tequilaOS/platform_system_sepolicy

10476 commits 1 branch 0 tags 50 MiB

Author	SHA1	Message	Date
Nick Kralevich	585d9767c0	fsck: allow stat access on /dev/block files To determine if it is safe to run fsck on a filesystem, e2fsck must first determine if the filesystem is mounted. To do that, e2fsck scans through /proc/mounts and collects all the mounted block devices. With that information, it runs stat() on each block device, comparing the major and minor numbers to the filesystem passed in on the command line. If there is a match, then the filesystem is currently mounted and running fsck is dangerous. Allow stat access to all block devices so that fsck can compare major/minor values. Addresses the following denials: avc: denied { getattr } for comm="e2fsck" path="/dev/block/sde5" dev="tmpfs" ino=15649 scontext=u:r:fsck:s0 tcontext=u:object_r:metadata_block_device:s0 tclass=blk_file permissive=0 avc: denied { getattr } for comm="e2fsck" path="/dev/block/sda25" dev="tmpfs" ino=15528 scontext=u:r:fsck:s0 tcontext=u:object_r:modem_block_device:s0 tclass=blk_file permissive=0 avc: denied { getattr } for comm="e2fsck" path="/dev/block/sda31" dev="tmpfs" ino=15552 scontext=u:r:fsck:s0 tcontext=u:object_r:system_block_device:s0 tclass=blk_file permissive=0 avc: denied { getattr } for comm="e2fsck" path="/dev/block/sdd3" dev="tmpfs" ino=15600 scontext=u:r:fsck:s0 tcontext=u:object_r:block_device:s0 tclass=blk_file permissive=0 Bug: 35324014 Bug: 33781554 Test: device boots and no SELinux denials. Change-Id: I5af4a334ec41952887914eec4eee5c60cc441a66	2017-02-17 12:47:25 -08:00
Jeff Vander Stoep	a1b4560088	Remove logspam Grant observed uses of permissions being audited in domain_deprecated. fsck avc: granted { getattr } for path="/" dev="dm-0" ino=2 scontext=u:r:fsck:s0 tcontext=u:object_r:rootfs:s0 tclass=dir keystore avc: granted { read open } for path="/vendor/lib64/hw" dev="dm-1" ino=168 scontext=u:r:keystore:s0 tcontext=u:object_r:system_file:s0 tclass=dir sdcardd avc: granted { read open } for path="/proc/filesystems" dev="proc" ino=4026532412 scontext=u:r:sdcardd:s0 tcontext=u:object_r:proc:s0 tclass=file update_engine avc: granted { getattr } for path="/proc/misc" dev="proc" ino=4026532139 scontext=u:r:update_engine:s0 tcontext=u:object_r:proc:s0 tclass=file avc: granted { read open } for path="/proc/misc" dev="proc" ino=4026532139 scontext=u:r:update_engine:s0 tcontext=u:object_r:proc:s0 tclass=file avc: granted { read } for name="hw" dev="dm-1" ino=168 scontext=u:r:update_engine:s0 tcontext=u:object_r:system_file:s0 tclass=dir vold avc: granted { read open } for path="/vendor/lib64/hw" dev="dm-1" ino=168 scontext=u:r:vold:s0 tcontext=u:object_r:system_file:s0 tclass=dir Test: Marlin builds and boots, avc granted messages no longer observed. Bug: 35197529 Change-Id: Iae34ae3b9e22ba7550cf7d45dc011ab043e63424	2017-02-10 12:06:38 -08:00
dcashman	cc39f63773	Split general policy into public and private components. Divide policy into public and private components. This is the first step in splitting the policy creation for platform and non-platform policies. The policy in the public directory will be exported for use in non-platform policy creation. Backwards compatibility with it will be achieved by converting the exported policy into attribute-based policy when included as part of the non-platform policy and a mapping file will be maintained to be included with the platform policy that maps exported attributes of previous versions to the current platform version. Eventually we would like to create a clear interface between the platform and non-platform device components so that the exported policy, and the need for attributes is minimal. For now, almost all types and avrules are left in public. Test: Tested by building policy and running on device. Change-Id: Idef796c9ec169259787c3f9d8f423edf4ce27f8c	2016-10-06 13:09:06 -07:00

Author

SHA1

Message

Date

Nick Kralevich

585d9767c0

fsck: allow stat access on /dev/block files

To determine if it is safe to run fsck on a filesystem, e2fsck
must first determine if the filesystem is mounted. To do that,
e2fsck scans through /proc/mounts and collects all the mounted
block devices. With that information, it runs stat() on each block
device, comparing the major and minor numbers to the filesystem
passed in on the command line. If there is a match, then the filesystem
is currently mounted and running fsck is dangerous.
Allow stat access to all block devices so that fsck can compare
major/minor values.

