Add policy for run-as program and label it in file_contexts.
Drop MLS constraints on local socket checks other than create/relabel
as this interferes with connections with services, in particular for
adb forward.
Change-Id: Ib0c4abeb7cbef559e150a620c45a7c31e0531114
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This README intends to document the various configuration options
that exist for specifiying device specific additions to the policy.
Change-Id: I7db708429a67deeb89b0c155a116606dcbbbc975
Update policy for Android 4.2 / latest master.
Primarily this consists of changes around the bluetooth subsystem.
The zygote also needs further permissions to set up /storage/emulated.
adbd service now gets a socket under /dev/socket.
keystore uses the binder.
Change-Id: I8c5aeb8d100313c75169734a0fa614aa974b3bfc
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This is a rewrite of the existing implementation.
Three new variables are now needed to add/modify
the exisitng base policy. They are, BOARD_SEPOLICY_REPLACE
and BOARD_SEPOLICY_UNION which govern what files
are replaced and concatenated, and BOARD_SEPOLICY_DIRS
which lists the various directories that will contain
the BOARD_SEPOLICY_REPLACE and BOARD_SEPOLICY_UNION
policy files.
Change-Id: Id33381268cef03245c56bc5242fec7da9b6c6493
Signed-off-by: rpcraig <robertpcraig@gmail.com>
"sepolicy" is a phony target defined by the build system.
If you use it as dependency of a file target, you'll get unnecessary
rebuild.
Change-Id: I3a948ebbaff6a146050eb86a3d04cdc050f7c001
A double free error occurs when building with non glibc
devices. The hdestroy() function frees all comparison
keys internally in these cases. So avoid an explicit
call to free().
Change-Id: If9c5dc1a969605cd1eeb9218de02a9f8dbbd3ae1
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
Creates 2 new types:
- asec_apk_file : files found under /mnt/asec
when the asec images are mounted
- asec_image_file : the actual encrypted apks under
/data/app-asec
Change-Id: I963472add1980ac068d3a6d36a24f27233022832
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
- allow all apps to connect to the keystore over unix socket
- dhcp runs scripts in /system/etc/dhcpcd/dhcpcd-hooks and creates/removes lease files
- mtp connects to dnsproxyd when a pptp vpn connection is established
- allow appdomain to also open qtaguid_proc and release_app to read qtaguid_device
- WifiWatchDog uses packet_socket when wifi comes up
- apps interact with isolated_apps when an app uses an isolated service and uses sockets for that interaction
- for apps with levelFromUid=true to interact with isolated_app, isolated_app must be an mlstrustedsubject
Change-Id: I09ff676267ab588ad4c73f04d8f23dba863c5949
Signed-off-by: Joshua Brindle <jbrindle@tresys.com>
The app_* syntax was a legacy of the original approach of looking up
the username returned by getpwuid() and the original username encoding
scheme by bionic. With the recent changes to move away from this approach,
there is no reason to retain that syntax. Instead, just use _app to match
app UIDs and _isolated to match isolated service UIDs. The underscore
prefix is to signify that these are not real usernames and to avoid
conflicts with any system usernames.
Requires a corresponding change to libselinux.
Change-Id: Ic388a12c1c9d3e47386c8849db607140ef8a3d75
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
