Cross Reference: /device/huawei/angler/sepolicy/cnd.te

History log of /device/huawei/angler/sepolicy/cnd.te
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
55fc949ae80caf616a741a11b43c06e543dc5ca3	04-Nov-2015	Jeff Vander Stoep <jeffv@google.com>	Grant all processes the domain_deprecated attribute am: 8252b925f6 * commit '8252b925f6d060d03930ddcda8ac61c5591fb861': Grant all processes the domain_deprecated attribute
8252b925f6d060d03930ddcda8ac61c5591fb861	04-Nov-2015	Jeff Vander Stoep <jeffv@google.com>	Grant all processes the domain_deprecated attribute Bug: 25433265 Change-Id: I9563b9a4eb26856db021622f8217e4e3ab20f4cd /device/huawei/angler/sepolicy/cnd.te
e6b3757e3e33d9ff7ba8fea34fecf6cbe4a7a582	14-Oct-2015	Boxiang Pan <boxiangp@quicinc.com>	allow cnd to acquire wakelock allow cnd to acquire and release wakelock to process requests while device is in doze status. Bug:24546055 Change-Id: I1b5ab56c2bba5b5f47efa9f429a086307e8b1346 /device/huawei/angler/sepolicy/cnd.te
7eb545c6966d0c8dd9d9012fc175ba53c3c65b29	14-Sep-2015	Mekala Natarajan <mekalan@codeaurora.org>	Remove DAC_OVERRIDE capability for cnd DAC_OVERRIDE is not necessary. Bug: 23625913 Change-Id: I85a28b486855547652b9bc523820d3364708246a /device/huawei/angler/sepolicy/cnd.te
fc41cdba2857fe8a0a00382a25d74e929807a9b3	02-Sep-2015	dcashman <dcashman@google.com>	Move cnd into enforcing mode. Bug: 23154090 Change-Id: I1349214368875fed4cc831345f8ca4c75c18620c /device/huawei/angler/sepolicy/cnd.te
26f0bb95549ec5d3c0aa6c4e2ec414cd1344be1b	02-Sep-2015	dcashman <dcashman@google.com>	Add remaining cnd permissions. Address the following denials: [14209.981663] type=1400 audit(1441223314.495:15): avc: denied { dac_override } for pid=3963 comm="cnd" capability=1 scontext=u:r:cnd:s0 tcontext=u:r:cnd:s0 tclass=capability permissive=1 [14209.987831] type=1400 audit(1441223314.495:16): avc: denied { fsetid } for pid=3963 comm="cnd" capability=4 scontext=u:r:cnd:s0 tcontext=u:r:cnd:s0 tclass=capability permissive=1 [14259.106401] type=1400 audit(1441223363.614:28): avc: denied { create } for pid=3963 comm="cnd" scontext=u:r:cnd:s0 tcontext=u:r:cnd:s0 tclass=udp_socket permissive=1 [14259.106656] type=1400 audit(1441223363.614:29): avc: denied { net_raw } for pid=3963 comm="cnd" capability=13 scontext=u:r:cnd:s0 tcontext=u:r:cnd:s0 tclass=capability permissive=1 [14259.106743] type=1400 audit(1441223363.614:30): avc: denied { ioctl } for pid=3963 comm="cnd" path="socket:[46193]" dev="sockfs" ino=46193 ioctlcmd=8921 scontext=u:r:cnd:s0 tcontext=u:r:cnd:s0 tclass=udp_socket permissive=1 [ 512.784304] type=1400 audit(1441227933.811:31): avc: denied { net_raw } for pid=3827 comm="cnd" capability=13 scontext=u:r:cnd:s0 tcontext=u:r:cnd:s0 tclass=capability permissive=0 Bug: 23154090 Bug: 23625913 Change-Id: Idb0916e993414f5dd0f78f8c61134ca8b22b12de /device/huawei/angler/sepolicy/cnd.te
87f3412692c49118e78c132bf0f00bb9e8d2cf26	06-Aug-2015	dcashman <dcashman@google.com>	Allow cnd access to qualcomm-specific components. Address the following denials: [ 21.759518] type=1400 audit(2079438.901:113): avc: denied { write } for pid=641 comm="cnd" name="qmux_connect_socket" dev="tmpfs" ino=16773 scontext=u:r:cnd:s0 tcontext=u:object_r:qmuxd_socket:s0 tclass=sock_file permissive=1 [ 21.779046] type=1400 audit(2079438.901:114): avc: denied { connectto } for pid=641 comm="cnd" path="/dev/socket/qmux_radio/qmux_connect_socket" scontext=u:r:cnd:s0 