Connor O'Brien
ff023a75d5
Merge "Revert "Move boot_control_hal attribute to hal_boot domain"" am: b44d2c9b7c am: f142317a83 am: 944c661fb9
...
am: 1d070a5b20
2016-11-18 04:37:04 +00:00
Connor O'Brien
1d070a5b20
Merge "Revert "Move boot_control_hal attribute to hal_boot domain"" am: b44d2c9b7c am: f142317a83
...
am: 944c661fb9
2016-11-18 04:34:04 +00:00
Connor O'Brien
944c661fb9
Merge "Revert "Move boot_control_hal attribute to hal_boot domain"" am: b44d2c9b7c
...
am: f142317a83
2016-11-18 04:31:04 +00:00
Connor O'Brien
f142317a83
Merge "Revert "Move boot_control_hal attribute to hal_boot domain""
...
am: b44d2c9b7c
2016-11-18 04:28:34 +00:00
Treehugger Robot
b44d2c9b7c
Merge "Revert "Move boot_control_hal attribute to hal_boot domain""
2016-11-18 04:24:34 +00:00
Connor O'Brien
394ed93d90
Revert "Move boot_control_hal attribute to hal_boot domain"
...
This reverts commit 1f3294659d
2016-11-18 02:43:03 +00:00
Max Bires
b3c13df6d2
Merge "Removed a duplicate rule." am: 590d0e2418 am: a30f39cb58 am: 948c6cca51
...
am: 050982c7b4
2016-11-18 00:43:15 +00:00
Max Bires
050982c7b4
Merge "Removed a duplicate rule." am: 590d0e2418 am: a30f39cb58
...
am: 948c6cca51
2016-11-18 00:27:43 +00:00
Max Bires
948c6cca51
Merge "Removed a duplicate rule." am: 590d0e2418
...
am: a30f39cb58
2016-11-18 00:12:42 +00:00
Max Bires
a30f39cb58
Merge "Removed a duplicate rule."
...
am: 590d0e2418
2016-11-17 23:57:38 +00:00
Eric Bae
79dced3417
allow policy to create a file by vfat (fs_type) for a case using sdcardfs am: adf210d654 am: c6c8da3777 am: f43135fd4c am: b2930607ca am: bc1b4c0326 am: 8fc0265277
...
am: 536752f9fd
2016-11-17 23:57:38 +00:00
Max Bires
590d0e2418
Merge "Removed a duplicate rule."
2016-11-17 23:46:29 +00:00
Max
ca04f9b3c4
Removed a duplicate rule.
...
Test: Device boots
Change-Id: I151c5fb6f56850eaa215e1a917ac9ad609dbdd4a
2016-11-17 23:46:15 +00:00
Eric Bae
536752f9fd
allow policy to create a file by vfat (fs_type) for a case using sdcardfs am: adf210d654 am: c6c8da3777 am: f43135fd4c am: b2930607ca am: bc1b4c0326
...
am: 8fc0265277
2016-11-17 23:42:09 +00:00
Eric Bae
8fc0265277
allow policy to create a file by vfat (fs_type) for a case using sdcardfs am: adf210d654 am: c6c8da3777 am: f43135fd4c am: b2930607ca
...
am: bc1b4c0326
2016-11-17 23:27:36 +00:00
Eric Bae
bc1b4c0326
allow policy to create a file by vfat (fs_type) for a case using sdcardfs am: adf210d654 am: c6c8da3777 am: f43135fd4c
...
am: b2930607ca
2016-11-17 23:12:06 +00:00
Eric Bae
b2930607ca
allow policy to create a file by vfat (fs_type) for a case using sdcardfs am: adf210d654 am: c6c8da3777
...
am: f43135fd4c
2016-11-17 22:57:05 +00:00
Eric Bae
f43135fd4c
allow policy to create a file by vfat (fs_type) for a case using sdcardfs am: adf210d654
...
am: c6c8da3777
2016-11-17 22:42:03 +00:00
Eric Bae
c6c8da3777
allow policy to create a file by vfat (fs_type) for a case using sdcardfs
...
am: adf210d654
2016-11-17 22:27:29 +00:00
Connor O'Brien
9fe95aa9de
Merge "Move boot_control_hal attribute to hal_boot domain" am: e1df51038e am: 1dedd46d27 am: 61f3fe1bed
...
