Read access to /dev/log/* is no longer restricted.
Filtering on reads is performed per-uid by the kernel logger driver.
Change-Id: Ia986cbe66b84f3898e858c60f12c7f3d63ac47cf
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This feels like a hidden bug- it shouldn't be trying to
stat everything under /cache anyways- but allowing for now.
Change-Id: Ib5ddfbb408c9f0b6c6218c78a678fcdb09360ccd
Just allow them unconditionally for compatibility.
Change-Id: I85b56532c6389bdfa25731042b98d8f254bd80ee
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Two new types are introduced:
sdcard_internal
sdcard_external
The existing type of sdcard, is dropped and a new attribute
sdcard_type is introduced.
The boolean app_sdcard_rw has also been changed to allow for
controlling untrusted_app domain to use the internal and external
sdcards.
Change-Id: Ic7252a8e1703a43cb496413809d01cc6cacba8f5
The binder_transfer_binder hook was changed in the kernel, obsoleting
the receive permission and changing the target of the transfer permission.
Update the binder-related policy to match the revised permission checking.
Change-Id: I1ed0dadfde2efa93296e967eb44ca1314cf28586
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Policy covers:
* backup_data_file type for labeling all
files/dirs under /data dealing with
backup mechanism.
* cache_backup_file type for labeling all
files/dirs under /cache dealing with
backup mechanism. This also covers the
the use of LocalTransport for local archive
and restore testing.
* the use of 'adb shell bmgr' to initiate
backup mechanism from shell.
* the use of 'adb backup/restore' to archive
and restore the device's data.
Change-Id: I700a92d8addb9bb91474bc07ca4bb71eb4fc840e
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
Generic init.rc allows any process to use
socket tagging. Adjust app policy to ensure
that any app can read from the misc device.
Change-Id: I4076f0fbc1795f57a4227492f6bfc39a4398ffa5
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
Creates 2 new types:
- asec_apk_file : files found under /mnt/asec
when the asec images are mounted
- asec_image_file : the actual encrypted apks under
/data/app-asec
Change-Id: I963472add1980ac068d3a6d36a24f27233022832
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
- allow all apps to connect to the keystore over unix socket
- dhcp runs scripts in /system/etc/dhcpcd/dhcpcd-hooks and creates/removes lease files
- mtp connects to dnsproxyd when a pptp vpn connection is established
- allow appdomain to also open qtaguid_proc and release_app to read qtaguid_device
- WifiWatchDog uses packet_socket when wifi comes up
- apps interact with isolated_apps when an app uses an isolated service and uses sockets for that interaction
- for apps with levelFromUid=true to interact with isolated_app, isolated_app must be an mlstrustedsubject
Change-Id: I09ff676267ab588ad4c73f04d8f23dba863c5949
Signed-off-by: Joshua Brindle <jbrindle@tresys.com>
Used when an app service is declared with android:isolatedProcess="true".
Place such processes in a separate domain, and further isolate them
from each other via categories.
Change-Id: I1d64f8278f0619eedb448f9a741f1d2c31985325
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Platform (any of the apps signed by build keys, i.e. platform|release|shared|media) apps expect to be able to share files with each other or with third party apps by passing open files or pathnames over Binder. Therefore, we switch to only enforcing the per-app process and file isolation via SELinux on third party apps, not platform apps.
Make the platform app domains mlstrustedsubjects so that they can access any files created by third party apps.
Introduce a new platform_app_data_file type for platform apps so that we can mark it as a mlstrustedobject and allow third party apps to read/write files created by the platform apps.
Specify this new type for the platform app entries in seapp_contexts.
Remove levelFromUid=true for the platform apps in seapp_contexts since we are no longer enforcing per-app separation among them.
