android_external_sepolicy - Unnamed repository; edit this file 'description' to name the repository.

	Commit message (Collapse)	Author	Age	Files	Lines
*	Merge "Add selinux policy for fingerprintd" into mnc-dev	Jim Miller	2015-05-21	1	-0/+1
\|\
\| *	Add selinux policy for fingerprintd	Jim Miller	2015-05-19	1	-0/+1
\| \| \| \| \| \| \| \|	Change-Id: Ibcb714248c28abf21272986facaade376dcbd7ef
* \|	camera: Add AIDL interface for CameraServiceProxy.	Ruben Brunk	2015-05-19	1	-0/+1
\|/ \| \| \| \| \| \|	- Update selinux policy for CameraServiceProxy. Bug: 21267484 Change-Id: Ib821582794ddd1e3574b5dc6c79f7cb197b57f10
*	Merge "Make deviceidle accessible as system_api_service." into mnc-dev	dcashman	2015-04-29	1	-1/+1
\|\
\| *	Make deviceidle accessible as system_api_service.	dcashman	2015-04-29	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	deviceidle service should be accessible to all non third-party apps. Cherry-pick of commit: 7c1dced7d5d836d84d38aa33d86b0f8361070a3c Change-Id: Ia410fe0027f212009cc2abeaabc64c7c87841daa
* \|	Expand access to gatekeeperd.	Alex Klyubin	2015-04-29	1	-1/+1
\|/ \| \| \| \| \| \| \| \| \| \| \|	This enables access to gatekeeperd for anybody who invokes Android framework APIs. This is necessary because the AndroidKeyStore abstraction offered by the framework API occasionally communicates with gatekeeperd from the calling process. (cherry picked from commit effcac7d7eddded5fa31d294dfe3fd1757de51c7) Bug: 20526234 Change-Id: I450242cd085259b3f82f36f359ee65ff27bebd13
*	Make persistent_data_block_service a system_api_service.	dcashman	2015-04-09	1	-1/+1
\| \| \| \| \| \| \| \| \| \|	Settings needs to be able to access it when opening developer options. Address the following denial: avc: denied { find } for service=persistent_data_block scontext=u:r:system_app:s0 tcontext=u:object_r:persistent_data_block_service:s0 tclass=service_manager Bug: 20131472 Change-Id: I85e2334a92d5b8e23d0a75312c9b4b5bf6aadb0b
*	Make backup service app_api_service.	dcashman	2015-04-09	1	-1/+1
\| \| \| \| \| \| \| \|	Backup service needs to be accessible to all apps to notify the system when something changes which is being backed-up. Bug: 18106000 Change-Id: I8f34cca64299960fa45afc8d09110123eb79338b
*	Enforce more specific service access.	dcashman	2015-04-09	1	-25/+25
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Move the remaining services from tmp_system_server_service to appropriate attributes and remove tmp_system_server and associated logging: registry restrictions rttmanager scheduling_policy search sensorservice serial servicediscovery statusbar task textservices telecom_service trust_service uimode updatelock usagestats usb user vibrator voiceinteraction wallpaper webviewupdate wifip2p wifi window Bug: 18106000 Change-Id: Ia0a6d47099d82c53ba403af394537db6fbc71ca0
*	Enforce more specific service access.	dcashman	2015-04-08	1	-10/+10
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Move the following services from tmp_system_server_service to appropriate attributes: network_management network_score notification package permission persistent power print processinfo procstats Bug: 18106000 Change-Id: I9dfb41fa41cde72ef0059668410a2e9eb1af491c
*	Enforce more specific service access.	dcashman	2015-04-07	1	-10/+10
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Move the following services from tmp_system_server_service to appropriate attributes: jobscheduler launcherapps location lock_settings media_projection media_router media_session mount netpolicy netstats Bug: 18106000 Change-Id: Ia82d475ec41f658851f945173c968f4abf57e7e1
*	Enforce more specific service access.	dcashman	2015-04-07	1	-11/+11
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Move the following services from tmp_system_server_service to appropriate attributes: diskstats display dreams dropbox ethernet fingerprint graphicstats hardware hdmi_control input_method input_service Bug: 18106000 Change-Id: Iadd8aab9e78d9d39fb00cf0b5a95fa1927d02095
