The recovery partition has been assigned a recovery_block_device
type for the AOSP devices, so install_recovery should not need
rw access to the generic block_device type. Remove it.
Change-Id: I31621a8157998102859a6e9eb76d405caf6d5f0d
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
SELinux policy booleans are prohibited in AOSP, so we can drop the
support for the sebool= input selector.
Change-Id: I5ae31247b2f68d90f6ae4c8830458f22c4ffc854
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Presently it ignores duplicate keys in seapp_contexts entries, e.g.
if you were to specify:
user=system seinfo=platform user=bluetooth domain=system_app type=system_app_data_file
checkseapp would ignore the duplicate and libselinux would end up using
the last value defined for the key in each line.
Change-Id: I18cadb0c1bf5a907e6fc6513df65aafed91d76fe
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Add a compile time assertion that no SELinux rule exists which
allows mounting on top of symbolic links, fifo files, or socket
files. Remove the capability from unconfined domains.
Change-Id: I6d7cc95cd17e2e5f165fa5948563800ed206bb71
The README jumped directly into using the BOARD_SEPOLICY_*
variables for device-specific policy; add a short introduction
describing what external/sepolicy contains and noting where to put
device-specific policy.
Change-Id: I3c800df93d70074384da993a689a5a0771ecb314
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
allow the bootchart to create dir and files at init,
also allow user to create the stop and start file under
/data/bootchart directory to start and stop bootchart
Change-Id: Icfee8dcd17366383eef00fbe3139744bf4427a6b
Signed-off-by: Yongqin Liu <yongqin.liu@linaro.org>
Exempt unnamed pipes from the MLS constraints so that they can
be used for cross-user communications when passed over binder or
local socket IPC.
Addresses denials such as:
avc: denied { read } for path="pipe:[59071]" dev="pipefs" ino=59071 scontext=u:r:untrusted_app:s0:c522,c768 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=fifo_file
Bug: 19087939
Change-Id: I77d494c4a38bf473fec05b728eaf253484deeaf8
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
On dm-verity errors, we catch uevents in ueventd and set the value
for a matching verity.* property. Allow ueventd to actually change
property values.
Needed by changes from
Ibb82953594d234f81ad21c40f524190b88e4ac8f
Change-Id: I79bc90733edf8a45b27e64795f4adfbb3bc028dc
Presently it only detects complete duplicates if you specify -s (strict),
which is not used in the external/sepolicy Makefile, and it allows
overriding earlier entries that have the same input selectors (e.g.
user=, seinfo=) with different values for the output selectors (e.g.
domain=, type=). Thus, a device/<vendor>/<board>/sepolicy/seapp_contexts
file can override the external/sepolicy definitions, and even a single
seapp_contexts file can contain duplicated or conflicting definitions.
Make it always check strictly, and prohibit either duplicates on the
input selectors (i.e. overrides) or complete duplicates (redundant).
Change-Id: Id1e38133cbe31b796253101cfe3b111d1826bc8c
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
14d5619a1a added a neverallow
rule for System V IPC calls. Since this was still allowed
for unconfined domains, this broke user builds.
Remove System V IPC stuff from unconfined and fix the build.
Change-Id: Iea66a9f97a90f8db496f6fa34b5e9642ee926fe6
Android doesn't want to support System V IPC classes.
Ensure that it isn't supported by adding a neverallow rule
(compile time assertion).
Change-Id: I278d45960ee557917584f9137323b4cabfe140a9
This was observed when attempting to change volume for a bluetooth device
supporting AVRCP volume control.
Addresses the following denials:
avc: denied { find } for service=media.audio_flinger scontext=u:r:bluetooth:s0 tcontext=u:object_r:mediaserver_service:s0 tclass=service_manager
avc: denied { find } for service=media.audio_policy scontext=u:r:bluetooth:s0 tcontext=u:object_r:mediaserver_service:s0 tclass=service_manager
Bug: 19341236
Change-Id: If7f2ff1ea9fc694bad700cf59f400f2d2df8c2dd
Commit a833763ba0 enabled per-user
isolation, which requires that any files / processes which cross
user boundaries be marked with the mlstrustedsubject attribute.
system_app_data_file, used for storing a user's profile photos,
is not marked as such. As a result, users are unable to add profile
photos.
Addresses the following denial:
avc: denied { write } for path="/data/data/com.android.settings/cache/TakeEditUserPhoto2.jpg" dev="mmcblk0p28" ino=82184 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:system_app_data_file:s0 tclass=file
Steps to reproduce:
1.Flash & Factory the Deb device with tip-of-tree build
2.Go to 'Settings-Users'
3.Under users&profiles,click on Owner to add profile photo.
4.Select 'Choose photo from Gallery' and select a photo.
5.Then click the 'Done' button.
6.Device showed the message as 'Unable to save the photo edits'.
OBSERVED RESULTS:
Unable to add user's profile photo id. This issue is coming for all
users(Restricted user,second user)also.
EXPECTED RESULTS:
Device should allow to add profile photo id.
Bug: 19170844
Change-Id: If657dc09dd391e63ca85320f9cc1728580e51a15
