Divide policy into public and private components. This is the first
step in splitting the policy creation for platform and non-platform
policies. The policy in the public directory will be exported for use
in non-platform policy creation. Backwards compatibility with it will
be achieved by converting the exported policy into attribute-based
policy when included as part of the non-platform policy and a mapping
file will be maintained to be included with the platform policy that
maps exported attributes of previous versions to the current platform
version.
Eventually we would like to create a clear interface between the
platform and non-platform device components so that the exported policy,
and the need for attributes is minimal. For now, almost all types and
avrules are left in public.
Test: Tested by building policy and running on device.
Change-Id: Idef796c9ec169259787c3f9d8f423edf4ce27f8c
As fallout from the corresponding fix in libselinux,
this patch adds the missing services without changing
semantics.
Test: bullhead builds and boots
Bug: 31353148
Change-Id: I21026c9435ffef956a59d61c4903174ac7b1ef95
Build serial is non-user resettable freely available device
identifier. It can be used by ad-netowrks to track the user
across apps which violates the user's privacy.
This change deprecates Build.SERIAL and adds a new Build.getSerial()
API which requires holding the read_phone_state permission.
The Build.SERIAL value is set to "undefined" for apps targeting
high enough SDK and for legacy app the value is still available.
bug:31402365
Change-Id: I6309aa58c8993b3db4fea7b55aae05592408b6e4
Add the necessary permissions for |wpa_supplicant| to expose a binder
interface. This binder interface will be used by the newly added
|wificond| service (and potentially system_server).
|wpa_supplicant| also needs to invoke binder callbacks on |wificond|.
Changes in the CL:
1. Allow |wpa_supplicant| to register binder service.
2. Allow |wpa_supplicant| to invoke binder calls on |wificond|.
3. Allow |wificond| to invoke binder calls on |wpa_supplicant|
Denials:
06-30 08:14:42.788 400 400 E SELinux : avc: denied { add } for
service=wpa_supplicant pid=20756 uid=1010 scontext=u:r:wpa:s0
tcontext=u:object_r:default_android_service:s0 tclass=service_manager
permissive=1
BUG:29877467
TEST: Compiled and ensured that the selinux denials are no longer
present in logs.
TEST: Ran integration test to find the service.
Change-Id: Ib78d8e820fc81b2c3d9260e1c877c5faa9f1f662
(cherry picked from commit 18883a93b7)
Add pinner service to system_service services.
Add CAP_IPC_LOCK permissions to system_server in order to allow
system_server to pin more memory than the lockedmem ulimit.
bug 28251566
Change-Id: I990c73d25fce4f2cc9a2db0015aa238fa7b0e984
This allows system app, regular app as well as test app to access
ContextHubManager API. Additional "signature|privilige" permission
requirement (LOCATION_HARDWARE) still exist to prevent security
issues, misuse and abuse.
Change-Id: I47f3d243a3de7f1202c933fc715a935c43cf319b
SELinux label is created for contexthub_service system service.
ContextHub service manages all available context hubs and serves fulfil communication between apps
and underlying context hub hardware.
Change-Id: I8470fedd9c79a00012e1cdb9b548a1b632ba7de6
Applications do not explicitly request handles to the batteryproperties
service, but the BatteryManager obtains a reference to it and uses it
for its underlying property queries. Mark it as an app_api_service so
that all applications may use this API. Also remove the batterypropreg
service label, as this does not appear to be used and may have been a
duplication of batteryproperties. As a result, remove the
healthd_service type and replace it with a more specific
batteryproperties_service type.
(cherry-picked from commit: 9ed71eff4b)
Bug: 27442760
Change-Id: I537c17c09145b302728377bf856c1147e4cc37e9
NetworkTimeUpdateService has been registered as a system service, so that
its dump state can be included into bugreports.
Bug: 23983739
Change-Id: I0d364009ba4630dcfd1d22c647195e33eedaa4e0
RecoverySystemService is separated from PowerManagerService as a
dedicated system service to handle recovery related requests (such as
invoking uncrypt to uncrypt an OTA package on /data or to set up /
clear the bootloader control block (i.e. /misc) and etc).
The matching CL in frameworks/base is in:
Change-Id: Ic606fcf5b31c54ce54f0ab12c1768fef0fa64560.
Bug: 26830925
Change-Id: Iee0583c458f784bfa422d0f7af5d1f2681d9609e
(cherry picked from commit 65b5fde912)
This will allow us to provide a better interface between Java
services (e.g., ConnectivityService) and netd than the current
FrameworkListener / NativeDaemonConnector interface which uses
text strings over a Unix socket.
Bug: 27239233
Change-Id: If40582ae2820e54f1960556b7bf7e88d98c525af
Part of media security hardening
This is an intermediate step toward moving
mediadrm to a new service separate from mediaserver.
This first step allows mediadrmservice to run based
on the system property media.mediadrmservice.enable
so it can be selectively enabled on devices that
support using native_handles for secure buffers.
bug: 22990512
Change-Id: I2208c1e87a6bd8d5bfaed06b1fdcb0509c11cff2
The services under this label are not meant to be exposed to all apps.
Currently only priv_app needs access.
Bug: 26799206
Change-Id: I07c60752d6ba78f27f90bf5075bcab47eba90b55
Register service with servicemanager and name the context.
avc: denied { call } for scontext=u:r:update_engine:s0 tcontext=u:r:servicemanager:s0 tclass=binder
avc: denied { add } for service=android.os.IUpdateEngine scontext=u:r:update_engine:s0 tcontext=u:object_r:update_engine_service:s0 tclass=service_manager
Also allow priv_app to communicate with update_engine.
avc: denied { find } for service=android.os.IUpdateEngine scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:update_engine_service:s0 tclass=service_manager
avc: denied { call } for scontext=u:r:priv_app:s0:c512,c768 tcontext=u:r:update_engine:s0 tclass=binder
avc: denied { call } for scontext=u:r:update_engine:s0 tcontext=u:r:priv_app:s0 tclass=binder
Change-Id: Ib4498717c1a72f5faab5ea04c636924ee4eb412c
audioserver has the same rules as mediaserver so there is
no loss of rights or permissions.
media.log moves to audioserver.
TBD: Pare down permissions.
Bug: 24511453
Change-Id: I0fff24c14b712bb3d498f75e8fd66c2eb795171d
All apps should have access to the country_detector service.
avc: denied { find } for service=country_detector pid=1802 uid=1010002 scontext=u:r:untrusted_app:s0:c522,c768 tcontext=u:object_r:country_detector_service:s0 tclass=service_manager
Bug: 25766732
Change-Id: Ie3f1a801114030dada7ad70c715a62907a2d264f
All apps should have access to the country_detector service.
avc: denied { find } for service=country_detector pid=1802 uid=1010002 scontext=u:r:untrusted_app:s0:c522,c768 tcontext=u:object_r:country_detector_service:s0 tclass=service_manager
Bug: 25766732
Change-Id: Ie3f1a801114030dada7ad70c715a62907a2d264f