*	Enforce more specific service access.	dcashman	2015-04-07	1	-10/+9
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Move the following services from tmp_system_server_service to appropriate attributes: battery bluetooth_manager clipboard commontime_management connectivity content country_detector device_policy deviceidle Bug: 18106000 Change-Id: I0d0f2a075c0509a783631d88ba453ac13399cdf2
*	SELinux permissions for gatekeeper TEE proxy	Andres Morales	2015-04-06	1	-0/+1
\| \| \| \| \| \| \| \| \| \|	sets up: - execute permissions - binder permission (system_server->gatekeeper->keystore) - prevents dumpstate and shell from finding GK binder service - neverallow rules for prohibited clients Change-Id: I1817933a91de625db469a20c7a4c8e2ca46efa1e
*	Assign app_api_service attribute to services.	dcashman	2015-04-06	1	-6/+6
\| \| \| \| \| \| \| \|	Assign the alarm, appwidget, assetatlas, audio, backup and batterystats services the appropriate service access levels and move into enforcing. Bug: 18106000 Change-Id: If3210bb25f3076edfdb6eec36ef6521ace1bd8d7
*	Assign app_api_service attribute to services.	dcashman	2015-04-03	1	-4/+4
\| \| \| \| \| \| \| \| \|	Move accessibility, account, appops and activity services into enforcing with app_api_service level of access, with additional grants to mediaserver and isolated app. Bug: 18106000 Change-Id: I1d5a79b9223026415f1690e8e9325ec4c270e3dd
*	Add system_api_service and app_api_service attributes.	dcashman	2015-04-03	1	-15/+14
\| \| \| \| \| \| \| \| \| \| \|	System services differ in designed access level. Add attributes reflecting this distinction and label services appropriately. Begin moving access to the newly labeled services by removing them from tmp_system_server_service into the newly made system_server_service attribute. Reflect the move of system_server_service from a type to an attribute by removing access to system_server_service where appropriate. Change-Id: I7fd06823328daaea6d6f96e4d6bd00332382230b
*	Add graphicsstats service	John Reck	2015-03-27	1	-0/+1
\| \| \| \|	Change-Id: I156b139b57f46c695ece35b7b26a3087d87b25df
*	Add rule for new deviceidle service.	Dianne Hackborn	2015-03-19	1	-0/+1
\| \| \| \|	Change-Id: I283663caea0ee1597645856fb31f13b26e902315
*	Add security policy for ProcessInfoService.	Ruben Brunk	2015-01-29	1	-0/+1
\| \| \| \| \| \|	Bug: 19186859 Change-Id: Ic08858f346d6b66e7bfc9da6faa2c6e38d9b2e82
*	Make system_server_service an attribute.	dcashman	2015-01-14	1	-0/+88
\| \| \| \| \| \| \| \|	Temporarily give every system_server_service its own domain in preparation for splitting it and identifying special services or classes of services. Change-Id: I81ffbdbf5eea05e0146fd7fd245f01639b1ae0ef
*	Add imms service and system_app_service type.	Riley Spahn	2014-07-01	1	-0/+1
\| \| \| \| \| \| \| \|	Map imms to system_app_service in service_contexts and add the system_app_service type and allow system_app to add the system_app_service. Bug: 16005467 Change-Id: I06ca75e2602f083297ed44960767df2e78991140
*	Add missing services to service_contexts.	Riley Spahn	2014-06-26	1	-0/+1
\| \| \| \| \| \| \|	Add missing services related to battery, bluetooth, time, and radio to service_contexts. Change-Id: I8bf05feb173d49637048c779757013806837fede
*	Add SELinux rules for service_manager.	Riley Spahn	2014-06-12	1	-0/+10
	Add a service_mananger class with the verb add. Add a type that groups the services for each of the processes that is allowed to start services in service.te and an attribute for all services controlled by the service manager. Add the service_contexts file which maps service name to target label. Bug: 12909011 Change-Id: I017032a50bc90c57b536e80b972118016d340c7d