tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
6032 commits 1 branch 0 tags 50 MiB
Commit graph

6032 commits

This branch
This branch
All branches
Author SHA1 Message Date
Nick Kralevich
eb6656ce0d priv_app.te: refine cache_recovery_file auditallow rules 
priv_app reads from /cache/recovery, but I'm still not sure if
it writes. Eliminate the read auditallow rules and allow the
writes to show up (if any).

Eliminates the following auditallow messages:

  avc: granted { search } for comm="IntentService[S" name="recovery" dev="mmcblk0p38" ino=12 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:cache_recovery_file:s0 tclass=dir
  avc: granted { getattr } for comm="Thread-1" path="/cache/recovery/last_install" dev="mmcblk0p27" ino=29891 scontext=u:r:priv_app:s0:c525,c768 tcontext=u:object_r:cache_recovery_file:s0 tclass=file
  avc: granted { read open } for comm="Thread-1" name="recovery" dev="mmcblk0p27" ino=29889 scontext=u:r:priv_app:s0:c525,c768 tcontext=u:object_r:cache_recovery_file:s0 tclass=dir

Change-Id: Ibc0640f5366aae50e3fd09d17657374390b24a5c
 2016-01-07 16:13:59 -08:00
Nick Kralevich
841a7a2b8a Merge "su.te: drop domain_deprecated and app auditallow rules." am: e288cfa120 
am: 516a0093ec

* commit '516a0093ecd1d116fe788e1b21b19a4f3ff96cfa':
  su.te: drop domain_deprecated and app auditallow rules.
 2016-01-08 00:09:45 +00:00
Nick Kralevich
516a0093ec Merge "su.te: drop domain_deprecated and app auditallow rules." 
am: e288cfa120

* commit 'e288cfa1206702401d736e5aa8fbdb2f3f6afbc3':
  su.te: drop domain_deprecated and app auditallow rules.
 2016-01-08 00:07:02 +00:00
Daniel Cashman
f9b7ecbd75 Merge "Allow domain to read symlinks in /sys." am: 1bd0712e7c 
am: e784bada8d

* commit 'e784bada8ddafe32652724fa8a8d7d6b014772fc':
  Allow domain to read symlinks in /sys.
 2016-01-08 00:07:02 +00:00
Daniel Cashman
e784bada8d Merge "Allow domain to read symlinks in /sys." 
am: 1bd0712e7c

* commit '1bd0712e7c73e14dd8519a13567904d65b1fe6a6':
  Allow domain to read symlinks in /sys.
 2016-01-08 00:05:03 +00:00
Nick Kralevich
e288cfa120 Merge "su.te: drop domain_deprecated and app auditallow rules." 2016-01-08 00:03:35 +00:00
Daniel Cashman
1bd0712e7c Merge "Allow domain to read symlinks in /sys." 2016-01-08 00:01:12 +00:00
Nick Kralevich
0af2aa0be3 su.te: drop domain_deprecated and app auditallow rules. 
su is in permissive all the time. We don't want SELinux log
spam from this domain.

Addresses the following logspam:

  avc: granted { getattr } for comm="lsof" path="/sys/devices/virtual/graphics/fb0/vsync_event" dev="sysfs" ino=10815 scontext=u:r:su:s0 tcontext=u:object_r:sysfs:s0 tclass=file
  avc: granted { getattr } for comm="lsof" path="/sys/devices/virtual/thermal/thermal_zone2/temp" dev="sysfs" ino=15368 scontext=u:r:su:s0 tcontext=u:object_r:sysfs:s0 tclass=file
  avc: granted { read } for comm="sh" name="emmc_therm" dev="sysfs" ino=17583 scontext=u:r:su:s0 tcontext=u:object_r:sysfs:s0 tclass=file

Change-Id: I8e17d3814e41b497b25ce00cd72698f0d22b3ab0
 2016-01-07 15:59:28 -08:00
dcashman
cee729240e Allow domain to read symlinks in /sys. 
Address the following denial:
avc: denied { read } for name="battery" dev="sysfs" ino=17945 scontext=u:r:shell:s0 tcontext=u:object_r:sysfs:s0 tclass=lnk_file permissive=0

