Cross Reference: /external/sepolicy/file

History log of /external/sepolicy/file_contexts
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
f457e57db0e0497ac284125f5f78758bc7ab487b	05-Nov-2014	Nick Kralevich <nnk@google.com>	am 7adc8cfe: Allow adbd to write to /data/adb * commit '7adc8cfee367abc5cd17a21868b6b0bdb7b06eed': Allow adbd to write to /data/adb
7adc8cfee367abc5cd17a21868b6b0bdb7b06eed	21-Oct-2014	Nick Kralevich <nnk@google.com>	Allow adbd to write to /data/adb adbd writes debugging information to /data/adb when persist.adb.trace_mask is set. Allow it. Bug: https://code.google.com/p/android/issues/detail?id=72895 (cherry picked from commit 973877dbc1298ee59dce08397ce8425580cbbbb5) Change-Id: Ida2e0257c97941ab33ccdab59eb2cde95dca344f /external/sepolicy/file_contexts
d7e004ebf949ae21b299a49cff9917f6560200a3	31-Oct-2014	Nick Kralevich <nnk@google.com>	allow coredump functionality Change-Id: I7993698ac96f21db0039681275280dbd43ff61ba /external/sepolicy/file_contexts
51bfecf49d50982f64aba1fa73bbbdd2e40a444f	13-Oct-2014	Robin Lee <rgl@google.com>	Pull keychain-data policy out of system-data Migrators should be allowed to write to /data/misc/keychain in order to remove it. Similarly /data/misc/user should be writable by system apps. TODO: Revoke zygote's rights to read from /data/misc/keychain on behalf of some preloaded security classes. Bug: 17811821 Change-Id: I9e9c6883cff1dca3755732225404909c16a0e547 /external/sepolicy/file_contexts
feedd3c62178d3c6413e467a98da3b708dd1f5f1	05-Aug-2014	Alex Light <allight@google.com>	Make system use patchoat to relocate during runtime. Add patchoat selinux rules. Bug: 15358152 (cherry picked from commit fbc8ec2eacaff635a51b0334ea43ddaaa65655ea) Change-Id: Ic84a370548393be62db740092e8393b662bcf345 /external/sepolicy/file_contexts
8ee37b4f1c58e1dcd00b198a9bbfeafb4221fdc9	15-Jul-2014	Ed Heyl <edheyl@google.com>	reconcile aosp (c103da877b72aae80616dbc192982aaf75dfe888) after branching. Please do not merge. Change-Id: Ic9dde806a30d3e7b9c4a066f247a9207fe9b94b4 /external/sepolicy/file_contexts
65edb75d530058ec3c8cb86d6d3e28f9394740ba	08-Jul-2014	Sreeram Ramachandran <sreeram@google.com>	Allow netd to create data files in /data/misc/net/. This will be used to populate rt_tables (a mapping from routing table numbers to table names) that's read by the iproute2 utilities. Change-Id: I69deb1a64d5d6647470823405bf0cc55b24b22de /external/sepolicy/file_contexts
9f6af083e8a31c9b5a9f9ac21885dfc3c0dc14b2	03-Jul-2014	Nick Kralevich <nnk@google.com>	New domain "install_recovery" Create a new domain for the one-shot init service flash_recovery. This domain is initially in permissive_or_unconfined() for testing. Any SELinux denials won't be enforced for now. Change-Id: I7146dc154a5c78b6f3b4b6fb5d5855a05a30bfd8 /external/sepolicy/file_contexts
be092af039148e3cadcd49ee7042b8f39c7e95a2	07-Jul-2014	Jeff Sharkey <jsharkey@android.com>	Rules to allow installing package directories. Earlier changes had extended the rules, but some additional changes are needed. avc: denied { relabelfrom } for name="vmdl-723825123.tmp" dev="mmcblk0p28" ino=162910 scontext=u:r:system_server:s0 tcontext=u:object_r:apk_data_file:s0 tclass=dir Bug: 14975160 Change-Id: I875cfc3538d4b098d27c7c7b756d1868a54cc976 /external/sepolicy/file_contexts
bf8a37b8eb00568d677c789f3857681ef41e4a92	21-Jun-2014	Nick Kralevich <nnk@google.com>	Create vdc domain The init.rc one-shot services "defaultcrypto" and "encrypt" call out to the /system/bin/vdc command line to ask vold to perform encryption operations. Create a new domain for these one-shot services. Allow the vdc domain to talk to vold. Change-Id: I73dc2ee4cc265bc16056b27307c254254940fd9f /external/sepolicy/file_contexts
b4adc62a572f983f4c538d0b9a75843574f9ec21	17-Jun-2014	Nick Kralevich <nnk@google.com>	Force logwrapper to system_file Some device-specific policies are improperly creating a security domain for logwrapper, rather than removing the logwrapper lines from init.device.rc. Don't allow that. Explicitly add an entry for /system/bin/logwrapper to force it to a system_file. Attempting to override this will result in the following compile time error: obj/ETC/file_contexts_intermediates/file_contexts: Multiple different specifications for /system/bin/logwrapper (u:object_r:logwrapper_exec:s0 and u:object_r:system_file:s0). Bug: 15616899 Change-Id: Ia55394247a9fa16e00434d61091fff9d9d4ff125 /external/sepolicy/file_contexts
fad4d5fb00ddb1f61c22c003429e10f10b046d0d	16-Jun-2014	Nick Kralevich <nnk@google.com>	Fix SELinux policies to allow resource overlays. The following commits added support for runtime resource overlays. New command line tool 'idmap' * 65a05fd56dbc9fd9c2511a97f49c445a748fb3c5 Runtime resource overlay, iteration 2 * 48d22323ce39f9aab003dce74456889b6414af55 Runtime resource overlay, iteration 2, test cases * ad6ed950dbfa152c193dd7e49c369d9e831f1591 During SELinux tightening, support for these runtime resource overlays was unknowingly broken. Fix it. This change has been tested by hackbod and she reports that everything is working after this change. I haven't independently verified the functionality. Test cases are available for this by running: * python frameworks/base/core/tests/overlaytests/testrunner.py Change-Id: I1c70484011fd9041bec4ef34f93f7a5509906f40 /external/sepolicy/file_contexts
84ed890aebce5235018b846fac734b47833ee364	04-Jun-2014	Nick Kralevich <nnk@google.com>	Merge adf_device into graphics_device As of sepolicy commit a16a59e2c7f1e2f09bf7b750101973a974c972e8 (https://android-review.googlesource.com/94580), adf_device and graphics_device have the exact same security properties. Merge them into one type to avoid a proliferation of SELinux types. Change-Id: Ib1a24f5d880798600e103b9e14934e41abb1ef95 /external/sepolicy/file_contexts
ad0d0fc722d04e465ce2b0bfd2f8e04714c75391	29-May-2014	Stephen Smalley <sds@tycho.nsa.gov>	Protect /data/property. /data/property is only accessible by root and is used by the init property service for storing persistent property values. Create a separate type for it and only allow init to write to the directory and files within it. Ensure that we do not allow access to other domains in future changes or device-specific policy via a neverallow rule. Change-Id: Iff556b9606c5651c0f1bba902e30b59bdd6f063a Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/file_contexts
9786af2bcaaf0ba25c0a50c81c748a05793ec847	23-May-2014	Torne (Richard Coles) <torne@google.com>	Define SELinux policy for RELRO sharing support. Define a domain and appropriate access rules for shared RELRO files (used for loading the WebView native library). Any app is permitted to read the files as they are public data, but only the shared_relro process is permitted to create/update them. Bug: 13005501 Change-Id: I9d5ba9e9eedb9b8c80fe6f84a3fc85a68553d52e /external/sepolicy/file_contexts
7cba5da2f6923316dea6542ef63883533337dfd8	23-May-2014	Nick Kralevich <nnk@google.com>	Label /dev/socket/zygote_secondary zygote_secondary talks over a different socket named /dev/socket/zygote_secondary. Make sure it's properly labeled. See https://android-review.googlesource.com/89604 Addresses the following denial: <12>[ 48.442004] type=1400 audit(1400801842.179:5): avc: denied { write } for pid=1082 comm="main" name="zygote_secondary" dev="tmpfs" ino=9953 scontext=u:r:system_server:s0 tcontext=u:object_r:socket_device:s0 tclass=sock_file permissive=1 Bug: 13647418 Change-Id: I1ff5f1d614295a5870bb8a3992ad9167e1656c92 /external/sepolicy/file_contexts
5c655876780f017c472997d7ae2c6a36d5752f09	14-May-2014	Narayan Kamath <narayan@google.com>	app_process is now a symlink. app_process is now a symlink to app_process32 or app_process64, so we have to update the selinux rules to explicitly refer to them. See change 5a7ee9ad63d for context. Change-Id: I7f7a107d79a8f7a3c193f97809e1e737540258f1 /external/sepolicy/file_contexts
56ecf4bdf8cb33362143f37cf683efd909415d5b	01-May-2014	Sreeram Ramachandran <sreeram@google.com>	Introduce fwmarkd: a service to set the fwmark of sockets. (cherry picked from commit 7d51096d4106a441a15741592d9ccdd0bfaca907) Change-Id: Ib6198e19dbc306521a26fcecfdf6e8424d163fc9 /external/sepolicy/file_contexts
