Create a new m4 macro called userdebug_or_eng. Arguments
passed to this macro are only emitted if we're performing
a userdebug or eng build.
Merge shell.te and shell_user.te and eliminate duplicate
lines. Same for su.te and su_user.te
Change-Id: I8fbabca65ec392aeafd5b90cef57b5066033fad0
ping in Android no longer requires any additional privileges beyond
the caller. Drop the ping domain and executable file type entirely.
Also add net_domain() to shell domain so that it can create and
use network sockets.
Change-Id: If51734abe572aecf8f510f1a55782159222e5a67
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Confine the domain for an adb shell in -user builds only.
The shell domain in non-user builds is left permissive.
init_shell (shell spawned by init, e.g. console service)
remains unconfined by this change.
Introduce a shelldomain attribute for rules common to all shell
domains, assign it to the shell types, and add shelldomain.te for
its rules.
Change-Id: I01ee2c7ef80b61a9db151abe182ef9af7623c461
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Confine run-as (but leave permissive for now) and add
other allow rules required for the use of run-as and ndk-gdb
functionality.
Change-Id: Ifae38233c091cd34013e98830d72aac4c4adcae0
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Also make su and shell permissive in non-user builds to allow
use of setenforce without violating the neverallow rule.
Change-Id: Ie76ee04e90d5a76dfaa5f56e9e3eb7e283328a3f
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Some file types used as domain entrypoints were missing the
exec_type attribute. Add it and add a neverallow rule to
keep it that way.
Change-Id: I7563f3e03940a27ae40ed4d6bb74181c26148849
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This prevents denials from being generated by the base policy.
Over time, these rules will be incrementally tightened to improve
security.
Change-Id: I4be1c987a5d69ac784a56d42fc2c9063c402de11
Read access to /dev/log/* is no longer restricted.
Filtering on reads is performed per-uid by the kernel logger driver.
Change-Id: Ia986cbe66b84f3898e858c60f12c7f3d63ac47cf
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Two new types are introduced:
sdcard_internal
sdcard_external
The existing type of sdcard, is dropped and a new attribute
sdcard_type is introduced.
The boolean app_sdcard_rw has also been changed to allow for
controlling untrusted_app domain to use the internal and external
sdcards.
Change-Id: Ic7252a8e1703a43cb496413809d01cc6cacba8f5
Add policy for run-as program and label it in file_contexts.
Drop MLS constraints on local socket checks other than create/relabel
as this interferes with connections with services, in particular for
adb forward.
Change-Id: Ib0c4abeb7cbef559e150a620c45a7c31e0531114
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
New property_contexts file for property selabel backend.
New property.te file with property type declarations.
New property_service security class and set permission.
Allow rules for setting properties.
