73a2b7321306ab5e96aea16ce7c584e10e639388 |
24-Oct-2014 |
Nick Kralevich <nnk@google.com> |
allow system_server to set kernel scheduling priority Addresses the following denial: avc: denied { setsched } for comm="system_server" scontext=u:r:system_server:s0 tcontext=u:r:kernel:s0 tclass=process permissive=0 It's not clear why system_server is adjusting the scheduling priority of kernel processes (ps -Z | grep kernel). For now, allow the operation, although this is likely a kernel bug. Maybe fix bug 18085992. Bug: 18085992 Change-Id: Ic10a4da63a2c392d90084eb1106bc5b42f95b855
ystem_server.te
|
f287cd46eec155b2715b57f2b6336c56e7dd02f5 |
23-Oct-2014 |
Nick Kralevich <nnk@google.com> |
recovery: allow changing unlabeled symbolic links Currently, recovery is allowed write access to the following three file labels: * system_file (directories, files, and symbolic links) * exec_type (directories, files, and symbolic links) * unlabeled (directory and files) system_file is the default label on all files in /system. exec_type is the attribute used to mark executables on /system. The third file type, "unlabeled", refers to filesystem objects where the label hasn't been set, or a label is set but isn't defined by the currently loaded policy. The current policy only allows unlabeled files or directories to be modified. Symbolic links were accidentally excluded. This causes problems when trying to fix up labels/permissions on unlabeled symbolic links. Allow unlabeled symbolic link modifications. Bug: 18079773 Change-Id: I8e5c33602cdc38ec9a95b4e83f9ccbb06fe9da7c
ecovery.te
|
1b74a109f54693c7b8060370b5ac13fbd986744e |
22-Oct-2014 |
Nick Kralevich <nnk@google.com> |
DO NOT MERGE: allow access to labeled executables in /system Most files on /system are labeled with the "system_file" label, and are readable by default by all SELinux domains. However, select executables are labeled with their own label, so that SELinux knows what domains to enter upon running the executable. Allow adbd read access to labeled executables in /system. We do this by granting adbd read access to exec_type, the attribute assigned to all executables on /system. This allows "adb pull /system" to work without generating SELinux denials. Bug: 18078338 Change-Id: I97783759af083968890f15f7b1d8fff989e80604
dbd.te
|
69a4c7daf3a93b3fec6a83acf9c6aaa5d1b3cc78 |
22-Oct-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to 480374e4d082238a71773f29483c5d24ad8b3f6d
|
0e9bfdd6a9a53730972aab696303570e4a5ccb88 |
21-Oct-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to 480374e4d082238a71773f29483c5d24ad8b3f6d
|
d6904518fb430a299d8b88d1b4bee9607cf5b9ec |
20-Oct-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to 480374e4d082238a71773f29483c5d24ad8b3f6d
|
480374e4d082238a71773f29483c5d24ad8b3f6d |
17-Oct-2014 |
Nick Kralevich <nnk@google.com> |
Fix compile time / CTS gps_data_files neverallow assertion Currently, zygote spawned apps are prohibited from modifying GPS data files. If someone tries to allow GPS access to any app domain, it generates a compile time / CTS exception. Relax the rules slightly for system_app. These apps run with UID=system, and shouldn't be banned from handling gps data files. This change doesn't add or remove any SELinux rules. Rather, it just relaxes a compile time assertion, allow partners to create SELinux rules allowing the access if they desire. Bug: 18021422 Change-Id: Iad0c6a3627efe129246e2c817f6f71d2735eba93
pp.te
|
2e51e203b4151239d421245f3d699a3b0f5e8ea6 |
16-Oct-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to 51bfecf49d50982f64aba1fa73bbbdd2e40a444f
|
51bfecf49d50982f64aba1fa73bbbdd2e40a444f |
13-Oct-2014 |
Robin Lee <rgl@google.com> |
Pull keychain-data policy out of system-data Migrators should be allowed to write to /data/misc/keychain in order to remove it. Similarly /data/misc/user should be writable by system apps. TODO: Revoke zygote's rights to read from /data/misc/keychain on behalf of some preloaded security classes. Bug: 17811821 Change-Id: I9e9c6883cff1dca3755732225404909c16a0e547
pp.te
ile.te
ile_contexts
nstalld.te
ystem_app.te
ystem_server.te
ygote.te
|
17ece9ca840761bb1361ef9bbac550a233218250 |
15-Oct-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to ebfd9f87197f4a39bbc2a5e4f6c6dffc28be36d7
|
58b3cae1bcea4dbd713b7d881a6968afa625e47e |
14-Oct-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to ebfd9f87197f4a39bbc2a5e4f6c6dffc28be36d7
|
21440171eeec4ec76326df76ff0626f64fa89248 |
13-Oct-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to ebfd9f87197f4a39bbc2a5e4f6c6dffc28be36d7
|
dc5a8d9de547f79775285604bf13e870f4cf707f |
12-Oct-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to ebfd9f87197f4a39bbc2a5e4f6c6dffc28be36d7
|
ebfd9f87197f4a39bbc2a5e4f6c6dffc28be36d7 |
11-Oct-2014 |
Nick Kralevich <nnk@google.com> |
allow oemfs:dir search mediaserver and drmserver both have permission to read oemfs related files. However, there are no search permissions on the directory, so the files would be unreachable. Grant search permissions on the oemfs directory, so that the files within that directory can be read. Bug: 17954291 Change-Id: I9e36dc7b940bd46774753c1fa07b0f47c36ff0db
rmserver.te
ediaserver.te
|
2380d05f9791b6789b81e28ca8841df1b8b62c6d |
11-Oct-2014 |
Nick Kralevich <nnk@google.com> |
allow system_server oemfs read access Bug: 17954291 Change-Id: Ia904fff65df5142732928561d81ea0ece0c52a8d
ystem_server.te
|
90adbf91f5a98a27f65ad151139e89c669037467 |
09-Oct-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to 0a52df50207e6b398278d6faae026ce04eb13602
|
0aecf75da9a90e91fa12ae6fba8bc6d68efb7359 |
08-Oct-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to 0a52df50207e6b398278d6faae026ce04eb13602
|
f77f887bc2a9cbce96dca4a4b527fab5faae7b6b |
07-Oct-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to 0a52df50207e6b398278d6faae026ce04eb13602
|
a1fdedb5776a5136c3c71a6c8b3e5590a887de4e |
06-Oct-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to f2c011892ddef55d0d4a585f9deb985e8cd34cf9
|
f970ac100c36267f33fb3ccf64296adc0aa9790a |
05-Oct-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to f2c011892ddef55d0d4a585f9deb985e8cd34cf9
|
0a52df50207e6b398278d6faae026ce04eb13602 |
29-Sep-2014 |
Mike Lockwood <lockwood@google.com> |
Give bootanimation access to /dev/snd files so it can use tinyalsa Bug: 17674304 Change-Id: Ide32833809bca8d3ed8ddc898748e25d7a692319
ootanim.te
|
933bd2c44fd7f13fedd01ed847071350a9e1186a |
01-Oct-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to f2c011892ddef55d0d4a585f9deb985e8cd34cf9
|
e63f1325ddb0de6190dbf44b963db8ddadcd153d |
30-Sep-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to f2c011892ddef55d0d4a585f9deb985e8cd34cf9
|
4df14b311a17c649771482a0bddcd2c6ddba39bb |
29-Sep-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to f2c011892ddef55d0d4a585f9deb985e8cd34cf9
|
9847886b5a3db7eeed700ffca4b7ee43960ec7e0 |
28-Sep-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to f2c011892ddef55d0d4a585f9deb985e8cd34cf9
|
f2c011892ddef55d0d4a585f9deb985e8cd34cf9 |
26-Sep-2014 |
Nick Kralevich <nnk@google.com> |
zygote: allow replacing /proc/cpuinfo Android's native bridge functionality allows an Android native app written on one CPU architecture to run on a different architecture. For example, Android ARM apps may run on an x86 CPU. To support this, the native bridge functionality needs to replace /proc/cpuinfo with the version from /system/lib/<ISA>/cpuinfo using a bind mount. See commit ab0da5a9a6860046619629b8e6b83692d35dff86 in system/core. This change: 1) Creates a new label proc_cpuinfo, and assigns /proc/cpuinfo that label. 2) Grants read-only access to all SELinux domains, to avoid breaking pre-existing apps. 3) Grants zygote mounton capabilities for that file, so zygote can replace the file as necessary. Addresses the following denial: avc: denied { mounton } for path="/proc/cpuinfo" dev="proc" ino=4026532012 scontext=u:r:zygote:s0 tcontext=u:object_r:proc:s0 tclass=file Bug: 17671501 (cherry picked from commit 2de02877a30e73bdf30fb2bf9cc4957f9ddbf996) Change-Id: I2c2366bee4fe365288d14bca9778d23a43c368cb
omain.te
ile.te
enfs_contexts
ygote.te
|
49fd9567d933acedeedc6d2927951ec07ef65723 |
26-Sep-2014 |
Martijn Coenen <maco@google.com> |
Merge "Allow NFC to read/write nfc. system properties." into lmp-dev
|
05383ebfb439bed8436912ed28db550e8842b343 |
26-Sep-2014 |
Martijn Coenen <maco@google.com> |
Allow NFC to read/write nfc. system properties. Bug: 17298769 Change-Id: I1994ff9f9da9b13249099f6c9bcec88dcdc2bb97
pp.te
fc.te
roperty.te
roperty_contexts
|
cf410c74b83ff585655cf3356e9153ca8456c971 |
25-Sep-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to 62083414a4cc2b9fd7eb22c3bc4ffa4d9285d4be
|
62083414a4cc2b9fd7eb22c3bc4ffa4d9285d4be |
25-Sep-2014 |
Nick Kralevich <nnk@google.com> |
allow apps to read the contents of mounted OBBs Apps should be able to read the contents of mounted OBBs. Steps to reproduce: 1) Install com.namcobandaigames.soulcaliburgp (SoulCalibur) 2) Attempt to run the app. Expected: App runs successfully. Actual: App crashes. See denials below. This can also be reproduced by running the newly introduced CTS test in I2018b63b0236ce6b5aee4094e40473315b1948c3 Addresses the following denials: avc: denied { read } for pid=4133 comm="roidJUnitRunner" name="test1.txt" dev="loop0" ino=23 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:vfat:s0 tclass=file avc: denied { open } for pid=4133 comm="roidJUnitRunner" name="test1.txt" dev="loop0" ino=23 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:vfat:s0 tclass=file avc: denied { getattr } for pid=4133 comm="roidJUnitRunner" path="/mnt/obb/f73da56689d166b5389d49ad31ecbadb/test1.txt" dev="loop0" ino=23 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:vfat:s0 tclass=file avc: denied { search } for name="/" dev="loop0" ino=1 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:vfat:s0 tclass=dir permissive=0 Bug: 17633509 Change-Id: I49b722b24c1c7d9ab084ebee7c1e349d8d660ffa
pp.te
|
e000b6a0ddff6c6653b61aa4bdfdb745116b6ce2 |
24-Sep-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to a8b651bfba433ab91b565fea5276ceb7743ad15a
|
30b6d7094ecb660653657e1b6147fdbee3054a05 |
23-Sep-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to a8b651bfba433ab91b565fea5276ceb7743ad15a
|
a8b651bfba433ab91b565fea5276ceb7743ad15a |
23-Sep-2014 |
Nick Kralevich <nnk@google.com> |
relax appdomain efs_file neverallow rules [DO NOT MERGE] During factory provisioning, some manufacturers may need to pull files from /factory (label efs_file and bluetooth_efs_file) to collect device specific identifiers such as the mac address, using commands similar to the following: adb shell cat /factory/ssn adb shell cat /factory/bt/bd_addr.conf adb shell cat /factory/wifi/mac.txt adb shell cat /factory/60isn read-only access to these files is currently disallowed by a neverallow rule. Relax the rules to allow read-only access to the shell user if desired. No new SELinux rules are added or deleted by this change. This is only a relaxation in what's allowed for vendor specific policy. Bug: 17600278 (cherry picked from commit 200a9f0e20337b48824cf621a017e2852245e5ca) Change-Id: I2e277b1068a35cc06e0973df994ec3a49f2c26e7
pp.te
|
b4fcaeea344f882b2497b07f16d431038d476cb3 |
22-Sep-2014 |
Vineeta Srivastava <vsrivastava@google.com> |
sepolicy for oem cutomization Added read permissions for bootanimation Bug: 16635599 Change-Id: Ib5d0ba5a6d1144ff831f4f0eda092879f853c376
ootanim.te
|
36fb1f1bf3fa29a639e4c9d793b36cbbceae2ec7 |
22-Sep-2014 |
Nick Kralevich <nnk@google.com> |
relax neverallow rules on NETLINK_KOBJECT_UEVENT sockets Netlink uevent sockets are used by the kernel to inform userspace when certain events occur, for example, when new hardware is added or removed. This allows userspace to take some action based on those messages. Relax the neverallow rule for NETLINK_KOBJECT_UEVENT sockets. Certain device specific app domains, such as system_app, may have a need to receive messages from this socket type. Continue to neverallow NETLINK_KOBJECT_UEVENT sockets for untrusted_app. These sockets have been the source of rooting attacks in Android in the past, and it doesn't make sense to expose this to untrusted_apps. No new SELinux rules are introduced by this change. This is an adjustment of compile time assertions only. Bug: 17525863 (cherry picked from commit 642b80427ec2e95eb13cf03a74d814f240813e71) Change-Id: I35f3dc8b1ead9f427645a13fb202e760d1e68e64
pp.te
ntrusted_app.te
|
c9bcd465f2a4712c64fedcf9989bd744295a8bf2 |
22-Sep-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to 1619b73d049f4facd89168ec5b404453edd71cde
|
e29bb8b6d6b5b673f71a54a52d6dfa037586d0a9 |
21-Sep-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to 1619b73d049f4facd89168ec5b404453edd71cde
|
bf9849f334a68557ab03bdb167af920fd54b6043 |
21-Sep-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to 4d1e4e2724a051f159475e9db7b99e3cf87a7544
|
1619b73d049f4facd89168ec5b404453edd71cde |
26-Jul-2014 |
dcashman <dcashman@google.com> |
Generate selinux_policy.xml as part of CTS build. Bug: 16563899 Bug: 14251916 (cherry picked from commit 704741a5c24113b22a47bb854f20e2f2c607dd36) Change-Id: I4ba64e2d28f789498852ecfd34aa767d5861d86e
ndroid.mk
|
e6cbc2a56cdb16c2d30b3382ba0c4e3d30846d9c |
20-Sep-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to 0a20b57f884d0bd9a3dd7821c1e77cec1f13ad4c
|
4d1e4e2724a051f159475e9db7b99e3cf87a7544 |
18-Sep-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to 0a20b57f884d0bd9a3dd7821c1e77cec1f13ad4c
|
2d4d0342d869ddef4cf0d2fa7331835f7d9f7d80 |
17-Sep-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to 0a20b57f884d0bd9a3dd7821c1e77cec1f13ad4c
|
0a20b57f884d0bd9a3dd7821c1e77cec1f13ad4c |
16-Sep-2014 |
Vineeta Srivastava <vsrivastava@google.com> |
Added sepolicy for oem customization. Bug: 16635599 Change-Id: I69f9089dde1fe68762a38f4d97ddee2c20aaaa9d
rmserver.te
ediaserver.te
|
db281c880ab058e3d5b51d516f5420f3ac3a3d79 |
16-Sep-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to 313e40564a8182bd7d1102af442fff1f81f16ec5
|
ac311dcfb2dc258df33a6a719f653715fc80bfee |
15-Sep-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to 313e40564a8182bd7d1102af442fff1f81f16ec5
|
0bbea383b499a16cf000efdbdaeb804a1edb6644 |
14-Sep-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to 313e40564a8182bd7d1102af442fff1f81f16ec5
|
313e40564a8182bd7d1102af442fff1f81f16ec5 |
14-Sep-2014 |
Christopher Ferris <cferris@google.com> |
Merge "Allow dumpstate to read /system/bin executables." into lmp-dev
|
c711b9ee03631d34033ee9bc05c05b1728e494aa |
13-Sep-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to 057743978aedd0e8acbb530f3ac5360a023f3f78
|
f3e7a53a1f752d68a775301eae5ed5e2603cd030 |
13-Sep-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to 0406189c5c0f168f6a963ee3877012e003558147
|
04f3d79077fca1d11097895f0f6dbd57b4afa6d0 |
13-Sep-2014 |
Christopher Ferris <cferris@google.com> |
Allow dumpstate to read /system/bin executables. On 64 bit systems, it's necessary to read the /system/bin executables elf header to determine if it's a 32 bit or 64 bit executable to contact the correct debuggerd service. Bug: 17487122 Change-Id: Ica78aa54e5abbb051924166c6808b79b516274fe
umpstate.te
|
057743978aedd0e8acbb530f3ac5360a023f3f78 |
11-Sep-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to 0406189c5c0f168f6a963ee3877012e003558147
|
69cdca91e7ff36ad425b9f15b602d44ce374c738 |
11-Sep-2014 |
Tyler Gunn <tgunn@google.com> |
Renaming Telecomm to Telecom. - Changing package from android.telecomm to android.telecom - Changing package from com.android.telecomm to com.android.server.telecomm. - Renaming TelecommManager to TelecomManager. Bug: 17364651 Change-Id: I70e9ecdab7482327f25387ecc6223f46e9cbe10e
ervice_contexts
|
e7355fe584e5289540c5a90043c9465cc508c920 |
10-Sep-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to 0406189c5c0f168f6a963ee3877012e003558147
|
0406189c5c0f168f6a963ee3877012e003558147 |
09-Sep-2014 |
dcashman <dcashman@google.com> |
Merge "Enable selinux read_policy for adb pull." into lmp-dev
|
309cc668f9da5a3e4df7ecd44f3618864e4cf7eb |
09-Sep-2014 |
dcashman <dcashman@google.com> |
Enable selinux read_policy for adb pull. Remove permission from appdomain. Bug: 16866291 Change-Id: I37936fed33c337e1ab2816258c2aff52700af116
dbd.te
pp.te
|
b0a99513b299b59094577c01b5fe42f52def7de7 |
09-Sep-2014 |
Nick Kralevich <nnk@google.com> |
Allow kernel thread to read app data files When vold mounts an OBB on behalf of another application, the kernel spins up the "loop0" thread to perform the mount operation. Grant the kernel thread the ability to read app data files, so the mount operation can succeed. Steps to reproduce: 1) Run: runtest --path cts/tests/tests/os/src/android/os/storage/cts/StorageManagerTest.java Expected: 1) All tests pass Actual: Test failure, with the following error message: loop0 : type=1400 audit(0.0:46): avc: denied { read } for path="/data/data/com.android.cts.stub/files/test1.obb" dev="mmcblk0p16" ino=115465 scontext=u:r:kernel:s0 tcontext=u:object_r:app_data_file:s0 tclass=file permissive=0 Vold : Image mount failed (I/O error) MountService: Couldn't mount OBB file: -1 StorageManager: Received message. path=/data/data/com.android.cts.stub/files/test1.obb, state=21 TestRunner: failed: testMountAndUnmountObbNormal(android.os.storage.cts.StorageManagerTest) TestRunner: ----- begin exception ----- TestRunner: junit.framework.AssertionFailedError: OBB should be mounted TestRunner: at junit.framework.Assert.fail(Assert.java:50) TestRunner: at junit.framework.Assert.assertTrue(Assert.java:20) TestRunner: at android.os.storage.cts.StorageManagerTest.mountObb(StorageManagerTest.java:235) Bug: 17428116 Change-Id: Id1a39a809b6c3942ff7e08884b40e3e4eec73b6a
ernel.te
|
fcb81573981d5c684c35a5e1c2c63a9e5c727381 |
09-Sep-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to abfd427a3226a8bb696e5e5b9239f5445a680f6c
|
47bd7300a522fb9c7e233b6d040533ad16708a0e |
08-Sep-2014 |
dcashman <dcashman@google.com> |
Add support for factory reset protection. Address the following denials: <12>[ 417.732129] type=1400 audit(365340.189:47): avc: denied { read } for pid=1737 comm="Binder_2" name="mmcblk0p18" dev="tmpfs" ino=12406 scontext=u:r:system_server:s0 tcontext=u:object_r:block_device:s0 tclass=blk_file permissive=0 <12>[ 417.882126] type=1400 audit(365340.339:48): avc: denied { read } for pid=1737 comm="Binder_2" name="mmcblk0p18" dev="tmpfs" ino=12406 scontext=u:r:system_server:s0 tcontext=u:object_r:block_device:s0 tclass=blk_file permissive=0 Bug: 16710840 Change-Id: I8cb5b4b17dffe14f0bf05d63eb8f6ab8d5c09f53
evice.te
omain.te
ystem_server.te
|
4bbed47b34ed0ebc89a2da1c85f5817bf65bf0c0 |
08-Sep-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to abfd427a3226a8bb696e5e5b9239f5445a680f6c
|
5ed19270bafd4b0ab70bbe5e3339882e8de2ce48 |
07-Sep-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to abfd427a3226a8bb696e5e5b9239f5445a680f6c
|
a873e49fe9b77da69f4a9c935fb1ec1483e62420 |
06-Sep-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to 901d77b829f2daaae00e561cb3da785cf7540401
|
a12bc230926ea340e0c21550afc588e207f03c44 |
06-Sep-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to abfd427a3226a8bb696e5e5b9239f5445a680f6c
|
abfd427a3226a8bb696e5e5b9239f5445a680f6c |
04-Sep-2014 |
Nick Kralevich <nnk@google.com> |
sdcardd: grant unmount If the sdcard daemon is restarted (crash or otherwise), one of the first things it attempts to do is umount the previously mounted /mnt/shell/emulated fuse filesystem, which is denied by SELinux with the following denial: sdcard : type=1400 audit(0.0:6997): avc: denied { unmount } for scontext=u:r:sdcardd:s0 tcontext=u:object_r:fuse:s0 tclass=filesystem permissive=0 Allow the operation. Steps to reproduce: 1) adb shell into the device and su to root 2) run "kill -9 [PID OF SDCARD] Expected: sdcard daemon successfully restarts without error message. Actual: SELinux denial above, plus attempts to mount a new filesystem on top of the existing filesystem. Bug: 17383009 Change-Id: I386bfc98e2b5b32b1d11408f7cfbd6e3c1af68f4
dcardd.te
|
901d77b829f2daaae00e561cb3da785cf7540401 |
04-Sep-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to bcdff890304e694c09bf0a4a90fb76a82434fa57
|
0b9506a1944b44e2507cc2bc75481e617547d192 |
03-Sep-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to bcdff890304e694c09bf0a4a90fb76a82434fa57
|
e89e1bfdc01ce394d64ad5b919194fd3c33c7d60 |
02-Sep-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to de08be8aa006c313e5025ba5f032abf786a39f71
|
bcdff890304e694c09bf0a4a90fb76a82434fa57 |
01-Sep-2014 |
Mark Salyzyn <salyzyn@google.com> |
logd: permit app access to clear logs I/auditd(19949): type=1400 audit(0.0:71): avc: denied { write } for comm="logcat" name="logd" dev="tmpfs" ino=5924 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:logd_socket:s0 tclass=sock_file (cherry picked from 60f0be84c0cf3a895c6b95ee8387b71e1b0c6d83) Bug: 17323719 Change-Id: Id8399195196ffad884eef98030d544c68ed0596f
pp.te
|
10fde8fee1f28d78cf8fccff18893c48976751e7 |
01-Sep-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to de08be8aa006c313e5025ba5f032abf786a39f71
|
0fd77859b33f50b1cfb1277d0f4e4757221249ac |
31-Aug-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to de08be8aa006c313e5025ba5f032abf786a39f71
|
de08be8aa006c313e5025ba5f032abf786a39f71 |
27-Aug-2014 |
Robin Lee <rgl@google.com> |
Allow system reset_uid, sync_uid, password_uid Permits the system server to change keystore passwords for users other than primary. Bug: 16233206 Change-Id: I7941707ca66ac25bd122fd22e5e0f639e7af697e
ccess_vectors
ystem_server.te
|
372d0df796389e2f6295a394492585ed64f0ceca |
29-Aug-2014 |
Brian Carlstrom <bdc@google.com> |
Remove system_server create access from /data/dalvik-cache Bug: 16875245 Change-Id: I2487a80896a4a923fb1fa606f537df9f6ad4220a
ystem_app.te
ystem_server.te
|
67d58acb9b8d28dddeb9670e9801962b6fd7dcfd |
28-Aug-2014 |
dcashman <dcashman@google.com> |
Merge "Add permissive domains check to sepolicy-analyze." into lmp-dev
|
c30dd63f56ba5035eeb604b0b9b48f36ef5e8937 |
26-Mar-2014 |
dcashman <dcashman@google.com> |
Add permissive domains check to sepolicy-analyze. Also enable global reading of kernel policy file. Motivation for this is to allow read access to the kernel version of the binary selinux policy. Bug: 17288791 Change-Id: I1eefb457cea1164a8aa9eeb7683b3d99ee56ca99
pp.te
ools/sepolicy-analyze.c
|
28b26bcf42e12add8a3f431555ea9c1005216357 |
27-Aug-2014 |
Nick Kralevich <nnk@google.com> |
support kernel writes to external SDcards The kernel, when it creates a loop block device, starts a new kernel thread "loop0" (drivers/block/loop.c). This kernel thread, which performs writes on behalf of other processes, needs read/write privileges to the sdcard. Allow it. Steps to reproduce: 0) Get device with external, removable sdcard 1) Run: "adb install -s foo.apk" Expected: APK installs successfully. Actual: APK fails to install. Error message: Vold E Failed to write superblock (I/O error) loop0 W type=1400 audit(0.0:3123): avc: denied { read } for path="/mnt/secure/asec/smdl1645334795.tmp.asec" dev="mmcblk1p1" ino=528 scontext=u:r:kernel:s0 tcontext=u:object_r:vfat:s0 tclass=file permissive=0 PackageHelper E Failed to create secure container smdl1645334795.tmp DefContainer E Failed to create container smdl1645334795.tmp Bug: 17158723 (cherry picked from commit 4c6b13508d1786a3a835ba5427f37e963c2c7506) Change-Id: Iea727ac7958fc31d85a037ac79badbe9c85693bd
ernel.te
|
6bedc1adbaa82e1fc156adf00757b732dc7a7696 |
27-Aug-2014 |
dcashman <dcashman@google.com> |
Allow appdomain read perms on apk_data_files. Address: type=1400 audit(0.0:103): avc: denied { read } for name="arm" dev="mmcblk0p28" ino=195471 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:apk_data_file:s0 tclass=dir Bug: 16204150 Change-Id: I8bf0172b26b780c110c0d95c691785143acd7dd2
pp.te
|
711895db2897bc5d001899eb5e0f931c79a1ad3f |
27-Aug-2014 |
dcashman <dcashman@google.com> |
Allow appdomain read perms on apk_data_files. Address: type=1400 audit(0.0:103): avc: denied { read } for name="arm" dev="mmcblk0p28" ino=195471 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:apk_data_file:s0 tclass=dir Bug: 16204150 Change-Id: I8bf0172b26b780c110c0d95c691785143acd7dd2
pp.te
|
33403d193b24c346acb05cff7398c358806cf756 |
27-Aug-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to 85f255b8e6a30f7e40fd70bccf51d8138be5d0ba
|
f2be238790c8f42b57d6ca5c34ec2102ef4990b3 |
26-Aug-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to lmp-dev
|
98bcfd24021d8f79a8ae8de0dcbbe8be4de40d04 |
26-Aug-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to 9a725b284eb523668a4d0d05027b9f6344d3253e
|
6c13516de97f0c1b74f9587078d7007417c30288 |
25-Aug-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to 9a725b284eb523668a4d0d05027b9f6344d3253e
|
b413e6f22cffe846a185dd3f4c9f943a4cdb949f |
24-Aug-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to 9a725b284eb523668a4d0d05027b9f6344d3253e
|
bb8502e9611d79d58069ba95afc2f14c86eafe01 |
23-Aug-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to 9a725b284eb523668a4d0d05027b9f6344d3253e
|
f598928ce362b7c3dfad594e4d218ad0f15874f0 |
21-Aug-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to 9a725b284eb523668a4d0d05027b9f6344d3253e
|
bbb05dbb3b91ea609d4b26a2b26e30c715422812 |
20-Aug-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to 9a725b284eb523668a4d0d05027b9f6344d3253e
|
85f255b8e6a30f7e40fd70bccf51d8138be5d0ba |
19-Aug-2014 |
dcashman <dcashman@google.com> |
DO NOT MERGE. Allow debuggerd read access to shared_relro files. Addresses the following denial when debuggerd attempts to stat Webview mmap'd shared relro files on process crash. Full read permissions may not be necessary: W/debuggerd( 185): type=1400 audit(0.0:97): avc: denied { search } for name="shared_relro" dev="mmcblk0p28" ino=618955 scontext=u:r:debuggerd:s0 tcontext=u:object_r:shared_relro_file:s0 tclass=dir Bug: 17101854 Change-Id: I11eea85668ba033c554e5aab99b70a454fb75164
ebuggerd.te
|
d5e61458b5e031ed413a9e5ed8b0b57bce598deb |
19-Aug-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to 9a725b284eb523668a4d0d05027b9f6344d3253e
|
a6edf3c72bbf1def387bbe053429cdb166027032 |
18-Aug-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to 9a725b284eb523668a4d0d05027b9f6344d3253e
|
dbaedcdcb8a202a632102fdbf14b9ae03a9e47cf |
17-Aug-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to 9a725b284eb523668a4d0d05027b9f6344d3253e
|
9a725b284eb523668a4d0d05027b9f6344d3253e |
17-Jul-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow init to restorecon sysfs files. The boot-time restorecon_recursive("/sys") occurs while still in the kernel domain, but init.rc files may nonetheless perform restorecon_recursive of parts of /sys created later and therefore require this permission. Required for: https://android-review.googlesource.com/#/c/101800/ Change-Id: I68dc2c6019a1f9deae3eec5c2f068365ce2372e5 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
nit.te
|
96624917fe9f4f71a0bbe1ff88f3cdb992604229 |
14-Aug-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to 4ddc6eb39e050913f9ab5124dff3aefe16a1e93c
|
ad7e0559e4b93ce6954cbae81c61086d8414f6ce |
13-Aug-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to 4ddc6eb39e050913f9ab5124dff3aefe16a1e93c
|
cf552f5ac7159046dd163dd9cac0e7186a35a561 |
12-Aug-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to 4ddc6eb39e050913f9ab5124dff3aefe16a1e93c
|
f9bd8c4db14449255d9a8c37f30ca6f21cc1e7f5 |
11-Aug-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to 4ddc6eb39e050913f9ab5124dff3aefe16a1e93c
|
5dcae2d3eb017a3fa712f08e52d72aaed453d43b |
10-Aug-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to 4ddc6eb39e050913f9ab5124dff3aefe16a1e93c
|
86d4435545f0b75ab252aff968af9d31a925d01f |
09-Aug-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to 4ddc6eb39e050913f9ab5124dff3aefe16a1e93c
|
341f7c9c93096058c3764c4aeaf008477a0643ba |
07-Aug-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to feedd3c62178d3c6413e467a98da3b708dd1f5f1
|
4ddc6eb39e050913f9ab5124dff3aefe16a1e93c |
07-Aug-2014 |
dcashman <dcashman@google.com> |
Merge "DO NOT MERGE. Allow untrusted_app access to temporary apk files." into lmp-dev
|
1c1eb869f053aa817c2060708a25b251876eb7c2 |
07-Aug-2014 |
dcashman <dcashman@google.com> |
DO NOT MERGE. Allow untrusted_app access to temporary apk files. Before actual installation, apks are put in a staging area where they are scanned by a verifier before completing the install flow. This verifier runs as a priv-app, which is in the untrusted_app domain. Allow untrusted_app read-access to these files. Bug: 16515815 Change-Id: Ifedc12a33b1f53b62f45013e7b253dbc79b02a4e
ntrusted_app.te
|
feedd3c62178d3c6413e467a98da3b708dd1f5f1 |
05-Aug-2014 |
Alex Light <allight@google.com> |
Make system use patchoat to relocate during runtime. Add patchoat selinux rules. Bug: 15358152 (cherry picked from commit fbc8ec2eacaff635a51b0334ea43ddaaa65655ea) Change-Id: Ic84a370548393be62db740092e8393b662bcf345
ile_contexts
|
36dbe817017b2883886ef55928158f9364cd0397 |
06-Aug-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to d990a78f8ef398488d6c0ce0a2d18b3d3a5183c4
|
8bb8956450bea61173e1bb473c1bacf536aa87ce |
05-Aug-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to d990a78f8ef398488d6c0ce0a2d18b3d3a5183c4
|
5ab30e04f90f8518d68e765be823d8e57f91e273 |
04-Aug-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to d990a78f8ef398488d6c0ce0a2d18b3d3a5183c4
|
e2533b23197e0a748f2a6c844ee659d497389f0b |
03-Aug-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to d990a78f8ef398488d6c0ce0a2d18b3d3a5183c4
|
dcb368d4baeea087ae376c5a06be91a9b906d646 |
02-Aug-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to d990a78f8ef398488d6c0ce0a2d18b3d3a5183c4
|
d990a78f8ef398488d6c0ce0a2d18b3d3a5183c4 |
29-Jul-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Fix neverallow rules to eliminate CTS SELinuxTest warnings. Fix two neverallow rules that yield Invalid SELinux context warnings from the CTS SELinuxTest. For transitions from app domains, we only need to check { domain -appdomain } (i.e. domains other than app domains), not ~appdomain (i.e. all types other than app domains). Otherwise SELinuxTest tries to generate contexts with the r role and non-domain types for testing since the target class is process, and such contexts are invalid. For keeping file_type and fs_type exclusive, we only need to check associate permission, not all filesystem permissions, as only associate takes a file type as the source context. Otherwise SELinuxTest tries to generate contexts with the r role and non-domain types for testing filesystem permissions other than associate, since the source of such checks is normally a process context. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> (cherry picked from commit 21ada26daea538397029396099dce865267bae2f) Change-Id: I3346584da9b89f352864dcc30dde06d6bf42e98e
pp.te
ile.te
|
770910bb82997e4641d268e6fddaa1b3402523cd |
24-Jul-2014 |
Ye Wen <ywen@google.com> |
Implement broker pattern for imms (3/3) b/16324360 Change-Id: I4adacdb1d87badfaa109da200aae91869b9786a8
ervice_contexts
|
443cdfc5f15db5ee8dc0238a149a9c4615dd42a3 |
29-Jul-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to 997461bda5aaedeabf48021e3291293e48501ef7
|
997461bda5aaedeabf48021e3291293e48501ef7 |
29-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Allow system_server to talk to netlink directly. This is needed for http://ag/512212 to work. Bug: 15409819 Change-Id: If91fc6891d7ce04060362c6cde8c57462394c4e8
ystem_server.te
|
fab00f7487f58edfb65f101a97e824c6b8f179da |
28-Jul-2014 |
Vinit Deshpande <vinitd@google.com> |
Add rttmanager in sepolicy's whitelist Looks like system server doesn't let you start a service without white listing anymore. Bug: 16628456 Change-Id: I0f6df8fd2afa24f4a1758a90cb5f8e451e0edb6a
ervice_contexts
|
fe5ae0a8d7f9cf7595f4230f9c27dcbe8183d4cd |
28-Jul-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to aa8e657ef09d70d8ea5657b624022925d92f4711
|
8c1e9f8ebf99a74a4079bea9f9e8e5d38dcd2cb4 |
27-Jul-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to aa8e657ef09d70d8ea5657b624022925d92f4711
|
2d5f70edceee19aaf0d3cbb993ea0a4c57405e61 |
26-Jul-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to aa8e657ef09d70d8ea5657b624022925d92f4711
|
aa8e657ef09d70d8ea5657b624022925d92f4711 |
25-Jul-2014 |
Narayan Kamath <narayan@google.com> |
Revert "fix system_server dex2oat exec" This reverts commit 10370f5ff47745fe9678d18ff788e51e665bf36e. The underlying issue has been fixed and the system_server will now go via installd to get stuff compiled, if required. bug: 16317188 Change-Id: I77a07748a39341f7082fb9fc9792c4139c90516d
ystem_server.te
|
792d8650d3dd5e0362a2a04a0af77f751a84b1de |
25-Jul-2014 |
Nick Kralevich <nnk@google.com> |
Allow sdcardd to read /data/.layout_version As described in the system/core commit with the same Change-Id, there's a race condition between installd and sdcard when it comes to accessing /data/media. Resolve the race by checking /data/.layout_version to make sure the filesystem has been upgraded. Maybe indirectly fixes the following SELinux denial: sdcard : type=1400 audit(0.0:3): avc: denied { write } for name="media" dev="mmcblk0p17" ino=102753 scontext=u:r:sdcardd:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir Bug: 16329437 Change-Id: I5e164f08009c1036469f8734ec07cbae9c5e262b
dcardd.te
|
6b7069f74c9496ca801f7ed9c29d98bfe0c89b9c |
24-Jul-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to 12b8f79d389802baee5dc5498a7fd833f77cc9ae
|
12b8f79d389802baee5dc5498a7fd833f77cc9ae |
23-Jul-2014 |
Christopher Ferris <cferris@google.com> |
Allow dumpstate to read /data/tombstones. Change-Id: Iad32cfb4d5b69176fc551b8339d84956415a4fe7
umpstate.te
|
19b9519ad4f17b16e4a603113141471b47606269 |
23-Jul-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to af4a3db073f2a459343b12fc9c6103deb33b8546
|
af4a3db073f2a459343b12fc9c6103deb33b8546 |
23-Jul-2014 |
dcashman <dcashman@google.com> |
Merge "DO NOT MERGE. Update readme to reflect addition of SEPOLICY_IGNORE." into lmp-dev
|
ea44c79701bcadeeb6816a27ac5ac68ad714d82b |
22-Jul-2014 |
dcashman <dcashman@google.com> |
DO NOT MERGE. Update readme to reflect addition of SEPOLICY_IGNORE. Change-Id: I427c0f4828d45f2c43206c09cb37e3eb30455dee
EADME
|
2017add31b120122cbae0f10bb0cfe74300661e5 |
22-Jul-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to 9d2703a53b5455379d5c90d52a6fb31a0a36757c
|
9d2703a53b5455379d5c90d52a6fb31a0a36757c |
21-Jul-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Prohibit execute to fs_type other than rootfs for most domains. Augment the already existing neverallow on loading executable content from file types other than /system with one on loading executable content from filesystem types other than the rootfs. Include exceptions for appdomain and recovery as required by current policy. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> (cherry picked from commit 4644ac483667befac441bb541733e489d902bacf) Change-Id: I5e2609a128d1bf982a7a5c3fa3140d1e9346c621
omain.te
|
3cfc7ea89f44f822cb44c87916b1847eecd44eb7 |
19-Jul-2014 |
Colin Cross <ccross@android.com> |
sepolicy: allow charger to read /sys/fs/pstore/console-ramoops Addresses the denial in charger mode: [ 17.993733] type=1400 audit(1405412231.119:4): avc: denied { search } for pid=123 comm="charger" name="/" dev="pstore" ino=10287 scontext=u:r:healthd:s0 tcontext=u:object_r:pstorefs:s0 tclass=dir permissive=0 (cherry picked from commit bb96bffc379f8bb6d5d42ac1d044ae8a5502f108) Change-Id: I2dde6adc3ff99df99409d4da3ef32c3987228801
ealthd.te
|
5a2323dc75a0987b040512b16db72abca86867cb |
21-Jul-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to bf696327246833c9aba55a645e6c433e9f321e27
|
49e9834c78dc2d586177abef2b9864711d2e52b9 |
20-Jul-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to bf696327246833c9aba55a645e6c433e9f321e27
|
5e7c5188dcbe34252a3255abaff63901fea327d9 |
19-Jul-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to bf696327246833c9aba55a645e6c433e9f321e27
|
9f49e9f9e1e6fc01cc27925d958f176ca8890e0f |
22-Jul-2014 |
Ye Wen <ywen@google.com> |
Merge "Move MmsService into phone process (2/2)" into lmp-dev
|
eb8d86c0c857b4f65256716a76d5f7cfb3da43ba |
20-Jul-2014 |
Ye Wen <ywen@google.com> |
Move MmsService into phone process (2/2) b/16324360 Change-Id: If79f293a547deef570a80a5569ff8eb973ce29be
ervice_contexts
|
bf696327246833c9aba55a645e6c433e9f321e27 |
18-Jul-2014 |
Riley Spahn <rileyspahn@google.com> |
DO NOT MERGE: Remove service_manager audit_allows. Remove the audit_allow rules from lmp-dev because we will not be tightening any further so these logs will not be useful. Change-Id: Ibd0e4bf4e8f4f5438c3dbb9114addaadac9ef8c9
dbd.te
ttributes
luetooth.te
ootanim.te
omain.te
rmserver.te
umpstate.te
ealthd.te
nputflinger.te
solated_app.te
eystore.te
ediaserver.te
fc.te
latform_app.te
adio.te
urfaceflinger.te
ystem_app.te
ystem_server.te
e_macros
ntrusted_app.te
|
4a24475b9d8aa9de9c3e991cf8e484830f28ce9d |
18-Jul-2014 |
Riley Spahn <rileyspahn@google.com> |
Further refined service_manager auditallow statements. Further refined auditallow statements associated with service_manager and added dumpstate to the service_manager_local_audit_domain. (cherry picked from commit 603bc2050959dd353154bf33fa0c2b0612da9c6e) Change-Id: Ib8894aa70aa300c14182a6c934dd56c08c82b05f
luetooth.te
rmserver.te
umpstate.te
solated_app.te
fc.te
adio.te
ntrusted_app.te
|
14aa7c06088205f171aaaac15941c49ffa5f101b |
17-Jul-2014 |
Riley Spahn <rileyspahn@google.com> |
Refine service_manager find auditallow statements. Add adbd as a service_manager_local_audit_domain and negate surfaceflinger_service in its auditallow. Negate keystore_service and radio_service in the system_app auditallow. (cherry picked from commit 88157ea34779aa66a7d43a322d10a0eda9fe39a0) Change-Id: I25354db2add3135335c80be2c2d350e526137572
dbd.te
ystem_app.te
|
ac47ee26c5364e9d694eae3bd4e1d1cff69b463b |
17-Jul-2014 |
Riley Spahn <rileyspahn@google.com> |
Add com.android.net.IProxyService to service_contexts. Add com.android.net.IProxyService as a system_server_service to service_contexts. Bug: 16369427 (cherry picked from commit 26d6371c5a5cbcc408e65668a55fdc0cf3453858) Change-Id: I3e58681971683bdc7f26a1d130c8bcf8ffcb89e2
ervice_contexts
|
57f1b89db663bc492618970b06c09838b7b813c1 |
17-Jul-2014 |
Nick Kralevich <nnk@google.com> |
lmkd: avoid locking libsigchain into memory https://android-review.googlesource.com/94851 added an LD_PRELOAD line to init.environ.rc.in. This has the effect of loading libsigchain.so into every process' memory space, regardless of whether it wants it or not. For lmkd, it doesn't need libsigchain, so it doesn't make any sense to load it and keep it locked in memory. Disable noatsecure for lmkd. This sets AT_SECURE=1, which instructs the linker to not honor security sensitive environment variables such as LD_PRELOAD. This prevents libsigchain.so from being loaded into lmkd's memory. (cherry picked from commit 8a5b28d259b0b0867979075677cddaa4ba7cf615) Change-Id: I39baaf62058986d35ad43de708aaa3daf93b2df4
nit.te
mkd.te
|
f310faa09ca93f3a0f3d2be6f1fc81c2b6b19b67 |
17-Jul-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to e4aa75db6101fa2849fc4572c6b1e1b25cb4667d
|
08ac1247d9779b0eaa9e4882104d527c21f81336 |
17-Jul-2014 |
Michael Wright <michaelwr@google.com> |
Merge "Add MediaProjectionManagerService to service list DO NOT MERGE" into lmp-dev
|
0ccfd5da807ce2f722fb7cac7188333e9b70ea37 |
12-Jul-2014 |
Michael Wright <michaelwr@google.com> |
Add MediaProjectionManagerService to service list DO NOT MERGE Change-Id: I66a88b5dafc295e6daa9f4c0225aa593c97fe187
ervice_contexts
|
e4aa75db6101fa2849fc4572c6b1e1b25cb4667d |
17-Jul-2014 |
Nick Kralevich <nnk@google.com> |
dex2oat: fix forward-locked upgrades with unlabeled asecs dex2oat fails when upgrading unlabeled asec containers. Steps to reproduce: 1) Install a forward locked app on Android 4.1 adb install -l foo.apk 2) Upgrade to tip-of-tree Addresses the following denial: <4>[ 379.886665] type=1400 audit(1405549869.210:4): avc: denied { read } for pid=2389 comm="dex2oat" path="/mnt/asec/jackpal.androidterm-1/pkg.apk" dev=dm-0 ino=12 scontext=u:r:dex2oat:s0 tcontext=u:object_r:unlabeled:s0 tclass=file (cherry picked from commit 270be6e86a121922b3621cbeaab9d908e53d04cb) Change-Id: I58dc6ebe61a5b5840434077a55f1afbeed602137
ex2oat.te
|
76b155a26aa90f02be9ca428b8bda8b4d39bb6fb |
16-Jul-2014 |
Nick Kralevich <nnk@google.com> |
lmkd: allow lmkd to lock itself in memory addresses the following denial: type=1400 audit(1.871:3): avc: denied { ipc_lock } for pid=1406 comm="lmkd" capability=14 scontext=u:r:lmkd:s0 tcontext=u:r:lmkd:s0 tclass=capability Bug: 16236289 (cherry picked from commit 6a1405d7457dee096a4d25e79844dfe62297943f) Change-Id: I560f1e52eac9360d10d81fc8a9f60eba907a8466
mkd.te
|
080faeff93a61db77ddaf9147b7d55d3bdd7e4e9 |
16-Jul-2014 |
Nick Kralevich <nnk@google.com> |
dex2oat: fix forward locked apps dex2oat can't access file descriptors associated with asec_apk_files. This breaks installing forward locked apps, and generates the following denial: type=1400 audit(0.0:18): avc: denied { read } for path="/mnt/asec/com.example.android.simplejni-1/pkg.apk" dev="dm-0" ino=12 scontext=u:r:dex2oat:s0 tcontext=u:object_r:asec_apk_file:s0 tclass=file Steps to reproduce: $ adb install -r -l SimpleJNI.apk Expected: app installs Actual: app fails to install. Bug: 16328233 (cherry picked from commit 5259c5e61625c4bd45b96c1712977dc2cde9e555) Change-Id: I1969b9ae8d2187f4860587f7ff42d16139657b5b
ex2oat.te
|
a53f4295babde8d336f16937c08e14c9947c77da |
16-Jul-2014 |
Riley Spahn <rileyspahn@google.com> |
Remove auditallow from system_server. system_server auditallow statements were causing logspam and there is not a good way to negate services from specific devices so as a fix we are removing all system_server auditallows. These logs may not be useful anyway because I suspsect that system_server will probe for most all services anyway. (cherry picked from commit 5a25fbf7ca281d2b372def95b92b400a073604b6) Change-Id: Ibadf1ce5e66f279fc49fd8fa20dfc64c960dd57f
ystem_server.te
|
555c3c5a5caac448896198aac96a40cd5f808709 |
16-Jul-2014 |
Nick Kralevich <nnk@google.com> |
lmkd: allow lmkd to lock itself in memory addresses the following denial: type=1400 audit(1.871:3): avc: denied { ipc_lock } for pid=1406 comm="lmkd" capability=14 scontext=u:r:lmkd:s0 tcontext=u:r:lmkd:s0 tclass=capability Bug: 16236289 (cherry picked from commit 6a1405d7457dee096a4d25e79844dfe62297943f) Change-Id: I560f1e52eac9360d10d81fc8a9f60eba907a8466
mkd.te
|
64940d884e6b8ce044f0db39b2afa644859cf99a |
16-Jul-2014 |
Torne (Richard Coles) <torne@google.com> |
Add "webviewupdate" system server service. Define the service context for "webviewupdate", a new service that will run in the system server. Bug: 13005501 Change-Id: I841437c59b362fda88d130be2f2871aef87d9231
ervice_contexts
|
94b2ba94632144f84fcbb3b9eed0dccfcf008c0d |
16-Jul-2014 |
Nick Kralevich <nnk@google.com> |
dex2oat: fix forward locked apps dex2oat can't access file descriptors associated with asec_apk_files. This breaks installing forward locked apps, and generates the following denial: type=1400 audit(0.0:18): avc: denied { read } for path="/mnt/asec/com.example.android.simplejni-1/pkg.apk" dev="dm-0" ino=12 scontext=u:r:dex2oat:s0 tcontext=u:object_r:asec_apk_file:s0 tclass=file Steps to reproduce: $ adb install -r -l SimpleJNI.apk Expected: app installs Actual: app fails to install. Bug: 16328233 (cherry picked from commit 5259c5e61625c4bd45b96c1712977dc2cde9e555) Change-Id: I1969b9ae8d2187f4860587f7ff42d16139657b5b
ex2oat.te
|
d26357641d9f85750f63c9e4ec441a506e806389 |
16-Jul-2014 |
Riley Spahn <rileyspahn@google.com> |
Remove auditallow from system_server. system_server auditallow statements were causing logspam and there is not a good way to negate services from specific devices so as a fix we are removing all system_server auditallows. These logs may not be useful anyway because I suspsect that system_server will probe for most all services anyway. (cherry picked from commit 5a25fbf7ca281d2b372def95b92b400a073604b6) Change-Id: Ibadf1ce5e66f279fc49fd8fa20dfc64c960dd57f
ystem_server.te
|
cd08df9c3909606f80bb14f7d7e62a009e63af56 |
16-Jul-2014 |
The Android Automerger <android-build@google.com> |
merge in lmp-release history after reset to 354d6caeafd683174a3e0a480971617a1c9ac835
|
354d6caeafd683174a3e0a480971617a1c9ac835 |
16-Jul-2014 |
Riley Spahn <rileyspahn@google.com> |
Remove radio_service from untrusted_app auditallow. Change untrusted_app to not auditallow radio_service find requests to cut down on log spam. (cherry picked from commit af8d7ca9e9ddf2601f0d8c0399dcf343db11657d) Change-Id: Ibfcc1abe927b6114af5a3a82188bf9f1e009d7f7
ntrusted_app.te
|
2203fda5e775cd20a19dfbce878eb66e84e35bcf |
15-Jul-2014 |
Colin Cross <ccross@android.com> |
lmkd: allow removing cgroups and setting self to SCHED_FIFO Addresses the following selinux denials: type=1400 audit(1405383429.107:22): avc: denied { remove_name } for pid=137 comm="lmkd" name="uid_10060" dev="cgroup" ino=18368 scontext=u:r:lmkd:s0 tcontext=u:object_r:cgroup:s0 tclass=dir permissive=0 type=1400 audit(1405383794.109:6): avc: denied { sys_nice } for pid=1619 comm="lmkd" capability=23 scontext=u:r:lmkd:s0 tcontext=u:r:lmkd:s0 tclass=capability permissive=0 (cherry picked from commit 5329731802c99811f9bf6dbf7065374afa460007) Change-Id: I7b6e5a396bf345c4768defd7b39af2435631a35b
mkd.te
|
caf347b515a60c2ac42b334bc5800514cdd53b55 |
12-Jul-2014 |
Nick Kralevich <nnk@google.com> |
Tweak rules for su domain. 1) Remove explicit allow statements. Since su is in permmissive, there's no need to ever specify allow statements for su. 2) Remove unconfined_domain(su). Su is already permissive, so there's no need to join the unconfined domain, and it just makes getting rid of unconfined more difficult. 3) Put su into app_domain(). This addresses, in a roundabout sorta way, the following denial: type=1400 audit(0.0:4): avc: denied { setsched } for scontext=u:r:system_server:s0 tcontext=u:r:su:s0 tclass=process permissive=0 which comes up while testing media processes as root. We already put the shell user into this domain, so adding su to this domain ensures other processes can communicate consistently with su spawned processes. Bug: 16261280 Bug: 16298582 (cherry picked from commit 213bb45bdd631920646d51777b29745c3d2f51c2) Change-Id: If9c3483184ecdf871efee394c0b696e30f61d15d
u.te
|
750426f921cec34d9fbddb1cdcfeca1e4a3639ca |
15-Jul-2014 |
Nick Kralevich <nnk@google.com> |
fix system_server dex2oat exec Addresses the following denial: W/system_server( 2697): type=1400 audit(0.0:9): avc: denied { execute } for name="dex2oat" dev="mmcblk0p31" ino=118 scontext=u:r:system_server:s0 tcontext=u:object_r:dex2oat_exec:s0 tclass=file permissive=0 Bug: 16317188 Change-Id: I168842b3e281efcb0632049632ed3817c2025e4d
ystem_server.te
|
344fc109e9787f91946ac852bb513c796aab38f6 |
07-Jul-2014 |
Riley Spahn <rileyspahn@google.com> |
Add access control for each service_manager action. Add SELinux MAC for the service manager actions list and find. Add the list and find verbs to the service_manager class. Add policy requirements for service_manager to enforce policies to binder_use macro. (cherry picked from commit b8511e0d98880a683c276589ab7d8d7666b7f8c1) Change-Id: I980d4a8acf6a0c6e99a3a7905961eb5564b1be15
ccess_vectors
ttributes
luetooth.te
ootanim.te
omain.te
rmserver.te
ealthd.te
nputflinger.te
solated_app.te
eystore.te
ediaserver.te
fc.te
latform_app.te
adio.te
ervicemanager.te
urfaceflinger.te
ystem_app.te
ystem_server.te
e_macros
ntrusted_app.te
|
10370f5ff47745fe9678d18ff788e51e665bf36e |
15-Jul-2014 |
Nick Kralevich <nnk@google.com> |
fix system_server dex2oat exec Addresses the following denial: W/system_server( 2697): type=1400 audit(0.0:9): avc: denied { execute } for name="dex2oat" dev="mmcblk0p31" ino=118 scontext=u:r:system_server:s0 tcontext=u:object_r:dex2oat_exec:s0 tclass=file permissive=0 Bug: 16317188 Change-Id: I168842b3e281efcb0632049632ed3817c2025e4d
ystem_server.te
|
8ee37b4f1c58e1dcd00b198a9bbfeafb4221fdc9 |
15-Jul-2014 |
Ed Heyl <edheyl@google.com> |
reconcile aosp (c103da877b72aae80616dbc192982aaf75dfe888) after branching. Please do not merge. Change-Id: Ic9dde806a30d3e7b9c4a066f247a9207fe9b94b4
pp.te
ex2oat.te
ile_contexts
nstalld.te
ygote.te
|
81839dfb24094803125f7ac9d4844207b61569ed |
15-Jul-2014 |
Ed Heyl <edheyl@google.com> |
reconcile aosp (3a8c5dc05fb7696dd81b8a7c1b2524224154e8ea) after branching. Please do not merge. Change-Id: Ic8ee83ed6ffef02bddd17e1175416fc2481db7b2
ootanim.te
ystem_server.te
|
7563a6f1fb36c2361294b785dba499cc65b7dbf4 |
15-Jul-2014 |
Ed Heyl <edheyl@google.com> |
reconcile aosp (a7c04dcd748e1a9daf374551303a3bd578305cf9) after branching. Please do not merge. Change-Id: I35be7a7df73325fba921b8a354659b2b2a3e06e7
dbd.te
ealthd.te
nit.te
ecovery.te
eventd.te
nconfined.te
atchdogd.te
|
e9c90bddcea8d3d466fbc34361a7feea3eea4ad3 |
15-Jul-2014 |
Ed Heyl <edheyl@google.com> |
reconcile aosp (4da3bb1481e4e894a7dee3f3b9ec8cef6f6b1aed) after branching. Please do not merge. Change-Id: Idcd252e39b2c4829201c93b6c99cf368adcb405e
pp.te
ile.te
enfs_contexts
ernel.te
ecovery.te
|
2aa727e3f01f814384bd4a49281c7c39cf562ff6 |
14-Jul-2014 |
Nick Kralevich <nnk@google.com> |
DO NOT MERGE: Flip FORCE_PERMISSIVE_TO_UNCONFINED to true Force any experimental SELinux domains (ones tagged with "permissive_or_unconfined") into unconfined. This flag is intended to be flipped when we're preparing a release, to eliminate inconsistencies between user and userdebug devices, and to ensure that we're enforcing a minimal set of rules for all SELinux domains. Without this change, our user builds will behave differently than userdebug builds, complicating testing. Change-Id: I52fd5fbe30a7f52f1143f176915ce55fb6a33f87
ndroid.mk
|
0ff90f1ac9c30dd7cdedd2968558dbe5ef8fa359 |
11-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
am 2f91ce55: am e4409728: am 65edb75d: Allow netd to create data files in /data/misc/net/. * commit '2f91ce5519d46e38a609e3aed0c507af072507ec':
|
deb52ba4d6089826239233089114764d5bf51b0f |
11-Jul-2014 |
Nick Kralevich <nnk@google.com> |
am 1c7463ac: am d27aeb21: am e9d97b74: recovery: allow read access to fuse filesystem * commit '1c7463aca155e397855e2863dd85a4b90965cc3a':
|
69aaf4a9c59343f29e77c3f67e18bcc541ad6b35 |
11-Jul-2014 |
Nick Kralevich <nnk@google.com> |
am ddfaf822: am d86b0a81: am 9f6af083: New domain "install_recovery" * commit 'ddfaf822e9786100a7bb9a399bea906f0ed7b7c8':
|
611922e7e15bbc7b4d524f3ce1112d4b19bcd3da |
11-Jul-2014 |
Jeff Sharkey <jsharkey@android.com> |
am 554a8a3d: am e900e573: am 77e85289: Merge "Rules to allow installing package directories." * commit '554a8a3d2928faf3117bc77bff4214d63ba504c3':
|
2f91ce5519d46e38a609e3aed0c507af072507ec |
11-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
am e4409728: am 65edb75d: Allow netd to create data files in /data/misc/net/. * commit 'e440972845371fa8a2727c563237cd705ca96b2d': Allow netd to create data files in /data/misc/net/.
|
1c7463aca155e397855e2863dd85a4b90965cc3a |
11-Jul-2014 |
Nick Kralevich <nnk@google.com> |
am d27aeb21: am e9d97b74: recovery: allow read access to fuse filesystem * commit 'd27aeb218089360ecd17fabe0cefb953374dc33a': recovery: allow read access to fuse filesystem
|
ddfaf822e9786100a7bb9a399bea906f0ed7b7c8 |
11-Jul-2014 |
Nick Kralevich <nnk@google.com> |
am d86b0a81: am 9f6af083: New domain "install_recovery" * commit 'd86b0a81ab10cc48c4a2c52f27e8cdbfc927a52f': New domain "install_recovery"
|
554a8a3d2928faf3117bc77bff4214d63ba504c3 |
11-Jul-2014 |
Jeff Sharkey <jsharkey@android.com> |
am e900e573: am 77e85289: Merge "Rules to allow installing package directories." * commit 'e900e57385fddb558e784089ba3c145d9dfbd659': Rules to allow installing package directories.
|
9f88bc554d93dd2f6efafb67e11cc002cc6ea14e |
10-Jul-2014 |
Doug Zongker <dougz@google.com> |
support newer-style adbd interface in recovery Support opening the ffs-based interface for adbd in recovery. (Copied from adbd.te.) Bug: 16183878 Change-Id: I714ccb34f60d1413d2b184dae9b561cd06bc6b45
ecovery.te
|
a50467c3c78fa31cfab05f0e56b0292a0425f026 |
10-Jul-2014 |
Nick Kralevich <nnk@google.com> |
am a2933b66: am 2b3c5de2: Merge "install_recovery: start enforcing SELinux rules" * commit 'a2933b6605cba5c9d7e10385a0804cc5935bfa30': install_recovery: start enforcing SELinux rules
|
a2933b6605cba5c9d7e10385a0804cc5935bfa30 |
10-Jul-2014 |
Nick Kralevich <nnk@google.com> |
am 2b3c5de2: Merge "install_recovery: start enforcing SELinux rules" * commit '2b3c5de21e96668f203628cddf88241774b3735d': install_recovery: start enforcing SELinux rules
|
d684f1a5c664b61e561e683efe4cd42a5b8c6b6d |
10-Jul-2014 |
Nick Kralevich <nnk@google.com> |
am 5b347a60: am 1d2ff869: allow ueventd sysfs_type lnk_file * commit '5b347a6065c0684a02404d5404b0eaf2ded43b6f': allow ueventd sysfs_type lnk_file
|
5b347a6065c0684a02404d5404b0eaf2ded43b6f |
10-Jul-2014 |
Nick Kralevich <nnk@google.com> |
am 1d2ff869: allow ueventd sysfs_type lnk_file * commit '1d2ff869634649955fab0be3fb724d8b937c80bf': allow ueventd sysfs_type lnk_file
|
1d2ff869634649955fab0be3fb724d8b937c80bf |
10-Jul-2014 |
Nick Kralevich <nnk@google.com> |
allow ueventd sysfs_type lnk_file ueventd is allowed to change files and directories in /sys, but not symbolic links. This is, at a minimum, causing the following denial: type=1400 audit(0.0:5): avc: denied { getattr } for comm="ueventd" path="/sys/devices/tegradc.0/driver" dev=sysfs ino=3386 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_devices_tegradc:s0 tclass=lnk_file Allow ueventd to modify labeling / attributes of symlinks. Change-Id: If641a218e07ef479d1283f3171b2743f3956386d
eventd.te
|
feb594422cc9949a72195e03ee740133b334cd93 |
10-Jul-2014 |
Nick Kralevich <nnk@google.com> |
am 5b5ba50f: am b59dc27a: Drop sys_rawio neverallow for tee * commit '5b5ba50fa9e8a4baaea0fe551e74ca2bbeee5dcc': Drop sys_rawio neverallow for tee
|
5b5ba50fa9e8a4baaea0fe551e74ca2bbeee5dcc |
10-Jul-2014 |
Nick Kralevich <nnk@google.com> |
am b59dc27a: Drop sys_rawio neverallow for tee * commit 'b59dc27a1b580a13c50477d2af1cbdaf95601d8f': Drop sys_rawio neverallow for tee
|
b59dc27a1b580a13c50477d2af1cbdaf95601d8f |
10-Jul-2014 |
Nick Kralevich <nnk@google.com> |
Drop sys_rawio neverallow for tee The new Nexus 5 tee implementation requires raw block I/O for anti-rollback protection. Bug: 15777869 Change-Id: I57691a9d06b5a51e2699c240783ed56e3a003396
omain.te
|
2cfe1fa0a61784320f0674a9357c049873a32bdb |
10-Jul-2014 |
Nick Kralevich <nnk@google.com> |
am 7e953e77: am f5835666: Don\'t use don\'t * commit '7e953e77026650ef0468118fd553da5a9f7fb3bb': Don't use don't
|
7e953e77026650ef0468118fd553da5a9f7fb3bb |
10-Jul-2014 |
Nick Kralevich <nnk@google.com> |
am f5835666: Don\'t use don\'t * commit 'f58356661632d4c08870122f2cf944ea4edfe810': Don't use don't
|
eec3c7cd86197fe5e60d7ec0daba7eaf58c71bcb |
10-Jul-2014 |
Nick Kralevich <nnk@google.com> |
am f7cf7a4b: am 99d86c7a: ensure that untrusted_app can\'t set properties * commit 'f7cf7a4be5e3eb5d415fc564d180761cc90d0442': ensure that untrusted_app can't set properties
|
f7cf7a4be5e3eb5d415fc564d180761cc90d0442 |
10-Jul-2014 |
Nick Kralevich <nnk@google.com> |
am 99d86c7a: ensure that untrusted_app can\'t set properties * commit '99d86c7a77d402a106a1b3fe57af06dbb231c750': ensure that untrusted_app can't set properties
|
f58356661632d4c08870122f2cf944ea4edfe810 |
10-Jul-2014 |
Nick Kralevich <nnk@google.com> |
Don't use don't Single quotes sometimes mess up m4 parsing Change-Id: Ic53cf0f9b45b2173cbea5c96048750f6a582a535
ntrusted_app.te
|
99d86c7a77d402a106a1b3fe57af06dbb231c750 |
10-Jul-2014 |
Nick Kralevich <nnk@google.com> |
ensure that untrusted_app can't set properties Bug: 10243159 Change-Id: I9409fe8898c446a33515f1bee2990f36a2e11535
ntrusted_app.te
|
88a65e2495fc04b1522237daf8e355cf65d478e2 |
10-Jul-2014 |
Colin Cross <ccross@android.com> |
am bfd4eac7: am 5d60f04e: sepolicy: allow system server to remove cgroups * commit 'bfd4eac7f90e7b4b1bc095e9ed2a7e474f1f18ae': sepolicy: allow system server to remove cgroups
|
efcb5947f98014baf06d5a4d7846aff5a65f292d |
10-Jul-2014 |
Andres Morales <anmorales@google.com> |
am aaaeb02e: am 2cd9c9bd: Merge "Typedef+rules for SysSer to access persistent block device" * commit 'aaaeb02eb8891ac9cffaee2d5226a3c7ed3f4af4': Typedef+rules for SysSer to access persistent block device
|
389ac0638789fbf29918264b398e2a282b65fd6c |
10-Jul-2014 |
Jeff Sharkey <jsharkey@android.com> |
am 568443bc: am d3356826: Let DCS read staged APK clusters. * commit '568443bc93f39cbee48d800c859211b54f43b0ae': Let DCS read staged APK clusters.
|
bfd4eac7f90e7b4b1bc095e9ed2a7e474f1f18ae |
10-Jul-2014 |
Colin Cross <ccross@android.com> |
am 5d60f04e: sepolicy: allow system server to remove cgroups * commit '5d60f04e5d43d084992d59c38a631a034b88e715': sepolicy: allow system server to remove cgroups
|
aaaeb02eb8891ac9cffaee2d5226a3c7ed3f4af4 |
10-Jul-2014 |
Andres Morales <anmorales@google.com> |
am 2cd9c9bd: Merge "Typedef+rules for SysSer to access persistent block device" * commit '2cd9c9bd3fa54ca78d0847763df4bca5fe940dcf': Typedef+rules for SysSer to access persistent block device
|
568443bc93f39cbee48d800c859211b54f43b0ae |
10-Jul-2014 |
Jeff Sharkey <jsharkey@android.com> |
am d3356826: Let DCS read staged APK clusters. * commit 'd33568264f0843feafc2d17c38e863f914f1fc57': Let DCS read staged APK clusters.
|
5d60f04e5d43d084992d59c38a631a034b88e715 |
10-Jul-2014 |
Colin Cross <ccross@android.com> |
sepolicy: allow system server to remove cgroups Bug: 15313911 Change-Id: Ib7d39561a0d52632929d063a7ab97b6856f28ffe
ystem_server.te
|
d33568264f0843feafc2d17c38e863f914f1fc57 |
09-Jul-2014 |
Jeff Sharkey <jsharkey@android.com> |
Let DCS read staged APK clusters. DCS is DefaultContainerService. avc: denied { getattr } for path="/data/app/vmdl2.tmp" dev="mmcblk0p28" ino=162910 scontext=u:r:platform_app:s0 tcontext=u:object_r:apk_tmp_file:s0 tclass=dir Bug: 14975160 Change-Id: Ifca9afb4e74ebbfbeb8c01e1e9ea65f5b55e9375
latform_app.te
|
254953d9fe912e38b6116c8b3aee01bfc6e7f108 |
09-Jul-2014 |
Andres Morales <anmorales@google.com> |
am 9c52a78c: am e844113b: Allow SystemServer to start PersistentDataBlockService * commit '9c52a78c6062a472f2dff96019a6a50f44bd0034': Allow SystemServer to start PersistentDataBlockService
|
9c52a78c6062a472f2dff96019a6a50f44bd0034 |
09-Jul-2014 |
Andres Morales <anmorales@google.com> |
am e844113b: Allow SystemServer to start PersistentDataBlockService * commit 'e844113bc114484339b0c74a978c0fa5cfa250e1': Allow SystemServer to start PersistentDataBlockService
|
2b3c5de21e96668f203628cddf88241774b3735d |
10-Jul-2014 |
Nick Kralevich <nnk@google.com> |
Merge "install_recovery: start enforcing SELinux rules"
|
0f30a44b6ae80e408dc415abbe2c57ae7ef47282 |
09-Jul-2014 |
Nick Kralevich <nnk@google.com> |
install_recovery: start enforcing SELinux rules Start enforcing SELinux rules for install_recovery. Change-Id: I052c7d2203babf3e146cf32794283e80ca21dd9a
nstall_recovery.te
|
2cd9c9bd3fa54ca78d0847763df4bca5fe940dcf |
10-Jul-2014 |
Andres Morales <anmorales@google.com> |
Merge "Typedef+rules for SysSer to access persistent block device"
|
d8447fdfe1db8571158659bc2daf058335842a06 |
10-Jul-2014 |
Andres Morales <anmorales@google.com> |
Typedef+rules for SysSer to access persistent block device Defines new device type persistent_data_block_device This block device will allow storage of data that will live across factory resets. Gives rw and search access to SystemServer. Change-Id: I298eb40f9a04c16e90dcc1ad32d240ca84df3b1e
evice.te
ystem_server.te
|
43613e6b70be9962db5a297a8ff63e78e8321dd3 |
09-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
am 5e476c36: am d2d172a3: Allow dumpstate to read the list of routing tables. * commit '5e476c361f45a56a594112a72dedd4ee02c7d0b8': Allow dumpstate to read the list of routing tables.
|
e844113bc114484339b0c74a978c0fa5cfa250e1 |
03-Jul-2014 |
Andres Morales <anmorales@google.com> |
Allow SystemServer to start PersistentDataBlockService Change-Id: I0e8433c4fcbce04e2693a0f8cf1dd89c95684c24
ervice_contexts
|
5e476c361f45a56a594112a72dedd4ee02c7d0b8 |
09-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
am d2d172a3: Allow dumpstate to read the list of routing tables. * commit 'd2d172a33ec747299961649e3cdb3095a38eef01': Allow dumpstate to read the list of routing tables.
|
d2d172a33ec747299961649e3cdb3095a38eef01 |
09-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Allow dumpstate to read the list of routing tables. Change-Id: I55475c08c5e43bcf61af916210e680c47480ac32
umpstate.te
|
d9cb5eaaa343794b5718a3ac7638037e3a5b726d |
08-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
am e4409728: am 65edb75d: Allow netd to create data files in /data/misc/net/. * commit 'e440972845371fa8a2727c563237cd705ca96b2d': Allow netd to create data files in /data/misc/net/.
|
e440972845371fa8a2727c563237cd705ca96b2d |
08-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
am 65edb75d: Allow netd to create data files in /data/misc/net/. * commit '65edb75d530058ec3c8cb86d6d3e28f9394740ba': Allow netd to create data files in /data/misc/net/.
|
65edb75d530058ec3c8cb86d6d3e28f9394740ba |
08-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Allow netd to create data files in /data/misc/net/. This will be used to populate rt_tables (a mapping from routing table numbers to table names) that's read by the iproute2 utilities. Change-Id: I69deb1a64d5d6647470823405bf0cc55b24b22de
ile.te
ile_contexts
etd.te
|
0cbdd20a3d181d3bc773175d85f7505e7ddd6eed |
08-Jul-2014 |
Nick Kralevich <nnk@google.com> |
am d27aeb21: am e9d97b74: recovery: allow read access to fuse filesystem * commit 'd27aeb218089360ecd17fabe0cefb953374dc33a': recovery: allow read access to fuse filesystem
|
d27aeb218089360ecd17fabe0cefb953374dc33a |
08-Jul-2014 |
Nick Kralevich <nnk@google.com> |
am e9d97b74: recovery: allow read access to fuse filesystem * commit 'e9d97b744e95307020d461fd16f756323f25bba7': recovery: allow read access to fuse filesystem
|
e9d97b744e95307020d461fd16f756323f25bba7 |
08-Jul-2014 |
Nick Kralevich <nnk@google.com> |
recovery: allow read access to fuse filesystem adb sideload depends on the ability to access the fuse directory. Flipping recovery into enforcing started triggering the following denial: type=1400 audit(17964905.699:7): avc: denied { search } for pid=132 comm="recovery" name="/" dev="fuse" ino=1 scontext=u:r:recovery:s0 tcontext=u:object_r:sdcard_internal:s0 tclass=dir Change-Id: I27ee0295fa2e2d0449bfab4f95bfbc076e92cf59
ecovery.te
|
31739880e215b0ee1daa3170f9e3a8c8ae2dcfe1 |
08-Jul-2014 |
Nick Kralevich <nnk@google.com> |
am d86b0a81: am 9f6af083: New domain "install_recovery" * commit 'd86b0a81ab10cc48c4a2c52f27e8cdbfc927a52f': New domain "install_recovery"
|
d86b0a81ab10cc48c4a2c52f27e8cdbfc927a52f |
08-Jul-2014 |
Nick Kralevich <nnk@google.com> |
am 9f6af083: New domain "install_recovery" * commit '9f6af083e8a31c9b5a9f9ac21885dfc3c0dc14b2': New domain "install_recovery"
|
9f6af083e8a31c9b5a9f9ac21885dfc3c0dc14b2 |
03-Jul-2014 |
Nick Kralevich <nnk@google.com> |
New domain "install_recovery" Create a new domain for the one-shot init service flash_recovery. This domain is initially in permissive_or_unconfined() for testing. Any SELinux denials won't be enforced for now. Change-Id: I7146dc154a5c78b6f3b4b6fb5d5855a05a30bfd8
omain.te
ile_contexts
nstall_recovery.te
|
7deb1b0130b699716cbdc1f6084bdb12c635f09b |
08-Jul-2014 |
Jeff Sharkey <jsharkey@android.com> |
am e900e573: am 77e85289: Merge "Rules to allow installing package directories." * commit 'e900e57385fddb558e784089ba3c145d9dfbd659': Rules to allow installing package directories.
|
e900e57385fddb558e784089ba3c145d9dfbd659 |
08-Jul-2014 |
Jeff Sharkey <jsharkey@android.com> |
am 77e85289: Merge "Rules to allow installing package directories." * commit '77e8528912a157d62243d81b95c4297648a3d222': Rules to allow installing package directories.
|
c02c98d3271be09483cd8de3e79ecae459c3a1ce |
07-Jul-2014 |
Jeff Sharkey <jsharkey@android.com> |
Rules to allow installing package directories. Earlier changes had extended the rules, but some additional changes are needed. avc: denied { relabelfrom } for name="vmdl-723825123.tmp" dev="mmcblk0p28" ino=162910 scontext=u:r:system_server:s0 tcontext=u:object_r:apk_data_file:s0 tclass=dir Bug: 14975160 Change-Id: Ia644c73ec10460a2a529fe197ade6afe46694651
ile_contexts
ystem_server.te
|
0c9a873a78ccb8d3617736ffe537d5bee9054b48 |
08-Jul-2014 |
Nick Kralevich <nnk@google.com> |
am 51ad2ad3: am c2ba5ed9: recovery: start enforcing SELinux rules * commit '51ad2ad3aa9ad88c958b4c63bbdf4a4452c65087': recovery: start enforcing SELinux rules
|
51ad2ad3aa9ad88c958b4c63bbdf4a4452c65087 |
08-Jul-2014 |
Nick Kralevich <nnk@google.com> |
am c2ba5ed9: recovery: start enforcing SELinux rules * commit 'c2ba5ed90876e7c3f105ed658788557c68ab72b8': recovery: start enforcing SELinux rules
|
c2ba5ed90876e7c3f105ed658788557c68ab72b8 |
27-Jun-2014 |
Nick Kralevich <nnk@google.com> |
recovery: start enforcing SELinux rules Start enforcing SELinux rules for recovery. I've been monitoring denials, and I haven't seen anything which would indicate a problem. We can always roll this back if something goes wrong. Change-Id: I7d3a147f8b9000bf8181d2aa32520f15f291a6f3
ecovery.te
|
094f399e5cbde8767cff04e0c58d2d383ff686fc |
07-Jul-2014 |
Nick Kralevich <nnk@google.com> |
am b23905e5: am 3508d611: fix build. * commit 'b23905e54cd2e03156a13af72256fa71693dfd0f': fix build.
|
b23905e54cd2e03156a13af72256fa71693dfd0f |
07-Jul-2014 |
Nick Kralevich <nnk@google.com> |
am 3508d611: fix build. * commit '3508d611cc661730bdf0e706d2f1fd1814cd8c60': fix build.
|
48ffa6fe1f5a7bdb41b616ef92cfaf99ef8d4c07 |
07-Jul-2014 |
Nick Kralevich <nnk@google.com> |
fix build. libsepol.check_assertion_helper: neverallow on line 166 of external/sepolicy/domain.te (or line 5056 of policy.conf) violated by allow recovery unlabeled:file { create }; Error while expanding policy make: *** [out/target/product/generic/obj/ETC/sepolicy.recovery_intermediates/sepolicy.recovery] Error 1 (cherry picked from commit 3508d611cc661730bdf0e706d2f1fd1814cd8c60) Change-Id: I5efa1f2040fc40df1df44ed1b8e84b6080cb8f74
omain.te
|
3508d611cc661730bdf0e706d2f1fd1814cd8c60 |
07-Jul-2014 |
Nick Kralevich <nnk@google.com> |
fix build. libsepol.check_assertion_helper: neverallow on line 166 of external/sepolicy/domain.te (or line 5056 of policy.conf) violated by allow recovery unlabeled:file { create }; Error while expanding policy make: *** [out/target/product/generic/obj/ETC/sepolicy.recovery_intermediates/sepolicy.recovery] Error 1 Change-Id: Iddf2cb8d0de2ab445e54a727f01be0b992b45ba5
omain.te
|
bb2a06a7c885e792d6805052c813f09aebd71450 |
07-Jul-2014 |
Nick Kralevich <nnk@google.com> |
am e9f1c019: am 558710cd: recovery: allow relabelto unlabeled and other unlabeled rules * commit 'e9f1c019060a97017454309be05f31edae6d0850': recovery: allow relabelto unlabeled and other unlabeled rules
|
e9f1c019060a97017454309be05f31edae6d0850 |
07-Jul-2014 |
Nick Kralevich <nnk@google.com> |
am 558710cd: recovery: allow relabelto unlabeled and other unlabeled rules * commit '558710cdcc619682ef600d281f09ab4dad221692': recovery: allow relabelto unlabeled and other unlabeled rules
|
558710cdcc619682ef600d281f09ab4dad221692 |
07-Jul-2014 |
Nick Kralevich <nnk@google.com> |
recovery: allow relabelto unlabeled and other unlabeled rules The recovery script may ask to label a file with a label not known to the currently loaded policy. Allow it. Addresses the following denials: avc: denied { relabelto } for pid=143 comm="update_binary" name="vdc" dev="mmcblk0p25" ino=212 scontext=u:r:recovery:s0 tcontext=u:object_r:unlabeled:s0 tclass=file avc: denied { setattr } for pid=143 comm="update_binary" name="vdc" dev="mmcblk0p25" ino=212 scontext=u:r:recovery:s0 tcontext=u:object_r:unlabeled:s0 tclass=file Change-Id: Iafcc7b0b3aaea5a272adb1264233978365648f94
ecovery.te
|
0cac452cb947ff458864c118de740f4c0a370ad1 |
07-Jul-2014 |
Nick Kralevich <nnk@google.com> |
am 04aabbac: am c0088b80: Merge "Add neverallow rules further restricing service_manager." * commit '04aabbace8f23ace6def032d21f9d7bd9652037d': Add neverallow rules further restricing service_manager.
|
04aabbace8f23ace6def032d21f9d7bd9652037d |
07-Jul-2014 |
Nick Kralevich <nnk@google.com> |
am c0088b80: Merge "Add neverallow rules further restricing service_manager." * commit 'c0088b8064318210e775555ff4634994f7ab9e34': Add neverallow rules further restricing service_manager.
|
f43595382dd8c0e17905fa876c3f200909800031 |
07-Jul-2014 |
Nick Kralevich <nnk@google.com> |
am 7b7a25ea: am b8bdfde3: ueventd: Add policy support for ueventd labeling changes * commit '7b7a25eaa526197290f2190fc39c7dd81dd9b1a8': ueventd: Add policy support for ueventd labeling changes
|
7b7a25eaa526197290f2190fc39c7dd81dd9b1a8 |
07-Jul-2014 |
Nick Kralevich <nnk@google.com> |
am b8bdfde3: ueventd: Add policy support for ueventd labeling changes * commit 'b8bdfde3d0d23f4730155bba807276eb06a3aa48': ueventd: Add policy support for ueventd labeling changes
|
b8bdfde3d0d23f4730155bba807276eb06a3aa48 |
04-Jul-2014 |
Nick Kralevich <nnk@google.com> |
ueventd: Add policy support for ueventd labeling changes Currently, ueventd only modifies the SELinux label on a file if the entry exists in /ueventd.rc. Add policy support to enable an independent restorecon_recursive whenever a uevent message occurs. Change-Id: I0ccb5395ec0be9282095b844a5022e8c0d8903ac
eventd.te
|
77e8528912a157d62243d81b95c4297648a3d222 |
08-Jul-2014 |
Jeff Sharkey <jsharkey@android.com> |
Merge "Rules to allow installing package directories."
|
be092af039148e3cadcd49ee7042b8f39c7e95a2 |
07-Jul-2014 |
Jeff Sharkey <jsharkey@android.com> |
Rules to allow installing package directories. Earlier changes had extended the rules, but some additional changes are needed. avc: denied { relabelfrom } for name="vmdl-723825123.tmp" dev="mmcblk0p28" ino=162910 scontext=u:r:system_server:s0 tcontext=u:object_r:apk_data_file:s0 tclass=dir Bug: 14975160 Change-Id: I875cfc3538d4b098d27c7c7b756d1868a54cc976
ile_contexts
ystem_server.te
|
c0088b8064318210e775555ff4634994f7ab9e34 |
07-Jul-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Add neverallow rules further restricing service_manager."
|
76206abc9f5140e85da2d4e4845eca2c4f3a6ad5 |
07-Jul-2014 |
Riley Spahn <rileyspahn@google.com> |
Add neverallow rules further restricing service_manager. Add a neverallow rule that prevents domain from adding a default_android_service. Add a neverallow rule that prevents untrusted_app from ever adding a service through servicemanager. Change-Id: I963671fb1224147bb49ec8f0b6be0dcc91c23156
omain.te
ntrusted_app.te
|
8a1f0e43084f30b54d5fabd8ed322f1202f3b1bd |
07-Jul-2014 |
Nick Kralevich <nnk@google.com> |
am 80e22de8: am 5b2ed833: Merge "system_server: bring back sdcard_type neverallow rule" * commit '80e22de8c5385b461b8829df38295d163031bd44': system_server: bring back sdcard_type neverallow rule
|
477fa373381b1e587ab18a13ff1f063fff83797d |
07-Jul-2014 |
Nick Kralevich <nnk@google.com> |
am 185de528: am be660697: Remove -unconfineddomain from neverallow rules * commit '185de52893d222a5303c93ea6f26b79a70673ec3': Remove -unconfineddomain from neverallow rules
|
80e22de8c5385b461b8829df38295d163031bd44 |
07-Jul-2014 |
Nick Kralevich <nnk@google.com> |
am 5b2ed833: Merge "system_server: bring back sdcard_type neverallow rule" * commit '5b2ed833571ec039490d6f8359a50a03fd96e0fe': system_server: bring back sdcard_type neverallow rule
|
185de52893d222a5303c93ea6f26b79a70673ec3 |
07-Jul-2014 |
Nick Kralevich <nnk@google.com> |
am be660697: Remove -unconfineddomain from neverallow rules * commit 'be66069765b019257ed3bf1ca1285e643360a998': Remove -unconfineddomain from neverallow rules
|
be66069765b019257ed3bf1ca1285e643360a998 |
04-Jul-2014 |
Nick Kralevich <nnk@google.com> |
Remove -unconfineddomain from neverallow rules Many of the neverallow rules have -unconfineddomain. This was intended to allow us to support permissive_or_unconfined(), and ensure that all domains were enforcing at least a minimal set of rules. Now that all the app domains are in enforcing / confined, there's no need to allow for these exceptions. Remove them. Change-Id: Ieb29872dad415269f7fc2fe5be5a3d536d292d4f
pp.te
luetooth.te
|
daa817ea1ee82ef701e883e3ab3d10600603f0b4 |
03-Jul-2014 |
Doug Zongker <dougz@google.com> |
am 9523f237: am 93d849b6: recovery: allow creating and reading fuse filesystems * commit '9523f237ed57bd4dd1cda3fc6d1740fe49adc1e2': recovery: allow creating and reading fuse filesystems
|
5b2ed833571ec039490d6f8359a50a03fd96e0fe |
07-Jul-2014 |
Nick Kralevich <nnk@google.com> |
Merge "system_server: bring back sdcard_type neverallow rule"
|
d00eff47fe1f0b73dce96241ac348599f7d8e41c |
04-Jul-2014 |
Nick Kralevich <nnk@google.com> |
system_server: bring back sdcard_type neverallow rule We had disabled the neverallow rule when system_server was in permissive_or_unconfined(), but forgot to reenable it. Now that system_server is in enforcing/confined, bring it back. Change-Id: I6f74793d4889e3da783361c4d488b25f804ac8ba
ystem_server.te
|
9523f237ed57bd4dd1cda3fc6d1740fe49adc1e2 |
02-Jul-2014 |
Doug Zongker <dougz@google.com> |
am 93d849b6: recovery: allow creating and reading fuse filesystems * commit '93d849b674d0f6783eebf554256d4c10afda3891': recovery: allow creating and reading fuse filesystems
|
93d849b674d0f6783eebf554256d4c10afda3891 |
02-Jul-2014 |
Doug Zongker <dougz@google.com> |
recovery: allow creating and reading fuse filesystems The new sideloading mechanism in recovery needs to create a fuse filesystem and read files from it. Change-Id: I22e1f7175baf401d2b75c4be6673ae4b75a0ccbf
ecovery.te
|
1963fbda0e1da10203e46bd6c343fab6317c200f |
01-Jul-2014 |
Nick Kralevich <nnk@google.com> |
am b5a39ee1: am 4be31900: Trivial change to support different SELinux policies for third party apps * commit 'b5a39ee1908ca84caf68a6839f104161fd7eabed': Trivial change to support different SELinux policies for third party apps
|
b5a39ee1908ca84caf68a6839f104161fd7eabed |
01-Jul-2014 |
Nick Kralevich <nnk@google.com> |
am 4be31900: Trivial change to support different SELinux policies for third party apps * commit '4be31900a480b1c71d77cf6da02349c72a876daa': Trivial change to support different SELinux policies for third party apps
|
4be31900a480b1c71d77cf6da02349c72a876daa |
01-Jul-2014 |
Nick Kralevich <nnk@google.com> |
Trivial change to support different SELinux policies for third party apps Needed to support https://android-review.googlesource.com/80871 Change-Id: Iba569c046135c0e81140faf6296c5da26a243037
eapp_contexts
|
fd05efa6ca7dc5473c51ee266bee537cbd7737a9 |
01-Jul-2014 |
Sharvil Nanavati <sharvil@google.com> |
am 016e7f71: am 77eb3526: Grant Bluetooth CAP_WAKE_ALARM so it can use the POSIX timer API for wake alarms. * commit '016e7f71ea76478256407821803bc00dba8107c9': Grant Bluetooth CAP_WAKE_ALARM so it can use the POSIX timer API for wake alarms.
|
016e7f71ea76478256407821803bc00dba8107c9 |
01-Jul-2014 |
Sharvil Nanavati <sharvil@google.com> |
am 77eb3526: Grant Bluetooth CAP_WAKE_ALARM so it can use the POSIX timer API for wake alarms. * commit '77eb35263f40607e36fdcd85d95050a4ecedb6b8': Grant Bluetooth CAP_WAKE_ALARM so it can use the POSIX timer API for wake alarms.
|
77eb35263f40607e36fdcd85d95050a4ecedb6b8 |
29-Jun-2014 |
Sharvil Nanavati <sharvil@google.com> |
Grant Bluetooth CAP_WAKE_ALARM so it can use the POSIX timer API for wake alarms. Change-Id: Ic7b25e79116b90378e5e89a879d8e6b87e4f052e
pp.te
luetooth.te
|
25350b392bac4358f03765fc7076a7349cb98459 |
01-Jul-2014 |
Riley Spahn <rileyspahn@google.com> |
am 3602071c: am 596bcc76: Remove keystore auditallow statements from system. * commit '3602071c33323f5850e3ff8d47f01f9559503990': Remove keystore auditallow statements from system.
|
3602071c33323f5850e3ff8d47f01f9559503990 |
01-Jul-2014 |
Riley Spahn <rileyspahn@google.com> |
am 596bcc76: Remove keystore auditallow statements from system. * commit '596bcc768758f38534a537a3fb54875225417f2c': Remove keystore auditallow statements from system.
|
596bcc768758f38534a537a3fb54875225417f2c |
01-Jul-2014 |
Riley Spahn <rileyspahn@google.com> |
Remove keystore auditallow statements from system. Remove the auditallow statements related to keystore in system_app and system_server. Change-Id: I1fc25ff475299ee020ea19f9b6b5811f8fd17c28
ystem_app.te
ystem_server.te
|
5ebd69250c7c5b4724f88dcdcbd5d857dc3a4c18 |
01-Jul-2014 |
Riley Spahn <rileyspahn@google.com> |
am 0d9cefbb: am 22e0c414: Remove auditallow statements causing log spam. * commit '0d9cefbb77d6695c8f141950f7d411d832d9c5ee': Remove auditallow statements causing log spam.
|
0d9cefbb77d6695c8f141950f7d411d832d9c5ee |
01-Jul-2014 |
Riley Spahn <rileyspahn@google.com> |
am 22e0c414: Remove auditallow statements causing log spam. * commit '22e0c414a50feed2f0475ab0d75301dce3488873': Remove auditallow statements causing log spam.
|
22e0c414a50feed2f0475ab0d75301dce3488873 |
01-Jul-2014 |
Riley Spahn <rileyspahn@google.com> |
Remove auditallow statements causing log spam. Remove the auditallow statements from app.te and binderservicedomain.te which were causing log spam. Change-Id: If1c33d1612866df9f338e6d8c19d73950ee028eb
pp.te
inderservicedomain.te
|
1393ec3499d71043ba106ecbe4229c111bde2ea5 |
01-Jul-2014 |
Nick Kralevich <nnk@google.com> |
am f5ad1b79: am 40b8fb9b: Merge "Add imms service and system_app_service type." * commit 'f5ad1b79777055edb7b411ac0484d14d10dba656': Add imms service and system_app_service type.
|
f5ad1b79777055edb7b411ac0484d14d10dba656 |
01-Jul-2014 |
Nick Kralevich <nnk@google.com> |
am 40b8fb9b: Merge "Add imms service and system_app_service type." * commit '40b8fb9bef83551363fa2ee26fbad24f058ec66a': Add imms service and system_app_service type.
|
40b8fb9bef83551363fa2ee26fbad24f058ec66a |
01-Jul-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Add imms service and system_app_service type."
|
b1ec3dfacd604296b89df34050e2812133906d28 |
01-Jul-2014 |
Riley Spahn <rileyspahn@google.com> |
Add imms service and system_app_service type. Map imms to system_app_service in service_contexts and add the system_app_service type and allow system_app to add the system_app_service. Bug: 16005467 Change-Id: I06ca75e2602f083297ed44960767df2e78991140
ervice.te
ervice_contexts
ystem_app.te
|
d108fe0f161e7ef1645982c9894015dc6203a943 |
01-Jul-2014 |
Riley Spahn <rileyspahn@google.com> |
am a0d9e493: am 28b71808: Remove catchall for unregistered services. * commit 'a0d9e493b7f2b2204a541da86faffbc2ed2c3c01': Remove catchall for unregistered services.
|
a0d9e493b7f2b2204a541da86faffbc2ed2c3c01 |
01-Jul-2014 |
Riley Spahn <rileyspahn@google.com> |
am 28b71808: Remove catchall for unregistered services. * commit '28b7180824609bd083cc3a38df4ed94ed942f395': Remove catchall for unregistered services.
|
28b7180824609bd083cc3a38df4ed94ed942f395 |
24-Jun-2014 |
Riley Spahn <rileyspahn@google.com> |
Remove catchall for unregistered services. Remove the allow rule for default services in binderservicedomain.te so we will need to whitelist any services to be registered. Change-Id: Ibca98b96a3c3a2cbb3722dd33b5eb52cb98cb531
inderservicedomain.te
|
24866a10422600b483823f5b1e12df02f5547fb5 |
30-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am ab925f11: am 166c09e5: Merge "Preemptively adding services for pending commits." * commit 'ab925f11dbf3b892884856add4b282e33651a9a0': Preemptively adding services for pending commits.
|
ab925f11dbf3b892884856add4b282e33651a9a0 |
30-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 166c09e5: Merge "Preemptively adding services for pending commits." * commit '166c09e59d450f6a06597b9e2b8e5ed3c0ebd044': Preemptively adding services for pending commits.
|
27583ce7579df14bdca0a8ca68d13170423ce386 |
30-Jun-2014 |
Sérgio Faria <sergio91pt@gmail.com> |
am 2eb73eea: am 536ddba8: Allow setopt on bluetooth\'s unix_stream_socket. * commit '2eb73eea4d9e6b613111695f26816baa5b4a1287': Allow setopt on bluetooth's unix_stream_socket.
|
2eb73eea4d9e6b613111695f26816baa5b4a1287 |
30-Jun-2014 |
Sérgio Faria <sergio91pt@gmail.com> |
am 536ddba8: Allow setopt on bluetooth\'s unix_stream_socket. * commit '536ddba8986a0039f77809232477485dde6995a8': Allow setopt on bluetooth's unix_stream_socket.
|
536ddba8986a0039f77809232477485dde6995a8 |
29-Jun-2014 |
Sérgio Faria <sergio91pt@gmail.com> |
Allow setopt on bluetooth's unix_stream_socket. This is extremely useful as it allows timeouts on the socket. Since ioctl is allowed, setopt shouldn't be a problem. Resolves denials, in 3rd party apps, such as: avc: denied { setopt } for pid=18107 comm="AudioRouter-6" scontext=u:r:untrusted_app:s0 tcontext=u:r:bluetooth:s0 tclass=unix_stream_socket Change-Id: I6f38d7b86983c517575b735f43b62a2ed811e81c Signed-off-by: Sérgio Faria <sergio91pt@gmail.com>
luetooth.te
|
7622d50a359a5fef595953e3b52619aac1962311 |
29-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 66b4b0c0: am ad891591: isolated_app: allow app_data_file execute * commit '66b4b0c0a057ca6b7e604753daeb9a43ef50849f': isolated_app: allow app_data_file execute
|
66b4b0c0a057ca6b7e604753daeb9a43ef50849f |
28-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am ad891591: isolated_app: allow app_data_file execute * commit 'ad891591e6c5d3ffffd2633672c48ab7e263cdec': isolated_app: allow app_data_file execute
|
ad891591e6c5d3ffffd2633672c48ab7e263cdec |
28-Jun-2014 |
Nick Kralevich <nnk@google.com> |
isolated_app: allow app_data_file execute Chrome renderer processes dlopen() a shared library from gmscore. Open and read on app data file is already allowed, but execute isn't, so the dlopen() fails. This is a regression from K, where the dlopen succeeded. Longer term, there's questions about whether this is appropriate behavior for an isolated app. For now, allow the behavior. See the discussion in b/15902433 for details. Addresses the following denial: I/auditd ( 5087): type=1400 audit(0.0:76): avc: denied { execute } for comm="CrRendererMain" path="/data/data/com.google.android.gms/files/libAppDataSearchExt_armeabi_v7a.so" dev="mmcblk0p28" ino=83196 scontext=u:r:isolated_app:s0 tcontext=u:object_r:app_data_file:s0 tclass=file Bug: 15902433 Change-Id: Ie98605d43753be8c31a6fe510ef2dde0bdb52678
solated_app.te
|
76ad64e6eafa142781e48320e875138e0186be2d |
27-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am d8071ca1: am 1dcc1227: Merge "Adding policies for KeyStore MAC." * commit 'd8071ca162bea010788f355d60576a95d0250892': Adding policies for KeyStore MAC.
|
d8071ca162bea010788f355d60576a95d0250892 |
27-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 1dcc1227: Merge "Adding policies for KeyStore MAC." * commit '1dcc12277bc7dba43cae5bf78fcdcbbba41c3257': Adding policies for KeyStore MAC.
|
6982f3ecfb5da4c1bcf02d3ab12cce35dbb760df |
26-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 0f972174: am c491d5c0: Merge "Add missing services to service_contexts." * commit '0f9721740e71aef941a42a8ed641896611173e55': Add missing services to service_contexts.
|
014272f5b77f678ee018149c36501fc3bfa6c9a7 |
26-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am ac0216dd: am c0d14767: dumpstate: transition into vdc domain * commit 'ac0216ddbec3dc891b2fde928619d920a2c20938': dumpstate: transition into vdc domain
|
0f9721740e71aef941a42a8ed641896611173e55 |
26-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am c491d5c0: Merge "Add missing services to service_contexts." * commit 'c491d5c0b5e1e86ec87e40adf2de3ee66416a70a': Add missing services to service_contexts.
|
ac0216ddbec3dc891b2fde928619d920a2c20938 |
26-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am c0d14767: dumpstate: transition into vdc domain * commit 'c0d14767e68f90138c8b017bf47e8b3e4fd1c01e': dumpstate: transition into vdc domain
|
166c09e59d450f6a06597b9e2b8e5ed3c0ebd044 |
30-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Preemptively adding services for pending commits."
|
182498e8fc8f2d749c77302c69321b895c933876 |
27-Jun-2014 |
Riley Spahn <rileyspahn@google.com> |
Preemptively adding services for pending commits. Adding services to service_contexts for the pending commits Icf5997dd6a6ba5e1de675cf5f4334c78c2c037f1 and Ibe79be30b80c18ec45ff69db7527c7a4adf0ee08. Change-Id: Ie898866d1ab3abba6211943e87bcec77ba568567
ervice_contexts
|
1dcc12277bc7dba43cae5bf78fcdcbbba41c3257 |
27-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Adding policies for KeyStore MAC."
|
c491d5c0b5e1e86ec87e40adf2de3ee66416a70a |
26-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Add missing services to service_contexts."
|
2b4c4f39416ee148b34dc148b01351fb07e72adb |
26-Jun-2014 |
Riley Spahn <rileyspahn@google.com> |
Add missing services to service_contexts. Add missing services related to battery, bluetooth, time, and radio to service_contexts. Change-Id: I8bf05feb173d49637048c779757013806837fede
ervice.te
ervice_contexts
|
1196d2a5763c9a99be99ba81a4a29d938a83cc06 |
17-Jun-2014 |
Riley Spahn <rileyspahn@google.com> |
Adding policies for KeyStore MAC. Add keystore_key class and an action for each action supported by keystore. Add policies that replicate the access control that already exists in keystore. Add auditallow rules for actions not known to be used frequently. Add macro for those domains wishing to access keystore. Change-Id: Iddd8672b9e9b72b45ee208e6eda608cc9dc61edc
ccess_vectors
pp.te
inderservicedomain.te
eystore.te
acoon.te
ecurity_classes
ystem_app.te
ystem_server.te
e_macros
pa.te
|
c0d14767e68f90138c8b017bf47e8b3e4fd1c01e |
25-Jun-2014 |
Nick Kralevich <nnk@google.com> |
dumpstate: transition into vdc domain dumpstate uses vdc to collect asec lists and do a vold dump. Force a transition into the vdc domain when this occurs. Addresses the following denial: <4>[ 1099.623572] type=1400 audit(1403716545.565:7): avc: denied { execute } for pid=6987 comm="dumpstate" name="vdc" dev="mmcblk0p8" ino=222 scontext=u:r:dumpstate:s0 tcontext=u:object_r:vdc_exec:s0 tclass=file permissive=0 Change-Id: I4bd9f3ad83480f8c9f9843ffe136295c582f96fe
umpstate.te
dc.te
|
c9febc7baa847375f35ff29925405ca7538cc755 |
25-Jun-2014 |
Riley Spahn <rileyspahn@google.com> |
Add fingerprint to service_contexts. Add fingerprint to map to system_server_service. Change-Id: I8fbb13df981794d52d30b963eeea2df36fb09a42
ervice_contexts
|
120d5b81d90068e81a3489fccc9890d1745a94d4 |
25-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 67d4927f: am 8c6552ac: Allow system_server to read all /proc files * commit '67d4927f1484030e4fcda3ffdbd909d1ae81d724': Allow system_server to read all /proc files
|
67d4927f1484030e4fcda3ffdbd909d1ae81d724 |
25-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 8c6552ac: Allow system_server to read all /proc files * commit '8c6552acfba677442d565a0c7f8e44f5f2af57f2': Allow system_server to read all /proc files
|
8c6552acfba677442d565a0c7f8e44f5f2af57f2 |
25-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Allow system_server to read all /proc files system_server scans through /proc to keep track of process memory and CPU usage. It needs to do this for all processes, not just appdomain processes, to properly account for CPU and memory usage. Allow it. Addresses the following errors which have been showing up in logcat: W/ProcessCpuTracker(12159): Skipping unknown process pid 1 W/ProcessCpuTracker(12159): Skipping unknown process pid 2 W/ProcessCpuTracker(12159): Skipping unknown process pid 3 Bug: 15862412 Change-Id: I0a75314824404e060c6914c06a371f2ff2e80512
ystem_server.te
|
15b40c08e1133cabe82577e3c5ccf4bce1bcf730 |
24-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 9afbb4d7: am a1558be5: Allow kernel sdcard read access as well for MTP sync. * commit '9afbb4d77a55c35e84cb2d996d37c96dcecb8158': Allow kernel sdcard read access as well for MTP sync.
|
e0b7cbc40fcb32f388cb074138ba23df0d33b4fe |
24-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am de17b24b: am eb6b74fa: Allow kernel sdcard access for MTP sync. * commit 'de17b24b2b4e6dfec11762871b7c5ae94db645c2': Allow kernel sdcard access for MTP sync.
|
9afbb4d77a55c35e84cb2d996d37c96dcecb8158 |
24-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am a1558be5: Allow kernel sdcard read access as well for MTP sync. * commit 'a1558be5e2a6f50ee41cee579d1bd5db808c8325': Allow kernel sdcard read access as well for MTP sync.
|
de17b24b2b4e6dfec11762871b7c5ae94db645c2 |
24-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am eb6b74fa: Allow kernel sdcard access for MTP sync. * commit 'eb6b74fa6b5c39afc04b92b5dc62fa633456220c': Allow kernel sdcard access for MTP sync.
|
a1558be5e2a6f50ee41cee579d1bd5db808c8325 |
24-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow kernel sdcard read access as well for MTP sync. Change-Id: I004ae9aee23a28cb4975fcee51d24eb1a654f0b7 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ernel.te
|
eb6b74fa6b5c39afc04b92b5dc62fa633456220c |
24-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow kernel sdcard access for MTP sync. Address denials such as: avc: denied { write } for pid=2587 comm="kworker/u:4" path="/storage/emulated/0/Download/AllFileFormatesFromTommy/Test3GP.3gp" dev="fuse" ino=3086052592 scontext=u:r:kernel:s0 tcontext=u:object_r:sdcard_internal:s0 tclass=file permissive=0 Change-Id: I351e84b48f1b5a3361bc680b2ef379961ac2e8ea Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Bug: 15835289
ernel.te
|
6d4f1e05d42899e095aee06792e66fcb5ecd44c9 |
23-Jun-2014 |
Riley Andrews <riandrews@google.com> |
am a0114f4e: am 9f2d3f93: Merge "Give healthd permission to write sys properties to allow quick boot from charger mode." * commit 'a0114f4e10165b263c951d3f19225745e8f83767': Give healthd permission to write sys properties to allow quick boot from charger mode.
|
a0114f4e10165b263c951d3f19225745e8f83767 |
23-Jun-2014 |
Riley Andrews <riandrews@google.com> |
am 9f2d3f93: Merge "Give healthd permission to write sys properties to allow quick boot from charger mode." * commit '9f2d3f93dae6b766a8c21e81b6dc56bf7374f4ef': Give healthd permission to write sys properties to allow quick boot from charger mode.
|
d9dc1f978a23a0976f3e519a72d23391dd79075b |
23-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 49231243: am fee49159: Align SELinux property policy with init property_perms. * commit '492312434fcd34e0158955ed34cea029bbb2a33e': Align SELinux property policy with init property_perms.
|
492312434fcd34e0158955ed34cea029bbb2a33e |
23-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am fee49159: Align SELinux property policy with init property_perms. * commit 'fee49159e760162b0e8ee5a4590c50a65b8e322f': Align SELinux property policy with init property_perms.
|
525c2af73a4784adaf8d414bd68218ecfdb53d56 |
23-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am cf8dc85f: am 0db95cce: unconfined: remove internet access * commit 'cf8dc85f631154c09bee6a33a322e0dd7aa172c5': unconfined: remove internet access
|
cf8dc85f631154c09bee6a33a322e0dd7aa172c5 |
23-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 0db95cce: unconfined: remove internet access * commit '0db95cce33b33259e87b41c7fa1807f562c2d7d1': unconfined: remove internet access
|
fee49159e760162b0e8ee5a4590c50a65b8e322f |
19-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Align SELinux property policy with init property_perms. Introduce a net_radio_prop type for net. properties that can be set by radio or system. Introduce a system_radio_prop type for sys. properties that can be set by radio or system. Introduce a dhcp_prop type for properties that can be set by dhcp or system. Drop the rild_prop vs radio_prop distinction; this was an early experiment to see if we could separate properties settable by rild versus other radio UID processes but it did not pan out. Remove the ability to set properties from unconfineddomain. Allow init to set any property. Allow recovery to set ctl_default_prop to restart adbd. Change-Id: I5ccafcb31ec4004dfefcec8718907f6b6f3e0dfd Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
hcp.te
nit.te
etd.te
roperty.te
roperty_contexts
adio.te
ecovery.te
ild.te
ystem_app.te
ystem_server.te
nconfined.te
|
0db95cce33b33259e87b41c7fa1807f562c2d7d1 |
21-Jun-2014 |
Nick Kralevich <nnk@google.com> |
unconfined: remove internet access Don't allow unconfined domains to access the internet. Restrict internet functionality to domains which explicitly declare their use. Removing internet access from unconfined domains helps protect daemons from network level attacks. In unconfined.te, expand out socket_class_set, and explicitly remove tcp_socket, udp_socket, rawip_socket, packet_socket, and appletalk_socket. Remove name_bind, node_bind and name_connect rules, since they only apply to internet accessible rules. Add limited udp support to init.te. This is needed to bring up the loopback interface at boot. Change-Id: If756f3fed857f11e63a6c3a1a13263c57fdf930a
nit.te
nconfined.te
|
85d454a23d74d43042c87443807e429996003ea1 |
23-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am f173a510: am a893edae: Remove execmod access to system_file and exec_type. * commit 'f173a510fbbd306a32383af8b4e962caf2783b00': Remove execmod access to system_file and exec_type.
|
f173a510fbbd306a32383af8b4e962caf2783b00 |
23-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am a893edae: Remove execmod access to system_file and exec_type. * commit 'a893edae3716b33be62edf1b5f3336e6f6bb251b': Remove execmod access to system_file and exec_type.
|
a893edae3716b33be62edf1b5f3336e6f6bb251b |
23-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Remove execmod access to system_file and exec_type. execmod is checked on attempts to make executable a file mapping that has been modified. Typically this indicates a text relocation attempt. As we do not ever allow this for any confined domain to system_file or exec_type, we should not need it for unconfineddomain either. Change-Id: I8fdc858f836ae0d2aa56da2abd7797fba9c258b1 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
nconfined.te
|
9ec24a796d8120dbda742fcb84db2acf6cb268bf |
23-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am f55d1459: am bb75dd73: Merge "Create vdc domain" * commit 'f55d145997230fe1ae645e4fd93a4dcd1c35021a': Create vdc domain
|
f55d145997230fe1ae645e4fd93a4dcd1c35021a |
23-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am bb75dd73: Merge "Create vdc domain" * commit 'bb75dd732bd690c9bc6017679a3630a123266161': Create vdc domain
|
d4ab8bd781ddcc168cd37349657f79b5461b45e3 |
23-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am b9540299: am 2e14164c: Merge "Allow init to relabel rootfs files." * commit 'b9540299d75381834aa14ab36dec002ca8db9ba7': Allow init to relabel rootfs files.
|
b9540299d75381834aa14ab36dec002ca8db9ba7 |
23-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 2e14164c: Merge "Allow init to relabel rootfs files." * commit '2e14164cf3d92e00ca6b56f87db11ab1766e6c77': Allow init to relabel rootfs files.
|
bb75dd732bd690c9bc6017679a3630a123266161 |
23-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Create vdc domain"
|
2e14164cf3d92e00ca6b56f87db11ab1766e6c77 |
23-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Allow init to relabel rootfs files."
|
fb2063843d3cc32cb6295eda2b6b889bd7b78404 |
23-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 1afd62d3: am 67d1f1ec: Allow dumpsys from serial console * commit '1afd62d38fe1433e353a8ee43afac804a982c589': Allow dumpsys from serial console
|
1afd62d38fe1433e353a8ee43afac804a982c589 |
23-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 67d1f1ec: Allow dumpsys from serial console * commit '67d1f1ecf544d981a16fe8b780986f22b00add3d': Allow dumpsys from serial console
|
c626a882f5eef38cf9989e0423af53341df5058f |
23-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow init to relabel rootfs files. This is required for the restorecon /adb_keys in init.rc or for any other relabeling of rootfs files to more specific types on kernels that support setting security contexts on rootfs inodes. Addresses denials such as: avc: denied { relabelfrom } for comm="init" name="adb_keys" dev="rootfs" ino=1917 scontext=u:r:init:s0 tcontext=u:object_r:rootfs:s0 tclass=file permissive=0 We do not need to prohibit relabelfrom of such files because our goal is to prevent writing to executable files, while relabeling the file to another type will take it to a non-executable (or non-writable) type. In contrast, relabelto must be prohibited by neverallow so that a modified file in a writable type cannot be made executable. Change-Id: I7595f615beaaa6fa524f3c32041918e197bfbebe Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
omain.te
nit.te
|
67d1f1ecf544d981a16fe8b780986f22b00add3d |
21-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Allow dumpsys from serial console Trying to run dumpsys from the serial console generates the following errors: shell@device:/ # dumpsys power [ 3244.099015] binder: 2259:2259 transaction failed 29201, size 28-8 [ 3244.099291] type=1400 audit(1403313679.642:12): avc: denied { read write } for pid=2259 comm="dumpsys" path="/dev/console" dev="tmpfs" ino=6188 scontext=u:r:system_server:s0 tcontext=u:object_r:console_device:s0 tclass=chr_file permissive=0 Error dumping service info: (Unknown error -2147483646) power and the operation fails. Allow binderservicedomains to perform writes to /dev/console. Bug: 15779131 Change-Id: Iff55ab09c3a4d40e12d49ff2308bf147f9cb6937
inderservicedomain.te
|
bf8a37b8eb00568d677c789f3857681ef41e4a92 |
21-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Create vdc domain The init.rc one-shot services "defaultcrypto" and "encrypt" call out to the /system/bin/vdc command line to ask vold to perform encryption operations. Create a new domain for these one-shot services. Allow the vdc domain to talk to vold. Change-Id: I73dc2ee4cc265bc16056b27307c254254940fd9f
ile_contexts
dc.te
|
754114266af7f11b7ef8f52aa606fa1ba7a92264 |
21-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am f4a670d7: am ed21bfca: Merge "Only allow app domains to access SDcard via fuse mount." * commit 'f4a670d70e8aa1c5310fe388876c5cb50afc7aec': Only allow app domains to access SDcard via fuse mount.
|
e871b0b7281f9893ec7c271f6169bbbfdd3d7a55 |
21-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 098c5edb: am ee615284: Remove sdcard_type access from unconfineddomain. * commit '098c5edb446f7e5f2fb8ded337dd73b172b510da': Remove sdcard_type access from unconfineddomain.
|
231e4d7ed7b7d0b2f25603d0a25697d64e635aa7 |
21-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 08003dc6: am 631a5a8e: Remove app_data_file access from unconfineddomain. * commit '08003dc668a05311a8cee818caecdb88b11f390d': Remove app_data_file access from unconfineddomain.
|
f4a670d70e8aa1c5310fe388876c5cb50afc7aec |
21-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am ed21bfca: Merge "Only allow app domains to access SDcard via fuse mount." * commit 'ed21bfca194d8a5d88e8ed00c22db044cafdb611': Only allow app domains to access SDcard via fuse mount.
|
098c5edb446f7e5f2fb8ded337dd73b172b510da |
21-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am ee615284: Remove sdcard_type access from unconfineddomain. * commit 'ee6152844b9a1e551f9bd5f6c56449ab22be3a17': Remove sdcard_type access from unconfineddomain.
|
08003dc668a05311a8cee818caecdb88b11f390d |
21-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 631a5a8e: Remove app_data_file access from unconfineddomain. * commit '631a5a8e485ee030f97a6e2d42aefbf18e92c4d8': Remove app_data_file access from unconfineddomain.
|
9f2d3f93dae6b766a8c21e81b6dc56bf7374f4ef |
23-Jun-2014 |
Riley Andrews <riandrews@google.com> |
Merge "Give healthd permission to write sys properties to allow quick boot from charger mode."
|
51df227dec139aafd454449ca8e379ea8216bcee |
17-Jun-2014 |
Riley Andrews <riandrews@google.com> |
Give healthd permission to write sys properties to allow quick boot from charger mode. Property being set: sys.boot_from_charger_mode. If healthd attempts to write this property without the policy changes we get the following audit message: [ 45.751195] type=1400 audit(1403556447.444:7): avc: denied { write } for pid=99 comm="charger" name="property_service" dev="tmpfs" ino=3229 scontext=u:r:healthd:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=0 These changes are needed to support the following system/core commit: faster booting from charger mode * Ieec4494d929e92806e039f834d78b9002afd15c4 Change-Id: I9f198cd73c7b2f1e372c3793dc2b8d5ef26b3a0f
ealthd.te
|
ed21bfca194d8a5d88e8ed00c22db044cafdb611 |
21-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Only allow app domains to access SDcard via fuse mount."
|
cf610692252b4df30b42f2bce3de464ac1804f97 |
20-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Only allow app domains to access SDcard via fuse mount. sdcard_internal is assigned to fuse mounts while sdcard_external is assigned to vfat mounts by genfs_contexts. Originally we allowed access to both via the sdcard_type attribute, and access via both means was required. IIUC however, in 4.4 and later, SDcard access should always occur via the fuse mount and we can drop access to sdcard_external. I think we can do the same for all domains except sdcardd. However, I cannot test this as the Nexus devices do not have external SDcard support. Also wondering if we should rename sdcard_internal type to fuse and sdcard_external type to vfat to more clearly represent their meaning, since one accesses the external SDcard via the fuse mount now. Change-Id: Ie44221e9eea90e627a48df5398c456b86293f724 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
|
ee6152844b9a1e551f9bd5f6c56449ab22be3a17 |
20-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Remove sdcard_type access from unconfineddomain. Require sdcard_type access to be explicitly allowed to each domain. This is to both protect services from being killed by unsafe ejection and to protect SDcard data from access by rogue daemons. Change-Id: If3bdd50fd2be50bd98d755b2f252e0ae455b82c4 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
nconfined.te
|
631a5a8e485ee030f97a6e2d42aefbf18e92c4d8 |
20-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Remove app_data_file access from unconfineddomain. Require app_data_file access to be explicitly allowed to each domain. We especially do not want to allow app_data_file:lnk_file read to any privileged domain. But removing app_data_file access in general can be useful in protecting app data from rogue daemons. Change-Id: I46240562bce76579e108495ab15833e143841ad8 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
nconfined.te
|
0a1108fef356086d64ab57a316dc8ada5d3f1f2f |
20-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 87b07fba: am 04b8a75c: Remove write access to rootfs files. * commit '87b07fbad8216c0a80a6b19553e11558bb87b565': Remove write access to rootfs files.
|
14585342b75c59b01400b17e7057bf5ed30ac434 |
20-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 4b8a2572: am f3c3a1aa: Remove execute_no_trans from unconfineddomain. * commit '4b8a257296e74ffc723360be711a90a12e9c194e': Remove execute_no_trans from unconfineddomain.
|
87b07fbad8216c0a80a6b19553e11558bb87b565 |
20-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 04b8a75c: Remove write access to rootfs files. * commit '04b8a75c2f7532821a2a098a95d884931a91807c': Remove write access to rootfs files.
|
4b8a257296e74ffc723360be711a90a12e9c194e |
20-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am f3c3a1aa: Remove execute_no_trans from unconfineddomain. * commit 'f3c3a1aa33bc3a34a5bef94d3643c3702cf925c6': Remove execute_no_trans from unconfineddomain.
|
04b8a75c2f7532821a2a098a95d884931a91807c |
19-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Remove write access to rootfs files. Remove write access to rootfs files from unconfineddomain and prevent adding it back via neverallow. This is only applied to regular files, as we are primarily concerned with preventing writing to a file that can be exec'd and because creation of directories or symlinks in the rootfs may be required for mount point directories. Change-Id: If2c96da03f5dd6f56de97131f6ba9eceea328721 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
omain.te
nconfined.te
|
85655bd27743de489896a793d2602f0f5680b4ba |
20-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am a5d39ab8: am 1095d694: Address recovery denials. * commit 'a5d39ab8e92beb36286d9c407bca1cc327080a9a': Address recovery denials.
|
a5d39ab8e92beb36286d9c407bca1cc327080a9a |
20-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 1095d694: Address recovery denials. * commit '1095d6944c6dc206c8656a34712f15820cd18f74': Address recovery denials.
|
f3c3a1aa33bc3a34a5bef94d3643c3702cf925c6 |
19-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Remove execute_no_trans from unconfineddomain. execute_no_trans controls whether a domain can execve a program without switching to another domain. Exclude this permission from unconfineddomain, add it back to init, init_shell, and recovery for files in / and /system, and to kernel for files in / (to permit execution of init prior to setcon). Prohibit it otherwise for the kernel domain via neverallow. This ensures that if a kernel task attempts to execute a kernel usermodehelper for which no domain transition is defined, the exec will fail. Change-Id: Ie7b2349923672dd4f5faf7c068a6e5994fd0e4e3 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
nit.te
nit_shell.te
ernel.te
ecovery.te
nconfined.te
|
1095d6944c6dc206c8656a34712f15820cd18f74 |
19-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Address recovery denials. [ 265.263738] type=1400 audit(17091747.819:4): avc: denied { write } for pid=132 comm="recovery" name="enable" dev="sysfs" ino=14405 scontext=u:r:recovery:s0 tcontext=u:object_r:sysfs:s0 tclass=file [ 265.293154] type=1400 audit(17091747.849:5): avc: denied { execute } for pid=177 comm="recovery" name="recovery" dev="rootfs" ino=6376 scontext=u:r:recovery:s0 tcontext=u:object_r:rootfs:s0 tclass=file [ 265.299479] type=1400 audit(17091747.859:6): avc: denied { setgid } for pid=177 comm="recovery" capability=6 scontext=u:r:recovery:s0 tcontext=u:r:recovery:s0 tclass=capability [ 265.299511] type=1400 audit(17091747.859:7): avc: denied { read write } for pid=178 comm="recovery" name="android_adb" dev="tmpfs" ino=6739 scontext=u:r:recovery:s0 tcontext=u:object_r:adb_device:s0 tclass=chr_file [ 265.299531] type=1400 audit(17091747.859:8): avc: denied { open } for pid=178 comm="recovery" name="android_adb" dev="tmpfs" ino=6739 scontext=u:r:recovery:s0 tcontext=u:object_r:adb_device:s0 tclass=chr_file [ 265.299863] type=1400 audit(17091747.859:9): avc: denied { setuid } for pid=177 comm="recovery" capability=7 scontext=u:r:recovery:s0 tcontext=u:r:recovery:s0 tclass=capability Change-Id: I024d5a797b86b9766f10bbb2a6a6462cafc9c26a Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ecovery.te
|
0accc20d5b739ddc6ea3dc2271a438f7b293b249 |
19-Jun-2014 |
Paul Jensen <pauljensen@google.com> |
am d23cfa70: am 97a2cfdf: Allow Bluetooth app to initiate DHCP service on bt-pan interface. * commit 'd23cfa70002c492b11a1e93afc0a8f94590b9d5b': Allow Bluetooth app to initiate DHCP service on bt-pan interface.
|
d23cfa70002c492b11a1e93afc0a8f94590b9d5b |
19-Jun-2014 |
Paul Jensen <pauljensen@google.com> |
am 97a2cfdf: Allow Bluetooth app to initiate DHCP service on bt-pan interface. * commit '97a2cfdf6618f98fe1da51c5e77d9a5d2765c04e': Allow Bluetooth app to initiate DHCP service on bt-pan interface.
|
97a2cfdf6618f98fe1da51c5e77d9a5d2765c04e |
18-Jun-2014 |
Paul Jensen <pauljensen@google.com> |
Allow Bluetooth app to initiate DHCP service on bt-pan interface. bug:15407087 Change-Id: I3dea9c1110583f11f093d048455a1cc739d05658
luetooth.te
hcp.te
roperty.te
roperty_contexts
ystem_server.te
|
a15d788fe866192d9be08af3a3966f32495e1202 |
19-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am d19bdc91: am 04e730b6: system_server: allow open /dev/snd and read files * commit 'd19bdc9138c908a9817c3f961e445f5068aa4af9': system_server: allow open /dev/snd and read files
|
d19bdc9138c908a9817c3f961e445f5068aa4af9 |
19-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 04e730b6: system_server: allow open /dev/snd and read files * commit '04e730b635d961f1610886e96622214b9a5e40d4': system_server: allow open /dev/snd and read files
|
04e730b635d961f1610886e96622214b9a5e40d4 |
19-Jun-2014 |
Nick Kralevich <nnk@google.com> |
system_server: allow open /dev/snd and read files system_server needs to open /dev/snd and access files within that directory. Allow it. system_server need to parse the ALSA card descriptors after a USB device has been inserted. This happens from USBService in system_server. Addresses the following denial: system_server( 1118): type=1400 audit(0.0:19): avc: denied { search } for comm=5573625365727669636520686F7374 name="snd" dev="tmpfs" ino=8574 scontext=u:r:system_server:s0 tcontext=u:object_r:audio_device:s0 tclass=dir and likely others Change-Id: Id274d3feb7bf337f492932e5e664d65d0b8d05b8
ystem_server.te
|
7e3276a97dfdf95c33fedf9558e8c1f77a80a4e0 |
18-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 04c557b7: am bac4ccce: Prevent adding transitions to kernel or init domains. * commit '04c557b7f7fdb71b3f6d531343cc21eefb7c54f3': Prevent adding transitions to kernel or init domains.
|
04c557b7f7fdb71b3f6d531343cc21eefb7c54f3 |
18-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am bac4ccce: Prevent adding transitions to kernel or init domains. * commit 'bac4ccce8f1b06ec9c25b98e6690714ba8ad7baf': Prevent adding transitions to kernel or init domains.
|
4c45fda2b46bcd02e337a91aff0bd17085a307e1 |
18-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 8e4e72bf: am 718bf84b: Allow mounting of usbfs. * commit '8e4e72bf474c6a9b572d4cdf6802cf1858203596': Allow mounting of usbfs.
|
8e4e72bf474c6a9b572d4cdf6802cf1858203596 |
18-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 718bf84b: Allow mounting of usbfs. * commit '718bf84b85f0b834552e0a0f694d39d821f2a93d': Allow mounting of usbfs.
|
bac4ccce8f1b06ec9c25b98e6690714ba8ad7baf |
18-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Prevent adding transitions to kernel or init domains. Add neverallow rules to prohibit adding any transitions into the kernel or init domains. Rewrite the domain self:process rule to use a positive permission list and omit the transition and dyntransition permissions from this list as well as other permissions only checked when changing contexts. This should be a no-op since these permissions are only checked when changing contexts but avoids needing to exclude kernel or init from the neverallow rules. Change-Id: Id114b1085cec4b51684c7bd86bd2eaad8df3d6f8 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
omain.te
nit.te
ernel.te
|
718bf84b85f0b834552e0a0f694d39d821f2a93d |
18-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow mounting of usbfs. Addresses denials such as: avc: denied { mount } for pid=5 comm="kworker/u:0" name="/" dev=usbfs ino=3234 scontext=u:r:kernel:s0 tcontext=u:object_r:usbfs:s0 tclass=filesystem Change-Id: I1db52193e6a2548c37a7809ef44cf7fd3357326d Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ernel.te
|
90fca6c489c99711adedba092c3ed5099327330e |
18-Jun-2014 |
Lorenzo Colitti <lorenzo@google.com> |
am 977e4374: am 80b1b43a: Merge "Remove clatd\'s dac_override abilities." * commit '977e437461da5177f2a6530049b47b6afe28df40': Remove clatd's dac_override abilities.
|
977e437461da5177f2a6530049b47b6afe28df40 |
18-Jun-2014 |
Lorenzo Colitti <lorenzo@google.com> |
am 80b1b43a: Merge "Remove clatd\'s dac_override abilities." * commit '80b1b43ac228424a6dcdec0cfd5740265d5cd635': Remove clatd's dac_override abilities.
|
80b1b43ac228424a6dcdec0cfd5740265d5cd635 |
18-Jun-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Merge "Remove clatd's dac_override abilities."
|
1ab6f67f7af545a95b1b566542b8e277b7117e62 |
18-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 0c1740c3: am ee43230f: Merge "entrypoint should always be explicitly allowed." * commit '0c1740c3e9bbfc10b1344c002b46d3a569151223': entrypoint should always be explicitly allowed.
|
0c1740c3e9bbfc10b1344c002b46d3a569151223 |
17-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am ee43230f: Merge "entrypoint should always be explicitly allowed." * commit 'ee43230f7f21856bea49deb36fb1695faab2f118': entrypoint should always be explicitly allowed.
|
ee43230f7f21856bea49deb36fb1695faab2f118 |
17-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Merge "entrypoint should always be explicitly allowed."
|
d3e6fd4dd1a427316b45d452043de1c642e78288 |
17-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 901adb00: am 00b180df: Eliminate some duplicated rules. * commit '901adb00a29265d7d4d3fabc09de37439d67d1b6': Eliminate some duplicated rules.
|
901adb00a29265d7d4d3fabc09de37439d67d1b6 |
17-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 00b180df: Eliminate some duplicated rules. * commit '00b180dfb8195fa559f45e812c9c2a82bdbd9c40': Eliminate some duplicated rules.
|
5622cca0807eec1460ede5aea1ff1759d5e9e824 |
17-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
entrypoint should always be explicitly allowed. Also rewrite to use positive permission sets, macros, and eliminate duplication. Change-Id: I4dc340784f770e569160025a5db2dc3da90d2629 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
nconfined.te
|
00b180dfb8195fa559f45e812c9c2a82bdbd9c40 |
17-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Eliminate some duplicated rules. As reported by sepolicy-analyze -D -P /path/to/sepolicy. No semantic difference reported by sediff between the policy before and after this change. Deduplication of selinuxfs read access resolved by taking the common rules to domain.te (and thereby getting rid of the selinux_getenforce macro altogether). Change-Id: I4de2f86fe2efe11a167e8a7d25dd799cefe482e5 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
hcp.te
omain.te
hell.te
ystem_server.te
e_macros
pa.te
|
3440fc7d790506736943fe6ba66c299c47a6a02b |
17-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 271f31f3: am 43b9cfd3: Refine sepolicy-analyze -D / dup detection. * commit '271f31f393af1c1a7707445deba1f08f911e7978': Refine sepolicy-analyze -D / dup detection.
|
271f31f393af1c1a7707445deba1f08f911e7978 |
17-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 43b9cfd3: Refine sepolicy-analyze -D / dup detection. * commit '43b9cfd3561e16225563610f1eb794eb73d0845f': Refine sepolicy-analyze -D / dup detection.
|
43b9cfd3561e16225563610f1eb794eb73d0845f |
17-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Refine sepolicy-analyze -D / dup detection. We were incorrectly reporting overlapping rules as duplicates. Only report cases where an attribute-based rule is a superset of type-based rule. Also omit self rules as they are often due to expansion of domain self rules by checkpolicy. Change-Id: I27f33cdf9467be5fdb6ce148aa0006d407291833 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ools/sepolicy-analyze.c
|
f8d7f7cfc9ec17694a73df3a4b4087ed1619996b |
17-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am fe02b9d3: am b4adc62a: Force logwrapper to system_file * commit 'fe02b9d35a528f1edbe2fc9262ef21d59630c242': Force logwrapper to system_file
|
fe02b9d35a528f1edbe2fc9262ef21d59630c242 |
17-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am b4adc62a: Force logwrapper to system_file * commit 'b4adc62a572f983f4c538d0b9a75843574f9ec21': Force logwrapper to system_file
|
b4adc62a572f983f4c538d0b9a75843574f9ec21 |
17-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Force logwrapper to system_file Some device-specific policies are improperly creating a security domain for logwrapper, rather than removing the logwrapper lines from init.device.rc. Don't allow that. Explicitly add an entry for /system/bin/logwrapper to force it to a system_file. Attempting to override this will result in the following compile time error: obj/ETC/file_contexts_intermediates/file_contexts: Multiple different specifications for /system/bin/logwrapper (u:object_r:logwrapper_exec:s0 and u:object_r:system_file:s0). Bug: 15616899 Change-Id: Ia55394247a9fa16e00434d61091fff9d9d4ff125
ile_contexts
|
62709d4def1203bbb2ec3163f752780b08e5cb88 |
17-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 0dccb07e: am a2288aff: Merge "Add missing services to service_contexts." * commit '0dccb07e6402f0fa067882805fb0b54c01d21b90': Add missing services to service_contexts.
|
0dccb07e6402f0fa067882805fb0b54c01d21b90 |
17-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am a2288aff: Merge "Add missing services to service_contexts." * commit 'a2288aff439744818567c2da46f552f1d1ce161b': Add missing services to service_contexts.
|
9deda15493d6ebb07c7255c92c215863c4299d6f |
17-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am f416b54d: am 8d6e4cc1: Merge "Fix SELinux policies to allow resource overlays." * commit 'f416b54df780803d6806092affc9f69df84fdb65': Fix SELinux policies to allow resource overlays.
|
f416b54df780803d6806092affc9f69df84fdb65 |
17-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 8d6e4cc1: Merge "Fix SELinux policies to allow resource overlays." * commit '8d6e4cc174ec06b3b45c71b5f5fe1353653a1d31': Fix SELinux policies to allow resource overlays.
|
8d6e4cc174ec06b3b45c71b5f5fe1353653a1d31 |
17-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Fix SELinux policies to allow resource overlays."
|
a2288aff439744818567c2da46f552f1d1ce161b |
17-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Add missing services to service_contexts."
|
3f06ad96c38fd57c83ad7fd6903d12ff66253f01 |
17-Jun-2014 |
Riley Spahn <rileyspahn@google.com> |
Add missing services to service_contexts. Add missing services to service_contexts that we did not include in earlier patch that added SELinux checks in service_manager. Change-Id: I889d999bf0b745bfcb75a3553b207777dc5700b7
ervice_contexts
|
1b9c49b25854607a6789ca573fe9b905924c389e |
17-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 05dbf1ac: am 75e2ef92: Restrict use of context= mount options. * commit '05dbf1ac44a16a12e6b654415c58709f9ba2e7e1': Restrict use of context= mount options.
|
05dbf1ac44a16a12e6b654415c58709f9ba2e7e1 |
17-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 75e2ef92: Restrict use of context= mount options. * commit '75e2ef92601c485348c40cc8884839fba27046ba': Restrict use of context= mount options.
|
fad4d5fb00ddb1f61c22c003429e10f10b046d0d |
16-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Fix SELinux policies to allow resource overlays. The following commits added support for runtime resource overlays. New command line tool 'idmap' * 65a05fd56dbc9fd9c2511a97f49c445a748fb3c5 Runtime resource overlay, iteration 2 * 48d22323ce39f9aab003dce74456889b6414af55 Runtime resource overlay, iteration 2, test cases * ad6ed950dbfa152c193dd7e49c369d9e831f1591 During SELinux tightening, support for these runtime resource overlays was unknowingly broken. Fix it. This change has been tested by hackbod and she reports that everything is working after this change. I haven't independently verified the functionality. Test cases are available for this by running: * python frameworks/base/core/tests/overlaytests/testrunner.py Change-Id: I1c70484011fd9041bec4ef34f93f7a5509906f40
pp.te
ile.te
ile_contexts
nstalld.te
ystem_server.te
ygote.te
|
274ed8861781716937e5eb2c087aad6ccc7b0ad4 |
16-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am aff2796b: am d2503ba8: Define contextmount_type attribute and add it to oemfs. * commit 'aff2796b238d791a5a3c9a08cfa3fcad62833230': Define contextmount_type attribute and add it to oemfs.
|
1699b2ae43f7ddc4351ced913449a22a789b00d0 |
30-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Define contextmount_type attribute and add it to oemfs. Several device-specific policy changes with the same Change-Id also add this attribute to device-specific types. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> (cherry picked from commit d2503ba864b4a8b992529178608aa3c881626006) Change-Id: I08a718ba0d91641de720440e16abc0a04f5ec5a5
ttributes
ile.te
|
aff2796b238d791a5a3c9a08cfa3fcad62833230 |
16-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am d2503ba8: Define contextmount_type attribute and add it to oemfs. * commit 'd2503ba864b4a8b992529178608aa3c881626006': Define contextmount_type attribute and add it to oemfs.
|
d2503ba864b4a8b992529178608aa3c881626006 |
30-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Define contextmount_type attribute and add it to oemfs. Several device-specific policy changes with the same Change-Id also add this attribute to device-specific types. Change-Id: I09e13839b1956f61875a38844fe4fc3c911ea60f Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ttributes
ile.te
|
75e2ef92601c485348c40cc8884839fba27046ba |
16-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Restrict use of context= mount options. Prior to this change, the init and recovery domains were allowed unrestricted use of context= mount options to force all files within a given filesystem to be treated as having a security context specified at mount time. The context= mount option can be used in device-specific fstab.<board> files to assign a context to filesystems that do not support labeling such as vfat where the default label of sdcard_external is not appropriate (e.g. /firmware on hammerhead). Restrict the use of context= mount options to types marked with the contextmount_type attribute, and then remove write access from such types from unconfineddomain and prohibit write access to such types via neverallow. This ensures that the no write to /system restriction cannot be bypassed via context= mount. Change-Id: I4e773fadc9e11328d13a0acec164124ad6e840c1 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
omain.te
nit.te
ecovery.te
nconfined.te
|
66e903c699065b1033be3413a7d53ef887715898 |
16-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 8318980a: am 48212742: Don\'t allow types which are both file_type and fs_type * commit '8318980a1e0737f4f862c8815000b8bff83b999f': Don't allow types which are both file_type and fs_type
|
8318980a1e0737f4f862c8815000b8bff83b999f |
16-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 48212742: Don\'t allow types which are both file_type and fs_type * commit '48212742b260512ba4e5cf50fe6f5d72cc90f2b1': Don't allow types which are both file_type and fs_type
|
5d633fb859274665b8df46e32cfffcd0f1dc7e3a |
16-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 2fbecbba: Allow installd to stat asec files and /data/media files. * commit '2fbecbba4dcea125cae1b673368fad07eee67879': Allow installd to stat asec files and /data/media files.
|
f810bcc79441e61357a2b9e9cceadcd249627cdb |
16-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am b545f2fc: am ff409bb4: recovery: Allow exec_type on dirs, read for /dev * commit 'b545f2fcc7c9c242793f47c547928ba60d2f42b3': recovery: Allow exec_type on dirs, read for /dev
|
b545f2fcc7c9c242793f47c547928ba60d2f42b3 |
16-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am ff409bb4: recovery: Allow exec_type on dirs, read for /dev * commit 'ff409bb40a7a941576118eecd2ae0eddf653e847': recovery: Allow exec_type on dirs, read for /dev
|
48212742b260512ba4e5cf50fe6f5d72cc90f2b1 |
15-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Don't allow types which are both file_type and fs_type It's a bug to have a type with both the file_type and fs_type attribute. A type should be declared with either file_type, or fs_type, but not both. Create a neverallow rule which detects this situation. This works because we have the following allow rule: allow fs_type self:filesystem associate; If a type is a file_type and an fs_type, the associate allow rule will conflict with this neverallow rule. Not sure if this is the cleanest way to accomplish this, but it seems to work. Change-Id: Ida387b1df260efca15de38ae7a66ed25e353acaa
ile.te
|
ff409bb40a7a941576118eecd2ae0eddf653e847 |
15-Jun-2014 |
Nick Kralevich <nnk@google.com> |
recovery: Allow exec_type on dirs, read for /dev When applying a file based OTA, the recovery scripts sometimes transiently label a directory as an exec_type. This occurs on hammerhead when the OTA generation scripts generate lines of the form: set_metadata_recursive("/system/vendor/bin", "uid", 0, "gid", 2000, "dmode", 0755, "fmode", 0755, "capabilities", 0x0, "selabel", "u:object_r:vss_exec:s0"); set_metadata("/system/vendor/bin", "uid", 0, "gid", 2000, "mode", 0755, "capabilities", 0x0, "selabel", "u:object_r:system_file:s0"); which has the effect of transiently labeling the /system/vendor/bin directory as vss_exec. Allow this behavior for now, even though it's obviously a bug. Also, allow recovery to read through the /dev directory. Addresses the following denials: avc: denied { read } for pid=143 comm="recovery" name="/" dev="tmpfs" ino=8252 scontext=u:r:recovery:s0 tcontext=u:object_r:device:s0 tclass=dir avc: denied { open } for pid=143 comm="recovery" name="/" dev="tmpfs" ino=8252 scontext=u:r:recovery:s0 tcontext=u:object_r:device:s0 tclass=dir avc: denied { relabelto } for pid=142 comm="update_binary" name="bin" dev="mmcblk0p25" ino=1438 scontext=u:r:recovery:s0 tcontext=u:object_r:vss_exec:s0 tclass=dir avc: denied { getattr } for pid=142 comm="update_binary" path="/system/vendor/bin" dev="mmcblk0p25" ino=1438 scontext=u:r:recovery:s0 tcontext=u:object_r:vss_exec:s0 tclass=dir avc: denied { setattr } for pid=142 comm="update_binary" name="bin" dev="mmcblk0p25" ino=1438 scontext=u:r:recovery:s0 tcontext=u:object_r:vss_exec:s0 tclass=dir avc: denied { relabelfrom } for pid=142 comm="update_binary" name="bin" dev="mmcblk0p25" ino=1438 scontext=u:r:recovery:s0 tcontext=u:object_r:vss_exec:s0 tclass=dir Bug: 15575013 Change-Id: I743bea356382d3c23c136465dc5b434878370127
ecovery.te
|
14fc59b60af01546f05de7034ba5e7b5aa9717f8 |
14-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am e45aa7e9: am 2be9c64f: Merge "Make inputflinger enforcing." * commit 'e45aa7e952dd118127d658b53606b3636f2c497d': Make inputflinger enforcing.
