setup_adbd)

 * minivold in recovery

Change-Id: Id1243154f4016b59e54890404cadea46a2aad212
 2014-11-27 23:05:26 +00:00
Ricardo Cerqueira fa63e50707 selinux: Add a rule to label the extended keyhandler dex files 
These should be treated as regular dex cache files, but they're
expanded outside of the normal cache dir

Change-Id: Id046e1b90116b35d2e7817ed4717fcef78135f08
 2014-11-27 18:26:39 +00:00
Ricardo Cerqueira 09159ac7ce Add selinux policies for superuser 
Change-Id: I878eaa9d25feaedf46e89083f91d6a21f4aff37a
 2014-11-27 01:45:53 +00:00
myfluxi 12daaee8a5 vendor: Update SELinux policy for sysinit 
Change-Id: I41d4c25d9d6246cd2ca0a8ff3b5a4e114e3bc4d4
 2014-11-24 15:37:52 +01:00
Ricardo Cerqueira 15df17f9ac selinux: Add rules for the audit daemon 
Change-Id: I050a9ef39d58d2592d880d225d45eb64d8a40b7b
 2014-11-09 17:20:54 +00:00
Steve Kondik fdf1aff5ad cm: policy for ipv6 tethering 
* Enable use of radish via netd for ipv6 tethering

Change-Id: Ifa0e85686fc70f59c089ca40a78cea9935820185
 2014-05-11 03:49:18 -07:00
Steve Kondik 002b4f0a4f cm: sepolicy: Allow ueventd to properly handle cpufreq changes 
* We need to allow relabeling since these files can pop in and out if
   the governor is changed.

Change-Id: Id75099290e24dac9962d4fed8148ec2df9e256b2
 2014-04-05 14:05:13 -07:00
Ricardo Cerqueira ac8d09538e selinux: Add CM-specific file_contexts 
Change-Id: Ie70c59acedbb7be2f5b34a83c1d3d011f440ba05
 2013-11-06 03:00:16 +00:00