baf49bd541a9df4f38bf917fbfc850569a4cae94	12-May-2014	Stephen Smalley <sds@tycho.nsa.gov>	Label /data/.layout_version with its own type. installd creates /data/.layout_version. Introduce a separate type for this file (and any other file created by installd under a directory labeled system_data_file) so that we can allow create/write access by installd without allowing it to any system data files created by other processes. This prevents installd from overwriting other system data files, and ensure that any files it creates will require explicit rules in order to access. Change-Id: Id04e49cd571390d18792949c8b2b13b1ac59c016 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/file_contexts
7004789de39c1e712169ac6d4c98bdbe43dcce6e	07-May-2014	Greg Hackmann <ghackmann@google.com>	Add policies for Atomic Display Framework ADF is a modern replacement for fbdev. ADF's device nodes (/dev/adf[X]), interface nodes (/dev/adf-interface[X].[Y]), and overlay engine nodes (/dev/adf-overlay-engine[X].[Y]) are collectively used in similar contexts as fbdev nodes. Vendor HW composers (via SurfaceFlinger) and healthd will need to send R/W ioctls to these nodes to prepare and update the display. Ordinary apps should not talk to ADF directly. Change-Id: Ic0a76b1e82c0cc1e8f240f219928af1783e79343 Signed-off-by: Greg Hackmann <ghackmann@google.com> /external/sepolicy/file_contexts
812f7d90d250578d3e9e275406ba5ae0a2775e79	05-May-2014	Stephen Smalley <sds@tycho.nsa.gov>	Escape dot (.) when it is intended to be literal. Otherwise it is treated as a regex and matches any character. Change-Id: I9e23f01b0e104d3ef57993fd1a3d9a5b13201910 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/file_contexts
19c509034ee309c60c958637841c151d3c273421	09-Apr-2014	Stephen Smalley <sds@tycho.nsa.gov>	Define a type for /data/dalvik-cache/profiles. I9b8e59e3bd7df8a1bf60fa7ffd376a24ba0eb42f added a profiles subdirectory to /data/dalvik-cache with files that must be app-writable. As a result, we have denials such as: W/Profiler( 3328): type=1400 audit(0.0:199): avc: denied { write } for name="com.google.android.setupwizard" dev="mmcblk0p28" ino=106067 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:dalvikcache_data_file:s0 tclass=file W/Profiler( 3328): type=1300 audit(0.0:199): arch=40000028 syscall=322 per=800000 success=yes exit=33 a0=ffffff9c a1=b8362708 a2=20002 a3=0 items=1 ppid=194 auid=4294967295 uid=10019 gid=10019 euid=10019 suid=10019 fsuid=10019 egid=10019 sgid=10019 fsgid=10019 tty=(none) ses=4294967295 exe="/system/bin/app_process" subj=u:r:untrusted_app:s0 key=(null) W/auditd ( 286): type=1307 audit(0.0:199): cwd="/" W/auditd ( 286): type=1302 audit(0.0:199): item=0 name="/data/dalvik-cache/profiles/com.google.android.setupwizard" inode=106067 dev=b3:1c mode=0100664 ouid=1012 ogid=50019 rdev=00:00 obj=u:object_r:dalvikcache_data_file:s0 We do not want to allow untrusted app domains to write to the existing type on other /data/dalvik-cache files as that could be used for code injection into another app domain, the zygote or the system_server. So define a new type for this subdirectory. The restorecon_recursive /data in init.rc will fix the labeling on devices that already have a profiles directory created. For correct labeling on first creation, we also need a separate change to installd under the same change id. Bug: 13927667 Change-Id: I4857d031f9e7e60d48b8c72fcb22a81b3a2ebaaa Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/file_contexts
6bf9bbc82951536645d2cc02de19d928b6be2889	04-Apr-2014	Nick Kralevich <nnk@google.com>	label app_process64 as zygote_exec ... otherwise zygote 64 won't run in the correct SELinux domain. Bug: 13647418 Change-Id: Iada2bf26623784535b70647c472f69b735b8f4fc /external/sepolicy/file_contexts
9fc0d40eff46d1319f282df68376c335c3115c36	26-Mar-2014	Stephen Smalley <sds@tycho.nsa.gov>	Label /dev/uio[0-9]* with its own type. Change-Id: Ibeeec6637022ee8bc9868e102b3d55e3b0d4762c Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/file_contexts
a00fb29b1982e21655ec4c084db0b8f37f23a33d	18-Mar-2014	Robert Craig <rpcraig@tycho.ncsc.mil>	Label /data/misc/sms as a radio_data_file. This change helps with the following denials. avc: denied { write } for pid=14157 comm="Thread-88" name="premium_sms_policy.xml" dev="mmcblk0p28" ino=618998 scontext=u:r:radio:s0 tcontext=u:object_r:system_data_file:s0 tclass=file avc: denied { write } for pid=14293 comm="Thread-89" name="sms" dev="mmcblk0p28" ino=618952 scontext=u:r:radio:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir Prior to this patch the directory was labeled as system_data_file which is a bit too generic. This directory contains xml files with regexs which represent premium numbers that are used to warn the user before sending. Change-Id: I98288b25aa1546477e05eee9f7622324b013e695 Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil> /external/sepolicy/file_contexts
f9c3257fbaa16dbbffe3493b103d0b16ada1c0b5	12-Mar-2014	Stephen Smalley <sds@tycho.nsa.gov>	Get rid of separate download_file type. This appears to have been created to allow untrusted_app to access DownloadProvider cache files without needing to allow open access to platform_app_data_file. Now that platform_app_data_file is gone, there is no benefit to having this type. Retain a typealias for download_file to app_data_file until restorecon /data/data support is in place to provide compatibility. This change depends on: https://android-review.googlesource.com/#/c/87801/ Change-Id: Iab3c99d7d5448bdaa5c1e03a98fb6163804e1ec4 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/file_contexts
5f8d9f85b0b3b799f2ac15352ae3c92e61675dba	12-Mar-2014	Stephen Smalley <sds@tycho.nsa.gov>	Label /data/misc/wifi/hostapd with wpa_socket type. hostapd creates sockets under /data/misc/wifi/hostapd. Ensure that they are labeled correctly both at runtime (type_transition) and during the init.rc restorecon_recursive /data (file_contexts). Addresses denials such as: avc: denied { create } for pid=20476 comm="hostapd" name="wlan0" scontext=u:r:hostapd:s0 tcontext=u:object_r:wifi_data_file:s0 tclass=sock_file avc: denied { setattr } for pid=20476 comm="hostapd" name="wlan0" dev="mmcblk0p23" ino=619005 scontext=u:r:hostapd:s0 tcontext=u:object_r:wifi_data_file:s0 tclass=sock_file avc: denied { unlink } for pid=20476 comm="hostapd" name="wlan0" dev="mmcblk0p23" ino=619005 scontext=u:r:hostapd:s0 tcontext=u:object_r:wifi_data_file:s0 tclass=sock_file Change-Id: I80a443faeb6017a9d6cbdb8da9d7416f29a7b85f Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/file_contexts
3dad7b611a448fa43a678ff760c23a00f387947e	05-Mar-2014	Stephen Smalley <sds@tycho.nsa.gov>	Address system_server denials. Label /proc/sysrq-trigger and allow access. Label /dev/socket/mtpd and allow access. Resolves denials such as: avc: denied { getattr } for pid=12114 comm="Binder_2" path="socket:[219779]" dev="sockfs" ino=219779 scontext=u:r:untrusted_app:s0 tcontext=u:r:system_server:s0 tclass=tcp_socket avc: denied { call } for pid=1007 comm="Binder_8" scontext=u:r:system_server:s0 tcontext=u:r:su:s0 tclass=binder avc: denied { write } for pid=1024 comm="watchdog" name="sysrq-trigger" dev="proc" ino=4026533682 scontext=u:r:system_server:s0 tcontext=u:object_r:proc:s0 tclass=file avc: denied { write } for pid=11567 comm="LegacyVpnRunner" name="mtpd" dev="tmpfs" ino=36627 scontext=u:r:system_server:s0 tcontext=u:object_r:socket_device:s0 tclass=sock_file avc: denied { ptrace } for pid=10924 comm=5369676E616C2043617463686572 scontext=u:r:system_server:s0 tcontext=u:r:system_server:s0 tclass=process avc: denied { sigkill } for pid=26077 comm="NativeCrashRepo" scontext=u:r:system_server:s0 tcontext=u:r:zygote:s0 tclass=process avc: denied { write } for pid=1024 comm="android.bg" scontext=u:r:system_server:s0 tcontext=u:r:system_server:s0 tclass=netlink_socket avc: denied { getattr } for pid=473 comm="FinalizerDaemon" path="socket:[11467]" dev="sockfs" ino=11467 scontext=u:r:system_server:s0 tcontext=u:r:mediaserver:s0 tclass=tcp_socket avc: denied { getattr } for pid=473 comm="FinalizerDaemon" path="socket:[12076]" dev="sockfs" ino=12076 scontext=u:r:system_server:s0 tcontext=u:r:mediaserv er:s0 tclass=udp_socket avc: denied { getopt } for pid=473 comm="FinalizerDaemon" laddr=192.168.159.172 lport=51576 faddr=93.127.173.40 fport=554 scontext=u:r:system_server:s0 tcontext=u:r:mediaserver:s0 tclass=tcp_socket avc: denied { getopt } for pid=473 comm="FinalizerDaemon" lport=15658 scontext=u:r:system_server:s0 tcontext=u:r:mediaserver:s0 tclass=udp_socket avc: denied { read write } for pid=21384 comm="rtsp" path="socket:[443742]" dev="sockfs" ino=443742 scontext=u:r:system_server:s0 tcontext=u:r:mediaserver:s 0 