audioserver has the same rules as mediaserver so there is
no loss of rights or permissions.
media.log moves to audioserver.
TBD: Pare down permissions.
Bug: 24511453
Change-Id: I0fff24c14b712bb3d498f75e8fd66c2eb795171d
Remove bluetooth's access to tun_device. Auditallow rule demonstrates
that it's not used.
Strengthen the neverallow on opening tun_device to include all Apps.
Bug: 24744295
Change-Id: Iba85ba016b1e24c6c12d5b33e46fe8232908aac1
Don't mix bluetooth rules with bluetoothdomain. The bluetoothdomain
rules are used by several other SELinux domains, not just bluetooth,
and keeping them in the same file is confusing.
Change-Id: I487251ab1c1392467a39c7a87328cdaf802fc1f8
Motivation: Domain is overly permissive. Start removing permissions
from domain and assign them to the domain_deprecated attribute.
Domain_deprecated and domain can initially be assigned to all
domains. The goal is to not assign domain_deprecated to new domains
and to start removing domain_deprecated where it is not required or
reassigning the appropriate permissions to the inheriting domain
when necessary.
Bug: 25433265
Change-Id: I8b11cb137df7bdd382629c98d916a73fe276413c
Address the following denial:
SELinux E avc: denied { find } for service=drm.drmManager scontext=u:r:bluetooth:s0 tcontext=u:object_r:drmserver_service:s0
This denial is triggered by Bluetooth when MmsFileProvider.java is
using the PduPersister which in turn is using DRM.
Change-Id: I4c077635f8afa39e6bc5e10178c3a7ae3cb6a9ea
Third party vpn apps must receive open tun fd from the framework
for device traffic.
neverallow untrusted_app open perm and auditallow bluetooth
access to see if the neverallow rule can be expanded to include
all of appdomain.
Bug: 24677682
Change-Id: I68685587228a1044fe1e0f96d4dc08c2adbebe78
A common source of mistakes when authoring sepolicy is properly
setting up property sets. This is a 3 part step of:
1. Allowing the unix domain connection to the init/property service
2. Allowing write on the property_socket file
3. Allowing the set on class property_service
The macro unix_socket_connect() handled 1 and 2, but could be
confusing for first time policy authors. 3 had to be explicitly
added.
To correct this, we introduce a new macros:
set_prop(sourcedomain, targetprop)
This macro handles steps 1, 2 and 3.
No difference in sediff is expected.
(cherrypicked from commit 625a3526f1)
Change-Id: I630ba0178439c935d08062892990d43a3cc1239e
Signed-off-by: William Roberts <william.c.roberts@linux.intel.com>
A common source of mistakes when authoring sepolicy is properly
setting up property sets. This is a 3 part step of:
1. Allowing the unix domain connection to the init/property service
2. Allowing write on the property_socket file
3. Allowing the set on class property_service
The macro unix_socket_connect() handled 1 and 2, but could be
confusing for first time policy authors. 3 had to be explicitly
added.
To correct this, we introduce a new macros:
set_prop(sourcedomain, targetprop)
This macro handles steps 1, 2 and 3.
No difference in sediff is expected.
Change-Id: I630ba0178439c935d08062892990d43a3cc1239e
Signed-off-by: William Roberts <william.c.roberts@linux.intel.com>
Added permission to SAP socket used to access the the RIL daemon
Change-Id: Ifbfb764f0b8731e81fb3157955aa4fda6120d846
Signed-off-by: Casper Bonde <c.bonde@samsung.com>
Move the following services from tmp_system_server_service to appropriate
attributes:
network_management
network_score
notification
package
permission
persistent
power
print
processinfo
procstats
Bug: 18106000
Change-Id: I9dfb41fa41cde72ef0059668410a2e9eb1af491c
Move the following services from tmp_system_server_service to appropriate
attributes:
jobscheduler
launcherapps
location
lock_settings
media_projection
media_router
media_session
mount
netpolicy
netstats
Bug: 18106000
Change-Id: Ia82d475ec41f658851f945173c968f4abf57e7e1
Assign the alarm, appwidget, assetatlas, audio, backup and batterystats services
the appropriate service access levels and move into enforcing.
Bug: 18106000
Change-Id: If3210bb25f3076edfdb6eec36ef6521ace1bd8d7
Move accessibility, account, appops and activity services into enforcing with
app_api_service level of access, with additional grants to mediaserver and
isolated app.
