summaryrefslogtreecommitdiffstats
path: root/common
Commit message (Collapse)AuthorAgeFilesLines
* Seandroid: Add policy for energy-awareness.Avijit Kanti Das2014-12-153-0/+18
| | | | | | Add policies for energy-awareness service Change-Id: I177a8acd4773eb0e8a567437ad3373c7420ebe99
* Merge "sepolicy: add getattr attribute rule for appdomain in dpmd"Linux Build Service Account2014-12-141-1/+1
|\
| * sepolicy: add getattr attribute rule for appdomain in dpmdSusheel Yadagiri2014-12-101-1/+1
| | | | | | | | | | | | added rule for getattr for dpmd Change-Id: I23516a8f96751ef7556673d52fc23feb63f40489
* | Merge "sepolicy: Update property_context for UICC"Linux Build Service Account2014-12-122-1/+4
|\ \
| * | sepolicy: Update property_context for UICCTarun Gupta2014-12-112-1/+4
| |/ | | | | | | | | | | | | | | UICC properties has been changed to start with sys.usb_uicc instead of usb_uicc to better align naming with android properties. Update the sepolicy to reflect this change. Change-Id: Ib0f3239c8a7cad5bb844b101e59080d7f7e62730
* / sepolicy: sensors: allow access to execmemSatya Durga Srinivasu Prabhala2014-12-091-0/+3
|/ | | | | | Allow sensor daemon to access execmem to supress denial for execmem. Change-Id: I535996736e94eb6d323de28c38b1bb70b0fd3a05
* sepolicy: Update the sepolicy for RFS and RMTSNikhilesh Reddy2014-12-054-29/+39
| | | | | | | | Update the sepolicy for RFS and RMTS to include all new permissions required and add the tftp_server to the RFS domain. Change-Id: I1dc0c062ef21cf9eca1f365291ec7ff5733c7c8e
* Merge "sepolicy: allow system apps to access sensors settings file"Linux Build Service Account2014-12-011-0/+3
|\
| * sepolicy: allow system apps to access sensors settings fileSatya Durga Srinivasu Prabhala2014-11-261-0/+3
| | | | | | | | | | | | | | system apps need to access sensors settings file in persist partition to enable or disable sensors in debug & eng builds. Change-Id: I2cd7ddface6cf7f21cd8b0294c71740945977cd9
* | sepolicy: Add support for pm-proxy executableAmeya Thakur2014-11-261-0/+1
|/ | | | | | pm-proxy is now supported by sepolicy. Change-Id: Ia70138aa1f499cab781997b8c3f132cc781a29dd
* Merge "sepolicy: sensors: add net_bind_service capability"Linux Build Service Account2014-11-181-1/+1
|\
| * sepolicy: sensors: add net_bind_service capabilitySatya Durga Srinivasu Prabhala2014-11-171-1/+1
| | | | | | | | | | | | | | sensor daemon needs net_bind_service capability to work on top of QMI. Change-Id: Iaa6b3ab80774353f6cf2f5a42f4bfea0590bf14b
* | sepolicy: add rule for dpmBhavya Sokke Mallikarjunappa2014-11-178-37/+28
|/ | | | | | | add rule for DPM data file for db file and removed duplicate rules Change-Id: Ieed4f0b1cf19df06c04528245a0c6b799518542a
* WFD : Add WFD specific security policiesManu Prasad2014-11-142-0/+25
| | | | Change-Id: I905d8d78a759bb02c11f25cb275f642f46181eef
* Seandroid: Adding policy for QTIAvijit Kanti Das2014-11-141-0/+1
| | | | | | Adding policy for QTI. Change-Id: I78b2a2a2bf25b90810256a15bd757e3848dd83b5
* sepolicy: add rule for dhcpBoxiang Pan2014-11-141-0/+1
| | | | | | add rule for dhcp to connect to cnd socket. Change-Id: Ib5572269fd692e01ee5d6521b1c9c6bf72b52cc0