|
bee58ccff395d733220cce5e3a4361a17630f3dc |
14-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am f6b438fb: am a76d9ddf: system_server profile access * commit 'f6b438fbb4b7dd94c61dcd73f3c95b44f66faf16': system_server profile access
|
e45aa7e952dd118127d658b53606b3636f2c497d |
14-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 2be9c64f: Merge "Make inputflinger enforcing." * commit '2be9c64f85cffcbfdece89da270599b9256ea80d': Make inputflinger enforcing.
|
f6b438fbb4b7dd94c61dcd73f3c95b44f66faf16 |
14-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am a76d9ddf: system_server profile access * commit 'a76d9ddf6bf8f0ee0768a2129fa7606f66b0b510': system_server profile access
|
a76d9ddf6bf8f0ee0768a2129fa7606f66b0b510 |
14-Jun-2014 |
Nick Kralevich <nnk@google.com> |
system_server profile access Still not fixed. *sigh* Addresses the following denial: <4>[ 40.515398] type=1400 audit(15842931.469:9): avc: denied { read } for pid=814 comm="system_server" name="profiles" dev="mmcblk0p28" ino=105874 scontext=u:r:system_server:s0 tcontext=u:object_r:dalvikcache_profiles_data_file:s0 tclass=dir Change-Id: I705a4cc9c508200ace46780c18b7112b62f27994
ystem_server.te
|
2fbecbba4dcea125cae1b673368fad07eee67879 |
04-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow installd to stat asec files and /data/media files. Addresses denials such as: avc: denied { getattr } for comm="installd" path="/data/app-asec/com.vectorunit.red-1.asec" dev="dm-0" ino=578229 scontext=u:r:installd:s0 tcontext=u:object_r:asec_image_file:s0 tclass=file avc: denied { getattr } for pid=262 comm="installd" path="/data/media/0/Android/data/com.google.android.apps.maps/cache/cache_vts_tran_base_GMM.m" dev="dm-0" ino=124930 scontext=u:r:installd:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> (cherry picked from commit d2622fda569d2a8decc0b4e013979a40a24a799d) Change-Id: Iac46236ee583dee11a7e6518a9e8eca25c59e9ba
nstalld.te
|
cb9953569e13533103bda5783473d72d97eb06c6 |
13-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am d23935c8: am 96d9af42: allow system_server getattr on /data/dalvik-cache/profiles * commit 'd23935c8d3b6e3c668bd2708d840fd64c0695b79': allow system_server getattr on /data/dalvik-cache/profiles
|
d23935c8d3b6e3c668bd2708d840fd64c0695b79 |
13-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 96d9af42: allow system_server getattr on /data/dalvik-cache/profiles * commit '96d9af423575aec5559bd1a7094203c9e0586347': allow system_server getattr on /data/dalvik-cache/profiles
|
96d9af423575aec5559bd1a7094203c9e0586347 |
13-Jun-2014 |
Nick Kralevich <nnk@google.com> |
allow system_server getattr on /data/dalvik-cache/profiles 867030517724036b64fcaf39deaba1b27f3ca77e wasn't complete. I thought getattr on the directory wasn't needed but I was wrong. Not sure how I missed this. Addresses the following denial: <4>[ 40.699344] type=1400 audit(15795140.469:9): avc: denied { getattr } for pid=1087 comm="system_server" path="/data/dalvik-cache/profiles" dev="mmcblk0p28" ino=105874 scontext=u:r:system_server:s0 tcontext=u:object_r:dalvikcache_profiles_data_file:s0 tclass=dir Change-Id: Ibc176b2b00083bafaa91ab78d0f8dc1ca3c208b6
ystem_server.te
|
ced8cb5bccf3965b8166f1c90a2e97f3c9a7f13e |
13-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am f1b92488: runas: allow pipe communication from the shell * commit 'f1b92488f561d4fd27c6d4360f4d0ab3f3127203': runas: allow pipe communication from the shell
|
a307b6f147ba62a1dbe8d95ae1826bf47fe48d2b |
13-Jun-2014 |
Mark Salyzyn <salyzyn@google.com> |
am e0bbb6f3: am 848109c0: Merge "selinux: logd Development settings" * commit 'e0bbb6f3ac845cae3fcb01305b62c86bd71d5420': selinux: logd Development settings
|
e0bbb6f3ac845cae3fcb01305b62c86bd71d5420 |
13-Jun-2014 |
Mark Salyzyn <salyzyn@google.com> |
am 848109c0: Merge "selinux: logd Development settings" * commit '848109c0b9eb03e490126b6bd4dcafe9e83c95fd': selinux: logd Development settings
|
9da3b7861e95fb55f59232267578efa1f8e3482b |
13-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 4dcb8245: am fc10f2a7: Merge "runas: allow pipe communication from the shell" * commit '4dcb8245ae5d8179c28de1147e4b7563a50d0347': runas: allow pipe communication from the shell
|
f1b92488f561d4fd27c6d4360f4d0ab3f3127203 |
13-Jun-2014 |
Nick Kralevich <nnk@google.com> |
runas: allow pipe communication from the shell run-as won't communicate with shell via pipes. Allow it. nnk@nnk:~$ adb shell "cat /dev/zero | run-as com.google.foo sh -c 'cat'" /system/bin/sh: cat: <stdout>: Broken pipe <4>[ 1485.483517] type=1400 audit(1402623577.085:25): avc: denied { read } for pid=6026 comm="run-as" path="pipe:[29823]" dev="pipefs" ino=29823 scontext=u:r:runas:s0 tcontext=u:r:shell:s0 tclass=fifo_file read is definitely needed. Not sure about write, but adding it just in case. (cherry picked from commit 6c9c58884a97f36785c7778940ee303838fd2ebc) Change-Id: Ifed6314588723063531982b45a56b902dfe32ea9
unas.te
|
4dcb8245ae5d8179c28de1147e4b7563a50d0347 |
13-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am fc10f2a7: Merge "runas: allow pipe communication from the shell" * commit 'fc10f2a759cfeca49814bc9ebec77b810148e2a2': runas: allow pipe communication from the shell
|
1d75c90be76f1cc3b39e7c9a76210164543b9422 |
13-Jun-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Remove clatd's dac_override abilities. These are no longer necessary after the clatd change to acquire membership in AID_VPN when dropping root privileges. Change-Id: I9955296fe79e6dcbaa12acad1f1438e11d3b06cf
latd.te
|
4070ef7f2ca162589485647da4b14e5112ff0223 |
13-Jun-2014 |
Lorenzo Colitti <lorenzo@google.com> |
am 591b9c25: am 81c03013: Remove clatd\'s ability to write to proc files. * commit '591b9c25f1f9b3e6274dbe9e1ea33672a38a4549': Remove clatd's ability to write to proc files.
|
591b9c25f1f9b3e6274dbe9e1ea33672a38a4549 |
13-Jun-2014 |
Lorenzo Colitti <lorenzo@google.com> |
am 81c03013: Remove clatd\'s ability to write to proc files. * commit '81c03013879739aa58254356e61d59d45b346a03': Remove clatd's ability to write to proc files.
|
81c03013879739aa58254356e61d59d45b346a03 |
12-Jun-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Remove clatd's ability to write to proc files. This is no longer required now that clatd has switched from IPv6 forwarding to sockets. Bug: 15340961 Change-Id: Id7d503b842882d30e6cb860ed0af69ad4ea3e62c
latd.te
|
b4bea1d8dea939d3ceef484f8c8fdd23ba25c8de |
13-Jun-2014 |
Lorenzo Colitti <lorenzo@google.com> |
am fb635166: am b32448c9: Merge "Allow clatd to read from packet sockets and write to raw sockets" * commit 'fb6351669d79a0ef1a35c4f7dffdaf818debb845': Allow clatd to read from packet sockets and write to raw sockets
|
fb6351669d79a0ef1a35c4f7dffdaf818debb845 |
13-Jun-2014 |
Lorenzo Colitti <lorenzo@google.com> |
am b32448c9: Merge "Allow clatd to read from packet sockets and write to raw sockets" * commit 'b32448c90f982e9832ca87a6931dfc956da8b71b': Allow clatd to read from packet sockets and write to raw sockets
|
23dc086c7df9705aa418545fcd8d709dbae420b0 |
13-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 65ad8086: am f0ffff0b: Make the mediaserver domain enforcing. * commit '65ad808685888bda08595960647fe59fb0dcd865': Make the mediaserver domain enforcing.
|
65ad808685888bda08595960647fe59fb0dcd865 |
13-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am f0ffff0b: Make the mediaserver domain enforcing. * commit 'f0ffff0bc9b00df985aecba77334af65b06e65c6': Make the mediaserver domain enforcing.
|
f0ffff0bc9b00df985aecba77334af65b06e65c6 |
10-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make the mediaserver domain enforcing. Change-Id: Ib693b563c2db6abc02cf7dbeb12ed61c09734fa8 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ediaserver.te
|
71f238c2ce86c873da5b3b65f9d93efce0888613 |
13-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 2c8b50b8: am 86703051: Remove world-read access to /data/dalvik-cache/profiles * commit '2c8b50b88f6eb8f05be9d5dceb624281f59e82d6': Remove world-read access to /data/dalvik-cache/profiles
|
2c8b50b88f6eb8f05be9d5dceb624281f59e82d6 |
13-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 86703051: Remove world-read access to /data/dalvik-cache/profiles * commit '867030517724036b64fcaf39deaba1b27f3ca77e': Remove world-read access to /data/dalvik-cache/profiles
|
867030517724036b64fcaf39deaba1b27f3ca77e |
11-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Remove world-read access to /data/dalvik-cache/profiles Remove /data/dalvik-cache/profiles from domain. Profiling information leaks data about how people interact with apps, so we don't want the data to be available in all SELinux domains. Add read/write capabilities back to app domains, since apps need to read/write profiling data. Remove restorecon specific rules. The directory is now created by init, not installd, so installd doesn't need to set the label. Change-Id: Ic1b44009faa30d704855e97631006c4b990a4ad3
pp.te
omain.te
nstalld.te
ystem_server.te
|
db644f98ad302bcbf9e3a6ec184896c6b5c3ec9d |
12-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 8eb63f24: am b0ee91a4: Merge "Add SELinux rules for service_manager." * commit '8eb63f24bb34639d76246a2fe0276f5cada5c764': Add SELinux rules for service_manager.
|
8eb63f24bb34639d76246a2fe0276f5cada5c764 |
12-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am b0ee91a4: Merge "Add SELinux rules for service_manager." * commit 'b0ee91a418a899dbd39678711ea65ed60418154e': Add SELinux rules for service_manager.
|
d0e8557c427f5cf1f557547f0869914f3420446e |
12-Jun-2014 |
Ruchi Kandoi <kandoiruchi@google.com> |
am 28ca3327: (-s ours) DO NOT MERGE adds system_server permissions * commit '28ca332720cd4e308fbe2b3baeef213b895ff94e': DO NOT MERGE adds system_server permissions
|
c1b890eacc00ab89bb0413da8145ccfcf615a07c |
12-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am db4af52d: am a2e4e265: Allow shell to read/search /dev/input directory. * commit 'db4af52df92a1f82efbb667132c8f5b35b17b9af': Allow shell to read/search /dev/input directory.
|
db4af52df92a1f82efbb667132c8f5b35b17b9af |
12-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am a2e4e265: Allow shell to read/search /dev/input directory. * commit 'a2e4e2656bfdd0bb002123c0e1da893831a47b82': Allow shell to read/search /dev/input directory.
|
a2e4e2656bfdd0bb002123c0e1da893831a47b82 |
11-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow shell to read/search /dev/input directory. Resolves denials such as: avc: denied { read } for pid=16758 comm="getevent" name="input" dev="tmpfs" ino=6018 scontext=u:r:shell:s0 tcontext=u:object_r:input_device:s0 tclass=dir Change-Id: I709bd20a03a5271382b191393d55a34b0b8e4e0c Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
hell.te
|
b0ee91a418a899dbd39678711ea65ed60418154e |
12-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Add SELinux rules for service_manager."
|
f90c41f6e8d5c1266e154f46586a2ceb260f1be6 |
06-Jun-2014 |
Riley Spahn <rileyspahn@google.com> |
Add SELinux rules for service_manager. Add a service_mananger class with the verb add. Add a type that groups the services for each of the processes that is allowed to start services in service.te and an attribute for all services controlled by the service manager. Add the service_contexts file which maps service name to target label. Bug: 12909011 Change-Id: I017032a50bc90c57b536e80b972118016d340c7d
ndroid.mk
ccess_vectors
ttributes
inderservicedomain.te
rmserver.te
ealthd.te
nputflinger.te
eystore.te
ediaserver.te
fc.te
adio.te
ecurity_classes
ervice.te
ervice_contexts
ervicemanager.te
urfaceflinger.te
ystem_server.te
|
848109c0b9eb03e490126b6bd4dcafe9e83c95fd |
13-Jun-2014 |
Mark Salyzyn <salyzyn@google.com> |
Merge "selinux: logd Development settings"
|
9e7bbf61deae17e5d068c8f24b1b154d42a949ef |
12-Jun-2014 |
Mark Salyzyn <salyzyn@google.com> |
selinux: logd Development settings - logd Development Settings failed to access persist.logd.size Change-Id: I0732b44fcbffbf3c187bcb23df2db807fa3e8fde
roperty.te
roperty_contexts
ystem_app.te
|
fc10f2a759cfeca49814bc9ebec77b810148e2a2 |
13-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Merge "runas: allow pipe communication from the shell"
|
6c9c58884a97f36785c7778940ee303838fd2ebc |
13-Jun-2014 |
Nick Kralevich <nnk@google.com> |
runas: allow pipe communication from the shell run-as won't communicate with shell via pipes. Allow it. nnk@nnk:~$ adb shell "cat /dev/zero | run-as com.google.foo sh -c 'cat'" /system/bin/sh: cat: <stdout>: Broken pipe <4>[ 1485.483517] type=1400 audit(1402623577.085:25): avc: denied { read } for pid=6026 comm="run-as" path="pipe:[29823]" dev="pipefs" ino=29823 scontext=u:r:runas:s0 tcontext=u:r:shell:s0 tclass=fifo_file read is definitely needed. Not sure about write, but adding it just in case. Change-Id: Ifdf838b0df79a5f1e9559af57c2d1fdb8c41a201
unas.te
|
d41e531c65821e4f14662587fbf142f33b3621d6 |
11-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 224be2c2: am 62af8381: Merge "Allow installd to chown/chmod app data files." * commit '224be2c21a9c38470a8049ced71e29482a18800c': Allow installd to chown/chmod app data files.
|
6a2e2debea849c713339ac16583651aaf90fd3f7 |
11-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am ad442082: am 7c11bdc4: Allow dnsmasq to inherit/use netd UDP socket. * commit 'ad4420828555a26408c06dc7a68aea83f25227df': Allow dnsmasq to inherit/use netd UDP socket.
|
530f713b13fdd0625dba78979a127e9bc6b59fcf |
11-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am d352fba1: am 42fb824c: Refactor the shell domains. * commit 'd352fba1b91753778920e01da1b108515cbfaf60': Refactor the shell domains.
|
dc25ea0f4bc6889b3d6c312c90dfe28d646ff54e |
11-Jun-2014 |
Ruchi Kandoi <kandoiruchi@google.com> |
am 0bcbc6c4: am 13d58863: system_server: Adds permission to system_server to write sysfs file * commit '0bcbc6c470e30f9667b272d08406d22824a8ea67': system_server: Adds permission to system_server to write sysfs file
|
11f249c1a6c57b3c961eafe53a8ddd5edefc5054 |
11-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am aa15a500: am f4e69028: recovery: don\'t use single quote * commit 'aa15a5002c6613ab88372d4200804b5947bd705f': recovery: don't use single quote
|
656249c21870b501166f3b6ad5762a5c244076b7 |
11-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 71eecd33: am a8281adf: dumpstate: allow pstore access * commit '71eecd330a4460bae0a75a4780f701e83825ec5c': dumpstate: allow pstore access
|
28ca332720cd4e308fbe2b3baeef213b895ff94e |
11-Jun-2014 |
Ruchi Kandoi <kandoiruchi@google.com> |
DO NOT MERGE adds system_server permissions Adds permission to system_server to write sysfs file Need this for changing the max_cpufreq and min_cpufreq for the low power mode. Denials: type=1400 audit(1402431554.756:14): avc: denied { write } for pid=854 comm="PowerManagerSer" name="scaling_max_freq" dev="sysfs" ino=9175 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=file Change required for Change-Id: I1cf458c4f128818ad1286e5a90b0d359b6913bb8 Change-Id: Ic5ce3c8327e973bfa1d53f298c07dcea1550b646 Signed-off-by: Ruchi Kandoi<kandoiruchi@google.com>
ystem_server.te
|
224be2c21a9c38470a8049ced71e29482a18800c |
11-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 62af8381: Merge "Allow installd to chown/chmod app data files." * commit '62af83810baa7a6c07a8673136c1cdf5a6763b48': Allow installd to chown/chmod app data files.
|
ad4420828555a26408c06dc7a68aea83f25227df |
11-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 7c11bdc4: Allow dnsmasq to inherit/use netd UDP socket. * commit '7c11bdc414e10d0e570ff35394d209784a647105': Allow dnsmasq to inherit/use netd UDP socket.
|
7c11bdc414e10d0e570ff35394d209784a647105 |
11-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow dnsmasq to inherit/use netd UDP socket. Addresses denials such as: avc: denied { read write } for comm="dnsmasq" path="socket:[1054090]" dev="sockfs" ino=1054090 scontext=u:r:dnsmasq:s0 tcontext=u:r:netd:s0 tclass=udp_socket This may not be needed (need to check netd to see if it should be closing all of these sockets before exec'ing other programs), but should be harmless. Change-Id: I77c7af5e050e039fd48322914eeabbcb8a716040 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
nsmasq.te
|
d352fba1b91753778920e01da1b108515cbfaf60 |
11-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 42fb824c: Refactor the shell domains. * commit '42fb824ca9f3e46b4419f05083f2694ac67a8229': Refactor the shell domains.
|
42fb824ca9f3e46b4419f05083f2694ac67a8229 |
11-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Refactor the shell domains. Originally we used the shell domain for ADB shell only and the init_shell domain for the console service, both transitioned via automatic domain transitions on sh. So they originally shared a common set of rules. Then init_shell started to be used for sh commands invoked by init.<board>.rc files, and we switched the console service to just use the shell domain via seclabel entry in init.rc. Even most of the sh command instances in init.<board>.rc files have been converted to use explicit seclabel options with more specific domains (one lingering use is touch_fw_update service in init.grouper.rc). The primary purpose of init_shell at this point is just to shed certain permissions from the init domain when init invokes a shell command. And init_shell and shell are quite different in their permission requirements since the former is used now for uid-0 processes spawned by init whereas the latter is used for uid-shell processes spawned by adb or init. Given these differences, drop the shelldomain attribute and take those rules directly into shell.te. init_shell was an unconfined_domain(), so it loses nothing from this change. Also switch init_shell to permissive_or_unconfined() so that we can see its actual denials in the future in userdebug/eng builds. Change-Id: I6e7e45724d1aa3a6bcce8df676857bc8eef568f0 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
ttributes
omain.te
nit_shell.te
hell.te
helldomain.te
|
2be9c64f85cffcbfdece89da270599b9256ea80d |
14-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Make inputflinger enforcing."
|
701aebb59c89d8177d9fedb1bc30de1ff505bff7 |
04-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make inputflinger enforcing. Change-Id: I99f93e4dd5dc1f43291c46f6ed07e51097613689 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
nputflinger.te
|
0bcbc6c470e30f9667b272d08406d22824a8ea67 |
11-Jun-2014 |
Ruchi Kandoi <kandoiruchi@google.com> |
am 13d58863: system_server: Adds permission to system_server to write sysfs file * commit '13d5886363675915e5115ccc0a95ca5d7776730b': system_server: Adds permission to system_server to write sysfs file
|
13d5886363675915e5115ccc0a95ca5d7776730b |
11-Jun-2014 |
Ruchi Kandoi <kandoiruchi@google.com> |
system_server: Adds permission to system_server to write sysfs file Need this for changing the max_cpufreq and min_cpufreq for the low power mode. Denials: type=1400 audit(1402431554.756:14): avc: denied { write } for pid=854 comm="PowerManagerSer" name="scaling_max_freq" dev="sysfs" ino=9175 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=file Change required for Change-Id: I1cf458c4f128818ad1286e5a90b0d359b6913bb8 Change-Id: Ic5ce3c8327e973bfa1d53f298c07dcea1550b646 Signed-off-by: Ruchi Kandoi<kandoiruchi@google.com>
ystem_server.te
|
b32448c90f982e9832ca87a6931dfc956da8b71b |
13-Jun-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Merge "Allow clatd to read from packet sockets and write to raw sockets"
|
6cd57a43d2eafed5454bd7d4e55c57d8a1c91898 |
05-Jun-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Allow clatd to read from packet sockets and write to raw sockets This addresses the following denials that occur when switching clatd from an IPv6 tun interface to packet and raw sockets: avc: denied { net_raw } for pid=3540 comm="clatd" capability=13 scontext=u:r:clatd:s0 tcontext=u:r:clatd:s0 tclass=capability avc: denied { create } for pid=3540 comm="clatd" scontext=u:r:clatd:s0 tcontext=u:r:clatd:s0 tclass=packet_socket avc: denied { bind } for pid=3540 comm="clatd" scontext=u:r:clatd:s0 tcontext=u:r:clatd:s0 tclass=packet_socket avc: denied { setopt } for pid=3540 comm="clatd" scontext=u:r:clatd:s0 tcontext=u:r:clatd:s0 tclass=packet_socket avc: denied { read } for pid=3540 comm="clatd" path="socket:[19117]" dev="sockfs" ino=19117 scontext=u:r:clatd:s0 tcontext=u:r:clatd:s0 tclass=packet_socket Bug: 15340961 Change-Id: I3c06e8e3e0cfc0869a7b73c803bbffe28369ee5e
latd.te
|
62af83810baa7a6c07a8673136c1cdf5a6763b48 |
11-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Allow installd to chown/chmod app data files."
|
89b9ff7e87a94128efba3e9f56fbd2d0dafa848a |
11-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow installd to chown/chmod app data files. Addresses denials such as: avc: denied { setattr } for comm="installd" name="com.android.calendar_preferences_no_backup.xml" dev="mmcblk0p28" ino=1499393 scontext=u:r:installd:s0 tcontext=u:object_r:app_data_file:s0 tclass=file avc: denied { setattr } for comm="installd" name="calendar_alerts.xml" dev="mmcblk0p28" ino=1499463 scontext=u:r:installd:s0 tcontext=u:object_r:app_data_file:s0 tclass=file avc: denied { setattr } for comm="installd" name="_has_set_default_values.xml" dev="mmcblk0p28" ino=1499428 scontext=u:r:installd:s0 tcontext=u:object_r:app_data_file:s0 tclass=file Change-Id: I0622f1a9d2b10e28be2616f91edf33bc048b4ac7 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
nstalld.te
|
aa15a5002c6613ab88372d4200804b5947bd705f |
10-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am f4e69028: recovery: don\'t use single quote * commit 'f4e690285022ff80381d6e371d2e7747b6894fcd': recovery: don't use single quote
|
3561abf823070a4e5e94d1611acc1024340481eb |
09-Jun-2014 |
Nick Kralevich <nnk@google.com> |
dumpstate: allow pstore access Dumpstate reads from /sys/fs/pstore/console-ramoops when generating a bug report. Allow it. Addresses the following denials: <12>[ 2187.362750] type=1400 audit(1402346777.139:9): avc: denied { search } for pid=4155 comm="dumpstate" name="/" dev="pstore" ino=9954 scontext=u:r:dumpstate:s0 tcontext=u:object_r:pstorefs:s0 tclass=dir permissive=1 <12>[ 2187.363025] type=1400 audit(1402346777.139:10): avc: denied { getattr } for pid=4155 comm="dumpstate" path="/sys/fs/pstore/console-ramoops" dev="pstore" ino=9955 scontext=u:r:dumpstate:s0 tcontext=u:object_r:pstorefs:s0 tclass=file permissive=1 <12>[ 2187.363185] type=1400 audit(1402346777.139:11): avc: denied { read } for pid=4155 comm="dumpstate" name="console-ramoops" dev="pstore" ino=9955 scontext=u:r:dumpstate:s0 tcontext=u:object_r:pstorefs:s0 tclass=file permissive=1 <12>[ 2187.363321] type=1400 audit(1402346777.139:12): avc: denied { open } for pid=4155 comm="dumpstate" path="/sys/fs/pstore/console-ramoops" dev="pstore" ino=9955 scontext=u:r:dumpstate:s0 tcontext=u:object_r:pstorefs:s0 tclass=file permissive=1 (cherry picked from commit a8281adf994623c6e1404d3102915a93eb0b70aa) Change-Id: I4f90ebfbc0627227a18fa74e86d1e459a393c14a
umpstate.te
|
f4e690285022ff80381d6e371d2e7747b6894fcd |
10-Jun-2014 |
Nick Kralevich <nnk@google.com> |
recovery: don't use single quote single quotes make the m4 parser think it's at the end of a block, and generates the following compile time warning: external/sepolicy/recovery.te:9:WARNING 'unrecognized character' at token ''' on line 7720: Change-Id: I2502f16f0d9ec7528ec0fc2ee65ad65635d0101b
ecovery.te
|
71eecd330a4460bae0a75a4780f701e83825ec5c |
10-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am a8281adf: dumpstate: allow pstore access * commit 'a8281adf994623c6e1404d3102915a93eb0b70aa': dumpstate: allow pstore access
|
a8281adf994623c6e1404d3102915a93eb0b70aa |
09-Jun-2014 |
Nick Kralevich <nnk@google.com> |
dumpstate: allow pstore access Dumpstate reads from /sys/fs/pstore/console-ramoops when generating a bug report. Allow it. Addresses the following denials: <12>[ 2187.362750] type=1400 audit(1402346777.139:9): avc: denied { search } for pid=4155 comm="dumpstate" name="/" dev="pstore" ino=9954 scontext=u:r:dumpstate:s0 tcontext=u:object_r:pstorefs:s0 tclass=dir permissive=1 <12>[ 2187.363025] type=1400 audit(1402346777.139:10): avc: denied { getattr } for pid=4155 comm="dumpstate" path="/sys/fs/pstore/console-ramoops" dev="pstore" ino=9955 scontext=u:r:dumpstate:s0 tcontext=u:object_r:pstorefs:s0 tclass=file permissive=1 <12>[ 2187.363185] type=1400 audit(1402346777.139:11): avc: denied { read } for pid=4155 comm="dumpstate" name="console-ramoops" dev="pstore" ino=9955 scontext=u:r:dumpstate:s0 tcontext=u:object_r:pstorefs:s0 tclass=file permissive=1 <12>[ 2187.363321] type=1400 audit(1402346777.139:12): avc: denied { open } for pid=4155 comm="dumpstate" path="/sys/fs/pstore/console-ramoops" dev="pstore" ino=9955 scontext=u:r:dumpstate:s0 tcontext=u:object_r:pstorefs:s0 tclass=file permissive=1 Change-Id: Ia20b7a03ed8e0c61b023eea93415a50af82e1bbf
umpstate.te
|
c7ecaed26541bdc39a32ccf7a3eb172c0cd39cae |
09-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 75927265: am b2ed044f: dumpstate: allow gpu_device access * commit '75927265f5b4a937c9e6967922a3443fc170fa0f': dumpstate: allow gpu_device access
|
75927265f5b4a937c9e6967922a3443fc170fa0f |
09-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am b2ed044f: dumpstate: allow gpu_device access * commit 'b2ed044f8d6ed31acd814f5346148e762f3a5751': dumpstate: allow gpu_device access
|
b2ed044f8d6ed31acd814f5346148e762f3a5751 |
09-Jun-2014 |
Nick Kralevich <nnk@google.com> |
dumpstate: allow gpu_device access dumpstate calls screencap to take a screenshot. screencap requires the ability to access the gpu device. Allow it. Bug: 15514427 Change-Id: Iad8451b6108786653146de471f6be2d26b0e3297
umpstate.te
|
af4ab9943879c72fd8ad910bffd4dab72d617760 |
09-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 3e7eddf7: am 7fd03e9c: Merge "remove shell_data_file from unconfined." * commit '3e7eddf70e4427e93cbe203853790deaf41ba008': remove shell_data_file from unconfined.
|
3e7eddf70e4427e93cbe203853790deaf41ba008 |
09-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 7fd03e9c: Merge "remove shell_data_file from unconfined." * commit '7fd03e9c83cf60d8864bb2a0d6090fb85de2aed6': remove shell_data_file from unconfined.
|
7fd03e9c83cf60d8864bb2a0d6090fb85de2aed6 |
09-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Merge "remove shell_data_file from unconfined."
|
b3a12bef376ee461542cdc401b9c38011030c635 |
09-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am a8890f93: am ac23ff9e: Merge "label usbfs" * commit 'a8890f93817691051c9a10bdbf08546a1fc79247': label usbfs
|
a8890f93817691051c9a10bdbf08546a1fc79247 |
09-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am ac23ff9e: Merge "label usbfs" * commit 'ac23ff9ea8b11fff0e75c618a34e996e6e59f9e2': label usbfs
|
ac23ff9ea8b11fff0e75c618a34e996e6e59f9e2 |
09-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Merge "label usbfs"
|
0e7ea65735dfc8f16e68ee070ee56e73f6adde38 |
09-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am d7bedd60: am e79433d8: Merge "add attach_queue to tun_socket" * commit 'd7bedd6078123bd441de115c2db9f640fff569ba': add attach_queue to tun_socket
|
85b83f5db4efd4f063df7d91a6527c5a70fe30ee |
09-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 6db62fd5: am ddc90255: Merge "Refine recovery domain." * commit '6db62fd50b754b03f45d38a63531a3857fc98e2f': Refine recovery domain.
|
a91b7f094fb9c7c83c688d434171f7c11bc800d6 |
09-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am d37603dc: am 442b6f10: Merge "allow adb push to create directories." * commit 'd37603dcd7217b914116964cb8f83af9ea9a8709': allow adb push to create directories.
|
a448ea6a381cf9ff45e8ef39a51aba81c9d442e3 |
09-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 62ab866a: am 7ada3bdf: Merge "surfaceflinger: remove unconfined domain reference." * commit '62ab866ad473346ce8031023ecf37d4bbe258c13': surfaceflinger: remove unconfined domain reference.
|
d7bedd6078123bd441de115c2db9f640fff569ba |
09-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am e79433d8: Merge "add attach_queue to tun_socket" * commit 'e79433d8574993a7857a2406ea312bfa1f65a59f': add attach_queue to tun_socket
|
6db62fd50b754b03f45d38a63531a3857fc98e2f |
09-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am ddc90255: Merge "Refine recovery domain." * commit 'ddc902553d55c2cddec1aea010bf943b0e7e6252': Refine recovery domain.
|
d37603dcd7217b914116964cb8f83af9ea9a8709 |
09-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 442b6f10: Merge "allow adb push to create directories." * commit '442b6f10532cc6a03bcfbb7940a18a23d480e098': allow adb push to create directories.
|
62ab866ad473346ce8031023ecf37d4bbe258c13 |
09-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 7ada3bdf: Merge "surfaceflinger: remove unconfined domain reference." * commit '7ada3bdf976acae90fb3004a38f44bd1e6ef4dd3': surfaceflinger: remove unconfined domain reference.
|
e79433d8574993a7857a2406ea312bfa1f65a59f |
09-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Merge "add attach_queue to tun_socket"
|
ddc902553d55c2cddec1aea010bf943b0e7e6252 |
09-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Refine recovery domain."
|
442b6f10532cc6a03bcfbb7940a18a23d480e098 |
09-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Merge "allow adb push to create directories."
|
7ada3bdf976acae90fb3004a38f44bd1e6ef4dd3 |
09-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Merge "surfaceflinger: remove unconfined domain reference."
|
5a5fb85f1ef3f424a677678c832b72dcfeb6df2b |
07-Jun-2014 |
Nick Kralevich <nnk@google.com> |
label usbfs Right now usbfs doesn't have any labels, generating the following kernel warnings: <7>[ 3.009582] SELinux: initialized (dev usbfs, type usbfs), not configured for labeling and the occasional SELinux unlabeled auditallow logs: <4>[ 285.579254] type=1400 audit(1402010345.094:16): avc: granted { search } for pid=371 comm="qcks" name="/" dev="usbfs" ino=15794 scontext=u:r:kickstart:s0 tcontext=u:object_r:unlabeled:s0 tclass=dir <4>[ 285.632354] type=1400 audit(1402010345.154:18): avc: granted { search } for pid=371 comm="qcks" name="001" dev="usbfs" ino=15796 scontext=u:r:kickstart:s0 tcontext=u:object_r:unlabeled:s0 tclass=dir Make sure usbfs is assigned via genfscon Change-Id: I7191f2584014ba55a3c3a98e7efd0350dc958782
ile.te
enfs_contexts
|
49c47c5af2afbd30ef8f0b32cf36744a33d288b2 |
09-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 5eafefd1: am a1cd65b8: Make dumpstate domain enforcing. * commit '5eafefd1129f413044e61fc58d8b00b4999b7dd1': Make dumpstate domain enforcing.
|
840d4a4955d9269a804c7d592d05562a3f0782d8 |
09-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 57b43990: am d1591224: Make system_app enforcing. * commit '57b4399055f13e9bde1dcee7afe97dffd482abce': Make system_app enforcing.
|
5eafefd1129f413044e61fc58d8b00b4999b7dd1 |
09-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am a1cd65b8: Make dumpstate domain enforcing. * commit 'a1cd65b81021645835123ccddd8b8998d05b21b1': Make dumpstate domain enforcing.
|
57b4399055f13e9bde1dcee7afe97dffd482abce |
09-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am d1591224: Make system_app enforcing. * commit 'd1591224818092e5f4abad7ba5b71cd2137ffd02': Make system_app enforcing.
|
a1cd65b81021645835123ccddd8b8998d05b21b1 |
04-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Make dumpstate domain enforcing. Change-Id: I74bf300c1b80e94e5acf9ba00ab443dfabad7408
umpstate.te
|
b53e84a7238ee02587b329b6475f25da3fff1214 |
09-Jun-2014 |
Nick Kralevich <nnk@google.com> |
surfaceflinger: remove unconfined domain reference. surfaceflinger has been enforcing for a while now. Remove the reference to the unconfined domain. Change-Id: Ia86a0553e9c2db3c89f93e26179c79278d1d3bed
urfaceflinger.te
|
d1591224818092e5f4abad7ba5b71cd2137ffd02 |
06-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make system_app enforcing. Change-Id: I9c3ff0a79d947a14084638772451d06298c43e47 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ystem_app.te
|
aeecc5dfa314a3c6e22db045a27225893ba34dd3 |
09-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 8100da48: am 6bb672e6: Make the system_server domain enforcing. * commit '8100da48b7714ab2afc95f1c9d01530543f469ac': Make the system_server domain enforcing.
|
8100da48b7714ab2afc95f1c9d01530543f469ac |
09-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 6bb672e6: Make the system_server domain enforcing. * commit '6bb672e6b3df2fb3dbb49f32e5f30589ff539e6e': Make the system_server domain enforcing.
|
6bb672e6b3df2fb3dbb49f32e5f30589ff539e6e |
26-Nov-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make the system_server domain enforcing. Change-Id: I1ea20044bd6789dde002da7fc9613cfbf1ee2d23 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ystem_server.te
|
98b7ab539621f3b26846fd19b7c3bcde2c522c8f |
08-Jun-2014 |
Nick Kralevich <nnk@google.com> |
allow adb push to create directories. Addresses the following denial: type=1400 audit(0.0:24): avc: denied { create } for comm="adbd" name="md5sum" scontext=u:r:adbd:s0 tcontext=u:object_r:shell_data_file:s0 tclass=dir Change-Id: Ibb1708af85b2235cbad2794993cfeef896f8db4a
dbd.te
|
8b7ca455a6789653e73729453bbb3169954d9994 |
07-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Refine recovery domain. Addresses the following denials: avc: denied { read write } for pid=132 comm="recovery" name="tty0" dev="tmpfs" ino=5730 scontext=u:r:recovery:s0 tcontext=u:object_r:tty_device:s0 tclass=chr_file avc: denied { open } for pid=132 comm="recovery" name="tty0" dev="tmpfs" ino=5730 scontext=u:r:recovery:s0 tcontext=u:object_r:tty_device:s0 tclass=chr_file avc: denied { ioctl } for pid=132 comm="recovery" path="/dev/tty0" dev="tmpfs" ino=5730 scontext=u:r:recovery:s0 tcontext=u:object_r:tty_device:s0 tclass=chr_file avc: denied { sys_tty_config } for pid=132 comm="recovery" capability=26 scontext=u:r:recovery:s0 tcontext=u:r:recovery:s0 tclass=capability avc: denied { setfcap } for pid=142 comm="update_binary" capability=31 scontext=u:r:recovery:s0 tcontext=u:r:recovery:s0 tclass=capability Change-Id: I5219303fbd5afe8f74919db153af6525c0b54154
ecovery.te
|
ee49c0e36a6c35253dcf708f5843443cbc3c03f6 |
07-Jun-2014 |
Nick Kralevich <nnk@google.com> |
remove shell_data_file from unconfined. Domains which want to access /data/local/tmp must do so by creating their own SELinux domain. Bug: 15164984 Change-Id: I0061129c64e659c552cf6565058b0786fba59ae0
nit.te
nconfined.te
|
d7af45d3741648c45560797a5b6f02dec784668f |
07-Jun-2014 |
Nick Kralevich <nnk@google.com> |
add attach_queue to tun_socket Modeled after http://oss.tresys.com/pipermail/refpolicy/2013-January/006283.html Addresses the following kernel error message: <6>[ 3.855423] SELinux: Permission attach_queue in class tun_socket not defined in policy. <6>[ 3.862482] SELinux: the above unknown classes and permissions will be denied <7>[ 3.869668] SELinux: Completing initialization. Change-Id: Iad87fcd5348d121a808dbe7ae3c63f8c90fc09fc
ccess_vectors
|
2235d4ad5794af6397e31df09903852c3d9ff920 |
06-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 754e64b9: am 90cb59fd: Merge "Remove domain unlabeled access." * commit '754e64b9b7a3def9431ce75265fb9f05ba563a8f': Remove domain unlabeled access.
|
754e64b9b7a3def9431ce75265fb9f05ba563a8f |
06-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 90cb59fd: Merge "Remove domain unlabeled access." * commit '90cb59fd513441622323c77762a96df6a85a7100': Remove domain unlabeled access.
|
90cb59fd513441622323c77762a96df6a85a7100 |
06-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Remove domain unlabeled access."
|
512a8357609b90d802ad02d502498084e1cda5da |
06-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 23f95178: Don\'t grant domain device:dir rw_dir_perms * commit '23f951780f56bd4ed076e361ecdb765f2f24e9bc': Don't grant domain device:dir rw_dir_perms
|
23f951780f56bd4ed076e361ecdb765f2f24e9bc |
05-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Don't grant domain device:dir rw_dir_perms write_logd() is allowed for domain, which means that all domains are permitted read/write access to /dev. That's overly permissive and causes substantial differences between user and userdebug/eng devices. Remove domain device:dir rw_dir_perms access. It's not needed. Allow all domains to write/append to logd_debug. logd is responsible for creating this file if need be. Remove logd_debug file create permissions. This also eliminates the need for the type_transition rules. Bug: 15419803 (cherry picked from commit 2bcea0a3139faf0a8ae1cfe9cce88cde74e1a0bc) Change-Id: If430615a3f3118124be331da518afc41f27aab5f
e_macros
|
cee6ffe7847e1ca22c9a79852af2ca0ff3456048 |
06-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am cb182aba: Allow adbd / shell /data/anr access * commit 'cb182aba64ed9e0051e542af4abd289f52ee6b70': Allow adbd / shell /data/anr access
|
431b59968b6949b5df7edecc4909947a4ce8a4b2 |
06-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 68c5f90b: add execmod to various app domains * commit '68c5f90b97bbc663ae7bb736279f951b111ae483': add execmod to various app domains
|
6e40a2ec61d499fb32e865dbe06a46124622d4a4 |
05-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am a5afe484: am 4fd4a205: Allow adbd / shell /data/anr access * commit 'a5afe484ef9fbe1d6af90583414b1d71ab9fa8dc': Allow adbd / shell /data/anr access
|
a5afe484ef9fbe1d6af90583414b1d71ab9fa8dc |
05-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 4fd4a205: Allow adbd / shell /data/anr access * commit '4fd4a2054db06329acc524c7eb07715ec625dc5d': Allow adbd / shell /data/anr access
|
cb182aba64ed9e0051e542af4abd289f52ee6b70 |
05-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Allow adbd / shell /data/anr access The shell user needs to be able to run commands like "cat /data/anr/traces.txt". Allow it. We also need to be able to pull the file via adb. "adb pull /data/anr/traces.txt". Allow it. Addresses the following denials: <4>[ 20.212398] type=1400 audit(1402000262.433:11): avc: denied { getattr } for pid=1479 comm="adbd" path="/data/anr/traces.txt" dev="mmcblk0p28" ino=325763 scontext=u:r:adbd:s0 tcontext=u:object_r:anr_data_file:s0 tclass=file <4>[ 20.252182] type=1400 audit(1402000262.473:12): avc: denied { read } for pid=1479 comm="adbd" name="traces.txt" dev="mmcblk0p28" ino=325763 scontext=u:r:adbd:s0 tcontext=u:object_r:anr_data_file:s0 tclass=file <4>[ 20.252579] type=1400 audit(1402000262.473:13): avc: denied { open } for pid=1479 comm="adbd" name="traces.txt" dev="mmcblk0p28" ino=325763 scontext=u:r:adbd:s0 tcontext=u:object_r:anr_data_file:s0 tclass=file <4>[ 27.104068] type=1400 audit(1402000268.479:14): avc: denied { read } for pid=2377 comm="sh" name="traces.txt" dev="mmcblk0p28" ino=325763 scontext=u:r:shell:s0 tcontext=u:object_r:anr_data_file:s0 tclass=file Bug: 15450720 (cherry picked from commit 4fd4a2054db06329acc524c7eb07715ec625dc5d) Change-Id: Ide6f62183a1c6e2af4cbe84bb0ebb928cd8e63b7
dbd.te
hell.te
|
4fd4a2054db06329acc524c7eb07715ec625dc5d |
05-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Allow adbd / shell /data/anr access The shell user needs to be able to run commands like "cat /data/anr/traces.txt". Allow it. We also need to be able to pull the file via adb. "adb pull /data/anr/traces.txt". Allow it. Addresses the following denials: <4>[ 20.212398] type=1400 audit(1402000262.433:11): avc: denied { getattr } for pid=1479 comm="adbd" path="/data/anr/traces.txt" dev="mmcblk0p28" ino=325763 scontext=u:r:adbd:s0 tcontext=u:object_r:anr_data_file:s0 tclass=file <4>[ 20.252182] type=1400 audit(1402000262.473:12): avc: denied { read } for pid=1479 comm="adbd" name="traces.txt" dev="mmcblk0p28" ino=325763 scontext=u:r:adbd:s0 tcontext=u:object_r:anr_data_file:s0 tclass=file <4>[ 20.252579] type=1400 audit(1402000262.473:13): avc: denied { open } for pid=1479 comm="adbd" name="traces.txt" dev="mmcblk0p28" ino=325763 scontext=u:r:adbd:s0 tcontext=u:object_r:anr_data_file:s0 tclass=file <4>[ 27.104068] type=1400 audit(1402000268.479:14): avc: denied { read } for pid=2377 comm="sh" name="traces.txt" dev="mmcblk0p28" ino=325763 scontext=u:r:shell:s0 tcontext=u:object_r:anr_data_file:s0 tclass=file Bug: 15450720 Change-Id: I767102a7182895112838559b0ade1cd7c14459ab
dbd.te
hell.te
|
7448b3570bff7e53ba1a070e049ee01d130999ff |
05-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 88c611a9: am 0341e1ab: Merge "Don\'t grant domain device:dir rw_dir_perms" * commit '88c611a949357ecc929060ac12f37b54dda7acc7': Don't grant domain device:dir rw_dir_perms
|
1baba239eb30dfd731f2215266ae32eed5902087 |
05-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 6d00459d: am a03d761f: refine recovery domain. * commit '6d00459dfd7910b9d4d7dbebcd364989ffaeb060': refine recovery domain.
|
88c611a949357ecc929060ac12f37b54dda7acc7 |
05-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 0341e1ab: Merge "Don\'t grant domain device:dir rw_dir_perms" * commit '0341e1abb1017b12985a4e1e904bc4f900601a2c': Don't grant domain device:dir rw_dir_perms
|
6d00459dfd7910b9d4d7dbebcd364989ffaeb060 |
05-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am a03d761f: refine recovery domain. * commit 'a03d761f191320662dfea3182164d4166c7ad1c7': refine recovery domain.
|
0341e1abb1017b12985a4e1e904bc4f900601a2c |
05-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Don't grant domain device:dir rw_dir_perms"
|
a03d761f191320662dfea3182164d4166c7ad1c7 |
05-Jun-2014 |
Nick Kralevich <nnk@google.com> |
refine recovery domain. Make sure we have all necessary rules to modify system_file and exec_type. Allow writing to /proc/sys/vm/drop_caches and other proc files. Addresses denials like: avc: denied { getattr } for pid=152 comm="update_binary" path="/system/bin/debuggerd" dev="mmcblk0p21" ino=88 scontext=u:r:recovery:s0 tcontext=u:object_r:debuggerd_exec:s0 tclass=file avc: denied { read } for pid=152 comm="update_binary" name="debuggerd" dev="mmcblk0p21" ino=88 scontext=u:r:recovery:s0 tcontext=u:object_r:debuggerd_exec:s0 tclass=file avc: denied { open } for pid=152 comm="update_binary" name="debuggerd" dev="mmcblk0p21" ino=88 scontext=u:r:recovery:s0 tcontext=u:object_r:debuggerd_exec:s0 tclass=file avc: denied { remove_name } for pid=152 comm="update_binary" name="framework.jar" dev="mmcblk0p21" ino=1600 scontext=u:r:recovery:s0 tcontext=u:object_r:system_file:s0 tclass=dir avc: denied { add_name } for pid=152 comm="update_binary" name="Foo.apk.patch" scontext=u:r:recovery:s0 tcontext=u:object_r:system_file:s0 tclass=dir avc: denied { write } for pid=152 comm="update_binary" name="drop_caches" dev="proc" ino=8288 scontext=u:r:recovery:s0 tcontext=u:object_r:proc:s0 tclass=file recovery is still in permissive_or_unconfined(), so no rules are being enforced. Change-Id: I14ca777fe27a2b0fd9a0aefce5ddcc402b1e5a59
ecovery.te
|
2bcea0a3139faf0a8ae1cfe9cce88cde74e1a0bc |
05-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Don't grant domain device:dir rw_dir_perms write_logd() is allowed for domain, which means that all domains are permitted read/write access to /dev. That's overly permissive and causes substantial differences between user and userdebug/eng devices. Remove domain device:dir rw_dir_perms access. It's not needed. Allow all domains to write/append to logd_debug. logd is responsible for creating this file if need be. Remove logd_debug file create permissions. This also eliminates the need for the type_transition rules. Bug: 15419803 Change-Id: I7dc3c4df8d413c649c24ae7bc15546d64226ce3b
e_macros
|
2536ffa9d8a16ac3f83e90b135ad76a66a007ab9 |
04-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 2e0be798: am dde428a9: Merge "More recovery rules" * commit '2e0be798404d181209a7dcc297fb3b88e088cb16': More recovery rules
|
dbd7e02b47c349196f8a4db66dda81bd23b96e9c |
04-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 7463d76e: am 3d2eb27d: Merge "Make racoon enforcing." * commit '7463d76e59ad1c231b5a38891d0adedb6dbbd396': Make racoon enforcing.
|
2e0be798404d181209a7dcc297fb3b88e088cb16 |
04-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am dde428a9: Merge "More recovery rules" * commit 'dde428a978319fadb24aa41b613c7e97d9863ced': More recovery rules
|
7463d76e59ad1c231b5a38891d0adedb6dbbd396 |
04-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 3d2eb27d: Merge "Make racoon enforcing." * commit '3d2eb27dede73008685bdb290ff705290ef22cf3': Make racoon enforcing.
|
dde428a978319fadb24aa41b613c7e97d9863ced |
04-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Merge "More recovery rules"
|
3d2eb27dede73008685bdb290ff705290ef22cf3 |
04-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Make racoon enforcing."
|
5ecd052b29fdb0cb5fa38e649e75d82ac0217b76 |
04-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am b386f0be: am 5eaa0afb: Merge "Allow system_server access to /data/media files passed via Binder." * commit 'b386f0be6e30007a98e49b3108af9334655173a7': Allow system_server access to /data/media files passed via Binder.
|
760de3869c569376ce89ba16853564fbdeb1a22b |
04-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am e2efee37: am d2622fda: Allow installd to stat asec files and /data/media files. * commit 'e2efee375194d853eb3c80bdada3923a17df461f': Allow installd to stat asec files and /data/media files.
|
b386f0be6e30007a98e49b3108af9334655173a7 |
04-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 5eaa0afb: Merge "Allow system_server access to /data/media files passed via Binder." * commit '5eaa0afbc7b6aae4c68273cf07ce6d60ebb409ea': Allow system_server access to /data/media files passed via Binder.
|
e2efee375194d853eb3c80bdada3923a17df461f |
04-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am d2622fda: Allow installd to stat asec files and /data/media files. * commit 'd2622fda569d2a8decc0b4e013979a40a24a799d': Allow installd to stat asec files and /data/media files.
|
03dbf07a47627a8615e5ac9f3d8834dd70af8a06 |
04-Jun-2014 |
Nick Kralevich <nnk@google.com> |
More recovery rules Better refine the rules surrounding the recovery SELinux domain, and get rid of dmesg log spam. Recovery is still in permissive_or_unconfined(), so no expected change in behavior. Change-Id: Ie5a86f8f5d7581547879c476ebcfdb8c0876263c
ecovery.te
|
5eaa0afbc7b6aae4c68273cf07ce6d60ebb409ea |
04-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Allow system_server access to /data/media files passed via Binder."
|
d2622fda569d2a8decc0b4e013979a40a24a799d |
04-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow installd to stat asec files and /data/media files. Addresses denials such as: avc: denied { getattr } for comm="installd" path="/data/app-asec/com.vectorunit.red-1.asec" dev="dm-0" ino=578229 scontext=u:r:installd:s0 tcontext=u:object_r:asec_image_file:s0 tclass=file avc: denied { getattr } for pid=262 comm="installd" path="/data/media/0/Android/data/com.google.android.apps.maps/cache/cache_vts_tran_base_GMM.m" dev="dm-0" ino=124930 scontext=u:r:installd:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file Change-Id: I406f1bea32736e2277adae1629a879fac0d714b6 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
nstalld.te
|
2cc6d63d5d88824527a7fd89a0cacf5702109eae |
04-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow system_server access to /data/media files passed via Binder. Addresses denials such as: avc: denied { read } for comm="Binder_6" path="/data/media/0/zedge/ringtone/love_tone_2014-ringtone-1665292.mp3" dev="mmcblk0p28" ino=1534267 scontext=u:r:system_server:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file avc: denied { getattr } for comm="Binder_9" path="/data/media/0/zedge/ringtone/love_tone_2014-ringtone-1665292.mp3" dev="mmcblk0p28" ino=1534267 scontext=u:r:system_server:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file Change-Id: I5e5744eecf2cbd4fc584db8584be4e9101bcb60c Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ystem_server.te
|
3242763c42b29734a828d6f1c4be6692d909d12a |
04-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 4e37402b: am 84ed890a: Merge adf_device into graphics_device * commit '4e37402ba38579fcc6b39b25c3b6ac271d2e109b': Merge adf_device into graphics_device
|
4e37402ba38579fcc6b39b25c3b6ac271d2e109b |
04-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 84ed890a: Merge adf_device into graphics_device * commit '84ed890aebce5235018b846fac734b47833ee364': Merge adf_device into graphics_device
|
84ed890aebce5235018b846fac734b47833ee364 |
04-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Merge adf_device into graphics_device As of sepolicy commit a16a59e2c7f1e2f09bf7b750101973a974c972e8 (https://android-review.googlesource.com/94580), adf_device and graphics_device have the exact same security properties. Merge them into one type to avoid a proliferation of SELinux types. Change-Id: Ib1a24f5d880798600e103b9e14934e41abb1ef95
pp.te
evice.te
ile_contexts
ealthd.te
urfaceflinger.te
|
315588307a0bac1a6aa4ca72ad8790e7b527cca9 |
03-Jun-2014 |
Christopher Tate <ctate@android.com> |
am 519aab84: am 6f6c4255: Adjust rules around /data/app entities * commit '519aab84e3c3a513f1aa2d4c90f7a11dd8a7b498': Adjust rules around /data/app entities
|
cb23ca92f303fca6bb0f48a1beb384e220afe39e |
29-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Remove domain unlabeled access. https://android-review.googlesource.com/#/c/95900/ added allow rules for unlabeled access as needed to all confined domains. Therefore we can remove it from domain. The only other domain that truly needs unlabeled access is init, which presently inherits it from unconfineddomain. Also prevent rules that would permit any confined domain from creating new unlabeled files on the system. Change-Id: I31c6478b42fbf60e3b7893b9578b6ad50170def6 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
omain.te
|
519aab84e3c3a513f1aa2d4c90f7a11dd8a7b498 |
03-Jun-2014 |
Christopher Tate <ctate@android.com> |
am 6f6c4255: Adjust rules around /data/app entities * commit '6f6c425563f4faa4e1e12bf430c32d0b81a78f64': Adjust rules around /data/app entities
|
6f6c425563f4faa4e1e12bf430c32d0b81a78f64 |
31-May-2014 |
Christopher Tate <ctate@android.com> |
Adjust rules around /data/app entities This is to accomodate migration to (and ongoing support of) a new installed-app file topology, in which APK files are placed in /data/app/$PACKAGE-rev/, there is a canonical-path symlink /data/app/$PACKAGE/ -> /data/app/$PACKAGE-rev/, and the native libraries exist not under a top-level /data/app-lib/$PACKAGE-rev hard directory, but rather under /data/app/$PACKAGE/lib (when referenced by canonical path). Change-Id: I4f60257f8923c64266d98aa247bffa912e204fb0
pp.te
omain.te
nstalld.te
|
68c5f90b97bbc663ae7bb736279f951b111ae483 |
02-Jun-2014 |
Nick Kralevich <nnk@google.com> |
add execmod to various app domains NDK r8c and below induced text relocations into every NDK compiled shared library. (https://code.google.com/p/android/issues/detail?id=23203). For compatibility, we need to support shared libraries with text relocations in them. Addresses the following error / denial: 06-02 13:28:59.495 3634 3634 W linker : libCore.so has text relocations. This is wasting memory and prevents security hardening. Please fix. <4>[ 57.430677] type=1400 audit(1401740939.756:13): avc: denied { execmod } for pid=3634 comm=".playandlearnhd" path="/data/app-lib/com.adobe.air-2/libCore.so" dev="mmcblk0p28" ino=32745 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:system_data_file:s0 tclass=file Steps to reproduce: 1) Install Adobe AIR (https://play.google.com/store/apps/details?id=com.adobe.air) 2) Install PBS Parents Play & Learn (https://play.google.com/store/apps/details?id=air.org.pbskids.playandlearnhd) 3) Attempt to run Play & Learn app Expected: App runs Actual: App crashes with error above. Bug: 15388851 (cherry picked from commit 78706f9ef6d917fe2ec85ecb6b0f47fbc5efde57) Change-Id: I4a20de92f9c5f1840a30232212ba373b497c19a8
pp.te
ntrusted_app.te
|
67fceaaf66d14162ff23fdc8084c0889e4514f7f |
03-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 78743ab5: am 86b05c47: Merge "Remove obsolete vdc rule." * commit '78743ab5beceafffc623f672a039ae263d545791': Remove obsolete vdc rule.
|
78743ab5beceafffc623f672a039ae263d545791 |
03-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 86b05c47: Merge "Remove obsolete vdc rule." * commit '86b05c47d4f92482f448a7cbaf4240ecce1118a8': Remove obsolete vdc rule.
|
86b05c47d4f92482f448a7cbaf4240ecce1118a8 |
03-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Remove obsolete vdc rule."
|
9ff48ff2270047e45eb0494635beeb9c7d7ccedd |
03-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Merge "eliminate duplicate line"
|
ae45ae99a54bdd95be2583817a13d3abfe6d9e5a |
03-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 06413106: am 6399f40f: Merge "add execmod to various app domains" * commit '06413106b148178d0f256f95caad961b8a4f06fb': add execmod to various app domains
|
06413106b148178d0f256f95caad961b8a4f06fb |
03-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 6399f40f: Merge "add execmod to various app domains" * commit '6399f40faa36adc6a1745d37dbf9cc567e3ae6c5': add execmod to various app domains
|
6399f40faa36adc6a1745d37dbf9cc567e3ae6c5 |
03-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Merge "add execmod to various app domains"
|
24b56225280980a27765135a841009319735108a |
05-Feb-2014 |
Nick Kralevich <nnk@google.com> |
Remove obsolete vdc rule. As of system/core commit 225459a5da21e9397ca49b0d9af7d5fe3462706b, adbd no longer talks to vold. Remove the obsolete rule. Bug: 12504045 Change-Id: I0a4f621afd8e5f8ab83219e7b0ff096c992d365f
dbd.te
|
fad6759dd489420c5e0aeb6e96848c2f47667f5d |
03-Jun-2014 |
Nick Kralevich <nnk@google.com> |
eliminate duplicate line Somehow net_domain(su) showed up twice in internal master. Delete the duplicate line. Change-Id: I15c102850946c30c2322d6d4edcf59407d430531
u.te
|
939ccb820bc2ea0ae34415606a0d35d2907a6331 |
03-Jun-2014 |
JP Abgrall <jpa@google.com> |
am 278959b9: am dda7fb89: am bd0262c9: Add ocontext for F2FS * commit '278959b97a1202d3b7c4d76bd6bba3f7b7241109': Add ocontext for F2FS
|
278959b97a1202d3b7c4d76bd6bba3f7b7241109 |
03-Jun-2014 |
JP Abgrall <jpa@google.com> |
am dda7fb89: am bd0262c9: Add ocontext for F2FS * commit 'dda7fb89cb25c7d467782ea985b40ae630872efc': Add ocontext for F2FS
|
dda7fb89cb25c7d467782ea985b40ae630872efc |
03-Jun-2014 |
JP Abgrall <jpa@google.com> |
am bd0262c9: Add ocontext for F2FS * commit 'bd0262c996ce96ab910a06f5973d9d5ad851acca': Add ocontext for F2FS
|
bd0262c996ce96ab910a06f5973d9d5ad851acca |
03-Jun-2014 |
JP Abgrall <jpa@google.com> |
Add ocontext for F2FS Without this, the "seclabel" mount option is unavailable to F2FS. Bug: 15388455 Change-Id: I8d141a0d4d14df9fe84d3b131484e9696fcd8870
s_use
|
78706f9ef6d917fe2ec85ecb6b0f47fbc5efde57 |
02-Jun-2014 |
Nick Kralevich <nnk@google.com> |
add execmod to various app domains NDK r8c and below induced text relocations into every NDK compiled shared library. (https://code.google.com/p/android/issues/detail?id=23203). For compatibility, we need to support shared libraries with text relocations in them. Addresses the following error / denial: 06-02 13:28:59.495 3634 3634 W linker : libCore.so has text relocations. This is wasting memory and prevents security hardening. Please fix. <4>[ 57.430677] type=1400 audit(1401740939.756:13): avc: denied { execmod } for pid=3634 comm=".playandlearnhd" path="/data/app-lib/com.adobe.air-2/libCore.so" dev="mmcblk0p28" ino=32745 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:system_data_file:s0 tclass=file Steps to reproduce: 1) Install Adobe AIR (https://play.google.com/store/apps/details?id=com.adobe.air) 2) Install PBS Parents Play & Learn (https://play.google.com/store/apps/details?id=air.org.pbskids.playandlearnhd) 3) Attempt to run Play & Learn app Expected: App runs Actual: App crashes with error above. Bug: 15388851 Change-Id: I88bfd72b2abf2407803da0209d2313c8210c6663
pp.te
ntrusted_app.te
|
a3d8b061ec3f7871eb58ce201fd5b1729e005012 |
02-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 21cdb76d: am e541f30c: am 3957ae73: Merge "recovery: enable permissive_or_unconfined" * commit '21cdb76d6c5195b3e6d6ec9b34db8b5b3ed1513f': recovery: enable permissive_or_unconfined
|
21cdb76d6c5195b3e6d6ec9b34db8b5b3ed1513f |
02-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am e541f30c: am 3957ae73: Merge "recovery: enable permissive_or_unconfined" * commit 'e541f30cd9a6838feb4babfc2776860ca05729a5': recovery: enable permissive_or_unconfined
|
e541f30cd9a6838feb4babfc2776860ca05729a5 |
02-Jun-2014 |
Nick Kralevich <nnk@google.com> |
am 3957ae73: Merge "recovery: enable permissive_or_unconfined" * commit '3957ae733f1066efa5d0ae2b03604c0b11549430': recovery: enable permissive_or_unconfined
|
3957ae733f1066efa5d0ae2b03604c0b11549430 |
02-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Merge "recovery: enable permissive_or_unconfined"
|
d09cd2f8e52ed94a474e0266cec7f89c029abd71 |
02-Jun-2014 |
Daniel Cashman <dcashman@google.com> |
am 969f53a9: am f094e58f: am 715023eb: Merge "Changed unconfined process policy to a whitelist." * commit '969f53a97f46a9d9c042fc7f658cba821f13c238': Changed unconfined process policy to a whitelist.
|
969f53a97f46a9d9c042fc7f658cba821f13c238 |
02-Jun-2014 |
Daniel Cashman <dcashman@google.com> |
am f094e58f: am 715023eb: Merge "Changed unconfined process policy to a whitelist." * commit 'f094e58fa3b2dda7b41ca988602285688e17c7a7': Changed unconfined process policy to a whitelist.
|
f094e58fa3b2dda7b41ca988602285688e17c7a7 |
02-Jun-2014 |
Daniel Cashman <dcashman@google.com> |
am 715023eb: Merge "Changed unconfined process policy to a whitelist." * commit '715023eba196cb5dd226df89181c17d9e0c6936f': Changed unconfined process policy to a whitelist.
|
715023eba196cb5dd226df89181c17d9e0c6936f |
02-Jun-2014 |
Daniel Cashman <dcashman@google.com> |
Merge "Changed unconfined process policy to a whitelist."
|
52dcc94deb81bc6fad7e0a744e0f5314ba3d1d2d |
31-May-2014 |
Riley Spahn <rileyspahn@google.com> |
Changed unconfined process policy to a whitelist. Rewrote the process policy in external/sepolicy/unconfined.te from a blacklist to a whitelist to be more easily understood. There were previously 11 disallowed permissions and now there are 19 allowed permissions. Change-Id: Ida4dc881c5fedc56980324774f40e09a9b8a830a
nconfined.te
|
4203981e8b0c741057268b6a633fe9e84b31ebd6 |
31-May-2014 |
Nick Kralevich <nnk@google.com> |
recovery: enable permissive_or_unconfined Switch from using unconfined_domain() to permissive_or_unconfined(). For user builds, or builds with FORCE_PERMISSIVE_TO_UNCONFINED=true, this is a no-op. For userdebug / eng builds, this will allow us to collect denials from /proc/last_kmsg. Change-Id: I41e1a206b2a3b0eee34539bfebfc5deee9e18a42
ecovery.te
|
33bf667ab1f78ce35555d148ffb0e5f1b96fe9f0 |
31-May-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
am ec87ecb9: am 8571ed16: am 8b7545bf: Build the selinux_version file. * commit 'ec87ecb99187ce4e7c4b01e3e2ff79e9f61a5968': Build the selinux_version file.
|
ec87ecb99187ce4e7c4b01e3e2ff79e9f61a5968 |
31-May-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
am 8571ed16: am 8b7545bf: Build the selinux_version file. * commit '8571ed162e85c507ea93b06c6816cdf99019625a': Build the selinux_version file.
|
8571ed162e85c507ea93b06c6816cdf99019625a |
31-May-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
am 8b7545bf: Build the selinux_version file. * commit '8b7545bf5745e1e0aba55b0334de40d2334728b1': Build the selinux_version file.
|
8b7545bf5745e1e0aba55b0334de40d2334728b1 |
20-Mar-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
Build the selinux_version file. The selinux_version file is used to perform policy versioning checks by libselinux and SELinuxMMAC. When loading policy a check is first performed to determine if the policy out in /data/security/current should be used to override the base policy shipped with the device. The selinux_version file is used to make that choice. The contents of the file simply contains the BUILD_FINGERPRINT that the policy was built against. A simple string comparison is then performed by libselinux and SELinuxMMAC. Change-Id: I69d9d071743cfd46bb247c98f94a193396f8ebbd Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
ndroid.mk
|
d112eda43bb6015486041cc96aa318e5df48de6e |
30-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am fb264819: am 7ac88000: am 3235f61a: Restrict /data/security and setprop selinux.reload_policy access. * commit 'fb2648191cd6dfe8cd5d41a42f7c71a2e3cdb457': Restrict /data/security and setprop selinux.reload_policy access.
|
fb2648191cd6dfe8cd5d41a42f7c71a2e3cdb457 |
30-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 7ac88000: am 3235f61a: Restrict /data/security and setprop selinux.reload_policy access. * commit '7ac880005144b7444fb92595c2acea0b54955989': Restrict /data/security and setprop selinux.reload_policy access.
|
7ac880005144b7444fb92595c2acea0b54955989 |
30-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 3235f61a: Restrict /data/security and setprop selinux.reload_policy access. * commit '3235f61aa859af1d1c3d060eb55cf1929bc6914f': Restrict /data/security and setprop selinux.reload_policy access.
|
4a247480b3da612b60429b277ef508adfadb9de2 |
30-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am c664083b: am ffbba62e: am e60723ab: Create a separate recovery policy. * commit 'c664083badd1c73c144f53354c015681cd7e6951': Create a separate recovery policy.
|
ffdcb2eab9e0245db65161338e66d56f877f0baa |
30-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make racoon enforcing. Change-Id: Id585191e1077c3a2d0e0a6a51e0dd98c48ea0291 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
acoon.te
|
3235f61aa859af1d1c3d060eb55cf1929bc6914f |
30-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Restrict /data/security and setprop selinux.reload_policy access. Remove /data/security and setprop selinux.reload_policy access from unconfineddomain, and only add back what is needed to init (system_server already gets the required allow rules via the selinux_manage_policy macro). init (via init.rc post-fs-data) originally creates /data/security and may later restorecon it. init also sets the property (also from init.rc post-fs-data) to trigger a reload once /data is mounted. The system_server (SELinuxPolicyInstallReceiver in particular) creates subdirectories under /data/security for updates, writes files to these subdirectories, creates the /data/security/current symlink to the update directory, and sets the property to trigger a reload when an update bundle is received. Add neverallow rules to ensure that we do not allow undesired access to security_file or security_prop. This is only truly meaningful if the support for /data/security policies is restored, but is harmless otherwise. Also drop the persist.mmac property_contexts entry; it was never used in AOSP, only in our tree (for middleware MAC) and is obsolete. Change-Id: I5ad5e3b6fc7abaafd314d31723f37b708d8fcf89 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
omain.te
nit.te
roperty_contexts
nconfined.te
|
c664083badd1c73c144f53354c015681cd7e6951 |
30-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am ffbba62e: am e60723ab: Create a separate recovery policy. * commit 'ffbba62eafb759573aad4bcdc77d56026697ea00': Create a separate recovery policy.
|
ffbba62eafb759573aad4bcdc77d56026697ea00 |
30-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am e60723ab: Create a separate recovery policy. * commit 'e60723ab59f48626c6a700ba645bfe5eac6f0fc3': Create a separate recovery policy.
|
e60723ab59f48626c6a700ba645bfe5eac6f0fc3 |
29-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Create a separate recovery policy. Create a separate recovery policy and only include the recovery domain allow rules in it. Change-Id: I444107f9821eabf4164ba07a44d03bd71e719989 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ndroid.mk
ecovery.te
e_macros
|
7c1ed3450cec3b76211546777d4327c8483b9946 |
30-May-2014 |
Nick Kralevich <nnk@google.com> |
am 422d2e6e: am 7b601c31: am ac664270: Merge "Only auditallow unlabeled accesses not allowed elsewhere." * commit '422d2e6ed9ef5362d137b225e8d838c7590df2d3': Only auditallow unlabeled accesses not allowed elsewhere.
|
8f5d6003f495a284f7066181cae00cbb67f1a7c2 |
30-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am f509c81c: am 871b832c: am 73b0346a: Explictly allow init and kernel unlabeled access. * commit 'f509c81c728031adea64a298ba4adb2cc073eebf': Explictly allow init and kernel unlabeled access.
|
422d2e6ed9ef5362d137b225e8d838c7590df2d3 |
30-May-2014 |
Nick Kralevich <nnk@google.com> |
am 7b601c31: am ac664270: Merge "Only auditallow unlabeled accesses not allowed elsewhere." * commit '7b601c3105cf66c330f19a86eb8a74759277054d': Only auditallow unlabeled accesses not allowed elsewhere.
|
f509c81c728031adea64a298ba4adb2cc073eebf |
30-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 871b832c: am 73b0346a: Explictly allow init and kernel unlabeled access. * commit '871b832cee49a14ca9265451a7c902d32585c603': Explictly allow init and kernel unlabeled access.
|
7b601c3105cf66c330f19a86eb8a74759277054d |
30-May-2014 |
Nick Kralevich <nnk@google.com> |
am ac664270: Merge "Only auditallow unlabeled accesses not allowed elsewhere." * commit 'ac6642703f179f8d36b1cca4fe5bd261de65b4b4': Only auditallow unlabeled accesses not allowed elsewhere.
|
871b832cee49a14ca9265451a7c902d32585c603 |
30-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 73b0346a: Explictly allow init and kernel unlabeled access. * commit '73b0346a7d8c500c24731575c118b2fefb8075ea': Explictly allow init and kernel unlabeled access.
|
ac6642703f179f8d36b1cca4fe5bd261de65b4b4 |
30-May-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Only auditallow unlabeled accesses not allowed elsewhere."
|
73b0346a7d8c500c24731575c118b2fefb8075ea |
30-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Explictly allow init and kernel unlabeled access. These permissions are already allowed indirectly via unconfineddomain and via domain, but ultimately we plan to remove them from those two attributes. Explicitly allow the ones we expect to be required, matching the complement of the auditallow rules in domain.te. Change-Id: I43edca89d59c159b97d49932239f8952a848031c Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
nit.te
ernel.te
|
2c8bf56f9698923641a0628bae37fe9b2033c0bb |
30-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Only auditallow unlabeled accesses not allowed elsewhere. https://android-review.googlesource.com/#/c/95900/ added further unlabeled rules for installd and added explicit unlabeled rules for vold and system_server. Exclude these permissions from the auditallow rules on unlabeled so that we only see the ones that would be denied if we were to remove the allow domain rules here. Change-Id: I2b9349ad6606bcb6a74a7e67343a8a9e5d70174c Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
omain.te
|
6c9420122c9cfc738fbd056bc28277b2974496ca |
29-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 9890c746: am e3a92d50: am f85c1fc2: Allow installd, vold, system_server unlabeled access. * commit '9890c746b58876d4bcf7bb2e79c0b50dd6d5d5ef': Allow installd, vold, system_server unlabeled access.
|
c9eefc401afaf1fd064af8b82565422d9b99487b |
29-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 1915d0e9: am c0254385: am eb1bbf26: Clean up kernel, init, and recovery domains. * commit '1915d0e94c42ad889d5844f5050348cd6297092b': Clean up kernel, init, and recovery domains.
|
9890c746b58876d4bcf7bb2e79c0b50dd6d5d5ef |
29-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am e3a92d50: am f85c1fc2: Allow installd, vold, system_server unlabeled access. * commit 'e3a92d5067e2c4b1801fc73b3b527c0dcbe940c5': Allow installd, vold, system_server unlabeled access.
|
1915d0e94c42ad889d5844f5050348cd6297092b |
29-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am c0254385: am eb1bbf26: Clean up kernel, init, and recovery domains. * commit 'c0254385eb5382aebb524132590098a0ac57e5b2': Clean up kernel, init, and recovery domains.
|
e3a92d5067e2c4b1801fc73b3b527c0dcbe940c5 |
29-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am f85c1fc2: Allow installd, vold, system_server unlabeled access. * commit 'f85c1fc293523db241c48d815b165067b8a0f471': Allow installd, vold, system_server unlabeled access.
|
f85c1fc293523db241c48d815b165067b8a0f471 |
27-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow installd, vold, system_server unlabeled access. The bugs that motivated bringing back the unlabeled allowall rules, https://android-review.googlesource.com/#/c/94971/ should be resolved by the following changes: https://android-review.googlesource.com/#/c/94966/ https://android-review.googlesource.com/#/c/96080/ Beyond those changes, installd needs to be able to remove package directories for apps that no longer exist or have moved (e.g. to priv-app) on upgrades, so allow it the permissions required for this purpose. vold needs to be able to chown/chmod/restorecon files in asec containers so allow it the permissions to do so. system_server tries to access all /data/data subdirectories so permit it to do so. installd and system_server read the pkg.apk file before it has been relabeled by vold and therefore need to read unlabeled files. Change-Id: I70da7d605c0d037eaa5f3f5fda24f5e7715451dc Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
nstalld.te
ystem_server.te
old.te
|
c0254385eb5382aebb524132590098a0ac57e5b2 |
29-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am eb1bbf26: Clean up kernel, init, and recovery domains. * commit 'eb1bbf2632dc20e836f3d340feab548ee496e291': Clean up kernel, init, and recovery domains.
|
eb1bbf2632dc20e836f3d340feab548ee496e291 |
29-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Clean up kernel, init, and recovery domains. Narrow the relabelto rules to a more specific type set for each domain. Drop mount permissions from the kernel domain since mounting occurs after switching to the init domain. This was likely a residual of when all processes were left in the kernel domain on a recovery boot due to the missing setcon statement in the recovery init.rc. Be consistent with unlabeled filesystems (i.e. filesystems without any matching fs_use or genfs_contexts entry) so that we can also unmount them. Add comments to note the reason for various rules. Change-Id: I269a1744ed7bf8c6be899494c5dc97847e5a994d Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
nit.te
ernel.te
ecovery.te
|
db63a0021d12643da15fe201791166df499831cc |
29-May-2014 |
Nick Kralevich <nnk@google.com> |
am d39c925b: am 24cf6d63: am 4553074c: Merge "Remove /system write from unconfined" * commit 'd39c925bdc18e6782aa628e3da04f9f0fdea8af5': Remove /system write from unconfined
|
d39c925bdc18e6782aa628e3da04f9f0fdea8af5 |
29-May-2014 |
Nick Kralevich <nnk@google.com> |
am 24cf6d63: am 4553074c: Merge "Remove /system write from unconfined" * commit '24cf6d63ca99ceb087fe617fd4003bec67bbc1f2': Remove /system write from unconfined
|
24cf6d63ca99ceb087fe617fd4003bec67bbc1f2 |
29-May-2014 |
Nick Kralevich <nnk@google.com> |
am 4553074c: Merge "Remove /system write from unconfined" * commit '4553074c5e01cbfbd377e6b2b0cfeb695aff0376': Remove /system write from unconfined
|
4553074c5e01cbfbd377e6b2b0cfeb695aff0376 |
29-May-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Remove /system write from unconfined"
|
03ce5120722b3b5cb9cd0fec08c22681a96ee3d6 |
20-May-2014 |
Nick Kralevich <nnk@google.com> |
Remove /system write from unconfined Don't allow writes to /system from unconfined domains. /system is always mounted read-only, and no process should ever need to write there. Allow recovery to write to /system. This is needed to apply OTA images. Change-Id: I11aa8bd0c3b7f53ebe83806a0547ab8d5f25f3c9
omain.te
nit.te
ernel.te
ecovery.te
nconfined.te
|
d635b88ec724ab724a65c48f04e22c50f7ca249e |
29-May-2014 |
Nick Kralevich <nnk@google.com> |
am 3c11c348: am 2c6fbb30: am d6aa23df: Merge "Label ril.cdma with radio_prop." * commit '3c11c348de760ad4fbaae4d0824f7b11cc58cb87': Label ril.cdma with radio_prop.
|
3c11c348de760ad4fbaae4d0824f7b11cc58cb87 |
29-May-2014 |
Nick Kralevich <nnk@google.com> |
am 2c6fbb30: am d6aa23df: Merge "Label ril.cdma with radio_prop." * commit '2c6fbb30479d82b6816986129ac1d8952b21aabe': Label ril.cdma with radio_prop.
|
2c6fbb30479d82b6816986129ac1d8952b21aabe |
29-May-2014 |
Nick Kralevich <nnk@google.com> |
am d6aa23df: Merge "Label ril.cdma with radio_prop." * commit 'd6aa23dfb1251feff87b5c5f9ab47b61bffd4fed': Label ril.cdma with radio_prop.
|
d6aa23dfb1251feff87b5c5f9ab47b61bffd4fed |
29-May-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Label ril.cdma with radio_prop."
|
a0dc237a18f19b822cef32b41fbd8e56a1117c6b |
29-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am fdfae4de: am 040b21d9: am ad0d0fc7: Protect /data/property. * commit 'fdfae4deb6cc39e82e57c6425b8d5dd42b1ea7f8': Protect /data/property.
|
fdfae4deb6cc39e82e57c6425b8d5dd42b1ea7f8 |
29-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 040b21d9: am ad0d0fc7: Protect /data/property. * commit '040b21d95e412e9ee241edb9991f5eb2300c37d3': Protect /data/property.
|
040b21d95e412e9ee241edb9991f5eb2300c37d3 |
29-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am ad0d0fc7: Protect /data/property. * commit 'ad0d0fc722d04e465ce2b0bfd2f8e04714c75391': Protect /data/property.
|
ad0d0fc722d04e465ce2b0bfd2f8e04714c75391 |
29-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Protect /data/property. /data/property is only accessible by root and is used by the init property service for storing persistent property values. Create a separate type for it and only allow init to write to the directory and files within it. Ensure that we do not allow access to other domains in future changes or device-specific policy via a neverallow rule. Change-Id: Iff556b9606c5651c0f1bba902e30b59bdd6f063a Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
omain.te
ile.te
ile_contexts
nit.te
nconfined.te
|
3a099879fb976cd153c9a02312b9a08b58576f3e |
29-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Label ril.cdma with radio_prop. Resolves denials such as: avc: denied { set } for property=ril.cdma.inecmmode scontext=u:r:radio:s0 tcontext=u:object_r:rild_prop:s0 tclass=property_service This makes ril.cdma consistent with net.cdma. We may ultimately need to coalesce rild_prop and radio_prop; they were an attempt to distinguish what can be set by rild from what can be set by com.android.phone, but the init property service DAC checking permits any of them to be set by anything with the radio AID. We presently allow rild to set either type, but radio can only set radio_prop. Change-Id: Ia3852db187e52427e18075e24b2beab19dd59c1f Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
roperty_contexts
|
2a7a6a50fa7277b2afaf022e6a7664fdd1295a9f |
29-May-2014 |
Nick Kralevich <nnk@google.com> |
am 4731688a: am 8c49978f: am c8859c2d: Merge "remove syslog_* from unconfined" * commit '4731688a1362a3362ee79966b15db092fc50ff4e': remove syslog_* from unconfined
|
4731688a1362a3362ee79966b15db092fc50ff4e |
29-May-2014 |
Nick Kralevich <nnk@google.com> |
am 8c49978f: am c8859c2d: Merge "remove syslog_* from unconfined" * commit '8c49978f68d43a65160aaa5a27bbb9baa9a86432': remove syslog_* from unconfined
|
8c49978f68d43a65160aaa5a27bbb9baa9a86432 |
29-May-2014 |
Nick Kralevich <nnk@google.com> |
am c8859c2d: Merge "remove syslog_* from unconfined" * commit 'c8859c2d152e42b8084fa1cd08c875afc1bf2451': remove syslog_* from unconfined
|
c8859c2d152e42b8084fa1cd08c875afc1bf2451 |
29-May-2014 |
Nick Kralevich <nnk@google.com> |
Merge "remove syslog_* from unconfined"
|
246e18ba77e9e447248700d16a3eb197dc7a4c30 |
28-May-2014 |
Nick Kralevich <nnk@google.com> |
am 1dd5b3aa: am 0d5df963: am 8dd5053f: Merge "Restore system_app access to system-owned /data directories." * commit '1dd5b3aa10b9dc348a2e5df2b5f36d022d2dfdec': Restore system_app access to system-owned /data directories.
|
1dd5b3aa10b9dc348a2e5df2b5f36d022d2dfdec |
28-May-2014 |
Nick Kralevich <nnk@google.com> |
am 0d5df963: am 8dd5053f: Merge "Restore system_app access to system-owned /data directories." * commit '0d5df96350db09b4bf75cce865f504e15f3e0ae6': Restore system_app access to system-owned /data directories.
|
0d5df96350db09b4bf75cce865f504e15f3e0ae6 |
28-May-2014 |
Nick Kralevich <nnk@google.com> |
am 8dd5053f: Merge "Restore system_app access to system-owned /data directories." * commit '8dd5053f928a4cff19aba4da2aee30e9bffaf93d': Restore system_app access to system-owned /data directories.
|
8dd5053f928a4cff19aba4da2aee30e9bffaf93d |
28-May-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Restore system_app access to system-owned /data directories."
|
685e2f9d9c0d3f64e9eabb789adb0b34f5f11836 |
28-May-2014 |
Nick Kralevich <nnk@google.com> |
remove syslog_* from unconfined As suggested in https://android-review.googlesource.com/95966 , remove various syslog_* from unconfined. SELinux domains which want to use syslog_* can declare it themselves. Change-Id: I7a8335850d1b8d3463491b4ef8c657f57384cfa4
pp.te
nit.te
nconfined.te
|
da35e342340d14598a87543fe19888f0377e71b6 |
28-May-2014 |
Nick Kralevich <nnk@google.com> |
am 65a6c29d: am 9c463fe7: am 27c702dd: Merge "dontaudit su" * commit '65a6c29d87fdf84094ffbc0fb6c1138715f10d33': dontaudit su
|
b114b78f492ac37a96207ebbe902a20654f6cbce |
28-May-2014 |
Nick Kralevich <nnk@google.com> |
am 8fd6da9c: am 87fa2640: am f821b5a7: allow shell dmesg * commit '8fd6da9c24535f9f20202444cc7a81b0fcd7865d': allow shell dmesg
|
b31b6e64d5895b95c6e1e3d1c10de66fb76685c1 |
28-May-2014 |
Torne (Richard Coles) <torne@google.com> |
am 95b12ff7: am 8e215cf4: am ba176c5f: Merge "Define SELinux policy for RELRO sharing support." * commit '95b12ff7c54e88f1f76544694ccc9aba5a8d6298': Define SELinux policy for RELRO sharing support.
|
65a6c29d87fdf84094ffbc0fb6c1138715f10d33 |
28-May-2014 |
Nick Kralevich <nnk@google.com> |
am 9c463fe7: am 27c702dd: Merge "dontaudit su" * commit '9c463fe7af273cb33207865c58dfcf16403ac130': dontaudit su
|
8fd6da9c24535f9f20202444cc7a81b0fcd7865d |
28-May-2014 |
Nick Kralevich <nnk@google.com> |
am 87fa2640: am f821b5a7: allow shell dmesg * commit '87fa26409c05655875efbe3cd6ce65f5a194740e': allow shell dmesg
|
9c463fe7af273cb33207865c58dfcf16403ac130 |
28-May-2014 |
Nick Kralevich <nnk@google.com> |
am 27c702dd: Merge "dontaudit su" * commit '27c702dd5413764d4d50e33bf33f3da40261c5a1': dontaudit su
|
87fa26409c05655875efbe3cd6ce65f5a194740e |
28-May-2014 |
Nick Kralevich <nnk@google.com> |
am f821b5a7: allow shell dmesg * commit 'f821b5a7977102a417b32f358bf87d1e0cdeb06d': allow shell dmesg
|
27c702dd5413764d4d50e33bf33f3da40261c5a1 |
28-May-2014 |
Nick Kralevich <nnk@google.com> |
Merge "dontaudit su"
|
f821b5a7977102a417b32f358bf87d1e0cdeb06d |
28-May-2014 |
Nick Kralevich <nnk@google.com> |
allow shell dmesg Allow the shell user to see the dmesg output. This data is already available via "adb bugreport", but isn't easy to access. Bug: 10020939 Change-Id: I9d4bbbd41cb02b707cdfee79f826a39c1ec2f177
pp.te
helldomain.te
|
95b12ff7c54e88f1f76544694ccc9aba5a8d6298 |
28-May-2014 |
Torne (Richard Coles) <torne@google.com> |
am 8e215cf4: am ba176c5f: Merge "Define SELinux policy for RELRO sharing support." * commit '8e215cf43d1838a3acbf070524522af981002f4f': Define SELinux policy for RELRO sharing support.
|
8e215cf43d1838a3acbf070524522af981002f4f |
28-May-2014 |
Torne (Richard Coles) <torne@google.com> |
am ba176c5f: Merge "Define SELinux policy for RELRO sharing support." * commit 'ba176c5f0768f92fca411bf130817f32c36581a9': Define SELinux policy for RELRO sharing support.
|
ba176c5f0768f92fca411bf130817f32c36581a9 |
28-May-2014 |
Torne (Richard Coles) <torne@google.com> |
Merge "Define SELinux policy for RELRO sharing support."
|
af7deffb2c6ef217d0ea95e2e1d06042bc4e8e34 |
28-May-2014 |
Nick Kralevich <nnk@google.com> |
dontaudit su Denials generated from the su domain aren't meaningful security warnings, and just serve to confuse people. Don't log them. Change-Id: Id38314d4e7b45062c29bed63df4e50e05e4b131e
u.te
|
f1ea707a3df4a4b11332a246d89c37383bb427dc |
27-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Restore system_app access to system-owned /data directories. System UID apps want to be able to create/write to system-owned /data directories outside of their own /data/data package directory, such as /data/system/cache and /data/misc/keychain. Restore access (which was removed by Ifa10e3283b07f6bd6ecc16eceeb663edfd756cea when system_app_data_file was introduced for the /data/data package directories of system UID apps), but audit writes to system_data_file so we can look at introducing separate types for these directories in the future and ultimately remove access to the rest of the system-owned data. Change-Id: I573f120f23f2dd2d228aa738b31ad2cb3044ec6e Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ystem_app.te
|
952458595db198f3b1abbf091cce874587e5ca4a |
27-May-2014 |
Nick Kralevich <nnk@google.com> |
am f059a8a5: am 71494867: am 0cefb701: Merge "Remove setting /proc/self/attr/* from unconfined." * commit 'f059a8a5c9b200dedada0644d17e114ab97591de': Remove setting /proc/self/attr/* from unconfined.
|
f059a8a5c9b200dedada0644d17e114ab97591de |
27-May-2014 |
Nick Kralevich <nnk@google.com> |
am 71494867: am 0cefb701: Merge "Remove setting /proc/self/attr/* from unconfined." * commit '71494867246b29066dd054ed0a11481401c20d42': Remove setting /proc/self/attr/* from unconfined.
|
71494867246b29066dd054ed0a11481401c20d42 |
27-May-2014 |
Nick Kralevich <nnk@google.com> |
am 0cefb701: Merge "Remove setting /proc/self/attr/* from unconfined." * commit '0cefb70170fcc2bf88e0fb3737a2dd0680bdb123': Remove setting /proc/self/attr/* from unconfined.
|
0cefb70170fcc2bf88e0fb3737a2dd0680bdb123 |
27-May-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Remove setting /proc/self/attr/* from unconfined."
|
4f01142740f37b73b7c5aace09d4210b8afe5d71 |
27-May-2014 |
Nick Kralevich <nnk@google.com> |
am 1f156ccd: am de49e370: am f4ede35c: Merge "Assert executable content (mostly) only loaded from /system" * commit '1f156ccd3561917701b7e290e4286c07e15227d9': Assert executable content (mostly) only loaded from /system
|
1f156ccd3561917701b7e290e4286c07e15227d9 |
27-May-2014 |
Nick Kralevich <nnk@google.com> |
am de49e370: am f4ede35c: Merge "Assert executable content (mostly) only loaded from /system" * commit 'de49e370fd0c6f53577f5b6befc256324efc25d5': Assert executable content (mostly) only loaded from /system
|
de49e370fd0c6f53577f5b6befc256324efc25d5 |
27-May-2014 |
Nick Kralevich <nnk@google.com> |
am f4ede35c: Merge "Assert executable content (mostly) only loaded from /system" * commit 'f4ede35c8e77dc88411da6a5d7073a16dfdd0d3f': Assert executable content (mostly) only loaded from /system
|
f4ede35c8e77dc88411da6a5d7073a16dfdd0d3f |
27-May-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Assert executable content (mostly) only loaded from /system"
|
78f95f85b657e3c2126974cc0e0e1184c5969d6e |
27-May-2014 |
Nick Kralevich <nnk@google.com> |
am 231e6b30: am c3e27bda: am 8599e34b: Introduce wakelock_use() * commit '231e6b30cd20e8f006c49cde7a426ff964b2037e': Introduce wakelock_use()
|
231e6b30cd20e8f006c49cde7a426ff964b2037e |
27-May-2014 |
Nick Kralevich <nnk@google.com> |
am c3e27bda: am 8599e34b: Introduce wakelock_use() * commit 'c3e27bdac119004bd4e4e9ae9b91d4f55c881f19': Introduce wakelock_use()
|
c3e27bdac119004bd4e4e9ae9b91d4f55c881f19 |
27-May-2014 |
Nick Kralevich <nnk@google.com> |
am 8599e34b: Introduce wakelock_use() * commit '8599e34b95705638034b798c56bc2cc8bb2e6372': Introduce wakelock_use()
|
f853715d225f1882d0e2aa7cc3b3000c9a640a13 |
27-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Remove setting /proc/self/attr/* from unconfined. Change I6a2fb1279318625a80f3ea8e3f0932bdbe6df676 removed these permissions from domain.te and added them to specific domains as required. Remove the permissions from unconfineddomain as well so that they are only allowed where explicitly allowed. The earlier change already added the necessary permissions to init, kernel, and recovery so we do not need to add them here. Change-Id: Ifeb5438532a7525e64328e1c54b436e9b6f7fd3b Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
nconfined.te
|
9786af2bcaaf0ba25c0a50c81c748a05793ec847 |
23-May-2014 |
Torne (Richard Coles) <torne@google.com> |
Define SELinux policy for RELRO sharing support. Define a domain and appropriate access rules for shared RELRO files (used for loading the WebView native library). Any app is permitted to read the files as they are public data, but only the shared_relro process is permitted to create/update them. Bug: 13005501 Change-Id: I9d5ba9e9eedb9b8c80fe6f84a3fc85a68553d52e
pp.te
ile.te
ile_contexts
eapp_contexts
hared_relro.te
|
629fbc9540b4ab6d780cfa8442160b4923373021 |
24-May-2014 |
Nick Kralevich <nnk@google.com> |
Assert executable content (mostly) only loaded from /system Add a compile time assertion that most SELinux domains don't execute code from outside of the system partition. Exceptions are listed in the neverallow rule. Change-Id: I8166e29a269adca11661df3c6cda4448a42ca30d
omain.te
|
8599e34b95705638034b798c56bc2cc8bb2e6372 |
23-May-2014 |
Nick Kralevich <nnk@google.com> |
Introduce wakelock_use() Introduce wakelock_use(). This macro declares that a domain uses wakelocks. Wakelocks require both read-write access to files in /sys/power, and CAP_BLOCK_SUSPEND. This macro helps ensure that both capabilities and file access are granted at the same time. Still TODO: fix device specific wakelock use. Change-Id: Ib98ff374a73f89e403acd9f5e024988f59f08115
ealthd.te
ild.te
ystem_server.te
e_macros
old.te
|
fb5e12c499ca5c4fe72d32a41b1114c95d71a743 |
23-May-2014 |
Nick Kralevich <nnk@google.com> |
am c7816057: am befe0652: am ccb9f7a1: Merge "Label /dev/socket/zygote_secondary" * commit 'c7816057ad4f5bbce7db37702f9b673a9b1cc77a': Label /dev/socket/zygote_secondary
|
c7816057ad4f5bbce7db37702f9b673a9b1cc77a |
23-May-2014 |
Nick Kralevich <nnk@google.com> |
am befe0652: am ccb9f7a1: Merge "Label /dev/socket/zygote_secondary" * commit 'befe065282fc03cacf568c66b7b9e20e2eb520fa': Label /dev/socket/zygote_secondary
|
befe065282fc03cacf568c66b7b9e20e2eb520fa |
23-May-2014 |
Nick Kralevich <nnk@google.com> |
am ccb9f7a1: Merge "Label /dev/socket/zygote_secondary" * commit 'ccb9f7a1000c35721a28c501c52b0ae87dfcb775': Label /dev/socket/zygote_secondary
|
ccb9f7a1000c35721a28c501c52b0ae87dfcb775 |
23-May-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Label /dev/socket/zygote_secondary"
|
1e4341642e5107bbef3763392b9798ee40922d71 |
23-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 6892ef30: am 3ea6027a: am 356f4be6: Restrict requesting contexts other than policy-defined defaults. * commit '6892ef307a9bf0559f8c717c4fe722bd3bd4618a': Restrict requesting contexts other than policy-defined defaults.
|
80c0c51a46fd24f9daea690735ff1dba6682d408 |
23-May-2014 |
Nick Kralevich <nnk@google.com> |
am 2deac73c: am 219cef14: am 4fce0ef9: Fix use of valgrind via app wrapping * commit '2deac73c5670eaba1665c7b485b9593cd70d1cf0': Fix use of valgrind via app wrapping
|
a9047e58942cdd60067a72b392c171b8b20ebe05 |
23-May-2014 |
Nick Kralevich <nnk@google.com> |
am c51e4442: (-s ours) DO NOT MERGE: Flip FORCE_PERMISSIVE_TO_UNCONFINED to true * commit 'c51e44420ddb3025e5bb118f0c50ed159d2de685': DO NOT MERGE: Flip FORCE_PERMISSIVE_TO_UNCONFINED to true
|
6892ef307a9bf0559f8c717c4fe722bd3bd4618a |
23-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 3ea6027a: am 356f4be6: Restrict requesting contexts other than policy-defined defaults. * commit '3ea6027a7185cff45211ad6a430b5112bef5021d': Restrict requesting contexts other than policy-defined defaults.
|
3ea6027a7185cff45211ad6a430b5112bef5021d |
23-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 356f4be6: Restrict requesting contexts other than policy-defined defaults. * commit '356f4be679544363466dad93e7bee68b2a6f2cf0': Restrict requesting contexts other than policy-defined defaults.
|
356f4be679544363466dad93e7bee68b2a6f2cf0 |
23-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Restrict requesting contexts other than policy-defined defaults. Writing to the /proc/self/attr files (encapsulated by the libselinux set*con functions) enables a program to request a specific security context for various operations instead of the policy-defined defaults. The security context specified using these calls is checked by an operation-specific permission, e.g. dyntransition for setcon, transition for setexeccon, create for setfscreatecon or setsockcreatecon, but the ability to request a context at all is controlled by a process permission. Omit these permissions from domain.te and only add them back where required so that only specific domains can even request a context other than the default defined by the policy. Change-Id: I6a2fb1279318625a80f3ea8e3f0932bdbe6df676 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
dbd.te
omain.te
nit.te
ernel.te
ecovery.te
unas.te
eventd.te
ygote.te
|
c51e44420ddb3025e5bb118f0c50ed159d2de685 |
23-May-2014 |
Nick Kralevich <nnk@google.com> |
DO NOT MERGE: Flip FORCE_PERMISSIVE_TO_UNCONFINED to true Force any experimental SELinux domains (ones tagged with "permissive_or_unconfined") into unconfined. This flag is intended to be flipped when we're preparing a release, to eliminate inconsistencies between user and userdebug devices, and to ensure that we're enforcing a minimal set of rules for all SELinux domains. Without this change, our user builds will behave differently than userdebug builds, complicating testing. Change-Id: Ia43d185638336e545a7556c3a0ddf0f34e053706
ndroid.mk
|
4d7353f7db7b2838f2bd8ea503f895d93aa30682 |
23-May-2014 |
Qiwen Zhao <zhao@google.com> |
reset to c17437ff with history
|
2deac73c5670eaba1665c7b485b9593cd70d1cf0 |
23-May-2014 |
Nick Kralevich <nnk@google.com> |
am 219cef14: am 4fce0ef9: Fix use of valgrind via app wrapping * commit '219cef1469796371f47aa42b5e92fe299a586130': Fix use of valgrind via app wrapping
|
219cef1469796371f47aa42b5e92fe299a586130 |
23-May-2014 |
Nick Kralevich <nnk@google.com> |
am 4fce0ef9: Fix use of valgrind via app wrapping * commit '4fce0ef97c2a4cb6e0ce2adf17c012c8be6252bf': Fix use of valgrind via app wrapping
|
7cba5da2f6923316dea6542ef63883533337dfd8 |
23-May-2014 |
Nick Kralevich <nnk@google.com> |
Label /dev/socket/zygote_secondary zygote_secondary talks over a different socket named /dev/socket/zygote_secondary. Make sure it's properly labeled. See https://android-review.googlesource.com/89604 Addresses the following denial: <12>[ 48.442004] type=1400 audit(1400801842.179:5): avc: denied { write } for pid=1082 comm="main" name="zygote_secondary" dev="tmpfs" ino=9953 scontext=u:r:system_server:s0 tcontext=u:object_r:socket_device:s0 tclass=sock_file permissive=1 Bug: 13647418 Change-Id: I1ff5f1d614295a5870bb8a3992ad9167e1656c92
ile_contexts
|
4fce0ef97c2a4cb6e0ce2adf17c012c8be6252bf |
23-May-2014 |
Nick Kralevich <nnk@google.com> |
Fix use of valgrind via app wrapping On userdebug / eng builds, Android supports the concept of app wrapping. You can run an app wrapped by another process. This is traditionally used to run valgrind on apps, looking for memory leaks and other problems. App wrapping is enabled by running the following command: adb shell setprop wrap.com.android.foo "TMPDIR=/data/data/com.android.foo logwrapper valgrind" Valgrind attempts to mmap exec /system/bin/app_process, which is being denied by SELinux. Allow app_process exec. Addresses the following denial: <4>[ 82.643790] type=1400 audit(16301075.079:26): avc: denied { execute } for pid=1519 comm="memcheck-arm-li" path="/system/bin/app_process32" dev="mmcblk0p25" ino=61 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:zygote_exec:s0 tclass=file Bug: 15146424 Change-Id: I65394938c53da9252ea57856d9f2de465bb30c25
pp.te
|
c17437ffe312e21f2399d637e635e91f7ede922f |
22-May-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to 79966dd93761247af51e07d5d2d2c757af7618f0
|
9794a0375c8dc1eb1faf4a5c83365f004456a602 |
22-May-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to 79966dd93761247af51e07d5d2d2c757af7618f0
|
99b6defb86ce6be1142081b9d3f77e70f5734911 |
21-May-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to 79966dd93761247af51e07d5d2d2c757af7618f0
|
79966dd93761247af51e07d5d2d2c757af7618f0 |
20-May-2014 |
Nick Kralevich <nnk@google.com> |
am 6e5771ec: am cb829c60: am f007d036: make /dev/zero read-write * commit '6e5771ec49c5b4892421b720a0478d59d7f04815': make /dev/zero read-write
|
6e5771ec49c5b4892421b720a0478d59d7f04815 |
20-May-2014 |
Nick Kralevich <nnk@google.com> |
am cb829c60: am f007d036: make /dev/zero read-write * commit 'cb829c60eab805c44ce84b86db87281b86065be3': make /dev/zero read-write
|
cb829c60eab805c44ce84b86db87281b86065be3 |
20-May-2014 |
Nick Kralevich <nnk@google.com> |
am f007d036: make /dev/zero read-write * commit 'f007d03628f98a40c01c12ad105ca6be14fd3c78': make /dev/zero read-write
|
f007d03628f98a40c01c12ad105ca6be14fd3c78 |
20-May-2014 |
Nick Kralevich <nnk@google.com> |
make /dev/zero read-write CTS test luni/src/test/java/libcore/java/nio/BufferTest.java function testDevZeroMapRW() requires us to be able to open /dev/zero in read-write mode. Allow it. Change-Id: I2be266875b1d190188376fd84c0996039d3c1524
omain.te
|
be59645c5526df63e8f1f2b2d2352bc266fa83b0 |
20-May-2014 |
Nick Kralevich <nnk@google.com> |
am e5d648d9: am df3d1f86: am dcfcdbdf: Merge "Don\'t allow ptrace on keystore" * commit 'e5d648d93bcd6494eb11e5b736a6dbb183ad64ef': Don't allow ptrace on keystore
|
99707058ea2c5d3718597664dff3b53ada0c61a4 |
20-May-2014 |
Nick Kralevich <nnk@google.com> |
am 0c05bcd0: am 7fb77b81: am 77c00a68: Merge "Suppress installd auditallow" * commit '0c05bcd01c567ec3ef5ad283c965a0403847bb89': Suppress installd auditallow
|
fc530f42dc521f4e6ef789dd39a0c459ea86d822 |
20-May-2014 |
Nick Kralevich <nnk@google.com> |
am d4330728: am 056dc807: am fa34d471: unconfined: remove linux_immutable * commit 'd4330728ed54de6072f170ad44dfb6b4f0eb9dbe': unconfined: remove linux_immutable
|
e5d648d93bcd6494eb11e5b736a6dbb183ad64ef |
20-May-2014 |
Nick Kralevich <nnk@google.com> |
am df3d1f86: am dcfcdbdf: Merge "Don\'t allow ptrace on keystore" * commit 'df3d1f86fae3650333d32a2c5872932e440c8b06': Don't allow ptrace on keystore
|
0c05bcd01c567ec3ef5ad283c965a0403847bb89 |
20-May-2014 |
Nick Kralevich <nnk@google.com> |
am 7fb77b81: am 77c00a68: Merge "Suppress installd auditallow" * commit '7fb77b81254c4c7cf57dd62c2f0c3faf9dfbe3ea': Suppress installd auditallow
|
df3d1f86fae3650333d32a2c5872932e440c8b06 |
20-May-2014 |
Nick Kralevich <nnk@google.com> |
am dcfcdbdf: Merge "Don\'t allow ptrace on keystore" * commit 'dcfcdbdf49cb81c1133d4c421d138ac0ec073c68': Don't allow ptrace on keystore
|
7fb77b81254c4c7cf57dd62c2f0c3faf9dfbe3ea |
20-May-2014 |
Nick Kralevich <nnk@google.com> |
am 77c00a68: Merge "Suppress installd auditallow" * commit '77c00a68fe1115cafa79dc0fcf7ab9adb98e37f0': Suppress installd auditallow
|
d4330728ed54de6072f170ad44dfb6b4f0eb9dbe |
20-May-2014 |
Nick Kralevich <nnk@google.com> |
am 056dc807: am fa34d471: unconfined: remove linux_immutable * commit '056dc80716813c1a8d8a4dfd4930970d55795bdc': unconfined: remove linux_immutable
|
dcfcdbdf49cb81c1133d4c421d138ac0ec073c68 |
20-May-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Don't allow ptrace on keystore"
|
77c00a68fe1115cafa79dc0fcf7ab9adb98e37f0 |
20-May-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Suppress installd auditallow"
|
056dc80716813c1a8d8a4dfd4930970d55795bdc |
20-May-2014 |
Nick Kralevich <nnk@google.com> |
am fa34d471: unconfined: remove linux_immutable * commit 'fa34d47185d6431394ffdfbc85d435653e54256a': unconfined: remove linux_immutable
|
2bfd0821708d4c2aa5ac3dcf1d84401a716b2f86 |
20-May-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to 4545b570f0efab1a816cf3df3b9ada4602051e60
|
6e75f7df1593b1c2756449a224a361b32510750d |
20-May-2014 |
Nick Kralevich <nnk@google.com> |
DO NOT MERGE: Flip FORCE_PERMISSIVE_TO_UNCONFINED to true Force any experimental SELinux domains (ones tagged with "permissive_or_unconfined") into unconfined. This flag is intended to be flipped when we're preparing a release, to eliminate inconsistencies between user and userdebug devices, and to ensure that we're enforcing a minimal set of rules for all SELinux domains. Without this change, our user builds will behave differently than userdebug builds, complicating testing. Change-Id: I51c966f2b16b39a1e54a9ea3cc28c474586c5cb7
ndroid.mk
|
fa34d47185d6431394ffdfbc85d435653e54256a |
20-May-2014 |
Nick Kralevich <nnk@google.com> |
unconfined: remove linux_immutable As far as I know, this is never used. Get rid of it. Change-Id: Iee0fb4e3f3952a0c4cc28d0aa96ca6c462ba5211
nconfined.te
|
8aa754c9bef003d9429a44e86043661979b75e7b |
20-May-2014 |
Nick Kralevich <nnk@google.com> |
Don't allow ptrace on keystore keystore may hold sensitive information in it's memory. Don't allow anyone to ptrace keystore. Change-Id: I4e3717e482b9fd128d38ce687c03122d41678b6f
ebuggerd.te
eystore.te
|
7a186b3fa80000acf0d7d2e9ad7d597433aebc82 |
20-May-2014 |
Nick Kralevich <nnk@google.com> |
Suppress installd auditallow installd is expected to be handling unlabeled apps. Don't emit an audit rule when it occurs. Change-Id: Ia173914ff4d1b8368a18f326494eda8173d30192
omain.te
|
4545b570f0efab1a816cf3df3b9ada4602051e60 |
19-May-2014 |
Nick Kralevich <nnk@google.com> |
am 18476370: am 90901631: am 5ce079b9: Bring back the unlabeled allowall rules * commit '184763705525a5050450bbc64022638129fad9c3': Bring back the unlabeled allowall rules
|
184763705525a5050450bbc64022638129fad9c3 |
19-May-2014 |
Nick Kralevich <nnk@google.com> |
am 90901631: am 5ce079b9: Bring back the unlabeled allowall rules * commit '90901631c710736c4f102f6ea6903712f8beafbe': Bring back the unlabeled allowall rules
|
90901631c710736c4f102f6ea6903712f8beafbe |
19-May-2014 |
Nick Kralevich <nnk@google.com> |
am 5ce079b9: Bring back the unlabeled allowall rules * commit '5ce079b9165c18a5bd27b853e82478de8d9e0a7b': Bring back the unlabeled allowall rules
|
c9f7eef2bf7a6af9780f52ac851d7a58bb1c3876 |
19-May-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to 6528c03c81e593b00ff02fe75429acf4251d029c
|
9a9e9a46fb45ef9ae78b290057a93408832a5154 |
18-May-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to 6528c03c81e593b00ff02fe75429acf4251d029c
|
5ce079b9165c18a5bd27b853e82478de8d9e0a7b |
17-May-2014 |
Nick Kralevich <nnk@google.com> |
Bring back the unlabeled allowall rules On an upgrade from 4.2 to tip-of-tree master, there are still a number of files which aren't properly labeled. Restore the unlabeled compat rules until we can get everything properly labeled. It's not ideal, but it works around the immediate problem. After applying https://android-review.googlesource.com/94966 , I'm still seeing the following denials. <4>[ 12.040639] type=1400 audit(1400289656.430:4): avc: denied { read } for pid=143 comm="installd" name="0" dev=mmcblk0p9 ino=32194 scontext=u:r:installd:s0 tcontext=u:object_r:unlabeled:s0 tclass=lnk_file <4>[ 168.289170] type=1400 audit(1400289812.680:5): avc: denied { getattr } for pid=1079 comm="system_server" path="/data/data/com.android.backupconfirm" dev=mmcblk0p9 ino=112676 scontext=u:r:system_server:s0 tcontext=u:object_r:unlabeled:s0 tclass=dir <4>[ 169.088406] type=1400 audit(1400289813.480:6): avc: denied { read } for pid=143 comm="installd" name="com.android.location.fused" dev=mmcblk0p9 ino=112720 scontext=u:r:installd:s0 tcontext=u:object_r:unlabeled:s0 tclass=dir <4>[ 169.088790] type=1400 audit(1400289813.480:7): avc: denied { open } for pid=143 comm="installd" name="com.android.location.fused" dev=mmcblk0p9 ino=112720 scontext=u:r:installd:s0 tcontext=u:object_r:unlabeled:s0 tclass=dir <4>[ 169.089205] type=1400 audit(1400289813.480:8): avc: denied { write } for pid=143 comm="installd" name="com.android.location.fused" dev=mmcblk0p9 ino=112720 scontext=u:r:installd:s0 tcontext=u:object_r:unlabeled:s0 tclass=dir <4>[ 169.089615] type=1400 audit(1400289813.480:9): avc: denied { remove_name } for pid=143 comm="installd" name="lib" dev=mmcblk0p9 ino=112721 scontext=u:r:installd:s0 tcontext=u:object_r:unlabeled:s0 tclass=dir <4>[ 169.090024] type=1400 audit(1400289813.480:10): avc: denied { unlink } for pid=143 comm="installd" name="lib" dev=mmcblk0p9 ino=112721 scontext=u:r:installd:s0 tcontext=u:object_r:unlabeled:s0 tclass=lnk_file <4>[ 169.090350] type=1400 audit(1400289813.480:11): avc: denied { rmdir } for pid=143 comm="installd" name="com.android.renderscript.cache" dev=mmcblk0p9 ino=112902 scontext=u:r:installd:s0 tcontext=u:object_r:unlabeled:s0 tclass=dir <4>[ 171.875822] type=1400 audit(1400289816.260:12): avc: denied { unlink } for pid=143 comm="installd" name="8882B60ADE91B9E4.toc" dev=mmcblk0p9 ino=112903 scontext=u:r:installd:s0 tcontext=u:object_r:unlabeled:s0 tclass=file <4>[ 180.615263] type=1400 audit(1400289825.000:13): avc: denied { rename } for pid=143 comm="installd" name="BackupTransport.backupScheduler.xml" dev=mmcblk0p9 ino=112852 scontext=u:r:installd:s0 tcontext=u:object_r:unlabeled:s0 tclass=file <4>[ 180.615578] type=1400 audit(1400289825.000:14): avc: denied { setattr } for pid=143 comm="installd" name="BackupTransport.backupScheduler.xml" dev=mmcblk0p9 ino=112852 scontext=u:r:installd:s0 tcontext=u:object_r:unlabeled:s0 tclass=file <4>[ 393.934310] type=1400 audit(1400290038.320:15): avc: denied { read } for pid=2410 comm="d.process.acore" name="0" dev=mmcblk0p9 ino=32194 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:unlabeled:s0 tclass=lnk_file <4>[ 399.370936] type=1400 audit(1400290043.760:16): avc: denied { read } for pid=2998 comm="SharedPreferenc" name="BackupTransport.backupScheduler.xml" dev=mmcblk0p9 ino=112852 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:unlabeled:s0 tclass=file <4>[ 399.371792] type=1400 audit(1400290043.760:17): avc: denied { getattr } for pid=2998 comm="SharedPreferenc" path="/data/data/com.google.android.backuptransport/shared_prefs/BackupTransport.backupScheduler.xml" dev=mmcblk0p9 ino=112852 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:unlabeled:s0 tclass=file <4>[ 399.372219] type=1400 audit(1400290043.760:18): avc: denied { open } for pid=2998 comm="SharedPreferenc" name="BackupTransport.backupScheduler.xml" dev=mmcblk0p9 ino=112852 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:unlabeled:s0 tclass=file Change-Id: I65dcfa8e77a63cb61551a1010358f0e45956dbbf
omain.te
|
894c1dad42396cb82d513b640ac33984ed6573d7 |
17-May-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to 6528c03c81e593b00ff02fe75429acf4251d029c
|
6528c03c81e593b00ff02fe75429acf4251d029c |
17-May-2014 |
Elliott Hughes <enh@google.com> |
am 9b447c2d: am 676679b1: am 7d755eb2: Merge "Allow readlink(2) of /proc from debuggerd." * commit '9b447c2d5913a8244cac1bf924d3ddae08688edd': Allow readlink(2) of /proc from debuggerd.
|
9b447c2d5913a8244cac1bf924d3ddae08688edd |
17-May-2014 |
Elliott Hughes <enh@google.com> |
am 676679b1: am 7d755eb2: Merge "Allow readlink(2) of /proc from debuggerd." * commit '676679b1e6cb16c47ce3825507e00acf5b795eeb': Allow readlink(2) of /proc from debuggerd.
|
676679b1e6cb16c47ce3825507e00acf5b795eeb |
17-May-2014 |
Elliott Hughes <enh@google.com> |
am 7d755eb2: Merge "Allow readlink(2) of /proc from debuggerd." * commit '7d755eb290494655dc477ff5a5b7bb8958c5ce8c': Allow readlink(2) of /proc from debuggerd.
|
7d755eb290494655dc477ff5a5b7bb8958c5ce8c |
17-May-2014 |
Elliott Hughes <enh@google.com> |
Merge "Allow readlink(2) of /proc from debuggerd."
|
38138c245a35d398a2261a14dba82e64605cf17c |
17-May-2014 |
Elliott Hughes <enh@google.com> |
Allow readlink(2) of /proc from debuggerd. Bug: 15021938 Change-Id: Id815640302efde3ae089da33ff8e2cb7daee8bfd
ebuggerd.te
|
7eb3a2905a991a94de7c4a04e43253b30f403f0c |
16-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 83560477: am 115eeaa3: am ef28e767: Make the surfaceflinger domain enforcing. * commit '8356047761eb6d2e2d94de5bfe11c3be9dbbcdc9': Make the surfaceflinger domain enforcing.
|
8356047761eb6d2e2d94de5bfe11c3be9dbbcdc9 |
16-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 115eeaa3: am ef28e767: Make the surfaceflinger domain enforcing. * commit '115eeaa3365b53fba1ef8f9a6a3ed50942ff0e8f': Make the surfaceflinger domain enforcing.
|
115eeaa3365b53fba1ef8f9a6a3ed50942ff0e8f |
16-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am ef28e767: Make the surfaceflinger domain enforcing. * commit 'ef28e767036baac3228cdb5060a36a9ff27468d6': Make the surfaceflinger domain enforcing.
|
ef28e767036baac3228cdb5060a36a9ff27468d6 |
11-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make the surfaceflinger domain enforcing. Change-Id: Id6d9a7cabc2fe9c18de10c6e9bc0080cdcd7033d Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
urfaceflinger.te
|
a71db94f0ff2e431a5bcfe0a12e1880d765f0e8d |
16-May-2014 |
dcashman <dcashman@google.com> |
am 1f8b5cb6: am fe7aba65: am 2d9e22f9: Merge "Remove duplicate neverallow rule." * commit '1f8b5cb67868be52c6529fdbcfe955eceb45045a': Remove duplicate neverallow rule.
|
1f8b5cb67868be52c6529fdbcfe955eceb45045a |
16-May-2014 |
dcashman <dcashman@google.com> |
am fe7aba65: am 2d9e22f9: Merge "Remove duplicate neverallow rule." * commit 'fe7aba6519bf4230ee3742fd820de12d1e5d527c': Remove duplicate neverallow rule.
|
fe7aba6519bf4230ee3742fd820de12d1e5d527c |
16-May-2014 |
dcashman <dcashman@google.com> |
am 2d9e22f9: Merge "Remove duplicate neverallow rule." * commit '2d9e22f9fb8629e3d5b501cc0390a7bf67b3013a': Remove duplicate neverallow rule.
|
2d9e22f9fb8629e3d5b501cc0390a7bf67b3013a |
16-May-2014 |
dcashman <dcashman@google.com> |
Merge "Remove duplicate neverallow rule."
|
60910daafb3ffb97ff547117fedaebde2e5158b3 |
16-May-2014 |
Nick Kralevich <nnk@google.com> |
am 09ee86f7: am 92de005c: am cba45592: Merge "Drop unused rules for raw I/O and mknod." * commit '09ee86f7da73cc94ed9107ccfedb8e235109b4b7': Drop unused rules for raw I/O and mknod.
|
09ee86f7da73cc94ed9107ccfedb8e235109b4b7 |
16-May-2014 |
Nick Kralevich <nnk@google.com> |
am 92de005c: am cba45592: Merge "Drop unused rules for raw I/O and mknod." * commit '92de005ca3bd6b4aee05e4bcdce8b70b2a0fa4f4': Drop unused rules for raw I/O and mknod.
|
92de005ca3bd6b4aee05e4bcdce8b70b2a0fa4f4 |
16-May-2014 |
Nick Kralevich <nnk@google.com> |
am cba45592: Merge "Drop unused rules for raw I/O and mknod." * commit 'cba45592eadd54979729a997e60888ff038d063a': Drop unused rules for raw I/O and mknod.
|
cba45592eadd54979729a997e60888ff038d063a |
16-May-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Drop unused rules for raw I/O and mknod."
|
0fbcd4251394da9c661217ae7754a5170296df25 |
15-May-2014 |
Mark Salyzyn <salyzyn@google.com> |
am 00b82bd7: am 04cb83fc: am 21e6b4d9: Merge "Allow Developer settings to change runtime size of logd" * commit '00b82bd7349a5a385b835ecc668d542cd35a5b46': Allow Developer settings to change runtime size of logd
|
00b82bd7349a5a385b835ecc668d542cd35a5b46 |
15-May-2014 |
Mark Salyzyn <salyzyn@google.com> |
am 04cb83fc: am 21e6b4d9: Merge "Allow Developer settings to change runtime size of logd" * commit '04cb83fc50910567f758717c33abbedfff6a731d': Allow Developer settings to change runtime size of logd
|
04cb83fc50910567f758717c33abbedfff6a731d |
15-May-2014 |
Mark Salyzyn <salyzyn@google.com> |
am 21e6b4d9: Merge "Allow Developer settings to change runtime size of logd" * commit '21e6b4d928d94fe2a1dea5de8ea08096e2f2baeb': Allow Developer settings to change runtime size of logd
|
21e6b4d928d94fe2a1dea5de8ea08096e2f2baeb |
15-May-2014 |
Mark Salyzyn <salyzyn@google.com> |
Merge "Allow Developer settings to change runtime size of logd"
|
9e0b917548803f8f9e3b2e729ca507a32b0b78e4 |
15-May-2014 |
Nick Kralevich <nnk@google.com> |
am a41227e8: am e9f69617: am 2d9c025d: Merge "Remove graphics_device access." * commit 'a41227e86b876caa792c4285eac2dc51c4543456': Remove graphics_device access.
|
a41227e86b876caa792c4285eac2dc51c4543456 |
15-May-2014 |
Nick Kralevich <nnk@google.com> |
am e9f69617: am 2d9c025d: Merge "Remove graphics_device access." * commit 'e9f696172ddaed15d0f066b701345eadf6b3c4e3': Remove graphics_device access.
|
e9f696172ddaed15d0f066b701345eadf6b3c4e3 |
15-May-2014 |
Nick Kralevich <nnk@google.com> |
am 2d9c025d: Merge "Remove graphics_device access." * commit '2d9c025ddebeefe1132c651a8d0a15fd4d9ed3bc': Remove graphics_device access.
|
2d9c025ddebeefe1132c651a8d0a15fd4d9ed3bc |
15-May-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Remove graphics_device access."
|
1b34f2a009f7084ec2e25155d1c85ce70cfd1823 |
15-May-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to 9e880769d8a0ba2d3a683742d657e6d8d021768d
|
9e880769d8a0ba2d3a683742d657e6d8d021768d |
15-May-2014 |
Narayan Kamath <narayan@google.com> |
am a1b3fdf5: am 8914380d: am 5c655876: app_process is now a symlink. * commit 'a1b3fdf58d9ce705472658ce643ef342c2681772': app_process is now a symlink.
|
a1b3fdf58d9ce705472658ce643ef342c2681772 |
15-May-2014 |
Narayan Kamath <narayan@google.com> |
am 8914380d: am 5c655876: app_process is now a symlink. * commit '8914380d6f164ac08afbc7658fec7bd387ada62a': app_process is now a symlink.
|
8914380d6f164ac08afbc7658fec7bd387ada62a |
15-May-2014 |
Narayan Kamath <narayan@google.com> |
am 5c655876: app_process is now a symlink. * commit '5c655876780f017c472997d7ae2c6a36d5752f09': app_process is now a symlink.
|
5c655876780f017c472997d7ae2c6a36d5752f09 |
14-May-2014 |
Narayan Kamath <narayan@google.com> |
app_process is now a symlink. app_process is now a symlink to app_process32 or app_process64, so we have to update the selinux rules to explicitly refer to them. See change 5a7ee9ad63d for context. Change-Id: I7f7a107d79a8f7a3c193f97809e1e737540258f1
ile_contexts
|
3471aa13dceb75082b0d09e7ace2353e136f4e93 |
15-May-2014 |
Nick Kralevich <nnk@google.com> |
am 11ba399f: am e64e8b7f: am 1f065398: Merge "Remove zygote write access to system_data_file." * commit '11ba399fa875e21c887e288bff1f1953b5900663': Remove zygote write access to system_data_file.
|
11ba399fa875e21c887e288bff1f1953b5900663 |
15-May-2014 |
Nick Kralevich <nnk@google.com> |
am e64e8b7f: am 1f065398: Merge "Remove zygote write access to system_data_file." * commit 'e64e8b7f3b7115dbce88094b9f5f54b549070c1d': Remove zygote write access to system_data_file.
|
e64e8b7f3b7115dbce88094b9f5f54b549070c1d |
15-May-2014 |
Nick Kralevich <nnk@google.com> |
am 1f065398: Merge "Remove zygote write access to system_data_file." * commit '1f065398fc75941f8927887f0da09ecdfa95fb71': Remove zygote write access to system_data_file.
|
1f065398fc75941f8927887f0da09ecdfa95fb71 |
15-May-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Remove zygote write access to system_data_file."
|
c1cc62c54d709e4e25db8b0c6d753cd428bf05f5 |
14-May-2014 |
Nick Kralevich <nnk@google.com> |
am 6f839792: am c0a26d79: am df2547b9: Merge "Drop unused rules for raw I/O, mknod, and block device access." * commit '6f839792c20086b7f9fb813e6f2ec15329f7f290': Drop unused rules for raw I/O, mknod, and block device access.
|
6f839792c20086b7f9fb813e6f2ec15329f7f290 |
14-May-2014 |
Nick Kralevich <nnk@google.com> |
am c0a26d79: am df2547b9: Merge "Drop unused rules for raw I/O, mknod, and block device access." * commit 'c0a26d79965ccb72ea00b4a345c895ac1c5e4f1b': Drop unused rules for raw I/O, mknod, and block device access.
|
c0a26d79965ccb72ea00b4a345c895ac1c5e4f1b |
14-May-2014 |
Nick Kralevich <nnk@google.com> |
am df2547b9: Merge "Drop unused rules for raw I/O, mknod, and block device access." * commit 'df2547b9b5be0de3806a1426c98efb16b9e3c154': Drop unused rules for raw I/O, mknod, and block device access.
|
df2547b9b5be0de3806a1426c98efb16b9e3c154 |
14-May-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Drop unused rules for raw I/O, mknod, and block device access."
|
71db4110434d18adfaf87fd788f8dfd1d5709899 |
14-May-2014 |
dcashman <dcashman@google.com> |
Remove duplicate neverallow rule. Commit: 7ffb9972076bfbd2abab1df6b4d759d14d55af96 added protection against low memory mapping for all domains, a superset of appdomain. Remove the same, redundant neverallow rule from appdomain. Change-Id: Ia41c02763f6b5a260c56d10adfbab649d9f3f97c
pp.te
|
2c398a86fa9a330c74446217cb0d12fb3f2a04a0 |
14-May-2014 |
Sreeram Ramachandran <sreeram@google.com> |
am 966efc53: am 9134b7c2: am 7e5b6d0c: Merge "Introduce fwmarkd: a service to set the fwmark of sockets." * commit '966efc53119cba978646c9f49830145b14c19516': Introduce fwmarkd: a service to set the fwmark of sockets.
|
8493683936340b2bb86498218b0e5b17e22a73f9 |
14-May-2014 |
Nick Kralevich <nnk@google.com> |
am 21fe9ddc: am 22fd0f9b: am 12dbd8f7: Merge "Neverallow low memory mappings." * commit '21fe9ddc0c5730df9ed77eb59d2f30ea3e8d059f': Neverallow low memory mappings.
|
966efc53119cba978646c9f49830145b14c19516 |
14-May-2014 |
Sreeram Ramachandran <sreeram@google.com> |
am 9134b7c2: am 7e5b6d0c: Merge "Introduce fwmarkd: a service to set the fwmark of sockets." * commit '9134b7c237a53e8bcc81add2189a3c7a5d457cec': Introduce fwmarkd: a service to set the fwmark of sockets.
|
21fe9ddc0c5730df9ed77eb59d2f30ea3e8d059f |
14-May-2014 |
Nick Kralevich <nnk@google.com> |
am 22fd0f9b: am 12dbd8f7: Merge "Neverallow low memory mappings." * commit '22fd0f9bbc1817f534c1e777c49c4947eda13831': Neverallow low memory mappings.
|
9134b7c237a53e8bcc81add2189a3c7a5d457cec |
14-May-2014 |
Sreeram Ramachandran <sreeram@google.com> |
am 7e5b6d0c: Merge "Introduce fwmarkd: a service to set the fwmark of sockets." * commit '7e5b6d0ca3a492bb907b71f4657c845b0a75163d': Introduce fwmarkd: a service to set the fwmark of sockets.
|
22fd0f9bbc1817f534c1e777c49c4947eda13831 |
14-May-2014 |
Nick Kralevich <nnk@google.com> |
am 12dbd8f7: Merge "Neverallow low memory mappings." * commit '12dbd8f701dee14be3f702937a7293a30f04b3cf': Neverallow low memory mappings.
|
7e5b6d0ca3a492bb907b71f4657c845b0a75163d |
14-May-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Merge "Introduce fwmarkd: a service to set the fwmark of sockets."
|
12dbd8f701dee14be3f702937a7293a30f04b3cf |
14-May-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Neverallow low memory mappings."
|
a78120e93679e01051a8bef852e6311a632d855d |
14-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am d60ee904: am 7813b36b: am 782e084d: Allow system_server to read tombstones. * commit 'd60ee904b0ddd0f0751f4ac5bdade6b9d36fa028': Allow system_server to read tombstones.
|
a16a59e2c7f1e2f09bf7b750101973a974c972e8 |
14-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Remove graphics_device access. Neither mediaserver nor system_server appear to require direct access to graphics_device, i.e. the framebuffer device. Drop it. Change-Id: Ie9d1be3f9071584155cddf248ea85e174b7e50a6 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ediaserver.te
ystem_server.te
|
d60ee904b0ddd0f0751f4ac5bdade6b9d36fa028 |
14-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 7813b36b: am 782e084d: Allow system_server to read tombstones. * commit '7813b36beb735e63f7ec321cf8948223f55720b7': Allow system_server to read tombstones.
|
7813b36beb735e63f7ec321cf8948223f55720b7 |
14-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 782e084d: Allow system_server to read tombstones. * commit '782e084dc249ec96a4659c523ffc6a53ee46abb1': Allow system_server to read tombstones.
|
782e084dc249ec96a4659c523ffc6a53ee46abb1 |
14-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow system_server to read tombstones. Address denials such as: avc: denied { read } for name="tombstones" dev="dm-0" ino=765537 scontext=u:r:system_server:s0 tcontext=u:object_r:tombstone_data_file:s0 tclass=dir avc: denied { open } for name="tombstones" dev="dm-0" ino=765537 scontext=u:r:system_server:s0 tcontext=u:object_r:tombstone_data_file:s0 tclass=dir avc: denied { getattr } for path="/data/tombstones/tombstone_00" dev="dm-0" ino=765538 scontext=u:r:system_server:s0 tcontext=u:object_r:tombstone_data_file:s0 tclass=file avc: denied { read } for name="tombstone_00" dev="dm-0" ino=765538 scontext=u:r:system_server:s0 tcontext=u:object_r:tombstone_data_file:s0 tclass=file avc: denied { open } for name="tombstone_00" dev="dm-0" ino=765538 scontext=u:r:system_server:s0 tcontext=u:object_r:tombstone_data_file:s0 tclass=file Change-Id: Iae5a10bed9483589660b84a88b6b9f8f8e9a8f5c Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ystem_server.te
|
56ecf4bdf8cb33362143f37cf683efd909415d5b |
01-May-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Introduce fwmarkd: a service to set the fwmark of sockets. (cherry picked from commit 7d51096d4106a441a15741592d9ccdd0bfaca907) Change-Id: Ib6198e19dbc306521a26fcecfdf6e8424d163fc9
ile.te
ile_contexts
et.te
etd.te
|
7ffb9972076bfbd2abab1df6b4d759d14d55af96 |
14-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Neverallow low memory mappings. This just adds a neverallow rule to ensure we never add an allow rule permitting such mappings. Change-Id: Id20463b26e0eac5b7629326f68b3b94713108cc2 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
omain.te
|
c2c91bba590057d1a386171c2fc586b7d9b5d165 |
14-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Drop unused rules for raw I/O and mknod. We added these rules to the recovery domain when we removed them from unconfined to ensure that we did not break anything. But we have seen no uses of these rules by the recovery domain. Tested wiping userdata and cache from the recovery and performing an adb sideload of an ota zip file. Change-Id: I261cb1124130f73e98b87f3e5a31d6d7f521ff11 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ecovery.te
|
1813d8cea75c805d6ce1d45efe0f01635dd726ff |
14-May-2014 |
Nick Kralevich <nnk@google.com> |
am b960fd30: am d34d744b: am 45206a38: Merge "Allow installd to unlink /data/media files and search /data/app-asec." * commit 'b960fd302e5ea1cbd2a46763aeda8f17459decc2': Allow installd to unlink /data/media files and search /data/app-asec.
|
b06a1186dcd95b7cc0c4291ecf3f0dcf38ad517b |
14-May-2014 |
Nick Kralevich <nnk@google.com> |
am 6474dead: am 4d9e380e: am 4bdd13e4: untrusted_app: neverallow debugfs * commit '6474dead53ecf7cf36f8f9e6fed0f2d31b93e459': untrusted_app: neverallow debugfs
|
b960fd302e5ea1cbd2a46763aeda8f17459decc2 |
14-May-2014 |
Nick Kralevich <nnk@google.com> |
am d34d744b: am 45206a38: Merge "Allow installd to unlink /data/media files and search /data/app-asec." * commit 'd34d744b2f39c1593fab30f358630ca87b3fa75d': Allow installd to unlink /data/media files and search /data/app-asec.
|
6474dead53ecf7cf36f8f9e6fed0f2d31b93e459 |
14-May-2014 |
Nick Kralevich <nnk@google.com> |
am 4d9e380e: am 4bdd13e4: untrusted_app: neverallow debugfs * commit '4d9e380ea4bf010ee9d84cb0b30a8180697e1213': untrusted_app: neverallow debugfs
|
d34d744b2f39c1593fab30f358630ca87b3fa75d |
14-May-2014 |
Nick Kralevich <nnk@google.com> |
am 45206a38: Merge "Allow installd to unlink /data/media files and search /data/app-asec." * commit '45206a388c580070bbd021f2b167bd8b3e3376f6': Allow installd to unlink /data/media files and search /data/app-asec.
|
cdae7debe68bf20521085237b80da9417328841b |
14-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Drop unused rules for raw I/O, mknod, and block device access. We added these rules to the kernel domain when we removed them from unconfined to ensure that we did not break anything. But we have seen no uses of these rules and this matches our expectation that any actual operations that require these permissions occurs after switching to the init domain. Change-Id: I6f3556a26b0f6f4e6effcb874bfc9498e7dfaa47 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ernel.te
|
45206a388c580070bbd021f2b167bd8b3e3376f6 |
14-May-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Allow installd to unlink /data/media files and search /data/app-asec."
|
4d9e380ea4bf010ee9d84cb0b30a8180697e1213 |
14-May-2014 |
Nick Kralevich <nnk@google.com> |
am 4bdd13e4: untrusted_app: neverallow debugfs * commit '4bdd13e4c3632587c72b487a16d6c71a7a30714f': untrusted_app: neverallow debugfs
|
df48bd2ca88a94225fbc074d7fe5b542c3d490c8 |
14-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Remove zygote write access to system_data_file. These rules seem to be a legacy of old Android or perhaps old policy before we began splitting types on /data. I have not been able to trigger the auditallow rules on AOSP master. Reduce the rules to only read access to system data. If we need write access to some specific directory under /data, we should introduce a type for it. Change-Id: I780835950cc366c97b7d0901fc73527d9ea479b1 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ygote.te
|
ea9d8c072e16c3270fc7b988bf7aaba9ebff15a3 |
14-May-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to f1f467f10f3544038ad87b770108fb33abfe2d40
|
d30060a0cb378457679cc354613b227f8baa63ea |
14-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow installd to unlink /data/media files and search /data/app-asec. Address recent installd denials resulting from the recent tightening of installd access to /data file types, including: avc: denied { unlink } for name="._playmusicid" dev="mmcblk0p30" ino=1038393 scontext=u:r:installd:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file avc: denied { search } for pid=195 comm="installd" name="app-asec" dev="mmcblk0p28" ino=578225 scontext=u:r:installd:s0 tcontext=u:object_r:asec_image_file:s0 tclass=dir Change-Id: I957738139678699949da9ad09d3bddb91605f8cf Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
nstalld.te
|
f74d781138794b1620d5a299708eaae6f46d3fed |
01-May-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Introduce fwmarkd: a service to set the fwmark of sockets. Change-Id: Ib6198e19dbc306521a26fcecfdf6e8424d163fc9
ile.te
ile_contexts
et.te
etd.te
u.te
|
4bdd13e4c3632587c72b487a16d6c71a7a30714f |
13-May-2014 |
Nick Kralevich <nnk@google.com> |
untrusted_app: neverallow debugfs Too many leaky files in that directory. It's a security best practice to not mount this filesystem, however, we need it mounted for tracing support. Even though it's mounted, make sure the files aren't readable. Bug: 11635985 Change-Id: I6f116c0a03a567a8107a8e07135ce025e51458dd
ntrusted_app.te
|
f1f467f10f3544038ad87b770108fb33abfe2d40 |
13-May-2014 |
Nick Kralevich <nnk@google.com> |
am 71139516: am 2680a8c4: am f78fb4e0: Merge "Make ppp domain enforcing." * commit '711395169288a1114ced826491c6ea9fc1695cf8': Make ppp domain enforcing.
|
6bedc2dfdd8cfb60ea78d8cea9f6a708f794754d |
13-May-2014 |
Nick Kralevich <nnk@google.com> |
am 623b6361: am 132e56b9: am e3519d6c: Merge "Label /data/.layout_version with its own type." * commit '623b6361bc455b508e669b243329e75ebd33718f': Label /data/.layout_version with its own type.
|
711395169288a1114ced826491c6ea9fc1695cf8 |
13-May-2014 |
Nick Kralevich <nnk@google.com> |
am 2680a8c4: am f78fb4e0: Merge "Make ppp domain enforcing." * commit '2680a8c4ea3af5fdead85adf84089c6a0527f7da': Make ppp domain enforcing.
|
623b6361bc455b508e669b243329e75ebd33718f |
13-May-2014 |
Nick Kralevich <nnk@google.com> |
am 132e56b9: am e3519d6c: Merge "Label /data/.layout_version with its own type." * commit '132e56b9417d0c9cb029d2255d40415e5f1aad74': Label /data/.layout_version with its own type.
|
2680a8c4ea3af5fdead85adf84089c6a0527f7da |
13-May-2014 |
Nick Kralevich <nnk@google.com> |
am f78fb4e0: Merge "Make ppp domain enforcing." * commit 'f78fb4e0c8ae49bb73e691a37de00f2d5b66f9e1': Make ppp domain enforcing.
|
132e56b9417d0c9cb029d2255d40415e5f1aad74 |
13-May-2014 |
Nick Kralevich <nnk@google.com> |
am e3519d6c: Merge "Label /data/.layout_version with its own type." * commit 'e3519d6c2a39e1abae38109d07fc23f9b0fcaf1d': Label /data/.layout_version with its own type.
|
f78fb4e0c8ae49bb73e691a37de00f2d5b66f9e1 |
13-May-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Make ppp domain enforcing."
|
e3519d6c2a39e1abae38109d07fc23f9b0fcaf1d |
13-May-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Label /data/.layout_version with its own type."
|
8662b7aad2e11dc018fb8a31d27ea9344bc7769b |
13-May-2014 |
Nick Kralevich <nnk@google.com> |
sync internal master to AOSP master. The automerger is introducing duplicate rules. Clean them up and make sure internal master is the same as AOSP master. Change-Id: If6183947688b2adefbc54f048958221598d8d975
ystem_server.te
|
523701aad71d352a7b5b220461bc69b4d73f5abe |
13-May-2014 |
Nick Kralevich <nnk@google.com> |
am a914acb1: am 6d439213: am bc36ce13: Merge "Restrict system_server to only the data file types needed." * commit 'a914acb187f0cf2e5dc8fe14149dedf5dffbb8c6': Restrict system_server to only the data file types needed.