tclass=tcp_socket avc: denied { read write } for pid=21384 comm="rtsp" path="socket:[444842]" dev="sockfs" ino=444842 scontext=u:r:system_server:s0 tcontext=u:r:mediaserver:s0 tclass=udp_socket avc: denied { setopt } for pid=1326 comm="Binder_9" lport=16216 scontext=u:r:system_server:s0 tcontext=u:r:mediaserver:s0 tclass=udp_socket avc: denied { setopt } for pid=1676 comm="Binder_6" laddr=192.168.156.130 lport=51044 faddr=74.125.214.81 fport=554 scontext=u:r:system_server:s0 tcontext=u:r:mediaserver:s0 tclass=tcp_socket avc: denied { getattr } for pid=10915 comm="system_server" path="/dev/mdm" dev="tmpfs" ino=7484 scontext=u:r:system_server:s0 tcontext=u:object_r:radio_device:s0 tclass=chr_file avc: denied { read } for pid=10915 comm="system_server" name="mdm" dev="tmpfs" ino=7484 scontext=u:r:system_server:s0 tcontext=u:object_r:radio_device:s0 tclass=chr_file avc: denied { unlink } for pid=14866 comm="system_server" name="wallpaper" dev="mmcblk0p9" ino=285715 scontext=u:r:system_server:s0 tcontext=u:object_r:wallpaper_file:s0 tclass=file avc: denied { getattr } for pid=12114 comm="Binder_2" path="socket:[219779]" dev="sockfs" ino=219779 scontext=u:r:untrusted_app:s0 tcontext=u:r:system_server:s0 tclass=tcp_socket avc: denied { getopt } for pid=32300 comm="Binder_1" laddr=::ffff:127.0.0.1 lport=4939 faddr=::ffff:127.0.0.1 fport=53318 scontext=u:r:untrusted_app:s0 tcontext=u:r:system_server:s0 tclass=tcp_socket avc: denied { read write } for pid=10840 comm="pool-17-thread-" path="socket:[205990]" dev="sockfs" ino=205990 scontext=u:r:untrusted_app:s0 tcontext=u:r:system_server:s0 tclass=tcp_socket avc: denied { write } for pid=20817 comm="dumpsys" path="/mnt/shell/emulated/0/aupt-output/bugreport-2014-02-22-11-17-16.txt.tmp" dev="fuse" ino=3100784040 scontext=u:r:system_server:s0 tcontext=u:object_r:sdcard_internal:s0 tclass=file Change-Id: I481ac26667b487031a5d3317b0a028a027a8e641 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/file_contexts
0296b9434f3b933b37f67c143788f87cb80b3325	25-Feb-2014	Stephen Smalley <sds@tycho.nsa.gov>	Move qemud and /dev/qemu policy bits to emulator-specific sepolicy. Change-Id: I620d4aef84a5d4565abb1695db54ce1653612bce Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/file_contexts
2c347e0a3676bb50cac796ca94eb6ab53c08fc87	25-Feb-2014	Stephen Smalley <sds@tycho.nsa.gov>	Drop obsolete keystore_socket type and rules. Change I6dacdc43bcc1a56e47655e37e825ee6a205eb56b switched the keystore to using binder instead of a socket, so this socket type and rules have been unused for a while. The type was only ever assigned to a /dev/socket socket file (tmpfs) so there is no issue with removing the type (no persistent files will have this xattr value). Change-Id: Id584233c58f6276774c3432ea76878aca28d6280 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/file_contexts
96ff4c053a238e04373fcc1f11d769418e8ce238	24-Feb-2014	Stephen Smalley <sds@tycho.nsa.gov>	Add a domain for mdnsd and allow connecting to it. Change-Id: I0a06fa32a46e515671b4e9a6f68e1a3f8b2c21a8 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/file_contexts
96eeb1ecb3980e34a5f9ed1a4afd8ffa6ada0cf0	19-Feb-2014	Nick Kralevich <nnk@google.com>	initial policy for uncrypt. Add initial support for uncrypt, started via the pre-recovery service in init.rc. On an encrypted device, uncrypt reads an OTA zip file on /data, opens the underlying block device, and writes the unencrypted blocks on top of the encrypted blocks. This allows recovery, which can't normally read encrypted partitions, to reconstruct the OTA image and apply the update as normal. Add an exception to the neverallow rule for sys_rawio. This is needed to support writing to the raw block device. Add an exception to the neverallow rule for unlabeled block devices. The underlying block device for /data varies between devices within the same family (for example, "flo" vs "deb"), and the existing per-device file_context labeling isn't sufficient to cover these differences. Until I can resolve this problem, allow access to any block devices. Bug: 13083922 Change-Id: I7cd4c3493c151e682866fe4645c488b464322379 /external/sepolicy/file_contexts
f4c6579b247861ae069ac8152967d913f9b9950f	19-Feb-2014	Stephen Smalley <sds@tycho.nsa.gov>	Delete unnecessary /data/data entries. /data/data subdirectories are labeled by installd at creation time based on seapp_contexts, not based on file_contexts, so we do not need the /data/data/.* entry, and the wallpaper file was moved from under com.android.settings/files to /data/system/users/N long ago so we can delete the old entry for it. Change-Id: I32af6813ff284e8fe9fd4867df482a642c728755 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/file_contexts
e55aac2a5a03585550ce6ca7efc5495a2d8d79fa	16-Feb-2014	Dan Willemsen <dwillemsen@nvidia.com>	Add debuggerd64 entry for 64-bit debuggerd daemon Change-Id: I4cd33a296de0d0597aa6166aa1be48f1b0b52129 /external/sepolicy/file_contexts
5467fce636d0cebb86f3684f7a69d883324384ca	13-Feb-2014	Nick Kralevich <nnk@google.com>	initial lmkd policy. * Allow writes to /proc/PID/oom_score_adj * Allow writes to /sys/module/lowmemorykiller/* Addresses the following denials: <5>[ 3.825371] type=1400 audit(9781555.430:5): avc: denied { write } for pid=176 comm="lmkd" name="minfree" dev="sysfs" ino=6056 scontext=u:r:lmkd:s0 tcontext=u:object_r:sysfs:s0 tclass=file <5>[ 48.874747] type=1400 audit(9781600.639:16): avc: denied { search } for pid=176 comm="lmkd" name="896" dev="proc" ino=9589 scontext=u:r:lmkd:s0 tcontext=u:r:system_server:s0 tclass=dir <5>[ 48.874889] type=1400 audit(9781600.639:17): avc: denied { dac_override } for pid=176 comm="lmkd" capability=1 scontext=u:r:lmkd:s0 tcontext=u:r:lmkd:s0 tclass=capability <5>[ 48.874982] type=1400 audit(9781600.639:18): avc: denied { write } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=8942 scontext=u:r:lmkd:s0 tcontext=u:r:system_server:s0 tclass=file <5>[ 48.875075] type=1400 audit(9781600.639:19): avc: denied { open } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=8942 scontext=u:r:lmkd:s0 tcontext=u:r:system_server:s0 tclass=file <5>[ 49.409231] type=1400 audit(9781601.169:20): avc: denied { write } for pid=176 comm="lmkd" name="minfree" dev="sysfs" ino=6056 scontext=u:r:lmkd:s0 tcontext=u:object_r:sysfs:s0 tclass=file <5>[ 209.081990] type=1400 audit(9781760.839:24): avc: denied { search } for pid=176 comm="lmkd" name="1556" dev="proc" ino=10961 scontext=u:r:lmkd:s0 tcontext=u:r:platform_app:s0 tclass=dir <5>[ 209.082240] type=1400 audit(9781760.839:25): avc: denied { write } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=11654 scontext=u:r:lmkd:s0 tcontext=u:r:platform_app:s0 tclass=file <5>[ 209.082498] type=1400 audit(9781760.839:26): avc: denied { open } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=11654 scontext=u:r:lmkd:s0 tcontext=u:r:platform_app:s0 tclass=file <5>[ 209.119673] type=1400 audit(9781760.879:27): avc: denied { search } for pid=176 comm="lmkd" name="1577" dev="proc" ino=12708 scontext=u:r:lmkd:s0 tcontext=u:r:release_app:s0 tclass=dir <5>[ 209.119937] type=1400 audit(9781760.879:28): avc: denied { write } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=11657 scontext=u:r:lmkd:s0 tcontext=u:r:release_app:s0 tclass=file <5>[ 209.120105] type=1400 audit(9781760.879:29): avc: denied { open } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=11657 scontext=u:r:lmkd:s0 tcontext=u:r:release_app:s0 tclass=file <5>[ 209.235597] type=1400 audit(9781760.999:30): avc: denied { search } for pid=176 comm="lmkd" name="1600" dev="proc" ino=11659 scontext=u:r:lmkd:s0 tcontext=u:r:shared_app:s0 tclass=dir <5>[ 209.235798] type=1400 audit(9781760.999:31): avc: denied { write } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=11667 scontext=u:r:lmkd:s0 tcontext=u:r:shared_app:s0 tclass=file <5>[ 209.236006] type=1400 audit(9781760.999:32): avc: denied { open } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=11667 scontext=u:r:lmkd:s0 tcontext=u:r:shared_app:s0 tclass=file <5>[ 214.297283] type=1400 audit(9781766.059:64): avc: denied { write } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=11211 scontext=u:r:lmkd:s0 tcontext=u:r:untrusted_app:s0 tclass=file <5>[ 214.297415] type=1400 audit(9781766.059:65): avc: denied { open } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=11211 scontext=u:r:lmkd:s0 tcontext=u:r:untrusted_app:s0 tclass=file <5>[ 214.355060] type=1400 audit(9781766.119:66): avc: denied { write } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=12907 scontext=u:r:lmkd:s0 tcontext=u:r:system_app:s0 tclass=file <5>[ 214.355236] type=1400 audit(9781766.119:67): avc: denied { open } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=12907 scontext=u:r:lmkd:s0 tcontext=u:r:system_app:s0 tclass=file <5>[ 214.516920] type=1400 audit(9781766.279:68): avc: denied { search } for pid=176 comm="lmkd" name="1907" dev="proc" ino=11742 scontext=u:r:lmkd:s0 tcontext=u:r:media_app:s0 tclass=dir <5>[ 214.678861] type=1400 audit(9781766.439:69): avc: denied { write } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=12915 scontext=u:r:lmkd:s0 tcontext=u:r:media_app:s0 tclass=file <5>[ 214.678992] type=1400 audit(9781766.439:70): avc: denied { open } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=12915 scontext=u:r:lmkd:s0 tcontext=u:r:media_app:s0 tclass=file <5>[ 214.708284] type=1400 audit(9781766.469:71): avc: denied { search } for pid=176 comm="lmkd" name="1765" dev="proc" ino=12851 scontext=u:r:lmkd:s0 tcontext=u:r:shared_app:s0 tclass=dir <5>[ 214.708435] type=1400 audit(9781766.469:72): avc: denied { write } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=12870 scontext=u:r:lmkd:s0 tcontext=u:r:shared_app:s0 tclass=file <5>[ 214.708648] type=1400 audit(9781766.469:73): avc: denied { open } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=12870 scontext=u:r:lmkd:s0 tcontext=u:r:shared_app:s0 tclass=file Change-Id: Ie3c1ab8ce9e77742d0cc3c73f40010afd018ccd4 /external/sepolicy/file_contexts
48b18832c476f0bd8fcb8ee3e308258392f36aaf	04-Feb-2014	Robert Craig <rpcraig@tycho.ncsc.mil>	Introduce asec_public_file type. This new type will allow us to write finer-grained policy concerning asec containers. Some files of these containers need to be world readable. Change-Id: Iefee74214d664acd262edecbb4f981d633ff96ce Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil> /external/sepolicy/file_contexts
a7e4ace1765d6c4623613810c1e6bc19a6d3f564	04-Feb-2014	Stephen Smalley <sds@tycho.nsa.gov>	Add file_contexts entries for socket files. So that we do not relabel them on a restorecon -R /data. Change-Id: I8dd915d9bb80067339621b905ea2b4ea0fa8d71e Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/file_contexts
418e2abd39a3c86c4f8c7fcac93a1a7beea7a092	29-Jan-2014	Stephen Smalley <sds@tycho.nsa.gov>	Label /data/misc/wifi/sockets with wpa_socket. This will ensure that any sockets created in this directory will default to wpa_socket unless a type_transition is defined. Define a type transition for system_server to keep its separate system_wpa_socket type assigned for its socket. Allow wpa to create and unlink sockets in the directory. We leave the already existing rules for wifi_data_file in place for compatibility with existing devices that have wifi_data_file on /data/misc/wifi/sockets. Change-Id: I9e35cc93abf89ce3594860aa3193f84a3b42ea6e Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/file_contexts
8ed750e9731e6e3a21785e91e9b1cf7390c16738	13-Nov-2013	Mark Salyzyn <salyzyn@google.com>	sepolicy: Add write_logd, read_logd & control_logd - Add write_logd, read_logd and control_logd macros added along with contexts for user space logd. - Specify above on domain wide, or service-by-service basis - Add logd rules. - deprecate access_logcat as unused. - 'allow <domain> zygote:unix_dgram_socket write;' rule added to deal with fd inheritance. ToDo: investigate means to allow references to close, and reopen in context of application or call setsockcreatecon() to label them in child context. Change-Id: I35dbb9d5122c5ed9b8c8f128abf24a871d6b26d8 /external/sepolicy/file_contexts
09f6a99b667c63cb4084583df10b13cde9b1e78a	13-Jan-2014	Stephen Smalley <sds@tycho.nsa.gov>	Allow mediaserver to connect to bluetooth. Re-purpose the existing bluetooth_socket type, originally for /dev/socket/bluetooth used by bluetoothd in the old bluetooth stack, for sockets created by bluedroid under /data/misc/bluedroid, and allow mediaserver to connect to such sockets. This is required for playing audio on paired BT devices. Based on b/12417855. Change-Id: I24ecdf407d066e7c4939ed2a0edb97222a1879f6 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/file_contexts
94f322e016883f09fecedc0408171338a09f47aa	18-Nov-2013	Nick Kralevich <nnk@google.com>	Remove /sys/class/rfkill/rfkill.* lines These are all symlinks. The restorecon in /sys doesn't follow symlinks, so these lines have absolutely no effect, and just serve to confuse people. Remove them. Change-Id: I24373fa0308ec700011ed19b1ce29a491d1feff3 /external/sepolicy/file_contexts
d9b8ef435294359ac6e70f9d5981ee23fa0acedb	16-Jan-2014	Stephen Smalley <sds@tycho.nsa.gov>	Drop legacy device types. powervr_device is obsoleted by the more general gpu_device. akm_device and accelerometer_device are obsoleted by the more general sensors_device. We could also drop the file_contexts entries altogether and take them to device-specific policy (in this case, they all came from crespo, so that is obsolete for master). Change-Id: I63cef43b0d66bc99b80b64655416cc050f443e7d Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/file_contexts
d362cdf8d99ce6c4e4b3815683f54a253da6adba	08-Jan-2014	rpcraig <robertpcraig@gmail.com>	Apply a label to /data/mediadrm files. /data/mediadrm is appearing on devices but is receiving the system_data_file type. Use the media_data_file label to help classify these files. This new label will help with the following denials. with exisiting allow rules for mediaserver are already in place. type=1400 msg=audit(1389139139.551:308): avc: denied { open } for pid=179 comm="mediaserver" name="ay64.dat" dev="mmcblk0p23" ino=136819 scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=file type=1400 msg=audit(1389139140.783:309): avc: denied { read } for pid=179 comm="mediaserver" name="IDM1013" dev="mmcblk0p23" ino=136818 scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir type=1400 msg=audit(1389139140.783:310): avc: denied { open } for pid=179 comm="mediaserver" name="IDM1013" dev="mmcblk0p23" ino=136818 scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir Change-Id: I84ac78517fdbb0264cf07379120a62675505fc95 Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil> /external/sepolicy/file_contexts
c0493c8dfe78284c683184a7f3aefba6982bce40	08-Jan-2014	Stephen Smalley <sds@tycho.nsa.gov>	Drop extra _system_file types. They serve no purpose; these directories/files are normally accessible in the same way as the rest of /system. Also one of them has the wrong attributes (data_file_type), thereby making it writable by some domains, and under current policy, shell and apps cannot do ls -l /etc/ppp /etc/dhcpcd. Change-Id: I0c1baa434fe78373684f4eaab40a41fddf2bdd79 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/file_contexts
396015c3952bcbd5678dc20d5e5e4407cf6a4d4a	07-Jan-2014	Stephen Smalley <sds@tycho.nsa.gov>	Remove ping domain. ping in Android no longer requires any additional privileges beyond the caller. Drop the ping domain and executable file type entirely. Also add net_domain() to shell domain so that it can create and use network sockets. Change-Id: If51734abe572aecf8f510f1a55782159222e5a67 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/file_contexts
e13fabd75a1adb47abdaa115a793d2f1ad247af7	17-Dec-2013	Stephen Smalley <sds@tycho.nsa.gov>	Label /data/media with its own type and allow access. /data/media presently is left in system_data_file, which requires anything that wants to write to it to be able to write to system_data_file. Introduce a new type for /data/media, media_rw_data_file (to match the media_rw UID assigned to it and distinguish it from /data/misc/media which has media UID and media_data_file type), and allow access to it. We allow this for all platform app domains as WRITE_MEDIA_STORAGE permission is granted to signature\|system. We should not have to allow it to untrusted_app. Set up type transitions in sdcardd to automatically label any directories or files it creates with the new type. Change-Id: I5c7e6245b854a9213099e40a41d9583755d37d42 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/file_contexts
09e6abd91b3aaaa11a44d032e095360c64a97b3a	14-Dec-2013	Nick Kralevich <nnk@google.com>	initial dumpstate domain Add the necessary rules to support dumpstate. Start off initially in permissive until it has more testing. Dumpstate is triggered by running "adb bugreport" Change-Id: Ic17a60cca1f6f40daa4f2c51e9ad6009ef36cfbd /external/sepolicy/file_contexts
