tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
16313 commits 1 branch 0 tags 50 MiB
Commit graph

3364 commits

Author SHA1 Message Date
Hridya Valsaraju
fbde815e2d Merge "Recovery does not need permission to start adbd anymore" 
am: 7706f51fd3

Change-Id: I5999552df5444e90804e91dac93d9e15da0679c8
 2018-09-10 18:59:15 -07:00
Treehugger Robot
7706f51fd3 Merge "Recovery does not need permission to start adbd anymore" 2018-09-11 01:49:57 +00:00
Tri Vo
15f64cacab Merge "ro.crypto.{allow_encrypt_override filenames_mode} vendor-init-settable." 
am: 34e98082ff

Change-Id: I16b7b89a742fe502ce534f8ae941116fbca4eeab
 2018-09-09 13:49:26 -07:00
Tri Vo
34e98082ff Merge "ro.crypto.{allow_encrypt_override filenames_mode} vendor-init-settable." 2018-09-09 20:37:09 +00:00
Tri Vo
fe72cb70d7 ro.crypto.{allow_encrypt_override filenames_mode} vendor-init-settable. 
Bug: 114017832
Test: m selinux_policy
Change-Id: I1dcb09c76b3e49888d278a154d79add6c6a6c977
 2018-09-08 14:42:51 -07:00
Hridya Valsaraju
187d6e2280 Recovery does not need permission to start adbd anymore 
adbd is started by an init trigger now when sys.usb.config is set
to adb.

Test: adb sideload works in user/userdebug builds
Bug: 113563995
Change-Id: I23db4074cd49cf0ba6c4eb27510e3a5caad5681b
 2018-09-07 14:57:36 -07:00
Hridya Valsaraju
8386cae8ad Merge "Fastbootd does not require read access to system and boot partitions" 
am: 8d7d5b42b5

Change-Id: Ib4ed24211801d21ebc45a967d37c2137185f3ad9
 2018-09-07 10:19:03 -07:00
Treehugger Robot
8d7d5b42b5 Merge "Fastbootd does not require read access to system and boot partitions" 2018-09-07 17:04:38 +00:00
Marcin Oczeretko
a98b64d44e Merge "Add looper_stats_service to SE policy." 
am: fb947d0c36

Change-Id: Idde84efff4c01752fa8ca131630481d73c7ed3a3
 2018-09-07 03:08:58 -07:00
Marcin Oczeretko
fb947d0c36 Merge "Add looper_stats_service to SE policy." 2018-09-07 09:51:33 +00:00
Hridya Valsaraju
e9fcce5642 Fastbootd does not require read access to system and boot partitions 
Bug: 78793464
Test: fastboot flashall

Change-Id: I5b65b818dc43a01f90a38202e3a1b810fef70ca8
 2018-09-07 00:09:34 +00:00
Jeff Vander Stoep
51e3bfa7f0 Merge "tombstoned: clean up TODO on anr writes" 
am: bedc4f170c

Change-Id: Ief9aeb57bdad01d14cabb100bea2f101c00f1c7f
 2018-09-06 16:32:03 -07:00
Nick Kralevich
d8f692043a Merge "dumpstate: remove JIT and /data execute" 
am: ac45700478

Change-Id: Iafdd7cff1733d605baf2fdbd46b181fcb69d226d
 2018-09-06 16:30:48 -07:00
Treehugger Robot
bedc4f170c Merge "tombstoned: clean up TODO on anr writes" 2018-09-06 22:45:45 +00:00
Treehugger Robot
ac45700478 Merge "dumpstate: remove JIT and /data execute" 2018-09-06 22:41:19 +00:00
Hridya Valsaraju
8a1fd22c55 Merge "Allow fastbootd to wipe userdata." 
am: 36c7f741c1

Change-Id: If102f6d7dbdc3212216bc3b5a8d930f56d01ccc2
 2018-09-06 14:51:02 -07:00
Treehugger Robot
36c7f741c1 Merge "Allow fastbootd to wipe userdata." 2018-09-06 21:12:07 +00:00
Marcin Oczeretko
56ab6be0d4 Add looper_stats_service to SE policy. 
Test: Built and flashed an image.
Bug: 113651685
Change-Id: Ide239432ea8a5701d91c00edd06ad3e52560a3f7
 2018-09-06 21:07:13 +00:00
Jeff Vander Stoep
93727ae6d7 tombstoned: clean up TODO on anr writes 
audit logs indicate that "append" is still used, but not write.

