Commit graph

158 commits

Author SHA1 Message Date
rpcraig
1c8464e136 App data backup security policy.
Policy covers:

 * backup_data_file type for labeling all
   files/dirs under /data dealing with
   backup mechanism.

 * cache_backup_file type for labeling all
   files/dirs under /cache dealing with
   backup mechanism. This also covers the
   the use of LocalTransport for local archive
   and restore testing.

 * the use of 'adb shell bmgr' to initiate
   backup mechanism from shell.

 * the use of 'adb backup/restore' to archive
   and restore the device's data.

Change-Id: I700a92d8addb9bb91474bc07ca4bb71eb4fc840e
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
2013-03-19 22:22:10 +00:00
Geremy Condra
c57dbccb50 Merge "Change security policy so all apps can read /dev/xt_qtaguid." 2013-03-19 22:21:49 +00:00
Geremy Condra
5988bbf8a2 Merge "Dynamic insertion of pubkey to mac_permissions.xml" 2013-03-19 22:17:29 +00:00
Geremy Condra
04598de872 Merge "Replaceable mac_permission.xml support" 2013-03-19 22:17:10 +00:00
Geremy Condra
669f679243 Merge "mediaserver.te refactor" 2013-03-19 22:16:49 +00:00
Geremy Condra
eeafabde61 Merge "Label persist audio properties" 2013-03-19 22:16:31 +00:00
Stephen Smalley
e468016b1b zygote requires setpcap in order to drop from its bounding set.
I8560fa5ad125bf31f0d13be513431697bc7d22bb changed the zygote
to limit the bounding capability set to CAP_NET_RAW.  This triggers
a CAP_SETPCAP check by the kernel, which requires SELinux setpcap permission.

Change-Id: Ib910d97dcf708273e2806e2824f4abe9fc239d6d
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-02-19 13:20:55 -05:00
Stephen Smalley
58b0fb6dde Fix invalid specification for adb_keys.
A prior change added an entry for adb_keys without any security context,
yielding warnings like the following during build:
out/target/product/manta/root/file_contexts:  line 7 is missing fields, skipping

This adds the missing security context field.

Change-Id: If48731c8aa7d22a3f547d0854f288ff68f9006da
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-01-11 15:05:03 -05:00
Colin Cross
92b9aa0eef add file_contexts entries for root filesystem
It may be useful to generate an ext4 image of the root filesystem
instead of using a ramdisk.  Whitelist entries in file_contexts to
support selinux labeling a root filesystem image.

Change-Id: I91a38d0aee4408c46cbfe5dc5e6eda198572e90f
2012-12-21 13:55:25 -08:00
William Roberts
22fc04103b Dynamic insertion of pubkey to mac_permissions.xml
Support the inseretion of the public key from pem
files into the mac_permissions.xml file at build
time.

Change-Id: Ia42b6cba39bf93723ed3fb85236eb8f80a08962a
2012-12-08 09:26:37 +09:00
William Roberts
2c8a55dcf4 Replaceable mac_permission.xml support
Support overriding ma_permissions.xml
in BOARD_SEPOLICY_REPLACE

Change-Id: If0bca8bf29bc431a291b6d7b20de132e68cd6a79
2012-12-06 05:57:49 +09:00
rpcraig
4c266ba1bc Change security policy so all apps can read /dev/xt_qtaguid.
Generic init.rc allows any process to use
socket tagging. Adjust app policy to ensure
that any app can read from the misc device.

Change-Id: I4076f0fbc1795f57a4227492f6bfc39a4398ffa5
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
2012-12-05 10:08:19 -05:00
William Roberts
4e030c2a0f mediaserver.te refactor
Change-Id: Ieaff9f3362c71e25e5c8e7204397a85ff14fff97
2012-11-28 12:18:30 -08:00
William Roberts
e2ad318e45 Label persist audio properties
label all persist.audio.* properties
and allow mediaserver access to them.

Change-Id: If5755d9783dce298e66a25bcb7f17ff17bd83ea7
2012-11-28 12:15:02 -08:00
Stephen Smalley
e884872655 Add policy for run-as program.
Add policy for run-as program and label it in file_contexts.
Drop MLS constraints on local socket checks other than create/relabel
as this interferes with connections with services, in particular for
adb forward.

Change-Id: Ib0c4abeb7cbef559e150a620c45a7c31e0531114
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2012-11-27 10:05:42 -08:00
Kenny Root
fdaa7869a5 Merge "README for configuration of selinux policy" 2012-11-27 09:56:59 -08:00
William Roberts
c34a252783 Allow shell to connect to property service
Change-Id: I06ea2b400cc826c684b6ad25e12b021c2667b48a
2012-11-27 08:18:52 -08:00
William Roberts
3f1ed6ec62 README for configuration of selinux policy
This README intends to document the various configuration options
that exist for specifiying device specific additions to the policy.

