Commit graph

24102 commits

Author SHA1 Message Date
Stephen Smalley
9ce99e3908 Update binder-related policy.
The binder_transfer_binder hook was changed in the kernel, obsoleting
the receive permission and changing the target of the transfer permission.
Update the binder-related policy to match the revised permission checking.

Change-Id: I1ed0dadfde2efa93296e967eb44ca1314cf28586
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-03-19 22:48:17 +00:00
Stephen Smalley
1f5939a976 Allow search of tmpfs mount for /storage/emulated.
Change-Id: Ie79ff3fb9c0a893e348c4adb2f457cae42d7800f
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-03-19 22:47:20 +00:00
Stephen Smalley
6136284081 Permit fstat of property mapping.
Change-Id: Ie58185519252dad29a23d0d3d54b1cbafea83a83
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-03-19 22:46:42 +00:00
Stephen Smalley
aeb512d2ed Disable debugfs access by default.
Change-Id: I8265e34a76913a76eedd2d7a6fe3b14945fde924
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-03-19 22:45:53 +00:00
Stephen Smalley
c8106f12c0 Only allow read/write not open on platform_app_data_file.
Change-Id: Iad4ad43ce7ba3c00b69b7aac752b40bc2d3be002
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-03-19 22:45:12 +00:00
Geremy Condra
a74dd1f0ea am 6d6c617f: Merge "Whitespace and doxygen fix"
* commit '6d6c617f6d6644c71bd83a0a17d258b4041c98cf':
  Whitespace and doxygen fix
2013-03-19 15:43:58 -07:00
Stephen Smalley
85f5972c4b am ee80bfb9: Add policy assertions (neverallow rules).
* commit 'ee80bfb9cf5727ce9938f76d88ac50833edee48c':
  Add policy assertions (neverallow rules).
2013-03-19 15:43:57 -07:00
Geremy Condra
8b206260b4 am c0890c89: Merge "Allow domain to random_device"
* commit 'c0890c899f572785b6a14a91bae6122b72db4416':
  Allow domain to random_device
2013-03-19 15:43:57 -07:00
William Roberts
9a35a01401 am 6a64897a: Do not allow access to device:chr_file for system
* commit '6a64897a4b098e834f7b6679c0c5b85fdbb752b2':
  Do not allow access to device:chr_file for system
2013-03-19 15:43:57 -07:00
rpcraig
842a9dce5a am 1c8464e1: App data backup security policy.
* commit '1c8464e1365950538e9e4647a4f220910f79ab1e':
  App data backup security policy.
2013-03-19 15:43:56 -07:00
Geremy Condra
2886640128 am c57dbccb: Merge "Change security policy so all apps can read /dev/xt_qtaguid."
* commit 'c57dbccb50ff804f2e002df8bd6db54b0477b877':
  Change security policy so all apps can read /dev/xt_qtaguid.
2013-03-19 15:43:56 -07:00
Geremy Condra
2b7e767cc9 am 5988bbf8: Merge "Dynamic insertion of pubkey to mac_permissions.xml"
* commit '5988bbf8a2b6c4b7f329ee007e75004269d71817':
  Dynamic insertion of pubkey to mac_permissions.xml
2013-03-19 15:43:56 -07:00
Geremy Condra
61dddba79f am 04598de8: Merge "Replaceable mac_permission.xml support"
* commit '04598de87251c433594f1073ebcd8116cee49345':
  Replaceable mac_permission.xml support
2013-03-19 15:43:56 -07:00
Geremy Condra
62495abcdc am 669f6792: Merge "mediaserver.te refactor"
* commit '669f679243431084adaaacd6e4857e2eed92b93a':
  mediaserver.te refactor
2013-03-19 15:43:55 -07:00
Geremy Condra
cc32a792c0 am eeafabde: Merge "Label persist audio properties"
* commit 'eeafabde6188a21d7df741fa93ab5156e1c10414':
  Label persist audio properties
2013-03-19 15:43:55 -07:00
Geremy Condra
d06104d873 Merge "property_contexts checks added to checkfc." 2013-03-19 22:42:19 +00:00
Geremy Condra
6d6c617f6d Merge "Whitespace and doxygen fix" 2013-03-19 22:35:44 +00:00
Stephen Smalley
ee80bfb9cf Add policy assertions (neverallow rules).
Change-Id: I384ea9516a5ed2369f7fa703499e284e29a2c0eb
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-03-19 22:30:03 +00:00
Geremy Condra
c0890c899f Merge "Allow domain to random_device" 2013-03-19 22:29:32 +00:00
Robert Craig
d98d26ef3c property_contexts checks added to checkfc.
Change-Id: If361ea93fabd343728196eed2663fd572ecaa70b
Signed-off-by: Robert Craig <rpcraig@tycho.ncsc.mil>
2013-03-19 22:28:46 +00:00
William Roberts
6a64897a4b Do not allow access to device:chr_file for system
Also labels /dev/mpu and /dev/mpuirq as gps device.
mpu is motion processing unit and is resposible for
gyroscope functionality.