tcontext=u:r:qmux:s0 tclass=unix_stream_socket permissive=1 [ 21.817922] type=1400 audit(2079438.911:116): avc: denied { create } for pid=641 comm="cnd" name=716D75785F636C69656E745F736F636B657420202020363431 scontext=u:r:cnd:s0 tcontext=u:object_r:qmuxd_socket:s0 tclass=sock_file permissive=1 [ 21.838987] type=1400 audit(2079438.911:117): avc: denied { setattr } for pid=641 comm="cnd" name=716D75785F636C69656E745F736F636B657420202020363431 dev="tmpfs" ino=16781 scontext=u:r:cnd:s0 tcontext=u:object_r:qmuxd_socket:s0 tclass=sock_file permissive=1 [ 21.799376] type=1400 audit(2079438.911:115): avc: denied { read } for pid=641 comm="cnd" name="subsys0" dev="sysfs" ino=14023 scontext=u:r:cnd:s0 tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=lnk_file permissive=1 [ 21.862256] type=1400 audit(2079438.921:118): avc: denied { create } for pid=641 comm="cnd" scontext=u:r:cnd:s0 tcontext=u:r:cnd:s0 tclass=socket permissive=1 [ 21.875696] type=1400 audit(2079438.921:119): avc: denied { ioctl } for pid=641 comm="cnd" path="socket:[17465]" dev="sockfs" ino=17465 ioctlcmd=c304 scontext=u:r:cnd:s0 tcontext=u:r:cnd:s0 tclass=socket permissive=1 [ 21.895210] type=1400 audit(2079438.961:120): avc: denied { write } for pid=641 comm="cnd" scontext=u:r:cnd:s0 tcontext=u:r:cnd:s0 tclass=socket permissive=1 [ 21.908947] type=1400 audit(2079438.961:121): avc: denied { read } for pid=1011 comm="cnd" scontext=u:r:cnd:s0 tcontext=u:r:cnd:s0 tclass=socket permissive=1 [ 56.127477] type=1400 audit(2079473.271:154): avc: denied { read } for pid=1011 comm="cnd" scontext=u:r:cnd:s0 tcontext=u:r:cnd:s0 tclass=socket permissive=1 [ 16.475680] type=1400 audit(2080219.359:52): avc: denied { read write } for pid=577 comm="cnd" name="smem_log" dev="tmpfs" ino=12810 scontext=u:r:cnd:s0 tcontext=u:object_r:shared_log_device:s0 tclass=chr_file permissive=1 [ 16.476071] type=1400 audit(2080219.359:53): avc: denied { open } for pid=577 comm="cnd" path="/dev/smem_log" dev="tmpfs" ino=12810 scontext=u:r:cnd:s0 tcontext=u:object_r:shared_log_device:s0 tclass=chr_file permissive=1 [ 16.476141] type=1400 audit(2080219.359:54): avc: denied { ioctl } for pid=577 comm="cnd" path="/dev/smem_log" dev="tmpfs" ino=12810 ioctlcmd=3001 scontext=u:r:cnd:s0 tcontext=u:object_r:shared_log_device:s0 tclass=chr_file permissive=1 Bug: 21435401 Change-Id: I835950ade7b6e14c2a9259ebaaa55038fc7e1323 /device/huawei/angler/sepolicy/cnd.te
e85757461cacada99767774e810eb61af9cb9c79	31-Jul-2015	dcashman <dcashman@google.com>	Add cnd domain. Address the following denials: [ 20.410094] type=1400 audit(1567757.559:89): avc: denied { setuid } for pid=576 comm="cnd" capability=7 scontext=u:r:cnd:s0 tcontext=u:r:cnd:s0 tclass=capability permissive=1 [ 20.424892] type=1400 audit(1567757.559:90): avc: denied { setgid } for pid=576 comm="cnd" capability=6 scontext=u:r:cnd:s0 tcontext=u:r:cnd:s0 tclass=capability permissive=1 [ 84.745663] type=1400 audit(1567823.721:174): avc: denied { write } for pid=4790 comm="CNEReceiver" name="cnd" dev="tmpfs" ino=1393 scontext=u:r:system_app:s0 tcontext=u:object_r:socket_device:s0 tclass=sock_file permissive=1 [ 84.767568] type=1400 audit(1567823.731:175): avc: denied { connectto } for pid=4790 comm="CNEReceiver" path="/dev/socket/cnd" scontext=u:r:system_app:s0 tcontext=u:r:cnd:s0 tclass=unix_stream_socket permissive=1 Bug: 21435401 Change-Id: I82f3af6d0d1c9f36f1be07156dd7e8edca413bad /device/huawei/angler/sepolicy/cnd.te