Otherwise all domains can create/write files that are executable
by all other domains. If I understand correctly, this should
only be necessary for app domains executing content from legacy
unlabeled userdata partitions on existing devices and zygote
and system_server mappings of dalvikcache files, so only allow
it for those domains.
If required for others, add it to the individual
domain .te file, not for all domains.
Change-Id: I6f5715eb1ecf2911e70772b9ab4e531feea18819
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
init can't handle binder calls. It's always incorrect
to allow init:binder call, and represents a binder call
to a service without an SELinux domain. Adding this
allow rule was a mistake; the dumpstate SELinux domain didn't
exist at the time this rule was written, and dumpstate was
running under init's domain.
Add a neverallow rule to prevent the reintroduction of
this bug.
Change-Id: I78d35e675fd142d880f15329471778c18972bf50
1fdee11df2 renamed domain system to
system_server in AOSP. This CL applies the rename to the rules that
weren't in AOSP at the time.
Change-Id: I0e226ddca2e01ed577204ddb4886a71f032a01ed
This is a follow-up CL to the extraction of "system_app" domain
from the "system" domain which left the "system" domain encompassing
just the system_server.
Since this change cannot be made atomically across different
repositories, it temporarily adds a typealias "server" pointing to
"system_server". Once all other repositories have been switched to
"system_server", this alias will be removed.
Change-Id: I90a6850603dcf60049963462c5572d36de62bc00
This change enables SELinux security enforcement on zygote
(but not zygote spawned apps).
For the zygote.te file only, this change is equivalent to reverting
the following commits:
* 50e37b93ac
* 77d4731e9d
No other changes were required.
Testing: As much as possible, I've tested that zygote properly
starts up, and that there's no problem spawning zygote or zygote
apps. There were no denials in the kernel dmesg log, and
everything appears to work correctly. It's quite
possible I've missed something. If we experience problems, I
happy to roll back this change.
Bug: 9657732
Change-Id: Id2a7adcbeebda5d1606cb13470fad6c3fcffd558
This prevents denials from being generated by the base policy.
Over time, these rules will be incrementally tightened to improve
security.
Change-Id: I4be1c987a5d69ac784a56d42fc2c9063c402de11
/data/security is another location that policy
files can reside. In fact, these policy files
take precedence over their rootfs counterparts
under certain circumstances. Give the appropriate
players the rights to read these policy files.
Change-Id: I9951c808ca97c2e35a9adb717ce5cb98cda24c41
Assortment of policy changes include:
* Bluetooth domain to talk to init and procfs.
* New device node domains.
* Allow zygote to talk to its executable.
* Update system domain access to new device node domains.
* Create a post-process sepolicy with dontaudits removed.
* Allow rild to use the tty device.
Change-Id: Ibb96b590d0035b8f6d1606cd5e4393c174d10ffb
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
Two new types are introduced:
sdcard_internal
sdcard_external
The existing type of sdcard, is dropped and a new attribute
sdcard_type is introduced.
The boolean app_sdcard_rw has also been changed to allow for
controlling untrusted_app domain to use the internal and external
sdcards.
Change-Id: Ic7252a8e1703a43cb496413809d01cc6cacba8f5
I8560fa5ad125bf31f0d13be513431697bc7d22bb changed the zygote
to limit the bounding capability set to CAP_NET_RAW. This triggers
a CAP_SETPCAP check by the kernel, which requires SELinux setpcap permission.
Change-Id: Ib910d97dcf708273e2806e2824f4abe9fc239d6d
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Update policy for Android 4.2 / latest master.
Primarily this consists of changes around the bluetooth subsystem.
The zygote also needs further permissions to set up /storage/emulated.
adbd service now gets a socket under /dev/socket.
keystore uses the binder.
Change-Id: I8c5aeb8d100313c75169734a0fa614aa974b3bfc
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