From ToT master:
avc: granted { append } for comm="tombstoned" scontext=u:r:tombstoned:s0
tcontext=u:object_r:anr_data_file:s0 tclass=file

Bug: 32064548
Test: build
Change-Id: Id05853a8ae38b84deed4d8bcca5a72c64ce7fd7e
 2018-09-06 14:01:25 -07:00
Nick Kralevich
eef72d34b4 dumpstate: remove JIT and /data execute 
Not needed for modern Android versions. These rules are really, really
old.

Test: "adb bugreport" continues to work
Test: Generating a bugreport via key combo continues to work.
Change-Id: Ibc1157fb36abd7fc701db3819474f25210a3cb5f
 2018-09-06 13:28:34 -07:00
Makoto Onuki
6d31c536bd Merge "Add app_binding system service" 
am: ac4b6478c1

Change-Id: Idca8c49f6aac8b75a6d2222a62997809c9ff064c
 2018-09-06 10:31:56 -07:00
Makoto Onuki
6af1181320 Add app_binding system service 
Bug: 109809543
Test: Build and boot with the new service in the internal branch.

Change-Id: Iaee365771c3e8e5b8f5f3b6112bbf902c6bb02bd
 2018-09-05 14:33:20 -07:00
Hridya Valsaraju
f97026db4a Allow fastbootd to wipe userdata. 
This is needed for flashall -w to wipe userdata.
Bug: 113648914
Test: fastboot erase userdata

Change-Id: I7e89cf885c9a67c78de67b79ed16af7e50104bf7
 2018-09-05 13:40:30 -07:00
Benjamin Gordon
350c51d0bb Merge "sepolicy: Add mmap for profman" 
am: 7b22940511

Change-Id: Ie4fd9006bd092b079ca48387299f3420783854fa
 2018-09-04 15:12:36 -07:00
Treehugger Robot
7b22940511 Merge "sepolicy: Add mmap for profman" 2018-09-04 22:09:28 +00:00
Jeff Vander Stoep
90753875f1 app: Allow all apps to read dropbox FDs 
am: 6026a4adb9

Change-Id: I13503970dc58651246a6a37b89cb61575ffe0e37
 2018-09-04 14:47:56 -07:00
Benjamin Gordon
7cab455f2d sepolicy: Add mmap for profman 
SELinux has a separate file mmap permission in 4.14+ kernels.  Add this
to profman in cases where it could already access files.

Bug: 112990132
Test: atest com.android.cts.dexmetadata.InstallDexMetadataHostTest
Change-Id: I4f3cd55fbd4d0052500f07aac7d286c397758abc
 2018-09-04 14:55:31 -06:00
Jeff Vander Stoep
6026a4adb9 app: Allow all apps to read dropbox FDs 
DropboxManager may pass FDs to any app with the READ_LOGS
permission which is available to all apps as a development
permission.

Test: atest CtsIncidentHostTestCases
Fixes: 111856304
Change-Id: I329e3125dab83de948b860061df9d232e31cb23e
 2018-09-04 20:23:43 +00:00
Mark Salyzyn
74ac780247 llkd: Add stack symbol checking 
am: 275ea12d84

Change-Id: Ib4a96cdb97871ba77dfa95db76675f0830ef404a
 2018-09-04 12:34:26 -07:00
Mark Salyzyn
275ea12d84 llkd: Add stack symbol checking 
llkd needs the ptrace capabilities and dac override to monitor for
live lock conditions on the stack dumps.

Test: compile
Bug: 33808187
Change-Id: Ibc1e4cc10395fa9685c4ef0ca214daf212a5e126
 2018-09-04 17:02:30 +00:00
Kevin Chyn
99979e0ce0 Add BiometricPromptService to sepolicy 
am: 57887307df

Change-Id: Ibae53ecc88fc79b5cea3c0e4c7b45c7c33685cb4
 2018-08-30 15:05:37 -07:00
Kevin Chyn
57887307df Add BiometricPromptService to sepolicy 
Bug: 72825012

Test: manual
Change-Id: I850c869cdc0ad8735800130bb4a8d67822197ff9
 2018-08-30 11:43:20 -07:00
Mark Salyzyn
055af79ce5 Merge "init: drop /dev/keychord access" 
am: b54e2b7bb3

Change-Id: I8d8765d96205e012f730a40232d1c967174533c2
 2018-08-29 07:53:26 -07:00
Treehugger Robot
b54e2b7bb3 Merge "init: drop /dev/keychord access" 2018-08-29 14:40:32 +00:00
Nick Kralevich
f2735e60ab Merge "shell: remove /dev/input write access" 
am: efb6667a2c

