This hidl service provides functionality for oem networking
configuration to vendor services which is required by
at least some vendor radio modules.
Test: VtsHalNetNetdV1_0TargetTest, netd_integration_test, netd_unit_test
Test: no denials
Bug: 36682246
Change-Id: I86ac9082166b406b2fc814972375ba737460ad7b
Relax neverallow rule restricting binder access to/from netd so that
netd can export hwbinder services to vendor components.
Continue to disallow app access to netd via binder.
Bug: 36682246
Test: build
Merged-In: I8e558ea1add6c36b966ec1da204062ea82df3f3f
Change-Id: I063df6dded94d8b0f5214b2c94c4f46bdafb03d7
Relax neverallow rule restricting binder access to/from netd so that
netd can export hwbinder services to vendor components.
Continue to disallow app access to netd via binder.
Bug: 36682246
Test: build
Change-Id: I8e558ea1add6c36b966ec1da204062ea82df3f3f
This attribute is being actively removed from policy. Since
attributes are not being versioned, partners must not be able to
access and use this attribute. Move it from private and verify in
the logs that rild and tee are not using these permissions.
Bug: 38316109
Test: build and boot Marlin
Test: Verify that rild and tee are not being granted any of these
permissions.
Merged-In: I31beeb5bdf3885195310b086c1af3432dc6a349b
Change-Id: I31beeb5bdf3885195310b086c1af3432dc6a349b
(cherry picked from commit 76aab82cb3)
This was previously relying on domain_deprecated rules deleted in
change I588a1e7ea7ef984907b79a5a391efb2dcd6e6431.
Bug: 28760354
Test: unbreaks networking on AOSP bullhead
Change-Id: I873e1f08f72104dee7509e45b1db0b284ca56085
This change must only be submitted when device-specific policies
have been reverted.
This reverts commit 07e631d2e0.
Bug: 17613910
Test: builds
Change-Id: Ie33e293107bf1eba2498f2422d941544c76b8cad
Merged-In: I356c39a5dc955b3d7c28d8c7baf2887a17beb272
This change did not make it into core sepolicy in time for O.
The revert allows devices to define these selinux policies in
vendor-specific sepolicy instead of core sepolicy. It is
necessary because:
1. It is too late to change property_contexts in O.
2. Adding the netd_stable_secret prop to vendor sepolicy results
in a duplicate definition error at compile time.
3. Defining a new vendor-specific context (such as
net_stable_secret_vendor_prop) and applying it to
persist.netd.stable_secret results in the device not booting
due to attempting to apply two different contexts to the same
property.
Lack of the sepolicy no longer breaks wifi connectivity now that
IpManager no longer considers failure to set the stable secret to
be a fatal error.
Once all interested devices have adopted the vendor sepolicy,
this policy can safely be reinstated by reverting said vendor
sepolicies in internal master.
This reverts commit abb1ba6532.
Bug: 17613910
Test: bullhead builds, boots, connects to wifi
Change-Id: Idffcf78491171c54bca9f93cb920eab9b1c47709
This is used to persist RFC 7217 stable secrets across device reboots.
First submit caused a merge conflict. This revision replaces netd_prop
with a more unique name netd_stable_secret_prop.
Test: as follows
- Manually tested that stable_secret is generated on first use and
persists until reset of user data partition (factory reset).
- Tested that "adb shell getprop" was denied access to
persist.netd.stable_secret after running "adb unroot".
Bug: 17613910
Change-Id: I0a609c724799a15b1926e62534c16810d34f2275
This broke the build on master. See b/17613910#comment17
for details.
This reverts commit ef1fd98b6a.
Change-Id: I11f7d463061a9b6340c11827135586266e26f016
This is used to persist RFC 7217 stable secrets across device reboots.
Test: as follows
- Manually tested that stable_secret is generated on first use and
persists until reset of user data partition (factory reset).
- Tested that "adb shell getprop" was denied access to
persist.netd.stable_secret after running "adb unroot".
Bug: 17613910
Change-Id: I4dad00fb189d697aceaffae49ad63987c7e45054
This attribute is being actively removed from policy. Since
attributes are not being versioned, partners must not be able to
access and use this attribute. Move it from private and verify in
the logs that rild and tee are not using these permissions.