am: 05d03dd736
2016-11-17 19:55:20 +00:00
Connor O'Brien
05d03dd736
Merge "Move boot_control_hal attribute to hal_boot domain" am: e1df51038e am: 1dedd46d27
...
am: 61f3fe1bed
2016-11-17 19:45:43 +00:00
Connor O'Brien
61f3fe1bed
Merge "Move boot_control_hal attribute to hal_boot domain" am: e1df51038e
...
am: 1dedd46d27
2016-11-17 19:38:06 +00:00
Connor O'Brien
1dedd46d27
Merge "Move boot_control_hal attribute to hal_boot domain"
...
am: e1df51038e
2016-11-17 19:32:42 +00:00
Connor O'Brien
e1df51038e
Merge "Move boot_control_hal attribute to hal_boot domain"
2016-11-17 19:06:42 +00:00
Nick Kralevich
1ba5d893a8
shell.te: revoke syslog(2) access to shell user am: c9630dc6a1 am: 883d1a1893 am: b58b14b569
...
am: d121c1fade
2016-11-17 16:03:33 +00:00
Nick Kralevich
d121c1fade
shell.te: revoke syslog(2) access to shell user am: c9630dc6a1 am: 883d1a1893
...
am: b58b14b569
2016-11-17 15:49:12 +00:00
Nick Kralevich
b58b14b569
shell.te: revoke syslog(2) access to shell user am: c9630dc6a1
...
am: 883d1a1893
2016-11-17 15:41:40 +00:00
Nick Kralevich
883d1a1893
shell.te: revoke syslog(2) access to shell user
...
am: c9630dc6a1
2016-11-17 15:33:38 +00:00
Nick Kralevich
c9630dc6a1
shell.te: revoke syslog(2) access to shell user
...
external/toybox commit a583afc812cf7be74ebab72294c8df485908ff04 started
having dmesg use /dev/kmsg, which is unreadable to the unprivileged
shell user. Revoke syslog(2) to the shell user for consistency.
The kernel dmesg log is a source of kernel pointers, which can leak
kASLR information from the kernel. Restricting access to kernel
information will make attacks against Android more difficult. Having
said that, dmesg information is still available from "adb bugreport", so
this change doesn't completely shutdown kernel info leaks.
This change essentially reverts us to the state we were in between Nov 8
2011 and May 27 2014. During that almost 3 year period, the unprivileged
shell user was unable to access dmesg, and there was only one complaint
during that time.
References:
* https://android.googlesource.com/platform/system/core/+/f9557fb
* https://android.googlesource.com/platform/system/sepolicy/+/f821b5a
TODO: Further unify /dev/kmsg permissions with syslog_read permissions.
Test: policy compiles, no dmesg output
Change-Id: Icfff6f765055bdbbe85f302b781aed2568ef532f
2016-11-16 10:22:51 -08:00
Nick Kralevich
d7dce6de61
Merge "exclude su from app auditallow" am: 747c69f43c am: bbf21a4ffe am: 3e24c640ca
...
am: 78860bcde4
2016-11-15 23:50:25 +00:00
Nick Kralevich
22f980e402
isolated_app: allow access to pre-opened sdcard FDs am: c121735f42 am: 506cae4729 am: 7089d2bbdd
...
am: 2ef8483264
2016-11-15 23:50:13 +00:00
Daichi Hirono
ae710af62f
Allow apps to search appfuse mount point and open a file on appfuse mount point. am: 4c7044e0b1 am: 00020b8edf am: 6a6744c72a
...
am: 54bc9b46b0
2016-11-15 23:50:02 +00:00
Chad Brubaker
e9724ae81a
Merge "Allow ephemeral apps network connections" am: 41301ab74b am: 5fa5ffe1c8 am: 41496cd47f
...
am: ee3116a5ad
2016-11-15 23:49:49 +00:00
Connor O'Brien
bfce62caa1
Merge "Allow update_verifier to use boot HIDL HAL" am: 353244451f am: 57a25f9c25 am: 448859b20c
...
am: b8bbf5f2bb
2016-11-15 23:49:36 +00:00
Nick Kralevich
027bf8e60d
resolve merge conflicts of 833485b to master
...
Test: policy compiles
Change-Id: I709b0b8c74b25671a1e6509802131459348deb40
2016-11-15 15:38:27 -08:00
Nick Kralevich
c6ea0b45b4
resolve merge conflicts of 837a6f2 to master
...
