Due to the massively increased number of attributes in SELinux policy
as part of the treble changes, we have had to remove attributes from
policy for performance reasons. Unfortunately, some attributes are
required to be in policy to ensure that our neverallow rules are being
properly enforced. Usually this is not a problem, since neverallow rules
indicate that an attribute should be kept, but this is not currently the
case when the attribute is part of a negation in a group.
This is particularly problematic with treble since some attributes may
exist for HALs that have no implementation, and thus no types. In
particular, this has caused an issue with the neverallows added in our
macros. Add an extraneous neverallow rule to each of those auto-generated
neverallow rules to make sure that they are not removed from policy, until
the policy compiler is fixed to avoid this. Also add corresponding rules
for other types which have been removed due to no corresponding rules.
Bug: 62658302
Bug: 62999603
Test: Build Marlin policy.
Test: verify attribute exists in policy using sepolicy-analyze.
sepolicy-analyze $OUT/vendor/etc/selinux/precompiled_sepolicy \
attribute hal_tetheroffload_server
Test: CTS neverallow tests pass.
cts-tradefed run cts -m CtsSecurityHostTestCases -t \
android.cts.security.SELinuxNeverallowRulesTest
Change-Id: I62596ba8198ffdcbb4315df639a834e4becaf249
When adopting SD cards, vold partitions and formats those devices;
this had been working fine with the older make_ext4fs utility, but
newer devices are switching over to mke2fs, which has a different
SELinux label.
avc: denied { execute } for name="mke2fs" dev="dm-0" ino=456 scontext=u:r:vold:s0 tcontext=u:object_r:e2fs_exec:s0 tclass=file permissive=1
avc: denied { read open } for path="/system/bin/mke2fs" dev="dm-0" ino=456 scontext=u:r:vold:s0 tcontext=u:object_r:e2fs_exec:s0 tclass=file permissive=1
avc: denied { execute_no_trans } for path="/system/bin/mke2fs" dev="dm-0" ino=456 scontext=u:r:vold:s0 tcontext=u:object_r:e2fs_exec:s0 tclass=file permissive=1
avc: denied { getattr } for path="/system/bin/mke2fs" dev="dm-0" ino=456 scontext=u:r:vold:s0 tcontext=u:object_r:e2fs_exec:s0 tclass=file permissive=1
Test: cts-tradefed run commandAndExit cts-dev --abi armeabi-v7a -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Bug: 36757864, 37436961
Change-Id: Ifb96dfca076ea58650eb32f89e850f20ae2ac102
NOTE: This change is marked dnma because we don't want it on
oc-dr1-dev-plus-aosp or any other downstream branch. Moreover,
oc-dr1-dev-plus-aosp is the only outgoing merger from oc-dr1-dev for
this project.
This reverts commit 11bfcc1e96.
Bug: 62908344
Test: make
Change-Id: Ide61829cf99f15777c46f657a0e140d594f88243
A previous commit reverted us back to using file_contexts
instead of genfs_contexts but did not remove the new
genfs_contexts rules, which caused this problem.
Bug: 62901680
Test: Verified that the errors do not apepar and that wifi
and traceur work.
Change-Id: Ic0078dc3a2a9d3d35a10599239fdf9fa478f1e2b
This adds parellel rules to the ones added for media_rw_data_file
to allow apps to access vfat under sdcardfs. This should be reverted
if sdcardfs is modified to alter the secontext it used for access to
the lower filesystem
Change-Id: Idb123206ed2fac3ead88b0c1ed0b66952597ac65
Bug: 62584229
Test: Run android.appsecurity.cts.ExternalStorageHostTest with
an external card formated as vfat
Signed-off-by: Daniel Rosenberg <drosen@google.com>
This reverts commit 57e9946fb7.
Bug: 62616897
Test: choosecombo 1 aosp_arm64_ab userdebug; m -j 80 The build should
not break.
Signed-off-by: Sandeep Patil <sspatil@google.com>
The tetheroffload hal must be able to use network sockets as part of
its job.
Bug: 62870833
Test: neverallow-only change builds.
Change-Id: I630b36340796a5ecb5db08e732b0978dd82835c7