|
444aebb1a02a1b1e1970f7c7eae0f887a7e972b1 |
13-May-2014 |
Nick Kralevich <nnk@google.com> |
am b372f246: (-s ours) DO NOT MERGE: remove duplicate rules. * commit 'b372f2462fb958c9649576bfe75ad68fe5d0bf87': DO NOT MERGE: remove duplicate rules.
|
a914acb187f0cf2e5dc8fe14149dedf5dffbb8c6 |
13-May-2014 |
Nick Kralevich <nnk@google.com> |
am 6d439213: am bc36ce13: Merge "Restrict system_server to only the data file types needed." * commit '6d4392137c7c71b80a73dcb63f61f8dbdb116a01': Restrict system_server to only the data file types needed.
|
6d4392137c7c71b80a73dcb63f61f8dbdb116a01 |
13-May-2014 |
Nick Kralevich <nnk@google.com> |
am bc36ce13: Merge "Restrict system_server to only the data file types needed." * commit 'bc36ce1385f938d3d6c69d280e1cada8680f3115': Restrict system_server to only the data file types needed.
|
bc36ce1385f938d3d6c69d280e1cada8680f3115 |
13-May-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Restrict system_server to only the data file types needed."
|
e15bc6f069352f0c3a57c81930210bb667d6ce6d |
13-May-2014 |
Nick Kralevich <nnk@google.com> |
am d733117a: (-s ours) DO NOT MERGE: remove system_server sdcard_type * commit 'd733117a1e094b2dac5325be149f2fd55a161ce5': DO NOT MERGE: remove system_server sdcard_type
|
b372f2462fb958c9649576bfe75ad68fe5d0bf87 |
13-May-2014 |
Nick Kralevich <nnk@google.com> |
DO NOT MERGE: remove duplicate rules. Another removal of duplicate rules, which don't occur in AOSP nor internal master. Change-Id: I363b6e8f5b87741ca5d837ab1858603d1bd8fb5b
ystem_server.te
|
8b19e6189cb71c5246a8e1f75fc2dac25d3d6cda |
13-May-2014 |
Nick Kralevich <nnk@google.com> |
am 8393d4b8: (-s ours) DO NOT MERGE: remove duplicate rules. * commit '8393d4b85363751fcc771959748c196bc5bc3c52': DO NOT MERGE: remove duplicate rules.
|
d733117a1e094b2dac5325be149f2fd55a161ce5 |
13-May-2014 |
Nick Kralevich <nnk@google.com> |
DO NOT MERGE: remove system_server sdcard_type klp-modular-dev-plus-aosp has a rule allowing system_server access to sdcard file descriptors, but this change isn't in AOSP nor internal master. This line was removed in https://android-review.googlesource.com/84081 . Pull the line out from the -plus-aosp tree. DO NOT MERGE because this change is already in internal master. Change-Id: I0a1b08f75d309a5a1acb5dc1a44212f9d35eaf3e
ystem_server.te
|
8393d4b85363751fcc771959748c196bc5bc3c52 |
13-May-2014 |
Nick Kralevich <nnk@google.com> |
DO NOT MERGE: remove duplicate rules. klp-modular-dev-plus-aosp has duplicate SELinux rules in system_server, which don't appear in AOSP or master. Delete those duplicate rules, as they just make resolving merge conflicts more difficult. Change-Id: I0eaae453b887d08bddf16f963cef4c099fe2e9a6
ystem_server.te
|
7d9f05d4d3cc368af2343e49eaa9c990882151a6 |
13-May-2014 |
Nick Kralevich <nnk@google.com> |
am 5892d336: (-s ours) am 3ff8b536: DO NOT MERGE: Fix broken halt while in healthd charger mode * commit '5892d336889b54280129b0398083111287e88c94': DO NOT MERGE: Fix broken halt while in healthd charger mode
|
05e22631664be1df3a8d70cd2360036e21a9d2d3 |
13-May-2014 |
Nick Kralevich <nnk@google.com> |
am aeb3eb7c: resolved conflicts for merge of dfee702c to klp-modular-dev-plus-aosp * commit 'aeb3eb7c319b34de48b0994409f0e0e136846cfd': DO NOT MERGE: Address system_server denials.
|
5892d336889b54280129b0398083111287e88c94 |
13-May-2014 |
Nick Kralevich <nnk@google.com> |
am 3ff8b536: DO NOT MERGE: Fix broken halt while in healthd charger mode * commit '3ff8b53629c2204fd2c4aa45a3b285372f279626': DO NOT MERGE: Fix broken halt while in healthd charger mode
|
aeb3eb7c319b34de48b0994409f0e0e136846cfd |
13-May-2014 |
Nick Kralevich <nnk@google.com> |
resolved conflicts for merge of dfee702c to klp-modular-dev-plus-aosp Change-Id: I20dc8bf1c8861c2152d5aa41f50cd4d44730056b
|
3ff8b53629c2204fd2c4aa45a3b285372f279626 |
17-Mar-2014 |
Nick Kralevich <nnk@google.com> |
DO NOT MERGE: Fix broken halt while in healthd charger mode Reboots/halts aren't working in healthd charger mode. This is causing high power draw in an unplugged, powered off state. Steps to reproduce (on Nexus 5): Unplug device from USB charger/computer Turn device off Wait for device to turn off Plug in USB cable/charger Wait for charge animation (wait for animation, not just lightning bolt, may have to press power button briefly to get animation going) Wait for panel to turn off Unplug USB cable/charger Press power button again, notice screen turns on at some frame in the animation. (not important) Each press of the power button advances the animation Power on. Examine denials from /proc/last_kmsg Addresses the following denials: [ 24.934809] type=1400 audit(12534308.640:8): avc: denied { write } for pid=130 comm="healthd" name="sysrq-trigger" dev="proc" ino=4026533682 scontext=u:r:healthd:s0 tcontext=u:object_r:proc_sysrq:s0 tclass=file [ 24.935395] type=1400 audit(12534308.640:9): avc: denied { sys_boot } for pid=130 comm="healthd" capability=22 scontext=u:r:healthd:s0 tcontext=u:r:healthd:s0 tclass=capability Bug: 13229119 Bug: 14833575 (cherry picked from commit 9ada894a43b0542658b5bf68a7d9b41d05ee0974) Change-Id: I6175ad9225e847a0a40d558ac65c3544b22803d5
ealthd.te
|
dfee702c5960b7000da5bd49353388a2c0e816cf |
05-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
DO NOT MERGE: Address system_server denials. Label /proc/sysrq-trigger and allow access. Label /dev/socket/mtpd and allow access. Resolves denials such as: avc: denied { getattr } for pid=12114 comm="Binder_2" path="socket:[219779]" dev="sockfs" ino=219779 scontext=u:r:untrusted_app:s0 tcontext=u:r:system_server:s0 tclass=tcp_socket avc: denied { call } for pid=1007 comm="Binder_8" scontext=u:r:system_server:s0 tcontext=u:r:su:s0 tclass=binder avc: denied { write } for pid=1024 comm="watchdog" name="sysrq-trigger" dev="proc" ino=4026533682 scontext=u:r:system_server:s0 tcontext=u:object_r:proc:s0 tclass=file avc: denied { write } for pid=11567 comm="LegacyVpnRunner" name="mtpd" dev="tmpfs" ino=36627 scontext=u:r:system_server:s0 tcontext=u:object_r:socket_device:s0 tclass=sock_file avc: denied { ptrace } for pid=10924 comm=5369676E616C2043617463686572 scontext=u:r:system_server:s0 tcontext=u:r:system_server:s0 tclass=process avc: denied { sigkill } for pid=26077 comm="NativeCrashRepo" scontext=u:r:system_server:s0 tcontext=u:r:zygote:s0 tclass=process avc: denied { write } for pid=1024 comm="android.bg" scontext=u:r:system_server:s0 tcontext=u:r:system_server:s0 tclass=netlink_socket avc: denied { getattr } for pid=473 comm="FinalizerDaemon" path="socket:[11467]" dev="sockfs" ino=11467 scontext=u:r:system_server:s0 tcontext=u:r:mediaserver:s0 tclass=tcp_socket avc: denied { getattr } for pid=473 comm="FinalizerDaemon" path="socket:[12076]" dev="sockfs" ino=12076 scontext=u:r:system_server:s0 tcontext=u:r:mediaserv er:s0 tclass=udp_socket avc: denied { getopt } for pid=473 comm="FinalizerDaemon" laddr=192.168.159.172 lport=51576 faddr=93.127.173.40 fport=554 scontext=u:r:system_server:s0 tcontext=u:r:mediaserver:s0 tclass=tcp_socket avc: denied { getopt } for pid=473 comm="FinalizerDaemon" lport=15658 scontext=u:r:system_server:s0 tcontext=u:r:mediaserver:s0 tclass=udp_socket avc: denied { read write } for pid=21384 comm="rtsp" path="socket:[443742]" dev="sockfs" ino=443742 scontext=u:r:system_server:s0 tcontext=u:r:mediaserver:s 0 tclass=tcp_socket avc: denied { read write } for pid=21384 comm="rtsp" path="socket:[444842]" dev="sockfs" ino=444842 scontext=u:r:system_server:s0 tcontext=u:r:mediaserver:s0 tclass=udp_socket avc: denied { setopt } for pid=1326 comm="Binder_9" lport=16216 scontext=u:r:system_server:s0 tcontext=u:r:mediaserver:s0 tclass=udp_socket avc: denied { setopt } for pid=1676 comm="Binder_6" laddr=192.168.156.130 lport=51044 faddr=74.125.214.81 fport=554 scontext=u:r:system_server:s0 tcontext=u:r:mediaserver:s0 tclass=tcp_socket avc: denied { getattr } for pid=10915 comm="system_server" path="/dev/mdm" dev="tmpfs" ino=7484 scontext=u:r:system_server:s0 tcontext=u:object_r:radio_device:s0 tclass=chr_file avc: denied { read } for pid=10915 comm="system_server" name="mdm" dev="tmpfs" ino=7484 scontext=u:r:system_server:s0 tcontext=u:object_r:radio_device:s0 tclass=chr_file avc: denied { unlink } for pid=14866 comm="system_server" name="wallpaper" dev="mmcblk0p9" ino=285715 scontext=u:r:system_server:s0 tcontext=u:object_r:wallpaper_file:s0 tclass=file avc: denied { getattr } for pid=12114 comm="Binder_2" path="socket:[219779]" dev="sockfs" ino=219779 scontext=u:r:untrusted_app:s0 tcontext=u:r:system_server:s0 tclass=tcp_socket avc: denied { getopt } for pid=32300 comm="Binder_1" laddr=::ffff:127.0.0.1 lport=4939 faddr=::ffff:127.0.0.1 fport=53318 scontext=u:r:untrusted_app:s0 tcontext=u:r:system_server:s0 tclass=tcp_socket avc: denied { read write } for pid=10840 comm="pool-17-thread-" path="socket:[205990]" dev="sockfs" ino=205990 scontext=u:r:untrusted_app:s0 tcontext=u:r:system_server:s0 tclass=tcp_socket avc: denied { write } for pid=20817 comm="dumpsys" path="/mnt/shell/emulated/0/aupt-output/bugreport-2014-02-22-11-17-16.txt.tmp" dev="fuse" ino=3100784040 scontext=u:r:system_server:s0 tcontext=u:object_r:sdcard_internal:s0 tclass=file Bug: 14833575 Change-Id: I23425b4ef1552ff31486d0a52ee2c69d6236691d Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
omain.te
ile.te
ile_contexts
enfs_contexts
ystem_server.te
|
fc00a2b848d479d02830a24bbb4beaca78fe47b1 |
13-May-2014 |
Nick Kralevich <nnk@google.com> |
am 24f18d69: am 1a1abe51: am f67e0ef3: Merge "Revisit kernel setenforce" * commit '24f18d69f9c1841f863ea000b26ffb22fac4c7ea': Revisit kernel setenforce
|
697dd7d60fe231085167baafbddc0a55ff376251 |
13-May-2014 |
Nick Kralevich <nnk@google.com> |
am d0313c12: am 24247d18: am 4fc25052: Merge "Allow ppp to inherit/use mtp unix datagram socket." * commit 'd0313c12a83ed57fb5ffc985875905e4e59a79ec': Allow ppp to inherit/use mtp unix datagram socket.
|
24f18d69f9c1841f863ea000b26ffb22fac4c7ea |
13-May-2014 |
Nick Kralevich <nnk@google.com> |
am 1a1abe51: am f67e0ef3: Merge "Revisit kernel setenforce" * commit '1a1abe51cf3c5cf90812d2ebc45fc14e9d5b6e2f': Revisit kernel setenforce
|
d0313c12a83ed57fb5ffc985875905e4e59a79ec |
13-May-2014 |
Nick Kralevich <nnk@google.com> |
am 24247d18: am 4fc25052: Merge "Allow ppp to inherit/use mtp unix datagram socket." * commit '24247d1898ac0e3158a8f3ba9f627345507d4aa4': Allow ppp to inherit/use mtp unix datagram socket.
|
1a1abe51cf3c5cf90812d2ebc45fc14e9d5b6e2f |
13-May-2014 |
Nick Kralevich <nnk@google.com> |
am f67e0ef3: Merge "Revisit kernel setenforce" * commit 'f67e0ef3f77e1b14d168a624d6f69b7683356006': Revisit kernel setenforce
|
24247d1898ac0e3158a8f3ba9f627345507d4aa4 |
13-May-2014 |
Nick Kralevich <nnk@google.com> |
am 4fc25052: Merge "Allow ppp to inherit/use mtp unix datagram socket." * commit '4fc250529c41b47e967ce63a0cdeb9e2b5b61b2a': Allow ppp to inherit/use mtp unix datagram socket.
|
f67e0ef3f77e1b14d168a624d6f69b7683356006 |
13-May-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Revisit kernel setenforce"
|
4fc250529c41b47e967ce63a0cdeb9e2b5b61b2a |
13-May-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Allow ppp to inherit/use mtp unix datagram socket."
|
69dbe86604a00c137dea9e440908e732e8e017ec |
13-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am e83bbd7a: am 87bf6de9: am efc72991: Allow mediaserver to use app-created pipes. * commit 'e83bbd7aa7155ee5364124507691e1a6d2054fc1': Allow mediaserver to use app-created pipes.
|
e83bbd7aa7155ee5364124507691e1a6d2054fc1 |
13-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 87bf6de9: am efc72991: Allow mediaserver to use app-created pipes. * commit '87bf6de93019e9b657a063faab0f6fe4e88d7a0a': Allow mediaserver to use app-created pipes.
|
87bf6de93019e9b657a063faab0f6fe4e88d7a0a |
13-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am efc72991: Allow mediaserver to use app-created pipes. * commit 'efc7299169d9376ba7edea22a10856be14d39d95': Allow mediaserver to use app-created pipes.
|
81a7c959f91985ba8ed214f16adad5cf3e4c27cb |
13-May-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to 192f60aeef3eace243916b23da61c95217cfa421
|
701107287563b061c5dfe3db498629d9bd5b1c19 |
13-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make ppp domain enforcing. Change-Id: If6b85fbb2332f7a03b603f2d46bd2f73c778ecf9 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
|
b300765095d05ecb40e23b262183dab6756810f0 |
13-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow ppp to inherit/use mtp unix datagram socket. Resolves denials such as: avc: denied { read write } for path="socket:[33571]" dev="sockfs" ino=33571 scontext=u:r:ppp:s0 tcontext=u:r:mtp:s0 tclass=unix_dgram_socket Change-Id: Icb1ee00d8513179039bfb738647f49480e836f25 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
|
efc7299169d9376ba7edea22a10856be14d39d95 |
13-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow mediaserver to use app-created pipes. Resolves denials such as: avc: denied { getattr } for path="pipe:[167684]" dev="pipefs" ino=167684 scontext=u:r:mediaserver:s0 tcontext=u:r:untrusted_app:s0 tclass=fifo_file Change-Id: I1120c8b130a592e40992c5233650345640a23a87 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ediaserver.te
|
538edd3317fd56d6d1871aebe83f0636946fbc94 |
12-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Restrict system_server to only the data file types needed. Drop rules on data_file_type attribute and replace with rules on specific types under /data. Change-Id: I5cbfef64cdd71b8e93478d9ef377689bf6dda192 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ystem_server.te
|
192f60aeef3eace243916b23da61c95217cfa421 |
13-May-2014 |
Nick Kralevich <nnk@google.com> |
am 5fe44140: am 253d5a39: am 02e71525: Merge "Revert "Make the mediaserver domain enforcing."" * commit '5fe44140caa325b6633d83039ce6258cfd1123af': Revert "Make the mediaserver domain enforcing."
|
5fe44140caa325b6633d83039ce6258cfd1123af |
13-May-2014 |
Nick Kralevich <nnk@google.com> |
am 253d5a39: am 02e71525: Merge "Revert "Make the mediaserver domain enforcing."" * commit '253d5a397b481241101c62a203624fd548de10ca': Revert "Make the mediaserver domain enforcing."
|
253d5a397b481241101c62a203624fd548de10ca |
13-May-2014 |
Nick Kralevich <nnk@google.com> |
am 02e71525: Merge "Revert "Make the mediaserver domain enforcing."" * commit '02e715259542a283d3674420f605851bd53f9e3f': Revert "Make the mediaserver domain enforcing."
|
02e715259542a283d3674420f605851bd53f9e3f |
13-May-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Revert "Make the mediaserver domain enforcing.""
|
f42cc618792b4cc199e8cde96230bd1852f13032 |
13-May-2014 |
Nick Kralevich <nnk@google.com> |
Revert "Make the mediaserver domain enforcing." I didn't fix unpublished denials before switching this into enforcing. Need to revert. This reverts commit ae50551142fb6ef9a69ec60d4bd9b5af73a9ba50. Bug: 14844424 Change-Id: I01408b77a67ad43a8fb20be213d3ffbace658616
ediaserver.te
|
f291dbed0660a85f2d7fd481a6fbcd215afa820c |
12-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow installd rename to app_data_file for movefiles command. Change-Id: I29202292a78f0d2ae3b5da235c1783298f14bed8 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
nstalld.te
|
abae8a9b586c98cf3e7bd08e63473a5ce99ccd27 |
12-May-2014 |
Nick Kralevich <nnk@google.com> |
Revisit kernel setenforce Kernel userspace helpers may be spawned running in the kernel SELinux domain. Those userspace helpers shouldn't be able to turn SELinux off. This change revisits the discussion in https://android-review.googlesource.com/#/c/71184/ At the time, we were debating whether or not to have an allow rule, or a dontaudit rule. Both have the same effect, as at the time we switch to enforcing mode, the kernel is in permissive and the operation will be allowed. Change-Id: If335a5cf619125806c700780fcf91f8602083824
omain.te
ernel.te
|
c52d7388344f1cf273d8f610f7995b4ebb7c8584 |
10-May-2014 |
Mark Salyzyn <salyzyn@google.com> |
Allow Developer settings to change runtime size of logd - permit logd control from system_app Bug: 14563261 Change-Id: Id5992cca70647a0e4b913a793c6ba8334dc57963
ystem_app.te
|
5cf979b7c81b4628d4c3b521d4e341438459d54f |
12-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 3777c4e0: am 9452d9ac: am 0099148e: Audit zygote create/write access to system_data_file. * commit '3777c4e0039adea9eb0ceac7c210764b89143776': Audit zygote create/write access to system_data_file.
|
3777c4e0039adea9eb0ceac7c210764b89143776 |
12-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 9452d9ac: am 0099148e: Audit zygote create/write access to system_data_file. * commit '9452d9ac9eff51096b56916aa6828e2138f7f156': Audit zygote create/write access to system_data_file.
|
9452d9ac9eff51096b56916aa6828e2138f7f156 |
12-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 0099148e: Audit zygote create/write access to system_data_file. * commit '0099148ee4c69d0eabb3f73735a6e94f72842dbc': Audit zygote create/write access to system_data_file.
|
0099148ee4c69d0eabb3f73735a6e94f72842dbc |
12-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Audit zygote create/write access to system_data_file. Report any attempts by zygote to create/write files in system_data_file so that we can ultimately move any such cases to their own type and reduce this to read-only access. Change-Id: I310b8da5ba5b462ef2cfdaab289628498f4d2cec Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ygote.te
|
baf49bd541a9df4f38bf917fbfc850569a4cae94 |
12-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Label /data/.layout_version with its own type. installd creates /data/.layout_version. Introduce a separate type for this file (and any other file created by installd under a directory labeled system_data_file) so that we can allow create/write access by installd without allowing it to any system data files created by other processes. This prevents installd from overwriting other system data files, and ensure that any files it creates will require explicit rules in order to access. Change-Id: Id04e49cd571390d18792949c8b2b13b1ac59c016 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ile.te
ile_contexts
nstalld.te
|
c96838c82b6d4738024700141ee0ce57f1d24a16 |
12-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 48edc046: am 6ce36094: am 41e14c7f: Allow installd rename to app_data_file for movefiles command. * commit '48edc0461a3729516b7a85057dcf1b09f7800a83': Allow installd rename to app_data_file for movefiles command.
|
48edc0461a3729516b7a85057dcf1b09f7800a83 |
12-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 6ce36094: am 41e14c7f: Allow installd rename to app_data_file for movefiles command. * commit '6ce36094a366845a176a5810af945568623aeb68': Allow installd rename to app_data_file for movefiles command.
|
6ce36094a366845a176a5810af945568623aeb68 |
12-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 41e14c7f: Allow installd rename to app_data_file for movefiles command. * commit '41e14c7f9da5bdf07e2ac7a323c0fddab8a090a0': Allow installd rename to app_data_file for movefiles command.
|
c02ee5c9f68b17e58a533936f8da2365418c66c8 |
12-May-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to 362b93571a0dc58b2bd59ecd59d7120684ec3925
|
41e14c7f9da5bdf07e2ac7a323c0fddab8a090a0 |
12-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow installd rename to app_data_file for movefiles command. Change-Id: I29202292a78f0d2ae3b5da235c1783298f14bed8 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
nstalld.te
|
272b1d758bbf7f904e7e299abb82e6566f8fff1e |
11-May-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to 362b93571a0dc58b2bd59ecd59d7120684ec3925
|
362b93571a0dc58b2bd59ecd59d7120684ec3925 |
10-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am c35a0b0f: am c5cd04e1: am ae505511: Make the mediaserver domain enforcing. * commit 'c35a0b0f9391c6f3b97237169dc7647b2d4af879': Make the mediaserver domain enforcing.
|
c35a0b0f9391c6f3b97237169dc7647b2d4af879 |
10-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am c5cd04e1: am ae505511: Make the mediaserver domain enforcing. * commit 'c5cd04e107e261b6979e260e82ffcdb1ceea117f': Make the mediaserver domain enforcing.
|
c5cd04e107e261b6979e260e82ffcdb1ceea117f |
10-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am ae505511: Make the mediaserver domain enforcing. * commit 'ae50551142fb6ef9a69ec60d4bd9b5af73a9ba50': Make the mediaserver domain enforcing.
|
ae50551142fb6ef9a69ec60d4bd9b5af73a9ba50 |
10-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make the mediaserver domain enforcing. Change-Id: Ib4b4ebda74a9ebf08f38d73521d67bf98cd0ee67 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ediaserver.te
|
a7f7f4c8acfd61b08582fb123d36d4267238d9e0 |
10-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 4cadc76e: am 8612e35e: am 8429c9b3: Make platform_app enforcing. * commit '4cadc76ec029505e64b62a41faee885d5c220a15': Make platform_app enforcing.
|
4cadc76ec029505e64b62a41faee885d5c220a15 |
10-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 8612e35e: am 8429c9b3: Make platform_app enforcing. * commit '8612e35eb6c9f053228875c064eb51429ccd6fcf': Make platform_app enforcing.
|
8612e35eb6c9f053228875c064eb51429ccd6fcf |
10-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 8429c9b3: Make platform_app enforcing. * commit '8429c9b365dfc09e900e58f33346a073b92a25d9': Make platform_app enforcing.
|
77224641c628d063b607897e29377f68c1847101 |
10-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 2be04596: am 649cef40: am 4ebbbcbf: Restrict installd to only the data file types needed. * commit '2be045968737def49076b8c24fa04fa60a5f25b5': Restrict installd to only the data file types needed.
|
2be045968737def49076b8c24fa04fa60a5f25b5 |
10-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 649cef40: am 4ebbbcbf: Restrict installd to only the data file types needed. * commit '649cef4044f31f1ba81dd7df13736117606ea88e': Restrict installd to only the data file types needed.
|
8429c9b365dfc09e900e58f33346a073b92a25d9 |
10-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make platform_app enforcing. Change-Id: Ib4cbaee280628845d026e827d7e16f347594fc26 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
latform_app.te
|
649cef4044f31f1ba81dd7df13736117606ea88e |
10-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 4ebbbcbf: Restrict installd to only the data file types needed. * commit '4ebbbcbf3926f3aa54e7e7e28aad6625d4ee7340': Restrict installd to only the data file types needed.
|
f61857a926ba73ad41baae3a07bdb4b3c62cff81 |
10-May-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to b867ff873099283b075ab787d30e41a6f746bbe4
|
b867ff873099283b075ab787d30e41a6f746bbe4 |
09-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am c452e74b: am 29854d6d: am 02dac03a: Drop relabelto_domain() macro and its associated definitions. * commit 'c452e74bd9767ec7db0ae32dcc4e4ebc0508864b': Drop relabelto_domain() macro and its associated definitions.
|
68bba46dea3b9b87b6879d54982dce78736ce2d3 |
09-May-2014 |
Nick Kralevich <nnk@google.com> |
am 1b6c4ea2: am e0685117: am 004bd4e0: Allow installd to create the lib symlink for system_app_data_file * commit '1b6c4ea2a1c14045392aa7e0dcf4736db448db98': Allow installd to create the lib symlink for system_app_data_file
|
4ebbbcbf3926f3aa54e7e7e28aad6625d4ee7340 |
09-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Restrict installd to only the data file types needed. Drop rules on data_file_type attribute and replace with rules on specific types, coalescing with existing rules where appropriate. Reorganize the rules and try to annotate the reason for the different rules. Change-Id: I2d07e7c276a9c29677f67db0ebecfc537c084965 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
nstalld.te
|
bc5731ae65e2204e6aeee915e91a9eff6b46e59d |
09-May-2014 |
Nick Kralevich <nnk@google.com> |
Allow installd to create the lib symlink for system_app_data_file 91a4f8d4fdab7df8474c2ffaa996c879166d8a4c created system_app_data_file, and assigned all system_apps to use this file type. For testing purposes, our automated testing infrastructure sideloads shared system UID apks. Installd does not have permission to create the lib symlink, so the installation fails. Allow installd to create this symlink. repro: adb install AppLaunch.apk 276 KB/s (8414 bytes in 0.029s) pkg: /data/local/tmp/AppLaunch.apk Failure [INSTALL_FAILED_INTERNAL_ERROR] logcat: 05-08 23:16:36.336 605 637 I PackageManager: Copying native libraries to /data/app-lib/vmdl609237490 05-08 23:16:36.338 605 637 W asset : Installing empty resources in to table 0x5e89a368 05-08 23:16:36.359 193 193 W installd: type=1400 audit(0.0:29): avc: denied { create } for name="lib" scontext=u:r:installd:s0 tcontext=u:object_r:system_app_data_file:s0 tclass=lnk_file 05-08 23:16:36.363 193 193 E installd: couldn't symlink directory '/data/data/com.android.tests.applaunch/lib' -> '/data/app-lib/com.android.tests.applaunch-1': Permission denied 05-08 23:16:36.364 605 637 W PackageManager: Failed linking native library dir (user=0) 05-08 23:16:36.364 605 637 W PackageManager: Package couldn't be installed in /data/app/com.android.tests.applaunch-1.apk Bug: 14659632 Change-Id: Iac4890302cd070aa3f71553af217f343ed7b8bc3
nstalld.te
|
c452e74bd9767ec7db0ae32dcc4e4ebc0508864b |
09-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 29854d6d: am 02dac03a: Drop relabelto_domain() macro and its associated definitions. * commit '29854d6d3fd09bff8f1e77d1eabebb7be39befbd': Drop relabelto_domain() macro and its associated definitions.
|
29854d6d3fd09bff8f1e77d1eabebb7be39befbd |
09-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 02dac03a: Drop relabelto_domain() macro and its associated definitions. * commit '02dac03a8c7cc79306cf5807f86af3e01f5dc4af': Drop relabelto_domain() macro and its associated definitions.
|
1b6c4ea2a1c14045392aa7e0dcf4736db448db98 |
09-May-2014 |
Nick Kralevich <nnk@google.com> |
am e0685117: am 004bd4e0: Allow installd to create the lib symlink for system_app_data_file * commit 'e06851179ca2e988a69210132c88429f88c76a0a': Allow installd to create the lib symlink for system_app_data_file
|
e06851179ca2e988a69210132c88429f88c76a0a |
09-May-2014 |
Nick Kralevich <nnk@google.com> |
am 004bd4e0: Allow installd to create the lib symlink for system_app_data_file * commit '004bd4e0b675a87beb9d687cfdcfe15a06e84b3d': Allow installd to create the lib symlink for system_app_data_file
|
02dac03a8c7cc79306cf5807f86af3e01f5dc4af |
09-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Drop relabelto_domain() macro and its associated definitions. This was originally to limit the ability to relabel files to particular types given the ability of all domains to relabelfrom unlabeled files. Since the latter was removed by Ied84f8b4b1a0896c1b9f7d783b7463ce09d4807b, this no longer serves any purpose. Change-Id: Ic41e94437188183f15ed8b3732c6cd5918da3397 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ttributes
ebuggerd.te
omain.te
umpstate.te
nit.te
nstalld.te
ernel.te
ecovery.te
ystem_server.te
e_macros
eventd.te
old.te
|
004bd4e0b675a87beb9d687cfdcfe15a06e84b3d |
09-May-2014 |
Nick Kralevich <nnk@google.com> |
Allow installd to create the lib symlink for system_app_data_file 91a4f8d4fdab7df8474c2ffaa996c879166d8a4c created system_app_data_file, and assigned all system_apps to use this file type. For testing purposes, our automated testing infrastructure sideloads shared system UID apks. Installd does not have permission to create the lib symlink, so the installation fails. Allow installd to create this symlink. repro: adb install AppLaunch.apk 276 KB/s (8414 bytes in 0.029s) pkg: /data/local/tmp/AppLaunch.apk Failure [INSTALL_FAILED_INTERNAL_ERROR] logcat: 05-08 23:16:36.336 605 637 I PackageManager: Copying native libraries to /data/app-lib/vmdl609237490 05-08 23:16:36.338 605 637 W asset : Installing empty resources in to table 0x5e89a368 05-08 23:16:36.359 193 193 W installd: type=1400 audit(0.0:29): avc: denied { create } for name="lib" scontext=u:r:installd:s0 tcontext=u:object_r:system_app_data_file:s0 tclass=lnk_file 05-08 23:16:36.363 193 193 E installd: couldn't symlink directory '/data/data/com.android.tests.applaunch/lib' -> '/data/app-lib/com.android.tests.applaunch-1': Permission denied 05-08 23:16:36.364 605 637 W PackageManager: Failed linking native library dir (user=0) 05-08 23:16:36.364 605 637 W PackageManager: Package couldn't be installed in /data/app/com.android.tests.applaunch-1.apk Bug: 14659632 Change-Id: Iac4890302cd070aa3f71553af217f343ed7b8bc3
nstalld.te
|
1ae747a24d74f26cc060711c5a8bf6d3cee9bb70 |
09-May-2014 |
Nick Kralevich <nnk@google.com> |
am d3f64d43: am e94ee1da: am cd905ec0: Protect keystore\'s files. * commit 'd3f64d436418414abe8c68dd5ee709d69ead8bbc': Protect keystore's files.
|
d3f64d436418414abe8c68dd5ee709d69ead8bbc |
09-May-2014 |
Nick Kralevich <nnk@google.com> |
am e94ee1da: am cd905ec0: Protect keystore\'s files. * commit 'e94ee1da6953e7a892d076a0998453f85ee97112': Protect keystore's files.
|
e94ee1da6953e7a892d076a0998453f85ee97112 |
09-May-2014 |
Nick Kralevich <nnk@google.com> |
am cd905ec0: Protect keystore\'s files. * commit 'cd905ec04e6db7f9116afe05c95c0d5e387e5b15': Protect keystore's files.
|
cd905ec04e6db7f9116afe05c95c0d5e387e5b15 |
09-May-2014 |
Nick Kralevich <nnk@google.com> |
Protect keystore's files. Only keystore itself should be reading / writing it's files. Remove keystore file access from other SELinux domains, including unconfined. Add neverallow rules to protect against regressions. Allow init limited access to recurse into keystore's directory. Change-Id: I0bb5de7804f4314997c16fac18507933014bcadf
nit.te
nstalld.te
eystore.te
ystem_server.te
nconfined.te
|
7228ba0b5551092be879cdad9c2496e5951034e2 |
08-May-2014 |
Nick Kralevich <nnk@google.com> |
am c38e585d: am 48073591: am 1e9bb8be: Merge "Drop appdomain unlabeled file execute." * commit 'c38e585df69d31f0a9fef525dc9bd92ff18f816a': Drop appdomain unlabeled file execute.
|
9b519e2cce6e1fd14bcd53378943a6c255f32305 |
08-May-2014 |
Nick Kralevich <nnk@google.com> |
am 60015f60: resolved conflicts for merge of c06d0fef to klp-modular-dev-plus-aosp * commit '60015f60a28fec3208664f8db76a8337e9fb7620': Drop rw access to unlabeled files.
|
ee81a509b1515cec0f7b38f8c00fa998071c6166 |
08-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 9085f1e4: am abd629cc: am 9add1f03: Add sysfs_type attribute to sysfs, coalesce ueventd rules. * commit '9085f1e4141d2f95c4f713c26dd9d42c48b9cf94': Add sysfs_type attribute to sysfs, coalesce ueventd rules.
|
c38e585df69d31f0a9fef525dc9bd92ff18f816a |
08-May-2014 |
Nick Kralevich <nnk@google.com> |
am 48073591: am 1e9bb8be: Merge "Drop appdomain unlabeled file execute." * commit '48073591e2fcc00692c051f8e42872746d09fd2f': Drop appdomain unlabeled file execute.
|
48073591e2fcc00692c051f8e42872746d09fd2f |
08-May-2014 |
Nick Kralevich <nnk@google.com> |
am 1e9bb8be: Merge "Drop appdomain unlabeled file execute." * commit '1e9bb8be0f492d106940b3ac96aadcf196bc1420': Drop appdomain unlabeled file execute.
|
1e9bb8be0f492d106940b3ac96aadcf196bc1420 |
08-May-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Drop appdomain unlabeled file execute."
|
60015f60a28fec3208664f8db76a8337e9fb7620 |
08-May-2014 |
Nick Kralevich <nnk@google.com> |
resolved conflicts for merge of c06d0fef to klp-modular-dev-plus-aosp Change-Id: I3c26b36866c58c1f25a7d82c70cd29d30d8828e0
|
c06d0fef1205b0a151832a9e03cfd5d3f40c8e43 |
08-May-2014 |
Nick Kralevich <nnk@google.com> |
am 9c9e8569: Merge "Drop rw access to unlabeled files." * commit '9c9e8569a6e6e8b1057c6794ba0ca9a70daca4b5': Drop rw access to unlabeled files.
|
9c9e8569a6e6e8b1057c6794ba0ca9a70daca4b5 |
08-May-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Drop rw access to unlabeled files."
|
9085f1e4141d2f95c4f713c26dd9d42c48b9cf94 |
08-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am abd629cc: am 9add1f03: Add sysfs_type attribute to sysfs, coalesce ueventd rules. * commit 'abd629cc2ea4d25c53c9e86175e994d6fdec1354': Add sysfs_type attribute to sysfs, coalesce ueventd rules.
|
abd629cc2ea4d25c53c9e86175e994d6fdec1354 |
08-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 9add1f03: Add sysfs_type attribute to sysfs, coalesce ueventd rules. * commit '9add1f039bfd29649330e716246c01b3239bd362': Add sysfs_type attribute to sysfs, coalesce ueventd rules.
|
7e11129baf060b2104db582407a1b9aef593929d |
08-May-2014 |
Greg Hackmann <ghackmann@google.com> |
am 6a1ae20c: am 4b683d24: am 7004789d: Add policies for Atomic Display Framework * commit '6a1ae20c45a0a3dd83811261c395312d87cd2aa7': Add policies for Atomic Display Framework
|
9add1f039bfd29649330e716246c01b3239bd362 |
08-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Add sysfs_type attribute to sysfs, coalesce ueventd rules. As per the discussion in: https://android-review.googlesource.com/#/c/92903/ Add sysfs_type attribute to sysfs type so that it is included in rules on sysfs_type, allow setattr to all sysfs_type for ueventd for chown/chmod, and get rid of redundant rules. Change-Id: I1228385d5703168c3852ec75605ed8da7c99b83d Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ile.te
eventd.te
|
4ffee0ab99f2a2893f1c7d2e2b93008035e9a463 |
08-May-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to 267260112795e6313f1a07b48f550162018487a5
|
e69a32a1a83bf71654aabb0917c4eb6e2ad4bbf3 |
08-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Drop rw access to unlabeled files. Should no longer be required due to restorecon_recursive of /data by init.rc (covers everything outside of /data/data) and due to restorecon_recursive of /data/data by installd (covers /data/data directories). Move the neverallow rule on relabelto to the neverallow section. We could potentially drop this altogether, along with the relabelto_domain macro and its callers, since its motivation was to provide some safeguard in spite of allowing relabelfrom to unlabeled files for all domains and this change removes relabelfrom. unconfined still retains rw access to unlabeled, as do specific domains that are explicitly allowed it. Change-Id: Ied84f8b4b1a0896c1b9f7d783b7463ce09d4807b Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
omain.te
|
681a687a6032e060742cf57b8e1f9d122fd5afca |
08-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Drop appdomain unlabeled file execute. Should no longer be required due to restorecon_recursive of /data by init.rc (covers /data/dalvik-cache and /data/app-lib) and due to restorecon_recursive of /data/data by installd (covers /data/data directories). Change-Id: Icb217c0735852db7cca8583e381264ef8cd8839c Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
|
267260112795e6313f1a07b48f550162018487a5 |
08-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 650ae437: am 81d569cd: am 77852065: Remove platform_app shell_data_file:lnk_file read access. * commit '650ae43753f87e773d2b0e0f0a5399e4fd77d3ed': Remove platform_app shell_data_file:lnk_file read access.
|
68a69b9971f29911420c939352614391b42eb1ab |
08-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 9b76245a: am 8c836899: am 53cde700: Report graphics_device accesses by system_server or mediaserver. * commit '9b76245a9f6c8db0b2a32aa8e98b43daf4d76ae2': Report graphics_device accesses by system_server or mediaserver.
|
da47085f94312091dafe3f8efcd114dfc04750de |
08-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am a211ee2d: am d7e5ef7e: am 91a4f8d4: Label app data directories for system UID apps with a different type. * commit 'a211ee2da649f07733ca85ff8fdc5b367a15b1af': Label app data directories for system UID apps with a different type.
|
6a1ae20c45a0a3dd83811261c395312d87cd2aa7 |
08-May-2014 |
Greg Hackmann <ghackmann@google.com> |
am 4b683d24: am 7004789d: Add policies for Atomic Display Framework * commit '4b683d248f53faff9442c92ca5efa0d25a8b3db2': Add policies for Atomic Display Framework
|
4b683d248f53faff9442c92ca5efa0d25a8b3db2 |
08-May-2014 |
Greg Hackmann <ghackmann@google.com> |
am 7004789d: Add policies for Atomic Display Framework * commit '7004789de39c1e712169ac6d4c98bdbe43dcce6e': Add policies for Atomic Display Framework
|
7004789de39c1e712169ac6d4c98bdbe43dcce6e |
07-May-2014 |
Greg Hackmann <ghackmann@google.com> |
Add policies for Atomic Display Framework ADF is a modern replacement for fbdev. ADF's device nodes (/dev/adf[X]), interface nodes (/dev/adf-interface[X].[Y]), and overlay engine nodes (/dev/adf-overlay-engine[X].[Y]) are collectively used in similar contexts as fbdev nodes. Vendor HW composers (via SurfaceFlinger) and healthd will need to send R/W ioctls to these nodes to prepare and update the display. Ordinary apps should not talk to ADF directly. Change-Id: Ic0a76b1e82c0cc1e8f240f219928af1783e79343 Signed-off-by: Greg Hackmann <ghackmann@google.com>
pp.te
evice.te
ile_contexts
ealthd.te
urfaceflinger.te
|
650ae43753f87e773d2b0e0f0a5399e4fd77d3ed |
07-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 81d569cd: am 77852065: Remove platform_app shell_data_file:lnk_file read access. * commit '81d569cd039eec71edbe8ec2aca6323a533a0807': Remove platform_app shell_data_file:lnk_file read access.
|
9b76245a9f6c8db0b2a32aa8e98b43daf4d76ae2 |
07-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 8c836899: am 53cde700: Report graphics_device accesses by system_server or mediaserver. * commit '8c836899f8b361865254e5a9ec60e609a30e6b3d': Report graphics_device accesses by system_server or mediaserver.
|
a211ee2da649f07733ca85ff8fdc5b367a15b1af |
07-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am d7e5ef7e: am 91a4f8d4: Label app data directories for system UID apps with a different type. * commit 'd7e5ef7e388dc6e9fef9dff64010e6251666fbc1': Label app data directories for system UID apps with a different type.
|
81d569cd039eec71edbe8ec2aca6323a533a0807 |
07-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 77852065: Remove platform_app shell_data_file:lnk_file read access. * commit '778520650a6b3e9a1ce587da996bf50e6265d8be': Remove platform_app shell_data_file:lnk_file read access.
|
8c836899f8b361865254e5a9ec60e609a30e6b3d |
07-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 53cde700: Report graphics_device accesses by system_server or mediaserver. * commit '53cde700cda6caad25ba06092fa850ff51dd2431': Report graphics_device accesses by system_server or mediaserver.
|
d7e5ef7e388dc6e9fef9dff64010e6251666fbc1 |
07-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 91a4f8d4: Label app data directories for system UID apps with a different type. * commit '91a4f8d4fdab7df8474c2ffaa996c879166d8a4c': Label app data directories for system UID apps with a different type.
|
778520650a6b3e9a1ce587da996bf50e6265d8be |
05-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Remove platform_app shell_data_file:lnk_file read access. Not sure what denial originally motivated adding this access, but drop it and see if it resurfaces. platform_app is still permissive_or_unconfined() so this should not break anything. Change-Id: Ia4418080e3477346fa48d23b4bb5d53396ed5593 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
latform_app.te
|
53cde700cda6caad25ba06092fa850ff51dd2431 |
07-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Report graphics_device accesses by system_server or mediaserver. See if we can remove these allow rules by auditing any granting of these permissions. These rules may be a legacy of older Android or some board where the gpu device lived under /dev/graphics too. Change-Id: I5c5d99ca97402de5196d9b6dfd249294f4d95baa Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ediaserver.te
ystem_server.te
|
91a4f8d4fdab7df8474c2ffaa996c879166d8a4c |
07-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Label app data directories for system UID apps with a different type. We were using system_data_file for the /data/data directories of system UID apps to match the DAC ownership of system UID shared with other system files. However, we are seeing cases where files created in these directories must be writable by other apps, and we would like to avoid allowing write to system data files outside of these directories. So introduce a separate system_app_data_file type and assign it. This should also help protect against arbitrary writes by system UID apps to other system data directories. This resolves the following denial when cropping or taking a user photo for secondary users: avc: denied { write } for path="/data/data/com.android.settings/cache/TakeEditUserPhoto2.jpg" dev="mmcblk0p28" ino=82120 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:system_data_file:s0 tclass=file avc: denied { write } for path="/data/data/com.android.settings/cache/CropEditUserPhoto.jpg" dev="mmcblk0p30" ino=602905 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:system_data_file:s0 tclass=file Bug: 14604553 Change-Id: Ifa10e3283b07f6bd6ecc16eceeb663edfd756cea Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
ile.te
nstalld.te
eapp_contexts
ystem_app.te
|
2380e26a4079661f08e0bc27e5e6741651dfc34e |
07-May-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to 7d6ec6157b11bbea3b34cc1a97e56b88b15d7e44
|
c8733ba98de624db8bdbb6599465c3b19867aac1 |
07-May-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to 7d6ec6157b11bbea3b34cc1a97e56b88b15d7e44
|
fabb358617869988a51cc4bf7ede01fcd94a7ae0 |
06-May-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to 7d6ec6157b11bbea3b34cc1a97e56b88b15d7e44
|
ab40a516e0d9840aa565be653d42e68eaac9d6d2 |
05-May-2014 |
Nick Kralevich <nnk@google.com> |
allow untrusted_app to write to MMS files Commit 3fbc536dfd5afbce5ef45f18d0afb3516089ed88 allowed untrusted app to read radio data files passed via binder, but didn't allow write access. Write access is needed when sending MMS messages. Steps to reproduce: 1) have some photos on the device 2) Launch messaging app 3) Attach a MMS (Picture, capture video, capture picture, audio recording etc..) 4) Send EXPECTED RESULTS: No crash OBSERVED RESULTS: - Messaging crashes on sending MMS - messages are stuck in sending state Additional details: 05-05 10:14:01.196 2457 2457 W Binder_3: type=1400 audit(0.0:20): avc: denied { write } for path="/data/data/com.android.providers.telephony/app_parts/PART_1399310041183_temp.jpg" dev="mmcblk0p23" ino=604417 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:radio_data_file:s0 tclass=file 05-05 10:14:01.202 27809 28219 E JavaBinder: !!! FAILED BINDER TRANSACTION !!! 05-05 10:14:01.203 27809 28219 E PduPersister: Failed to open Input/Output stream. 05-05 10:14:01.203 27809 28219 E PduPersister: java.io.FileNotFoundException: Failed opening content provider: content://mms/part/4 05-05 10:14:01.203 27809 28219 E PduPersister: at android.content.ContentResolver.openAssetFileDescriptor(ContentResolver.java:966) 05-05 10:14:01.203 27809 28219 E PduPersister: at android.content.ContentResolver.openOutputStream(ContentResolver.java:674) 05-05 10:14:01.203 27809 28219 E PduPersister: at android.content.ContentResolver.openOutputStream(ContentResolver.java:650) 05-05 10:14:01.203 27809 28219 E PduPersister: at com.google.android.mms.pdu.PduPersister.persistData(PduPersister.java:837) 05-05 10:14:01.203 27809 28219 E PduPersister: at com.google.android.mms.pdu.PduPersister.persistPart(PduPersister.java:761) 05-05 10:14:01.203 27809 28219 E PduPersister: at com.google.android.mms.pdu.PduPersister.persist(PduPersister.java:1398) 05-05 10:14:01.203 27809 28219 E PduPersister: at com.android.mms.data.WorkingMessage.createDraftMmsMessage(WorkingMessage.java:1577) 05-05 10:14:01.203 27809 28219 E PduPersister: at com.android.mms.data.WorkingMessage.sendMmsWorker(WorkingMessage.java:1431) 05-05 10:14:01.203 27809 28219 E PduPersister: at com.android.mms.data.WorkingMessage.access$700(WorkingMessage.java:82) 05-05 10:14:01.203 27809 28219 E PduPersister: at com.android.mms.data.WorkingMessage$2.run(WorkingMessage.java:1228) 05-05 10:14:01.203 27809 28219 E PduPersister: at java.lang.Thread.run(Thread.java:818) 05-05 10:14:01.221 27809 28219 E AndroidRuntime: FATAL EXCEPTION: WorkingMessage.send MMS 05-05 10:14:01.221 27809 28219 E AndroidRuntime: Process: com.android.mms, PID: 27809 05-05 10:14:01.221 27809 28219 E AndroidRuntime: java.lang.NullPointerException: Attempt to invoke virtual method 'java.lang.String android.net.Uri.getLastPathSegment()' on a null object reference 05-05 10:14:01.221 27809 28219 E AndroidRuntime: at android.content.ContentUris.parseId(ContentUris.java:85) 05-05 10:14:01.221 27809 28219 E AndroidRuntime: at com.android.mms.model.SlideshowModel.finalResize(SlideshowModel.java:691) 05-05 10:14:01.221 27809 28219 E AndroidRuntime: at com.android.mms.data.WorkingMessage.sendMmsWorker(WorkingMessage.java:1448) 05-05 10:14:01.221 27809 28219 E AndroidRuntime: at com.android.mms.data.WorkingMessage.access$700(WorkingMessage.java:82) 05-05 10:14:01.221 27809 28219 E AndroidRuntime: at com.android.mms.data.WorkingMessage$2.run(WorkingMessage.java:1228) 05-05 10:14:01.221 27809 28219 E AndroidRuntime: at java.lang.Thread.run(Thread.java:818) 05-05 10:14:01.222 659 5253 W ActivityManager: Force finishing activity com.android.mms/.ui.ComposeMessageActivity Bug: 14562421 Change-Id: Iba6914eeec4bf0c8c04ee83584327a4824c0a9a9
pp.te
|
7d6ec6157b11bbea3b34cc1a97e56b88b15d7e44 |
05-May-2014 |
Nick Kralevich <nnk@google.com> |
am 5064a059: am 46de9898: am 2aed6d89: Merge "Make su a net domain." * commit '5064a059965ca021d0aba26b47204c75faac1064': Make su a net domain.
|
5064a059965ca021d0aba26b47204c75faac1064 |
05-May-2014 |
Nick Kralevich <nnk@google.com> |
am 46de9898: am 2aed6d89: Merge "Make su a net domain." * commit '46de9898a8bbe301629ee5203bd20dc6c2e28e4a': Make su a net domain.
|
46de9898a8bbe301629ee5203bd20dc6c2e28e4a |
05-May-2014 |
Nick Kralevich <nnk@google.com> |
am 2aed6d89: Merge "Make su a net domain." * commit '2aed6d8991b06ec310cc16269c350bdf28a13845': Make su a net domain.
|
2aed6d8991b06ec310cc16269c350bdf28a13845 |
05-May-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Make su a net domain."
|
0d66d29618fd588f8d1ae6b3bae46187c449b491 |
05-May-2014 |
Nick Kralevich <nnk@google.com> |
am 75d969a1: am e8d685b3: am 557fe2ab: Merge "Escape dot (.) when it is intended to be literal." * commit '75d969a1b972ef6ef2cee94c5909f000c41fba75': Escape dot (.) when it is intended to be literal.
|
75d969a1b972ef6ef2cee94c5909f000c41fba75 |
05-May-2014 |
Nick Kralevich <nnk@google.com> |
am e8d685b3: am 557fe2ab: Merge "Escape dot (.) when it is intended to be literal." * commit 'e8d685b36b0e3ccbf02192c32688301be8818fb9': Escape dot (.) when it is intended to be literal.
|
016d0a6ed14f4e8252939d29bb2f824cf396ba6d |
05-May-2014 |
Nick Kralevich <nnk@google.com> |
am 3179852f: am 47a0e1b3: am 1545b606: allow untrusted_app to write to MMS files * commit '3179852f4abb9c88429abce898273d2cc5dbce65': allow untrusted_app to write to MMS files
|
e8d685b36b0e3ccbf02192c32688301be8818fb9 |
05-May-2014 |
Nick Kralevich <nnk@google.com> |
am 557fe2ab: Merge "Escape dot (.) when it is intended to be literal." * commit '557fe2abd6987585bb2b14a2b9d966e714eee8aa': Escape dot (.) when it is intended to be literal.
|
3179852f4abb9c88429abce898273d2cc5dbce65 |
05-May-2014 |
Nick Kralevich <nnk@google.com> |
am 47a0e1b3: am 1545b606: allow untrusted_app to write to MMS files * commit '47a0e1b37e9750e4f69e7431cb46dd899f275e9b': allow untrusted_app to write to MMS files
|
47a0e1b37e9750e4f69e7431cb46dd899f275e9b |
05-May-2014 |
Nick Kralevich <nnk@google.com> |
am 1545b606: allow untrusted_app to write to MMS files * commit '1545b6061518bac473cf93af576cbea12a992298': allow untrusted_app to write to MMS files
|
557fe2abd6987585bb2b14a2b9d966e714eee8aa |
05-May-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Escape dot (.) when it is intended to be literal."
|
812f7d90d250578d3e9e275406ba5ae0a2775e79 |
05-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Escape dot (.) when it is intended to be literal. Otherwise it is treated as a regex and matches any character. Change-Id: I9e23f01b0e104d3ef57993fd1a3d9a5b13201910 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ile_contexts
|
1545b6061518bac473cf93af576cbea12a992298 |
05-May-2014 |
Nick Kralevich <nnk@google.com> |
allow untrusted_app to write to MMS files Commit 3fbc536dfd5afbce5ef45f18d0afb3516089ed88 allowed untrusted app to read radio data files passed via binder, but didn't allow write access. Write access is needed when sending MMS messages. Steps to reproduce: 1) have some photos on the device 2) Launch messaging app 3) Attach a MMS (Picture, capture video, capture picture, audio recording etc..) 4) Send EXPECTED RESULTS: No crash OBSERVED RESULTS: - Messaging crashes on sending MMS - messages are stuck in sending state Additional details: 05-05 10:14:01.196 2457 2457 W Binder_3: type=1400 audit(0.0:20): avc: denied { write } for path="/data/data/com.android.providers.telephony/app_parts/PART_1399310041183_temp.jpg" dev="mmcblk0p23" ino=604417 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:radio_data_file:s0 tclass=file 05-05 10:14:01.202 27809 28219 E JavaBinder: !!! FAILED BINDER TRANSACTION !!! 05-05 10:14:01.203 27809 28219 E PduPersister: Failed to open Input/Output stream. 05-05 10:14:01.203 27809 28219 E PduPersister: java.io.FileNotFoundException: Failed opening content provider: content://mms/part/4 05-05 10:14:01.203 27809 28219 E PduPersister: at android.content.ContentResolver.openAssetFileDescriptor(ContentResolver.java:966) 05-05 10:14:01.203 27809 28219 E PduPersister: at android.content.ContentResolver.openOutputStream(ContentResolver.java:674) 05-05 10:14:01.203 27809 28219 E PduPersister: at android.content.ContentResolver.openOutputStream(ContentResolver.java:650) 05-05 10:14:01.203 27809 28219 E PduPersister: at com.google.android.mms.pdu.PduPersister.persistData(PduPersister.java:837) 05-05 10:14:01.203 27809 28219 E PduPersister: at com.google.android.mms.pdu.PduPersister.persistPart(PduPersister.java:761) 05-05 10:14:01.203 27809 28219 E PduPersister: at com.google.android.mms.pdu.PduPersister.persist(PduPersister.java:1398) 05-05 10:14:01.203 27809 28219 E PduPersister: at com.android.mms.data.WorkingMessage.createDraftMmsMessage(WorkingMessage.java:1577) 05-05 10:14:01.203 27809 28219 E PduPersister: at com.android.mms.data.WorkingMessage.sendMmsWorker(WorkingMessage.java:1431) 05-05 10:14:01.203 27809 28219 E PduPersister: at com.android.mms.data.WorkingMessage.access$700(WorkingMessage.java:82) 05-05 10:14:01.203 27809 28219 E PduPersister: at com.android.mms.data.WorkingMessage$2.run(WorkingMessage.java:1228) 05-05 10:14:01.203 27809 28219 E PduPersister: at java.lang.Thread.run(Thread.java:818) 05-05 10:14:01.221 27809 28219 E AndroidRuntime: FATAL EXCEPTION: WorkingMessage.send MMS 05-05 10:14:01.221 27809 28219 E AndroidRuntime: Process: com.android.mms, PID: 27809 05-05 10:14:01.221 27809 28219 E AndroidRuntime: java.lang.NullPointerException: Attempt to invoke virtual method 'java.lang.String android.net.Uri.getLastPathSegment()' on a null object reference 05-05 10:14:01.221 27809 28219 E AndroidRuntime: at android.content.ContentUris.parseId(ContentUris.java:85) 05-05 10:14:01.221 27809 28219 E AndroidRuntime: at com.android.mms.model.SlideshowModel.finalResize(SlideshowModel.java:691) 05-05 10:14:01.221 27809 28219 E AndroidRuntime: at com.android.mms.data.WorkingMessage.sendMmsWorker(WorkingMessage.java:1448) 05-05 10:14:01.221 27809 28219 E AndroidRuntime: at com.android.mms.data.WorkingMessage.access$700(WorkingMessage.java:82) 05-05 10:14:01.221 27809 28219 E AndroidRuntime: at com.android.mms.data.WorkingMessage$2.run(WorkingMessage.java:1228) 05-05 10:14:01.221 27809 28219 E AndroidRuntime: at java.lang.Thread.run(Thread.java:818) 05-05 10:14:01.222 659 5253 W ActivityManager: Force finishing activity com.android.mms/.ui.ComposeMessageActivity Bug: 14562421 Change-Id: Iba6914eeec4bf0c8c04ee83584327a4824c0a9a9
pp.te
|
91b187a28db24cead5554602b32b77e9ccfcb6e8 |
05-May-2014 |
dcashman <dcashman@google.com> |
am 3216c164: am 5387e25a: am f6e3586c: Merge "Remove specifycapabilities permission." * commit '3216c164522efc11b8d9c1dd0bd5b3234b4a4e1d': Remove specifycapabilities permission.
|
3216c164522efc11b8d9c1dd0bd5b3234b4a4e1d |
05-May-2014 |
dcashman <dcashman@google.com> |
am 5387e25a: am f6e3586c: Merge "Remove specifycapabilities permission." * commit '5387e25a4dc5b7fd965d5895b235b5d82db2f84a': Remove specifycapabilities permission.
|
5387e25a4dc5b7fd965d5895b235b5d82db2f84a |
05-May-2014 |
dcashman <dcashman@google.com> |
am f6e3586c: Merge "Remove specifycapabilities permission." * commit 'f6e3586c53dbafc8286e71a181a311097b285c70': Remove specifycapabilities permission.
|
f6e3586c53dbafc8286e71a181a311097b285c70 |
05-May-2014 |
dcashman <dcashman@google.com> |
Merge "Remove specifycapabilities permission."
|
5b8065760b1ddad7ae0c29f3bf317b5feb604373 |
05-May-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to 97b4781320752916aac9ca78f2d071f2c846446c
|
42d449b96e146f1149ee1f79dbb7cf61868fb33d |
04-May-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to 97b4781320752916aac9ca78f2d071f2c846446c
|
a00c495158478edeee7a06fa3614b183c82e27ee |
03-May-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to 97b4781320752916aac9ca78f2d071f2c846446c
|
c4db82cf85feccb81d0c3625fde440523323c634 |
03-May-2014 |
dcashman <dcashman@google.com> |
Remove specifycapabilities permission. specifycapabilities is no longer specified by the zygote userspace manager. It was removed in commit: 42a4bb5730266f80585e67262c73505d0bfffbf8. Remove this permission from policy. Change-Id: I866a25b590a375a68de6eec9af1b3ef779889985
ccess_vectors
|
bc320187b912c6c00fedde1fc3f89f74924f06bd |
02-May-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Make su a net domain. Change-Id: Ied6e6eba4895524cf8b442694cc48ef2d6f9a811
u.te
|
97b4781320752916aac9ca78f2d071f2c846446c |
01-May-2014 |
Nick Kralevich <nnk@google.com> |
am 46c9915e: resolved conflicts for merge of 60a89a7e to klp-modular-dev-plus-aosp * commit '46c9915eb315fc46df3ee831553476cb1d752325': DO NOT MERGE: Allow shell debugfs read access
|
46c9915eb315fc46df3ee831553476cb1d752325 |
01-May-2014 |
Nick Kralevich <nnk@google.com> |
resolved conflicts for merge of 60a89a7e to klp-modular-dev-plus-aosp Change-Id: Iad51850a3a5d83277d9829dc9b98680abaf8ebc9
|
60a89a7e751eaf44263f76a6a8cde97cd75b60d7 |
30-Apr-2014 |
Nick Kralevich <nnk@google.com> |
DO NOT MERGE: Allow shell debugfs read access Developers should be able to use systrace with user builds. This requires read access to /sys/kernel/debug/tracing/trace, otherwise the following error occurs: $ atrace capturing trace... done TRACE: error opening /sys/kernel/debug/tracing/trace: Permission denied (13) with the following SELinux denial: <4>[ 79.830542] type=1400 audit(11940551.039:8): avc: denied { read } for pid=1156 comm="atrace" name="trace" dev="debugfs" ino=3024 scontext=u:r:shell:s0 tcontext=u:object_r:debugfs:s0 tclass=file At least on the kernel I've tested this on, debugfs doesn't support setting SELinux file labels. Grant read access to all of debugfs to work around this limitation. Bug: 13904660 Change-Id: Ic494bfccafc8f6887c8a4c8278b91245459aea41
helldomain.te
|
74993e78545c80196573225e96975546507f5b0a |
01-May-2014 |
Ruchi Kandoi <kandoiruchi@google.com> |
am 219ae9f7: am d0ac72be: am 0a333759: ueventd: Adds permission to ueventd to access sysfs file * commit '219ae9f7de1caf5ba76070d7d7394ce7e9e16233': ueventd: Adds permission to ueventd to access sysfs file
|
219ae9f7de1caf5ba76070d7d7394ce7e9e16233 |
01-May-2014 |
Ruchi Kandoi <kandoiruchi@google.com> |
am d0ac72be: am 0a333759: ueventd: Adds permission to ueventd to access sysfs file * commit 'd0ac72bed852d880212de78234e47ef91dc1b357': ueventd: Adds permission to ueventd to access sysfs file
|
d0ac72bed852d880212de78234e47ef91dc1b357 |
01-May-2014 |
Ruchi Kandoi <kandoiruchi@google.com> |
am 0a333759: ueventd: Adds permission to ueventd to access sysfs file * commit '0a3337595dcc9f432139790baef97dc5b0863094': ueventd: Adds permission to ueventd to access sysfs file
|
0a3337595dcc9f432139790baef97dc5b0863094 |
30-Apr-2014 |
Ruchi Kandoi <kandoiruchi@google.com> |
ueventd: Adds permission to ueventd to access sysfs file Need this for changing max_cpufreq for the low power mode. Denials: type=1400 audit(1398818907.151:48): avc: denied { relabelfrom } for pid=129 comm="ueventd" name="scaling_max_freq" dev="sysfs" ino=19866 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs:s0 tclass=file type=1400 audit(118521.050:11): avc: denied { setattr } for pid=130 comm="ueventd" name="scaling_min_freq" dev="sysfs" ino=9178 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=file Change required for Change-Id: Ibe0b4aaf3db555ed48e89a7fcd0c5fd3a18cf233 Change-Id: I93feee65b1535ac048acf3bc7fba9f5d1bdb2bd2 Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com>
eventd.te
|
398e5ebff9537ab8f90cde7c50858cae5c72d6f7 |
01-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am e710aeef: am 7e41fcb2: am 3a4eb96b: Make the untrusted_app domain enforcing. * commit 'e710aeefca767077fd29300db4446773cca832a6': Make the untrusted_app domain enforcing.
|
e710aeefca767077fd29300db4446773cca832a6 |
01-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 7e41fcb2: am 3a4eb96b: Make the untrusted_app domain enforcing. * commit '7e41fcb2c43c5d20d4a4144a4693e4f199d546ba': Make the untrusted_app domain enforcing.
|
7e41fcb2c43c5d20d4a4144a4693e4f199d546ba |
01-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 3a4eb96b: Make the untrusted_app domain enforcing. * commit '3a4eb96b2a462dd68636c749cec47723fd8dc51f': Make the untrusted_app domain enforcing.
|
3a4eb96b2a462dd68636c749cec47723fd8dc51f |
01-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make the untrusted_app domain enforcing. Change-Id: I4811da972f7e23ef86e04d05400169422fbaca35 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ntrusted_app.te
|
646f96c83798e26cadc767b29170073f586bb2c6 |
01-May-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to 51b38590fdafd53d4fc5ca8b11f2dc9394d89f1e
|
51b38590fdafd53d4fc5ca8b11f2dc9394d89f1e |
01-May-2014 |
Narayan Kamath <narayan@google.com> |
am 8b796ade: am f4fc0c17: am 99499dc0: Merge "Change zygote sepolicy whitelist." * commit '8b796adeeb246719a7cd6d6db2fdebbc51fb60cd': Change zygote sepolicy whitelist.
|
8b796adeeb246719a7cd6d6db2fdebbc51fb60cd |
01-May-2014 |
Narayan Kamath <narayan@google.com> |
am f4fc0c17: am 99499dc0: Merge "Change zygote sepolicy whitelist." * commit 'f4fc0c17838db77c9cfefc39c749c2cfe4dfbe91': Change zygote sepolicy whitelist.
|
f4fc0c17838db77c9cfefc39c749c2cfe4dfbe91 |
01-May-2014 |
Narayan Kamath <narayan@google.com> |
am 99499dc0: Merge "Change zygote sepolicy whitelist." * commit '99499dc0396df0e03eda4b6085cbde38658a8c2f': Change zygote sepolicy whitelist.
|
99499dc0396df0e03eda4b6085cbde38658a8c2f |
01-May-2014 |
Narayan Kamath <narayan@google.com> |
Merge "Change zygote sepolicy whitelist."
|
3a06a72c162b13e6dded392cc541ddd3032ff8ad |
28-Apr-2014 |
Narayan Kamath <narayan@google.com> |
Change zygote sepolicy whitelist. Allow the zygote to create instruction set specific directories under /data/dalvik-cache and to change their owner to the system UID. These subdirectories are required in order to support instruction set specific dex caches on devices that support multiple instruction sets. We can't ask init to create these directories for us, because init doesn't have any knowledge about the list of runtime instruction sets the device supports. The owner needs to be system because the package manager (running in the system_server) is allowed to manipulate files under this directory. (cherry picked from commit 032e5b0ae1ff14f9f9eeb6b7b749307124b49e1a) Change-Id: I3a85e8a6b4eed003a93490e7b93a4fd68c41a361
ygote.te
|
10227cf8013c3ccc8bb1836b43abf78417914540 |
01-May-2014 |
Nick Kralevich <nnk@google.com> |
am c950fcb0: resolved conflicts for merge of b55ebfb0 to klp-modular-dev-plus-aosp * commit 'c950fcb043559156f74bd136305b90e33e654678': DO NOT MERGE: Ensure that /data/misc/wifi/sockets is always labeled wpa_socket.
|
ad7e08a5390d131d002afda4dca4562b4ed254d9 |
01-May-2014 |
Nick Kralevich <nnk@google.com> |
am 5c7d3a98: resolved conflicts for merge of 5086de28 to klp-modular-dev-plus-aosp * commit '5c7d3a983ff716c4c7c56729250432159ebd869b': DO NOT MERGE: Update hostapd domain for /data/misc/wifi/sockets label change.
|
33eae878e8e9841af246591f7b27fd538251d0dc |
01-May-2014 |
Nick Kralevich <nnk@google.com> |
am b4a5de10: am c1995700: am 0e06c137: Allow shell debugfs read access * commit 'b4a5de107e26009debf9f00adb064b63f02f8e41': Allow shell debugfs read access
|
d7499116633b46303b9198667203841945fb0fd9 |
01-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 7824b128: (-s ours) am ad10d108: DO NOT MERGE: partial backport of 08461cb03948e911090a4ab32954ccac67d6409e * commit '7824b1281c86c9b55d414f3ed0a8097e9896769d': DO NOT MERGE: partial backport of 08461cb03948e911090a4ab32954ccac67d6409e
|
c950fcb043559156f74bd136305b90e33e654678 |
01-May-2014 |
Nick Kralevich <nnk@google.com> |
resolved conflicts for merge of b55ebfb0 to klp-modular-dev-plus-aosp Change-Id: I22b88db2843d357506ced0ba9868ba69ea025b5c
|
5c7d3a983ff716c4c7c56729250432159ebd869b |
01-May-2014 |
Nick Kralevich <nnk@google.com> |
resolved conflicts for merge of 5086de28 to klp-modular-dev-plus-aosp Change-Id: I211bcc27e3fe993ef61866b0c59676a4c5f07725
|
b55ebfb076938d9292aa5aded1fe51c59c103947 |
21-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
DO NOT MERGE: Ensure that /data/misc/wifi/sockets is always labeled wpa_socket. It appears that wpa_supplicant tries to rmdir /data/misc/wifi/sockets and re-create it at times, so make sure that it remains labeled correctly when re-created in this manner via a name-based type transition rule. Do the same for hostapd as it also has permissions for creating/removing this directory. <5>[83921.800071] type=1400 audit(1392997522.105:26): avc: denied { rmdir } for pid=3055 comm="wpa_supplicant" name="sockets" dev="mmcblk0p28" ino=618957 scontext=u:r:wpa:s0 tcontext=u:object_r:wpa_socket:s0 tclass=dir We no longer need the type_transition for sock_file as it will inherit the type from the parent directory which is set via restorecon_recursive /data/misc/wifi/sockets or via type_transition, so drop it. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> (cherry picked from commit 7ade68d797a83b8f4e5162f523f4caa0f246ff03) Change-Id: Ie3e2f4c14ce29a63634aa4049ab47f2624e93310
ostapd.te
pa_supplicant.te
|
5086de28a5bd6ec8a447e99c9b4ffde27d402734 |
11-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
DO NOT MERGE: Update hostapd domain for /data/misc/wifi/sockets label change. Change I9e35cc93abf89ce3594860aa3193f84a3b42ea6e changed the type on /data/misc/wifi/sockets to wpa_socket and change I51b09c5e40946673a38732ea9f601b2d047d3b62 fixed the type on existing devices. Consequently hostapd now needs access to wpa_socket dir and sock_file. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> (cherry picked from commit f20673712b07f585de0cd6e6e8f542e866ad54bc) Change-Id: I58dd3d5927e6cf9e349dc7584df499521d49afb1
ostapd.te
|
b4a5de107e26009debf9f00adb064b63f02f8e41 |
30-Apr-2014 |
Nick Kralevich <nnk@google.com> |
am c1995700: am 0e06c137: Allow shell debugfs read access * commit 'c1995700346ec42b210035e58661f9791891043f': Allow shell debugfs read access
|
c1995700346ec42b210035e58661f9791891043f |
30-Apr-2014 |
Nick Kralevich <nnk@google.com> |
am 0e06c137: Allow shell debugfs read access * commit '0e06c13784e50183401ca95fed2be49b0ead26fd': Allow shell debugfs read access
|
7824b1281c86c9b55d414f3ed0a8097e9896769d |
30-Apr-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am ad10d108: DO NOT MERGE: partial backport of 08461cb03948e911090a4ab32954ccac67d6409e * commit 'ad10d10849214dc47f7e7fa1af04d95a47b1ff9a': DO NOT MERGE: partial backport of 08461cb03948e911090a4ab32954ccac67d6409e
|
ad10d10849214dc47f7e7fa1af04d95a47b1ff9a |
18-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
DO NOT MERGE: partial backport of 08461cb03948e911090a4ab32954ccac67d6409e Original change: Allow netd-spawned domains to use inherited netd unix_dgram_socket. Resolves denials such as: avc: denied { read write } for pid=4346 comm="hostapd" path="socket:[7874]" dev="sockfs" ino=7874 scontext=u:r:hostapd:s0 tcontext=u:r:netd:s0 tclass=unix_dgram_socket avc: denied { read write } for pid=4348 comm="dnsmasq" path="socket:[7874]" dev="sockfs" ino=7874 scontext=u:r:dnsmasq:s0 tcontext=u:r:netd:s0 tclass=unix_dgram_socket Change-Id: Iebbbf8f9f31b56ec5b158dda93101472c25e638d Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ostapd.te
|
0e06c13784e50183401ca95fed2be49b0ead26fd |
30-Apr-2014 |
Nick Kralevich <nnk@google.com> |
Allow shell debugfs read access Developers should be able to use systrace with user builds. This requires read access to /sys/kernel/debug/tracing/trace, otherwise the following error occurs: $ atrace capturing trace... done TRACE: error opening /sys/kernel/debug/tracing/trace: Permission denied (13) with the following SELinux denial: <4>[ 79.830542] type=1400 audit(11940551.039:8): avc: denied { read } for pid=1156 comm="atrace" name="trace" dev="debugfs" ino=3024 scontext=u:r:shell:s0 tcontext=u:object_r:debugfs:s0 tclass=file At least on the kernel I've tested this on, debugfs doesn't support setting SELinux file labels. Grant read access to all of debugfs to work around this limitation. Bug: 13904660 Change-Id: Ib58e98972c5012e9b34fec9e0a6094641638cd9a
helldomain.te
|
5768b889ed6d5552a06c31cdd1229323c4b164ef |
30-Apr-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to d8d500c17787a2ea61e19fe9942d1319f0587024
|
d8d500c17787a2ea61e19fe9942d1319f0587024 |
30-Apr-2014 |
Narayan Kamath <narayan@google.com> |
Merge "Change zygote sepolicy whitelist."
|
d8e0785ce1d7567f71ef6c4705d8ef5e55c80321 |
30-Apr-2014 |
Bill Yi <byi@google.com> |
am e5ea7a84: am 54a54911: Merge commit \'645a7c44d975e70583e21694a8506f8a42839882\' into HEAD * commit 'e5ea7a84ba6e1440b0b712c9c7c2c8cf2dccb082':
|
e5ea7a84ba6e1440b0b712c9c7c2c8cf2dccb082 |
30-Apr-2014 |
Bill Yi <byi@google.com> |
am 54a54911: Merge commit \'645a7c44d975e70583e21694a8506f8a42839882\' into HEAD * commit '54a54911add1965f8b3183f7b1b2c5074bfea12d':
|
54a54911add1965f8b3183f7b1b2c5074bfea12d |
29-Apr-2014 |
Bill Yi <byi@google.com> |
Merge commit '645a7c44d975e70583e21694a8506f8a42839882' into HEAD
|
032e5b0ae1ff14f9f9eeb6b7b749307124b49e1a |
28-Apr-2014 |
Narayan Kamath <narayan@google.com> |
Change zygote sepolicy whitelist. Allow the zygote to create instruction set specific directories under /data/dalvik-cache and to change their owner to the system UID. These subdirectories are required in order to support instruction set specific dex caches on devices that support multiple instruction sets. We can't ask init to create these directories for us, because init doesn't have any knowledge about the list of runtime instruction sets the device supports. The owner needs to be system because the package manager (running in the system_server) is allowed to manipulate files under this directory. Change-Id: Ibb248d198d4430ef8bc494111a60d537c7d04784
ygote.te
|
ea729286d6d011cf76a7155c2bfeb7e14949c9da |
29-Apr-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to 0372f60bad17111d15466adb179a2dc85c875e9a
|
0372f60bad17111d15466adb179a2dc85c875e9a |
28-Apr-2014 |
Jeff Sharkey <jsharkey@android.com> |
am c04432b7: am 6838cd54: Let installd dexopt OEM apps. * commit 'c04432b714874dea5225b0f9036c25b59c3ae97c': Let installd dexopt OEM apps.
|
bb4924249e29270feb8ce766e30a41fea15dc1f4 |
28-Apr-2014 |
Jeff Sharkey <jsharkey@android.com> |
am ea591494: am 6736bac2: Define types for an OEM-provided filesystem. * commit 'ea5914943281c859bd1d75730e61a742b9281e5d': Define types for an OEM-provided filesystem.
|
c04432b714874dea5225b0f9036c25b59c3ae97c |
28-Apr-2014 |
Jeff Sharkey <jsharkey@android.com> |
am 6838cd54: Let installd dexopt OEM apps. * commit '6838cd54e70869643c54cd0a530defbe4dafca41': Let installd dexopt OEM apps.
|
ea5914943281c859bd1d75730e61a742b9281e5d |
28-Apr-2014 |
Jeff Sharkey <jsharkey@android.com> |
am 6736bac2: Define types for an OEM-provided filesystem. * commit '6736bac21870bdc8bb6098ddffdb70103f7bc2a3': Define types for an OEM-provided filesystem.
|
b5dafd871bec219860edf288ef08f24edd5fcd08 |
28-Apr-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to 266796eba55398a5371abed76a2de1ae92b5a22f
|
536855b949022a34bd32799e100c561ed4d904d7 |
27-Apr-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to 266796eba55398a5371abed76a2de1ae92b5a22f
|
03d168a8775a995a07e7e0d5da80214d10796f6e |
26-Apr-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to 266796eba55398a5371abed76a2de1ae92b5a22f
|
6838cd54e70869643c54cd0a530defbe4dafca41 |
25-Apr-2014 |
Jeff Sharkey <jsharkey@android.com> |
Let installd dexopt OEM apps. avc: denied { search } for pid=118 comm="installd" name="/" dev="mmcblk0p12" ino=2 scontext=u:r:installd:s0 tcontext=u:object_r:oemfs:s0 tclass=dir Bug: 13340779 Change-Id: Id42f45080ba2c736921691dadfdfa429cf006663
nstalld.te
|
6736bac21870bdc8bb6098ddffdb70103f7bc2a3 |
24-Apr-2014 |
Jeff Sharkey <jsharkey@android.com> |
Define types for an OEM-provided filesystem. Bug: 13340779 Change-Id: I6151b6b61ddf90327d51815d13fd65be561be587
pp.te
ile.te
|
08010ef36ef8183cb57f2f94f26ab5ba983b231f |
24-Apr-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to 266796eba55398a5371abed76a2de1ae92b5a22f
|
87e38466f6fa640a3fa4e346dfb4a759cab39b6a |
22-Apr-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
266796eba55398a5371abed76a2de1ae92b5a22f |
21-Apr-2014 |
Nick Kralevich <nnk@google.com> |
am 1f21ff58: am fd783d1b: Merge "Audit accesses on unlabeled files." * commit '1f21ff58e39ac7f800612d2f848a84423e2f3d33': Audit accesses on unlabeled files.
|
1f21ff58e39ac7f800612d2f848a84423e2f3d33 |
21-Apr-2014 |
Nick Kralevich <nnk@google.com> |
am fd783d1b: Merge "Audit accesses on unlabeled files." * commit 'fd783d1b1ff346c9c94d95d488fea61871d3d0e6': Audit accesses on unlabeled files.
|
fd783d1b1ff346c9c94d95d488fea61871d3d0e6 |
21-Apr-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Audit accesses on unlabeled files."
|
c91723563832d93e2e2adf16e5ab9c8a86b36bce |
19-Apr-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
109c0d7412b7eea0b0ea62d070a627d3007248c8 |
18-Apr-2014 |
Nick Kralevich <nnk@google.com> |
am 23e2f7b7: am 5bbdb533: Merge "Allow vold to access keymaster" * commit '23e2f7b7a9f6e3e574c7069ad33d64632edfde84': Allow vold to access keymaster
|
23e2f7b7a9f6e3e574c7069ad33d64632edfde84 |
18-Apr-2014 |
Nick Kralevich <nnk@google.com> |
am 5bbdb533: Merge "Allow vold to access keymaster" * commit '5bbdb533285653f4241b5c520dc09acf75ee4d15': Allow vold to access keymaster
|
b007b4e57c63cd02c704698bce00fb374428b629 |
14-Apr-2014 |
Paul Lawrence <paullawrence@google.com> |
Allow vold to access keymaster Bug: 9467042 (cherry picked from commit d7567118e92c7482d6a70c33d78af4cee2ddaef1) Change-Id: Ic6ef6031149287c863714ca370a42fd8b1efe93c
old.te
|
5bbdb533285653f4241b5c520dc09acf75ee4d15 |
18-Apr-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Allow vold to access keymaster"
|
2562843425bb5f13e42b8605a1568308c6faff71 |
18-Apr-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Audit accesses on unlabeled files. To see whether we can safely remove these allow rules on unlabeled files since we now have restorecon_recursive /data in init.rc to fully relabel legacy userdata partitions, audit all accesses on such files. Exclude the init domain since it performs the restorecon_recursive /data and therefore will read unlabeled directories, stat unlabeled files, and relabel unlabeled directories and files on upgrade. init may also create/write unlabeled files in /data prior to the restorecon_recursive /data being called. Exclude the kernel domain for search on unlabeled:dir as this happens during cgroup filesystem initialization in the kernel as a side effect of populating the cgroup directory during the superblock initialization before SELinux has set the label on the root directory. Change-Id: Ieb5d807f529db9a4bf3e6c93e6b37c9648c04633 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
omain.te
|
e36cf1cdd09da0703bc0cb642444c44b2b786cdc |
17-Apr-2014 |
Nick Kralevich <nnk@google.com> |
am 62f2053c: am fd352f11: Allow surfaceflinger to make binder call to bootanim * commit '62f2053c59b14c8e3ad266d8496a11a6cd184068': Allow surfaceflinger to make binder call to bootanim
|
62f2053c59b14c8e3ad266d8496a11a6cd184068 |
17-Apr-2014 |
Nick Kralevich <nnk@google.com> |
am fd352f11: Allow surfaceflinger to make binder call to bootanim * commit 'fd352f11e0bf2bc150166e9a7c1b9c5e197055ca': Allow surfaceflinger to make binder call to bootanim
|
1ab837756f112286b45a18e8bec1ac0bef0b446f |
17-Apr-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
fd352f11e0bf2bc150166e9a7c1b9c5e197055ca |
17-Apr-2014 |
Nick Kralevich <nnk@google.com> |
Allow surfaceflinger to make binder call to bootanim When SurfaceFlinger -- or any BufferQueue consumer -- releases a buffer, the BufferQueue calls back into the producer side in case the producer cares. This results in a notification from surfaceflinger to bootanim. This callback started in d1c103655533321b5c74fbefff656838a8196153. Addresses the following denial: 6.164348 type=1400 audit(1397612702.010:5): avc: denied { call } for pid=128 comm="surfaceflinger" scontext=u:r:surfaceflinger:s0 tcontext=u:r:bootanim:s0 tclass=binder Change-Id: I6f2d62a3ed81fde45150d2ae3ff05822bfda33fe
urfaceflinger.te
|
7d2318fa5ba38c6eecafdb9341b7b8c4bbdab5f4 |
16-Apr-2014 |
Nick Kralevich <nnk@google.com> |
am a6921cb4: am d434d601: Merge "Label /dev/usb-ffs/adb functionfs" * commit 'a6921cb4cc6eef069668f80a923f3dba16ce9f0e': Label /dev/usb-ffs/adb functionfs
|
835b429c34e7e79655275b564fe2bdb5a21803be |
16-Apr-2014 |
Nick Kralevich <nnk@google.com> |
am 204a6e20: am 3f3d6ffb: Allow system_server pstore access. * commit '204a6e2003fe3a67f6ba5c1ff728fa9d2821f5b9': Allow system_server pstore access.
|
a6921cb4cc6eef069668f80a923f3dba16ce9f0e |
16-Apr-2014 |
Nick Kralevich <nnk@google.com> |
am d434d601: Merge "Label /dev/usb-ffs/adb functionfs" * commit 'd434d601f75f2ce6cd1aba45ee2993c9f3336142': Label /dev/usb-ffs/adb functionfs
|
204a6e2003fe3a67f6ba5c1ff728fa9d2821f5b9 |
16-Apr-2014 |
Nick Kralevich <nnk@google.com> |
am 3f3d6ffb: Allow system_server pstore access. * commit '3f3d6ffb7ee98116404e4a85ad027a98b70c2331': Allow system_server pstore access.
|
d434d601f75f2ce6cd1aba45ee2993c9f3336142 |
16-Apr-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Label /dev/usb-ffs/adb functionfs"
|
77cc05502f34090c4daaf06c92692bd3b85a861c |
15-Apr-2014 |
Nick Kralevich <nnk@google.com> |
Label /dev/usb-ffs/adb functionfs Newer adbd versions use functionfs instead of a custom adb usb gadget. Make sure the functionfs filesystem is properly labeled, and that adbd has access to the functionfs files. Once labeled, this addresses the following denials: <12>[ 16.127191] type=1400 audit(949060866.189:4): avc: denied { read write } for pid=223 comm="adbd" name="ep0" dev="functionfs" ino=5489 scontext=u:r:adbd:s0 tcontext=u:object_r:functionfs:s0 tclass=file <12>[ 16.127406] type=1400 audit(949060866.189:5): avc: denied { open } for pid=223 comm="adbd" path="/dev/usb-ffs/adb/ep0" dev="functionfs" ino=5489 scontext=u:r:adbd:s0 tcontext=u:object_r:functionfs:s0 tclass=file <12>[ 377.366011] type=1400 audit(949061227.419:16): avc: denied { ioctl } for pid=225 comm="adbd" path="/dev/usb-ffs/adb/ep2" dev="functionfs" ino=5564 scontext=u:r:adbd:s0 tcontext=u:object_r:functionfs:s0 tclass=file Change-Id: Iee8b522e48b4d677fd12f7c83dbc7ffbc9543ad2
dbd.te
ile.te
enfs_contexts
|
3f3d6ffb7ee98116404e4a85ad027a98b70c2331 |
15-Apr-2014 |
Nick Kralevich <nnk@google.com> |
Allow system_server pstore access. pstore contains /sys/fs/pstore/console-ramoops, which is the replacement for /proc/last_kmsg. Both files are read by system_server on startup. Allow access. Addresses the following denials: <12>[ 53.836838] type=1400 audit(949060020.909:19): avc: denied { search } for pid=1233 comm="Thread-119" name="/" dev="pstore" ino=10296 scontext=u:r:system_server:s0 tcontext=u:object_r:pstorefs:s0 tclass=dir <12>[ 53.856546] type=1400 audit(949060020.909:20): avc: denied { getattr } for pid=1233 comm="Thread-119" path="/sys/fs/pstore/console-ramoops" dev="pstore" ino=10297 scontext=u:r:system_server:s0 tcontext=u:object_r:pstorefs:s0 tclass=file <12>[ 53.878425] type=1400 audit(949060020.909:21): avc: denied { read } for pid=1233 comm="Thread-119" name="console-ramoops" dev="pstore" ino=10297 scontext=u:r:system_server:s0 tcontext=u:object_r:pstorefs:s0 tclass=file <12>[ 53.898476] type=1400 audit(949060020.909:22): avc: denied { open } for pid=1233 comm="Thread-119" path="/sys/fs/pstore/console-ramoops" dev="pstore" ino=10297 scontext=u:r:system_server:s0 tcontext=u:object_r:pstorefs:s0 tclass=file Change-Id: I7307da751961b242e68adb319da9c00192e77bbb
ystem_server.te
|
fbd4557a7cbe077ffb16a95fb431d7754c627626 |
15-Apr-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
d7567118e92c7482d6a70c33d78af4cee2ddaef1 |
14-Apr-2014 |
Paul Lawrence <paullawrence@google.com> |
Allow vold to access keymaster Bug: 9467042 Change-Id: Ice72e6c3047d1439e6fa6997b5f47f807f34b28d
old.te
|
9fb3f0b1886867c1ac115f0e2613726b6213c6fe |
14-Apr-2014 |
Nick Kralevich <nnk@google.com> |
am 1a88f7ac: am 53667e25: Merge "zygote: clean up unnecessary rules." * commit '1a88f7ac8cf695a206cd45330127ab709789353f': zygote: clean up unnecessary rules.
|
ff7ab836258540b972c0ac9f7c507651cf747057 |
14-Apr-2014 |
jaejyn.shin <jaejyn.shin@lge.com> |
am 0ad37ff2: am 318e0c9c: pstore file system labeling * commit '0ad37ff27284b3e8f2fee264d6a00d808f696092': pstore file system labeling
|
1a88f7ac8cf695a206cd45330127ab709789353f |
13-Apr-2014 |
Nick Kralevich <nnk@google.com> |
am 53667e25: Merge "zygote: clean up unnecessary rules." * commit '53667e259fb2b8e52ea3302dd072113ae0cb2427': zygote: clean up unnecessary rules.
|
0ad37ff27284b3e8f2fee264d6a00d808f696092 |
13-Apr-2014 |
jaejyn.shin <jaejyn.shin@lge.com> |
am 318e0c9c: pstore file system labeling * commit '318e0c9cef16d5588cbafcd87c6a348b1fc446cd': pstore file system labeling
|
53667e259fb2b8e52ea3302dd072113ae0cb2427 |
12-Apr-2014 |
Nick Kralevich <nnk@google.com> |
Merge "zygote: clean up unnecessary rules."
|
cf745a33da14568c59b456776b8994ab7b9e6816 |
10-Apr-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
318e0c9cef16d5588cbafcd87c6a348b1fc446cd |
10-Apr-2014 |
jaejyn.shin <jaejyn.shin@lge.com> |
pstore file system labeling pstore(persistent store) have been applied since kernel 3.5 We need to label the pstore-fs in order to use Android with kernel 3.5 or upper version. My kernel version is 3.10 and I got the below denial log when I ran the "df" command on the adb shell. type=1400 msg=audit(1388540540.220:18): avc: denied { getattr } for pid=7296 comm="df" name="/" dev="pstore" ino=7703 scontext=u:r:init:s0 tcontext=u:object_r:unlabeled:s0 tclass=filesystem And the below log is also shown during booting type=1400 msg=audit(1388539193.750:4): avc: denied { mount } for pid=2844 comm="mount" name="/" dev="pstore" ino=11393 scontext=u:r:init_shell:s0 tcontext=u:object_r:unlabeled:s0 tclass=filesystem Change-Id: Iaba543d44565c4f20a77a95b9573a628bbd3fd34
ile.te
enfs_contexts
|
d2049c420b2f8629d995ba5ce9446f9c6e779d61 |
09-Apr-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 683f78bd: am 19c50903: Define a type for /data/dalvik-cache/profiles. * commit '683f78bd6b64532239de94ab2590d06a5813af44': Define a type for /data/dalvik-cache/profiles.
|
683f78bd6b64532239de94ab2590d06a5813af44 |
09-Apr-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 19c50903: Define a type for /data/dalvik-cache/profiles. * commit '19c509034ee309c60c958637841c151d3c273421': Define a type for /data/dalvik-cache/profiles.
|
19c509034ee309c60c958637841c151d3c273421 |
09-Apr-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Define a type for /data/dalvik-cache/profiles. I9b8e59e3bd7df8a1bf60fa7ffd376a24ba0eb42f added a profiles subdirectory to /data/dalvik-cache with files that must be app-writable. As a result, we have denials such as: W/Profiler( 3328): type=1400 audit(0.0:199): avc: denied { write } for name="com.google.android.setupwizard" dev="mmcblk0p28" ino=106067 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:dalvikcache_data_file:s0 tclass=file W/Profiler( 3328): type=1300 audit(0.0:199): arch=40000028 syscall=322 per=800000 success=yes exit=33 a0=ffffff9c a1=b8362708 a2=20002 a3=0 items=1 ppid=194 auid=4294967295 uid=10019 gid=10019 euid=10019 suid=10019 fsuid=10019 egid=10019 sgid=10019 fsgid=10019 tty=(none) ses=4294967295 exe="/system/bin/app_process" subj=u:r:untrusted_app:s0 key=(null) W/auditd ( 286): type=1307 audit(0.0:199): cwd="/" W/auditd ( 286): type=1302 audit(0.0:199): item=0 name="/data/dalvik-cache/profiles/com.google.android.setupwizard" inode=106067 dev=b3:1c mode=0100664 ouid=1012 ogid=50019 rdev=00:00 obj=u:object_r:dalvikcache_data_file:s0 We do not want to allow untrusted app domains to write to the existing type on other /data/dalvik-cache files as that could be used for code injection into another app domain, the zygote or the system_server. So define a new type for this subdirectory. The restorecon_recursive /data in init.rc will fix the labeling on devices that already have a profiles directory created. For correct labeling on first creation, we also need a separate change to installd under the same change id. Bug: 13927667 Change-Id: I4857d031f9e7e60d48b8c72fcb22a81b3a2ebaaa Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
omain.te
ile.te
ile_contexts
nstalld.te
|
03362468ab44f0fbe06363ef3b19280e919e34e7 |
09-Apr-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
7df199f0f2ecb4d9dd231096b027370bc14fcbf6 |
09-Apr-2014 |
Nick Kralevich <nnk@google.com> |
am 52ab24ca: am 02f9e93a: Merge "Replace ctl_default_prop access with explicit service property keys." * commit '52ab24ca6bb8b14586dd855e48763f0ba0873807': Replace ctl_default_prop access with explicit service property keys.
|
61d78957cd245f3c5a5a9668fdd7cc547288bdc6 |
09-Apr-2014 |
Nick Kralevich <nnk@google.com> |
am 347aba3b: am 2b749272: Merge "Coalesce shared_app, media_app, release_app into untrusted_app." * commit '347aba3bb5a634edf82393d811f409560c758297': Coalesce shared_app, media_app, release_app into untrusted_app.
|
52ab24ca6bb8b14586dd855e48763f0ba0873807 |
09-Apr-2014 |
Nick Kralevich <nnk@google.com> |
am 02f9e93a: Merge "Replace ctl_default_prop access with explicit service property keys." * commit '02f9e93ace4cfda5ceeae254d6260d3733d5f7b5': Replace ctl_default_prop access with explicit service property keys.
|
347aba3bb5a634edf82393d811f409560c758297 |
09-Apr-2014 |
Nick Kralevich <nnk@google.com> |
am 2b749272: Merge "Coalesce shared_app, media_app, release_app into untrusted_app." * commit '2b749272fc96b2000182850288b4ff7471929069': Coalesce shared_app, media_app, release_app into untrusted_app.
|
02f9e93ace4cfda5ceeae254d6260d3733d5f7b5 |
09-Apr-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Replace ctl_default_prop access with explicit service property keys."
|
a268f48a1fb552fa967cda539ceb2a9cedcb0de9 |
09-Apr-2014 |
Nick Kralevich <nnk@google.com> |
zygote: clean up unnecessary rules. In 66f25cb1af951d2064467b3af9e68bd7bfe01484, auditallow entries were added for some old zygote rules. They've never been triggered, so they're not needed. Delete them. Change-Id: Idb544c71410e263714f29cdbec0424a46f32898f
ygote.te
|
2b749272fc96b2000182850288b4ff7471929069 |
09-Apr-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Coalesce shared_app, media_app, release_app into untrusted_app."
|
dd45c32d472d8b23b8d7761e6020bb1321693280 |
08-Apr-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
df67259f1dba9d696fe49c94c78ec58a131422af |
07-Apr-2014 |
Mark Salyzyn <salyzyn@google.com> |
am d5587e7d: am 6252b631: logd: auditd: add permissions to access /dev/kmsg * commit 'd5587e7d97aa67872c5aec5398e88a3189fb566f': logd: auditd: add permissions to access /dev/kmsg
|
d5587e7d97aa67872c5aec5398e88a3189fb566f |
07-Apr-2014 |
Mark Salyzyn <salyzyn@google.com> |
am 6252b631: logd: auditd: add permissions to access /dev/kmsg * commit '6252b631a78dd16168c8302c08659f939de9c65f': logd: auditd: add permissions to access /dev/kmsg
|
6252b631a78dd16168c8302c08659f939de9c65f |
07-Apr-2014 |
Mark Salyzyn <salyzyn@google.com> |
logd: auditd: add permissions to access /dev/kmsg Change-Id: I3c16a8e1104352d3d71cd3cd0298f4c31de56f5d
ogd.te
|
4a636ed19c66b9b505e8057554551cf4c44df5d1 |
05-Apr-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
0a6742c39ceda907d3087a76fb6ce08a23dfcc1b |
04-Apr-2014 |
Nick Kralevich <nnk@google.com> |
am b8ebf7c8: am 3ce12716: Merge "Treat seinfo=default name=<anything> as an error." * commit 'b8ebf7c8f66fc5e4e9a92c7a4c8982f451d6669b': Treat seinfo=default name=<anything> as an error.
|
b8ebf7c8f66fc5e4e9a92c7a4c8982f451d6669b |
04-Apr-2014 |
Nick Kralevich <nnk@google.com> |
am 3ce12716: Merge "Treat seinfo=default name=<anything> as an error." * commit '3ce127166d9467e643f8f04a15f36deeebe6db5f': Treat seinfo=default name=<anything> as an error.
|
3ce127166d9467e643f8f04a15f36deeebe6db5f |
04-Apr-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Treat seinfo=default name=<anything> as an error."
|
9ba844fea12a0b08770e870d63f3d3c375c7c9b5 |
04-Apr-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Coalesce shared_app, media_app, release_app into untrusted_app. This change folds the shared_app, media_app, and release_app domains into untrusted_app, reducing the set of app domains down to just distinct domains for the fixed UID apps (e.g. system_app, bluetooth, nfc, radio), a single domain for apps signed by the platform key (platform_app), and a single domain for all other apps (untrusted_app). Thus, SELinux only distinguishes when already distinguished by a predefined Android ID (AID) or by the platform certificate (which get the signature-only Android permissions and thus may require special OS-level accesses). It is still possible to introduce specific app domains for specific apps by adding signer and package stanzas to mac_permissions.xml, but this can be done on an as-needed basis for specialized apps that require particular OS-level permissions outside the usual set. As there is now only a single platform app domains, get rid of the platformappdomain attribute and platform_app_domain() macro. We used to add mlstrustedsubject to those domains but drop this since we are not using MLS in AOSP presently; we can revisit which domains need it if/when we use MLS. Since we are dropping the shared, media, and release seinfo entries from seapp_contexts, drop them from mac_permissions.xml as well. However, we leave the keys.conf entries in case someone wants to add a signer entry in the future for specific apps signed by those keys to mac_permissions.xml. Change-Id: I877192cca07360c4a3c0ef475f016cc273e1d968 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
ttributes
ac_permissions.xml
edia_app.te
latform_app.te
latformappdomain.te
elease_app.te
eapp_contexts
hared_app.te
e_macros
ntrusted_app.te
|
f4fa7567f4e3d010a3e96c22034bf19fa05d15a7 |
04-Apr-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Treat seinfo=default name=<anything> as an error. check_app already checks for usage of name= entries in seapp_contexts with no seinfo= specification to link it back to a signer in mac_permissions.xml. However, one can avoid this error by specifying a seinfo=default which merely matches the default stanza of mac_permissions.xml without actually ensuring that it is tied to a specific certificate. Catch that error case too. Change-Id: If33cf21501e8bfee44d31c92b6341dfa583552b2 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ools/check_seapp.c
|
ec31dc72fa0b62251162e817d92063f9dde9b28e |
04-Apr-2014 |
Nick Kralevich <nnk@google.com> |
am bcb73df1: am 3fa9b4dd: Merge "Allow reading of radio data files passed over binder." * commit 'bcb73df12424a0046309c103025aa810f859bee9': Allow reading of radio data files passed over binder.
|
bcb73df12424a0046309c103025aa810f859bee9 |
04-Apr-2014 |
Nick Kralevich <nnk@google.com> |
am 3fa9b4dd: Merge "Allow reading of radio data files passed over binder." * commit '3fa9b4ddcb4dcab0f133e05430400194c7556a3b': Allow reading of radio data files passed over binder.
|
3fa9b4ddcb4dcab0f133e05430400194c7556a3b |
04-Apr-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Allow reading of radio data files passed over binder."
|
adadc0ed30f04789b28d74174dda6ce1312ce144 |
04-Apr-2014 |
Nick Kralevich <nnk@google.com> |
am 2061b33e: am 6bf9bbc8: label app_process64 as zygote_exec * commit '2061b33eb42a04025f3ed0a2a2111dd802d92034': label app_process64 as zygote_exec
|
2061b33eb42a04025f3ed0a2a2111dd802d92034 |
04-Apr-2014 |
Nick Kralevich <nnk@google.com> |
am 6bf9bbc8: label app_process64 as zygote_exec * commit '6bf9bbc82951536645d2cc02de19d928b6be2889': label app_process64 as zygote_exec
|
6bf9bbc82951536645d2cc02de19d928b6be2889 |
04-Apr-2014 |
Nick Kralevich <nnk@google.com> |
label app_process64 as zygote_exec ... otherwise zygote 64 won't run in the correct SELinux domain. Bug: 13647418 Change-Id: Iada2bf26623784535b70647c472f69b735b8f4fc
ile_contexts
|
fd45c64cc45c664b682c356bd911c12b948637ee |
03-Apr-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 7d3a4ca0: am e8c9fdac: Exclude audit-related capabilities from unconfined domains. * commit '7d3a4ca0643da348337e154a875612591f587dc4': Exclude audit-related capabilities from unconfined domains.
|
7d3a4ca0643da348337e154a875612591f587dc4 |
03-Apr-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am e8c9fdac: Exclude audit-related capabilities from unconfined domains. * commit 'e8c9fdac46c2ae972fd9e0f97b442d59b349e718': Exclude audit-related capabilities from unconfined domains.
|
e8c9fdac46c2ae972fd9e0f97b442d59b349e718 |
03-Apr-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Exclude audit-related capabilities from unconfined domains. Require them to be explicitly granted by specific allow rules. audit_write is required to write an audit message from userspace. audit_control is required to configure the audit subsystem. Change-Id: I5aa4e3228f9b0bde3570689fe7a0d68e56861a17 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
nconfined.te
|
0fe09d1b1c07c93e3fc9d487ac64229e37ce97f2 |
03-Apr-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
40a9477723456bf0c617b2b8be25a3d7c996201f |
02-Apr-2014 |
Nick Kralevich <nnk@google.com> |
am ad4d8942: am 888d283c: Merge "Drop dontaudit sys_admin rule from rild." * commit 'ad4d89422328f184d56afcd6d541a1bd5746ca49': Drop dontaudit sys_admin rule from rild.
|
8a88714584823cea8c4eef8c73a992492d5b8ab0 |
02-Apr-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am a07e3590: am 016e6365: Drop dontaudit sys_admin rule from installd. * commit 'a07e35903b3980511082be4a2e877c38154ad1cb': Drop dontaudit sys_admin rule from installd.
|
ad4d89422328f184d56afcd6d541a1bd5746ca49 |
02-Apr-2014 |
Nick Kralevich <nnk@google.com> |
am 888d283c: Merge "Drop dontaudit sys_admin rule from rild." * commit '888d283c30784bb61d4bd10878c85634b31da1d3': Drop dontaudit sys_admin rule from rild.
|
a07e35903b3980511082be4a2e877c38154ad1cb |
02-Apr-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 016e6365: Drop dontaudit sys_admin rule from installd. * commit '016e636539093b00787183cbf56b684b91f94220': Drop dontaudit sys_admin rule from installd.
|
888d283c30784bb61d4bd10878c85634b31da1d3 |
02-Apr-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Drop dontaudit sys_admin rule from rild."
|
997d4a189f6aed9c8817bb42e791be6002813141 |
02-Apr-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Drop dontaudit sys_admin rule from rild. Old Android kernels (e.g. kernel/goldfish android-2.6.29 commit 2bda29) fell back to a CAP_SYS_ADMIN check even before checking uids if the cgroup subsystem did not define its own can_attach handler. This doesn't appear to have ever been the case of mainline, and is not true of the 3.4 Android kernels. So we no longer need to dontaudit sys_admin to avoid log noise. Change-Id: I2faade6665a4adad91472c95f94bd922a449b240 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ild.te
|
016e636539093b00787183cbf56b684b91f94220 |
02-Apr-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Drop dontaudit sys_admin rule from installd. Old Android kernels (e.g. kernel/goldfish android-2.6.29 commit 2bda29) fell back to a CAP_SYS_ADMIN check even before checking uids if the cgroup subsystem did not define its own can_attach handler. This doesn't appear to have ever been the case of mainline, and is not true of the 3.4 Android kernels. So we no longer need to dontaudit sys_admin to avoid log noise. Change-Id: I3822600a06c242764a94f9b67d9fcd6f599d3453 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
nstalld.te
|
d5faa6840b882452a904d69c20b4cdb2c09d9b1c |
02-Apr-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
1d1e04cb5a9f08d2137f32dec6b6b94f01a66e77 |
01-Apr-2014 |
Nick Kralevich <nnk@google.com> |
am 64cdd184: am 1cb990de: Merge "Remove errant newline from generated policy file." * commit '64cdd184b62698523092293fe6b82553708e336f': Remove errant newline from generated policy file.
|
64cdd184b62698523092293fe6b82553708e336f |
01-Apr-2014 |
Nick Kralevich <nnk@google.com> |
am 1cb990de: Merge "Remove errant newline from generated policy file." * commit '1cb990de6d90928f167779ca6ad7cb42d4022a11': Remove errant newline from generated policy file.
|
1cb990de6d90928f167779ca6ad7cb42d4022a11 |
01-Apr-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Remove errant newline from generated policy file."
|
67b923f6f84aa2b7e9bfb8f2a298eef8035e350f |
01-Apr-2014 |
Mark Salyzyn <salyzyn@google.com> |
am 1f4b4669: am 238a654f: logd: add auditd * commit '1f4b4669dac84e4d48ccafac26a93289eb36f3fc': logd: add auditd
|
1f4b4669dac84e4d48ccafac26a93289eb36f3fc |
01-Apr-2014 |
Mark Salyzyn <salyzyn@google.com> |
am 238a654f: logd: add auditd * commit '238a654f4ac0ce69a8e88d96adb55667c274d91c': logd: add auditd
|
238a654f4ac0ce69a8e88d96adb55667c274d91c |
01-Apr-2014 |
Mark Salyzyn <salyzyn@google.com> |
logd: add auditd Change-Id: Iec4bfc08ced20c0d4c74e07baca6cff812c9ba00
ogd.te
|
3ea628fccc5c6276264c221adbfe057cf5df9b87 |
01-Apr-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
Remove errant newline from generated policy file. When running the post_process_mac_perms script an unneeded newline is appended to modified mac_permissions.xml file. Use sys.stdout.write instead which avoids any formatting when printing. Change-Id: Ib662dab1566299467371389dc236619aec40f5ac Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
ools/post_process_mac_perms
|
ee42481acc460e905a5da84dae0a4a535ecebe92 |
01-Apr-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
29850023ab447e9ac5223730c45bce384284fd41 |
31-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 9d6ce458: am 6d8fa695: Move shell entry up with other platform UID entries. * commit '9d6ce45872fc65aa8ee7f50d1778f27ab990dcb5': Move shell entry up with other platform UID entries.
|
9d6ce45872fc65aa8ee7f50d1778f27ab990dcb5 |
31-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 6d8fa695: Move shell entry up with other platform UID entries. * commit '6d8fa69548af532b7d73a21e2d4678f2413c359d': Move shell entry up with other platform UID entries.
|
6d8fa69548af532b7d73a21e2d4678f2413c359d |
27-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Move shell entry up with other platform UID entries. This is a trivial change to seapp_contexts to force a relabel of /data/data directories by PMS/installd by yielding a different hash value for comparison against /data/system/seapp_hash. This change does not alter any actual app process or data directory labeling decisions. The seapp_contexts entries are sorted upon loading by libselinux to match the precedence rules described in the comment header, so ordering in this file should not matter. This should not be merged before the code changes with the same Change-Id. Change-Id: Ie440cba2c96f0907458086348197e1506d31c1b6 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
eapp_contexts
|
3fbc536dfd5afbce5ef45f18d0afb3516089ed88 |
27-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow reading of radio data files passed over binder. Addresses denials such as: avc: denied { read } for pid=5114 comm="le.android.talk" path="/data/data/com.android.providers.telephony/app_parts/PART_1394223232515_recording88476874.amr" dev="mmcblk0p23" ino=64522 scontext=u:r:mediaserver:s0 tcontext=u:object_r:radio_data_file:s0 tclass=file avc: denied { getattr } for pid=29199 comm="Binder_4" path="/data/data/com.android.providers.telephony/app_parts/PART_1394223232515_recording88476874.amr" dev="mmcblk0p23" ino=64522 scontext=u:r:mediaserver:s0 tcontext=u:object_r:radio_data_file:s0 tclass=file avc: denied { read } for pid=29199 comm="Binder_4" path="/data/data/com.android.providers.telephony/app_parts/PART_1394223232515_recording88476874.amr" dev="mmcblk0p23" ino=64522 scontext=u:r:drmserver:s0 tcontext=u:object_r:radio_data_file:s0 tclass=file avc: denied { getattr } for pid=9338 comm="MediaLoader" path="/data/data/com.android.providers.telephony/app_parts/PART_1394848620510_image.jpg" dev="mmcblk0p28" ino=287374 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:radio_data_file:s0 tclass=file avc: denied { read } for pid=9896 comm="Binder_7" path="/data/data/com.android.providers.telephony/app_parts/PART_1394594346187_image.jpg" dev="mmcblk0p28" ino=287522 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:radio_data_file:s0 tclass=file This does not allow write denials such as: avc: denied { write } for pid=1728 comm="Binder_4" path="/data/data/com.android.providers.telephony/app_parts/PART_1394818738798_image.jpg" dev="mmcblk0p28" ino=82279 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:radio_data_file:s0 tclass=file Need to understand whether write access is in fact required. Change-Id: I7693d16cb4f9855909d790d3f16f8bf281764468 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
rmserver.te
ediaserver.te
|
24074d66ae221475cb719b3bdd6c4141909daf22 |
27-Mar-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
bfa4610c7d806415fc5c68869894571580c993ab |
26-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 103b4097: am 9fc0d40e: Label /dev/uio[0-9]* with its own type. * commit '103b40977ee44158949113c50f037f5d1031203e': Label /dev/uio[0-9]* with its own type.
|
103b40977ee44158949113c50f037f5d1031203e |
26-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 9fc0d40e: Label /dev/uio[0-9]* with its own type. * commit '9fc0d40eff46d1319f282df68376c335c3115c36': Label /dev/uio[0-9]* with its own type.
|
9fc0d40eff46d1319f282df68376c335c3115c36 |
26-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Label /dev/uio[0-9]* with its own type. Change-Id: Ibeeec6637022ee8bc9868e102b3d55e3b0d4762c Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
evice.te
ile_contexts
|
c987357c6094f1afcaa8efe73943135f0a469b0d |
26-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 3e010290: am ca11a1ed: Merge "Update README concerning post_process_mac_perms script." * commit '3e0102903c59185d0e9e1d4af759c51068ee3cbb': Update README concerning post_process_mac_perms script.
|
8ebab256ff4bf706fd31c051737571dc2b243bf9 |
26-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 6b2c3a9b: am ea219e37: Allow domains to stat and open their entrypoint executables. * commit '6b2c3a9b452720304214076c4d001d93fd2228ad': Allow domains to stat and open their entrypoint executables.
|
3e0102903c59185d0e9e1d4af759c51068ee3cbb |
26-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am ca11a1ed: Merge "Update README concerning post_process_mac_perms script." * commit 'ca11a1edf7ec4a6caa4ca3468239fb1294a218e6': Update README concerning post_process_mac_perms script.
|
6b2c3a9b452720304214076c4d001d93fd2228ad |
26-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am ea219e37: Allow domains to stat and open their entrypoint executables. * commit 'ea219e37f66cbd166dba2bbeaadfb87864e26a6c': Allow domains to stat and open their entrypoint executables.
|
ca11a1edf7ec4a6caa4ca3468239fb1294a218e6 |
26-Mar-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Update README concerning post_process_mac_perms script."
|
ea219e37f66cbd166dba2bbeaadfb87864e26a6c |
26-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow domains to stat and open their entrypoint executables. Resolves denials such as: avc: denied { open } for pid=2758 comm="mediaserver" name="mediaserver" dev="mmcblk0p22" ino=169 scontext=u:r:mediaserver:s0 tcontext=u:object_r:mediaserver_exec:s0 tclass=file avc: denied { getattr } for pid=2758 comm="mediaserver" path="/system/bin/mediaserver" dev="mmcblk0p22" ino=169 scontext=u:r:mediaserver:s0 tcontext=u:object_r:mediaserver_exec:s0 tclass=file Change-Id: Ifee9e6fa87ae933639ce0b1d69a2feee460cf31f Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
e_macros
|
4caa6d4b89ddb2d21f9ac31242ba15c8771b51d1 |
25-Mar-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
Update README concerning post_process_mac_perms script. Change-Id: Iabda448d252d3b1ce19809c7f5de0dca3942f60c Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
ools/README
|
4b3893f90bf6bc67de232ddc44123974d36770ef |
18-Feb-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
Replace ctl_default_prop access with explicit service property keys. The ctl_default_prop label is a bit too generic for some of the priveleged domains when describing access rights. Instead, be explicit about which services are being started and stopped by introducing new ctl property keys. Change-Id: I1d0c6f6b3e8bd63da30bd6c7b084da44f063246a Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
etd.te
roperty.te
roperty_contexts
urfaceflinger.te
old.te
|
422630294f46bd03c215cc49a2be89ead0907c45 |
25-Mar-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
711af4a2d6fc10ad0b75f18d2c9b2bdc2c003d21 |
25-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 9e400937: am 9179d4e1: am 18f2b80e: Merge "Allow surfaceflinger to read /proc/pid/cmdline of dumpstate." * commit '9e4009376641209549bdd342e13afcb8515f9ea1': Allow surfaceflinger to read /proc/pid/cmdline of dumpstate.
|
1b2f383a44e8ad50d0a1eaaa2dfc5476d03f8871 |
25-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 70cb1733: am 8744e398: am 3f869f0c: Merge "Allow binder services to use pipes passed over binder." * commit '70cb1733a9a569da3449f80625c2ad9e6c3cbb12': Allow binder services to use pipes passed over binder.
|
9e4009376641209549bdd342e13afcb8515f9ea1 |
24-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 9179d4e1: am 18f2b80e: Merge "Allow surfaceflinger to read /proc/pid/cmdline of dumpstate." * commit '9179d4e1c942eebdec099a423c2e768561be1933': Allow surfaceflinger to read /proc/pid/cmdline of dumpstate.
|
70cb1733a9a569da3449f80625c2ad9e6c3cbb12 |
24-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 8744e398: am 3f869f0c: Merge "Allow binder services to use pipes passed over binder." * commit '8744e398c0191cc802225264010a9b7fa11a7bf9': Allow binder services to use pipes passed over binder.
|
645a7c44d975e70583e21694a8506f8a42839882 |
24-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 18f2b80e: Merge "Allow surfaceflinger to read /proc/pid/cmdline of dumpstate." * commit '18f2b80e6279a7642ed307f613281411955f699a': Allow surfaceflinger to read /proc/pid/cmdline of dumpstate.
|
cc52a070d2087161ffba59fe7c7d09789ac60e70 |
24-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 3f869f0c: Merge "Allow binder services to use pipes passed over binder." * commit '3f869f0cbac92d4f83b414b43420302a8af8f6f5': Allow binder services to use pipes passed over binder.
|
9179d4e1c942eebdec099a423c2e768561be1933 |
24-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 18f2b80e: Merge "Allow surfaceflinger to read /proc/pid/cmdline of dumpstate." * commit '18f2b80e6279a7642ed307f613281411955f699a': Allow surfaceflinger to read /proc/pid/cmdline of dumpstate.
|
8744e398c0191cc802225264010a9b7fa11a7bf9 |
24-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 3f869f0c: Merge "Allow binder services to use pipes passed over binder." * commit '3f869f0cbac92d4f83b414b43420302a8af8f6f5': Allow binder services to use pipes passed over binder.
|
18f2b80e6279a7642ed307f613281411955f699a |
24-Mar-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Allow surfaceflinger to read /proc/pid/cmdline of dumpstate."
|
3f869f0cbac92d4f83b414b43420302a8af8f6f5 |
24-Mar-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Allow binder services to use pipes passed over binder."
|
a81f132cc21e847f5c0e973335103120ef741359 |
24-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 80369e07: am 3cdf4445: am e06e5363: Allow inputflinger to call system_server. * commit '80369e07472c018c327a08d03a0777fe2236d663': Allow inputflinger to call system_server.
|
7ffe9f1b0ebedb56df317b2672e97d8875b98787 |
22-Mar-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
80369e07472c018c327a08d03a0777fe2236d663 |
21-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 3cdf4445: am e06e5363: Allow inputflinger to call system_server. * commit '3cdf44458ed6865ef128b23465a854928439bfe7': Allow inputflinger to call system_server.
|
8dc370084495e0afff4222c33718a7a9130e0453 |
21-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am e06e5363: Allow inputflinger to call system_server. * commit 'e06e53638808ec0d14aaee701590fdc93cfd3150': Allow inputflinger to call system_server.
|
3cdf44458ed6865ef128b23465a854928439bfe7 |
21-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am e06e5363: Allow inputflinger to call system_server. * commit 'e06e53638808ec0d14aaee701590fdc93cfd3150': Allow inputflinger to call system_server.
|
e06e53638808ec0d14aaee701590fdc93cfd3150 |
21-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow inputflinger to call system_server. Resolves denials such as: avc: denied { read } for pid=752 comm="ActivityManager" name="stat" dev="proc" ino=1878 scontext=u:r:system_server:s0 tcontext=u:r:inputflinger:s0 tclass=file avc: denied { open } for pid=752 comm="ActivityManager" name="stat" dev="proc" ino=1878 scontext=u:r:system_server:s0 tcontext=u:r:inputflinger:s0 tclass=file avc: denied { search } for pid=752 comm="ActivityManager" name="214" dev="proc" ino=1568 scontext=u:r:system_server:s0 tcontext=u:r:inputflinger:s0 tclass=dir avc: denied { read } for pid=752 comm="ActivityManager" name="stat" dev="proc" ino=1878 scontext=u:r:system_server:s0 tcontext=u:r:inputflinger:s0 tclass=file avc: denied { call } for pid=187 comm="Binder_2" scontext=u:r:inputflinger:s0 tcontext=u:r:system_server:s0 tclass=binder Change-Id: I099d7dacf7116efa73163245597c3de629d358c1 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
nputflinger.te
ystem_server.te
|
57955712d08a60c17458ec34f584d37a7be9eaf0 |
21-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow surfaceflinger to read /proc/pid/cmdline of dumpstate. Resolves denials such as: avc: denied { open } for pid=3772 comm="Binder_4" name="cmdline" dev="proc" ino=26103 scontext=u:r:surfaceflinger:s0 tcontext=u:r:dumpstate:s0 tclass=file This seems harmless, although I am unclear as to why/where it occurs. Likely just for logging/debugging. Change-Id: I7be38deabb117668b069ebdf086a9ace88dd8dd1 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
urfaceflinger.te
|
644279ba06629627b7cac3cd6d694f2dd25b6748 |
21-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow binder services to use pipes passed over binder. Resolves denials such as: avc: denied { write } for pid=18959 comm="dumpsys" path="pipe:[42013]" dev="pipefs" ino=42013 scontext=u:r:surfaceflinger:s0 tcontext=u:r:untrusted_app:s0 tclass=fifo_file avc: denied { use } for pid=18959 comm="dumpsys" path="pipe:[42013]" dev="pipefs" ino=42013 scontext=u:r:keystore:s0 tcontext=u:r:untrusted_app:s0 tclass=fd avc: denied { use } for pid=18959 comm="dumpsys" path="pipe:[42013]" dev="pipefs" ino=42013 scontext=u:r:healthd:s0 tcontext=u:r:untrusted_app:s0 tclass=fd avc: denied { write } for pid=18959 comm="dumpsys" path="pipe:[42013]" dev="pipefs" ino=42013 scontext=u:r:drmserver:s0 tcontext=u:r:untrusted_app:s0 tclass=fifo_file avc: denied { use } for pid=18959 comm="dumpsys" path="pipe:[42013]" dev="pipefs" ino=42013 scontext=u:r:inputflinger:s0 tcontext=u:r:untrusted_app:s0 tclass=fd avc: denied { write } for pid=18959 comm="dumpsys" path="pipe:[42013]" dev="pipefs" ino=42013 scontext=u:r:inputflinger:s0 tcontext=u:r:untrusted_app:s0 tclass=fifo_file avc: denied { write } for pid=18959 comm="dumpsys" path="pipe:[42013]" dev="pipefs" ino=42013 scontext=u:r:mediaserver:s0 tcontext=u:r:untrusted_app:s0 tclass=fifo_file Change-Id: I289dcf4b2c5897b7a10e41e5dd8d56ef4b9a4a08 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
inderservicedomain.te
|
f9e7986da7abe86a307608f34c0ad98113c7b5bd |
20-Mar-2014 |
Paul Lawrence <paullawrence@google.com> |
am def025a4: am 7c2d5a3a: am 01ba6834: Allow vold to call to healthd * commit 'def025a4a0b7144770179b96876957a21b80391f': Allow vold to call to healthd
|
def025a4a0b7144770179b96876957a21b80391f |
20-Mar-2014 |
Paul Lawrence <paullawrence@google.com> |
am 7c2d5a3a: am 01ba6834: Allow vold to call to healthd * commit '7c2d5a3a17847a22b0844386f543074b671b6a45': Allow vold to call to healthd
|
7c2d5a3a17847a22b0844386f543074b671b6a45 |
20-Mar-2014 |
Paul Lawrence <paullawrence@google.com> |
am 01ba6834: Allow vold to call to healthd * commit '01ba6834c10f5839371385b224a78c04e1351202': Allow vold to call to healthd
|
3afe263291181cea73673ac503a58b57c73ec21f |
20-Mar-2014 |
Paul Lawrence <paullawrence@google.com> |
am 01ba6834: Allow vold to call to healthd * commit '01ba6834c10f5839371385b224a78c04e1351202': Allow vold to call to healthd
|
01ba6834c10f5839371385b224a78c04e1351202 |
19-Mar-2014 |
Paul Lawrence <paullawrence@google.com> |
Allow vold to call to healthd vold needs to be able to check remaining battery to safely abort certain operations Bug: 11985952 Change-Id: I7dfe83f7d1029593882e0e5ad33f90fb29e5532b
old.te
|
4f42ac641cd378ebe7133eb27d89ce46cf1d4774 |
20-Mar-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
ca8904d27384963ba50770175c704d18d253abb6 |
19-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 355f3a09: am 74fe7b2b: am ee5ddb21: Allow installd to restorecon /data/data. * commit '355f3a09d627fcbbb0170ededc707ba72c591501': Allow installd to restorecon /data/data.
|
355f3a09d627fcbbb0170ededc707ba72c591501 |
19-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 74fe7b2b: am ee5ddb21: Allow installd to restorecon /data/data. * commit '74fe7b2b7bde987f4ef98f1b7a6ef6a8455972a9': Allow installd to restorecon /data/data.
|
bc587626a96352cee3ce517b9b75dcd3b8f2283e |
19-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am ee5ddb21: Allow installd to restorecon /data/data. * commit 'ee5ddb213ea5aabe1a67cefaf09263b5189bc7d1': Allow installd to restorecon /data/data.
|
74fe7b2b7bde987f4ef98f1b7a6ef6a8455972a9 |
19-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am ee5ddb21: Allow installd to restorecon /data/data. * commit 'ee5ddb213ea5aabe1a67cefaf09263b5189bc7d1': Allow installd to restorecon /data/data.
|
ee5ddb213ea5aabe1a67cefaf09263b5189bc7d1 |
19-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow installd to restorecon /data/data. Ability to relabel from/to any of the types that can be assigned to /data/data directories as per seapp_contexts type= assignments. Change-Id: I05e8b438950ddb908e46c9168ea6ee601e6d674f Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
nstalld.te
|
664f2511f6de683757ef81388115eefa02ab375e |
19-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 97107901: am eb4f673e: am c4344898: Merge "Remove write access to system_data_file from rild." * commit '971079019e2b129d2389dec087c4d69cf35880b0': Remove write access to system_data_file from rild.
|
971079019e2b129d2389dec087c4d69cf35880b0 |
19-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am eb4f673e: am c4344898: Merge "Remove write access to system_data_file from rild." * commit 'eb4f673e676a9dd0553cfb0dc06dbe6d83be090f': Remove write access to system_data_file from rild.
|
c3a2ca56e5fd90d2cbde6da3df5e90335d662d73 |
19-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am c4344898: Merge "Remove write access to system_data_file from rild." * commit 'c43448985c524b26f2f60304711764bd32438485': Remove write access to system_data_file from rild.
|
eb4f673e676a9dd0553cfb0dc06dbe6d83be090f |
19-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am c4344898: Merge "Remove write access to system_data_file from rild." * commit 'c43448985c524b26f2f60304711764bd32438485': Remove write access to system_data_file from rild.
|
c43448985c524b26f2f60304711764bd32438485 |
19-Mar-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Remove write access to system_data_file from rild."
|
01a13b70c2861cb7123eff79377063b923eac903 |
19-Mar-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
a546709f20bac30cdeb371519dea1808b46dae03 |
18-Mar-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
am 15cfea1a: am 6e77ba04: am a00fb29b: Label /data/misc/sms as a radio_data_file. * commit '15cfea1ad6a0ad3c6d77eb59adb9e94ab4cc1f77': Label /data/misc/sms as a radio_data_file.
|
15cfea1ad6a0ad3c6d77eb59adb9e94ab4cc1f77 |
18-Mar-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
am 6e77ba04: am a00fb29b: Label /data/misc/sms as a radio_data_file. * commit '6e77ba042a9fb8ffa71f4ad990cbce85ee76dad3': Label /data/misc/sms as a radio_data_file.
|
0ac875fd3a8ddcc0d0f9b2844ff1db87951975ac |
18-Mar-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
am a00fb29b: Label /data/misc/sms as a radio_data_file. * commit 'a00fb29b1982e21655ec4c084db0b8f37f23a33d': Label /data/misc/sms as a radio_data_file.
|
6e77ba042a9fb8ffa71f4ad990cbce85ee76dad3 |
18-Mar-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
am a00fb29b: Label /data/misc/sms as a radio_data_file. * commit 'a00fb29b1982e21655ec4c084db0b8f37f23a33d': Label /data/misc/sms as a radio_data_file.
|
df2fd242caa1695d58766dbdab1d7f3cae15183c |
18-Mar-2014 |
Daniel Cashman <dcashman@google.com> |
am 6f054401: am a28ddada: am 71b92339: Merge "Allow wpa to perform binder IPC to keystore." into klp-modular-dev * commit '6f054401b5fe23a09be44a05abefab29084cb0ad': Allow wpa to perform binder IPC to keystore.
|
465334a0e9a049f8966925046505cccaa285fd07 |
18-Mar-2014 |
dcashman <dcashman@google.com> |
am b0fcaac3: am 15b6520a: resolved conflicts for merge of 02c0dd1c to klp-modular-dev-plus-aosp * commit 'b0fcaac3f5caabb64d25e9b01d4eb953ebb7fa2d': debuggerd: Allow "debug.db.uid" usage
|
9e012cde7bbb6aa66e6e8f1254a43567a328205b |
18-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Remove write access to system_data_file from rild. Anything writable by rild should be in radio_data_file or efs_file. System data should be read-only. Change-Id: I442a253c22f567a147d0591d623e97a6ee8b76e3 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ild.te
|
a00fb29b1982e21655ec4c084db0b8f37f23a33d |
18-Mar-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
Label /data/misc/sms as a radio_data_file. This change helps with the following denials. avc: denied { write } for pid=14157 comm="Thread-88" name="premium_sms_policy.xml" dev="mmcblk0p28" ino=618998 scontext=u:r:radio:s0 tcontext=u:object_r:system_data_file:s0 tclass=file avc: denied { write } for pid=14293 comm="Thread-89" name="sms" dev="mmcblk0p28" ino=618952 scontext=u:r:radio:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir Prior to this patch the directory was labeled as system_data_file which is a bit too generic. This directory contains xml files with regexs which represent premium numbers that are used to warn the user before sending. Change-Id: I98288b25aa1546477e05eee9f7622324b013e695 Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
ile_contexts
|
6f054401b5fe23a09be44a05abefab29084cb0ad |
18-Mar-2014 |
Daniel Cashman <dcashman@google.com> |
am a28ddada: am 71b92339: Merge "Allow wpa to perform binder IPC to keystore." into klp-modular-dev * commit 'a28ddada1cbc696ad19e44701db5ac1d28a852f9': Allow wpa to perform binder IPC to keystore.
|
b0fcaac3f5caabb64d25e9b01d4eb953ebb7fa2d |
18-Mar-2014 |
dcashman <dcashman@google.com> |
am 15b6520a: resolved conflicts for merge of 02c0dd1c to klp-modular-dev-plus-aosp * commit '15b6520a1ef770281833938b7521c61cd8b81e1e': debuggerd: Allow "debug.db.uid" usage
|
a28ddada1cbc696ad19e44701db5ac1d28a852f9 |
18-Mar-2014 |
Daniel Cashman <dcashman@google.com> |
am 71b92339: Merge "Allow wpa to perform binder IPC to keystore." into klp-modular-dev * commit '71b923394cb2dde6c3b4138aec8487328944368a': Allow wpa to perform binder IPC to keystore.
|
59cdb51af1132f08519e729a59a1a82b924f7c0c |
18-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 5247c38b: am 848dad0f: am 2257ca7a: Merge "Allow netd-spawned domains to use inherited netd unix_dgram_socket." * commit '5247c38b1253e521aae3fceb8a10a05bf946a203': Allow netd-spawned domains to use inherited netd unix_dgram_socket.
|
14cfa8aefa23b5b1552edef0026808c50a6e3295 |
18-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 8924b8c1: am 712b4b59: am a478477c: Merge "Allow system_server to set ctl.bugreport property." * commit '8924b8c1c90db6d21fe9870a6ead07cd87cc4927': Allow system_server to set ctl.bugreport property.
|
15b6520a1ef770281833938b7521c61cd8b81e1e |
18-Mar-2014 |
dcashman <dcashman@google.com> |
resolved conflicts for merge of 02c0dd1c to klp-modular-dev-plus-aosp Conflicts: debuggerd.te Change-Id: I0d3f7900272ef67266f7a00b73d860ae3e8f664b
|
5247c38b1253e521aae3fceb8a10a05bf946a203 |
18-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 848dad0f: am 2257ca7a: Merge "Allow netd-spawned domains to use inherited netd unix_dgram_socket." * commit '848dad0ffb69f14fc66094056b28d59dec76037c': Allow netd-spawned domains to use inherited netd unix_dgram_socket.
|
8924b8c1c90db6d21fe9870a6ead07cd87cc4927 |
18-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 712b4b59: am a478477c: Merge "Allow system_server to set ctl.bugreport property." * commit '712b4b59cfb77719fdcf22dfed6e6f9ac6cb09ae': Allow system_server to set ctl.bugreport property.
|
bfc58fb6f7a412723b53e3d13b828b64723d229c |
18-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 2257ca7a: Merge "Allow netd-spawned domains to use inherited netd unix_dgram_socket." * commit '2257ca7a3ccc1898ac670c54f9cd4168e91d9fca': Allow netd-spawned domains to use inherited netd unix_dgram_socket.
|
8d13c9ffb4f3eee3162930d5b30fcaaa65a22c5d |
18-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am a478477c: Merge "Allow system_server to set ctl.bugreport property." * commit 'a478477c8d6ecf6f24f36eb18a493410420a34fc': Allow system_server to set ctl.bugreport property.
|
848dad0ffb69f14fc66094056b28d59dec76037c |
18-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 2257ca7a: Merge "Allow netd-spawned domains to use inherited netd unix_dgram_socket." * commit '2257ca7a3ccc1898ac670c54f9cd4168e91d9fca': Allow netd-spawned domains to use inherited netd unix_dgram_socket.
|
712b4b59cfb77719fdcf22dfed6e6f9ac6cb09ae |
18-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am a478477c: Merge "Allow system_server to set ctl.bugreport property." * commit 'a478477c8d6ecf6f24f36eb18a493410420a34fc': Allow system_server to set ctl.bugreport property.
|
71b923394cb2dde6c3b4138aec8487328944368a |
18-Mar-2014 |
Daniel Cashman <dcashman@google.com> |
Merge "Allow wpa to perform binder IPC to keystore." into klp-modular-dev
|
02c0dd1c2633241d680fac021a9db1c08a242a8e |
18-Mar-2014 |
Daniel Cashman <dcashman@google.com> |
Merge "debuggerd: Allow "debug.db.uid" usage" into klp-modular-dev
|
2257ca7a3ccc1898ac670c54f9cd4168e91d9fca |
18-Mar-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Allow netd-spawned domains to use inherited netd unix_dgram_socket."
|
a478477c8d6ecf6f24f36eb18a493410420a34fc |
18-Mar-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Allow system_server to set ctl.bugreport property."
|
971b5d7c9f6cd134cfa89ca211cbaabe1ac606a4 |
18-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow system_server to set ctl.bugreport property. Resolves denials such as: avc: denied { set } for property=ctl.bugreport scontext=u:r:system_server:s0 tcontext=u:object_r:ctl_bugreport_prop:s0 tclass=property_service Change-Id: I6c3085065157f418fc0cd4d01fa178eecfe334ad Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ystem_server.te
|
08461cb03948e911090a4ab32954ccac67d6409e |
18-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow netd-spawned domains to use inherited netd unix_dgram_socket. Resolves denials such as: avc: denied { read write } for pid=4346 comm="hostapd" path="socket:[7874]" dev="sockfs" ino=7874 scontext=u:r:hostapd:s0 tcontext=u:r:netd:s0 tclass=unix_dgram_socket avc: denied { read write } for pid=4348 comm="dnsmasq" path="socket:[7874]" dev="sockfs" ino=7874 scontext=u:r:dnsmasq:s0 tcontext=u:r:netd:s0 tclass=unix_dgram_socket Change-Id: Ie82f39c32c6e04bc9ef1369ca787cf80b3b4141c Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
nsmasq.te
ostapd.te
|
118524e13380e1ff4a315e42422ba3263db98a78 |
18-Mar-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
004ece4849d636ceedc004129402332b0e72f27f |
18-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 38d1ad5e: am ddbddb07: am 34e8465c: Merge "Allow drmserver and mediaserver to read apk files." * commit '38d1ad5efdb8f44868dfa95d0a17c4f6c41c46bd': Allow drmserver and mediaserver to read apk files.
|
38d1ad5efdb8f44868dfa95d0a17c4f6c41c46bd |
18-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am ddbddb07: am 34e8465c: Merge "Allow drmserver and mediaserver to read apk files." * commit 'ddbddb07c772f0092108f5befa62800c69347697': Allow drmserver and mediaserver to read apk files.
|
83e609faf5209c0f33df42d011a970726ebeef8f |
18-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 34e8465c: Merge "Allow drmserver and mediaserver to read apk files." * commit '34e8465ccb5888e9e74e8d3055d0f056164f2424': Allow drmserver and mediaserver to read apk files.
|
ddbddb07c772f0092108f5befa62800c69347697 |
18-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 34e8465c: Merge "Allow drmserver and mediaserver to read apk files." * commit '34e8465ccb5888e9e74e8d3055d0f056164f2424': Allow drmserver and mediaserver to read apk files.
|
34e8465ccb5888e9e74e8d3055d0f056164f2424 |
18-Mar-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Allow drmserver and mediaserver to read apk files."
|
4eb63113eefa59e1c550155d4127680c33a3028b |
12-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow wpa to perform binder IPC to keystore. Addresses denials such as: avc: denied { call } for pid=2275 comm="wpa_supplicant" scontext=u:r:wpa:s0 tcontext=u:r:servicemanager:s0 tclass=binder Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> (cherry picked from commit 867e398d54c290c3870bb9bca07676d57b99687d) Change-Id: Ie941b07e351bf89aa0afd5ee88cd01f6da5e6788
pa_supplicant.te
|
77aa370cb3723e75be625ae91c249bbbad327865 |
06-Feb-2014 |
Nick Kralevich <nnk@google.com> |
debuggerd: Allow "debug.db.uid" usage Allow the use of debug.db.uid on userdebug / eng builds. Setting this property allows debuggerd to suspend a process if it detects a crash. Make debug.db.uid only accessible to the su domain. This should not be used on a user build. Only support reading user input on userdebug / eng builds. Steps to reproduce with the "crasher" program: adb root adb shell setprop debug.db.uid 20000 mmm system/core/debuggerd adb sync adb shell crasher Addresses the following denials: <5>[ 580.637442] type=1400 audit(1392412124.612:149): avc: denied { read } for pid=182 comm="debuggerd" name="input" dev="tmpfs" ino=5665 scontext=u:r:debuggerd:s0 tcontext=u:object_r:input_device:s0 tclass=dir <5>[ 580.637589] type=1400 audit(1392412124.612:150): avc: denied { open } for pid=182 comm="debuggerd" name="input" dev="tmpfs" ino=5665 scontext=u:r:debuggerd:s0 tcontext=u:object_r:input_device:s0 tclass=dir <5>[ 580.637706] type=1400 audit(1392412124.612:151): avc: denied { read write } for pid=182 comm="debuggerd" name="event5" dev="tmpfs" ino=6723 scontext=u:r:debuggerd:s0 tcontext=u:object_r:input_device:s0 tclass=chr_file <5>[ 580.637823] type=1400 audit(1392412124.612:152): avc: denied { open } for pid=182 comm="debuggerd" name="event5" dev="tmpfs" ino=6723 scontext=u:r:debuggerd:s0 tcontext=u:object_r:input_device:s0 tclass=chr_file <5>[ 580.637958] type=1400 audit(1392412124.612:153): avc: denied { ioctl } for pid=182 comm="debuggerd" path="/dev/input/event5" dev="tmpfs" ino=6723 scontext=u:r:debuggerd:s0 tcontext=u:object_r:input_device:s0 tclass=chr_file Bug: 12532622 Change-Id: I63486edb73efb1ca12e9eb1994ac9e389251a3f1 Conflicts: debuggerd.te
ebuggerd.te
roperty.te
roperty_contexts
u.te
|
5a28cbdadd90f86054998a3f49c6a83c9fabace7 |
18-Mar-2014 |
dcashman <dcashman@google.com> |
am 2eae08e9: am e078fc35: resolved conflicts for merge of 648c0d34 to klp-modular-dev-plus-aosp * commit '2eae08e9698270b776cd43cac424d88db51b7217': Remove MAC capabilities from unconfined domains.
|
2eae08e9698270b776cd43cac424d88db51b7217 |
18-Mar-2014 |
dcashman <dcashman@google.com> |
am e078fc35: resolved conflicts for merge of 648c0d34 to klp-modular-dev-plus-aosp * commit 'e078fc35f887e00ac9fda40dc3c4ffd00558bf6e': Remove MAC capabilities from unconfined domains.
