Commit graph

12 commits

Author SHA1 Message Date
Jeff Vander Stoep
7ef80731f2 audit domain_deprecated perms for removal
Grant permissions observed.

Bug: 28760354
Change-Id: Ie63cda709319bbf635ef7bffbba3477c2cccc11b
2016-09-10 07:42:55 -07:00
Polina Bondarenko
447fd30d21 Renamed hardwareproperties to hardware_properties
Bug: 27531271
Change-Id: I3c5eee86d09696373ab155f93ba6c85da224cb51
2016-03-09 18:13:11 +01:00
Polina Bondarenko
8a6bbb1ffe Allow gatekeeper to find hardwareproperties service.
Bug: 26945055
Change-Id: I5745d02be9889f6a0e02de12bd8d8f2808de9ce0
2016-02-17 14:23:56 +01:00
Jeff Vander Stoep
d22987b4da Create attribute for moving perms out of domain
Motivation: Domain is overly permissive. Start removing permissions
from domain and assign them to the domain_deprecated attribute.
Domain_deprecated and domain can initially be assigned to all
domains. The goal is to not assign domain_deprecated to new domains
and to start removing domain_deprecated where it is not required or
reassigning the appropriate permissions to the inheriting domain
when necessary.

Bug: 25433265
Change-Id: I8b11cb137df7bdd382629c98d916a73fe276413c
2015-11-03 23:11:11 +00:00
Andres Morales
54a4aab47c [gatekeeperd] allow calls to UserManagerService
Bug: 22257554
Change-Id: Ifaf36930bf301708c196f7bd0530abe82c1e0b50
2015-08-04 17:43:19 -07:00
Alex Klyubin
ab5cf66873 Expand access to gatekeeperd.
This enables access to gatekeeperd for anybody who invokes Android
framework APIs. This is necessary because the AndroidKeyStore
abstraction offered by the framework API occasionally communicates
with gatekeeperd from the calling process.

(cherry picked from commit effcac7d7e)

Bug: 20526234
Change-Id: I450242cd085259b3f82f36f359ee65ff27bebd13
2015-04-29 10:28:53 -07:00
Nick Kralevich
367757d2ef gatekeeperd: use more specific label for /data file
Use a more specific label for /data/misc/gatekeeper

Rearrange some other rules.

Change-Id: Ib634e52526cf31a8f0a0e6d12bbf0f69dff8f6b5
2015-04-17 17:56:31 -07:00
Andres Morales
b348f8f55d New rules for SID access
Change-Id: Ia9df151cc64ad74133db2095a935220ef9f3ea8e
2015-04-17 10:41:09 -07:00
Andres Morales
dd156fc377 Allow gatekeeperd to use keystore
needs to call addAuthToken

Change-Id: If519df61448f19dfafab254668c17eea6c161ea4
2015-04-13 12:26:02 -07:00
Nick Kralevich
2234f9ff57 gatekeeperd: neverallow non-system_server binder call
The current neverallow rule (compile time assertion)

  neverallow { domain -gatekeeperd -system_server } gatekeeper_service:service_manager find;

asserts that no rule is present which allows processes other than
system_server from asking servicemanager for a gatekeeperd token.

However, if system_server leaks the token to other processes, it may
be possible for those processes to access gatekeeperd directly, bypassing
servicemanager.

Add a neverallow rule to assert that no process other than system_server
are allowed to make binder calls to gatekeeperd. Even if another process
was to manage to get a binder token to gatekeeperd, it would be useless.

Remove binder_service() from gatekeeperd. The original use of the
binder_service() macro was to widely publish a binder service.
If this macro is present and the calling process has a gatekeeperd
binder token, it's implicitly possible for the following processes
to make a binder call to gatekeeperd:

 * all app processes
 * dumpstate
 * system_server
 * mediaserver
 * surfaceflinger

Removing binder_service revokes this implicit access.

Add explicit access for system_server to make binder calls to
gatekeeperd.

Add explicit access for gatekeeperd to make calls to keystore.
This was implicitly granted via binder_service() before, but now
needs to be explicit.

Change-Id: I23c1573d04ab670a42660d5922b39eecf4265b66
2015-04-09 12:55:38 -07:00
Andres Morales
13abb1701b Allow gatekeeperd to check Android permissions
Change-Id: Ie88568c43642505f68d137843a1f6b7a3de481e5
2015-04-09 04:06:36 +00:00
Andres Morales
e207986ea0 SELinux permissions for gatekeeper TEE proxy
sets up:
- execute permissions
- binder permission (system_server->gatekeeper->keystore)
- prevents dumpstate and shell from finding GK binder service
- neverallow rules for prohibited clients

Change-Id: I1817933a91de625db469a20c7a4c8e2ca46efa1e
2015-04-06 16:46:58 -07:00