Addresses the following denials:

avc: denied { getattr } for comm="e2fsck" path="/dev/block/sde5"
dev="tmpfs" ino=15649 scontext=u:r:fsck:s0
tcontext=u:object_r:metadata_block_device:s0 tclass=blk_file
permissive=0

avc: denied { getattr } for comm="e2fsck" path="/dev/block/sda25"
dev="tmpfs" ino=15528 scontext=u:r:fsck:s0
tcontext=u:object_r:modem_block_device:s0 tclass=blk_file permissive=0

avc: denied { getattr } for comm="e2fsck" path="/dev/block/sda31"
dev="tmpfs" ino=15552 scontext=u:r:fsck:s0
tcontext=u:object_r:system_block_device:s0 tclass=blk_file permissive=0

avc: denied { getattr } for comm="e2fsck" path="/dev/block/sdd3"
dev="tmpfs" ino=15600 scontext=u:r:fsck:s0
tcontext=u:object_r:block_device:s0 tclass=blk_file permissive=0

Bug: 35324014
Bug: 33781554
Test: device boots and no SELinux denials.
Change-Id: I5af4a334ec41952887914eec4eee5c60cc441a66

2017-02-17 12:47:25 -08:00

Jeff Vander Stoep

a1b4560088

Remove logspam

Grant observed uses of permissions being audited in domain_deprecated.

fsck
avc: granted { getattr } for path="/" dev="dm-0" ino=2 scontext=u:r:fsck:s0 tcontext=u:object_r:rootfs:s0 tclass=dir

keystore
avc: granted { read open } for path="/vendor/lib64/hw" dev="dm-1" ino=168 scontext=u:r:keystore:s0 tcontext=u:object_r:system_file:s0 tclass=dir

sdcardd
avc: granted { read open } for path="/proc/filesystems" dev="proc" ino=4026532412 scontext=u:r:sdcardd:s0 tcontext=u:object_r:proc:s0 tclass=file

update_engine
avc: granted { getattr } for path="/proc/misc" dev="proc" ino=4026532139 scontext=u:r:update_engine:s0 tcontext=u:object_r:proc:s0 tclass=file
avc: granted { read open } for path="/proc/misc" dev="proc" ino=4026532139 scontext=u:r:update_engine:s0 tcontext=u:object_r:proc:s0 tclass=file
avc: granted { read } for name="hw" dev="dm-1" ino=168 scontext=u:r:update_engine:s0 tcontext=u:object_r:system_file:s0 tclass=dir

vold
avc: granted { read open } for path="/vendor/lib64/hw" dev="dm-1" ino=168 scontext=u:r:vold:s0 tcontext=u:object_r:system_file:s0 tclass=dir

Test: Marlin builds and boots, avc granted messages no longer observed.
Bug: 35197529
Change-Id: Iae34ae3b9e22ba7550cf7d45dc011ab043e63424

2017-02-10 12:06:38 -08:00

dcashman

cc39f63773

Split general policy into public and private components.

Divide policy into public and private components.  This is the first
step in splitting the policy creation for platform and non-platform
policies.  The policy in the public directory will be exported for use
in non-platform policy creation.  Backwards compatibility with it will
be achieved by converting the exported policy into attribute-based
policy when included as part of the non-platform policy and a mapping
file will be maintained to be included with the platform policy that
maps exported attributes of previous versions to the current platform
version.

Eventually we would like to create a clear interface between the
platform and non-platform device components so that the exported policy,
and the need for attributes is minimal.  For now, almost all types and
avrules are left in public.

Test: Tested by building policy and running on device.

Change-Id: Idef796c9ec169259787c3f9d8f423edf4ce27f8c

2016-10-06 13:09:06 -07:00

Renamed from fsck.te (Browse further)

3 commits