- Dec 02, 2015
-
-
Nick Kralevich authoredRemove domain_deprecated from mdnsd. This removes some unnecessarily permissive rules from mdnsd. As part of this, re-allow /proc/net access, which is removed as a result of removing domain_deprecated. Bug: 25433265 Change-Id: Ie1cf27179ac2e9170cf4cd418aea3256b9534603
-
- Nov 03, 2015
-
-
Jeff Vander Stoep authored
Motivation: Domain is overly permissive. Start removing permissions from domain and assign them to the domain_deprecated attribute. Domain_deprecated and domain can initially be assigned to all domains. The goal is to not assign domain_deprecated to new domains and to start removing domain_deprecated where it is not required or reassigning the appropriate permissions to the inheriting domain when necessary. Bug: 25433265 Change-Id: I8b11cb137df7bdd382629c98d916a73fe276413c
-
- Sep 08, 2014
-
-
Stephen Smalley authored
When using MLS (i.e. enabling levelFrom= in seapp_contexts), certain domains and types must be exempted from the normal constraints defined in the mls file. Beyond the current set, adbd, logd, mdnsd, netd, and servicemanager need to be able to read/write to any level in order to communicate with apps running with any level, and the logdr and logdw sockets need to be writable by apps running with any level. This change has no impact unless levelFrom= is specified in seapp_contexts, so by itself it is a no-op. Change-Id: I36ed382b04a60a472e245a77055db294d3e708c3 Signed-off-by:
Stephen Smalley <sds@tycho.nsa.gov>
-
- Mar 14, 2014
-
-
Stephen Smalley authored
Change-Id: I610723eb9f2edcb4525b0e2d7e55616a1d93957d Signed-off-by:Stephen Smalley <sds@tycho.nsa.gov>
-
- Feb 25, 2014
-
-
Stephen Smalley authored
Signed-off-by:
Stephen Smalley <sds@tycho.nsa.gov>
(cherry picked from commit 96ff4c05)
Change-Id: Idfd734f07687925c1f35d2629d4b59d46822d0d4 -
Stephen Smalley authored
Change-Id: I0a06fa32a46e515671b4e9a6f68e1a3f8b2c21a8 Signed-off-by:Stephen Smalley <sds@tycho.nsa.gov>
-