Change-Id: I7db708429a67deeb89b0c155a116606dcbbbc975
2012-11-26 17:16:05 -08:00
Stephen Smalley
61c80d5ec8 Update policy for Android 4.2 / latest master.
Update policy for Android 4.2 / latest master.
Primarily this consists of changes around the bluetooth subsystem.
The zygote also needs further permissions to set up /storage/emulated.
adbd service now gets a socket under /dev/socket.
keystore uses the binder.

Change-Id: I8c5aeb8d100313c75169734a0fa614aa974b3bfc
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2012-11-19 09:55:10 -05:00
Jean-Baptiste Queru
eab23895cd Merge "Revert "Include su.te only for userdebug/eng builds."" into jb-mr1-dev-plus-aosp 2012-11-01 14:21:26 -07:00
Kenny Root
8c87a18d39 am df822f41: Merge "Add SELinux policy for asec containers."
* commit 'df822f4168b71629e336e3f484028b510ed21ee4':
  Add SELinux policy for asec containers.
2012-11-01 14:15:23 -07:00
Alice Chu
eefaa83d4c am cdfb06f5: Moved Android policy tools to tools directory
* commit 'cdfb06f55394d68a7df1110d83070961a2cc52aa':
  Moved Android policy tools to tools directory
2012-11-01 14:15:23 -07:00
Kenny Root
df822f4168 Merge "Add SELinux policy for asec containers." 2012-11-01 13:54:37 -07:00
Kenny Root
9ceb47b0c0 Revert "Include su.te only for userdebug/eng builds."
This reverts commit af56ac1954.

Change-Id: Id658a90b58ea31365051c0878c58393fd055fc69
2012-11-01 13:17:29 -07:00
Alice Chu
cdfb06f553 Moved Android policy tools to tools directory
Change-Id: I57b0dd9f8071eae492020f410c87f465ba820711
2012-11-01 11:33:04 -07:00
Alice Chu
83dde22099 am f6647eb9: Change 0 to NULL Byte
* commit 'f6647eb9f40a6a3d6dc3c1374d583e176a735498':
  Change 0 to NULL Byte
2012-10-31 10:44:02 -07:00
Alice Chu
f6647eb9f4 Change 0 to NULL Byte
Change-Id: I16b47f8dbf64e8dffb550b5a89321f920604ef7a
2012-10-30 16:27:00 -07:00
Kenny Root
a2517b20cb resolved conflicts for merge of 47cd396b to jb-mr1-dev-plus-aosp
Change-Id: I3112f4cf0fafb6e7e3c9c60084a097f5e6190c22
2012-10-29 16:49:22 -07:00
rpcraig
47cd396b11 Add better per-device sepolicy support.
This is a rewrite of the existing implementation.
Three new variables are now needed to add/modify
the exisitng base policy. They are, BOARD_SEPOLICY_REPLACE
and BOARD_SEPOLICY_UNION which govern what files
are replaced and concatenated, and BOARD_SEPOLICY_DIRS
which lists the various directories that will contain
the BOARD_SEPOLICY_REPLACE and BOARD_SEPOLICY_UNION
policy files.

Change-Id: Id33381268cef03245c56bc5242fec7da9b6c6493
Signed-off-by: rpcraig <robertpcraig@gmail.com>
2012-10-26 11:17:24 -07:00
Ying Wang
6b964fa1f2 am d8b122c7: Use file target as dependency.
* commit 'd8b122c7bbe3a57620bee0a5c6bfcb8f7c574081':
  Use file target as dependency.
2012-10-26 09:51:39 -07:00
Ying Wang
d8b122c7bb Use file target as dependency.
"sepolicy" is a phony target defined by the build system.
If you use it as dependency of a file target, you'll get unnecessary
rebuild.

Change-Id: I3a948ebbaff6a146050eb86a3d04cdc050f7c001
2012-10-25 19:01:31 -07:00
rpcraig
8f4600c0f8 am 5dbfdc0b: Add double free protection to checkseapp.
* commit '5dbfdc0b0fec04d670912c4eed179983f98abe8a':
  Add double free protection to checkseapp.
2012-10-23 16:07:27 -07:00
rpcraig
5dbfdc0b0f Add double free protection to checkseapp.
A double free error occurs when building with non glibc
devices. The hdestroy() function frees all comparison
keys internally in these cases. So avoid an explicit
call to free().

