Commit graph

26 commits

Author SHA1 Message Date
Jeff Sharkey
4ab2983596 am 35e8dcc9: Merge "Let vold mount OBB files on external storage." into klp-dev
* commit '35e8dcc9ba40c6419f63d0a516c0995d3064f96e':
  Let vold mount OBB files on external storage.
2013-11-14 16:26:18 -08:00
Jeff Sharkey
80176dc445 Let vold mount OBB files on external storage.
Fixes this specific violation:

type=1400 audit(1384468728.202:16): avc:  denied { read write } for
pid=271 comm="vold" name="test1.obb" dev="fuse" ino=3100664872
scontext=u:r:vold:s0 tcontext=u:object_r:sdcard_internal:s0
tclass=file

Bug: 11693888
Change-Id: I45d30ecabdf0bc8871f3dd67b5695ac909109d9a
2013-11-14 16:11:56 -08:00
Jeff Sharkey
1d5176cd91 am 2abfe7d4: Allow vold to invoke blkid, use external ASECs.
* commit '2abfe7d4f72b0265b1dec31e675650c77998f4d6':
  Allow vold to invoke blkid, use external ASECs.
2013-10-17 18:48:46 -07:00
Jeff Sharkey
2abfe7d4f7 Allow vold to invoke blkid, use external ASECs.
Bug: 11175082
Change-Id: Ic1bd15e8729583be199551ec6baeb4acaf46c210
2013-10-17 15:17:30 -07:00
Nick Kralevich
d045e564aa Partially revert 4fc702eccf.
It's questionable whether this change is actually needed,
and it only affects one user (who's /data partition was
created oddly).

Revert it for now (in master) to see if we get more reports
of this bug.

Bug: 11149726
Change-Id: I9b5408306b55653b2b9d43e68e7c771b72662649
2013-10-14 13:00:12 -07:00
Geremy Condra
4fc702eccf DO NOT MERGE Fix denials seen during device upgrade.
Fixes:
denied  { relabelto } for  pid=721 comm="PackageManager" name="vmdl-112554949.tmp" dev="mmcblk0p30" ino=712747 scontext=u:r:system:s0 tcontext=u:object_r:apk_private_tmp_file:s0 tclass=file
denied  { create } for  pid=240 comm="vold" name="smdl2tmp1.asec" scontext=u:r:vold:s0 tcontext=u:object_r:system_data_file:s0 tclass=file

Bug: 11149726
Change-Id: Iddc7592c757375a961f0d392c27622073c141b36
2013-10-09 18:36:29 -07:00
Geremy Condra
13a74a3aea Merge "Allow vold to start and stop processes via init" into klp-dev 2013-09-11 23:03:05 +00:00
Geremy Condra
7eb786bca2 Give vold the capability to kill.
Bug: 10706792
Change-Id: I85085ab7a6f0f3d12ba4d2b21b655bb64795495f
2013-09-11 10:19:10 -07:00
Ken Sumrall
4974855824 Allow vold to start and stop processes via init
This is needed for the new fuse wrapped sdcard support.

bug: 10330128

Change-Id: Ic5ebc769d376bf061d237616e56bcd562a63c6be
2013-09-10 17:06:58 -07:00
Alex Klyubin
b25fe91e25 Grant fsetid Linux capability to vold.
This fixes the issue where paid apps failed to install via Google
Play with "Package file has a bad manifest" error. The issue appears
to be caused by vold being prevented by SELinux policy from setting
the setgid bit on the ASEC container directory into which the APK is
decrypted. As a result, the APK is not readable to PackageParser.

Bug: 9736808
Change-Id: I07546a9f9caac3de8b720499bd1bf1604edea0fe
2013-07-08 15:48:36 -07:00
Nick Kralevich
7914a47f05 Enable SELinux on vold
This change enables SELinux security enforcement on vold.

For the vold.te file ONLY, this change is conceptually a revert of
77d4731e9d and
50e37b93ac, with the following
additional changes:

1) Removal of "allow vold proc:file write;" and
"allow vold self:capability { sys_boot };". As of system/vold
change adfba3626e76c1931649634275d241b226cd1b9a, vold no longer
performs it's own reboots, so these capabilities are no longer
needed.

2) Addition of the powerctl property, which vold contacts to
tell init to reboot.

3) Removal of "allow vold kernel:system module_request;". As of
CTS commit f2cfdf5c057140d9442fcfeb4e4a648e8258b659, Android
devices no longer ship with loadable modules, hence we don't
require this rule.

