tequilaOS/platform_system_sepolicy

Fork 0

Commit graph

Author	SHA1	Message	Date
Alan Stokes	8bf8a262e5	Exempt older vendor images from recent mls changes. We no longer allow apps with mlstrustedsubject access to app_data_file or privapp_data_file. For compatibility we grant access to all apps on vendor images for SDK <= 30, whether mlstrustedsubject or not. (The ones that are not already have access, but that is harmless.) Additionally we have started adding categories to system_data_file etc. We treat these older vendor apps as trusted for those types only. The result is that apps on older vendor images still have all the access they used to but no new access. We add a neverallow to prevent the compatibility attribute being abused. Test: builds Change-Id: I10a885b6a122292f1163961b4a3cf3ddcf6230ad	2020-11-17 17:30:10 +00:00
Jeff Vander Stoep	fb69c8e64f	netlink_route_socket: add new nlmsg_readpriv perm Used when mapping RTM_GETLINK messages to this new permission. Users of netlink_route_sockets that do not use the net_domain() macro will need to grant this permission as needed. Compatibility with older vendor images is preserved by granting all vendor domains access to this new permission in *.compat.cil files. Bug: 141455849 Test: build (this change is a no-op without kernel changes) Change-Id: I18f1c9fc958120a26b7b3bea004920d848ffb26e	2019-10-16 16:14:16 +02:00
Jeff Vander Stoep	564e292ae6	Add mechanism for granting permissions to old vendor images This addresses Treble backwards compat issues introduced in aosp/793958 and aosp/783669. Bug: 122874820 Test: build/flash blueline with pi-dev vendor and generic_ab system images. Test: adb pull /sys/fs/selinux/policy; sesearch policy --allowx -s vendordomain -t dev_type Change-Id: Ic2b304472bb88051e03740dc387834056aba641a	2019-05-06 12:32:51 -07:00

Author

SHA1

Message

Date

Alan Stokes

8bf8a262e5

Exempt older vendor images from recent mls changes.

We no longer allow apps with mlstrustedsubject access to app_data_file
or privapp_data_file. For compatibility we grant access to all apps on
vendor images for SDK <= 30, whether mlstrustedsubject or not. (The
ones that are not already have access, but that is harmless.)

Additionally we have started adding categories to system_data_file
etc. We treat these older vendor apps as trusted for those types only.

The result is that apps on older vendor images still have all the
access they used to but no new access.

We add a neverallow to prevent the compatibility attribute being
abused.

Test: builds
Change-Id: I10a885b6a122292f1163961b4a3cf3ddcf6230ad

2020-11-17 17:30:10 +00:00

Jeff Vander Stoep

fb69c8e64f

netlink_route_socket: add new nlmsg_readpriv perm

Used when mapping RTM_GETLINK messages to this new permission.

Users of netlink_route_sockets that do not use the net_domain()
macro will need to grant this permission as needed. Compatibility
with older vendor images is preserved by granting all vendor domains
access to this new permission in *.compat.cil files.

Bug: 141455849
Test: build (this change is a no-op without kernel changes)
Change-Id: I18f1c9fc958120a26b7b3bea004920d848ffb26e

2019-10-16 16:14:16 +02:00

Jeff Vander Stoep

564e292ae6

Add mechanism for granting permissions to old vendor images

This addresses Treble backwards compat issues introduced in
aosp/793958 and aosp/783669.

Bug: 122874820
Test: build/flash blueline with pi-dev vendor and generic_ab system
    images.
Test: adb pull /sys/fs/selinux/policy;
    sesearch policy --allowx -s vendordomain -t dev_type

Change-Id: Ic2b304472bb88051e03740dc387834056aba641a

2019-05-06 12:32:51 -07:00

3 commits