tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/private
History
Nick Kralevich 095fbea563 Strengthen ptrace neverallow rules 
Add additional compile time constraints on the ability to ptrace various
sensitive domains.

llkd: remove some domains which llkd should never ptrace, even on
debuggable builds, such as kernel threads and init.

crash_dump neverallows: Remove the ptrace neverallow checks because
it duplicates other neverallow assertions spread throughout the policy.

Test: policy compiles and device boots
Change-Id: Ia4240d1ce7143b983bb048e046bb4729d0af5a6e
2018-09-14 18:32:20 +00:00
..
compat Add looper_stats_service to SE policy. 2018-09-06 21:07:13 +00:00
access_vectors Add nnp_nosuid_transition policycap and related class/perm definitions. 2018-09-07 10:52:31 -07:00
adbd.te Add sepolicy for fastbootd 2018-08-15 08:45:22 -07:00
app.te sepolicy: Allow apps to read ashmem fds from system_server 2018-09-10 17:04:09 +00:00
app_neverallows.te Disallow new untrusted_app access to /proc/tty/drivers 2018-09-07 07:39:28 -07:00
asan_extract.te Sepolicy: Add ASAN-Extract 2017-04-05 13:09:29 -07:00
atrace.te Make system_server atrace category work with traced_probes 2018-09-10 14:03:27 +01:00
audioserver.te audioserver: add access to wake locks. 2018-05-17 17:27:56 -07:00
binder_in_vendor_violators.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
binderservicedomain.te Move binderservicedomain policy to private 2017-02-08 09:09:39 -08:00
blank_screen.te Add policy for 'blank_screen'. 2018-01-22 20:27:01 +00:00
blkid.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
blkid_untrusted.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
bluetooth.te Whitelist vendor-init-settable bluetooth_prop and wifi_prop 2018-04-13 11:08:48 +09:00
bluetoothdomain.te Move bluetoothdomain policy to private 2017-02-06 15:32:08 -08:00
bootanim.te Dontaudit denials caused by race with labeling. 2018-02-14 17:07:13 -08:00
bootstat.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
bpfloader.te Strengthen ptrace neverallow rules 2018-09-14 18:32:20 +00:00
bufferhubd.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
bug_map bug_map: track new pm/storage denials 2018-08-15 10:21:23 -07:00
cameraserver.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
charger.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
clatd.te domain_deprecated is dead 2017-07-28 22:01:46 +00:00
coredomain.te Remove vendor_init from coredomain 2018-01-29 18:07:41 +00:00
cppreopts.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
crash_dump.te Strengthen ptrace neverallow rules 2018-09-14 18:32:20 +00:00
dex2oat.te domain_deprecated is dead 2017-07-28 22:01:46 +00:00
dexoptanalyzer.te Start partitioning off privapp_data_file from app_data_file 2018-08-02 16:29:02 -07:00
dhcp.te domain_deprecated is dead 2017-07-28 22:01:46 +00:00
dnsmasq.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
domain.te exclude su from transitioning to crash_dump domain 2018-09-05 19:49:59 -07:00
drmserver.te Tighten restrictions on core <-> vendor socket comms 2017-03-31 09:17:54 -07:00
dumpstate.te dumpstate: remove JIT and /data execute 2018-09-06 13:28:34 -07:00
ephemeral_app.te Revert "auditallow app_data_file execute" 2018-08-13 11:23:02 -07:00
fastbootd.te Add sepolicy for fastbootd 2018-08-15 08:45:22 -07:00
file.te Allow all app types to socket send to statsdw (statsd socket) 2018-08-23 16:13:30 -07:00
file_contexts s/product-services/product_services/g 2018-08-20 17:46:16 +00:00
file_contexts_asan /odm is another vendor partition that can be customied by ODMs 2017-12-15 19:07:58 +09:00
file_contexts_overlayfs fs_mgr: add overlayfs handling for squashfs system filesystems 2018-08-08 07:33:10 -07:00
fingerprintd.te domain_deprecated is dead 2017-07-28 22:01:46 +00:00
fs_use fs_mgr: add overlayfs handling for squashfs system filesystems 2018-08-08 07:33:10 -07:00
fsck.te Allow access to the metadata partition for metadata encryption. 2018-01-19 14:45:08 -08:00
fsck_untrusted.te domain_deprecated is dead 2017-07-28 22:01:46 +00:00
gatekeeperd.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
genfs_contexts Allow to read events/header_page with debugfs_tracing 2018-07-03 09:36:42 +00:00
hal_allocator_default.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
hal_system_suspend_default.te Sepolicy for system suspend HAL. 2018-08-13 17:26:34 -07:00
