Add the necessary permissions for |wpa_supplicant| to expose a binder
interface. This binder interface will be used by the newly added
|wificond| service (and potentially system_server).
|wpa_supplicant| also needs to invoke binder callbacks on |wificond|.
Changes in the CL:
1. Allow |wpa_supplicant| to register binder service.
2. Allow |wpa_supplicant| to invoke binder calls on |wificond|.
3. Allow |wificond| to invoke binder calls on |wpa_supplicant|
Denials:
06-30 08:14:42.788 400 400 E SELinux : avc: denied { add } for
service=wpa_supplicant pid=20756 uid=1010 scontext=u:r:wpa:s0
tcontext=u:object_r:default_android_service:s0 tclass=service_manager
permissive=1
BUG:29877467
TEST: Compiled and ensured that the selinux denials are no longer
present in logs.
TEST: Ran integration test to find the service.
Change-Id: Ib78d8e820fc81b2c3d9260e1c877c5faa9f1f662
(cherry picked from commit 18883a93b7)
This sepolicy change allows wificond to run as a deamon.
BUG=28865186
TEST=compile
TEST=compile with ag/1059605
Add wificond to '/target/product/base.mk'
Adb shell ps -A | grep 'wificond'
Change-Id: If1e4a8542ac03e8ae42371d75aa46b90c3d8545d
(cherry picked from commit 4ef44a616e)
Specifically we need init to relabel (/dev/device-mapper, /dev/block/dm-?)
and other files in /dev/block/* from tmpfs to dm_device and block_device
respectively.
BUG=27805372
Change-Id: I16af6e803f8e4150481137aba24d5406872f9c62
The recovery flow for A/B devices allows to sideload an OTA downloaded
to a desktop and apply from recovery. This patch allows the "recovery"
context to perform all the operations required to apply an update as
update_engine would do in the background. These rules are now extracted
into a new attributte called update_engine_common shared between
recovery and update_engine.
Bug: 27178350
Change-Id: I97b301cb2c039fb002e8ebfb23c3599463ced03a
These APIs expose sensitive information via timing side channels. This
leaves access via the adb shell intact along with the current uses by
dumpstate, init and system_server.
The /proc/interrupts and /proc/stat files were covered in this paper:
https://www.lightbluetouchpaper.org/2016/07/29/yet-another-android-side-channel/
The /proc/softirqs, /proc/timer_list and /proc/timer_stats files are
also relevant.
Access to /proc has been greatly restricted since then, with untrusted
apps no longer having direct access to these, but stricter restrictions
beyond that would be quite useful.
Change-Id: Ibed16674856569d26517e5729f0f194b830cfedd
boolean and setenforce macros are not used in base policy
and cannot be used in any policy, since they violate
neverallow rules.
Remove these from the policy.
Change-Id: Icc0780eaf06e95af36306031e1f615b05cb79869
Signed-off-by: William Roberts <william.c.roberts@intel.com>
With v4.8+ kernels, CAP_WAKE_ALARM is needed to set
alarmtimers via timerfd (this change is likely to be
backported to stable as well).
However, with selinux enabled, we also need to allow
the capability on the system_server so this enables it.
Change-Id: I7cd64d587906f3fbc8a129d48a4db07373c74c7e
Signed-off-by: John Stultz <john.stultz@linaro.org>
Applications should not access /dev/input/* for events, but
rather use events handled via the activity mechanism.
Change-Id: I0182b6be1b7c69d96e4366ba59f14cee67be4beb
Signed-off-by: William Roberts <william.c.roberts@intel.com>