|
e078fc35f887e00ac9fda40dc3c4ffd00558bf6e |
18-Mar-2014 |
dcashman <dcashman@google.com> |
resolved conflicts for merge of 648c0d34 to klp-modular-dev-plus-aosp Conflicts: domain.te unconfined.te Change-Id: Iba40e5cef05cd47ca590343d9a038271b7f010ef
|
c954118075fc2687d86b484833f1eed31b87f5d5 |
18-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 925bc179: am 7ecf09ae: am b97ed1ad: Merge "Fix broken halt while in healthd charger mode" * commit '925bc179ce0d5c80488ee2b39b5eaaef2935f43d': Fix broken halt while in healthd charger mode
|
e4bc9d8b647983ef7c6a4cc610f05a3910771a38 |
18-Mar-2014 |
Mark Salyzyn <salyzyn@google.com> |
am 5e8dffc0: am 2e4e32f9: am ad5315d4: shell: access to clear logs * commit '5e8dffc0c896b26fed616b3f8ad5d6c2b2eb2290': shell: access to clear logs
|
925bc179ce0d5c80488ee2b39b5eaaef2935f43d |
17-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 7ecf09ae: am b97ed1ad: Merge "Fix broken halt while in healthd charger mode" * commit '7ecf09ae2dc398e2c1b3e4623ef7b777aba0d58c': Fix broken halt while in healthd charger mode
|
7ecf09ae2dc398e2c1b3e4623ef7b777aba0d58c |
17-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am b97ed1ad: Merge "Fix broken halt while in healthd charger mode" * commit 'b97ed1ad047534c60e1d945bd8f6561d0a7d11cc': Fix broken halt while in healthd charger mode
|
3a3501a322921c9535368237ba4b6b11503fa141 |
17-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am b97ed1ad: Merge "Fix broken halt while in healthd charger mode" * commit 'b97ed1ad047534c60e1d945bd8f6561d0a7d11cc': Fix broken halt while in healthd charger mode
|
b97ed1ad047534c60e1d945bd8f6561d0a7d11cc |
17-Mar-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Fix broken halt while in healthd charger mode"
|
648c0d343c5b1b90e2dec5019a754b36e7791c3f |
30-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Remove MAC capabilities from unconfined domains. Linux defines two capabilities for Mandatory Access Control (MAC) security modules, CAP_MAC_OVERRIDE (override MAC access restrictions) and CAP_MAC_ADMIN (allow MAC configuration or state changes). SELinux predates these capabilities and did not originally use them, but later made use of CAP_MAC_ADMIN as a way to control the ability to set security context values unknown to the currently loaded SELinux policy on files. That facility is used in Linux for e.g. livecd creation where a file security context that is being set on a generated filesystem is not known to the build host policy. Internally, files with such labels are treated as having the unlabeled security context for permission checking purposes until/unless the context is later defined through a policy reload. CAP_MAC_OVERRIDE is never checked by SELinux, so it never needs to be allowed. CAP_MAC_ADMIN is only checked if setting an unknown security context value; the only legitimate use I can see in Android is the recovery console, where a context may need to be set on /system that is not defined in the recovery policy. Remove these capabilities from unconfined domains, allow mac_admin for the recovery domain, and add neverallow rules. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> (cherry picked from commit 04ee5dfb80491f8493fedcd099bd4551c9503c83) Change-Id: I353fbe5da80f194cf1fd35053f91499ad0336692
omain.te
ecovery.te
nconfined.te
|
5e8dffc0c896b26fed616b3f8ad5d6c2b2eb2290 |
17-Mar-2014 |
Mark Salyzyn <salyzyn@google.com> |
am 2e4e32f9: am ad5315d4: shell: access to clear logs * commit '2e4e32f9cf22135177b0730636bf388a67e32a7d': shell: access to clear logs
|
2e4e32f9cf22135177b0730636bf388a67e32a7d |
17-Mar-2014 |
Mark Salyzyn <salyzyn@google.com> |
am ad5315d4: shell: access to clear logs * commit 'ad5315d44227bfb1c526ca0f02a0a52f18c0b79e': shell: access to clear logs
|
ed57f85ec4ef3bfe026c2cfabbf4cbfd9809108c |
17-Mar-2014 |
Mark Salyzyn <salyzyn@google.com> |
am ad5315d4: shell: access to clear logs * commit 'ad5315d44227bfb1c526ca0f02a0a52f18c0b79e': shell: access to clear logs
|
ad5315d44227bfb1c526ca0f02a0a52f18c0b79e |
17-Mar-2014 |
Mark Salyzyn <salyzyn@google.com> |
shell: access to clear logs Bug: 13464830 Change-Id: Ib0a627e6d5c0114d269bb3bf8dc29a945768081d
hell.te
|
949b3467c983ff322f100ac957182a3879e9103b |
17-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am f3a9f779: am 940c53d8: am 6ae2d6e2: Allow healthd sys_tty_config * commit 'f3a9f7792a6fd0318016ddea224a93b304358162': Allow healthd sys_tty_config
|
d11b2bd4f2e4ef095a65c2623416bf89a1fb3b1b |
17-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 430c9d64: am f710264d: am 74ac8c33: Address healthd denials. * commit '430c9d64867f1585bf6fdb016d9a35b498f2bcbc': Address healthd denials.
|
f3a9f7792a6fd0318016ddea224a93b304358162 |
17-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 940c53d8: am 6ae2d6e2: Allow healthd sys_tty_config * commit '940c53d86ff6254d757759f4b31558e04024e158': Allow healthd sys_tty_config
|
430c9d64867f1585bf6fdb016d9a35b498f2bcbc |
17-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am f710264d: am 74ac8c33: Address healthd denials. * commit 'f710264d7a11d04609f8fe45adf47829fd0e834c': Address healthd denials.
|
940c53d86ff6254d757759f4b31558e04024e158 |
17-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 6ae2d6e2: Allow healthd sys_tty_config * commit '6ae2d6e2aed6ca719e4a51977714d492f21ce1e0': Allow healthd sys_tty_config
|
f710264d7a11d04609f8fe45adf47829fd0e834c |
17-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 74ac8c33: Address healthd denials. * commit '74ac8c3352028369b51d70f138b9ae47997d57e5': Address healthd denials.
|
6ae2d6e2aed6ca719e4a51977714d492f21ce1e0 |
14-Mar-2014 |
Nick Kralevich <nnk@google.com> |
Allow healthd sys_tty_config healthd performs privileged ioctls on the tty device when in charger mode. Allow it. This fixes a bug where off charging mode is forcing the device to reboot into recovery. Addresses the following denial: type=1400 audit(15080631.900:4): avc: denied { sys_tty_config } for pid=130 comm="healthd" capability=26 scontext=u:r:healthd:s0 tcontext=u:r:healthd:s0 tclass=capability Bug: 13472365 (cherry picked from commit c8012152e444d30a19dc0b744aca30254b1188d9) Change-Id: I701ad577c6814b0dafaef1367d0445b47a104f3c
ealthd.te
|
74ac8c3352028369b51d70f138b9ae47997d57e5 |
11-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Address healthd denials. Resolve denials such as: avc: denied { write } for pid=130 comm="healthd" name="state" dev="sysfs" ino=57 scontext=u:r:healthd:s0 tcontext=u:object_r:sysfs:s0 tclass=file avc: denied { read write } for pid=130 comm="healthd" name="tty0" dev="tmpfs" ino=5677 scontext=u:r:healthd:s0 tcontext=u:object_r:tty_device:s0 tclass=chr_file Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> (cherry picked from commit ebc08e82a56e9a8ed51f9bf04c4106f66c3ef917) Change-Id: Ib72388cc2d192fe78397e3a2a401db08b5b6c267
ealthd.te
|
9ada894a43b0542658b5bf68a7d9b41d05ee0974 |
17-Mar-2014 |
Nick Kralevich <nnk@google.com> |
Fix broken halt while in healthd charger mode Reboots/halts aren't working in healthd charger mode. This is causing high power draw in an unplugged, powered off state. Steps to reproduce (on Nexus 5): Unplug device from USB charger/computer Turn device off Wait for device to turn off Plug in USB cable/charger Wait for charge animation (wait for animation, not just lightning bolt, may have to press power button briefly to get animation going) Wait for panel to turn off Unplug USB cable/charger Press power button again, notice screen turns on at some frame in the animation. (not important) Each press of the power button advances the animation Power on. Examine denials from /proc/last_kmsg Addresses the following denials: [ 24.934809] type=1400 audit(12534308.640:8): avc: denied { write } for pid=130 comm="healthd" name="sysrq-trigger" dev="proc" ino=4026533682 scontext=u:r:healthd:s0 tcontext=u:object_r:proc_sysrq:s0 tclass=file [ 24.935395] type=1400 audit(12534308.640:9): avc: denied { sys_boot } for pid=130 comm="healthd" capability=22 scontext=u:r:healthd:s0 tcontext=u:r:healthd:s0 tclass=capability Bug: 13229119 Change-Id: If14a9c373bbf156380a34fbd9aca6201997d5553
ealthd.te
|
8f28f19c7add827bde410d7051c924e5726b7a1a |
15-Mar-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
721f1adf53be30eda7668d09ba271cc21aeb4fa1 |
13-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow drmserver and mediaserver to read apk files. Required to support passing resources via open apk files over Binder. Resolves denials such as: avc: denied { read } for pid=31457 comm="SoundPoolThread" path="/mnt/asec/au.com.shiftyjelly.pocketcasts-1/pkg.apk" dev="dm-10" ino=12 scontext=u:r:mediaserver:s0 tcontext=u:object_r:asec_apk_file:s0 tclass=file avc: denied { read } for pid=31439 comm="Binder_2" path="/mnt/asec/au.com.shiftyjelly.pocketcasts-1/pkg.apk" dev="dm-10" ino=12 scontext=u:r:drmserver:s0 tcontext=u:object_r:asec_apk_file:s0 tclass=file We do not allow open as it is not required (i.e. the files are passed as open files over Binder or local socket and opened by the client). Change-Id: Ib0941df1e9aac8d20621a356d2d212b98471abbc Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
rmserver.te
ediaserver.te
|
677d84e925387d1c26a229be1f4fe37e2b174b55 |
15-Mar-2014 |
Nick Kralevich <nnk@google.com> |
resolved conflicts for merge of b0d47c89 to master Change-Id: Ie184625ec4b1c7b356c9edc024aff96e6d269876
|
b0d47c895f2ba6f40b7211e604ec0ced833eb026 |
15-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 25af6c34: am d70e6f32: Merge "Get rid of separate download_file type." * commit '25af6c344e5ec2a57cc6b9a06f274a3daf3af73f': Get rid of separate download_file type.
|
3a8d633e0f465278647f7055b747c1c84f5a5cb9 |
15-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am d70e6f32: Merge "Get rid of separate download_file type." * commit 'd70e6f325cfb19cb7eff736de2ebcc7627ba49d9': Get rid of separate download_file type.
|
25af6c344e5ec2a57cc6b9a06f274a3daf3af73f |
15-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am d70e6f32: Merge "Get rid of separate download_file type." * commit 'd70e6f325cfb19cb7eff736de2ebcc7627ba49d9': Get rid of separate download_file type.
|
d70e6f325cfb19cb7eff736de2ebcc7627ba49d9 |
15-Mar-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Get rid of separate download_file type."
|
774694ddc4208270863d4ddb7da8d4c6d2922680 |
15-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 43bdc087: am 2eee30db: am b699dfd4: Merge "Get rid of separate platform_app_data_file type." * commit '43bdc0874ca4d5e0425a7f34ec08e66b3d3df0d9': Get rid of separate platform_app_data_file type.
|
43bdc0874ca4d5e0425a7f34ec08e66b3d3df0d9 |
15-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 2eee30db: am b699dfd4: Merge "Get rid of separate platform_app_data_file type." * commit '2eee30db64883fafe5ef0e7f210babdbc1692602': Get rid of separate platform_app_data_file type.
|
2eee30db64883fafe5ef0e7f210babdbc1692602 |
15-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am b699dfd4: Merge "Get rid of separate platform_app_data_file type." * commit 'b699dfd4950d8967d36fb49bb3a0fec68c1ad146': Get rid of separate platform_app_data_file type.
|
3be0ab24bae335bb2241f63d11d940981c131643 |
15-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am b699dfd4: Merge "Get rid of separate platform_app_data_file type." * commit 'b699dfd4950d8967d36fb49bb3a0fec68c1ad146': Get rid of separate platform_app_data_file type.
|
b699dfd4950d8967d36fb49bb3a0fec68c1ad146 |
15-Mar-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Get rid of separate platform_app_data_file type."
|
1a565026591a4d9bdca050c0b92cad26b7ef77bf |
15-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 8b07536a: am 0a63dab8: am 1ba58a1a: Merge "Introduce post_process_mac_perms script." * commit '8b07536aa2914e03518d060d836abead1b73ff41': Introduce post_process_mac_perms script.
|
8b07536aa2914e03518d060d836abead1b73ff41 |
15-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 0a63dab8: am 1ba58a1a: Merge "Introduce post_process_mac_perms script." * commit '0a63dab86d641b1abe9893c569c82a6eb9aea7fe': Introduce post_process_mac_perms script.
|
0a63dab86d641b1abe9893c569c82a6eb9aea7fe |
15-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 1ba58a1a: Merge "Introduce post_process_mac_perms script." * commit '1ba58a1a99fabbb485c537c7a383c810ff4045c6': Introduce post_process_mac_perms script.
|
796da7b8a1b0867d1e1dc9b28ed8e2f8fc4aeee8 |
15-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 1ba58a1a: Merge "Introduce post_process_mac_perms script." * commit '1ba58a1a99fabbb485c537c7a383c810ff4045c6': Introduce post_process_mac_perms script.
|
e7506c585c50b72f2389b8763d5c985070998307 |
15-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 0bfa5389: am 4fd27de9: am 0cad7fa5: Merge "Make dnsmasq enforcing." * commit '0bfa5389e1e74dfc62059bdd52f78317ff7b8014': Make dnsmasq enforcing.
|
a178aa0bd961e078db2efa8556a63ec4e4b8617c |
15-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 65e1edd0: am ce9556e9: am 69eb3c78: Merge "Make hostapd enforcing." * commit '65e1edd027f240335ea497eb32d66a528a36ddbe': Make hostapd enforcing.
|
3f148672f41a88ede82ea065ca03f9f9cddc3522 |
15-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 84640847: am c6a65efd: am 23f04d31: Merge "Make mdnsd enforcing." * commit '8464084775c5ac5ae4857f69843b0212b6cecf6b': Make mdnsd enforcing.
|
7e2bdb62ef0b59bd11ce73dee25e95c6964915d5 |
15-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 58af8544: am e438f727: am 2ebecfdd: Merge "Make gpsd enforcing." * commit '58af8544f2d9fa36c374ed1933a63b01076b486d': Make gpsd enforcing.
|
1ba58a1a99fabbb485c537c7a383c810ff4045c6 |
15-Mar-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Introduce post_process_mac_perms script."
|
ddadf94c85e62a3f0159110d9925ad637328ee30 |
15-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 68ff4097: am dd27772f: am c8012152: Allow healthd sys_tty_config * commit '68ff4097f089949f22395ea1346ce25adce9b014': Allow healthd sys_tty_config
|
0bfa5389e1e74dfc62059bdd52f78317ff7b8014 |
15-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 4fd27de9: am 0cad7fa5: Merge "Make dnsmasq enforcing." * commit '4fd27de984110abdd5c3cf698a1610433d0859d2': Make dnsmasq enforcing.
|
65e1edd027f240335ea497eb32d66a528a36ddbe |
15-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am ce9556e9: am 69eb3c78: Merge "Make hostapd enforcing." * commit 'ce9556e938e1b0512d776ed5d05546a933afb481': Make hostapd enforcing.
|
8464084775c5ac5ae4857f69843b0212b6cecf6b |
15-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am c6a65efd: am 23f04d31: Merge "Make mdnsd enforcing." * commit 'c6a65efdfb2bb569ca5339f56c81abda037d837d': Make mdnsd enforcing.
|
58af8544f2d9fa36c374ed1933a63b01076b486d |
15-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am e438f727: am 2ebecfdd: Merge "Make gpsd enforcing." * commit 'e438f72746debd485e8e39a31952cd5cb774e433': Make gpsd enforcing.
|
4fd27de984110abdd5c3cf698a1610433d0859d2 |
15-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 0cad7fa5: Merge "Make dnsmasq enforcing." * commit '0cad7fa543377f4b842ceffbfdb9da680ba80b99': Make dnsmasq enforcing.
|
ce9556e938e1b0512d776ed5d05546a933afb481 |
15-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 69eb3c78: Merge "Make hostapd enforcing." * commit '69eb3c78424689ce35753ee7c51d5dba3cb0cea0': Make hostapd enforcing.
|
c6a65efdfb2bb569ca5339f56c81abda037d837d |
15-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 23f04d31: Merge "Make mdnsd enforcing." * commit '23f04d31d9bb2e569465faf8cc8af113b8ecd8ab': Make mdnsd enforcing.
|
e438f72746debd485e8e39a31952cd5cb774e433 |
15-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 2ebecfdd: Merge "Make gpsd enforcing." * commit '2ebecfdd9e53647486dc52cfbc2db1fbe9fcccba': Make gpsd enforcing.
|
6e25c5c991ded891e2150e607c1311f869631dad |
15-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 0cad7fa5: Merge "Make dnsmasq enforcing." * commit '0cad7fa543377f4b842ceffbfdb9da680ba80b99': Make dnsmasq enforcing.
|
6fe7d38750140b48951829c823da6cb6b8be57ec |
15-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 69eb3c78: Merge "Make hostapd enforcing." * commit '69eb3c78424689ce35753ee7c51d5dba3cb0cea0': Make hostapd enforcing.
|
431d9d98b52cad11252d4285f2bf8034d1d10cc8 |
15-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 23f04d31: Merge "Make mdnsd enforcing." * commit '23f04d31d9bb2e569465faf8cc8af113b8ecd8ab': Make mdnsd enforcing.
|
9334f96f27bb6ecd14ba20905abebe07263288ce |
15-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 2ebecfdd: Merge "Make gpsd enforcing." * commit '2ebecfdd9e53647486dc52cfbc2db1fbe9fcccba': Make gpsd enforcing.
|
0cad7fa543377f4b842ceffbfdb9da680ba80b99 |
15-Mar-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Make dnsmasq enforcing."
|
69eb3c78424689ce35753ee7c51d5dba3cb0cea0 |
15-Mar-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Make hostapd enforcing."
|
23f04d31d9bb2e569465faf8cc8af113b8ecd8ab |
15-Mar-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Make mdnsd enforcing."
|
2ebecfdd9e53647486dc52cfbc2db1fbe9fcccba |
15-Mar-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Make gpsd enforcing."
|
68ff4097f089949f22395ea1346ce25adce9b014 |
14-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am dd27772f: am c8012152: Allow healthd sys_tty_config * commit 'dd27772f75c5606bc3a3f8128a6a1559cf7b0c90': Allow healthd sys_tty_config
|
dd27772f75c5606bc3a3f8128a6a1559cf7b0c90 |
14-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am c8012152: Allow healthd sys_tty_config * commit 'c8012152e444d30a19dc0b744aca30254b1188d9': Allow healthd sys_tty_config
|
be5c4a18fb8c26f0ed3ff5d12127cc3433836f16 |
14-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am c8012152: Allow healthd sys_tty_config * commit 'c8012152e444d30a19dc0b744aca30254b1188d9': Allow healthd sys_tty_config
|
c8012152e444d30a19dc0b744aca30254b1188d9 |
14-Mar-2014 |
Nick Kralevich <nnk@google.com> |
Allow healthd sys_tty_config healthd performs privileged ioctls on the tty device when in charger mode. Allow it. This fixes a bug where off charging mode is forcing the device to reboot into recovery. Addresses the following denial: type=1400 audit(15080631.900:4): avc: denied { sys_tty_config } for pid=130 comm="healthd" capability=26 scontext=u:r:healthd:s0 tcontext=u:r:healthd:s0 tclass=capability Bug: 13472365 Change-Id: I402987baf62ba0017e79e30e370850c32c286a6a
ealthd.te
|
910d2dfd60d134bc178652b6bb4c512c1126416c |
14-Mar-2014 |
jaejyn.shin <jaejyn.shin@lge.com> |
am 154c2b39: (-s ours) am 58862262: am 157f4c43: am 9702e493: DO NOT MERGE: Adding permissions needed to remove cache * commit '154c2b39c63a2e65416d784b59ab4a9c341ca954': DO NOT MERGE: Adding permissions needed to remove cache
|
0ec8b65698b71c1fa165707c264292f3d37507ec |
14-Mar-2014 |
Takeshi Aimi <takeshi.aimi@sonymobile.com> |
am aa20c16b: (-s ours) am cc239af5: am 541d6cba: am 2a2a4936: DO NOT MERGE: Make bluetooth, nfc, radio and shell adb-installable * commit 'aa20c16b5ca5f78a7d78c389d8137f1d9f9df7b9': DO NOT MERGE: Make bluetooth, nfc, radio and shell adb-installable
|
154c2b39c63a2e65416d784b59ab4a9c341ca954 |
14-Mar-2014 |
jaejyn.shin <jaejyn.shin@lge.com> |
am 58862262: am 157f4c43: am 9702e493: DO NOT MERGE: Adding permissions needed to remove cache * commit '588622623d382e251e1bab61e29736fbf9e4d177': DO NOT MERGE: Adding permissions needed to remove cache
|
aa20c16b5ca5f78a7d78c389d8137f1d9f9df7b9 |
14-Mar-2014 |
Takeshi Aimi <takeshi.aimi@sonymobile.com> |
am cc239af5: am 541d6cba: am 2a2a4936: DO NOT MERGE: Make bluetooth, nfc, radio and shell adb-installable * commit 'cc239af58c64262dc3cef9d2b83d89118914c509': DO NOT MERGE: Make bluetooth, nfc, radio and shell adb-installable
|
588622623d382e251e1bab61e29736fbf9e4d177 |
14-Mar-2014 |
jaejyn.shin <jaejyn.shin@lge.com> |
am 157f4c43: am 9702e493: DO NOT MERGE: Adding permissions needed to remove cache * commit '157f4c43da233c4631682d4d5c26be15d4c0cd06': DO NOT MERGE: Adding permissions needed to remove cache
|
cc239af58c64262dc3cef9d2b83d89118914c509 |
14-Mar-2014 |
Takeshi Aimi <takeshi.aimi@sonymobile.com> |
am 541d6cba: am 2a2a4936: DO NOT MERGE: Make bluetooth, nfc, radio and shell adb-installable * commit '541d6cba21dd82d6f65e6ff911127bf8ea96ec10': DO NOT MERGE: Make bluetooth, nfc, radio and shell adb-installable
|
157f4c43da233c4631682d4d5c26be15d4c0cd06 |
14-Mar-2014 |
jaejyn.shin <jaejyn.shin@lge.com> |
am 9702e493: DO NOT MERGE: Adding permissions needed to remove cache * commit '9702e49307aa738508bb0949bac3000fe9ec5a0d': DO NOT MERGE: Adding permissions needed to remove cache
|
541d6cba21dd82d6f65e6ff911127bf8ea96ec10 |
14-Mar-2014 |
Takeshi Aimi <takeshi.aimi@sonymobile.com> |
am 2a2a4936: DO NOT MERGE: Make bluetooth, nfc, radio and shell adb-installable * commit '2a2a4936c2223e9b3a70b177a97c270aa1aa2740': DO NOT MERGE: Make bluetooth, nfc, radio and shell adb-installable
|
51c89f3883dd6b4a416e4565ba010965180567bb |
14-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 43a79a49: am c7f8f9a2: am 09a1719c: Merge "Allow system_server to read from log daemon." * commit '43a79a49add6cc72f6828c7a3db2e02b985c5e6b': Allow system_server to read from log daemon.
|
43a79a49add6cc72f6828c7a3db2e02b985c5e6b |
14-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am c7f8f9a2: am 09a1719c: Merge "Allow system_server to read from log daemon." * commit 'c7f8f9a220e2da686d7bba9d9e14a453893aa9cd': Allow system_server to read from log daemon.
|
c7f8f9a220e2da686d7bba9d9e14a453893aa9cd |
14-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 09a1719c: Merge "Allow system_server to read from log daemon." * commit '09a1719c4d288837b79dd098ac438b2e1b62d989': Allow system_server to read from log daemon.
|
20934e46f81c47ce8b2dc8a1b7bd735b16c30ec6 |
14-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 09a1719c: Merge "Allow system_server to read from log daemon." * commit '09a1719c4d288837b79dd098ac438b2e1b62d989': Allow system_server to read from log daemon.
|
09a1719c4d288837b79dd098ac438b2e1b62d989 |
14-Mar-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Allow system_server to read from log daemon."
|
305457331a960575eedc0b991b883748334c1164 |
14-Mar-2014 |
jaejyn.shin <jaejyn.shin@lge.com> |
am 9702e493: DO NOT MERGE: Adding permissions needed to remove cache * commit '9702e49307aa738508bb0949bac3000fe9ec5a0d': DO NOT MERGE: Adding permissions needed to remove cache
|
ea287321d2a8ef6c2a40abbb707b1e918b8e3de1 |
14-Mar-2014 |
Takeshi Aimi <takeshi.aimi@sonymobile.com> |
am 2a2a4936: DO NOT MERGE: Make bluetooth, nfc, radio and shell adb-installable * commit '2a2a4936c2223e9b3a70b177a97c270aa1aa2740': DO NOT MERGE: Make bluetooth, nfc, radio and shell adb-installable
|
0fdd4d05ffdb0ca4b05fbcd45539b5524da7ee86 |
14-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am f13b92b9: am 06804027: am e42cebe6: Allow clatd to use local/unix datagram socket inherited from netd. * commit 'f13b92b94ddbcd21729294f8dcdadd81ebb4e3e7': Allow clatd to use local/unix datagram socket inherited from netd.
|
4fea2313121eee4bc1d301a840612cfe9907f020 |
14-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 16a568fa: am a032f35a: am 6fe899a0: Silence /proc/pid denials. * commit '16a568fa0971e970a0580cd1e33b44aab804bad1': Silence /proc/pid denials.
|
f13b92b94ddbcd21729294f8dcdadd81ebb4e3e7 |
14-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 06804027: am e42cebe6: Allow clatd to use local/unix datagram socket inherited from netd. * commit '06804027ca594bb6beb7c26c5e3fad146b9992a3': Allow clatd to use local/unix datagram socket inherited from netd.
|
06804027ca594bb6beb7c26c5e3fad146b9992a3 |
14-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am e42cebe6: Allow clatd to use local/unix datagram socket inherited from netd. * commit 'e42cebe6a068a5273d4d022d27216d0d3cc62317': Allow clatd to use local/unix datagram socket inherited from netd.
|
7175290f10194d9342b197942836cb10c385af98 |
14-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am e42cebe6: Allow clatd to use local/unix datagram socket inherited from netd. * commit 'e42cebe6a068a5273d4d022d27216d0d3cc62317': Allow clatd to use local/unix datagram socket inherited from netd.
|
0eaf7629b36daf2d496a3c12ff98a5fe895a33b5 |
14-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make gpsd enforcing. Change-Id: I68a8f37576d0d04d0f9df9ef8991407b6846ba15 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
psd.te
|
935abced5256878d8ed64e1cdd85c2a60f8f9139 |
14-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make mdnsd enforcing. Change-Id: I610723eb9f2edcb4525b0e2d7e55616a1d93957d Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
dnsd.te
|
e3d0e655e8c71d298efa1b5ed6659c3660b8f802 |
14-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make hostapd enforcing. Change-Id: Ica367f34156a7a460e3663589a29743c4a9e955c Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ostapd.te
|
78a58dd921c73c85058b88e125fb66f5805bae7d |
14-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make dnsmasq enforcing. Change-Id: I546c1bcf373f161b7bf5706053340c4f6482b8b9 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
nsmasq.te
|
bafbf8133015204ac1b9116ccd4235e8a615895c |
14-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow system_server to read from log daemon. Addresses denials such as: avc: denied { write } for pid=1797 comm="logcat" name="logdr" dev="tmpfs" ino=7523 scontext=u:r:system_server:s0 tcontext=u:object_r:logdr_socket:s0 tclass=sock_file avc: denied { connectto } for pid=1797 comm="logcat" path="/dev/socket/logdr" scontext=u:r:system_server:s0 tcontext=u:r:logd:s0 tclass=unix_stream_socket Change-Id: Idc4f48519ca3d81125102e8f15f68989500f5e9e Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ystem_server.te
|
e42cebe6a068a5273d4d022d27216d0d3cc62317 |
14-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow clatd to use local/unix datagram socket inherited from netd. Addresses denials such as: avc: denied { read write } for pid=3142 comm="clatd" path="socket:[12029]" dev="sockfs" ino=12029 scontext=u:r:clatd:s0 tcontext=u:r:netd:s0 tclass=unix_dgram_socket Change-Id: I5111410870c71bbfaf6b5310d8f5fd8f10db4f20 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
latd.te
|
f9c3257fbaa16dbbffe3493b103d0b16ada1c0b5 |
12-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Get rid of separate download_file type. This appears to have been created to allow untrusted_app to access DownloadProvider cache files without needing to allow open access to platform_app_data_file. Now that platform_app_data_file is gone, there is no benefit to having this type. Retain a typealias for download_file to app_data_file until restorecon /data/data support is in place to provide compatibility. This change depends on: https://android-review.googlesource.com/#/c/87801/ Change-Id: Iab3c99d7d5448bdaa5c1e03a98fb6163804e1ec4 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
ile.te
ile_contexts
nstalld.te
edia_app.te
latform_app.te
eapp_contexts
|
16a568fa0971e970a0580cd1e33b44aab804bad1 |
14-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am a032f35a: am 6fe899a0: Silence /proc/pid denials. * commit 'a032f35a93fd50476ac6cdbb7abed9a3f6bcad86': Silence /proc/pid denials.
|
395b48be86c127c19ecd7deeb766bd8d4e81fc10 |
14-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 6fe899a0: Silence /proc/pid denials. * commit '6fe899a0d1905682c3224f1a3809288dacc0ca3f': Silence /proc/pid denials.
|
a032f35a93fd50476ac6cdbb7abed9a3f6bcad86 |
14-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 6fe899a0: Silence /proc/pid denials. * commit '6fe899a0d1905682c3224f1a3809288dacc0ca3f': Silence /proc/pid denials.
|
9702e49307aa738508bb0949bac3000fe9ec5a0d |
24-Dec-2013 |
jaejyn.shin <jaejyn.shin@lge.com> |
DO NOT MERGE: Adding permissions needed to remove cache During removing cache data using Zipper application, I found violation logs. avc: denied { write } for pid=198 comm="installd" name="cache" dev="mmcblk0p29" ino=81680 scontext=u:r:installd:s0 tcontext=u:object_r:download_file:s0 tclass=dir avc: denied { remove_name } for pid=198 comm="installd" name="downloadfile.apk" dev="mmcblk0p29" ino=82247 scontext=u:r:installd:s0 tcontext=u:object_r:download_file:s0 tclass=dir avc: denied { unlink } for pid=198 comm="installd" name="downloadfile.apk" dev="mmcblk0p29" ino=82247 scontext=u:r:installd:s0 tcontext=u:object_r:download_file:s0 tclass=file Reproduction path is like below 1. Downloading Zipper application from Google Play (I used Zipper 1.9.9.2) 2. Clicking option and clicking "removing cache" button 3. Select "yes" 4. Violation show up (cherry picked from commit 9cc6d8d581b6094b36c59a0e95d674cb193916e8) Bug: 13450421 Change-Id: I487ccd1d8d58bf2c590af39a7b1eb448c113670e
nstalld.te
|
2a2a4936c2223e9b3a70b177a97c270aa1aa2740 |
26-Nov-2013 |
Takeshi Aimi <takeshi.aimi@sonymobile.com> |
DO NOT MERGE: Make bluetooth, nfc, radio and shell adb-installable bluetooth, nfc, radio and shell are not explicitly declared in installd.te. This prevents applications in those group from upgrading by "adb install -r". You can reproduce the issue by following step: 1. adb pull /system/priv-app/Shell.apk 2. adb install -r Shell.apk 3. install failed with the error log blow [Error in logcat] E/installd( 338): couldn't symlink directory '/data/data/com.android.shell/lib' -> '/data/app-lib/com.android.shell-1': Permission denied E/installd( 338): couldn't symlink directory '/data/data/com.android.shell/lib' -> '/data/app-lib/Shell': Permission denied [Error in dmesg] <5>[ 112.053301] type=1400 audit(1387412796.071:10): avc: denied { create } for pid=337 comm="installd" name="lib" scontext=u:r:installd:s0 tcontext=u:object_r:shell_data_file:s0 tclass=lnk_file This operation fails only if the app belongs to any of the groups specified in the commit title. (cherry picked from commit f5e90004a30a2cb5c1a1d70134a32d68994e2568) Bug: 13450421 Change-Id: Ie38d05c1306bebd90b0f15c1d4e1a55f6798d497
nstalld.te
|
35fd5934b4e2a23469751ad39886610e922c4b55 |
14-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 64c0ff00: Audit attempts by rild to create/write to system_data_file. * commit '64c0ff007934495105c95954452f4cc1dcada4b3': Audit attempts by rild to create/write to system_data_file.
|
476ca2a4b408f0c7cc57e2fd6f17c30cb6046a17 |
14-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 599e71a9: rild: move to enforcing * commit '599e71a9ba8428604145e50b0acbcec1594c414d': rild: move to enforcing
|
407ea000608182d82b042197221c80367dc924e0 |
14-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 8055cc16: am eb40905c: am 64c0ff00: Audit attempts by rild to create/write to system_data_file. * commit '8055cc16acaafd6cbb572c7c746f9b010bcfeccb': Audit attempts by rild to create/write to system_data_file.
|
c99dd3c812ed82a0f9f56974c36b8f8d0e2d819a |
14-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 91d0a07c: am b6de71d9: am 599e71a9: rild: move to enforcing * commit '91d0a07cee4fdc99e524a4290caebd2c7fcb5879': rild: move to enforcing
|
6fe899a0d1905682c3224f1a3809288dacc0ca3f |
13-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Silence /proc/pid denials. system_server components such as ActivityManager and CpuTracker try to access all /proc/pid directories, triggering denials on domains that are not explicitly allowed to the system_server. Silence these denials to avoid filling the logs with noise and overwriting actual useful messages in the kernel ring buffer. Change-Id: Ifd6f2fd63e945647570ed61c67a6171b89878617 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ystem_server.te
|
93a8cb2b9bbd0859b7d46b04a4136b9bbb67c745 |
13-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 8b1e8986: Merge "Label /data/misc/wifi/hostapd with wpa_socket type." * commit '8b1e89868fd066dc00466409a194d32e1c9d23cf': Label /data/misc/wifi/hostapd with wpa_socket type.
|
77541cef6af4b6035e6a14c088a91726662fdb38 |
13-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 867e398d: Allow wpa to perform binder IPC to keystore. * commit '867e398d54c290c3870bb9bca07676d57b99687d': Allow wpa to perform binder IPC to keystore.
|
3e3a7dae74a0ca0151c095fc4b40823204e02972 |
13-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 45815c3e: Allow dnsmasq dac_override capability. * commit '45815c3e4012639334888b4a380192443f5b711f': Allow dnsmasq dac_override capability.
|
6e3733efe167cd9444e09b7cf0fc6fe52a5413d5 |
13-Mar-2014 |
dcashman <dcashman@google.com> |
am cb8c5262: Merge "Allow adbd access to gpu_device." * commit 'cb8c52623b304e78a707ec5bde4329d01e88cda4': Allow adbd access to gpu_device.
|
ff543219483345633111a2b66863ddf4dc317ae6 |
13-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 530d0f6a: Merge "Add inline documentation for mac_permissions.xml." * commit '530d0f6a5ef9b32fcde8253f55380bb39ad09c56': Add inline documentation for mac_permissions.xml.
|
c2667d9106fce36b1d55fe983847ac4d44b8abc4 |
13-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 27042f6d: Drop special handling of app_data_file in mls constraints. * commit '27042f6da110b8bef9ff291f724351464958da86': Drop special handling of app_data_file in mls constraints.
|
dd25792d1a45bfb9f19045184db81d6fdd2742b2 |
13-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am f8479e02: Merge "Make mtp enforcing." * commit 'f8479e025f5873e8444f92ee36b01a373c72bd89': Make mtp enforcing.
|
f82b19021f9f6c7e6e954f40cd53ab6b0362f2bd |
13-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 95f90701: Merge "Allow system_app to start bugreport and to create /data/anr/traces.txt." * commit '95f907016910889d46c60571eaa08e8713933504': Allow system_app to start bugreport and to create /data/anr/traces.txt.
|
994f95f5dcafc82badac6d2eed2ded13d9487b1f |
13-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 1d98c49f: Merge "Deduplicate and rationalize system_server /proc/pid access." * commit '1d98c49fce8501b013f55e5222fa3e57859a768d': Deduplicate and rationalize system_server /proc/pid access.
|
8055cc16acaafd6cbb572c7c746f9b010bcfeccb |
13-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am eb40905c: am 64c0ff00: Audit attempts by rild to create/write to system_data_file. * commit 'eb40905c352b9e9472728d2722153904dcc0564b': Audit attempts by rild to create/write to system_data_file.
|
91d0a07cee4fdc99e524a4290caebd2c7fcb5879 |
13-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am b6de71d9: am 599e71a9: rild: move to enforcing * commit 'b6de71d9554bdf9bca86cc055e103ad96ffdfa00': rild: move to enforcing
|
eb40905c352b9e9472728d2722153904dcc0564b |
13-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 64c0ff00: Audit attempts by rild to create/write to system_data_file. * commit '64c0ff007934495105c95954452f4cc1dcada4b3': Audit attempts by rild to create/write to system_data_file.
|
b6de71d9554bdf9bca86cc055e103ad96ffdfa00 |
13-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 599e71a9: rild: move to enforcing * commit '599e71a9ba8428604145e50b0acbcec1594c414d': rild: move to enforcing
|
64c0ff007934495105c95954452f4cc1dcada4b3 |
13-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Audit attempts by rild to create/write to system_data_file. Audit attempts by rild to create/write to system_data_file with avc: granted messages so that we can identify any such instances and put such directories/files into radio_data_file or some other type and then remove these rules. Change-Id: Ice20fed1733a3f4208d541a4baaa8b6c6f44fbb0 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ild.te
|
dc88dca115791053d00354785be37a38259b3781 |
12-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Get rid of separate platform_app_data_file type. The original concept was to allow separation between /data/data/<pkgdir> files of "platform" apps (signed by one of the four build keys) and untrusted apps. But we had to allow read/write to support passing of open files via Binder or local socket for compatibilty, and it seems that direct open by pathname is in fact used in Android as well, only passing the pathname via Binder or local socket. So there is no real benefit to keeping it as a separate type. Retain a type alias for platform_app_data_file to app_data_file until restorecon /data/data support is in place to provide compatibility. Change-Id: Ic15066f48765322ad40500b2ba2801bb3ced5489 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
rmserver.te
ile.te
nstalld.te
edia_app.te
ediaserver.te
latformappdomain.te
eapp_contexts
urfaceflinger.te
|
df83d6af8cbb5d78e11c2bb433af8569f670a8c7 |
13-Mar-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
3bcead8c6bc5e0eb066b50e10236ec58b3f93021 |
13-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 94c633dd: Merge "Make dhcp enforcing." * commit '94c633dd1e7a37b75da0bc5bbdb4be9eb656f1bc': Make dhcp enforcing.
|
87065a1b8002a49fc775167b8cdc303ea7310373 |
13-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 7ded6d0f: Merge "Make clatd enforcing." * commit '7ded6d0ff2eb48e62a473779441df9442e8bde1f': Make clatd enforcing.
|
565372f47ef9b00e92e22c2581c180da6c33bc12 |
13-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 150400a3: Merge "Allow bluetooth users ioctl access to bluetooth unix stream socket." * commit '150400a3f6918df07026ac5e56836e48893f0d4c': Allow bluetooth users ioctl access to bluetooth unix stream socket.
|
f8864a475d9d4028ac80c1c89377bdc9043de6f2 |
13-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am ebc08e82: Address healthd denials. * commit 'ebc08e82a56e9a8ed51f9bf04c4106f66c3ef917': Address healthd denials.
|
599e71a9ba8428604145e50b0acbcec1594c414d |
13-Mar-2014 |
Nick Kralevich <nnk@google.com> |
rild: move to enforcing Move the rild domain into SELinux enforcing mode. This will start enforcing SELinux rules; security policy violations will return EPERM. Change-Id: Iadb51616ecf6f56148ce076d47f04511810de94c
ild.te
|
28859465ac9b1ea42170ab20ae25b9da66bbf74f |
13-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 4d4933b8: am cf15b039: am 8b1e8986: Merge "Label /data/misc/wifi/hostapd with wpa_socket type." * commit '4d4933b87fc2ddd35eab3e76f95c4ab467a222dd': Label /data/misc/wifi/hostapd with wpa_socket type.
|
0b48ebb8bdd56c772d8c49f0b2cf0bc25e6d231d |
13-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am e00ee22a: am 7702b9d3: am 867e398d: Allow wpa to perform binder IPC to keystore. * commit 'e00ee22a78fcaac2a1cb5e1304d00d20a00964c8': Allow wpa to perform binder IPC to keystore.
|
b0b507e11e405565ab85b7a9b51e872d42dc3f64 |
12-Mar-2014 |
dcashman <dcashman@google.com> |
am d5ed0828: am d2af4e98: am 4d529383: Allow adbd access to gpu_device. * commit 'd5ed082856db4a1f43629fa875453cb5650b3996': Allow adbd access to gpu_device.
|
20d7e4bb1af14f24c5e3652ee82e096e0a1756eb |
12-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am b4b69402: am f361355d: am 45815c3e: Allow dnsmasq dac_override capability. * commit 'b4b69402c136395a54c88f44e2053386c6f1aa9f': Allow dnsmasq dac_override capability.
|
4d4933b87fc2ddd35eab3e76f95c4ab467a222dd |
12-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am cf15b039: am 8b1e8986: Merge "Label /data/misc/wifi/hostapd with wpa_socket type." * commit 'cf15b03922c15076b513064b905d53bb639283c3': Label /data/misc/wifi/hostapd with wpa_socket type.
|
e00ee22a78fcaac2a1cb5e1304d00d20a00964c8 |
12-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 7702b9d3: am 867e398d: Allow wpa to perform binder IPC to keystore. * commit '7702b9d3bccdabd55f2b47eb6accf8054ea16d91': Allow wpa to perform binder IPC to keystore.
|
cf15b03922c15076b513064b905d53bb639283c3 |
12-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 8b1e8986: Merge "Label /data/misc/wifi/hostapd with wpa_socket type." * commit '8b1e89868fd066dc00466409a194d32e1c9d23cf': Label /data/misc/wifi/hostapd with wpa_socket type.
|
7702b9d3bccdabd55f2b47eb6accf8054ea16d91 |
12-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 867e398d: Allow wpa to perform binder IPC to keystore. * commit '867e398d54c290c3870bb9bca07676d57b99687d': Allow wpa to perform binder IPC to keystore.
|
8b1e89868fd066dc00466409a194d32e1c9d23cf |
12-Mar-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Label /data/misc/wifi/hostapd with wpa_socket type."
|
0ae85127d8cea468b646f48c472e0f27dbf263f5 |
12-Mar-2014 |
dcashman <dcashman@google.com> |
am 3848af06: am 0242e311: am cb8c5262: Merge "Allow adbd access to gpu_device." * commit '3848af062bbcd30c046cbb5cad0cbc2a2e4f447c': Allow adbd access to gpu_device.
|
363fda94fd1c1179e5c354ae52bb9d9c01988f46 |
12-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am d32f1d43: am b64d433d: am 530d0f6a: Merge "Add inline documentation for mac_permissions.xml." * commit 'd32f1d43e743382f9f3caa8c1c5fd07c65cc2dd5': Add inline documentation for mac_permissions.xml.
|
b625d9e57d1a7ab22cb47a7e82aef7c892eff2bf |
12-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am a61be4b4: am 2f3518fe: am 27042f6d: Drop special handling of app_data_file in mls constraints. * commit 'a61be4b43907da867835995b0feb2646d09e49df': Drop special handling of app_data_file in mls constraints.
|
867e398d54c290c3870bb9bca07676d57b99687d |
12-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow wpa to perform binder IPC to keystore. Addresses denials such as: avc: denied { call } for pid=2275 comm="wpa_supplicant" scontext=u:r:wpa:s0 tcontext=u:r:servicemanager:s0 tclass=binder Change-Id: I8ab148046dd06f56630a2876db787b293e14c0ae Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pa.te
|
7d40eaa546527bc5b84c2333e60bee97f51ce5e8 |
12-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 96f81cb5: am 4d637d9a: am f8479e02: Merge "Make mtp enforcing." * commit '96f81cb5857187cd8b9b031817b6769784198606': Make mtp enforcing.
|
d5075c8de0bf0a5fb37cb0955d3f61c6c6fe05f2 |
12-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 82b5c17f: am bf3be521: am 95f90701: Merge "Allow system_app to start bugreport and to create /data/anr/traces.txt." * commit '82b5c17f075b05387f0320f1720463c65c613fce': Allow system_app to start bugreport and to create /data/anr/traces.txt.
|
f0e543ca6626823c13366e2ee725ec2286c4c285 |
12-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am db34edcd: am 77e5a153: am 1d98c49f: Merge "Deduplicate and rationalize system_server /proc/pid access." * commit 'db34edcd48d560e753e2a4a48b4cc13e3fe4e1aa': Deduplicate and rationalize system_server /proc/pid access.
|
50354ed585e5af281cc902fe844514e0a2c83559 |
12-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am b77be46d: am 7ad264c7: am 94c633dd: Merge "Make dhcp enforcing." * commit 'b77be46d2f6b56583316e7d01217c968c13657d3': Make dhcp enforcing.
|
caf965bb17d581dbad2ca4b54d72d7370bdc26dc |
12-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am b61aeade: am 721f5938: am 7ded6d0f: Merge "Make clatd enforcing." * commit 'b61aeade67f30b693c360dd4766b3b3b61ecb986': Make clatd enforcing.
|
d5ed082856db4a1f43629fa875453cb5650b3996 |
12-Mar-2014 |
dcashman <dcashman@google.com> |
am d2af4e98: am 4d529383: Allow adbd access to gpu_device. * commit 'd2af4e9824275b7498b9109c38975d00a85c30c9': Allow adbd access to gpu_device.
|
d2af4e9824275b7498b9109c38975d00a85c30c9 |
12-Mar-2014 |
dcashman <dcashman@google.com> |
am 4d529383: Allow adbd access to gpu_device. * commit '4d5293835d8c000d058d0c9bde0ea2c17c6ef561': Allow adbd access to gpu_device.
|
4d5293835d8c000d058d0c9bde0ea2c17c6ef561 |
12-Mar-2014 |
dcashman <dcashman@google.com> |
Allow adbd access to gpu_device. Addresses denials seen when attempting to take a screencaputre from ddms: <5>[ 1232.327360] type=1400 audit(1393354131.695:41): avc: denied { read write } for pid=18487 comm="screencap" name="nvhost-ctrl" dev="tmpfs" ino=4035 scontext=u:r:adbd:s0 tcontext=u:object_r:gpu_device:s0 tclass=chr_file Bug: 13188914 (cherry picked from commit ddde8c29336e1938d6a995cb78e53f300ec6be77) Change-Id: I25c90a0f5dadf5f4e9f99cd27cf8740766a21aaa
dbd.te
|
b4b69402c136395a54c88f44e2053386c6f1aa9f |
12-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am f361355d: am 45815c3e: Allow dnsmasq dac_override capability. * commit 'f361355d9173953f0d8f4b5e9ca91bf5880d0d55': Allow dnsmasq dac_override capability.
|
f361355d9173953f0d8f4b5e9ca91bf5880d0d55 |
12-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 45815c3e: Allow dnsmasq dac_override capability. * commit '45815c3e4012639334888b4a380192443f5b711f': Allow dnsmasq dac_override capability.
|
45815c3e4012639334888b4a380192443f5b711f |
12-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow dnsmasq dac_override capability. dnsmasq presently requires dac_override to create files under /data/misc/dhcp. Until it can be changed to run with group dhcp, allow dac_override. Addresses denials such as: avc: denied { dac_override } for pid=21166 comm="dnsmasq" capability=1 scontext=u:r:dnsmasq:s0 tcontext=u:r:dnsmasq:s0 tclass=capability Change-Id: Ic352dc7fc4ab44086c6b06cf727c48f29098f3a1 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
nsmasq.te
|
5f8d9f85b0b3b799f2ac15352ae3c92e61675dba |
12-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Label /data/misc/wifi/hostapd with wpa_socket type. hostapd creates sockets under /data/misc/wifi/hostapd. Ensure that they are labeled correctly both at runtime (type_transition) and during the init.rc restorecon_recursive /data (file_contexts). Addresses denials such as: avc: denied { create } for pid=20476 comm="hostapd" name="wlan0" scontext=u:r:hostapd:s0 tcontext=u:object_r:wifi_data_file:s0 tclass=sock_file avc: denied { setattr } for pid=20476 comm="hostapd" name="wlan0" dev="mmcblk0p23" ino=619005 scontext=u:r:hostapd:s0 tcontext=u:object_r:wifi_data_file:s0 tclass=sock_file avc: denied { unlink } for pid=20476 comm="hostapd" name="wlan0" dev="mmcblk0p23" ino=619005 scontext=u:r:hostapd:s0 tcontext=u:object_r:wifi_data_file:s0 tclass=sock_file Change-Id: I80a443faeb6017a9d6cbdb8da9d7416f29a7b85f Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ile_contexts
ostapd.te
|
3848af062bbcd30c046cbb5cad0cbc2a2e4f447c |
12-Mar-2014 |
dcashman <dcashman@google.com> |
am 0242e311: am cb8c5262: Merge "Allow adbd access to gpu_device." * commit '0242e311c3ace339b322f9a36013b0fb6450c266': Allow adbd access to gpu_device.
|
0242e311c3ace339b322f9a36013b0fb6450c266 |
12-Mar-2014 |
dcashman <dcashman@google.com> |
am cb8c5262: Merge "Allow adbd access to gpu_device." * commit 'cb8c52623b304e78a707ec5bde4329d01e88cda4': Allow adbd access to gpu_device.
|
cb8c52623b304e78a707ec5bde4329d01e88cda4 |
12-Mar-2014 |
dcashman <dcashman@google.com> |
Merge "Allow adbd access to gpu_device."
|
ddde8c29336e1938d6a995cb78e53f300ec6be77 |
12-Mar-2014 |
dcashman <dcashman@google.com> |
Allow adbd access to gpu_device. Addresses denials seen when attempting to take a screencaputre from ddms: <5>[ 1232.327360] type=1400 audit(1393354131.695:41): avc: denied { read write } for pid=18487 comm="screencap" name="nvhost-ctrl" dev="tmpfs" ino=4035 scontext=u:r:adbd:s0 tcontext=u:object_r:gpu_device:s0 tclass=chr_file Bug: 13188914 Change-Id: I758e4f87ab024035604d47eebae7f89f21ea1e3e
dbd.te
|
d32f1d43e743382f9f3caa8c1c5fd07c65cc2dd5 |
12-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am b64d433d: am 530d0f6a: Merge "Add inline documentation for mac_permissions.xml." * commit 'b64d433daf00dfd838a29b95a2b1fe8711246f8c': Add inline documentation for mac_permissions.xml.
|
b64d433daf00dfd838a29b95a2b1fe8711246f8c |
12-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 530d0f6a: Merge "Add inline documentation for mac_permissions.xml." * commit '530d0f6a5ef9b32fcde8253f55380bb39ad09c56': Add inline documentation for mac_permissions.xml.
|
530d0f6a5ef9b32fcde8253f55380bb39ad09c56 |
12-Mar-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Add inline documentation for mac_permissions.xml."
|
cc7b72e9555953d5642bf5fdf950be2f8aa77e89 |
12-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Add inline documentation for mac_permissions.xml. Copied from our tree, adjusted to note relationship to keys.conf and to be consistent with the AOSP implementation. Change-Id: I09ba86d4c9a1b11a8865890e11283456ea2ffbcf Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ac_permissions.xml
|
a61be4b43907da867835995b0feb2646d09e49df |
12-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 2f3518fe: am 27042f6d: Drop special handling of app_data_file in mls constraints. * commit '2f3518fe89d676a0d14a800a25b9cb99ffe66d18': Drop special handling of app_data_file in mls constraints.
|
2f3518fe89d676a0d14a800a25b9cb99ffe66d18 |
12-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 27042f6d: Drop special handling of app_data_file in mls constraints. * commit '27042f6da110b8bef9ff291f724351464958da86': Drop special handling of app_data_file in mls constraints.
|
3e70d4793a096cab829c3141491944485e482f9f |
12-Mar-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
Introduce post_process_mac_perms script. usage: post_process_mac_perms [-h] -s SEINFO -d DIR -f POLICY Tool to help modify an existing mac_permissions.xml with additional app certs not already found in that policy. This becomes useful when a directory containing apps is searched and the certs from those apps are added to the policy not already explicitly listed. optional arguments: -h, --help show this help message and exit -s SEINFO, --seinfo SEINFO seinfo tag for each generated stanza -d DIR, --dir DIR Directory to search for apks -f POLICY, --file POLICY mac_permissions.xml policy file Change-Id: Ifbaca3b3120874a567d3f22eb487de1aa8bda796 Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
ools/post_process_mac_perms
|
27042f6da110b8bef9ff291f724351464958da86 |
12-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Drop special handling of app_data_file in mls constraints. This was a legacy of trying to support per-app level isolation in a compatible manner by blocking direct open but permitting read/write via passing of open files over Binder or local sockets. It is no longer relevant and just confusing to anyone trying to use the mls support for anything else. Change-Id: I6d92a7cc20bd7d2fecd2c9357e470a30f10967a3 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ls
|
7c8d03adbb174abf91a6c1d982c3c66577f46bdd |
12-Mar-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
96f81cb5857187cd8b9b031817b6769784198606 |
12-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 4d637d9a: am f8479e02: Merge "Make mtp enforcing." * commit '4d637d9af7f74159769501d2e704b454dea81f7d': Make mtp enforcing.
|
82b5c17f075b05387f0320f1720463c65c613fce |
12-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am bf3be521: am 95f90701: Merge "Allow system_app to start bugreport and to create /data/anr/traces.txt." * commit 'bf3be52130477d9cb90d2593eb979b4c7f6dced9': Allow system_app to start bugreport and to create /data/anr/traces.txt.
|
db34edcd48d560e753e2a4a48b4cc13e3fe4e1aa |
12-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 77e5a153: am 1d98c49f: Merge "Deduplicate and rationalize system_server /proc/pid access." * commit '77e5a1535b26de5f66da8f2a4ca1c19c823b14a3': Deduplicate and rationalize system_server /proc/pid access.
|
4d637d9af7f74159769501d2e704b454dea81f7d |
12-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am f8479e02: Merge "Make mtp enforcing." * commit 'f8479e025f5873e8444f92ee36b01a373c72bd89': Make mtp enforcing.
|
bf3be52130477d9cb90d2593eb979b4c7f6dced9 |
12-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 95f90701: Merge "Allow system_app to start bugreport and to create /data/anr/traces.txt." * commit '95f907016910889d46c60571eaa08e8713933504': Allow system_app to start bugreport and to create /data/anr/traces.txt.
|
77e5a1535b26de5f66da8f2a4ca1c19c823b14a3 |
12-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 1d98c49f: Merge "Deduplicate and rationalize system_server /proc/pid access." * commit '1d98c49fce8501b013f55e5222fa3e57859a768d': Deduplicate and rationalize system_server /proc/pid access.
|
b77be46d2f6b56583316e7d01217c968c13657d3 |
12-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 7ad264c7: am 94c633dd: Merge "Make dhcp enforcing." * commit '7ad264c79d9bbafcf04750ef4b70429f44a6cbf2': Make dhcp enforcing.
|
7ad264c79d9bbafcf04750ef4b70429f44a6cbf2 |
12-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 94c633dd: Merge "Make dhcp enforcing." * commit '94c633dd1e7a37b75da0bc5bbdb4be9eb656f1bc': Make dhcp enforcing.
|
f8479e025f5873e8444f92ee36b01a373c72bd89 |
12-Mar-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Make mtp enforcing."
|
95f907016910889d46c60571eaa08e8713933504 |
12-Mar-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Allow system_app to start bugreport and to create /data/anr/traces.txt."
|
1d98c49fce8501b013f55e5222fa3e57859a768d |
12-Mar-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Deduplicate and rationalize system_server /proc/pid access."
|
b61aeade67f30b693c360dd4766b3b3b61ecb986 |
12-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 721f5938: am 7ded6d0f: Merge "Make clatd enforcing." * commit '721f5938735cd3d0b5957183877a7922fee03bc6': Make clatd enforcing.
|
721f5938735cd3d0b5957183877a7922fee03bc6 |
12-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 7ded6d0f: Merge "Make clatd enforcing." * commit '7ded6d0ff2eb48e62a473779441df9442e8bde1f': Make clatd enforcing.
|
94c633dd1e7a37b75da0bc5bbdb4be9eb656f1bc |
11-Mar-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Make dhcp enforcing."
|
f4a28e080e0f52fdabb333db93c1146536949d92 |
11-Mar-2014 |
dcashman <dcashman@google.com> |
am 66f25cb1: Add auditallow to revaluate b/10498304 * commit '66f25cb1af951d2064467b3af9e68bd7bfe01484': Add auditallow to revaluate b/10498304
|
199aeacf5fcf799b641f407c065a5795c2ea2450 |
11-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 853ffaad: Deduplicate neverallow rules on selinuxfs operations. * commit '853ffaad323b3e5db14d3f2e4fbe7fa96160ede4': Deduplicate neverallow rules on selinuxfs operations.
|
7f326fae3c56a082ed09120caa694fe83225c867 |
11-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 3696da6e: Merge "Move wpa_supplicant.te to wpa.te." * commit '3696da6e1491926b0da9010464aa3574af91c3fe': Move wpa_supplicant.te to wpa.te.
|
a5172d97e7304817d951938a169ce17290f0aad1 |
11-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am c34de15a: Merge "Clean up, unify, and deduplicate app domain rules." * commit 'c34de15aeab27c7d8d6f5064859ef08069360e83': Clean up, unify, and deduplicate app domain rules.
|
e5f67fdf7d750f10cd7e5c53b7eb922dffffd1bd |
11-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 222c8229: Merge "Address surfaceflinger denials." * commit '222c82295b1fb4c1a53b23479fc2de15fa960133': Address surfaceflinger denials.
|
b72587d5b0b651ace8445528f32b8425619712ad |
11-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 2744f2c6: Merge "Allow stat of /system/bin/app_process by zygote." * commit '2744f2c6589b0ed21682c0313d7196a0f99758c7': Allow stat of /system/bin/app_process by zygote.
|
c93244e3c5628ff46333c06c7ec54c01bcacf768 |
11-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 6f4c3ed6: Merge "Allow all domains to read from socket_device directory." * commit '6f4c3ed6a05bb9a02c7e07624614ae97f5f25230': Allow all domains to read from socket_device directory.
|
5ee21d82cf748c5fd399491ced51081ed701dd6e |
11-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 2a8be3c1: Merge "Allow mediaserver to connect to tee service." * commit '2a8be3c1c5b120ca7bc59efc482208973aee66b9': Allow mediaserver to connect to tee service.
|
7aad485db254299205593eadf3e4447ca5144795 |
11-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 17859404: Address dnsmasq denials. * commit '17859404f6a1030488a657c4c406a7b83ea9957c': Address dnsmasq denials.
|
7ded6d0ff2eb48e62a473779441df9442e8bde1f |
11-Mar-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Make clatd enforcing."
|
1852b5df65de7c4286a9bf47b695b369be7c4e07 |
11-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am d9d9d2f4: temp fix for build breakage. * commit 'd9d9d2f4170b96a674c8222287bbe4cddfc8de3a': temp fix for build breakage.
|
b162db7bc712d7d4ce5550b320cac23dcbbac975 |
11-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am d331e00b: Do not allow system_server to access SDcard files. * commit 'd331e00bd8101b5ab63e08822cdad7a223c2a5dd': Do not allow system_server to access SDcard files.
|
f740891fc12a94d5f1a6b8cbbc2034c30f9d0fb6 |
11-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 3dad7b61: Address system_server denials. * commit '3dad7b611a448fa43a678ff760c23a00f387947e': Address system_server denials.
|
205d7313b48d9b191f3691dc29fefbd2cc1e9e89 |
11-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 23a52e6b: allow lmkd to kill processes. * commit '23a52e6b3028c89727b4fb60704401ed863641cd': allow lmkd to kill processes.
|
3942cf6e3cf6393dbe8d258addbcb3511ef195bb |
11-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 2737ceff: Allow stat/read of /data/media files by app domains. * commit '2737ceff233a32be67ebc6e3dba6e80b8df6df0a': Allow stat/read of /data/media files by app domains.
|
c3e3bdac92450d38b8902df6435c990b52f4cf5e |
11-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 495e9d12: Allow getopt / getattr to bluetooth unix_stream_socket. * commit '495e9d12b97cfaf3d6efb007b7b68217c2b94ba8': Allow getopt / getattr to bluetooth unix_stream_socket.
|
a7823cc499cd979d0059acf6a86e0940b0e26a2b |
11-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 28afdd92: Deduplicate binder_call rules. * commit '28afdd9234236d0b3c510f28255aa14625d11457': Deduplicate binder_call rules.
|
c6d9d37c09122d5270555f87f13cfc8c16214a5b |
11-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 63b98b17: restore system_server zygote socket rules * commit '63b98b17e41b74a7595dc80e1958550cf6b887d1': restore system_server zygote socket rules
|
1ee1ae1a87a542a1ffa4870aec293feda4fc0b73 |
11-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am f197f8ce: Merge "Remove system_server and zygote unlabeled execute access." * commit 'f197f8ce4a117e4134204a82d178d8d9ee753d3b': Remove system_server and zygote unlabeled execute access.
|
3171fe3f2b37dad8d26000aaec4eb87840810bf7 |
11-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am b19a191a: Merge "Give lmkd kill capability" * commit 'b19a191af6d5cc6567739c0536a9519e16aa45f4': Give lmkd kill capability
|
410e2ec2377ae3e750955f9507d1abeae5f6108c |
11-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 0a5f561c: uncrypt: allow /dev/block directory access. * commit '0a5f561c673a6a781bc2f11ac60d6613c648770c': uncrypt: allow /dev/block directory access.
|
34bd618021ade9ee1f3e119dcfb881f9f13a253d |
11-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 0296b943: Move qemud and /dev/qemu policy bits to emulator-specific sepolicy. * commit '0296b9434f3b933b37f67c143788f87cb80b3325': Move qemud and /dev/qemu policy bits to emulator-specific sepolicy.
|
8ef915ac5a83a7f035af9c07473b9d89bec8442b |
11-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 2c347e0a: Drop obsolete keystore_socket type and rules. * commit '2c347e0a3676bb50cac796ca94eb6ab53c08fc87': Drop obsolete keystore_socket type and rules.
|
9010b344666e991ae7de2fd68105506992f9fb0d |
11-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am dc1cedf1: Merge "Clean up socket rules." * commit 'dc1cedf12c6a6d87c0a46ab27b2f3fd47227df9d': Clean up socket rules.
|
f4569911e2f0c033878e537619c330e42a7f4fd6 |
11-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am de4ff590: Merge "Drop levelFrom=none from untrusted_app entry." * commit 'de4ff590ea7b5aa9023af171af0531ad7d7ed284': Drop levelFrom=none from untrusted_app entry.
|
648a83f431909c266436497ceb82abf4a30caa31 |
11-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 85708ec4: Resolve overlapping rules between app.te and net.te. * commit '85708ec4f91fd70b215dc69e00b80e0e7a7d4686': Resolve overlapping rules between app.te and net.te.
|
92496526c848227d4c7da0e6942d531f01c5e51d |
11-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 96ff4c05: Add a domain for mdnsd and allow connecting to it. * commit '96ff4c053a238e04373fcc1f11d769418e8ce238': Add a domain for mdnsd and allow connecting to it.
|
e921f0ae61decfd76ee127859b82f7fddf908244 |
11-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 22a22365: am b0291d13: am 150400a3: Merge "Allow bluetooth users ioctl access to bluetooth unix stream socket." * commit '22a2236567f5c231b6bd74cc2779825246f8146f': Allow bluetooth users ioctl access to bluetooth unix stream socket.
|
81c74494ffe51fef5532e8ea5efb3cfcde2b778f |
11-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am c4676f60: am fd234725: am ebc08e82: Address healthd denials. * commit 'c4676f601d29e9eeb5ff0687b414e95443cf8479': Address healthd denials.
|
22a2236567f5c231b6bd74cc2779825246f8146f |
11-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am b0291d13: am 150400a3: Merge "Allow bluetooth users ioctl access to bluetooth unix stream socket." * commit 'b0291d131e5423d50943fb321a28c10982687296': Allow bluetooth users ioctl access to bluetooth unix stream socket.
|
c4676f601d29e9eeb5ff0687b414e95443cf8479 |
11-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am fd234725: am ebc08e82: Address healthd denials. * commit 'fd234725cd934892c6a521b499bb5c93a7db824f': Address healthd denials.
|
b0291d131e5423d50943fb321a28c10982687296 |
11-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 150400a3: Merge "Allow bluetooth users ioctl access to bluetooth unix stream socket." * commit '150400a3f6918df07026ac5e56836e48893f0d4c': Allow bluetooth users ioctl access to bluetooth unix stream socket.
|
fd234725cd934892c6a521b499bb5c93a7db824f |
11-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am ebc08e82: Address healthd denials. * commit 'ebc08e82a56e9a8ed51f9bf04c4106f66c3ef917': Address healthd denials.
|
150400a3f6918df07026ac5e56836e48893f0d4c |
11-Mar-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Allow bluetooth users ioctl access to bluetooth unix stream socket."
|
ebc08e82a56e9a8ed51f9bf04c4106f66c3ef917 |
11-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Address healthd denials. Resolve denials such as: avc: denied { write } for pid=130 comm="healthd" name="state" dev="sysfs" ino=57 scontext=u:r:healthd:s0 tcontext=u:object_r:sysfs:s0 tclass=file avc: denied { read write } for pid=130 comm="healthd" name="tty0" dev="tmpfs" ino=5677 scontext=u:r:healthd:s0 tcontext=u:object_r:tty_device:s0 tclass=chr_file Change-Id: Iff0609af924b4e5094be7512646140c3baa97549 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ealthd.te
|
115641cf177e6cd1d13c5f2321f73850e4c73d51 |
11-Mar-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
eab85946a52ceed2e7111e71d7aad6c1c93c6fe3 |
11-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow bluetooth users ioctl access to bluetooth unix stream socket. Resolves denials such as: avc: denied { ioctl } for pid=6390 comm="m.wimmcompanion" path="socket:[472596]" dev="sockfs" ino=472596 scontext=u:r:untrusted_app:s0 tcontext=u:r:bluetooth:s0 tclass=unix_stream_socket Change-Id: Idd4fa219fe8674c6e1c40211b3c105d6276cfc5a Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
luetooth.te
|
1c0c0102610352e17c6e680de7a48cea95f6f4d0 |
06-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow system_app to start bugreport and to create /data/anr/traces.txt. Resolves denials such as: avc: denied { set } for property =ctl.bugreport scontext=u:r:system_app:s0 tcontext=u:object_r:ctl_default_prop:s0 tclass=property_service avc: denied { write } for pid=4415 comm=5369676E616C2043617463686572 name="anr" dev="dm-0" ino=358337 scontext=u:r:system_app:s0 tcontext=u:object_r:anr_data_file:s0 tclass=dir avc: denied { add_name } for pid=4415 comm=5369676E616C2043617463686572 name="traces.txt" scontext=u:r:system_app:s0 tcontext=u:object_r:anr_data_file:s0 tclass=dir avc: denied { create } for pid=4415 comm=5369676E616C2043617463686572 name="traces.txt" scontext=u:r:system_app:s0 tcontext=u:object_r:anr_data_file:s0 tclass=file Change-Id: I71d0ede049136d72f28bdc85d52fcefa2f7d128f Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
roperty.te
roperty_contexts
ystem_app.te
|
1c2d90a11cf6012802c03e450155c0a0f27fa3e6 |
11-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am d107abd1: Merge "Remove fsetid from netd." * commit 'd107abd1ba4758db1f6d3c427ba69382007b31ff': Remove fsetid from netd.
|
4e9b943914df9698573d26bbff2968b894f087a1 |
11-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 798668f3: Merge "Generalize rmnet entry for radio properties." * commit '798668f32fccb5ff49753c15a8b742eb43ddfa7e': Generalize rmnet entry for radio properties.
|
2d86bffe20b37d7bcc1122e0e5458affc61c219e |
11-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 77470da9: Merge "Remove compatibility rules for old /data/media type." * commit '77470da9d016dd85f8a31785fce857b2e2a4b30f': Remove compatibility rules for old /data/media type.
|
8891fd8b3368563c05acca965da09bf39763b6da |
11-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 111966d9: Merge "Remove redundant socket rules." * commit '111966d97ed6193ec53558c5b3e784a466f907ef': Remove redundant socket rules.
|
9e56afa368c0e890c4b731c82025301184b58662 |
11-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 60061475: Merge "uncrypt: move into enforcing" * commit '60061475fd15a80102ef7cc9c530ea0aaa5a95e7': uncrypt: move into enforcing
|
139905555fe2306541738653e57f506e21a378db |
11-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 75ac64c3: Merge "Allow reading of /data/security/current symlink." * commit '75ac64c32e8396e6e65e433c6676cd98db64d1e9': Allow reading of /data/security/current symlink.
|
3a45196740cf754956e30e0c76b5a89d4b394214 |
11-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 35102f58: Drop rules for /data/misc/adb legacy type. * commit '35102f584b81e2c38073863a368cd3209cf0a4c8': Drop rules for /data/misc/adb legacy type.
|
88419a5b29eb65e9dff58c302ebf69dc11da6e61 |
10-Mar-2014 |
dcashman <dcashman@google.com> |
am e6b56f2f: am 8a5c3ec2: am 66f25cb1: Add auditallow to revaluate b/10498304 * commit 'e6b56f2f2e7da177a8d780a746126b5e43300b31': Add auditallow to revaluate b/10498304
|
e6b56f2f2e7da177a8d780a746126b5e43300b31 |
10-Mar-2014 |
dcashman <dcashman@google.com> |
am 8a5c3ec2: am 66f25cb1: Add auditallow to revaluate b/10498304 * commit '8a5c3ec25a57df0ee1c1acbd672f338d4b605629': Add auditallow to revaluate b/10498304
|
8a5c3ec25a57df0ee1c1acbd672f338d4b605629 |
10-Mar-2014 |
dcashman <dcashman@google.com> |
am 66f25cb1: Add auditallow to revaluate b/10498304 * commit '66f25cb1af951d2064467b3af9e68bd7bfe01484': Add auditallow to revaluate b/10498304
|
7abbdcda4806460a1605915a2ffca9480f3a2098 |
10-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am fbf5bda5: am 5e4fb827: am 853ffaad: Deduplicate neverallow rules on selinuxfs operations. * commit 'fbf5bda5aabf6de1a186ba5effafc2c4a9927236': Deduplicate neverallow rules on selinuxfs operations.
|
197466327423857b738e7f73a85a04fff6c7e0c4 |
10-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am f23a00f8: am 38e38f26: am 3696da6e: Merge "Move wpa_supplicant.te to wpa.te." * commit 'f23a00f84371c039eb331c51ec228c3d5fb0ede7': Move wpa_supplicant.te to wpa.te.
|
041f8a097cead209a4b66e5bfc3271d984128e7f |
10-Mar-2014 |
Nick Kralevich <nnk@google.com> |
resolved conflicts for merge of de3fb388 to master Change-Id: If7b7f08551f60bd30ce52e39a02ef0fd0d8e16ee
|
66f25cb1af951d2064467b3af9e68bd7bfe01484 |
05-Mar-2014 |
dcashman <dcashman@google.com> |
Add auditallow to revaluate b/10498304 The environment has changed since b/10498304 and it may be the case that some of the changes introduced thereby are no longer necessary. Adding an auditallow will allow us to monitor the effects of removing these changes, without blocking other development. Change-Id: Id4ece1644877c4ba36df3050ac9073ea6320779c
ygote.te
|
fbf5bda5aabf6de1a186ba5effafc2c4a9927236 |
10-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 5e4fb827: am 853ffaad: Deduplicate neverallow rules on selinuxfs operations. * commit '5e4fb827ac4d30487b3b43820e1b88d78373f9c1': Deduplicate neverallow rules on selinuxfs operations.
|
f23a00f84371c039eb331c51ec228c3d5fb0ede7 |
10-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 38e38f26: am 3696da6e: Merge "Move wpa_supplicant.te to wpa.te." * commit '38e38f266a1bb45c18b25c765a7cc7461b8bd32a': Move wpa_supplicant.te to wpa.te.
|
de3fb38820e7c29c13a06944266a5acd23cbe55f |
10-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 3fba8b23: am c34de15a: Merge "Clean up, unify, and deduplicate app domain rules." * commit '3fba8b23a311609ac2098e13ace1138561b2e842': Clean up, unify, and deduplicate app domain rules.
|
5e4fb827ac4d30487b3b43820e1b88d78373f9c1 |
10-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 853ffaad: Deduplicate neverallow rules on selinuxfs operations. * commit '853ffaad323b3e5db14d3f2e4fbe7fa96160ede4': Deduplicate neverallow rules on selinuxfs operations.
|
38e38f266a1bb45c18b25c765a7cc7461b8bd32a |
10-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 3696da6e: Merge "Move wpa_supplicant.te to wpa.te." * commit '3696da6e1491926b0da9010464aa3574af91c3fe': Move wpa_supplicant.te to wpa.te.
|
0b72d0f71d9e10a00f7303e901915353f96afeea |
10-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 7709acde: am 0894af38: am 222c8229: Merge "Address surfaceflinger denials." * commit '7709acdea109573f3a4ef7aa57976cc59e2e1f42': Address surfaceflinger denials.
|
7709acdea109573f3a4ef7aa57976cc59e2e1f42 |
10-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 0894af38: am 222c8229: Merge "Address surfaceflinger denials." * commit '0894af3828c95f26170fafb977f3015b6495c990': Address surfaceflinger denials.
|
3fba8b23a311609ac2098e13ace1138561b2e842 |
10-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am c34de15a: Merge "Clean up, unify, and deduplicate app domain rules." * commit 'c34de15aeab27c7d8d6f5064859ef08069360e83': Clean up, unify, and deduplicate app domain rules.
|
0894af3828c95f26170fafb977f3015b6495c990 |
10-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 222c8229: Merge "Address surfaceflinger denials." * commit '222c82295b1fb4c1a53b23479fc2de15fa960133': Address surfaceflinger denials.
|
853ffaad323b3e5db14d3f2e4fbe7fa96160ede4 |
06-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Deduplicate neverallow rules on selinuxfs operations. We already have neverallow rules for all domains about loading policy, setting enforcing mode, and setting checkreqprot, so we can drop redundant ones from netd and appdomain. Add neverallow rules to domain.te for setbool and setsecparam and exclude them from unconfined to allow fully eliminating separate neverallow rules on the :security class from anything other than domain.te. Change-Id: I0122e23ccb2b243f4c5376893e0c894f01f548fc Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
omain.te
etd.te
nconfined.te
|
3696da6e1491926b0da9010464aa3574af91c3fe |
10-Mar-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Move wpa_supplicant.te to wpa.te."
|
c34de15aeab27c7d8d6f5064859ef08069360e83 |
10-Mar-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Clean up, unify, and deduplicate app domain rules."
|
222c82295b1fb4c1a53b23479fc2de15fa960133 |
10-Mar-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Address surfaceflinger denials."
|
a1d3ef999d8c9159e68caa9c08f2d8ebf0642027 |
10-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am e583b540: am f40392ef: am 2744f2c6: Merge "Allow stat of /system/bin/app_process by zygote." * commit 'e583b5404f295d3f08613959313a9ccb7589cc45': Allow stat of /system/bin/app_process by zygote.
|
e583b5404f295d3f08613959313a9ccb7589cc45 |
10-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am f40392ef: am 2744f2c6: Merge "Allow stat of /system/bin/app_process by zygote." * commit 'f40392ef845db70bde18d05ce8fc1c40e8a5962b': Allow stat of /system/bin/app_process by zygote.
|
eb20417dfd01523c637965e71816b0b46cf48584 |
10-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am bec81b51: am ee1c5e16: am 6f4c3ed6: Merge "Allow all domains to read from socket_device directory." * commit 'bec81b51130e1535fb3da43411f684496fb1e761': Allow all domains to read from socket_device directory.
|
bec81b51130e1535fb3da43411f684496fb1e761 |
10-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am ee1c5e16: am 6f4c3ed6: Merge "Allow all domains to read from socket_device directory." * commit 'ee1c5e1676d70e0bee7c2bcb9f8a0896d7f1c547': Allow all domains to read from socket_device directory.
|
f40392ef845db70bde18d05ce8fc1c40e8a5962b |
10-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 2744f2c6: Merge "Allow stat of /system/bin/app_process by zygote." * commit '2744f2c6589b0ed21682c0313d7196a0f99758c7': Allow stat of /system/bin/app_process by zygote.
|
ee1c5e1676d70e0bee7c2bcb9f8a0896d7f1c547 |
10-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 6f4c3ed6: Merge "Allow all domains to read from socket_device directory." * commit '6f4c3ed6a05bb9a02c7e07624614ae97f5f25230': Allow all domains to read from socket_device directory.
|
126636e8d32c9d583541092f942532f6a1a5321d |
10-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 2a36dff6: Merge "Address SELinux denials with clatd." * commit '2a36dff6768795e2327ce837f9b14c199b3e02a0': Address SELinux denials with clatd.
|
2744f2c6589b0ed21682c0313d7196a0f99758c7 |
10-Mar-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Allow stat of /system/bin/app_process by zygote."
|
6f4c3ed6a05bb9a02c7e07624614ae97f5f25230 |
10-Mar-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Allow all domains to read from socket_device directory."
|
84f598d8756409dadcc3bebfed00d3f228a2eb74 |
10-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am a88af855: Merge "Clarify meaning of untrusted_app and app domain assignment logic." * commit 'a88af8557fef09672186a1fc518f2cd8e6701bfb': Clarify meaning of untrusted_app and app domain assignment logic.
|
2879bb31f45456fd4cf69506a2ed4e6b8efc8e20 |
10-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am d28ac521: Merge "Clarify init_shell, shell, and su domain usage." * commit 'd28ac521c6b3dd692c61d533f361e972e6b4ec5b': Clarify init_shell, shell, and su domain usage.
|
3bfdc6b420bc2fa60a7e8830789fec9820ecbb4d |
10-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow stat of /system/bin/app_process by zygote. This resolves denials such as: type=1400 audit(7803852.559:251): avc: denied { getattr } for pid=5702 comm="main" path="/system/bin/app_process" dev="mmcblk0p25" ino=60 scontext=u:r:zygote:s0 tcontext=u:object_r:zygote_exec:s0 tclass=file (triggered on an art crash seen in recent AOSP master) Rather than just adding this permission individually, just rewrite the existing rule to use the rx_file_perms macro. We already allowed most of these permissions by way of the domain_auto_trans() rule via init_daemon_domain() and the rule for the --invoke-with support. Using macros helps reduce policy fragility/brittleness. Change-Id: Ib7edc17469c47bde9edd89f0e6cf5cd7f90fdb76 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ygote.te
|
244aa02a08a485814448aa2c0a46256b68866ba8 |
05-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Address surfaceflinger denials. Resolves denials such as: avc: denied { call } for pid=257 comm="Binder_2" scontext=u:r:surfaceflinger:s0 tcontext=u:r:adbd:s0 tclass=binder avc: denied { call } for pid=1002 comm="Binder_4" scontext=u:r:surfaceflinger:s0 tcontext=u:r:platform_app:s0 tclass=binder avc: denied { open } for pid=1468 comm="Binder_1" name="cmdline" dev="proc" ino=10222 scontext=u:r:surfaceflinger:s0 tcontext=u:r:mediaserver:s0 tclass=file avc: denied { open } for pid=1275 comm="Binder_5" name="cmdline" dev="proc" ino=38036 scontext=u:r:surfaceflinger:s0 tcontext=u:r:system_app:s0 tclass=file Change-Id: I92147a1636b44a851d0e0e059f70ec8267cecf08 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
urfaceflinger.te
|
8f783d680be7b5998c48b7e7b56e176d3ba7bd7a |
09-Mar-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
1a462c2957fe8d8cca3a70204181321abef12fc6 |
08-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 434dacc6: am 6840cada: am 2a8be3c1: Merge "Allow mediaserver to connect to tee service." * commit '434dacc6ac8d83aaa7c2201bc154849e07c10e25': Allow mediaserver to connect to tee service.
|
e066552582b65c58cde6f7d9b55184a9ebd1d7f8 |
08-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 049348ef: am dffacb23: am 17859404: Address dnsmasq denials. * commit '049348ef1e297e2899db8fdf347fcfaa2123eebf': Address dnsmasq denials.
|
434dacc6ac8d83aaa7c2201bc154849e07c10e25 |
08-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 6840cada: am 2a8be3c1: Merge "Allow mediaserver to connect to tee service." * commit '6840cada8f9de6e6696680c0f64095e1e645df87': Allow mediaserver to connect to tee service.
|
049348ef1e297e2899db8fdf347fcfaa2123eebf |
08-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am dffacb23: am 17859404: Address dnsmasq denials. * commit 'dffacb23d4e1032c44a638051c6ed7d6079fc86e': Address dnsmasq denials.
|
6840cada8f9de6e6696680c0f64095e1e645df87 |
08-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 2a8be3c1: Merge "Allow mediaserver to connect to tee service." * commit '2a8be3c1c5b120ca7bc59efc482208973aee66b9': Allow mediaserver to connect to tee service.
|
dffacb23d4e1032c44a638051c6ed7d6079fc86e |
08-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 17859404: Address dnsmasq denials. * commit '17859404f6a1030488a657c4c406a7b83ea9957c': Address dnsmasq denials.
|
2a8be3c1c5b120ca7bc59efc482208973aee66b9 |
08-Mar-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Allow mediaserver to connect to tee service."
|
3ce61a8d24965eb20f8bd782499b511c92d0e8d0 |
08-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 49d713af: Merge "Ensure that /data/misc/wifi/sockets is always labeled wpa_socket." * commit '49d713af3240123794bfa75a7dc77d6d01697eb1': Ensure that /data/misc/wifi/sockets is always labeled wpa_socket.
|
809d819445a6dd29aaaf67f32f56b89295fd6dae |
08-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 335faf2b: Allow stat of /sys/module/lowmemorykiller files by system_server. * commit '335faf2b9b2d68d02223d1aedecf826bb9597f34': Allow stat of /sys/module/lowmemorykiller files by system_server.
|
817c9861dfc0d24a12e1bd53910e2b8816ad3073 |
07-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am b73d321a: Merge "Create a label for the root block device." * commit 'b73d321ad01bd279e7ed77c4569d35b628da6615': Create a label for the root block device.
|
6273659143615cc532208d2ded6201bc67f1a7fb |
07-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am b8298d72: Merge "Add support for and use new path= specifier in seapp_contexts." * commit 'b8298d7216f6545c19932885dbcd0e97516d6d00': Add support for and use new path= specifier in seapp_contexts.
|
0ce8a137e8bd525769e98d2071cb142fd66b71d8 |
07-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am af99ed85: uncrypt: allow /data/local/tmp on userdebug/eng * commit 'af99ed85d773eb0e136bd89d8a4e9e2c40aec306': uncrypt: allow /data/local/tmp on userdebug/eng
|
b0db712bf048dc634363b658a647b1f1897d8433 |
06-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Clean up, unify, and deduplicate app domain rules. Coalesce a number of allow rules replicated among multiple app domains. Get rid of duplicated rules already covered by domain, appdomain, or platformappdomain rules. Split the platformappdomain rules to their own platformappdomain.te file, document them more fully, and note the inheritance in each of the relevant *_app.te files. Generalize isolated app unix_stream_socket rules to all app domains to resolve denials such as: avc: denied { read write } for pid=11897 comm="Binder_2" path="socket:[203881]" dev="sockfs" ino=203881 scontext=u:r:release_app:s0 tcontext=u:r:untrusted_app:s0 tclass=unix_stream_socket avc: denied { getattr } for pid=11990 comm=4173796E635461736B202334 path="socket:[203881]" dev="sockfs" ino=203881 scontext=u:r:release_app:s0 tcontext=u:r:untrusted_app:s0 tclass=unix_stream_socket avc: denied { getopt } for pid=11990 comm=4173796E635461736B202334 scontext=u:r:release_app:s0 tcontext=u:r:untrusted_app:s0 tclass=unix_stream_socket avc: denied { read write } for pid=6890 comm="Binder_10" path="socket:[205010]" dev="sockfs" ino=205010 scontext=u:r:release_app:s0 tcontext=u:r:media_app:s0 tclass=unix_stream_socket avc: denied { getattr } for pid=11990 comm=4173796E635461736B202334 path="socket:[205010]" dev="sockfs" ino=205010 scontext=u:r:release_app:s0 tcontext=u:r:media_app:s0 tclass=unix_stream_socket avc: denied { getopt } for pid=11990 comm=4173796E635461736B202334 scontext=u:r:release_app:s0 tcontext=u:r:media_app:s0 tclass=unix_stream_socket Change-Id: I770d7d51d498b15447219083739153265d951fe5 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
luetooth.te
solated_app.te
edia_app.te
fc.te
latform_app.te
latformappdomain.te
elease_app.te
hared_app.te
helldomain.te
ystem_app.te
ntrusted_app.te
|
a5ef97a3960daa909132bcb440efb3e2311df739 |
07-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make mtp enforcing. Change-Id: I3b5e605ddcb601ae9958066ea20410dfe4c4bdf3 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
tp.te
|
17859404f6a1030488a657c4c406a7b83ea9957c |
07-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Address dnsmasq denials. Address dnsmasq denials such as: avc: denied { use } for pid=9145 comm="dnsmasq" path="pipe:[29234]" dev="pipefs" ino=29234 scontext=u:r:dnsmasq:s0 tcontext=u:r:netd:s0 tclass=fd avc: denied { read } for pid=9145 comm="dnsmasq" path="pipe:[29234]" dev="pipefs" ino=29234 scontext=u:r:dnsmasq:s0 tcontext=u:r:netd:s0 tclass=fifo_file avc: denied { read write } for pid=9145 comm="dnsmasq" path="socket:[7860]" dev="sockfs" ino=7860 scontext=u:r:dnsmasq:s0 tcontext=u:r:netd:s0 tclass=netlink_kobject_uevent_socket avc: denied { read write } for pid=9145 comm="dnsmasq" path="socket:[8221]" dev="sockfs" ino=8221 scontext=u:r:dnsmasq:s0 tcontext=u:r:netd:s0 tclass=unix_stream_socket avc: denied { read write } for pid=9523 comm="dnsmasq" path="socket:[7860]" dev="sockfs" ino=7860 scontext=u:r:dnsmasq:s0 tcontext=u:r:netd:s0 tclass=netlink_kobject_uevent_socket avc: denied { read write } for pid=9523 comm="dnsmasq" path="socket:[7862]" dev="sockfs" ino=7862 scontext=u:r:dnsmasq:s0 tcontext=u:r:netd:s0 tclass=netlink_route_socket avc: denied { net_raw } for pid=9607 comm="dnsmasq" capability=13 scontext=u:r:dnsmasq:s0 tcontext=u:r:dnsmasq:s0 tclass=capability avc: denied { net_admin } for pid=9607 comm="dnsmasq" capability=12 scontext=u:r:dnsmasq:s0 tcontext=u:r:dnsmasq:s0 tclass=capability Change-Id: I2bd1eaf22879f09df76a073028cc282362eebeee Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
nsmasq.te
|
4445b91e11eac08e1a41ff9b06a0750655ddf2f0 |
07-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 96eeb1ec: initial policy for uncrypt. * commit '96eeb1ecb3980e34a5f9ed1a4afd8ffa6ada0cf0': initial policy for uncrypt.
|
47194d54f605aa7dd0865c7cdafdaf9c6bf7faa9 |
07-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 41f221f4: Merge "Delete unnecessary /data/data entries." * commit '41f221f416ce3368f394c5eb8578358c52755fc4': Delete unnecessary /data/data entries.
|
4b47d9e9bb29e6e7e6cca18f19acc42407c72cba |
07-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am a08cbe1f: Merge "lmkd: add sys_resource" * commit 'a08cbe1fc26d4642be1170637af45b3b0fbe7153': lmkd: add sys_resource
|
b8c3e4aba73bfc7cfa542ce48ac10f7ef8bfbf81 |
07-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 116a20fd: debuggerd: Allow "debug.db.uid" usage * commit '116a20fdb6d9033e82e0c2fd421e054cfbc8c3b3': debuggerd: Allow "debug.db.uid" usage
|
21d1ee97add9d311b567cdef568ba8b8923f06d1 |
07-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am ba3f9b81: Merge "Allow sdcardd to write to sdcard directory and file." * commit 'ba3f9b81da92638e0c99dabc6dc66c493ff56614': Allow sdcardd to write to sdcard directory and file.
|
29dc6b2babe05965ea87ad4afe23297df6b311f7 |
07-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am a475ce7e: Merge "Allow dhcp rawip_socket permissions." * commit 'a475ce7e385548234e3204630d785960347aa59b': Allow dhcp rawip_socket permissions.
|
c797ea0460fa6ce0fd9c201acc97df622b47606f |
07-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make dhcp enforcing. Change-Id: I9355cd9bcbfeb55a7bebe580c0e5764263a5f5ab Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
hcp.te
|
77c9c778e5be8543afa05569479b1410d470a5e6 |
07-Mar-2014 |
Dan Willemsen <dwillemsen@nvidia.com> |
am e55aac2a: Add debuggerd64 entry for 64-bit debuggerd daemon * commit 'e55aac2a5a03585550ce6ca7efc5495a2d8d79fa': Add debuggerd64 entry for 64-bit debuggerd daemon
|
d1045f80969eef619cc5a2b7a69dbaa2fac2599d |
07-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 5fa2a19f: Make lmkd enforcing. * commit '5fa2a19f211240298a6a4b7d019ff4ebf716d525': Make lmkd enforcing.
|
c1dfb663f4aa2b7aa65fd74f8bf5f17cd7c622a8 |
07-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 5467fce6: initial lmkd policy. * commit '5467fce636d0cebb86f3684f7a69d883324384ca': initial lmkd policy.
|
de9ebc2a24acad5c0e49a788e6d3d1f41bb38bbc |
07-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make clatd enforcing. Change-Id: I764086a83d89d5c94c13400cab590933727d261b Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
latd.te
|
70309d7e4cc78be0a335d7118b573e40b17dba51 |
07-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am af21e717: Merge "Make the sdcardd domain enforcing." * commit 'af21e71773e3f0a2726c7bc353ae980bd66a1f15': Make the sdcardd domain enforcing.
|
fada3c794d21e6b40b941a0d1840d378ddc145a1 |
07-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am bfa785af: Merge "Make racoon permissive or unconfined." * commit 'bfa785af27395f9d2e7c1997a160a4c50b5bc1f6': Make racoon permissive or unconfined.
|
ced137fb2224ef320977a3cd041dec14426ed307 |
07-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 9f5241ea: Merge "Remove block device access from unconfined domains." * commit '9f5241ea9357df935c66f8ed9422675e8212b79d': Remove block device access from unconfined domains.
|
2773cb16a4e2fd1af14c46be1500a40a9df00008 |
07-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 00abfd61: Merge "Make ppp permissive or unconfined." * commit '00abfd61a80c42cb72e5a658c25acb9a4da4d349': Make ppp permissive or unconfined.
|
9f12da19193645a5e254a98eb362dfa5f1476bdd |
07-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 9145918d: Merge "Make mtp permissive or unconfined." * commit '9145918ddfd9a646b0f90afab2848d7cd0f9c0b0': Make mtp permissive or unconfined.
|
f6083a7382bfd71d456c92d16530cd3d8a29825d |
07-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am a792bca3: Merge "Make dnsmasq permissive or unconfined." * commit 'a792bca38e6a302fbf5f8d63eedf952e77f32c4d': Make dnsmasq permissive or unconfined.
|
5d74e662ff064e2d1d110ae3414a69fba153fa85 |
07-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 4ba87078: Merge "Update hostapd domain for /data/misc/wifi/sockets label change." * commit '4ba8707874082dd4c3550162ccfba21ad072ff2f': Update hostapd domain for /data/misc/wifi/sockets label change.
|
f22fba5eb8ca9cc980037622b5b3054efef80439 |
07-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am bbfa3522: Merge "Make inputflinger permissive or unconfined." * commit 'bbfa352266a053dd6dd073e417a4d78edd46d28a': Make inputflinger permissive or unconfined.
|
b4b4ebecaa060d8dd1cf44d62faf46bae009428c |
07-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am b5558aac: Merge "Make lmkd permissive or unconfined." * commit 'b5558aac66759b779414f76bf1cf17f977bf2c8a': Make lmkd permissive or unconfined.
|
9485ef077c4e8beabf119a54251ae4eb410ef0ca |
07-Mar-2014 |
Dave Platt <dplatt@google.com> |
am d20c0c23: Merge "Finish fixing Zygote descriptor leakage problem" * commit 'd20c0c23cb3a4a15b51e4b62788b49df2ec65968': Finish fixing Zygote descriptor leakage problem
|
872a7aecace9970a7be1774db17155d52e2b02a5 |
07-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 5487ca00: Remove several superuser capabilities from unconfined domains. * commit '5487ca00d4788de367a9d099714f6df4d86ef261': Remove several superuser capabilities from unconfined domains.
|
aae9f92b9ce8929ddb7b96f92cf830009170a84a |
07-Mar-2014 |
Daniel Cashman <dcashman@google.com> |
am 3db328fd: Merge "Make clatd permissive or unconfined." * commit '3db328fd2c7d6b396a4a2f6204841a26d7783939': Make clatd permissive or unconfined.
|
4b3b75e8eb9d0340c1cd34258dc9c5efc2d99f95 |
07-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am b081cc1e: Remove mount-related permissions from unconfined domains. * commit 'b081cc1e050843ecb7dff687f780787ad05d6143': Remove mount-related permissions from unconfined domains.
|
44e4b6d308acaa40fe7bb3b56d275bebe8374740 |
07-Mar-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
am 48b18832: Introduce asec_public_file type. * commit '48b18832c476f0bd8fcb8ee3e308258392f36aaf': Introduce asec_public_file type.
|
29ec6ef117e5ed5af75298215ba24fac5b718ed4 |
07-Mar-2014 |
rpcraig <rpcraig@tycho.ncsc.mil> |
am e21871c8: Address screenrecord denials. * commit 'e21871c8b7250f5dfc746298ab170a869e6be94d': Address screenrecord denials.
|
bef2bf4fb9730c4c1e44cf887384aec292523be9 |
07-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 629c98c2: Fix NFC image transfer * commit '629c98c211580999fe000d337a4cbcf38dc4395e': Fix NFC image transfer
|
96fe6161a82658ee0c3d055fda0315558d453c52 |
07-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 10baf47c: Merge "Revert "Move tlcd_sock policy over to manta."" * commit '10baf47c1d8e2879854e38f4be4128656f618662': Revert "Move tlcd_sock policy over to manta."
|
22d7fd4df33563a293cb4f9e0e50c992f2631be3 |
07-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 94e06523: Merge "Add file_contexts entries for socket files." * commit '94e065236bb95bcc15e3b52cef46cfc5ba26202c': Add file_contexts entries for socket files.
|
31e49026e452747a7c599799ec291f2efcfdd761 |
07-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 8cd400d3: Move tlcd_sock policy over to manta. * commit '8cd400d3c4a5a9eb9bd8b0392260200bd23e6548': Move tlcd_sock policy over to manta.
|
a375df4b2cf96cb25734ae63796a5a95c3d42a49 |
07-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am ba1a7315: allow wpa_cli to work. * commit 'ba1a73156b262806e656b75101349d2e6e16a471': allow wpa_cli to work.
|
4a685d228f116858ea0bd7cc192bb3e12d5bbba6 |
07-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 418e2abd: Label /data/misc/wifi/sockets with wpa_socket. * commit '418e2abd39a3c86c4f8c7fcac93a1a7beea7a092': Label /data/misc/wifi/sockets with wpa_socket.
|
f2de2fcc6a302b0c3e773f66b5e4a186e39e7080 |
07-Mar-2014 |
Mark Salyzyn <salyzyn@google.com> |
am 8ed750e9: sepolicy: Add write_logd, read_logd & control_logd * commit '8ed750e9731e6e3a21785e91e9b1cf7390c16738': sepolicy: Add write_logd, read_logd & control_logd
|
4ac09d50e3e8f6ffc3deee0a4e83615338864812 |
07-Mar-2014 |
William Roberts <wroberts@tresys.com> |
am a637b2f2: assert: Do not allow access to generic device:chr_file * commit 'a637b2f21eda997f6d1bcb8f2600a5ee3195785d': assert: Do not allow access to generic device:chr_file
|
83bbe70787a4ed5b3907c0f2d4dd878600a49ca8 |
07-Mar-2014 |
William Roberts <wroberts@tresys.com> |
am d0919ec2: assert: do not allow raw access to generic block_device * commit 'd0919ec25361ffeda3aa44cc2ecaf875f99784c3': assert: do not allow raw access to generic block_device
|
9bbd88880348b9bd52f5f7192221a83a7d92df05 |
07-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am b71dae82: Merge "drmserver: allow looking in efs_file directories" * commit 'b71dae828fea60bbc5cacefc4521dfd97f960868': drmserver: allow looking in efs_file directories
|
3400bc0f62b99b4e1caecefe52470649380c04be |
07-Mar-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
am 9dbd005a: Update README. * commit '9dbd005ad29c9cda0e29cc80ebf40b88ec462210': Update README.
|
a2357278110f42c7dd657ef44d29bd268a2307a5 |
07-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am d4f6c5f0: Merge "Catch nonexistent BOARD_SEPOLICY_UNION policy files." * commit 'd4f6c5f0983e8a6a0dac86b9acbfa70501280614': Catch nonexistent BOARD_SEPOLICY_UNION policy files.
|
259512c67114a1455aaf03a34ffedd31c1996508 |
07-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 8d9ef067: Merge "Remove MAC capabilities from unconfined domains." * commit '8d9ef0679bd5550a8fc0a63efbb6149288c96dce': Remove MAC capabilities from unconfined domains.
|
f734418796584eef2d17bcd4177bc4809c1e69a2 |
07-Mar-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
am 0cbf06fd: Drop the typealias for camera_calibration_file. * commit '0cbf06fde489c2cc536d8a49d747940e90ccb1ed': Drop the typealias for camera_calibration_file.
|
353cf979472f7a6ca0f6ca5cd5c1100c67add6c6 |
06-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 208deb33: Allow dumpstate to run am and shell. * commit '208deb335719280c11ab0e6aa033bfd33629320a': Allow dumpstate to run am and shell.
|
ba745673aaab935b63234d3ad4a870599e31db70 |
06-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow mediaserver to connect to tee service. Resolves denials such as: avc: denied { connectto } for pid=7028 comm="wfd_looper" path=006D636461656D6F6E scontext=u:r:mediaserver:s0 tcontext=u:r:tee:s0 tclass=unix_stream_socket This is a socket in the abstract namespace so no socket file is involved. Change-Id: Ia0e384c08063466cfd0f17af3bccf294c7f9dbbd Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ediaserver.te
|
c18121811c59335b4b59e8ffc52179ad6049640b |
06-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Deduplicate and rationalize system_server /proc/pid access. The system_server has duplicate/overlapping rules regarding /proc/pid access as well as a lack of clarity on the reason for the different rules. Deduplicate the rules and clarify the purpose of different sets of rules. Replace the rules granting /proc/pid access for all domains with specific rules only for domains that we know should be accessible by the system_server, i.e. all apps (appdomain) and the set of native processes listed in com.android.server.Watchdog.NATIVE_STACKS_OF_INTEREST. Change-Id: Idae6fc87e19e1700cdc4bdbde521d35caa046d74 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ystem_server.te
|
d9cec19bb2f14241427411b33ea4205a13a3dbff |
06-Mar-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
Move wpa_supplicant.te to wpa.te. The filename should be the same as the domain with all the .te files. Change-Id: Ib05eb84f881c680eb5bb43a4814cfb038fbff339 Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
pa.te
pa_supplicant.te
|
20feb75b572a21a7a376d6780cc5c1d636cda610 |
06-Mar-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
Allow all domains to read from socket_device directory. This is a world-readable directory anyway and will help to address a small number of new denials. Change-Id: I9e53c89a19da8553cbcbef8295c02ccaaa5d564c Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
omain.te
|
363d3eb87f60fff245946a94b2c4b4bf7f71ed9d |
06-Mar-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
8e39a59ee0eeaa87cb80016efcc68040ebc8e778 |
05-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am aefcc512: am 285496e4: am d9d9d2f4: temp fix for build breakage. * commit 'aefcc512ab303ad3ed84284e60c932a438058a2e': temp fix for build breakage.
|
aefcc512ab303ad3ed84284e60c932a438058a2e |
05-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 285496e4: am d9d9d2f4: temp fix for build breakage. * commit '285496e441277db372b7bc84a5e5175bab2d233d': temp fix for build breakage.
|
0f265d4e55bbdeda9cbfda2147be0a503bf90f86 |
05-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am a287fece: temp fix for build breakage. * commit 'a287fece59982d13c514b7a3f8da6f2a8a7f44eb': temp fix for build breakage.
|
285496e441277db372b7bc84a5e5175bab2d233d |
05-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am d9d9d2f4: temp fix for build breakage. * commit 'd9d9d2f4170b96a674c8222287bbe4cddfc8de3a': temp fix for build breakage.
|
6aa3d9420f0d78376a1c7b2e4d270e2ad60765fa |
05-Mar-2014 |
Nick Kralevich <nnk@google.com> |
temp fix for build breakage. libsepol.check_assertion_helper: neverallow on line 8857 violated by allow system_server sdcard_external:file { ioctl read write getattr lock append open }; Error while expanding policy make: *** [out/target/product/manta/obj/ETC/sepolicy_intermediates/sepolicy] Error 1 (cherry picked from commit d9d9d2f4170b96a674c8222287bbe4cddfc8de3a) Change-Id: Ibe17923de810b4d55391fe3eecfc239fbdd44f87
ystem_server.te
|
a287fece59982d13c514b7a3f8da6f2a8a7f44eb |
05-Mar-2014 |
Nick Kralevich <nnk@google.com> |
temp fix for build breakage. libsepol.check_assertion_helper: neverallow on line 8857 violated by allow system_server sdcard_external:file { ioctl read write getattr lock append open }; Error while expanding policy make: *** [out/target/product/manta/obj/ETC/sepolicy_intermediates/sepolicy] Error 1 (cherry picked from commit d9d9d2f4170b96a674c8222287bbe4cddfc8de3a) Change-Id: Ic9fa0cae35128ff898d34928f01162ec054624d1
ystem_server.te
|
d9d9d2f4170b96a674c8222287bbe4cddfc8de3a |
05-Mar-2014 |
Nick Kralevich <nnk@google.com> |
temp fix for build breakage. libsepol.check_assertion_helper: neverallow on line 8857 violated by allow system_server sdcard_external:file { ioctl read write getattr lock append open }; Error while expanding policy make: *** [out/target/product/manta/obj/ETC/sepolicy_intermediates/sepolicy] Error 1 Change-Id: I181707ed66bad3db56f9084b3d9ba161d13b34bd
ystem_server.te
|
e19a808ce1ed7094092fc4c44f999911deefffdb |
05-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am e6bcaf77: am d331e00b: Do not allow system_server to access SDcard files. * commit 'e6bcaf77089a5c83196cdae3effa1c07fcd31b6b': Do not allow system_server to access SDcard files.
|
e6bcaf77089a5c83196cdae3effa1c07fcd31b6b |
05-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am d331e00b: Do not allow system_server to access SDcard files. * commit 'd331e00bd8101b5ab63e08822cdad7a223c2a5dd': Do not allow system_server to access SDcard files.
|
d331e00bd8101b5ab63e08822cdad7a223c2a5dd |
05-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Do not allow system_server to access SDcard files. As per: https://android-review.googlesource.com/#/c/84130/3/system_server.te@240 it is unsafe to allow such access. Add a neverallow rule to prohibit any rules on sdcard_type in the future. Change-Id: Ife714b65b07144eb6228a048a55ba82181595213 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ystem_server.te
|
8c8c3002793e3c87d000588e7dcff540abb5c392 |
05-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 1bbe00f5: am 3dad7b61: Address system_server denials. * commit '1bbe00f508594c95ad9e5d8ce35e99637503c399': Address system_server denials.
|
59694136ec06d0fb8b35664091a4d821033c69e6 |
05-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 1610f1d2: am 23a52e6b: allow lmkd to kill processes. * commit '1610f1d227598ec97fac763ee0569a3a73c2fa6e': allow lmkd to kill processes.
|
1bbe00f508594c95ad9e5d8ce35e99637503c399 |
05-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 3dad7b61: Address system_server denials. * commit '3dad7b611a448fa43a678ff760c23a00f387947e': Address system_server denials.
|
1610f1d227598ec97fac763ee0569a3a73c2fa6e |
05-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am 23a52e6b: allow lmkd to kill processes. * commit '23a52e6b3028c89727b4fb60704401ed863641cd': allow lmkd to kill processes.
|
3dad7b611a448fa43a678ff760c23a00f387947e |
05-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Address system_server denials. Label /proc/sysrq-trigger and allow access. Label /dev/socket/mtpd and allow access. Resolves denials such as: avc: denied { getattr } for pid=12114 comm="Binder_2" path="socket:[219779]" dev="sockfs" ino=219779 scontext=u:r:untrusted_app:s0 tcontext=u:r:system_server:s0 tclass=tcp_socket avc: denied { call } for pid=1007 comm="Binder_8" scontext=u:r:system_server:s0 tcontext=u:r:su:s0 tclass=binder avc: denied { write } for pid=1024 comm="watchdog" name="sysrq-trigger" dev="proc" ino=4026533682 scontext=u:r:system_server:s0 tcontext=u:object_r:proc:s0 tclass=file avc: denied { write } for pid=11567 comm="LegacyVpnRunner" name="mtpd" dev="tmpfs" ino=36627 scontext=u:r:system_server:s0 tcontext=u:object_r:socket_device:s0 tclass=sock_file avc: denied { ptrace } for pid=10924 comm=5369676E616C2043617463686572 scontext=u:r:system_server:s0 tcontext=u:r:system_server:s0 tclass=process avc: denied { sigkill } for pid=26077 comm="NativeCrashRepo" scontext=u:r:system_server:s0 tcontext=u:r:zygote:s0 tclass=process avc: denied { write } for pid=1024 comm="android.bg" scontext=u:r:system_server:s0 tcontext=u:r:system_server:s0 tclass=netlink_socket avc: denied { getattr } for pid=473 comm="FinalizerDaemon" path="socket:[11467]" dev="sockfs" ino=11467 scontext=u:r:system_server:s0 tcontext=u:r:mediaserver:s0 tclass=tcp_socket avc: denied { getattr } for pid=473 comm="FinalizerDaemon" path="socket:[12076]" dev="sockfs" ino=12076 scontext=u:r:system_server:s0 tcontext=u:r:mediaserv er:s0 tclass=udp_socket avc: denied { getopt } for pid=473 comm="FinalizerDaemon" laddr=192.168.159.172 lport=51576 faddr=93.127.173.40 fport=554 scontext=u:r:system_server:s0 tcontext=u:r:mediaserver:s0 tclass=tcp_socket avc: denied { getopt } for pid=473 comm="FinalizerDaemon" lport=15658 scontext=u:r:system_server:s0 tcontext=u:r:mediaserver:s0 tclass=udp_socket avc: denied { read write } for pid=21384 comm="rtsp" path="socket:[443742]" dev="sockfs" ino=443742 scontext=u:r:system_server:s0 tcontext=u:r:mediaserver:s 0 tclass=tcp_socket avc: denied { read write } for pid=21384 comm="rtsp" path="socket:[444842]" dev="sockfs" ino=444842 scontext=u:r:system_server:s0 tcontext=u:r:mediaserver:s0 tclass=udp_socket avc: denied { setopt } for pid=1326 comm="Binder_9" lport=16216 scontext=u:r:system_server:s0 tcontext=u:r:mediaserver:s0 tclass=udp_socket avc: denied { setopt } for pid=1676 comm="Binder_6" laddr=192.168.156.130 lport=51044 faddr=74.125.214.81 fport=554 scontext=u:r:system_server:s0 tcontext=u:r:mediaserver:s0 tclass=tcp_socket avc: denied { getattr } for pid=10915 comm="system_server" path="/dev/mdm" dev="tmpfs" ino=7484 scontext=u:r:system_server:s0 tcontext=u:object_r:radio_device:s0 tclass=chr_file avc: denied { read } for pid=10915 comm="system_server" name="mdm" dev="tmpfs" ino=7484 scontext=u:r:system_server:s0 tcontext=u:object_r:radio_device:s0 tclass=chr_file avc: denied { unlink } for pid=14866 comm="system_server" name="wallpaper" dev="mmcblk0p9" ino=285715 scontext=u:r:system_server:s0 tcontext=u:object_r:wallpaper_file:s0 tclass=file avc: denied { getattr } for pid=12114 comm="Binder_2" path="socket:[219779]" dev="sockfs" ino=219779 scontext=u:r:untrusted_app:s0 tcontext=u:r:system_server:s0 tclass=tcp_socket avc: denied { getopt } for pid=32300 comm="Binder_1" laddr=::ffff:127.0.0.1 lport=4939 faddr=::ffff:127.0.0.1 fport=53318 scontext=u:r:untrusted_app:s0 tcontext=u:r:system_server:s0 tclass=tcp_socket avc: denied { read write } for pid=10840 comm="pool-17-thread-" path="socket:[205990]" dev="sockfs" ino=205990 scontext=u:r:untrusted_app:s0 tcontext=u:r:system_server:s0 tclass=tcp_socket avc: denied { write } for pid=20817 comm="dumpsys" path="/mnt/shell/emulated/0/aupt-output/bugreport-2014-02-22-11-17-16.txt.tmp" dev="fuse" ino=3100784040 scontext=u:r:system_server:s0 tcontext=u:object_r:sdcard_internal:s0 tclass=file Change-Id: I481ac26667b487031a5d3317b0a028a027a8e641 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
omain.te
ile.te
ile_contexts
enfs_contexts
ystem_server.te
|
979e49158174a202e3bcb2d213bc4149383723e2 |
05-Mar-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
23a52e6b3028c89727b4fb60704401ed863641cd |
05-Mar-2014 |
Nick Kralevich <nnk@google.com> |
allow lmkd to kill processes. The previous patch wasn't sufficient. Allow the kill signal. Addresses the following denial: <5>[ 775.819223] type=1400 audit(1393978653.489:18): avc: denied { sigkill } for pid=118 comm="lmkd" scontext=u:r:lmkd:s0 tcontext=u:r:untrusted_app:s0 tclass=process Bug: 13084787 Change-Id: I6af1ed4343b590049809a59e4f2797f6049f12e4
mkd.te
|
fbdb110f20bfe17bb99d63bc7fdb57c7b07cbfc7 |
05-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 0dc38a5d: am 2737ceff: Allow stat/read of /data/media files by app domains. * commit '0dc38a5d16d78200d6c46b0ac351cc68e086050c': Allow stat/read of /data/media files by app domains.
|
8fe9198f40943b7601679ed4220c8c56c1dc4cee |
05-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 66a11323: am f8c96056: Allow getopt / getattr to bluetooth unix_stream_socket. * commit '66a1132316b45431d724c6e81b7edae0cda1f1b2': Allow getopt / getattr to bluetooth unix_stream_socket.
|
0dc38a5d16d78200d6c46b0ac351cc68e086050c |
05-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 2737ceff: Allow stat/read of /data/media files by app domains. * commit '2737ceff233a32be67ebc6e3dba6e80b8df6df0a': Allow stat/read of /data/media files by app domains.
|
66a1132316b45431d724c6e81b7edae0cda1f1b2 |
05-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am f8c96056: Allow getopt / getattr to bluetooth unix_stream_socket. * commit 'f8c96056cd5f639ed8412285cdb6a13e14abd42e': Allow getopt / getattr to bluetooth unix_stream_socket.
|
1a920ee21a72b827d8ec28d01e6981ba815de4df |
04-Mar-2014 |
dcashman <dcashman@google.com> |
am 3ee16eac: resolved conflicts for merge of 320e0ec7 to klp-modular-dev-plus-aosp * commit '3ee16eaceaac8d4b9753bb5713ddfdc3f820f68c': allow wpa_cli to work. Label /data/misc/wifi/sockets with wpa_socket.
|
3ee16eaceaac8d4b9753bb5713ddfdc3f820f68c |
04-Mar-2014 |
dcashman <dcashman@google.com> |
resolved conflicts for merge of 320e0ec7 to klp-modular-dev-plus-aosp Change-Id: I2863a0c6150eaa7f6c9ce543e3ad940ffb762af4
|
f8c96056cd5f639ed8412285cdb6a13e14abd42e |
04-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow getopt / getattr to bluetooth unix_stream_socket. Resolve denials such as: avc: denied { getattr } for pid=16226 comm="Thread-2096" path="socket:[414657]" dev="sockfs" ino=414657 scontext=u:r:untrusted_app:s0 tcontext=u:r:bluetooth:s0 tclass=unix_stream_socket avc: denied { getopt } for pid=5890 comm="FinalizerDaemon" scontext=u:r:untrusted_app:s0 tcontext=u:r:bluetooth:s0 tclass=unix_stream_socket (cherry picked from commit 495e9d12b97cfaf3d6efb007b7b68217c2b94ba8) Change-Id: Ie38979416b36b4452375d58baff46f14b78f1bad Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
luetooth.te
|
80c1cda03fafe27efed3626960d86dc27de96148 |
04-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 6bd80b62: am 495e9d12: Allow getopt / getattr to bluetooth unix_stream_socket. * commit '6bd80b622a47c63f6c5a2af9543c20afc7c39ace': Allow getopt / getattr to bluetooth unix_stream_socket.
|
2737ceff233a32be67ebc6e3dba6e80b8df6df0a |
04-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow stat/read of /data/media files by app domains. Resolves denials such as: avc: denied { read } for pid=23862 comm="Binder_4" path="/data/media/0/DCIM/.thumbnails/1390499643135.jpg" dev="mmcblk0p28" ino=171695 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file avc: denied { getattr } for pid=26800 comm="ImageLoader" path="/data/media/0/DCIM/.thumbnails/1390499643135.jpg" dev="mmcblk0p28" ino=171695 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file Change-Id: I8221359123ecc41ea28e4fcbce4912b42a6510f0 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
luetooth.te
|
6bd80b622a47c63f6c5a2af9543c20afc7c39ace |
04-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 495e9d12: Allow getopt / getattr to bluetooth unix_stream_socket. * commit '495e9d12b97cfaf3d6efb007b7b68217c2b94ba8': Allow getopt / getattr to bluetooth unix_stream_socket.
|
495e9d12b97cfaf3d6efb007b7b68217c2b94ba8 |
04-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow getopt / getattr to bluetooth unix_stream_socket. Resolve denials such as: avc: denied { getattr } for pid=16226 comm="Thread-2096" path="socket:[414657]" dev="sockfs" ino=414657 scontext=u:r:untrusted_app:s0 tcontext=u:r:bluetooth:s0 tclass=unix_stream_socket avc: denied { getopt } for pid=5890 comm="FinalizerDaemon" scontext=u:r:untrusted_app:s0 tcontext=u:r:bluetooth:s0 tclass=unix_stream_socket Change-Id: Iea7790aa4f8e24f3ec0d2c029933a3902333472e Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
luetooth.te
|
320e0ec7ec510c125a17b90e0f31bf0581494dad |
04-Mar-2014 |
Daniel Cashman <dcashman@google.com> |
Merge changes I03170acc,I9e35cc93 into klp-modular-dev * changes: allow wpa_cli to work. Label /data/misc/wifi/sockets with wpa_socket.
|
d362fb961a57332cf58d1d7f1b37db3e3ee3d5c9 |
04-Mar-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
a704731c7f88cba673b6053620caa4ee62e5905d |
04-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 5af14e18: am 28afdd92: Deduplicate binder_call rules. * commit '5af14e189f99654164b166b8dba416b84e03d1f1': Deduplicate binder_call rules.
|
5af14e189f99654164b166b8dba416b84e03d1f1 |
03-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 28afdd92: Deduplicate binder_call rules. * commit '28afdd9234236d0b3c510f28255aa14625d11457': Deduplicate binder_call rules.
|
28afdd9234236d0b3c510f28255aa14625d11457 |
26-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Deduplicate binder_call rules. A number of binder_call rules are duplicated by other rules written in terms of attributes/sets (e.g. appdomain, binderservicedomain). Get rid of the duplicates. Also use binder_use() in racoon.te rather than manually writing the base rule for communicating with the servicemanager. Change-Id: I5a459cc2154b1466bcde6eccef253dfcdcb44e0a Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
acoon.te
ystem_app.te
ystem_server.te
|
e9d38fcad94e6c6a4777c4e3938e9e33aeb50339 |
03-Mar-2014 |
Nick Kralevich <nnk@google.com> |
am fa2fb419: resolved conflicts for merge of d6fb7ac1 to klp-modular-dev-plus-aosp * commit 'fa2fb41918b3ca8e0647ea67c56a240ecf83436a': Introduce asec_public_file type.
|
fa2fb41918b3ca8e0647ea67c56a240ecf83436a |
03-Mar-2014 |
Nick Kralevich <nnk@google.com> |
resolved conflicts for merge of d6fb7ac1 to klp-modular-dev-plus-aosp Change-Id: Ib957b4e134ba6235b79938ed57252ded5b0a4375
|
d6fb7ac1e2fc73804efa6138ead5be2a6dc4e4b2 |
04-Feb-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
Introduce asec_public_file type. This new type will allow us to write finer-grained policy concerning asec containers. Some files of these containers need to be world readable. Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil> (cherry picked from commit 48b18832c476f0bd8fcb8ee3e308258392f36aaf) Change-Id: Ic75095397a11ad715c16a75a7374e9b0d131f3f7
omain.te
rmserver.te
ile.te
ile_contexts
ediaserver.te
hared_app.te
ystem_app.te
ntrusted_app.te
old.te
|
d5aa4c66882cf5af2fe1eec9dfed0ce901f071f4 |
01-Mar-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
d6245809aa1f503e2b588081637b40b86c94ad2f |
28-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am e2315a39: am 63b98b17: restore system_server zygote socket rules * commit 'e2315a393dc9ebca7774135aa21a75a85da66ca2': restore system_server zygote socket rules
|
e2315a393dc9ebca7774135aa21a75a85da66ca2 |
28-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 63b98b17: restore system_server zygote socket rules * commit '63b98b17e41b74a7595dc80e1958550cf6b887d1': restore system_server zygote socket rules
|
740c8c9ceef86710af38f587d2000e1de538b668 |
28-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 3d4f899e: am f197f8ce: Merge "Remove system_server and zygote unlabeled execute access." * commit '3d4f899ecf73b764c79174a06609035b45fba743': Remove system_server and zygote unlabeled execute access.
|
3d4f899ecf73b764c79174a06609035b45fba743 |
28-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am f197f8ce: Merge "Remove system_server and zygote unlabeled execute access." * commit 'f197f8ce4a117e4134204a82d178d8d9ee753d3b': Remove system_server and zygote unlabeled execute access.
|
63b98b17e41b74a7595dc80e1958550cf6b887d1 |
26-Feb-2014 |
Nick Kralevich <nnk@google.com> |
restore system_server zygote socket rules 1601132086b054adc70e7f8f38ed24574c90bc37 removed the getattr/getopt support for system_server, which is needed to close the zygote socket. See b/12061011 for details. system_server still needs this rule, and it's expected to stay permanently. Restore the rule and remove the comment about it eventually being deleted. Addresses the following denials: <5>[ 86.307639] type=1400 audit(1393376281.530:5): avc: denied { getattr } for pid=656 comm="main" path="socket:[7195]" dev=sockfs ino=7195 scontext=u:r:system_server:s0 tcontext=u:r:zygote:s0 tclass=unix_stream_socket <5>[ 86.307945] type=1400 audit(1393376281.530:6): avc: denied { getopt } for pid=656 comm="main" path="/dev/socket/zygote" scontext=u:r:system_server:s0 tcontext=u:r:zygote:s0 tclass=unix_stream_socket Bug: 12114500 Change-Id: I47033766dea3ba2fdaa8ce9b4251370bd64aea6d
ystem_server.te
|
f197f8ce4a117e4134204a82d178d8d9ee753d3b |
28-Feb-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Remove system_server and zygote unlabeled execute access."
|
673acce95615ff030e80118387a2806ad42b7c74 |
25-Jan-2014 |
Nick Kralevich <nnk@google.com> |
allow wpa_cli to work. With wpa_supplicant in enforcing, wpa_cli doesn't work. Denial: type=1400 audit(1390597866.260:59): avc: denied { write } for pid=3410 comm="wpa_supplicant" name="wpa_ctrl_4852-1" dev="mmcblk0p28" ino=618993 scontext=u:r:wpa:s0 tcontext=u:object_r:wifi_data_file:s0 tclass=sock_file After I9e35cc93abf89ce3594860aa3193f84a3b42ea6e and I51b09c5e40946673a38732ea9f601b2d047d3b62, the /data/misc/wifi/sockets directory is labeled properly. This change allows the communication between the su domain and wpa. Steps to reproduce: Start wifi (so wpa_supplicant will run) Start wpa_cli - it will hand $ adb root $ adb shell # wpa_cli -g @android:wpa_wlan0 Bug: 12721629 Change-Id: I03170acc155ad122c5197baaf590d17fc1ace6a5
pa_supplicant.te
|
788578be3e54ff6f940688578819c7761af47c1b |
28-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am b049bade: am b19a191a: Merge "Give lmkd kill capability" * commit 'b049badef81101b56262f2a8393a950b307e7665': Give lmkd kill capability
|
b049badef81101b56262f2a8393a950b307e7665 |
28-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am b19a191a: Merge "Give lmkd kill capability" * commit 'b19a191af6d5cc6567739c0536a9519e16aa45f4': Give lmkd kill capability
|
b19a191af6d5cc6567739c0536a9519e16aa45f4 |
28-Feb-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Give lmkd kill capability"
|
ef220cba6d77d83dc4f359ebfb44082a634382ed |
28-Feb-2014 |
Nick Kralevich <nnk@google.com> |
uncrypt: allow /dev/block directory access. Uncrypt needs search in /dev/block to open block devices. Allow it. Addresses the following denial: [11105.601711] type=1400 audit(1393550350.528:30): avc: denied { search } for pid=14597 comm="uncrypt" name="block" dev="tmpfs" ino=7200 scontext=u:r:uncrypt:s0 tcontext=u:object_r:block_device:s0 tclass=dir Change-Id: I4592784135a04ff5bff2715e1250661744f12aa1
ncrypt.te
|
1d9b064ae40379f0b4b019fd966e211b024b8332 |
28-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am c3064c58: am 0a5f561c: uncrypt: allow /dev/block directory access. * commit 'c3064c58e20d2cb386aa7816815e010b92aa6fad': uncrypt: allow /dev/block directory access.
|
c3064c58e20d2cb386aa7816815e010b92aa6fad |
28-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 0a5f561c: uncrypt: allow /dev/block directory access. * commit '0a5f561c673a6a781bc2f11ac60d6613c648770c': uncrypt: allow /dev/block directory access.
|
0a5f561c673a6a781bc2f11ac60d6613c648770c |
28-Feb-2014 |
Nick Kralevich <nnk@google.com> |
uncrypt: allow /dev/block directory access. Uncrypt needs search in /dev/block to open block devices. Allow it. Addresses the following denial: [11105.601711] type=1400 audit(1393550350.528:30): avc: denied { search } for pid=14597 comm="uncrypt" name="block" dev="tmpfs" ino=7200 scontext=u:r:uncrypt:s0 tcontext=u:object_r:block_device:s0 tclass=dir Change-Id: I4592784135a04ff5bff2715e1250661744f12aa1
ncrypt.te
|
23c65b5cef50aa24a5b9d7cf2d2ca8e909119cc4 |
29-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Label /data/misc/wifi/sockets with wpa_socket. This will ensure that any sockets created in this directory will default to wpa_socket unless a type_transition is defined. Define a type transition for system_server to keep its separate system_wpa_socket type assigned for its socket. Allow wpa to create and unlink sockets in the directory. We leave the already existing rules for wifi_data_file in place for compatibility with existing devices that have wifi_data_file on /data/misc/wifi/sockets. Change-Id: I9e35cc93abf89ce3594860aa3193f84a3b42ea6e Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ile_contexts
ystem_server.te
pa_supplicant.te
|
24be391681aaebfe7aceca748bbf5d84774cae2f |
28-Feb-2014 |
Nick Kralevich <nnk@google.com> |
Give lmkd kill capability lmkd needs the capability to kill processes. Addresses the following denial: <5>[12619.064604] type=1400 audit(1393540506.745:2565): avc: denied { kill } for pid=116 comm="lmkd" capability=5 scontext=u:r:lmkd:s0 tcontext=u:r:lmkd:s0 tclass=capability Addresses the following errors: 02-27 13:13:50.995 116 116 I lowmemorykiller: Killing 'com.google.android.deskclock' (7133), adj 15 02-27 13:13:50.995 116 116 I lowmemorykiller: to free 33836kB because cache 118512kB is below limit 122880kB for oom_adj 15 02-27 13:13:50.995 116 116 I lowmemorykiller: Free memory is -28472kB below reserved 02-27 13:13:50.995 116 116 E lowmemorykiller: kill(7133): errno=1 Change-Id: I7cca238610307aba9d77aa2e52a32ebd6aec3f3c
mkd.te
|
37afd3f6c337a6914de36ec8658593b523f32e3d |
27-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Remove system_server and zygote unlabeled execute access. Now that all of /data outside of /data/data should be labeled even on legacy devices as a result of Ib8d9751a47c8e0238cf499fcec61898937945d9d, there should be no reason to permit the system_server or zygote execute access to unlabeled files. This is the only remaining case where a type writable by app domains can be executed by system services, so eliminating it is desirable. That said, I have not specifically tested the non-SE to SE upgrade path to confirm that this causes no problems. Change-Id: Ie488bd6e347d4a210806a3308ab25b00952aadb4 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ystem_server.te
ygote.te
|
88134e4a775f537ad4e2cce28f1041c0dec6948d |
26-Feb-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
afbe53c34eb1dd0fee0de1f6870eb27ff8e734a8 |
26-Feb-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
e6852736a4b313f9bb7cd7d32da10dcf66b74af5 |
26-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 872e261a: am 9b3c3661: Add a domain for mdnsd and allow connecting to it. * commit '872e261a762720fcdcdfa9a285d5dc541e7d2a70': Add a domain for mdnsd and allow connecting to it.
|
872e261a762720fcdcdfa9a285d5dc541e7d2a70 |
26-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 9b3c3661: Add a domain for mdnsd and allow connecting to it. * commit '9b3c3661ff6a6f82a24aada7c614a0e116547cef': Add a domain for mdnsd and allow connecting to it.
|
9b3c3661ff6a6f82a24aada7c614a0e116547cef |
24-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Add a domain for mdnsd and allow connecting to it. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> (cherry picked from commit 96ff4c053a238e04373fcc1f11d769418e8ce238) Change-Id: Idfd734f07687925c1f35d2629d4b59d46822d0d4
ile.te
ile_contexts
dnsd.te
et.te
etd.te
|
72b0e372b7113431c2f911dd93bad77fadb58ec8 |
25-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 0fd2bd80: am 0296b943: Move qemud and /dev/qemu policy bits to emulator-specific sepolicy. * commit '0fd2bd8033a2488081283fdf519da92d782e99b2': Move qemud and /dev/qemu policy bits to emulator-specific sepolicy.
|
0fd2bd8033a2488081283fdf519da92d782e99b2 |
25-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 0296b943: Move qemud and /dev/qemu policy bits to emulator-specific sepolicy. * commit '0296b9434f3b933b37f67c143788f87cb80b3325': Move qemud and /dev/qemu policy bits to emulator-specific sepolicy.
|
0296b9434f3b933b37f67c143788f87cb80b3325 |
25-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Move qemud and /dev/qemu policy bits to emulator-specific sepolicy. Change-Id: I620d4aef84a5d4565abb1695db54ce1653612bce Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
dbd.te
evice.te
ile.te
ile_contexts
ediaserver.te
emud.te
ild.te
ystem_server.te
|
854d05abfc4254d5030dc4ac576f2cf85589d482 |
25-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am eb275170: am 2c347e0a: Drop obsolete keystore_socket type and rules. * commit 'eb275170afa88d889b2e8ef8d26bb132762bf568': Drop obsolete keystore_socket type and rules.
|
eb275170afa88d889b2e8ef8d26bb132762bf568 |
25-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 2c347e0a: Drop obsolete keystore_socket type and rules. * commit '2c347e0a3676bb50cac796ca94eb6ab53c08fc87': Drop obsolete keystore_socket type and rules.
|
e3adbb34fd6d0b5291aceb67dbd7c563e9dca35f |
25-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 20b4a3c3: am dc1cedf1: Merge "Clean up socket rules." * commit '20b4a3c3984d1ecb498326f00b35d1e3a1c5e886': Clean up socket rules.
|
20b4a3c3984d1ecb498326f00b35d1e3a1c5e886 |
25-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am dc1cedf1: Merge "Clean up socket rules." * commit 'dc1cedf12c6a6d87c0a46ab27b2f3fd47227df9d': Clean up socket rules.
|
2c347e0a3676bb50cac796ca94eb6ab53c08fc87 |
25-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Drop obsolete keystore_socket type and rules. Change I6dacdc43bcc1a56e47655e37e825ee6a205eb56b switched the keystore to using binder instead of a socket, so this socket type and rules have been unused for a while. The type was only ever assigned to a /dev/socket socket file (tmpfs) so there is no issue with removing the type (no persistent files will have this xattr value). Change-Id: Id584233c58f6276774c3432ea76878aca28d6280 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
ile.te
ile_contexts
ystem_app.te
ystem_server.te
|
dc1cedf12c6a6d87c0a46ab27b2f3fd47227df9d |
25-Feb-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Clean up socket rules."
|
0394da2ab1554ecd51da88425f1399de5be0925d |
25-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 3af21773: am de4ff590: Merge "Drop levelFrom=none from untrusted_app entry." * commit '3af2177325f5214a275c9a46ddd5d2d94652adf7': Drop levelFrom=none from untrusted_app entry.
|
3af2177325f5214a275c9a46ddd5d2d94652adf7 |
25-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am de4ff590: Merge "Drop levelFrom=none from untrusted_app entry." * commit 'de4ff590ea7b5aa9023af171af0531ad7d7ed284': Drop levelFrom=none from untrusted_app entry.
|
de4ff590ea7b5aa9023af171af0531ad7d7ed284 |
25-Feb-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Drop levelFrom=none from untrusted_app entry."
|
53e579e04ef9d72c11e4bf87b38771279755fcd6 |
25-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am d61543a3: am 85708ec4: Resolve overlapping rules between app.te and net.te. * commit 'd61543a36761ce36d5b4da84ff21767f3df0c3db': Resolve overlapping rules between app.te and net.te.
|
1601132086b054adc70e7f8f38ed24574c90bc37 |
24-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Clean up socket rules. Replace * or any permission set containing create with create_socket_perms or create_stream_socket_perms. Add net_domain() to all domains using network sockets and delete rules already covered by domain.te or net.te. For netlink_route_socket, only nlmsg_write needs to be separately granted to specific domains that are permitted to modify the routing table. Clarification: read/write permissions are just ability to perform read/recv() or write/send() on the socket, whereas nlmsg_read/ nlmsg_write permissions control ability to observe or modify the underlying kernel state accessed via the socket. See security/selinux/nlmsgtab.c in the kernel for the mapping of netlink message types to nlmsg_read or nlmsg_write. Delete legacy rule for b/12061011. This change does not touch any rules where only read/write were allowed to a socket created by another domain (inherited across exec or received across socket or binder IPC). We may wish to rewrite some or all of those rules with the rw_socket_perms macro but that is a separate change. Change-Id: Ib0637ab86f6d388043eff928e5d96beb02e5450e Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
luetooth.te
latd.te
hcp.te
nsmasq.te
omain.te
rmserver.te
umpstate.te
ostapd.te
ogd.te
tp.te
et.te
etd.te
pp.te
acoon.te
ild.te
urfaceflinger.te
ystem_server.te
ee.te
eventd.te
old.te
pa_supplicant.te
|
d61543a36761ce36d5b4da84ff21767f3df0c3db |
25-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 85708ec4: Resolve overlapping rules between app.te and net.te. * commit '85708ec4f91fd70b215dc69e00b80e0e7a7d4686': Resolve overlapping rules between app.te and net.te.
|
85708ec4f91fd70b215dc69e00b80e0e7a7d4686 |
24-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Resolve overlapping rules between app.te and net.te. There is some overlap between socket rules in app.te and the net.te rules, but they aren't quite identical since not all app domains presently include the net_domain() macro and because the rules in app.te allow more permissions for netlink_route_socket and allow rawip_socket permissions for ping. The current app.te rules prevent one from ever creating a non-networked app domain. Resolve this overlap by: 1) Adding the missing permissions allowed by app.te to net.te for netlink_route_socket and rawip_socket. 2) Adding net_domain() calls to all existing app domains that do not already have it. 3) Deleting the redundant socket rules from app.te. Then we'll have no effective change in what is allowed for apps but allow one to define app domains in the future that are not allowed network access. Also cleanup net.te to use the create_socket_perms macro rather than * and add macros for stream socket permissions. Change-Id: I6e80d65b0ccbd48bd2b7272c083a4473e2b588a9 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
luetooth.te
lobal_macros
solated_app.te
et.te
fc.te
ystem_app.te
|
f9fbe21eceaa5c86eb067cdfec95534676e291f8 |
25-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 5c5c1878: am 96ff4c05: Add a domain for mdnsd and allow connecting to it. * commit '5c5c18780b9d9f5cfeb4ec42611c06633513156e': Add a domain for mdnsd and allow connecting to it.
|
5c5c18780b9d9f5cfeb4ec42611c06633513156e |
25-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 96ff4c05: Add a domain for mdnsd and allow connecting to it. * commit '96ff4c053a238e04373fcc1f11d769418e8ce238': Add a domain for mdnsd and allow connecting to it.
|
96ff4c053a238e04373fcc1f11d769418e8ce238 |
24-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Add a domain for mdnsd and allow connecting to it. Change-Id: I0a06fa32a46e515671b4e9a6f68e1a3f8b2c21a8 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ile.te
ile_contexts
dnsd.te
et.te
etd.te
|
5074377d5a6b7cfe8b91f49c930f7961f445f3f8 |
25-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 6199b0e9: am d107abd1: Merge "Remove fsetid from netd." * commit '6199b0e9446065c50ef8e77e2406b60dd1a20ca0': Remove fsetid from netd.
|
6199b0e9446065c50ef8e77e2406b60dd1a20ca0 |
25-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am d107abd1: Merge "Remove fsetid from netd." * commit 'd107abd1ba4758db1f6d3c427ba69382007b31ff': Remove fsetid from netd.
|
d107abd1ba4758db1f6d3c427ba69382007b31ff |
25-Feb-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Remove fsetid from netd."
|
d581b812d61ea5ee6a267afe9ae28c0808fc8aa4 |
24-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Remove fsetid from netd. fsetid checks are triggered by chmod on a directory or file owned by a group other than one of the groups assigned to the current process to see if the setgid bit should be cleared, regardless of whether the setgid bit was even set. We do not appear to truly need this capability for netd to operate, so remove it. Potential dontaudit candidate. Change-Id: I5ab4fbaaa056dcd1c7e60ec28632e7bc06f826bf Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
etd.te
|
af2689e202c7f130b17234494914721db6131538 |
25-Feb-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
0637cf02c74cd892d6732e7fb7c8e92f1378645f |
25-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 7dacf1dd: am 798668f3: Merge "Generalize rmnet entry for radio properties." * commit '7dacf1ddac90db7218d1d8b2cbfed04acb6ed615': Generalize rmnet entry for radio properties.
|
7dacf1ddac90db7218d1d8b2cbfed04acb6ed615 |
25-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 798668f3: Merge "Generalize rmnet entry for radio properties." * commit '798668f32fccb5ff49753c15a8b742eb43ddfa7e': Generalize rmnet entry for radio properties.
|
798668f32fccb5ff49753c15a8b742eb43ddfa7e |
25-Feb-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Generalize rmnet entry for radio properties."
|
c1b6e4a4e0070fa220843ad755efe7e9332072dc |
24-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 6424ed8f: am 77470da9: Merge "Remove compatibility rules for old /data/media type." * commit '6424ed8f2eb3e745b02d95cd64de53d1df6dbfd0': Remove compatibility rules for old /data/media type.
|
1befd5f3b94f427ecff5df8212312fd70a8a0f42 |
24-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 010dd80d: am 111966d9: Merge "Remove redundant socket rules." * commit '010dd80de20b6fbef267bb98b6dc0fb5e11a03e0': Remove redundant socket rules.
|
c50ce13c3aef5afabcaba2523fdd348a554eac3e |
24-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am b5f42263: am 60061475: Merge "uncrypt: move into enforcing" * commit 'b5f42263217264fd7a7f3e6970a8b661457b78c4': uncrypt: move into enforcing
|
6424ed8f2eb3e745b02d95cd64de53d1df6dbfd0 |
24-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 77470da9: Merge "Remove compatibility rules for old /data/media type." * commit '77470da9d016dd85f8a31785fce857b2e2a4b30f': Remove compatibility rules for old /data/media type.
|
010dd80de20b6fbef267bb98b6dc0fb5e11a03e0 |
24-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 111966d9: Merge "Remove redundant socket rules." * commit '111966d97ed6193ec53558c5b3e784a466f907ef': Remove redundant socket rules.
|
77470da9d016dd85f8a31785fce857b2e2a4b30f |
24-Feb-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Remove compatibility rules for old /data/media type."
|
b5f42263217264fd7a7f3e6970a8b661457b78c4 |
24-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 60061475: Merge "uncrypt: move into enforcing" * commit '60061475fd15a80102ef7cc9c530ea0aaa5a95e7': uncrypt: move into enforcing
|
111966d97ed6193ec53558c5b3e784a466f907ef |
24-Feb-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Remove redundant socket rules."
|
60061475fd15a80102ef7cc9c530ea0aaa5a95e7 |
24-Feb-2014 |
Nick Kralevich <nnk@google.com> |
Merge "uncrypt: move into enforcing"
|
f8bb79241271db4c53644d3cb971c3fe258b40c2 |
24-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am cb798d52: am 75ac64c3: Merge "Allow reading of /data/security/current symlink." * commit 'cb798d5240c06088309349b2c7ea7ca01a9495b5': Allow reading of /data/security/current symlink.