4) Removal of "fsetid" from "self:capability". Any setuid / setgid
bits SHOULD be cleared if vold is able to change the permissions
of files. IMHO, it was a mistake to ever include this capability in
the first place.

Testing: As much as possible, I've tested filesystem related
functionality, including factory reset and device encryption.
I wasn't able to test fstrim functionality, which is a fairly
new feature.  I didn't see any policy denials in dmesg. It's quite
possible I've missed something. If we experience problems, I
happy to roll back this change.

Bug: 9629920
Change-Id: I683afa0dffe9f28952287bfdb7ee4e0423c2e97a
2013-06-28 20:41:16 -07:00
repo sync
77d4731e9d Make all domains unconfined.
This prevents denials from being generated by the base policy.
Over time, these rules will be incrementally tightened to improve
security.

Change-Id: I4be1c987a5d69ac784a56d42fc2c9063c402de11
2013-05-20 11:08:05 -07:00
repo sync
50e37b93ac Move domains into per-domain permissive mode.
Bug: 4070557
Change-Id: I027f76cff6df90e9909711cb81fbd17db95233c1
2013-05-14 21:36:32 -07:00
Alex Klyubin
c25023e1fa Merge "SELinux policy: let vold write to device:dir." into jb-mr2-dev 2013-05-10 20:05:19 +00:00
Alex Klyubin
7de339a16a SELinux policy: let vold create /data/tmp_mnt
Change-Id: I40f3ccd9813e0a337ced0a44e686ab489277d78b
2013-05-09 17:33:49 -07:00
Alex Klyubin
d050c79b64 SELinux policy: let vold write to device:dir.
I have no idea what vold is doing when this operation is attempted
(when a full-disk encrypted device is booting up). Thus, I don't know
if there is a better way of restricting the policy.

Change-Id: I537b70b1abb73c36e5abf0357b766292f625e1af
2013-05-09 17:07:22 -07:00
Alex Klyubin
77ec892be6 SELinux policy for users of libcutils klog_write.
klog_write/init create /dev/__kmsg__ backed by a kernel character
device, keep the file descriptor, and then immediately unlink the
file.

Change-Id: I729d224347a003eaca29299d216a53c99cc3197c
2013-05-09 12:39:32 -07:00
Alex Klyubin
c341f23e1c SELinux policy: let vold setsched of kernel processes.
Change-Id: I2b7bf3037c94de4fecf3c3081497e0ac1dfef8a9
2013-05-08 14:41:45 -07:00
Alex Klyubin
3b5923fe1b SELinux policy granting vold the capability to reboot.
vold reboots needs to reboot the system when it succeeds or fails to
encrypt partitions.

Change-Id: Ibb1a5378228be60215162ae248e6c1049a16b830
2013-05-08 12:42:50 -07:00
William Roberts
7bb2a55c47 Give domains read access to security_file domain.
/data/security is another location that policy
files can reside. In fact, these policy files
take precedence over their rootfs counterparts
under certain circumstances. Give the appropriate
players the rights to read these policy files.

Change-Id: I9951c808ca97c2e35a9adb717ce5cb98cda24c41
2013-04-05 13:11:23 -07:00
Stephen Smalley
0e856a02cb Allow all domains to read /dev symlinks.
Change-Id: I448a5553937a98775178b94f289ccb45ae862876
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-04-05 13:10:05 -07:00
William Roberts
c195ec3148 Split internal and external sdcards
Two new types are introduced:
sdcard_internal
sdcard_external

The existing type of sdcard, is dropped and a new attribute
sdcard_type is introduced.

The boolean app_sdcard_rw has also been changed to allow for
controlling untrusted_app domain to use the internal and external
sdcards.

Change-Id: Ic7252a8e1703a43cb496413809d01cc6cacba8f5
2013-03-22 15:26:39 -04:00
rpcraig
7672eac5fb Add SELinux policy for asec containers.
Creates 2 new types:
- asec_apk_file : files found under /mnt/asec
                  when the asec images are mounted
- asec_image_file : the actual encrypted apks under
                    /data/app-asec

Change-Id: I963472add1980ac068d3a6d36a24f27233022832
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
2012-10-22 14:14:11 -04:00
Stephen Smalley
1c7351652c Address various denials introduced by JB/4.1. 2012-07-12 13:26:15 -04:00
Stephen Smalley
124720a697 Add policy for property service.
New property_contexts file for property selabel backend.
New property.te file with property type declarations.
New property_service security class and set permission.
Allow rules for setting properties.
2012-04-04 10:11:16 -04:00
Stephen Smalley
2dd4e51d5c SE Android policy. 2012-01-04 12:33:27 -05:00