tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
23826 commits 1 branch 0 tags 50 MiB
Commit graph

5074 commits

Author SHA1 Message Date
Automerger Merge Worker
b196561251 Merge "reland: untrusted_app_29: add new targetSdk domain" am: db60355f94 am: 1a0201f032 am: 3bfc8f3858 
Change-Id: I736145f84fc7860512156c7401f4f67bee1b1202
 2020-01-22 15:25:42 +00:00
Jeffrey Vander Stoep
db60355f94 Merge "reland: untrusted_app_29: add new targetSdk domain" 2020-01-22 14:43:36 +00:00
Jeff Vander Stoep
1f7ae8ee3f reland: untrusted_app_29: add new targetSdk domain 
Enforce new requirements on app with targetSdkVersion=30 including:
- No RTM_GETLINK on netlink route sockets.

Remove some of the repetitive descriptions in each untrusted_app_N.te
file, and instead refer to the description in
public/untrusted_app.te.

Bug: 141455849
Test: CtsSelinuxTargetSdkCurrentTestCases
Test: libcore.java.net.NetworkInterfaceTest#testGetNetworkInterfaces
Change-Id: I89553e48db3bc71f229c71fafeee9005703e5c0b
 2020-01-22 09:47:53 +00:00
Automerger Merge Worker
27599308a9 Merge "Update linkerconfig to generate APEX binary config" am: fa8bcd3d29 am: acfb6c7a1a am: 9ad5c5c93f 
Change-Id: Id2e43c896fdc2d80c36d5c95f771aba1515209ef
 2020-01-22 08:28:36 +00:00
Kiyoung Kim
fa8bcd3d29 Merge "Update linkerconfig to generate APEX binary config" 2020-01-22 07:58:43 +00:00
Automerger Merge Worker
f202905ef2 Merge "priv_app: Remove permissions for selinuxfs" am: ffd496776a am: 6277ff1c53 am: be2679723d 
Change-Id: Icc05020aa43cbb839a5c162422ec5042a9c52c31
 2020-01-22 02:11:37 +00:00
Ashwini Oruganti
db553aa416 priv_app: Remove permissions for selinuxfs 
Looking at go/sedenials, we see this permission being used by
MediaProvider like so:

type=1400 audit(0.0:3651): avc: granted { getattr } for comm=4173796E635461736B202331 path="/sys/fs/selinux/class/tipc_socket/perms/recvfrom" dev="selinuxfs" ino=67111391 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:selinuxfs:s0 tclass=file app=com.google.android.providers.media.module

... and numerous other directories, apparently from a filesystem walk.

It appears that this permission should not be granted to all priv-apps
now that GMS core has been split out into its own domain. This change
removes the permission for the priv_app domain and the corresponding
auditallow.

Bug: 147833123
Test: TH
Change-Id: I88146785c7ac3a8c15fe9b5f34f05d936f08ea48
 2020-01-21 15:30:12 -08:00
Automerger Merge Worker
9c853aebbf Merge "Allow isolated_app to use TCP and UDP sockets brokered over IPC." am: 3689c1481a am: 72fc061517 am: 6951ed98f3 
Change-Id: I74992fff78fa7e9af2472be634f4c322f716b7bb
 2020-01-21 22:43:29 +00:00
Automerger Merge Worker
a31d2c4b54 Merge "More neverallows for default_android_service." am: 64c8ddb123 am: 41e8d29253 am: 771c280d2b 
Change-Id: I6a0f371a6fc11470bb3440afc3eb1ada24c1595f
 2020-01-21 22:42:02 +00:00
Robert Sesek
3689c1481a Merge "Allow isolated_app to use TCP and UDP sockets brokered over IPC." 2020-01-21 21:38:40 +00:00
Steven Moreland
64c8ddb123 Merge "More neverallows for default_android_service." 2020-01-21 21:31:57 +00:00
Automerger Merge Worker
11c6f60e2f Merge "Add sysprop for init's perf_event_open LSM hook check" am: c9cc4001e4 am: 0aa85a1806 am: d33a22ff31 
Change-Id: I67fa733b4c0ffa504cfb3af7a63e23995b2cd792
 2020-01-21 21:04:17 +00:00
Automerger Merge Worker
ebf15a6584 Sepolicy update for Automotive Display Service am: 741b9cd5ac am: 8f52ce8bea am: 2f75747305 
Change-Id: If1d84379a1205c6dddf97fcf2eb8d2ca19f2732a
 2020-01-21 21:04:03 +00:00
Ryan Savitski
c9cc4001e4 Merge "Add sysprop for init's perf_event_open LSM hook check" 2020-01-21 20:40:50 +00:00
Steven Moreland
a30464c06e More neverallows for default_android_service. 
We don't want to accidentally allow this, and a neverallow also means
that the issue will be found during development, instead of review.

Fixes: 148081219
Test: compile policy only
Change-Id: I57990a2a4ab9e5988b09dae2dd6a710ce8f53800
 2020-01-21 11:13:22 -08:00
Ryan Savitski
52b3d315a2 Add sysprop for init's perf_event_open LSM hook check 
Written exclusively by init. Made it readable by shell for CTS, and for
easier platform debugging.