|
cb798d5240c06088309349b2c7ea7ca01a9495b5 |
24-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 75ac64c3: Merge "Allow reading of /data/security/current symlink." * commit '75ac64c32e8396e6e65e433c6676cd98db64d1e9': Allow reading of /data/security/current symlink.
|
75ac64c32e8396e6e65e433c6676cd98db64d1e9 |
24-Feb-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Allow reading of /data/security/current symlink."
|
8673468a35e543aa364e8a3dff6380cc74533f7b |
24-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Drop levelFrom=none from untrusted_app entry. In the absence of any levelFrom= specifier, the default is none, so this is unnecessary and conspicuous in contrast to all other entries. It came from switching our default of levelFrom=app to levelFrom=none in AOSP rather than just dropping it. Change-Id: Ia2f8c72200318ef66a1b6d6b6c117f8848441d7f Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
eapp_contexts
|
68deff27429f9031d887ff4d04d478e48c06dabe |
24-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Remove compatibility rules for old /data/media type. These are obsoleted by the restorecon_recursive /data/media call added to the device init*.rc files, e.g. see I4a191d32a46104a68f6644398c152b274c7937a6 for the hammerhead change. If/when Ib8d9751a47c8e0238cf499fcec61898937945d9d is merged, this will also be addressed for all devices by the restorecon_recursive /data call added to the main init.rc file. Change-Id: Idbe2006a66817d6bb284d138a7565dec24dc6745 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
dcardd.te
|
16a66529e43a01c3d7a45d623e5705166a63f0f3 |
24-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Generalize rmnet entry for radio properties. Our policy also has this entry: net.rmnet_usb0. u:object_r:radio_prop:s0 Rather than trying to enumerate all possible variants, just reduce the existing rmnet0 entry to rmnet so that it matches all properties with that prefix. Change-Id: Ic2090ea55282fb219eab54c96fd52da96bb18917 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
roperty_contexts
|
eb89e532824ad1a3f0b88119966a20052979c65c |
24-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 7c350080: am 35102f58: Drop rules for /data/misc/adb legacy type. * commit '7c35008096c636db60ed54ff249e7ccb75f30be1': Drop rules for /data/misc/adb legacy type.
|
7c35008096c636db60ed54ff249e7ccb75f30be1 |
24-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 35102f58: Drop rules for /data/misc/adb legacy type. * commit '35102f584b81e2c38073863a368cd3209cf0a4c8': Drop rules for /data/misc/adb legacy type.
|
f926817875dfabc7698013bead30f5aaf7867bdf |
24-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow reading of /data/security/current symlink. If we are going to allow all domains to search and stat the contents of /data/security, then we should also allow them to read the /data/security/current symlink created by SELinuxPolicyInstallReceiver to the directory containing the current policy update. Change-Id: Ida352ed7ae115723964d2723f1115a87af438013 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
omain.te
|
35102f584b81e2c38073863a368cd3209cf0a4c8 |
24-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Drop rules for /data/misc/adb legacy type. This should be obsoleted by the restorecon in I30e4d2a1ae223a03eadee58a883c79932fff59fe . Change-Id: Iaeacb1b720b4ac754c6b9baa114535adc1494df2 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
dbd.te
|
1eb94035cd6f1671ea74141f57b430f64eaf42e0 |
24-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Remove redundant socket rules. These same permissions are already allowed via net_domain() and the rules in net.te. Change-Id: I4681fb9993258b4ad668333ad7d7102e983b5c2b Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ntrusted_app.te
|
182e2cc70888e3b8096a19d2d320a68569bea88c |
24-Feb-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
8afb47e36fc16b258d060ff8d04d8095d6df4778 |
22-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am f692ee94: am 2a36dff6: Merge "Address SELinux denials with clatd." * commit 'f692ee94c0b64de03b574c752383da40a77b228a': Address SELinux denials with clatd.
|
f692ee94c0b64de03b574c752383da40a77b228a |
22-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 2a36dff6: Merge "Address SELinux denials with clatd." * commit '2a36dff6768795e2327ce837f9b14c199b3e02a0': Address SELinux denials with clatd.
|
2a36dff6768795e2327ce837f9b14c199b3e02a0 |
22-Feb-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Address SELinux denials with clatd."
|
e033cd6f8c016d2647473edff38b4e201f856442 |
22-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am f7c3979a: am a88af855: Merge "Clarify meaning of untrusted_app and app domain assignment logic." * commit 'f7c3979a234e25e836ac814fc8191942cdc05267': Clarify meaning of untrusted_app and app domain assignment logic.
|
7c1af6272efaebec4a95a4c9bb805e202ef0ca4f |
22-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 2ba8d8e9: am d28ac521: Merge "Clarify init_shell, shell, and su domain usage." * commit '2ba8d8e9f9a75607e0a4a1706747c2f2b13be8c6': Clarify init_shell, shell, and su domain usage.
|
5a98304335941e2474fa27e0b516e1b268364570 |
22-Feb-2014 |
Nick Kralevich <nnk@google.com> |
uncrypt: move into enforcing Move the uncrypt domain into SELinux enforcing mode. This will start enforcing SELinux rules; security policy violations will return EPERM. Bug: 13083922 Change-Id: I4805662d8b336e2bfd891237cc916c57179ebf12
ncrypt.te
|
f7c3979a234e25e836ac814fc8191942cdc05267 |
22-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am a88af855: Merge "Clarify meaning of untrusted_app and app domain assignment logic." * commit 'a88af8557fef09672186a1fc518f2cd8e6701bfb': Clarify meaning of untrusted_app and app domain assignment logic.
|
2ba8d8e9f9a75607e0a4a1706747c2f2b13be8c6 |
22-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am d28ac521: Merge "Clarify init_shell, shell, and su domain usage." * commit 'd28ac521c6b3dd692c61d533f361e972e6b4ec5b': Clarify init_shell, shell, and su domain usage.
|
a770ee5b32056b68341589a3686dee716aa629ca |
21-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Address SELinux denials with clatd. <5>[ 216.710405] type=1400 audit(1392934645.702:17): avc: denied { use } for pid=2273 comm="clatd" path="socket:[9368]" dev="sockfs" ino=9368 scontext=u:r:clatd:s0 tcontext=u:r:netd:s0 tclass=fd <5>[ 216.710553] type=1400 audit(1392934645.702:18): avc: denied { read write } for pid=2273 comm="clatd" path="socket:[9368]" dev="sockfs" ino=9368 scontext=u:r:clatd:s0 tcontext=u:r:netd:s0 tclass=netlink_kobject_uevent_socket <5>[ 216.710727] type=1400 audit(1392934645.702:19): avc: denied { read } for pid=2273 comm="clatd" path="pipe:[9369]" dev="pipefs" ino=9369 scontext=u:r:clatd:s0 tcontext=u:r:netd:s0 tclass=fifo_file <5>[ 216.710872] type=1400 audit(1392934645.702:20): avc: denied { read write } for pid=2273 comm="clatd" path="socket:[8214]" dev="sockfs" ino=8214 scontext=u:r:clatd:s0 tcontext=u:r:netd:s0 tclass=unix_stream_socket <5>[ 216.711037] type=1400 audit(1392934645.702:21): avc: denied { write } for pid=2273 comm="clatd" path="pipe:[9369]" dev="pipefs" ino=9369 scontext=u:r:clatd:s0 tcontext=u:r:netd:s0 tclass=fifo_file <5>[ 216.711208] type=1400 audit(1392934645.702:22): avc: denied { read write } for pid=2273 comm="clatd" path="socket:[9370]" dev="sockfs" ino=9370 scontext=u:r:clatd:s0 tcontext=u:r:netd:s0 tclass=netlink_route_socket <5>[ 216.711334] type=1400 audit(1392934645.702:23): avc: denied { read write } for pid=2273 comm="clatd" path="socket:[9372]" dev="sockfs" ino=9372 scontext=u:r:clatd:s0 tcontext=u:r:netd:s0 tclass=netlink_nflog_socket <5>[ 216.711513] type=1400 audit(1392934645.702:24): avc: denied { read write } for pid=2273 comm="clatd" path="socket:[11078]" dev="sockfs" ino=11078 scontext=u:r:clatd:s0 tcontext=u:r:netd:s0 tclass=udp_socket <5>[ 216.713390] type=1400 audit(1392934645.702:25): avc: denied { dac_override } for pid=2273 comm="clatd" capability=1 scontext=u:r:clatd:s0 tcontext=u:r:clatd:s0 tclass=capability <5>[ 216.713528] type=1400 audit(1392934645.702:26): avc: denied { read write } for pid=2273 comm="clatd" name="tun" dev="tmpfs" ino=6127 scontext=u:r:clatd:s0 tcontext=u:object_r:tun_device:s0 tclass=chr_file <5>[ 314.513898] type=1400 audit(1392934743.501:42): avc: denied { setopt } for pid=2273 comm="clatd" scontext=u:r:clatd:s0 tcontext=u:r:clatd:s0 tclass=netlink_route_socket <5>[ 314.514482] type=1400 audit(1392934743.501:43): avc: denied { getattr } for pid=2273 comm="clatd" scontext=u:r:clatd:s0 tcontext=u:r:clatd:s0 tclass=netlink_route_socket <5>[ 314.515196] type=1400 audit(1392934743.501:44): avc: denied { write } for pid=2273 comm="clatd" scontext=u:r:clatd:s0 tcontext=u:r:clatd:s0 tclass=netlink_route_socket <5>[ 314.516077] type=1400 audit(1392934743.501:45): avc: denied { connect } for pid=2273 comm="clatd" scontext=u:r:clatd:s0 tcontext=u:r:clatd:s0 tclass=netlink_route_socket <5>[ 22.257024] type=1400 audit(1393016186.443:12): avc: denied { open } for pid=1934 comm="clatd" name="tun" dev="tmpfs" ino=6117 scontext=u:r:clatd:s0 tcontext=u:object_r:tun_device:s0 tclass=chr_file <5>[ 22.257274] type=1400 audit(1393016186.443:13): avc: denied { net_admin } for pid=1934 comm="clatd" capability=12 scontext=u:r:clatd:s0 tcontext=u:r:clatd:s0 tclass=capability <5>[ 22.257445] type=1400 audit(1393016186.443:14): avc: denied { write } for pid=1934 comm="clatd" name="forwarding" dev="proc" ino=10684 scontext=u:r:clatd:s0 tcontext=u:object_r:proc_net:s0 tclass=file <5>[ 22.257618] type=1400 audit(1393016186.443:15): avc: denied { setgid } for pid=1934 comm="clatd" capability=6 scontext=u:r:clatd:s0 tcontext=u:r:clatd:s0 tclass=capability <5>[ 22.257753] type=1400 audit(1393016186.443:16): avc: denied { setuid } for pid=1934 comm="clatd" capability=7 scontext=u:r:clatd:s0 tcontext=u:r:clatd:s0 tclass=capability <5>[ 22.385005] type=1400 audit(1393016186.573:17): avc: denied { ioctl } for pid=1934 comm="clatd" path="/dev/tun" dev="tmpfs" ino=6117 scontext=u:r:clatd:s0 tcontext=u:object_r:tun_device:s0 tclass=chr_file <5>[ 22.385269] type=1400 audit(1393016186.573:18): avc: denied { create } for pid=1934 comm="clatd" scontext=u:r:clatd:s0 tcontext=u:r:clatd:s0 tclass=tun_socket <5>[ 22.388955] type=1400 audit(1393016186.573:19): avc: denied { nlmsg_write } for pid=1934 comm="clatd" scontext=u:r:clatd:s0 tcontext=u:r:clatd:s0 tclass=netlink_route_socket Change-Id: Ic760597df1aa4b33b3cb6e9a504dbcbd6f5d0116 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
latd.te
|
a88af8557fef09672186a1fc518f2cd8e6701bfb |
21-Feb-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Clarify meaning of untrusted_app and app domain assignment logic."
|
1dc156b7fa9f8ed4dfc39439c6d25ec6e59042f2 |
21-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am f6412f43: am 49d713af: Merge "Ensure that /data/misc/wifi/sockets is always labeled wpa_socket." * commit 'f6412f437c4ac8b05a40ce4437e317ec2e171f0e': Ensure that /data/misc/wifi/sockets is always labeled wpa_socket.
|
d28ac521c6b3dd692c61d533f361e972e6b4ec5b |
21-Feb-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Clarify init_shell, shell, and su domain usage."
|
f6412f437c4ac8b05a40ce4437e317ec2e171f0e |
21-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 49d713af: Merge "Ensure that /data/misc/wifi/sockets is always labeled wpa_socket." * commit '49d713af3240123794bfa75a7dc77d6d01697eb1': Ensure that /data/misc/wifi/sockets is always labeled wpa_socket.
|
49d713af3240123794bfa75a7dc77d6d01697eb1 |
21-Feb-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Ensure that /data/misc/wifi/sockets is always labeled wpa_socket."
|
3a36beaeacb5d086acc1efd382f161844d29e023 |
21-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 012da258: am 335faf2b: Allow stat of /sys/module/lowmemorykiller files by system_server. * commit '012da2586b3feac969e678dca0df9159909c9cbb': Allow stat of /sys/module/lowmemorykiller files by system_server.
|
012da2586b3feac969e678dca0df9159909c9cbb |
21-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 335faf2b: Allow stat of /sys/module/lowmemorykiller files by system_server. * commit '335faf2b9b2d68d02223d1aedecf826bb9597f34': Allow stat of /sys/module/lowmemorykiller files by system_server.
|
b3cb9695c43d3b1353a10d35dd025ad7b9700365 |
21-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Clarify init_shell, shell, and su domain usage. init_shell domain is now only used for shell commands or scripts invoked by init*.rc files, never for an interactive shell. It was being used for console service for a while but console service is now assigned shell domain via seclabel in init.rc. We may want to reconsider the shelldomain rules for init_shell and whether they are still appropriate. shell domain is now used by both adb shell and console service, both of which also run in the shell UID. su domain is now used not only for /system/bin/su but also for adbd and its descendants after an adb root is performed. Change-Id: I502ab98aafab7dafb8920ccaa25e8fde14a8f572 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
nit_shell.te
hell.te
u.te
|
d823f83e5466b53521b098c0865b89c7f12025fa |
21-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Clarify meaning of untrusted_app and app domain assignment logic. The current inline documentation is not entirely accurate and caused user confusion, e.g. see: https://groups.google.com/d/msg/android-security-discuss/javBrPT8ius/C4EVEFUu4ZoJ Try to clarify the meaning of untrusted_app, how app domains are assigned, and how to move other system apps out of untrusted_app into a different domain. Change-Id: I98d344dd078fe9e2738b68636adaabda1f4b3c3a Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ntrusted_app.te
|
335faf2b9b2d68d02223d1aedecf826bb9597f34 |
21-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow stat of /sys/module/lowmemorykiller files by system_server. <5>[ 43.929760] type=1400 audit(6342882.819:16): avc: denied { getattr } for pid=779 comm="system_server" path="/sys/module/lowmemorykiller/parameters/adj" dev="sysfs" ino=6048 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs_lowmemorykiller:s0 tclass=file Change-Id: I48828ca26814c6376c9c71c368f3eff0f7a8f219 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ystem_server.te
|
7ade68d797a83b8f4e5162f523f4caa0f246ff03 |
21-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Ensure that /data/misc/wifi/sockets is always labeled wpa_socket. It appears that wpa_supplicant tries to rmdir /data/misc/wifi/sockets and re-create it at times, so make sure that it remains labeled correctly when re-created in this manner via a name-based type transition rule. Do the same for hostapd as it also has permissions for creating/removing this directory. <5>[83921.800071] type=1400 audit(1392997522.105:26): avc: denied { rmdir } for pid=3055 comm="wpa_supplicant" name="sockets" dev="mmcblk0p28" ino=618957 scontext=u:r:wpa:s0 tcontext=u:object_r:wpa_socket:s0 tclass=dir We no longer need the type_transition for sock_file as it will inherit the type from the parent directory which is set via restorecon_recursive /data/misc/wifi/sockets or via type_transition, so drop it. Change-Id: Iffa61c426783eb03205ba6964c624c6ecea32630 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ostapd.te
pa_supplicant.te
|
0636cf074e0683fc659a792e57a3c8894addbbda |
21-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 8db112ec: am b73d321a: Merge "Create a label for the root block device." * commit '8db112ec4721abdb5ba6fdee1fa1d31f654d23bf': Create a label for the root block device.
|
b976d976014f0137d2c0371fb20507ed491c1b8a |
21-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 033f7679: am b8298d72: Merge "Add support for and use new path= specifier in seapp_contexts." * commit '033f76798c2d3bd91356a0e7b0bbd35f5d347567': Add support for and use new path= specifier in seapp_contexts.
|
86e4b843a635fac92cec65736b706008372bb969 |
21-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 073a2ab3: am af99ed85: uncrypt: allow /data/local/tmp on userdebug/eng * commit '073a2ab39d3c2ee0b0df2fb1bda99a7809e5bdac': uncrypt: allow /data/local/tmp on userdebug/eng
|
7ec4c2ebbc0b9c47333c07faae5a86a85dc236c1 |
20-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 1a4dd8c4: am 96eeb1ec: initial policy for uncrypt. * commit '1a4dd8c45cc650030d7a6bfb0b67d2fa3d813099': initial policy for uncrypt.
|
8db112ec4721abdb5ba6fdee1fa1d31f654d23bf |
20-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am b73d321a: Merge "Create a label for the root block device." * commit 'b73d321ad01bd279e7ed77c4569d35b628da6615': Create a label for the root block device.
|
b73d321ad01bd279e7ed77c4569d35b628da6615 |
20-Feb-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Create a label for the root block device."
|
033f76798c2d3bd91356a0e7b0bbd35f5d347567 |
20-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am b8298d72: Merge "Add support for and use new path= specifier in seapp_contexts." * commit 'b8298d7216f6545c19932885dbcd0e97516d6d00': Add support for and use new path= specifier in seapp_contexts.
|
b8298d7216f6545c19932885dbcd0e97516d6d00 |
20-Feb-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Add support for and use new path= specifier in seapp_contexts."
|
073a2ab39d3c2ee0b0df2fb1bda99a7809e5bdac |
20-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am af99ed85: uncrypt: allow /data/local/tmp on userdebug/eng * commit 'af99ed85d773eb0e136bd89d8a4e9e2c40aec306': uncrypt: allow /data/local/tmp on userdebug/eng
|
af99ed85d773eb0e136bd89d8a4e9e2c40aec306 |
20-Feb-2014 |
Nick Kralevich <nnk@google.com> |
uncrypt: allow /data/local/tmp on userdebug/eng Per https://android-review.googlesource.com/82814 , uncrypt needs to be able to read shell_data_files on userdebug / eng builds. Allow it. Bug: 13083922 Change-Id: I72299673bb5e36be79413227105b5cad006d504f
ncrypt.te
|
1a4dd8c45cc650030d7a6bfb0b67d2fa3d813099 |
20-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 96eeb1ec: initial policy for uncrypt. * commit '96eeb1ecb3980e34a5f9ed1a4afd8ffa6ada0cf0': initial policy for uncrypt.
|
df2b128aa302ab08f29dc331db798075012e14bf |
20-Feb-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
dfef99a4e8294a9099081c162d7af620c0791d5d |
20-Feb-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
Create a label for the root block device. Change-Id: If4de8d3515727c0b2f95c88c1125410d9894a9ba Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
evice.te
|
96eeb1ecb3980e34a5f9ed1a4afd8ffa6ada0cf0 |
19-Feb-2014 |
Nick Kralevich <nnk@google.com> |
initial policy for uncrypt. Add initial support for uncrypt, started via the pre-recovery service in init.rc. On an encrypted device, uncrypt reads an OTA zip file on /data, opens the underlying block device, and writes the unencrypted blocks on top of the encrypted blocks. This allows recovery, which can't normally read encrypted partitions, to reconstruct the OTA image and apply the update as normal. Add an exception to the neverallow rule for sys_rawio. This is needed to support writing to the raw block device. Add an exception to the neverallow rule for unlabeled block devices. The underlying block device for /data varies between devices within the same family (for example, "flo" vs "deb"), and the existing per-device file_context labeling isn't sufficient to cover these differences. Until I can resolve this problem, allow access to any block devices. Bug: 13083922 Change-Id: I7cd4c3493c151e682866fe4645c488b464322379
omain.te
ile_contexts
ncrypt.te
|
3135a4e82f326089ed0258cacc2d34ffa33a045c |
19-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 40cb6cbc: am 41f221f4: Merge "Delete unnecessary /data/data entries." * commit '40cb6cbcd6173a1972ac4277181223c2c3e1cd0f': Delete unnecessary /data/data entries.
|
40cb6cbcd6173a1972ac4277181223c2c3e1cd0f |
19-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 41f221f4: Merge "Delete unnecessary /data/data entries." * commit '41f221f416ce3368f394c5eb8578358c52755fc4': Delete unnecessary /data/data entries.
|
41f221f416ce3368f394c5eb8578358c52755fc4 |
19-Feb-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Delete unnecessary /data/data entries."
|
c30c29452f3e138ef884363db4b5bbe39e36b1b5 |
19-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 2595700e: am a08cbe1f: Merge "lmkd: add sys_resource" * commit '2595700e0f7b81652ad01d4778e0ead73ae5f6bd': lmkd: add sys_resource
|
2595700e0f7b81652ad01d4778e0ead73ae5f6bd |
19-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am a08cbe1f: Merge "lmkd: add sys_resource" * commit 'a08cbe1fc26d4642be1170637af45b3b0fbe7153': lmkd: add sys_resource
|
a08cbe1fc26d4642be1170637af45b3b0fbe7153 |
19-Feb-2014 |
Nick Kralevich <nnk@google.com> |
Merge "lmkd: add sys_resource"
|
1c73a5cd9259f7ccc01d5a31a319ed24cc565ee8 |
19-Feb-2014 |
Nick Kralevich <nnk@google.com> |
lmkd: add sys_resource Addresses the following denial / error: E/lowmemorykiller( 187): Error writing /proc/1148/oom_adj; errno=13 [ 118.264668] type=1400 audit(947231128.209:140): avc: denied { sys_resource } for pid=187 comm="lmkd" capability=24 scontext=u:r:lmkd:s0 tcontext=u:r:lmkd:s0 tclass=capability Change-Id: Ief2a7ead9cdd8a33e3add111ee99f7a29c12a3f2
mkd.te
|
6139de50fdb212d28fe406525dce5246f4a4da36 |
19-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Add support for and use new path= specifier in seapp_contexts. Extend check_seapp to accept the use of the new path= specifier in seapp_contexts and use it to ensure proper labeling of the cache subdirectory of com.android.providers.downloads for restorecon. After this change, restorecon /data/data/com.android.providers.downloads/cache does not change the context, leaving it in download_file rather than relabeling it to platform_app_data_file. Depends on Iddaa3931cfd4ddd5b9f62cd66989e1f26553baa1. Change-Id: Ief65b8c8dcb44ec701d53e0b58c52d6688cc2a14 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
eapp_contexts
ools/check_seapp.c
|
f4c6579b247861ae069ac8152967d913f9b9950f |
19-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Delete unnecessary /data/data entries. /data/data subdirectories are labeled by installd at creation time based on seapp_contexts, not based on file_contexts, so we do not need the /data/data/.* entry, and the wallpaper file was moved from under com.android.settings/files to /data/system/users/N long ago so we can delete the old entry for it. Change-Id: I32af6813ff284e8fe9fd4867df482a642c728755 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ile_contexts
|
03f4a4fa5c962cdb12378d9f44b9182278a5d69f |
19-Feb-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
ee3c2fab0d39ee7acd926288bc96710ee8d07946 |
19-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am fb25037b: am 116a20fd: debuggerd: Allow "debug.db.uid" usage * commit 'fb25037ba66beaa3cdab3d89bf2b2543bf2a6aca': debuggerd: Allow "debug.db.uid" usage
|
fb25037ba66beaa3cdab3d89bf2b2543bf2a6aca |
19-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 116a20fd: debuggerd: Allow "debug.db.uid" usage * commit '116a20fdb6d9033e82e0c2fd421e054cfbc8c3b3': debuggerd: Allow "debug.db.uid" usage
|
116a20fdb6d9033e82e0c2fd421e054cfbc8c3b3 |
06-Feb-2014 |
Nick Kralevich <nnk@google.com> |
debuggerd: Allow "debug.db.uid" usage Allow the use of debug.db.uid on userdebug / eng builds. Setting this property allows debuggerd to suspend a process if it detects a crash. Make debug.db.uid only accessible to the su domain. This should not be used on a user build. Only support reading user input on userdebug / eng builds. Steps to reproduce with the "crasher" program: adb root adb shell setprop debug.db.uid 20000 mmm system/core/debuggerd adb sync adb shell crasher Addresses the following denials: <5>[ 580.637442] type=1400 audit(1392412124.612:149): avc: denied { read } for pid=182 comm="debuggerd" name="input" dev="tmpfs" ino=5665 scontext=u:r:debuggerd:s0 tcontext=u:object_r:input_device:s0 tclass=dir <5>[ 580.637589] type=1400 audit(1392412124.612:150): avc: denied { open } for pid=182 comm="debuggerd" name="input" dev="tmpfs" ino=5665 scontext=u:r:debuggerd:s0 tcontext=u:object_r:input_device:s0 tclass=dir <5>[ 580.637706] type=1400 audit(1392412124.612:151): avc: denied { read write } for pid=182 comm="debuggerd" name="event5" dev="tmpfs" ino=6723 scontext=u:r:debuggerd:s0 tcontext=u:object_r:input_device:s0 tclass=chr_file <5>[ 580.637823] type=1400 audit(1392412124.612:152): avc: denied { open } for pid=182 comm="debuggerd" name="event5" dev="tmpfs" ino=6723 scontext=u:r:debuggerd:s0 tcontext=u:object_r:input_device:s0 tclass=chr_file <5>[ 580.637958] type=1400 audit(1392412124.612:153): avc: denied { ioctl } for pid=182 comm="debuggerd" path="/dev/input/event5" dev="tmpfs" ino=6723 scontext=u:r:debuggerd:s0 tcontext=u:object_r:input_device:s0 tclass=chr_file Bug: 12532622 Change-Id: I63486edb73efb1ca12e9eb1994ac9e389251a3f1
ebuggerd.te
roperty.te
roperty_contexts
u.te
|
bbba8b320b5d930683fecd47aec56d9bb5938ddd |
18-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 8281e787: am ba3f9b81: Merge "Allow sdcardd to write to sdcard directory and file." * commit '8281e7871f67fc35661c65aa9267e18bc9f3f309': Allow sdcardd to write to sdcard directory and file.
|
ac752c7ccff56323b3846eba8db84f7051dead90 |
18-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am b928b021: am a475ce7e: Merge "Allow dhcp rawip_socket permissions." * commit 'b928b021570f6c5c1e5a000e59a0c18f96d451c8': Allow dhcp rawip_socket permissions.
|
8281e7871f67fc35661c65aa9267e18bc9f3f309 |
18-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am ba3f9b81: Merge "Allow sdcardd to write to sdcard directory and file." * commit 'ba3f9b81da92638e0c99dabc6dc66c493ff56614': Allow sdcardd to write to sdcard directory and file.
|
b928b021570f6c5c1e5a000e59a0c18f96d451c8 |
18-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am a475ce7e: Merge "Allow dhcp rawip_socket permissions." * commit 'a475ce7e385548234e3204630d785960347aa59b': Allow dhcp rawip_socket permissions.
|
ba3f9b81da92638e0c99dabc6dc66c493ff56614 |
18-Feb-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Allow sdcardd to write to sdcard directory and file."
|
a475ce7e385548234e3204630d785960347aa59b |
18-Feb-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Allow dhcp rawip_socket permissions."
|
7b52ebf52f0883da58c21a5fd800757e9d9e7285 |
18-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow sdcardd to write to sdcard directory and file. Should resolve b/13060688 - emulator writes to /storage/sdcard failing. Change-Id: I9f00d9dfcd1c4f84c2320628257beca71abf170b Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
dcardd.te
|
2c687fb1d59acbefadcf676603e4570568811f4c |
17-Feb-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
10640d6262b0739aab2aceb8f3f26cf4a9b2324e |
16-Feb-2014 |
Dan Willemsen <dwillemsen@nvidia.com> |
am 75a90175: am e55aac2a: Add debuggerd64 entry for 64-bit debuggerd daemon * commit '75a9017592f0afff8aceb8c6d1aadbfde019be98': Add debuggerd64 entry for 64-bit debuggerd daemon
|
75a9017592f0afff8aceb8c6d1aadbfde019be98 |
16-Feb-2014 |
Dan Willemsen <dwillemsen@nvidia.com> |
am e55aac2a: Add debuggerd64 entry for 64-bit debuggerd daemon * commit 'e55aac2a5a03585550ce6ca7efc5495a2d8d79fa': Add debuggerd64 entry for 64-bit debuggerd daemon
|
e55aac2a5a03585550ce6ca7efc5495a2d8d79fa |
16-Feb-2014 |
Dan Willemsen <dwillemsen@nvidia.com> |
Add debuggerd64 entry for 64-bit debuggerd daemon Change-Id: I4cd33a296de0d0597aa6166aa1be48f1b0b52129
ile_contexts
|
515a76b8962ac25d5d2c2c62d330ccec03f7723a |
15-Feb-2014 |
dcashman <dcashman@google.com> |
Allow dhcp rawip_socket permissions. dhcpcd opens a raw ip socket in ipv6rs_open() to use ICMPv6. This facility should be available for all devices which have a need to use it. Addresses the following denials: <5>[ 42.699877] type=1400 audit(1392332560.306:8): avc: denied { create } for pid=983 comm="dhcpcd" scontext=u:r:dhcp:s0 tcontext=u:r:dhcp:s0 tclass=rawip_socket <5>[ 42.699993] type=1400 audit(1392332560.306:9): avc: denied { setopt } for pid=983 comm="dhcpcd" lport=58 scontext=u:r:dhcp:s0 tcontext=u:r:dhcp:s0 tclass=rawip_socket <5>[ 42.732208] type=1400 audit(1392332560.338:10): avc: denied { write } for pid=983 comm="dhcpcd" lport=58 scontext=u:r:dhcp:s0 tcontext=u:r:dhcp:s0 tclass=rawip_socket Bug: 12473306 Change-Id: Iee57a0cb4c2d2085a24d4b5fb23a5488f0fd3e03
hcp.te
|
840d68dcf65752a2de9494a333e0d94ec3441633 |
15-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 53f881b8: am 5fa2a19f: Make lmkd enforcing. * commit '53f881b8db82e88301dc1e6c742a9944ae929b7c': Make lmkd enforcing.
|
77c744317e455f51122c067ab13be1a64e73ec2e |
15-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 65c9b618: am 5467fce6: initial lmkd policy. * commit '65c9b6187f2cebdf985283070dd5dc6ebaa59ec7': initial lmkd policy.
|
53f881b8db82e88301dc1e6c742a9944ae929b7c |
14-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 5fa2a19f: Make lmkd enforcing. * commit '5fa2a19f211240298a6a4b7d019ff4ebf716d525': Make lmkd enforcing.
|
65c9b6187f2cebdf985283070dd5dc6ebaa59ec7 |
14-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 5467fce6: initial lmkd policy. * commit '5467fce636d0cebb86f3684f7a69d883324384ca': initial lmkd policy.
|
5fa2a19f211240298a6a4b7d019ff4ebf716d525 |
14-Feb-2014 |
Nick Kralevich <nnk@google.com> |
Make lmkd enforcing. Start enforcing SELinux rules for lmkd. Security policy violations will return an error instead of being allowed. Change-Id: I2bad2c2094d93ebbcb8ccc4b7f3369419004a3f0
mkd.te
|
5467fce636d0cebb86f3684f7a69d883324384ca |
13-Feb-2014 |
Nick Kralevich <nnk@google.com> |
initial lmkd policy. * Allow writes to /proc/PID/oom_score_adj * Allow writes to /sys/module/lowmemorykiller/* Addresses the following denials: <5>[ 3.825371] type=1400 audit(9781555.430:5): avc: denied { write } for pid=176 comm="lmkd" name="minfree" dev="sysfs" ino=6056 scontext=u:r:lmkd:s0 tcontext=u:object_r:sysfs:s0 tclass=file <5>[ 48.874747] type=1400 audit(9781600.639:16): avc: denied { search } for pid=176 comm="lmkd" name="896" dev="proc" ino=9589 scontext=u:r:lmkd:s0 tcontext=u:r:system_server:s0 tclass=dir <5>[ 48.874889] type=1400 audit(9781600.639:17): avc: denied { dac_override } for pid=176 comm="lmkd" capability=1 scontext=u:r:lmkd:s0 tcontext=u:r:lmkd:s0 tclass=capability <5>[ 48.874982] type=1400 audit(9781600.639:18): avc: denied { write } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=8942 scontext=u:r:lmkd:s0 tcontext=u:r:system_server:s0 tclass=file <5>[ 48.875075] type=1400 audit(9781600.639:19): avc: denied { open } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=8942 scontext=u:r:lmkd:s0 tcontext=u:r:system_server:s0 tclass=file <5>[ 49.409231] type=1400 audit(9781601.169:20): avc: denied { write } for pid=176 comm="lmkd" name="minfree" dev="sysfs" ino=6056 scontext=u:r:lmkd:s0 tcontext=u:object_r:sysfs:s0 tclass=file <5>[ 209.081990] type=1400 audit(9781760.839:24): avc: denied { search } for pid=176 comm="lmkd" name="1556" dev="proc" ino=10961 scontext=u:r:lmkd:s0 tcontext=u:r:platform_app:s0 tclass=dir <5>[ 209.082240] type=1400 audit(9781760.839:25): avc: denied { write } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=11654 scontext=u:r:lmkd:s0 tcontext=u:r:platform_app:s0 tclass=file <5>[ 209.082498] type=1400 audit(9781760.839:26): avc: denied { open } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=11654 scontext=u:r:lmkd:s0 tcontext=u:r:platform_app:s0 tclass=file <5>[ 209.119673] type=1400 audit(9781760.879:27): avc: denied { search } for pid=176 comm="lmkd" name="1577" dev="proc" ino=12708 scontext=u:r:lmkd:s0 tcontext=u:r:release_app:s0 tclass=dir <5>[ 209.119937] type=1400 audit(9781760.879:28): avc: denied { write } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=11657 scontext=u:r:lmkd:s0 tcontext=u:r:release_app:s0 tclass=file <5>[ 209.120105] type=1400 audit(9781760.879:29): avc: denied { open } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=11657 scontext=u:r:lmkd:s0 tcontext=u:r:release_app:s0 tclass=file <5>[ 209.235597] type=1400 audit(9781760.999:30): avc: denied { search } for pid=176 comm="lmkd" name="1600" dev="proc" ino=11659 scontext=u:r:lmkd:s0 tcontext=u:r:shared_app:s0 tclass=dir <5>[ 209.235798] type=1400 audit(9781760.999:31): avc: denied { write } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=11667 scontext=u:r:lmkd:s0 tcontext=u:r:shared_app:s0 tclass=file <5>[ 209.236006] type=1400 audit(9781760.999:32): avc: denied { open } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=11667 scontext=u:r:lmkd:s0 tcontext=u:r:shared_app:s0 tclass=file <5>[ 214.297283] type=1400 audit(9781766.059:64): avc: denied { write } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=11211 scontext=u:r:lmkd:s0 tcontext=u:r:untrusted_app:s0 tclass=file <5>[ 214.297415] type=1400 audit(9781766.059:65): avc: denied { open } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=11211 scontext=u:r:lmkd:s0 tcontext=u:r:untrusted_app:s0 tclass=file <5>[ 214.355060] type=1400 audit(9781766.119:66): avc: denied { write } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=12907 scontext=u:r:lmkd:s0 tcontext=u:r:system_app:s0 tclass=file <5>[ 214.355236] type=1400 audit(9781766.119:67): avc: denied { open } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=12907 scontext=u:r:lmkd:s0 tcontext=u:r:system_app:s0 tclass=file <5>[ 214.516920] type=1400 audit(9781766.279:68): avc: denied { search } for pid=176 comm="lmkd" name="1907" dev="proc" ino=11742 scontext=u:r:lmkd:s0 tcontext=u:r:media_app:s0 tclass=dir <5>[ 214.678861] type=1400 audit(9781766.439:69): avc: denied { write } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=12915 scontext=u:r:lmkd:s0 tcontext=u:r:media_app:s0 tclass=file <5>[ 214.678992] type=1400 audit(9781766.439:70): avc: denied { open } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=12915 scontext=u:r:lmkd:s0 tcontext=u:r:media_app:s0 tclass=file <5>[ 214.708284] type=1400 audit(9781766.469:71): avc: denied { search } for pid=176 comm="lmkd" name="1765" dev="proc" ino=12851 scontext=u:r:lmkd:s0 tcontext=u:r:shared_app:s0 tclass=dir <5>[ 214.708435] type=1400 audit(9781766.469:72): avc: denied { write } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=12870 scontext=u:r:lmkd:s0 tcontext=u:r:shared_app:s0 tclass=file <5>[ 214.708648] type=1400 audit(9781766.469:73): avc: denied { open } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=12870 scontext=u:r:lmkd:s0 tcontext=u:r:shared_app:s0 tclass=file Change-Id: Ie3c1ab8ce9e77742d0cc3c73f40010afd018ccd4
ile.te
ile_contexts
mkd.te
ystem_server.te
|
37843670b80be06251e2354d988894b2a8f3d813 |
13-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 97ad2f85: am af21e717: Merge "Make the sdcardd domain enforcing." * commit '97ad2f854b4907f14d73676646d9bcbce36399eb': Make the sdcardd domain enforcing.
|
97ad2f854b4907f14d73676646d9bcbce36399eb |
13-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am af21e717: Merge "Make the sdcardd domain enforcing." * commit 'af21e71773e3f0a2726c7bc353ae980bd66a1f15': Make the sdcardd domain enforcing.
|
af21e71773e3f0a2726c7bc353ae980bd66a1f15 |
13-Feb-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Make the sdcardd domain enforcing."
|
5df6c098f45226a5309df617edadeaa5bebc2393 |
13-Feb-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
c2b302a61aae7fd3f507a48b4a4934fee2ec5a49 |
13-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 964901f6: am bfa785af: Merge "Make racoon permissive or unconfined." * commit '964901f60831ef5ba83dc802a1f1fb3a15c584be': Make racoon permissive or unconfined.
|
466334aa33629110eebf6b14460cdae92e70c1fc |
13-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am ccb7f8e0: am 9f5241ea: Merge "Remove block device access from unconfined domains." * commit 'ccb7f8e0d7d0c2cbd493d62f4501bab329ec70ae': Remove block device access from unconfined domains.
|
964901f60831ef5ba83dc802a1f1fb3a15c584be |
13-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am bfa785af: Merge "Make racoon permissive or unconfined." * commit 'bfa785af27395f9d2e7c1997a160a4c50b5bc1f6': Make racoon permissive or unconfined.
|
bfa785af27395f9d2e7c1997a160a4c50b5bc1f6 |
13-Feb-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Make racoon permissive or unconfined."
|
c848a1630a51ec45e7df2d9a9d835ceeccb7fdfa |
13-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 3dff1333: am 00abfd61: Merge "Make ppp permissive or unconfined." * commit '3dff13339d93605a0e001ae3944341b8bf5a819a': Make ppp permissive or unconfined.
|
03368386a3d07046e9cd2224d1e3c28ce1268cc7 |
13-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am a5742299: am 9145918d: Merge "Make mtp permissive or unconfined." * commit 'a57422995ab69d4aa5516fa753e1e03e88bef6f6': Make mtp permissive or unconfined.
|
5749b5789427af42cbb557cf2d4dd6da96c058ef |
13-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am bcb95a8e: am a792bca3: Merge "Make dnsmasq permissive or unconfined." * commit 'bcb95a8eba593155824c2b3aa3c71784ec3aa886': Make dnsmasq permissive or unconfined.
|
0c2f4bda032dce72ee61227f28b8f1a937e329f1 |
13-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am a189a848: am 4ba87078: Merge "Update hostapd domain for /data/misc/wifi/sockets label change." * commit 'a189a8480ade7dc552874e032e27d84dbe3b513b': Update hostapd domain for /data/misc/wifi/sockets label change.
|
ab9b9129e6b343a71f25d30599eee9f9f352dae7 |
13-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 1027a84e: am bbfa3522: Merge "Make inputflinger permissive or unconfined." * commit '1027a84e04dd311158a60ee470fd079997a80dff': Make inputflinger permissive or unconfined.
|
61433ebc8d11c37ffcf70a8c74ba4660299944b3 |
13-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 668da8d8: am b5558aac: Merge "Make lmkd permissive or unconfined." * commit '668da8d8007d7060f7641a7567faf420f087e7e6': Make lmkd permissive or unconfined.
|
a5323493e63cb77f36093c91fd8286f35c11f6d8 |
13-Feb-2014 |
Dave Platt <dplatt@google.com> |
am 060e608b: am d20c0c23: Merge "Finish fixing Zygote descriptor leakage problem" * commit '060e608bbbb20838b82e163f18203631a3a3750e': Finish fixing Zygote descriptor leakage problem
|
ccb7f8e0d7d0c2cbd493d62f4501bab329ec70ae |
13-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 9f5241ea: Merge "Remove block device access from unconfined domains." * commit '9f5241ea9357df935c66f8ed9422675e8212b79d': Remove block device access from unconfined domains.
|
9f5241ea9357df935c66f8ed9422675e8212b79d |
13-Feb-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Remove block device access from unconfined domains."
|
3dff13339d93605a0e001ae3944341b8bf5a819a |
13-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 00abfd61: Merge "Make ppp permissive or unconfined." * commit '00abfd61a80c42cb72e5a658c25acb9a4da4d349': Make ppp permissive or unconfined.
|
a57422995ab69d4aa5516fa753e1e03e88bef6f6 |
13-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 9145918d: Merge "Make mtp permissive or unconfined." * commit '9145918ddfd9a646b0f90afab2848d7cd0f9c0b0': Make mtp permissive or unconfined.
|
bcb95a8eba593155824c2b3aa3c71784ec3aa886 |
13-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am a792bca3: Merge "Make dnsmasq permissive or unconfined." * commit 'a792bca38e6a302fbf5f8d63eedf952e77f32c4d': Make dnsmasq permissive or unconfined.
|
a189a8480ade7dc552874e032e27d84dbe3b513b |
13-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 4ba87078: Merge "Update hostapd domain for /data/misc/wifi/sockets label change." * commit '4ba8707874082dd4c3550162ccfba21ad072ff2f': Update hostapd domain for /data/misc/wifi/sockets label change.
|
1027a84e04dd311158a60ee470fd079997a80dff |
13-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am bbfa3522: Merge "Make inputflinger permissive or unconfined." * commit 'bbfa352266a053dd6dd073e417a4d78edd46d28a': Make inputflinger permissive or unconfined.
|
668da8d8007d7060f7641a7567faf420f087e7e6 |
13-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am b5558aac: Merge "Make lmkd permissive or unconfined." * commit 'b5558aac66759b779414f76bf1cf17f977bf2c8a': Make lmkd permissive or unconfined.
|
00abfd61a80c42cb72e5a658c25acb9a4da4d349 |
13-Feb-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Make ppp permissive or unconfined."
|
9145918ddfd9a646b0f90afab2848d7cd0f9c0b0 |
13-Feb-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Make mtp permissive or unconfined."
|
a792bca38e6a302fbf5f8d63eedf952e77f32c4d |
13-Feb-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Make dnsmasq permissive or unconfined."
|
4ba8707874082dd4c3550162ccfba21ad072ff2f |
13-Feb-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Update hostapd domain for /data/misc/wifi/sockets label change."
|
bbfa352266a053dd6dd073e417a4d78edd46d28a |
13-Feb-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Make inputflinger permissive or unconfined."
|
b5558aac66759b779414f76bf1cf17f977bf2c8a |
13-Feb-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Make lmkd permissive or unconfined."
|
060e608bbbb20838b82e163f18203631a3a3750e |
13-Feb-2014 |
Dave Platt <dplatt@google.com> |
am d20c0c23: Merge "Finish fixing Zygote descriptor leakage problem" * commit 'd20c0c23cb3a4a15b51e4b62788b49df2ec65968': Finish fixing Zygote descriptor leakage problem
|
d20c0c23cb3a4a15b51e4b62788b49df2ec65968 |
13-Feb-2014 |
Dave Platt <dplatt@google.com> |
Merge "Finish fixing Zygote descriptor leakage problem"
|
77a918d1adf00f53af610072eb1931c29560b3e4 |
13-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 1213ad15: am 5487ca00: Remove several superuser capabilities from unconfined domains. * commit '1213ad15f0d39220064e8a177526816076f02303': Remove several superuser capabilities from unconfined domains.
|
5e7a802fef15504d9c49783c97311a30d77edf8a |
13-Feb-2014 |
Daniel Cashman <dcashman@google.com> |
am 539d0cef: am 3db328fd: Merge "Make clatd permissive or unconfined." * commit '539d0cef9629565cafdbbc70e464611cb254587d': Make clatd permissive or unconfined.
|
2ca29e15fd176943f74661c9c5ddd2783f0e66ec |
13-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 50e1d7e4: am b081cc1e: Remove mount-related permissions from unconfined domains. * commit '50e1d7e460ebab4ce305ac294291c30e4fa89dd0': Remove mount-related permissions from unconfined domains.
|
1213ad15f0d39220064e8a177526816076f02303 |
12-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 5487ca00: Remove several superuser capabilities from unconfined domains. * commit '5487ca00d4788de367a9d099714f6df4d86ef261': Remove several superuser capabilities from unconfined domains.
|
539d0cef9629565cafdbbc70e464611cb254587d |
12-Feb-2014 |
Daniel Cashman <dcashman@google.com> |
am 3db328fd: Merge "Make clatd permissive or unconfined." * commit '3db328fd2c7d6b396a4a2f6204841a26d7783939': Make clatd permissive or unconfined.
|
50e1d7e460ebab4ce305ac294291c30e4fa89dd0 |
12-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am b081cc1e: Remove mount-related permissions from unconfined domains. * commit 'b081cc1e050843ecb7dff687f780787ad05d6143': Remove mount-related permissions from unconfined domains.
|
3f40d4f4b17a3a5eeac38a8150ab52e47a19ab3c |
11-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Remove block device access from unconfined domains. Only allow to domains as required and amend the existing neverallow on block_device:blk_file to replace the exemption for unconfineddomain with an explicit whitelist. The neverallow does not check other device types as specific ones may need to be writable by device-specific domains. Change-Id: I0f2f1f565e886ae110a719a08aa3a1e7e9f23e8c Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
omain.te
nit.te
ernel.te
ecovery.te
nconfined.te
|
5487ca00d4788de367a9d099714f6df4d86ef261 |
10-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Remove several superuser capabilities from unconfined domains. Remove sys_ptrace and add a neverallow for it. Remove sys_rawio and mknod, explicitly allow to kernel, init, and recovery, and add a neverallow for them. Remove sys_module. It can be added back where appropriate in device policy if using a modular kernel. No neverallow since it is device specific. Change-Id: I1a7971db8d247fd53a8f9392de9e46250e91f89b Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
omain.te
nit.te
ernel.te
ecovery.te
nconfined.te
|
0692ea6ffd586a2476b065360a26130cca941142 |
12-Feb-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
3db328fd2c7d6b396a4a2f6204841a26d7783939 |
11-Feb-2014 |
Daniel Cashman <dcashman@google.com> |
Merge "Make clatd permissive or unconfined."
|
b081cc1e050843ecb7dff687f780787ad05d6143 |
10-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Remove mount-related permissions from unconfined domains. Only allow to specific domains as required, and add a neverallow to prevent allowing it to other domains not explicitly whitelisted. sdcard_type is exempted from the neverallow since more domains require the ability to mount it, including device-specific domains. Change-Id: Ia6476d1c877f5ead250749fb12bff863be5e9f27 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
omain.te
nit.te
ernel.te
ecovery.te
nconfined.te
|
2784d80660da497f63fa0f0e68382f7f5f75411e |
11-Feb-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
am 2baeb05f: am 48b18832: Introduce asec_public_file type. * commit '2baeb05f3a5b7c9863fa9ff4b614a6eae631d568': Introduce asec_public_file type.
|
2baeb05f3a5b7c9863fa9ff4b614a6eae631d568 |
11-Feb-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
am 48b18832: Introduce asec_public_file type. * commit '48b18832c476f0bd8fcb8ee3e308258392f36aaf': Introduce asec_public_file type.
|
48b18832c476f0bd8fcb8ee3e308258392f36aaf |
04-Feb-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
Introduce asec_public_file type. This new type will allow us to write finer-grained policy concerning asec containers. Some files of these containers need to be world readable. Change-Id: Iefee74214d664acd262edecbb4f981d633ff96ce Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
omain.te
rmserver.te
ile.te
ile_contexts
ediaserver.te
hared_app.te
ystem_app.te
ntrusted_app.te
old.te
|
f20673712b07f585de0cd6e6e8f542e866ad54bc |
11-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Update hostapd domain for /data/misc/wifi/sockets label change. Change I9e35cc93abf89ce3594860aa3193f84a3b42ea6e changed the type on /data/misc/wifi/sockets to wpa_socket and change I51b09c5e40946673a38732ea9f601b2d047d3b62 fixed the type on existing devices. Consequently hostapd now needs access to wpa_socket dir and sock_file. Change-Id: I58f552b3cd55821f57e6ef33ebe6bb8587e7b3fd Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ostapd.te
|
f321456e28b4d36c6da7d8dbfe633a653e6f45d7 |
11-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make clatd permissive or unconfined. Otherwise we'll never see denials in userdebug or eng builds and never make progress on confining it. clatd does exist in AOSP and is built by default, and is started via netd. Change-Id: Iee6e0845fad7647962d73cb6d047f27924fa799a Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
latd.te
|
c6a28f0cb2368922e199d6a46a20180881f50dc7 |
29-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make dnsmasq permissive or unconfined. Also add rules from our policy. Change-Id: I86f07f54c5120c511f9cab2877cf765c3ae7c1a8 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
nsmasq.te
|
59702592ab2888410465c08e0cf72faa282df9cd |
29-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make mtp permissive or unconfined. Also add rules from our policy. Change-Id: I096025c1820f0b51f1abdf249c744cba387e0a65 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
tp.te
|
cc65fe8271ee7ed3c54a641a6c87262925db8f9f |
29-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make ppp permissive or unconfined. Also add rules from our policy. Change-Id: I6f552538cc4f6b28b2883aa74832230944cbdb7a Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
|
97f7c82703e2cbebbb2e250d5223137360c1c3ae |
29-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make racoon permissive or unconfined. Also add allow rules from our policy. Change-Id: Id480eb7c8cd4e5544a1ec46cb39a55abc653ddb9 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
acoon.te
|
2561a9afbed0719c6e02a5ff9a1c8f55f4dc8792 |
11-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make lmkd permissive or unconfined. Otherwise we'll never see denials in userdebug or eng builds and never make progress on confining it. Of course we cannot truly test until it is released into AOSP, but this prepares the way and potentially allows for internal testing and collection of denials. Change-Id: Ic9d1ba872d43f322e39ca6cffa0e725f1e223e7b Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
mkd.te
|
38b7f43021ebc5c86503939f6c4064b2758a167b |
11-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make inputflinger permissive or unconfined. Otherwise we'll never see denials in userdebug or eng builds and never make progress on confining it. Of course we cannot truly test until it is released into AOSP, but this prepares the way and potentially allows for internal testing and collection of denials. Change-Id: I800ab23baee1c84b7c4cf7399b17611a62ca6804 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
nputflinger.te
|
49bd91d1df8e9a80ad3cffd198edf9f7b2213406 |
11-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make the sdcardd domain enforcing. Change-Id: I8830c4b26f3fd9e8356e090ede1d7b4eaa6cb733 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
dcardd.te
|
359b10fe8e29dc6195ee0210bee3462b438c1483 |
10-Feb-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
81a32dee3c92ab6abad7840e7f1d94bd95dd87c1 |
06-Feb-2014 |
rpcraig <rpcraig@tycho.ncsc.mil> |
am b89f132a: am e21871c8: Address screenrecord denials. * commit 'b89f132aadfcd6694ec95b0f31c681267ca0add5': Address screenrecord denials.
|
b89f132aadfcd6694ec95b0f31c681267ca0add5 |
06-Feb-2014 |
rpcraig <rpcraig@tycho.ncsc.mil> |
am e21871c8: Address screenrecord denials. * commit 'e21871c8b7250f5dfc746298ab170a869e6be94d': Address screenrecord denials.
|
5c02b01aac42f06ebd7d0fb76a3f4ed24a29272d |
06-Feb-2014 |
Jeff Sharkey <jsharkey@google.com> |
Merge "DO NOT SUBMIT: allow create dir"
|
a1625bc8c974d98a454eb749817b7daa312269fe |
06-Feb-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
e21871c8b7250f5dfc746298ab170a869e6be94d |
04-Feb-2014 |
rpcraig <rpcraig@tycho.ncsc.mil> |
Address screenrecord denials. Steps to reproduce across devices. adb shell screenrecord --bit-rate 8000000 --time-limit 10 /data/local/tmp/test.mp4 * Allow surfaceflinger to talk to mediaserver avc: denied { call } for pid=122 comm="surfaceflinger" scontext=u:r:surfaceflinger:s0 tcontext=u:r:mediaserver:s0 tclass=binder * Give mediaserver access to gpu_device avc: denied { read write } for pid=2793 comm="VideoEncMsgThre" name="kgsl-3d0" dev="tmpfs" ino=6556 scontext=u:r:mediaserver:s0 tcontext=u:object_r:gpu_device:s0 tclass=chr_file avc: denied { open } for pid=2793 comm="VideoEncMsgThre" name="kgsl-3d0" dev="tmpfs" ino=6556 scontext=u:r:mediaserver:s0 tcontext=u:object_r:gpu_device:s0 tclass=chr_file avc: denied { ioctl } for pid=2793 comm="VideoEncMsgThre" path="/dev/kgsl-3d0" dev="tmpfs" ino=6556 scontext=u:r:mediaserver:s0 tcontext=u:object_r:gpu_device:s0 tclass=chr_file Change-Id: Id1812ec95662f4b2433e2989f5fccce6a85c3a41 Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
ediaserver.te
urfaceflinger.te
|
0b218ec5fc7a1bce349dc319de6c5c904d9368e6 |
06-Feb-2014 |
Dave Platt <dplatt@google.com> |
Finish fixing Zygote descriptor leakage problem In order to prevent Zygote descriptors from leaking into the child environment, they should be closed by the forked-off child process before the child switches to the application UID. These changes close the descriptors via dup2(), substituting a descriptor open to /dev/null in their place; this allows the Zygote Java code to close the FileDescriptor objects cleanly. This is a multi-project change: dalvik, art, libcore, frameworks/base, and external/sepolicy are affected. The CLs need to be approved together, lest the build break or the software fail to boot. Bug: 12114500 Change-Id: Ie45ddf6d661a1ea8570cd49dfea76421f2cadf72
pp.te
|
8d573904ce2ba6885421e99deec12644648d4559 |
06-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 863b2823: (-s ours) am d188f5be: Merge "DO NOT MERGE: Flip FORCE_PERMISSIVE_TO_UNCONFINED to true" into klp-modular-dev * commit '863b28236651afd0d2f4bf5b858e519114def1c9': DO NOT MERGE: Flip FORCE_PERMISSIVE_TO_UNCONFINED to true
|
b23915daca4273893b34b8b0f43e7ca17d0b5232 |
06-Feb-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Remove obsolete vdc rule."
|
863b28236651afd0d2f4bf5b858e519114def1c9 |
06-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am d188f5be: Merge "DO NOT MERGE: Flip FORCE_PERMISSIVE_TO_UNCONFINED to true" into klp-modular-dev * commit 'd188f5be07e168c19a2cd46439c0319f4866c641': DO NOT MERGE: Flip FORCE_PERMISSIVE_TO_UNCONFINED to true
|
d188f5be07e168c19a2cd46439c0319f4866c641 |
06-Feb-2014 |
Nick Kralevich <nnk@google.com> |
Merge "DO NOT MERGE: Flip FORCE_PERMISSIVE_TO_UNCONFINED to true" into klp-modular-dev
|
30eea8a1dad80332db9cf75e96fe547a0d59d6f9 |
06-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am e0316263: am 0079f1b6: Merge "Fix NFC image transfer" into klp-modular-dev * commit 'e0316263ca11d602a0528a7de7e0b404bc44b5a5': Fix NFC image transfer
|
32aaaf9c982f57450e3fbe7d347466551f023b7b |
06-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am e23be3f5: resolved conflicts for merge of 6e4c1b7d to klp-modular-dev-plus-aosp * commit 'e23be3f5ae5af7386d0da0fe6fc6eecd5e7f40d3': Allow dumpstate to run am and shell.
|
e0316263ca11d602a0528a7de7e0b404bc44b5a5 |
06-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 0079f1b6: Merge "Fix NFC image transfer" into klp-modular-dev * commit '0079f1b61e10909805f555d697242488a6cf0949': Fix NFC image transfer
|
d7346da7fbc116e446fcc065021cf7fce409e98d |
05-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 75922a0a: am 629c98c2: Fix NFC image transfer * commit '75922a0ac42eec8b44f85119f29dffb4ea507029': Fix NFC image transfer
fc.te
urfaceflinger.te
|
0079f1b61e10909805f555d697242488a6cf0949 |
06-Feb-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Fix NFC image transfer" into klp-modular-dev
|
e23be3f5ae5af7386d0da0fe6fc6eecd5e7f40d3 |
06-Feb-2014 |
Nick Kralevich <nnk@google.com> |
resolved conflicts for merge of 6e4c1b7d to klp-modular-dev-plus-aosp Change-Id: I2a8dbe33952bd7b9d8b1d8cd474271e18c54dbcc
|
2772e78ff99ae651df395ec10e7bb8fdf20b87f0 |
05-Feb-2014 |
Nick Kralevich <nnk@google.com> |
DO NOT MERGE: Flip FORCE_PERMISSIVE_TO_UNCONFINED to true Force any experimental SELinux domains (ones tagged with "permissive_or_unconfined") into unconfined. This flag is intended to be flipped when we're approaching stabilization, to eliminate inconsistencies between user and userdebug devices, and to ensure that we're enforcing a minimal set of rules for all SELinux domains. Change-Id: I1467b6b633934b18689683f3a3085329bb96dae1
ndroid.mk
|
3fe65bababb83329f4632963aaa1b912f98692da |
05-Feb-2014 |
Nick Kralevich <nnk@google.com> |
Fix NFC image transfer Image transfer over NFC is broken. STEPS TO REPRODUCE: ----------------------------------------- 1. Launch Gallery and open any picture 2. Keep two devices close each other 3. Tap on 'Touch to Beam' option on sender device and observe receiver device OBSERVED RESULTS: 'Beam did not complete' message showing in Notification window. EXPECTED RESULTS: Beam should complete successfully and able to share picture through Beam ADDITIONAL INFORMATION : Device : Hammerhead Reproducibility : 3/3 Addresses the following denials: <5>[ 3030.955024] type=1400 audit(1391625834.066:72): avc: denied { call } for pid=311 comm="Binder_2" scontext=u:r:surfaceflinger:s0 tcontext=u:r:nfc:s0 tclass=binder <5>[ 3049.606559] type=1400 audit(1391625852.716:74): avc: denied { write } for pid=26850 comm="id.nfc:handover" name="0" dev="fuse" ino=3086221568 scontext=u:r:nfc:s0 tcontext=u:object_r:sdcard_internal:s0 tclass=dir <5>[ 3049.606802] type=1400 audit(1391625852.716:75): avc: denied { add_name } for pid=26850 comm="id.nfc:handover" name="beam" scontext=u:r:nfc:s0 tcontext=u:object_r:sdcard_internal:s0 tclass=dir <5>[ 3049.607068] type=1400 audit(1391625852.716:76): avc: denied { create } for pid=26850 comm="id.nfc:handover" name="beam" scontext=u:r:nfc:s0 tcontext=u:object_r:sdcard_internal:s0 tclass=dir <5>[ 3049.610602] type=1400 audit(1391625852.716:77): avc: denied { remove_name } for pid=26850 comm="id.nfc:handover" name="IMG_20140205_104344.jpg" dev="fuse" ino=3086246328 scontext=u:r:nfc:s0 tcontext=u:object_r:sdcard_internal:s0 tclass=dir <5>[ 3049.610870] type=1400 audit(1391625852.716:78): avc: denied { rename } for pid=26850 comm="id.nfc:handover" name="IMG_20140205_104344.jpg" dev="fuse" ino=3086246328 scontext=u:r:nfc:s0 tcontext=u:object_r:sdcard_internal:s0 tclass=file Bug: 12891504 (cherry picked from commit 629c98c211580999fe000d337a4cbcf38dc4395e) Change-Id: I7832cc2b66c88092b05581503e338cf8b6e1c0ec
fc.te
urfaceflinger.te
|
6e4c1b7d50760bfcdf43a0d9e2b0fb052b522668 |
29-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow dumpstate to run am and shell. See http://code.google.com/p/android/issues/detail?id=65339 Further denials were observed in testing and allowed as well. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> (cherry picked from commit 208deb335719280c11ab0e6aa033bfd33629320a) Change-Id: I2d4135df916f67fcd3cff8c22429779ba0193b2c
umpstate.te
ystem_server.te
|
4e5dc85d0b6882ea23b4af19582082407c89fd1a |
05-Feb-2014 |
Nick Kralevich <nnk@google.com> |
Remove obsolete vdc rule. As of system/core commit 225459a5da21e9397ca49b0d9af7d5fe3462706b, adbd no longer talks to vold. Remove the obsolete rule. Bug: 12504045 Change-Id: I0a4f621afd8e5f8ab83219e7b0ff096c992d365f
dbd.te
|
c92fc6a4616d7b04e069281319fdf7655ff9d059 |
05-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 75922a0a: am 629c98c2: Fix NFC image transfer * commit '75922a0ac42eec8b44f85119f29dffb4ea507029': Fix NFC image transfer
|
75922a0ac42eec8b44f85119f29dffb4ea507029 |
05-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 629c98c2: Fix NFC image transfer * commit '629c98c211580999fe000d337a4cbcf38dc4395e': Fix NFC image transfer
|
629c98c211580999fe000d337a4cbcf38dc4395e |
05-Feb-2014 |
Nick Kralevich <nnk@google.com> |
Fix NFC image transfer Image transfer over NFC is broken. STEPS TO REPRODUCE: ----------------------------------------- 1. Launch Gallery and open any picture 2. Keep two devices close each other 3. Tap on 'Touch to Beam' option on sender device and observe receiver device OBSERVED RESULTS: 'Beam did not complete' message showing in Notification window. EXPECTED RESULTS: Beam should complete successfully and able to share picture through Beam ADDITIONAL INFORMATION : Device : Hammerhead Reproducibility : 3/3 Addresses the following denials: <5>[ 3030.955024] type=1400 audit(1391625834.066:72): avc: denied { call } for pid=311 comm="Binder_2" scontext=u:r:surfaceflinger:s0 tcontext=u:r:nfc:s0 tclass=binder <5>[ 3049.606559] type=1400 audit(1391625852.716:74): avc: denied { write } for pid=26850 comm="id.nfc:handover" name="0" dev="fuse" ino=3086221568 scontext=u:r:nfc:s0 tcontext=u:object_r:sdcard_internal:s0 tclass=dir <5>[ 3049.606802] type=1400 audit(1391625852.716:75): avc: denied { add_name } for pid=26850 comm="id.nfc:handover" name="beam" scontext=u:r:nfc:s0 tcontext=u:object_r:sdcard_internal:s0 tclass=dir <5>[ 3049.607068] type=1400 audit(1391625852.716:76): avc: denied { create } for pid=26850 comm="id.nfc:handover" name="beam" scontext=u:r:nfc:s0 tcontext=u:object_r:sdcard_internal:s0 tclass=dir <5>[ 3049.610602] type=1400 audit(1391625852.716:77): avc: denied { remove_name } for pid=26850 comm="id.nfc:handover" name="IMG_20140205_104344.jpg" dev="fuse" ino=3086246328 scontext=u:r:nfc:s0 tcontext=u:object_r:sdcard_internal:s0 tclass=dir <5>[ 3049.610870] type=1400 audit(1391625852.716:78): avc: denied { rename } for pid=26850 comm="id.nfc:handover" name="IMG_20140205_104344.jpg" dev="fuse" ino=3086246328 scontext=u:r:nfc:s0 tcontext=u:object_r:sdcard_internal:s0 tclass=file Bug: 12891504 Change-Id: I10dc964db9249f53a2b4d8fe871ad9a036c423a2
fc.te
urfaceflinger.te
|
ec58f1088fbd032c9f777a8e68dfef07f93ff111 |
05-Feb-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
67d887c1697defc98078b07aa83c77a7a2d28b46 |
04-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 27fcf3ef: am 10baf47c: Merge "Revert "Move tlcd_sock policy over to manta."" * commit '27fcf3ef1aaba854be6220cdba2f6a5022336ef9': Revert "Move tlcd_sock policy over to manta."
|
27fcf3ef1aaba854be6220cdba2f6a5022336ef9 |
04-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 10baf47c: Merge "Revert "Move tlcd_sock policy over to manta."" * commit '10baf47c1d8e2879854e38f4be4128656f618662': Revert "Move tlcd_sock policy over to manta."
|
10baf47c1d8e2879854e38f4be4128656f618662 |
04-Feb-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Revert "Move tlcd_sock policy over to manta.""
|
1a1ad959aebb823e60e8a1dc55dfc312eebe2529 |
04-Feb-2014 |
Nick Kralevich <nnk@google.com> |
Revert "Move tlcd_sock policy over to manta." This doesn't compile on non-manta devices because of a missing drmserver_socket declaration. external/sepolicy/mediaserver.te":68:ERROR 'unknown type drmserver_socket' at token ';' on line 6764: #line 68 allow mediaserver drmserver_socket:sock_file write; checkpolicy: error(s) encountered while parsing configuration make: *** [out/target/product/flo/obj/ETC/sepolicy_intermediates/sepolicy] Error 1 make: *** Waiting for unfinished jobs.... This reverts commit 8cd400d3c4a5a9eb9bd8b0392260200bd23e6548. Change-Id: Ib8f07b57008b9ed1165b945057502779e806f0f8
rmserver.te
|
8e7ba7a14d6512f45b2b5f266c5b1c1c40589702 |
04-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 98a6cf08: am 94e06523: Merge "Add file_contexts entries for socket files." * commit '98a6cf08fbba81ea1586fc4fedd4bb700d2e7019': Add file_contexts entries for socket files.
|
98a6cf08fbba81ea1586fc4fedd4bb700d2e7019 |
04-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am 94e06523: Merge "Add file_contexts entries for socket files." * commit '94e065236bb95bcc15e3b52cef46cfc5ba26202c': Add file_contexts entries for socket files.
|
94e065236bb95bcc15e3b52cef46cfc5ba26202c |
04-Feb-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Add file_contexts entries for socket files."
|
4d8f68b7d481239613453fdc6256edce10a50a8e |
04-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 628bc290: am 8cd400d3: Move tlcd_sock policy over to manta. * commit '628bc2902b44ea90b2c0ed76758d04241935801b': Move tlcd_sock policy over to manta.
|
a7e4ace1765d6c4623613810c1e6bc19a6d3f564 |
04-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Add file_contexts entries for socket files. So that we do not relabel them on a restorecon -R /data. Change-Id: I8dd915d9bb80067339621b905ea2b4ea0fa8d71e Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ile_contexts
|
628bc2902b44ea90b2c0ed76758d04241935801b |
04-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 8cd400d3: Move tlcd_sock policy over to manta. * commit '8cd400d3c4a5a9eb9bd8b0392260200bd23e6548': Move tlcd_sock policy over to manta.
|
d1ce42b5f21faa16dc535fbe9b6edbff97581f11 |
04-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am d57848df: am ba1a7315: allow wpa_cli to work. * commit 'd57848dfdd990d807580c1af87d207243aa46f32': allow wpa_cli to work.
|
8cd400d3c4a5a9eb9bd8b0392260200bd23e6548 |
16-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Move tlcd_sock policy over to manta. Change-Id: I7d5a5f964133177e7d466b9759fcf6300fec345d Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
rmserver.te
|
d57848dfdd990d807580c1af87d207243aa46f32 |
04-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am ba1a7315: allow wpa_cli to work. * commit 'ba1a73156b262806e656b75101349d2e6e16a471': allow wpa_cli to work.
|
ba1a73156b262806e656b75101349d2e6e16a471 |
25-Jan-2014 |
Nick Kralevich <nnk@google.com> |
allow wpa_cli to work. With wpa_supplicant in enforcing, wpa_cli doesn't work. Denial: type=1400 audit(1390597866.260:59): avc: denied { write } for pid=3410 comm="wpa_supplicant" name="wpa_ctrl_4852-1" dev="mmcblk0p28" ino=618993 scontext=u:r:wpa:s0 tcontext=u:object_r:wifi_data_file:s0 tclass=sock_file After I9e35cc93abf89ce3594860aa3193f84a3b42ea6e and I51b09c5e40946673a38732ea9f601b2d047d3b62, the /data/misc/wifi/sockets directory is labeled properly. This change allows the communication between the su domain and wpa. Steps to reproduce: Start wifi (so wpa_supplicant will run) Start wpa_cli - it will hand $ adb root $ adb shell # wpa_cli -g @android:wpa_wlan0 Bug: 12721629 Change-Id: I03170acc155ad122c5197baaf590d17fc1ace6a5
pa_supplicant.te
|
b90f2ad23a4bc6d0189572edc2fb479da6e359ce |
04-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 369384d1: am 418e2abd: Label /data/misc/wifi/sockets with wpa_socket. * commit '369384d1f793f93c0b3d54dcf55df9b885ed63ee': Label /data/misc/wifi/sockets with wpa_socket.
|
369384d1f793f93c0b3d54dcf55df9b885ed63ee |
04-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 418e2abd: Label /data/misc/wifi/sockets with wpa_socket. * commit '418e2abd39a3c86c4f8c7fcac93a1a7beea7a092': Label /data/misc/wifi/sockets with wpa_socket.
|
418e2abd39a3c86c4f8c7fcac93a1a7beea7a092 |
29-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Label /data/misc/wifi/sockets with wpa_socket. This will ensure that any sockets created in this directory will default to wpa_socket unless a type_transition is defined. Define a type transition for system_server to keep its separate system_wpa_socket type assigned for its socket. Allow wpa to create and unlink sockets in the directory. We leave the already existing rules for wifi_data_file in place for compatibility with existing devices that have wifi_data_file on /data/misc/wifi/sockets. Change-Id: I9e35cc93abf89ce3594860aa3193f84a3b42ea6e Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ile_contexts
ystem_server.te
pa_supplicant.te
|
ea6efbdb4bc760cb84a0fdb856cb2b0e9aaecc45 |
04-Feb-2014 |
Mark Salyzyn <salyzyn@google.com> |
am 7d40044a: am 8ed750e9: sepolicy: Add write_logd, read_logd & control_logd * commit '7d40044a7333c3ea8f4aeca962ea3a7cc008048e': sepolicy: Add write_logd, read_logd & control_logd
|
7d40044a7333c3ea8f4aeca962ea3a7cc008048e |
04-Feb-2014 |
Mark Salyzyn <salyzyn@google.com> |
am 8ed750e9: sepolicy: Add write_logd, read_logd & control_logd * commit '8ed750e9731e6e3a21785e91e9b1cf7390c16738': sepolicy: Add write_logd, read_logd & control_logd
|
8ed750e9731e6e3a21785e91e9b1cf7390c16738 |
13-Nov-2013 |
Mark Salyzyn <salyzyn@google.com> |
sepolicy: Add write_logd, read_logd & control_logd - Add write_logd, read_logd and control_logd macros added along with contexts for user space logd. - Specify above on domain wide, or service-by-service basis - Add logd rules. - deprecate access_logcat as unused. - 'allow <domain> zygote:unix_dgram_socket write;' rule added to deal with fd inheritance. ToDo: investigate means to allow references to close, and reopen in context of application or call setsockcreatecon() to label them in child context. Change-Id: I35dbb9d5122c5ed9b8c8f128abf24a871d6b26d8
pp.te
ebuggerd.te
omain.te
umpstate.te
ile.te
ile_contexts
ogd.te
ystem_server.te
e_macros
|
3d2a692dff6c35454192e46fc745e76929475d68 |
04-Feb-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
9d126c85e171f680ba72ba25eb349347a170f147 |
04-Feb-2014 |
Nick Kralevich <nnk@google.com> |
DO NOT SUBMIT: allow create dir Change-Id: I0300852ff701a641870114b2c8ff31a98bf6604c
edia_app.te
|
65031d157027f818dbd407df1e49e18922b7f68a |
04-Feb-2014 |
William Roberts <wroberts@tresys.com> |
am 3fc0df76: am a637b2f2: assert: Do not allow access to generic device:chr_file * commit '3fc0df769eefb10320fb0408d7df1e46c5d7042c': assert: Do not allow access to generic device:chr_file
|
3fc0df769eefb10320fb0408d7df1e46c5d7042c |
03-Feb-2014 |
William Roberts <wroberts@tresys.com> |
am a637b2f2: assert: Do not allow access to generic device:chr_file * commit 'a637b2f21eda997f6d1bcb8f2600a5ee3195785d': assert: Do not allow access to generic device:chr_file
|
d65602ef860c2a0276db1f85cfe8c4580a94fd00 |
03-Feb-2014 |
William Roberts <wroberts@tresys.com> |
am df80ebd9: am d0919ec2: assert: do not allow raw access to generic block_device * commit 'df80ebd92aacd93f2cad5e9392b75e1cf1add356': assert: do not allow raw access to generic block_device
|
a637b2f21eda997f6d1bcb8f2600a5ee3195785d |
30-Jan-2014 |
William Roberts <wroberts@tresys.com> |
assert: Do not allow access to generic device:chr_file Rather, enforce that a relabel should be done. This tightens an existing assertion. Change-Id: I0500e3dc483e6bf97e5b017043e358bcbdc69904
pp.te
omain.te
|
df80ebd92aacd93f2cad5e9392b75e1cf1add356 |
03-Feb-2014 |
William Roberts <wroberts@tresys.com> |
am d0919ec2: assert: do not allow raw access to generic block_device * commit 'd0919ec25361ffeda3aa44cc2ecaf875f99784c3': assert: do not allow raw access to generic block_device
|
d0919ec25361ffeda3aa44cc2ecaf875f99784c3 |
30-Jan-2014 |
William Roberts <wroberts@tresys.com> |
assert: do not allow raw access to generic block_device Rather then allowing open,read,write to raw block devices, one should relabel it to something more specific. vold should be re-worked so we can drop it from this assert. Change-Id: Ie891a9eaf0814ea3878d32b18b4e9f4d7dac4faf
omain.te
|
539b6783e5b5e1eb11734807dd29c312f2de8522 |
03-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am b4f8d095: am b71dae82: Merge "drmserver: allow looking in efs_file directories" * commit 'b4f8d095ea3c88e78fb80eb3320626c50ae0ec0f': drmserver: allow looking in efs_file directories
|
b4f8d095ea3c88e78fb80eb3320626c50ae0ec0f |
03-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am b71dae82: Merge "drmserver: allow looking in efs_file directories" * commit 'b71dae828fea60bbc5cacefc4521dfd97f960868': drmserver: allow looking in efs_file directories
|
b71dae828fea60bbc5cacefc4521dfd97f960868 |
03-Feb-2014 |
Nick Kralevich <nnk@google.com> |
Merge "drmserver: allow looking in efs_file directories"
|
e035fc351e80cca1cb294ca38d89878740202d93 |
03-Feb-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
am 114576b7: am 9dbd005a: Update README. * commit '114576b727cc361845ef11145ef08d3f52db3652': Update README.
|
655d5bc6315e074cfdfcf628e8c74e45589c0c09 |
03-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am af292c00: am d4f6c5f0: Merge "Catch nonexistent BOARD_SEPOLICY_UNION policy files." * commit 'af292c00476f558d1c941b1b5cbeea2e4935ee9e': Catch nonexistent BOARD_SEPOLICY_UNION policy files.
|
114576b727cc361845ef11145ef08d3f52db3652 |
03-Feb-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
am 9dbd005a: Update README. * commit '9dbd005ad29c9cda0e29cc80ebf40b88ec462210': Update README.
|
9dbd005ad29c9cda0e29cc80ebf40b88ec462210 |
03-Feb-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
Update README. Commit Icc5febc5fe5a7cccb90ac5b83e6289c2aa5bf069 introduced a new error check for non existent BOARD_SEPOLICY_UNION files. Need an update to the docs describing the change. Change-Id: If96c9046565b05e0811ab2d526ae12a3b8b90bf0 Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
EADME
|
cd2dee15d76866e2dafaf6a62a888343f23fecec |
03-Feb-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
af292c00476f558d1c941b1b5cbeea2e4935ee9e |
03-Feb-2014 |
Nick Kralevich <nnk@google.com> |
am d4f6c5f0: Merge "Catch nonexistent BOARD_SEPOLICY_UNION policy files." * commit 'd4f6c5f0983e8a6a0dac86b9acbfa70501280614': Catch nonexistent BOARD_SEPOLICY_UNION policy files.
|
d4f6c5f0983e8a6a0dac86b9acbfa70501280614 |
01-Feb-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Catch nonexistent BOARD_SEPOLICY_UNION policy files."
|
5dfb67d1213456a4ab57137856c84184c3ade3c9 |
31-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am e5db229e: am 8d9ef067: Merge "Remove MAC capabilities from unconfined domains." * commit 'e5db229e8bea36f439ea8feaee36f97ce091c64c': Remove MAC capabilities from unconfined domains.
|
eec702520b84cfbff9ebf3b68c5d345b2bf69c59 |
31-Jan-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
am 25ffa5cf: am 0cbf06fd: Drop the typealias for camera_calibration_file. * commit '25ffa5cf7139d0815427ed6ecfa9c1838a15d961': Drop the typealias for camera_calibration_file.
|
e5db229e8bea36f439ea8feaee36f97ce091c64c |
31-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 8d9ef067: Merge "Remove MAC capabilities from unconfined domains." * commit '8d9ef0679bd5550a8fc0a63efbb6149288c96dce': Remove MAC capabilities from unconfined domains.
|
25ffa5cf7139d0815427ed6ecfa9c1838a15d961 |
31-Jan-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
am 0cbf06fd: Drop the typealias for camera_calibration_file. * commit '0cbf06fde489c2cc536d8a49d747940e90ccb1ed': Drop the typealias for camera_calibration_file.
|
7cbe44f2444b27bc81499bc0c8af362080b66c3b |
31-Jan-2014 |
Nick Kralevich <nnk@google.com> |
drmserver: allow looking in efs_file directories We can read any efs_files, but can't look in the directory containing them. Allow it. Without this patch, high resolution movie playback is broken. Addresses the following denial: [ 276.780046] type=1400 audit(1391105234.431:5): avc: denied { search } for pid=125 comm="drmserver" name="/" dev="mmcblk0p1" ino=2 scontext=u:r:drmserver:s0 tcontext=u:object_r:efs_file:s0 tclass=dir Bug: 12819852 Change-Id: Ie9d13a224cef5e229de1bdb78d605841ed387a21
rmserver.te
|
8d9ef0679bd5550a8fc0a63efbb6149288c96dce |
31-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Remove MAC capabilities from unconfined domains."
|
dfe380061ef76820f3b538cb327d63c8dbdda318 |
31-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 4ed8c370: am 208deb33: Allow dumpstate to run am and shell. * commit '4ed8c37088c6866595dae0262d48c9573e2087e7': Allow dumpstate to run am and shell.
|
4ed8c37088c6866595dae0262d48c9573e2087e7 |
31-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 208deb33: Allow dumpstate to run am and shell. * commit '208deb335719280c11ab0e6aa033bfd33629320a': Allow dumpstate to run am and shell.
|
04ee5dfb80491f8493fedcd099bd4551c9503c83 |
30-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Remove MAC capabilities from unconfined domains. Linux defines two capabilities for Mandatory Access Control (MAC) security modules, CAP_MAC_OVERRIDE (override MAC access restrictions) and CAP_MAC_ADMIN (allow MAC configuration or state changes). SELinux predates these capabilities and did not originally use them, but later made use of CAP_MAC_ADMIN as a way to control the ability to set security context values unknown to the currently loaded SELinux policy on files. That facility is used in Linux for e.g. livecd creation where a file security context that is being set on a generated filesystem is not known to the build host policy. Internally, files with such labels are treated as having the unlabeled security context for permission checking purposes until/unless the context is later defined through a policy reload. CAP_MAC_OVERRIDE is never checked by SELinux, so it never needs to be allowed. CAP_MAC_ADMIN is only checked if setting an unknown security context value; the only legitimate use I can see in Android is the recovery console, where a context may need to be set on /system that is not defined in the recovery policy. Remove these capabilities from unconfined domains, allow mac_admin for the recovery domain, and add neverallow rules. Change-Id: Ief673e12bc3caf695f3fb67cabe63e68f5f58150 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
omain.te
ecovery.te
nconfined.te
|
0cbf06fde489c2cc536d8a49d747940e90ccb1ed |
30-Jan-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
Drop the typealias for camera_calibration_file. This was originally used for the /data/fdAlbum file. Device specific policy properly labels the file as camera_data_file either during its initial creation (type_transition rule) or with a single restorecon call in the respective init.*.rc file. Change-Id: Ie953dcf4c40883db09cfb4ffec2a42e8ccd6344c Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
ile.te
|
4ca2bb44c1241f673e101fff847039f7cba42169 |
30-Jan-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
208deb335719280c11ab0e6aa033bfd33629320a |
29-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow dumpstate to run am and shell. See http://code.google.com/p/android/issues/detail?id=65339 Further denials were observed in testing and allowed as well. Change-Id: I54e56bf5650b50b61e092a6dac45c971397df60f Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
umpstate.te
ystem_server.te
|
6b0ff4756a17e7af22d283ac3599a8b1925e5827 |
29-Jan-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
Catch nonexistent BOARD_SEPOLICY_UNION policy files. Added a new check to make sure that all listed BOARD_SEPOLICY_UNION files are located somewhere in the listed BOARD_SEPOLICY_DIRS locations. The build will error out otherwise. Change-Id: Icc5febc5fe5a7cccb90ac5b83e6289c2aa5bf069 Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
ndroid.mk
|
12eba02517f08f6d5a3888368ef113cca11f7fd3 |
29-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am aab4746d: am 997680a3: bluetooth: allow media_rw_data_file * commit 'aab4746d2a06be0be50f62920850f291f33878d5': bluetooth: allow media_rw_data_file
|
aab4746d2a06be0be50f62920850f291f33878d5 |
29-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 997680a3: bluetooth: allow media_rw_data_file * commit '997680a3b78db39cf442f80fd92d4eb93d0f262a': bluetooth: allow media_rw_data_file
|
9a7f7cbaa983bd52d3fbdaadb5db2f319524860f |
29-Jan-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
e0cb65a7715f2ccfd7da41c8a1083d0696c0f979 |
29-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 438da65d: am c669667e: Merge "fix healthd charger mode." * commit '438da65d9ea28da78472356c7a201cded57ff581': fix healthd charger mode.
|
997680a3b78db39cf442f80fd92d4eb93d0f262a |
29-Jan-2014 |
Nick Kralevich <nnk@google.com> |
bluetooth: allow media_rw_data_file Allow bluetooth to handle media_rw_data_file file descriptors sent to it from other processes. Without this, bluetooth picture / video sharing is broken. Steps to reproduce: 1. Take few pictures 2. launch gallery and choose a picture/video and click on share and choose available BT device and share Other info from bug report: - Bluetooth process queries media content provider for a file descriptor, with an Uri like "content://media/external/images/media/69" - Media server resolves the uri to a file on the filesystem, in the case of Gallery at "/storage/emulated/0/DCIM/Camera/IMG_20140128_141656.jpg" - Media server returns the FD over binder to bluetooth - Bluetooth is unable to read the file backed by the file descriptor. Fixes Denial: <5>[ 821.040286] type=1400 audit(1390952161.805:11): avc: denied { read } for pid=1348 comm="Binder_3" path="/data/media/0/DCIM/Camera/IMG_20140128_141656.jpg" dev="mmcblk0p23" ino=236246 scontext=u:r:bluetooth:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file Bug: 12457805 Change-Id: I1423d06a98416ae4ab19508f0d005a6353acadc4
luetooth.te
|
438da65d9ea28da78472356c7a201cded57ff581 |
29-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am c669667e: Merge "fix healthd charger mode." * commit 'c669667ec53c0ff212c03a74c4187ff46dabdc32': fix healthd charger mode.
|
c669667ec53c0ff212c03a74c4187ff46dabdc32 |
28-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Merge "fix healthd charger mode."
|
c473e0cd927a0295ca31364842e04455369f8fa9 |
28-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 96de635e: am 251ba76b: Allow "mkdir /sdcard/foo" * commit '96de635eae8fd5d70c28faab8f0f78075e37037c': Allow "mkdir /sdcard/foo"
|
96de635eae8fd5d70c28faab8f0f78075e37037c |
28-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 251ba76b: Allow "mkdir /sdcard/foo" * commit '251ba76b72031df7187bd9f7875f1a2880846d48': Allow "mkdir /sdcard/foo"
|
251ba76b72031df7187bd9f7875f1a2880846d48 |
28-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Allow "mkdir /sdcard/foo" Creation of directories on /sdcard was not allowed for the shell user. Fixed. Steps to reproduce: adb shell cd /sdcard mkdir foo Addresses the following denial: <5>[ 446.361215] type=1400 audit(13427374.189:13): avc: denied { create } for pid=3264 comm="mkdir" name="foo" scontext=u:r:shell:s0 tcontext=u:object_r:sdcard_internal:s0 tclass=dir Bug: 12778268 Change-Id: I5a91b7581fe7e97fbf3caeed9fdf74981e49c58e
helldomain.te
|
74ad31b1c9cf9ba628096f1cce2f38cf7a163d0c |
28-Jan-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
0352393df17490739df224e364a7b8c8761bff8d |
28-Jan-2014 |
Nick Kralevich <nnk@google.com> |
fix healthd charger mode. Healthd has an optional "charger" mode. The device boots into a minimally running mode, and healthd displays the battery indicator. Without this patch, when a manta device boots into charger mode, the screen will never turn off and the battery indicator will not move. From reviewing the healthd code, it looks like this may affect lots of devices, not just manta. I'm adding this change to the generic policy. Steps to reproduce: 1) Make sure the device is unplugged. 2) Boot into a normal system. 3) Shutdown the system normally using the power button. 4) After shutdown, plugin the power cord. 5) Device will boot into charger mode. Battery icon will display. 6) Press the button to reboot into a normal mode. 7) Examine /proc/last_kmsg and look for denials. Addresses the following denials: [ 3.908457] type=1400 audit(1390866386.620:3): avc: denied { read write } for pid=98 comm="charger" name="fb0" dev="tmpfs" ino=4286 scontext=u:r:healthd:s0 tcontext=u:object_r:graphics_device:s0 tclass=chr_file [ 3.909085] type=1400 audit(1390866386.620:4): avc: denied { open } for pid=98 comm="charger" name="fb0" dev="tmpfs" ino=4286 scontext=u:r:healthd:s0 tcontext=u:object_r:graphics_device:s0 tclass=chr_file [ 3.909749] type=1400 audit(1390866386.620:5): avc: denied { ioctl } for pid=98 comm="charger" path="/dev/graphics/fb0" dev="tmpfs" ino=4286 scontext=u:r:healthd:s0 tcontext=u:object_r:graphics_device:s0 tclass=chr_file [ 4.889857] type=1400 audit(1390866387.605:6): avc: denied { read } for pid=98 comm="charger" name="input" dev="tmpfs" ino=4153 scontext=u:r:healthd:s0 tcontext=u:object_r:input_device:s0 tclass=dir [ 4.890873] type=1400 audit(1390866387.605:7): avc: denied { open } for pid=98 comm="charger" name="input" dev="tmpfs" ino=4153 scontext=u:r:healthd:s0 tcontext=u:object_r:input_device:s0 tclass=dir [ 4.891949] type=1400 audit(1390866387.605:8): avc: denied { search } for pid=98 comm="charger" name="input" dev="tmpfs" ino=4153 scontext=u:r:healthd:s0 tcontext=u:object_r:input_device:s0 tclass=dir [ 4.892677] type=1400 audit(1390866387.605:9): avc: denied { read } for pid=98 comm="charger" name="event2" dev="tmpfs" ino=4279 scontext=u:r:healthd:s0 tcontext=u:object_r:input_device:s0 tclass=chr_file [ 4.893576] type=1400 audit(1390866387.605:10): avc: denied { open } for pid=98 comm="charger" name="event2" dev="tmpfs" ino=4279 scontext=u:r:healthd:s0 tcontext=u:object_r:input_device:s0 tclass=chr_file [ 7.288104] type=1400 audit(1390866389.999:12): avc: denied { execmem } for pid=98 comm="charger" scontext=u:r:healthd:s0 tcontext=u:r:healthd:s0 tclass=process [ 7.288574] type=1400 audit(1390866389.999:13): avc: denied { execute } for pid=98 comm="charger" path="/dev/ashmem" dev="tmpfs" ino=4113 scontext=u:r:healthd:s0 tcontext=u:object_r:ashmem_device:s0 tclass=chr_file Change-Id: I0118e08514caa0ad11d2aa7562c9846a96779a21
ealthd.te
|
b6e7432496c2b961d5d3c7d79c64cc437186b338 |
28-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 6c0b4e72: am dffe634b: Merge "Make drmserver enforcing." * commit '6c0b4e7217568e2a25b47baed788f1d9961160c7': Make drmserver enforcing.
|
6c0b4e7217568e2a25b47baed788f1d9961160c7 |
28-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am dffe634b: Merge "Make drmserver enforcing." * commit 'dffe634b1c4ffe900ea7bf29fb8280fb8fc6cd72': Make drmserver enforcing.
|
dffe634b1c4ffe900ea7bf29fb8280fb8fc6cd72 |
28-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Make drmserver enforcing."
|
574852f51cc0beaa3f6ab8b10af1c17ba3d9f622 |
27-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 1f8cad7b: am 19351738: Merge "Move adbd into enforcing (all build types)" * commit '1f8cad7b5c06063e9662388a24b18a287aca6a6c': Move adbd into enforcing (all build types)
|
48d060ce09dbe6a523e55587226a59e85d50590b |
27-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 5903310e: am fed8a2a4: Remove transition / dyntransition from unconfined * commit '5903310efc35058c76fbb54d87ee351e6d38bb94': Remove transition / dyntransition from unconfined
|
1f8cad7b5c06063e9662388a24b18a287aca6a6c |
27-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 19351738: Merge "Move adbd into enforcing (all build types)" * commit '1935173896944ee378c88e48d581047d7aa5e84d': Move adbd into enforcing (all build types)
|
5903310efc35058c76fbb54d87ee351e6d38bb94 |
27-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am fed8a2a4: Remove transition / dyntransition from unconfined * commit 'fed8a2a4d998ac7c8c4ebce585e5de14e95af10b': Remove transition / dyntransition from unconfined
|
1935173896944ee378c88e48d581047d7aa5e84d |
27-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Move adbd into enforcing (all build types)"
|
f95636651cd7a43ec6714962aaf8c0a7d4135874 |
25-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Move adbd into enforcing (all build types) adbd was only in enforcing for user builds. Commit Ib33c0dd2dd6172035230514ac84fcaed2ecf44d6 allows us to move it into enforcing for everyone. Do it. Change-Id: Ie1a3e5361c891d2c9366e11f35699e3146cc3d88
dbd.te
|
fed8a2a4d998ac7c8c4ebce585e5de14e95af10b |
25-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Remove transition / dyntransition from unconfined Require all domain transitions or dyntransitions to be explicitly specified in SELinux policy. healthd: Remove healthd_exec / init_daemon_domain(). Healthd lives on the rootfs and has no unique file type. It should be treated consistent with other similar domains. Change-Id: Ief3c1167379cfb5383073fa33c9a95710a883b29
ealthd.te
nit.te
ernel.te
nconfined.te
|
16eebd38e6b91e17201a13ce70a6e17656502dd6 |
27-Jan-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
5eca63f14dbeb6962b275d091fd5e5f3ff9ef183 |
04-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Make drmserver enforcing. Change-Id: I7c1d2fc7b4d5a962f872d5f032b6d9e31efe7a24
rmserver.te
|
bf93105e81d615f7ed13526d8991e715ee97f94a |
24-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 17d90a46: am 76d14766: Merge "Allow all appdomains to grab file attributes of wallpaper_file." * commit '17d90a4697013c7f4e3f15e1e814abfd755e6431': Allow all appdomains to grab file attributes of wallpaper_file.
|
7cefa28b2d3a6513a6dec56989ce424b2f4b1247 |
24-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 66979002: am 5c9c3121: Move shell into enforcing for everyone. * commit '66979002c293421f94698e940d5b37ff9519236d': Move shell into enforcing for everyone.
|
17d90a4697013c7f4e3f15e1e814abfd755e6431 |
24-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 76d14766: Merge "Allow all appdomains to grab file attributes of wallpaper_file." * commit '76d14766dd6aa854bf047a60c1d99c2d429bd3b2': Allow all appdomains to grab file attributes of wallpaper_file.
|
76d14766dd6aa854bf047a60c1d99c2d429bd3b2 |
24-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Allow all appdomains to grab file attributes of wallpaper_file."
|
66979002c293421f94698e940d5b37ff9519236d |
24-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 5c9c3121: Move shell into enforcing for everyone. * commit '5c9c3121b1ca0b5b3c76fcfb6c0f4a7904cc9529': Move shell into enforcing for everyone.
|
5c9c3121b1ca0b5b3c76fcfb6c0f4a7904cc9529 |
24-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Move shell into enforcing for everyone. Change-Id: Id1eb5f7524181aaa17d0ce26219167a5b05cfd4f
hell.te
|
f343e9fd5bf8add01bc5800a13a199576f4c7a8d |
24-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 0f950ce9: am d233350b: Merge "Support running adbd in the su domain." * commit '0f950ce92384aded7d4178fb2258462925543631': Support running adbd in the su domain.
|
0f950ce92384aded7d4178fb2258462925543631 |
24-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am d233350b: Merge "Support running adbd in the su domain." * commit 'd233350bc737342a116a04e77365225bbbf40080': Support running adbd in the su domain.
|
d233350bc737342a116a04e77365225bbbf40080 |
24-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Support running adbd in the su domain."
|
fc4c6b798a0c8ff38b4b943209ba1653a0276dfa |
23-Jan-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
Allow all appdomains to grab file attributes of wallpaper_file. When setting a static wallpaper on multiple devices the following denials were encountered. avc: denied { getattr } for pid=1775 comm="llpaper_chooser" path="/data/system/users/0/wallpaper" dev="mmcblk0p23" ino=104679 scontext=u:r:shared_app:s0 tcontext=u:object_r:wallpaper_file:s0 tclass=file avc: denied { getattr } for pid=799 comm="ndroid.systemui" path="/data/system/users/0/wallpaper" dev="mmcblk0p23" ino=104679 scontext=u:r:platform_app:s0 tcontext=u:object_r:wallpaper_file:s0 tclass=file avc: denied { getattr } for pid=1909 comm=4173796E635461736B202332 path="/data/system/users/0/wallpaper" dev="mmcblk0p28" ino=586422 scontext=u:r:release_app:s0 tcontext=u:object_r:wallpaper_file:s0 tclass=file platform_app access is from the SystemUI app whereas the other denials are from the Launcher that is used on the particular device. For instance, Launcher2 triggers the shared_app denial whereas release_app (used by Launcher3) triggers the other denial. Because of this, add the rule to all appdomains. The static wallpaper is still set without this change. Just add the rule to avoid the noise in the logs. Change-Id: Ida84d1695d52379d67b87318403f629fd07109a4 Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
pp.te
|
1beae71965ad382398f1c9eeab3db5672e4d46e5 |
24-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am bd8adee9: am 2c1a0ad7: Make healthd enforcing. * commit 'bd8adee97a1de767e20ad7cad13c46f21e53c592': Make healthd enforcing.
|
bd8adee97a1de767e20ad7cad13c46f21e53c592 |
23-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 2c1a0ad7: Make healthd enforcing. * commit '2c1a0ad73fe4fef7b723a5f237eb29c24382deda': Make healthd enforcing.
|
7d0f955ef09be5b2558da432a1f8cd525c5ccfe4 |
19-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Support running adbd in the su domain. When adbd runs as root, it transitions into the su domain. Add the various rules to support this. This is needed to run the adbd and shell domains in enforcing on userdebug / eng devices without breaking developer workflows. Change-Id: Ib33c0dd2dd6172035230514ac84fcaed2ecf44d6
dbd.te
omain.te
u.te
|
58942ebd73464ada3bbda838b82ea0d2458000ec |
23-Jan-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
351f74c802c7635f4b032ed4c3509501dbbc495c |
22-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am e7921bc3: am 190c704d: Allow healthd to read/write /dev/__null_. * commit 'e7921bc357f133151eccbb9a33fc6c6dca87c32c': Allow healthd to read/write /dev/__null_.
|
e7921bc357f133151eccbb9a33fc6c6dca87c32c |
22-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 190c704d: Allow healthd to read/write /dev/__null_. * commit '190c704db815229dd6dfd1ef174cb4433c07d956': Allow healthd to read/write /dev/__null_.
|
2c1a0ad73fe4fef7b723a5f237eb29c24382deda |
22-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make healthd enforcing. The kernel bug that required healthd to remain permissive was fixed by I8a3e0db15ec5f4eb05d455a57e8446a8c2b484c2. Change-Id: Iff07b65b943cadf949d9b747376a8621b2378bf8 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ealthd.te
|
190c704db815229dd6dfd1ef174cb4433c07d956 |
22-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow healthd to read/write /dev/__null_. init creates a private /dev/null instance named /dev/__null__ that is inherited by healthd. Since it is created prior to initial policy load, it is left in the tmpfs type. Allow healthd to inherit and use the open fd. Change-Id: I525fb4527766d0780457642ebcc19c0fcfd1778c Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ealthd.te
|
b5caf0d292f1c9ac4035b8ff3bd668b6406621dc |
22-Jan-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
cdfedeecf33104c773a4957fdbcc08b7a8880e03 |
21-Jan-2014 |
rpcraig <rpcraig@tycho.ncsc.mil> |
am 4cb44982: am 129f8df9: Allow mediaserver to create dirs under /data/mediadrm. * commit '4cb4498228c848f7abc29b807ebc319e610c0708': Allow mediaserver to create dirs under /data/mediadrm.
|
4cb4498228c848f7abc29b807ebc319e610c0708 |
21-Jan-2014 |
rpcraig <rpcraig@tycho.ncsc.mil> |
am 129f8df9: Allow mediaserver to create dirs under /data/mediadrm. * commit '129f8df9264666be39a2fc3fc1076594b35a44ed': Allow mediaserver to create dirs under /data/mediadrm.
|
129f8df9264666be39a2fc3fc1076594b35a44ed |
21-Jan-2014 |
rpcraig <rpcraig@tycho.ncsc.mil> |
Allow mediaserver to create dirs under /data/mediadrm. Addresses the following denial. avc: denied { create } for pid=605 comm="Binder_2" name="IDM1013" scontext=u:r:mediaserver:s0 tcontext=u:object_r:media_data_file:s0 tclass=dir Witnessed denial on grouper. Policy change seems appropriate for core policy though. To reproduce: * erase data partition or just delete all dirs under /data/mediadrm * start netflix app and watch a movie Change-Id: I515a195d45223249847fae70dc2ea9c9b216042f Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
ediaserver.te
|
d650b8df439a2cf2496828bc15498ea52843f2f7 |
21-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am b647a22d: am 2e7a301f: Address bug report denials. * commit 'b647a22d62419432bac142168a210f506322812d': Address bug report denials.
|
b647a22d62419432bac142168a210f506322812d |
21-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 2e7a301f: Address bug report denials. * commit '2e7a301fad5b6065e2d364170a80bc58bc41aab0': Address bug report denials.
|
2e7a301fad5b6065e2d364170a80bc58bc41aab0 |
11-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Address bug report denials. Triggering a bug report via Settings > Developer Options > Take bug report generates a number of denials. Two bugs here: 1) According to the "allowed" list in frameworks/native/cmds/servicemanager/service_manager.c , media apps, nfc, radio, and apps with system/root UIDs can register as a binder service. However, they were not placed into the binder_service domain. Fix them. 2) The bugreport mechanism queries all the services and java programs and asks them to write to a shell owned file. Grant the corresponding SELinux capability. Addresses the following denials: <5>[ 149.342181] type=1400 audit(1389419775.872:17): avc: denied { write } for pid=4023 comm="dumpsys" path="/data/data/com.android.shell/files/bugreports/bugreport-2014-01-10-21-55-46.txt.tmp" dev="mmcblk0p28" ino=82094 scontext=u:r:keystore:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file <5>[ 149.371844] type=1400 audit(1389419775.902:18): avc: denied { write } for pid=4023 comm="dumpsys" path="/data/data/com.android.shell/files/bugreports/bugreport-2014-01-10-21-55-46.txt.tmp" dev="mmcblk0p28" ino=82094 scontext=u:r:healthd:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file <5>[ 149.980161] type=1400 audit(1389419776.512:22): avc: denied { write } for pid=4023 comm="dumpsys" path="/data/data/com.android.shell/files/bugreports/bugreport-2014-01-10-21-55-46.txt.tmp" dev="mmcblk0p28" ino=82094 scontext=u:r:drmserver:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file <5>[ 150.095066] type=1400 audit(1389419776.622:23): avc: denied { write } for pid=1514 comm="Binder_C" path="/data/data/com.android.shell/files/bugreports/bugreport-2014-01-10-21-55-46.txt.tmp" dev="mmcblk0p28" ino=82094 scontext=u:r:system_app:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file <5>[ 150.096748] type=1400 audit(1389419776.632:24): avc: denied { getattr } for pid=3178 comm="Binder_3" path="/data/data/com.android.shell/files/bugreports/bugreport-2014-01-10-21-55-46.txt.tmp" dev="mmcblk0p28" ino=82094 scontext=u:r:system_app:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file <5>[ 150.097090] type=1400 audit(1389419776.632:25): avc: denied { write } for pid=1514 comm="Binder_C" path="/data/data/com.android.shell/files/bugreports/bugreport-2014-01-10-21-55-46.txt.tmp" dev="mmcblk0p28" ino=82094 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file <5>[ 154.545583] type=1400 audit(1389419781.072:43): avc: denied { write } for pid=1423 comm="Binder_A" path="/data/data/com.android.shell/files/bugreports/bugreport-2014-01-10-21-55-46.txt.tmp" dev="mmcblk0p28" ino=82094 scontext=u:r:media_app:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file <5>[ 156.000877] type=1400 audit(1389419782.532:44): avc: denied { write } for pid=1423 comm="Binder_A" path="/data/data/com.android.shell/files/bugreports/bugreport-2014-01-10-21-55-46.txt.tmp" dev="mmcblk0p28" ino=82094 scontext=u:r:radio:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file <5>[ 156.022567] type=1400 audit(1389419782.552:45): avc: denied { write } for pid=1423 comm="Binder_A" path="/data/data/com.android.shell/files/bugreports/bugreport-2014-01-10-21-55-46.txt.tmp" dev="mmcblk0p28" ino=82094 scontext=u:r:radio:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file <5>[ 156.043463] type=1400 audit(1389419782.572:46): avc: denied { write } for pid=1423 comm="Binder_A" path="/data/data/com.android.shell/files/bugreports/bugreport-2014-01-10-21-55-46.txt.tmp" dev="mmcblk0p28" ino=82094 scontext=u:r:nfc:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file <5>[ 156.062550] type=1400 audit(1389419782.592:47): avc: denied { write } for pid=1423 comm="Binder_A" path="/data/data/com.android.shell/files/bugreports/bugreport-2014-01-10-21-55-46.txt.tmp" dev="mmcblk0p28" ino=82094 scontext=u:r:radio:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file Change-Id: I365d530c38ce176617e48b620c05c4aae01324d3
pp.te
inderservicedomain.te
edia_app.te
fc.te
adio.te
urfaceflinger.te
ystem_app.te
|
6577321d938ead62d7752e64f701f8f5d77befa5 |
20-Jan-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
13ae7353fa621ce5e3486069e18751a3df091a72 |
18-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 0562f201: am d14e9dea: Make bluetooth enforcing (again). * commit '0562f2014fb0fff310b0555f313db6b606d834fa': Make bluetooth enforcing (again).
|
38cb6b82e6d8d1c072287346ae0bae6e1527e4f8 |
18-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am c7b2c9bf: am 09f6a99b: Allow mediaserver to connect to bluetooth. * commit 'c7b2c9bf43496f46a275d97e9dbf49b8ec4f297a': Allow mediaserver to connect to bluetooth.
|
0562f2014fb0fff310b0555f313db6b606d834fa |
18-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am d14e9dea: Make bluetooth enforcing (again). * commit 'd14e9deaa495e4bf30ad1c2fa1fa20fbb7d2d745': Make bluetooth enforcing (again).
|
c7b2c9bf43496f46a275d97e9dbf49b8ec4f297a |
18-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 09f6a99b: Allow mediaserver to connect to bluetooth. * commit '09f6a99b667c63cb4084583df10b13cde9b1e78a': Allow mediaserver to connect to bluetooth.
|
d14e9deaa495e4bf30ad1c2fa1fa20fbb7d2d745 |
16-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make bluetooth enforcing (again). Previous bluetooth denials should be addressed by I14b0530387edce1097387223f0def9b59e4292e0. Change-Id: I5c6b44a142a7e545230b89df9c4500ce2fab4ab6 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
luetooth.te
|
41fd055659d8667a750f90b6a2bc9711b687ec08 |
16-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 227186c8: am 94f322e0: Remove /sys/class/rfkill/rfkill.* lines * commit '227186c8c402c2e5b5477ba972b3be5728bcd492': Remove /sys/class/rfkill/rfkill.* lines
|
227186c8c402c2e5b5477ba972b3be5728bcd492 |
16-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 94f322e0: Remove /sys/class/rfkill/rfkill.* lines * commit '94f322e016883f09fecedc0408171338a09f47aa': Remove /sys/class/rfkill/rfkill.* lines
|
09f6a99b667c63cb4084583df10b13cde9b1e78a |
13-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow mediaserver to connect to bluetooth. Re-purpose the existing bluetooth_socket type, originally for /dev/socket/bluetooth used by bluetoothd in the old bluetooth stack, for sockets created by bluedroid under /data/misc/bluedroid, and allow mediaserver to connect to such sockets. This is required for playing audio on paired BT devices. Based on b/12417855. Change-Id: I24ecdf407d066e7c4939ed2a0edb97222a1879f6 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
luetooth.te
ile_contexts
ediaserver.te
|
94f322e016883f09fecedc0408171338a09f47aa |
18-Nov-2013 |
Nick Kralevich <nnk@google.com> |
Remove /sys/class/rfkill/rfkill.* lines These are all symlinks. The restorecon in /sys doesn't follow symlinks, so these lines have absolutely no effect, and just serve to confuse people. Remove them. Change-Id: I24373fa0308ec700011ed19b1ce29a491d1feff3
ile_contexts
|
bb5fb19edc544286766daf5bd4a2a39849440edc |
16-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 617502f6: am 05e719be: Merge "Allow drmserver to unlink old socket file." * commit '617502f6e6b7ed204c7224c60b030526ec9c840b': Allow drmserver to unlink old socket file.
|
617502f6e6b7ed204c7224c60b030526ec9c840b |
16-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 05e719be: Merge "Allow drmserver to unlink old socket file." * commit '05e719bebf0f5ec196318590d282b44b7fa3acf6': Allow drmserver to unlink old socket file.
|
05e719bebf0f5ec196318590d282b44b7fa3acf6 |
16-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Allow drmserver to unlink old socket file."
|
b96fad2d51470d85a176e34ca5133e66737c4943 |
16-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am a06efcd7: am e9d36603: Merge "Make wpa_supplicant enforcing." * commit 'a06efcd7f85bc4d17ec806d6e960a3836f05b114': Make wpa_supplicant enforcing.
|
1933a0222b6bcac3181433dcbdfe8396512fa77f |
16-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 587327ee: am d9b8ef43: Drop legacy device types. * commit '587327ee4835e5d9c1578a815c16017099f738b6': Drop legacy device types.
|
a06efcd7f85bc4d17ec806d6e960a3836f05b114 |
16-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am e9d36603: Merge "Make wpa_supplicant enforcing." * commit 'e9d36603b0d1f0a3614ca00fc43fa826cb3480d2': Make wpa_supplicant enforcing.
|
587327ee4835e5d9c1578a815c16017099f738b6 |
16-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am d9b8ef43: Drop legacy device types. * commit 'd9b8ef435294359ac6e70f9d5981ee23fa0acedb': Drop legacy device types.
|
e9d36603b0d1f0a3614ca00fc43fa826cb3480d2 |
16-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Make wpa_supplicant enforcing."
|
d9b8ef435294359ac6e70f9d5981ee23fa0acedb |
16-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Drop legacy device types. powervr_device is obsoleted by the more general gpu_device. akm_device and accelerometer_device are obsoleted by the more general sensors_device. We could also drop the file_contexts entries altogether and take them to device-specific policy (in this case, they all came from crespo, so that is obsolete for master). Change-Id: I63cef43b0d66bc99b80b64655416cc050f443e7d Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
evice.te
omain.te
ile_contexts
|
e11935d9e3eec5ef894e562ae67c9c45c09c8958 |
16-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow drmserver to unlink old socket file. Change-Id: I35728c4f058fa9aeb51a7960395759590e20b083 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
rmserver.te
|
dd4615a89992761a50be8feb8dffab0e6a643834 |
15-Jan-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
84a6c3d2920177ae56fd9d1febaa63254770f413 |
14-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am b651cc31: am 5eab3ab9: Merge "Confine gpsd, but leave it permissive for now." * commit 'b651cc31ce1b3d6c527dded1e874eacc7705186f': Confine gpsd, but leave it permissive for now.
|
c141313decb100587a7a13e326c2c0f3f4f9fe6e |
14-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am a0f81e42: am b1016ed5: Make hci_attach enforcing. * commit 'a0f81e4252e13b12d601e33d76eb9592bf2d4512': Make hci_attach enforcing.
|
b651cc31ce1b3d6c527dded1e874eacc7705186f |
14-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 5eab3ab9: Merge "Confine gpsd, but leave it permissive for now." * commit '5eab3ab9b5509c4e355a8b6f270bd7356cbdafbb': Confine gpsd, but leave it permissive for now.
|
a0f81e4252e13b12d601e33d76eb9592bf2d4512 |
14-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am b1016ed5: Make hci_attach enforcing. * commit 'b1016ed568cc01c81cd13381917e0e28481b75e5': Make hci_attach enforcing.
|
5eab3ab9b5509c4e355a8b6f270bd7356cbdafbb |
14-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Confine gpsd, but leave it permissive for now."
|
b1016ed568cc01c81cd13381917e0e28481b75e5 |
06-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make hci_attach enforcing. Change-Id: I27c62a7ab7223eb74f44a78c273dd97f1380bc61 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ci_attach.te
|
63c26f6b4d9320aaf93a4b3d4f44fa00fb20f439 |
06-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make wpa_supplicant enforcing. Change-Id: Idc26aadd0add9f39447d51a1d82a55a957a88e9a Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pa_supplicant.te
|
a60abdce689f49dd8baba54fa2fe462430c58dea |
29-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Confine gpsd, but leave it permissive for now. Change-Id: Ie7414b49eac92f7d57789cc3082dbce774561126 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
psd.te
|
0c3a6de5d7a195b091d3580af7775c16d57b2f58 |
14-Jan-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
f59833aa22cc360eaeb0cc83ad795ac75d4f6022 |
14-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 4a05940b: am 08fffc5d: Revert "Revert "Strip file execute permissions from unconfined domains."" * commit '4a05940b48b08c8a0854e14839f4edcd00cd691d': Revert "Revert "Strip file execute permissions from unconfined domains.""
|
d466760dc23f9a3dc8a0898640237b5eca1110e7 |
14-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 26ef06ed: am 8aae7bda: Revert "Revert "Strip exec* permissions from unconfined domains."" * commit '26ef06ed3dd821c41a28d1f53cf2fa4f035dac25': Revert "Revert "Strip exec* permissions from unconfined domains.""
|
4a05940b48b08c8a0854e14839f4edcd00cd691d |
14-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 08fffc5d: Revert "Revert "Strip file execute permissions from unconfined domains."" * commit '08fffc5db640f999a604878317342a1473f63c95': Revert "Revert "Strip file execute permissions from unconfined domains.""
|
26ef06ed3dd821c41a28d1f53cf2fa4f035dac25 |
14-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 8aae7bda: Revert "Revert "Strip exec* permissions from unconfined domains."" * commit '8aae7bda9b9f39b016c1eea1e9ef85be887af0d8': Revert "Revert "Strip exec* permissions from unconfined domains.""
|
5821d836f4b462409fbc401bff7b295b318e2d22 |
13-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am af169481: am 9fe4e7b8: ashmem_device is a character device, not a regular file. * commit 'af169481854bdf22e10c0460e2fa1bb285d41405': ashmem_device is a character device, not a regular file.
|
af169481854bdf22e10c0460e2fa1bb285d41405 |
13-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 9fe4e7b8: ashmem_device is a character device, not a regular file. * commit '9fe4e7b8525d9a4228ac91aa159d5f8223906d2a': ashmem_device is a character device, not a regular file.
|
08fffc5db640f999a604878317342a1473f63c95 |
13-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Revert "Revert "Strip file execute permissions from unconfined domains."" The recovery console now has its own domain and therefore we do not need to allow this for unconfined domains. This reverts commit 43ddc1069492ed3245a5c686ab5e0eabc618bf74. Change-Id: Id2d2c02ccf6ac38c48b07ab84b73348cd9c815fa
nconfined.te
|
8aae7bda9b9f39b016c1eea1e9ef85be887af0d8 |
13-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Revert "Revert "Strip exec* permissions from unconfined domains."" The recovery console now has its own domain and therefore we do not need to allow this for unconfined domains. This reverts commit 89740a6967225ca837c2bf0c59c058e5cac1d83b. Change-Id: Ie060cff0de8cbd206e0e55e196021726e52246c7
nconfined.te
|
9fe4e7b8525d9a4228ac91aa159d5f8223906d2a |
13-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
ashmem_device is a character device, not a regular file. Change-Id: Ie3d73d2c8d5c73e8bd359123f6fd3c006f332323 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ecovery.te
|
d8b414fbb35414bba28998cc4d891910d385b5fc |
13-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 0b4bb096: am 9a40702a: Allow recovery to execute ashmem_device and tmpfs. * commit '0b4bb096e87d20eeeb564a027ff34e177d1acf23': Allow recovery to execute ashmem_device and tmpfs.
|
0b4bb096e87d20eeeb564a027ff34e177d1acf23 |
13-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 9a40702a: Allow recovery to execute ashmem_device and tmpfs. * commit '9a40702a46fd46d0b4dbb11555359a037adb63ec': Allow recovery to execute ashmem_device and tmpfs.
|
9a40702a46fd46d0b4dbb11555359a037adb63ec |
13-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow recovery to execute ashmem_device and tmpfs. Requires execmem and ashmem_device:chr_file execute similar to bootanim presumably for the display. Did not see any cache_file execute denials and do not see any exec of /cache files in the code, only reading/interpreting scripts, so I removed cache_file rx_file_perms. Did not see any tmpfs execute denials in /proc/last_kmsg but the source code appears to extract the update-binary to a tmpfs mount in /tmp and then exec it. So I retained that rule. Tested with adb sideload. Change-Id: I8ca5f2cd390be1adf063f16e6280cc4cd1833c0e Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ecovery.te
|
c8cb4484c510924942ff3d34c78f378a584d1d67 |
13-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am e01f8c91: am 810fc5db: Merge "Add an exception for bluetooth to the sysfs neverallow rule." * commit 'e01f8c91e6e0ecdd9d62f6da8f2b5142b1b6f90f': Add an exception for bluetooth to the sysfs neverallow rule.
|
e01f8c91e6e0ecdd9d62f6da8f2b5142b1b6f90f |
13-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 810fc5db: Merge "Add an exception for bluetooth to the sysfs neverallow rule." * commit '810fc5db5a2ec545ed2896b65ff94a7d8a96f117': Add an exception for bluetooth to the sysfs neverallow rule.
|
810fc5db5a2ec545ed2896b65ff94a7d8a96f117 |
13-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Add an exception for bluetooth to the sysfs neverallow rule."
|
c1b9ab4c158632c9e3637d3c112549d553abd6b4 |
13-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 1f44e3bf: am 7611b608: Merge "Support forcing permissive domains to unconfined." * commit '1f44e3bf4e7d0367041291bb965d6a68931a4658': Support forcing permissive domains to unconfined.
|
0e9ab692ba2618cb62014becb6370f2eaa4c3875 |
13-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am fd346ce4: am 570e5f43: Move adbd into enforcing on user devices * commit 'fd346ce49a7806fa5854b168f0400d15d43ba4ad': Move adbd into enforcing on user devices
|
1f44e3bf4e7d0367041291bb965d6a68931a4658 |
13-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 7611b608: Merge "Support forcing permissive domains to unconfined." * commit '7611b608b5683d29d00eb7faf7109ad14733cf35': Support forcing permissive domains to unconfined.
|
fd346ce49a7806fa5854b168f0400d15d43ba4ad |
13-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 570e5f43: Move adbd into enforcing on user devices * commit '570e5f43535878ed5776497f585abf5f5746ae44': Move adbd into enforcing on user devices
|
7611b608b5683d29d00eb7faf7109ad14733cf35 |
13-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Support forcing permissive domains to unconfined."
|
65a981dab30fdf9bfe92960b51d06f600fab1fef |
13-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 3f1a7fb8: am 200e97dd: Merge "Add a domain for the recovery console." * commit '3f1a7fb89405bb2d3b91300340a7864114119360': Add a domain for the recovery console.
|
bd0e835544357dbd258bfd1726753d137202f118 |
13-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 35629b4c: am 40ce0bb8: allow adbd setpcap * commit '35629b4c9211df30137e142c51dd19769e6235b9': allow adbd setpcap
|
3f1a7fb89405bb2d3b91300340a7864114119360 |
13-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 200e97dd: Merge "Add a domain for the recovery console." * commit '200e97dda1d046a2daf9f58624601692e4daee78': Add a domain for the recovery console.
|
35629b4c9211df30137e142c51dd19769e6235b9 |
13-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 40ce0bb8: allow adbd setpcap * commit '40ce0bb81bb496daf27f36a887b133c9f277f2fc': allow adbd setpcap
|
570e5f43535878ed5776497f585abf5f5746ae44 |
11-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Move adbd into enforcing on user devices Change-Id: Ic5aae78d575dba50d0a4bb78747da3ba4b81fb7b
dbd.te
|
200e97dda1d046a2daf9f58624601692e4daee78 |
13-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Add a domain for the recovery console."
|
6d10ca8fb6b2938b4b45a7512e483420d892842a |
13-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Add a domain for the recovery console. Define a domain for use by the recovery init.rc file for /sbin/recovery. Start with a copy of the kernel domain rules since that is what /sbin/recovery was previously running in, and then add rules as appropriate. Change-Id: Ie3d86547d5be0b68dd1875a97afe1e00fc3e4da1 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ecovery.te
|
df8af76f2678e3ea63e83701ac4b5afec24adf9f |
13-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Add an exception for bluetooth to the sysfs neverallow rule. This is required for the grouper sepolicy, where we must allow bluetooth domain to write to the base sysfs type due to a kernel bug. Change-Id: I14b0530387edce1097387223f0def9b59e4292e0 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
|
fce1f3f98d28acb138a81c06c6f3ef70bc16dcce |
13-Jan-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
40ce0bb81bb496daf27f36a887b133c9f277f2fc |
11-Jan-2014 |
Nick Kralevich <nnk@google.com> |
allow adbd setpcap adbd uses setpcap to drop capabilities from the bounding set on user builds. See system/core commit 080427e4e2b1b72718b660e16b6cf38b3a3c4e3f Change-Id: I6aec8d321b8210ea50a56aeee9bc94738514beab
dbd.te
|
623975fa5aece708032aaf29689d73e1f3a615e7 |
11-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Support forcing permissive domains to unconfined. Permissive domains are only intended for development. When a device launches, we want to ensure that all permissive domains are in, at a minimum, unconfined+enforcing. Add FORCE_PERMISSIVE_TO_UNCONFINED to Android.mk. During development, this flag is false, and permissive domains are allowed. When SELinux new feature development has been frozen immediately before release, this flag will be flipped to true. Any previously permissive domains will move into unconfined+enforcing. This will ensure that all SELinux domains have at least a minimal level of protection. Unconditionally enable this flag for all user builds. Change-Id: I1632f0da0022c80170d8eb57c82499ac13fd7858
ndroid.mk
luetooth.te
hcp.te
rmserver.te
umpstate.te
ci_attach.te
ostapd.te
ediaserver.te
latform_app.te
elease_app.te
ild.te
dcardd.te
hared_app.te
urfaceflinger.te
ystem_app.te
ystem_server.te
e_macros
ntrusted_app.te
pa_supplicant.te
|
42fa7dde718f1df31ce33c6ecd54873e6c51fec3 |
10-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am a504b46a: am 06a0d786: Merge "Revert "Strip exec* permissions from unconfined domains."" * commit 'a504b46ade7bd4cc04d70f88b824a8e9591e8429': Revert "Strip exec* permissions from unconfined domains."
|
a504b46ade7bd4cc04d70f88b824a8e9591e8429 |
10-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 06a0d786: Merge "Revert "Strip exec* permissions from unconfined domains."" * commit '06a0d786210332c0bb2a46b59f1796b74a133ac0': Revert "Strip exec* permissions from unconfined domains."
|
06a0d786210332c0bb2a46b59f1796b74a133ac0 |
10-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Revert "Strip exec* permissions from unconfined domains.""
|
89740a6967225ca837c2bf0c59c058e5cac1d83b |
10-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Revert "Strip exec* permissions from unconfined domains." As discussed in https://android-review.googlesource.com/78634 , the removal of execmem may cause OTA problems. Not sure... Revert this patch to give us more time to investigate. This reverts commit 4e416ea4caf023299c84f4a06f3db59dd9aa1967. Change-Id: Ie05f90235da5b9ee20b374298494cbc0a58b9b49
nconfined.te
|
fbab7b85c7f2116dc8ae817740f893f0960738ce |
10-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 61586353: am e0309502: Merge "Do not allow zygote to execve dalvikcache files." * commit '6158635318694e252518578568c6798adfd34150': Do not allow zygote to execve dalvikcache files.
|
6158635318694e252518578568c6798adfd34150 |
10-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am e0309502: Merge "Do not allow zygote to execve dalvikcache files." * commit 'e03095027456b99acb3764e79b8b850c1c132891': Do not allow zygote to execve dalvikcache files.
|
e03095027456b99acb3764e79b8b850c1c132891 |
10-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Do not allow zygote to execve dalvikcache files."
|
6a723dc1478f90232f290b427438b5f56af816be |
10-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Revert "Make bluetooth enforcing." The following CTS tests are failing on nakasig-userdebug Failing tests android.bluetooth.cts.BasicAdapterTest#test_enableDisable android.bluetooth.cts.BasicAdapterTest#test_getAddress android.bluetooth.cts.BasicAdapterTest#test_getBondedDevices android.bluetooth.cts.BasicAdapterTest#test_getName android.bluetooth.cts.BasicAdapterTest#test_listenUsingRfcommWithServiceRecord Logs ===== junit.framework.AssertionFailedError: expected:<11> but was:<10> at android.bluetooth.cts.BasicAdapterTest.enable(BasicAdapterTest.java:278) at android.bluetooth.cts.BasicAdapterTest.test_enableDisable(BasicAdapterTest.java:128) at java.lang.reflect.Method.invokeNative(Native Method) at android.test.AndroidTestRunner.runTest(AndroidTestRunner.java:191) at android.test.AndroidTestRunner.runTest(AndroidTestRunner.java:176) at android.test.InstrumentationTestRunner.onStart(InstrumentationTestRunner.java:554) at android.app.Instrumentation$InstrumentationThread.run(Instrumentation.java:1701) Reverting this change until we get a proper fix in place. SELinux bluetooth denials: nnk@nnk:~$ grep "avc: " Redirecting.txt | grep bluetooth <5>[ 831.249360] type=1400 audit(1389206307.416:215): avc: denied { write } for pid=14216 comm="BluetoothAdapte" name="state" dev=sysfs ino=4279 scontext=u:r:bluetooth:s0 tcontext=u:object_r:sysfs:s0 tclass=file <5>[ 834.329536] type=1400 audit(1389206310.496:217): avc: denied { write } for pid=14218 comm="BTIF" name="state" dev=sysfs ino=4279 scontext=u:r:bluetooth:s0 tcontext=u:object_r:sysfs:s0 tclass=file This reverts commit 2eba9c5fa244b5ed10073dc2e796ecf10a13d2ec. Bug: 12475767 Change-Id: Id4989f6b371fa02986299114db70279e151ad64a
luetooth.te
|
bd108a8eb0b43b87cba075637d98cca20a9a6235 |
10-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 164715ac: am e210b20f: Merge "Revert "Make bluetooth enforcing."" * commit '164715ac807e2492621dd4c46e1947f48a79604b': Revert "Make bluetooth enforcing."
|
e16b7869ae29fec0372d6f41b98696086ad23b7e |
10-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am c5651d22: am d7da665c: Merge "Create new conditional userdebug_or_eng" * commit 'c5651d2292702907b3dd147d0d97f213c9952015': Create new conditional userdebug_or_eng
|
13d205f7f57ec6708ea41e8bb45cced28a83ddbc |
10-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 83e47f94: am 41a487d8: Merge "Revert "Strip file execute permissions from unconfined domains."" * commit '83e47f94543ab351d60a3985b8d6dc9fdb746958': Revert "Strip file execute permissions from unconfined domains."
|
164715ac807e2492621dd4c46e1947f48a79604b |
10-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am e210b20f: Merge "Revert "Make bluetooth enforcing."" * commit 'e210b20fa51d350f63d67d040e0ee5d450e66b87': Revert "Make bluetooth enforcing."
|
c5651d2292702907b3dd147d0d97f213c9952015 |
10-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am d7da665c: Merge "Create new conditional userdebug_or_eng" * commit 'd7da665c9b34c5081be90be233805e1cd6755d4e': Create new conditional userdebug_or_eng
|
83e47f94543ab351d60a3985b8d6dc9fdb746958 |
10-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 41a487d8: Merge "Revert "Strip file execute permissions from unconfined domains."" * commit '41a487d85e9e44f6774ea78c29869406458d09c7': Revert "Strip file execute permissions from unconfined domains."
|
e210b20fa51d350f63d67d040e0ee5d450e66b87 |
10-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Revert "Make bluetooth enforcing.""
|
85396e93df4f101f9cdcc2d3c34bbf68d393d47f |
10-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Revert "Make bluetooth enforcing." The following CTS tests are failing on nakasig-userdebug Failing tests android.bluetooth.cts.BasicAdapterTest#test_enableDisable android.bluetooth.cts.BasicAdapterTest#test_getAddress android.bluetooth.cts.BasicAdapterTest#test_getBondedDevices android.bluetooth.cts.BasicAdapterTest#test_getName android.bluetooth.cts.BasicAdapterTest#test_listenUsingRfcommWithServiceRecord Logs ===== junit.framework.AssertionFailedError: expected:<11> but was:<10> at android.bluetooth.cts.BasicAdapterTest.enable(BasicAdapterTest.java:278) at android.bluetooth.cts.BasicAdapterTest.test_enableDisable(BasicAdapterTest.java:128) at java.lang.reflect.Method.invokeNative(Native Method) at android.test.AndroidTestRunner.runTest(AndroidTestRunner.java:191) at android.test.AndroidTestRunner.runTest(AndroidTestRunner.java:176) at android.test.InstrumentationTestRunner.onStart(InstrumentationTestRunner.java:554) at android.app.Instrumentation$InstrumentationThread.run(Instrumentation.java:1701) Reverting this change until we get a proper fix in place. SELinux bluetooth denials: nnk@nnk:~$ grep "avc: " Redirecting.txt | grep bluetooth <5>[ 831.249360] type=1400 audit(1389206307.416:215): avc: denied { write } for pid=14216 comm="BluetoothAdapte" name="state" dev=sysfs ino=4279 scontext=u:r:bluetooth:s0 tcontext=u:object_r:sysfs:s0 tclass=file <5>[ 834.329536] type=1400 audit(1389206310.496:217): avc: denied { write } for pid=14218 comm="BTIF" name="state" dev=sysfs ino=4279 scontext=u:r:bluetooth:s0 tcontext=u:object_r:sysfs:s0 tclass=file This reverts commit 2eba9c5fa244b5ed10073dc2e796ecf10a13d2ec. Bug: 12475767 Change-Id: Id4989f6b371fa02986299114db70279e151ad64a
luetooth.te
|
d7da665c9b34c5081be90be233805e1cd6755d4e |
10-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Create new conditional userdebug_or_eng"
|
41a487d85e9e44f6774ea78c29869406458d09c7 |
10-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Revert "Strip file execute permissions from unconfined domains.""
|
43ddc1069492ed3245a5c686ab5e0eabc618bf74 |
10-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Revert "Strip file execute permissions from unconfined domains." I'd like to do more testing to make sure OTA updates aren't broken by this change. Until we do the testing, let's rollback this change. This reverts commit 5da08810bb0e5724cfc45455cb88dd5fdf8a2d31. Change-Id: I56a7f47a426cfd3487af1029283bd8ce182d5ab2
nconfined.te
|
dd2487aa70fba90edd62b51b0545a205606ea8b9 |
10-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 441ee8f9: am 39fd7818: Remove domain init:unix_stream_socket connectto permission. * commit '441ee8f980a1cec3a2217911653f802776f18daa': Remove domain init:unix_stream_socket connectto permission.
|
f8f22c46efd19e2511ed968fdda09f809f13ba69 |
10-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 5f2fd32c: am aef4a469: Merge "Remove legacy rules from dumpstate in init domain." * commit '5f2fd32cee32663d686b94bc82fb02a831a1688e': Remove legacy rules from dumpstate in init domain.
|
9ee35b183bed74694b6480bf36fabb9c2a1ac96e |
10-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am c603315b: am 6933416e: Merge changes Ib3604537,I6f5715eb * commit 'c603315b8e8e20cd14a90bf0aae87fc515609736': Allow access to unlabeled socket and fifo files. Remove unlabeled execute access from domain, add to appdomain.
|
88ce951d89c4c4ad4d870ca34cc5bdcc8b60f54d |
10-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Create new conditional userdebug_or_eng Create a new m4 macro called userdebug_or_eng. Arguments passed to this macro are only emitted if we're performing a userdebug or eng build. Merge shell.te and shell_user.te and eliminate duplicate lines. Same for su.te and su_user.te Change-Id: I8fbabca65ec392aeafd5b90cef57b5066033fad0
ndroid.mk
hell.te
hell_user.te
u.te
u_user.te
e_macros
|
49c995d1c805269e992d5885cceea1e4e3635115 |
09-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Do not allow zygote to execve dalvikcache files. x_file_perms and friends allow execve; we only want to permit mmap/mprotect PROT_EXEC here. Change-Id: I780f202c357f4611225cec25fda5cb9d207e085f Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ygote.te
|
441ee8f980a1cec3a2217911653f802776f18daa |
09-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 39fd7818: Remove domain init:unix_stream_socket connectto permission. * commit '39fd7818b34c5e1c7e6e27aaa064d83b24733307': Remove domain init:unix_stream_socket connectto permission.
|
39fd7818b34c5e1c7e6e27aaa064d83b24733307 |
09-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Remove domain init:unix_stream_socket connectto permission. We do not want to permit connecting to arbitrary unconfined services left running in the init domain. I do not know how this was originally triggered and thus cannot test that it is fixed. Possible causes: - another service was left running in init domain, e.g. dumpstate, - there was a socket entry for the service in the init.rc file and the service was launched via logwrapper and therefore init did not know how to label the socket. The former should be fixed. The latter can be solved either by removing use of logwrapper or by specifying the socket context explicitly in the init.rc file now. Change-Id: I09ececaaaea2ccafb7637ca08707566c1155a298 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
omain.te
|
5f2fd32cee32663d686b94bc82fb02a831a1688e |
09-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am aef4a469: Merge "Remove legacy rules from dumpstate in init domain." * commit 'aef4a469ef4d0afcd283e8b12dce613162db1db2': Remove legacy rules from dumpstate in init domain.
|
c603315b8e8e20cd14a90bf0aae87fc515609736 |
09-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 6933416e: Merge changes Ib3604537,I6f5715eb * commit '6933416e34aa4322fff52eaad9f88a1474627757': Allow access to unlabeled socket and fifo files. Remove unlabeled execute access from domain, add to appdomain.
|
aef4a469ef4d0afcd283e8b12dce613162db1db2 |
09-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Remove legacy rules from dumpstate in init domain."
|
6933416e34aa4322fff52eaad9f88a1474627757 |
09-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Merge changes Ib3604537,I6f5715eb * changes: Allow access to unlabeled socket and fifo files. Remove unlabeled execute access from domain, add to appdomain.
|
38b8fc8f1361b552e99097debaff16f96c5e7b21 |
09-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Remove legacy rules from dumpstate in init domain. From the commit that added these rules, this appears to have been an artifact of having dumpstate running in the init domain. Change-Id: Iec2b9c3f5673d0e2cce9a0bf297e23555c423e87 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
solated_app.te
|
48174c94a63d9adaa7dbfa4a561a2f0b465acbcb |
09-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 2ffc353f: am d832a6d7: Merge "Strip file execute permissions from unconfined domains." * commit '2ffc353ff356515a3ef9d225a7fa7e74eea39557': Strip file execute permissions from unconfined domains.
|
24638eba1a94a8fa184461662f59d0160733df92 |
09-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 0ea63726: am c75e35ad: Merge "Strip exec* permissions from unconfined domains." * commit '0ea637269460cfdc6da2c87573c7a98daea494f2': Strip exec* permissions from unconfined domains.
|
2ffc353ff356515a3ef9d225a7fa7e74eea39557 |
09-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am d832a6d7: Merge "Strip file execute permissions from unconfined domains." * commit 'd832a6d78cd849539634c972f23a2b7cf66d3433': Strip file execute permissions from unconfined domains.
|
d832a6d78cd849539634c972f23a2b7cf66d3433 |
09-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Strip file execute permissions from unconfined domains."
|
0ea637269460cfdc6da2c87573c7a98daea494f2 |
09-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am c75e35ad: Merge "Strip exec* permissions from unconfined domains." * commit 'c75e35ada786aaad560861bc19da3eb9fde944fc': Strip exec* permissions from unconfined domains.
|
c75e35ada786aaad560861bc19da3eb9fde944fc |
09-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Strip exec* permissions from unconfined domains."
|
91c290b8299ffa35381a3718e49349da4e4ddbe4 |
09-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow access to unlabeled socket and fifo files. Just use notdevfile_class_set to pick up all non-device file classes. Change-Id: Ib3604537ccfc25da67823f0f2b5d70b84edfaadf Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
omain.te
|
959fdaaa25d7dbfad8a1900dfe9575f873cea649 |
09-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Remove unlabeled execute access from domain, add to appdomain. Otherwise all domains can create/write files that are executable by all other domains. If I understand correctly, this should only be necessary for app domains executing content from legacy unlabeled userdata partitions on existing devices and zygote and system_server mappings of dalvikcache files, so only allow it for those domains. If required for others, add it to the individual domain .te file, not for all domains. Change-Id: I6f5715eb1ecf2911e70772b9ab4e531feea18819 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
omain.te
ystem_server.te
ygote.te
|
25a80a2299330be7a6ba805b993c61edf56f11de |
09-Jan-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
am e6f69ce3: am c50bf17d: Address new system server denial. * commit 'e6f69ce3cdf6254dea55116d4186b82eeeafe3d7': Address new system server denial.
|
e6f69ce3cdf6254dea55116d4186b82eeeafe3d7 |
09-Jan-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
am c50bf17d: Address new system server denial. * commit 'c50bf17d4f4ae4615c9f189236f593db5ff21180': Address new system server denial.
|
c50bf17d4f4ae4615c9f189236f593db5ff21180 |
08-Jan-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
Address new system server denial. Allow system_server to unlink sockets created by the wpa supplicant. This will resolve the following denial seen across mutliple devices. avc: denied { unlink } for pid=584 comm="WifiStateMachin" name="wlan0" dev=mmcblk0p10 ino=138762 scontext=u:r:system_server:s0 tcontext=u:object_r:wpa_socket:s0 tclass=sock_file Change-Id: If3a8b1f270dfcd3dc6838eb8ac72e3d5004cc36d Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
ystem_server.te
|
0b53f89d8b54cdeaa7a0051cd226bf7a4ce577c7 |
09-Jan-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
dbec891de1fc11f01e2f128e43969cd4f3b30ad3 |
08-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 96246ad5: am 1dd3184e: Merge "address denials when playing protected content." * commit '96246ad5550f920b3a57bc4ce3da2d6184b7de93': address denials when playing protected content.
|
626b735ef43a5f568be245a81aaee88c1a41bb9d |
08-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am e57f05ca: am b23d2876: Allow keystore to talk to the tee * commit 'e57f05caaa593fb33c5a06bfb2dc42e79de8bb61': Allow keystore to talk to the tee
|
96246ad5550f920b3a57bc4ce3da2d6184b7de93 |
08-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 1dd3184e: Merge "address denials when playing protected content." * commit '1dd3184ebcf9daab4e61e06c5437f786f76d237a': address denials when playing protected content.
|
e57f05caaa593fb33c5a06bfb2dc42e79de8bb61 |
08-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am b23d2876: Allow keystore to talk to the tee * commit 'b23d2876815ba214024895fa28c3e6bbd3cfbc40': Allow keystore to talk to the tee
|
1dd3184ebcf9daab4e61e06c5437f786f76d237a |
08-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Merge "address denials when playing protected content."
