Commit graph

36 commits

Author SHA1 Message Date
Nick Kralevich
c4a3b51062 sysfs_devices_system_cpu should be a sysfs_type
Otherwise the following denials occur on mako:

<5>[    2.494246] type=1400 audit(1382544550.200:4): avc:  denied  { associate } for  pid=1 comm="init" name="time_in_state" dev="sysfs" ino=17444 scontext=u:object_r:sy
sfs_devices_system_cpu:s0 tcontext=u:object_r:sysfs:s0 tclass=filesystem
<5>[    2.494735] type=1400 audit(1382544550.200:5): avc:  denied  { associate } for  pid=1 comm="init" name="total_trans" dev="sysfs" ino=17443 scontext=u:object_r:sysf
s_devices_system_cpu:s0 tcontext=u:object_r:sysfs:s0 tclass=filesystem
<5>[    2.495162] type=1400 audit(1382544550.200:6): avc:  denied  { associate } for  pid=1 comm="init" name="stats" dev="sysfs" ino=17442 scontext=u:object_r:sysfs_devi
ces_system_cpu:s0 tcontext=u:object_r:sysfs:s0 tclass=filesystem
<5>[    2.495620] type=1400 audit(1382544550.200:7): avc:  denied  { associate } for  pid=1 comm="init" name="scaling_governor" dev="sysfs" ino=17435 scontext=u:object_r
:sysfs_devices_system_cpu:s0 tcontext=u:object_r:sysfs:s0 tclass=filesystem
<5>[    2.496047] type=1400 audit(1382544550.200:8): avc:  denied  { associate } for  pid=1 comm="init" name="cpuinfo_transition_latency" dev="sysfs" ino=17429 scontext=
u:object_r:sysfs_devices_system_cpu:s0 tcontext=u:object_r:sysfs:s0 tclass=filesystem
<5>[    2.496505] type=1400 audit(1382544550.200:9): avc:  denied  { associate } for  pid=1 comm="init" name="scaling_available_frequencies" dev="sysfs" ino=17439 sconte
xt=u:object_r:sysfs_devices_system_cpu:s0 tcontext=u:object_r:sysfs:s0 tclass=filesystem
<5>[    2.496963] type=1400 audit(1382544550.200:10): avc:  denied  { associate } for  pid=1 comm="init" name="scaling_driver" dev="sysfs" ino=17436 scontext=u:object_r:
sysfs_devices_system_cpu:s0 tcontext=u:object_r:sysfs:s0 tclass=filesystem

Change-Id: I584a1cf61cb871a38be4d3b308cef03e64cfda8e
2013-10-23 10:42:58 -07:00
William Roberts
ec7d39ba16 Introduce controls on wake lock interface
Change-Id: Ie0ee266e9e6facb2ab2abd652f68765239a41af1
2013-10-03 15:17:32 -07:00
Stephen Smalley
55540755bc Label adb keys file and allow access to it.
The /adb_keys entry will only take effect if a restorecon is
applied by init.rc on a kernel that includes the rootfs labeling
support, but does no harm otherwise.

The /data/misc/adb labeling ensures correct labeling of the adb_keys
file created if the device has ro.adb.secure=1 set.

Allow adbd to read the file.

Change-Id: I97b3d86a69681330bba549491a2fb39df6cf20ef
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-10-01 09:08:28 -04:00
Stephen Smalley
45ba665cfc Label and allow access to /data/system/ndebugsocket.
Otherwise it defaults to the label of /data/system and
cannot be distinguished from any other socket in that directory.
Also adds allow rule required for pre-existing wpa_socket transition
to function without unconfined_domain.

Change-Id: I57179aa18786bd56d247f397347e546cca978e41
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-09-27 16:09:27 -04:00
Stephen Smalley
7aba0bc425 Allow file types to be associated with the rootfs.
This is now possible due to the kernel change to support
setting security contexts on rootfs inodes.

Change-Id: I2a9aac1508eceabb92c3ae8eb5c63a16b28dda6f
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-09-20 10:42:31 -07:00
Stephen Smalley
4caf8c997a Label /dev/socket/mdns with its own type.
Otherwise it gets left in the general device type, and we get denials such
as:
type=1400 msg=audit(1379617262.940:102): avc:  denied  { write } for  pid=579 comm="mDnsConnector" name="mdns" dev="tmpfs" ino=3213 scontext=u:r:system_server:s0 tcontext=u:object_r:device:s0 tclass=sock_file

This of course only shows up if using a confined system_server.

