PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,388 Commits 17 Branches 0 Tags 41 MiB
77cc05502f
Commit Graph

4 Commits

Author SHA1 Message Date
Stephen Smalley
27042f6da1 Drop special handling of app_data_file in mls constraints. 
This was a legacy of trying to support per-app level isolation
in a compatible manner by blocking direct open but permitting
read/write via passing of open files over Binder or local sockets.
It is no longer relevant and just confusing to anyone trying to use
the mls support for anything else.

Change-Id: I6d92a7cc20bd7d2fecd2c9357e470a30f10967a3
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 2014-03-12 09:31:32 -04:00
Stephen Smalley
e884872655 Add policy for run-as program. 
Add policy for run-as program and label it in file_contexts.
Drop MLS constraints on local socket checks other than create/relabel
as this interferes with connections with services, in particular for
adb forward.

Change-Id: Ib0c4abeb7cbef559e150a620c45a7c31e0531114
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 2012-11-27 10:05:42 -08:00
Stephen Smalley
0e85c17e6e Rewrite MLS constraints to only constrain open for app_data_file, not read/write. 2012-03-19 10:32:24 -04:00
Stephen Smalley
2dd4e51d5c SE Android policy. 2012-01-04 12:33:27 -05:00