* sepolicy: Update policy for secure componentsDinesh K Garg2014-11-145-8/+30
| | | | | | | | | | | Playready stores license under /data/data/app_ms. All TZ apps including Playready would create their own directory under /data/misc/qsee. To get test apps working with older dir structure, userdebug mode build would have permision to create directory under /data/data. Test apps based on newer targets must move to new structure. Also add policies for secureUI. Change-Id: Ibc4412ca9e8e065d54263bb46333bd223dfb553d
* Merge "sepolicy: Add block device search permission for qcomsysd"Linux Build Service Account2014-11-142-2/+3
|\
| * sepolicy: Add block device search permission for qcomsysdAmeya Thakur2014-11-122-2/+3
| | | | | | | | | | | | | | | | qcomsysd needs to search the block device directory since it needs to access certain raw partitions. The permission to do this is now present. Change-Id: I2af98df0cd5315d31dfe2b695c76b84d51017031
* | Merge "sepolicy: Add mmi policy files."Linux Build Service Account2014-11-143-0/+36
|\|
| * sepolicy: Add mmi policy files.Mulu He2014-11-123-0/+36
| | | | | | | | | | | | Add policy file for MMI application. Change-Id: I0d6f264797c2423255026788aad8653e90567c1f
* | Merge "Seandroid: Adding policy for ssr,netmgrd and atfwd"Linux Build Service Account2014-11-133-1/+8
|\|
| * Seandroid: Adding policy for ssr,netmgrd and atfwdAvijit Kanti Das2014-11-123-1/+8
| | | | | | | | | | | | Adding policy for SSR ssr,netmgrd and atfwd Change-Id: I952b7f8d5eca0246788f320dac0199132a8803f8
* | Merge "sepolicy: update policies for mediaserver"Linux Build Service Account2014-11-131-0/+1
|\|
| * sepolicy: update policies for mediaserverNaveen Kumar2014-11-121-0/+1
| | | | | | | | | | | | | | | | Add mediaserver policy allowing it to use qdsp_device CRs-fixed: 749419 Change-Id: I38980bd6edb828a2b8ffe87b0357741742741dfb
* | Merge "Seandroid: Adding context for digital Pen"Linux Build Service Account2014-11-133-0/+3
|\|
| * Seandroid: Adding context for digital PenAvijit Kanti Das2014-11-123-0/+3
| | | | | | | | | | | | Adding context for Digital Pen. Change-Id: I34eee1069fb01fc0c71815550359165911af69f6
* | Merge "Seandroid: Adding policy for IMS"Linux Build Service Account2014-11-131-0/+3
|\|
| * Seandroid: Adding policy for IMSAvijit Kanti Das2014-11-121-0/+3
| | | | | | | | | | | | Addressing few bootup denial from IMS Change-Id: Ie5f258d63a32e2715e6212e6ce31540882d7e9d5
* | Merge "Seandroid: Adding context for rfs access"Linux Build Service Account2014-11-132-0/+4
|\|
| * Seandroid: Adding context for rfs accessAvijit Kanti Das2014-11-122-0/+4
| | | | | | | | | | | | | | Adding context for rfs_access and adding few more policies Change-Id: Ic8df22f19adc27af32c618ac3e6da657e93c73bb
* | Merge "Seandroid: Adding context for imscmservice"Linux Build Service Account2014-11-132-1/+4
|\|
| * Seandroid: Adding context for imscmserviceAvijit Kanti Das2014-11-122-1/+4
| | | | | | | | | | | | | | Adding context for imscmservice, Also addressing few ims related denial logs Change-Id: I3e17e57221dc531729ce897590857dbd773d2bbd
* | Merge "Seandroid: Changing context for wcnss services"Linux Build Service Account2014-11-133-2/+19
|\|
| * Seandroid: Changing context for wcnss servicesAvijit Kanti Das2014-11-123-2/+19
| | | | | | | | | | | | Changing wcnss service context from wpa to wcnss Change-Id: Ia5c4c0c8fdf3c073e47e44a4b4e29ae886c87a1f
* | Merge "Bluetooth: Allow system apps to access Bluetooth sockets"Linux Build Service Account2014-11-132-1/+1
|\ \
| * | Bluetooth: Allow system apps to access Bluetooth socketsBhakthavatsala Raghavendra2014-11-062-1/+1
| |/ | | | | | | | | | | | | | | | | | | Allow system app to access Bluetooth sockets so that OBEX based transactions goes though without any issue Remove wpa based rule as it is not needed Change-Id: Ife28e6e6e75421b890b2fe6b69b2908110867e3b CRs-fixed: 752155
* | Merge "sepolicy: add policies for fm over A2DP support"Linux Build Service Account2014-11-121-1/+1
|\ \
| * | sepolicy: add policies for fm over A2DP supportVenkateshwarlu Domakonda2014-11-111-1/+1
| | | | | | | | | | | | | | | | | | | | | Add mediaserver policy to allow it to read/write system_app data file. CRs-Fixed: 752520 Change-Id: I15f6fdf4b85916b7f90768839ae1d65e61d4c4e2
* | | Merge "netmgrd: allow communication with connectivity framework"Linux Build Service Account2014-11-111-1/+6
|\ \ \
| * | | netmgrd: allow communication with connectivity frameworkSubash Abhinov Kasiviswanathan2014-11-071-1/+6
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix the following denials Allow communication with cnd sockets [ 22.806091] type=1400 audit(1415054892.584:18): avc: denied { write } for pid=1317 comm="netmgrd" name="cnd" dev="tmpfs" ino=8381 scontext=u:r:netmgrd:s0 tcontext=u:object_r:cnd_socket:s0 tclass=sock_file [ 22.316132] type=1400 audit(1415053588.674:56): avc: denied { connectto } for pid=1321 comm="netmgrd" path="/dev/socket/cnd" scontext=u:r:netmgrd:s0 tcontext=u:r:cnd:s0 tclass=unix_stream_socket Allow operations on netlink xfrm sockets [ 20.794160] type=1400 audit(1415053541.505:16): avc: denied { setopt } for pid=1162 comm="ip" scontext=u:r:netmgrd:s0 tcontext=u:r:netmgrd:s0 tclass=netlink_xfrm_socket [ 20.794450] type=1400 audit(1415053541.505:17): avc: denied { getattr } for pid=1162 comm="ip" scontext=u:r:netmgrd:s0 tcontext=u:r:netmgrd:s0 tclass=netlink_xfrm_socket [ 20.794528] type=1400 audit(1415053541.505:18): avc: denied { write } for pid=1162 comm="ip" scontext=u:r:netmgrd:s0 tcontext=u:r:netmgrd:s0 tclass=netlink_xfrm_socket [ 20.794602] type=1400 audit(1415053541.505:19): avc: denied { nlmsg_write } for pid=1162 comm="ip" scontext=u:r:netmgrd:s0 tcontext=u:r:netmgrd:s0 tclass=netlink_xfrm_socket [ 20.794688] type=1400 audit(1415053541.505:20): avc: denied { read } for pid=1162 comm="ip" scontext=u:r:netmgrd:s0 tcontext=u:r:netmgrd:s0 tclass=netlink_xfrm_socket Allow operations on netd and its resources [ 20.827567] type=1400 audit(1415053541.545:21): avc: denied { read } for pid=1166 comm="ip" name="rt_tables" dev="mmcblk0p13" ino=268 scontext=u:r:netmgrd:s0 tcontext=u:object_r:net_data_file:s0 tclass=file [ 20.827802] type=1400 audit(1415053541.545:22): avc: denied { open } for pid=1166 comm="ip" name="rt_tables" dev="mmcblk0p13" ino=268 scontext=u:r:netmgrd:s0 tcontext=u:object_r:net_data_file:s0 tclass=file [ 20.827915] type=1400 