Allow the non-privileged adb shell user to run strace. Without
this patch, the command "strace /system/bin/ls" fails with the
following error:
shell@android:/ $ strace /system/bin/ls
strace: ptrace(PTRACE_TRACEME, ...): Permission denied
+++ exited with 1 +++
Change-Id: I207fe0f71941bff55dbeb6fe130e636418f333ee
Privileged apps now run in the priv_app domain. Remove permissions
from untrusted_app that were originaly added for GMS core, Finsky, and
Play store.
Bug: 22033466
Change-Id: Ibdce72ad629bfab47de92ac19542e8902e02c8be
23cde8776b removed JIT capabilities
from system_server for user and userdebug builds. Remove the capability
from eng builds to be consistent across build types.
Add a neverallow rule (compile time assertion + CTS test) to verify
this doesn't regress on our devices or partner devices.
Bug: 23468805
Bug: 24915206
Change-Id: Ib2154255c611b8812aa1092631a89bc59a27514b
Occasionally, files get labeled with the domain type rather
than the executable file type. This can work if the author
uses domain_auto_trans() versus init_daemon_domain(). This
will cause a lot of issues and is typically not what the
author intended.
Another case where exec on domain type might occur, is if
someone attempts to execute a /proc/pid file, this also
does not make sense.
To prevent this, we add a neverallow.
Change-Id: I39aff58c8f5a2f17bafcd2be33ed387199963b5f
Signed-off-by: William Roberts <william.c.roberts@intel.com>
To prevent assigning non property types to properties, introduce
a neverallow to prevent non property_type types from being set.
Change-Id: Iba9b5988fe0b6fca4a79ca1d467ec50539479fd5
Signed-off-by: William Roberts <william.c.roberts@intel.com>
Address the following denial:
SELinux E avc: denied { find } for service=drm.drmManager scontext=u:r:bluetooth:s0 tcontext=u:object_r:drmserver_service:s0
This denial is triggered by Bluetooth when MmsFileProvider.java is
using the PduPersister which in turn is using DRM.
Change-Id: I4c077635f8afa39e6bc5e10178c3a7ae3cb6a9ea
Simplify SELinux policy by deleting the procrank SELinux domain.
procrank only exists on userdebug/eng builds, and anyone wanting
to run procrank can just su to root.
Bug: 18342188
Change-Id: I71adc86a137c21f170d983e320ab55be79457c16
Third party vpn apps must receive open tun fd from the framework
for device traffic.
neverallow untrusted_app open perm and auditallow bluetooth
access to see if the neverallow rule can be expanded to include
all of appdomain.
Bug: 24677682
Change-Id: I68685587228a1044fe1e0f96d4dc08c2adbebe78
The update_engine daemon from Brillo is expected to be used also in
Android so move its selinux policy to AOSP.
Put update_engine in the whitelist (currently only has the recovery
there) allowing it to bypass the notallow for writing to partititions
labeled as system_block_device.
Also introduce the misc_block_device dev_type as update_engine in some
configurations may need to read/write the misc partition. Start
migrating uncrypt to use this instead of overly broad
block_device:blk_file access.
Bug: 23186405
Test: Manually tested with Brillo build.
Change-Id: Icf8cdb4133d4bbdf14bacc6c0fa7418810ac307a
vold hasn't use the generic "block_device" label since
commit 273d7ea4ca (Sept 2014), and
the auditallow statement in vold hasn't triggered since that time.
Remove the rule which allows vold access to the generic block_device
label, and remove the vold exception.
Thanks to jorgelo for reminding me about this.
Change-Id: Idd6cdc20f5be9a40c5c8f6d43bbf902a475ba1c9
When service_contexts fails to build, the file is deleted
leaving only the error message for debugging. Build
service_contexts and general variant as a temporary
intermediate before running checkfc.
Change-Id: Ib9dcbf21d0a28700d500cf0ea4e412b009758d5d
Signed-off-by: William Roberts <william.c.roberts@intel.com>
When property_contexts fails to build, the file is deleted
leaving only the error message for debugging. Build
property_contexts and general variant as a temporary
intermediate before running checkfc.
Change-Id: Ia86eb0480c9493ceab36fed779b2fe6ab85d2b3d
Signed-off-by: William Roberts <william.c.roberts@intel.com>
In kernel 3.18 following error message is seen
since audit_read is added to capability2 at classmap.h
So add audit_read permission to capability2.
SELinux: Permission audit_read in class capability2 not defined in policy.
SELinux: the above unknown classes and permissions will be denied
The kernel change from AOSP is:
3a101b8de0%5E%21/security/selinux/include/classmap.h
Change-Id: I236fbb8ac575c5cb8df097014da6395e20378175
Signed-off-by: Woojung Min <wmin@nvidia.com>
When service_contexts fails to build, the file is deleted
leaving only the error message for debugging. Build
service_contexts and general variant as a temporary
intermediate before running checkfc.
Change-Id: Ib9c9247d36e6a6406b4df84d10e982921c07d492
Signed-off-by: William Roberts <william.c.roberts@intel.com>
When property_contexts fails to build, the file is deleted
leaving only the error message for debugging. Build
property_contexts and general variant as a temporary
intermediate before running checkfc.
Change-Id: I431d6f4494fa119c1873eab0e77f0eed3fb5754e
Signed-off-by: William Roberts <william.c.roberts@intel.com>
Currently, if an error is detected in a file_contexts
file, the intermediate file_context.tmp file is removed,
thus making debugging of build issues problematic.
Instead, employ checkfc tool during the compilation recipe
so the m4 concatenated intermediate is preserved on
failure.
Change-Id: Ic827385d3bc3434b6c2a9bba5313cd42b5f15599
Signed-off-by: William Roberts <william.c.roberts@intel.com>
Mediaserver no longer appears, and maybe never did, need write
permission to sysfs files.
commit: 1de9c492d1 added auditing to
make sure this is the case, and such access has not been observed.
Remove the permissions and the associated auditallow rule to further
confine the mediaserver sandbox.
Bug: 22827371
Change-Id: I44ca1521b9791db027300aa84e54c074845aa735
For userdebug and eng builds enforce that:
- only logd and shell domains may access logd files
- logd is only allowed to write to /data/misc/logd
Change-Id: Ie909cf701fc57109257aa13bbf05236d1777669a
