Commits · d1f1070acb4f5d29ddc6536126d6834ec418b8f1 · Werner Sembach / AndroidSystemSEPolicy

Oct 15, 2013

tools: drop unused field in struct · d1f1070a

William Roberts authored 11 years ago

check_seapp at one point in time switch from a home implementation
of a hash table to using GLIBC search.h routines. A struct in one
of the fields was never removed during this transition.

Change-Id: I65c028103ffe90fa52e0b3c9fce28124ed9c7ff9

d1f1070a

Oct 14, 2013

tools: Strengthen BEGIN/END CERTIFICATE checks · 14138335

William Roberts authored 11 years ago

insertkeys.py used beginswith() when checking that the BEGIN
and END CERTIFICATE clauses in PEM files were correct. It should
have done an explicit check on equality.

Change-Id: I5efb48d180bc674e6281a26a955acd248588b8bd

14138335

Oct 10, 2013

tools: Don't error out of insertkeys script on whitespace · 070c01f8

Mike Palmiotto authored 11 years ago

Many keys end with whitespace or otherwise have whitespace separating the
certificates. If insertkeys is intended to support multiple certificates, we
should also support blank line separators.

Change-Id: I5fd17be5785ad1b89a6191e9ba33bbc7c5a4e8e9

070c01f8

Oct 08, 2013

tools: Correct insert keys behavior on pem files · 1ecb4e8a

William Roberts authored 11 years ago

Insert keys would erroneously process pem files
with openssl headers in them. Also, the tool would
be fooled into attempting to use pem files that
had private keys and other things in the format.
This patch strengthens the formatting requirements
and increases the verboseness of error messages
when processing pem files.

Change-Id: I03353faaa641233a000d1a18943024ae47c63e0f

1ecb4e8a

Sep 12, 2013

Extend to check indirect allow rules and conditional rules. · 640991bb

Stephen Smalley authored 11 years ago


$ sepolicy-check -s untrusted_app -t mediaserver -c binder -p call -P out/target/product/manta/root/sepolicy
Match found!

Also removed loading of initial SIDs as that is not required for
this functionality and it leaks memory as it is never freed.
valgrind now reports no leaks.

Change-Id: Ic7a26fd01c57914e4e96db504d669f5367542a35
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

640991bb

Aug 23, 2013
- Add sepolicy-check, a utility for auditing selinux policy. · 01aaeb6a
  Geremy Condra authored 11 years ago
  
  This is based on Joshua Brindle's sepolicy-inject. Change-Id: Ie75bd56a2996481592dcfe7ad302b52f381d5b18
  01aaeb6a
Aug 08, 2013

Fix insertkeys.py to resolve keys.conf path entries in a portable way · 1b46b2fe

Richard Haines authored 11 years ago


Currently a path to a key in keys.conf must be fully qualified or have
the -d option appended. This fix will allow paths to have environment
variables that will be expanded. This will give portability to the
entries. For example the following entry will now be resolved correctly:
[@NET_APPS]
ALL : $ANDROID_BUILD_TOP/device/demo_vendor/demo_dev/security/net_apps.x509.pem

Change-Id: If4f169d9ed4f37b6ebd062508de058f3baeafead
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>

1b46b2fe

Apr 29, 2013
- Support strict duplicate checking · 63297211
  William Roberts authored 11 years ago
  
  Change-Id: I3bb4755b86a90414a3912c8099dd7a4389249b24
  63297211
Apr 20, 2013
- Fix segfault on -v with duplicates · 1e8c061b
  William Roberts authored 11 years ago
  
  Change-Id: Ic040af5cfcd1be22074a691ecdd01e890866bc19
  1e8c061b
Mar 29, 2013

Add a key directory argument to insertkeys.py · 020b5ff6

Geremy Condra authored 12 years ago

This allows us to better integrate key selection with our existing
build process.