audit(1415053541.545:23): avc: denied { getattr }for pid=1166 comm="ip" path="/data/misc/net/rt_tables" dev="mmcblk0p13" ino=268 scontext=u:r:netmgrd:s0 tcontext=u:object_r:net_data_file:s0 tclass=file [ 21.480717] type=1400 audit(1415053542.195:24): avc: denied { getattr } for pid=1259 comm="sh" path="/system/bin/ndc" dev="mmcblk0p12" ino=444 scontext=u:r:netmgrd:s0 tcontext=u:object_r:wpa_exec:s0 tclass=file [ 21.481188] type=1400 audit(1415053542.195:25): avc: denied { execute } for pid=1259 comm="sh" name="ndc" dev="mmcblk0p12" ino=444 scontext=u:r:netmgrd:s0 tcontext=u:object_r:wpa_exec:s0 tclass=file [ 21.482377] type=1400 audit(1415053542.195:26): avc: denied { read open } for pid=1260 comm="sh" name="ndc" dev="mmcblk0p12" ino=444 scontext=u:r:netmgrd:s0 tcontext=u:object_r:wpa_exec:s0 tclass=file [ 21.482614] type=1400 audit(1415053542.195:27): avc: denied { execute_no_trans } for pid=1260 comm="sh" path="/system/bin/ndc" dev="mmcblk0p12" ino=444 scontext=u:r:netmgrd:s0 tcontext=u:object_r:wpa_exec:s0 tclass=file avc: denied { search } for pid=1168 comm="ip" name="net" dev="mmcblk0p34" ino=210 scontext=u:r:netmgrd:s0 tcontext=u:object_r:net_data_file:s0 tclass=dir permissive=0 CRs-Fixed: 748457 Change-Id: Ie1044b498002602354b28f3c2e36bf1c9ee64e15
* | | Merge "sepolicy: allow untrusted_app access to perflock"Linux Build Service Account2014-11-091-0/+7
|\ \ \ | |/ / |/| |
| * | sepolicy: allow untrusted_app access to perflockVince Leung2014-11-031-0/+7
| | | | | | | | | | | | | | | | | | | | | Add allow policy for untrusted app to write into PerfLock socket Change-Id: Ib494148895b38e352635511643fa90266c8d2ae9
* | | SEAndroid: Add new location policyTushar Janefalkar2014-11-031-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | Added policy for lowi-server to access netlink sockets Change-Id: I8fd6687d2b2e7c4dcb5e05b6f0541b3a24807b23 CRs-fixed: 747721
* | | Seandroid: replacing policies with macroAvijit Kanti Das2014-11-032-6/+1
| | | | | | | | | | | | | | | | | | Using macro for location services Change-Id: Ic70498c3463803a36718091d43837c2f93e6d34b
* | | Seandroid: Moving wpa related policies to wpa.teAvijit Kanti Das2014-11-032-2/+3
| | | | | | | | | | | | | | | | | | | | | Moving all wpa related issues to wpa.te and removing unnecessary files Change-Id: I610dbb0041ad89489fad2235f3d7cbb0c49edfb8
* | | Seandroid: Removing unused fileAvijit Kanti Das2014-11-031-0/+0
| | | | | | | | | | | | | | | | | | Removing unused file gloabal_macro.te Change-Id: If5bd3813b0918ca08bbcebc4339d873f4abb95a9
* | | Seandroid: Adding dun service context.Avijit Kanti Das2014-11-033-0/+3
| | | | | | | | | | | | | | | | | | Adding context for dun service Change-Id: Ie20962700335058800ed0d42ed01c2f27e4f96de
* | | sepolicy: add rule for CNE.Boxiang Pan2014-11-033-0/+4
| | | | | | | | | | | | | | | | | | add rule for CNE data file for db file Change-Id: I1dbc81f7be2bb4b4344336546622d351f5fa3e23
* | | Seandroid: Add policy for wbc servicesAvijit Kanti Das2014-11-033-0/+3
| | | | | | | | | | | | | | | | | | Add policy for wbc services Change-Id: I1ca863faeaac84382cc6e208fa4c869978d9b80a
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-25 11:37:35 +0000