All domains using libbinder need access to this new ioctl in order to
pull precise information upon failed binder operations.
Bug: 28321379
Tested: clients can now use the ioctl through libbinder
Signed-off-by: Carlos Llamas <cmllamas@google.com>
Change-Id: I8d6e5ca6b133b934855a7545cc1a9786e2c4ad65
BINDER_ENABLE_ONEWAY_SPAM_DETECTION is used to enable/disable oneway
spamming detection in binder driver, and can be set per-proc.
Bug: 181190340
Change-Id: Id799b19ee5a74b458e286dc29122c140a047bdad
This allows calling tcsetattr() with TCSAFLUSH, in addition to TCSANOW
and TCSADRAIN.
Fixes: 172740382
Test: manual
Change-Id: Idd2e9e0db2e0210df515f46d9d0323c6b517dd39
BINDER_FREEZE is used to block ipc transactions to frozen processes, so
only system_server must be allowed to use it.
Bug: 143717177
Test: manually verified that attempts to use BINDER_FREEZE by processes
other
than system_server receive a sepolicy denial
Test: verified that system_server can enable/disable the freezer in
binder
Change-Id: I0fae3585c6ec409809e8085c1cc9862be4755889
Add a neverallow rule requiring fine-grain ioctl filtering for most file
and socket object classes. Only chr_file and blk_file are excluded. The
goal is to ensure that any file descriptor which supports ioctl commands
uses a whitelist.
Further refine the list of file / socket objects which require ioctl
filtering. The previous ioctl filtering did not cover the following:
1) ioctls on /proc/PID files
2) ioctls on directories in /dev
3) PDX unix domain sockets
Add FIONCLEX to the list of globally safe ioctls. FIOCLEX and FIONCLEX
are alternate, uncommon ways to set the O_CLOEXEC flag on a file
descriptor, which is a harmless operation.
Test: device boots and no problems.
Change-Id: I6ba31fbe2f21935243a344d33d67238d72a8e618
Divide policy into public and private components. This is the first
step in splitting the policy creation for platform and non-platform
policies. The policy in the public directory will be exported for use
in non-platform policy creation. Backwards compatibility with it will
be achieved by converting the exported policy into attribute-based
policy when included as part of the non-platform policy and a mapping
file will be maintained to be included with the platform policy that
maps exported attributes of previous versions to the current platform
version.
Eventually we would like to create a clear interface between the
platform and non-platform device components so that the exported policy,
and the need for attributes is minimal. For now, almost all types and
avrules are left in public.
Test: Tested by building policy and running on device.
Change-Id: Idef796c9ec169259787c3f9d8f423edf4ce27f8c