Apps attempting to write to /dev/random or /dev/urandom currently
succeed, but a policy violation is logged. These two Linux RNG
devices are meant to be written to by arbitrary apps. Thus, there's
no reason to deny this capability.
Bug: 10679705
Change-Id: Ife401f1dd2182889471eef7e90fcc92e96f9c4d6
This enables installd to uninstall or clear data of installed apps
whose data directory contains unusual file types, such as FIFO.
Bug: 10680357
(cherry picked from commit 839af9edb5)
Change-Id: I5715f7d6d3214896ad0456d614b052cf5fb79eef
This breaks the ability for users to have certs in many
directories. Currently the design is to allow keys.conf
to specify arbitrary locations for pem files, relative to
the root of the Android tree. If users want to have a
common prefix on all the keys, then they can export
DEFAULT_SYSTEM_DEV_CERTIFICATE, and make that an environment
variable in their keys.conf file.
Signed-off-by: William Roberts <wroberts@tresys.com>
Change-Id: I23455b891206cab6eca7db08ff3c28283f87c640
Signed-off-by: William Roberts <wroberts@tresys.com>
For additional context-
The denials related to init_tmpfs are of the form:
denied { read } for pid=12315 comm=""dboxed_process0"" path=2F6465762F6173686D656D2F64616C76696B2D68656170202864656C6574656429 dev=""tmpfs"" ino=9464 scontext=u:r:isolated_app:s0 tcontext=u:object_r:init_tmpfs:s0 tclass=file
(the path above is "/dev/ashmem/dalvik-heap (deleted)")
The denials related to executing things from the dalvik cache are of the form:
enied { execute } for pid=3565 comm=""dboxed_process0"" path=""/data/dalvik-cache/system@app@Chrome.apk@classes.dex"" dev=""mmcblk0p28"" ino=105983 scontext=u:r:isolated_app:s0 tcontext=u:object_r:dalvikcache_data_file:s0 tclass=file
The denials related to isolated_app and the init socket are:
denied { getattr } for pid=3824 comm=""Binder_2"" path=""socket:[14059]"" dev=""sockfs"" ino=14059 scontext=u:r:isolated_app:s0 tcontext=u:r:init:s0 tclass=unix_stream_socket
The getopt denials for the aforementioned socket are:
denied { getopt } for pid=3824 comm=""Binder_2"" path=""/dev/socket/dumpstate"" scontext=u:r:isolated_app:s0 tcontext=u:r:init:s0 tclass=unix_stream_socket
Change-Id: I3c57702e2af5a779a7618da9aa40930e7f12ee49
At this point, we still don't understand the root cause of
bug 10290009, or if it's even a real bug. Rollback
29d0d40668 so we an get a device
in this state and figure out the root cause of this problem.
This reverts commit 29d0d40668.
Bug: 10290009
* commit 'b74efd33f79702495dc41f7662515f15e3f079dd':
Move isolated_app.te / untrusted_app.te into permissive
Grant fsetid Linux capability to vold.
Add "shell" to seapp_contexts
Currently a path to a key in keys.conf must be fully qualified or have
the -d option appended. This fix will allow paths to have environment
variables that will be expanded. This will give portability to the
entries. For example the following entry will now be resolved correctly:
[@NET_APPS]
ALL : $ANDROID_BUILD_TOP/device/demo_vendor/demo_dev/security/net_apps.x509.pem
Change-Id: If4f169d9ed4f37b6ebd062508de058f3baeafead
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
OTAs aren't properly labeling /system, which is causing SELinux
breakage. Temporarily put isolated_app.te and untrusted_app.te
into permissive.
Bug: 9878561
Change-Id: Icaf674ad6b3d59cbca3ae796c930c98ab67cae9c
OTAs aren't properly labeling /system, which is causing SELinux
breakage. Temporarily put isolated_app.te and untrusted_app.te
into permissive.
Bug: 9878561
Change-Id: Icaf674ad6b3d59cbca3ae796c930c98ab67cae9c