Bug: 26219114
Change-Id: I862b40a6514bffaa455dd7f06368acf9bcdc4782
 2016-01-07 15:54:56 -08:00
Jeff Vander Stoep
824da638f4 app: remove permission to execute gpu_device am: 1911c27ff0 
am: 8e53bb8d9a

* commit '8e53bb8d9a8f1ed4eb8ca29ef5e80a72a4d9442e':
  app: remove permission to execute gpu_device
 2016-01-07 23:39:09 +00:00
Jeff Vander Stoep
8e53bb8d9a app: remove permission to execute gpu_device 
am: 1911c27ff0

* commit '1911c27ff002880962fb04429fac950381a795de':
  app: remove permission to execute gpu_device
 2016-01-07 23:36:28 +00:00
Jeff Vander Stoep
1911c27ff0 app: remove permission to execute gpu_device 
Not actually needed as demonstrated by the auditallow rule.

Change-Id: Ia92c82ec237ab3490a1d51fa3371778e43e09504
 2016-01-07 23:30:18 +00:00
Bertrand SIMONNET
34e4da5fa9 Allows init to send signals. 
This will allow init to terminate services cleanly (SIGTERM, wait,
SIGKILL) when needed.

Bug: 26216447
Test: manual: init is able to send a SIGTERM signal without denials.

Change-Id: Id2471ca08c0b011be64a36956628e965bc999bc6
 2016-01-07 15:15:29 -08:00
Nick Kralevich
dd4fa22fd6 Remove cache_recovery_file symlink read am: dc37ea7393 
am: f4c70b7ca7

* commit 'f4c70b7ca74b815f8592c2716d966db3d39c3bd3':
  Remove cache_recovery_file symlink read
 2016-01-07 21:13:24 +00:00
Nick Kralevich
f4c70b7ca7 Remove cache_recovery_file symlink read 
am: dc37ea7393

* commit 'dc37ea73932f8d1c401695366284b4e8869e2127':
  Remove cache_recovery_file symlink read
 2016-01-07 21:11:43 +00:00
Nick Kralevich
dc37ea7393 Remove cache_recovery_file symlink read 
auditallow shows no hits.

Change-Id: I5ae33d34cd4bfa48f4384926fcafd84bec60e899
 2016-01-07 12:56:54 -08:00
William Roberts
29d146887e fc_sort: initial commit 
Ordering matters in fc files; the last match wins. In builds where
many BOARD_SEPOLICY_DIRS are set, the order of that list becomes
increasingly important in order to maintain a cohesive built
file_contexts.

To correct this, we sort the device specific file_contexts entries
with the upstream fc_sort tool.

Change-Id: Id79cc6f434c41179d5c0d0d739c4718918b0b1dc
Signed-off-by: William Roberts <william.c.roberts@intel.com>
 2016-01-07 10:11:52 -08:00
Jeffrey Vander Stoep
7015004953 Merge "audio/mediaserver: Restrict to unprivileged socket ioctls" 2016-01-06 20:42:45 +00:00
Jeffrey Vander Stoep
3b70d69c86 Merge "shell: remove redundant ioctl perms" 2016-01-06 20:28:52 +00:00
Jeff Vander Stoep
7105d048d5 shell: remove redundant ioctl perms 
These permissions are already inherited from appdomain.

Change-Id: I1de57f656bea26da3d8105045c3d109094f6f917
 2016-01-06 12:11:32 -08:00
Jeff Vander Stoep
0fd910ecfd audio/mediaserver: Restrict to unprivileged socket ioctls 
Neverallow access to privileged commands.

Change-Id: I443be5bbcd8cdf55e23c2c4d8fee93c4ebf30e55
 2016-01-06 11:34:02 -08:00
Mark Salyzyn
8c0ca87aa4 Settings: switch to using ctl.start property instead of exec logcat am: ea0da78589 
am: ac2b7d09a4

* commit 'ac2b7d09a437cde5f64fed4effa8583630770b6a':
  Settings: switch to using ctl.start property instead of exec logcat
 2016-01-06 19:21:53 +00:00
Mark Salyzyn
ac2b7d09a4 Settings: switch to using ctl.start property instead of exec logcat 
am: ea0da78589

* commit 'ea0da7858933101690d4992b3d47d72a14f11314':
  Settings: switch to using ctl.start property instead of exec logcat
 2016-01-06 19:19:31 +00:00
Jeffrey Vander Stoep
ef0b7b1ae5 Merge "app: expand socket ioctl restrictions to all apps" 2016-01-06 18:51:00 +00:00
Jeff Vander Stoep
bb1ece494f app: expand socket ioctl restrictions to all apps 
Exempt bluetooth which has net_admin capability.

