de08be8aa006c313e5025ba5f032abf786a39f71 |
|
27-Aug-2014 |
Robin Lee <rgl@google.com> |
Allow system reset_uid, sync_uid, password_uid Permits the system server to change keystore passwords for users other than primary. Bug: 16233206 Change-Id: I7941707ca66ac25bd122fd22e5e0f639e7af697e
/external/sepolicy/access_vectors
|
344fc109e9787f91946ac852bb513c796aab38f6 |
|
07-Jul-2014 |
Riley Spahn <rileyspahn@google.com> |
Add access control for each service_manager action. Add SELinux MAC for the service manager actions list and find. Add the list and find verbs to the service_manager class. Add policy requirements for service_manager to enforce policies to binder_use macro. (cherry picked from commit b8511e0d98880a683c276589ab7d8d7666b7f8c1) Change-Id: I980d4a8acf6a0c6e99a3a7905961eb5564b1be15
/external/sepolicy/access_vectors
|
1196d2a5763c9a99be99ba81a4a29d938a83cc06 |
|
17-Jun-2014 |
Riley Spahn <rileyspahn@google.com> |
Adding policies for KeyStore MAC. Add keystore_key class and an action for each action supported by keystore. Add policies that replicate the access control that already exists in keystore. Add auditallow rules for actions not known to be used frequently. Add macro for those domains wishing to access keystore. Change-Id: Iddd8672b9e9b72b45ee208e6eda608cc9dc61edc
/external/sepolicy/access_vectors
|
f90c41f6e8d5c1266e154f46586a2ceb260f1be6 |
|
06-Jun-2014 |
Riley Spahn <rileyspahn@google.com> |
Add SELinux rules for service_manager. Add a service_mananger class with the verb add. Add a type that groups the services for each of the processes that is allowed to start services in service.te and an attribute for all services controlled by the service manager. Add the service_contexts file which maps service name to target label. Bug: 12909011 Change-Id: I017032a50bc90c57b536e80b972118016d340c7d
/external/sepolicy/access_vectors
|
d7af45d3741648c45560797a5b6f02dec784668f |
|
07-Jun-2014 |
Nick Kralevich <nnk@google.com> |
add attach_queue to tun_socket Modeled after http://oss.tresys.com/pipermail/refpolicy/2013-January/006283.html Addresses the following kernel error message: <6>[ 3.855423] SELinux: Permission attach_queue in class tun_socket not defined in policy. <6>[ 3.862482] SELinux: the above unknown classes and permissions will be denied <7>[ 3.869668] SELinux: Completing initialization. Change-Id: Iad87fcd5348d121a808dbe7ae3c63f8c90fc09fc
/external/sepolicy/access_vectors
|
c4db82cf85feccb81d0c3625fde440523323c634 |
|
03-May-2014 |
dcashman <dcashman@google.com> |
Remove specifycapabilities permission. specifycapabilities is no longer specified by the zygote userspace manager. It was removed in commit: 42a4bb5730266f80585e67262c73505d0bfffbf8. Remove this permission from policy. Change-Id: I866a25b590a375a68de6eec9af1b3ef779889985
/external/sepolicy/access_vectors
|
9ce99e3908fcd81430bc9612e5d86819939b6db2 |
|
16-Nov-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Update binder-related policy. The binder_transfer_binder hook was changed in the kernel, obsoleting the receive permission and changing the target of the transfer permission. Update the binder-related policy to match the revised permission checking. Change-Id: I1ed0dadfde2efa93296e967eb44ca1314cf28586 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/sepolicy/access_vectors
|
a1ce2fa2218a768823a7c39426983a248b6e4f50 |
|
10-Aug-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Define wake_alarm and block_suspect capabilities.
/external/sepolicy/access_vectors
|
124720a6976a69357522299afbe5591854e40775 |
|
04-Apr-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Add policy for property service. New property_contexts file for property selabel backend. New property.te file with property type declarations. New property_service security class and set permission. Allow rules for setting properties.
/external/sepolicy/access_vectors
|
2dd4e51d5c2a2dfc0bfdee9303269f5a665f6e35 |
|
04-Jan-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
SE Android policy.
/external/sepolicy/access_vectors
|