android_external_sepolicy - Unnamed repository; edit this file 'description' to name the repository.

	Commit message (Collapse)	Author	Age	Files	Lines
*	Treat seinfo=default name=<anything> as an error.	Stephen Smalley	2014-04-04	1	-2/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	check_app already checks for usage of name= entries in seapp_contexts with no seinfo= specification to link it back to a signer in mac_permissions.xml. However, one can avoid this error by specifying a seinfo=default which merely matches the default stanza of mac_permissions.xml without actually ensuring that it is tied to a specific certificate. Catch that error case too. Change-Id: If33cf21501e8bfee44d31c92b6341dfa583552b2 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
*	Add support for and use new path= specifier in seapp_contexts.	Stephen Smalley	2014-02-19	1	-0/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Extend check_seapp to accept the use of the new path= specifier in seapp_contexts and use it to ensure proper labeling of the cache subdirectory of com.android.providers.downloads for restorecon. After this change, restorecon /data/data/com.android.providers.downloads/cache does not change the context, leaving it in download_file rather than relabeling it to platform_app_data_file. Depends on Iddaa3931cfd4ddd5b9f62cd66989e1f26553baa1. Change-Id: Ief65b8c8dcb44ec701d53e0b58c52d6688cc2a14 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
*	Reintroduce -Wall -Werror to check_seapp.	Robert Craig	2013-11-01	1	-1/+2
\| \| \| \| \| \| \| \|	Also add attribute for a potential unused function argument when dealing with darwin SDK builds. Change-Id: Iefdbecb050cc5fff6036f15413566e10cefa3813
*	Add sepolicy-analyze tool.	Stephen Smalley	2013-10-31	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	And also remove the unnecessary references to libselinux for sepolicy-check, as it has no dependencies on libselinux. Also enable -Wall -Werror on building all of these tools and fix up all such errors. Usage: $ sepolicy-analyze -e -P out/target/product/<device>/root/sepolicy or $ sepolicy-analyze -d -P out/target/product/<device>/root/sepolicy The first form will display all type pairs that are "equivalent", i.e. they are identical with respect to allow rules, including indirect allow rules via attributes and default-enabled conditional rules (i.e. default boolean values yield a true conditional expression). Equivalent types are candidates for being coalesced into a single type. However, there may be legitimate reasons for them to remain separate, for example: - the types may differ in a respect not included in the current analysis, such as default-disabled conditional rules, audit-related rules (auditallow or dontaudit), default type transitions, or constraints (e.g. mls), or - the current policy may be overly permissive with respect to one or the other of the types and thus the correct action may be to tighten access to one or the other rather than coalescing them together, or - the domains that would in fact have different accesses to the types may not yet be defined or may be unconfined in the policy you are analyzing (e.g. in AOSP policy). The second form will display type pairs that differ and the first difference found between the two types. This output can be long. We have plans to explore further enhancements to this tool, including support for identifying isomorphic types. That will be required to identify similar domains since all domains differ in at least their entrypoint type and in their tmpfs type and thus will never show up as equivalent even if they are in all other respects identical to each other. Change-Id: If0ee00188469d2a1e165fdd52f235c705d22cd4e Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
*	tools: update lengths from int to size_t	William Roberts	2013-10-16	1	-11/+11
\| \| \| \|	Change-Id: If4839218b200a0d90bdf7779d2e039719fae85a5
*	tools: require that seinfo and packagename be used	William Roberts	2013-10-16	1	-0/+48
\| \| \| \| \| \| \| \|	Modify check_seapp.c to verify that a packagname (name) must be specified with a signing key (seinfo). This will help thwart spoof attacks on the packagename. Change-Id: I8f1aa8a479cb5beb5c3522d85e3181604931ea72
*	tools: drop unused field in struct	William Roberts	2013-10-15	1	-1/+0
\| \| \| \| \| \| \| \|	check_seapp at one point in time switch from a home implementation of a hash table to using GLIBC search.h routines. A struct in one of the fields was never removed during this transition. Change-Id: I65c028103ffe90fa52e0b3c9fce28124ed9c7ff9
*	Support strict duplicate checking	William Roberts	2013-04-29	1	-8/+22
\| \| \| \|	Change-Id: I3bb4755b86a90414a3912c8099dd7a4389249b24
*	Fix segfault on -v with duplicates	William Roberts	2013-04-19	1	-3/+5
\| \| \| \|	Change-Id: Ic040af5cfcd1be22074a691ecdd01e890866bc19
*	Generalize levelFromUid support.	Stephen Smalley	2013-03-20	1	-0/+10
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	Introduce a levelFrom=none\|app\|user\|all syntax for specifying per-app, per-user, or per-combination level assignment. levelFromUid=true\|false remains valid syntax but is deprecated. levelFromUid=true is equivalent to levelFrom=app. Update check_seapp to accept the new syntax. Update seapp_contexts to document the new syntax and switch from levelFromUid=true to levelFrom=app. No change in behavior. Change-Id: Ibaddeed9bc3e2586d524efc2f1faa5ce65dea470 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
*	Whitespace and doxygen fix	William Roberts	2012-11-27	1	-1/+3
\| \| \| \|	Change-Id: I7b6ad050051854120dc8031b17da6aec0e644be3
*	Moved Android policy tools to tools directory	Alice Chu	2012-11-01	1	-0/+977
	Change-Id: I57b0dd9f8071eae492020f410c87f465ba820711