caa6a32d76e22b350f58ee6cf35c95f6282f076e	15-Dec-2013	Nick Kralevich <nnk@google.com>	initial inputflinger domain Add a placeholder domain for inputflinger. Mark it initially unconfined and enforcing. Change-Id: I433fd9e1954486136cb8abb084b4e19bb7fc2f19 /external/sepolicy/file_contexts
7466f9b69341e3d86b0242d8ad18ae98d22f05a2	13-Dec-2013	Nick Kralevich <nnk@google.com>	Label /data/misc/zoneinfo And allow any SELinux domain to read these timezone related files. Addresses the following denial: <5>[ 4.746399] type=1400 audit(3430294.470:7): avc: denied { open } for pid=197 comm="time_daemon" name="tzdata" dev="mmcblk0p28" ino=618992 scontext=u:r:time:s0 tcontext=u:object_r:system_data_file:s0 tclass=file Change-Id: Iff32465e62729d7aad8c79607848d89ce0aede86 /external/sepolicy/file_contexts
6a32eec74dc631e0bc06bca84cb2d0b3cd222c8b	13-Dec-2013	Nick Kralevich <nnk@google.com>	alphabetize /data/misc entries. Alphabetize the entries for the /data/misc subdirectories. Change-Id: I3690085cbb99c225545545668dedd66341a14edb /external/sepolicy/file_contexts
acde43f23fbe9b2d180034c6a99b8711a6af7f21	11-Dec-2013	Stephen Smalley <sds@tycho.nsa.gov>	Define a domain for the bootanim service. Leave the domain permissive initially until it gets more testing. Change-Id: I9d88d76d1ffdc79a2eff4545d37a9e615482df50 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/file_contexts
2b392fccf35c790bdc55bdce51a196f4953644ce	06-Dec-2013	Nick Kralevich <nnk@google.com>	Move lmkd into it's own domain. lmkd low memory killer daemon The kernel low memory killer logic has been moved to a new daemon called lmkd. ActivityManager communicates with this daemon over a named socket. This is just a placeholder policy, starting off in unconfined_domain. Change-Id: Ia3f9a18432c2ae37d4f5526850e11432fd633e10 /external/sepolicy/file_contexts
7adb999e701ee96356c506ffa93fce190791e8b7	06-Dec-2013	Stephen Smalley <sds@tycho.nsa.gov>	Restrict the ability to set usermodehelpers and proc security settings. Limit the ability to write to the files that configure kernel usermodehelpers and security-sensitive proc settings to the init domain. Permissive domains can also continue to set these values. The current list is not exhaustive, just an initial set. Not all of these files will exist on all kernels/devices. Controlling access to certain kernel usermodehelpers, e.g. cgroup release_agent, will require kernel changes to support and cannot be addressed here. Expected output on e.g. flo after the change: ls -Z /sys/kernel/uevent_helper /proc/sys/fs/suid_dumpable /proc/sys/kernel/core_pattern /proc/sys/kernel/dmesg_restrict /proc/sys/kernel/hotplug /proc/sys/kernel/kptr_restrict /proc/sys/kernel/poweroff_cmd /proc/sys/kernel/randomize_va_space /proc/sys/kernel/usermodehelper -rw-r--r-- root root u:object_r:usermodehelper:s0 uevent_helper -rw-r--r-- root root u:object_r:proc_security:s0 suid_dumpable -rw-r--r-- root root u:object_r:usermodehelper:s0 core_pattern -rw-r--r-- root root u:object_r:proc_security:s0 dmesg_restrict -rw-r--r-- root root u:object_r:usermodehelper:s0 hotplug -rw-r--r-- root root u:object_r:proc_security:s0 kptr_restrict -rw-r--r-- root root u:object_r:usermodehelper:s0 poweroff_cmd -rw-r--r-- root root u:object_r:proc_security:s0 randomize_va_space -rw------- root root u:object_r:usermodehelper:s0 bset -rw------- root root u:object_r:usermodehelper:s0 inheritable Change-Id: I3f24b4bb90f0916ead863be6afd66d15ac5e8de0 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/file_contexts
b2547644effa3994766d7ebf1df3f712fb06577a	04-Dec-2013	Robert Craig <rpcraig@tycho.ncsc.mil>	Drop tegra specific label from policy. This label was originally used for Motorola Xoom devices. nvmap is the tegra gpu memory manager and the various nvhost drivers are for tegra graphics related functionality, i.e. display serial interface, image signal processor, or media processing stuff. Only grouper and tilapia presently need this policy. Change-Id: I2a7000f69abf3185724d88d428e8237e0ca436ec /external/sepolicy/file_contexts
081aed21338f79774f91a98fe0cfae4eceee67ec	02-Dec-2013	Stephen Smalley <sds@tycho.nsa.gov>	Default to socket_device for anything under /dev/socket. Otherwise sockets that have no specific entry match the /dev(/.*) entry instead, leaving them in device type rather than socket_device type. Every socket should get its own entry regardless, but this at least puts it into a more specific type by default. Change-Id: I97f7999af7f9f83484d3a51440dda791d3726f1a Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/file_contexts
8510d31ed3b5d53c2232b7aac5f65b32d38753d0	07-Nov-2013	Stephen Smalley <sds@tycho.nsa.gov>	Rename camera_calibration_file and audio_firmware_file. Use more general type names for the contents of /data/misc/camera and /data/misc/audio. These were the names used in our policy until 4.3 was released, at which point we switched to be consistent with AOSP. However, the Galaxy S4 4.2.2 image, Galaxy S4 4.3 image, and Galaxy Note 3 4.3 image all shipped with policies using _data_file names because they were based on our older policy. So we may as well switch AOSP to these names. Not sure if in fact these could be all coalesced to the new media_data_file type for /data/misc/media introduced by Ic374488f8b62bd4f8b3c90f30da0e8d1ed1a7343. Options to fix already existing devices, which would only apply to Nexus devices with 4.3 or 4.4 at this point: 1) Add restorecon_recursive /data/misc/audio /data/misc/camera to either the system/core init.rc or to the device-specific init.*.rc files. -or- 2) Add a typealias declaration in the policy to remap the old type names. to the new ones. Then existing types on persistent storage will be remapped internally to the new ones. -or- 3) Some sort of relabeld. Option #2 is implemented by this change. Change-Id: Id36203f5bb66b5200efc1205630b5b260ef97496 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/file_contexts
af47ebb67aa64d699615693bf4603ec173417175	04-Nov-2013	Stephen Smalley <sds@tycho.nsa.gov>	Label /dev/fscklogs and allow system_server access to it. Otherwise you get denials such as: type=1400 audit(1383590310.430:623): avc: denied { getattr } for pid=1629 comm="Thread-78" path="/dev/fscklogs/log" dev="tmpfs" ino=1642 scontext=u:r:system_server:s0 tcontext=u:object_r:device:s0 tclass=file type=1400 audit(1383590310.430:624): avc: denied { open } for pid=1629 comm="Thread-78" name="log" dev="tmpfs" ino=1642 scontext=u:r:system_server:s0 tcontext=u:object_r:device:s0 tclass=file type=1400 audit(1383590310.430:625): avc: denied { write } for pid=1629 comm="Thread-78" name="fscklogs" dev="tmpfs" ino=1628 scontext=u:r:system_server:s0 tcontext=u:object_r:device:s0 tclass=dir type=1400 audit(1383590310.430:625): avc: denied { remove_name } for pid=1629 comm="Thread-78" name="log" dev="tmpfs" ino=1642 scontext=u:r:system_server:s0 tcontext=u:object_r:device:s0 tclass=dir type=1400 audit(1383590310.430:625): avc: denied { unlink } for pid=1629 comm="Thread-78" name="log" dev="tmpfs" ino=1642 scontext=u:r:system_server:s0 tcontext=u:object_r:device:s0 tclass=file Change-Id: Ia7ae06a6d4cc5d2a59b8b85a5fb93cc31074fd37 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/file_contexts
a771671877d306804dbbf5a8e6baa03c877f890d	04-Nov-2013	Stephen Smalley <sds@tycho.nsa.gov>	Label /data/misc/media and allow mediaserver access to it. Otherwise we get denials like these on 4.4: type=1400 audit(1383590170.360:29): avc: denied { write } for pid=61 comm="mediaserver" name="media" dev="mtdblock1" ino=6416 scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir type=1400 audit(1383590170.360:29): avc: denied { add_name } for pid=61 comm="mediaserver" name="emulator.camera.hotplug.0" scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir type=1400 audit(1383590170.360:29): avc: denied { create } for pid=61 comm="mediaserver" name="emulator.camera.hotplug.0" scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=file type=1400 audit(1383590170.360:29): avc: denied { write open } for pid=61 comm="mediaserver" name="emulator.camera.hotplug.0" dev="mtdblock1" ino=6431 scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=file type=1400 audit(1383590255.100:231): avc: denied { write } for pid=832 comm="mediaserver" name="emulator.camera.hotplug.0" dev="mtdblock1" ino=6431 scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=file type=1400 audit(1383590255.100:231): avc: denied { open } for pid=832 comm="mediaserver" name="emulator.camera.hotplug.0" dev="mtdblock1" ino=6431 scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=file Change-Id: Ic374488f8b62bd4f8b3c90f30da0e8d1ed1a7343 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/file_contexts