halclientdomain.te Restrict access to hwservicemanager 2017-04-21 09:54:53 -07:00
halserverdomain.te Allow hals to read hwservicemanager prop. 2017-03-23 01:50:50 +00:00
healthd.te healthd provides health@2.0 service. 2017-10-17 13:48:42 -07:00
hwservice_contexts Sepolicy for system suspend HAL. 2018-08-13 17:26:34 -07:00
hwservicemanager.te Finer grained permissions for ctl. properties 2018-05-22 13:47:16 -07:00
idmap.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
incident.te Add this rule allows incidentd CTS tests be able to use incident 2018-01-31 12:33:57 -08:00
incident_helper.te Allow incidentd to read LAST_KMSG only for userdebug builds 2018-03-30 10:15:24 -07:00
incidentd.te Allow signals to hal_graphics_allocator_server from dumpstate 2018-08-13 10:41:48 -07:00
init.te Add sepolicy for fastbootd 2018-08-15 08:45:22 -07:00
initial_sid_contexts Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
initial_sids Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
inputflinger.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
install_recovery.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
installd.te Ensure taking a bugreport generates no denials. 2018-03-08 02:25:18 +00:00
isolated_app.te Start partitioning off privapp_data_file from app_data_file 2018-08-02 16:29:02 -07:00
kernel.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
keys.conf Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
keystore.te Allow Keystore to check security logging property. 2018-01-24 19:49:18 +00:00
llkd.te Strengthen ptrace neverallow rules 2018-09-14 18:32:20 +00:00
lmkd.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
logd.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
logpersist.te sepolicy: Add rules for non-init namespaces 2017-11-21 08:34:32 -07:00
mac_permissions.xml Move MediaProvider to its own domain, add new MtpServer permissions 2016-12-12 11:05:33 -08:00
mdnsd.te Start the process of locking down proc/net 2018-05-04 21:36:33 +00:00
mediadrmserver.te update sepolicy for gralloc HAL 2017-03-30 14:43:35 -07:00
mediaextractor.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
mediametrics.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
mediaprovider.te Allow mediaprovider to search /mnt/media_rw 2018-05-15 11:46:52 -07:00
mediaserver.te mediacodec->mediacodec+hal_omx{,_server,_client} 2018-05-30 18:12:32 +00:00
mls Start partitioning off privapp_data_file from app_data_file 2018-08-02 16:29:02 -07:00
mls_decl sepolicy: add version_policy tool and version non-platform policy. 2016-12-06 08:56:02 -08:00
mls_macros Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
modprobe.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
mtp.te domain_deprecated is dead 2017-07-28 22:01:46 +00:00
net.te Update socket ioctl restrictions 2018-06-22 05:35:07 +00:00
netd.te Allow netd to setup xt_bpf iptable rules 2018-03-21 14:37:37 -07:00
netutils_wrapper.te Start the process of locking down proc/net 2018-05-04 21:36:33 +00:00
nfc.te SE Policy for Secure Element app and Secure Element HAL 2018-01-29 21:31:42 +00:00
otapreopt_chroot.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
otapreopt_slot.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
perfetto.te label /data/vendor{_ce,_de} 2018-02-08 17:21:25 +00:00
performanced.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
perfprofd.te Sepolicy for system suspend HAL. 2018-08-13 17:26:34 -07:00
platform_app.te app: Allow all apps to read dropbox FDs 2018-09-04 20:23:43 +00:00
policy_capabilities Add nnp_nosuid_transition policycap and related class/perm definitions. 2018-09-07 10:52:31 -07:00
port_contexts Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
postinstall.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
postinstall_dexopt.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
ppp.te domain_deprecated is dead 2017-07-28 22:01:46 +00:00
preopt2cachename.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
priv_app.te app: Allow all apps to read dropbox FDs 2018-09-04 20:23:43 +00:00
profman.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
property_contexts llkd: Add stack symbol checking 2018-09-04 17:02:30 +00:00
racoon.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
radio.te Add label for time (zone) system properties 2018-06-25 17:59:56 +01:00