Change-Id: I2456dd7aa4d72e6fd15b55c251245186eb54a80a
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-09-19 15:09:38 -04:00
Stephen Smalley
a770f55b18 Remove dbusd policy; dbusd is no more.
Change-Id: I9652284bd34d07bd47e2e7df66fcbe5db185ab3f
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-09-13 16:16:25 -07:00
Stephen Smalley
1d435de685 Remove bluetoothd policy; bluetoothd is no more.
Change-Id: I153b0aa8a747d6c79839d06fc04b3923eacfa213
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-09-13 16:15:25 -07:00
William Luh
aca2f5ebd2 Stop breaking build by defining sysfs_devices_system_cpu.
Change-Id: Ie96d573be971b2dcc3d60614794ba9ca13b31471
2013-04-25 16:32:57 -07:00
Nick Kralevich
1e25b98074 Revert "Add the sysrq_file special file and give ADB write access."
This rule doesn't work, as /proc/sysrq-trigger isn't properly labeled.
Revert this change for now.

This reverts commit bb2591e56f.
2013-04-25 14:46:36 -07:00
Geremy Condra
bb2591e56f Add the sysrq_file special file and give ADB write access.
Change-Id: Ief2d412dddf4cefdf43a26538c4be060df4cc787
2013-04-05 13:13:52 -07:00
Geremy Condra
bfb26e7b07 Add downloaded file policy.
Change-Id: I6f68323cddcf9e13b2a730b8d6b8730587fb4366
2013-04-05 13:13:44 -07:00
Robert Craig
ffd8c441a5 Add new domains for private apps.
/data/app-private is used when making an
app purchase or forward locking. Provide a
new label for the directory as well as the
tmp files that appear under it.

Change-Id: I910cd1aa63538253e10a8d80268212ad9fc9fca5
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
2013-04-05 13:10:57 -07:00
Robert Craig
65d4f44c1f Various policy updates.
Assortment of policy changes include:
 * Bluetooth domain to talk to init and procfs.
 * New device node domains.
 * Allow zygote to talk to its executable.
 * Update system domain access to new device node domains.
 * Create a post-process sepolicy with dontaudits removed.
 * Allow rild to use the tty device.

Change-Id: Ibb96b590d0035b8f6d1606cd5e4393c174d10ffb
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
2013-03-27 06:30:25 -04:00
Robert Craig
18b5f87ea1 racoon policy.
Initial policy for racoon (IKE key management).

Signed-off-by: Robert Craig <rpcraig@tycho.ncsc.mil>
Change-Id: If1e344f39ea914e42afbaa021b272ba1b7113479
2013-03-22 17:09:26 -07:00
William Roberts
c195ec3148 Split internal and external sdcards
Two new types are introduced:
sdcard_internal
sdcard_external

The existing type of sdcard, is dropped and a new attribute
sdcard_type is introduced.

The boolean app_sdcard_rw has also been changed to allow for
controlling untrusted_app domain to use the internal and external
sdcards.

Change-Id: Ic7252a8e1703a43cb496413809d01cc6cacba8f5
2013-03-22 15:26:39 -04:00
William Roberts
9e70c8bf68 Move policy files
Update the file_contexts for the new location of
the policy files, as well as update the policy
for the management of these types.

Change-Id: Idc475901ed437efb325807897e620904f4ff03e9
2013-03-22 10:42:10 -07:00
rpcraig
1c8464e136 App data backup security policy.
Policy covers:

 * backup_data_file type for labeling all
   files/dirs under /data dealing with
   backup mechanism.

 * cache_backup_file type for labeling all
   files/dirs under /cache dealing with
   backup mechanism. This also covers the
   the use of LocalTransport for local archive
   and restore testing.

 * the use of 'adb shell bmgr' to initiate
   backup mechanism from shell.

 * the use of 'adb backup/restore' to archive
   and restore the device's data.

Change-Id: I700a92d8addb9bb91474bc07ca4bb71eb4fc840e
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
2013-03-19 22:22:10 +00:00
Stephen Smalley
e884872655 Add policy for run-as program.
Add policy for run-as program and label it in file_contexts.
Drop MLS constraints on local socket checks other than create/relabel
as this interferes with connections with services, in particular for
adb forward.