|
b23d2876815ba214024895fa28c3e6bbd3cfbc40 |
08-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Allow keystore to talk to the tee On manta, the keystore CTS tests are failing, because keystore isn't allowed to talk to the tee. Allow it. I've only seen this bug on manta, but it seems appropriate for all domains. Fixes the following denial: <5>[ 286.249563] type=1400 audit(1389210059.924:6): avc: denied { connectto } for pid=126 comm="keystore" path=006D636461656D6F6E scontext=u:r:keystore:s0 tcontext=u:r:tee:s0 tclass=unix_stream_socket Bug: 12450710 Change-Id: I07133d9abeaf967392118ba478a5a391cf0c5fa5
eystore.te
|
e45603d316558d21af3a3a38b865c7eee8147937 |
08-Jan-2014 |
Nick Kralevich <nnk@google.com> |
address denials when playing protected content. When playing protected content on manta, surfaceflinger would crash. STEPS TO REPRODUCE: 1. Launch Play Movies & TV 2. Play any movie and observe OBSERVED RESULTS: Device reboot while playing movies EXPECTED RESULTS: No device reboot Even though this only reproduces on manta, this seems appropriate for a general policy. Addresses the following denials: <5>[ 36.066819] type=1400 audit(1389141624.471:9): avc: denied { write } for pid=1855 comm="TimedEventQueue" name="tlcd_sock" dev="mmcblk0p9" ino=627097 scontext=u:r:mediaserver:s0 tcontext=u:object_r:drmserver_socket:s0 tclass=sock_file <5>[ 36.066985] type=1400 audit(1389141624.471:10): avc: denied { connectto } for pid=1855 comm="TimedEventQueue" path="/data/app/tlcd_sock" scontext=u:r:mediaserver:s0 tcontext=u:r:drmserver:s0 tclass=unix_stream_socket <5>[ 41.379708] type=1400 audit(1389141629.786:15): avc: denied { connectto } for pid=120 comm="surfaceflinger" path=006D636461656D6F6E scontext=u:r:surfaceflinger:s0 tcontext=u:r:tee:s0 tclass=unix_stream_socket <5>[ 41.380051] type=1400 audit(1389141629.786:16): avc: denied { read write } for pid=120 comm="surfaceflinger" name="mobicore-user" dev="tmpfs" ino=4117 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:tee_device:s0 tclass=chr_file <5>[ 41.380209] type=1400 audit(1389141629.786:17): avc: denied { open } for pid=120 comm="surfaceflinger" name="mobicore-user" dev="tmpfs" ino=4117 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:tee_device:s0 tclass=chr_file <5>[ 41.380779] type=1400 audit(1389141629.786:18): avc: denied { ioctl } for pid=120 comm="surfaceflinger" path="/dev/mobicore-user" dev="tmpfs" ino=4117 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:tee_device:s0 tclass=chr_file Change-Id: I20286ec2a6cf0d190a84ad74e88e94468bab9fdb Bug: 12434847
ediaserver.te
urfaceflinger.te
|
2323113ebacf5fa7bdd8c457b4c51bf558414ad6 |
08-Jan-2014 |
rpcraig <robertpcraig@gmail.com> |
am b2188c7c: am d362cdf8: Apply a label to /data/mediadrm files. * commit 'b2188c7c0947943c0bafd336417277c9b901668f': Apply a label to /data/mediadrm files.
|
b2188c7c0947943c0bafd336417277c9b901668f |
08-Jan-2014 |
rpcraig <robertpcraig@gmail.com> |
am d362cdf8: Apply a label to /data/mediadrm files. * commit 'd362cdf8d99ce6c4e4b3815683f54a253da6adba': Apply a label to /data/mediadrm files.
|
d362cdf8d99ce6c4e4b3815683f54a253da6adba |
08-Jan-2014 |
rpcraig <robertpcraig@gmail.com> |
Apply a label to /data/mediadrm files. /data/mediadrm is appearing on devices but is receiving the system_data_file type. Use the media_data_file label to help classify these files. This new label will help with the following denials. with exisiting allow rules for mediaserver are already in place. type=1400 msg=audit(1389139139.551:308): avc: denied { open } for pid=179 comm="mediaserver" name="ay64.dat" dev="mmcblk0p23" ino=136819 scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=file type=1400 msg=audit(1389139140.783:309): avc: denied { read } for pid=179 comm="mediaserver" name="IDM1013" dev="mmcblk0p23" ino=136818 scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir type=1400 msg=audit(1389139140.783:310): avc: denied { open } for pid=179 comm="mediaserver" name="IDM1013" dev="mmcblk0p23" ino=136818 scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir Change-Id: I84ac78517fdbb0264cf07379120a62675505fc95 Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
ile_contexts
|
c5d14d695c56b94f19ee4b934c3e513cedf516df |
08-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am fb6a1ee0: am 84a81d1e: Merge "Restrict ability to set checkreqprot." * commit 'fb6a1ee03f6bdec1a255396a183cd6d099ad34df': Restrict ability to set checkreqprot.
|
de2ad6daba5a8ad48e8744e481b279fa708762c2 |
08-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am fdea4414: am c0493c8d: Drop extra _system_file types. * commit 'fdea4414110df71fbf37c80562877dc98905b173': Drop extra _system_file types.
|
fb6a1ee03f6bdec1a255396a183cd6d099ad34df |
08-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 84a81d1e: Merge "Restrict ability to set checkreqprot." * commit '84a81d1ed6b6bb2fe2c3f536086d135a72d22c37': Restrict ability to set checkreqprot.
|
fdea4414110df71fbf37c80562877dc98905b173 |
08-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am c0493c8d: Drop extra _system_file types. * commit 'c0493c8dfe78284c683184a7f3aefba6982bce40': Drop extra _system_file types.
|
84a81d1ed6b6bb2fe2c3f536086d135a72d22c37 |
08-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Restrict ability to set checkreqprot."
|
5da08810bb0e5724cfc45455cb88dd5fdf8a2d31 |
08-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Strip file execute permissions from unconfined domains. Exclude execute from the rules allowing access to files, and only add it back for the rootfs and files labeled with system_file (/system, /vendor) or one of the types in exec_type (files under /system that cause domain transitions). Change-Id: Ic72d76dc92e79bcc75a38398425af3bb1274a009 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
nconfined.te
|
c0493c8dfe78284c683184a7f3aefba6982bce40 |
08-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Drop extra _system_file types. They serve no purpose; these directories/files are normally accessible in the same way as the rest of /system. Also one of them has the wrong attributes (data_file_type), thereby making it writable by some domains, and under current policy, shell and apps cannot do ls -l /etc/ppp /etc/dhcpcd. Change-Id: I0c1baa434fe78373684f4eaab40a41fddf2bdd79 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
hcp.te
ile_contexts
pp.te
|
4e416ea4caf023299c84f4a06f3db59dd9aa1967 |
08-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Strip exec* permissions from unconfined domains. This ensures that only domains that are explicitly allowed executable memory permissions are granted them. Unconfined domains retain full write + execute access to all file types. A further change could possibly restrict execute access to a subset of file types, e.g. system_file + exec_type. Change-Id: I842f5a2ac5921cc2bd0ab23a091eb808fdd89565 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
nconfined.te
|
8b51674b2d2588c97ee6ddb976d6458ad33e2880 |
08-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Restrict ability to set checkreqprot. Now that we set /sys/fs/selinux/checkreqprot via init.rc, restrict the ability to set it to only the kernel domain. Change-Id: I975061fd0e69c158db9bdb23e6ba77948e3fead1 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
omain.te
ernel.te
nconfined.te
|
74a1d418ad5e59c0ad05c014289bd0001e7255f7 |
08-Jan-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
b1c9e0b959dda5820903027e64ce75e45b81bcdf |
08-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am f5d4b18b: am fa4002fc: Merge "Adding permissions needed to remove cache" * commit 'f5d4b18b2bafdee05c4a58ec3e5d6e0eaa53c0a2': Adding permissions needed to remove cache
|
f5d4b18b2bafdee05c4a58ec3e5d6e0eaa53c0a2 |
08-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am fa4002fc: Merge "Adding permissions needed to remove cache" * commit 'fa4002fc7f9d9edabc4f9aee284793eb2226f234': Adding permissions needed to remove cache
|
fa4002fc7f9d9edabc4f9aee284793eb2226f234 |
08-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Adding permissions needed to remove cache"
|
583270262c5d09a43ca5ee597d269fdf63a865bb |
07-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Revert "Make surfaceflinger domain enforcing." There are continued complaints about not being able to generate bug reports and surfaceflinger crashes. Move surfaceflinger out of enforcing until I can resolve this. Here are some denials I'm seeing. I'm not sure what binder service is running in the shell domain... Need to do more digging. nnk@nnk:~/Downloads$ grep "avc: " screenshot_runtime_restart.txt | grep surfaceflinger <5>[ 5.182699] type=1400 audit(1389111729.860:9): avc: denied { search } for pid=186 comm="surfaceflinger" name="tmp" dev="mmcblk0p28" ino=627090 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:shell_data_file:s0 tclass=dir <5>[ 744.988702] type=1400 audit(1389112469.578:188): avc: denied { call } for pid=596 comm="Binder_3" scontext=u:r:surfaceflinger:s0 tcontext=u:r:shell:s0 tclass=binder This reverts commit a11c56e1249419d92db70d11b2976bf8962bad5d. Bug: 12416329 Change-Id: I7b72608c760c4087f73047ad751a5bd069fa2ec7
urfaceflinger.te
|
e5be3a6bede495d2a99d99652fc1d58dc86772b6 |
07-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Fix denials triggered by adb shell screencap. Change-Id: Ief925f1f49a6579d5a7a1035f3732834238fa590 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
umpstate.te
urfaceflinger.te
|
70e155ef0840ca36e1aba74cdf4a8b78082e6a44 |
07-Jan-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
am b22c8e03: am 1bf61c43: Make /proc/net a proc_net type. * commit 'b22c8e03c16d15230a8c74e29e0e11e355dd52e4': Make /proc/net a proc_net type.
|
b22c8e03c16d15230a8c74e29e0e11e355dd52e4 |
07-Jan-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
am 1bf61c43: Make /proc/net a proc_net type. * commit '1bf61c43baa9df374d6ef7cadc9637b5eff994a1': Make /proc/net a proc_net type.
|
1bf61c43baa9df374d6ef7cadc9637b5eff994a1 |
07-Jan-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
Make /proc/net a proc_net type. Change-Id: Iaee5e09712e7f27e0adf645f18554bf2ebd4e448 Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
enfs_contexts
|
58563c661a45d23a13cbefdbd31a548b30b55cfc |
07-Jan-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
am 6095ffea: am 529fcbe0: Create proc_net type for /proc/sys/net entries. * commit '6095ffea56c969ecac4424461c6f45066c431ac2': Create proc_net type for /proc/sys/net entries.
|
f04b3bfc586f8d92b708755500263759a43a5387 |
07-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 7c0a8ea2: am 11c48d4c: Merge "Remove ping domain." * commit '7c0a8ea2a79995f5fa28eb1dcf9a6a7951894548': Remove ping domain.
|
4acdc828300086565747b7256d867b0e18f9765c |
07-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 9623f742: am a5066135: Fix denials triggered by adb shell screencap. * commit '9623f742ec6250edd8f53f7c9ec18a62649396c2': Fix denials triggered by adb shell screencap.
|
6095ffea56c969ecac4424461c6f45066c431ac2 |
07-Jan-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
am 529fcbe0: Create proc_net type for /proc/sys/net entries. * commit '529fcbe06506d62370525f04380ae41ae7fc7892': Create proc_net type for /proc/sys/net entries.
|
529fcbe06506d62370525f04380ae41ae7fc7892 |
07-Jan-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
Create proc_net type for /proc/sys/net entries. /proc/sys/net could use its own type to help distinguish among some of the proc access rules. Fix dhcp and netd because of this. Change-Id: I6e16cba660f07bc25f437bf43e1eba851a88d538 Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
hcp.te
omain.te
ile.te
enfs_contexts
etd.te
|
7c0a8ea2a79995f5fa28eb1dcf9a6a7951894548 |
07-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 11c48d4c: Merge "Remove ping domain." * commit '11c48d4c06dd36432d11985297374331155e7db6': Remove ping domain.
|
9623f742ec6250edd8f53f7c9ec18a62649396c2 |
07-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am a5066135: Fix denials triggered by adb shell screencap. * commit 'a5066135eeb15ab4c61241689dca1fdfe3a19e05': Fix denials triggered by adb shell screencap.
|
11c48d4c06dd36432d11985297374331155e7db6 |
07-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Remove ping domain."
|
a5066135eeb15ab4c61241689dca1fdfe3a19e05 |
07-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Fix denials triggered by adb shell screencap. Change-Id: Ief925f1f49a6579d5a7a1035f3732834238fa590 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
umpstate.te
urfaceflinger.te
|
396015c3952bcbd5678dc20d5e5e4407cf6a4d4a |
07-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Remove ping domain. ping in Android no longer requires any additional privileges beyond the caller. Drop the ping domain and executable file type entirely. Also add net_domain() to shell domain so that it can create and use network sockets. Change-Id: If51734abe572aecf8f510f1a55782159222e5a67 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
ile_contexts
ing.te
hell.te
hell_user.te
|
4b08a4f2e2ba9f362d2811a14797d3c94e810bc8 |
07-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 6e387168: am 5f290264: Revert "Make surfaceflinger domain enforcing." * commit '6e38716807344d13b45ba8918ba62b43033e53b9': Revert "Make surfaceflinger domain enforcing."
|
6e38716807344d13b45ba8918ba62b43033e53b9 |
07-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 5f290264: Revert "Make surfaceflinger domain enforcing." * commit '5f290264594982cbb81bf635b65a53ee5b77f6f8': Revert "Make surfaceflinger domain enforcing."
|
5f290264594982cbb81bf635b65a53ee5b77f6f8 |
07-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Revert "Make surfaceflinger domain enforcing." There are continued complaints about not being able to generate bug reports and surfaceflinger crashes. Move surfaceflinger out of enforcing until I can resolve this. Here are some denials I'm seeing. I'm not sure what binder service is running in the shell domain... Need to do more digging. nnk@nnk:~/Downloads$ grep "avc: " screenshot_runtime_restart.txt | grep surfaceflinger <5>[ 5.182699] type=1400 audit(1389111729.860:9): avc: denied { search } for pid=186 comm="surfaceflinger" name="tmp" dev="mmcblk0p28" ino=627090 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:shell_data_file:s0 tclass=dir <5>[ 744.988702] type=1400 audit(1389112469.578:188): avc: denied { call } for pid=596 comm="Binder_3" scontext=u:r:surfaceflinger:s0 tcontext=u:r:shell:s0 tclass=binder This reverts commit a11c56e1249419d92db70d11b2976bf8962bad5d. Bug: 12416329 Change-Id: I7b72608c760c4087f73047ad751a5bd069fa2ec7
urfaceflinger.te
|
edf57800458b1aa826cea6dcef9a726a94f243f0 |
07-Jan-2014 |
The Android Automerger <android-build@google.com> |
merge in master-release history after reset to master
|
028e0565958ee3f9c6047cd469c8af9da3f9f624 |
07-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Revert "Make ping enforcing." Causing adbd to run at 100% cpu utilization when the following sequence of commands are run: 1) Run the command "adb shell ping -c 1 -w 5 www.google.com" for 5 times 2) Run "adb shell top -m 5" The following denial occurs: <5>[ 20.647559] type=1400 audit(1389054327.861:21): avc: denied { sigchld } for pid=1989 comm="adbd" scontext=u:r:ping:s0 tcontext=u:r:adbd:s0 tclass=process Reverting for now. This reverts commit 1b556c3270b3af0d2123901f7b31e105bb22f8fe. Bug: 12251052 Change-Id: I1b9920624f49b0aed2226c41a45005aff228d9e8
ing.te
|
9cad3272b60e9c14e426644a5be39c6c3005ac5b |
07-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 7b5da7bd: am a6f88c73: Revert "Make ping enforcing." * commit '7b5da7bdc11154fa33c4c442bf7fa41627dec036': Revert "Make ping enforcing."
|
740ce6543a90552ff5ca82636abf08b0d92f10dc |
06-Jan-2014 |
Nick Kralevich <nnk@google.com> |
fix mediaserver selinux denials. mediaserver needs the ability to read media_rw_data_file files. Allow it. Similarly, this is also needed for drmserver. Addresses the following denials: <5>[ 22.812859] type=1400 audit(1389041093.955:17): avc: denied { read } for pid=1655 comm="MediaScannerSer" path="/data/media/0/DCIM/Camera/VID_20140106_124115.mp4" dev="mmcblk0p28" ino=122204 scontext=u:r:mediaserver:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file <5>[ 22.813103] type=1400 audit(1389041093.955:18): avc: denied { getattr } for pid=849 comm="Binder_2" path="/data/media/0/DCIM/Camera/VID_20140106_124115.mp4" dev="mmcblk0p28" ino=122204 scontext=u:r:mediaserver:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file <5>[ 22.832041] type=1400 audit(1389041093.975:19): avc: denied { read } for pid=849 comm="Binder_2" path="/data/media/0/DCIM/Camera/VID_20140106_124115.mp4" dev="mmcblk0p28" ino=122204 scontext=u:r:drmserver:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file <5>[ 52.357470] type=1400 audit(1389041123.494:29): avc: denied { read } for pid=2757 comm="ImageLoader" path="/data/media/0/DCIM/Camera/VID_20140106_124520.mp4" dev="mmcblk0p28" ino=122211 scontext=u:r:mediaserver:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file <5>[ 52.357717] type=1400 audit(1389041123.494:30): avc: denied { getattr } for pid=849 comm="Binder_2" path="/data/media/0/DCIM/Camera/VID_20140106_124520.mp4" dev="mmcblk0p28" ino=122211 scontext=u:r:mediaserver:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file <5>[ 52.382276] type=1400 audit(1389041123.524:31): avc: denied { read } for pid=849 comm="Binder_2" path="/data/media/0/DCIM/Camera/VID_20140106_124520.mp4" dev="mmcblk0p28" ino=122211 scontext=u:r:drmserver:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file Allow anyone who has access to video_device:chr_file to also have read access to video_device:dir. Otherwise, the chracter devices may not be reachable. Bug: 12416198 Change-Id: I649cd52ec7f1a25afb3aea479482e3f270bfe074
rmserver.te
ediaserver.te
urfaceflinger.te
ystem_server.te
|
8decca39814a87d0d70e3b4be749b3ada6ef1e8d |
06-Jan-2014 |
Nick Kralevich <nnk@google.com> |
surfaceflinger: fix bugreport screenshot functionality When a bugreport is triggered using the device keys, it generates a screenshot and places it into /data/data/com.android.shell/files/bugreports. SELinux is denying those writes. Addresses the following denials: <5> type=1400 audit(1389047451.385:23): avc: denied { call } for pid=267 comm="Binder_1" scontext=u:r:surfaceflinger:s0 tcontext=u:r:dumpstate:s0 tclass=binder <5> type=1400 audit(1389046083.780:37): avc: denied { write } for pid=4191 comm="dumpsys" path="/data/data/com.android.shell/files/bugreports/bugreport-2014-01-06-14-07-35.txt.tmp" dev="mmcblk0p28" ino=81874 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file Bug: 12416329 Change-Id: I318145591cda500094d98103d30b784df48a67be
urfaceflinger.te
|
7b5da7bdc11154fa33c4c442bf7fa41627dec036 |
07-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am a6f88c73: Revert "Make ping enforcing." * commit 'a6f88c73dcf40d178500c996363bee67e99c1200': Revert "Make ping enforcing."
|
a6f88c73dcf40d178500c996363bee67e99c1200 |
07-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Revert "Make ping enforcing." Causing adbd to run at 100% cpu utilization when the following sequence of commands are run: 1) Run the command "adb shell ping -c 1 -w 5 www.google.com" for 5 times 2) Run "adb shell top -m 5" The following denial occurs: <5>[ 20.647559] type=1400 audit(1389054327.861:21): avc: denied { sigchld } for pid=1989 comm="adbd" scontext=u:r:ping:s0 tcontext=u:r:adbd:s0 tclass=process Reverting for now. This reverts commit 1b556c3270b3af0d2123901f7b31e105bb22f8fe. Bug: 12251052 Change-Id: I1b9920624f49b0aed2226c41a45005aff228d9e8
ing.te
|
f083014a7c4c2e25ce072f70e6b063e1d0044159 |
07-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 5be58ab1: am b8ac06f3: Revert "Make mediaserver enforcing." * commit '5be58ab1ce0c1b57b72d7b732abc1225c2c3697d': Revert "Make mediaserver enforcing."
|
f7b72d6165d5a7cf10f0cb49b402bab00632fae2 |
07-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Revert "Make mediaserver enforcing." Too many bugs. This reverts commit cc9645436f6eb49d7e6b903af92379b942cc0fa7.
ediaserver.te
|
5be58ab1ce0c1b57b72d7b732abc1225c2c3697d |
07-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am b8ac06f3: Revert "Make mediaserver enforcing." * commit 'b8ac06f379961a10f2831057a4e815847fb1914e': Revert "Make mediaserver enforcing."
|
b8ac06f379961a10f2831057a4e815847fb1914e |
07-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Revert "Make mediaserver enforcing." Too many bugs. This reverts commit cc9645436f6eb49d7e6b903af92379b942cc0fa7.
ediaserver.te
|
d16dccc4edb3f35ffcf19a145dcd4d92dd6af003 |
07-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am a8e9391a: am 3d770d25: surfaceflinger: fix bugreport screenshot functionality * commit 'a8e9391aa30bd5935552330a3a95c1502d7f523c': surfaceflinger: fix bugreport screenshot functionality
|
a8e9391aa30bd5935552330a3a95c1502d7f523c |
06-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 3d770d25: surfaceflinger: fix bugreport screenshot functionality * commit '3d770d25f5a6a78ffe13c175f725284811c2d936': surfaceflinger: fix bugreport screenshot functionality
|
3d770d25f5a6a78ffe13c175f725284811c2d936 |
06-Jan-2014 |
Nick Kralevich <nnk@google.com> |
surfaceflinger: fix bugreport screenshot functionality When a bugreport is triggered using the device keys, it generates a screenshot and places it into /data/data/com.android.shell/files/bugreports. SELinux is denying those writes. Addresses the following denials: <5> type=1400 audit(1389047451.385:23): avc: denied { call } for pid=267 comm="Binder_1" scontext=u:r:surfaceflinger:s0 tcontext=u:r:dumpstate:s0 tclass=binder <5> type=1400 audit(1389046083.780:37): avc: denied { write } for pid=4191 comm="dumpsys" path="/data/data/com.android.shell/files/bugreports/bugreport-2014-01-06-14-07-35.txt.tmp" dev="mmcblk0p28" ino=81874 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file Bug: 12416329 Change-Id: I318145591cda500094d98103d30b784df48a67be
urfaceflinger.te
|
5361c45e6221e11f3f009e9426846feceee58667 |
06-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 35e41610: am 37339c76: fix mediaserver selinux denials. * commit '35e416100de06ffd664b88d2fa10bb0a03b4848f': fix mediaserver selinux denials.
|
35e416100de06ffd664b88d2fa10bb0a03b4848f |
06-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 37339c76: fix mediaserver selinux denials. * commit '37339c763e9082573fcc86e14a6fb9d2d4b9d20c': fix mediaserver selinux denials.
|
37339c763e9082573fcc86e14a6fb9d2d4b9d20c |
06-Jan-2014 |
Nick Kralevich <nnk@google.com> |
fix mediaserver selinux denials. mediaserver needs the ability to read media_rw_data_file files. Allow it. Similarly, this is also needed for drmserver. Addresses the following denials: <5>[ 22.812859] type=1400 audit(1389041093.955:17): avc: denied { read } for pid=1655 comm="MediaScannerSer" path="/data/media/0/DCIM/Camera/VID_20140106_124115.mp4" dev="mmcblk0p28" ino=122204 scontext=u:r:mediaserver:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file <5>[ 22.813103] type=1400 audit(1389041093.955:18): avc: denied { getattr } for pid=849 comm="Binder_2" path="/data/media/0/DCIM/Camera/VID_20140106_124115.mp4" dev="mmcblk0p28" ino=122204 scontext=u:r:mediaserver:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file <5>[ 22.832041] type=1400 audit(1389041093.975:19): avc: denied { read } for pid=849 comm="Binder_2" path="/data/media/0/DCIM/Camera/VID_20140106_124115.mp4" dev="mmcblk0p28" ino=122204 scontext=u:r:drmserver:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file <5>[ 52.357470] type=1400 audit(1389041123.494:29): avc: denied { read } for pid=2757 comm="ImageLoader" path="/data/media/0/DCIM/Camera/VID_20140106_124520.mp4" dev="mmcblk0p28" ino=122211 scontext=u:r:mediaserver:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file <5>[ 52.357717] type=1400 audit(1389041123.494:30): avc: denied { getattr } for pid=849 comm="Binder_2" path="/data/media/0/DCIM/Camera/VID_20140106_124520.mp4" dev="mmcblk0p28" ino=122211 scontext=u:r:mediaserver:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file <5>[ 52.382276] type=1400 audit(1389041123.524:31): avc: denied { read } for pid=849 comm="Binder_2" path="/data/media/0/DCIM/Camera/VID_20140106_124520.mp4" dev="mmcblk0p28" ino=122211 scontext=u:r:drmserver:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file Allow anyone who has access to video_device:chr_file to also have read access to video_device:dir. Otherwise, the chracter devices may not be reachable. Bug: 12416198 Change-Id: I649cd52ec7f1a25afb3aea479482e3f270bfe074
rmserver.te
ediaserver.te
urfaceflinger.te
ystem_server.te
|
5e220874b246fd3124c3ce1ed71bb25207b23681 |
06-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am e58a42f8: am a4e28f2e: Merge "Allow dumpstate to write shell files" * commit 'e58a42f8e8ed940a449ecbef351e8a72f9b5500e': Allow dumpstate to write shell files
|
97bc723964f05735feab00e4435627ead14e9a84 |
06-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 53c03f1b: am a730e50b: Don\'t allow zygote init:binder call * commit '53c03f1b1795418dd2de84813e62e32326ef35b4': Don't allow zygote init:binder call
|
a2f1e48d5573ccb237c32642a03a25c7d8eca4c7 |
06-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am badf49d0: am ed1648a4: Merge "Address adb backup/restore denials." * commit 'badf49d0aa52e5982642b596a2a2b62b932148c0': Address adb backup/restore denials.
|
e58a42f8e8ed940a449ecbef351e8a72f9b5500e |
06-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am a4e28f2e: Merge "Allow dumpstate to write shell files" * commit 'a4e28f2ef6f6b76489a66966792730236d41159c': Allow dumpstate to write shell files
|
53c03f1b1795418dd2de84813e62e32326ef35b4 |
06-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am a730e50b: Don\'t allow zygote init:binder call * commit 'a730e50bd93cd058b271ce3a4affcc6ac75da58b': Don't allow zygote init:binder call
|
a4e28f2ef6f6b76489a66966792730236d41159c |
06-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Allow dumpstate to write shell files"
|
bfa3cd51e4ffcac361d36088310f141a7b5d61a7 |
06-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Allow dumpstate to write shell files Allow the bugreport service to create files in /data/data/com.android.shell/files/bugreports/bugreport . Addresses the following denials: <5>[31778.629368] type=1400 audit(1388876199.162:230): avc: denied { write } for pid=19092 comm="dumpstate" name="bugreports" dev="mmcblk0p28" ino=1565709 scontext=u:r:dumpstate:s0 tcontext=u:object_r:shell_data_file:s0 tclass=dir <5>[31778.629493] type=1400 audit(1388876199.162:231): avc: denied { add_name } for pid=19092 comm="dumpstate" name="bugreport-2014-01-04-14-56-39.txt.tmp" scontext=u:r:dumpstate:s0 tcontext=u:object_r:shell_data_file:s0 tclass=dir <5>[31778.629622] type=1400 audit(1388876199.162:232): avc: denied { create } for pid=19092 comm="dumpstate" name="bugreport-2014-01-04-14-56-39.txt.tmp" scontext=u:r:dumpstate:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file <5>[31778.629779] type=1400 audit(1388876199.162:233): avc: denied { write open } for pid=19092 comm="dumpstate" name="bugreport-2014-01-04-14-56-39.txt.tmp" dev="mmcblk0p28" ino=1566628 scontext=u:r:dumpstate:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file <5>[31778.629977] type=1400 audit(1388876199.162:234): avc: denied { getattr } for pid=19092 comm="dumpstate" path="/data/data/com.android.shell/files/bugreports/bugreport-2014-01-04-14-56-39.txt.tmp" dev="mmcblk0p28" ino=1566628 scontext=u:r:dumpstate:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file Change-Id: I080613e8a2c989a7b50fde914271967a814c4ff4
umpstate.te
|
a730e50bd93cd058b271ce3a4affcc6ac75da58b |
04-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Don't allow zygote init:binder call init can't handle binder calls. It's always incorrect to allow init:binder call, and represents a binder call to a service without an SELinux domain. Adding this allow rule was a mistake; the dumpstate SELinux domain didn't exist at the time this rule was written, and dumpstate was running under init's domain. Add a neverallow rule to prevent the reintroduction of this bug. Change-Id: I78d35e675fd142d880f15329471778c18972bf50
omain.te
nconfined.te
ygote.te
|
badf49d0aa52e5982642b596a2a2b62b932148c0 |
04-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am ed1648a4: Merge "Address adb backup/restore denials." * commit 'ed1648a4b9a44dc5cda4a11f2e291442981a383e': Address adb backup/restore denials.
|
ed1648a4b9a44dc5cda4a11f2e291442981a383e |
04-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Address adb backup/restore denials."
|
c4021cebcf19a4c3f95395f7715a3cc9ed2b44c0 |
03-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Address adb backup/restore denials. Resolves the following denials seen during an adb backup and restore sequence. <5>[ 90.247039] type=1400 audit(1388759567.693:16): avc: denied { getopt } for pid=3503 comm="Thread-149" scontext=u:r:system_server:s0 tcontext=u:r:adbd:s0 tclass=unix_stream_socket <5>[ 90.249176] type=1400 audit(1388759567.703:17): avc: denied { getopt } for pid=2334 comm="app_process" scontext=u:r:shell:s0 tcontext=u:r:adbd:s0 tclass=unix_stream_socket Change-Id: I1f6f90f29eecc32ee692764b04b812988f099cde Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
omain.te
|
23a1a0ee6f18cba8433c92b41ea9bbc77dca4992 |
03-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 91811dba: am 301e61e7: Merge "Make mediaserver enforcing." * commit '91811dbac7680068e637cf954a2808d859649d73': Make mediaserver enforcing.
|
b339240fcb49c5bd8a2fbd27e2c81a792da8d4fb |
03-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 79ec510b: am 14a7764d: Merge "Make media_app enforcing." * commit '79ec510b25f658e7ffbebc7ba8259fc714ad654d': Make media_app enforcing.
|
caa928fb4b0e5683241010eb3098a75a91aa51c9 |
03-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am bc15519a: am af288172: Merge "Make nfc enforcing." * commit 'bc15519a5518c9b8e76f4937705c07b0b2c269f6': Make nfc enforcing.
|
91811dbac7680068e637cf954a2808d859649d73 |
03-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 301e61e7: Merge "Make mediaserver enforcing." * commit '301e61e751f81f722db84709adc8134b227b5dcb': Make mediaserver enforcing.
|
79ec510b25f658e7ffbebc7ba8259fc714ad654d |
03-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 14a7764d: Merge "Make media_app enforcing." * commit '14a7764dd1d595b0ffa627a796f3fb032ba874f1': Make media_app enforcing.
|
301e61e751f81f722db84709adc8134b227b5dcb |
03-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Make mediaserver enforcing."
|
bc15519a5518c9b8e76f4937705c07b0b2c269f6 |
03-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am af288172: Merge "Make nfc enforcing." * commit 'af2881729a39090534409580f8e183212254ac0f': Make nfc enforcing.
|
14a7764dd1d595b0ffa627a796f3fb032ba874f1 |
03-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Make media_app enforcing."
|
af2881729a39090534409580f8e183212254ac0f |
03-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Make nfc enforcing."
|
d85d8ebb311e37e89e67556a25d7dcb1ef061652 |
03-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am d5e316e3: am 782af9ea: Merge "Make radio enforcing." * commit 'd5e316e385f99e4d3b9598bfd5763781c35ba062': Make radio enforcing.
|
689e9554df18577b10c1cbaf8132603f6004c5ef |
03-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 15aa74f4: am ee3cfd25: Merge "Make bluetooth enforcing." * commit '15aa74f4a0be5efdd92000e19153d8891c8adc00': Make bluetooth enforcing.
|
d5e316e385f99e4d3b9598bfd5763781c35ba062 |
03-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 782af9ea: Merge "Make radio enforcing." * commit '782af9ea04fa98e54d8ca695e7731f4b7ab09500': Make radio enforcing.
|
15aa74f4a0be5efdd92000e19153d8891c8adc00 |
03-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am ee3cfd25: Merge "Make bluetooth enforcing." * commit 'ee3cfd2589b9909f5664204b05ff23a8361a2244': Make bluetooth enforcing.
|
782af9ea04fa98e54d8ca695e7731f4b7ab09500 |
03-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Make radio enforcing."
|
ee3cfd2589b9909f5664204b05ff23a8361a2244 |
03-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Make bluetooth enforcing."
|
1c250cba669f17ee5e93af6a18322e83b5295e51 |
03-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am c66ea87f: am aef19ebf: Merge "Make surfaceflinger domain enforcing." * commit 'c66ea87f5a73b87a591c7fd00b18610faffc0341': Make surfaceflinger domain enforcing.
|
c66ea87f5a73b87a591c7fd00b18610faffc0341 |
03-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am aef19ebf: Merge "Make surfaceflinger domain enforcing." * commit 'aef19ebfa84431fcc8c0eacce20c66cc8bb14fcb': Make surfaceflinger domain enforcing.
|
aef19ebfa84431fcc8c0eacce20c66cc8bb14fcb |
03-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Make surfaceflinger domain enforcing."
|
debd47f49ddaa3006f082a4565e8bda0c3769840 |
03-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 50fd2eed: am 4e39317c: Merge "Confine adbd but leave it permissive for now." * commit '50fd2eed24afe57d77cd9ccb5ec3477d34a15eaa': Confine adbd but leave it permissive for now.
|
50fd2eed24afe57d77cd9ccb5ec3477d34a15eaa |
03-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 4e39317c: Merge "Confine adbd but leave it permissive for now." * commit '4e39317c326aa4420fae37ddbc647f64ea043fc8': Confine adbd but leave it permissive for now.
|
4e39317c326aa4420fae37ddbc647f64ea043fc8 |
03-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Confine adbd but leave it permissive for now."
|
566eaa93432d48b175fd7f07b6214f1a67b0998b |
02-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 3d706559: am e7ec2f52: Only allow PROT_EXEC for ashmem where required. * commit '3d7065591bc6b246b18d239f20652bef665d54c8': Only allow PROT_EXEC for ashmem where required.
|
da26d7dd62c0484c8d4470e47e2f58b46f2f397b |
02-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 5d9913c6: am ad7df7bb: Remove execmem permission from domain, add to appdomain. * commit '5d9913c63664f91ad39101e8540254d4f1d1e3cd': Remove execmem permission from domain, add to appdomain.
|
3d7065591bc6b246b18d239f20652bef665d54c8 |
02-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am e7ec2f52: Only allow PROT_EXEC for ashmem where required. * commit 'e7ec2f5258550a2cc0cb8c76ef24fc100a6b2cf1': Only allow PROT_EXEC for ashmem where required.
|
5d9913c63664f91ad39101e8540254d4f1d1e3cd |
02-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am ad7df7bb: Remove execmem permission from domain, add to appdomain. * commit 'ad7df7bb76ce00cdef711ad1f96a9a7243981f4e': Remove execmem permission from domain, add to appdomain.
|
db9dd5014ba0cb4abceaae3228bfadc1d3ae505c |
02-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 411d940e: am 527316a2: Allow use of art as the Android runtime. * commit '411d940e92df8cd15266bd2e05c7d2a4632a6077': Allow use of art as the Android runtime.
|
411d940e92df8cd15266bd2e05c7d2a4632a6077 |
02-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 527316a2: Allow use of art as the Android runtime. * commit '527316a21b80c2a70d8ed23351299a4dce0c77bf': Allow use of art as the Android runtime.
|
e7ec2f5258550a2cc0cb8c76ef24fc100a6b2cf1 |
23-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Only allow PROT_EXEC for ashmem where required. tmpfs_domain() macro defines a per-domain type and allows access for tmpfs-backed files, including ashmem regions. execute-related permissions crept into it, thereby allowing write + execute to ashmem regions for most domains. Move the execute permission out of tmpfs_domain() to app_domain() and specific domains as required. Drop execmod for now we are not seeing it. Similarly, execute permission for /dev/ashmem crept into binder_use() as it was common to many binder using domains. Move it out of binder_use() to app_domain() and specific domains as required. Change-Id: I66f1dcd02932123eea5d0d8aaaa14d1b32f715bb Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
ystem_server.te
e_macros
|
ad7df7bb76ce00cdef711ad1f96a9a7243981f4e |
20-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Remove execmem permission from domain, add to appdomain. execmem permission controls the ability to make an anonymous mapping executable or to make a private file mapping writable and executable. Remove this permission from domain (i.e. all domains) by default, and add it explicitly to app domains. It is already allowed in other specific .te files as required. There may be additional cases in device-specific policy where it is required for proprietary binaries. Change-Id: I902ac6f8cf2e93d46b3a976bc4dabefa3905fce6 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
omain.te
|
527316a21b80c2a70d8ed23351299a4dce0c77bf |
23-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow use of art as the Android runtime. system_server and app domains need to map dalvik-cache files with PROT_EXEC. type=1400 msg=audit(13574814.073:132): avc: denied { execute } for pid=589 comm="system_server" path="/data/dalvik-cache/system@priv-app@SettingsProvider.apk@classes.dex" dev="mmcblk0p30" ino=684132 scontext=u:r:system_server:s0 tcontext=u:object_r:dalvikcache_data_file:s0 tclass=file Apps need to map cached dex files with PROT_EXEC. We already allow this for untrusted_app to support packaging of shared objects as assets but not for the platform app domains. type=1400 audit(1387810571.697:14): avc: denied { execute } for pid=7822 comm="android.youtube" path="/data/data/com.google.android.youtube/cache/ads1747714305.dex" dev="mmcblk0p30" ino=603259 scontext=u:r:platform_app:s0 tcontext=u:object_r:platform_app_data_file:s0 tclass=file Change-Id: I309907d591ea6044e3e6aeb57bde7508e426c033 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
latform_app.te
ystem_server.te
|
81e74b1cdfae7721995c46ad789682663cbd1bc7 |
02-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Confine adbd but leave it permissive for now. Will likely want to split into adbd_user.te vs adbd.te before going enforcing to support adb root and adb remount on non-user builds. Possibly take all common rules to an adbdcommon.te. Change-Id: I63040c7f5f0fca10b3df682572c51c05e74738a7 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
dbd.te
|
454adddde91adf81af4c961281134f7353276107 |
02-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am f3988de8: am 588bb5c7: Merge "Confine sdcardd, but leave it permissive for now." * commit 'f3988de89e782aba574a0066eed431b46e70fdc8': Confine sdcardd, but leave it permissive for now.
|
4696e96e6a2322e2f57a914cbeb12e732caaeec5 |
02-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 7fa9a4ab: am c48fd77b: Confine dhcp, but leave it permissive for now. * commit '7fa9a4ab3c79a3504552a49efc97f9698de9a8ef': Confine dhcp, but leave it permissive for now.
|
f3988de89e782aba574a0066eed431b46e70fdc8 |
02-Jan-2014 |
Nick Kralevich <nnk@google.com> |
am 588bb5c7: Merge "Confine sdcardd, but leave it permissive for now." * commit '588bb5c791ff66b1727484596a2567ce1f992463': Confine sdcardd, but leave it permissive for now.
|
7fa9a4ab3c79a3504552a49efc97f9698de9a8ef |
02-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
am c48fd77b: Confine dhcp, but leave it permissive for now. * commit 'c48fd77b9d97c836314ffa23dab9695d62d8ad9e': Confine dhcp, but leave it permissive for now.
|
588bb5c791ff66b1727484596a2567ce1f992463 |
02-Jan-2014 |
Nick Kralevich <nnk@google.com> |
Merge "Confine sdcardd, but leave it permissive for now."
|
c48fd77b9d97c836314ffa23dab9695d62d8ad9e |
29-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Confine dhcp, but leave it permissive for now. Change-Id: I11b185ff539915174bd2da53bfaa2cad87173008 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
hcp.te
|
9cc6d8d581b6094b36c59a0e95d674cb193916e8 |
24-Dec-2013 |
jaejyn.shin <jaejyn.shin@lge.com> |
Adding permissions needed to remove cache During removing cache data using Zipper application, I found violation logs. avc: denied { write } for pid=198 comm="installd" name="cache" dev="mmcblk0p29" ino=81680 scontext=u:r:installd:s0 tcontext=u:object_r:download_file:s0 tclass=dir avc: denied { remove_name } for pid=198 comm="installd" name="downloadfile.apk" dev="mmcblk0p29" ino=82247 scontext=u:r:installd:s0 tcontext=u:object_r:download_file:s0 tclass=dir avc: denied { unlink } for pid=198 comm="installd" name="downloadfile.apk" dev="mmcblk0p29" ino=82247 scontext=u:r:installd:s0 tcontext=u:object_r:download_file:s0 tclass=file Reproduction path is like below 1. Downloading Zipper application from Google Play (I used Zipper 1.9.9.2) 2. Clicking option and clicking "removing cache" button 3. Select "yes" 4. Violation show up Change-Id: I7993f1d20e3aa4c3e19c4aba9b4bef6760831a87
nstalld.te
|
9520913a79a56849c0e185e90fdb48519d2f01d2 |
20-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am bbe68e6d: am c17d30a5: Delete dalvikcache_data_file write/setattr access from shell. * commit 'bbe68e6db357e3211e2d164301d7d2d28619d5ea': Delete dalvikcache_data_file write/setattr access from shell.
|
bbe68e6db357e3211e2d164301d7d2d28619d5ea |
20-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am c17d30a5: Delete dalvikcache_data_file write/setattr access from shell. * commit 'c17d30a54219f1dd4b2e736a73cce6c14180a40a': Delete dalvikcache_data_file write/setattr access from shell.
|
c17d30a54219f1dd4b2e736a73cce6c14180a40a |
20-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Delete dalvikcache_data_file write/setattr access from shell. This showed up at some point in the past during our own internal CTS testing but it seems wrong based on the DAC permissions and a potential way to inject code into apps from the shell. Drop it for now and see if it shows up again. This predates userdebug/eng vs user shell split so possibly it only happens in the userdebug/eng case. Change-Id: If8b1e7817f8efecbf68a0ba5fd06328a23a6c6db Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
helldomain.te
|
398e60e9609881eb5cebe1f81b7af59b6da8505b |
20-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am 70eb1c2e: am d28ceeb0: Merge "shell: allow setting debug_prop and powerctl_prop" * commit '70eb1c2ef1ec7b4876c85a0f12f9dcf7e69dfed0': shell: allow setting debug_prop and powerctl_prop
|
70eb1c2ef1ec7b4876c85a0f12f9dcf7e69dfed0 |
20-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am d28ceeb0: Merge "shell: allow setting debug_prop and powerctl_prop" * commit 'd28ceeb01df91701740c8a5749453e8d4e8f7b19': shell: allow setting debug_prop and powerctl_prop
|
d28ceeb01df91701740c8a5749453e8d4e8f7b19 |
20-Dec-2013 |
Nick Kralevich <nnk@google.com> |
Merge "shell: allow setting debug_prop and powerctl_prop"
|
dd8d30de289686bc619be7bebdf5279f647579a0 |
20-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am 4bd24975: am fe907e57: Merge "vold: allow wakelocks, fsck logs" * commit '4bd24975d245fc065ec327b61c7c724feebf3ebb': vold: allow wakelocks, fsck logs
|
4bd24975d245fc065ec327b61c7c724feebf3ebb |
20-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am fe907e57: Merge "vold: allow wakelocks, fsck logs" * commit 'fe907e57480c16a24271372c890ba60724e3c632': vold: allow wakelocks, fsck logs
|
c9d31d573473d1cd30d51c1317d2b9fc0c49c27e |
20-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am 0522774a: am 9969a4d2: Merge "Allow dumpsys" * commit '0522774aa1b88c28fe0d71ef0aba04dad744d153': Allow dumpsys
|
fe907e57480c16a24271372c890ba60724e3c632 |
20-Dec-2013 |
Nick Kralevich <nnk@google.com> |
Merge "vold: allow wakelocks, fsck logs"
|
0522774aa1b88c28fe0d71ef0aba04dad744d153 |
20-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am 9969a4d2: Merge "Allow dumpsys" * commit '9969a4d23ed7351f90db8849a6ce1de77e20a140': Allow dumpsys
|
9969a4d23ed7351f90db8849a6ce1de77e20a140 |
20-Dec-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Allow dumpsys"
|
20a791a4f230dad2bdd34686e2b4abc7852f08cb |
20-Dec-2013 |
Nick Kralevich <nnk@google.com> |
shell: allow setting debug_prop and powerctl_prop Allow the shell user to set debug.* properties. This allows systrace to work on Android. Allow the shell user to set sys.powerctl, to allow reboots to work. Addresses the following denials: <4>[ 2141.449722] avc: denied { set } for property=debug.atrace.tags.enableflags scontext=u:r:shell:s0 tcontext=u:object_r:debug_prop:s0 tclass=property_service <4>[ 2141.450820] avc: denied { set } for property=debug.atrace.app_cmdlines scontext=u:r:shell:s0 tcontext=u:object_r:debug_prop:s0 tclass=property_service <4>[ 2141.506703] avc: denied { set } for property=debug.atrace.tags.enableflags scontext=u:r:shell:s0 tcontext=u:object_r:debug_prop:s0 tclass=property_service <4>[ 2141.507591] avc: denied { set } for property=debug.atrace.app_cmdlines scontext=u:r:shell:s0 tcontext=u:object_r:debug_prop:s0 tclass=property_service Bug: 12231073 Change-Id: Iaba1db06ba287c7d5d10ce287833c57238e03bb6
helldomain.te
|
3e2de71f55940fa928965e0f60cecf89b32f2516 |
20-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am c3928dc8: am a2c4cb3c: Merge "Allow dumpstate to use ping." * commit 'c3928dc8205953eb9ac130cb55e86e340a485a66': Allow dumpstate to use ping.
|
c3928dc8205953eb9ac130cb55e86e340a485a66 |
20-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am a2c4cb3c: Merge "Allow dumpstate to use ping." * commit 'a2c4cb3c85db4b8920e62edcefc421cbe7753917': Allow dumpstate to use ping.
|
a2c4cb3c85db4b8920e62edcefc421cbe7753917 |
20-Dec-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Allow dumpstate to use ping."
|
515389001d68d201fbe325d8454a9916cad326ca |
20-Dec-2013 |
Nick Kralevich <nnk@google.com> |
Allow dumpsys Allow adb shell to run dumpsys. Addresses the following denials: 23.720402 type=1400 audit(1387473582.512:12): avc: denied { read write } for pid=1469 comm="dumpsys" path="/dev/pts/0" dev="devpts" ino=3 scontext=u:r:system_server:s0 tcontext=u:object_r:devpts:s0 tclass=chr_file 23.862719 type=1400 audit(1387473582.652:13): avc: denied { getattr } for pid=696 comm="Binder_3" path="/dev/pts/0" dev="devpts" ino=3 scontext=u:r:system_server:s0 tcontext=u:object_r:devpts:s0 tclass=chr_file Change-Id: I6c56f9267d769d579514dca3cfde8d5a99170456
inderservicedomain.te
|
3753c816b25447d2eb76aea96030c92b7d962046 |
20-Dec-2013 |
Nick Kralevich <nnk@google.com> |
vold: allow wakelocks, fsck logs When encrypting a device, vold tries to acquire a wake lock, to prevent the device from sleeping. Add an allow rule. After booting with a freshly encrypted device, fsck logs data to /dev/fscklogs/log . Add an allow rule. Addresses the following denials. wake lock: <5>[ 372.401015] type=1400 audit(1387488823.195:6): avc: denied { read write } for pid=143 comm="vold" name="wake_lock" dev="sysfs" ino=69 scontext=u:r:vold:s0 tcontext=u:object_r:sysfs_wake_lock:s0 tclass=file <5>[ 127.274556] type=1400 audit(1387494536.080:8): avc: denied { open } for pid=140 comm="vold" name="wake_lock" dev="sysfs" ino=69 scontext=u:r:vold:s0 tcontext=u:object_r:sysfs_wake_lock:s0 tclass=file fsck logging: <5>[ 44.759122] type=1400 audit(1387489522.460:6): avc: denied { search } for pid=132 comm="vold" name="fscklogs" dev="tmpfs" ino=3216 scontext=u:r:vold:s0 tcontext=u:object_r:fscklogs:s0 tclass=dir <5>[ 28.559964] type=1400 audit(1387495221.265:6): avc: denied { write } for pid=132 comm="vold" name="fscklogs" dev="tmpfs" ino=3216 scontext=u:r:vold:s0 tcontext=u:object_r:fscklogs:s0 tclass=dir <5>[ 28.560081] type=1400 audit(1387495221.265:7): avc: denied { add_name } for pid=132 comm="vold" name="log" scontext=u:r:vold:s0 tcontext=u:object_r:fscklogs:s0 tclass=dir <5>[ 28.560244] type=1400 audit(1387495221.265:8): avc: denied { create } for pid=132 comm="vold" name="log" scontext=u:r:vold:s0 tcontext=u:object_r:fscklogs:s0 tclass=file <5>[ 28.560383] type=1400 audit(1387495221.265:9): avc: denied { write open } for pid=132 comm="vold" name="log" dev="tmpfs" ino=5898 scontext=u:r:vold:s0 tcontext=u:object_r:fscklogs:s0 tclass=file <5>[ 28.582520] type=1400 audit(1387495221.285:10): avc: denied { getattr } for pid=132 comm="vold" path="/dev/fscklogs/log" dev="tmpfs" ino=5898 scontext=u:r:vold:s0 tcontext=u:object_r:fscklogs:s0 tclass=file Change-Id: I09fbe73c9d4955578c16fece4f3b84269eed78b5
old.te
|
4f559fb75e54bd764baf61f6eaef520b0c92a12d |
20-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am ddd5ebf8: am 13e44ec7: allow system_server block_suspend * commit 'ddd5ebf8e8833f6bbeba8d2bf1783f74c1551b42': allow system_server block_suspend
|
ddd5ebf8e8833f6bbeba8d2bf1783f74c1551b42 |
20-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am 13e44ec7: allow system_server block_suspend * commit '13e44ec74d326463213c4c01963c776a699467cb': allow system_server block_suspend
|
13e44ec74d326463213c4c01963c776a699467cb |
19-Dec-2013 |
Nick Kralevich <nnk@google.com> |
allow system_server block_suspend I'm only seeing this denial on one device (manta), but it feels like it should be part of the generic policy. I don't understand why it's happening on only one device. Addresses the following denial: 14.711671 type=1400 audit(1387474628.570:6): avc: denied { block_suspend } for pid=533 comm="InputReader" capability=36 scontext=u:r:system_server:s0 tcontext=u:r:system_server:s0 tclass=capability2 Change-Id: If4b28b6f42ca92c0e2cacfad75c8cbe023b0fa47
ystem_server.te
|
15abc9504b825b5e84ad78b7328d27faf8801cfb |
29-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Confine sdcardd, but leave it permissive for now. Change-Id: I1eba1535d650a09ee7640cb7f3664202be4a0a55 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
dcardd.te
|
d3c526a142b1b6fbb72508a132fa15ddec324742 |
19-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am 58336fc6: am 815e9813: Merge "Make bluetooth, nfc, radio and shell adb-installable" * commit '58336fc678102f432266ec540e0a598799baabec': Make bluetooth, nfc, radio and shell adb-installable
|
58336fc678102f432266ec540e0a598799baabec |
19-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am 815e9813: Merge "Make bluetooth, nfc, radio and shell adb-installable" * commit '815e98136cebe7d9346cbbeac87ad03d15414289': Make bluetooth, nfc, radio and shell adb-installable
|
815e98136cebe7d9346cbbeac87ad03d15414289 |
19-Dec-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Make bluetooth, nfc, radio and shell adb-installable"
|
f5e90004a30a2cb5c1a1d70134a32d68994e2568 |
26-Nov-2013 |
Takeshi Aimi <takeshi.aimi@sonymobile.com> |
Make bluetooth, nfc, radio and shell adb-installable bluetooth, nfc, radio and shell are not explicitly declared in installd.te. This prevents applications in those group from upgrading by "adb install -r". You can reproduce the issue by following step: 1. adb pull /system/priv-app/Shell.apk 2. adb install -r Shell.apk 3. install failed with the error log blow [Error in logcat] E/installd( 338): couldn't symlink directory '/data/data/com.android.shell/lib' -> '/data/app-lib/com.android.shell-1': Permission denied E/installd( 338): couldn't symlink directory '/data/data/com.android.shell/lib' -> '/data/app-lib/Shell': Permission denied [Error in dmesg] <5>[ 112.053301] type=1400 audit(1387412796.071:10): avc: denied { create } for pid=337 comm="installd" name="lib" scontext=u:r:installd:s0 tcontext=u:object_r:shell_data_file:s0 tclass=lnk_file This operation fails only if the app belongs to any of the groups specified in the commit title. Change-Id: I7572df9fb6e471fad34f61137f0eeeda4c82659d
nstalld.te
|
f6bf7ef70c08c176189a85292547f49013f9890e |
18-Dec-2013 |
Nick Kralevich <nnk@google.com> |
Allow dumpstate to use ping. Addreseses the following denials: <5>[ 695.383994] type=1400 audit(1387403898.292:55): avc: denied { execute } for pid=5187 comm="dumpstate" name="ping" dev="mmcblk0p25" ino=213 scontext=u:r:dumpstate:s0 tcontext=u:object_r:ping_exec:s0 tclass=file <5>[ 695.384727] type=1400 audit(1387403898.292:56): avc: denied { read open } for pid=5187 comm="dumpstate" name="ping" dev="mmcblk0p25" ino=213 scontext=u:r:dumpstate:s0 tcontext=u:object_r:ping_exec:s0 tclass=file <5>[ 695.385418] type=1400 audit(1387403898.292:57): avc: denied { execute_no_trans } for pid=5187 comm="dumpstate" path="/system/bin/ping" dev="mmcblk0p25" ino=213 scontext=u:r:dumpstate:s0 tcontext=u:object_r:ping_exec:s0 tclass=file <5>[ 695.391978] type=1400 audit(1387403898.302:58): avc: denied { create } for pid=5187 comm="ping" scontext=u:r:dumpstate:s0 tcontext=u:r:dumpstate:s0 tclass=rawip_socket <5>[ 695.393193] type=1400 audit(1387403898.302:59): avc: denied { setopt } for pid=5187 comm="ping" scontext=u:r:dumpstate:s0 tcontext=u:r:dumpstate:s0 tclass=rawip_socket <5>[ 695.393753] type=1400 audit(1387403898.302:60): avc: denied { getopt } for pid=5187 comm="ping" scontext=u:r:dumpstate:s0 tcontext=u:r:dumpstate:s0 tclass=rawip_socket <5>[ 695.394886] type=1400 audit(1387403898.302:61): avc: denied { write } for pid=5187 comm="ping" scontext=u:r:dumpstate:s0 tcontext=u:r:dumpstate:s0 tclass=rawip_socket <5>[ 695.400693] type=1400 audit(1387403898.312:62): avc: denied { read } for pid=5187 comm="ping" lport=4 scontext=u:r:dumpstate:s0 tcontext=u:r:dumpstate:s0 tclass=rawip_socket Change-Id: If9a790725ec0ba1ca6cb5c9a8ed85288580940e8
ing.te
|
f1611ccf2c15ac6cb0e8930f1818351abe4cc26d |
18-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am b48b52c6: am b63e485b: Merge "Confine shell domain in -user builds only." * commit 'b48b52c64b7493a4049522e826d7960e3bc8e1a4': Confine shell domain in -user builds only.
|
18e75ca47276ee83bc0adbe5b10a13b4d84ae734 |
18-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am b423b569: am 59469370: Add rules to permit CTS security-related tests to run. * commit 'b423b5692ea043fa4488c1374504dfd129ee1dd8': Add rules to permit CTS security-related tests to run.
|
b48b52c64b7493a4049522e826d7960e3bc8e1a4 |
18-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am b63e485b: Merge "Confine shell domain in -user builds only." * commit 'b63e485b769ad847ef541423a671379f383a404e': Confine shell domain in -user builds only.
|
b423b5692ea043fa4488c1374504dfd129ee1dd8 |
18-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 59469370: Add rules to permit CTS security-related tests to run. * commit '594693705f0d5768db3c3212037da5fd5d5653be': Add rules to permit CTS security-related tests to run.
|
b63e485b769ad847ef541423a671379f383a404e |
18-Dec-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Confine shell domain in -user builds only."
|
712ca0a4d5c3ff77179da2544aafd6eb8e5a70c2 |
23-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Confine shell domain in -user builds only. Confine the domain for an adb shell in -user builds only. The shell domain in non-user builds is left permissive. init_shell (shell spawned by init, e.g. console service) remains unconfined by this change. Introduce a shelldomain attribute for rules common to all shell domains, assign it to the shell types, and add shelldomain.te for its rules. Change-Id: I01ee2c7ef80b61a9db151abe182ef9af7623c461 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ttributes
omain.te
nit_shell.te
hell.te
hell_user.te
helldomain.te
|
594693705f0d5768db3c3212037da5fd5d5653be |
16-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Add rules to permit CTS security-related tests to run. Change-Id: I184458af1f40de6f1ab99452e76ba586dad1319e Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
|
846a42bfb5ac53dda319f87a82fa4b8d2d36883a |
18-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am 4e604de2: am ae2a35c6: Merge "Label /data/media with its own type and allow access." * commit '4e604de23f0ed096ad7f2b2ebb54cdba5c23ea22': Label /data/media with its own type and allow access.
|
4e604de23f0ed096ad7f2b2ebb54cdba5c23ea22 |
18-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am ae2a35c6: Merge "Label /data/media with its own type and allow access." * commit 'ae2a35c6dd07a4253f864891d4d93260f626321c': Label /data/media with its own type and allow access.
|
ae2a35c6dd07a4253f864891d4d93260f626321c |
18-Dec-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Label /data/media with its own type and allow access."
|
e13fabd75a1adb47abdaa115a793d2f1ad247af7 |
17-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Label /data/media with its own type and allow access. /data/media presently is left in system_data_file, which requires anything that wants to write to it to be able to write to system_data_file. Introduce a new type for /data/media, media_rw_data_file (to match the media_rw UID assigned to it and distinguish it from /data/misc/media which has media UID and media_data_file type), and allow access to it. We allow this for all platform app domains as WRITE_MEDIA_STORAGE permission is granted to signature|system. We should not have to allow it to untrusted_app. Set up type transitions in sdcardd to automatically label any directories or files it creates with the new type. Change-Id: I5c7e6245b854a9213099e40a41d9583755d37d42 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ile.te
ile_contexts
latform_app.te
dcardd.te
|
3ff767df452dd4c3b8a4559db793ef54eecce32c |
17-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am e58bcf4e: am c4d7c0d7: system_server.te: allow getopt/getattr on zygote socket * commit 'e58bcf4e67e636a3b894da5ea518f5b8468be503': system_server.te: allow getopt/getattr on zygote socket
|
e58bcf4e67e636a3b894da5ea518f5b8468be503 |
17-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am c4d7c0d7: system_server.te: allow getopt/getattr on zygote socket * commit 'c4d7c0d797a9ef48df1d581578a8f84f9a45aac7': system_server.te: allow getopt/getattr on zygote socket
|
c4d7c0d797a9ef48df1d581578a8f84f9a45aac7 |
17-Dec-2013 |
Nick Kralevich <nnk@google.com> |
system_server.te: allow getopt/getattr on zygote socket In 61dc35072090f2735af2b39572e39eadb30573eb, I forgot to allow system_server to run getopt/getattr on the zygote socket. Bug: 12061011 Change-Id: I14f8fc98c1b08dfd3c2188d562e594547dba69e6
ystem_server.te
|
5c30295b330520c1dde520300faa25848b6d45c0 |
17-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am d500f837: am 61dc3507: app.te: allow getopt/getattr on zygote socket * commit 'd500f8373e431937090cf7786675a5d6ccb9c21f': app.te: allow getopt/getattr on zygote socket
|
d500f8373e431937090cf7786675a5d6ccb9c21f |
17-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am 61dc3507: app.te: allow getopt/getattr on zygote socket * commit '61dc35072090f2735af2b39572e39eadb30573eb': app.te: allow getopt/getattr on zygote socket
|
61dc35072090f2735af2b39572e39eadb30573eb |
17-Dec-2013 |
Nick Kralevich <nnk@google.com> |
app.te: allow getopt/getattr on zygote socket The closure of /dev/socket/zygote occurs in the zygote child process, after Zygote has dropped privileges and changed SELinux domains. In Google's internal tree, socket closures are following a different path, which is causing getopt/getattr to be used on the file descriptor. This is generating a large number of denials. Allow the operations for now. getopt/getattr are fairly harmless. Long term, we shouldn't be performing these operations on the zygote socket. Addresses the following denials: 18.352783 type=1400 audit(1386374111.043:7): avc: denied { getattr } for pid=682 comm="ndroid.systemui" path="socket:[9287]" dev="sockfs" ino=9287 scontext=u:r:platform_app:s0 tcontext=u:r:zygote:s0 tclass=unix_stream_socket 18.353088 type=1400 audit(1386374111.043:8): avc: denied { getopt } for pid=682 comm="ndroid.systemui" path="/dev/socket/zygote" scontext=u:r:platform_app:s0 tcontext=u:r:zygote:s0 tclass=unix_stream_socket 18.833251 type=1400 audit(1386374111.524:9): avc: denied { getattr } for pid=761 comm="d.process.acore" path="socket:[9287]" dev="sockfs" ino=9287 scontext=u:r:shared_app:s0 tcontext=u:r:zygote:s0 tclass=unix_stream_socket 18.833557 type=1400 audit(1386374111.524:10): avc: denied { getopt } for pid=761 comm="d.process.acore" path="/dev/socket/zygote" scontext=u:r:shared_app:s0 tcontext=u:r:zygote:s0 tclass=unix_stream_socket 19.042419 type=1400 audit(1386374111.734:11): avc: denied { getattr } for pid=806 comm="d.process.media" path="socket:[9287]" dev="sockfs" ino=9287 scontext=u:r:media_app:s0 tcontext=u:r:zygote:s0 tclass=unix_stream_socket 19.042724 type=1400 audit(1386374111.734:12): avc: denied { getopt } for pid=806 comm="d.process.media" path="/dev/socket/zygote" scontext=u:r:media_app:s0 tcontext=u:r:zygote:s0 tclass=unix_stream_socket 19.182830 type=1400 audit(1386374111.874:14): avc: denied { getattr } for pid=825 comm="putmethod.latin" path="socket:[9287]" dev="sockfs" ino=9287 scontext=u:r:untrusted_app:s0 tcontext=u:r:zygote:s0 tclass=unix_stream_socket 19.183105 type=1400 audit(1386374111.874:15): avc: denied { getopt } for pid=825 comm="putmethod.latin" path="/dev/socket/zygote" scontext=u:r:untrusted_app:s0 tcontext=u:r:zygote:s0 tclass=unix_stream_socket 19.235473 type=1400 audit(1386374111.924:16): avc: denied { getattr } for pid=840 comm="ndroid.settings" path="socket:[9287]" dev="sockfs" ino=9287 scontext=u:r:system_app:s0 tcontext=u:r:zygote:s0 tclass=unix_stream_socket Bug: 12061011 Change-Id: Ie1ec7636185aba7954656802e5eed735f49830c9
pp.te
|
9f74703f8d7b1cb8ed930a8611fbc4fc113713ee |
17-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am 80508964: am 09e6abd9: initial dumpstate domain * commit '80508964d2e58be41fab7d01c221028e0c3e17b5': initial dumpstate domain
|
80508964d2e58be41fab7d01c221028e0c3e17b5 |
17-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am 09e6abd9: initial dumpstate domain * commit '09e6abd91b3aaaa11a44d032e095360c64a97b3a': initial dumpstate domain
|
09e6abd91b3aaaa11a44d032e095360c64a97b3a |
14-Dec-2013 |
Nick Kralevich <nnk@google.com> |
initial dumpstate domain Add the necessary rules to support dumpstate. Start off initially in permissive until it has more testing. Dumpstate is triggered by running "adb bugreport" Change-Id: Ic17a60cca1f6f40daa4f2c51e9ad6009ef36cfbd
pp.te
inderservicedomain.te
umpstate.te
ile.te
ile_contexts
ealthd.te
u.te
|
6bd05f2fa303a5bf1a36337e76679d0a1d181adb |
16-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am 60a95a52: am caa6a32d: initial inputflinger domain * commit '60a95a5227d350b9e1eab6ce7cf3fcc1c6b6372f': initial inputflinger domain
|
60a95a5227d350b9e1eab6ce7cf3fcc1c6b6372f |
16-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am caa6a32d: initial inputflinger domain * commit 'caa6a32d76e22b350f58ee6cf35c95f6282f076e': initial inputflinger domain
|
caa6a32d76e22b350f58ee6cf35c95f6282f076e |
15-Dec-2013 |
Nick Kralevich <nnk@google.com> |
initial inputflinger domain Add a placeholder domain for inputflinger. Mark it initially unconfined and enforcing. Change-Id: I433fd9e1954486136cb8abb084b4e19bb7fc2f19
ile_contexts
nputflinger.te
|
4e3b20966a55a01fcc1d7ab2aa22610bffecfe47 |
16-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am 654c8594: am 96c266c3: Merge "put netd into net_domain" * commit '654c8594b360f2e33b6d18d2283244ec38dceff4': put netd into net_domain
|
78bc5cdeaeb2102618b4123cc97720b199e0f7ed |
16-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am d46eed39: am 8b0ce1b1: Merge "Label /data/misc/zoneinfo" * commit 'd46eed39be956d3975502087564cb9e2795cecc7': Label /data/misc/zoneinfo
|
654c8594b360f2e33b6d18d2283244ec38dceff4 |
16-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am 96c266c3: Merge "put netd into net_domain" * commit '96c266c3901eeab0476c6d08459d5748ff28889d': put netd into net_domain
|
d46eed39be956d3975502087564cb9e2795cecc7 |
16-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am 8b0ce1b1: Merge "Label /data/misc/zoneinfo" * commit '8b0ce1b189e1fde8f3b16a6758369bfbe690ead8': Label /data/misc/zoneinfo
|
96c266c3901eeab0476c6d08459d5748ff28889d |
16-Dec-2013 |
Nick Kralevich <nnk@google.com> |
Merge "put netd into net_domain"
|
8b0ce1b189e1fde8f3b16a6758369bfbe690ead8 |
16-Dec-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Label /data/misc/zoneinfo"
|
bc19050cdd0178bc43faa588acc1875ae5c0af2c |
16-Dec-2013 |
Nick Kralevich <nnk@google.com> |
put netd into net_domain This addresses the review comments from https://android-review.googlesource.com/#/c/69855/ Change-Id: I4d4633db711695c7f959b60f247772b0ac67931f
etd.te
|
68b24f67c390b68f0df91b0048ac33e85b17f6eb |
15-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am b2994947: am 3867c037: Merge "alphabetize /data/misc entries." * commit 'b29949479b38505fcb1cb9c466da8a4021614969': alphabetize /data/misc entries.
|
b29949479b38505fcb1cb9c466da8a4021614969 |
15-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am 3867c037: Merge "alphabetize /data/misc entries." * commit '3867c037536fb521ab421086d4e187d9d1397d91': alphabetize /data/misc entries.
|
3867c037536fb521ab421086d4e187d9d1397d91 |
15-Dec-2013 |
Nick Kralevich <nnk@google.com> |
Merge "alphabetize /data/misc entries."
|
122584d6009fe7a639aea3dac4b2de7132d2efc1 |
14-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am 6f04cc5a: am 8fff8725: Merge "Make tee enforcing." * commit '6f04cc5a0aef8ccf768293236e0bf8eae78bf577': Make tee enforcing.
|
7466f9b69341e3d86b0242d8ad18ae98d22f05a2 |
13-Dec-2013 |
Nick Kralevich <nnk@google.com> |
Label /data/misc/zoneinfo And allow any SELinux domain to read these timezone related files. Addresses the following denial: <5>[ 4.746399] type=1400 audit(3430294.470:7): avc: denied { open } for pid=197 comm="time_daemon" name="tzdata" dev="mmcblk0p28" ino=618992 scontext=u:r:time:s0 tcontext=u:object_r:system_data_file:s0 tclass=file Change-Id: Iff32465e62729d7aad8c79607848d89ce0aede86
omain.te
ile.te
ile_contexts
|
6a32eec74dc631e0bc06bca84cb2d0b3cd222c8b |
13-Dec-2013 |
Nick Kralevich <nnk@google.com> |
alphabetize /data/misc entries. Alphabetize the entries for the /data/misc subdirectories. Change-Id: I3690085cbb99c225545545668dedd66341a14edb
ile.te
ile_contexts
|
6f04cc5a0aef8ccf768293236e0bf8eae78bf577 |
14-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am 8fff8725: Merge "Make tee enforcing." * commit '8fff8725b3910c4b207074c27194adb36f91c446': Make tee enforcing.
|
8fff8725b3910c4b207074c27194adb36f91c446 |
14-Dec-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Make tee enforcing."
|
976521867ad6ebba80ffc88ee9d8345ad49a3dfa |
13-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am e0b79deb: am 8ad22590: Make bootanim domain enforcing. * commit 'e0b79deb8a5faa939a6b73c9e7eb5936250ba56e': Make bootanim domain enforcing.
|
e0b79deb8a5faa939a6b73c9e7eb5936250ba56e |
13-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 8ad22590: Make bootanim domain enforcing. * commit '8ad225908d10a463bf993a057f7cc201f6ba9358': Make bootanim domain enforcing.
|
8ad225908d10a463bf993a057f7cc201f6ba9358 |
13-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make bootanim domain enforcing. Change-Id: I9d87c35cc8d4ffffab4f7c28f3d3d43f85b10123 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ootanim.te
|
1964682ebc23ff93ca3726e15b3ccbb8bd1f84b7 |
12-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am d35070d0: am 4b237c93: Merge "Make watchdogd enforcing." * commit 'd35070d03028d92bf814c6e1ee09163d6962d768': Make watchdogd enforcing.
|
d35070d03028d92bf814c6e1ee09163d6962d768 |
12-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am 4b237c93: Merge "Make watchdogd enforcing." * commit '4b237c934069ed56d08fb2de8279f084d723f467': Make watchdogd enforcing.
|
4b237c934069ed56d08fb2de8279f084d723f467 |
12-Dec-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Make watchdogd enforcing."
|
a11c56e1249419d92db70d11b2976bf8962bad5d |
26-Nov-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make surfaceflinger domain enforcing. Change-Id: I55d059cf6b9e13a81545d3d8b8ff86befc89d6b3 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
urfaceflinger.te
|
e33add0ddc5b6fb434795dd5338a429f20c16f83 |
12-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am f92b2d4b: am acde43f2: Define a domain for the bootanim service. * commit 'f92b2d4b09a95973db9631779750991ddbc5b891': Define a domain for the bootanim service.
|
f92b2d4b09a95973db9631779750991ddbc5b891 |
12-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am acde43f2: Define a domain for the bootanim service. * commit 'acde43f23fbe9b2d180034c6a99b8711a6af7f21': Define a domain for the bootanim service.
|
85a74993991a8a57529158b2e9f243ec640e85c1 |
12-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am d4ecb2ca: am 3ba90125: Move gpu_device type and rules to core policy. * commit 'd4ecb2ca084123fed9147cc69e48ebed613c6bb8': Move gpu_device type and rules to core policy.
|
d4ecb2ca084123fed9147cc69e48ebed613c6bb8 |
12-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 3ba90125: Move gpu_device type and rules to core policy. * commit '3ba9012535d8412d94db4ae9a5ce928b806e26d8': Move gpu_device type and rules to core policy.
|
acde43f23fbe9b2d180034c6a99b8711a6af7f21 |
11-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Define a domain for the bootanim service. Leave the domain permissive initially until it gets more testing. Change-Id: I9d88d76d1ffdc79a2eff4545d37a9e615482df50 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ootanim.te
ile_contexts
urfaceflinger.te
|
3ba9012535d8412d94db4ae9a5ce928b806e26d8 |
12-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Move gpu_device type and rules to core policy. Change-Id: I3ce0b4bd25e078698a1c50242aaed414bf5cb517 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
evice.te
urfaceflinger.te
ystem_server.te
|
5dec301463689ba94f797062622bc0b87005d874 |
11-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am ead81e82: am cf6b350a: Allow apps to execute ping * commit 'ead81e8292429cc9bcef13f3b9717b6ac520fa8d': Allow apps to execute ping
|
613a36ddf822c3b40264abc90741c373cfed1955 |
11-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am c7471067: am ca9ba328: Merge "Make ping enforcing." * commit 'c747106765cd124a84e65511bb7e8ff40b0d4fb8': Make ping enforcing.
|
3429d141f08ee386ec3a2cb62f184f5220979389 |
11-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am a8a91e41: am 21a6a6b5: Merge "Allow system_app to set properties" * commit 'a8a91e41af14f92051970618b357d4a14cd0e85f': Allow system_app to set properties
|
91aac0f3f5c61ce9bb69b54ad2be8535502388ab |
11-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am 96d352d4: am b71be5cf: Merge "Make the runas domain enforcing." * commit '96d352d4099acc268ebd37759c4c275885c58983': Make the runas domain enforcing.
|
1d40a22396d360be589059cd0a79a3eec10a9f0f |
11-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 09e666d1: am 65317124: Allow untrusted apps to execute binaries from their sandbox directories. * commit '09e666d1ff8f884b05051db553aed0cba4ff5205': Allow untrusted apps to execute binaries from their sandbox directories.
|
ead81e8292429cc9bcef13f3b9717b6ac520fa8d |
11-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am cf6b350a: Allow apps to execute ping * commit 'cf6b350a32ea65fa359981bd42ca0324547e2784': Allow apps to execute ping
|
cf6b350a32ea65fa359981bd42ca0324547e2784 |
11-Dec-2013 |
Nick Kralevich <nnk@google.com> |
Allow apps to execute ping Addresses the following denials: <5>[ 170.166218] type=1400 audit(1386789488.029:57): avc: denied { getattr } for pid=4352 comm="sh" path="/system/bin/ping" dev="mmcblk0p25" ino=182 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:ping_exec:s0 tclass=file <5>[ 170.166356] type=1400 audit(1386789488.029:58): avc: denied { execute } for pid=4352 comm="sh" name="ping" dev="mmcblk0p25" ino=182 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:ping_exec:s0 tclass=file <5>[ 170.166841] type=1400 audit(1386789488.029:59): avc: denied { read open } for pid=4389 comm="sh" name="ping" dev="mmcblk0p25" ino=182 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:ping_exec:s0 tclass=file <5>[ 170.166962] type=1400 audit(1386789488.029:60): avc: denied { execute_no_trans } for pid=4389 comm="sh" path="/system/bin/ping" dev="mmcblk0p25" ino=182 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:ping_exec:s0 tclass=file Change-Id: Ic175ef7392897a3941c36db67dfa59ded35204b5
pp.te
|
c747106765cd124a84e65511bb7e8ff40b0d4fb8 |
11-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am ca9ba328: Merge "Make ping enforcing." * commit 'ca9ba328bae976ac2d837bbba57799f5b8fc77cd': Make ping enforcing.
|
ca9ba328bae976ac2d837bbba57799f5b8fc77cd |
11-Dec-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Make ping enforcing."
|
a8a91e41af14f92051970618b357d4a14cd0e85f |
11-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am 21a6a6b5: Merge "Allow system_app to set properties" * commit '21a6a6b5076eabf4bdf9a99d872a9bd4e199627b': Allow system_app to set properties
|
21a6a6b5076eabf4bdf9a99d872a9bd4e199627b |
11-Dec-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Allow system_app to set properties"
|
96d352d4099acc268ebd37759c4c275885c58983 |
11-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am b71be5cf: Merge "Make the runas domain enforcing." * commit 'b71be5cfbfa50c124c511bdb12e79fb23b3f784f': Make the runas domain enforcing.
|
b71be5cfbfa50c124c511bdb12e79fb23b3f784f |
11-Dec-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Make the runas domain enforcing."
|
09e666d1ff8f884b05051db553aed0cba4ff5205 |
11-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 65317124: Allow untrusted apps to execute binaries from their sandbox directories. * commit '65317124a0bb7db4829f78e74c7bfe18e27f1c43': Allow untrusted apps to execute binaries from their sandbox directories.
|
3e78000e38912ed0433513a4462fae3ba6a9eca4 |
11-Dec-2013 |
Nick Kralevich <nnk@google.com> |
Allow system_app to set properties Settings > Developer Options > Profile GPU Rendering was broken, as it couldn't set a debug.* system property. In addition, system_app wasn't allowed to access init's property_service socket. Both fixed. In addition, allow system_app to write to radio_prop. Fixes the following denials: <5>[ 170.769658] type=1400 audit(1386722177.029:57): avc: denied { write } for pid=4142 comm="ndroid.settings" name="property_service" dev="tmpfs" ino=7457 scontext=u:r:system_app:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file <4>[ 170.770064] avc: denied { set } for property=debug.hwui.overdraw scontext=u:r:system_app:s0 tcontext=u:object_r:debug_prop:s0 tclass=property_service <3>[ 170.770148] init: sys_prop: permission denied uid:1000 name:debug.hwui.overdraw Bug: 12037026 Change-Id: I5e879ab339e68e9e4715266fc8a698ab6ad5756e
ystem_app.te
|
65317124a0bb7db4829f78e74c7bfe18e27f1c43 |
11-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow untrusted apps to execute binaries from their sandbox directories. Various third party apps come with their own binaries that they write out to their sandbox directories and then execute, e.g.: audit(1386527439.462:190): avc: denied { execute_no_trans } for pid=1550 comm="Thread-79" path="/data/data/com.cisco.anyconnect.vpn.android.avf/app_bin/busybox" dev="mmcblk0p23" ino=602891 scontext=u:r:untrusted_app:s0:c39,c256 tcontext=u:object_r:app_data_file:s0:c39,c256 tclass=file While this is not ideal from a security POV, it seems necessary to support for compatibility with Android today. Split out the execute-related permissions to a separate allow rule as it only makes sense for regular files (class file) not other kinds of files (e.g. fifos, sockets, symlinks), and use the rx_file_perms macro. Move the rule to untrusted_app only so that we do not permit system apps to execute files written by untrusted apps. Change-Id: Ic9bfe80e9b14f2c0be14295c70f23f09691ae66c Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
ntrusted_app.te
|
27daf189ef460f95841f55c3e8e9035c06f984b9 |
11-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make the runas domain enforcing. Change-Id: I4b3dda1d08e8bfc523493f4b8d79a4cc3e7e7787 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
unas.te
|
43755f064d2a184a57fb39d2718b6235ddfd1b9c |
10-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am a484b07c: am 0bc17371: Merge "Support run-as and ndk-gdb functionality." * commit 'a484b07c47ddd8d75995d1a8f5620f779c9a96f8': Support run-as and ndk-gdb functionality.
|
a484b07c47ddd8d75995d1a8f5620f779c9a96f8 |
10-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am 0bc17371: Merge "Support run-as and ndk-gdb functionality." * commit '0bc17371f731e6ca10d3e9c1092d6f33806332a1': Support run-as and ndk-gdb functionality.
|
6195a2e26f19befad60c5b8ed1451ccb0b0fec2d |
10-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 7d312842: am e6a7b37d: Restrict mapping low memory. * commit '7d312842a7eb563403fc531ebbb53dc5c05bfaad': Restrict mapping low memory.
|
87d45da7fdbb1fb13ed261ef23540fe9706e73e2 |
10-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 94ae3bd5: am 95e0842e: Restrict ptrace access by debuggerd and unconfineddomain. * commit '94ae3bd52fb4aeb13585b806e5f573a077c3c4f1': Restrict ptrace access by debuggerd and unconfineddomain.
|
0bc17371f731e6ca10d3e9c1092d6f33806332a1 |
10-Dec-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Support run-as and ndk-gdb functionality."
|
7d312842a7eb563403fc531ebbb53dc5c05bfaad |
09-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am e6a7b37d: Restrict mapping low memory. * commit 'e6a7b37d4c8e16dd92b2fa340a6798cb4dbe80ad': Restrict mapping low memory.
|
94ae3bd52fb4aeb13585b806e5f573a077c3c4f1 |
09-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 95e0842e: Restrict ptrace access by debuggerd and unconfineddomain. * commit '95e0842e341352af16bed4055ccf67878c322985': Restrict ptrace access by debuggerd and unconfineddomain.
|
e6a7b37d4c8e16dd92b2fa340a6798cb4dbe80ad |
09-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Restrict mapping low memory. Label /proc/sys/vm/mmap_min_addr with proc_security to prevent writing it by any domain other than init. Also remove memprotect mmap_zero permission from unconfineddomain so that it cannot pass the SELinux check over mapping low memory. Change-Id: Idc189feeb325a4aea26c93396fd0fa7225e79586 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
enfs_contexts
nconfined.te
|
48759ca2054fa742724cd81debed51208b69e758 |
29-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Support run-as and ndk-gdb functionality. Confine run-as (but leave permissive for now) and add other allow rules required for the use of run-as and ndk-gdb functionality. Change-Id: Ifae38233c091cd34013e98830d72aac4c4adcae0 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
dbd.te
pp.te
unas.te
hell.te
hell_user.te
|
72ab1465539346f688f0c5148fc74434654d9405 |
09-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am 93fe3ffb: am 82fc3b52: Allow app-app communication via pipes * commit '93fe3ffb4016dfc693f6cae635b893b0740cf384': Allow app-app communication via pipes
|
93fe3ffb4016dfc693f6cae635b893b0740cf384 |
09-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am 82fc3b52: Allow app-app communication via pipes * commit '82fc3b524164588388aa3595bd2158020d93d28a': Allow app-app communication via pipes
|
95e0842e341352af16bed4055ccf67878c322985 |
09-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Restrict ptrace access by debuggerd and unconfineddomain. Remove init, ueventd, watchdogd, healthd and adbd from the set of domains traceable by debuggerd. bionic/linker/debugger.cpp sets up handlers for all dynamically linked programs in Android but this should not apply for statically linked programs. Exclude ptrace access from unconfineddomain. Prohibit ptrace access to init via neverallow. Change-Id: I70d742233fbe40cb4d1772a4e6cd9f8f767f2c3a Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ebuggerd.te
omain.te
nconfined.te
|
82fc3b524164588388aa3595bd2158020d93d28a |
06-Dec-2013 |
Nick Kralevich <nnk@google.com> |
Allow app-app communication via pipes Allow apps to communicate with each other via pipes. In particular, this fixes a bug where printing from Chrome wasn't working. STEPS TO REPRODUCE: 1. Launch Chrome 2. From menu tap print and observe OR 1. Launch Drive, Select any file (*.txt, *.doc. *.pdf.........) 2. Select print Addresses the following denials: <5>[ 122.352797] type=1400 audit(1386363998.374:18): avc: denied { write } for pid=3786 comm=4173796E635461736B202332 path="pipe:[19164]" dev="pipefs" ino=19164 scontext=u:r:untrusted_app:s0 tcontext=u:r:release_app:s0 tclass=fifo_file <5>[ 123.248363] type=1400 audit(1386363999.264:19): avc: denied { getattr } for pid=2677 comm=".android.chrome" path="pipe:[19164]" dev="pipefs" ino=19164 scontext=u:r:untrusted_app:s0 tcontext=u:r:release_app:s0 tclass=fifo_file <5>[ 123.248620] type=1400 audit(1386363999.264:20): avc: denied { write } for pid=3308 comm="ChildProcessMai" path="pipe:[19164]" dev="pipefs" ino=19164 scontext=u:r:isolated_app:s0 tcontext=u:r:release_app:s0 tclass=fifo_file Bug: 12032455 Change-Id: Ic1cb5c1d42596f5a8fc3fe82fcbfe47aa43a7d6c
pp.te
|
6d27ae204aa993111bc31410e019a1aa7b5abe25 |
06-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am 71076605: am 49db2680: Merge "Make debuggerd enforcing." * commit '710766052d69f55ee494aa8661f730629d6e8418': Make debuggerd enforcing.
|
710766052d69f55ee494aa8661f730629d6e8418 |
06-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am 49db2680: Merge "Make debuggerd enforcing." * commit '49db26808f720525a240966822e2dd9727747ed0': Make debuggerd enforcing.
|
49db26808f720525a240966822e2dd9727747ed0 |
06-Dec-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Make debuggerd enforcing."
|
a8d7685a986b8926f1356b87279f35374c4fff16 |
06-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am ccec48ab: am 2c55c539: am fea6e66f: Allow kernel domain, not init domain, to set SELinux enforcing mode. * commit 'ccec48abf665850ebe85f7e84f9c8558b0fb2fde': Allow kernel domain, not init domain, to set SELinux enforcing mode.
|
ccec48abf665850ebe85f7e84f9c8558b0fb2fde |
06-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 2c55c539: am fea6e66f: Allow kernel domain, not init domain, to set SELinux enforcing mode. * commit '2c55c539728638804792b542fd276c050b629d5d': Allow kernel domain, not init domain, to set SELinux enforcing mode.
|
2c55c539728638804792b542fd276c050b629d5d |
06-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am fea6e66f: Allow kernel domain, not init domain, to set SELinux enforcing mode. * commit 'fea6e66fad0dd87e66d4df8255733b6840752316': Allow kernel domain, not init domain, to set SELinux enforcing mode.
|
fea6e66fad0dd87e66d4df8255733b6840752316 |
06-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow kernel domain, not init domain, to set SELinux enforcing mode. As per the discussion in: https://android-review.googlesource.com/#/c/71184/ init sets the enforcing mode in its code prior to switching to the init domain via a setcon command in the init.rc file. Hence, the setenforce permission is checked while still running in the kernel domain. Further, as init has no reason to ever set the enforcing mode again, we do not need to allow setenforce to the init domain and this prevents reverting to permissive mode via an errant write by init later. We could technically dontaudit the kernel setenforce access instead since the first call to setenforce happens while still permissive (and thus we never need to allow it in policy) but we allow it to more accurately represent what is possible. Change-Id: I70b5e6d8c99e0566145b9c8df863cc8a34019284 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
omain.te
nit.te
ernel.te
|
380a427053a4d94b734d1001017ee7a1bc286a18 |
06-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am fdc67e4b: am a6c9cdff: am 9e8b8d9f: Revert "Allow kernel domain, not init domain, to set SELinux enforcing mode." * commit 'fdc67e4bff431496db38e577b6b26d78a639771e': Revert "Allow kernel domain, not init domain, to set SELinux enforcing mode."
|
fdc67e4bff431496db38e577b6b26d78a639771e |
06-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am a6c9cdff: am 9e8b8d9f: Revert "Allow kernel domain, not init domain, to set SELinux enforcing mode." * commit 'a6c9cdfff24d113f0d99c9572a0e5623deb593b0': Revert "Allow kernel domain, not init domain, to set SELinux enforcing mode."
|
a6c9cdfff24d113f0d99c9572a0e5623deb593b0 |
06-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am 9e8b8d9f: Revert "Allow kernel domain, not init domain, to set SELinux enforcing mode." * commit '9e8b8d9fdfcdb6b3e8af3349df186c2ab81a9733': Revert "Allow kernel domain, not init domain, to set SELinux enforcing mode."
|
9e8b8d9fdfcdb6b3e8af3349df186c2ab81a9733 |
06-Dec-2013 |
Nick Kralevich <nnk@google.com> |
Revert "Allow kernel domain, not init domain, to set SELinux enforcing mode." The build is broken. Reverting temporarily to fix breakage. libsepol.check_assertion_helper: neverallow on line 4758 violated by allow init kernel:security { setenforce }; Error while expanding policy make: *** [out/target/product/mako/obj/ETC/sepolicy_intermediates/sepolicy] Error 1 make: *** Waiting for unfinished jobs.... This reverts commit bf12e2251422cc8470de21dd882872b7b6f960f6. Change-Id: I78a05756d8ce3c7d06e1d9d27e6135f4b352bb85
omain.te
nit.te
ernel.te
|
a91a284df557c3afa8c8954315cc99d296a9e5c3 |
06-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 95111dfe: am 6c8cbac3: am bf12e225: Allow kernel domain, not init domain, to set SELinux enforcing mode. * commit '95111dfe57c308147ab53d129352716d765ae4bf': Allow kernel domain, not init domain, to set SELinux enforcing mode.
|
697e8c6f74ed09fc4c6adffb6d40196d6a4688b4 |
06-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am b46c673c: am 156b5db9: am 2b392fcc: Move lmkd into it\'s own domain. * commit 'b46c673cc2d40344330d8869d43484d83dab9d24': Move lmkd into it's own domain.
|
8c82a5d0fdfcfd63bca2b926ccbc6daaa4d265fb |
06-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 433a4a27: am d5f77d7a: am 7adb999e: Restrict the ability to set usermodehelpers and proc security settings. * commit '433a4a278760353cd59c50ffb9e844057661a7cf': Restrict the ability to set usermodehelpers and proc security settings.
|
95111dfe57c308147ab53d129352716d765ae4bf |
06-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 6c8cbac3: am bf12e225: Allow kernel domain, not init domain, to set SELinux enforcing mode. * commit '6c8cbac334b4d7936955a509a740d2e31c794d75': Allow kernel domain, not init domain, to set SELinux enforcing mode.
|
6c8cbac334b4d7936955a509a740d2e31c794d75 |
06-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am bf12e225: Allow kernel domain, not init domain, to set SELinux enforcing mode. * commit 'bf12e2251422cc8470de21dd882872b7b6f960f6': Allow kernel domain, not init domain, to set SELinux enforcing mode.
|
b46c673cc2d40344330d8869d43484d83dab9d24 |
06-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am 156b5db9: am 2b392fcc: Move lmkd into it\'s own domain. * commit '156b5db95777d4fb9c1617f57ecf2ed6bd3de42b': Move lmkd into it's own domain.
|
433a4a278760353cd59c50ffb9e844057661a7cf |
06-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am d5f77d7a: am 7adb999e: Restrict the ability to set usermodehelpers and proc security settings. * commit 'd5f77d7ab1c8ae22279dbe353aea70851c61ca94': Restrict the ability to set usermodehelpers and proc security settings.
|
bf12e2251422cc8470de21dd882872b7b6f960f6 |
06-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow kernel domain, not init domain, to set SELinux enforcing mode. As per the discussion in: https://android-review.googlesource.com/#/c/71184/ init sets the enforcing mode in its code prior to switching to the init domain via a setcon command in the init.rc file. Hence, the setenforce permission is checked while still running in the kernel domain. Further, as init has no reason to ever set the enforcing mode again, we do not need to allow setenforce to the init domain and this prevents reverting to permissive mode via an errant write by init later. We could technically dontaudit the kernel setenforce access instead since the first call to setenforce happens while still permissive (and thus we never need to allow it in policy) but we allow it to more accurately represent what is possible. Change-Id: I617876c479666a03167b8fce270c82a8d45c7cc6 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
omain.te
nit.te
ernel.te
|
156b5db95777d4fb9c1617f57ecf2ed6bd3de42b |
06-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am 2b392fcc: Move lmkd into it\'s own domain. * commit '2b392fccf35c790bdc55bdce51a196f4953644ce': Move lmkd into it's own domain.
|
d5f77d7ab1c8ae22279dbe353aea70851c61ca94 |
06-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 7adb999e: Restrict the ability to set usermodehelpers and proc security settings. * commit '7adb999e701ee96356c506ffa93fce190791e8b7': Restrict the ability to set usermodehelpers and proc security settings.
|
2b392fccf35c790bdc55bdce51a196f4953644ce |
06-Dec-2013 |
Nick Kralevich <nnk@google.com> |
Move lmkd into it's own domain. lmkd low memory killer daemon The kernel low memory killer logic has been moved to a new daemon called lmkd. ActivityManager communicates with this daemon over a named socket. This is just a placeholder policy, starting off in unconfined_domain. Change-Id: Ia3f9a18432c2ae37d4f5526850e11432fd633e10
ile.te
ile_contexts
mkd.te
ystem_server.te
|
549550760eca90119a1540e37c5ed4a4684dc88f |
06-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make tee enforcing. Change-Id: I5db2b0897aa43ccefad51b1b7fcfd0d643249384 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ee.te
|
1c670ccdbd165fb9c5437662f2e06e8424ecf357 |
06-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make watchdogd enforcing. Change-Id: I04969ca94d27535b3cdcfad55f092f98592b22f7 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
atchdogd.te
|
6463c49d07e047452a753afd006b14129793b85f |
06-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make radio enforcing. Change-Id: I3522c38a6019a42acbdd7221240caec54b89aee1 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
adio.te
|
cc9645436f6eb49d7e6b903af92379b942cc0fa7 |
06-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make mediaserver enforcing. Change-Id: I3237c2f3629b2e9be7b2e20f5c3189313efd49e5 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ediaserver.te
|
edc8f384b5fa90516726d413b2bcd26cff549b93 |
06-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make media_app enforcing. Change-Id: Ide025633478980e3dfc62085a8a518ffd847e1cd Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
edia_app.te
|
56a1a7e9f425c999000b7f0f279eba4b52b44166 |
06-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make nfc enforcing. Change-Id: Ibb350951c9ec06feeb620358d3a207cedf8934c0 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
fc.te
|
1b556c3270b3af0d2123901f7b31e105bb22f8fe |
06-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make ping enforcing. Change-Id: Ib43bc4027e74660f653ec90335741acc792739da Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ing.te
|
2eba9c5fa244b5ed10073dc2e796ecf10a13d2ec |
06-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make bluetooth enforcing. Change-Id: I6243819e7c9d71c561e77014b49456e9afc11153 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
luetooth.te
|
a1618401f848009a0de26330242dcf18c1e07c3d |
06-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make debuggerd enforcing. Change-Id: If5b7206192cf93d9989b734304db0374429c04d5 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ebuggerd.te
|
7adb999e701ee96356c506ffa93fce190791e8b7 |
06-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Restrict the ability to set usermodehelpers and proc security settings. Limit the ability to write to the files that configure kernel usermodehelpers and security-sensitive proc settings to the init domain. Permissive domains can also continue to set these values. The current list is not exhaustive, just an initial set. Not all of these files will exist on all kernels/devices. Controlling access to certain kernel usermodehelpers, e.g. cgroup release_agent, will require kernel changes to support and cannot be addressed here. Expected output on e.g. flo after the change: ls -Z /sys/kernel/uevent_helper /proc/sys/fs/suid_dumpable /proc/sys/kernel/core_pattern /proc/sys/kernel/dmesg_restrict /proc/sys/kernel/hotplug /proc/sys/kernel/kptr_restrict /proc/sys/kernel/poweroff_cmd /proc/sys/kernel/randomize_va_space /proc/sys/kernel/usermodehelper -rw-r--r-- root root u:object_r:usermodehelper:s0 uevent_helper -rw-r--r-- root root u:object_r:proc_security:s0 suid_dumpable -rw-r--r-- root root u:object_r:usermodehelper:s0 core_pattern -rw-r--r-- root root u:object_r:proc_security:s0 dmesg_restrict -rw-r--r-- root root u:object_r:usermodehelper:s0 hotplug -rw-r--r-- root root u:object_r:proc_security:s0 kptr_restrict -rw-r--r-- root root u:object_r:usermodehelper:s0 poweroff_cmd -rw-r--r-- root root u:object_r:proc_security:s0 randomize_va_space -rw------- root root u:object_r:usermodehelper:s0 bset -rw------- root root u:object_r:usermodehelper:s0 inheritable Change-Id: I3f24b4bb90f0916ead863be6afd66d15ac5e8de0 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
omain.te
ile.te
ile_contexts
enfs_contexts
nit.te
nconfined.te
|
b0ff650c82dc008f1960da7a4bcc8cc3acae27c2 |
06-Dec-2013 |
The Android Open Source Project <initial-contribution@android.com> |
am 4151e613: am b96f677c: Merge commit \'4ab298359613736281e10accaed3a6ffe1fe590a\' into HEAD * commit '4151e6134bab4b297301cf476f0a51dc016ef2bc':
|
4151e6134bab4b297301cf476f0a51dc016ef2bc |
06-Dec-2013 |
The Android Open Source Project <initial-contribution@android.com> |
am b96f677c: Merge commit \'4ab298359613736281e10accaed3a6ffe1fe590a\' into HEAD * commit 'b96f677cf000b9db78359092a0a75a8fc75809cf':
|
b96f677cf000b9db78359092a0a75a8fc75809cf |
06-Dec-2013 |
The Android Open Source Project <initial-contribution@android.com> |
Merge commit '4ab298359613736281e10accaed3a6ffe1fe590a' into HEAD
|
7188a688cdeec2705cb528f97ecded5e9345bb18 |
05-Dec-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
am 1d0a76fe: am aa376831: Fix new rild denials. * commit '1d0a76fe2969f313af0d705545c7635f1ec203c0': Fix new rild denials.
|
1d0a76fe2969f313af0d705545c7635f1ec203c0 |
05-Dec-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
am aa376831: Fix new rild denials. * commit 'aa376831e88cf08a6c6e73bfcf05345412a357bb': Fix new rild denials.
|
aa376831e88cf08a6c6e73bfcf05345412a357bb |
05-Dec-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
Fix new rild denials. Denials seen on hammerhead but seem appropriate for general policy. <5>[ 8.339347] type=1400 audit(3731546.390:17): avc: denied { ioctl } for pid=314 comm="rild" path="socket:[7996]" dev="sockfs" ino=7996 scontext=u:r:rild:s0 tcontext=u:r:rild:s0 tclass=socket <5>[ 8.339065] type=1400 audit(3731546.390:16): avc: denied { create } for pid=314 comm="rild" scontext=u:r:rild:s0 tcontext=u:r:rild:s0 tclass=socket <5>[ 11.232121] type=1400 audit(3731549.289:22): avc: denied { read } for pid=620 comm="rild" scontext=u:r:rild:s0 tcontext=u:r:rild:s0 tclass=socket Change-Id: Ieaca5360afbb44d5da21c7c24bdd5e7c5758f0a2
ild.te
|
80df5c90ab12c588e9e9a7829b65e30dfec9ebce |
05-Dec-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
am f367fb00: am b2547644: Drop tegra specific label from policy. * commit 'f367fb007713b1ed618acf5e7e79f31fa51c4c47': Drop tegra specific label from policy.
|
f367fb007713b1ed618acf5e7e79f31fa51c4c47 |
05-Dec-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
am b2547644: Drop tegra specific label from policy. * commit 'b2547644effa3994766d7ebf1df3f712fb06577a': Drop tegra specific label from policy.
|
b2547644effa3994766d7ebf1df3f712fb06577a |
04-Dec-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
Drop tegra specific label from policy. This label was originally used for Motorola Xoom devices. nvmap is the tegra gpu memory manager and the various nvhost drivers are for tegra graphics related functionality, i.e. display serial interface, image signal processor, or media processing stuff. Only grouper and tilapia presently need this policy. Change-Id: I2a7000f69abf3185724d88d428e8237e0ca436ec
evice.te
omain.te
ile_contexts
|
379adc3d73965861b19b1cf807a92c348e6d8984 |
05-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am b3b3fccc: am 8824c552: Merge "Allow SELinuxPolicyInstallReceiver to work." * commit 'b3b3fcccdbe4a4a7d2a5c4de47fab6e80453c284': Allow SELinuxPolicyInstallReceiver to work.
|
be6221e42813c0d02bd16c3cfc96974bd30ca774 |
05-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am ce6d07ba: am d99e6d5f: Restrict the ability to set SELinux enforcing mode to init. * commit 'ce6d07ba9dbc8fdd5288da1ec4338911ed29fe12': Restrict the ability to set SELinux enforcing mode to init.
|
b3b3fcccdbe4a4a7d2a5c4de47fab6e80453c284 |
05-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am 8824c552: Merge "Allow SELinuxPolicyInstallReceiver to work." * commit '8824c552d645c3e0c4f6c08cc5837e47761250cb': Allow SELinuxPolicyInstallReceiver to work.
|
ce6d07ba9dbc8fdd5288da1ec4338911ed29fe12 |
05-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am d99e6d5f: Restrict the ability to set SELinux enforcing mode to init. * commit 'd99e6d5fa135882bb51878a3c68ed3a2aebe7d04': Restrict the ability to set SELinux enforcing mode to init.
|
8824c552d645c3e0c4f6c08cc5837e47761250cb |
05-Dec-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Allow SELinuxPolicyInstallReceiver to work."
|
d699bb98faa392125cc8c3837ecca20f95c16b8a |
03-Dec-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Revert "Remove permissive from untrusted_app.""
|
4bb9964471f6da6060e182ef1c4086b14d25e33e |
03-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am 4c6067aa: am 51ce2f00: Merge "Make the isolated_app domain enforcing." * commit '4c6067aa2be4c65b78c95de6b6de803e4b315ecb': Make the isolated_app domain enforcing.
|
df2859a56c2a257ffbb40dc56105b12fad54f921 |
03-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 1e817969: am 081aed21: Default to socket_device for anything under /dev/socket. * commit '1e81796998f88526297c2ce895f57d6366fb433a': Default to socket_device for anything under /dev/socket.
|
216be8a0af77ebb4e80ecdf6c5e12ce4c02dcca2 |
03-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am 052845a5: am 47685535: Allow write access to ashmem allocated regions * commit '052845a559c73b47b0d4b43f544e13b7c2370358': Allow write access to ashmem allocated regions
|
d99e6d5fa135882bb51878a3c68ed3a2aebe7d04 |
02-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Restrict the ability to set SELinux enforcing mode to init. Also make su and shell permissive in non-user builds to allow use of setenforce without violating the neverallow rule. Change-Id: Ie76ee04e90d5a76dfaa5f56e9e3eb7e283328a3f Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ndroid.mk
omain.te
nit.te
hell.te
hell_user.te
u.te
e_macros
nconfined.te
|
a49ba927e39bb21f18f8340334cf5781e124eb3d |
02-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow SELinuxPolicyInstallReceiver to work. Change-Id: I10006f43c142f07168e2ea0f4f5f7af68d03e504 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ystem_server.te
|
4c6067aa2be4c65b78c95de6b6de803e4b315ecb |
02-Dec-2013 |
Nick Kralevich <nnk@google.com> |
am 51ce2f00: Merge "Make the isolated_app domain enforcing." * commit '51ce2f00c5410574015ba751b6e03fbddf12c176': Make the isolated_app domain enforcing.
|
1e81796998f88526297c2ce895f57d6366fb433a |
02-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 081aed21: Default to socket_device for anything under /dev/socket. * commit '081aed21338f79774f91a98fe0cfae4eceee67ec': Default to socket_device for anything under /dev/socket.
|
51ce2f00c5410574015ba751b6e03fbddf12c176 |
02-Dec-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Make the isolated_app domain enforcing."
|
081aed21338f79774f91a98fe0cfae4eceee67ec |
02-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Default to socket_device for anything under /dev/socket. Otherwise sockets that have no specific entry match the /dev(/.*) entry instead, leaving them in device type rather than socket_device type. Every socket should get its own entry regardless, but this at least puts it into a more specific type by default. Change-Id: I97f7999af7f9f83484d3a51440dda791d3726f1a Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ile_contexts
|
08ecc028211f723aef97983ce13c175863028be9 |
02-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make the isolated_app domain enforcing. Change-Id: I11be7d1713dd7cb35b8046503a09e42567e53d86 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
solated_app.te
|
4adf0e8fadbb5c49daa6a22a56311af657d53adb |
27-Nov-2013 |
Nick Kralevich <nnk@google.com> |
Allow write access to ashmem allocated regions Allow tmpfs_domains the ability to write to ashmem allocated regions. At least one Google internal app does this, and switching untrusted_app into enforcing causes the following denial: <5>[ 291.791423] type=1400 audit(1385587240.320:79): avc: denied { write } for pid=3774 comm="XXXXXXXXXXXX" path=2F6465762F6173686D656D202864656C6574656429 dev="tmpfs" ino=16937 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:untrusted_app_tmpfs:s0 tclass=file path=/dev/ashmem (deleted) Bug: 11891764 (cherry picked from commit 476855357b5ec9f59754cdb5aa0f0a6806b34049) Change-Id: I1b8fcb82b7d21291707f18364486beb2fa9eb332
e_macros
|
052845a559c73b47b0d4b43f544e13b7c2370358 |
28-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am 47685535: Allow write access to ashmem allocated regions * commit '476855357b5ec9f59754cdb5aa0f0a6806b34049': Allow write access to ashmem allocated regions
|
476855357b5ec9f59754cdb5aa0f0a6806b34049 |
27-Nov-2013 |
Nick Kralevich <nnk@google.com> |
Allow write access to ashmem allocated regions Allow tmpfs_domains the ability to write to ashmem allocated regions. At least one Google internal app does this, and switching untrusted_app into enforcing causes the following denial: <5>[ 291.791423] type=1400 audit(1385587240.320:79): avc: denied { write } for pid=3774 comm="XXXXXXXXXXXX" path=2F6465762F6173686D656D202864656C6574656429 dev="tmpfs" ino=16937 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:untrusted_app_tmpfs:s0 tclass=file path=/dev/ashmem (deleted) Bug: 11891764 Change-Id: I64d414c055cd02481ebf69994fad65d777d8381d
e_macros
|
8ef98c1e0379659356a18dd32e80af6d6546f2d9 |
25-Nov-2013 |
Nick Kralevich <nnk@google.com> |
Revert "Remove permissive from untrusted_app." This reverts commit aa4a9744de4eff546804187e9b08e9af65b0ef0e. Change-Id: I6f83edd3876415b0d08c677a397b9871460a9b7d
ntrusted_app.te
|
aa4a9744de4eff546804187e9b08e9af65b0ef0e |
25-Nov-2013 |
Nick Kralevich <nnk@google.com> |
Remove permissive from untrusted_app. As an experiment, remove permissive from the untrusted_app domain. This will allow us to create a test build, which we can use for testing. This change will be reverted very quickly. Change-Id: I71eaf0f675fc7a3c5cc833f235792d0654e04318
ntrusted_app.te
|
4dc8a76e20fb2df73263a01abaf35305424fcef8 |
23-Nov-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 36380458: am 2ffd52a4: am 043b9027: Confine watchdogd, but leave it permissive for now. * commit '36380458b21887b8bc28cf3259e7c5c30e720e33': Confine watchdogd, but leave it permissive for now.
|
36380458b21887b8bc28cf3259e7c5c30e720e33 |
23-Nov-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 2ffd52a4: am 043b9027: Confine watchdogd, but leave it permissive for now. * commit '2ffd52a47283681e8a9034327930a0dbea98b77c': Confine watchdogd, but leave it permissive for now.
|
8738c16b4417538ef166aa1a7be9575e304be378 |
23-Nov-2013 |
The Android Open Source Project <initial-contribution@android.com> |
am 9d4eb960: am 6af0cc24: Merge commit \'060f6fa67e1d9779d2d8357659ae530d65171faa\' into HEAD * commit '9d4eb9607c8388892a7dcf8a92b18b8633f5d6c9':
|
9d4eb9607c8388892a7dcf8a92b18b8633f5d6c9 |
23-Nov-2013 |
The Android Open Source Project <initial-contribution@android.com> |
am 6af0cc24: Merge commit \'060f6fa67e1d9779d2d8357659ae530d65171faa\' into HEAD * commit '6af0cc24306d6d49118d1ceb1112875127bf55a1':
|
2ffd52a47283681e8a9034327930a0dbea98b77c |
23-Nov-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 043b9027: Confine watchdogd, but leave it permissive for now. * commit '043b9027b3cc1c055e4ec5917f5d0d9bdc69005f': Confine watchdogd, but leave it permissive for now.
|
6af0cc24306d6d49118d1ceb1112875127bf55a1 |
22-Nov-2013 |
The Android Open Source Project <initial-contribution@android.com> |
Merge commit '060f6fa67e1d9779d2d8357659ae530d65171faa' into HEAD
|
01b79d02c375716805f1201f82dcb26c97026fd7 |
21-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am 65fe8ccc: am 7ef2b39f: am 1ed3caf7: Merge "Add support for duplicate allow rule detection (-D / --dups)." * commit '65fe8ccc1cc9798980abed1e10f7aa90d4a1f38c': Add support for duplicate allow rule detection (-D / --dups).
|
1194efe785a49f1a12c9327cf520ce7b4ce0aa88 |
21-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am cb2f4a6e: am 65d4e835: am 006260e5: Merge "Confine hostapd, but leave it permissive for now." * commit 'cb2f4a6e86eca74e1c7bc015e90150b73479cdf4': Confine hostapd, but leave it permissive for now.
|
24a510baf811643599da672fd539377c4348c71b |
21-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am 0235c9e0: am 2c8eef87: am 2b939e8c: Merge "Confine ping, but leave it permissive for now." * commit '0235c9e0c4c0658defc6676806d0072f71ea178e': Confine ping, but leave it permissive for now.
|
65fe8ccc1cc9798980abed1e10f7aa90d4a1f38c |
21-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am 7ef2b39f: am 1ed3caf7: Merge "Add support for duplicate allow rule detection (-D / --dups)." * commit '7ef2b39f96c13cc9dc8651480a56debb4c2c693a': Add support for duplicate allow rule detection (-D / --dups).
|
cb2f4a6e86eca74e1c7bc015e90150b73479cdf4 |
21-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am 65d4e835: am 006260e5: Merge "Confine hostapd, but leave it permissive for now." * commit '65d4e8355bb13867d868ace18d7b8a5922788d61': Confine hostapd, but leave it permissive for now.
|
0235c9e0c4c0658defc6676806d0072f71ea178e |
21-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am 2c8eef87: am 2b939e8c: Merge "Confine ping, but leave it permissive for now." * commit '2c8eef873e55da42e5c5c2d00412ce80c7f3f0a7': Confine ping, but leave it permissive for now.
|
043b9027b3cc1c055e4ec5917f5d0d9bdc69005f |
29-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Confine watchdogd, but leave it permissive for now. Change-Id: If2285e927cb886956b3314dd18384145a1ebeaa9 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
atchdogd.te
|
7ef2b39f96c13cc9dc8651480a56debb4c2c693a |
19-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am 1ed3caf7: Merge "Add support for duplicate allow rule detection (-D / --dups)." * commit '1ed3caf736d59f11d6c39edb3de2e0d0cd5ca71f': Add support for duplicate allow rule detection (-D / --dups).
|
1ed3caf736d59f11d6c39edb3de2e0d0cd5ca71f |
19-Nov-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Add support for duplicate allow rule detection (-D / --dups)."
|
bec54f42ede821a31c7a7acc570ec70d8591dad6 |
18-Nov-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Add support for duplicate allow rule detection (-D / --dups). Usage: sepolicy-analyze -D -P out/target/product/<board>/root/sepolicy Displays duplicate allow rules, i.e. pairs of allow rules that grant the same permissions where one allow rule is written directly in terms of individual types and the other is written in terms of attributes associated with those same types. The rule with individual types is a candidate for removal. The rule with individual types may be directly represented in the source policy or may be a result of expansion of a type negation (e.g. domain -foo -bar is expanded to individual allow rules by the policy compiler). Domains with unconfineddomain will typically have such duplicate rules as a natural side effect and can be ignored. Also add a tools/README with a description of all of the tools. Change-Id: I07838dbd22c5cc8a4a65b57003ccae38129050f5 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ools/README
ools/sepolicy-analyze.c
|
65d4e8355bb13867d868ace18d7b8a5922788d61 |
18-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am 006260e5: Merge "Confine hostapd, but leave it permissive for now." * commit '006260e528f4bcd6fa7db6e1acc5d38224eb401b': Confine hostapd, but leave it permissive for now.
|
006260e528f4bcd6fa7db6e1acc5d38224eb401b |
18-Nov-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Confine hostapd, but leave it permissive for now."
|
2c8eef873e55da42e5c5c2d00412ce80c7f3f0a7 |
18-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am 2b939e8c: Merge "Confine ping, but leave it permissive for now." * commit '2b939e8cabab28db2d7e2015ecab59e1cbdbc442': Confine ping, but leave it permissive for now.
|
2b939e8cabab28db2d7e2015ecab59e1cbdbc442 |
18-Nov-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Confine ping, but leave it permissive for now."
|
945fb567666809dc87db295ebb53a668aecd731c |
29-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Confine hostapd, but leave it permissive for now. Change-Id: I23a2c568e9fdd51c6c09c6c80a7ce9f2b5bd4966 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ostapd.te
|
85ccf12b7b791ce19efde20d7d560ad0132126c7 |
15-Nov-2013 |
Jeff Sharkey <jsharkey@android.com> |
am 4ab29835: am 35e8dcc9: Merge "Let vold mount OBB files on external storage." into klp-dev * commit '4ab298359613736281e10accaed3a6ffe1fe590a': Let vold mount OBB files on external storage.
|
4ab298359613736281e10accaed3a6ffe1fe590a |
15-Nov-2013 |
Jeff Sharkey <jsharkey@android.com> |
am 35e8dcc9: Merge "Let vold mount OBB files on external storage." into klp-dev * commit '35e8dcc9ba40c6419f63d0a516c0995d3064f96e': Let vold mount OBB files on external storage.
|
35e8dcc9ba40c6419f63d0a516c0995d3064f96e |
15-Nov-2013 |
Jeff Sharkey <jsharkey@android.com> |
Merge "Let vold mount OBB files on external storage." into klp-dev
|
80176dc44570c15c786e6129a7f9ae1fa9d1c27a |
15-Nov-2013 |
Jeff Sharkey <jsharkey@android.com> |
Let vold mount OBB files on external storage. Fixes this specific violation: type=1400 audit(1384468728.202:16): avc: denied { read write } for pid=271 comm="vold" name="test1.obb" dev="fuse" ino=3100664872 scontext=u:r:vold:s0 tcontext=u:object_r:sdcard_internal:s0 tclass=file Bug: 11693888 Change-Id: I45d30ecabdf0bc8871f3dd67b5695ac909109d9a
old.te
|
e66951f5eab44ee9d69fb5a0b6a381de44d6836f |
14-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am e0068ecc: am 24fb24f7: am ae49e7a3: Merge "Confine tee, but leave it permissive for now." * commit 'e0068ecce350ade5cb3fd12cfc77147d35255b96': Confine tee, but leave it permissive for now.
|
e0068ecce350ade5cb3fd12cfc77147d35255b96 |
14-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am 24fb24f7: am ae49e7a3: Merge "Confine tee, but leave it permissive for now." * commit '24fb24f7ea1bf74bc1234394b81955e0aab6943f': Confine tee, but leave it permissive for now.
|
24fb24f7ea1bf74bc1234394b81955e0aab6943f |
14-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am ae49e7a3: Merge "Confine tee, but leave it permissive for now." * commit 'ae49e7a3691137b5276254074b2c282bcdfee523': Confine tee, but leave it permissive for now.
|
ae49e7a3691137b5276254074b2c282bcdfee523 |
14-Nov-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Confine tee, but leave it permissive for now."
|
ef25d9be753da57baf1ff8be5b7ca26a8850e8dd |
14-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am c6a3f60c: am 678420e0: am 6ce3d60c: Merge "Confine rild, but leave it permissive for now." * commit 'c6a3f60cbecd9d555c3fa36e57089385dbbbecad': Confine rild, but leave it permissive for now.
|
6545fa56873b021a5f249e113cd3a62984854a42 |
14-Nov-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 87d0deb3: am 67a53232: am b1cb3205: Confine wpa_supplicant, but leave it permissive for now. * commit '87d0deb3ab038d060fc44dfd83926d3c508f28e4': Confine wpa_supplicant, but leave it permissive for now.
|
c6a3f60cbecd9d555c3fa36e57089385dbbbecad |
14-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am 678420e0: am 6ce3d60c: Merge "Confine rild, but leave it permissive for now." * commit '678420e023c6f143fb99cfed031397e732960410': Confine rild, but leave it permissive for now.
|
87d0deb3ab038d060fc44dfd83926d3c508f28e4 |
14-Nov-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 67a53232: am b1cb3205: Confine wpa_supplicant, but leave it permissive for now. * commit '67a53232cec967ca53e6f7284fd582a5bdd3eb69': Confine wpa_supplicant, but leave it permissive for now.
|
678420e023c6f143fb99cfed031397e732960410 |
14-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am 6ce3d60c: Merge "Confine rild, but leave it permissive for now." * commit '6ce3d60ca39dd37f0de4bcd81620b3611cd28e14': Confine rild, but leave it permissive for now.
|
67a53232cec967ca53e6f7284fd582a5bdd3eb69 |
14-Nov-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am b1cb3205: Confine wpa_supplicant, but leave it permissive for now. * commit 'b1cb3205cad978399fa7c9dcafed607fe5d07de6': Confine wpa_supplicant, but leave it permissive for now.
|
6ce3d60ca39dd37f0de4bcd81620b3611cd28e14 |
14-Nov-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Confine rild, but leave it permissive for now."
|
dcbab907eaf373c0633e15ece0c391d2dc0b55cf |
29-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Confine rild, but leave it permissive for now. Change-Id: I6df9981b2af0150c6379a0ebdbe0a8597c994f4a Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ild.te
|
72a4745919f8eb2fae998450935ed1f1d0e3bb2a |
29-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Confine tee, but leave it permissive for now. Change-Id: Id69b1fe80746429a550448b9168ac7e86c38aa9f Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ee.te
|
b1cb3205cad978399fa7c9dcafed607fe5d07de6 |
29-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Confine wpa_supplicant, but leave it permissive for now. Change-Id: Iaa4ed5428d1c49cb4cff3a39c48800cb108f2ac3 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pa_supplicant.te
|
4fea04abc621fa73ec7fede81895d2c543dee7da |
13-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am 0e11233d: am 360d4120: netd: allow tcp_socket name_connect * commit '0e11233dc17ec3f224d2f3cdb7b78ae2b51c7829': netd: allow tcp_socket name_connect
|
0e11233dc17ec3f224d2f3cdb7b78ae2b51c7829 |
13-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am 360d4120: netd: allow tcp_socket name_connect * commit '360d4120ecc3afba68852ee57b528334dfcaa859': netd: allow tcp_socket name_connect
|
f4bbfa8f4ab3d62c86c13e8161cfd79d1e4139ec |
13-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am b9d93b01: am ace68b1e: am 91ebcf33: netd: allow tcp_socket name_connect * commit 'b9d93b01389a224948e8c01bdddb5c962fe89b89': netd: allow tcp_socket name_connect
|
b9d93b01389a224948e8c01bdddb5c962fe89b89 |
13-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am ace68b1e: am 91ebcf33: netd: allow tcp_socket name_connect * commit 'ace68b1e06a2f5c433f4f7dd191e71411e86541f': netd: allow tcp_socket name_connect
|
ace68b1e06a2f5c433f4f7dd191e71411e86541f |
13-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am 91ebcf33: netd: allow tcp_socket name_connect * commit '91ebcf33326418ed9603e618ad193550646c3b04': netd: allow tcp_socket name_connect
|
360d4120ecc3afba68852ee57b528334dfcaa859 |
13-Nov-2013 |
Nick Kralevich <nnk@google.com> |
netd: allow tcp_socket name_connect The patch in 36a5d109e6953c63d2a865eab4c4d021aa52250b wasn't sufficient to address DNS over TCP. We also need to allow name_connect. Fixes the following denial: <5>[ 82.120746] type=1400 audit(1830030.349:5): avc: denied { name_connect } for pid=1457 comm="netd" dest=53 scontext=u:r:netd:s0 tcontext=u:object_r:port:s0 tclass=tcp_socket Public Bug: https://code.google.com/p/android/issues/detail?id=62196 Bug: 11097631 (cherry picked from commit 91ebcf33326418ed9603e618ad193550646c3b04) Change-Id: I62bba8777a5c8af1c0143e7ca2d915129ef38798
etd.te
|
91ebcf33326418ed9603e618ad193550646c3b04 |
13-Nov-2013 |
Nick Kralevich <nnk@google.com> |
netd: allow tcp_socket name_connect The patch in 36a5d109e6953c63d2a865eab4c4d021aa52250b wasn't sufficient to address DNS over TCP. We also need to allow name_connect. Fixes the following denial: <5>[ 82.120746] type=1400 audit(1830030.349:5): avc: denied { name_connect } for pid=1457 comm="netd" dest=53 scontext=u:r:netd:s0 tcontext=u:object_r:port:s0 tclass=tcp_socket Public Bug: https://code.google.com/p/android/issues/detail?id=62196 Bug: 11097631 Change-Id: I688d6923b78782e2183a9d69b7e74f95d6e3f893
etd.te
|
62ebb42265985378cda26733cca31da48aa6a27f |
13-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am d8c9d74d: am 59078a94: netd: allow tcp connections. * commit 'd8c9d74d963389fa9da1b12553141b5a5f95384e': netd: allow tcp connections.
|
d8c9d74d963389fa9da1b12553141b5a5f95384e |
13-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am 59078a94: netd: allow tcp connections. * commit '59078a940d72aef9f9e3f1e15f828cc44a101e3b': netd: allow tcp connections.
|
9fa43384b1f200aa5e0abb035f02a80b4dbc4a24 |
13-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am e6da07b7: am b391269f: am 36a5d109: netd: allow tcp connections. * commit 'e6da07b738219d9bdce7d497e583e5c778cc1920': netd: allow tcp connections.
|
59078a940d72aef9f9e3f1e15f828cc44a101e3b |
13-Nov-2013 |
Nick Kralevich <nnk@google.com> |
netd: allow tcp connections. DNS can use TCP connections, in addition to UDP connections. Allow TCP connections. Addresses the following denial: [ 1831.586826] type=1400 audit(1384129166.563:173): avc: denied { create } for pid=11406 comm="netd" scontext=u:r:netd:s0 tcontext=u:r:netd:s0 tclass=tcp_socket Public Bug: https://code.google.com/p/android/issues/detail?id=62196 Bug: 11097631 (cherry picked from commit 36a5d109e6953c63d2a865eab4c4d021aa52250b) Change-Id: Id2e383e1c74a26ef7e56499a33bf2b06b869c12b
etd.te
|
e6da07b738219d9bdce7d497e583e5c778cc1920 |
13-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am b391269f: am 36a5d109: netd: allow tcp connections. * commit 'b391269f972e3138e1c1640144c6bc9614fe9509': netd: allow tcp connections.
|
b391269f972e3138e1c1640144c6bc9614fe9509 |
13-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am 36a5d109: netd: allow tcp connections. * commit '36a5d109e6953c63d2a865eab4c4d021aa52250b': netd: allow tcp connections.
|
36a5d109e6953c63d2a865eab4c4d021aa52250b |
13-Nov-2013 |
Nick Kralevich <nnk@google.com> |
netd: allow tcp connections. DNS can use TCP connections, in addition to UDP connections. Allow TCP connections. Addresses the following denial: [ 1831.586826] type=1400 audit(1384129166.563:173): avc: denied { create } for pid=11406 comm="netd" scontext=u:r:netd:s0 tcontext=u:r:netd:s0 tclass=tcp_socket Public Bug: https://code.google.com/p/android/issues/detail?id=62196 Change-Id: Ia542a9df3e466a8d409955bab6a23a524ff3d07b Bug: 11097631
etd.te
|
90daae38cc69de7287d1a5677fb03a272d64ab98 |
13-Nov-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 49146335: am 868a9e26: am 8510d31e: Rename camera_calibration_file and audio_firmware_file. * commit '49146335f4ced4be1fc0b548fb6523677a8faf41': Rename camera_calibration_file and audio_firmware_file.
|
49146335f4ced4be1fc0b548fb6523677a8faf41 |
12-Nov-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 868a9e26: am 8510d31e: Rename camera_calibration_file and audio_firmware_file. * commit '868a9e26cfe2931ae419056b348b479b9ae92f3a': Rename camera_calibration_file and audio_firmware_file.
|
868a9e26cfe2931ae419056b348b479b9ae92f3a |
12-Nov-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 8510d31e: Rename camera_calibration_file and audio_firmware_file. * commit '8510d31ed3b5d53c2232b7aac5f65b32d38753d0': Rename camera_calibration_file and audio_firmware_file.
|
8510d31ed3b5d53c2232b7aac5f65b32d38753d0 |
07-Nov-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Rename camera_calibration_file and audio_firmware_file. Use more general type names for the contents of /data/misc/camera and /data/misc/audio. These were the names used in our policy until 4.3 was released, at which point we switched to be consistent with AOSP. However, the Galaxy S4 4.2.2 image, Galaxy S4 4.3 image, and Galaxy Note 3 4.3 image all shipped with policies using _data_file names because they were based on our older policy. So we may as well switch AOSP to these names. Not sure if in fact these could be all coalesced to the new media_data_file type for /data/misc/media introduced by Ic374488f8b62bd4f8b3c90f30da0e8d1ed1a7343. Options to fix already existing devices, which would only apply to Nexus devices with 4.3 or 4.4 at this point: 1) Add restorecon_recursive /data/misc/audio /data/misc/camera to either the system/core init.rc or to the device-specific init.*.rc files. -or- 2) Add a typealias declaration in the policy to remap the old type names. to the new ones. Then existing types on persistent storage will be remapped internally to the new ones. -or- 3) Some sort of relabeld. Option #2 is implemented by this change. Change-Id: Id36203f5bb66b5200efc1205630b5b260ef97496 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ile.te
ile_contexts
ediaserver.te
|
efbb7254ae1f59eee219a1fdc0e041c489c86f91 |
12-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am fb2ca12e: am bc4484b2: am bc1388d3: Merge "Make kernel / init enforcing" * commit 'fb2ca12e2517f2277566b5f765e4fa01a8138298': Make kernel / init enforcing
|
734f8fc89bb79294b72d8d7869d12e207b6701dc |
12-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am c9562376: am 14f95109: am 56f39193: Merge "Confine debuggerd, but leave it permissive for now." * commit 'c9562376bacbf295b420fee14379591d40605466': Confine debuggerd, but leave it permissive for now.
|
fb2ca12e2517f2277566b5f765e4fa01a8138298 |
12-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am bc4484b2: am bc1388d3: Merge "Make kernel / init enforcing" * commit 'bc4484b2c29b7cc1598b6d09328888e5fe696913': Make kernel / init enforcing
|
c9562376bacbf295b420fee14379591d40605466 |
12-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am 14f95109: am 56f39193: Merge "Confine debuggerd, but leave it permissive for now." * commit '14f95109b702996c2ca8dc9dd2556a6e9947eaa4': Confine debuggerd, but leave it permissive for now.
|
bc4484b2c29b7cc1598b6d09328888e5fe696913 |
12-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am bc1388d3: Merge "Make kernel / init enforcing" * commit 'bc1388d34cae1cdd71284b38066a287f969a4b52': Make kernel / init enforcing
|
14f95109b702996c2ca8dc9dd2556a6e9947eaa4 |
12-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am 56f39193: Merge "Confine debuggerd, but leave it permissive for now." * commit '56f391930142d02c66852e5cd4ebf7d83b65f80d': Confine debuggerd, but leave it permissive for now.
|
bc1388d34cae1cdd71284b38066a287f969a4b52 |
12-Nov-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Make kernel / init enforcing"
|
56f391930142d02c66852e5cd4ebf7d83b65f80d |
12-Nov-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Confine debuggerd, but leave it permissive for now."
|
5406c63bd278f533effb8d7ed0836281370b0972 |
12-Nov-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 4ca16a57: am a9ccd7dc: am af47ebb6: Label /dev/fscklogs and allow system_server access to it. * commit '4ca16a5740d243e6c81c75cf27b8693212c1485f': Label /dev/fscklogs and allow system_server access to it.
|
f56e5a85d9c9f32558e25089fe6fc37fe07a72fd |
12-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am 47f8bbad: am c1468d45: am 00739e3d: Make the ueventd domain enforcing. * commit '47f8bbad00ec8c87a32b6630ffa422dc79470f60': Make the ueventd domain enforcing.
|
4ca16a5740d243e6c81c75cf27b8693212c1485f |
11-Nov-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am a9ccd7dc: am af47ebb6: Label /dev/fscklogs and allow system_server access to it. * commit 'a9ccd7dce97460656adc355c3896852314b6d62e': Label /dev/fscklogs and allow system_server access to it.
|
a9ccd7dce97460656adc355c3896852314b6d62e |
11-Nov-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am af47ebb6: Label /dev/fscklogs and allow system_server access to it. * commit 'af47ebb67aa64d699615693bf4603ec173417175': Label /dev/fscklogs and allow system_server access to it.
|
af47ebb67aa64d699615693bf4603ec173417175 |
04-Nov-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Label /dev/fscklogs and allow system_server access to it. Otherwise you get denials such as: type=1400 audit(1383590310.430:623): avc: denied { getattr } for pid=1629 comm="Thread-78" path="/dev/fscklogs/log" dev="tmpfs" ino=1642 scontext=u:r:system_server:s0 tcontext=u:object_r:device:s0 tclass=file type=1400 audit(1383590310.430:624): avc: denied { open } for pid=1629 comm="Thread-78" name="log" dev="tmpfs" ino=1642 scontext=u:r:system_server:s0 tcontext=u:object_r:device:s0 tclass=file type=1400 audit(1383590310.430:625): avc: denied { write } for pid=1629 comm="Thread-78" name="fscklogs" dev="tmpfs" ino=1628 scontext=u:r:system_server:s0 tcontext=u:object_r:device:s0 tclass=dir type=1400 audit(1383590310.430:625): avc: denied { remove_name } for pid=1629 comm="Thread-78" name="log" dev="tmpfs" ino=1642 scontext=u:r:system_server:s0 tcontext=u:object_r:device:s0 tclass=dir type=1400 audit(1383590310.430:625): avc: denied { unlink } for pid=1629 comm="Thread-78" name="log" dev="tmpfs" ino=1642 scontext=u:r:system_server:s0 tcontext=u:object_r:device:s0 tclass=file Change-Id: Ia7ae06a6d4cc5d2a59b8b85a5fb93cc31074fd37 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
evice.te
ile_contexts
ystem_server.te
|
47f8bbad00ec8c87a32b6630ffa422dc79470f60 |
11-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am c1468d45: am 00739e3d: Make the ueventd domain enforcing. * commit 'c1468d454e73d5c0de2e567fb60a2c984c8d00c0': Make the ueventd domain enforcing.
|
c1468d454e73d5c0de2e567fb60a2c984c8d00c0 |
11-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am 00739e3d: Make the ueventd domain enforcing. * commit '00739e3d14f2f1ea9240037283c3edd836d2aa2f': Make the ueventd domain enforcing.
|
b1d81645b3289cf88872e2121f53c89b8eeb161e |
09-Nov-2013 |
Nick Kralevich <nnk@google.com> |
Make kernel / init enforcing Start running in enforcing mode for kernel / init. This should be mostly a no-op, as the kernel / init is in the unconfined domain. Change-Id: I8273d936c9a4eecb50b78ae93490a4dd52f59eb6
nit.te
ernel.te
|
00739e3d14f2f1ea9240037283c3edd836d2aa2f |
08-Nov-2013 |
Nick Kralevich <nnk@google.com> |
Make the ueventd domain enforcing. All (known) denials have been addressed. Change-Id: Ic12ed190a2efb7f20be589137a27b95d03dde25a
eventd.te
|
a3fef2ad2a448575f98a18def8b9bb7bbb0eb8a5 |
08-Nov-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 72d25ce1: am b53788de: am a7716718: Label /data/misc/media and allow mediaserver access to it. * commit '72d25ce196f5dd37f217c2dad79784871849a53b': Label /data/misc/media and allow mediaserver access to it.
|
72d25ce196f5dd37f217c2dad79784871849a53b |
08-Nov-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am b53788de: am a7716718: Label /data/misc/media and allow mediaserver access to it. * commit 'b53788de984f05bff63c1a617cea4e1fbab9cfbb': Label /data/misc/media and allow mediaserver access to it.
|
b53788de984f05bff63c1a617cea4e1fbab9cfbb |
08-Nov-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am a7716718: Label /data/misc/media and allow mediaserver access to it. * commit 'a771671877d306804dbbf5a8e6baa03c877f890d': Label /data/misc/media and allow mediaserver access to it.
|
86337bf6ec60fb6a0cc07c3f900efc94d9922b00 |
08-Nov-2013 |
Geremy Condra <gcondra@google.com> |
am 9443965c: am eac6e590: am ddf98fa8: Neverallow access to the kmem device from userspace. * commit '9443965cfba15dd3e3814c165f067ad9a5566789': Neverallow access to the kmem device from userspace.
|
a771671877d306804dbbf5a8e6baa03c877f890d |
04-Nov-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Label /data/misc/media and allow mediaserver access to it. Otherwise we get denials like these on 4.4: type=1400 audit(1383590170.360:29): avc: denied { write } for pid=61 comm="mediaserver" name="media" dev="mtdblock1" ino=6416 scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir type=1400 audit(1383590170.360:29): avc: denied { add_name } for pid=61 comm="mediaserver" name="emulator.camera.hotplug.0" scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir type=1400 audit(1383590170.360:29): avc: denied { create } for pid=61 comm="mediaserver" name="emulator.camera.hotplug.0" scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=file type=1400 audit(1383590170.360:29): avc: denied { write open } for pid=61 comm="mediaserver" name="emulator.camera.hotplug.0" dev="mtdblock1" ino=6431 scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=file type=1400 audit(1383590255.100:231): avc: denied { write } for pid=832 comm="mediaserver" name="emulator.camera.hotplug.0" dev="mtdblock1" ino=6431 scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=file type=1400 audit(1383590255.100:231): avc: denied { open } for pid=832 comm="mediaserver" name="emulator.camera.hotplug.0" dev="mtdblock1" ino=6431 scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=file Change-Id: Ic374488f8b62bd4f8b3c90f30da0e8d1ed1a7343 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ile.te
ile_contexts
ediaserver.te
|
9443965cfba15dd3e3814c165f067ad9a5566789 |
08-Nov-2013 |
Geremy Condra <gcondra@google.com> |
am eac6e590: am ddf98fa8: Neverallow access to the kmem device from userspace. * commit 'eac6e59020eee640e08fdbf055ed2b78e6c5095e': Neverallow access to the kmem device from userspace.
|
eac6e59020eee640e08fdbf055ed2b78e6c5095e |
08-Nov-2013 |
Geremy Condra <gcondra@google.com> |
am ddf98fa8: Neverallow access to the kmem device from userspace. * commit 'ddf98fa8cf11000f91329945abc23ee791adfe69': Neverallow access to the kmem device from userspace.
|
ddf98fa8cf11000f91329945abc23ee791adfe69 |
31-Oct-2013 |
Geremy Condra <gcondra@google.com> |
Neverallow access to the kmem device from userspace. Change-Id: If26baa947ff462f5bb09b75918a4130097de5ef4
pp.te
omain.te
etd.te
nconfined.te
|
3485a3b133e0eac7df9e76caaa8bac195f91d334 |
08-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am 45536dfd: am 7bc576d5: am 0ea4ac8a: Merge "Move goldfish-specific rules to their own directory." * commit '45536dfda1ef0b0560fc88a5d40be022f14c043b': Move goldfish-specific rules to their own directory.
|
04074d8158abaa600980aa91b18c9476ee19645b |
08-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am 4cafcfd2: am 289fe68b: am 842a1111: Merge "Confine healthd, but leave it permissive for now." * commit '4cafcfd294ec6016ddebdae67e389fbd2e3efa50': Confine healthd, but leave it permissive for now.
|
45536dfda1ef0b0560fc88a5d40be022f14c043b |
08-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am 7bc576d5: am 0ea4ac8a: Merge "Move goldfish-specific rules to their own directory." * commit '7bc576d5d37c079a0cb922a1d76eb419cafecc55': Move goldfish-specific rules to their own directory.
|
7bc576d5d37c079a0cb922a1d76eb419cafecc55 |
08-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am 0ea4ac8a: Merge "Move goldfish-specific rules to their own directory." * commit '0ea4ac8a12efa2f847625917f35b5cbedec3853a': Move goldfish-specific rules to their own directory.
|
0ea4ac8a12efa2f847625917f35b5cbedec3853a |
08-Nov-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Move goldfish-specific rules to their own directory."
|
5cea408e7e7ab8e787972d098231a0874d135ba9 |
08-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am d9a21dbc: am 6b754790: am fec3c5ad: Merge "Make the keystore domain enforcing." * commit 'd9a21dbcfed16d3e7020c1fe61c85617c043f726': Make the keystore domain enforcing.
|
4cafcfd294ec6016ddebdae67e389fbd2e3efa50 |
07-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am 289fe68b: am 842a1111: Merge "Confine healthd, but leave it permissive for now." * commit '289fe68b3ecbc05395d78bfe77fb15bc9512a571': Confine healthd, but leave it permissive for now.
|
289fe68b3ecbc05395d78bfe77fb15bc9512a571 |
07-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am 842a1111: Merge "Confine healthd, but leave it permissive for now." * commit '842a1111c0544f7f855b0cdc4cceee8a370af759': Confine healthd, but leave it permissive for now.
|
842a1111c0544f7f855b0cdc4cceee8a370af759 |
07-Nov-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Confine healthd, but leave it permissive for now."
|
d9a21dbcfed16d3e7020c1fe61c85617c043f726 |
07-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am 6b754790: am fec3c5ad: Merge "Make the keystore domain enforcing." * commit '6b754790b56cbe3617ea1f715d3f3236d7b7ad78': Make the keystore domain enforcing.
|
6b754790b56cbe3617ea1f715d3f3236d7b7ad78 |
07-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am fec3c5ad: Merge "Make the keystore domain enforcing." * commit 'fec3c5ad80cb5323ab7b6b808faca032c3973fc5': Make the keystore domain enforcing.
|
fec3c5ad80cb5323ab7b6b808faca032c3973fc5 |
07-Nov-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Make the keystore domain enforcing."
|
919233b0529ee7583279b0c7298ae11d5b39ed55 |
07-Nov-2013 |
Elliott Hughes <enh@google.com> |
am dcb30a64: am 1e38a555: am aaac2468: /system/bin/ash and /system/bin/mksh are dead. * commit 'dcb30a64a0212af51ad0041c0c589cbfed9d4727': /system/bin/ash and /system/bin/mksh are dead.