recovery.te domain_deprecated is dead 2017-07-28 22:01:46 +00:00
recovery_persist.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
recovery_refresh.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
roles_decl sepolicy: add version_policy tool and version non-platform policy. 2016-12-06 08:56:02 -08:00
runas.te domain_deprecated is dead 2017-07-28 22:01:46 +00:00
sdcardd.te domain_deprecated is dead 2017-07-28 22:01:46 +00:00
seapp_contexts Change priv-apps /data/data labels to privapp_data_file 2018-09-12 12:30:32 -07:00
secure_element.te SE Policy for Secure Element app and Secure Element HAL 2018-01-29 21:31:42 +00:00
security_classes Add nnp_nosuid_transition policycap and related class/perm definitions. 2018-09-07 10:52:31 -07:00
service.te Setting up SELinux policy for statsd and stats service 2017-12-19 01:41:48 +00:00
service_contexts Add looper_stats_service to SE policy. 2018-09-06 21:07:13 +00:00
servicemanager.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
sgdisk.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
shared_relro.te domain_deprecated is dead 2017-07-28 22:01:46 +00:00
shell.te Statsd allow shell in selinux policy 2018-02-13 09:34:55 -08:00
slideshow.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
stats.te Allow all app types to socket send to statsdw (statsd socket) 2018-08-23 16:13:30 -07:00
statsd.te Allow all app types to socket send to statsdw (statsd socket) 2018-08-23 16:13:30 -07:00
storaged.te Start partitioning off privapp_data_file from app_data_file 2018-08-02 21:27:57 -07:00
su.te SELinux policies for Perfetto cmdline client (/system/bin/perfetto) 2018-01-29 11:06:00 +00:00
surfaceflinger.te Start partitioning off privapp_data_file from app_data_file 2018-08-02 16:29:02 -07:00
system_app.te app: Allow all apps to read dropbox FDs 2018-09-04 20:23:43 +00:00
system_server.te Allow stats_companion to register thermal throttling event listener. 2018-09-13 09:18:33 -07:00
technical_debt.cil Rename untrusted_app_visible_*' to include 'violators'. 2018-08-21 21:32:41 +00:00
thermalserviced.te Sync internal master and AOSP sepolicy. 2017-09-26 14:38:47 -07:00
tombstoned.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
toolbox.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
traced.te perfetto: allow traced to write into FDs received by the client 2018-03-26 01:01:36 +00:00
traced_probes.te sepolicy: Fix references to self:capability 2018-08-21 15:55:23 +00:00
traceur_app.te Allow Traceur app to remove trace files. 2018-02-20 17:03:08 -08:00
tzdatacheck.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
ueventd.te domain_deprecated is dead 2017-07-28 22:01:46 +00:00
uncrypt.te domain_deprecated is dead 2017-07-28 22:01:46 +00:00
untrusted_app.te Add untrusted_app_27 2018-04-03 12:25:51 -07:00
untrusted_app_25.te Remove legacy execmod access from API >= 26. 2018-08-08 01:39:09 +00:00
untrusted_app_27.te Start the process of locking down proc/net 2018-05-04 21:36:33 +00:00
untrusted_app_all.te Revert "auditallow app_data_file execute" 2018-08-13 11:23:02 -07:00
update_engine.te domain_deprecated is dead 2017-07-28 22:01:46 +00:00
update_engine_common.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
update_verifier.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
usbd.te usbd sepolicy 2018-01-20 03:41:21 +00:00
users Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
vdc.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
vendor_init.te Remove vendor_init from coredomain 2018-01-29 18:07:41 +00:00
virtual_touchpad.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
vold.te domain_deprecated is dead 2017-07-28 22:01:46 +00:00
vold_prepare_subdirs.te Fingerprint data is now stored in one of two ways depending on the 2018-05-16 14:22:14 -07:00
vr_hwc.te Restrict access to hwservicemanager 2017-04-21 09:54:53 -07:00
wait_for_keymaster.te Add wait_for_keymaster 2018-05-09 13:41:37 -07:00
watchdogd.te Move watchdogd out of init and into its own domain 2018-08-03 19:28:05 +00:00
webview_zygote.te Start partitioning off privapp_data_file from app_data_file 2018-08-02 16:29:02 -07:00
wificond.te SE Policy for Wifi Offload HAL 2017-05-18 09:49:55 -07:00
wpantund.te lowpan: Add wpantund to SEPolicy 2017-10-16 14:10:40 -07:00
zygote.te add links to docs explaining motivations behind neverallow assertions. 2018-09-12 15:53:48 -07:00