Change-Id: I6e3eb5fbbfffb8e31c5edcf16f74df7c38abe537

020b5ff6

Mar 28, 2013

Add a key directory argument to insertkeys.py · 51dd0339

Geremy Condra authored 12 years ago

This allows us to better integrate key selection with our existing
build process.

Change-Id: I6e3eb5fbbfffb8e31c5edcf16f74df7c38abe537

51dd0339

Mar 27, 2013

Expand insertkeys.py script to allow union of files. · 7f2392ee

Robert Craig authored 12 years ago


Allow script to union mac_permissions.xml files
specified using the BOARD_SEPOLICY_DIRS and
BOARD_SEPOLICY_UNION constructs.

Change-Id: I4fc65fd1ab4c612f25e966f030247e54a270b614
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>

7f2392ee

Mar 26, 2013

Revert "Revert "Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml"""" · edf7b4c8

Geremy Condra authored 12 years ago

This reverts commit 60d4d71e

This should (finally) be fixed in https://android-review.googlesource.com/#/c/54730/

Change-Id: I3dd358560f7236f28387ffbe247fc2b004e303ea

edf7b4c8

Revert "Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml""" · 60d4d71e

Geremy Condra authored 12 years ago

This reverts commit cd4104e8

This builds clean locally, but seems to explode on the build servers. Reverting until there's a solution.

Change-Id: I09200db37c193f39c77486d5957a8f5916e38aa0

60d4d71e

Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml"" · cd4104e8

Geremy Condra authored 12 years ago

This reverts commit 1446e714

Hidden dependency has been resolved.

Change-Id: Ia535c0b9468ea5f705dff9813186a7fa8bab84ae

cd4104e8

Mar 20, 2013

Generalize levelFromUid support. · 38084146

Stephen Smalley authored 12 years ago


Introduce a levelFrom=none|app|user|all syntax for specifying
per-app, per-user, or per-combination level assignment.
levelFromUid=true|false remains valid syntax but is deprecated.
levelFromUid=true is equivalent to levelFrom=app.

Update check_seapp to accept the new syntax.
Update seapp_contexts to document the new syntax and switch
from levelFromUid=true to levelFrom=app.  No change in behavior.

Change-Id: Ibaddeed9bc3e2586d524efc2f1faa5ce65dea470
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

38084146

Mar 19, 2013
- Revert "Dynamic insertion of pubkey to mac_permissions.xml" · e0c0ad29
  Geremy Condra authored 12 years ago
  
  This reverts commit 22fc0410 Change-Id: I2d91b1262e8d0e82a21ea7c5333b1e86f3ed9bee
  e0c0ad29
- Revert "Dynamic insertion of pubkey to mac_permissions.xml" · 1446e714
  Geremy Condra authored 12 years ago
  
  This reverts commit 22fc0410 Change-Id: I2d91b1262e8d0e82a21ea7c5333b1e86f3ed9bee
  1446e714
- property_contexts checks added to checkfc. · d98d26ef
  Robert Craig authored 12 years ago
  
  Change-Id: If361ea93fabd343728196eed2663fd572ecaa70b Signed-off-by: Robert Craig <rpcraig@tycho.ncsc.mil>
  d98d26ef
Dec 08, 2012

Dynamic insertion of pubkey to mac_permissions.xml · 22fc0410

William Roberts authored 12 years ago

Support the inseretion of the public key from pem
files into the mac_permissions.xml file at build
time.

Change-Id: Ia42b6cba39bf93723ed3fb85236eb8f80a08962a

22fc0410

Nov 27, 2012
- Whitespace and doxygen fix · fff2980a
  William Roberts authored 12 years ago
  
  Change-Id: I7b6ad050051854120dc8031b17da6aec0e644be3
  fff2980a
Nov 01, 2012
- Moved Android policy tools to tools directory · cdfb06f5
  Alice Chu authored 12 years ago
  
  Change-Id: I57b0dd9f8071eae492020f410c87f465ba820711
  cdfb06f5