/ace-kernel_lettuce

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Marshmallow initial kernel bringup. This commit adds sepolicy versions 29 and 30 required by mm. #1

Merged
merged 2 commits into from Oct 31, 2015
+912 −73

Conversation

Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@USA-RedDragon @C-Aniruddh @jeffvanderstoep
@USA-RedDragon

USA-RedDragon commented Oct 27, 2015

No description provided.

Richard Haines and others added some commits Oct 27, 2015

Richard Haines @USA-RedDragon
SELinux: Update policy version to support constraints info 
    Update the policy version (POLICYDB_VERSION_CONSTRAINT_NAMES) to allow
    holding of policy source info for constraints.

    Upstream commit a660bec1d84ad19a39e380af129e207b3b8f609e

    Bug: 20350607
    Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
    Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
    Signed-off-by: Paul Moore <pmoore@redhat.com>
    Change-Id: If419c7bfdea2f7006c9a62ea595f0cbfe5c78871
066b8d4
@jeffvanderstoep @USA-RedDragon
SELinux: per-command whitelisting of ioctls 
     note that this patch depends on a prior patch that is already in
     android-3.4 but has not apparently found its way into the msm 3.4
     branches (but is included in exynos and tegra),
     https://android-review.googlesource.com/#/c/92962/

    Extend the generic ioctl permission check with support for per-command
    filtering. Source/target/class sets including the ioctl permission may
    additionally include a set of commands. Example:

    allow <source> <target>:<class> { 0x8910-0x8926 0x892A-0x8935 }
    auditallow <source> <target>:<class> 0x892A

    When ioctl commands are omitted only the permissions are checked. This
    feature is intended to provide finer granularity for the ioctl
    permission which may be too imprecise in some circumstances. For
    example, the same driver may use ioctls to provide important and
    benign functionality such as driver version or socket type as well as
    dangerous capabilities such as debugging features, read/write/execute
    to physical memory or access to sensitive data. Per-command filtering
    provides a mechanism to reduce the attack surface of the kernel, and
    limit applications to the subset of commands required.

    The format of the policy binary has been modified to include ioctl
    commands, and the policy version number has been incremented to
    POLICYDB_VERSION_IOCTL_OPERATIONS=30 to account for the format change.

    Bug: 20350607
    Bug: 18087110
    Change-Id: Ibf0e36728f6f3f0d5af56ccdeddee40800af689d
    Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
2a0c574
@C-Aniruddh

This comment has been minimized.

Sign in to view
Owner

C-Aniruddh commented Oct 31, 2015

Thanks! :)

C-Aniruddh added a commit that referenced this pull request Oct 31, 2015

@C-Aniruddh
Merge pull request #1 from USA-RedDragon/cm-13.0 
Marshmallow initial kernel bringup. This commit adds sepolicy versions 29 and 30 required by mm.
46aae5a

@C-Aniruddh C-Aniruddh merged commit 46aae5a into C-Aniruddh:cm-12.1 Oct 31, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment