Commit graph

8 commits

Author SHA1 Message Date
Carlos Llamas
630f915345 sepolicy: allow new BINDER_GET_EXTENDED_ERROR ioctl
All domains using libbinder need access to this new ioctl in order to
pull precise information upon failed binder operations.

Bug: 28321379
Tested: clients can now use the ioctl through libbinder
Signed-off-by: Carlos Llamas <cmllamas@google.com>
Change-Id: I8d6e5ca6b133b934855a7545cc1a9786e2c4ad65
2022-05-10 04:20:09 +00:00
Hang Lu
a251b7ed65 sepolicy: allow BINDER_ENABLE_ONEWAY_SPAM_DETECTION for all processes
BINDER_ENABLE_ONEWAY_SPAM_DETECTION is used to enable/disable oneway
spamming detection in binder driver, and can be set per-proc.

Bug: 181190340
Change-Id: Id799b19ee5a74b458e286dc29122c140a047bdad
2021-04-20 14:07:56 +08:00
Hai Zhang
a97a3665fb Add TCSETSF to unpriv_tty_ioctls.
This allows calling tcsetattr() with TCSAFLUSH, in addition to TCSANOW
and TCSADRAIN.

Fixes: 172740382
Test: manual
Change-Id: Idd2e9e0db2e0210df515f46d9d0323c6b517dd39
2020-11-09 00:19:01 +00:00
Marco Ballesio
5fe69e082a sepolicy: restrict BINDER_FREEZE to system_server
BINDER_FREEZE is used to block ipc transactions to frozen processes, so
only system_server must be allowed to use it.

Bug: 143717177
Test: manually verified that attempts to use BINDER_FREEZE by processes
other
than system_server receive a sepolicy denial
Test: verified that system_server can enable/disable the freezer in
binder

Change-Id: I0fae3585c6ec409809e8085c1cc9862be4755889
2020-09-03 14:12:17 -07:00
Nick Kralevich
8ee8e26355 more ioctl work
Add a neverallow rule requiring fine-grain ioctl filtering for most file
and socket object classes. Only chr_file and blk_file are excluded. The
goal is to ensure that any file descriptor which supports ioctl commands
uses a whitelist.

Further refine the list of file / socket objects which require ioctl
filtering. The previous ioctl filtering did not cover the following:

1) ioctls on /proc/PID files
2) ioctls on directories in /dev
3) PDX unix domain sockets

Add FIONCLEX to the list of globally safe ioctls. FIOCLEX and FIONCLEX
are alternate, uncommon ways to set the O_CLOEXEC flag on a file
descriptor, which is a harmless operation.

Test: device boots and no problems.
Change-Id: I6ba31fbe2f21935243a344d33d67238d72a8e618
2018-10-17 11:12:18 -07:00
Nick Kralevich
240f50e8b3 Add TCSETS to unpriv_tty_ioctls
Addresses the following denial:

avc: denied { ioctl } for comm="top" path="/dev/pts/0" dev="devpts"
ino=3 ioctlcmd=5402 scontext=u:r:shell:s0 tcontext=u:object_r:devpts:s0
tclass=chr_file permissive=0

Bug: 33073072
Bug: 7530569
Test: policy compiles.
Change-Id: If9178d29f2295be46bb118df00ebf73a6ebc9f81
2016-12-07 15:59:34 -08:00
Nick Kralevich
07c3a5a522 Move to ioctl whitelisting for /dev/pts/* files
In particular, get rid of TIOCSTI, which is only ever used for exploits.

http://www.openwall.com/lists/oss-security/2016/09/26/14

Bug: 33073072
Bug: 7530569
Test: "adb shell" works
Test: "adb install package" works
Test: jackpal terminal emulator from
      https://play.google.com/store/apps/details?id=jackpal.androidterm&hl=en
      works
Change-Id: I96b5e7059d106ce57ff55ca6e458edf5a4c393bf
2016-11-22 18:59:38 -08:00
dcashman
cc39f63773 Split general policy into public and private components.
Divide policy into public and private components.  This is the first
step in splitting the policy creation for platform and non-platform
policies.  The policy in the public directory will be exported for use
in non-platform policy creation.  Backwards compatibility with it will
be achieved by converting the exported policy into attribute-based
policy when included as part of the non-platform policy and a mapping
file will be maintained to be included with the platform policy that
maps exported attributes of previous versions to the current platform
version.

Eventually we would like to create a clear interface between the
platform and non-platform device components so that the exported policy,
and the need for attributes is minimal.  For now, almost all types and
avrules are left in public.

Test: Tested by building policy and running on device.

Change-Id: Idef796c9ec169259787c3f9d8f423edf4ce27f8c
2016-10-06 13:09:06 -07:00
Renamed from ioctl_macros (Browse further)