|
dcb30a64a0212af51ad0041c0c589cbfed9d4727 |
07-Nov-2013 |
Elliott Hughes <enh@google.com> |
am 1e38a555: am aaac2468: /system/bin/ash and /system/bin/mksh are dead. * commit '1e38a5550160ccac8a9d90d8c4052072f2fa90af': /system/bin/ash and /system/bin/mksh are dead.
|
1e38a5550160ccac8a9d90d8c4052072f2fa90af |
07-Nov-2013 |
Elliott Hughes <enh@google.com> |
am aaac2468: /system/bin/ash and /system/bin/mksh are dead. * commit 'aaac24688ee623a19525f25fe1fc81b60197f6f5': /system/bin/ash and /system/bin/mksh are dead.
|
aaac24688ee623a19525f25fe1fc81b60197f6f5 |
05-Nov-2013 |
Elliott Hughes <enh@google.com> |
/system/bin/ash and /system/bin/mksh are dead. Long live /system/bin/sh! Change-Id: I5af63c1bdc3585835ee273ed9995d8fac14792da
ile_contexts
|
2a604adf1b8fd887f01bc717d64fd1c8105f4d8e |
04-Nov-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Confine healthd, but leave it permissive for now. Remove unconfined_domain() and add the allow rules required for operation of healthd. Restore the permissive declaration until I8a3e0db15ec5f4eb05d455a57e8446a8c2b484c2 is applied to the 3.4 kernel. Resolves the following denials in 4.4: type=1400 audit(1383590167.750:14): avc: denied { read } for pid=49 comm="healthd" path="/sbin/healthd" dev="rootfs" ino=1232 scontext=u:r:healthd:s0 tcontext=u:object_r:rootfs:s0 tclass=file type=1400 audit(1383590167.750:15): avc: denied { mknod } for pid=49 comm="healthd" capability=27 scontext=u:r:healthd:s0 tcontext=u:r:healthd:s0 tclass=capability type=1400 audit(1383590167.750:16): avc: denied { create } for pid=49 comm="healthd" scontext=u:r:healthd:s0 tcontext=u:r:healthd:s0 tclass=netlink_kobject_uevent_socket type=1400 audit(1383590167.750:17): avc: denied { setopt } for pid=49 comm="healthd" scontext=u:r:healthd:s0 tcontext=u:r:healthd:s0 tclass=netlink_kobject_uevent_socket type=1400 audit(1383590167.750:17): avc: denied { net_admin } for pid=49 comm="healthd" capability=12 scontext=u:r:healthd:s0 tcontext=u:r:healthd:s0 tclass=capability type=1400 audit(1383590167.750:18): avc: denied { bind } for pid=49 comm="healthd" scontext=u:r:healthd:s0 tcontext=u:r:healthd:s0 tclass=netlink_kobject_uevent_socket shell@generic:/ $ type=1400 audit(1383590168.800:21): avc: denied { call } for pid=49 comm="healthd" scontext=u:r:healthd:s0 tcontext=u:r:servicemanager:s0 tclass=binder type=1400 audit(1383590168.800:22): avc: denied { transfer } for pid=49 comm="healthd" scontext=u:r:healthd:s0 tcontext=u:r:servicemanager:s0 tclass=binder type=1400 audit(1383590168.800:23): avc: denied { 0x10 } for pid=49 comm="healthd" capability=36 scontext=u:r:healthd:s0 tcontext=u:r:healthd:s0 tclass=capability2 type=1400 audit(1383590168.800:24): avc: denied { read } for pid=49 comm="healthd" scontext=u:r:healthd:s0 tcontext=u:r:healthd:s0 tclass=netlink_kobject_uevent_socket type=1400 audit(1383590212.320:161): avc: denied { call } for pid=376 comm="system_server" scontext=u:r:system_server:s0 tcontext=u:r:healthd:s0 tclass=binder type=1400 audit(1383590212.320:161): avc: denied { transfer } for pid=376 comm="system_server" scontext=u:r:system_server:s0 tcontext=u:r:healthd:s0 tclass=binder type=1400 audit(1383590212.320:162): avc: denied { call } for pid=49 comm="healthd" scontext=u:r:healthd:s0 tcontext=u:r:system_server:s0 tclass=binder type=1400 audit(1383590275.930:463): avc: denied { call } for pid=49 comm="healthd" scontext=u:r:healthd:s0 tcontext=u:r:system_server:s0 tclass=binder Change-Id: Iacd058edfa1e913a8f24ce8937d2d76c928d6740 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ealthd.te
ystem_server.te
|
4e2171a149551ff842ab893abaf4c1c406e136f7 |
07-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am fdc009d4: am a74edc15: am f232f25b: Merge "Move audio_firmware_file and /data/misc/audio entry to core sepolicy." * commit 'fdc009d44d36cb2d7737ad777e3006a28253f51b': Move audio_firmware_file and /data/misc/audio entry to core sepolicy.
|
846ec612c75b05a98bd002b5c9ab8b03196399a9 |
07-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am 1da95ae3: am ca056dce: am 2d8dcb73: Revert "Make the keystore domain enforcing." * commit '1da95ae3981239b5c15e5d3877c90bf7362ef4e1': Revert "Make the keystore domain enforcing."
|
fdc009d44d36cb2d7737ad777e3006a28253f51b |
07-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am a74edc15: am f232f25b: Merge "Move audio_firmware_file and /data/misc/audio entry to core sepolicy." * commit 'a74edc1522492d143fddec1dccbe49859acf6767': Move audio_firmware_file and /data/misc/audio entry to core sepolicy.
|
1da95ae3981239b5c15e5d3877c90bf7362ef4e1 |
07-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am ca056dce: am 2d8dcb73: Revert "Make the keystore domain enforcing." * commit 'ca056dce951b22970a3426ff2ca9a29ef42e9e06': Revert "Make the keystore domain enforcing."
|
a74edc1522492d143fddec1dccbe49859acf6767 |
07-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am f232f25b: Merge "Move audio_firmware_file and /data/misc/audio entry to core sepolicy." * commit 'f232f25b0b1fe736a713239963aa0fae1835f0e5': Move audio_firmware_file and /data/misc/audio entry to core sepolicy.
|
f232f25b0b1fe736a713239963aa0fae1835f0e5 |
07-Nov-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Move audio_firmware_file and /data/misc/audio entry to core sepolicy."
|
870c4e5e77d41bdf907b47eccca4f5ce6a38b509 |
31-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make the keystore domain enforcing. Change-Id: I7ef479ac1806b0a52bb0145a82d6d4265edc1f3e Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Bug: 11518274
eystore.te
|
ca056dce951b22970a3426ff2ca9a29ef42e9e06 |
06-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am 2d8dcb73: Revert "Make the keystore domain enforcing." * commit '2d8dcb732cc6e5f54fe3b3bb57a81c287c419e93': Revert "Make the keystore domain enforcing."
|
a7c8ea864ee9f82ca7aeb8e0bc13af72fcf6e096 |
06-Nov-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Move audio_firmware_file and /data/misc/audio entry to core sepolicy. Change-Id: Ib8c96ab9e19d34e8e34a4c859528345763be4906 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ile.te
ile_contexts
ediaserver.te
|
2e0b4a149e9eaf59514ee6d32aee3fb8ee0df3e0 |
05-Nov-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Move goldfish-specific rules to their own directory. Change-Id: I1bdd80f641db05fef4714654515c1e1fbb259794 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
omain.te
|
2d8dcb732cc6e5f54fe3b3bb57a81c287c419e93 |
05-Nov-2013 |
Nick Kralevich <nnk@google.com> |
Revert "Make the keystore domain enforcing." This is causing runtime restarts on flo/deb when uninstalling some APKs. Revert while I investigate it. 11-04 21:52:41.487 687 704 I ActivityManager: Force stopping com.android.development appid=10078 user=-1: uninstall pkg 11-04 21:52:41.487 687 712 W PackageManager: Couldn't delete native library directory /data/app-lib/com.android.development 11-04 21:52:41.557 687 712 W dalvikvm: threadid=20: thread exiting with uncaught exception (group=0x959dfae8) 11-04 21:52:41.557 687 712 E AndroidRuntime: *** FATAL EXCEPTION IN SYSTEM PROCESS: PackageManager 11-04 21:52:41.557 687 712 E AndroidRuntime: java.lang.NullPointerException 11-04 21:52:41.557 687 712 E AndroidRuntime: at android.security.KeyStore.clearUid(KeyStore.java:327) 11-04 21:52:41.557 687 712 E AndroidRuntime: at com.android.server.pm.PackageManagerService.removeKeystoreDataIfNeeded(PackageManagerService.java:9787) 11-04 21:52:41.557 687 712 E AndroidRuntime: at com.android.server.pm.PackageManagerService.removePackageDataLI(PackageManagerService.java:9384) 11-04 21:52:41.557 687 712 E AndroidRuntime: at com.android.server.pm.PackageManagerService.deleteInstalledPackageLI(PackageManagerService.java:9503) 11-04 21:52:41.557 687 712 E AndroidRuntime: at com.android.server.pm.PackageManagerService.deletePackageLI(PackageManagerService.java:9612) 11-04 21:52:41.557 687 712 E AndroidRuntime: at com.android.server.pm.PackageManagerService.deletePackageX(PackageManagerService.java:9239) 11-04 21:52:41.557 687 712 E AndroidRuntime: at com.android.server.pm.PackageManagerService.access$4100(PackageManagerService.java:178) 11-04 21:52:41.557 687 712 E AndroidRuntime: at com.android.server.pm.PackageManagerService$7.run(PackageManagerService.java:9173) 11-04 21:52:41.557 687 712 E AndroidRuntime: at android.os.Handler.handleCallback(Handler.java:733) 11-04 21:52:41.557 687 712 E AndroidRuntime: at android.os.Handler.dispatchMessage(Handler.java:95) 11-04 21:52:41.557 687 712 E AndroidRuntime: at android.os.Looper.loop(Looper.java:136) 11-04 21:52:41.557 687 712 E AndroidRuntime: at android.os.HandlerThread.run(HandlerThread.java:61) 11-04 21:52:41.567 687 712 I Process : Sending signal. PID: 687 SIG: 9 and [ 7.324554] type=1400 audit(1383601030.823:5): avc: denied { read write } for pid=192 comm="keystore" name="qseecom" dev="tmpfs" ino=7521 scontext=u:r:keystore:s0 tcontext=u:object_r:device:s0 tclass=chr_file This reverts commit 709d71836d2c94b76f4b622d8f0a3eb92c9952a2. Bug: 11518274
eystore.te
|
43b61a1ce04b44ffb6d57d3456b2a0e32fadb4bc |
04-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am 3bd55a8a: am 3cedab40: am 7316b18a: README: recommend concatenation vs assignment * commit '3bd55a8aba8c5b4775594d10a1583d1e5e07901e': README: recommend concatenation vs assignment
|
3bd55a8aba8c5b4775594d10a1583d1e5e07901e |
04-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am 3cedab40: am 7316b18a: README: recommend concatenation vs assignment * commit '3cedab401851ee714233f99ce97cb91fc13a2f26': README: recommend concatenation vs assignment
|
3cedab401851ee714233f99ce97cb91fc13a2f26 |
04-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am 7316b18a: README: recommend concatenation vs assignment * commit '7316b18a6c8706635592d2c60c40a505b4654312': README: recommend concatenation vs assignment
|
7316b18a6c8706635592d2c60c40a505b4654312 |
02-Nov-2013 |
Nick Kralevich <nnk@google.com> |
README: recommend concatenation vs assignment Recommend using concatenation versus assignment when making policy declarations inside BoardConfig.mk. This will allow sepolicy to exist in the vendor directory. Change-Id: If982217fcb3645d9c6b37a341755b5b65f26fc5f
EADME
|
8226c3e361d57f0e7b75187a39f9241ca934967f |
01-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am 92c77e55: am ed06d204: am cd95e0ac: Allow system_server to set powerctl_prop * commit '92c77e550062b44c93245df09801b58171a4c033': Allow system_server to set powerctl_prop
|
92c77e550062b44c93245df09801b58171a4c033 |
01-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am ed06d204: am cd95e0ac: Allow system_server to set powerctl_prop * commit 'ed06d204fb356a7211290c30b8a6ef91506e68a2': Allow system_server to set powerctl_prop
|
ed06d204fb356a7211290c30b8a6ef91506e68a2 |
01-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am cd95e0ac: Allow system_server to set powerctl_prop * commit 'cd95e0acf18c940288f4abb8e1cfe6c052bb6543': Allow system_server to set powerctl_prop
|
cd95e0acf18c940288f4abb8e1cfe6c052bb6543 |
01-Nov-2013 |
Nick Kralevich <nnk@google.com> |
Allow system_server to set powerctl_prop Otherwise we break "adb root && adb shell svc power reboot", which has the side effect of killing all of our test automation (oops). Bug: 11477487 Change-Id: I199b0a3a8c47a4830fe8c872dae9ee3a5a0cb631
ystem_server.te
|
34d04498f67bd7316df7d8d42c81d8e1e3d9f888 |
01-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am 3f5dfde8: am 74ae46a0: am dd1ec6d5: Give system_server / system_app ability to write some properties * commit '3f5dfde881b34de26e4b77a0f7e1ae9bc7b294b5': Give system_server / system_app ability to write some properties
|
3f5dfde881b34de26e4b77a0f7e1ae9bc7b294b5 |
01-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am 74ae46a0: am dd1ec6d5: Give system_server / system_app ability to write some properties * commit '74ae46a0a5eaa40b2d012adb9d67fb23a1a2a789': Give system_server / system_app ability to write some properties
|
74ae46a0a5eaa40b2d012adb9d67fb23a1a2a789 |
01-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am dd1ec6d5: Give system_server / system_app ability to write some properties * commit 'dd1ec6d557e80c688f7f1e4aef522b6441e8151a': Give system_server / system_app ability to write some properties
|
dd1ec6d557e80c688f7f1e4aef522b6441e8151a |
01-Nov-2013 |
Nick Kralevich <nnk@google.com> |
Give system_server / system_app ability to write some properties Allow writing to persist.sys and debug. This addresses the following denials (which are actually being enforced): <4>[ 131.700473] avc: denied { set } for property=debug.force_rtl scontext=u:r:system_server:s0 tcontext=u:object_r:shell_prop:s0 tclass=property_service <3>[ 131.700625] init: sys_prop: permission denied uid:1000 name:debug.force_rtl <4>[ 132.630062] avc: denied { set } for property=persist.sys.dalvik.vm.lib scontext=u:r:system_app:s0 tcontext=u:object_r:system_prop:s0 tclass=property_service <3>[ 132.630184] init: sys_prop: permission denied uid:1000 name:persist.sys.dalvik.vm.lib Change-Id: I5d114c0d963bf393f49f1bf13d1ed84137fbcca6
roperty.te
roperty_contexts
ystem_app.te
ystem_server.te
|
6ffbbcdfc5a4045b30c1a35da44e998447a6b4b3 |
01-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am 767df85a: am 4358866a: am 58da198a: Merge "Confine system_server, but leave it permissive for now." * commit '767df85ac98f2371df58362e0fb4d1582d7bb9c9': Confine system_server, but leave it permissive for now.
|
a96b82334e061008464ad4ecbe9b8e704fec88c8 |
01-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am e1a0353c: am 20f4ed47: am 98f8b27f: Merge "Confine hci_attach, but leave it permissive for now." * commit 'e1a0353cd5ddbb3d5a589646d29574ab8187c9b5': Confine hci_attach, but leave it permissive for now.
|
9d33d84d5b37c6445372ae626d0b4f8a93e0dd2c |
01-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am afe8e06f: am 63f32e72: am 893cbcfd: Merge "Confine surfaceflinger, but leave it permissive for now." * commit 'afe8e06f25d1cf95cfaa82443ceded1bc01e065a': Confine surfaceflinger, but leave it permissive for now.
|
767df85ac98f2371df58362e0fb4d1582d7bb9c9 |
01-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am 4358866a: am 58da198a: Merge "Confine system_server, but leave it permissive for now." * commit '4358866a267693cfd2157bc92372d3386fcf75bb': Confine system_server, but leave it permissive for now.
|
e1a0353cd5ddbb3d5a589646d29574ab8187c9b5 |
01-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am 20f4ed47: am 98f8b27f: Merge "Confine hci_attach, but leave it permissive for now." * commit '20f4ed470879fe29ddee1d1f983e100d3b1f052d': Confine hci_attach, but leave it permissive for now.
|
afe8e06f25d1cf95cfaa82443ceded1bc01e065a |
01-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am 63f32e72: am 893cbcfd: Merge "Confine surfaceflinger, but leave it permissive for now." * commit '63f32e724744a06efa7e5f126a2aa237fa4ae903': Confine surfaceflinger, but leave it permissive for now.
|
4358866a267693cfd2157bc92372d3386fcf75bb |
01-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am 58da198a: Merge "Confine system_server, but leave it permissive for now." * commit '58da198a9071ca0797081579762955346621816e': Confine system_server, but leave it permissive for now.
|
20f4ed470879fe29ddee1d1f983e100d3b1f052d |
01-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am 98f8b27f: Merge "Confine hci_attach, but leave it permissive for now." * commit '98f8b27fdec640309e8a0aec5076fbabb065e2ef': Confine hci_attach, but leave it permissive for now.
|
63f32e724744a06efa7e5f126a2aa237fa4ae903 |
01-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am 893cbcfd: Merge "Confine surfaceflinger, but leave it permissive for now." * commit '893cbcfd7a8f908ea1e3c46737f21d0209eabc3e': Confine surfaceflinger, but leave it permissive for now.
|
58da198a9071ca0797081579762955346621816e |
01-Nov-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Confine system_server, but leave it permissive for now."
|
98f8b27fdec640309e8a0aec5076fbabb065e2ef |
01-Nov-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Confine hci_attach, but leave it permissive for now."
|
893cbcfd7a8f908ea1e3c46737f21d0209eabc3e |
01-Nov-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Confine surfaceflinger, but leave it permissive for now."
|
0fd0006945c4679cd61385b755fe7e0ae607d092 |
01-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am 3b716c32: am d25955eb: am e4ba4723: Merge "Make the keystore domain enforcing." * commit '3b716c327ab2a52248521f2a09c301f22bcc3e7e': Make the keystore domain enforcing.
|
3b716c327ab2a52248521f2a09c301f22bcc3e7e |
01-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am d25955eb: am e4ba4723: Merge "Make the keystore domain enforcing." * commit 'd25955eb7b206c83bf6eaf899149008c5375e3da': Make the keystore domain enforcing.
|
d25955eb7b206c83bf6eaf899149008c5375e3da |
01-Nov-2013 |
Nick Kralevich <nnk@google.com> |
am e4ba4723: Merge "Make the keystore domain enforcing." * commit 'e4ba472363c80ccd7b09bfa58376ba91c96191f9': Make the keystore domain enforcing.
|
e4ba472363c80ccd7b09bfa58376ba91c96191f9 |
01-Nov-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Make the keystore domain enforcing."
|
24612a29e08e431b9e7b7096bae2a53225b9599c |
01-Nov-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
am 75cb7993: am e12f0d91: am c9bb91da: Reintroduce -Wall -Werror to check_seapp. * commit '75cb79938f1da6b41f92763531e568d558fab0d6': Reintroduce -Wall -Werror to check_seapp.
|
75cb79938f1da6b41f92763531e568d558fab0d6 |
01-Nov-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
am e12f0d91: am c9bb91da: Reintroduce -Wall -Werror to check_seapp. * commit 'e12f0d91513aa1eaf76bf036237b20496143e952': Reintroduce -Wall -Werror to check_seapp.
|
e12f0d91513aa1eaf76bf036237b20496143e952 |
01-Nov-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
am c9bb91da: Reintroduce -Wall -Werror to check_seapp. * commit 'c9bb91da5fc84bce936f0795d18bf5c36fa5db6f': Reintroduce -Wall -Werror to check_seapp.
|
c9bb91da5fc84bce936f0795d18bf5c36fa5db6f |
01-Nov-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
Reintroduce -Wall -Werror to check_seapp. Also add attribute for a potential unused function argument when dealing with darwin SDK builds. Change-Id: Iefdbecb050cc5fff6036f15413566e10cefa3813
ools/Android.mk
ools/check_seapp.c
|
cc9df158ea25dc9eb21a1bad47d9e6f03d7ead1f |
31-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am e27d6999: am 28683e04: am 2d8a4237: Revert -Wall -Werror * commit 'e27d69999b23f765e3c294515152159bf86dbf38': Revert -Wall -Werror
|
e27d69999b23f765e3c294515152159bf86dbf38 |
31-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am 28683e04: am 2d8a4237: Revert -Wall -Werror * commit '28683e048ab8fdc4abdcfd8968c7bc909e68732a': Revert -Wall -Werror
|
28683e048ab8fdc4abdcfd8968c7bc909e68732a |
31-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am 2d8a4237: Revert -Wall -Werror * commit '2d8a42373e483d0f3b952699ada5bbf323593d8a': Revert -Wall -Werror
|
2d8a42373e483d0f3b952699ada5bbf323593d8a |
31-Oct-2013 |
Nick Kralevich <nnk@google.com> |
Revert -Wall -Werror Temporarily revert -Wall -Werror on checkseapp. This is causing a compiler error on darwin SDK builds. cc1: warnings being treated as errors external/sepolicy/tools/check_seapp.c: In function 'rule_map_free': external/sepolicy/tools/check_seapp.c:439: warning: unused parameter 's' make: *** [out/host/darwin-x86/obj/EXECUTABLES/checkseapp_intermediates/check_seapp.o] Error 1 Change-Id: I9776777a751f16d5ca0d90e731482c31dac813f9
ools/Android.mk
|
3f44a066486e1b20b896ba32de1aa6db82f393fe |
31-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am 0950812b: am 11214434: am 9056b19d: Merge "Add sepolicy-analyze tool." * commit '0950812bd7060e7fe6abe66f6037642dbe1ab10d': Add sepolicy-analyze tool.
|
0950812bd7060e7fe6abe66f6037642dbe1ab10d |
31-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am 11214434: am 9056b19d: Merge "Add sepolicy-analyze tool." * commit '1121443496923d06f9d9d1bbbf9051fab8e1f94d': Add sepolicy-analyze tool.
|
1121443496923d06f9d9d1bbbf9051fab8e1f94d |
31-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am 9056b19d: Merge "Add sepolicy-analyze tool." * commit '9056b19da55a4e6786432f859705761ba99e435a': Add sepolicy-analyze tool.
|
9056b19da55a4e6786432f859705761ba99e435a |
31-Oct-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Add sepolicy-analyze tool."
|
ba6c8f087f0acca08f8c929f9bf5463dc6d8f660 |
31-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am 684b02fd: am 514724db: am e45b7de4: Merge "Confine drmserver, but leave it permissive for now." * commit '684b02fddd88840679736b51013cd08081ee378a': Confine drmserver, but leave it permissive for now.
|
684b02fddd88840679736b51013cd08081ee378a |
31-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am 514724db: am e45b7de4: Merge "Confine drmserver, but leave it permissive for now." * commit '514724db211a9627b09a53fe126789eb0b68d8fe': Confine drmserver, but leave it permissive for now.
|
514724db211a9627b09a53fe126789eb0b68d8fe |
31-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am e45b7de4: Merge "Confine drmserver, but leave it permissive for now." * commit 'e45b7de45f2299b73a2576aefaa98e61d2aae3ec': Confine drmserver, but leave it permissive for now.
|
e45b7de45f2299b73a2576aefaa98e61d2aae3ec |
31-Oct-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Confine drmserver, but leave it permissive for now."
|
7b2bee99c18b8cb3f52161b1191d16b8ab50b08f |
31-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Add sepolicy-analyze tool. And also remove the unnecessary references to libselinux for sepolicy-check, as it has no dependencies on libselinux. Also enable -Wall -Werror on building all of these tools and fix up all such errors. Usage: $ sepolicy-analyze -e -P out/target/product/<device>/root/sepolicy or $ sepolicy-analyze -d -P out/target/product/<device>/root/sepolicy The first form will display all type pairs that are "equivalent", i.e. they are identical with respect to allow rules, including indirect allow rules via attributes and default-enabled conditional rules (i.e. default boolean values yield a true conditional expression). Equivalent types are candidates for being coalesced into a single type. However, there may be legitimate reasons for them to remain separate, for example: - the types may differ in a respect not included in the current analysis, such as default-disabled conditional rules, audit-related rules (auditallow or dontaudit), default type transitions, or constraints (e.g. mls), or - the current policy may be overly permissive with respect to one or the other of the types and thus the correct action may be to tighten access to one or the other rather than coalescing them together, or - the domains that would in fact have different accesses to the types may not yet be defined or may be unconfined in the policy you are analyzing (e.g. in AOSP policy). The second form will display type pairs that differ and the first difference found between the two types. This output can be long. We have plans to explore further enhancements to this tool, including support for identifying isomorphic types. That will be required to identify similar domains since all domains differ in at least their entrypoint type and in their tmpfs type and thus will never show up as equivalent even if they are in all other respects identical to each other. Change-Id: If0ee00188469d2a1e165fdd52f235c705d22cd4e Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ools/Android.mk
ools/check_seapp.c
ools/sepolicy-analyze.c
ools/sepolicy-check.c
|
2d464becddf240bf75b1a036cb33c620de74519f |
31-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am d6caafdc: am a3dde731: am 95cd6e09: Merge "Make the servicemanager domain enforcing." * commit 'd6caafdc585cac590a94dd0f8fba8acedf0cdcfc': Make the servicemanager domain enforcing.
|
d6caafdc585cac590a94dd0f8fba8acedf0cdcfc |
31-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am a3dde731: am 95cd6e09: Merge "Make the servicemanager domain enforcing." * commit 'a3dde731b17a5a185062d5772c4179372e185d54': Make the servicemanager domain enforcing.
|
a3dde731b17a5a185062d5772c4179372e185d54 |
31-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am 95cd6e09: Merge "Make the servicemanager domain enforcing." * commit '95cd6e09a0c3f67c302d4aabbd677c8598a22b3d': Make the servicemanager domain enforcing.
|
709d71836d2c94b76f4b622d8f0a3eb92c9952a2 |
31-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make the keystore domain enforcing. Change-Id: I8f4964fb31e91d9f384ef05df5acdcdd45dec08b Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
eystore.te
|
95cd6e09a0c3f67c302d4aabbd677c8598a22b3d |
31-Oct-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Make the servicemanager domain enforcing."
|
78dffe934e9dbd0ad26998f36467d0fa9596cec0 |
31-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am eee41177: am 30ab1f81: am 68ce74b4: Merge "readme: add info on generating pem files from apks" * commit 'eee41177a159309be879882d6e7906c827646768': readme: add info on generating pem files from apks
|
eee41177a159309be879882d6e7906c827646768 |
31-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am 30ab1f81: am 68ce74b4: Merge "readme: add info on generating pem files from apks" * commit '30ab1f81f368528a382f2a54a2032b0394fd8a7a': readme: add info on generating pem files from apks
|
30ab1f81f368528a382f2a54a2032b0394fd8a7a |
31-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am 68ce74b4: Merge "readme: add info on generating pem files from apks" * commit '68ce74b4e7d2818a53c6e36cc289b6c5b02653a7': readme: add info on generating pem files from apks
|
68ce74b4e7d2818a53c6e36cc289b6c5b02653a7 |
31-Oct-2013 |
Nick Kralevich <nnk@google.com> |
Merge "readme: add info on generating pem files from apks"
|
0b061c91c7c11b7bf001cdeff6eb3d2447e842f1 |
31-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am 4fd447ce: am 57cc77ff: am cdf54ba7: Merge "Confine keystore, but leave it permissive for now." * commit '4fd447ce52bd8b0b7809d6bd10881b957b33473b': Confine keystore, but leave it permissive for now.
|
4fd447ce52bd8b0b7809d6bd10881b957b33473b |
31-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am 57cc77ff: am cdf54ba7: Merge "Confine keystore, but leave it permissive for now." * commit '57cc77ffca620d6993447c777f844f57c86d4394': Confine keystore, but leave it permissive for now.
|
57cc77ffca620d6993447c777f844f57c86d4394 |
31-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am cdf54ba7: Merge "Confine keystore, but leave it permissive for now." * commit 'cdf54ba7f8846aac62350ee47867ddc85d9e64d1': Confine keystore, but leave it permissive for now.
|
cdf54ba7f8846aac62350ee47867ddc85d9e64d1 |
31-Oct-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Confine keystore, but leave it permissive for now."
|
4faba8d2f18cf1bf4aca9ad5f45969c33f7eb5dc |
31-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 0fb13748: am 5298a4f6: am b3c48b66: Change the type on /dev/uinput to match /dev/uhid. * commit '0fb137487fa10505c2a22f39edf8991f7808961e': Change the type on /dev/uinput to match /dev/uhid.
|
0fb137487fa10505c2a22f39edf8991f7808961e |
31-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 5298a4f6: am b3c48b66: Change the type on /dev/uinput to match /dev/uhid. * commit '5298a4f6108695d44498c65f4af0c8eb15f40847': Change the type on /dev/uinput to match /dev/uhid.
|
5298a4f6108695d44498c65f4af0c8eb15f40847 |
31-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am b3c48b66: Change the type on /dev/uinput to match /dev/uhid. * commit 'b3c48b66bcc9dad62a461fdc3595a70c07ff8fd3': Change the type on /dev/uinput to match /dev/uhid.
|
84db17fd356c288d7047097413f3466209493c75 |
31-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am df15a0d5: am 1680ce64: am 8c302d0f: Merge "Move sysfs_devices_system_cpu to the central policy." * commit 'df15a0d5486262b11956ef0fab84c70b774592a0': Move sysfs_devices_system_cpu to the central policy.
|
b3c48b66bcc9dad62a461fdc3595a70c07ff8fd3 |
23-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Change the type on /dev/uinput to match /dev/uhid. /dev/uinput is accessed in the same way as /dev/uhid, and unlike /dev/input/*. bluetooth requires access to the former and not to the latter, while shell requires access to the latter and not the former. This is also consistent with their DAC group ownerships (net_bt_stack for /dev/uinput and /dev/uhid vs input for /dev/input/*). Change-Id: I0059d832a7fe036ed888c91e1fb96f3e6e0bd2d4 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
luetooth.te
ile_contexts
|
df15a0d5486262b11956ef0fab84c70b774592a0 |
31-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am 1680ce64: am 8c302d0f: Merge "Move sysfs_devices_system_cpu to the central policy." * commit '1680ce64e953edbc173e017805c60db4b092c799': Move sysfs_devices_system_cpu to the central policy.
|
1680ce64e953edbc173e017805c60db4b092c799 |
31-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am 8c302d0f: Merge "Move sysfs_devices_system_cpu to the central policy." * commit '8c302d0f974892d7c9a2f9aac87f20001609d315': Move sysfs_devices_system_cpu to the central policy.
|
8c302d0f974892d7c9a2f9aac87f20001609d315 |
31-Oct-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Move sysfs_devices_system_cpu to the central policy."
|
b2b62e5bd2292a48dacb99d13aab6f43c53433e7 |
31-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make the servicemanager domain enforcing. Change-Id: I410ba7dc105322135463fa6f76cac75d6b65e38a Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ervicemanager.te
|
fff7916d71fe42600565ac9eee68a4f028deecd6 |
30-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am 85e39f60: am 9002232a: am a59c525c: Merge "Confine servicemanager, but leave it permissive for now." * commit '85e39f607b34187ce1a2cf5c4114d90187cc62dd': Confine servicemanager, but leave it permissive for now.
|
85e39f607b34187ce1a2cf5c4114d90187cc62dd |
30-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am 9002232a: am a59c525c: Merge "Confine servicemanager, but leave it permissive for now." * commit '9002232adbf5fe40b87b9470e8fc7f27f6095466': Confine servicemanager, but leave it permissive for now.
|
9002232adbf5fe40b87b9470e8fc7f27f6095466 |
30-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am a59c525c: Merge "Confine servicemanager, but leave it permissive for now." * commit 'a59c525ce828854eb95334054f535a6255fc62c2': Confine servicemanager, but leave it permissive for now.
|
a59c525ce828854eb95334054f535a6255fc62c2 |
30-Oct-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Confine servicemanager, but leave it permissive for now."
|
967f39a6e88c60b5f65a37397d6619197a1d0514 |
30-Oct-2013 |
Nick Kralevich <nnk@google.com> |
Move sysfs_devices_system_cpu to the central policy. Every device has a CPU. This is not device specific. Allow every domain to read these files/directories. For unknown reasons, these files are accessed by A LOT of processes. Allow ueventd to write to these files. This addresses the following denials seen on mako: <5>[ 4.935602] type=1400 audit(1383167737.512:4): avc: denied { read } for pid=140 comm="ueventd" name="cpu0" dev="sysfs" ino=3163 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=dir <5>[ 4.935785] type=1400 audit(1383167737.512:5): avc: denied { open } for pid=140 comm="ueventd" name="cpu0" dev="sysfs" ino=3163 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=dir <5>[ 4.935937] type=1400 audit(1383167737.512:6): avc: denied { search } for pid=140 comm="ueventd" name="cpu0" dev="sysfs" ino=3163 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=dir <5>[ 4.936120] type=1400 audit(1383167737.512:7): avc: denied { write } for pid=140 comm="ueventd" name="uevent" dev="sysfs" ino=3164 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=file <5>[ 4.936303] type=1400 audit(1383167737.512:8): avc: denied { open } for pid=140 comm="ueventd" name="uevent" dev="sysfs" ino=3164 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=file Change-Id: I4766dc571762d8fae06aa8c26828c070b80f5936
omain.te
ile_contexts
eventd.te
|
9793a452e7cd98a388aa5a9809777d830aaa7fbe |
30-Oct-2013 |
William Roberts <wroberts@tresys.com> |
readme: add info on generating pem files from apks Often times OEMs and other integrators will need to create PEM files from presigned APKs they are integrating. This patch will update the README to include a technique for doing so. Change-Id: Ica52269542409d2038cfe30cbd5f28ead2fba4de
EADME
|
d494fcb6d5db918546fd97c08838aa64b933a762 |
29-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am 49188303: am 968a156d: am 5b38c47b: Allow bluetooth to write to bluetooth properties * commit '491883030df8bc0de78e06be5393c9608dcba6a4': Allow bluetooth to write to bluetooth properties
|
491883030df8bc0de78e06be5393c9608dcba6a4 |
29-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am 968a156d: am 5b38c47b: Allow bluetooth to write to bluetooth properties * commit '968a156d981dee060566e92415df22db13e8b3c8': Allow bluetooth to write to bluetooth properties
|
968a156d981dee060566e92415df22db13e8b3c8 |
29-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am 5b38c47b: Allow bluetooth to write to bluetooth properties * commit '5b38c47b7e53371f7c400cf9c0f312a1f147dce9': Allow bluetooth to write to bluetooth properties
|
52a85237f7285c4011e1c13409a220bd79e74e13 |
29-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Confine surfaceflinger, but leave it permissive for now. Change-Id: Id6d89e7d87642fba22445484034e39f94bb90f5b Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
urfaceflinger.te
|
5b38c47b7e53371f7c400cf9c0f312a1f147dce9 |
29-Oct-2013 |
Nick Kralevich <nnk@google.com> |
Allow bluetooth to write to bluetooth properties Some bluetooth implementations write to bluetooth.* properties. It seems reasonable to allow this for all bluetooth implementations. This addresses the following denial (seen on mako): <4>[ 132.182755] avc: denied { set } for property=bluetooth.hciattach scontext=u:r:bluetooth:s0 tcontext=u:object_r:bluetooth_prop:s0 tclass=property_service Change-Id: I6d92c0ff108838dd1107c5fb3c436699ef824814
luetooth.te
|
1ff644112e260d2aab55e696b32350dcda0a99b8 |
29-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Confine system_server, but leave it permissive for now. Change-Id: Ia0de9d739575c34a7391db5f0be24048d89a7bd1 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ystem_server.te
|
cfb2e99f9272ce670e703935db724021fcf32722 |
29-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Confine servicemanager, but leave it permissive for now. Change-Id: Ib29d63b9bff0d3b1b2c152c4e4d82e21360aacc5 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ervicemanager.te
|
23ceab3f9b2741fc6712715b5b298c8d594ba326 |
29-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Confine ping, but leave it permissive for now. Change-Id: I3fda2946271456dbe0905651c5015d9eb120a8ea Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ing.te
|
cdd83f4eaec5a7f8a923caaf5bef635397771ec4 |
29-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Confine keystore, but leave it permissive for now. Change-Id: Ia92165478764b062e7e33e7741742f5ec8762ad9 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
eystore.te
|
e14a51dd31f407e3463a95b1667fd44201405110 |
29-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Confine hci_attach, but leave it permissive for now. Change-Id: I4b6cacf70805065ad6fd9678417283c25a53b51b Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ci_attach.te
|
3b2684887e900f9e0e246f9faa575b0d8a8a3fa0 |
29-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Confine drmserver, but leave it permissive for now. Change-Id: I8f344dda3ab9766b4a72c404061f242e054129cd Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
rmserver.te
|
258cb17abc5bea49a4e56a3a56a9a7b0db60cbfd |
29-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Confine debuggerd, but leave it permissive for now. Change-Id: I09932cdd59f9d3a38e69df9fcfc34cc9cec1d8cd Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ebuggerd.te
|
239585a62af268570812e71a3c8f348f3535a802 |
29-Oct-2013 |
William Roberts <wroberts@tresys.com> |
am 8c8674b1: am f0ed17ed: am fd22922d: README: Add quip on keys.conf supporting env vars * commit '8c8674b1a769e37eeb6149875d4293fc4fe502ef': README: Add quip on keys.conf supporting env vars
|
8c8674b1a769e37eeb6149875d4293fc4fe502ef |
29-Oct-2013 |
William Roberts <wroberts@tresys.com> |
am f0ed17ed: am fd22922d: README: Add quip on keys.conf supporting env vars * commit 'f0ed17edc01aa5891e77085307493ceab623afd3': README: Add quip on keys.conf supporting env vars
|
f0ed17edc01aa5891e77085307493ceab623afd3 |
29-Oct-2013 |
William Roberts <wroberts@tresys.com> |
am fd22922d: README: Add quip on keys.conf supporting env vars * commit 'fd22922d596d6816adf2f4eee050d3cac3e9ce16': README: Add quip on keys.conf supporting env vars
|
fd22922d596d6816adf2f4eee050d3cac3e9ce16 |
28-Oct-2013 |
William Roberts <wroberts@tresys.com> |
README: Add quip on keys.conf supporting env vars Since Change-Id: If4f169d9ed4f37b6ebd062508de058f3baeafead the insert_keys.py tool has had support for expanding environment variable strings. This change addresses the lack of an updated README covering said change. Change-Id: I88e81ea58fb84110da3fc3cfb8b49fd0d6c027c2
EADME
|
d5479276409c721726f2f37519c1541439e9bd26 |
29-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am ac060913: am 0aaacb3c: am dba93a9f: Merge "Make DEFAULT_SYSTEM_DEV_CERTIFICATE available in keys.conf" * commit 'ac06091323c0970d83ad160696cf76426678ea47': Make DEFAULT_SYSTEM_DEV_CERTIFICATE available in keys.conf
|
ac06091323c0970d83ad160696cf76426678ea47 |
29-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am 0aaacb3c: am dba93a9f: Merge "Make DEFAULT_SYSTEM_DEV_CERTIFICATE available in keys.conf" * commit '0aaacb3c2fea875e9ba11c3e9fa4a8577125ae94': Make DEFAULT_SYSTEM_DEV_CERTIFICATE available in keys.conf
|
0aaacb3c2fea875e9ba11c3e9fa4a8577125ae94 |
29-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am dba93a9f: Merge "Make DEFAULT_SYSTEM_DEV_CERTIFICATE available in keys.conf" * commit 'dba93a9f2e9b7b144b57e60bd20e78b38d9c23d9': Make DEFAULT_SYSTEM_DEV_CERTIFICATE available in keys.conf
|
dba93a9f2e9b7b144b57e60bd20e78b38d9c23d9 |
29-Oct-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Make DEFAULT_SYSTEM_DEV_CERTIFICATE available in keys.conf"
|
5f6f59b72d1eece120203fc63521390286e23213 |
28-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am 9b5dfdf9: am 75f670b2: am 067ffcc1: Merge "Confine mediaserver, but leave it permissive for now." * commit '9b5dfdf94dd6fbb62888ed9c92b846cb983b9366': Confine mediaserver, but leave it permissive for now.
|
35c89efe483dce102d6ca9c07473a095d711eb77 |
28-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am 8de83941: am 0e65c20d: am 73c5ea72: fix typo * commit '8de83941ab4187f921bcf425ab1900aaddfef4d9': fix typo
|
9b5dfdf94dd6fbb62888ed9c92b846cb983b9366 |
28-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am 75f670b2: am 067ffcc1: Merge "Confine mediaserver, but leave it permissive for now." * commit '75f670b2090b3a3a17814c05c16b289ef3ecaea9': Confine mediaserver, but leave it permissive for now.
|
8de83941ab4187f921bcf425ab1900aaddfef4d9 |
28-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am 0e65c20d: am 73c5ea72: fix typo * commit '0e65c20d9aac26ee9fcdaa5ac20c8bea4275b789': fix typo
|
75f670b2090b3a3a17814c05c16b289ef3ecaea9 |
28-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am 067ffcc1: Merge "Confine mediaserver, but leave it permissive for now." * commit '067ffcc1e10289bb56e13fa5998c50a2ae2d7992': Confine mediaserver, but leave it permissive for now.
|
067ffcc1e10289bb56e13fa5998c50a2ae2d7992 |
28-Oct-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Confine mediaserver, but leave it permissive for now."
|
c3c9052bc7bf7f55e66a7560a28800066a6e044b |
25-Oct-2013 |
Nick Kralevich <nnk@google.com> |
Make DEFAULT_SYSTEM_DEV_CERTIFICATE available in keys.conf In 9af6f1bd59ee2fb0622db8ff25c4806c5527a0b3, the -d option was dropped from insertkeys.py. This was done to allow an Android distribution to replace the default version of keys.conf distributed in external/sepolicy/keys.conf. keys.conf was modified to reference the publicly known test keys in build/target/product/security. Unfortunately, this broke Google's build of Android. Instead of incorporating our keys directory, we were using the default AOSP keys. As a result, apps were getting assigned to the wrong SELinux domain. (see "Steps to reproduce" below) This change continues to allow others to replace keys.conf, but makes DEFAULT_SYSTEM_DEV_CERTIFICATE available as an environment variable in case the customized version wants to make reference to it. This change also modifies the stock version of keys.conf to use DEFAULT_SYSTEM_DEV_CERTIFICATE, which should be appropriate for most Android distributions. It doesn't make any sense to force each OEM to have a copy of this file. Steps to reproduce. 1) Compile and boot Android. 2) Run the following command: "adb shell ps -Z | grep process.media" Expected: $ adb shell ps -Z | grep process.media u:r:media_app:s0 u0_a5 1332 202 android.process.media Actual: $ adb shell ps -Z | grep process.media u:r:untrusted_app:s0 u0_a5 3617 187 android.process.media Bug: 11327304 Change-Id: Ica24fb25c5f9c0e2f4d181718c757cf372467822
ndroid.mk
eys.conf
|
0e65c20d9aac26ee9fcdaa5ac20c8bea4275b789 |
28-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am 73c5ea72: fix typo * commit '73c5ea722c7ee328f0d10179601afd9d5a054b94': fix typo
|
73c5ea722c7ee328f0d10179601afd9d5a054b94 |
26-Oct-2013 |
Nick Kralevich <nnk@google.com> |
fix typo Change-Id: Ieda312d5607dd17af0bb70045fbaba8ddec38c94
pp.te
|
24e44ef7ba99aa7448200a85a0a1092d5312e874 |
24-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am b27b9832: am 3a12f7b2: am c4a3b510: sysfs_devices_system_cpu should be a sysfs_type * commit 'b27b9832cc3893a1a5c294b5c138a9aa56a5b300': sysfs_devices_system_cpu should be a sysfs_type
|
407ef71e968818abffad07ecf373516ef029264a |
24-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 3d01ba40: am 69eda0f0: am 5637099a: Confine all app domains, but make them permissive for now. * commit '3d01ba4089648d3a7979efe1ca30eb4b79cb8ed4': Confine all app domains, but make them permissive for now.
|
b27b9832cc3893a1a5c294b5c138a9aa56a5b300 |
24-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am 3a12f7b2: am c4a3b510: sysfs_devices_system_cpu should be a sysfs_type * commit '3a12f7b2a9debe897358f6c4c88736729c48713e': sysfs_devices_system_cpu should be a sysfs_type
|
3d01ba4089648d3a7979efe1ca30eb4b79cb8ed4 |
24-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 69eda0f0: am 5637099a: Confine all app domains, but make them permissive for now. * commit '69eda0f0488b9ecbc0853fb0d543740881f64f7d': Confine all app domains, but make them permissive for now.
|
3a12f7b2a9debe897358f6c4c88736729c48713e |
24-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am c4a3b510: sysfs_devices_system_cpu should be a sysfs_type * commit 'c4a3b51062cfc9eaf38d997b6d6609a7dcf3a3c4': sysfs_devices_system_cpu should be a sysfs_type
|
69eda0f0488b9ecbc0853fb0d543740881f64f7d |
24-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 5637099a: Confine all app domains, but make them permissive for now. * commit '5637099a252c7ef647ca22d1d1094d67f54bb916': Confine all app domains, but make them permissive for now.
|
af9238c9b801325a289b5766fc9dc7a86d4dd0f5 |
23-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Confine mediaserver, but leave it permissive for now. Confine the mediaserver domain, restoring our rules for it, but leave it permissive until sufficient testing has been performed. Change-Id: I3d10ee16f5125b11295bc40ff6f2e14080b4bd00 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ediaserver.te
|
c4a3b51062cfc9eaf38d997b6d6609a7dcf3a3c4 |
23-Oct-2013 |
Nick Kralevich <nnk@google.com> |
sysfs_devices_system_cpu should be a sysfs_type Otherwise the following denials occur on mako: <5>[ 2.494246] type=1400 audit(1382544550.200:4): avc: denied { associate } for pid=1 comm="init" name="time_in_state" dev="sysfs" ino=17444 scontext=u:object_r:sy sfs_devices_system_cpu:s0 tcontext=u:object_r:sysfs:s0 tclass=filesystem <5>[ 2.494735] type=1400 audit(1382544550.200:5): avc: denied { associate } for pid=1 comm="init" name="total_trans" dev="sysfs" ino=17443 scontext=u:object_r:sysf s_devices_system_cpu:s0 tcontext=u:object_r:sysfs:s0 tclass=filesystem <5>[ 2.495162] type=1400 audit(1382544550.200:6): avc: denied { associate } for pid=1 comm="init" name="stats" dev="sysfs" ino=17442 scontext=u:object_r:sysfs_devi ces_system_cpu:s0 tcontext=u:object_r:sysfs:s0 tclass=filesystem <5>[ 2.495620] type=1400 audit(1382544550.200:7): avc: denied { associate } for pid=1 comm="init" name="scaling_governor" dev="sysfs" ino=17435 scontext=u:object_r :sysfs_devices_system_cpu:s0 tcontext=u:object_r:sysfs:s0 tclass=filesystem <5>[ 2.496047] type=1400 audit(1382544550.200:8): avc: denied { associate } for pid=1 comm="init" name="cpuinfo_transition_latency" dev="sysfs" ino=17429 scontext= u:object_r:sysfs_devices_system_cpu:s0 tcontext=u:object_r:sysfs:s0 tclass=filesystem <5>[ 2.496505] type=1400 audit(1382544550.200:9): avc: denied { associate } for pid=1 comm="init" name="scaling_available_frequencies" dev="sysfs" ino=17439 sconte xt=u:object_r:sysfs_devices_system_cpu:s0 tcontext=u:object_r:sysfs:s0 tclass=filesystem <5>[ 2.496963] type=1400 audit(1382544550.200:10): avc: denied { associate } for pid=1 comm="init" name="scaling_driver" dev="sysfs" ino=17436 scontext=u:object_r: sysfs_devices_system_cpu:s0 tcontext=u:object_r:sysfs:s0 tclass=filesystem Change-Id: I584a1cf61cb871a38be4d3b308cef03e64cfda8e
ile.te
|
9e993b56d5d47945efda930b0f5620434d6ed5e8 |
23-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am d29f0ddb: am 77828e1e: am d7fd22e6: Confine bluetooth app. * commit 'd29f0ddb42f4d7f1bbc433c57161461ad47d9fb3': Confine bluetooth app.
|
d29f0ddb42f4d7f1bbc433c57161461ad47d9fb3 |
23-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 77828e1e: am d7fd22e6: Confine bluetooth app. * commit '77828e1e80651dc5c27004f8cfc936047548a682': Confine bluetooth app.
|
77828e1e80651dc5c27004f8cfc936047548a682 |
23-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am d7fd22e6: Confine bluetooth app. * commit 'd7fd22e601293ffae0de2166b226adbae1f7e33e': Confine bluetooth app.
|
5637099a252c7ef647ca22d1d1094d67f54bb916 |
23-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Confine all app domains, but make them permissive for now. As has already been done for untrusted_app, isolated_app, and bluetooth, make all the other domains used for app processes confined while making them permissive until sufficient testing has been done. Change-Id: If55fe7af196636c49d10fc18be2f44669e2626c5 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
edia_app.te
fc.te
latform_app.te
adio.te
elease_app.te
hared_app.te
ystem_app.te
|
d7fd22e601293ffae0de2166b226adbae1f7e33e |
22-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Confine bluetooth app. Remove unconfined_domain() from the bluetooth app domain, restore the rules from our policy, and move the neverallow rule for bluetooth capabilities to bluetooth.te. Make the bluetooth domain permissive again until it has received sufficient testing. Change-Id: I3b3072d76e053eefd3d0e883a4fdb7c333bbfc09 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
luetooth.te
|
f4db65e4d416186c969a0a0a388ca085b30dcccd |
22-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am 4e1bd4c0: am 7511f90c: am 28a711c8: Merge "Move unconfined domains out of permissive mode." * commit '4e1bd4c0d1fe0fa0355402c4fda2c80c3046bd88': Move unconfined domains out of permissive mode.
|
7474e828a4e83d0007d4dcd745773d926d107789 |
22-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am bce96dda: am 285d30e2: am 84d88314: Clarify the expectations for the unconfined template. * commit 'bce96dda5e8961889efea5b1136a34be73c70c43': Clarify the expectations for the unconfined template.
|
4e1bd4c0d1fe0fa0355402c4fda2c80c3046bd88 |
22-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am 7511f90c: am 28a711c8: Merge "Move unconfined domains out of permissive mode." * commit '7511f90ca7f0e3b64507ac94eec54e8ddbcf898f': Move unconfined domains out of permissive mode.
|
bce96dda5e8961889efea5b1136a34be73c70c43 |
22-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am 285d30e2: am 84d88314: Clarify the expectations for the unconfined template. * commit '285d30e283a338c779017f4e8e277102e114f6b7': Clarify the expectations for the unconfined template.
|
7511f90ca7f0e3b64507ac94eec54e8ddbcf898f |
22-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am 28a711c8: Merge "Move unconfined domains out of permissive mode." * commit '28a711c89a1b51d0aaf9baa475994a255cd33f3c': Move unconfined domains out of permissive mode.
|
285d30e283a338c779017f4e8e277102e114f6b7 |
22-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am 84d88314: Clarify the expectations for the unconfined template. * commit '84d88314e0cc7248589904973422dda9e1dbcce4': Clarify the expectations for the unconfined template.
|
28a711c89a1b51d0aaf9baa475994a255cd33f3c |
22-Oct-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Move unconfined domains out of permissive mode."
|
84d88314e0cc7248589904973422dda9e1dbcce4 |
21-Oct-2013 |
Nick Kralevich <nnk@google.com> |
Clarify the expectations for the unconfined template. In https://android-review.googlesource.com/66562 , there was a discussion about the role the unconfined template plays. Document the unconfined template so that those expectations are better understood. Change-Id: I20ac01ac2d4496b8425b6f63d4106e8021bc9b2f
e_macros
nconfined.te
|
353c72e3b0b4d7d729af20f0c9a13c976baa8753 |
21-Oct-2013 |
Nick Kralevich <nnk@google.com> |
Move unconfined domains out of permissive mode. This change removes the permissive line from unconfined domains. Unconfined domains can do (mostly) anything, so moving these domains into enforcing should be a no-op. The following domains were deliberately NOT changed: 1) kernel 2) init In the future, this gives us the ability to tighten up the rules in unconfined, and have those tightened rules actually work. When we're ready to tighten up the rules for these domains, we can: 1) Remove unconfined_domain and re-add the permissive line. 2) Submit the domain in permissive but NOT unconfined. 3) Remove the permissive line 4) Wait a few days and submit the no-permissive change. For instance, if we were ready to do this for adb, we'd identify a list of possible rules which allow adbd to work, re-add the permissive line, and then upload those changes to AOSP. After sufficient testing, we'd then move adb to enforcing. We'd repeat this for each domain until everything is enforcing and out of unconfined. Change-Id: If674190de3262969322fb2e93d9a0e734f8b9245
dbd.te
luetooth.te
latd.te
ebuggerd.te
hcp.te
nsmasq.te
rmserver.te
psd.te
ci_attach.te
ealthd.te
ostapd.te
nit_shell.te
eystore.te
edia_app.te
ediaserver.te
tp.te
fc.te
ing.te
latform_app.te
pp.te
emud.te
acoon.te
adio.te
elease_app.te
ild.te
unas.te
dcardd.te
ervicemanager.te
hared_app.te
u.te
urfaceflinger.te
ystem_app.te
ystem_server.te
ee.te
atchdogd.te
pa_supplicant.te
|
d357d94deaa7e70752592740180f32249083c0d9 |
18-Oct-2013 |
Jeff Sharkey <jsharkey@android.com> |
am 1d5176cd: am 2abfe7d4: Allow vold to invoke blkid, use external ASECs. * commit '1d5176cd91e7f9c634bd5bbef764dd59b786e154': Allow vold to invoke blkid, use external ASECs.
|
1d5176cd91e7f9c634bd5bbef764dd59b786e154 |
18-Oct-2013 |
Jeff Sharkey <jsharkey@android.com> |
am 2abfe7d4: Allow vold to invoke blkid, use external ASECs. * commit '2abfe7d4f72b0265b1dec31e675650c77998f4d6': Allow vold to invoke blkid, use external ASECs.
|
2abfe7d4f72b0265b1dec31e675650c77998f4d6 |
17-Oct-2013 |
Jeff Sharkey <jsharkey@android.com> |
Allow vold to invoke blkid, use external ASECs. Bug: 11175082 Change-Id: Ic1bd15e8729583be199551ec6baeb4acaf46c210
old.te
|
7b5c93a16777c2d1db628302f039a5b7b6392fe8 |
16-Oct-2013 |
William Roberts <wroberts@tresys.com> |
am 060f6fa6: am bc05b53e: am 610a4b1c: tools: update lengths from int to size_t * commit '060f6fa67e1d9779d2d8357659ae530d65171faa': tools: update lengths from int to size_t
|
9d756bb014e1e72e74839224c1b4380027346587 |
16-Oct-2013 |
William Roberts <wroberts@tresys.com> |
am c9c878c7: am d6f7a63a: am 61846291: tools: require that seinfo and packagename be used * commit 'c9c878c79c82b908f1f0fa9c4e69fd9cb86d0a3c': tools: require that seinfo and packagename be used
|
060f6fa67e1d9779d2d8357659ae530d65171faa |
16-Oct-2013 |
William Roberts <wroberts@tresys.com> |
am bc05b53e: am 610a4b1c: tools: update lengths from int to size_t * commit 'bc05b53eb1a2d7aa8a300b2d093beb63a377cdfe': tools: update lengths from int to size_t
|
c9c878c79c82b908f1f0fa9c4e69fd9cb86d0a3c |
16-Oct-2013 |
William Roberts <wroberts@tresys.com> |
am d6f7a63a: am 61846291: tools: require that seinfo and packagename be used * commit 'd6f7a63ab4d2d81650f468125f2c3bddd566fece': tools: require that seinfo and packagename be used
|
bc05b53eb1a2d7aa8a300b2d093beb63a377cdfe |
16-Oct-2013 |
William Roberts <wroberts@tresys.com> |
am 610a4b1c: tools: update lengths from int to size_t * commit '610a4b1c32490ac9f6f7ca0fafba8c182a542934': tools: update lengths from int to size_t
|
d6f7a63ab4d2d81650f468125f2c3bddd566fece |
16-Oct-2013 |
William Roberts <wroberts@tresys.com> |
am 61846291: tools: require that seinfo and packagename be used * commit '61846291746a3a3559f615ef3665312ccd2228c2': tools: require that seinfo and packagename be used
|
610a4b1c32490ac9f6f7ca0fafba8c182a542934 |
16-Oct-2013 |
William Roberts <wroberts@tresys.com> |
tools: update lengths from int to size_t Change-Id: If4839218b200a0d90bdf7779d2e039719fae85a5
ools/check_seapp.c
|
61846291746a3a3559f615ef3665312ccd2228c2 |
15-Oct-2013 |
William Roberts <wroberts@tresys.com> |
tools: require that seinfo and packagename be used Modify check_seapp.c to verify that a packagname (name) must be specified with a signing key (seinfo). This will help thwart spoof attacks on the packagename. Change-Id: I8f1aa8a479cb5beb5c3522d85e3181604931ea72
ools/check_seapp.c
|
07c0ed0ccbd945a0a3f68285b3857ec9047f80cf |
15-Oct-2013 |
William Roberts <wroberts@tresys.com> |
am b180f2fe: am 2f5927bf: am d1f1070a: tools: drop unused field in struct * commit 'b180f2fe91600bacb7538ca31f17cf1aadb4c53c': tools: drop unused field in struct
|
b180f2fe91600bacb7538ca31f17cf1aadb4c53c |
15-Oct-2013 |
William Roberts <wroberts@tresys.com> |
am 2f5927bf: am d1f1070a: tools: drop unused field in struct * commit '2f5927bf981982f037bb924c5dfc11c3feb28a01': tools: drop unused field in struct
|
2f5927bf981982f037bb924c5dfc11c3feb28a01 |
15-Oct-2013 |
William Roberts <wroberts@tresys.com> |
am d1f1070a: tools: drop unused field in struct * commit 'd1f1070acb4f5d29ddc6536126d6834ec418b8f1': tools: drop unused field in struct
|
d1f1070acb4f5d29ddc6536126d6834ec418b8f1 |
15-Oct-2013 |
William Roberts <wroberts@tresys.com> |
tools: drop unused field in struct check_seapp at one point in time switch from a home implementation of a hash table to using GLIBC search.h routines. A struct in one of the fields was never removed during this transition. Change-Id: I65c028103ffe90fa52e0b3c9fce28124ed9c7ff9
ools/check_seapp.c
|
e72e12827c4fbbcd2bcf323d6f4fab794ba50ba2 |
15-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am 8f23c067: Merge "Partially revert 4fc702eccf2c427a44da4b02342250094ab61192." into klp-dev-plus-aosp * commit '8f23c067705416e2eff0be3edbc659609a80d141': Partially revert 4fc702eccf2c427a44da4b02342250094ab61192.
|
8f23c067705416e2eff0be3edbc659609a80d141 |
15-Oct-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Partially revert 4fc702eccf2c427a44da4b02342250094ab61192." into klp-dev-plus-aosp
|
c1942ffddea0b97b3cbc805a88a30b5a682d6566 |
15-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am 5cd1603d: Merge "Remove duplicate allow rule." into klp-dev-plus-aosp * commit '5cd1603d101419bad389ba5a430b5f05a6fb7923': Remove duplicate allow rule.
|
5cd1603d101419bad389ba5a430b5f05a6fb7923 |
15-Oct-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Remove duplicate allow rule." into klp-dev-plus-aosp
|
1764a329305df5772316f9d9ca32650cb5a4c02f |
15-Oct-2013 |
William Roberts <wroberts@tresys.com> |
am 7090bf74: am 37928771: am 14138335: tools: Strengthen BEGIN/END CERTIFICATE checks * commit '7090bf749560e35a5cbe8ed04352cca774938e50': tools: Strengthen BEGIN/END CERTIFICATE checks
|
7090bf749560e35a5cbe8ed04352cca774938e50 |
15-Oct-2013 |
William Roberts <wroberts@tresys.com> |
am 37928771: am 14138335: tools: Strengthen BEGIN/END CERTIFICATE checks * commit '3792877106ca2ab039a9531420fdb46f5f1d084f': tools: Strengthen BEGIN/END CERTIFICATE checks
|
3792877106ca2ab039a9531420fdb46f5f1d084f |
15-Oct-2013 |
William Roberts <wroberts@tresys.com> |
am 14138335: tools: Strengthen BEGIN/END CERTIFICATE checks * commit '14138335bd3c7204d5bff4690ffa2314dd4a0a9e': tools: Strengthen BEGIN/END CERTIFICATE checks
|
14138335bd3c7204d5bff4690ffa2314dd4a0a9e |
15-Oct-2013 |
William Roberts <wroberts@tresys.com> |
tools: Strengthen BEGIN/END CERTIFICATE checks insertkeys.py used beginswith() when checking that the BEGIN and END CERTIFICATE clauses in PEM files were correct. It should have done an explicit check on equality. Change-Id: I5efb48d180bc674e6281a26a955acd248588b8bd
ools/insertkeys.py
|
d045e564aa17997e9fc222d689597b54a6ee101f |
14-Oct-2013 |
Nick Kralevich <nnk@google.com> |
Partially revert 4fc702eccf2c427a44da4b02342250094ab61192. It's questionable whether this change is actually needed, and it only affects one user (who's /data partition was created oddly). Revert it for now (in master) to see if we get more reports of this bug. Bug: 11149726 Change-Id: I9b5408306b55653b2b9d43e68e7c771b72662649
old.te
|
c0c3c4aa8dba75a1b26ca9bccb34f8efaabb8944 |
14-Oct-2013 |
Nick Kralevich <nnk@google.com> |
Remove duplicate allow rule. "allow system apk_private_tmp_file:file relabelto" was already added as part of 217f8afc188d4e1f393b0fa36a7dda2d6e0273ca (https://android-review.googlesource.com/64890) and was added again as part of commit 81ee5898526dded3db7d502a45032018843a6076. It should not be here twice. Change-Id: Ia7515f72ee6d9579ba52d72fcb0754733a2f6c27
ystem_server.te
|
3aa84e636237cc8960ad0fd0039fb110013463ca |
11-Oct-2013 |
Mike Palmiotto <mpalmiotto@tresys.com> |
am d6785b7d: am f84a8ca7: am 070c01f8: tools: Don\'t error out of insertkeys script on whitespace * commit 'd6785b7d5f175da1f534e094f366b83986836900': tools: Don't error out of insertkeys script on whitespace
|
d6785b7d5f175da1f534e094f366b83986836900 |
11-Oct-2013 |
Mike Palmiotto <mpalmiotto@tresys.com> |
am f84a8ca7: am 070c01f8: tools: Don\'t error out of insertkeys script on whitespace * commit 'f84a8ca750b8914e2cb239cca5fdc02e83f27c0f': tools: Don't error out of insertkeys script on whitespace
|
f84a8ca750b8914e2cb239cca5fdc02e83f27c0f |
11-Oct-2013 |
Mike Palmiotto <mpalmiotto@tresys.com> |
am 070c01f8: tools: Don\'t error out of insertkeys script on whitespace * commit '070c01f8f133dfc0da82beca6f747b679d27f904': tools: Don't error out of insertkeys script on whitespace
|
070c01f8f133dfc0da82beca6f747b679d27f904 |
10-Oct-2013 |
Mike Palmiotto <mpalmiotto@tresys.com> |
tools: Don't error out of insertkeys script on whitespace Many keys end with whitespace or otherwise have whitespace separating the certificates. If insertkeys is intended to support multiple certificates, we should also support blank line separators. Change-Id: I5fd17be5785ad1b89a6191e9ba33bbc7c5a4e8e9
ools/insertkeys.py
|
85824fb8b162988a0793f5f8530fc80f36007f89 |
10-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am 81ee5898: resolved conflicts for merge of 4fc702ec to klp-dev-plus-aosp * commit '81ee5898526dded3db7d502a45032018843a6076': DO NOT MERGE Fix denials seen during device upgrade.
|
81ee5898526dded3db7d502a45032018843a6076 |
10-Oct-2013 |
Nick Kralevich <nnk@google.com> |
resolved conflicts for merge of 4fc702ec to klp-dev-plus-aosp Change-Id: I10d26e6ed6d129c9fef27d0d0c2610d21e6442dd
|
a7b30d9210f62d51978ffd0a89204102e3c5d3f0 |
10-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am 90a9ecb1: am 0317003d: am 0b8c20e7: Allow apps to use the USB Accessory functionality * commit '90a9ecb1569fb560a74d0cd2960912cc871e9785': Allow apps to use the USB Accessory functionality
|
90a9ecb1569fb560a74d0cd2960912cc871e9785 |
10-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am 0317003d: am 0b8c20e7: Allow apps to use the USB Accessory functionality * commit '0317003ddd77c46798319d78599b858c7d7c4ec0': Allow apps to use the USB Accessory functionality
|
0317003ddd77c46798319d78599b858c7d7c4ec0 |
10-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am 0b8c20e7: Allow apps to use the USB Accessory functionality * commit '0b8c20e7ddce7cf791447f15be540ee2d0a6bfb2': Allow apps to use the USB Accessory functionality
|
0b8c20e7ddce7cf791447f15be540ee2d0a6bfb2 |
09-Oct-2013 |
Nick Kralevich <nnk@google.com> |
Allow apps to use the USB Accessory functionality Apps may need to access the USB Accessory interface, which involves reads / writes / etc to /dev/usb_accessory and /dev/bus/usb/* See http://developer.android.com/guide/topics/connectivity/usb/accessory.html for more information. This addresses the following denials: [ 80.075727] type=1400 audit(1379351306.384:9): avc: denied { read write } for pid=496 comm="Binder_1" path="/dev/usb_accessory" dev=tmpfs ino=5320 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:usbaccessory_device:s0 tclass=chr_file [ 86.204387] type=1400 audit(1379304688.579:10): avc: denied { getattr } for pid=1750 comm="Thread-126" path="/dev/usb_accessory" dev=tmpfs ino=5320 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:usbaccessory_device:s0 tclass=chr_file [ 2773.581032] type=1400 audit(1379307375.959:22): avc: denied { read write } for pid=761 comm="Binder_A" path="/dev/bus/usb/002/002" dev=tmpfs ino=12862 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:usb_device:s0 tclass=chr_file [ 2773.590843] type=1400 audit(1379307375.969:23): avc: denied { getattr } for pid=5481 comm="android.app" path="/dev/bus/usb/002/002" dev=tmpfs ino=12862 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:usb_device:s0 tclass=chr_file [ 2773.591111] type=1400 audit(1379307375.969:24): avc: denied { ioctl } for pid=5481 comm="android.app" path="/dev/bus/usb/002/002" dev=tmpfs ino=12862 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:usb_device:s0 tclass=chr_file Bug: 10780497 Change-Id: I9663222f7a75dcbf3c42788a5b8eac45e69e00bb
pp.te
|
4fc702eccf2c427a44da4b02342250094ab61192 |
10-Oct-2013 |
Geremy Condra <gcondra@google.com> |
DO NOT MERGE Fix denials seen during device upgrade. Fixes: denied { relabelto } for pid=721 comm="PackageManager" name="vmdl-112554949.tmp" dev="mmcblk0p30" ino=712747 scontext=u:r:system:s0 tcontext=u:object_r:apk_private_tmp_file:s0 tclass=file denied { create } for pid=240 comm="vold" name="smdl2tmp1.asec" scontext=u:r:vold:s0 tcontext=u:object_r:system_data_file:s0 tclass=file Bug: 11149726 Change-Id: Iddc7592c757375a961f0d392c27622073c141b36
ystem.te
old.te
|
799d52ae5c78df697d128c272878bae6d1d9691b |
09-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am a77a2f70: am 7445b801: am ce90fc4f: Merge "tools: Correct insert keys behavior on pem files" * commit 'a77a2f701371d52418f6c5eebe94a018b0f581bc': tools: Correct insert keys behavior on pem files
|
57dc9204ca71636bb34834a519a1709aff42227a |
09-Oct-2013 |
Ed Heyl <edheyl@google.com> |
am 6fe5975a: am a5d0ac44: merge in KQS81M * commit '6fe5975a61613ccfefe4609f02c0764ae11d2cdd': Switch installd to use r_dir_perms for download_file dirs. Fix bug report notification not showing up. Give Zygote the ability to write app data files. Add the ability to write shell files to the untrusted_app domain.
|
a77a2f701371d52418f6c5eebe94a018b0f581bc |
09-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am 7445b801: am ce90fc4f: Merge "tools: Correct insert keys behavior on pem files" * commit '7445b801614613f9476adac30f4a501ad77d44e1': tools: Correct insert keys behavior on pem files
|
7445b801614613f9476adac30f4a501ad77d44e1 |
09-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am ce90fc4f: Merge "tools: Correct insert keys behavior on pem files" * commit 'ce90fc4fe83283d16b22ab85eeed25e983ecffc0': tools: Correct insert keys behavior on pem files
|
ce90fc4fe83283d16b22ab85eeed25e983ecffc0 |
09-Oct-2013 |
Nick Kralevich <nnk@google.com> |
Merge "tools: Correct insert keys behavior on pem files"
|
3fe914149361c6fe8de39e7a9fdf2ffa4ba0ddce |
09-Oct-2013 |
William Roberts <wroberts@tresys.com> |
am 143d04ce: am 70479ab3: am 85c5fc21: Start confining ueventd * commit '143d04cee777cb5b382c2d32298daef01b7eaa50': Start confining ueventd
|
6fe5975a61613ccfefe4609f02c0764ae11d2cdd |
09-Oct-2013 |
Ed Heyl <edheyl@google.com> |
am a5d0ac44: merge in KQS81M * commit 'a5d0ac440b7b0cdc84d8ad6b9c9451b4042f7b48': Switch installd to use r_dir_perms for download_file dirs. Fix bug report notification not showing up. Give Zygote the ability to write app data files. Add the ability to write shell files to the untrusted_app domain.
|
a5d0ac440b7b0cdc84d8ad6b9c9451b4042f7b48 |
09-Oct-2013 |
Ed Heyl <edheyl@google.com> |
merge in KQS81M
|
143d04cee777cb5b382c2d32298daef01b7eaa50 |
08-Oct-2013 |
William Roberts <wroberts@tresys.com> |
am 70479ab3: am 85c5fc21: Start confining ueventd * commit '70479ab3aa17a07e718710cea691828eec435d31': Start confining ueventd
|
70479ab3aa17a07e718710cea691828eec435d31 |
08-Oct-2013 |
William Roberts <wroberts@tresys.com> |
am 85c5fc21: Start confining ueventd * commit '85c5fc21c8a6259ec74686d62cf2c9a3fe01a56e': Start confining ueventd
|
1ecb4e8ad15a44347e0a2460c204d819e4ebd269 |
07-Oct-2013 |
William Roberts <wroberts@tresys.com> |
tools: Correct insert keys behavior on pem files Insert keys would erroneously process pem files with openssl headers in them. Also, the tool would be fooled into attempting to use pem files that had private keys and other things in the format. This patch strengthens the formatting requirements and increases the verboseness of error messages when processing pem files. Change-Id: I03353faaa641233a000d1a18943024ae47c63e0f
ools/insertkeys.py
|
85c5fc21c8a6259ec74686d62cf2c9a3fe01a56e |
06-Oct-2013 |
William Roberts <wroberts@tresys.com> |
Start confining ueventd * Keep ueventd in permissive * Drop unconfined macro to collect logs * Restore allow rules to current NSA maintained policy Change-Id: Ic4ee8e24ccd8887fed151ae1e4f197512849f57b
omain.te
eventd.te
|
1bef4a40aef36a9738cfc07f4989cdf0277db27c |
04-Oct-2013 |
William Roberts <wroberts@tresys.com> |
am e6b44e8a: am 6d9ed201: am ec7d39ba: Introduce controls on wake lock interface * commit 'e6b44e8a6bfb9db9d8e01d94a65c54c23a2f0088': Introduce controls on wake lock interface
|
e6b44e8a6bfb9db9d8e01d94a65c54c23a2f0088 |
04-Oct-2013 |
William Roberts <wroberts@tresys.com> |
am 6d9ed201: am ec7d39ba: Introduce controls on wake lock interface * commit '6d9ed201f52eee9e7fbdd13c916d80481444ba09': Introduce controls on wake lock interface
|
6d9ed201f52eee9e7fbdd13c916d80481444ba09 |
04-Oct-2013 |
William Roberts <wroberts@tresys.com> |
am ec7d39ba: Introduce controls on wake lock interface * commit 'ec7d39ba168a5b620e6bb526f316581acc5c1238': Introduce controls on wake lock interface
|
91f42aa19678dbf72165fd7a445f4c34a047acaa |
04-Oct-2013 |
Alex Klyubin <klyubin@google.com> |
am 173a1492: am 2e9e1f6c: am 8d688315: Restrict access to /dev/hw_random to system_server and init. * commit '173a14928843ac20cb39bf9268e8e775b34a4ad7': Restrict access to /dev/hw_random to system_server and init.
|
ec7d39ba168a5b620e6bb526f316581acc5c1238 |
29-Sep-2013 |
William Roberts <wroberts@tresys.com> |
Introduce controls on wake lock interface Change-Id: Ie0ee266e9e6facb2ab2abd652f68765239a41af1
ile.te
ile_contexts
ild.te
ystem_server.te
|
173a14928843ac20cb39bf9268e8e775b34a4ad7 |
04-Oct-2013 |
Alex Klyubin <klyubin@google.com> |
am 2e9e1f6c: am 8d688315: Restrict access to /dev/hw_random to system_server and init. * commit '2e9e1f6cf4beeb35704f4e2f623e961c9be6261b': Restrict access to /dev/hw_random to system_server and init.
|
2e9e1f6cf4beeb35704f4e2f623e961c9be6261b |
04-Oct-2013 |
Alex Klyubin <klyubin@google.com> |
am 8d688315: Restrict access to /dev/hw_random to system_server and init. * commit '8d688315aeb053eadc2606badbe4ce52899bb694': Restrict access to /dev/hw_random to system_server and init.
|
8d688315aeb053eadc2606badbe4ce52899bb694 |
03-Oct-2013 |
Alex Klyubin <klyubin@google.com> |
Restrict access to /dev/hw_random to system_server and init. /dev/hw_random is accessed only by init and by EntropyMixer (which runs inside system_server). Other domains are denied access because apps/services should be obtaining randomness from the Linux RNG. Change-Id: Ifde851004301ffd41b2189151a64a0c5989c630f
evice.te
omain.te
ile_contexts
ystem_server.te
|
278b298805498aa9605b9198c368cc7ca2658cd8 |
03-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am e486359e: am 618f88cf: am 109f9e62: Merge "Restore netdomain allow rules." * commit 'e486359e4f94693c5bf2ba345e13bc4fd810eb02': Restore netdomain allow rules.
|
e740c195252858786b25ac7976101c023dcb4906 |
03-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am c315a28f: am 69439560: am ede81a8a: Merge "Except the shell domain from the transition neverallow rule." * commit 'c315a28f2c456191b18f702c2e6e7e2c44f45b5f': Except the shell domain from the transition neverallow rule.
|
e486359e4f94693c5bf2ba345e13bc4fd810eb02 |
03-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am 618f88cf: am 109f9e62: Merge "Restore netdomain allow rules." * commit '618f88cf39c8f524c6db2d6485d99ac44805149e': Restore netdomain allow rules.
|
c315a28f2c456191b18f702c2e6e7e2c44f45b5f |
03-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am 69439560: am ede81a8a: Merge "Except the shell domain from the transition neverallow rule." * commit '6943956063e07303192a80fe156acfa67c82087d': Except the shell domain from the transition neverallow rule.
|
618f88cf39c8f524c6db2d6485d99ac44805149e |
03-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am 109f9e62: Merge "Restore netdomain allow rules." * commit '109f9e62b4672b941720d3e1a5595f1835be8515': Restore netdomain allow rules.
|
6943956063e07303192a80fe156acfa67c82087d |
03-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am ede81a8a: Merge "Except the shell domain from the transition neverallow rule." * commit 'ede81a8aebfa93e7aa82961e6aed1b0114a36dc6': Except the shell domain from the transition neverallow rule.
|
109f9e62b4672b941720d3e1a5595f1835be8515 |
03-Oct-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Restore netdomain allow rules."
|
ede81a8aebfa93e7aa82961e6aed1b0114a36dc6 |
03-Oct-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Except the shell domain from the transition neverallow rule."
|
1da1b7f8aa2aa09bc7d99be76e43747ca7e3b6ed |
02-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am ac2001fa: am de1d2829: am 55540755: Label adb keys file and allow access to it. * commit 'ac2001faee06cc1043cd1705dc2a74890215fc73': Label adb keys file and allow access to it.
|
ac2001faee06cc1043cd1705dc2a74890215fc73 |
02-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am de1d2829: am 55540755: Label adb keys file and allow access to it. * commit 'de1d282952bddf67b755e485100e30d2d2264078': Label adb keys file and allow access to it.
|
de1d282952bddf67b755e485100e30d2d2264078 |
02-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 55540755: Label adb keys file and allow access to it. * commit '55540755bc2f95ec3e0fb941a9e98dbf8aa24e7f': Label adb keys file and allow access to it.
|
55540755bc2f95ec3e0fb941a9e98dbf8aa24e7f |
30-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Label adb keys file and allow access to it. The /adb_keys entry will only take effect if a restorecon is applied by init.rc on a kernel that includes the rootfs labeling support, but does no harm otherwise. The /data/misc/adb labeling ensures correct labeling of the adb_keys file created if the device has ro.adb.secure=1 set. Allow adbd to read the file. Change-Id: I97b3d86a69681330bba549491a2fb39df6cf20ef Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
dbd.te
ile.te
ile_contexts
|
ca0759b1750cdc7f5c47fdde5557d6684e185d17 |
30-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Restore netdomain allow rules. Change I4be1c987a5d69ac784a56d42fc2c9063c402de11 removed all netdomain allow rules at the same time domains were made unconfined. Prior to that change, any domain that used the net_domain() macro would be granted permissions required to use the network via these rules. The change made the netdomain attribute unused in any rules, thereby rendering the net_domain() calls pointless and requiring the allow rules to be duplicated for any domain requiring network access. There are two ways to resolve this inconsistency: 1. Restore the netdomain rules as in this change. In that case, some rules in app.te can be removed as they are redundant with these rules. -or- 2. Completely remove the netdomain attribute, the net_domain() macro, and all calls to it. In that case, each domain that requires network access will need to duplicate these rules or the necessary subset in order to function. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Change-Id: Ia54f0cd0bbda5c510423b1046626bd50f79ed7b6
et.te
|
57085446eb49777189123a994884f76b8491ed26 |
30-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Except the shell domain from the transition neverallow rule. Shell domain can transition to other domains for runas, ping, etc. Change-Id: If9aabb4f51346dc00a89d03efea25499505f278d Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
|
d0e87be534baf7a44a875c46c156ec1dd009eda7 |
28-Sep-2013 |
Nick Kralevich <nnk@google.com> |
am aa1aee2b: am 3d33b1e6: am 513fb85c: Merge "Label and allow access to /data/system/ndebugsocket." * commit 'aa1aee2b72bd062e089c38cf4296aabf38de5f4c': Label and allow access to /data/system/ndebugsocket.
|
aa1aee2b72bd062e089c38cf4296aabf38de5f4c |
28-Sep-2013 |
Nick Kralevich <nnk@google.com> |
am 3d33b1e6: am 513fb85c: Merge "Label and allow access to /data/system/ndebugsocket." * commit '3d33b1e659c8ce6d475ce6f22d57797f31be32a4': Label and allow access to /data/system/ndebugsocket.
|
3d33b1e659c8ce6d475ce6f22d57797f31be32a4 |
28-Sep-2013 |
Nick Kralevich <nnk@google.com> |
am 513fb85c: Merge "Label and allow access to /data/system/ndebugsocket." * commit '513fb85cddf396c767213ddd01da8b0389463967': Label and allow access to /data/system/ndebugsocket.
|
513fb85cddf396c767213ddd01da8b0389463967 |
28-Sep-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Label and allow access to /data/system/ndebugsocket."
|
8dd6ce6a3caebacb9d43458e8604c7b033c04957 |
28-Sep-2013 |
Nick Kralevich <nnk@google.com> |
am e2b8d501: am 1c34197b: am 10f3c370: Merge "Make sure exec_type is assigned to all entrypoint types." * commit 'e2b8d50151bb6c51a1e6652c091a2d307f4d5417': Make sure exec_type is assigned to all entrypoint types.
|
e2b8d50151bb6c51a1e6652c091a2d307f4d5417 |
28-Sep-2013 |
Nick Kralevich <nnk@google.com> |
am 1c34197b: am 10f3c370: Merge "Make sure exec_type is assigned to all entrypoint types." * commit '1c34197beb7db26d20b8f03cf502f2da4237bb73': Make sure exec_type is assigned to all entrypoint types.
|
1c34197beb7db26d20b8f03cf502f2da4237bb73 |
28-Sep-2013 |
Nick Kralevich <nnk@google.com> |
am 10f3c370: Merge "Make sure exec_type is assigned to all entrypoint types." * commit '10f3c37097019a13064e0b7b765f1c1d7ed8f596': Make sure exec_type is assigned to all entrypoint types.
|
10f3c37097019a13064e0b7b765f1c1d7ed8f596 |
28-Sep-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Make sure exec_type is assigned to all entrypoint types."
|
66f371423eb635c5e03aacabec36fcc5ddc9118b |
27-Sep-2013 |
Geremy Condra <gcondra@google.com> |
am 2a657bc9: am fe45b927: am 5c947234: Merge "Expand the set of neverallow rules applied to app domains." * commit '2a657bc941f529aa38e112f2bb0197687d17c330': Expand the set of neverallow rules applied to app domains.
|
2a657bc941f529aa38e112f2bb0197687d17c330 |
27-Sep-2013 |
Geremy Condra <gcondra@google.com> |
am fe45b927: am 5c947234: Merge "Expand the set of neverallow rules applied to app domains." * commit 'fe45b9277b62beb2a399f2511d588f3cd8095a11': Expand the set of neverallow rules applied to app domains.
|
fe45b9277b62beb2a399f2511d588f3cd8095a11 |
27-Sep-2013 |
Geremy Condra <gcondra@google.com> |
am 5c947234: Merge "Expand the set of neverallow rules applied to app domains." * commit '5c9472342b06719fa5b7269aa60d9c1d3ee2ff98': Expand the set of neverallow rules applied to app domains.
|
5c9472342b06719fa5b7269aa60d9c1d3ee2ff98 |
27-Sep-2013 |
Geremy Condra <gcondra@google.com> |
Merge "Expand the set of neverallow rules applied to app domains."
|
2a273ad2c50b255985a71e92898ac9224a9d2bd7 |
27-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Expand the set of neverallow rules applied to app domains. This change synchronizes the AOSP set of neverallow rules for app domains with our own. However, as we exclude unconfineddomain from each neverallow rule, it causes no breakage in the AOSP policy. As app domains are confined, you will need to either adjust the app domain or the neverallow rule according to your preference. But our policy builds with all of these applied with all app domains confined. Change-Id: I00163d46a6ca3a87e3d742d90866300f889a0b11 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
|
45ba665cfcc5c2fc3242a013e6070c2bed860b0a |
27-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Label and allow access to /data/system/ndebugsocket. Otherwise it defaults to the label of /data/system and cannot be distinguished from any other socket in that directory. Also adds allow rule required for pre-existing wpa_socket transition to function without unconfined_domain. Change-Id: I57179aa18786bd56d247f397347e546cca978e41 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ebuggerd.te
ile.te
ystem_server.te
|
e2deca378dab20754ec829d998f6a4287b835610 |
27-Sep-2013 |
Geremy Condra <gcondra@google.com> |
am e89c0004: am 9d42f07e: am 42c7357e: Merge "Isolate untrusted app ptys from other domains." * commit 'e89c0004e42d0d6f1b2984abd59aa557ccba9d16': Isolate untrusted app ptys from other domains.
|
e89c0004e42d0d6f1b2984abd59aa557ccba9d16 |
27-Sep-2013 |
Geremy Condra <gcondra@google.com> |
am 9d42f07e: am 42c7357e: Merge "Isolate untrusted app ptys from other domains." * commit '9d42f07ed78089fe12a788dfe85b3302734b0d51': Isolate untrusted app ptys from other domains.
|
c4b9d38c0c9f37ed6c6d84e99255879b085f4689 |
27-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am c444bdf3: am 460455c6: am b0712c1e: Remove /data/local/tmp/selinux entry. * commit 'c444bdf34c67c225d7c55c3811b070983d82c6ab': Remove /data/local/tmp/selinux entry.
|
9d42f07ed78089fe12a788dfe85b3302734b0d51 |
27-Sep-2013 |
Geremy Condra <gcondra@google.com> |
am 42c7357e: Merge "Isolate untrusted app ptys from other domains." * commit '42c7357e9c6a1a59c283fa1b99488ea537617f09': Isolate untrusted app ptys from other domains.
|
c444bdf34c67c225d7c55c3811b070983d82c6ab |
27-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 460455c6: am b0712c1e: Remove /data/local/tmp/selinux entry. * commit '460455c681166c3e4cadbe65cc320c8adf22c2fe': Remove /data/local/tmp/selinux entry.
|
42c7357e9c6a1a59c283fa1b99488ea537617f09 |
27-Sep-2013 |
Geremy Condra <gcondra@google.com> |
Merge "Isolate untrusted app ptys from other domains."
|
460455c681166c3e4cadbe65cc320c8adf22c2fe |
27-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am b0712c1e: Remove /data/local/tmp/selinux entry. * commit 'b0712c1e65b3007675952a9f8a9a123734051245': Remove /data/local/tmp/selinux entry.
|
0130154985aa5042b9e40c45fe60492e40004761 |
27-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make sure exec_type is assigned to all entrypoint types. Some file types used as domain entrypoints were missing the exec_type attribute. Add it and add a neverallow rule to keep it that way. Change-Id: I7563f3e03940a27ae40ed4d6bb74181c26148849 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
omain.te
ing.te
unas.te
hell.te
u.te
u_user.te
|
b0712c1e65b3007675952a9f8a9a123734051245 |
27-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Remove /data/local/tmp/selinux entry. Change-Id I027f76cff6df90e9909711cb81fbd17db95233c1 added a /data/local/tmp/selinux entry at the same time domains were made permissive. I do not know why, and do not see how this is used. So remove it. Change-Id: I3218cc18de9781bc65ae403f2cf4c234847ef5f5 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ile_contexts
|
2dc4acf33b78284f514fe9a6c5102cc783c4309f |
27-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Isolate untrusted app ptys from other domains. Add a create_pty() macro that allows a domain to create and use its own ptys, isolated from the ptys of any other domain, and use that macro for untrusted_app. This permits the use of a pty by apps without opening up access to ptys created by any other domain on the system. Change-Id: I5d96ce4d1b26073d828e13eb71c48d1e14ce7d6b Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
e_macros
ntrusted_app.te
|
4aa824f91074c94c895ef8b6d479e3a14fd70196 |
26-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am ca3711d2: am 10b9bbc2: am 189558f6: Remove legacy entries from crespo (Nexus S). * commit 'ca3711d27cbd91eb43479d1b933afb2261fde6a3': Remove legacy entries from crespo (Nexus S).
|
ca3711d27cbd91eb43479d1b933afb2261fde6a3 |
26-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 10b9bbc2: am 189558f6: Remove legacy entries from crespo (Nexus S). * commit '10b9bbc2552b93894a850308606ae984db496ed9': Remove legacy entries from crespo (Nexus S).
|
10b9bbc2552b93894a850308606ae984db496ed9 |
26-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 189558f6: Remove legacy entries from crespo (Nexus S). * commit '189558f64affb73b554b568db90d62eb7d2a9ada': Remove legacy entries from crespo (Nexus S).
|
189558f64affb73b554b568db90d62eb7d2a9ada |
26-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Remove legacy entries from crespo (Nexus S). These device nodes were specific to crespo / Nexus S and if ever needed again, should be re-introduced in the per-device sepolicy, not here. Change-Id: I8366de83967974122c33937f470d586d49c34652 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ile_contexts
|
5f9688237de41f16f714f0adbafcf1c4a68e3676 |
23-Sep-2013 |
Nick Kralevich <nnk@google.com> |
am 268a612e: am d1083bf2: am e9c4181b: zygote.te: fix comment. * commit '268a612e20f7d54e88562b7fe47441f40212e1f8': zygote.te: fix comment.
|
268a612e20f7d54e88562b7fe47441f40212e1f8 |
23-Sep-2013 |
Nick Kralevich <nnk@google.com> |
am d1083bf2: am e9c4181b: zygote.te: fix comment. * commit 'd1083bf2103290df376ef67d3108d4cbfb59e392': zygote.te: fix comment.
|
3bd30fd7de1b75e93243e4dc363bfeffa1f516df |
23-Sep-2013 |
Nick Kralevich <nnk@google.com> |
am cccfa173: am 882d09db: am 199fc73f: Revert "Give Zygote the ability to write app data files." * commit 'cccfa17336e78334803f3aa9bfc4b5a1ca2d0d1a': Revert "Give Zygote the ability to write app data files."
|
d1083bf2103290df376ef67d3108d4cbfb59e392 |
23-Sep-2013 |
Nick Kralevich <nnk@google.com> |
am e9c4181b: zygote.te: fix comment. * commit 'e9c4181b1c8ba06df415f8d5d6abf30e7d27b731': zygote.te: fix comment.
|
cccfa17336e78334803f3aa9bfc4b5a1ca2d0d1a |
23-Sep-2013 |
Nick Kralevich <nnk@google.com> |
am 882d09db: am 199fc73f: Revert "Give Zygote the ability to write app data files." * commit '882d09db04c4d4e13b45822c6d97b4cb03233af9': Revert "Give Zygote the ability to write app data files."
|
882d09db04c4d4e13b45822c6d97b4cb03233af9 |
23-Sep-2013 |
Nick Kralevich <nnk@google.com> |
am 199fc73f: Revert "Give Zygote the ability to write app data files." * commit '199fc73f79d429881fa6c8dc39051cfeb4b337ea': Revert "Give Zygote the ability to write app data files."
|
e9c4181b1c8ba06df415f8d5d6abf30e7d27b731 |
20-Sep-2013 |
Nick Kralevich <nnk@google.com> |
zygote.te: fix comment. per the discussion in https://android-review.googlesource.com/#/c/65063/1/zygote.te adjust the comment in this file. Change-Id: I8db31e22ec34493442bc8e86bcd0bc0136b7bae4
ygote.te
|
199fc73f79d429881fa6c8dc39051cfeb4b337ea |
20-Sep-2013 |
Nick Kralevich <nnk@google.com> |
Revert "Give Zygote the ability to write app data files." This was a mistaken attempt to fix bug 10498304, but it didn't actually have any impact. Revert. This reverts commit fc2bd01b601b00bf682c313d1e859d86ce030b67. Bug: 10498304
ygote.te
|
112d0187929a542bfe07d35293bee49cfbddfdc3 |
20-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am e20eaf80: am f724333b: am 7aba0bc4: Allow file types to be associated with the rootfs. * commit 'e20eaf8019b25baddc1902a9ff56ad5936f57ba4': Allow file types to be associated with the rootfs.
|
c9dfa0e91c274e4235be16f769384264e004f23d |
20-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 1735cb99: am 8bc57c8d: am 567ee411: Label /dev/socket/gps with its own type. * commit '1735cb99fee44bdd1c421a40b8627388d8a734d0': Label /dev/socket/gps with its own type.
|
e20eaf8019b25baddc1902a9ff56ad5936f57ba4 |
20-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am f724333b: am 7aba0bc4: Allow file types to be associated with the rootfs. * commit 'f724333b9b8c6fb97e09c1e963dbb948c031da43': Allow file types to be associated with the rootfs.
|
f724333b9b8c6fb97e09c1e963dbb948c031da43 |
20-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 7aba0bc4: Allow file types to be associated with the rootfs. * commit '7aba0bc425a993cf16f87988adeaaa77f805db5e': Allow file types to be associated with the rootfs.
|
7aba0bc425a993cf16f87988adeaaa77f805db5e |
10-May-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow file types to be associated with the rootfs. This is now possible due to the kernel change to support setting security contexts on rootfs inodes. Change-Id: I2a9aac1508eceabb92c3ae8eb5c63a16b28dda6f Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ile.te
|
82094441de842f6ab47b5c07c12b797711838958 |
20-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 65d1a095: am c41dd963: am 4caf8c99: Label /dev/socket/mdns with its own type. * commit '65d1a095261ac3ce3c4515f0314e06b67e93cdc9': Label /dev/socket/mdns with its own type.
|
1735cb99fee44bdd1c421a40b8627388d8a734d0 |
20-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 8bc57c8d: am 567ee411: Label /dev/socket/gps with its own type. * commit '8bc57c8d6dc9d913c8fae4b931524ba0edf412db': Label /dev/socket/gps with its own type.
|
8bc57c8d6dc9d913c8fae4b931524ba0edf412db |
20-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 567ee411: Label /dev/socket/gps with its own type. * commit '567ee4116e0a7f842862bfc35d97f2fb9fe082a0': Label /dev/socket/gps with its own type.
|
567ee4116e0a7f842862bfc35d97f2fb9fe082a0 |
20-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Label /dev/socket/gps with its own type. The type was already defined and used in type transitions for cases where the gps socket is created at runtime by gpsd, but on some devices it is created by init based on an init.<board>.rc socket entry and therefore needs a file_contexts entry. Before: $ ls -Z /dev/socket/gps srw-rw---- gps system u:object_r:device:s0 gps After: $ ls -Z /dev/socket/gps srw-rw---- gps system u:object_r:gps_socket:s0 gps Change-Id: I8eef08d80e965fc4f3e9dd09d4fa446aaed82624 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ile_contexts
|
65d1a095261ac3ce3c4515f0314e06b67e93cdc9 |
19-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am c41dd963: am 4caf8c99: Label /dev/socket/mdns with its own type. * commit 'c41dd963fb5ec521d7d2d557d8df00be30fc02ad': Label /dev/socket/mdns with its own type.
|
c41dd963fb5ec521d7d2d557d8df00be30fc02ad |
19-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 4caf8c99: Label /dev/socket/mdns with its own type. * commit '4caf8c997a30d214c8c2236cbe8a93e43e37699f': Label /dev/socket/mdns with its own type.
|
4caf8c997a30d214c8c2236cbe8a93e43e37699f |
19-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Label /dev/socket/mdns with its own type. Otherwise it gets left in the general device type, and we get denials such as: type=1400 msg=audit(1379617262.940:102): avc: denied { write } for pid=579 comm="mDnsConnector" name="mdns" dev="tmpfs" ino=3213 scontext=u:r:system_server:s0 tcontext=u:object_r:device:s0 tclass=sock_file This of course only shows up if using a confined system_server. Change-Id: I2456dd7aa4d72e6fd15b55c251245186eb54a80a Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ile.te
ile_contexts
|
56f4324db2b84c360cbc52d15cce33cf44e1022e |
19-Sep-2013 |
Nick Kralevich <nnk@google.com> |
am 3484032b: am 0fb1cdf2: am 755cb39b: Merge changes Ia473e29d,Ic500af7b * commit '3484032b862d6cc2bd70071f3dfde2cdfcdb4168': write_klog also requires write permission to the directory. Allow access to /data/security/current symbolic link.
|
54f55decbeee70a1a33f88d6a3cb46a2ddb21650 |
19-Sep-2013 |
Nick Kralevich <nnk@google.com> |
am 106a7d29: am 3fb8dd6e: am 54d92dc5: Merge "Extend to check indirect allow rules and conditional rules." * commit '106a7d2974fb721cf2746273b3f54b206cd49d71': Extend to check indirect allow rules and conditional rules.
|
3484032b862d6cc2bd70071f3dfde2cdfcdb4168 |
19-Sep-2013 |
Nick Kralevich <nnk@google.com> |
am 0fb1cdf2: am 755cb39b: Merge changes Ia473e29d,Ic500af7b * commit '0fb1cdf27e48c2c58df7152d77865d9a03c93c79': write_klog also requires write permission to the directory. Allow access to /data/security/current symbolic link.
|
106a7d2974fb721cf2746273b3f54b206cd49d71 |
19-Sep-2013 |
Nick Kralevich <nnk@google.com> |
am 3fb8dd6e: am 54d92dc5: Merge "Extend to check indirect allow rules and conditional rules." * commit '3fb8dd6e77746b2677dbe6ec449ee92a9c7943b5': Extend to check indirect allow rules and conditional rules.
|
0fb1cdf27e48c2c58df7152d77865d9a03c93c79 |
18-Sep-2013 |
Nick Kralevich <nnk@google.com> |
am 755cb39b: Merge changes Ia473e29d,Ic500af7b * commit '755cb39b33a74d5b802da22e5856587b881ee9a3': write_klog also requires write permission to the directory. Allow access to /data/security/current symbolic link.
|
755cb39b33a74d5b802da22e5856587b881ee9a3 |
18-Sep-2013 |
Nick Kralevich <nnk@google.com> |
Merge changes Ia473e29d,Ic500af7b * changes: write_klog also requires write permission to the directory. Allow access to /data/security/current symbolic link.
|
3fb8dd6e77746b2677dbe6ec449ee92a9c7943b5 |
18-Sep-2013 |
Nick Kralevich <nnk@google.com> |
am 54d92dc5: Merge "Extend to check indirect allow rules and conditional rules." * commit '54d92dc5dca795000edf52958d8a26b96b9f5c08': Extend to check indirect allow rules and conditional rules.
|
54d92dc5dca795000edf52958d8a26b96b9f5c08 |
18-Sep-2013 |
Nick Kralevich <nnk@google.com> |
Merge "Extend to check indirect allow rules and conditional rules."
|
c9183a277623243707ae321abee63caff4a4ee3d |
18-Sep-2013 |
Alex Klyubin <klyubin@google.com> |
am dd2bf7c2: am ea29ae91: am 4103b3f2: 2/2: Rename domain "system" to "system_server". * commit 'dd2bf7c2d10f321e3780fdc141863d0470a27b69': 2/2: Rename domain "system" to "system_server".
|
dd2bf7c2d10f321e3780fdc141863d0470a27b69 |
18-Sep-2013 |
Alex Klyubin <klyubin@google.com> |
am ea29ae91: am 4103b3f2: 2/2: Rename domain "system" to "system_server". * commit 'ea29ae914e404ea5ee5640c58cc937803fe1f98e': 2/2: Rename domain "system" to "system_server".
|
ea29ae914e404ea5ee5640c58cc937803fe1f98e |
18-Sep-2013 |
Alex Klyubin <klyubin@google.com> |
am 4103b3f2: 2/2: Rename domain "system" to "system_server". * commit '4103b3f27ac0c6fdf16dac918ae791b709b24c6f': 2/2: Rename domain "system" to "system_server".
|
b5f788e7edd63045ff85a3720ff92441f498f8f2 |
18-Sep-2013 |
The Android Automerger <android-build@google.com> |
merge in klp-release history after reset to klp-dev
|
f559e255065be33ed36c3f3f74e068fb8274b136 |
17-Sep-2013 |
Geremy Condra <gcondra@google.com> |
am 776cd0f3: am 3bb1ccc2: Fix long-tail denials in enforcing domains. * commit '776cd0f372dd5fe47e20a08707e2fb54bb82bc50': Fix long-tail denials in enforcing domains.
|
776cd0f372dd5fe47e20a08707e2fb54bb82bc50 |
17-Sep-2013 |
Geremy Condra <gcondra@google.com> |
am 3bb1ccc2: Fix long-tail denials in enforcing domains. * commit '3bb1ccc265bbc6e865506b38ae66721ec1177b55': Fix long-tail denials in enforcing domains.
|
3bb1ccc265bbc6e865506b38ae66721ec1177b55 |
16-Sep-2013 |
Geremy Condra <gcondra@google.com> |
Fix long-tail denials in enforcing domains. The specific denials we see are: denied { getattr } for pid=169 comm=""installd"" path=""/data/data/com.android.providers.downloads/cache/downloadfile.jpeg"" dev=""mmcblk0p23"" ino=602861 scontext=u:r:installd:s0 tcontext=u:object_r:download_file:s0 tclass=file denied { fsetid } for pid=598 comm=""netd"" capability=4 scontext=u:r:netd:s0 tcontext=u:r:netd:s0 tclass=capability denied { read } for pid=209 comm=""installd"" name=""cache"" dev=""mmcblk0p28"" ino=81694 scontext=u:r:installd:s0 tcontext=u:object_r:download_file:s0 tclass=dir Bug: 10786017 Change-Id: Ia5d0b6337f3de6a168ac0d5a77df2a1ac419ec29
nstalld.te
etd.te
|
4103b3f27ac0c6fdf16dac918ae791b709b24c6f |
17-Sep-2013 |
Alex Klyubin <klyubin@google.com> |
2/2: Rename domain "system" to "system_server". This CL completes the renaming of domain system to system_server by removing the "system" typealias that was temporarily added to avoid breaking the build while the rename CLs are landing. Change-Id: I05d11571f0e3d639026fcb9341c3476d44c54fca
ystem_server.te
|
2233a5e6895309fce47be71416ab09d6b01ed98b |
17-Sep-2013 |
Alex Klyubin <klyubin@google.com> |
am 82140be9: Follow-up to rename system to system_server. * commit '82140be9314be9bd60e2c1894d97c12f0f64f254': Follow-up to rename system to system_server.
|
82140be9314be9bd60e2c1894d97c12f0f64f254 |
17-Sep-2013 |
Alex Klyubin <klyubin@google.com> |
Follow-up to rename system to system_server. 1fdee11df2552e29da0c48e3432f26f7a93e3bff renamed domain system to system_server in AOSP. This CL applies the rename to the rules that weren't in AOSP at the time. Change-Id: I0e226ddca2e01ed577204ddb4886a71f032a01ed
ygote.te
|
49327bc69b33fc92a5bdc90aaa98dcd51274cd6c |
17-Sep-2013 |
Alex Klyubin <klyubin@google.com> |
am d343fd58: am 3d94272a: am 1fdee11d: 1/2: Rename domain "system" to "system_server". * commit 'd343fd582c04ed4a9553ceec37aa4ea05106580e': 1/2: Rename domain "system" to "system_server".
|
d343fd582c04ed4a9553ceec37aa4ea05106580e |
17-Sep-2013 |
Alex Klyubin <klyubin@google.com> |
am 3d94272a: am 1fdee11d: 1/2: Rename domain "system" to "system_server". * commit '3d94272a754a4ea0727c1d4d880944d1d9efd3e7': 1/2: Rename domain "system" to "system_server".
|
3d94272a754a4ea0727c1d4d880944d1d9efd3e7 |
17-Sep-2013 |
Alex Klyubin <klyubin@google.com> |
am 1fdee11d: 1/2: Rename domain "system" to "system_server". * commit '1fdee11df2552e29da0c48e3432f26f7a93e3bff': 1/2: Rename domain "system" to "system_server".
|
1fdee11df2552e29da0c48e3432f26f7a93e3bff |
14-Sep-2013 |
Alex Klyubin <klyubin@google.com> |
1/2: Rename domain "system" to "system_server". This is a follow-up CL to the extraction of "system_app" domain from the "system" domain which left the "system" domain encompassing just the system_server. Since this change cannot be made atomically across different repositories, it temporarily adds a typealias "server" pointing to "system_server". Once all other repositories have been switched to "system_server", this alias will be removed. Change-Id: I90a6850603dcf60049963462c5572d36de62bc00
pp.te
omain.te
eapp_contexts
ystem.te
ystem_server.te
ygote.te
|
545a4f99a6809abc51b4a473c865bd0ffc262653 |
14-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 003fbef7: am bbc0c39b: am a770f55b: Remove dbusd policy; dbusd is no more. * commit '003fbef7399b2a8224a78c1f678af65d72fbc284': Remove dbusd policy; dbusd is no more.
|
4dcc6d039cf978f0eb13bb9d27934be82932fa96 |
14-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 6d26f3d9: am f8d86b82: am 1d435de6: Remove bluetoothd policy; bluetoothd is no more. * commit '6d26f3d97f48d8699bddc60dc3bf211326fd3e83': Remove bluetoothd policy; bluetoothd is no more.
|
003fbef7399b2a8224a78c1f678af65d72fbc284 |
14-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am bbc0c39b: am a770f55b: Remove dbusd policy; dbusd is no more. * commit 'bbc0c39ba63be2a57017b953d8a676c69d464338': Remove dbusd policy; dbusd is no more.
|
bbc0c39ba63be2a57017b953d8a676c69d464338 |
14-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am a770f55b: Remove dbusd policy; dbusd is no more. * commit 'a770f55b18da45a2b40436060e64096a5a0ba883': Remove dbusd policy; dbusd is no more.
|
6d26f3d97f48d8699bddc60dc3bf211326fd3e83 |
14-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am f8d86b82: am 1d435de6: Remove bluetoothd policy; bluetoothd is no more. * commit 'f8d86b8228b420d3cd548f6214730546810c99f7': Remove bluetoothd policy; bluetoothd is no more.
|
f8d86b8228b420d3cd548f6214730546810c99f7 |
14-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 1d435de6: Remove bluetoothd policy; bluetoothd is no more. * commit '1d435de685e0842e8d9902480db8b408f43911f6': Remove bluetoothd policy; bluetoothd is no more.
|
a770f55b18da45a2b40436060e64096a5a0ba883 |
10-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Remove dbusd policy; dbusd is no more. Change-Id: I9652284bd34d07bd47e2e7df66fcbe5db185ab3f Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
busd.te
ile.te
ile_contexts
|
1d435de685e0842e8d9902480db8b408f43911f6 |
10-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Remove bluetoothd policy; bluetoothd is no more. Change-Id: I153b0aa8a747d6c79839d06fc04b3923eacfa213 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
luetoothd.te
ile.te
ile_contexts
|
f4ecd57a0a996d640851b4bdd4109b728fff738b |
14-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 23a52be6: am 1b487cb6: am 8840fa7f: Split system_app from system. * commit '23a52be652da0b44b1ce8d5123071096ad66baee': Split system_app from system.
|
17ac659fc4041d1ecee5ea68a982bbcade124e76 |
14-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 586d7624: am 8d72332e: am a62d5c66: Drop obsolete comments about SEAndroidManager. * commit '586d7624e9d452574937c9a43d4821cc6810cf90': Drop obsolete comments about SEAndroidManager.
|
23a52be652da0b44b1ce8d5123071096ad66baee |
14-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 1b487cb6: am 8840fa7f: Split system_app from system. * commit '1b487cb6dac66c2f334864c13f2a2dc941c1e74c': Split system_app from system.
|
1b487cb6dac66c2f334864c13f2a2dc941c1e74c |
14-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 8840fa7f: Split system_app from system. * commit '8840fa7f85e60fc4abd3cedf7cbfc2cd98a4d473': Split system_app from system.
|
8840fa7f85e60fc4abd3cedf7cbfc2cd98a4d473 |
11-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Split system_app from system. system_app is for apps that run in the system UID, e.g. Settings. system is for the system_server. Split them into separate files and note their purpose in the comment header of each file. Change-Id: I19369abc728ba2159fd50ae6b230828857e19f10 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ystem.te
ystem_app.te
|
586d7624e9d452574937c9a43d4821cc6810cf90 |
13-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 8d72332e: am a62d5c66: Drop obsolete comments about SEAndroidManager. * commit '8d72332e9a143dfe44d952ab17c521f1f851b173': Drop obsolete comments about SEAndroidManager.
|
8d72332e9a143dfe44d952ab17c521f1f851b173 |
13-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am a62d5c66: Drop obsolete comments about SEAndroidManager. * commit 'a62d5c667984435fd9ba3bf1eb11d4fdaa3849c1': Drop obsolete comments about SEAndroidManager.
|
a62d5c667984435fd9ba3bf1eb11d4fdaa3849c1 |
10-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Drop obsolete comments about SEAndroidManager. Change-Id: I6b27418507ebd0113a97bea81f37e4dc1de6da14 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
etd.te
|
81f3970ae118b49e5c4a325088c0634ab2912226 |
13-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 48b7e97d: am cac0b7d6: am c0845036: Remove sys_nice capability from domains. * commit '48b7e97da021d56a1b189093cbd8b134f0c97232': Remove sys_nice capability from domains.
|
48b7e97da021d56a1b189093cbd8b134f0c97232 |
13-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am cac0b7d6: am c0845036: Remove sys_nice capability from domains. * commit 'cac0b7d601aefa1332e819bea7b1765ba1fb1da1': Remove sys_nice capability from domains.
|
cac0b7d601aefa1332e819bea7b1765ba1fb1da1 |
13-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am c0845036: Remove sys_nice capability from domains. * commit 'c0845036cc8c494adf0adf24c9d93a23f59566f7': Remove sys_nice capability from domains.
|
c0845036cc8c494adf0adf24c9d93a23f59566f7 |
02-May-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Remove sys_nice capability from domains. Remove sys_nice capability from domains; this does not appear to be necessary and should not be possible in particular for app domains. If we encounter specific instances where it should be granted, we can add it back on a per-domain basis. Allow it explicitly for the system_server. Unconfined domains get it via unconfined_domain() and the rules in unconfined.te. Change-Id: I9669db80a04a90a22241b2fbc5236a28dcde8c6e Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
omain.te
ystem.te
|
4a8bbc01826e423d949772d73e6535b23c86274c |
13-Sep-2013 |
Nick Kralevich <nnk@google.com> |
am 03566840: am 28029a8d: am d1f448d4: Merge changes Icd71c967,I3fd90ad9 * commit '03566840f1d55cbf2b6d05b3a9a7ee94b4e071a1': Do not permit appdomain to create/write to download_file. Remove duplicated rules between appdomain and isolated_app.
|
ff8bf7ffdf657bff10f7cc03a31ee3bb53059588 |
13-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 047153e3: am e9761cb8: am 29326eda: Drop domain write access to sysfs for the emulator. * commit '047153e35ad3550fdc2cbf47f826e3f5ccb2041a': Drop domain write access to sysfs for the emulator.
|
86d31c506f7529de14135a90af58333bd95c812e |
13-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am a557b3d6: am a902c0ca: am 0f7641d8: Label all files under /sys/qemu_trace with sysfs_writable. * commit 'a557b3d6e68cb476240890aaa05bd5afc17f78ae': Label all files under /sys/qemu_trace with sysfs_writable.
|
03566840f1d55cbf2b6d05b3a9a7ee94b4e071a1 |
13-Sep-2013 |
Nick Kralevich <nnk@google.com> |
am 28029a8d: am d1f448d4: Merge changes Icd71c967,I3fd90ad9 * commit '28029a8d2e5e888cec713e9ea1eaacbf1739754b': Do not permit appdomain to create/write to download_file. Remove duplicated rules between appdomain and isolated_app.
|
047153e35ad3550fdc2cbf47f826e3f5ccb2041a |
13-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am e9761cb8: am 29326eda: Drop domain write access to sysfs for the emulator. * commit 'e9761cb8cbc129ec7437550af7c751704a74a44b': Drop domain write access to sysfs for the emulator.
|
a557b3d6e68cb476240890aaa05bd5afc17f78ae |
13-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am a902c0ca: am 0f7641d8: Label all files under /sys/qemu_trace with sysfs_writable. * commit 'a902c0cad0f81810021e0eb50283cddd181f8ac2': Label all files under /sys/qemu_trace with sysfs_writable.
|
28029a8d2e5e888cec713e9ea1eaacbf1739754b |
13-Sep-2013 |
Nick Kralevich <nnk@google.com> |
am d1f448d4: Merge changes Icd71c967,I3fd90ad9 * commit 'd1f448d4a53f87ae416aeb84ecf21bb703cc4c80': Do not permit appdomain to create/write to download_file. Remove duplicated rules between appdomain and isolated_app.
|
e9761cb8cbc129ec7437550af7c751704a74a44b |
13-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 29326eda: Drop domain write access to sysfs for the emulator. * commit '29326eda65b121fe0edbbae43bc463af17aaed9b': Drop domain write access to sysfs for the emulator.
|
a902c0cad0f81810021e0eb50283cddd181f8ac2 |
13-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 0f7641d8: Label all files under /sys/qemu_trace with sysfs_writable. * commit '0f7641d83d7044431db44d4dd2377e6f8ef93e85': Label all files under /sys/qemu_trace with sysfs_writable.
|
d1f448d4a53f87ae416aeb84ecf21bb703cc4c80 |
13-Sep-2013 |
Nick Kralevich <nnk@google.com> |
Merge changes Icd71c967,I3fd90ad9 * changes: Do not permit appdomain to create/write to download_file. Remove duplicated rules between appdomain and isolated_app.
|
29326eda65b121fe0edbbae43bc463af17aaed9b |
03-May-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Drop domain write access to sysfs for the emulator. 3.4 goldfish kernel supports sysfs labeling so we no longer need this. Change-Id: I77514a8f3102ac8be957c57d95e7de7d5901f69d Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
omain.te
|
0f7641d83d7044431db44d4dd2377e6f8ef93e85 |
03-May-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Label all files under /sys/qemu_trace with sysfs_writable. Otherwise we have different security contexts but the same DAC permissions: -rw-rw-rw- root root u:object_r:sysfs_writable:s0 process_name -rw-rw-rw- root root u:object_r:sysfs:s0 state -rw-rw-rw- root root u:object_r:sysfs:s0 symbol This change fixes denials such as: type=1400 msg=audit(1379096020.770:144): avc: denied { write } for pid=85 comm="SurfaceFlinger" name="symbol" dev="sysfs" ino=47 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:sysfs:s0 tclass=file Change-Id: I261c7751da3778ee9241ec6b5476e8d9f96ba5ed Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ile_contexts
|
17454cf805748a8792608a44bbfddb00fb918841 |
11-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Do not permit appdomain to create/write to download_file. The comment says that apps can read downloaded files, but the file_type_auto_trans() macro expands to permit create/write access. Also we don't need a type transition when staying in the same type as the parent directory so we only truly need allow rules here. Hence, we remove file_type_auto_trans() altogether, and add an allow rule for search access to the directory. If create/write access is truly required, then we can just change the allow rules to use rw_dir_perms and create_file_perms. Change-Id: Icd71c9678419442cfd8088317317efd4332f9b4a Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
|
5b00f223495ccb87cc8069d819bee6be9b3b99d6 |
11-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Remove duplicated rules between appdomain and isolated_app. r_dir_file(appdomain, isolated_app) was in both app.te and isolated_app.te; delete it from isolated_app.te. binder_call(appdomain, isolated_app) is a subset of binder_call(appdomain, appdomain); delete it. Change-Id: I3fd90ad9c8862a0e4dad957425cbfbc9fa97c63f Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
solated_app.te
|
b76959dcd9009e7a3131db45d3ca978bb11352ff |
13-Sep-2013 |
Nick Kralevich <nnk@google.com> |
am 70cd816d: am ce077484: am a24a991d: Allow apps to execute app_data_files * commit '70cd816d5ff991a3ce6800a3970a5605f884af26': Allow apps to execute app_data_files
|
640991bb3c8a7552a781bc0db544923901583de6 |
12-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Extend to check indirect allow rules and conditional rules. $ sepolicy-check -s untrusted_app -t mediaserver -c binder -p call -P out/target/product/manta/root/sepolicy Match found! Also removed loading of initial SIDs as that is not required for this functionality and it leaks memory as it is never freed. valgrind now reports no leaks. Change-Id: Ic7a26fd01c57914e4e96db504d669f5367542a35 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ools/sepolicy-check.c
|
70cd816d5ff991a3ce6800a3970a5605f884af26 |
12-Sep-2013 |
Nick Kralevich <nnk@google.com> |
am ce077484: am a24a991d: Allow apps to execute app_data_files * commit 'ce077484904678fcdf97ab3fba8b48a3ace53af4': Allow apps to execute app_data_files
|
ce077484904678fcdf97ab3fba8b48a3ace53af4 |
12-Sep-2013 |
Nick Kralevich <nnk@google.com> |
am a24a991d: Allow apps to execute app_data_files * commit 'a24a991dd59fe03cdc681aadcb6bbca1ffac9b7b': Allow apps to execute app_data_files
|
a24a991dd59fe03cdc681aadcb6bbca1ffac9b7b |
12-Sep-2013 |
Nick Kralevich <nnk@google.com> |
Allow apps to execute app_data_files Fixes the following denial: <5>[28362.335293] type=1400 audit(1378991198.292:24): avc: denied { execute } for pid=1640 comm="facebook.katana" path="/data/data/com.facebook.katana/app_libs/libfb_jpegturbo.so" dev="mmcblk0p23" ino=652556 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:app_data_file:s0 tclass=file Change-Id: I4a515610149f06f0c49194feb6bc96e9b3080c12
pp.te
|
fd7bf2a51f07bcddbc8a541c69b33a679f0f002c |
12-Sep-2013 |
The Android Automerger <android-build@google.com> |
merge in klp-release history after reset to klp-dev
|
0e0369c2e4040f51c4cee99543e8328cb5a96e80 |
12-Sep-2013 |
Geremy Condra <gcondra@google.com> |
am d84e49e3: am 13a74a3a: Merge "Allow vold to start and stop processes via init" into klp-dev * commit 'd84e49e329792392e909e81b6c8dcfe913e87e51': Allow vold to start and stop processes via init
|
a7749363a13a078825cdd70b7cc004421ecd2cfe |
12-Sep-2013 |
Geremy Condra <gcondra@google.com> |
am 84c277e7: am 011094cc: Switch installd to use r_dir_perms for download_file dirs. * commit '84c277e723a5787ce1ab72f1dac21bc3826a8d5d': Switch installd to use r_dir_perms for download_file dirs.
|
d84e49e329792392e909e81b6c8dcfe913e87e51 |
12-Sep-2013 |
Geremy Condra <gcondra@google.com> |
am 13a74a3a: Merge "Allow vold to start and stop processes via init" into klp-dev * commit '13a74a3aea0387ff45f27291a9abca46952b9aa3': Allow vold to start and stop processes via init
|
13a74a3aea0387ff45f27291a9abca46952b9aa3 |
12-Sep-2013 |
Geremy Condra <gcondra@google.com> |
Merge "Allow vold to start and stop processes via init" into klp-dev
|
a77068b3dedca0b6038e0bbdd03c81276b2e7dc0 |
11-Sep-2013 |
Geremy Condra <gcondra@google.com> |
Switch installd to use r_dir_perms for download_file dirs. This fixes an issue in which installd can't open download file dirs. Bug: 10710450 Change-Id: I1dd08188a88428143c4bb914e872175dc3755597
nstalld.te
|
84c277e723a5787ce1ab72f1dac21bc3826a8d5d |
11-Sep-2013 |
Geremy Condra <gcondra@google.com> |
am 011094cc: Switch installd to use r_dir_perms for download_file dirs. * commit '011094cc445c42774c55298cb9aceb9e5519d2ff': Switch installd to use r_dir_perms for download_file dirs.
|
011094cc445c42774c55298cb9aceb9e5519d2ff |
11-Sep-2013 |
Geremy Condra <gcondra@google.com> |
Switch installd to use r_dir_perms for download_file dirs. This fixes an issue in which installd can't open download file dirs. Bug: 10710450 Change-Id: I1dd08188a88428143c4bb914e872175dc3755597
nstalld.te
|
89ae00f4997d0f0d62ef733e751b8f8ee198bc5a |
11-Sep-2013 |
Geremy Condra <gcondra@google.com> |
am aa51a387: am 7eb786bc: Give vold the capability to kill. * commit 'aa51a3874d268734e993d6baf844c36e0f4f6f6f': Give vold the capability to kill.
|
aa51a3874d268734e993d6baf844c36e0f4f6f6f |
11-Sep-2013 |
Geremy Condra <gcondra@google.com> |
am 7eb786bc: Give vold the capability to kill. * commit '7eb786bca26230f11472299947b815472bc1e333': Give vold the capability to kill.
|
7eb786bca26230f11472299947b815472bc1e333 |
11-Sep-2013 |
Geremy Condra <gcondra@google.com> |
Give vold the capability to kill. Bug: 10706792 Change-Id: I85085ab7a6f0f3d12ba4d2b21b655bb64795495f
old.te
|
4974855824ed16aa5a68868406b6451e756e58f9 |
10-Sep-2013 |
Ken Sumrall <ksumrall@android.com> |
Allow vold to start and stop processes via init This is needed for the new fuse wrapped sdcard support. bug: 10330128 Change-Id: Ic5ebc769d376bf061d237616e56bcd562a63c6be
old.te
|
e7e42f031aa6affb23463b2ec25c08cd845a65d1 |
10-Sep-2013 |
The Android Automerger <android-build@google.com> |
merge in klp-release history after reset to klp-dev
|
d2418a9fe3d921622a3c7cc1e4a93b9eb0659b6c |
10-Sep-2013 |
Alex Klyubin <klyubin@google.com> |
am b0dcfcec: am bf9c6145: am a2477056: Permit writing to /dev/random and /dev/urandom. * commit 'b0dcfcec46b8691edd2b44370d71e5279d3ef91e': Permit writing to /dev/random and /dev/urandom.
|
b0dcfcec46b8691edd2b44370d71e5279d3ef91e |
10-Sep-2013 |
Alex Klyubin <klyubin@google.com> |
am bf9c6145: am a2477056: Permit writing to /dev/random and /dev/urandom. * commit 'bf9c61458e49cc1650b1a473eeb847875f80088b': Permit writing to /dev/random and /dev/urandom.
|
bf9c61458e49cc1650b1a473eeb847875f80088b |
10-Sep-2013 |
Alex Klyubin <klyubin@google.com> |
am a2477056: Permit writing to /dev/random and /dev/urandom. * commit 'a2477056ae6a702e7e71b671cd0c47afc1c7da8a': Permit writing to /dev/random and /dev/urandom.
|
f8927386b4d6fdf2892b05083b26e3e37d39e6c3 |
10-Sep-2013 |
Alex Klyubin <klyubin@google.com> |
am 9e2453bd: am 7ca560be: am 34a8e121: Permit installd to unlink all types of data_file_type. * commit '9e2453bd2edea0a6839c813b727adf1b86fc43ea': Permit installd to unlink all types of data_file_type.
|
a2477056ae6a702e7e71b671cd0c47afc1c7da8a |
10-Sep-2013 |
Alex Klyubin <klyubin@google.com> |
Permit writing to /dev/random and /dev/urandom. Apps attempting to write to /dev/random or /dev/urandom currently succeed, but a policy violation is logged. These two Linux RNG devices are meant to be written to by arbitrary apps. Thus, there's no reason to deny this capability. Bug: 10679705 Change-Id: Ife401f1dd2182889471eef7e90fcc92e96f9c4d6
omain.te
|
9e2453bd2edea0a6839c813b727adf1b86fc43ea |
10-Sep-2013 |
Alex Klyubin <klyubin@google.com> |
am 7ca560be: am 34a8e121: Permit installd to unlink all types of data_file_type. * commit '7ca560be77f51b2733cb212017507ff9e61695ea': Permit installd to unlink all types of data_file_type.
|
7ca560be77f51b2733cb212017507ff9e61695ea |
10-Sep-2013 |
Alex Klyubin <klyubin@google.com> |
am 34a8e121: Permit installd to unlink all types of data_file_type. * commit '34a8e121124c79e8daa60aebb065377280335bcc': Permit installd to unlink all types of data_file_type.
|
34a8e121124c79e8daa60aebb065377280335bcc |
10-Sep-2013 |
Alex Klyubin <klyubin@google.com> |
Permit installd to unlink all types of data_file_type. This enables installd to uninstall or clear data of installed apps whose data directory contains unusual file types, such as FIFO. Bug: 10680357 (cherry picked from commit 839af9edb5f410727c15b8f3dd377dfb3a9d6e22) Change-Id: I5715f7d6d3214896ad0456d614b052cf5fb79eef
nstalld.te
|
ae7b64433ddc9990d877bded7afa0b949eac78d1 |
10-Sep-2013 |
Nick Kralevich <nnk@google.com> |
am 9eb98156: am 9565c5ce: Backport part of d615ef3477da23e7fca9c13b6d63915992e63d2d to klp-dev * commit '9eb98156cead1456641e09c80ca80b17fb4d32c2': Backport part of d615ef3477da23e7fca9c13b6d63915992e63d2d to klp-dev
|
9eb98156cead1456641e09c80ca80b17fb4d32c2 |
10-Sep-2013 |
Nick Kralevich <nnk@google.com> |
am 9565c5ce: Backport part of d615ef3477da23e7fca9c13b6d63915992e63d2d to klp-dev * commit '9565c5cef209be6a9bc392e6a1352aaaad5bdc23': Backport part of d615ef3477da23e7fca9c13b6d63915992e63d2d to klp-dev
|
a473e29de0a5a1e88e1ac564d91dabb5437ae4fd |
30-Jul-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
write_klog also requires write permission to the directory. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
e_macros
|
79e084fcc9a44a79646114021539ca7398110cc3 |
27-Aug-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow access to /data/security/current symbolic link. Change-Id: Ic500af7b9dac6a9b6401e99c3d162913e9989d9b Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
e_macros
|
9565c5cef209be6a9bc392e6a1352aaaad5bdc23 |
10-Sep-2013 |
Nick Kralevich <nnk@google.com> |
Backport part of d615ef3477da23e7fca9c13b6d63915992e63d2d to klp-dev Part of d615ef3477da23e7fca9c13b6d63915992e63d2d hasn't been backported to klp-dev yet. Do it now. Change-Id: Ib4f26c64d376e236fa3f76166f5d78a9f28b79a3
nstalld.te
ygote.te
|
3b9780690d1bab9780604621f335a1a192fb8a41 |
10-Sep-2013 |
Nick Kralevich <nnk@google.com> |
am 555e5f66: resolved conflicts for merge of 839af9ed to klp-dev-plus-aosp * commit '555e5f666ef40f6a7b23cd20d9300ada5d6413ea': Allow installd to clear fifos and sockets
|
555e5f666ef40f6a7b23cd20d9300ada5d6413ea |
10-Sep-2013 |
Nick Kralevich <nnk@google.com> |
resolved conflicts for merge of 839af9ed to klp-dev-plus-aosp Change-Id: I90f812f66dd69d05d2f8875694168ba1b7bb9267
|
839af9edb5f410727c15b8f3dd377dfb3a9d6e22 |
10-Sep-2013 |
Nick Kralevich <nnk@google.com> |
Allow installd to clear fifos and sockets Bug: 10680357 Change-Id: I2a20f4aaaa53acbd53a404d369a79ae47246ad6f
nstalld.te
|
bdbd4fed7fe0faafa1d1aee10178a9d56917f483 |
10-Sep-2013 |
Alex Klyubin <klyubin@google.com> |
am e42aa03d: am b9bbfeb0: Fix bug report notification not showing up. * commit 'e42aa03d183bcb1987447fca6884f1cd9baa7b09': Fix bug report notification not showing up.
|
e42aa03d183bcb1987447fca6884f1cd9baa7b09 |
10-Sep-2013 |
Alex Klyubin <klyubin@google.com> |
am b9bbfeb0: Fix bug report notification not showing up. * commit 'b9bbfeb003042b386e4025cdb3c3ee9b9f0c4432': Fix bug report notification not showing up.
|
b9bbfeb003042b386e4025cdb3c3ee9b9f0c4432 |
10-Sep-2013 |
Alex Klyubin <klyubin@google.com> |
Fix bug report notification not showing up. Bug: 10498304 Change-Id: I74cac92368353694612dbd94f0d072b97ec9878b
ygote.te
|
a96a05a8c630ae24352898aea85002cbb84ed0c6 |
10-Sep-2013 |
Nick Kralevich <nnk@google.com> |
Fix bug report notification not showing up. Bug: 10498304 Change-Id: Ic0e30bdf6cc35f9d9e2752f36940e75e7ae37d83
ygote.te
|
6a6feee45dc6160f9e7a43e4deffcd90f72afe0f |
10-Sep-2013 |
Nick Kralevich <nnk@google.com> |
am 0e48af3d: am d629b87e: Fix bug report notification not showing up. * commit '0e48af3d22c3dd56886b1cd7f652d0fc2db40233': Fix bug report notification not showing up.
|
0e48af3d22c3dd56886b1cd7f652d0fc2db40233 |
10-Sep-2013 |
Nick Kralevich <nnk@google.com> |
am d629b87e: Fix bug report notification not showing up. * commit 'd629b87e896171023569ab207f55cfeae560c711': Fix bug report notification not showing up.
|
d629b87e896171023569ab207f55cfeae560c711 |
10-Sep-2013 |
Nick Kralevich <nnk@google.com> |
Fix bug report notification not showing up. Bug: 10498304 Change-Id: Ic0e30bdf6cc35f9d9e2752f36940e75e7ae37d83
ygote.te
|
9abf12dca4fe29cd30c0c46a41c166d10075a9fd |
06-Sep-2013 |
William Roberts <wroberts@tresys.com> |
am d7e0eda6: am aade7d74: am 9af6f1bd: Drop -d option on insertkeys.py in Android.mk * commit 'd7e0eda67a72505ecd22ee867da0cbe86bd79352': Drop -d option on insertkeys.py in Android.mk
|
d7e0eda67a72505ecd22ee867da0cbe86bd79352 |
06-Sep-2013 |
William Roberts <wroberts@tresys.com> |
am aade7d74: am 9af6f1bd: Drop -d option on insertkeys.py in Android.mk * commit 'aade7d74f8d2108034aa1797cddd1210738cec18': Drop -d option on insertkeys.py in Android.mk
|
aade7d74f8d2108034aa1797cddd1210738cec18 |
06-Sep-2013 |
William Roberts <wroberts@tresys.com> |
am 9af6f1bd: Drop -d option on insertkeys.py in Android.mk * commit '9af6f1bd59ee2fb0622db8ff25c4806c5527a0b3': Drop -d option on insertkeys.py in Android.mk
|
9af6f1bd59ee2fb0622db8ff25c4806c5527a0b3 |
22-Aug-2013 |
William Roberts <wroberts@tresys.com> |
Drop -d option on insertkeys.py in Android.mk This breaks the ability for users to have certs in many directories. Currently the design is to allow keys.conf to specify arbitrary locations for pem files, relative to the root of the Android tree. If users want to have a common prefix on all the keys, then they can export DEFAULT_SYSTEM_DEV_CERTIFICATE, and make that an environment variable in their keys.conf file. Signed-off-by: William Roberts <wroberts@tresys.com> Change-Id: I23455b891206cab6eca7db08ff3c28283f87c640 Signed-off-by: William Roberts <wroberts@tresys.com>
ndroid.mk
eys.conf
|
f63df9ac7ce3a5332f7f1620e50d5f18bbe74c3d |
06-Sep-2013 |
Geremy Condra <gcondra@google.com> |
am d3dbaaad: am 0c42bb0a: am 21d13e9b: Merge "Fix more long-tail denials." * commit 'd3dbaaade7fffba2e7f7709a884b8ed68e80ad3d': Fix more long-tail denials.
|
d3dbaaade7fffba2e7f7709a884b8ed68e80ad3d |
06-Sep-2013 |
Geremy Condra <gcondra@google.com> |
am 0c42bb0a: am 21d13e9b: Merge "Fix more long-tail denials." * commit '0c42bb0a9011e6ce987b69439f219a914318c33a': Fix more long-tail denials.
|
0c42bb0a9011e6ce987b69439f219a914318c33a |
06-Sep-2013 |
Geremy Condra <gcondra@google.com> |
am 21d13e9b: Merge "Fix more long-tail denials." * commit '21d13e9b667bbd3c1837881e0febe7e7d0931ed9': Fix more long-tail denials.
|
21d13e9b667bbd3c1837881e0febe7e7d0931ed9 |
06-Sep-2013 |
Geremy Condra <gcondra@google.com> |
Merge "Fix more long-tail denials."
|
217f8afc188d4e1f393b0fa36a7dda2d6e0273ca |
06-Sep-2013 |
Geremy Condra <gcondra@google.com> |
Fix more long-tail denials. For additional context- The denials related to init_tmpfs are of the form: denied { read } for pid=12315 comm=""dboxed_process0"" path=2F6465762F6173686D656D2F64616C76696B2D68656170202864656C6574656429 dev=""tmpfs"" ino=9464 scontext=u:r:isolated_app:s0 tcontext=u:object_r:init_tmpfs:s0 tclass=file (the path above is "/dev/ashmem/dalvik-heap (deleted)") The denials related to executing things from the dalvik cache are of the form: enied { execute } for pid=3565 comm=""dboxed_process0"" path=""/data/dalvik-cache/system@app@Chrome.apk@classes.dex"" dev=""mmcblk0p28"" ino=105983 scontext=u:r:isolated_app:s0 tcontext=u:object_r:dalvikcache_data_file:s0 tclass=file The denials related to isolated_app and the init socket are: denied { getattr } for pid=3824 comm=""Binder_2"" path=""socket:[14059]"" dev=""sockfs"" ino=14059 scontext=u:r:isolated_app:s0 tcontext=u:r:init:s0 tclass=unix_stream_socket The getopt denials for the aforementioned socket are: denied { getopt } for pid=3824 comm=""Binder_2"" path=""/dev/socket/dumpstate"" scontext=u:r:isolated_app:s0 tcontext=u:r:init:s0 tclass=unix_stream_socket Change-Id: I3c57702e2af5a779a7618da9aa40930e7f12ee49
solated_app.te
ernel.te
ystem.te
|
ae5927b8fe709091bdfd9ae8804a87ff5c744187 |
31-Aug-2013 |
Geremy Condra <gcondra@google.com> |
Give Zygote the ability to write app data files. This fixes another bug encountered while taking bugreports. Bug: 10498304 Change-Id: Ie33e869ccd28c5461f4f3736c078b2a865aa7cdd
ygote.te
|
0d8aa3997c348671d9f53be7cb3aba5c9cb80390 |
05-Sep-2013 |
Geremy Condra <gcondra@google.com> |
am 708d8af7: am 090645b3: Give Zygote the ability to write app data files. * commit '708d8af7f7756e908a4b25482d7580506b682ec2': Give Zygote the ability to write app data files.
|
708d8af7f7756e908a4b25482d7580506b682ec2 |
05-Sep-2013 |
Geremy Condra <gcondra@google.com> |
am 090645b3: Give Zygote the ability to write app data files. * commit '090645b36df5e41cabd182604ca0d8b06bb6fc11': Give Zygote the ability to write app data files.
|
49e0cda3e59195fd455a992ea021eabab04efa9f |
05-Sep-2013 |
Geremy Condra <gcondra@google.com> |
am 4f1ff5b1: am a4df1d15: am 66826d5e: Merge "Fix miscellaneous long-tail denials." * commit '4f1ff5b19dfb7aaed8bf9af00cb0a1f8b1271f53': Fix miscellaneous long-tail denials.
|
5408464ba43300899d47b18c1abe492015ab5ebe |
05-Sep-2013 |
Nick Kralevich <nnk@google.com> |
am bc0185c1: am 6bcca1c8: am 2f40a17a: Revert "Add the ability to write shell files to the untrusted_app domain." * commit 'bc0185c1524f4df9f9c017faa94ae6c3bb2b1ef8': Revert "Add the ability to write shell files to the untrusted_app domain."
|
4f1ff5b19dfb7aaed8bf9af00cb0a1f8b1271f53 |
05-Sep-2013 |
Geremy Condra <gcondra@google.com> |
am a4df1d15: am 66826d5e: Merge "Fix miscellaneous long-tail denials." * commit 'a4df1d159d8a2a56f17c68b277878e4479b3df9c': Fix miscellaneous long-tail denials.
|
bc0185c1524f4df9f9c017faa94ae6c3bb2b1ef8 |
05-Sep-2013 |
Nick Kralevich <nnk@google.com> |
am 6bcca1c8: am 2f40a17a: Revert "Add the ability to write shell files to the untrusted_app domain." * commit '6bcca1c8186ac3521e10f5d90e52aa98b126bff5': Revert "Add the ability to write shell files to the untrusted_app domain."
|
a4df1d159d8a2a56f17c68b277878e4479b3df9c |
05-Sep-2013 |
Geremy Condra <gcondra@google.com> |
am 66826d5e: Merge "Fix miscellaneous long-tail denials." * commit '66826d5e15cbaae5a0ecd613f5148003927e79ab': Fix miscellaneous long-tail denials.
|
66826d5e15cbaae5a0ecd613f5148003927e79ab |
05-Sep-2013 |
Geremy Condra <gcondra@google.com> |
Merge "Fix miscellaneous long-tail denials."
|
6bcca1c8186ac3521e10f5d90e52aa98b126bff5 |
05-Sep-2013 |
Nick Kralevich <nnk@google.com> |
am 2f40a17a: Revert "Add the ability to write shell files to the untrusted_app domain." * commit '2f40a17a42d19b6d92944c78c1d6a9c9517a725b': Revert "Add the ability to write shell files to the untrusted_app domain."
|
2f40a17a42d19b6d92944c78c1d6a9c9517a725b |
05-Sep-2013 |
Nick Kralevich <nnk@google.com> |
Revert "Add the ability to write shell files to the untrusted_app domain." At this point, we still don't understand the root cause of bug 10290009, or if it's even a real bug. Rollback 29d0d40668e686adc91cdfbf0d083e71ed82bac6 so we an get a device in this state and figure out the root cause of this problem. This reverts commit 29d0d40668e686adc91cdfbf0d083e71ed82bac6. Bug: 10290009
ntrusted_app.te
|
d615ef3477da23e7fca9c13b6d63915992e63d2d |
05-Sep-2013 |
Geremy Condra <gcondra@google.com> |
Fix miscellaneous long-tail denials. Change-Id: Ie0947f79c63f962220d3c9316c5d5d82f677821f
nstalld.te
ygote.te
|
090645b36df5e41cabd182604ca0d8b06bb6fc11 |
31-Aug-2013 |
Geremy Condra <gcondra@google.com> |
Give Zygote the ability to write app data files. This fixes another bug encountered while taking bugreports. Bug: 10498304 Change-Id: Ie33e869ccd28c5461f4f3736c078b2a865aa7cdd
ygote.te
|
a47a44bfef16af56d9a2475370acad0d8452123c |
31-Aug-2013 |
Geremy Condra <gcondra@google.com> |
am 5bf48a93: am 9ac921c0: am fc2bd01b: Give Zygote the ability to write app data files. * commit '5bf48a9310168b6c6208e1ff866f58bdd40bac61': Give Zygote the ability to write app data files.