Allow Droidguard to access the MAC address - droidguard runs in
priv_app domain.

Change-Id: Ia3cf07f4a96353783b2cfd7fc4506b7034daa2f1
 2016-01-06 10:22:05 -08:00
Mark Salyzyn
ea0da78589 Settings: switch to using ctl.start property instead of exec logcat 
- Moves policy of what to do with buffer size changes to logd

Bug: 23685592
Change-Id: I0b12c452e01b94d264d12b30f9040f646e609340
 2016-01-06 10:20:48 -08:00
Nick Kralevich
3873c31fa6 domain_deprecated.te: Exclude recovery from auditallow for /cache/recovery am: 829a749351 
am: 1ae69e4f38

* commit '1ae69e4f389075ec7e7bd1ed5607a38bb49afab9':
  domain_deprecated.te: Exclude recovery from auditallow for /cache/recovery
 2016-01-06 17:49:18 +00:00
Nick Kralevich
1ae69e4f38 domain_deprecated.te: Exclude recovery from auditallow for /cache/recovery 
am: 829a749351

* commit '829a7493515b463c84cc0d42b2a95d4fbcce1520':
  domain_deprecated.te: Exclude recovery from auditallow for /cache/recovery
 2016-01-06 17:47:32 +00:00
Nick Kralevich
829a749351 domain_deprecated.te: Exclude recovery from auditallow for /cache/recovery 
Recovery uses /cache/recovery. Exclude it from auditallow coverage.

Addresses the following SELinux log spam:

  avc:  granted  { search } for  pid=323 comm="recovery" name="recovery" dev="mmcblk0p38" ino=12 scontext=u:r:recovery:s0 tcontext=u:object_r:cache_recovery_file:s0 tclass=dir
  avc:  granted  { read } for  pid=323 comm="recovery" name="block.map" dev="mmcblk0p38" ino=26 scontext=u:r:recovery:s0 tcontext=u:object_r:cache_recovery_file:s0 tclass=file
  avc:  granted  { getattr } for  pid=323 comm="recovery" path="/cache/recovery/block.map" dev="mmcblk0p38" ino=26 scontext=u:r:recovery:s0 tcontext=u:object_r:cache_recovery_file:s0 tclass=file

Change-Id: Ib6c7b44ac23fccaf2ea506429fb760ee85e87c76
 2016-01-06 09:37:13 -08:00
Jeff Vander Stoep
4eb8d39db6 untrusted_app: remove mtp_device perms am: 956ca4c504 
am: e139b40f0c

* commit 'e139b40f0c339654bdfa92f04f11fc6ed326b2fa':
  untrusted_app: remove mtp_device perms
 2016-01-06 17:15:09 +00:00
Jeff Vander Stoep
e139b40f0c untrusted_app: remove mtp_device perms 
am: 956ca4c504

* commit '956ca4c504889bcb06e8c07ce7580449dc014ef3':
  untrusted_app: remove mtp_device perms
 2016-01-06 17:13:21 +00:00
Jeff Vander Stoep
956ca4c504 untrusted_app: remove mtp_device perms 
No longer necessary after android.process.media moved to the
priv_app domain. Verified no new denials via audit2allow rule.

Bug: 25085347
Change-Id: I2d9498d5d92e79ddabd002b4a5c6f918e1eb9bcc
 2016-01-06 17:05:28 +00:00
dcashman
e235283e4e resolve merge conflicts of 8cac951328 to master. 
Change-Id: Ide2e832ab1ce7af98d735992d11be176f96f1f3f
 2016-01-05 18:17:44 -08:00
Daniel Cashman
8cac951328 Merge "Add sysfs_batteryinfo label." 
am: f02db47bc2

* commit 'f02db47bc2024a871a48f4afc5e73bd2eab1226e':
  Add sysfs_batteryinfo label.
 2016-01-06 01:23:03 +00:00
Daniel Cashman
f02db47bc2 Merge "Add sysfs_batteryinfo label." 2016-01-06 01:16:15 +00:00
Josh Gao
63d08d8f3e Merge "debuggerd.te: allow debuggerd to drop root." am: 751c007570 
am: 4706a0880d

