Commit graph

8 commits

Author SHA1 Message Date
Nick Kralevich
a7c04dcd74 Remove domain:process from unconfined
Prune down unconfined so it doesn't allow process access
to all other domains. Use domain_trans() for transitions to
seclabeled domains.

Change-Id: I8e88a49e588b6b911e1f7172279455838a06091d
2014-07-10 13:54:20 -07:00
Stephen Smalley
1c670ccdbd Make watchdogd enforcing.
Change-Id: I04969ca94d27535b3cdcfad55f092f98592b22f7
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-12-06 10:25:45 -05:00
Stephen Smalley
043b9027b3 Confine watchdogd, but leave it permissive for now.
Change-Id: If2285e927cb886956b3314dd18384145a1ebeaa9
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-11-21 10:55:56 -05:00
Nick Kralevich
353c72e3b0 Move unconfined domains out of permissive mode.
This change removes the permissive line from unconfined
domains. Unconfined domains can do (mostly) anything, so moving
these domains into enforcing should be a no-op.

The following domains were deliberately NOT changed:
1) kernel
2) init

In the future, this gives us the ability to tighten up the
rules in unconfined, and have those tightened rules actually
work.

When we're ready to tighten up the rules for these domains,
we can:

1) Remove unconfined_domain and re-add the permissive line.
2) Submit the domain in permissive but NOT unconfined.
3) Remove the permissive line
4) Wait a few days and submit the no-permissive change.

For instance, if we were ready to do this for adb, we'd identify
a list of possible rules which allow adbd to work, re-add
the permissive line, and then upload those changes to AOSP.
After sufficient testing, we'd then move adb to enforcing.
We'd repeat this for each domain until everything is enforcing
and out of unconfined.

Change-Id: If674190de3262969322fb2e93d9a0e734f8b9245
2013-10-21 12:52:03 -07:00
repo sync
274d2927a7 Clean up remaining denials.
Bug: 8424461
Change-Id: I8f0b01cdb19b4a479d5de842f4e4844aeab00622
2013-05-22 14:20:20 -07:00
repo sync
77d4731e9d Make all domains unconfined.
This prevents denials from being generated by the base policy.
Over time, these rules will be incrementally tightened to improve
security.

Change-Id: I4be1c987a5d69ac784a56d42fc2c9063c402de11
2013-05-20 11:08:05 -07:00
repo sync
50e37b93ac Move domains into per-domain permissive mode.
Bug: 4070557
Change-Id: I027f76cff6df90e9909711cb81fbd17db95233c1
2013-05-14 21:36:32 -07:00
rpcraig
bac9992e86 watchdog security policy.
Initial policy for software watchdog daemon
which is started by init.

Change-Id: I042a5b1698bf53ce2e50ea06851c374e5123ee2c
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
2013-03-19 22:48:38 +00:00