Bug: 137092007
Change-Id: Ia5b056117502c272bc7169661069d0c8020695e2
 2020-01-21 19:03:33 +00:00
Haoxiang Li
741b9cd5ac Sepolicy update for Automotive Display Service 
Bug: 140395359
Test: make sepolicy -j
Change-Id: Ib6ddf55210d8a8ee4868359c88e3d177edce9610
Signed-off-by: Changyeon Jo <changyeon@google.com>
 2020-01-21 18:43:27 +00:00
Automerger Merge Worker
0dcb0cd7da Revert "untrusted_app_29: add new targetSdk domain" am: 1d241db7e5 am: c5cc25ec03 am: 7900c7f08b 
Change-Id: I7c74fbbb7b2546eccd0d30b34d6db52432048c34
 2020-01-21 12:59:40 +00:00
Santiago Seifert
1d241db7e5 Revert "untrusted_app_29: add new targetSdk domain" 
This reverts commit a1aa2210a9.

Reason for revert: Potential culprit for Bug b/148049462 - verifying through Forrest before revert submission

Change-Id: Ibe4fa1dee84defde324deca87d9de24a1cc2911a
 2020-01-21 11:35:24 +00:00
Automerger Merge Worker
0f4d8b13f3 untrusted_app_29: add new targetSdk domain am: a1aa2210a9 am: cc7cc7b562 am: 49303f5f68 
Change-Id: I58c2959d4598ea418fa63ad1cf9dba9886100d1f
 2020-01-20 19:22:53 +00:00
Jeff Vander Stoep
a1aa2210a9 untrusted_app_29: add new targetSdk domain 
Enforce new requirements on app with targetSdkVersion=30 including:
- No bind() on netlink route sockets.
- No RTM_GETLINK on netlink route sockets.

Remove some of the repetitive descriptions in each untrusted_app_N.te
file, and instead refer to the description in
public/untrusted_app.te.

Bug: 141455849
Test: CtsSelinuxTargetSdkCurrentTestCases
Change-Id: Iad4d142c0c13615b4710d378bc1feca4d125b6cc
 2020-01-20 15:31:52 +01:00
Kiyoung Kim
b55d444c40 Update linkerconfig to generate APEX binary config 
Linkerconfig should generate multiple linker configurations for APEX
with binaries. To meet this requirement, linkerconfig should be able to
create sub-directories per APEX module with binary, and also
linkerconfig should be able to scan APEX directories.

Bug: 147987608
Test: m -j passed && No sepolicy error from cuttlefish
Change-Id: I804a8e6121f647dfb1778c564649a33e4547a24a
 2020-01-20 13:40:08 +09:00
Automerger Merge Worker
e77bbe54cd Merge "Make the sepolicy for gsid cleaner" am: 6ec3b17b43 am: 24beb9b5c5 am: 54b47f91df 
Change-Id: Ifc2e57ccf643131d2995193185cb42289986f27a
 2020-01-20 03:12:21 +00:00
Howard Chen
6ec3b17b43 Merge "Make the sepolicy for gsid cleaner" 2020-01-20 02:47:39 +00:00
Automerger Merge Worker
3f9c826675 Merge "access_vectors: remove flow_in and flow_out permissions from packet class" am: 73ed785807 am: 1a5f34195b am: d2950af40a 
Change-Id: I264ecd1391ddfa09dcf3e0bc838ef32d48504b55
 2020-01-19 14:44:16 +00:00
Treehugger Robot
73ed785807 Merge "access_vectors: remove flow_in and flow_out permissions from packet class" 2020-01-19 14:17:58 +00:00
Automerger Merge Worker
0a4efab2c8 Merge "Add policies for permission APEX data directory." am: 4f0bf97b41 am: 587e49e0be am: 2f9d693267 
Change-Id: I9371d5e90bae97ce272d4619655864f232c5c5a3
 2020-01-18 00:15:31 +00:00
Treehugger Robot
4f0bf97b41 Merge "Add policies for permission APEX data directory." 2020-01-17 23:45:54 +00:00
Automerger Merge Worker
4ba36837ee Merge "Add rules for an unix domain socket for system_server" am: d1b9526ea0 am: 0542be7d19 am: ba4e8fd064 
Change-Id: If8f56000150447ef7930161f8c5d24c03525f483
 2020-01-17 22:30:22 +00:00
Jing Ji
d1b9526ea0 Merge "Add rules for an unix domain socket for system_server" 2020-01-17 18:53:19 +00:00
Howard Chen
e978947408 Make the sepolicy for gsid cleaner 
Test: compile pass