aaac24688ee623a19525f25fe1fc81b60197f6f5	05-Nov-2013	Elliott Hughes <enh@google.com>	/system/bin/ash and /system/bin/mksh are dead. Long live /system/bin/sh! Change-Id: I5af63c1bdc3585835ee273ed9995d8fac14792da /external/sepolicy/file_contexts
a7c8ea864ee9f82ca7aeb8e0bc13af72fcf6e096	06-Nov-2013	Stephen Smalley <sds@tycho.nsa.gov>	Move audio_firmware_file and /data/misc/audio entry to core sepolicy. Change-Id: Ib8c96ab9e19d34e8e34a4c859528345763be4906 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/file_contexts
b3c48b66bcc9dad62a461fdc3595a70c07ff8fd3	23-Oct-2013	Stephen Smalley <sds@tycho.nsa.gov>	Change the type on /dev/uinput to match /dev/uhid. /dev/uinput is accessed in the same way as /dev/uhid, and unlike /dev/input/. bluetooth requires access to the former and not to the latter, while shell requires access to the latter and not the former. This is also consistent with their DAC group ownerships (net_bt_stack for /dev/uinput and /dev/uhid vs input for /dev/input/). Change-Id: I0059d832a7fe036ed888c91e1fb96f3e6e0bd2d4 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/file_contexts
967f39a6e88c60b5f65a37397d6619197a1d0514	30-Oct-2013	Nick Kralevich <nnk@google.com>	Move sysfs_devices_system_cpu to the central policy. Every device has a CPU. This is not device specific. Allow every domain to read these files/directories. For unknown reasons, these files are accessed by A LOT of processes. Allow ueventd to write to these files. This addresses the following denials seen on mako: <5>[ 4.935602] type=1400 audit(1383167737.512:4): avc: denied { read } for pid=140 comm="ueventd" name="cpu0" dev="sysfs" ino=3163 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=dir <5>[ 4.935785] type=1400 audit(1383167737.512:5): avc: denied { open } for pid=140 comm="ueventd" name="cpu0" dev="sysfs" ino=3163 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=dir <5>[ 4.935937] type=1400 audit(1383167737.512:6): avc: denied { search } for pid=140 comm="ueventd" name="cpu0" dev="sysfs" ino=3163 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=dir <5>[ 4.936120] type=1400 audit(1383167737.512:7): avc: denied { write } for pid=140 comm="ueventd" name="uevent" dev="sysfs" ino=3164 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=file <5>[ 4.936303] type=1400 audit(1383167737.512:8): avc: denied { open } for pid=140 comm="ueventd" name="uevent" dev="sysfs" ino=3164 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=file Change-Id: I4766dc571762d8fae06aa8c26828c070b80f5936 /external/sepolicy/file_contexts
ec7d39ba168a5b620e6bb526f316581acc5c1238	29-Sep-2013	William Roberts <wroberts@tresys.com>	Introduce controls on wake lock interface Change-Id: Ie0ee266e9e6facb2ab2abd652f68765239a41af1 /external/sepolicy/file_contexts
8d688315aeb053eadc2606badbe4ce52899bb694	03-Oct-2013	Alex Klyubin <klyubin@google.com>	Restrict access to /dev/hw_random to system_server and init. /dev/hw_random is accessed only by init and by EntropyMixer (which runs inside system_server). Other domains are denied access because apps/services should be obtaining randomness from the Linux RNG. Change-Id: Ifde851004301ffd41b2189151a64a0c5989c630f /external/sepolicy/file_contexts
55540755bc2f95ec3e0fb941a9e98dbf8aa24e7f	30-Sep-2013	Stephen Smalley <sds@tycho.nsa.gov>	Label adb keys file and allow access to it. The /adb_keys entry will only take effect if a restorecon is applied by init.rc on a kernel that includes the rootfs labeling support, but does no harm otherwise. The /data/misc/adb labeling ensures correct labeling of the adb_keys file created if the device has ro.adb.secure=1 set. Allow adbd to read the file. Change-Id: I97b3d86a69681330bba549491a2fb39df6cf20ef Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/file_contexts
b0712c1e65b3007675952a9f8a9a123734051245	27-Sep-2013	Stephen Smalley <sds@tycho.nsa.gov>	Remove /data/local/tmp/selinux entry. Change-Id I027f76cff6df90e9909711cb81fbd17db95233c1 added a /data/local/tmp/selinux entry at the same time domains were made permissive. I do not know why, and do not see how this is used. So remove it. Change-Id: I3218cc18de9781bc65ae403f2cf4c234847ef5f5 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/file_contexts
189558f64affb73b554b568db90d62eb7d2a9ada	26-Sep-2013	Stephen Smalley <sds@tycho.nsa.gov>	Remove legacy entries from crespo (Nexus S). These device nodes were specific to crespo / Nexus S and if ever needed again, should be re-introduced in the per-device sepolicy, not here. Change-Id: I8366de83967974122c33937f470d586d49c34652 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/file_contexts
567ee4116e0a7f842862bfc35d97f2fb9fe082a0	20-Sep-2013	Stephen Smalley <sds@tycho.nsa.gov>	Label /dev/socket/gps with its own type. The type was already defined and used in type transitions for cases where the gps socket is created at runtime by gpsd, but on some devices it is created by init based on an init.<board>.rc socket entry and therefore needs a file_contexts entry. Before: $ ls -Z /dev/socket/gps srw-rw---- gps system u:object_r:device:s0 gps After: $ ls -Z /dev/socket/gps srw-rw---- gps system u:object_r:gps_socket:s0 gps Change-Id: I8eef08d80e965fc4f3e9dd09d4fa446aaed82624 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/file_contexts
4caf8c997a30d214c8c2236cbe8a93e43e37699f	19-Sep-2013	Stephen Smalley <sds@tycho.nsa.gov>	Label /dev/socket/mdns with its own type. Otherwise it gets left in the general device type, and we get denials such as: type=1400 msg=audit(1379617262.940:102): avc: denied { write } for pid=579 comm="mDnsConnector" name="mdns" dev="tmpfs" ino=3213 scontext=u:r:system_server:s0 tcontext=u:object_r:device:s0 tclass=sock_file This of course only shows up if using a confined system_server. Change-Id: I2456dd7aa4d72e6fd15b55c251245186eb54a80a Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/file_contexts
a770f55b18da45a2b40436060e64096a5a0ba883	10-Sep-2013	Stephen Smalley <sds@tycho.nsa.gov>	Remove dbusd policy; dbusd is no more. Change-Id: I9652284bd34d07bd47e2e7df66fcbe5db185ab3f Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/file_contexts
1d435de685e0842e8d9902480db8b408f43911f6	10-Sep-2013	Stephen Smalley <sds@tycho.nsa.gov>	Remove bluetoothd policy; bluetoothd is no more. Change-Id: I153b0aa8a747d6c79839d06fc04b3923eacfa213 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/file_contexts
0f7641d83d7044431db44d4dd2377e6f8ef93e85	03-May-2013	Stephen Smalley <sds@tycho.nsa.gov>	Label all files under /sys/qemu_trace with sysfs_writable. Otherwise we have different security contexts but the same DAC permissions: -rw-rw-rw- root root u:object_r:sysfs_writable:s0 process_name -rw-rw-rw- root root u:object_r:sysfs:s0 state -rw-rw-rw- root root u:object_r:sysfs:s0 symbol This change fixes denials such as: type=1400 msg=audit(1379096020.770:144): avc: denied { write } for pid=85 comm="SurfaceFlinger" name="symbol" dev="sysfs" ino=47 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:sysfs:s0 tclass=file Change-Id: I261c7751da3778ee9241ec6b5476e8d9f96ba5ed Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/file_contexts
ab7dfabb611ce4b1c32abbf91a467f098ab0188b	05-Aug-2013	Lorenzo Colitti <lorenzo@google.com>	Fix clatd, broken by selinux policing /dev/tun Bug: 10175701 Change-Id: I185df22bdbaafd56725760ec6c71340b67455046 /external/sepolicy/file_contexts
3632bb29f0a3583677d0b3ea7077be332874e75a	15-Jul-2013	Nick Kralevich <nnk@google.com>	Remove /sys from file_contexts /sys was getting labeled as a rootfs file, but according to genfs_contexts, it's really a sysfs file. This conflict is causing problems when patch f29c533c49ab1c90eae612b1c454f2c6879a6658 from system/core is applied. Change-Id: I3f34c9ee68bedb171ebebfcd356e924c987b58ff /external/sepolicy/file_contexts
