libselinux stats selinuxfs, as does every process that links against
libselinux such as toolbox. grant:
allow domain selinuxfs:filesystem getattr;
domain is already granted:
allow domain self:dir r_dir_perms;
allow domain self:lnk_file r_file_perms;
allow domain self:{ fifo_file file } rw_file_perms;
To make these possible, also grant:
allow domain proc:dir search;
Change-Id: Ife6cfa2124c9d61bf908ac89a8444676acdb4259
All apps should have access to the country_detector service.
avc: denied { find } for service=country_detector pid=1802 uid=1010002 scontext=u:r:untrusted_app:s0:c522,c768 tcontext=u:object_r:country_detector_service:s0 tclass=service_manager
Bug: 25766732
Change-Id: Ie3f1a801114030dada7ad70c715a62907a2d264f
Don't mix bluetooth rules with bluetoothdomain. The bluetoothdomain
rules are used by several other SELinux domains, not just bluetooth,
and keeping them in the same file is confusing.
Change-Id: I487251ab1c1392467a39c7a87328cdaf802fc1f8
f063f461a9 marked several zygote.te
rules as "deprecated in M". Now that M is out the door, delete
the obsolete rules.
Change-Id: I7ff8abe8659bbcf7aa0b5c612ce3822a238df8ca
The directory is to be used in eng/userdebug build to store method
traces (previously stored in /data/dalvik-cache/profiles).
Bug: 25612377
Change-Id: Ia4365a8d1f13d33ee54115dc5e3bf62786503993
979adffd45 added an auditallow
to see if system_server was relabeling system_data_file.
The auditallow rule hasn't triggered, so remove the allow rule.
a3c97a7660 added an auditallow
to see if system_server was executing toolbox. The auditallow
rule hasn't triggered, so remove the allow rule. AFAIK,
system_server never executes ANY file, so further tightening here
is feasible.
Change-Id: Ia0a93f3833e32c3e2c898463bd8813701a6dd20a
Motivation: Domain is overly permissive. Start removing permissions
from domain and assign them to the domain_deprecated attribute.
Domain_deprecated and domain can initially be assigned to all
domains. The goal is to not assign domain_deprecated to new domains
and to start removing domain_deprecated where it is not required or
reassigning the appropriate permissions to the inheriting domain
when necessary.
Bug: 25433265
Change-Id: I8b11cb137df7bdd382629c98d916a73fe276413c
binderservicedomain services often expose their methods to untrusted
clients and rely on permission checks for access control. Allow these
services to query the permission service for access decisions.
(cherry-pick of commit: 32d207e042)
Bug: 25282923
Change-Id: I39bbef479de3a0df63e0cbca956f3546e13bbb9b
1) Don't use the generic "system_data_file" for the files in /data/nativetest.
Rather, ensure it has it's own special label. This allows us to distinguish
these files from other files in SELinux policy.
2) Allow the shell user to execute files from /data/nativetest, on
userdebug or eng builds only.
3) Add a neverallow rule (compile time assertion + CTS test) that nobody
is allowed to execute these files on user builds, and only the shell user
is allowed to execute these files on userdebug/eng builds.
Bug: 25340994
Change-Id: I3e292cdd1908f342699d6c52f8bbbe6065359413
1) Don't allow any SELinux domain to attempt to perform a text
relocation on a file from the /system partition. It's not supported
and should never be attempted.
2) Completely block any non-app SELinux domains from using text
relocations, regardless of the source.
Bug: 20013628
Change-Id: I82573398d0d5586264a717a1e400a3dbc7793fe3
android.process.media moved to priv_app. Add audit rule to test if
untrusted_app still requires access or if some/all permissions may
be removed.
Bug: 25085347
Change-Id: I13bae9c09bd1627b2c06ae84b069778984f9bd5d
Temporarily move from policy version 30 to 29 until device kernels
and prebuilts are all upgraded to the accepted upstream version of
the selinux ioctl command whitelisting code.
(cherry picked from commit 89765083f7)
Bug: 22846070
Change-Id: I31d1e80aaee164cf41a2f01c6ca846a000898ef4