Change-Id: Id147035df1685134938b70f07599e6cecbdbb6f4
 2020-01-17 14:23:53 +08:00
Automerger Merge Worker
33ab8cc64c Merge "priv_app: Remove permission to read from /data/anr/traces.txt" am: 2e5ce26f17 am: 33f9e754c9 am: 872c4b45fa 
Change-Id: I331958d39217c4373ffb851e2ebd54c4d8c24f5f
 2020-01-17 03:48:48 +00:00
Automerger Merge Worker
bf901f86b8 Merge "priv_app: Remove rules for ota_package_file" am: 71be259d73 am: 0f41baddc1 am: bb1f2cc7c2 
Change-Id: I540a4a3c532727bddb8100cfbfc931f1a33b6041
 2020-01-17 03:48:22 +00:00
Automerger Merge Worker
71f99e2eae Use vndk_prop for old vndk properties am: 291d6b379d am: ab605560e5 am: 03722182c2 
Change-Id: If429c741d07734dde446beed088bcbf5912af03d
 2020-01-17 03:47:47 +00:00
Automerger Merge Worker
6cd478a281 Merge "access_vectors: remove incorrect comment about mac_admin" am: abba8e600e am: 310719d3ea am: 916ce82fe2 
Change-Id: Ie899cd8e77651cb8fff71f5b5bf7a8f04b9d02f2
 2020-01-17 03:47:10 +00:00
Automerger Merge Worker
41acac375f Merge "Add selinux contexts for system_config_service" am: 13722174b7 am: 4d6ca6c90f am: f3d9a24c68 
Change-Id: Idee54847e68ab5dd61802f55e9b769ca216c6e62
 2020-01-17 03:46:11 +00:00
Treehugger Robot
2e5ce26f17 Merge "priv_app: Remove permission to read from /data/anr/traces.txt" 2020-01-17 01:10:45 +00:00
Treehugger Robot
71be259d73 Merge "priv_app: Remove rules for ota_package_file" 2020-01-17 00:57:15 +00:00
Justin Yun
291d6b379d Use vndk_prop for old vndk properties 
For vndk related properties, use vndk_prop context.
vndk_prop can be defined by 'init' and 'vendor_init', but free to
read by any processes.

Bug: 144534640
Test: check boot to see if the VNDK properties are readable
Change-Id: Ifa2bb0ce6c301ea2071e25ac4f7e569ea3ce5d83
 2020-01-17 00:24:20 +00:00
Treehugger Robot
abba8e600e Merge "access_vectors: remove incorrect comment about mac_admin" 2020-01-17 00:22:26 +00:00
Jing Ji
2b12440ff7 Add rules for an unix domain socket for system_server 
System_server will listen on incoming packets from zygotes.

Bug: 136036078
Test: atest CtsAppExitTestCases:ActivityManagerAppExitInfoTest
Change-Id: I42feaa317615b90c5277cd82191e677548888a71
 2020-01-16 16:09:48 -08:00
Hai Zhang
f301cd299b Add policies for permission APEX data directory. 
Bug: 136503238
Test: presubmit
Change-Id: I636ab95070df4c58cf2c98b395d99cb807a7f243
 2020-01-16 16:08:55 -08:00
Automerger Merge Worker
ac2dd1ad0d Merge "stable aidl Power HAL policy" am: fbe4afa7aa am: 4cb024e790 am: 03a1842686 
Change-Id: I83dd34152278d0b38ee50525950e06f7d77925d7
 2020-01-16 23:09:09 +00:00
Ashwini Oruganti
565c685b35 priv_app: Remove permission to read from /data/anr/traces.txt 
We added an auditallow for this permission on 12/17/2019, and have not
seen any recent logs for this in go/sedenials. No other priv-app should
rely on this now that gmscore is running in its own domain.

Bug: 147833123
Test: TH
Change-Id: I96f810a55e0eb8f3778aea9598f6437de0f65c7f
 2020-01-16 14:42:43 -08:00
Treehugger Robot
13722174b7 Merge "Add selinux contexts for system_config_service" 2020-01-16 22:41:42 +00:00
Wei Wang
fbe4afa7aa Merge "stable aidl Power HAL policy" 2020-01-16 22:35:42 +00:00
Ashwini Oruganti
d61b0ce1bc priv_app: Remove rules for ota_package_file 
We added auditallows for these permissions on 12/16/2019, and have not
seen any recent logs for this in go/sedenials. No other priv-app should
rely on this now that gmscore is running in its own domain.

Bug: 147833123
Test: TH
Change-Id: I4789b29462ef561288aeaabbdb1e57271d5fcd2a
 2020-01-16 14:20:12 -08:00
Automerger Merge Worker
0c4d795cff Merge "Allow adbd to set/get persist.adb props, system_server to get." am: bda9c33ab1 am: ab5895c272 am: 5f4f8d2429 
Change-Id: I96461e7603898fa71dac94fa8e31018173c46ac1
 2020-01-16 18:34:35 +00:00
Joshua Duong
bda9c33ab1 Merge "Allow adbd to set/get persist.adb props, system_server to get." 2020-01-16 17:43:39 +00:00
Automerger Merge Worker
f885e40ddf Merge "system_server: TelephonyManager reads /proc/cmdline" am: 834c964d66 am: 557a90196b am: f255e9a434 
Change-Id: Ia3cf3a8ba62dda53031aa3470768e88b7236af0b
 2020-01-16 16:20:34 +00:00