dbd28d91d3c6d970f1704df8350b0333b51758b1	28-Jun-2013	Nick Kralevich <nnk@google.com>	Enable SELinux protections for netd. This change does several things: 1) Restore domain.te to the version present at cd516a32663b4eb11b2e3356b86450020e59e279 . This is the version currently being distributed in AOSP. 2) Add "allow domain properties_device:file r_file_perms;" to domain.te, to allow all domains to read /dev/__properties__ . This change was missing from AOSP. 3) Restore netd.te to the version present at 80c9ba5267f1a6ceffcf979471d101948b520ad6 . This is the version currently being distributed in AOSP. 4) Remove anything involving module loading from netd.te. CTS enforces that Android kernels can't have module loading enabled. 5) Add several new capabilities, plus data file rules, to netd.te, since netd needs to write to files owned by wifi. 6) Add a new unconfined domain called dnsmasq.te, and allow transitions from netd to that domain. Over time, we'll tighten up the dnsmasq.te domain. 7) Add a new unconfined domain called hostapd.te, and allow transitions from netd to that domain. Over time, we'll tighten up the hostapd.te domain. The net effect of these changes is to re-enable SELinux protections for netd. The policy is FAR from perfect, and allows a lot of wiggle room, but we can improve it over time. Testing: as much as possible, I've exercised networking related functionality, including turning on and off wifi, entering airplane mode, and enabling tethering and portable wifi hotspots. It's quite possible I've missed something, and if we experience problems, I can roll back this change. Bug: 9618347 Change-Id: I23ff3eebcef629bc7baabcf6962f25f116c4a3c0 /external/sepolicy/file_contexts
50e37b93ac97631dcac6961285b92af5026557af	15-May-2013	repo sync <gcondra@google.com>	Move domains into per-domain permissive mode. Bug: 4070557 Change-Id: I027f76cff6df90e9909711cb81fbd17db95233c1 /external/sepolicy/file_contexts
77ec892be6b59e2808cc4c3472bf179d33851ebe	09-May-2013	Alex Klyubin <klyubin@google.com>	SELinux policy for users of libcutils klog_write. klog_write/init create /dev/__kmsg__ backed by a kernel character device, keep the file descriptor, and then immediately unlink the file. Change-Id: I729d224347a003eaca29299d216a53c99cc3197c /external/sepolicy/file_contexts
ca326e2c64f2e3ea0e68809bba9d53cd9627d971	02-May-2013	repo sync <gcondra@google.com>	Add policy for ping. Change-Id: I168f681d8c67f470b6e639f0b1bf39346c4eb396 /external/sepolicy/file_contexts
1e25b980747025eb74fe14923167f3711f7b0807	25-Apr-2013	Nick Kralevich <nnk@google.com>	Revert "Add the sysrq_file special file and give ADB write access." This rule doesn't work, as /proc/sysrq-trigger isn't properly labeled. Revert this change for now. This reverts commit bb2591e56f0b88570e8bed0008b932bf7c51f533. /external/sepolicy/file_contexts
a3f656859024293d2ceb1ad00e443057bb6ec4ea	25-Apr-2013	Ben Murdoch <benm@google.com>	Revert "DO NOT MERGE Split some device nodes out from device." This reverts commit 69fbbdd54b04e648b07cdf522760247f3dafd362. /external/sepolicy/file_contexts
69fbbdd54b04e648b07cdf522760247f3dafd362	23-Apr-2013	repo sync <gcondra@google.com>	DO NOT MERGE Split some device nodes out from device. Some of these will get factored out into device-specific configs later. Change-Id: I359915e2607b56112bb22456d28e06c162fcbdff /external/sepolicy/file_contexts
bb2591e56f0b88570e8bed0008b932bf7c51f533	04-Apr-2013	Geremy Condra <gcondra@google.com>	Add the sysrq_file special file and give ADB write access. Change-Id: Ief2d412dddf4cefdf43a26538c4be060df4cc787 /external/sepolicy/file_contexts
bfb26e7b0761121039dea36ad34b6c5054babcfa	04-Apr-2013	Geremy Condra <gcondra@google.com>	Add downloaded file policy. Change-Id: I6f68323cddcf9e13b2a730b8d6b8730587fb4366 /external/sepolicy/file_contexts
74ba8c86137d85285a09780999b79034c7e935b1	05-Apr-2013	Stephen Smalley <sds@tycho.nsa.gov>	run-as policy fixes. - Remove dac_read_search as it is no longer required by run-as. - Introduce a separate type for /dev/tty so that we can allow use of own tty for for a run-as shell without allowing access to other /dev/tty[0-9]* nodes. - Allow sigchld notifications for death of run-as and its descendants by adbd. - Drop redundant rules for executing shell or system commands from untrusted_app; now covered by rules in app.te. Change-Id: Ic3bf7bee9eeabf9ad4a20f61fbb142a64bb37c6c /external/sepolicy/file_contexts
ffd8c441a5903772af1705ddea5756d117bc9ec9	03-Apr-2013	Robert Craig <rpcraig@tycho.ncsc.mil>	Add new domains for private apps. /data/app-private is used when making an app purchase or forward locking. Provide a new label for the directory as well as the tmp files that appear under it. Change-Id: I910cd1aa63538253e10a8d80268212ad9fc9fca5 Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil> /external/sepolicy/file_contexts
c529c66f2c80fc243053310e0c92ff093ed1d01f	01-Mar-2013	Geremy Condra <gcondra@google.com>	Add policy for __properties__ device. Change-Id: Ie9b391283362fb6930f1ae858f0a879835c91e32 /external/sepolicy/file_contexts
ebbee43efbec565baa9f5e6b118990129e9d07d1	27-Mar-2013	Geremy Condra <gcondra@google.com>	am e69552ba: Revert "Revert "Various minor policy fixes based on CTS."" * commit 'e69552ba2d76174d443d1b8457295e4d72f2a986': Revert "Revert "Various minor policy fixes based on CTS.""
350d2ae9c97cbec5d8dcba1f3b164191d6cae66a	27-Mar-2013	Robert Craig <rpcraig@tycho.ncsc.mil>	am 65d4f44c: Various policy updates. * commit '65d4f44c1fd999d9cf9c4ef4dc65deb71bafcd8e': Various policy updates.
e69552ba2d76174d443d1b8457295e4d72f2a986	26-Mar-2013	Geremy Condra <gcondra@google.com>	Revert "Revert "Various minor policy fixes based on CTS."" This reverts commit ba84bf1dec64d745b6efc516799b2c722a672cd9 Hidden dependency resolved. Change-Id: I9f0844f643abfda8405db2c722a36c847882c392 /external/sepolicy/file_contexts
65d4f44c1fd999d9cf9c4ef4dc65deb71bafcd8e	27-Mar-2013	Robert Craig <rpcraig@tycho.ncsc.mil>	Various policy updates. Assortment of policy changes include: * Bluetooth domain to talk to init and procfs. * New device node domains. * Allow zygote to talk to its executable. * Update system domain access to new device node domains. * Create a post-process sepolicy with dontaudits removed. * Allow rild to use the tty device. Change-Id: Ibb96b590d0035b8f6d1606cd5e4393c174d10ffb Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil> /external/sepolicy/file_contexts
2a6d0ace882979537c8b2589be3399a0e77d244b	26-Mar-2013	Geremy Condra <gcondra@google.com>	am 1620c671: Merge "Introduce security labels for 2 new device nodes." * commit '1620c671f2b946333958d07420643caf98534a01': Introduce security labels for 2 new device nodes.
f62af81817b1e8c4be5e71cbcef7b91e1b7b2bbf	30-Jan-2013	Robert Craig <rpcraig@tycho.ncsc.mil>	Introduce security labels for 2 new device nodes. iio: Industrial I/O subsystem usb_accessory: accessory protocol for usb Allow system access in both cases. Change-Id: I02db9775ec2ddaaeda40fae6d5e56e320957b09c Signed-off-by: Robert Craig <rpcraig@tycho.ncsc.mil> /external/sepolicy/file_contexts
a851e6dab970d548f83ef0705bee7aff1da0dd9f	23-Mar-2013	Geremy Condra <gcondra@google.com>	am c3295802: Merge "New users need a wallpaper_file type." * commit 'c3295802d7fb22213c073705480d1c1314d71d27': New users need a wallpaper_file type.
c5baaff7a6738a148d36260c4050355cbc2d2efc	30-Nov-2012	rpcraig <rpcraig@tycho.ncsc.mil>	New users need a wallpaper_file type. Change-Id: I7ff4ed9f73f43918cac05a026af68cca8dbe02c3 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/file_contexts
27382687cbc57c85184a9e236c01420fda4ed69e	23-Mar-2013	Robert Craig <rpcraig@tycho.ncsc.mil>	am 18b5f87e: racoon policy. * commit '18b5f87ea18baaf7356a1f1729dc2737be3c141e': racoon policy.
18b5f87ea18baaf7356a1f1729dc2737be3c141e	07-Jan-2013	Robert Craig <rpcraig@tycho.ncsc.mil>	racoon policy. Initial policy for racoon (IKE key management). Signed-off-by: Robert Craig <rpcraig@tycho.ncsc.mil> Change-Id: If1e344f39ea914e42afbaa021b272ba1b7113479 /external/sepolicy/file_contexts
7dfe9956b36e1b605559883132c67fa7709cfdb1	22-Mar-2013	Geremy Condra <gcondra@google.com>	am dbb82fd8: Merge "Revert "Various minor policy fixes based on CTS."" * commit 'dbb82fd8f063fdc5854f9d6359d2be0a570ad0cc': Revert "Various minor policy fixes based on CTS."
ba84bf1dec64d745b6efc516799b2c722a672cd9	22-Mar-2013	Geremy Condra <gcondra@google.com>	Revert "Various minor policy fixes based on CTS." This reverts commit 8a814a7604afd20f12c9ff3dcdae7d10e9b75f84 Change-Id: Id1497cc42d07ee7ff2ca44ae4042fc9f2efc9aad /external/sepolicy/file_contexts
140a9a3870e99289bba33781ff6f94b06e9ee3a4	22-Mar-2013	Geremy Condra <gcondra@google.com>	am 9c0f2df1: Merge changes I5a3584b6,Ic7252a8e,I2d4ace75 * commit '9c0f2df1832f82bd2867d2e2fa18dde31b05e63e': Various minor policy fixes based on CTS. Split internal and external sdcards Give sdcard sys_admin capability.
