Commit dc0ab516f11d8e2c413315e733e25a41ba468e4f changed the libsepol
structures on which sepolicy-analyze relies so that it could be compiled
as a C++ library. Reflect this change in sepolicy-analyze.
Change-Id: I7da601767c3a4ebed7274e33304d8b589a9115fe
Shell domain needs to be able to access system_server_services, e.g.
when running the pm command. Addresses the following denials:
10-07 00:59:26.901 178 178 E SELinux : avc: denied { find } for service=user scontext=u:r:shell:s0 tcontext=u:object_r:system_server_service:s0 tclass=service_manager
10-07 00:59:26.903 178 178 E SELinux : avc: denied { find } for service=package scontext=u:r:shell:s0 tcontext=u:object_r:system_server_service:s0 tclass=service_manager
Change-Id: I4cc2f31809a2615ba781e2ecfe2ca7d6f5226b73
It's beneficial to be able to overide this in a device makefile
if you need to get the domains into an unconfined state to keep
the logs from filling up on kernel entries without having to add
rules into device specific policy.
Change-Id: I7778be01256ac601f247e4d6e12573d0d23d12a1
needed to get to the swap device.
Addresses the following denial:
avc: denied { search } for pid=149 comm="mkswap" name="block" dev="tmpfs" ino=9947 scontext=u:r:toolbox:s0 tcontext=u:object_r:block_device:s0 tclass=dir permissive=0
Change-Id: I0c897540f1c7950738622a013121a050a1f32b2f
Bluetooth can receive bugreport data for beaming to another device.
This comes across as an open file descriptor. Allow bluetooth access
to bugreports.
Addresses the following denial:
avc: denied { read } for path="/data/data/com.android.shell/files/bugreports/bugreport-2014-12-19-15-35-32.txt" dev="dm-0" ino=662738 scontext=u:r:bluetooth:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file permissive=0
Change-Id: I7be2ce2e0e48323c1e8f932be17b434b89daf085
All domains are currently granted list and find service_manager
permissions, but this is not necessary. Pare the permissions
which did not trigger any of the auditallow reporting.
Bug: 18106000
Change-Id: Ie0ce8de2af8af2cbe4ce388a2dcf4534694c994a
Required for Settings to show name/icon of apps on sd card
(permission copied from untrusted_app)
Also removed duplicate permission (from domain) in untrusted_app
Change-Id: Ib2b3bee4dfb54ad5e45b392fd9bfd65add4a00bf
Only allow it to read/write/stat already open app data files
received via Binder or local socket IPC.
Change-Id: Ie66f240e109410a17aa93d9d5dea4c2b87d47009
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
host C: sepolicy-analyze <= external/sepolicy/tools/sepolicy-analyze/sepolicy-analyze.c
external/sepolicy/tools/sepolicy-analyze/sepolicy-analyze.c: In function 'usage':
external/sepolicy/tools/sepolicy-analyze/sepolicy-analyze.c:30:5: error: 'for' loop initial declarations are only allowed in C99 mode
external/sepolicy/tools/sepolicy-analyze/sepolicy-analyze.c:30:5: note: use option -std=c99 or -std=gnu99 to compile your code
make: *** [out/host/linux-x86/obj/EXECUTABLES/sepolicy-analyze_intermediates/sepolicy-analyze.o] Error 1
Change-Id: I9222e447b032d051c251c9718e2b8d5ffb9e9c35
Commit: 9287e0dd272b85b475e33bcbd7d868517a0f98f9 removed the registration
of EntropyMixer with servicemanager, so it no longer needs a context.
Bug: 18106000
Cherry-pick of commit: 7cfef98ce7
Change-Id: I9aeb35e7ffde75090f4234ea193514fb883b1425
Some devices leave "ro.build.fingerprint" undefined at build time,
since they need to build it from the components at runtime.
See 5568772e81
for details.
Allow system_server to set ro.build.fingerprint
Addresses the following denial/error:
avc: denied { set } for property=build.fingerprint scontext=u:r:system_server:s0 tcontext=u:object_r:default_prop:s0 tclass=property_service
init: sys_prop: permission denied uid:1000 name:ro.build.fingerprint
Bug: 18188956
Change-Id: I98b25773904a7be3e3d2926daa82c1d08f9bcc29
This seems to not really being used, especially considering
that the init.rc does not have a oneshot service for it, and its
not using the build_policy() and other things to even make it
configurable.
Change-Id: I964f94b30103917ed39cf5d003564de456b169a5
init.rc files can potentially chown/chmod any character device, so
allow it for everything except for kmem (prohibited by neverallow).
While we could whitelist each of the device types, doing so would also
require device-specific changes for the device-specific types and
may be difficult to maintain.
Resolves (permissive) denials such as:
avc: denied { read } for pid=1 comm="init" name="ttySAC0" dev="tmpfs" ino=4208 scontext=u:r:init:s0 tcontext=u:object_r:hci_attach_dev:s0 tclass=chr_file permissive=1
avc: denied { open } for pid=1 comm="init" name="ttySAC0" dev="tmpfs" ino=4208 scontext=u:r:init:s0 tcontext=u:object_r:hci_attach_dev:s0 tclass=chr_file permissive=1
avc: denied { setattr } for pid=1 comm="init" name="ttySAC0" dev="tmpfs" ino=4208 scontext=u:r:init:s0 tcontext=u:object_r:hci_attach_dev:s0 tclass=chr_file permissive=1
avc: denied { read } for pid=1 comm="init" name="smd7" dev="tmpfs" ino=6181 scontext=u:r:init:s0 tcontext=u:object_r:radio_device:s0 tclass=chr_file
avc: denied { open } for pid=1 comm="init" name="smd7" dev="tmpfs" ino=6181 scontext=u:r:init:s0 tcontext=u:object_r:radio_device:s0 tclass=chr_file
avc: denied { read } for pid=1 comm="init" name="wcnss_wlan" dev="tmpfs" ino=7475 scontext=u:r:init:s0 tcontext=u:object_r:wlan_device:s0 tclass=chr_file
avc: denied { open } for pid=1 comm="init" name="wcnss_wlan" dev="tmpfs" ino=7475 scontext=u:r:init:s0 tcontext=u:object_r:wlan_device:s0 tclass=chr_file
avc: denied { setattr } for pid=1 comm="init" name="wcnss_wlan" dev="tmpfs" ino=7475 scontext=u:r:init:s0 tcontext=u:object_r:wlan_device:s0 tclass=chr_file
Change-Id: If8d14e9e434fab645d43db12cc1bdbfd3fc5d354
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
tilapia's OTA code for updating the radio image needs to
create files on rootfs and create a character device in /dev.
Add an exception for recovery the the various neverallow rules
blocking this behavior.
(cherrypick, with modifications, from 0055ea904a)
Bug: 18281224
Change-Id: I5c57afe0a10b4598fea17f9c5c833bd39551907e
Change-Id I52fd5fbe30a7f52f1143f176915ce55fb6a33f87 was only intended
for lollipop, not for master.
This reverts commit 2aa727e3f0.
Change-Id: If2101939eb50cd6bbcde118b91c003d1f30d811c
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
