Commit graph

18 commits

Author SHA1 Message Date
Stephen Smalley
2dc4acf33b Isolate untrusted app ptys from other domains.
Add a create_pty() macro that allows a domain to
create and use its own ptys, isolated from the ptys
of any other domain, and use that macro for untrusted_app.
This permits the use of a pty by apps without opening up access
to ptys created by any other domain on the system.

Change-Id: I5d96ce4d1b26073d828e13eb71c48d1e14ce7d6b
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-09-27 10:11:33 -04:00
Stephen Smalley
a473e29de0 write_klog also requires write permission to the directory.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-09-10 11:10:02 -04:00
Stephen Smalley
79e084fcc9 Allow access to /data/security/current symbolic link.
Change-Id: Ic500af7b9dac6a9b6401e99c3d162913e9989d9b
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-09-10 11:09:15 -04:00
Nick Kralevich
0c9708b2af domain.te: Add backwards compatibility for unlabeled files
For unlabeled files, revert to DAC rules. This is for backwards
compatibility, as files created before SELinux was in place may
not be properly labeled.

Over time, the number of unlabeled files will decrease, and we can
(hopefully) remove this rule in the future.

To prevent inadvertantly introducing the "relabelto" permission, add
a neverallow domain, and add apps which have a legitimate need to
relabel to this domain.

Bug: 9777552
Change-Id: I71b0ff8abd4925432062007c45b5be85f6f70a88
2013-07-10 18:54:45 -07:00
gcondra@google.com
92b8f14843 am 50e37b93: Move domains into per-domain permissive mode.
* commit '50e37b93ac97631dcac6961285b92af5026557af':
  Move domains into per-domain permissive mode.
2013-05-15 13:34:56 -07:00
repo sync
50e37b93ac Move domains into per-domain permissive mode.
Bug: 4070557
Change-Id: I027f76cff6df90e9909711cb81fbd17db95233c1
2013-05-14 21:36:32 -07:00
Alex Klyubin
e5e98aef40 resolved conflicts for merge of 77ec892b to jb-mr2-dev-plus-aosp
Change-Id: Ia9f34580a35d3f5ff7ea0ac9a3784d2650e61b6a
2013-05-09 14:05:10 -07:00
Alex Klyubin
77ec892be6 SELinux policy for users of libcutils klog_write.
klog_write/init create /dev/__kmsg__ backed by a kernel character
device, keep the file descriptor, and then immediately unlink the
file.

Change-Id: I729d224347a003eaca29299d216a53c99cc3197c
2013-05-09 12:39:32 -07:00
William Roberts
8cd20ef9fa Add non_system_app_set
Change-Id: I889e8eb1851b01ac9a8c8789ba1cc56c9154cecd
2013-05-02 11:58:39 -07:00
William Roberts
7bb2a55c47 Give domains read access to security_file domain.
/data/security is another location that policy
files can reside. In fact, these policy files
take precedence over their rootfs counterparts
under certain circumstances. Give the appropriate
players the rights to read these policy files.

Change-Id: I9951c808ca97c2e35a9adb717ce5cb98cda24c41
2013-04-05 13:11:23 -07:00
William Roberts
6c4c27e626 Give domains read access to security_file domain.
/data/security is another location that policy
files can reside. In fact, these policy files
take precedence over their rootfs counterparts
under certain circumstances. Give the appropriate
players the rights to read these policy files.

Change-Id: I9951c808ca97c2e35a9adb717ce5cb98cda24c41
2013-04-05 19:34:30 +00:00
William Roberts
9e70c8bf68 Move policy files
Update the file_contexts for the new location of
the policy files, as well as update the policy
for the management of these types.

Change-Id: Idc475901ed437efb325807897e620904f4ff03e9
2013-03-22 10:42:10 -07:00
Stephen Smalley
9ce99e3908 Update binder-related policy.
The binder_transfer_binder hook was changed in the kernel, obsoleting
the receive permission and changing the target of the transfer permission.
Update the binder-related policy to match the revised permission checking.

Change-Id: I1ed0dadfde2efa93296e967eb44ca1314cf28586
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-03-19 22:48:17 +00:00
Stephen Smalley
b9760aa0d5 Only enforce per-app process and file isolation via SELinux for third party apps, not platform apps.
Platform (any of the apps signed by build keys, i.e. platform|release|shared|media) apps expect to be able to share files with each other or with third party apps by passing open files or pathnames over Binder.  Therefore, we switch to only enforcing the per-app process and file isolation via SELinux on third party apps, not platform apps.

Make the platform app domains mlstrustedsubjects so that they can access any files created by third party apps.
Introduce a new platform_app_data_file type for platform apps so that we can mark it as a mlstrustedobject and allow third party apps to read/write files created by the platform apps.
Specify this new type for the platform app entries in seapp_contexts.
Remove levelFromUid=true for the platform apps in seapp_contexts since we are no longer enforcing per-app separation among them.
2012-07-27 11:07:09 -04:00
Stephen Smalley
c83d0087e4 Policy changes to support running the latest CTS. 2012-03-07 14:59:01 -05:00
Stephen Smalley
4c6f1ce8ee Allow Settings to set enforcing and booleans if settings_manage_selinux is true. 2012-02-02 13:28:44 -05:00
Stephen Smalley
6261d6d823 Allow reading of properties area, which is now created before init has switched contexts. Revisit this later - we should explicitly label the properties file. 2012-01-12 08:57:50 -05:00
Stephen Smalley
2dd4e51d5c SE Android policy. 2012-01-04 12:33:27 -05:00