The neverallows in untrusted_app will all apply equally to ephemeral app
and any other untrusted app domains we may add, so this moves them to a
dedicated separate file.
This also removes the duplicate rules from isolated_app.te and ensures
that all the untrusted_app neverallows also apply to isolated_app.
Test: builds
Change-Id: Ib38e136216ccbe5c94daab732b7ee6acfad25d0b
The rules for the two types were the same and /data/app-ephemeral is
being removed. Remove these types.
Test: Builds
Change-Id: I520c026395551ad1362dd2ced53c601d9e6f9b28
This change adds selinux policy for configstore@1.0 hal. Currently, only
surfaceflinger has access to the HAL, but need to be widen.
Bug: 34314793
Test: build & run
Merged-In: I40e65032e9898ab5f412bfdb7745b43136d8e964
Change-Id: I40e65032e9898ab5f412bfdb7745b43136d8e964
(cherry picked from commit 5ff0f178ba)
There are many character files that are unreachable to all processes
under selinux policies. Ueventd and init were the only two domains that
had access to these generic character files, but auditing proved there
was no use for that access. In light of this, access is being completely
revoked so that the device nodes can be removed, and a neverallow is
being audited to prevent future regressions.
Test: The device boots
Bug: 33347297
Change-Id: If050693e5e5a65533f3d909382e40f9c6b85f61c
Required for I0aeb653afd65e4adead13ea9c7248ec20971b04a
Test: Together with I0aeb653afd65e4adead13ea9c7248ec20971b04a, ensure that the
system service works
Bug: b/30932767
Change-Id: I994b1c74763c073e95d84222e29bfff5483c6a07
Since it was introduced it caused quite a few issues and it spams the
SElinux logs unnecessary.
The end goal of the audit was to whitelist the access to the
interpreter. However that's unfeasible for now given the complexity.
Test: devices boots and everything works as expected
no more auditallow logs
Bug: 29795519
Bug: 32871170
Change-Id: I9a7a65835e1e1d3f81be635bed2a3acf75a264f6
The event log tag service uses /dev/event-log-tags, pstore and
/data/misc/logd/event-log-tags as sticky storage for the invented
log tags.
Test: gTest liblog-unit-tests, logd-unit-tests & logcat-unit-tests
Bug: 31456426
Change-Id: Iacc8f36f4a716d4da8dca78a4a54600ad2a288dd
Create an event_log_tags_file label and use it for
/dev/event-log-tags. Only trusted system log readers are allowed
direct read access to this file, no write access. Untrusted domain
requests lack direct access, and are thus checked for credentials via
the "plan b" long path socket to the event log tag service.
Test: gTest logd-unit-tests, liblog-unit-tests and logcat-unit-tests
Bug: 31456426
Bug: 30566487
Change-Id: Ib9b71ca225d4436d764c9bc340ff7b1c9c252a9e
Default HAL implementations are built from the platform tree and get
placed into the vendor image. The SELinux rules needed for these HAL
implementations to operate thus need to reside on the vendor
partition.
Up to now, the only place to define such rules in the source tree was
the system/sepolicy/public directory. These rules are placed into the
vendor partition. Unfortunately, they are also placed into the
system/root partition, which thus unnecessarily grants these rules to
all HAL implementations of the specified service, default/in-process
shims or not.
This commit adds a new directory, system/sepolicy/vendor, whose
rules are concatenated with the device-specific rules at build time.
These rules are thus placed into the vendor partition and are not
placed into the system/root partition.
Test: No change to SELinux policy.
Test: Rules placed into vendor directory end up in nonplat* artefacts,
but not in plat* artefacts.
Bug: 34715716
Change-Id: Iab14aa7a3311ed6d53afff673e5d112428941f1c
