Commit graph

11 commits

Author SHA1 Message Date
Mugdha Lakhani
2ae45c5766 Create sdk_sandbox_all.
Rename sdk_sandbox to sdk_sandbox_34.
Additionally, Extract out parts of sdk_sandbox_34 to
sdk_sandbox_all.te that will be shared with all sdk_sandbox domains.

Bug: b/270148964
Test: atest PackageManagerLocalTest SdkSandboxDataIsolationHostTest
SdkSandboxRestrictionsTest

Change-Id: I36e0c8795148de83c81dfe12559452812aa2b25e
2023-05-09 15:11:39 +00:00
Martin Stjernholm
87143bd904 Revert "Introduce a new sdk_sandbox domain"
This reverts commit 304962477a.

Reason for revert: b/279565840

Change-Id: I6fc3a102994157ea3da751364f80730f4d0e87f0
2023-04-25 12:40:37 +00:00
Mugdha Lakhani
304962477a Introduce a new sdk_sandbox domain
Define the selinux domain to apply to SDK runtime for
targetSdkVersion=34.
The existing sdk_sandbox domain has been renamed to sdk_sandbox_next.
Future CLs will add logic to apply one of these to the SDK runtime
processes on the device, based on a flag.

auditallow block from sdk_sandbox has been removed as we haven't yet
measured the system health impact of adding this. It'll be added to an
audit domain later after we've ruled out negative system health impact.

Bug: 270148964
Test: make and boot the test device, load SDK using test app
Change-Id: I7438fb16c1c5e85e30683e421ce463f9e0b1470d
2023-04-21 17:26:26 +00:00
Bram Bonné
d3d5ff11d4 Merge "Enforce MAC address restrictions for priv apps." am: 6b2fefbf46 am: a9723095c7
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2098955

Change-Id: I6024b6780c5b3f3aef269af848a28b61bcb24347
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-05-18 13:56:49 +00:00
Bram Bonne
af609b2f3c Enforce MAC address restrictions for priv apps.
Bug: 230733237
Test: atest NetlinkSocketTest NetworkInterfaceTest
  bionic-unit-tests-static CtsSelinuxTargetSdkCurrentTestCases
  CtsSelinuxTargetSdk29TestCases CtsSelinuxTargetSdk27TestCases
Change-Id: I1d66ae7849e950612f3b6693216ec8c84e942640
2022-05-17 14:36:15 +02:00
Bram Bonne
b93f26fd89 Move sdk_sandbox sepolicy to AOSP.
Bug: 224796470
Bug: 203670791
Bug: 204989872
Bug: 211761016
Bug: 217543371
Bug: 217559719
Bug: 215105355
Bug: 220320098
Test: make, ensure device boots

Change-Id: Ia96ae5407f5a83390ce1b610da0d49264e90d7e2
Merged-In: Ib085c49f29dab47268e479fe5266490a66adaa87
Merged-In: I2215ffe74e0fa19ff936e90c08c4ebfd177e5258
Merged-In: I478c9a16032dc1f1286f5295fc080cbe574f09c9
Merged-In: Ibf478466e5d6ab0ee08fca4da3b4bae974a82db0
Merged-In: I5d519605d9fbe80c7b4c9fb6572bc72425f6e90a
Merged-In: I05d2071e023d0de8a93dcd111674f8d8102a21ce
Merged-In: I6572a7a5c46c52c9421d0e9c9fc653ddbd6de145
Merged-In: I1b6d1a778cb658bdfd930b684e4ba0640031b226
Merged-In: I9fb98e0caee75bdaaa35d11d174004505f236799
2022-03-17 10:22:33 +01:00
Nikita Ioffe
e2da633ef7 Rename SupplementalProcess to SdkSandbox
Ignore-AOSP-First: sepolicy is not in aosp, yet
Bug: 220320098
Test: presubmit
Change-Id: I9fb98e0caee75bdaaa35d11d174004505f236799
2022-02-23 20:44:20 +00:00
RafayKamran
eaa18ce0aa Initial sepolicy for supplemental process
Almost 1:1 of the sepolicy for ephemeral apps

Test: make

Bug: 203670791
Ignore-AOSP-First: Feature is developed in internal branch

Change-Id: Ib085c49f29dab47268e479fe5266490a66adaa87
2021-12-06 14:36:08 +00:00
Jeff Vander Stoep
937f256b2d netdomain: move to public policy
Vendor domains may use net_domain() so it should be moved to public
policy. This will allow removal of permissions such as rawip_socket
in future releases without breaking Treble compatiblity.

Bug: 122572608
Test: build
Change-Id: Id84feb11587d305334cd9dbbc6e4f6f71ffff6f2
2019-01-12 04:31:41 +00:00
Jeff Vander Stoep
0597ade15c Update socket ioctl restrictions
Grant access to icmp_socket to netdomain. This was previously
labeled as rawip_socket which apps are allowed to use. Neverallow
all other new socket types for apps.

Kernels versions > 4.9 redefine ICMP sockets from rawip_socket
to icmp_socket. To pass neverallow tests, we need to define
which IOCTLs are allowed (and disallowed).

Note that this does not change behavior on devices with
kernel versions <=4.9. However, it is necessary (although not
sufficient) to pass CTS on kernel version 4.14.

Bug: 110520616
Test: Grant icmp_socket in net.te and build.
Change-Id: I5c7cb6867d1a4cd1554a8da0d55daa8e06daf803
2018-06-22 05:35:07 +00:00
Alex Klyubin
372dc67fcc Move netdomain policy to private
This leaves only the existence of netdomain attribute as public API.
All other rules are implementation details of this attribute's policy
and are thus now private.

Test: No change to policy according to sesearch, except for
      disappearance of all allow rules to do with netdomain_current
      and *_current attributes targeted when netdomain rules reference
      public types.
Bug: 31364497
Change-Id: I102e649374681ce1dd9e1e5ccbaaa5cb754e00a0
2017-02-06 15:02:00 -08:00