Instead of getting these permissions, it is better to add the process
to a group or change the permissions of the files it tries to access.
Test: Built the policy for many devices.
Change-Id: If023d98bcc479bebbedeedf525965ffb17a0e331
This CL will allow only specific components to read radio_prop.
Bug: 72459527
Test: tested with walleye
Change-Id: I6b6c90870987de976187ff675005c5d964b48cda
Remove the untrusted apps and priviledged apps from the group that can
directly access xt_qtaguid module related file. All apps that need to
access app network usage data need to use the public API provided in
framework.
Test: Flashed with master branch on marlin, verified phone boot, can
browse web, watch youtube video, make phone call and use google
map for navigation with either wifi is on or off.
run cts -m CtsNetTestCases -t android.net.cts.TrafficStatsTest
run cts -m CtsNativeNetTestCases
Bug: 68774956 30950746
Change-Id: I9b3db819d6622611d5b512ef821abb4c28d6c9eb
Data outside of /data/vendor should have the core_data_file_type.
Exempt data_between_core_and_vendor for some types.
Ensure core_data_file_type and coredomain_socket do not get expanded
to their underlying types.
Test: build sepolicy for all targets in master (this is a build time
test)
Bug: 34980020
Change-Id: I59387a87875f4603a001fb03f22fa31cae84bf5a
(cherry picked from commit bdd454792d)
vendor_init exists on the system partition, but it is meant to be an
extention of init that runs with vendor permissions for executing
vendor scripts, therefore it is not meant to be in coredomain.
Bug: 62875318
Test: boot walleye
Merged-In: I01af5c9f8b198674b15b90620d02725a6e7c1da6
Change-Id: I01af5c9f8b198674b15b90620d02725a6e7c1da6
The current neverallow rules for compatible properties restrict
domains from write file permissions to the various property files.
This however is the wrong restriction, since only init actually writes
to these property files. The correct restriction is to restrict 'set'
for 'property_service' as this change does.
Note there is already a restriction preventing {domain -init} from
writing to these files in domain.te.
Test: build
Change-Id: I19e13b0d084a240185d0f3f5195e54065dc20e09
We are occasionally seeing the following SELinux denial:
avc: denied { read } for comm="idmap" path="/proc/947/mounts" scontext=u:r:idmap:s0 tcontext=u:r:installd:s0 tclass=file
This commit suppresses that exact denial.
We believe this is occurring when idmap is forked from installd, which is reading its mounts file in another thread.
Bug: 72444813
Test: Boot Walleye and test wifi and camera.
Change-Id: I3440e4b00c7e5a708b562a93b304aa726b6a3ab9
Do not let apps read /proc/uid_cpupower/time_in_state,
/proc/uid_cpupower/concurrent_active_time,
/proc/uid_cpupower/concurrent_policy_time.
b/71718257
Test: Check that they can't be read from the shell
without root permissions and system_server was able
to read them
Change-Id: I812694adfbb4630f7b56aa7096dc2e6dfb148b15
Now that the vendor_init mechanism is in place, this SELinux
restriction will disallow vendor init scripts from touching core data
files as intended with Treble.
Bug: 62875318
Test: None
Change-Id: Ifa50486c48551ba095d2ed8cc6570fc5040c172d
Init tries to write /proc/sys/vm/min_free_order_shift but fails due to
a SELinux denial. This gives the file a new label and gives init the
ability to write it.
Test: Build and booted Sailfish (a couple of days ago).
Change-Id: Ic93862b85c468afccff2019d84b927af9ed2a84d
This is an experimental feature only on userdebug and eng build.
Test: play MP4 file. install & uninstall media update apk.
Bug: 67908547
Change-Id: I513cdbfda962f00079e886b7a42f9928e81f6474
so we can dlopen the libraries that are there
Test: build&run
Merged-Id: Ia1fa1fd65295cffe6c8a3d31db53bd3339a71855
Change-Id: Ia1fa1fd65295cffe6c8a3d31db53bd3339a71855
Add sepolicy rules to grant wificond permission to use SIOCSIFHWADDR
ioctl. This permission is needed to dynamically change MAC address of
the device when connecting to wifi networks.
Bug: 63905794
Test: Verified manually that wificond can dynamically change MAC
address.
Change-Id: If2c6b955b0b792f706d8438e8e2e018c0b4cfc31
And grant appropriate permissions to more granular types.
Bug: 29319732
Bug: 65643247
Test: adb bugreport; no new denials to /proc or /sys files.
Change-Id: Ied99546164e79bfa6148822858c165177d3720a5
Fixing denials that stopped traceur from being able to write to
debugfs_tracing. Also cleaning up general find denials for services that
traceur doesn't have permission to access.
Additionally, labeling /data/local/trace as a trace_data_file in order
to give traceur a UX friendly area to write its traces to now that it
will no longer be a shell user. It will be write/readable by traceur,
and deletable/readable by shell.
Test: Traceur functionality is not being blocked by selinux policy
Bug: 68126425
Change-Id: I201c82975a31094102e90bc81454d3c2a48fae36
These property sets will be long term restricted with
compatible_property but allowing them now eases the transition.
Bug: 62875318
Test: boot marlin without audits for setprop in vendor_init
Change-Id: I25ab565bbf137e382c1dfc3b905b38403645f1d2
system_update service manages system update information: system updater
(priv_app) publishes the pending system update info through the service,
while other apps can read the info accordingly (design doc in
go/pi-ota-platform-api).
This CL adds the service type, and grants priv_app to access the service.
Bug: 67437079
Test: Build and flash marlin image. The system_update service works.
Change-Id: I7a3eaee3ecd3e2e16b410413e917ec603566b375