Change-Id: If7f1a5752c550b72fac681566e1052f09e139ff0
2013-03-19 22:27:03 +00:00
rpcraig
1c8464e136 App data backup security policy.
Policy covers:

 * backup_data_file type for labeling all
   files/dirs under /data dealing with
   backup mechanism.

 * cache_backup_file type for labeling all
   files/dirs under /cache dealing with
   backup mechanism. This also covers the
   the use of LocalTransport for local archive
   and restore testing.

 * the use of 'adb shell bmgr' to initiate
   backup mechanism from shell.

 * the use of 'adb backup/restore' to archive
   and restore the device's data.

Change-Id: I700a92d8addb9bb91474bc07ca4bb71eb4fc840e
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
2013-03-19 22:22:10 +00:00
Geremy Condra
c57dbccb50 Merge "Change security policy so all apps can read /dev/xt_qtaguid." 2013-03-19 22:21:49 +00:00
Geremy Condra
5988bbf8a2 Merge "Dynamic insertion of pubkey to mac_permissions.xml" 2013-03-19 22:17:29 +00:00
Geremy Condra
04598de872 Merge "Replaceable mac_permission.xml support" 2013-03-19 22:17:10 +00:00
Geremy Condra
669f679243 Merge "mediaserver.te refactor" 2013-03-19 22:16:49 +00:00
Geremy Condra
eeafabde61 Merge "Label persist audio properties" 2013-03-19 22:16:31 +00:00
Stephen Smalley
17e91e8915 am e468016b: zygote requires setpcap in order to drop from its bounding set.
* commit 'e468016b1bd79b505e62fd410f59a03bad8bbe06':
  zygote requires setpcap in order to drop from its bounding set.
2013-02-19 12:28:38 -08:00
Stephen Smalley
e468016b1b zygote requires setpcap in order to drop from its bounding set.
I8560fa5ad125bf31f0d13be513431697bc7d22bb changed the zygote
to limit the bounding capability set to CAP_NET_RAW.  This triggers
a CAP_SETPCAP check by the kernel, which requires SELinux setpcap permission.

Change-Id: Ib910d97dcf708273e2806e2824f4abe9fc239d6d
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-02-19 13:20:55 -05:00
William Roberts
40356b993a Allow domain to random_device
Change-Id: I1a728cbc78e30c0b43309acc125169528d352f11
2013-01-30 10:40:58 -08:00
Stephen Smalley
78ec44500b am 58b0fb6d: Fix invalid specification for adb_keys.
* commit '58b0fb6ddee7257a6a27f31ba97d47fa23efac15':
  Fix invalid specification for adb_keys.
2013-01-11 15:34:38 -08:00
Stephen Smalley
58b0fb6dde Fix invalid specification for adb_keys.
A prior change added an entry for adb_keys without any security context,
yielding warnings like the following during build:
out/target/product/manta/root/file_contexts:  line 7 is missing fields, skipping

This adds the missing security context field.

Change-Id: If48731c8aa7d22a3f547d0854f288ff68f9006da
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-01-11 15:05:03 -05:00
Colin Cross
19740e1806 am 92b9aa0e: add file_contexts entries for root filesystem
* commit '92b9aa0eeff49e5bc3dc6297f3d35ec41d6ab73d':
  add file_contexts entries for root filesystem
2012-12-28 09:47:47 -08:00
Colin Cross
92b9aa0eef add file_contexts entries for root filesystem
It may be useful to generate an ext4 image of the root filesystem
instead of using a ramdisk.  Whitelist entries in file_contexts to
support selinux labeling a root filesystem image.

