Commit graph

9 commits

Author SHA1 Message Date
Jeff Vander Stoep
d22987b4da Create attribute for moving perms out of domain
Motivation: Domain is overly permissive. Start removing permissions
from domain and assign them to the domain_deprecated attribute.
Domain_deprecated and domain can initially be assigned to all
domains. The goal is to not assign domain_deprecated to new domains
and to start removing domain_deprecated where it is not required or
reassigning the appropriate permissions to the inheriting domain
when necessary.

Bug: 25433265
Change-Id: I8b11cb137df7bdd382629c98d916a73fe276413c
2015-11-03 23:11:11 +00:00
Tim Kilbourn
2133c2a167 Update selinux for inputflinger
Allow CAP_BLOCK_SUSPEND
Allow reading /dev/input/*

Change-Id: I869a4921e024702300aa9ecba9cdf84ae2b6edac
2015-03-24 15:31:47 -07:00
dcashman
cd82557d40 Restrict service_manager find and list access.
All domains are currently granted list and find service_manager
permissions, but this is not necessary.  Pare the permissions
which did not trigger any of the auditallow reporting.

Bug: 18106000
Change-Id: Ie0ce8de2af8af2cbe4ce388a2dcf4534694c994a
2014-12-15 10:09:24 -08:00
Riley Spahn
b8511e0d98 Add access control for each service_manager action.
Add SELinux MAC for the service manager actions list
and find. Add the list and find verbs to the
service_manager class. Add policy requirements for
service_manager to enforce policies to binder_use
macro.

Change-Id: I224b1c6a6e21e3cdeb23badfc35c82a37558f964
2014-07-14 11:09:27 -07:00
Stephen Smalley
701aebb59c Make inputflinger enforcing.
Change-Id: I99f93e4dd5dc1f43291c46f6ed07e51097613689
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-06-13 12:14:10 +00:00
Riley Spahn
f90c41f6e8 Add SELinux rules for service_manager.
Add a service_mananger class with the verb add.
Add a type that groups the services for each of the
processes that is allowed to start services in service.te
and an attribute for all services controlled by the service
manager. Add the service_contexts file which maps service
name to target label.

Bug: 12909011
Change-Id: I017032a50bc90c57b536e80b972118016d340c7d
2014-06-12 20:46:07 +00:00
Stephen Smalley
e06e536388 Allow inputflinger to call system_server.
Resolves denials such as:
avc:  denied  { read } for  pid=752 comm="ActivityManager" name="stat" dev="proc" ino=1878 scontext=u:r:system_server:s0 tcontext=u:r:inputflinger:s0 tclass=file
avc:  denied  { open } for  pid=752 comm="ActivityManager" name="stat" dev="proc" ino=1878 scontext=u:r:system_server:s0 tcontext=u:r:inputflinger:s0 tclass=file
avc:  denied  { search } for  pid=752 comm="ActivityManager" name="214" dev="proc" ino=1568 scontext=u:r:system_server:s0 tcontext=u:r:inputflinger:s0 tclass=dir
avc:  denied  { read } for  pid=752 comm="ActivityManager" name="stat" dev="proc" ino=1878 scontext=u:r:system_server:s0 tcontext=u:r:inputflinger:s0 tclass=file
avc:  denied  { call } for  pid=187 comm="Binder_2" scontext=u:r:inputflinger:s0 tcontext=u:r:system_server:s0 tclass=binder

Change-Id: I099d7dacf7116efa73163245597c3de629d358c1
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-03-21 10:40:56 -04:00
Stephen Smalley
38b7f43021 Make inputflinger permissive or unconfined.
Otherwise we'll never see denials in userdebug or eng builds and
never make progress on confining it.  Of course we cannot truly
test until it is released into AOSP, but this prepares the way
and potentially allows for internal testing and collection of denials.

Change-Id: I800ab23baee1c84b7c4cf7399b17611a62ca6804
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-02-11 09:40:47 -05:00
Nick Kralevich
caa6a32d76 initial inputflinger domain
Add a placeholder domain for inputflinger.
Mark it initially unconfined and enforcing.

Change-Id: I433fd9e1954486136cb8abb084b4e19bb7fc2f19
2013-12-16 08:46:47 -08:00