Test: manualmerge
Change-Id: Ibe49e8397f0f8ea8be677ab0ae9c52e2a5feb9a5
2016-11-15 15:27:21 -08:00
Alex Deymo
1f3294659d
Move boot_control_hal attribute to hal_boot domain
...
Grant boot_control_hal permissions to the hal_boot service;
update_engine and update_verifier can call that service rather
than using those permissions themselves.
Bug: 31864052
Test: `bootctl set-active-boot-slot 1`
Change-Id: I5188bc32e7933d4a0f5135b3246df119d3523d69
2016-11-15 15:12:41 -08:00
Nick Kralevich
78860bcde4
Merge "exclude su from app auditallow" am: 747c69f43c am: bbf21a4ffe
...
am: 3e24c640ca
2016-11-15 23:05:35 +00:00
Nick Kralevich
2ef8483264
isolated_app: allow access to pre-opened sdcard FDs am: c121735f42 am: 506cae4729
...
am: 7089d2bbdd
2016-11-15 23:05:23 +00:00
Nick Kralevich
3e24c640ca
Merge "exclude su from app auditallow" am: 747c69f43c
...
am: bbf21a4ffe
2016-11-15 22:57:33 +00:00
Nick Kralevich
7089d2bbdd
isolated_app: allow access to pre-opened sdcard FDs am: c121735f42
...
am: 506cae4729
2016-11-15 22:57:23 +00:00
Nick Kralevich
bbf21a4ffe
Merge "exclude su from app auditallow"
...
am: 747c69f43c
2016-11-15 22:50:03 +00:00
Nick Kralevich
506cae4729
isolated_app: allow access to pre-opened sdcard FDs
...
am: c121735f42
2016-11-15 22:49:51 +00:00
Treehugger Robot
747c69f43c
Merge "exclude su from app auditallow"
2016-11-15 22:40:49 +00:00
Nick Kralevich
e0d5c5323d
exclude su from app auditallow
...
su is an appdomain, and as such, any auditallow statements applicable to
appdomain also apply to su. However, su is never enforced, so generating
SELinux denials for such domains is pointless. Exclude su from
ion_device auditallow rules.
Addresses the following auditallow spam:
avc: granted { ioctl } for comm="screencap" path="/dev/ion" dev="tmpfs"
ino=10230 ioctlcmd=4906 scontext=u:r:su:s0
tcontext=u:object_r:ion_device:s0 tclass=chr_file
Test: policy compiles
Change-Id: I2e783624b9e53ad365669bd6f2d4db40da475a16
2016-11-15 13:17:42 -08:00
Nick Kralevich
c121735f42
isolated_app: allow access to pre-opened sdcard FDs
...
Allow isolated apps to read/write/append/lock already open sdcard
file descriptors passed to it by normal app processes. isolated_apps are
used by processes like Google drive when handling untrusted content.
Addresses the following denial:
audit(0.0:1508): avc: denied { read } for
path="/storage/emulated/0/Download/02-corejava.pdf" dev="fuse" ino=310
scontext=u:r:isolated_app:s0:c512,c768 tcontext=u:object_r:fuse:s0
tclass=file permissive=0
This partially reverts the tightening added in
ce4b5eeaee
2016-11-15 12:58:06 -08:00
Daichi Hirono
54bc9b46b0
Allow apps to search appfuse mount point and open a file on appfuse mount point. am: 4c7044e0b1 am: 00020b8edf
...
am: 6a6744c72a
2016-11-15 03:25:58 +00:00
Daichi Hirono
6a6744c72a
Allow apps to search appfuse mount point and open a file on appfuse mount point. am: 4c7044e0b1
...
am: 00020b8edf
2016-11-15 03:18:27 +00:00
Daichi Hirono
00020b8edf
Allow apps to search appfuse mount point and open a file on appfuse mount point.
...
am: 4c7044e0b1
2016-11-15 03:11:57 +00:00
Daichi Hirono
4c7044e0b1
Allow apps to search appfuse mount point and open a file on appfuse mount point.
...
Bug: 29970149
Test: None
Change-Id: I59f49f3bf20d93effde5e1a9a3c1ed64fbecb7a8
2016-11-15 10:22:19 +09:00