Bug: 18106000
Change-Id: I1d5a79b9223026415f1690e8e9325ec4c270e3dd
System services differ in designed access level. Add attributes reflecting this
distinction and label services appropriately. Begin moving access to the newly
labeled services by removing them from tmp_system_server_service into the newly
made system_server_service attribute. Reflect the move of system_server_service
from a type to an attribute by removing access to system_server_service where
appropriate.
Change-Id: I7fd06823328daaea6d6f96e4d6bd00332382230b
Encountered when certinstaller tries to talk to keystore:
ComponentInfo{com.android.certinstaller/com.android.certinstaller.CertInstaller}: java.lang.NullPointerException: Attempt to invoke interface method 'int android.security.IKeystoreService.test()' on a null object reference
Address the following denial:
avc: denied { find } for service=android.security.keystore scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:keystore_service:s0 tclass=service_manager
Bug: 19347232
Change-Id: I35b46da3c78b384cf04216be937c6b5bfa86452d
This was observed when attempting to change volume for a bluetooth device
supporting AVRCP volume control.
Addresses the following denials:
avc: denied { find } for service=media.audio_flinger scontext=u:r:bluetooth:s0 tcontext=u:object_r:mediaserver_service:s0 tclass=service_manager
avc: denied { find } for service=media.audio_policy scontext=u:r:bluetooth:s0 tcontext=u:object_r:mediaserver_service:s0 tclass=service_manager
Bug: 19341236
Change-Id: If7f2ff1ea9fc694bad700cf59f400f2d2df8c2dd
Temporarily give every system_server_service its own
domain in preparation for splitting it and identifying
special services or classes of services.
Change-Id: I81ffbdbf5eea05e0146fd7fd245f01639b1ae0ef
Bluetooth can receive bugreport data for beaming to another device.
This comes across as an open file descriptor. Allow bluetooth access
to bugreports.
Addresses the following denial:
avc: denied { read } for path="/data/data/com.android.shell/files/bugreports/bugreport-2014-12-19-15-35-32.txt" dev="dm-0" ino=662738 scontext=u:r:bluetooth:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file permissive=0
Change-Id: I7be2ce2e0e48323c1e8f932be17b434b89daf085
All domains are currently granted list and find service_manager
permissions, but this is not necessary. Pare the permissions
which did not trigger any of the auditallow reporting.
Bug: 18106000
Change-Id: Ie0ce8de2af8af2cbe4ce388a2dcf4534694c994a
Remove the audit_allow rules from lmp-dev because
we will not be tightening any further so these logs
will not be useful.
Change-Id: Ibd0e4bf4e8f4f5438c3dbb9114addaadac9ef8c9
Further refined auditallow statements associated with
service_manager and added dumpstate to the
service_manager_local_audit_domain.
(cherry picked from commit 603bc20509)
Change-Id: Ib8894aa70aa300c14182a6c934dd56c08c82b05f
Further refined auditallow statements associated with
service_manager and added dumpstate to the
service_manager_local_audit_domain.
Change-Id: I2ecc42c8660de6a91f3b4e56268344fbd069ccc0
Add SELinux MAC for the service manager actions list
and find. Add the list and find verbs to the
service_manager class. Add policy requirements for
service_manager to enforce policies to binder_use
macro.
(cherry picked from commit b8511e0d98)
Change-Id: I980d4a8acf6a0c6e99a3a7905961eb5564b1be15
Add SELinux MAC for the service manager actions list
and find. Add the list and find verbs to the
service_manager class. Add policy requirements for
service_manager to enforce policies to binder_use
macro.
Change-Id: I224b1c6a6e21e3cdeb23badfc35c82a37558f964
Many of the neverallow rules have -unconfineddomain. This was
intended to allow us to support permissive_or_unconfined(), and
ensure that all domains were enforcing at least a minimal set of
rules.
Now that all the app domains are in enforcing / confined, there's
no need to allow for these exceptions. Remove them.
Change-Id: Ieb29872dad415269f7fc2fe5be5a3d536d292d4f
This is extremely useful as it allows timeouts on the socket.
Since ioctl is allowed, setopt shouldn't be a problem.
Resolves denials, in 3rd party apps, such as:
avc: denied { setopt } for pid=18107 comm="AudioRouter-6"
scontext=u:r:untrusted_app:s0 tcontext=u:r:bluetooth:s0
tclass=unix_stream_socket
Change-Id: I6f38d7b86983c517575b735f43b62a2ed811e81c
Signed-off-by: Sérgio Faria <sergio91pt@gmail.com>
