Ideally, public should only contain APIs (types / attributes) for
vendor. The other statements like allow/neverallow/typeattributes are
regarded as implementation detail for platform and should be in private.
Bug: 232023812
Test: m selinux_policy
Test: diff <(git diff --staged | grep "^-" | cut -b2- | sort) \
<(git diff --staged | grep "^+" | cut -b2- | sort)
Test: remove comments on plat_sepolicy.cil, replace base_typeattr_*
to base_typeattr and then compare old and new plat_sepolicy.cil
Change-Id: I5e7d2da4465ab0216de6bacdf03077d37f6ffe12
system_file_type is a new attribute used to identify files which exist
on the /system partition. It's useful for allow rules in init, which are
based off of a blacklist of writable files. Additionally, it's useful
for constructing neverallow rules to prevent regressions.
Additionally, add commented out tests which enforce that all files on
the /system partition have the system_file_type attribute. These tests
will be uncommented in a future change after all the device-specific
policies are cleaned up.
Test: Device boots and no obvious problems.
Change-Id: Id9bae6625f042594c8eba74ca712abb09702c1e5
audit logs indicate that "append" is still used, but not write.
From ToT master:
avc: granted { append } for comm="tombstoned" scontext=u:r:tombstoned:s0
tcontext=u:object_r:anr_data_file:s0 tclass=file
Bug: 32064548
Test: build
Change-Id: Id05853a8ae38b84deed4d8bcca5a72c64ce7fd7e
Tombstoned unlinks "trace_XX" files if there are too many of them.
avc: denied { unlink } for comm="tombstoned" name="trace_12"
scontext=u:r:tombstoned:s0 tcontext=u:object_r:anr_data_file:s0
tclass=file
Bug: 77970585
Test: Build/boot taimen. adb root; sigquit an app.
Change-Id: I2c7cf81a837d82c4960c4c666b38cd910885d78d
Applications connect to tombstoned via a unix domain socket and request
an open FD to which they can write their traces. This socket has a new
label (tombstoned_java_trace_socket) and appdomain and system_server are
given permissions to connect and write to it.
Apps no longer need permissions to open files under /data/anr/ and
these permissions will be withdrawn in a future change.
Bug: 32064548
Test: Manual
(cherry picked from commit a8832dabc7f3b7b2381760d2b95f81abf78db709)
(cherry picked from commit 11bfcc1e96)
Change-Id: Icc60d227331c8eee70a9389ff1e7e78772f37e6f
auditallow this until we track down where the file is opened without
O_APPEND.
01-23 08:02:12.272 555 555 W tombstoned: type=1400 audit(0.0:11480): avc: denied { write } for path="/data/anr/traces.txt" dev="sda35" ino=4669445 scontext=u:r:tombstoned:s0 tcontext=u:object_r:anr_data_file:s0 tclass=file permissive=0
Bug: http://b/34193533
Test: mma
Change-Id: I77b854dce06231232004432839ebd5aa963ef035
Replace the global debuggerd with a per-process debugging helper that
gets exec'ed by the process that crashed.
Bug: http://b/30705528
Test: crasher/crasher64, `debuggerd <pid>`, `kill -ABRT <pid>`
Change-Id: Iad1b7478f7a4e2690720db4b066417d8b66834ed