Change-Id: I91a38d0aee4408c46cbfe5dc5e6eda198572e90f
2012-12-21 13:55:25 -08:00
William Roberts
22fc04103b Dynamic insertion of pubkey to mac_permissions.xml
Support the inseretion of the public key from pem
files into the mac_permissions.xml file at build
time.

Change-Id: Ia42b6cba39bf93723ed3fb85236eb8f80a08962a
2012-12-08 09:26:37 +09:00
William Roberts
2c8a55dcf4 Replaceable mac_permission.xml support
Support overriding ma_permissions.xml
in BOARD_SEPOLICY_REPLACE

Change-Id: If0bca8bf29bc431a291b6d7b20de132e68cd6a79
2012-12-06 05:57:49 +09:00
rpcraig
4c266ba1bc Change security policy so all apps can read /dev/xt_qtaguid.
Generic init.rc allows any process to use
socket tagging. Adjust app policy to ensure
that any app can read from the misc device.

Change-Id: I4076f0fbc1795f57a4227492f6bfc39a4398ffa5
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
2012-12-05 10:08:19 -05:00
William Roberts
4e030c2a0f mediaserver.te refactor
Change-Id: Ieaff9f3362c71e25e5c8e7204397a85ff14fff97
2012-11-28 12:18:30 -08:00
William Roberts
e2ad318e45 Label persist audio properties
label all persist.audio.* properties
and allow mediaserver access to them.

Change-Id: If5755d9783dce298e66a25bcb7f17ff17bd83ea7
2012-11-28 12:15:02 -08:00
William Roberts
fff2980a1a Whitespace and doxygen fix
Change-Id: I7b6ad050051854120dc8031b17da6aec0e644be3
2012-11-27 14:20:34 -08:00
Stephen Smalley
7e7003ca16 am e8848726: Add policy for run-as program.
* commit 'e8848726553e3abee6033200c98a657c9ca7cdb8':
  Add policy for run-as program.
2012-11-27 11:25:43 -08:00
Kenny Root
ab1a61f28c am fdaa7869: Merge "README for configuration of selinux policy"
* commit 'fdaa7869a5541b55413f59845dc5f7c56bab0614':
  README for configuration of selinux policy
2012-11-27 11:25:43 -08:00
William Roberts
8afb51c117 am c34a2527: Allow shell to connect to property service
* commit 'c34a2527837daeeef51cde0fe77582d51a3bc744':
  Allow shell to connect to property service
2012-11-27 11:25:42 -08:00
Stephen Smalley
e884872655 Add policy for run-as program.
Add policy for run-as program and label it in file_contexts.
Drop MLS constraints on local socket checks other than create/relabel
as this interferes with connections with services, in particular for
adb forward.

Change-Id: Ib0c4abeb7cbef559e150a620c45a7c31e0531114
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2012-11-27 10:05:42 -08:00
Kenny Root
fdaa7869a5 Merge "README for configuration of selinux policy" 2012-11-27 09:56:59 -08:00
William Roberts
c34a252783 Allow shell to connect to property service
Change-Id: I06ea2b400cc826c684b6ad25e12b021c2667b48a
2012-11-27 08:18:52 -08:00
William Roberts
3f1ed6ec62 README for configuration of selinux policy
This README intends to document the various configuration options
that exist for specifiying device specific additions to the policy.

Change-Id: I7db708429a67deeb89b0c155a116606dcbbbc975
2012-11-26 17:16:05 -08:00
Stephen Smalley
ba95362533 am 61c80d5e: Update policy for Android 4.2 / latest master.
* commit '61c80d5ec8632cadcf754eed0986b23284217c06':
  Update policy for Android 4.2 / latest master.
2012-11-19 11:25:54 -08:00
Stephen Smalley
61c80d5ec8 Update policy for Android 4.2 / latest master.
Update policy for Android 4.2 / latest master.
Primarily this consists of changes around the bluetooth subsystem.
The zygote also needs further permissions to set up /storage/emulated.
adbd service now gets a socket under /dev/socket.
keystore uses the binder.

Change-Id: I8c5aeb8d100313c75169734a0fa614aa974b3bfc
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2012-11-19 09:55:10 -05:00
Jean-Baptiste Queru
82616b4f14 am eab23895: Merge "Revert "Include su.te only for userdebug/eng builds."" into jb-mr1-dev-plus-aosp
* commit 'eab23895cd13ccb2a552dd9713bd1e88cf41e522':
  Revert "Include su.te only for userdebug/eng builds."
2012-11-01 14:24:33 -07:00