8a814a7604afd20f12c9ff3dcdae7d10e9b75f84	12-Mar-2013	Stephen Smalley <sds@tycho.nsa.gov>	Various minor policy fixes based on CTS. Change-Id: I5a3584b6cc5eda2b7d82e85452f9fe457877f1d1 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/file_contexts
e59451ae68a58101402486bb3c674ab0f488d492	22-Mar-2013	William Roberts <w.roberts@sta.samsung.com>	am 9e70c8bf: Move policy files * commit '9e70c8bf681aa51b2c0b870e817bf7a0276ff03c': Move policy files
9e70c8bf681aa51b2c0b870e817bf7a0276ff03c	23-Jan-2013	William Roberts <w.roberts@sta.samsung.com>	Move policy files Update the file_contexts for the new location of the policy files, as well as update the policy for the management of these types. Change-Id: Idc475901ed437efb325807897e620904f4ff03e9 /external/sepolicy/file_contexts
464952419b6813e5f2a8d0a16beca548f2dd5428	20-Mar-2013	Colin Cross <ccross@android.com>	sepolicy: add /vendor to file_contexts /vendor has the same permissions as /system/vendor for devices that have a separate vendor partition. Bug: 8341435 Change-Id: If0c78b31f8a6e8e5680f1d076c323d1628fb07b2 /external/sepolicy/file_contexts
bac9992e860f634ef32354b4a0bcf39b300b059a	03-Dec-2012	rpcraig <rpcraig@tycho.ncsc.mil>	watchdog security policy. Initial policy for software watchdog daemon which is started by init. Change-Id: I042a5b1698bf53ce2e50ea06851c374e5123ee2c Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil> /external/sepolicy/file_contexts
6a64897a4b098e834f7b6679c0c5b85fdbb752b2	18-Jan-2013	William Roberts <w.roberts@sta.samsung.com>	Do not allow access to device:chr_file for system Also labels /dev/mpu and /dev/mpuirq as gps device. mpu is motion processing unit and is resposible for gyroscope functionality. Change-Id: If7f1a5752c550b72fac681566e1052f09e139ff0 /external/sepolicy/file_contexts
1c8464e1365950538e9e4647a4f220910f79ab1e	04-Dec-2012	rpcraig <rpcraig@tycho.ncsc.mil>	App data backup security policy. Policy covers: * backup_data_file type for labeling all files/dirs under /data dealing with backup mechanism. * cache_backup_file type for labeling all files/dirs under /cache dealing with backup mechanism. This also covers the the use of LocalTransport for local archive and restore testing. * the use of 'adb shell bmgr' to initiate backup mechanism from shell. * the use of 'adb backup/restore' to archive and restore the device's data. Change-Id: I700a92d8addb9bb91474bc07ca4bb71eb4fc840e Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil> /external/sepolicy/file_contexts
58b0fb6ddee7257a6a27f31ba97d47fa23efac15	11-Jan-2013	Stephen Smalley <sds@tycho.nsa.gov>	Fix invalid specification for adb_keys. A prior change added an entry for adb_keys without any security context, yielding warnings like the following during build: out/target/product/manta/root/file_contexts: line 7 is missing fields, skipping This adds the missing security context field. Change-Id: If48731c8aa7d22a3f547d0854f288ff68f9006da Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/file_contexts
92b9aa0eeff49e5bc3dc6297f3d35ec41d6ab73d	21-Dec-2012	Colin Cross <ccross@android.com>	add file_contexts entries for root filesystem It may be useful to generate an ext4 image of the root filesystem instead of using a ramdisk. Whitelist entries in file_contexts to support selinux labeling a root filesystem image. Change-Id: I91a38d0aee4408c46cbfe5dc5e6eda198572e90f /external/sepolicy/file_contexts
e8848726553e3abee6033200c98a657c9ca7cdb8	13-Nov-2012	Stephen Smalley <sds@tycho.nsa.gov>	Add policy for run-as program. Add policy for run-as program and label it in file_contexts. Drop MLS constraints on local socket checks other than create/relabel as this interferes with connections with services, in particular for adb forward. Change-Id: Ib0c4abeb7cbef559e150a620c45a7c31e0531114 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/file_contexts
61c80d5ec8632cadcf754eed0986b23284217c06	16-Nov-2012	Stephen Smalley <sds@tycho.nsa.gov>	Update policy for Android 4.2 / latest master. Update policy for Android 4.2 / latest master. Primarily this consists of changes around the bluetooth subsystem. The zygote also needs further permissions to set up /storage/emulated. adbd service now gets a socket under /dev/socket. keystore uses the binder. Change-Id: I8c5aeb8d100313c75169734a0fa614aa974b3bfc Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> /external/sepolicy/file_contexts
7672eac5fb0d0ce3bcb52f11b125b25ac597ea3f	22-Oct-2012	rpcraig <rpcraig@tycho.ncsc.mil>	Add SELinux policy for asec containers. Creates 2 new types: - asec_apk_file : files found under /mnt/asec when the asec images are mounted - asec_image_file : the actual encrypted apks under /data/app-asec Change-Id: I963472add1980ac068d3a6d36a24f27233022832 Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil> /external/sepolicy/file_contexts
a363683c5769c992fe16625ff5fb68e77c5f1dfc	24-Aug-2012	rpcraig <rpcraig@tycho.ncsc.mil>	Add tf_daemon labeling support. /external/sepolicy/file_contexts
d49f7e6e363014b010b755ab8ee23d3f7c0a9344	20-Aug-2012	rpcraig <rpcraig@tycho.ncsc.mil>	Add ppp/mtp policy. Initial policy for Point-to-Point tunneling and tunneling manager services. /external/sepolicy/file_contexts
867ae0561c9b5587853c8e62ceb9036e79217b92	15-Aug-2012	rpcraig <rpcraig@tycho.ncsc.mil>	dhcp policy. /external/sepolicy/file_contexts
e7e65d474f6d547c8bafd3095e63855f39c68d6e	30-Jul-2012	rpcraig <rpcraig@tycho.ncsc.mil>	New asec container labeling. This patchset covers the /mnt/asec variety only. /external/sepolicy/file_contexts
4c06d273bc3d278e7061bf93cfa97fdf2a4e8ee3	19-Jul-2012	hqjiang <hqjiang1988@gmail.com>	Target the denials/policies over qtaguid file and device: 1. Relabel /proc/net/xt_qtaguid/ctrl from "qtaguid" to "qtaguid_proc"; 2. Label /dev/xt_qtaguid with "qtaguid_device"; 3. Allow mediaserver read/[write] to qtaguid_proc and qtaguid_device; 4. Allow media apps read/[write] to qtaguid_proc and qtaguid_device; 5. Allow system read/[write] to qtaguid_proc and qtaguid_device. Actually, some of policies related to qtaguid have been there already, but we refind existing ones and add new ones. /external/sepolicy/file_contexts
20d6963ac27b3d401922450ce8dcb89749c20404	19-Jul-2012	hqjiang <hqjiang1988@gmail.com>	allow camera calibration /external/sepolicy/file_contexts
ee5f400562f7b76da69f8a31e2c19e20f3384566	11-Jul-2012	hqjiang <hqjiang1988@gmail.com>	Correct denies of rpmsg device when accessing to remote processors. /external/sepolicy/file_contexts
07ef7227f9fb8257574602b057f125b9fb592445	20-Jun-2012	William Roberts <w.roberts@sta.samsung.com>	ion fix /external/sepolicy/file_contexts
80ea1d230526810986964e8c7ed93c3a51159c78	31-May-2012	William Roberts <bill.c.roberts@gmail.com>	sdcard policy and fuse device label. /external/sepolicy/file_contexts
2cb1b31f903f2d2747f3fd05b872d9823838af1d	03-Apr-2012	Stephen Smalley <sds@tycho.nsa.gov>	Allow adbd to access the qemu device and label /dev/eac correctly. /external/sepolicy/file_contexts
f7948230ef65b8617db0762acc9b2fa54adf8ff9	19-Mar-2012	Stephen Smalley <sds@tycho.nsa.gov>	Integrate nfc_power and rild rules from tuna sepolicy by Bryan Hinton. /external/sepolicy/file_contexts
f6cbbe255bc57a241f35c35629705e8f63bdd77a	19-Mar-2012	Stephen Smalley <sds@tycho.nsa.gov>	Introduce a separate wallpaper_file type for the wallpaper file. /external/sepolicy/file_contexts
59d28035a1e0779a81cde104ea9afffd2bb1a77f	19-Mar-2012	Stephen Smalley <sds@tycho.nsa.gov>	Introduce a separate apk_tmp_file type for the vmdl.*\.tmp files. /external/sepolicy/file_contexts
c83d0087e457787fc0441d959a20d56fc5200048	07-Mar-2012	Stephen Smalley <sds@tycho.nsa.gov>	Policy changes to support running the latest CTS. /external/sepolicy/file_contexts
c94e2392f6d92064e3aa32fff2c5a70116c7398a	06-Jan-2012	Stephen Smalley <sds@tycho.nsa.gov>	Further policy for Motorola Xoom. /external/sepolicy/file_contexts
2dd4e51d5c2a2dfc0bfdee9303269f5a665f6e35	04-Jan-2012	Stephen Smalley <sds@tycho.nsa.gov>	SE Android policy. /external/sepolicy/file_contexts