Change-Id: Ib0c4abeb7cbef559e150a620c45a7c31e0531114
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2012-11-27 10:05:42 -08:00
Stephen Smalley
61c80d5ec8 Update policy for Android 4.2 / latest master.
Update policy for Android 4.2 / latest master.
Primarily this consists of changes around the bluetooth subsystem.
The zygote also needs further permissions to set up /storage/emulated.
adbd service now gets a socket under /dev/socket.
keystore uses the binder.

Change-Id: I8c5aeb8d100313c75169734a0fa614aa974b3bfc
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2012-11-19 09:55:10 -05:00
rpcraig
7672eac5fb Add SELinux policy for asec containers.
Creates 2 new types:
- asec_apk_file : files found under /mnt/asec
                  when the asec images are mounted
- asec_image_file : the actual encrypted apks under
                    /data/app-asec

Change-Id: I963472add1980ac068d3a6d36a24f27233022832
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
2012-10-22 14:14:11 -04:00
William Roberts
c27d30a6ad Correct spelling mistake
Change-Id: If4deccfe740c8de6b88929a0d0439667c3ea340d
2012-09-06 19:38:39 -07:00
rpcraig
e7e65d474f New asec container labeling.
This patchset covers the /mnt/asec variety only.
2012-07-30 14:20:40 -04:00
Stephen Smalley
b9760aa0d5 Only enforce per-app process and file isolation via SELinux for third party apps, not platform apps.
Platform (any of the apps signed by build keys, i.e. platform|release|shared|media) apps expect to be able to share files with each other or with third party apps by passing open files or pathnames over Binder.  Therefore, we switch to only enforcing the per-app process and file isolation via SELinux on third party apps, not platform apps.

Make the platform app domains mlstrustedsubjects so that they can access any files created by third party apps.
Introduce a new platform_app_data_file type for platform apps so that we can mark it as a mlstrustedobject and allow third party apps to read/write files created by the platform apps.
Specify this new type for the platform app entries in seapp_contexts.
Remove levelFromUid=true for the platform apps in seapp_contexts since we are no longer enforcing per-app separation among them.
2012-07-27 11:07:09 -04:00
hqjiang
4c06d273bc Target the denials/policies over qtaguid file and device: 1. Relabel /proc/net/xt_qtaguid/ctrl from "qtaguid" to "qtaguid_proc"; 2. Label /dev/xt_qtaguid with "qtaguid_device"; 3. Allow mediaserver read/[write] to qtaguid_proc and qtaguid_device; 4. Allow media apps read/[write] to qtaguid_proc and qtaguid_device; 5. Allow system read/[write] to qtaguid_proc and qtaguid_device.
Actually, some of policies related to qtaguid have been there already, but
we refind existing ones and add new ones.
2012-07-19 16:11:24 -04:00
hqjiang
20d6963ac2 allow camera calibration 2012-07-19 16:09:58 -04:00
hqjiang
81039ab556 Corrected denials for LocationManager when accessing gps over uart. 2012-07-12 09:27:40 -04:00
Stephen Smalley
e4682a63ab Allow apps to write to /proc/net/xt_qtaguid/ctrl. 2012-06-27 08:54:53 -04:00
Stephen Smalley
6c39ee00e1 Make wallpaper_file a mlstrustedobject to permit writes from any app level. 2012-06-27 08:50:27 -04:00
William Roberts
7fa2f9e0f5 Policy for hci_attach service. 2012-05-31 09:40:12 -04:00
Stephen Smalley
a883c38637 Allow apps to write to anr_data_file for /data/anr/traces.txt. 2012-04-04 16:00:11 -04:00
Stephen Smalley
f7948230ef Integrate nfc_power and rild rules from tuna sepolicy by Bryan Hinton. 2012-03-19 15:58:11 -04:00
Stephen Smalley
f6cbbe255b Introduce a separate wallpaper_file type for the wallpaper file. 2012-03-19 10:29:36 -04:00
Stephen Smalley
59d28035a1 Introduce a separate apk_tmp_file type for the vmdl.*\.tmp files. 2012-03-19 10:24:52 -04:00
Stephen Smalley
c83d0087e4 Policy changes to support running the latest CTS. 2012-03-07 14:59:01 -05:00
Stephen Smalley
2dd4e51d5c SE Android policy. 2012-01-04 12:33:27 -05:00