Change-Id: If9c5dc1a969605cd1eeb9218de02a9f8dbbd3ae1
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
2012-10-23 13:46:11 -04:00
rpcraig
7672eac5fb Add SELinux policy for asec containers.
Creates 2 new types:
- asec_apk_file : files found under /mnt/asec
                  when the asec images are mounted
- asec_image_file : the actual encrypted apks under
                    /data/app-asec

Change-Id: I963472add1980ac068d3a6d36a24f27233022832
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
2012-10-22 14:14:11 -04:00
Kenny Root
84b7472db0 am 6766cc9e: Merge "allow apps access to the keystore, dhcp/pptp fixes, wifi fixes and isolated_app access"
* commit '6766cc9e3c1d5dcec5db445a8d06bb6d4f301562':
  allow apps access to the keystore, dhcp/pptp fixes, wifi fixes and isolated_app access
2012-10-19 12:15:12 -07:00
Kenny Root
ca895fbc0b am 91c12e3c: Merge "file class macro cleanup"
* commit '91c12e3c0c7639cae727e8dec2d390474de546f9':
  file class macro cleanup
2012-10-19 12:15:11 -07:00
Kenny Root
6766cc9e3c Merge "allow apps access to the keystore, dhcp/pptp fixes, wifi fixes and isolated_app access" 2012-10-19 11:44:34 -07:00
Kenny Root
91c12e3c0c Merge "file class macro cleanup" 2012-10-19 11:29:38 -07:00
Stephen Smalley
ced365aa64 am 01a58af1: Add a checkfc utility to check file_contexts validity and invoke it.
* commit '01a58af19494420bb259505bc5404790a21fdd64':
  Add a checkfc utility to check file_contexts validity and invoke it.
2012-10-17 12:57:32 -07:00
Stephen Smalley
01a58af194 Add a checkfc utility to check file_contexts validity and invoke it.
Change-Id: I4b12dc3dcb432edbdf95dd3bc97f809912ce86d1
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2012-10-17 12:02:25 -07:00
Kenny Root
b83bb3f05d Revert "ISSUE 6849488 Bluedroid stack, remove system/bluetooth."
This reverts commit b620dc60b1.

(cherry picked from commit 128db96282)

Change-Id: I21227e6232c925a42597e5c8fc0fcc0585d7a876
2012-10-16 18:08:53 -07:00
Kenny Root
44374bc5ed am 659aaced: Remove HAVE_SELINUX guard
* commit '659aaced054c21048c712fe1f5831a86c99213d8':
  Remove HAVE_SELINUX guard
2012-10-16 17:48:23 -07:00
Joshua Brindle
f26d813033 allow apps access to the keystore, dhcp/pptp fixes, wifi fixes and isolated_app access
- allow all apps to connect to the keystore over unix socket
- dhcp runs scripts in /system/etc/dhcpcd/dhcpcd-hooks and creates/removes lease files
- mtp connects to dnsproxyd when a pptp vpn connection is established
- allow appdomain to also open qtaguid_proc and release_app to read qtaguid_device
- WifiWatchDog uses packet_socket when wifi comes up
- apps interact with isolated_apps when an app uses an isolated service and uses sockets for that interaction
- for apps with levelFromUid=true to interact with isolated_app, isolated_app must be an mlstrustedsubject

Change-Id: I09ff676267ab588ad4c73f04d8f23dba863c5949
Signed-off-by: Joshua Brindle <jbrindle@tresys.com>
2012-10-16 09:48:40 -04:00
Kenny Root
659aaced05 Remove HAVE_SELINUX guard
Change-Id: I45b4a749bf4fb085d96d912871bae33aa5288119
2012-10-10 10:52:46 -07:00
William Roberts
7104df5cae file class macro cleanup
Change-Id: I328bc882b3d6e200742e017aa23154fb01e638a5
2012-10-04 11:34:57 -07:00
Stephen Smalley
382381b6d1 am 3ac1d26a: Switch app_* and isolated to _app and _isolated in seapp_contexts.
* commit '3ac1d26a585b0cef73b626656e90005617725662':
  Switch app_* and isolated to _app and _isolated in seapp_contexts.
2012-09-26 09:58:23 -07:00
Stephen Smalley
3ac1d26a58 Switch app_* and isolated to _app and _isolated in seapp_contexts.
The app_* syntax was a legacy of the original approach of looking up
the username returned by getpwuid() and the original username encoding
scheme by bionic.  With the recent changes to move away from this approach,
there is no reason to retain that syntax.  Instead, just use _app to match
app UIDs and _isolated to match isolated service UIDs.  The underscore
prefix is to signify that these are not real usernames and to avoid
conflicts with any system usernames.

Requires a corresponding change to libselinux.

Change-Id: Ic388a12c1c9d3e47386c8849db607140ef8a3d75
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2012-09-24 10:16:03 -04:00
Zhihai Xu
acbded32b2 Merge "ISSUE 6849488 Bluedroid stack, remove system/bluetooth." into jb-mr1-dev 2012-09-20 16:45:49 -07:00
Stephen Smalley
c6c6aba0ec am 061f254d: Define security labeling for isolated processes.
* commit '061f254def394fdc4784fe6c446bdd779cfec768':
  Define security labeling for isolated processes.
2012-09-20 13:04:55 -07:00
Zhihai Xu
b620dc60b1 ISSUE 6849488 Bluedroid stack, remove system/bluetooth.
remove system/bluetooth dependency.

bug 6849488

Change-Id: I259322385adafa4128deef5324e854bebef2b033
2012-09-20 11:14:34 -07:00