Was moved to domain_deprecated. Move back to domain.
Files in /acct/uid/*/tasks are well protected by unix permissions.
No information is leaked with write perms.
Change-Id: I8017e906950cba41ce350bc0892a36269ade8d53
This permission was created mostly for dumpstate (so it can include
recovery files on bugreports when an OTA fails), but it was applied to
uncrypt and recovery as well (since it had a wider access before).
Grant access to cache_recovery_file where we previously granted access
to cache_file. Add auditallow rules to determine if this is really
needed.
BUG: 25351711
Change-Id: I07745181dbb4f0bde75694ea31b3ab79a4682f18
Access to /proc/cpuinfo was moved to domain_deprecated in commit
6e3506e1ba. Restore access to everyone.
Allow the shell user to stat() /dev, and vfsstat() /proc and other
labeled filesystems such as /system and /data.
Access to /proc/cpuinfo was explicitly granted to bootanim, but is no
longer required after moving it back to domain.te. Delete the redundant
entry.
Commit 4e2d22451f restored access to
/sys/devices/system/cpu for all domains, but forgot to remove the
redundant entry from bootanim.te. Cleanup the redundant entry.
Addresses the following denials:
avc: denied { getattr } for pid=23648 comm="bionic-unit-tes" name="/" dev="proc" ino=1 scontext=u:r:shell:s0 tcontext=u:object_r:proc:s0 tclass=filesystem permissive=0
avc: denied { read } for name="cpuinfo" dev="proc" ino=4026533615 scontext=u:r:shell:s0 tcontext=u:object_r:proc_cpuinfo:s0 tclass=file permissive=0
avc: denied { getattr } for pid=23713 comm="bionic-unit-tes" path="/dev" dev="tmpfs" ino=11405 scontext=u:r:shell:s0 tcontext=u:object_r:device:s0 tclass=dir permissive=0
avc: denied { getattr } for name="/" dev="mmcblk0p30" ino=2 scontext=u:r:shell:s0 tcontext=u:object_r:labeledfs:s0 tclass=filesystem permissive=0
Bug: 26295417
Change-Id: Ia85ac91cbd43235c0f8fe0aebafffb8046cc77ec
Start labeling the directory /sys/kernel/debug/tracing. The files
in this directory need to be writable to the shell user.
Remove global debugfs:file write access. This was added in the days
before we could label individual debugfs files.
Change-Id: I79c1fcb63b4b9b903dcabd99b6b25e201fe540a3
Add initial support for labeling files on /sys/kernel/debug.
The kernel support was added in https://android-review.googlesource.com/122130
but the userspace portion of the change was never completed until now.
Start labeling the file /sys/kernel/debug/tracing/trace_marker . This
is the trace_marker file, which is written to by almost all processes
in Android. Allow global write access to this file.
This change should be submitted at the same time as the system/core
commit with the same Change-Id as this patch.
Change-Id: Id1d6a9ad6d0759d6de839458890e8cb24685db6d
The extra permissions are not needed. Delete them.
This change also adds read permission for /data/misc/zoneinfo
back to all domains. libc refernces this directory for timezone
related files, and it feels dangerous and of little value to
try to restrict access. In particular, this causes problems when the
shell user attempts to run "ls -la" to show file time stamps in
the correct timezone.
Bug: 25433265
Change-Id: I666bb460e440515151e3bf46fe2e0ac0e7c99f46
Motivation: Domain is overly permissive. Start removing permissions
from domain and assign them to the domain_deprecated attribute.
Domain_deprecated and domain can initially be assigned to all
domains. The goal is to not assign domain_deprecated to new domains
and to start removing domain_deprecated where it is not required or
reassigning the appropriate permissions to the inheriting domain
when necessary.
Bug: 25433265
Change-Id: I8b11cb137df7bdd382629c98d916a73fe276413c