Bug: 38316109
Test: build and boot Marlin
Test: Verify that rild and tee are not being granted any of these
permissions.
Change-Id: I31beeb5bdf3885195310b086c1af3432dc6a349b
Relabeling /vendor and /system/vendor to vendor_file removed
previously granted permissions. Restore these for non-treble devices.
Addresses:
avc: denied { execute_no_trans } for pid=2944 comm="dumpstate"
path="/system/vendor/bin/wpa_cli" dev="mmcblk0p10" ino=1929
scontext=u:r:dumpstate:s0 tcontext=u:object_r:vendor_file:s0
tclass=file
And potentially some other bugs that have yet to surface.
Bug: 37105075
Test: build Fugu
Change-Id: I8e7bd9c33819bf8206f7c110cbce72366afbcef8
Remove system_file:file { lock ioctl } from domain_deprecated. The only
domains triggering this were dex2oat and netd, which are fixed in this
change.
Addresses the following logspam similar to:
avc: granted { lock } for comm="iptables"
path="/system/etc/xtables.lock" dev="sda22" ino=3745
scontext=u:r:netd:s0 tcontext=u:object_r:system_file:s0 tclass=file
avc: granted { lock } for comm="dex2oat"
path="/system/framework/arm/boot-okhttp.art" dev="dm-0" ino=1295
scontext=u:r:dex2oat:s0 tcontext=u:object_r:system_file:s0 tclass=file
Test: device boots and no obvious problems.
Bug: 28760354
Bug: 36879751
Change-Id: Iac851c0e49a52ce4000fdfe16e68c17ff819693f
In order to perform XFRM operations NetD needs the
ability to both read and write Netlink XFRM messages.
Bug: 34811756
Test: 34812052
Change-Id: I26831c58b24a4c1f344b113f0b5cf47ed2c93fee
(cherry picked from commit 7eb3dd3b02)
In order to perform XFRM operations NetD needs the
ability to both read and write Netlink XFRM messages.
Bug: 34811756
Test: 34812052
Change-Id: I26831c58b24a4c1f344b113f0b5cf47ed2c93fee
No SELinux domains can create dccp_socket instances, so it doesn't make
any sense to allow netd to minipulate already-open dccp sockets.
Bug: 35784697
Test: policy compiles.
Change-Id: I189844462cbab58ed58c24fbad6a392f6b035815
Introduce the add_service() macro which wraps up add/find
permissions for the source domain with a neverallow preventing
others from adding it. Only a particular domain should
add a particular service.
Use the add_service() macro to automatically add a neverallow
that prevents other domains from adding the service.
mediadrmserver was adding services labeled mediaserver_service.
Drop the add permission as it should just need the find
permission.
Additionally, the macro adds the { add find } permission which
causes some existing neverallow's to assert. Adjust those
neverallow's so "self" can always find.
Test: compile and run on hikey and emulator. No new denials were
found, and all services, where applicable, seem to be running OK.
Change-Id: Ibbd2a5304edd5f8b877bc86852b0694732be993c
Signed-off-by: William Roberts <william.c.roberts@intel.com>
Remove /proc/net access to domain_deprecated. Add it to domains where it
was missing before.
Other than these domains, SELinux denial monitoring hasn't picked up any
denials related to /proc/net
Bug: 28760354
Test: Device boots
Test: No unexpected denials in denial collection logs.
Change-Id: Ie5bfa4bc0070793c1e8bf3b00676fd31c08d426a
Divide policy into public and private components. This is the first
step in splitting the policy creation for platform and non-platform
policies. The policy in the public directory will be exported for use
in non-platform policy creation. Backwards compatibility with it will
be achieved by converting the exported policy into attribute-based
policy when included as part of the non-platform policy and a mapping
file will be maintained to be included with the platform policy that
maps exported attributes of previous versions to the current platform
version.
Eventually we would like to create a clear interface between the
platform and non-platform device components so that the exported policy,
and the need for attributes is minimal. For now, almost all types and
avrules are left in public.
Test: Tested by building policy and running on device.
Change-Id: Idef796c9ec169259787c3f9d8f423edf4ce27f8c
