| de08be8aa006c313e5025ba5f032abf786a39f71 |
|
27-Aug-2014 |
Robin Lee <rgl@google.com> |
Allow system reset_uid, sync_uid, password_uid
Permits the system server to change keystore passwords for users other
than primary.
Bug: 16233206
Change-Id: I7941707ca66ac25bd122fd22e5e0f639e7af697e
/external/sepolicy/access_vectors
|
| 344fc109e9787f91946ac852bb513c796aab38f6 |
|
07-Jul-2014 |
Riley Spahn <rileyspahn@google.com> |
Add access control for each service_manager action.
Add SELinux MAC for the service manager actions list
and find. Add the list and find verbs to the
service_manager class. Add policy requirements for
service_manager to enforce policies to binder_use
macro.
(cherry picked from commit b8511e0d98880a683c276589ab7d8d7666b7f8c1)
Change-Id: I980d4a8acf6a0c6e99a3a7905961eb5564b1be15
/external/sepolicy/access_vectors
|
| 1196d2a5763c9a99be99ba81a4a29d938a83cc06 |
|
17-Jun-2014 |
Riley Spahn <rileyspahn@google.com> |
Adding policies for KeyStore MAC.
Add keystore_key class and an action for each action supported
by keystore. Add policies that replicate the access control that
already exists in keystore. Add auditallow rules for actions
not known to be used frequently. Add macro for those domains
wishing to access keystore.
Change-Id: Iddd8672b9e9b72b45ee208e6eda608cc9dc61edc
/external/sepolicy/access_vectors
|
| f90c41f6e8d5c1266e154f46586a2ceb260f1be6 |
|
06-Jun-2014 |
Riley Spahn <rileyspahn@google.com> |
Add SELinux rules for service_manager.
Add a service_mananger class with the verb add.
Add a type that groups the services for each of the
processes that is allowed to start services in service.te
and an attribute for all services controlled by the service
manager. Add the service_contexts file which maps service
name to target label.
Bug: 12909011
Change-Id: I017032a50bc90c57b536e80b972118016d340c7d
/external/sepolicy/access_vectors
|
| d7af45d3741648c45560797a5b6f02dec784668f |
|
07-Jun-2014 |
Nick Kralevich <nnk@google.com> |
add attach_queue to tun_socket
Modeled after http://oss.tresys.com/pipermail/refpolicy/2013-January/006283.html
Addresses the following kernel error message:
<6>[ 3.855423] SELinux: Permission attach_queue in class tun_socket not defined in policy.
<6>[ 3.862482] SELinux: the above unknown classes and permissions will be denied
<7>[ 3.869668] SELinux: Completing initialization.
Change-Id: Iad87fcd5348d121a808dbe7ae3c63f8c90fc09fc
/external/sepolicy/access_vectors
|
| c4db82cf85feccb81d0c3625fde440523323c634 |
|
03-May-2014 |
dcashman <dcashman@google.com> |
Remove specifycapabilities permission.
specifycapabilities is no longer specified by the zygote userspace manager.
It was removed in commit: 42a4bb5730266f80585e67262c73505d0bfffbf8. Remove
this permission from policy.
Change-Id: I866a25b590a375a68de6eec9af1b3ef779889985
/external/sepolicy/access_vectors
|
| 9ce99e3908fcd81430bc9612e5d86819939b6db2 |
|
16-Nov-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Update binder-related policy.
The binder_transfer_binder hook was changed in the kernel, obsoleting
the receive permission and changing the target of the transfer permission.
Update the binder-related policy to match the revised permission checking.
Change-Id: I1ed0dadfde2efa93296e967eb44ca1314cf28586
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/sepolicy/access_vectors
|
| a1ce2fa2218a768823a7c39426983a248b6e4f50 |
|
10-Aug-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Define wake_alarm and block_suspect capabilities.
/external/sepolicy/access_vectors
|
| 124720a6976a69357522299afbe5591854e40775 |
|
04-Apr-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Add policy for property service.
New property_contexts file for property selabel backend.
New property.te file with property type declarations.
New property_service security class and set permission.
Allow rules for setting properties.
/external/sepolicy/access_vectors
|
| 2dd4e51d5c2a2dfc0bfdee9303269f5a665f6e35 |
|
04-Jan-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
SE Android policy.
/external/sepolicy/access_vectors
|