The Android security model guarantees the confidentiality and integrity
of application data and execution state. Ptrace bypasses those
confidentiality guarantees. Disallow ptrace access from system components
to apps. Crash_dump is excluded, as it needs ptrace access to
produce stack traces.
Bug: 111317528
Test: code compiles
Change-Id: I883df49d3e9bca62952c3b33d1c691786dd7df4d
vold will trim rw mount points about daily, but it is denied by SELinux:
root 603 603 W Binder:603_2: type=1400 audit(0.0:11): avc: denied {
search } for name="vendor" dev="tmpfs" ino=23935 scontext=u:r:vold:s0
tcontext=u:object_r:mnt_vendor_file:s0 tclass=dir permissive=0
Allowing vold to search /mnt/vendor/* to fix the denials.
Note that device-specific sepolicy needs to be extended to allow vold
to send FITRIM ioctl. e.g., for /mnt/vendor/persist, it needs:
allow vold persist_file:dir { ioctl open read };
Bug: 111409607
Test: boot a device, checks the above denial is gone
Change-Id: Ia9f22d973e5a2e295678781de49a0f61fccd9dad
This is so we can get data on which apps are actually doing this.
Bug: 111544476
Test: Device boots. No audits seen on test device.
Change-Id: I5f72200ed8606775904d353c4d3d790373fe7dea
Steps taken to produce the mapping files:
1. Add prebuilts/api/28.0/[plat_pub_versioned.cil|vendor_sepolicy.cil]
from the /vendor/etc/selinux/[plat_pub_versioned.cil|vendor_sepolicy.cil]
files built on pi-dev with lunch target aosp_arm64-eng
2. Add new file private/compat/28.0/28.0.cil by doing the following:
- copy /system/etc/selinux/mapping/28.0.cil from pi-dev aosp_arm64-eng
device to private/compat/28.0/28.0.cil
- remove all attribute declaration statement (typeattribute ...) and
sort lines alphabetically
- some selinux types were added/renamed/deleted w.r.t 28 sepolicy.
Find all such types using treble_sepolicy_tests_28.0 test.
- for all these types figure out where to map them by looking at
27.0.[ignore.]cil files and add approprite entries to 28.0.[ignore.]cil.
This change also enables treble_sepolicy_tests_28.0 and install 28.0.cil
mapping onto the device.
Bug: 72458734
Test: m selinux_policy
Change-Id: I90e17c0b43af436da4b62c16179c198b5c74002c
This hwservice isn't registered with hwservicemanager but rather passed
to the thermal hal, so it doesn't need sepolicy associated with it to
do so.
Test: manual: boot, inspect logs
Test: VtsHalThermalV1_1TargetTest
Bug: 109802374
Change-Id: Ifb727572bf8eebddc58deba6c0ce513008e01861
Merged-In: Ifb727572bf8eebddc58deba6c0ce513008e01861
(cherry picked from commit c6afcb7fc0)
Avoids subsequent merge conflicts in this section of the file.
Test: manual: compile
Change-Id: I9af723dccff54039031dc4d8f3e5ee34be5960d1
Merged-In: I9af723dccff54039031dc4d8f3e5ee34be5960d1
(cherry picked from commit 6682530515)
Cut down on logspam during kernel_net_tests
Test: /data/nativetest64/kernel_net_tests/kernel_net_tests
Change-Id: Id19f50caebc09711f80b7d5f9d87be103898dd9a
Add selinux policy for the new Binder-based vr flinger vsync service.
Bug: 72890037
Test: - Manually confirmed that I can't bind to the new vsync service
from a normal Android application, and system processes (other than
vr_hwc) are prevented from connecting by selinux.
- Confirmed the CTS test
android.security.cts.SELinuxHostTest#testAospServiceContexts, when
built from the local source tree with this CL applied, passes.
- Confirmed the CTS test
android.cts.security.SELinuxNeverallowRulesTest#testNeverallowRules521,
when built from the local source tree with this CL applied, passes.
Change-Id: Ib7a6bfcb1c2ebe1051f3accc18b481be1b188b06
Create one _system and one _nonsystem target, which together contains
the same artifacts as before, just split by whether they go on the
system partition or not.
The product build hierarchy is being refactored to be split by
partition, so these targets facilitate inclusion of just the
system parts where necessary. Also keep the selinux_policy target
around for products that don't need the split.
Bug: 80410283
Test: for t in eng userdebug user; do lunch mainline_arm64-${t}; m nothing; done
Test: verified walleye /system and /vendor identical before and after, via:
Test: /google/data/rw/users/cc/ccross/bin/compare-target-files.sh P6259983 walleye-userdebug "SYSTEM/*" "VENDOR/*"
Test: only diffs are in build.prop files (timestamps and the like)
Change-Id: I0f5d8a1558a164ce5cfb7d521f34b431855ac260