* commit '4706a0880d7d4fdf10d9f5f2e8bcbe3a111bccc2':
  debuggerd.te: allow debuggerd to drop root.
 2016-01-06 00:07:13 +00:00
Josh Gao
4706a0880d Merge "debuggerd.te: allow debuggerd to drop root." 
am: 751c007570

* commit '751c0075709539892ac611dc36b9c9607d4dd90e':
  debuggerd.te: allow debuggerd to drop root.
 2016-01-06 00:05:27 +00:00
Josh Gao
751c007570 Merge "debuggerd.te: allow debuggerd to drop root." 2016-01-06 00:01:09 +00:00
dcashman
a31755fa1c Add sysfs_batteryinfo label. 
Shell user needs to be able to get current device battery_level via
/sys/class/power_supply/battery/capacity.  Create a global label and
corresponding policy for accessing this.  Rely on each device to label
the appropriate sysfs entry.

Bug: 26219114
Change-Id: I2c5ef489a9db2fdf7bbd5afd04278214b814351c
 2016-01-05 15:54:05 -08:00
Josh Gao
2b93db7795 debuggerd.te: allow debuggerd to drop root. 
Bug: http://b/25195825
Change-Id: I70257d5e40332f315020547baaa77a92fdfc58b0
 2016-01-05 15:25:11 -08:00
Jeff Vander Stoep
57531cacb4 DO NOT MERGE: Further restrict access to socket ioctl commands 
Remove untrusted/isolated app access to device private commands.

Only allow shell user to access unprivileged socket ioctl commands.

Bug: 26324307
Bug: 26267358
Change-Id: Iddf1171bc05c7600e0292f925d18d748f13a98f2
 2016-01-05 21:24:20 +00:00
dcashman
fea761b464 Log app access to sysfs for removal. am: f226b0c945 
am: 36dabd9637

* commit '36dabd9637b38b8b854591510c4697123d5b8afc':
  Log app access to sysfs for removal.
 2016-01-05 20:12:04 +00:00
dcashman
36dabd9637 Log app access to sysfs for removal. 
am: f226b0c945

* commit 'f226b0c9456ac07309a378e03e86add0e3badfb0':
  Log app access to sysfs for removal.
 2016-01-05 20:10:08 +00:00
dcashman
f226b0c945 Log app access to sysfs for removal. 
Bug: 22032619
Change-Id: Ic160e0beef353c6dc5fb5e2d6a09a5628f067fe3
 2016-01-05 12:05:06 -08:00
Jeffrey Vander Stoep
ccc8e4f992 Merge "mediaextractor: neverallow network access" 2016-01-05 17:49:56 +00:00
Jeff Vander Stoep
1fd0aa2bf1 mediaextractor: neverallow network access 
Disallow access to all sockets other than unix_stream and unix_dgram

Change-Id: Ie8ff80db7051ce57e56ef0365a4873aacdd5b652
 2016-01-05 09:47:36 -08:00
Jeff Vander Stoep
a8d89c3102 expand scope of priv_sock_ioctls neverallows 
From self to domain

Change-Id: I97aeea67a6b66bc307715a050cf7699e5be9715e
 2016-01-05 09:36:12 -08:00
Jeffrey Vander Stoep
ca76be74f2 Merge "disallow unprivileged access to rmnet" 2016-01-05 17:10:20 +00:00
Jeff Vander Stoep
84a61cc535 disallow unprivileged access to rmnet 
Enforce via neverallow rule by adding WAN_IOC_ADD_FLT_RULE
and WAN_IOC_ADD_FLT_RULE_INDEX to neverallow macro.

Bug: 26324307
Change-Id: I5350d9339e45ddeefd5423c3fe9a0ea14fe877b2
 2016-01-05 16:45:55 +00:00
Jeff Vander Stoep
89e379e9a9 shell: Reduce socket ioctl perms 
Only allow shell to access the same subset of ioctl commands as
untrusted_app. This reduces the attack surface of the kernel
available to a local attacker.

Bug: 26324307
Bug: 26267358
Change-Id: Ib8ecb9546af5fb480d2622149d4e00ec50cd4cde
 2016-01-05 16:15:54 +00:00