Change-Id: I031764af6950f75ba20bdcd15e6311fa8b9e070b
 2018-08-28 13:58:57 -07:00
Treehugger Robot
efb6667a2c Merge "shell: remove /dev/input write access" 2018-08-28 17:53:27 +00:00
Mark Salyzyn
0722b5aab6 init: drop /dev/keychord access 
Test: compile
Bug: 64114943
Change-Id: I1d20cc027dbd1a94e2a79b6aebdd265cefe8a6a5
 2018-08-28 10:33:49 -07:00
Nick Kralevich
51156264b4 shell: remove /dev/input write access 
Shell access to existing input devices is an abuse vector.
The shell user can inject events that look like they originate
from the touchscreen etc.

Everyone should have already moved to UiAutomation#injectInputEvent
if they are running instrumentation tests (i.e. CTS), Monkey for
their stress tests, and the input command (adb shell input ...) for
injecting swipes and things.

Remove the write ability for shell users, and add a neverallow assertion
(which is also a CTS test) to prevent regressions.

Bug: 30861057
Test: auditallow statement added in
  f617a404c2 hasn't triggered.
Test: ran getevent, saw correct output, played with device

Change-Id: Ia78eeec05f6015478dd32bd59505b51fef200a99
 2018-08-28 09:19:51 -07:00
Jeff Vander Stoep
08aa715966 crash_dump: disallow ptrace of TCB components 
Remove permissions and add neverallow assertion.

(cherry picked from commit f1554f1588)

Bug: 110107376
Test: kill -6 <components excluded from ptrace>
Change-Id: I2dc872f5c02749fbaf8ca6bc7e3e38404151442c
 2018-08-28 08:28:25 -07:00
Chia-I Wu
31f88efdad Merge "Allow signals to hal_graphics_allocator_server from dumpstate" 
am: ed16534eb5

Change-Id: Icc0d6911546d012cde4f18951e13df32cbaf9785
 2018-08-27 11:53:32 -07:00
Treehugger Robot
ed16534eb5 Merge "Allow signals to hal_graphics_allocator_server from dumpstate" 2018-08-27 18:46:28 +00:00
Howard Ro
7e143d0ce7 Merge "Allow all app types to socket send to statsdw (statsd socket)" 
am: 00f76cb4ff

Change-Id: I72a850cb5d4d51a50d405d90fbe145e63940cb60
 2018-08-25 09:14:37 -07:00
Howard Ro
00f76cb4ff Merge "Allow all app types to socket send to statsdw (statsd socket)" 2018-08-25 00:32:59 +00:00
Nick Kralevich
5a4374c536 auditallow shell input_device:chr_file 
am: f617a404c2

Change-Id: If6dcba9dcaeb19e1fb12e3ead5868027a3ddfc65
 2018-08-24 14:37:25 -07:00
Nick Kralevich
f617a404c2 auditallow shell input_device:chr_file 
Test to see if anyone is writing to /dev/input from the shell.

Bug: 30861057
Test: device boots and no avc granted messages.
Change-Id: Ia3499ef9436f83cf13c633525348b63edd95990f
 2018-08-24 12:40:30 -07:00
Shibin George
57a4327288 Merge "Whitelist some more properties that go into /vendor/build.prop" 
am: 7ecc8b13ee

Change-Id: I80f9b7d5530f97b2347bb95797b647d73bae3395
 2018-08-23 22:19:05 -07:00
Treehugger Robot
7ecc8b13ee Merge "Whitelist some more properties that go into /vendor/build.prop" 2018-08-24 05:06:33 +00:00
Howard Ro
21bd2aeb08 Allow all app types to socket send to statsdw (statsd socket) 
Also move statsd to /public/

Bug: 110538431
Test: manual testing
Change-Id: I58319e169eaab7d997ed3628c3c9709cf7bd0d4a
 2018-08-23 16:13:30 -07:00
Tri Vo
dc7ab41184 Merge "Rename untrusted_app_visible_*' to include 'violators'." 
am: 00f28f6d09

Change-Id: Iaa4128625415e469d3cb78f83d274e7a227ea835
 2018-08-22 21:04:57 -07:00
Tri Vo
00f28f6d09 Merge "Rename untrusted_app_visible_*' to include 'violators'." 2018-08-23 03:22:20 +00:00