|
5bf48a9310168b6c6208e1ff866f58bdd40bac61 |
31-Aug-2013 |
Geremy Condra <gcondra@google.com> |
am 9ac921c0: am fc2bd01b: Give Zygote the ability to write app data files. * commit '9ac921c03add4e5c835cc6c2cfec46bda22d6d34': Give Zygote the ability to write app data files.
|
9ac921c03add4e5c835cc6c2cfec46bda22d6d34 |
31-Aug-2013 |
Geremy Condra <gcondra@google.com> |
am fc2bd01b: Give Zygote the ability to write app data files. * commit 'fc2bd01b601b00bf682c313d1e859d86ce030b67': Give Zygote the ability to write app data files.
|
fc2bd01b601b00bf682c313d1e859d86ce030b67 |
31-Aug-2013 |
Geremy Condra <gcondra@google.com> |
Give Zygote the ability to write app data files. This fixes another bug encountered while taking bugreports. Bug: 10498304 Change-Id: Ie33e869ccd28c5461f4f3736c078b2a865aa7cdd
ygote.te
|
fb72ba20a3bd3de3fd085c7a13b87b1f6a35a82b |
31-Aug-2013 |
Geremy Condra <gcondra@google.com> |
am 25d38b53: am 0e9a29ef: am 81560733: Fix denials encountered while getting bugreports. * commit '25d38b53d7b5931e40663ab2893b48523f114f57': Fix denials encountered while getting bugreports.
|
25d38b53d7b5931e40663ab2893b48523f114f57 |
31-Aug-2013 |
Geremy Condra <gcondra@google.com> |
am 0e9a29ef: am 81560733: Fix denials encountered while getting bugreports. * commit '0e9a29ef406e73cafaae5ab01951a56f3b760f9e': Fix denials encountered while getting bugreports.
|
0e9a29ef406e73cafaae5ab01951a56f3b760f9e |
31-Aug-2013 |
Geremy Condra <gcondra@google.com> |
am 81560733: Fix denials encountered while getting bugreports. * commit '81560733a47633036133ce548bf638bc3d91f5cf': Fix denials encountered while getting bugreports.
|
81560733a47633036133ce548bf638bc3d91f5cf |
30-Aug-2013 |
Geremy Condra <gcondra@google.com> |
Fix denials encountered while getting bugreports. Bug: 10498304 Change-Id: I312665a2cd09fa16ae3f3978aebdb0da99cf1f74
pp.te
omain.te
ygote.te
|
60b4d6d44f9089326f7aefe32b9ca64c9cfd285a |
30-Aug-2013 |
Ed Heyl <edheyl@google.com> |
am f4c105fc: am 706b5b2f: merge mirror-aosp-master in one step * commit 'f4c105fca7e5634cc6f7eb77629679ce81ce6157':
|
f4c105fca7e5634cc6f7eb77629679ce81ce6157 |
30-Aug-2013 |
Ed Heyl <edheyl@google.com> |
am 706b5b2f: merge mirror-aosp-master in one step * commit '706b5b2f8f15b57465e37aa232029e8246dd13c6': quash SELinux denial for healthd Add sepolicy-check, a utility for auditing selinux policy.
|
706b5b2f8f15b57465e37aa232029e8246dd13c6 |
30-Aug-2013 |
Ed Heyl <edheyl@google.com> |
merge mirror-aosp-master in one step
|
9fca30d44fb45e5e41fa91bbff6ad78fbbca5726 |
30-Aug-2013 |
Geremy Condra <gcondra@google.com> |
am 758c6ea7: am 0f2cdd87: am 17a41bdb: Drop MLS separation for compatibility. * commit '758c6ea78d1e611400c53c772001c0a13e4c3247':
|
758c6ea78d1e611400c53c772001c0a13e4c3247 |
30-Aug-2013 |
Geremy Condra <gcondra@google.com> |
am 0f2cdd87: am 17a41bdb: Drop MLS separation for compatibility. * commit '0f2cdd874511832fd3b667effb2f388b7a5543de':
|
0f2cdd874511832fd3b667effb2f388b7a5543de |
30-Aug-2013 |
Geremy Condra <gcondra@google.com> |
am 17a41bdb: Drop MLS separation for compatibility. * commit '17a41bdb65a7d1bca9a01667f4c61b0af341af10': Drop MLS separation for compatibility.
|
765e95f99fabaaeaba4791564f4cb33d655483ee |
29-Aug-2013 |
dcashman <dcashman@google.com> |
Merge "quash SELinux denial for healthd"
|
da952e12419fbfe103339ba4733884e40f879ee5 |
29-Aug-2013 |
The Android Automerger <android-build@google.com> |
merge in klp-release history after reset to klp-dev
|
3fada57ab445037a33fedfe9c83e1e7284a7c3fa |
29-Aug-2013 |
Geremy Condra <gcondra@google.com> |
am cec3c1e4: am e0362602: Add capabilities to Zygote to fix valgrind. * commit 'cec3c1e44677c790de00cfa7f8901bcbe8a59c82': Add capabilities to Zygote to fix valgrind.
|
cec3c1e44677c790de00cfa7f8901bcbe8a59c82 |
29-Aug-2013 |
Geremy Condra <gcondra@google.com> |
am e0362602: Add capabilities to Zygote to fix valgrind. * commit 'e03626021e341b48665ae55a34493cafafd1a08d': Add capabilities to Zygote to fix valgrind.
|
758d033583f7fb2b41bec1843cc9cf61bc88d495 |
29-Aug-2013 |
dcashman <dcashman@google.com> |
quash SELinux denial for healthd Change-Id: I898bb4ee8fdb95b48e58c98bffdb381b03c719bb
ealthd.te
|
e03626021e341b48665ae55a34493cafafd1a08d |
28-Aug-2013 |
Geremy Condra <gcondra@google.com> |
Add capabilities to Zygote to fix valgrind. Bug: 10455872 Change-Id: I98885e8cd1e4f9ab0d3e2af6d79b078a000db539
ygote.te
|
2b8512cc5981683b2f4c86cf2c117c1f68ae1de6 |
23-Aug-2013 |
Geremy Condra <gcondra@google.com> |
Merge "Add sepolicy-check, a utility for auditing selinux policy."
|
01aaeb6a82ca23744fd629e8522697f0fcac8c13 |
23-Aug-2013 |
Geremy Condra <gcondra@google.com> |
Add sepolicy-check, a utility for auditing selinux policy. This is based on Joshua Brindle's sepolicy-inject. Change-Id: Ie75bd56a2996481592dcfe7ad302b52f381d5b18
ools/Android.mk
ools/sepolicy-check.c
|
7d7ab56e7d1dc244fa53b88b30a3d61b986c7a21 |
20-Aug-2013 |
Richard Haines <richard_c_haines@btinternet.com> |
am 81cdd6c6: am 1b46b2fe: Fix insertkeys.py to resolve keys.conf path entries in a portable way * commit '81cdd6c6b7979baf30c4ae12421ece70ea9628ea': Fix insertkeys.py to resolve keys.conf path entries in a portable way
|
81cdd6c6b7979baf30c4ae12421ece70ea9628ea |
20-Aug-2013 |
Richard Haines <richard_c_haines@btinternet.com> |
am 1b46b2fe: Fix insertkeys.py to resolve keys.conf path entries in a portable way * commit '1b46b2fe4723b0dda74c2f66a09df8259508fd4b': Fix insertkeys.py to resolve keys.conf path entries in a portable way
|
bcefbf569bcd04f058f97a4df12a446fae468f7f |
17-Aug-2013 |
Geremy Condra <gcondra@google.com> |
am 553bafef: am 29d0d406: Add the ability to write shell files to the untrusted_app domain. * commit '553bafeff944973e04a8b09d8b373e539aad6fff': Add the ability to write shell files to the untrusted_app domain.
|
a9bf59cad0ea96e7c5277402d1d2409cad825be4 |
17-Aug-2013 |
Geremy Condra <gcondra@google.com> |
Add the ability to write shell files to the untrusted_app domain. Bug: 10290009 Change-Id: Ic794299261672b36a2b630893b65ab176c3eee6b (cherry picked from commit eaa4e844e4c8549c9b4808a1272876a6995ca5a7)
ntrusted_app.te
|
553bafeff944973e04a8b09d8b373e539aad6fff |
17-Aug-2013 |
Geremy Condra <gcondra@google.com> |
am 29d0d406: Add the ability to write shell files to the untrusted_app domain. * commit '29d0d40668e686adc91cdfbf0d083e71ed82bac6': Add the ability to write shell files to the untrusted_app domain.
|
29d0d40668e686adc91cdfbf0d083e71ed82bac6 |
17-Aug-2013 |
Geremy Condra <gcondra@google.com> |
Add the ability to write shell files to the untrusted_app domain. Bug: 10290009 Change-Id: Ic794299261672b36a2b630893b65ab176c3eee6b (cherry picked from commit eaa4e844e4c8549c9b4808a1272876a6995ca5a7)
ntrusted_app.te
|
1e9081af0a4b8ff32d61fb66e99980dc16309932 |
15-Aug-2013 |
The Android Open Source Project <initial-contribution@android.com> |
am b74efd33: (-s ours) Reconcile with klp-release - do not merge * commit 'b74efd33f79702495dc41f7662515f15e3f079dd': Move isolated_app.te / untrusted_app.te into permissive Grant fsetid Linux capability to vold. Add "shell" to seapp_contexts
|
b74efd33f79702495dc41f7662515f15e3f079dd |
15-Aug-2013 |
The Android Open Source Project <initial-contribution@android.com> |
Reconcile with klp-release - do not merge Change-Id: If9a2d360a37a8641a70fb475c7f5422d0cf8b900
|
1b46b2fe4723b0dda74c2f66a09df8259508fd4b |
08-Aug-2013 |
Richard Haines <richard_c_haines@btinternet.com> |
Fix insertkeys.py to resolve keys.conf path entries in a portable way Currently a path to a key in keys.conf must be fully qualified or have the -d option appended. This fix will allow paths to have environment variables that will be expanded. This will give portability to the entries. For example the following entry will now be resolved correctly: [@NET_APPS] ALL : $ANDROID_BUILD_TOP/device/demo_vendor/demo_dev/security/net_apps.x509.pem Change-Id: If4f169d9ed4f37b6ebd062508de058f3baeafead Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
ools/insertkeys.py
|
6db3c2d16e10da48569c090661dbb2149bcd9e6f |
06-Aug-2013 |
The Android Automerger <android-build@google.com> |
merge in klp-release history after reset to master
|
ab7dfabb611ce4b1c32abbf91a467f098ab0188b |
05-Aug-2013 |
Lorenzo Colitti <lorenzo@google.com> |
Fix clatd, broken by selinux policing /dev/tun Bug: 10175701 Change-Id: I185df22bdbaafd56725760ec6c71340b67455046
latd.te
ile_contexts
etd.te
|
3411f7855a2aef2a3f7f60951a4ccbe699e128c1 |
30-Jul-2013 |
The Android Automerger <android-build@google.com> |
merge in klp-release history after reset to master
|
32c0dbd2124769a4584adc30cf091580c0761da1 |
26-Jul-2013 |
Todd Poynor <toddpoynor@google.com> |
Merge "healthd: add sepolicy"
|
ebdbc2fe5190d6a0b5f90e5f5edd4223d756167d |
17-Jul-2013 |
The Android Automerger <android-build@google.com> |
merge in klp-release history after reset to master
|
7cda86eb46021cff20a08dcde56c1a15291fa582 |
16-Jul-2013 |
Alex Klyubin <klyubin@google.com> |
Permit apps to bind TCP/UDP sockets to a hostname Change-Id: Ided2cf793e94bb58529789c3075f8480c0d0cf4e
ntrusted_app.te
|
08711d34e483c00cb091d6adf2bd60ba461adbaf |
16-Jul-2013 |
Nick Kralevich <nnk@google.com> |
Move isolated_app.te / untrusted_app.te into permissive OTAs aren't properly labeling /system, which is causing SELinux breakage. Temporarily put isolated_app.te and untrusted_app.te into permissive. Bug: 9878561 Change-Id: Icaf674ad6b3d59cbca3ae796c930c98ab67cae9c
solated_app.te
ntrusted_app.te
|
24617fc3b8de501d3e6197e21d058496f400db07 |
16-Jul-2013 |
Nick Kralevich <nnk@google.com> |
Move isolated_app.te / untrusted_app.te into permissive OTAs aren't properly labeling /system, which is causing SELinux breakage. Temporarily put isolated_app.te and untrusted_app.te into permissive. Bug: 9878561 Change-Id: Icaf674ad6b3d59cbca3ae796c930c98ab67cae9c
solated_app.te
ntrusted_app.te
|
59faed058de762f3920cd0a6219c68e5f16844bd |
16-Jul-2013 |
Nick Kralevich <nnk@google.com> |
Allow apps to create listening ports Bug: 9872463 Change-Id: I47eabeace3387afd24c0fd4bee70e77c0a3586d5
ntrusted_app.te
|
73e859c6c33720cd7dbe0f304e8cae25d30bf807 |
16-Jul-2013 |
The Android Automerger <android-build@google.com> |
merge in klp-release history after reset to master
|
2637198f92d5d9c65262e42d78123d216889d546 |
16-Jul-2013 |
Nick Kralevich <nnk@google.com> |
Only init should be able to load a security policy Bug: 9859477 Change-Id: Iadd26cac2f318b81701310788bed795dadfa5b6b
pp.te
omain.te
nit.te
nconfined.te
|
8a2ebe3477837b21b728135cd8780ffd528696af |
16-Jul-2013 |
Nick Kralevich <nnk@google.com> |
Temporarily allow untrusted apps to read shell data files. This is needed to support "Verify App" functionality. During side loading, the Verify App functionality reads the APK to determine if it's safe to install. Bug: 9863154 Change-Id: I33f6b0fd012f6cb194e253d5d92cf6189d6aa222
ntrusted_app.te
|
0b5b4faf30a878a4deeb018fd0c5e96e39cce6ba |
16-Jul-2013 |
Nick Kralevich <nnk@google.com> |
Merge "untrusted_app.te / isolated_app.te / app.te first pass"
|
3632bb29f0a3583677d0b3ea7077be332874e75a |
15-Jul-2013 |
Nick Kralevich <nnk@google.com> |
Remove /sys from file_contexts /sys was getting labeled as a rootfs file, but according to genfs_contexts, it's really a sysfs file. This conflict is causing problems when patch f29c533c49ab1c90eae612b1c454f2c6879a6658 from system/core is applied. Change-Id: I3f34c9ee68bedb171ebebfcd356e924c987b58ff
ile_contexts
|
ceff21b7a37498412f706283d6f2a0266ebc9f69 |
15-Jul-2013 |
Nick Kralevich <nnk@google.com> |
Merge "domain.te: Temporarily work around debuggerd connection bug"
|
5919d1c86a2a1fea52f840ab30709048bd63f1f5 |
15-Jul-2013 |
Nick Kralevich <nnk@google.com> |
domain.te: Temporarily work around debuggerd connection bug For some reason, the debuggerd socket isn't getting properly labeled. Work around this bug for now by allowing all domains to connect to all unix stream sockets. Bug: 9858255 Change-Id: If994e51b0201ea8cae46341efc76dc71a4e577c8
omain.te
|
caf7531c2f74d1c68394e4e811febcbf3e394088 |
15-Jul-2013 |
The Android Automerger <android-build@google.com> |
merge in klp-release history after reset to master
|
6634a1080e6617854d0b29bc65bb1c852ad3d5b6 |
13-Jul-2013 |
Nick Kralevich <nnk@google.com> |
untrusted_app.te / isolated_app.te / app.te first pass This is my first attempt at creating an enforcing SELinux domain for apps, untrusted_apps, and isolated_apps. Much of these rules are based on the contents of app.te as of commit 11153ef34928ab9d13658606695cba192aa03e21 with extensive modifications, some of which are included below. * Allow communication with netd/dnsproxyd, to allow netd to handle dns requests * Allow binder communications with the DNS server * Allow binder communications with surfaceflinger * Allow an app to bind to tcp/udp ports * Allow all domains to read files from the root partition, assuming the DAC allows access. In addition, I added a bunch of "neverallow" rules, to assert that certain capabilities are never added. This change has a high probability of breaking someone, somewhere. If it does, then I'm happy to fix the breakage, rollback this change, or put untrusted_app into permissive mode. Change-Id: I83f220135d20ab4f70fbd7be9401b5b1def1fe35
pp.te
omain.te
solated_app.te
ntrusted_app.te
|
9a19885c4cbb2ded4dd0833d38636e6bd2c2c802 |
13-Jul-2013 |
Nick Kralevich <nnk@google.com> |
remove "self:process ptrace" from domain, netd neverallow rules Remove "self:process ptrace" from all SELinux enforced domains. In general, a process should never need to ptrace itself. We can add this back to more narrowly scoped domains as needed. Add a bunch of neverallow assertions to netd.te, to verify that netd never gets unexpected capabilities. Change-Id: Ie862dc95bec84068536bb64705667e36210c5f4e
omain.te
etd.te
|
748fdef626d1dda2a0a727ea35d85d04363f5307 |
13-Jul-2013 |
Nick Kralevich <nnk@google.com> |
Move *_app into their own file app.te covers a lot of different apps types (platform_app, media_app, shared_app, release_app, isolated_app, and untrusted_app), all of which are going to have slightly different security policies. Separate the different domains from app.te. Over time, these files are likely to grow substantially, and mixing different domain types is a recipe for confusion and mistakes. No functional change. Change-Id: Ida4e77fadb510f5993eb2d32f2f7649227edff4f
pp.te
solated_app.te
edia_app.te
latform_app.te
elease_app.te
hared_app.te
ntrusted_app.te
|
08f01a335dbf98778ef443e504d975857607d439 |
13-Jul-2013 |
Nick Kralevich <nnk@google.com> |
debuggerd.te: Fix relabelto policy denial In 0c9708b2af4ea345277a47ae7bc1ce890e90d2bc, we removed relabelto from unconfined.te. This broke debuggerd. Fixed. type=1400 audit(1373668537.550:5): avc: denied { relabelto } for pid=44 comm="debuggerd" name="tombstones" dev="mtdblock1" ino=71 scontext=u:r:debuggerd:s0 tcontext=u:object_r:tombstone_data_file:s0 tclass=dir Change-Id: Ic025cbc030d6e776d9d87b1df3240fdc5f0b53d5
ebuggerd.te
|
5bfdf340e4dd34d30dff52039ca5a5c425a670d7 |
12-Jul-2013 |
Nick Kralevich <nnk@google.com> |
Revert "Temporarily disable installd selinux protections" The emulator has been upgraded to ext4, which was the root cause of bug 9685803. See https://code.google.com/p/android/issues/detail?id=38561 . As a result, we can reenable installd protections. This reverts commit 201cfae474f06d173ec32e3b59a9cd31cb12b2a6. Bug: 9685803 Change-Id: I4ed47f7aeaef4aac504e13c2ae23fb416e4e6e49
nstalld.te
|
8758cc5f8b341352e553e62989e7eab57b094e1d |
11-Jul-2013 |
Nick Kralevich <nnk@google.com> |
domain.te: allow access to /sys/kernel/debug/tracing/trace_marker Bug: 9781325 Change-Id: Ib6f6875f690420b59fceb0a32590a2b9ed8dda95
omain.te
|
7b65cd5d4fc33e1c708db18e26e1c57bbba60dad |
11-Jul-2013 |
The Android Automerger <android-build@google.com> |
merge in klp-release history after reset to master
|
0c9708b2af4ea345277a47ae7bc1ce890e90d2bc |
10-Jul-2013 |
Nick Kralevich <nnk@google.com> |
domain.te: Add backwards compatibility for unlabeled files For unlabeled files, revert to DAC rules. This is for backwards compatibility, as files created before SELinux was in place may not be properly labeled. Over time, the number of unlabeled files will decrease, and we can (hopefully) remove this rule in the future. To prevent inadvertantly introducing the "relabelto" permission, add a neverallow domain, and add apps which have a legitimate need to relabel to this domain. Bug: 9777552 Change-Id: I71b0ff8abd4925432062007c45b5be85f6f70a88
pp.te
ttributes
omain.te
nit.te
nstalld.te
ernel.te
ystem.te
e_macros
nconfined.te
|
4a13f7809b0db75f850e96dcd21e6550c4e1fa60 |
10-Jul-2013 |
Nick Kralevich <nnk@google.com> |
netd.te: allow ctl.mdnsd Allow netd to set ctl.* properties. Currently, mdnsd is broken because it can't set this property. Bug: 9777774 Change-Id: I2f32504d77b651e66e0a0067e65a5ed44b427f5a
etd.te
|
aee5a18a8256f696b4dd0b799cd52b284e91dc28 |
10-Jul-2013 |
Geremy Condra <gcondra@google.com> |
Give zygote the ability to execute dalvik cache files. Change-Id: I129536c3d9f6359228165d8a5ec373780b312c86
ygote.te
|
79d59edc4559f892e52bed84b6541d59691ced1e |
09-Jul-2013 |
Alex Klyubin <klyubin@google.com> |
Grant fsetid Linux capability to vold. This fixes the issue where paid apps failed to install via Google Play with "Package file has a bad manifest" error. The issue appears to be caused by vold being prevented by SELinux policy from setting the setgid bit on the ASEC container directory into which the APK is decrypted. As a result, the APK is not readable to PackageParser. Bug: 9736808 Change-Id: I07546a9f9caac3de8b720499bd1bf1604edea0fe
old.te
|
b25fe91e2576fc22310f8d9c9bc33ef08c6972f2 |
09-Jul-2013 |
Alex Klyubin <klyubin@google.com> |
Grant fsetid Linux capability to vold. This fixes the issue where paid apps failed to install via Google Play with "Package file has a bad manifest" error. The issue appears to be caused by vold being prevented by SELinux policy from setting the setgid bit on the ASEC container directory into which the APK is decrypted. As a result, the APK is not readable to PackageParser. Bug: 9736808 Change-Id: I07546a9f9caac3de8b720499bd1bf1604edea0fe
old.te
|
f1d5335efd7b194184f1062c5300bf4d92f538b0 |
08-Jul-2013 |
The Android Automerger <android-build@google.com> |
merge in klp-release history after reset to master
|
201cfae474f06d173ec32e3b59a9cd31cb12b2a6 |
03-Jul-2013 |
Nick Kralevich <nnk@google.com> |
Temporarily disable installd selinux protections This is breaking the emulator. Bug: 9685803 Change-Id: Ibd5b312b97d52fdac9289e44a40e9bba07be1c7f
nstalld.te
|
dbeb22987a94d8b8096dd9a36efc973b6bffa75d |
02-Jul-2013 |
The Android Automerger <android-build@google.com> |
merge in klp-release history after reset to master
|
51946bc87e510a3fef6bc87dd49c4a4ce3cc532b |
02-Jul-2013 |
Nick Kralevich <nnk@google.com> |
installd: enable SELinux restrictions This change enables SELinux security enforcement on the installd process. For the installd.te file only, this change is equivalent to reverting the following commits: * 50e37b93ac97631dcac6961285b92af5026557af * 77d4731e9d30c8971e076e2469d6957619019921 No other changes were required. Testing: As much as possible, I've tested that package installation works, from both adb and via Android market. There were no denials in the kernel dmesg log, and everything appears to be working correctly. It's quite possible I've missed something. If we experience problems, I'm happy to roll back this change. Bug: 9662644 Change-Id: Id93d4ee7b517dfa28c9a0b1d45d936b56892ac0a
nstalld.te
|
6aca515cd3a60653e2243a3044809929aec5cc27 |
01-Jul-2013 |
Nick Kralevich <nnk@google.com> |
zygote: enable SELinux restrictions This change enables SELinux security enforcement on zygote (but not zygote spawned apps). For the zygote.te file only, this change is equivalent to reverting the following commits: * 50e37b93ac97631dcac6961285b92af5026557af * 77d4731e9d30c8971e076e2469d6957619019921 No other changes were required. Testing: As much as possible, I've tested that zygote properly starts up, and that there's no problem spawning zygote or zygote apps. There were no denials in the kernel dmesg log, and everything appears to work correctly. It's quite possible I've missed something. If we experience problems, I happy to roll back this change. Bug: 9657732 Change-Id: Id2a7adcbeebda5d1606cb13470fad6c3fcffd558
ygote.te
|
a76e106b2e9a7bee052885f00e3205e5ede67bdd |
01-Jul-2013 |
The Android Automerger <android-build@google.com> |
merge in klp-release history after reset to master
|
7914a47f05ac4f00928062d08275fe4680f1747c |
29-Jun-2013 |
Nick Kralevich <nnk@google.com> |
Enable SELinux on vold This change enables SELinux security enforcement on vold. For the vold.te file ONLY, this change is conceptually a revert of 77d4731e9d30c8971e076e2469d6957619019921 and 50e37b93ac97631dcac6961285b92af5026557af, with the following additional changes: 1) Removal of "allow vold proc:file write;" and "allow vold self:capability { sys_boot };". As of system/vold change adfba3626e76c1931649634275d241b226cd1b9a, vold no longer performs it's own reboots, so these capabilities are no longer needed. 2) Addition of the powerctl property, which vold contacts to tell init to reboot. 3) Removal of "allow vold kernel:system module_request;". As of CTS commit f2cfdf5c057140d9442fcfeb4e4a648e8258b659, Android devices no longer ship with loadable modules, hence we don't require this rule. 4) Removal of "fsetid" from "self:capability". Any setuid / setgid bits SHOULD be cleared if vold is able to change the permissions of files. IMHO, it was a mistake to ever include this capability in the first place. Testing: As much as possible, I've tested filesystem related functionality, including factory reset and device encryption. I wasn't able to test fstrim functionality, which is a fairly new feature. I didn't see any policy denials in dmesg. It's quite possible I've missed something. If we experience problems, I happy to roll back this change. Bug: 9629920 Change-Id: I683afa0dffe9f28952287bfdb7ee4e0423c2e97a
roperty.te
roperty_contexts
old.te
|
dbd28d91d3c6d970f1704df8350b0333b51758b1 |
28-Jun-2013 |
Nick Kralevich <nnk@google.com> |
Enable SELinux protections for netd. This change does several things: 1) Restore domain.te to the version present at cd516a32663b4eb11b2e3356b86450020e59e279 . This is the version currently being distributed in AOSP. 2) Add "allow domain properties_device:file r_file_perms;" to domain.te, to allow all domains to read /dev/__properties__ . This change was missing from AOSP. 3) Restore netd.te to the version present at 80c9ba5267f1a6ceffcf979471d101948b520ad6 . This is the version currently being distributed in AOSP. 4) Remove anything involving module loading from netd.te. CTS enforces that Android kernels can't have module loading enabled. 5) Add several new capabilities, plus data file rules, to netd.te, since netd needs to write to files owned by wifi. 6) Add a new unconfined domain called dnsmasq.te, and allow transitions from netd to that domain. Over time, we'll tighten up the dnsmasq.te domain. 7) Add a new unconfined domain called hostapd.te, and allow transitions from netd to that domain. Over time, we'll tighten up the hostapd.te domain. The net effect of these changes is to re-enable SELinux protections for netd. The policy is FAR from perfect, and allows a lot of wiggle room, but we can improve it over time. Testing: as much as possible, I've exercised networking related functionality, including turning on and off wifi, entering airplane mode, and enabling tethering and portable wifi hotspots. It's quite possible I've missed something, and if we experience problems, I can roll back this change. Bug: 9618347 Change-Id: I23ff3eebcef629bc7baabcf6962f25f116c4a3c0
nsmasq.te
omain.te
ile_contexts
ostapd.te
etd.te
|
86acb177579d41e5122c90e4dfa626858062cbe6 |
27-Jun-2013 |
Nick Kralevich <nnk@google.com> |
Add "shell" to seapp_contexts In the process of taking a bugreport, "dumpstate -B" will instruct zygote to fire up com.android.shell, which runs as UID=2000. This transition was not included in seapp_contexts, so zygote didn't know how to properly set the context for the shell user. Add an entry to allow zygote to know what to do with UID=2000 requests. Bug: 9588981 Change-Id: I2e726be8d58437ef1de3bcbad3b897a97ed18e22
eapp_contexts
|
59444368da2fbe79ebc1b346eea9797f67c66566 |
27-Jun-2013 |
Nick Kralevich <nnk@google.com> |
Add "shell" to seapp_contexts In the process of taking a bugreport, "dumpstate -B" will instruct zygote to fire up com.android.shell, which runs as UID=2000. This transition was not included in seapp_contexts, so zygote didn't know how to properly set the context for the shell user. Add an entry to allow zygote to know what to do with UID=2000 requests. Bug: 9588981 Change-Id: I2e726be8d58437ef1de3bcbad3b897a97ed18e22
eapp_contexts
|
d2703d21814c3f869fed97c74596bb4ba661806c |
25-Jun-2013 |
Nick Kralevich <nnk@google.com> |
allow system server to control zygote spawned processes System server needs to be able to tell Zygote to create processes with differing ids, capabilities, and SELinux security information. Allow it. These rules are not in unconfined.te, and as a result, are not automatically allowed by SELinux in enforcing mode. Change-Id: I010eaa2b0e0cee5d995e08e6c785cc5e01b2c974
ystem.te
|
b2b87d95e044ffb1f8f636ef610f4ddb61000f4f |
03-Jun-2013 |
Todd Poynor <toddpoynor@google.com> |
healthd: add sepolicy Change-Id: Ic0351c69d67aa3a6f71f505408c53d642626ebb4
ealthd.te
|
0eed3476dca910e8ce70a6568c8a219c25744287 |
24-May-2013 |
gcondra@google.com <gcondra@google.com> |
am 95c960de: am 274d2927: Clean up remaining denials. * commit '95c960debc0afff3f81448126e649005e8fce60c': Clean up remaining denials.
|
95c960debc0afff3f81448126e649005e8fce60c |
24-May-2013 |
gcondra@google.com <gcondra@google.com> |
am 274d2927: Clean up remaining denials. * commit '274d2927a7ccbfd266c83d6da5e9e2772805fbd5': Clean up remaining denials.
|
274d2927a7ccbfd266c83d6da5e9e2772805fbd5 |
22-May-2013 |
repo sync <gcondra@google.com> |
Clean up remaining denials. Bug: 8424461 Change-Id: I8f0b01cdb19b4a479d5de842f4e4844aeab00622
ee.te
nconfined.te
atchdogd.te
|
cdfcea9d8e696162fb43d7b5f3e6fa314548eb7d |
21-May-2013 |
Geremy Condra <gcondra@google.com> |
resolved conflicts for merge of 0f60427d to master Change-Id: Ide4d5d28e9a1673775b944780677d8c2eb4d7cd6
|
028cf8933dc43a1647d7f54f15234def8bf588e8 |
21-May-2013 |
gcondra@google.com <gcondra@google.com> |
am eb2dc6d0: am 42cabf34: Revert "Add the selinux policy version number." * commit 'eb2dc6d0827a6bef993e9c960da3dbeaa57283e9': Revert "Add the selinux policy version number."
|
0f60427d2ef57060e169f800ea7507a2cd7c5621 |
21-May-2013 |
gcondra@google.com <gcondra@google.com> |
am 77d4731e: Make all domains unconfined. * commit '77d4731e9d30c8971e076e2469d6957619019921': Make all domains unconfined.
|
eb2dc6d0827a6bef993e9c960da3dbeaa57283e9 |
21-May-2013 |
gcondra@google.com <gcondra@google.com> |
am 42cabf34: Revert "Add the selinux policy version number." * commit '42cabf341c8a600a218023ec69b3518e3d3d482c': Revert "Add the selinux policy version number."
|
77d4731e9d30c8971e076e2469d6957619019921 |
18-May-2013 |
repo sync <gcondra@google.com> |
Make all domains unconfined. This prevents denials from being generated by the base policy. Over time, these rules will be incrementally tightened to improve security. Change-Id: I4be1c987a5d69ac784a56d42fc2c9063c402de11
dbd.te
pp.te
ssert.te
luetooth.te
luetoothd.te
ts.te
busd.te
ebuggerd.te
hcp.te
omain.te
rmserver.te
psd.te
ci_attach.te
nit.te
nit_shell.te
nstalld.te
eystore.te
ediaserver.te
tp.te
et.te
etd.te
fc.te
ing.te
pp.te
emud.te
acoon.te
adio.te
ild.te
unas.te
dcardd.te
ervicemanager.te
hell.te
urfaceflinger.te
ystem.te
ee.te
eventd.te
nconfined.te
old.te
atchdogd.te
pa_supplicant.te
ygote.te
|
42cabf341c8a600a218023ec69b3518e3d3d482c |
17-May-2013 |
repo sync <gcondra@google.com> |
Revert "Add the selinux policy version number." This reverts commit b77b3aff2e19fb4d5a329f962fcf467fc7bbeb1a.
epolicy.version
|
828482d7378d7073de5f229de2d689b6b498b70f |
15-May-2013 |
gcondra@google.com <gcondra@google.com> |
am 92b8f148: am 50e37b93: Move domains into per-domain permissive mode. * commit '92b8f14843008c2c139a28dcdf8bb5ec71c6d33f': Move domains into per-domain permissive mode.
|
92b8f14843008c2c139a28dcdf8bb5ec71c6d33f |
15-May-2013 |
gcondra@google.com <gcondra@google.com> |
am 50e37b93: Move domains into per-domain permissive mode. * commit '50e37b93ac97631dcac6961285b92af5026557af': Move domains into per-domain permissive mode.
|
c59ae202e9c533ef74c524f0f57db838d8c6e10f |
15-May-2013 |
gcondra@google.com <gcondra@google.com> |
am a77daf87: am b77b3aff: Add the selinux policy version number. * commit 'a77daf8779516f8828d260466260bc12c3cd72e4': Add the selinux policy version number.
|
a77daf8779516f8828d260466260bc12c3cd72e4 |
15-May-2013 |
gcondra@google.com <gcondra@google.com> |
am b77b3aff: Add the selinux policy version number. * commit 'b77b3aff2e19fb4d5a329f962fcf467fc7bbeb1a': Add the selinux policy version number.
|
50e37b93ac97631dcac6961285b92af5026557af |
15-May-2013 |
repo sync <gcondra@google.com> |
Move domains into per-domain permissive mode. Bug: 4070557 Change-Id: I027f76cff6df90e9909711cb81fbd17db95233c1
pp.te
luetooth.te
luetoothd.te
busd.te
ebuggerd.te
hcp.te
rmserver.te
ile_contexts
psd.te
ci_attach.te
nit.te
nstalld.te
ernel.te
eystore.te
ediaserver.te
tp.te
etd.te
fc.te
ing.te
pp.te
emud.te
acoon.te
adio.te
ild.te
dcardd.te
ervicemanager.te
u.te
urfaceflinger.te
ystem.te
e_macros
ee.te
eventd.te
old.te
atchdogd.te
pa_supplicant.te
ygote.te
|
b77b3aff2e19fb4d5a329f962fcf467fc7bbeb1a |
10-May-2013 |
repo sync <gcondra@google.com> |
Add the selinux policy version number. Bug: 8841348 Change-Id: I1acf355b8e700500eeb0ddcbb8203a4769bde3bc
epolicy.version
|
fb680e7760364da43dde79029b4b5e656f0c974d |
11-May-2013 |
Geremy Condra <gcondra@google.com> |
am 28dde094: am 92f35dcc: Merge "Revert "Add a policy version."" into jb-mr2-dev * commit '28dde0947ec820b9292f3eecf0da13fef07611bc': Revert "Add a policy version."
|
f1ef25875c8bac5d49483fbdc8d9914f622f0e57 |
11-May-2013 |
Alex Klyubin <klyubin@google.com> |
am d0a5e06d: am c25023e1: Merge "SELinux policy: let vold write to device:dir." into jb-mr2-dev * commit 'd0a5e06d91077c1f507f069ab15ee03f12438880': SELinux policy: let vold write to device:dir.
|
28dde0947ec820b9292f3eecf0da13fef07611bc |
10-May-2013 |
Geremy Condra <gcondra@google.com> |
am 92f35dcc: Merge "Revert "Add a policy version."" into jb-mr2-dev * commit '92f35dccb5bddb778d3688b47a1a01c9ced01751': Revert "Add a policy version."
|
92f35dccb5bddb778d3688b47a1a01c9ced01751 |
10-May-2013 |
Geremy Condra <gcondra@google.com> |
Merge "Revert "Add a policy version."" into jb-mr2-dev
|
d0a5e06d91077c1f507f069ab15ee03f12438880 |
10-May-2013 |
Alex Klyubin <klyubin@google.com> |
am c25023e1: Merge "SELinux policy: let vold write to device:dir." into jb-mr2-dev * commit 'c25023e1fa8ef90634218ba5e146ed9bf80a8456': SELinux policy: let vold write to device:dir.
|
869edf0e79b837a587fc69b7770a3ad2256d11c6 |
10-May-2013 |
Geremy Condra <gcondra@google.com> |
Revert "Add a policy version." Faugh. Typo. This reverts commit adb481dd8e087ff351104942ff7c7b441a15623c Change-Id: Id1ccc0a59cc79b8ad7171fcb6b3d8cb3aaf29bee
olicy.version
|
c25023e1fa8ef90634218ba5e146ed9bf80a8456 |
10-May-2013 |
Alex Klyubin <klyubin@google.com> |
Merge "SELinux policy: let vold write to device:dir." into jb-mr2-dev
|
49564d0752ab03a678c932735df0e75fab886070 |
10-May-2013 |
gcondra@google.com <gcondra@google.com> |
am 06dab1bf: am bd77ab31: Merge "Add a policy version." into jb-mr2-dev * commit '06dab1bf8c51cc7ea251f421403058c5a1a80bda': Add a policy version.
|
06dab1bf8c51cc7ea251f421403058c5a1a80bda |
10-May-2013 |
gcondra@google.com <gcondra@google.com> |
am bd77ab31: Merge "Add a policy version." into jb-mr2-dev * commit 'bd77ab31ac7e39f1bb517237b0148b9ab62dac8f': Add a policy version.
|
bd77ab31ac7e39f1bb517237b0148b9ab62dac8f |
10-May-2013 |
repo sync <gcondra@google.com> |
Merge "Add a policy version." into jb-mr2-dev
|
adb481dd8e087ff351104942ff7c7b441a15623c |
10-May-2013 |
repo sync <gcondra@google.com> |
Add a policy version. Bug: 8841348 Change-Id: I83497c9b5346ba3b35e4e288190fc217a26be505
olicy.version
|
b9a3a24d167685ddf2b25383c26a3b4f41bb1e67 |
10-May-2013 |
Geremy Condra <gcondra@google.com> |
am 31083f90: am 1adb7ca3: Merge "SELinux policy: let vold create /data/tmp_mnt" into jb-mr2-dev * commit '31083f90318a92ec4a92d21b7fa6f4b503375af8': SELinux policy: let vold create /data/tmp_mnt
|
70d4b33b66ec063200f4da858ad402f6e179da15 |
10-May-2013 |
Torne (Richard Coles) <torne@google.com> |
Merge "SELinux policy: let adbd drop Linux capabilities." Manual merge to get automerger going again. Conflicts: adbd.te Change-Id: Ibf8db0306b421a3426e925cf9c8f253bbcd500b3
|
31083f90318a92ec4a92d21b7fa6f4b503375af8 |
10-May-2013 |
Geremy Condra <gcondra@google.com> |
am 1adb7ca3: Merge "SELinux policy: let vold create /data/tmp_mnt" into jb-mr2-dev * commit '1adb7ca34f1049e7bac48cf0b24c8320c34b17b6': SELinux policy: let vold create /data/tmp_mnt
|
dc3853f4bb2ec3bf70c2f1aeda0991deeede7930 |
10-May-2013 |
Alex Klyubin <klyubin@google.com> |
am 3b9fd5ff: SELinux policy: let adbd drop Linux capabilities. * commit '3b9fd5ffcd3badffc08e3e71ba4cc41d3a73c9e4': SELinux policy: let adbd drop Linux capabilities.
|
1adb7ca34f1049e7bac48cf0b24c8320c34b17b6 |
10-May-2013 |
Geremy Condra <gcondra@google.com> |
Merge "SELinux policy: let vold create /data/tmp_mnt" into jb-mr2-dev
|
7de339a16a08bc3d3221bc8ff033163d04017292 |
10-May-2013 |
Alex Klyubin <klyubin@google.com> |
SELinux policy: let vold create /data/tmp_mnt Change-Id: I40f3ccd9813e0a337ced0a44e686ab489277d78b
old.te
|
3b9fd5ffcd3badffc08e3e71ba4cc41d3a73c9e4 |
10-May-2013 |
Alex Klyubin <klyubin@google.com> |
SELinux policy: let adbd drop Linux capabilities. Change-Id: Id41891b89c7b067919cbda06ab97d5eff2ad044f
dbd.te
|
d050c79b6415615a2a93e3ae10baa17069d0f9e8 |
10-May-2013 |
Alex Klyubin <klyubin@google.com> |
SELinux policy: let vold write to device:dir. I have no idea what vold is doing when this operation is attempted (when a full-disk encrypted device is booting up). Thus, I don't know if there is a better way of restricting the policy. Change-Id: I537b70b1abb73c36e5abf0357b766292f625e1af
old.te
|
231f88491298bf5a629ecb4c56c544424e9f5f99 |
10-May-2013 |
Alex Klyubin <klyubin@google.com> |
am e5e98aef: resolved conflicts for merge of 77ec892b to jb-mr2-dev-plus-aosp * commit 'e5e98aef40f7e721a1c1a65aa4a4c43221c83999': SELinux policy for users of libcutils klog_write.
|
e5e98aef40f7e721a1c1a65aa4a4c43221c83999 |
09-May-2013 |
Alex Klyubin <klyubin@google.com> |
resolved conflicts for merge of 77ec892b to jb-mr2-dev-plus-aosp Change-Id: Ia9f34580a35d3f5ff7ea0ac9a3784d2650e61b6a
|
77ec892be6b59e2808cc4c3472bf179d33851ebe |
09-May-2013 |
Alex Klyubin <klyubin@google.com> |
SELinux policy for users of libcutils klog_write. klog_write/init create /dev/__kmsg__ backed by a kernel character device, keep the file descriptor, and then immediately unlink the file. Change-Id: I729d224347a003eaca29299d216a53c99cc3197c
evice.te
ile_contexts
e_macros
eventd.te
old.te
|
521351db86a23bd86096e68f13cc7800e4f45f3a |
09-May-2013 |
Geremy Condra <gcondra@google.com> |
am 8eb7d672: am 5d54d483: Merge "SELinux policy: let vold setsched of kernel processes." into jb-mr2-dev * commit '8eb7d6727b26d85ee4f450b1ce80aca8162321c4': SELinux policy: let vold setsched of kernel processes.
|
8eb7d6727b26d85ee4f450b1ce80aca8162321c4 |
09-May-2013 |
Geremy Condra <gcondra@google.com> |
am 5d54d483: Merge "SELinux policy: let vold setsched of kernel processes." into jb-mr2-dev * commit '5d54d483a0f2907e0e32c798c908a4cea4a426eb': SELinux policy: let vold setsched of kernel processes.
|
5d54d483a0f2907e0e32c798c908a4cea4a426eb |
09-May-2013 |
Geremy Condra <gcondra@google.com> |
Merge "SELinux policy: let vold setsched of kernel processes." into jb-mr2-dev
|
09a88a633e232835758457a783b9d186aaf81f41 |
09-May-2013 |
Geremy Condra <gcondra@google.com> |
Merge "Remove sys_boot"
|
2bfb59df61ff6e755d70f6316572996853d17446 |
09-May-2013 |
Nick Kralevich <nnk@google.com> |
Remove sys_boot sys_boot is not needed for adb as of system/core commit ca8e66a8b0f843812014a28d49208f9f6f64ecbc sys_boot is not needed for system server as of frameworks/base commit dbcf2d7482562eff45ac727cea799b37a260e399 Change-Id: I61379ea858e05acd239c9b16e4e2bf454af3f51c
dbd.te
ystem.te
|
f4ebcd676e100e01ac34fa6f1b05df388da59512 |
09-May-2013 |
gcondra@google.com <gcondra@google.com> |
am 67476823: am 5a745c89: Merge "Add rules for asec containers." into jb-mr2-dev * commit '6747682319d52b2159444acf4122bfc9521bdb33': Add rules for asec containers.
|
b03f510dca8f489b1736441eb6c5470751a2419e |
09-May-2013 |
Geremy Condra <gcondra@google.com> |
am a5550560: am 84beb00a: Merge "SELinux policy granting vold the capability to reboot." into jb-mr2-dev * commit 'a55505605e2c69f4b095ef554acea5a5e2800e1c': SELinux policy granting vold the capability to reboot.
|
194f7c46e927e41658c35ba4bdb3a12b2a97d5b0 |
09-May-2013 |
gcondra@google.com <gcondra@google.com> |
am e0d8570a: am 2cb928ba: Remove special rules for interacting with sockets from init. * commit 'e0d8570a2faa73ad2190302c1bbcb4344cac60d4': Remove special rules for interacting with sockets from init.
|
3e943aebdf6edde88756c0c38c14f1ada1532367 |
09-May-2013 |
gcondra@google.com <gcondra@google.com> |
am 1d6c682e: am fb076f8b: Add temporary policy for wpa_supplicant. * commit '1d6c682e870aeda3db38d46754d41a7d2a98a16e': Add temporary policy for wpa_supplicant.
|
c341f23e1c89a29efeb9bc16b8f36bb418d6de62 |
08-May-2013 |
Alex Klyubin <klyubin@google.com> |
SELinux policy: let vold setsched of kernel processes. Change-Id: I2b7bf3037c94de4fecf3c3081497e0ac1dfef8a9
old.te
|
6747682319d52b2159444acf4122bfc9521bdb33 |
08-May-2013 |
gcondra@google.com <gcondra@google.com> |
am 5a745c89: Merge "Add rules for asec containers." into jb-mr2-dev * commit '5a745c899b16d72411d4a5886108a4483ebeb8e4': Add rules for asec containers.
|
5a745c899b16d72411d4a5886108a4483ebeb8e4 |
08-May-2013 |
repo sync <gcondra@google.com> |
Merge "Add rules for asec containers." into jb-mr2-dev
|
11153ef34928ab9d13658606695cba192aa03e21 |
08-May-2013 |
repo sync <gcondra@google.com> |
Add rules for asec containers. Change-Id: I91f6965dafad54e98e2f7deda956e86acf7d0c96
pp.te
|
a55505605e2c69f4b095ef554acea5a5e2800e1c |
08-May-2013 |
Geremy Condra <gcondra@google.com> |
am 84beb00a: Merge "SELinux policy granting vold the capability to reboot." into jb-mr2-dev * commit '84beb00a47215805127c13b0bcda6facc8e889bb': SELinux policy granting vold the capability to reboot.
|
84beb00a47215805127c13b0bcda6facc8e889bb |
08-May-2013 |
Geremy Condra <gcondra@google.com> |
Merge "SELinux policy granting vold the capability to reboot." into jb-mr2-dev
|
3b5923fe1b588a22134e9bb5836fc402cd5bd26d |
08-May-2013 |
Alex Klyubin <klyubin@google.com> |
SELinux policy granting vold the capability to reboot. vold reboots needs to reboot the system when it succeeds or fails to encrypt partitions. Change-Id: Ibb1a5378228be60215162ae248e6c1049a16b830
old.te
|
e0d8570a2faa73ad2190302c1bbcb4344cac60d4 |
08-May-2013 |
gcondra@google.com <gcondra@google.com> |
am 2cb928ba: Remove special rules for interacting with sockets from init. * commit '2cb928ba4ecc6e267bf88d8f0085b9236f2a151c': Remove special rules for interacting with sockets from init.
|
2cb928ba4ecc6e267bf88d8f0085b9236f2a151c |
08-May-2013 |
repo sync <gcondra@google.com> |
Remove special rules for interacting with sockets from init. Change-Id: I544c0c1bbe84834970958a65fcef1d10e7e29047
pa_supplicant.te
|
1d6c682e870aeda3db38d46754d41a7d2a98a16e |
08-May-2013 |
gcondra@google.com <gcondra@google.com> |
am fb076f8b: Add temporary policy for wpa_supplicant. * commit 'fb076f8b115cf0bb888fcfdef4e9f1e54f101d88': Add temporary policy for wpa_supplicant.
|
fb076f8b115cf0bb888fcfdef4e9f1e54f101d88 |
08-May-2013 |
repo sync <gcondra@google.com> |
Add temporary policy for wpa_supplicant. This allows wpa_supplicant to interact with the sockets created for it by init. Eventually we'll want those to be properly labelled, but allow until then. Change-Id: I33fcd22173a8d47bbc4ada8d6aa62b4d159cbb15
pa_supplicant.te
|
816cf987a1af35bfbd678d327d45d540dea01a07 |
07-May-2013 |
Geremy Condra <gcondra@google.com> |
am a1890d1f: am 59e40a04: Merge "SELinux policy that separates "init_shell" from "shell"." into jb-mr2-dev * commit 'a1890d1f427046ccc127884a3804f86916212b18': SELinux policy that separates "init_shell" from "shell".
|
23d0568f8be8d6cd0693e1128ce9e00060dbd11c |
07-May-2013 |
Jon Larimer <jlarimer@google.com> |
am 3cbc06c2: am c65b2ba3: Update wpa_supplicant policy * commit '3cbc06c2e3ed6cc858f46b9b5b379ae0276035ce': Update wpa_supplicant policy
|
f164843fa18f56ab02877c38206bc1f3bdf9f6c5 |
07-May-2013 |
Alex Klyubin <klyubin@google.com> |
am b2aea99f: am 3123b1ee: SELinux policy for Bluetooth properties. * commit 'b2aea99ffd8111536264e2f04867297876a3e769': SELinux policy for Bluetooth properties.
|
a1890d1f427046ccc127884a3804f86916212b18 |
07-May-2013 |
Geremy Condra <gcondra@google.com> |
am 59e40a04: Merge "SELinux policy that separates "init_shell" from "shell"." into jb-mr2-dev * commit '59e40a04e2aa5b8e0dff9942cde04704d2ce3524': SELinux policy that separates "init_shell" from "shell".
|
59e40a04e2aa5b8e0dff9942cde04704d2ce3524 |
07-May-2013 |
Geremy Condra <gcondra@google.com> |
Merge "SELinux policy that separates "init_shell" from "shell"." into jb-mr2-dev
|
3cbc06c2e3ed6cc858f46b9b5b379ae0276035ce |
07-May-2013 |
Jon Larimer <jlarimer@google.com> |
am c65b2ba3: Update wpa_supplicant policy * commit 'c65b2ba33871da9b241473b6f1a64775c9c49603': Update wpa_supplicant policy
|
8199123c8d1cf971c4edbab26e701df10a8bbc28 |
06-May-2013 |
Alex Klyubin <klyubin@google.com> |
SELinux policy that separates "init_shell" from "shell". "init_shell" is used for shell processes spawned by init. Change-Id: I9e35d485bac91f3d0e4f3704acdbb9af7d617173
nit_shell.te
hell.te
|
c65b2ba33871da9b241473b6f1a64775c9c49603 |
06-May-2013 |
Jon Larimer <jlarimer@google.com> |
Update wpa_supplicant policy Change-Id: I9b05f0f2ce6c6c52b4207cac3120f06565b7da30
pa_supplicant.te
|
b2aea99ffd8111536264e2f04867297876a3e769 |
06-May-2013 |
Alex Klyubin <klyubin@google.com> |
am 3123b1ee: SELinux policy for Bluetooth properties. * commit '3123b1eef7c15dee0b0df72c6a3017f1797a278d': SELinux policy for Bluetooth properties.
|
3123b1eef7c15dee0b0df72c6a3017f1797a278d |
06-May-2013 |
Alex Klyubin <klyubin@google.com> |
SELinux policy for Bluetooth properties. Properties under bluetooth. and persist.service.bdroid. are considered Bluetooth-related properties. Change-Id: Iee937d9a1184c2494deec46f9ed7090c643acda7
luetooth.te
roperty.te
roperty_contexts
|
ea2df95653b9eef4b108be5d4484cd745372757f |
03-May-2013 |
Geremy Condra <gcondra@google.com> |
am c6bd976c: am a3c29c5f: Merge "Expand permissions for 3 existing allow policies for rild and a new one for rild." into jb-mr2-dev * commit 'c6bd976cd354634863c7b99b6a0bb0a94433142a': Expand permissions for 3 existing allow policies for rild and a new one for rild.
|
c6bd976cd354634863c7b99b6a0bb0a94433142a |
03-May-2013 |
Geremy Condra <gcondra@google.com> |
am a3c29c5f: Merge "Expand permissions for 3 existing allow policies for rild and a new one for rild." into jb-mr2-dev * commit 'a3c29c5fe0b398fa560e6636c8eeff88d1c21f72': Expand permissions for 3 existing allow policies for rild and a new one for rild.
|
ad81e75acb9bfec067838dee11e22bfd35946355 |
03-May-2013 |
Geremy Condra <gcondra@google.com> |
am e4c23f09: am 97ff811c: Merge "Add non_system_app_set" * commit 'e4c23f096b6b21b247df2710ff8449afa921d56e': Add non_system_app_set
|
e4c23f096b6b21b247df2710ff8449afa921d56e |
03-May-2013 |
Geremy Condra <gcondra@google.com> |
am 97ff811c: Merge "Add non_system_app_set" * commit '97ff811c0b4bfb18cd012587b7f8519e910920b0': Add non_system_app_set
|
97ff811c0b4bfb18cd012587b7f8519e910920b0 |
03-May-2013 |
Geremy Condra <gcondra@google.com> |
Merge "Add non_system_app_set"
|
a3c29c5fe0b398fa560e6636c8eeff88d1c21f72 |
03-May-2013 |
Geremy Condra <gcondra@google.com> |
Merge "Expand permissions for 3 existing allow policies for rild and a new one for rild." into jb-mr2-dev
|
b4ab72d52a29849778c1e91cd20e954db1dd43ab |
02-May-2013 |
William Luh <williamluh@google.com> |
Expand permissions for 3 existing allow policies for rild and a new one for rild. Change-Id: Iafe68ac1b742e40c1a23a2f6cfd6373ea89cc07b
ild.te
|
cd308f8c1b342c472fecf629649e68fbd99d7f41 |
02-May-2013 |
gcondra@google.com <gcondra@google.com> |
am b40d5972: am ca326e2c: Add policy for ping. * commit 'b40d5972a1354acf77c33de6e7e67c5789dda67b': Add policy for ping.
|
b40d5972a1354acf77c33de6e7e67c5789dda67b |
02-May-2013 |
gcondra@google.com <gcondra@google.com> |
am ca326e2c: Add policy for ping. * commit 'ca326e2c64f2e3ea0e68809bba9d53cd9627d971': Add policy for ping.
|
ca326e2c64f2e3ea0e68809bba9d53cd9627d971 |
02-May-2013 |
repo sync <gcondra@google.com> |
Add policy for ping. Change-Id: I168f681d8c67f470b6e639f0b1bf39346c4eb396
ile_contexts
ing.te
|
789085d8390f3d4e650ac4e8faf82f131ed38fe7 |
02-May-2013 |
William Roberts <w.roberts@sta.samsung.com> |
am 5f4e6ee3: am 63297211: Support strict duplicate checking * commit '5f4e6ee379737c18de96c85ee20a99522e37051a': Support strict duplicate checking
|
2144b392eb9e8fd6a9b24825f18ad7fe1568e75f |
02-May-2013 |
William Roberts <w.roberts@sta.samsung.com> |
am 3e273da2: am 1e8c061b: Fix segfault on -v with duplicates * commit '3e273da29db16c2a339e4772993a0e105dfc2c64': Fix segfault on -v with duplicates
|
5f4e6ee379737c18de96c85ee20a99522e37051a |
02-May-2013 |
William Roberts <w.roberts@sta.samsung.com> |
am 63297211: Support strict duplicate checking * commit '632972117a754dc64102cf81154ae6aed86febf3': Support strict duplicate checking
|
3e273da29db16c2a339e4772993a0e105dfc2c64 |
02-May-2013 |
William Roberts <w.roberts@sta.samsung.com> |
am 1e8c061b: Fix segfault on -v with duplicates * commit '1e8c061b053cdfd808c7a7649c78df4c33ded63d': Fix segfault on -v with duplicates
|
8cd20ef9fa490b82b42b06b7656f89cb3b75d897 |
29-Apr-2013 |
William Roberts <w.roberts@sta.samsung.com> |
Add non_system_app_set Change-Id: I889e8eb1851b01ac9a8c8789ba1cc56c9154cecd
e_macros
|
18ec5d3c4d8ccef84517b562b050893616bd0fbc |
01-May-2013 |
gcondra@google.com <gcondra@google.com> |
am 9f14fca6: am 49dca3f0: Add rule to allow system to write to the adbd socket. * commit '9f14fca6c18f2acf8ff32ee4b5eb5960f37a66da': Add rule to allow system to write to the adbd socket.
|
9f14fca6c18f2acf8ff32ee4b5eb5960f37a66da |
01-May-2013 |
gcondra@google.com <gcondra@google.com> |
am 49dca3f0: Add rule to allow system to write to the adbd socket. * commit '49dca3f0a418496c6814230ed57c21feb4afa0b4': Add rule to allow system to write to the adbd socket.
|
49dca3f0a418496c6814230ed57c21feb4afa0b4 |
01-May-2013 |
repo sync <gcondra@google.com> |
Add rule to allow system to write to the adbd socket. Change-Id: I56e3ddae08b0c3d5e6b2492a6754899cc4e25a21
ystem.te
|
8f32e3f6dbe9e9283ef4b02b1945639024dd2e4c |
01-May-2013 |
gcondra@google.com <gcondra@google.com> |
am 16203678: am 9504a507: Allow ADB to interact extensively with system_data_files. * commit '1620367874b8b0d1bf5ec6656fafd75bc193187e': Allow ADB to interact extensively with system_data_files.
|
1620367874b8b0d1bf5ec6656fafd75bc193187e |
01-May-2013 |
gcondra@google.com <gcondra@google.com> |
am 9504a507: Allow ADB to interact extensively with system_data_files. * commit '9504a50740b63d464b9f692c1e8dc8be51a0d70b': Allow ADB to interact extensively with system_data_files.
|
9504a50740b63d464b9f692c1e8dc8be51a0d70b |
01-May-2013 |
repo sync <gcondra@google.com> |
Allow ADB to interact extensively with system_data_files. Long term this should be scoped down. Change-Id: I261f05568566cca38bc5c43fbfa7ff1c816e5846
dbd.te
ystem.te
|
632972117a754dc64102cf81154ae6aed86febf3 |
20-Apr-2013 |
William Roberts <w.roberts@sta.samsung.com> |
Support strict duplicate checking Change-Id: I3bb4755b86a90414a3912c8099dd7a4389249b24
ools/check_seapp.c
|
38c5cba7c2f5e699ad73b1dab9ec060abc91d702 |
26-Apr-2013 |
William Luh <williamluh@google.com> |
am a69beee7: am e855c3b4: Allow rild to create, bind, read, write to itself through a netlink socket. * commit 'a69beee76655e7bc8dba52846490ea0a6a5aaecb': Allow rild to create, bind, read, write to itself through a netlink socket.
|
a69beee76655e7bc8dba52846490ea0a6a5aaecb |
26-Apr-2013 |
William Luh <williamluh@google.com> |
am e855c3b4: Allow rild to create, bind, read, write to itself through a netlink socket. * commit 'e855c3b4901ff18fd17b9b58593923e95d3e19fa': Allow rild to create, bind, read, write to itself through a netlink socket.
|
e855c3b4901ff18fd17b9b58593923e95d3e19fa |
26-Apr-2013 |
William Luh <williamluh@google.com> |
Allow rild to create, bind, read, write to itself through a netlink socket. Change-Id: Ia7457e3fd4f1100bbee821f412e80ba17fede5ec
ild.te
|
0b0db2504766cd0dc84d3597d69ef00f60994b1a |
26-Apr-2013 |
William Luh <williamluh@google.com> |
am 3047a10f: am aca2f5eb: Stop breaking build by defining sysfs_devices_system_cpu. * commit '3047a10f9cc25184e57dbc7672d6722b86b28644': Stop breaking build by defining sysfs_devices_system_cpu.
|
87477095e712111a1a81a209c351cf80faf8ef15 |
26-Apr-2013 |
William Luh <williamluh@google.com> |
am f302051b: am 638bf327: Allow system to search the /sys/devices/system/cpu directory. * commit 'f302051b62124970a93408b10f1ba053d1d47fb0': Allow system to search the /sys/devices/system/cpu directory.
|
0d66a071e8390ae8d015f429cb8da41e263c3a14 |
26-Apr-2013 |
Nick Kralevich <nnk@google.com> |
am e43810fd: am 1e25b980: Revert "Add the sysrq_file special file and give ADB write access." * commit 'e43810fdbb20b556a869d83c6445edfbb351137d': Revert "Add the sysrq_file special file and give ADB write access."
|
3047a10f9cc25184e57dbc7672d6722b86b28644 |
26-Apr-2013 |
William Luh <williamluh@google.com> |
am aca2f5eb: Stop breaking build by defining sysfs_devices_system_cpu. * commit 'aca2f5ebd22adb6e0d5b3ec55a4540ee6d48c9fa': Stop breaking build by defining sysfs_devices_system_cpu.
|
f302051b62124970a93408b10f1ba053d1d47fb0 |
26-Apr-2013 |
William Luh <williamluh@google.com> |
am 638bf327: Allow system to search the /sys/devices/system/cpu directory. * commit '638bf3271bc7fc1d3c0640df378e4d1a84dcf384': Allow system to search the /sys/devices/system/cpu directory.
|
e43810fdbb20b556a869d83c6445edfbb351137d |
26-Apr-2013 |
Nick Kralevich <nnk@google.com> |
am 1e25b980: Revert "Add the sysrq_file special file and give ADB write access." * commit '1e25b980747025eb74fe14923167f3711f7b0807': Revert "Add the sysrq_file special file and give ADB write access."
|
aca2f5ebd22adb6e0d5b3ec55a4540ee6d48c9fa |
26-Apr-2013 |
William Luh <williamluh@google.com> |
Stop breaking build by defining sysfs_devices_system_cpu. Change-Id: Ie96d573be971b2dcc3d60614794ba9ca13b31471
ile.te
|
638bf3271bc7fc1d3c0640df378e4d1a84dcf384 |
26-Apr-2013 |
William Luh <williamluh@google.com> |
Allow system to search the /sys/devices/system/cpu directory. Change-Id: Iaa8fb6fa8726d083ee3c49edbbd398f0e8f33a37
ystem.te
|
1e25b980747025eb74fe14923167f3711f7b0807 |
25-Apr-2013 |
Nick Kralevich <nnk@google.com> |
Revert "Add the sysrq_file special file and give ADB write access." This rule doesn't work, as /proc/sysrq-trigger isn't properly labeled. Revert this change for now. This reverts commit bb2591e56f0b88570e8bed0008b932bf7c51f533.
dbd.te
ile.te
ile_contexts
|
0619254227603417e5e30ff6c9dd3b62a1ec68cc |
25-Apr-2013 |
Ben Murdoch <benm@google.com> |
am 2f5f90b2: am a3f65685: Revert "DO NOT MERGE Split some device nodes out from device." * commit '2f5f90b2ab76b4cc8e075fea713ee2ab2bcb1131': Revert "DO NOT MERGE Split some device nodes out from device."
|
2f5f90b2ab76b4cc8e075fea713ee2ab2bcb1131 |
25-Apr-2013 |
Ben Murdoch <benm@google.com> |
am a3f65685: Revert "DO NOT MERGE Split some device nodes out from device." * commit 'a3f656859024293d2ceb1ad00e443057bb6ec4ea': Revert "DO NOT MERGE Split some device nodes out from device."
|
a3f656859024293d2ceb1ad00e443057bb6ec4ea |
25-Apr-2013 |
Ben Murdoch <benm@google.com> |
Revert "DO NOT MERGE Split some device nodes out from device." This reverts commit 69fbbdd54b04e648b07cdf522760247f3dafd362.
evice.te
ile_contexts
urfaceflinger.te
ystem.te
|
9f5e22d23c5eb6665636a00b942b1130fa4887fe |
25-Apr-2013 |
gcondra@google.com <gcondra@google.com> |
am 93ca336f: am dc194683: Merge "DO NOT MERGE Split some device nodes out from device." into jb-mr2-dev * commit '93ca336f0105a857a5f2cc1b3bdb1e737ec53b43': DO NOT MERGE Split some device nodes out from device.
|
93ca336f0105a857a5f2cc1b3bdb1e737ec53b43 |
25-Apr-2013 |
gcondra@google.com <gcondra@google.com> |
am dc194683: Merge "DO NOT MERGE Split some device nodes out from device." into jb-mr2-dev * commit 'dc1946838a72845cbc00ddd0e9e65aae0ebec353': DO NOT MERGE Split some device nodes out from device.
|
dc1946838a72845cbc00ddd0e9e65aae0ebec353 |
25-Apr-2013 |
repo sync <gcondra@google.com> |
Merge "DO NOT MERGE Split some device nodes out from device." into jb-mr2-dev
|
69fbbdd54b04e648b07cdf522760247f3dafd362 |
23-Apr-2013 |
repo sync <gcondra@google.com> |
DO NOT MERGE Split some device nodes out from device. Some of these will get factored out into device-specific configs later. Change-Id: I359915e2607b56112bb22456d28e06c162fcbdff
evice.te
ile_contexts
urfaceflinger.te
ystem.te
|
e5c6920de922f1d5ea115529277223e4c5df6d49 |
25-Apr-2013 |
Geremy Condra <gcondra@google.com> |
am a5c9db98: am 02599329: Revert "Revert "Revert "Split some device nodes out from device.""" * commit 'a5c9db98ea2b217d6efda62d49f3f3dba78b59c1': Revert "Revert "Revert "Split some device nodes out from device."""
|
a5c9db98ea2b217d6efda62d49f3f3dba78b59c1 |
25-Apr-2013 |
Geremy Condra <gcondra@google.com> |
am 02599329: Revert "Revert "Revert "Split some device nodes out from device.""" * commit '0259932950f81d0465c9f97ab0023b0b88e7b032': Revert "Revert "Revert "Split some device nodes out from device."""
|
0259932950f81d0465c9f97ab0023b0b88e7b032 |
25-Apr-2013 |
Geremy Condra <gcondra@google.com> |
Revert "Revert "Revert "Split some device nodes out from device.""" This reverts commit e7e54fac10cce1472fa8667566a7f95754a74ecc Change-Id: I26b577cf46a0eaccf6adf7ae851383a10bf03b4b
evice.te
ile_contexts
urfaceflinger.te
ystem.te
|
ce191da6c35f2948cc58b8e797b4ea4c5dfb5182 |
25-Apr-2013 |
Geremy Condra <gcondra@google.com> |
am 8b6728bd: am e7e54fac: Revert "Revert "Split some device nodes out from device."" * commit '8b6728bdeeb239c7307b889815cc02013d1768b3': Revert "Revert "Split some device nodes out from device.""
|
8b6728bdeeb239c7307b889815cc02013d1768b3 |
25-Apr-2013 |
Geremy Condra <gcondra@google.com> |
am e7e54fac: Revert "Revert "Split some device nodes out from device."" * commit 'e7e54fac10cce1472fa8667566a7f95754a74ecc': Revert "Revert "Split some device nodes out from device.""
|
e7e54fac10cce1472fa8667566a7f95754a74ecc |
25-Apr-2013 |
Geremy Condra <gcondra@google.com> |
Revert "Revert "Split some device nodes out from device."" This reverts commit 1c101164c00739cfae0a86c071f8eb713542d943 Restoring now that the conflict with tuna has passed. Change-Id: I587dab8d7102c913fc03825a006e96d76680858d
evice.te
ile_contexts
urfaceflinger.te
ystem.te
|
13a2e24e61274d488c8730558c471403892b2926 |
24-Apr-2013 |
Geremy Condra <gcondra@google.com> |
am b7cdbba0: am 1c101164: Revert "Split some device nodes out from device." * commit 'b7cdbba0c1a3512f89b08d85f2dc71a5f54239a5': Revert "Split some device nodes out from device."
|
b7cdbba0c1a3512f89b08d85f2dc71a5f54239a5 |
24-Apr-2013 |
Geremy Condra <gcondra@google.com> |
am 1c101164: Revert "Split some device nodes out from device." * commit '1c101164c00739cfae0a86c071f8eb713542d943': Revert "Split some device nodes out from device."
|
1c101164c00739cfae0a86c071f8eb713542d943 |
24-Apr-2013 |
Geremy Condra <gcondra@google.com> |
Revert "Split some device nodes out from device." This reverts commit f51e9007242c6b7d57f6937ea005a2527d695041 Looks like this caused a build breakage in master, may have a duplicate rule from AOSP. Change-Id: I4ea83a47baec4ffa2840b5fe50b6f55e1eeda53c
evice.te
ile_contexts
urfaceflinger.te
ystem.te
|
c4e631cccd2bf4901a286b5aed92fdf6428eaa18 |
24-Apr-2013 |
gcondra@google.com <gcondra@google.com> |
am 552222ac: am f51e9007: Split some device nodes out from device. * commit '552222aca345cac9d95482af51c970149f9b888b': Split some device nodes out from device.
|
552222aca345cac9d95482af51c970149f9b888b |
24-Apr-2013 |
gcondra@google.com <gcondra@google.com> |
am f51e9007: Split some device nodes out from device. * commit 'f51e9007242c6b7d57f6937ea005a2527d695041': Split some device nodes out from device.
|
f51e9007242c6b7d57f6937ea005a2527d695041 |
23-Apr-2013 |
repo sync <gcondra@google.com> |
Split some device nodes out from device. Some of these will get factored out into device-specific configs later. Change-Id: I7ea9c22a666b13bca2d867e5bcc7084ed7129de3
evice.te
ile_contexts
urfaceflinger.te
ystem.te
|
1e8c061b053cdfd808c7a7649c78df4c33ded63d |
20-Apr-2013 |
William Roberts <w.roberts@sta.samsung.com> |
Fix segfault on -v with duplicates Change-Id: Ic040af5cfcd1be22074a691ecdd01e890866bc19
ools/check_seapp.c
|
c6347e70021a001a96cf2561d5593f668c3036b3 |
06-Apr-2013 |
Geremy Condra <gcondra@google.com> |
am 6cc2591a: am bb2591e5: Add the sysrq_file special file and give ADB write access. * commit '6cc2591a4e228befadabc5849849df4c9d2a530e': Add the sysrq_file special file and give ADB write access.
|
0cc0ef71cf95ba55f937b99de07b0f4ea2b03c37 |
06-Apr-2013 |
Geremy Condra <gcondra@google.com> |
Merge commit '1657b778' into manualmerge Change-Id: Ice060469201aa100c88baa26f55c8f074af0da59
|
69e8150aa05116d6b8991600da5e1bc58224d072 |
06-Apr-2013 |
Geremy Condra <gcondra@google.com> |
am d46bc855: am d381b97e: Give the drmserver the ability to connect to the tee. * commit 'd46bc855637bea4d228a47f82450f89df7f187d0': Give the drmserver the ability to connect to the tee.
|
e9a91c12a151f67366cd7cf3e32c45cbc0c17bcc |
06-Apr-2013 |
Geremy Condra <gcondra@google.com> |
am 1ac1be0e: am 207c709e: Allow drmserver to interact with apk_data_file sock_files. * commit '1ac1be0e19193ff393dc8134b8678b7e79f65cdd': Allow drmserver to interact with apk_data_file sock_files.
|
bccd6530676a60a821171496327ab39d317f5d9d |
06-Apr-2013 |
Geremy Condra <gcondra@google.com> |
Merge commit 'fd90a863' into manualmerge Change-Id: If4d57a1556a849fdc87612d9fe348a02db79506a
|
36c9f745b5c95e19a23c0dafcaa505c6801f147f |
06-Apr-2013 |
Geremy Condra <gcondra@google.com> |
am be4c3b86: am 8ee49795: Allow drmserver to read the wv keys. * commit 'be4c3b8649c4480946819ec8350aaf3ea978905e': Allow drmserver to read the wv keys.
|
ded7469cdc1563dd58ab5da3adb75c0273fe5f4d |
06-Apr-2013 |
Geremy Condra <gcondra@google.com> |
am b4ae49fa: am 47020462: Allow dhcpd to interact with ttys. * commit 'b4ae49fa68e1f2c902ae92b9244c1b376636e0d4': Allow dhcpd to interact with ttys.
|
3143d0a52415b252aebfb8a2f8b00ddf0a4a72be |
06-Apr-2013 |
William Roberts <w.roberts@sta.samsung.com> |
am 85a6a45d: am 7bb2a55c: Give domains read access to security_file domain. * commit '85a6a45d8ae577341bccb4669f30e343d89d5b36': Give domains read access to security_file domain.
|
050741237bc3701ca0db77ba287cba8941e19c9c |
06-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 5c394a7b: am 74ba8c86: run-as policy fixes. * commit '5c394a7bbf121b5d8a3adf19b6115a6e211af312': run-as policy fixes.
|
1a98597c43cc9dcdc5c65deddc64a39115423048 |
06-Apr-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
am 16ebcd2c: am ffd8c441: Add new domains for private apps. * commit '16ebcd2c043a1bd352f8356ce3598aba42afa9a0': Add new domains for private apps.
|
130f3d7038a39342b961ee2e05b466dad35ece79 |
06-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 4da10c97: am 142480a8: Drop SELinux management rules from AOSP. * commit '4da10c97accc67de27b2d7da2001c64025c7d3f6': Drop SELinux management rules from AOSP.
|
619c251aa363f20aebd715be186fd010315115d7 |
06-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am dadf56e2: am 10a2ac24: Document the relevant tests associated with specific rules. * commit 'dadf56e2d262f903fb51073309a5ac4ef7723ebf': Document the relevant tests associated with specific rules.
|
6cc2591a4e228befadabc5849849df4c9d2a530e |
06-Apr-2013 |
Geremy Condra <gcondra@google.com> |
am bb2591e5: Add the sysrq_file special file and give ADB write access. * commit 'bb2591e56f0b88570e8bed0008b932bf7c51f533': Add the sysrq_file special file and give ADB write access.
|
1657b77814f41f5f96023ceb46355318752cad5c |
06-Apr-2013 |
Geremy Condra <gcondra@google.com> |
am bfb26e7b: Add downloaded file policy. * commit 'bfb26e7b0761121039dea36ad34b6c5054babcfa': Add downloaded file policy.
|
d46bc855637bea4d228a47f82450f89df7f187d0 |
06-Apr-2013 |
Geremy Condra <gcondra@google.com> |
am d381b97e: Give the drmserver the ability to connect to the tee. * commit 'd381b97e13c5bdc888d7af20b1b1a6dd04784cf5': Give the drmserver the ability to connect to the tee.
|
1ac1be0e19193ff393dc8134b8678b7e79f65cdd |
06-Apr-2013 |
Geremy Condra <gcondra@google.com> |
am 207c709e: Allow drmserver to interact with apk_data_file sock_files. * commit '207c709e3a9bfc53c365de3102d75bf4cfb7f2e9': Allow drmserver to interact with apk_data_file sock_files.
|
fd90a8639689ebe64046934a8f432841aa375447 |
06-Apr-2013 |
Geremy Condra <gcondra@google.com> |
am 03d436a4: Give drmserver the ability to interact with apk_data_file dirs. * commit '03d436a4735dff1f2351475b24f706b6df51038f': Give drmserver the ability to interact with apk_data_file dirs.
|
be4c3b8649c4480946819ec8350aaf3ea978905e |
06-Apr-2013 |
Geremy Condra <gcondra@google.com> |
am 8ee49795: Allow drmserver to read the wv keys. * commit '8ee49795e39c3a58a58c98ceed4cb0295c1693dd': Allow drmserver to read the wv keys.
|
b4ae49fa68e1f2c902ae92b9244c1b376636e0d4 |
06-Apr-2013 |
Geremy Condra <gcondra@google.com> |
am 47020462: Allow dhcpd to interact with ttys. * commit '47020462ad3d0d4cbfc388879b97c1c0030f62db': Allow dhcpd to interact with ttys.
|
85a6a45d8ae577341bccb4669f30e343d89d5b36 |
06-Apr-2013 |
William Roberts <w.roberts@sta.samsung.com> |
am 7bb2a55c: Give domains read access to security_file domain. * commit '7bb2a55c4732126b7e99718cd66d5e2305e34683': Give domains read access to security_file domain.
|
5c394a7bbf121b5d8a3adf19b6115a6e211af312 |
06-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 74ba8c86: run-as policy fixes. * commit '74ba8c86137d85285a09780999b79034c7e935b1': run-as policy fixes.
|
16ebcd2c043a1bd352f8356ce3598aba42afa9a0 |
06-Apr-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
am ffd8c441: Add new domains for private apps. * commit 'ffd8c441a5903772af1705ddea5756d117bc9ec9': Add new domains for private apps.
|
4da10c97accc67de27b2d7da2001c64025c7d3f6 |
06-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 142480a8: Drop SELinux management rules from AOSP. * commit '142480a8ac5c8ae04db3401401085192bd2334f7': Drop SELinux management rules from AOSP.
|
dadf56e2d262f903fb51073309a5ac4ef7723ebf |
06-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 10a2ac24: Document the relevant tests associated with specific rules. * commit '10a2ac24f2f280bbdbc0fe27fb3d9e9770c4442a': Document the relevant tests associated with specific rules.
|
b83cf7fdabcd11242c9ae47603ad4687f34d77f7 |
06-Apr-2013 |
Geremy Condra <gcondra@google.com> |
am 18cf3891: Merge commit \'a019e4f1\' into manualmerge * commit '18cf3891b870622e4f5abd2752e6caa79019ec87': Do not allow reading all directories for the CTS.
|
18cf3891b870622e4f5abd2752e6caa79019ec87 |
06-Apr-2013 |
Geremy Condra <gcondra@google.com> |
Merge commit 'a019e4f1' into manualmerge Change-Id: Ib612d25c0c357bd9de28c5ec7d1215dc08945976
|
e25ffb62a84ca46b70cc6ab53ae9d3327897f248 |
06-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 4340ae3e: am 0e856a02: Allow all domains to read /dev symlinks. * commit '4340ae3e2464638f2373b5e572713db3f5ae75ba': Allow all domains to read /dev symlinks.
|
289f91ac382541d919b01ac09ad5b8bc47905cd3 |
06-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 5b852b53: am 62508bf4: Allow apps to execute the shell or system commands unconditionally. * commit '5b852b534f10f159e275cee42e5c97bc9c9faadf': Allow apps to execute the shell or system commands unconditionally.
|
23eb5be259a72b8467d17cdb04fd01414bd23aad |
06-Apr-2013 |
Geremy Condra <gcondra@google.com> |
am a6ac6c31: Merge commit \'0141ccd0\' into manualmerge * commit 'a6ac6c31e921ad81f1dac3e19d8e5a0caa0fb285': Remove unnecessary rules.
|
4340ae3e2464638f2373b5e572713db3f5ae75ba |
06-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 0e856a02: Allow all domains to read /dev symlinks. * commit '0e856a02cb73ab2a54f024a70194c6069a9fac57': Allow all domains to read /dev symlinks.
|
5b852b534f10f159e275cee42e5c97bc9c9faadf |
06-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 62508bf4: Allow apps to execute the shell or system commands unconditionally. * commit '62508bf498af44ea7d54bf85b4a8c1202cd26c8e': Allow apps to execute the shell or system commands unconditionally.
|
a6ac6c31e921ad81f1dac3e19d8e5a0caa0fb285 |
06-Apr-2013 |
Geremy Condra <gcondra@google.com> |
Merge commit '0141ccd0' into manualmerge Change-Id: Ief12fcbca8bcbef8484797f07ddd8e4a8a953e7c
|
363982738aa6df12dd9d173d99338f70d052d4f7 |
06-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am e59855be: am 0677cb2e: Allow fstat of platform app /data/data files. * commit 'e59855bee43c3daa791c9f9966359371be6281f2': Allow fstat of platform app /data/data files.
|
fba9e4f003b01921c1c0e4f4820aa48f16e96052 |
06-Apr-2013 |
Geremy Condra <gcondra@google.com> |
am 23bc75af: Merge commit \'b5f6977a\' into manualmerge * commit '23bc75afc2cebd8c3145db8b752d896e55fe92ad': Coalesce rules for allowing execution of shared objects by app domains.
|
e59855bee43c3daa791c9f9966359371be6281f2 |
06-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 0677cb2e: Allow fstat of platform app /data/data files. * commit '0677cb2ebda66adfabced3390f6c8b40eb06bc33': Allow fstat of platform app /data/data files.
|
23bc75afc2cebd8c3145db8b752d896e55fe92ad |
06-Apr-2013 |
Geremy Condra <gcondra@google.com> |
Merge commit 'b5f6977a' into manualmerge Change-Id: I0c1cb5070c80728a9acb028a03f313243957ba32
|
597b7da346115102efd6365b10484e741e188e12 |
06-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 013b177e: am 9de4c692: Strip unnecessary trailing semicolon on macro calls. * commit '013b177e090d7f2f27d5099139e181197030464b': Strip unnecessary trailing semicolon on macro calls.
|
013b177e090d7f2f27d5099139e181197030464b |
06-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 9de4c692: Strip unnecessary trailing semicolon on macro calls. * commit '9de4c6920220880e236ef1648ebd900c69727d43': Strip unnecessary trailing semicolon on macro calls.
|
9eb4dfe14a3719df4104a9c6e024f7c3aa6a7f31 |
05-Apr-2013 |
Geremy Condra <gcondra@google.com> |
am 048fe720: Merge commit \'81fe5f7c\' into manualmerge2 * commit '048fe7204f1c7740c76c0871cdf563d0d59fd722': Allow all domains to read the log devices.
|
048fe7204f1c7740c76c0871cdf563d0d59fd722 |
05-Apr-2013 |
Geremy Condra <gcondra@google.com> |
Merge commit '81fe5f7c' into manualmerge2 Change-Id: I4f18f6c5cff45f80ffbc0356f77993b2d358f4ff
|
980fa371f020401359fabf2a392061356e152537 |
05-Apr-2013 |
William Roberts <w.roberts@sta.samsung.com> |
am d3925feb: am 6c4c27e6: Give domains read access to security_file domain. * commit 'd3925feb617c6d15a57c5ee97b3326ee3f2f07fa': Give domains read access to security_file domain.
|
4959c8d8ed7c3ac2767303bfbf0f5e7f4e9f9f55 |
05-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am ecf78730: am cd516a32: run-as policy fixes. * commit 'ecf78730ed1378883d4d97da6afbf9a805f96707': run-as policy fixes.
|
28db9ab2421f8aa52740ed396e89ec711dcb5d73 |
05-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am b8f5e3d9: am 4e0e74ed: Allow ueventd to relabel sysfs nodes. * commit 'b8f5e3d96bbe02015500d13daa2112ba75ae3828': Allow ueventd to relabel sysfs nodes.
|
4e07a418d498ba03fdc98af7a7d27ce22f6a039b |
05-Apr-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
am 9e31636e: am 507304c2: Remove unneeded device type. * commit '9e31636ee475d0cd72f412033fc2dcc6ded71637': Remove unneeded device type.
|
cbba8e8e6322c5ff10e3efe8e0149120087273be |
05-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am c2c91f3f: am b86d472f: Increase policy version to 26. * commit 'c2c91f3fe4a38d365c31dc2dd6a10049aa1df2b5': Increase policy version to 26.
|
d3925feb617c6d15a57c5ee97b3326ee3f2f07fa |
05-Apr-2013 |
William Roberts <w.roberts@sta.samsung.com> |
am 6c4c27e6: Give domains read access to security_file domain. * commit '6c4c27e626341a3676631ce687d006e85e0710b7': Give domains read access to security_file domain.
|
ecf78730ed1378883d4d97da6afbf9a805f96707 |
05-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am cd516a32: run-as policy fixes. * commit 'cd516a32663b4eb11b2e3356b86450020e59e279': run-as policy fixes.
|
b8f5e3d96bbe02015500d13daa2112ba75ae3828 |
05-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 4e0e74ed: Allow ueventd to relabel sysfs nodes. * commit '4e0e74ed95958c5acf59c5c07fa7e3648f71f34e': Allow ueventd to relabel sysfs nodes.
|
9e31636ee475d0cd72f412033fc2dcc6ded71637 |
05-Apr-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
am 507304c2: Remove unneeded device type. * commit '507304c20be8805286dc66d7381c141408c8e3a3': Remove unneeded device type.
|
c2c91f3fe4a38d365c31dc2dd6a10049aa1df2b5 |
05-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am b86d472f: Increase policy version to 26. * commit 'b86d472fe3946325e98ed0de3cb0846ec975ffd7': Increase policy version to 26.
|
bb2591e56f0b88570e8bed0008b932bf7c51f533 |
04-Apr-2013 |
Geremy Condra <gcondra@google.com> |
Add the sysrq_file special file and give ADB write access. Change-Id: Ief2d412dddf4cefdf43a26538c4be060df4cc787
dbd.te
ile.te
ile_contexts
|
bfb26e7b0761121039dea36ad34b6c5054babcfa |
04-Apr-2013 |
Geremy Condra <gcondra@google.com> |
Add downloaded file policy. Change-Id: I6f68323cddcf9e13b2a730b8d6b8730587fb4366
pp.te
ile.te
ile_contexts
|
d381b97e13c5bdc888d7af20b1b1a6dd04784cf5 |
04-Apr-2013 |
Geremy Condra <gcondra@google.com> |
Give the drmserver the ability to connect to the tee. Bug: 8539042 Change-Id: I6a9c3247688f49bed4a1637c728e77c2e865afd2
rmserver.te
|
207c709e3a9bfc53c365de3102d75bf4cfb7f2e9 |
04-Apr-2013 |
Geremy Condra <gcondra@google.com> |
Allow drmserver to interact with apk_data_file sock_files. Bug: 8539042 Change-Id: I255930759ce0612f6ec9b931bfe545342ef808fc
rmserver.te
|
03d436a4735dff1f2351475b24f706b6df51038f |
04-Apr-2013 |
Geremy Condra <gcondra@google.com> |
Give drmserver the ability to interact with apk_data_file dirs. Bug: 8539042 Change-Id: I87165fd83b1abef9eb7bf4c403714150aaefed6e
rmserver.te
|
8ee49795e39c3a58a58c98ceed4cb0295c1693dd |
04-Apr-2013 |
Geremy Condra <gcondra@google.com> |
Allow drmserver to read the wv keys. Bug: 8539042 Change-Id: I31e7a3ae6ba783b78c3b38756966950a20f2f2aa
rmserver.te
|
47020462ad3d0d4cbfc388879b97c1c0030f62db |
04-Apr-2013 |
Geremy Condra <gcondra@google.com> |
Allow dhcpd to interact with ttys. Bug: 8539042 Change-Id: I27bcc4a485b031d54e17b03164642821d546e62f
hcp.te
|
7bb2a55c4732126b7e99718cd66d5e2305e34683 |
04-Apr-2013 |
William Roberts <w.roberts@sta.samsung.com> |
Give domains read access to security_file domain. /data/security is another location that policy files can reside. In fact, these policy files take precedence over their rootfs counterparts under certain circumstances. Give the appropriate players the rights to read these policy files. Change-Id: I9951c808ca97c2e35a9adb717ce5cb98cda24c41
ebuggerd.te
nstalld.te
unas.te
ystem.te
e_macros
eventd.te
old.te
ygote.te
|
74ba8c86137d85285a09780999b79034c7e935b1 |
05-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
run-as policy fixes. - Remove dac_read_search as it is no longer required by run-as. - Introduce a separate type for /dev/tty so that we can allow use of own tty for for a run-as shell without allowing access to other /dev/tty[0-9]* nodes. - Allow sigchld notifications for death of run-as and its descendants by adbd. - Drop redundant rules for executing shell or system commands from untrusted_app; now covered by rules in app.te. Change-Id: Ic3bf7bee9eeabf9ad4a20f61fbb142a64bb37c6c
evice.te
omain.te
ile_contexts
unas.te
|
ffd8c441a5903772af1705ddea5756d117bc9ec9 |
03-Apr-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
Add new domains for private apps. /data/app-private is used when making an app purchase or forward locking. Provide a new label for the directory as well as the tmp files that appear under it. Change-Id: I910cd1aa63538253e10a8d80268212ad9fc9fca5 Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
pp.te
ile.te
ile_contexts
ystem.te
|
142480a8ac5c8ae04db3401401085192bd2334f7 |
04-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Drop SELinux management rules from AOSP. As AOSP does not support the device admin API or the older SEManager system app, just drop the allow rules associated with permitting SELinux management via device admin or a system app. Change-Id: Icdf40c9e6d343b19c156e4c7aea4cfb8c5f234ad Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ystem.te
|
10a2ac24f2f280bbdbc0fe27fb3d9e9770c4442a |
04-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Document the relevant tests associated with specific rules. Change-Id: I09b4e33b1c9ea201a96d2f07cb74bdb804b5aad2 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ts.te
|
a019e4f12fb70da5b60e170b7f6f1b6567b4c3a7 |
04-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Do not allow reading all directories for the CTS. The test gracefully handles unreadable directories, so we do not need to allow this for all file types. Change-Id: Ib5f5be7cacc3f0270b72c046200cc3d21f3fc374 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ts.te
|
0e856a02cb73ab2a54f024a70194c6069a9fac57 |
04-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow all domains to read /dev symlinks. Change-Id: I448a5553937a98775178b94f289ccb45ae862876 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ts.te
omain.te
ild.te
old.te
|
62508bf498af44ea7d54bf85b4a8c1202cd26c8e |
04-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow apps to execute the shell or system commands unconditionally. Change-Id: I54af993bd478d6b8d0462d43950bb1a991131c82 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
ts.te
|
0141ccd0604deca6f931edf4f7c66b7fc1152851 |
04-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Remove unnecessary rules. Redundant with other rules or not required for untrusted app. Change-Id: Idb5d50326cc14696423cf133508c0d013c5928a6 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ts.te
|
0677cb2ebda66adfabced3390f6c8b40eb06bc33 |
04-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow fstat of platform app /data/data files. Change-Id: I8d46a809c08cd21b0d6c3173998035ab3cc79ada Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
|
b5f6977a28ae7c8474fe23cefe26f3556a533207 |
04-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Coalesce rules for allowing execution of shared objects by app domains. Change-Id: I809738e7de038ad69905a77ea71fda4f25035d09 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
|
9de4c6920220880e236ef1648ebd900c69727d43 |
04-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Strip unnecessary trailing semicolon on macro calls. Change-Id: I013e08bcd82a9e2311a958e1c98931f53f6720c9 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
etd.te
|
81fe5f7c0f47d48faa820ad5f8d3f4f44637a486 |
04-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow all domains to read the log devices. Read access to /dev/log/* is no longer restricted. Filtering on reads is performed per-uid by the kernel logger driver. Change-Id: Ia986cbe66b84f3898e858c60f12c7f3d63ac47cf Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
dbd.te
pp.te
ebuggerd.te
omain.te
hell.te
|
4e0e74ed95958c5acf59c5c07fa7e3648f71f34e |
03-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow ueventd to relabel sysfs nodes. Required for If8b8d66120453123c1371ce063b6f20e8b96b6ef . Change-Id: I98871b957db8b291cbbb827b5eb39b4279ce4194 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
eventd.te
|
507304c20be8805286dc66d7381c141408c8e3a3 |
02-Apr-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
Remove unneeded device type. timerirq_device has been removed in favor of using the existing sensors_device domain. Change-Id: I503e4a511c2901890356559c0afb971392b4ec6f Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
evice.te
ystem.te
|
b86d472fe3946325e98ed0de3cb0846ec975ffd7 |
01-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Increase policy version to 26. Increase the SELinux policy version to 26. This is needed for name-based transitions used by the manta sepolicy. Requires kernel 3.0 or higher. Change-Id: I046fa9f7122f77506c70b2c735345bc0194935df Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ndroid.mk
|
6c4c27e626341a3676631ce687d006e85e0710b7 |
04-Apr-2013 |
William Roberts <w.roberts@sta.samsung.com> |
Give domains read access to security_file domain. /data/security is another location that policy files can reside. In fact, these policy files take precedence over their rootfs counterparts under certain circumstances. Give the appropriate players the rights to read these policy files. Change-Id: I9951c808ca97c2e35a9adb717ce5cb98cda24c41
ebuggerd.te
nstalld.te
unas.te
ystem.te
e_macros
eventd.te
old.te
ygote.te
|
cd516a32663b4eb11b2e3356b86450020e59e279 |
05-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
run-as policy fixes. - Remove dac_read_search as it is no longer required by run-as. - Introduce a separate type for /dev/tty so that we can allow use of own tty for for a run-as shell without allowing access to other /dev/tty[0-9]* nodes. - Allow sigchld notifications for death of run-as and its descendants by adbd. - Drop redundant rules for executing shell or system commands from untrusted_app; now covered by rules in app.te. Change-Id: Ic3bf7bee9eeabf9ad4a20f61fbb142a64bb37c6c
evice.te
omain.te
ile_contexts
unas.te
|
ccbc251e01326a9789c684409c3e661b86a43844 |
05-Apr-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
am 0ebd1280: am 8bb30801: Add new domains for private apps. * commit '0ebd12809aa4882c06efd1b3575890b9f759f1bb': Add new domains for private apps.
|
86c3f9849018bb20fe9d2f61ead14cc2bba8a0ac |
05-Apr-2013 |
Geremy Condra <gcondra@google.com> |
am d998ffe6: am 0bca1578: Merge "Drop SELinux management rules from AOSP." * commit 'd998ffe6f700ddfdb437515b82bdffaeb25f9364': Drop SELinux management rules from AOSP.
|
377cb25ddfd3442ab04ad4006051918d8d10de35 |
05-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 1804dcbf: am 4ac4bc05: Document the relevant tests associated with specific rules. * commit '1804dcbf1c0fcc31dc2d105ebfd621e8e1d56e44': Document the relevant tests associated with specific rules.
|
09fe57d0f2c85b0c89431fb3342bb614e22a30d6 |
05-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 5323c1da: am 4b60cc30: Do not allow reading all directories for the CTS. * commit '5323c1da58717f630b8ea8b0347ae49bbb83d1e6': Do not allow reading all directories for the CTS.
|
e0e68601472722f8c61f594055245dbb2f9f8324 |
05-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 2d01809e: am 33da6091: Allow all domains to read /dev symlinks. * commit '2d01809e23952a369543edbd5b344afaa34ab857': Allow all domains to read /dev symlinks.
|
d5d5ca12166a8cb758cd4017454d375f85f117cd |
05-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 95d9f19d: am c37856c4: Remove unnecessary rules. * commit '95d9f19d7e6728709e608151af5847ed4910ad3f': Remove unnecessary rules.
|
f3819c79a5d63dd0e939668c6eb98ce4aa0d66c1 |
05-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 752007dc: am cfd9b6ba: Allow apps to execute the shell or system commands unconditionally. * commit '752007dc0dd68682ce6059815755d13c3e999f14': Allow apps to execute the shell or system commands unconditionally.
|
2298e615abef48b2d287c3da84704dc73ed5c098 |
05-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 67bd56ec: am ab0cd211: Allow fstat of platform app /data/data files. * commit '67bd56ecfa38ff2de28569d53c9a7d709f06a2b3': Allow fstat of platform app /data/data files.
|
ab8c95a49bf086c1b6027831aab5315e733c2e2b |
05-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am ca3dcebd: am b0957fa8: Coalesce rules for allowing execution of shared objects by app domains. * commit 'ca3dcebd0b278a99c3aeb604cd2d6e2ecba19715': Coalesce rules for allowing execution of shared objects by app domains.
|
f17aab0d347f2b58afb87d5abb7819ecf89b1957 |
05-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am cd00d636: am 80c9ba52: Strip unnecessary trailing semicolon on macro calls. * commit 'cd00d636afd3f131919ff226b3c0480fa280c552': Strip unnecessary trailing semicolon on macro calls.
|
b7a7f9ddeb0db72423d660f8f7b7e1425f7e991f |
05-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am b9355565: am 2b732237: Allow all domains to read the log devices. * commit 'b935556567d1faa858d800814021f7202f820109': Allow all domains to read the log devices.
|
0ebd12809aa4882c06efd1b3575890b9f759f1bb |
05-Apr-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
am 8bb30801: Add new domains for private apps. * commit '8bb308016f9eda71178d62b9b0e51fd4454bddb6': Add new domains for private apps.
|
d998ffe6f700ddfdb437515b82bdffaeb25f9364 |
05-Apr-2013 |
Geremy Condra <gcondra@google.com> |
am 0bca1578: Merge "Drop SELinux management rules from AOSP." * commit '0bca1578b71b7b7980cd346d11fe4ffd226b375b': Drop SELinux management rules from AOSP.
|
1804dcbf1c0fcc31dc2d105ebfd621e8e1d56e44 |
05-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 4ac4bc05: Document the relevant tests associated with specific rules. * commit '4ac4bc05843a8718893b86a920f9185f47a47576': Document the relevant tests associated with specific rules.
|
5323c1da58717f630b8ea8b0347ae49bbb83d1e6 |
05-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 4b60cc30: Do not allow reading all directories for the CTS. * commit '4b60cc3033d0dfdc5955a55bd8d671aca04caa65': Do not allow reading all directories for the CTS.
|
2d01809e23952a369543edbd5b344afaa34ab857 |
05-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 33da6091: Allow all domains to read /dev symlinks. * commit '33da609157619eed21a136226e6883ca1d20105b': Allow all domains to read /dev symlinks.
|
95d9f19d7e6728709e608151af5847ed4910ad3f |
05-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am c37856c4: Remove unnecessary rules. * commit 'c37856c4d223f798908c5bde46a8aa37d2b6ffbc': Remove unnecessary rules.
|
752007dc0dd68682ce6059815755d13c3e999f14 |
05-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am cfd9b6ba: Allow apps to execute the shell or system commands unconditionally. * commit 'cfd9b6ba0bfdd7dc1319b3ca3c527518f4167658': Allow apps to execute the shell or system commands unconditionally.
|
67bd56ecfa38ff2de28569d53c9a7d709f06a2b3 |
05-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am ab0cd211: Allow fstat of platform app /data/data files. * commit 'ab0cd2119d8643d7efa1ad355265fc0d8bfc2ae4': Allow fstat of platform app /data/data files.
|
ca3dcebd0b278a99c3aeb604cd2d6e2ecba19715 |
05-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am b0957fa8: Coalesce rules for allowing execution of shared objects by app domains. * commit 'b0957fa86d25c40c9f28c27ad0dfd2eb283e9506': Coalesce rules for allowing execution of shared objects by app domains.
|
cd00d636afd3f131919ff226b3c0480fa280c552 |
05-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 80c9ba52: Strip unnecessary trailing semicolon on macro calls. * commit '80c9ba5267f1a6ceffcf979471d101948b520ad6': Strip unnecessary trailing semicolon on macro calls.
|
b935556567d1faa858d800814021f7202f820109 |
05-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 2b732237: Allow all domains to read the log devices. * commit '2b732237d1f8c49b6e93f7e90b0d0aa5b07e1a90': Allow all domains to read the log devices.
|
ae317c7e15391a12c50359e2496aec0e3614306a |
04-Apr-2013 |
Geremy Condra <gcondra@google.com> |
Add the sysrq_file special file and give ADB write access. Change-Id: Ief2d412dddf4cefdf43a26538c4be060df4cc787
dbd.te
ile.te
ile_contexts
|
8bb308016f9eda71178d62b9b0e51fd4454bddb6 |
03-Apr-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
Add new domains for private apps. /data/app-private is used when making an app purchase or forward locking. Provide a new label for the directory as well as the tmp files that appear under it. Change-Id: I910cd1aa63538253e10a8d80268212ad9fc9fca5 Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
pp.te
ile.te
ile_contexts
ystem.te
|
0bca1578b71b7b7980cd346d11fe4ffd226b375b |
04-Apr-2013 |
Geremy Condra <gcondra@google.com> |
Merge "Drop SELinux management rules from AOSP."
|
4ac4bc05843a8718893b86a920f9185f47a47576 |
04-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Document the relevant tests associated with specific rules. Change-Id: I09b4e33b1c9ea201a96d2f07cb74bdb804b5aad2 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ts.te
|
4b60cc3033d0dfdc5955a55bd8d671aca04caa65 |
04-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Do not allow reading all directories for the CTS. The test gracefully handles unreadable directories, so we do not need to allow this for all file types. Change-Id: Ib5f5be7cacc3f0270b72c046200cc3d21f3fc374 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ts.te
|
33da609157619eed21a136226e6883ca1d20105b |
04-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow all domains to read /dev symlinks. Change-Id: I448a5553937a98775178b94f289ccb45ae862876 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ts.te
omain.te
ild.te
old.te
|
c37856c4d223f798908c5bde46a8aa37d2b6ffbc |
04-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Remove unnecessary rules. Redundant with other rules or not required for untrusted app. Change-Id: Idb5d50326cc14696423cf133508c0d013c5928a6 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ts.te
|
cfd9b6ba0bfdd7dc1319b3ca3c527518f4167658 |
04-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow apps to execute the shell or system commands unconditionally. Change-Id: I54af993bd478d6b8d0462d43950bb1a991131c82 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
ts.te
|
ab0cd2119d8643d7efa1ad355265fc0d8bfc2ae4 |
04-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow fstat of platform app /data/data files. Change-Id: I8d46a809c08cd21b0d6c3173998035ab3cc79ada Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
|
b0957fa86d25c40c9f28c27ad0dfd2eb283e9506 |
04-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Coalesce rules for allowing execution of shared objects by app domains. Change-Id: I809738e7de038ad69905a77ea71fda4f25035d09 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
|
80c9ba5267f1a6ceffcf979471d101948b520ad6 |
04-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Strip unnecessary trailing semicolon on macro calls. Change-Id: I013e08bcd82a9e2311a958e1c98931f53f6720c9 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
etd.te
|
2b732237d1f8c49b6e93f7e90b0d0aa5b07e1a90 |
04-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow all domains to read the log devices. Read access to /dev/log/* is no longer restricted. Filtering on reads is performed per-uid by the kernel logger driver. Change-Id: Ia986cbe66b84f3898e858c60f12c7f3d63ac47cf Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
dbd.te
pp.te
ebuggerd.te
omain.te
hell.te
|
88ae55951dc8d71f3d61f123dfd9f272139ae376 |
04-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Drop SELinux management rules from AOSP. As AOSP does not support the device admin API or the older SEManager system app, just drop the allow rules associated with permitting SELinux management via device admin or a system app. Change-Id: Icdf40c9e6d343b19c156e4c7aea4cfb8c5f234ad Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ystem.te
|
66ff05950b7b9c24c8c47511429d15226b45163d |
04-Apr-2013 |
Geremy Condra <gcondra@google.com> |
Merge "Add downloaded file policy."
|
3d98620ada80f5ca1d6395f2abe054b0aa82fa59 |
04-Apr-2013 |
Geremy Condra <gcondra@google.com> |
Add downloaded file policy. Change-Id: I6f68323cddcf9e13b2a730b8d6b8730587fb4366
pp.te
ile.te
ile_contexts
|
cfd0bc509402f6523e240dc1d420922669c57e01 |
04-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am ac860ce1: am cebe6a65: Allow ueventd to relabel sysfs nodes. * commit 'ac860ce1553f50586a3e605a3c7d9761af29ea00': Allow ueventd to relabel sysfs nodes.
|
ac860ce1553f50586a3e605a3c7d9761af29ea00 |
04-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am cebe6a65: Allow ueventd to relabel sysfs nodes. * commit 'cebe6a653b96b4726d9cf68995651a56a4cf9be1': Allow ueventd to relabel sysfs nodes.
|
53d705911583b558d26e256b2157b2e7f6607499 |
04-Apr-2013 |
Geremy Condra <gcondra@google.com> |
Merge "Give the drmserver the ability to connect to the tee."
|
e59bb5c45b5f7ee107aaa42b4552a287fc2ae16c |
04-Apr-2013 |
Geremy Condra <gcondra@google.com> |
Merge "Allow drmserver to interact with apk_data_file sock_files."
|
7130719c392c20485ac83f488fc4661218fb2c24 |
04-Apr-2013 |
Geremy Condra <gcondra@google.com> |
Merge "Give drmserver the ability to interact with apk_data_file dirs."
|
bad5ca22161b15357b937ba6b981825f5980bb05 |
04-Apr-2013 |
Geremy Condra <gcondra@google.com> |
Merge "Allow drmserver to read the wv keys."
|
ee1c0e6312a5275353db8c2f82d3bad0f350db3a |
04-Apr-2013 |
Geremy Condra <gcondra@google.com> |
Merge "Allow dhcpd to interact with ttys."
|
fa2461459b9b100fc8c0f02cc361a0e6144f2ff9 |
04-Apr-2013 |
Geremy Condra <gcondra@google.com> |
Give the drmserver the ability to connect to the tee. Bug: 8539042 Change-Id: I6a9c3247688f49bed4a1637c728e77c2e865afd2
rmserver.te
|
fe9ff457cac73c6b6876768f3256ac7485fddfd4 |
04-Apr-2013 |
Geremy Condra <gcondra@google.com> |
Allow drmserver to interact with apk_data_file sock_files. Bug: 8539042 Change-Id: I255930759ce0612f6ec9b931bfe545342ef808fc
rmserver.te
|
70c1e329a48facede89f960e4c8ba17d400054b3 |
04-Apr-2013 |
Geremy Condra <gcondra@google.com> |
Give drmserver the ability to interact with apk_data_file dirs. Bug: 8539042 Change-Id: I87165fd83b1abef9eb7bf4c403714150aaefed6e
rmserver.te
|
7a380b07a1f94f21bf3fb2e64e0cbb548be1435b |
04-Apr-2013 |
Geremy Condra <gcondra@google.com> |
Allow drmserver to read the wv keys. Bug: 8539042 Change-Id: I31e7a3ae6ba783b78c3b38756966950a20f2f2aa
rmserver.te
|
4959ecd16738a515d3980c4537a8e1c51b6e5d46 |
04-Apr-2013 |
Geremy Condra <gcondra@google.com> |
Allow dhcpd to interact with ttys. Bug: 8539042 Change-Id: I27bcc4a485b031d54e17b03164642821d546e62f
hcp.te
|
9db723b6f624d3bf404ee3e261514dd6b34f8f86 |
04-Apr-2013 |
Geremy Condra <gcondra@google.com> |
am d29d2e75: am 404fc4fa: Merge "Add the sys_resource capability to sdcardd." into jb-mr2-dev * commit 'd29d2e75a06c7813055491ab8960cd6b62c3f631': Add the sys_resource capability to sdcardd.
|
d29d2e75a06c7813055491ab8960cd6b62c3f631 |
03-Apr-2013 |
Geremy Condra <gcondra@google.com> |
am 404fc4fa: Merge "Add the sys_resource capability to sdcardd." into jb-mr2-dev * commit '404fc4fa696d1d74866113d949d90a71de3905f9': Add the sys_resource capability to sdcardd.
|
404fc4fa696d1d74866113d949d90a71de3905f9 |
03-Apr-2013 |
Geremy Condra <gcondra@google.com> |
Merge "Add the sys_resource capability to sdcardd." into jb-mr2-dev
|
8e63ba4c7005a5e1e16ca4dd0cff04f912d05502 |
03-Apr-2013 |
Geremy Condra <gcondra@google.com> |
am ee4426ae: am 2c831009: Fix various SELinux denials. * commit 'ee4426ae0289e9f3d21ccee55198b4125b489733': Fix various SELinux denials.
|
ee4426ae0289e9f3d21ccee55198b4125b489733 |
03-Apr-2013 |
Geremy Condra <gcondra@google.com> |
am 2c831009: Fix various SELinux denials. * commit '2c831009a59f122fc870bedb6ed084eb5aeea0b0': Fix various SELinux denials.
|
cebe6a653b96b4726d9cf68995651a56a4cf9be1 |
03-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow ueventd to relabel sysfs nodes. Required for If8b8d66120453123c1371ce063b6f20e8b96b6ef . Change-Id: I98871b957db8b291cbbb827b5eb39b4279ce4194 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
eventd.te
|
2c831009a59f122fc870bedb6ed084eb5aeea0b0 |
03-Apr-2013 |
Geremy Condra <gcondra@google.com> |
Fix various SELinux denials. Change-Id: I73a2b841ab3399b7528b8084a5c4736e6ecea48a
dbd.te
ystem.te
|
7a23fcc859912d88768f9abce4959b9c25ba8b1b |
03-Apr-2013 |
Geremy Condra <gcondra@google.com> |
Fix various SELinux denials. Change-Id: I73a2b841ab3399b7528b8084a5c4736e6ecea48a
dbd.te
ystem.te
|
d7be122ea6b962ca4e792b3f3898eda62cdbf6f9 |
02-Apr-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
am 08ca8ad6: am 84c46de5: Remove unneeded device type. * commit '08ca8ad6d9a235b86a87aaec8f519b9ba9e20d2e': Remove unneeded device type.
|
08ca8ad6d9a235b86a87aaec8f519b9ba9e20d2e |
02-Apr-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
am 84c46de5: Remove unneeded device type. * commit '84c46de5251bbf567740d065c833cd3a3662e4f5': Remove unneeded device type.
|
84c46de5251bbf567740d065c833cd3a3662e4f5 |
02-Apr-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
Remove unneeded device type. timerirq_device has been removed in favor of using the existing sensors_device domain. Change-Id: I503e4a511c2901890356559c0afb971392b4ec6f Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
evice.te
ystem.te
|
6a4391dbb87d481abbf78f9c14fd07d5691821cd |
01-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am e267afa3: am e543a8bc: Increase policy version to 26. * commit 'e267afa32070609b080d4a7900cd27179430e04d': Increase policy version to 26.
|
e267afa32070609b080d4a7900cd27179430e04d |
01-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am e543a8bc: Increase policy version to 26. * commit 'e543a8bc2a2d08ff381e5ae9e34cc2a094acf895': Increase policy version to 26.
|
e543a8bc2a2d08ff381e5ae9e34cc2a094acf895 |
01-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Increase policy version to 26. Increase the SELinux policy version to 26. This is needed for name-based transitions used by the manta sepolicy. Requires kernel 3.0 or higher. Change-Id: I046fa9f7122f77506c70b2c735345bc0194935df Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ndroid.mk
|
f460aa43f8c1743ede2f0c20a2cbea5b5c1aac98 |
30-Mar-2013 |
Geremy Condra <gcondra@google.com> |
am 4387956f: Add the ability to stat files under /cache for media_app. * commit '4387956f2607f9836e13267c10c5a5d0929eeb4c': Add the ability to stat files under /cache for media_app.
|
bcb6de6129e63786a8d68808f060388fef0e4402 |
30-Mar-2013 |
Geremy Condra <gcondra@google.com> |
am 06575ee4: Add remount capability to Zygote. * commit '06575ee40c5ddc0f151270dd1679d5c0ceeb333e': Add remount capability to Zygote.
|
d3fc027fbd0c7036c521348a96adaf5e54dc85bd |
30-Mar-2013 |
Geremy Condra <gcondra@google.com> |
am 020b5ff6: Add a key directory argument to insertkeys.py * commit '020b5ff6311044ef7a2200dd4db69f5cccf46213': Add a key directory argument to insertkeys.py
|
022388ae53f7c1dddd14cde1afd0142d33499b86 |
30-Mar-2013 |
Geremy Condra <gcondra@google.com> |
am 8abf01ac: Drop MLS separation for compatibility. * commit '8abf01ac3320c2cafd8d228ec45646aafa4a9332': Drop MLS separation for compatibility.
|
47458307ef2087504cdf9407feba959501b89bd4 |
30-Mar-2013 |
Geremy Condra <gcondra@google.com> |
am c529c66f: Add policy for __properties__ device. * commit 'c529c66f2c80fc243053310e0c92ff093ed1d01f': Add policy for __properties__ device.
|
1ac712f74c11bd146deb61b531b4d69e9178cbc7 |
28-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Add the sys_resource capability to sdcardd. Change-Id: I0b2ecdbddbed3d5ea1617c9ae9af7f8b1c9ace93
dcardd.te
|
4387956f2607f9836e13267c10c5a5d0929eeb4c |
28-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Add the ability to stat files under /cache for media_app. This feels like a hidden bug- it shouldn't be trying to stat everything under /cache anyways- but allowing for now. Change-Id: Ib5ddfbb408c9f0b6c6218c78a678fcdb09360ccd
pp.te
|
06575ee40c5ddc0f151270dd1679d5c0ceeb333e |
28-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Add remount capability to Zygote. This is a consequence of https://googleplex-android-review.googlesource.com/#/c/278069/ Change-Id: I9b310860534a80e7145950f6c632cf5ba0ad56a7
ygote.te
|
020b5ff6311044ef7a2200dd4db69f5cccf46213 |
28-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Add a key directory argument to insertkeys.py This allows us to better integrate key selection with our existing build process. Change-Id: I6e3eb5fbbfffb8e31c5edcf16f74df7c38abe537
ndroid.mk
eys.conf
ools/insertkeys.py
|
8abf01ac3320c2cafd8d228ec45646aafa4a9332 |
27-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Drop MLS separation for compatibility. Change-Id: I555361d732b8f1bdc90c231a3183a85526a5a558
eapp_contexts
|
c529c66f2c80fc243053310e0c92ff093ed1d01f |
01-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Add policy for __properties__ device. Change-Id: Ie9b391283362fb6930f1ae858f0a879835c91e32
evice.te
omain.te
ile_contexts
|
c141fc038d844ab90c4494d9e3985df662671701 |
28-Mar-2013 |
Geremy Condra <gcondra@google.com> |
am 7c8e6d4a: am f4d5f3e1: Merge "Add missing seinfo tag from mac_permissions.xml policy." * commit '7c8e6d4a962a5a10dfb32dcd4cbb33d29881d07d': Add missing seinfo tag from mac_permissions.xml policy.
|
7c8e6d4a962a5a10dfb32dcd4cbb33d29881d07d |
28-Mar-2013 |
Geremy Condra <gcondra@google.com> |
am f4d5f3e1: Merge "Add missing seinfo tag from mac_permissions.xml policy." * commit 'f4d5f3e1f6db56c80959428591bb3dbbe685b010': Add missing seinfo tag from mac_permissions.xml policy.
|
f4d5f3e1f6db56c80959428591bb3dbbe685b010 |
28-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Merge "Add missing seinfo tag from mac_permissions.xml policy."
|
dc4837af0c8ab44e229cd38b80f1f1baf9eb1008 |
28-Mar-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 7a80915f: am 2ae799e4: Drop separate domain for browser. * commit '7a80915f2a741198dbbbfd963a401a3df881c716': Drop separate domain for browser.
|
ff4002581e8da7bca4829b296463b590def04324 |
28-Mar-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 882f7ee2: am 0ecb0f88: Eliminate most of the app policy booleans. * commit '882f7ee2685133049878d007cdb85354bc62faa1': Eliminate most of the app policy booleans.
|
7a80915f2a741198dbbbfd963a401a3df881c716 |
28-Mar-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 2ae799e4: Drop separate domain for browser. * commit '2ae799e44e6603c4b5edc941ce41df9eaa7785ae': Drop separate domain for browser.
|
882f7ee2685133049878d007cdb85354bc62faa1 |
28-Mar-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 0ecb0f88: Eliminate most of the app policy booleans. * commit '0ecb0f886660da5ddfd6945e4b993048727caac8': Eliminate most of the app policy booleans.
|
2ae799e44e6603c4b5edc941ce41df9eaa7785ae |
28-Mar-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Drop separate domain for browser. Change-Id: Ib37b392cb6f6d3fb80852b9a2a6547ab86cd9bff Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
eapp_contexts
|
0ecb0f886660da5ddfd6945e4b993048727caac8 |
28-Mar-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Eliminate most of the app policy booleans. Just allow them unconditionally for compatibility. Change-Id: I85b56532c6389bdfa25731042b98d8f254bd80ee Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
|
65911e8d5de41e2b8ad7a8e1df5618c9ea3513d1 |
28-Mar-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
Add missing seinfo tag from mac_permissions.xml policy. A prior merge accidentally dropped the seinfo tag from the release keys stanza. Change-Id: I99f9ea8d0981c5324c3875896b0673552a03d2ca Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
ac_permissions.xml
|
3ca322e6d4f181328263d7c7e1baf3c1e6e63e79 |
28-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Add the sys_resource capability to sdcardd. Change-Id: I0b2ecdbddbed3d5ea1617c9ae9af7f8b1c9ace93
dcardd.te
|
643b65e2a794dba70587a88e14e9c52d6d4d60a3 |
28-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Add the ability to stat files under /cache for media_app. This feels like a hidden bug- it shouldn't be trying to stat everything under /cache anyways- but allowing for now. Change-Id: Ib5ddfbb408c9f0b6c6218c78a678fcdb09360ccd
pp.te
|
8b80fa890df7b058e4b2eafbec587dbaedc560fc |
28-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Add remount capability to Zygote. This is a consequence of https://googleplex-android-review.googlesource.com/#/c/278069/ Change-Id: I9b310860534a80e7145950f6c632cf5ba0ad56a7
ygote.te
|
7c89b6b0b0bb8a5882ec1b853386119e4b21decc |
28-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Merge "Add a key directory argument to insertkeys.py"
|
51dd0339e311e4bdf81c89ebb62e4ac6685a5c50 |
28-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Add a key directory argument to insertkeys.py This allows us to better integrate key selection with our existing build process. Change-Id: I6e3eb5fbbfffb8e31c5edcf16f74df7c38abe537
ndroid.mk
eys.conf
ools/insertkeys.py
|
b41fedcfd6b524d65fd6401e26ab4a784b065499 |
28-Mar-2013 |
Geremy Condra <gcondra@google.com> |
am c507c377: am 96c109e8: Merge "Revert "Revert "Rewrite mac_permissions.xml file.""" * commit 'c507c37707400aba90d6cb25962ca789bf8f4084': Revert "Revert "Rewrite mac_permissions.xml file.""
|
c507c37707400aba90d6cb25962ca789bf8f4084 |
28-Mar-2013 |
Geremy Condra <gcondra@google.com> |
am 96c109e8: Merge "Revert "Revert "Rewrite mac_permissions.xml file.""" * commit '96c109e8f6de0a2541aabccacecec65bd5ec4c31': Revert "Revert "Rewrite mac_permissions.xml file.""
|
96c109e8f6de0a2541aabccacecec65bd5ec4c31 |
28-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Merge "Revert "Revert "Rewrite mac_permissions.xml file."""
|
59fd8d40def9396e2bfd71763a071302b1ef52be |
28-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Revert "Revert "Rewrite mac_permissions.xml file."" This reverts commit 31d1a40b2eec2bcdb028843e2d6f246e33afa823 Change-Id: I70aab6f01b9a74512dcbd9bff167890747e54355
ac_permissions.xml
|
c0dc6680178fe6b0c08b78d9cbf376d6bf9a0870 |
01-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Add policy for __properties__ device. Change-Id: Ie9b391283362fb6930f1ae858f0a879835c91e32
evice.te
omain.te
ile_contexts
|
17a41bdb65a7d1bca9a01667f4c61b0af341af10 |
27-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Drop MLS separation for compatibility. Change-Id: I555361d732b8f1bdc90c231a3183a85526a5a558
eapp_contexts
|
8b925068215958102bfbd83fb725e4f1a75d7a86 |
27-Mar-2013 |
William Roberts <bill.c.roberts@gmail.com> |
am e693ed7c: Remove the su domain from -user builds. * commit 'e693ed7c187804b3b1ae49bf0d31bd43e7a19e08': Remove the su domain from -user builds.
|
2d580ddc16f65eb3cb118dfd435fcc9b995be2a2 |
27-Mar-2013 |
Geremy Condra <gcondra@google.com> |
am 16820182: Merge "Expand insertkeys.py script to allow union of files." * commit '1682018210077f27a04cd992c660ab7b21a21afc': Expand insertkeys.py script to allow union of files.
|
ebbee43efbec565baa9f5e6b118990129e9d07d1 |
27-Mar-2013 |
Geremy Condra <gcondra@google.com> |
am e69552ba: Revert "Revert "Various minor policy fixes based on CTS."" * commit 'e69552ba2d76174d443d1b8457295e4d72f2a986': Revert "Revert "Various minor policy fixes based on CTS.""
|
e693ed7c187804b3b1ae49bf0d31bd43e7a19e08 |
15-Mar-2013 |
William Roberts <bill.c.roberts@gmail.com> |
Remove the su domain from -user builds. Change-Id: I86f2f28f7c558b8e9a70e5aa9ebcfa8bf26f9ef7
ndroid.mk
u_user.te
|
350d2ae9c97cbec5d8dcba1f3b164191d6cae66a |
27-Mar-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
am 65d4f44c: Various policy updates. * commit '65d4f44c1fd999d9cf9c4ef4dc65deb71bafcd8e': Various policy updates.
|
1682018210077f27a04cd992c660ab7b21a21afc |
27-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Merge "Expand insertkeys.py script to allow union of files."
|
e69552ba2d76174d443d1b8457295e4d72f2a986 |
26-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Revert "Revert "Various minor policy fixes based on CTS."" This reverts commit ba84bf1dec64d745b6efc516799b2c722a672cd9 Hidden dependency resolved. Change-Id: I9f0844f643abfda8405db2c722a36c847882c392
dbd.te
pp.te
hcp.te
rmserver.te
ile_contexts
ediaserver.te
hell.te
urfaceflinger.te
ystem.te
|
7f2392eeb03eeb88f2699061f4adaeb1fcbd1de2 |
27-Mar-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
Expand insertkeys.py script to allow union of files. Allow script to union mac_permissions.xml files specified using the BOARD_SEPOLICY_DIRS and BOARD_SEPOLICY_UNION constructs. Change-Id: I4fc65fd1ab4c612f25e966f030247e54a270b614 Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
ndroid.mk
EADME
ools/insertkeys.py
|
65d4f44c1fd999d9cf9c4ef4dc65deb71bafcd8e |
27-Mar-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
Various policy updates. Assortment of policy changes include: * Bluetooth domain to talk to init and procfs. * New device node domains. * Allow zygote to talk to its executable. * Update system domain access to new device node domains. * Create a post-process sepolicy with dontaudits removed. * Allow rild to use the tty device. Change-Id: Ibb96b590d0035b8f6d1606cd5e4393c174d10ffb Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
ndroid.mk
luetooth.te
evice.te
ile.te
ile_contexts
ediaserver.te
ild.te
ystem.te
ygote.te
|
d0d06251b97da1d967b42d71750f12c68eb3f157 |
27-Mar-2013 |
Geremy Condra <gcondra@google.com> |
am bf539bf3: Merge "Fix makefile error with ANDROID_BUILD_TOP" * commit 'bf539bf363c0361e3bac8ffd5e15c7ec8c514fdb': Fix makefile error with ANDROID_BUILD_TOP
|
32866846e41d1a5d2dee092fe726f7bac8312cc1 |
27-Mar-2013 |
Geremy Condra <gcondra@google.com> |
am edf7b4c8: Revert "Revert "Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml"""" * commit 'edf7b4c861144764d0bc17436064d52e7147f916': Revert "Revert "Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml""""
|
bf539bf363c0361e3bac8ffd5e15c7ec8c514fdb |
26-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Merge "Fix makefile error with ANDROID_BUILD_TOP"
|
edf7b4c861144764d0bc17436064d52e7147f916 |
26-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Revert "Revert "Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml"""" This reverts commit 60d4d71ead9e9ac96e9cb81380c254bac3a9df4f This should (finally) be fixed in https://android-review.googlesource.com/#/c/54730/ Change-Id: I3dd358560f7236f28387ffbe247fc2b004e303ea
ndroid.mk
EADME
eys.conf
ac_permissions.xml
ools/Android.mk
ools/insertkeys.py
|
52fc95d1b7e29a61d315eb7378c3b47985f4fd74 |
26-Mar-2013 |
William Roberts <w.roberts@sta.samsung.com> |
Fix makefile error with ANDROID_BUILD_TOP Use TOP instead of ANDROID_BUILD_TOP Fix spelling issues in keys.conf Change-Id: Ib90b3041af5ef68f30f4ab78c768ad225987ef2d
ndroid.mk
eys.conf
|
9826c656765926ffcd5271f58d7c058ae8177c26 |
26-Mar-2013 |
Geremy Condra <gcondra@google.com> |
am 60d4d71e: Revert "Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml""" * commit '60d4d71ead9e9ac96e9cb81380c254bac3a9df4f': Revert "Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml"""
|
60d4d71ead9e9ac96e9cb81380c254bac3a9df4f |
26-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Revert "Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml""" This reverts commit cd4104e84b438827fddd6a7fe6cb86e91392152d This builds clean locally, but seems to explode on the build servers. Reverting until there's a solution. Change-Id: I09200db37c193f39c77486d5957a8f5916e38aa0
ndroid.mk
EADME
eys.conf
ac_permissions.xml
ools/Android.mk
ools/insertkeys.py
|
829944e85d0b2abeba9141fb1f47bb52993acd66 |
26-Mar-2013 |
Geremy Condra <gcondra@google.com> |
am 82fe3d24: Merge "Revert "Rewrite mac_permissions.xml file."" * commit '82fe3d249f40629fe40f4feed258cccd95b2a374': Revert "Rewrite mac_permissions.xml file."
|
82fe3d249f40629fe40f4feed258cccd95b2a374 |
26-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Merge "Revert "Rewrite mac_permissions.xml file.""
|
31d1a40b2eec2bcdb028843e2d6f246e33afa823 |
26-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Revert "Rewrite mac_permissions.xml file." This reverts commit b24c30b4ed5304d3df41bbd9452762e8e3555c12 Reverting the changes that depend on insertkeys until the issues there are resolved. Change-Id: Ie7e0d6657d8e7cfb44fc3efa2f99c8d1011a0fe1
ac_permissions.xml
|
2a6d0ace882979537c8b2589be3399a0e77d244b |
26-Mar-2013 |
Geremy Condra <gcondra@google.com> |
am 1620c671: Merge "Introduce security labels for 2 new device nodes." * commit '1620c671f2b946333958d07420643caf98534a01': Introduce security labels for 2 new device nodes.
|
5a55c1196ce26df4b569bdf197c3a39d7a078c05 |
26-Mar-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
am b24c30b4: Rewrite mac_permissions.xml file. * commit 'b24c30b4ed5304d3df41bbd9452762e8e3555c12': Rewrite mac_permissions.xml file.
|
1620c671f2b946333958d07420643caf98534a01 |
26-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Merge "Introduce security labels for 2 new device nodes."
|
7a852858434c3b4205dc28cd6f3b7045558fe950 |
26-Mar-2013 |
Geremy Condra <gcondra@google.com> |
am cd4104e8: Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml"" * commit 'cd4104e84b438827fddd6a7fe6cb86e91392152d': Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml""
|
b24c30b4ed5304d3df41bbd9452762e8e3555c12 |
22-Mar-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
Rewrite mac_permissions.xml file. Rewrite all stanzas to only include seinfo tags. Change-Id: I4d528ce092ec8d1aac15195ed3a8e307d604607e Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
ac_permissions.xml
|
cd4104e84b438827fddd6a7fe6cb86e91392152d |
26-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml"" This reverts commit 1446e714af0b0c358b5ecf37c5d704c96c72cf7c Hidden dependency has been resolved. Change-Id: Ia535c0b9468ea5f705dff9813186a7fa8bab84ae
ndroid.mk
EADME
eys.conf
ac_permissions.xml
ools/Android.mk
ools/insertkeys.py
|
f62af81817b1e8c4be5e71cbcef7b91e1b7b2bbf |
30-Jan-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
Introduce security labels for 2 new device nodes. iio: Industrial I/O subsystem usb_accessory: accessory protocol for usb Allow system access in both cases. Change-Id: I02db9775ec2ddaaeda40fae6d5e56e320957b09c Signed-off-by: Robert Craig <rpcraig@tycho.ncsc.mil>
evice.te
ile_contexts
ystem.te
|
a851e6dab970d548f83ef0705bee7aff1da0dd9f |
23-Mar-2013 |
Geremy Condra <gcondra@google.com> |
am c3295802: Merge "New users need a wallpaper_file type." * commit 'c3295802d7fb22213c073705480d1c1314d71d27': New users need a wallpaper_file type.
|
c3295802d7fb22213c073705480d1c1314d71d27 |
23-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Merge "New users need a wallpaper_file type."
|
56b2981db544714de42c04f56403722f1f5be333 |
23-Mar-2013 |
Geremy Condra <gcondra@google.com> |
am eee138c2: Merge "Allow zygote to search tmpfs." * commit 'eee138c2db6916a2b965819b1c25f10c490c329a': Allow zygote to search tmpfs.
|
b035d80cedf3ce9e066175a92ecae68a6b200d73 |
23-Mar-2013 |
rpcraig <rpcraig@tycho.ncsc.mil> |
am 41e53901: New dev_types and other minor adjustments. * commit '41e539010df1fa58abf6b57959ea30a05ff80102': New dev_types and other minor adjustments.
|
eee138c2db6916a2b965819b1c25f10c490c329a |
23-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Merge "Allow zygote to search tmpfs."
|
c5baaff7a6738a148d36260c4050355cbc2d2efc |
30-Nov-2012 |
rpcraig <rpcraig@tycho.ncsc.mil> |
New users need a wallpaper_file type. Change-Id: I7ff4ed9f73f43918cac05a026af68cca8dbe02c3 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ile_contexts
|
48b2a36cbf59d2d6d2225e32472f466e5b65932a |
23-Mar-2013 |
rpcraig <rpcraig@tycho.ncsc.mil> |
am 905e316d: Make ion_device mls trusted. * commit '905e316d0b9f2a913f61a6344bc9bafe2fa66671': Make ion_device mls trusted.
|
8b3b4fe7560b66641f894ba728eeb7cfb3348143 |
03-Dec-2012 |
rpcraig <rpcraig@tycho.ncsc.mil> |
Allow zygote to search tmpfs. Change-Id: Ib0bdcbc1a7e45e1d1a046c9fa8aff89183ebfe0d
ygote.te
|
41e539010df1fa58abf6b57959ea30a05ff80102 |
04-Dec-2012 |
rpcraig <rpcraig@tycho.ncsc.mil> |
New dev_types and other minor adjustments. Add new dev_type: - ump_device : Unified Memory Provider driver. The file_contexts entry should be described on a per device basis. Minor adjustments: - tee needs netlink socket access. - ueventd needs to grant file operations. Change-Id: I915304da687d3a2b9aa417e6f91ea915bd697676 Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
ee.te
eventd.te
|
905e316d0b9f2a913f61a6344bc9bafe2fa66671 |
07-Dec-2012 |
rpcraig <rpcraig@tycho.ncsc.mil> |
Make ion_device mls trusted. Allow device node access irrespective of MLS restrictions. Third party apps (untrusted_app) domains need access too. Change-Id: I132b8201bccb1ff31dc0c15a735f81f645c9836d
evice.te
|
27382687cbc57c85184a9e236c01420fda4ed69e |
23-Mar-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
am 18b5f87e: racoon policy. * commit '18b5f87ea18baaf7356a1f1729dc2737be3c141e': racoon policy.
|
18b5f87ea18baaf7356a1f1729dc2737be3c141e |
07-Jan-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
racoon policy. Initial policy for racoon (IKE key management). Signed-off-by: Robert Craig <rpcraig@tycho.ncsc.mil> Change-Id: If1e344f39ea914e42afbaa021b272ba1b7113479
pp.te
evice.te
ile.te
ile_contexts
lobal_macros
acoon.te
ystem.te
|
7dfe9956b36e1b605559883132c67fa7709cfdb1 |
22-Mar-2013 |
Geremy Condra <gcondra@google.com> |
am dbb82fd8: Merge "Revert "Various minor policy fixes based on CTS."" * commit 'dbb82fd8f063fdc5854f9d6359d2be0a570ad0cc': Revert "Various minor policy fixes based on CTS."
|
dbb82fd8f063fdc5854f9d6359d2be0a570ad0cc |
22-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Merge "Revert "Various minor policy fixes based on CTS.""
|
ba84bf1dec64d745b6efc516799b2c722a672cd9 |
22-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Revert "Various minor policy fixes based on CTS." This reverts commit 8a814a7604afd20f12c9ff3dcdae7d10e9b75f84 Change-Id: Id1497cc42d07ee7ff2ca44ae4042fc9f2efc9aad
dbd.te
pp.te
hcp.te
rmserver.te
ile_contexts
ediaserver.te
hell.te
urfaceflinger.te
ystem.te
|
140a9a3870e99289bba33781ff6f94b06e9ee3a4 |
22-Mar-2013 |
Geremy Condra <gcondra@google.com> |
am 9c0f2df1: Merge changes I5a3584b6,Ic7252a8e,I2d4ace75 * commit '9c0f2df1832f82bd2867d2e2fa18dde31b05e63e': Various minor policy fixes based on CTS. Split internal and external sdcards Give sdcard sys_admin capability.
|
ddda5adca28e1d820b9369173bdbaf0700b5fd95 |
22-Mar-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am f766c4d9: Allow bluetooth users to use socket provided by bluetooth app. * commit 'f766c4d9ee8e0d95755a8b54622b424a224830d1': Allow bluetooth users to use socket provided by bluetooth app.
|
9c0f2df1832f82bd2867d2e2fa18dde31b05e63e |
22-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Merge changes I5a3584b6,Ic7252a8e,I2d4ace75 * changes: Various minor policy fixes based on CTS. Split internal and external sdcards Give sdcard sys_admin capability.
|
036baf6ae92393a1406627e9a247d3a44f49a54b |
22-Mar-2013 |
Jeff Sharkey <jsharkey@android.com> |
Remove uhid_device to fix build. Change-Id: Ifec28b8ae2f21e1765194bd698fc0b7f479a96d7
luetooth.te
|
04d7c71c2cc23964b76da2bb0092563776d4fb77 |
22-Mar-2013 |
Jeff Sharkey <jsharkey@android.com> |
Remove tun_device to fix build. Change-Id: I3d5e6a2fefc7b975baf849d1fd7a628e86a27222
luetooth.te
|
34a8d4c67dcf339423074a8b75ae133c06efa215 |
22-Mar-2013 |
rpcraig <rpcraig@tycho.ncsc.mil> |
am ff7e5305: Create policy for PAN connections. * commit 'ff7e5305b87da76735add3444846814958c5d555': Create policy for PAN connections.
|
83d80311d173f55872c0848fefe9926c3f25f422 |
22-Mar-2013 |
William Roberts <w.roberts@sta.samsung.com> |
am 4d3f1089: Allow domain search/getattr access to security file * commit '4d3f1089aa3c763e4e2c2ccbce2ab23dd700ea48': Allow domain search/getattr access to security file
|
8a814a7604afd20f12c9ff3dcdae7d10e9b75f84 |
12-Mar-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Various minor policy fixes based on CTS. Change-Id: I5a3584b6cc5eda2b7d82e85452f9fe457877f1d1 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
dbd.te
pp.te
hcp.te
rmserver.te
ile_contexts
ediaserver.te
hell.te
urfaceflinger.te
ystem.te
|
c195ec31485766d065d3e3101268d5ce727ff4c0 |
07-Mar-2013 |
William Roberts <w.roberts@sta.samsung.com> |
Split internal and external sdcards Two new types are introduced: sdcard_internal sdcard_external The existing type of sdcard, is dropped and a new attribute sdcard_type is introduced. The boolean app_sdcard_rw has also been changed to allow for controlling untrusted_app domain to use the internal and external sdcards. Change-Id: Ic7252a8e1703a43cb496413809d01cc6cacba8f5
pp.te
ttributes
rmserver.te
ile.te
enfs_contexts
ediaserver.te
ild.te
dcardd.te
hell.te
ystem.te
old.te
ygote.te
|
1ed1effabf5e9fd99b89c25daea1906f26233e6b |
30-Jan-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
Give sdcard sys_admin capability. Change-Id: I2d4ace75f3e75f47f99e93d58922d5719b47fffe
dcardd.te
|
f766c4d9ee8e0d95755a8b54622b424a224830d1 |
13-Mar-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow bluetooth users to use socket provided by bluetooth app. Change-Id: Ia061aa3b19229b96f643ca0285a7fa5fa06fd780 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
luetooth.te
|
ff7e5305b87da76735add3444846814958c5d555 |
04-Dec-2012 |
rpcraig <rpcraig@tycho.ncsc.mil> |
Create policy for PAN connections. Policy to allow bluetooth tethering. Change-Id: Ic24c97b0e1dc93395b8381b78ca4929baa30337c Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
luetooth.te
hcp.te
etd.te
|
4d3f1089aa3c763e4e2c2ccbce2ab23dd700ea48 |
31-Jan-2013 |
William Roberts <w.roberts@sta.samsung.com> |
Allow domain search/getattr access to security file Change-Id: I3b35b68247f35d5d9d9afd33c203aa97e437dc14
omain.te
|
e59451ae68a58101402486bb3c674ab0f488d492 |
22-Mar-2013 |
William Roberts <w.roberts@sta.samsung.com> |
am 9e70c8bf: Move policy files * commit '9e70c8bf681aa51b2c0b870e817bf7a0276ff03c': Move policy files
|
9e70c8bf681aa51b2c0b870e817bf7a0276ff03c |
23-Jan-2013 |
William Roberts <w.roberts@sta.samsung.com> |
Move policy files Update the file_contexts for the new location of the policy files, as well as update the policy for the management of these types. Change-Id: Idc475901ed437efb325807897e620904f4ff03e9
ile.te
ile_contexts
roperty.te
roperty_contexts
ystem.te
e_macros
|
058c4748397cc39861a0bc603faacde7e24ca245 |
21-Mar-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 346cae27: bluetooth app requires net_admin for enabling bluetooth. * commit '346cae27813c803d3254871825e64c3805076d04': bluetooth app requires net_admin for enabling bluetooth.
|
f0221d47f585e899986823b921a19849da6e227a |
21-Mar-2013 |
Geremy Condra <gcondra@google.com> |
am cf141426: Merge "Strengthen setenforce and setbool assertions" * commit 'cf141426d45067f4a9709d3cf79eef3609d63ab1': Strengthen setenforce and setbool assertions
|
f1f4af695e657c8146463d42ce64d2def54769bc |
21-Mar-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 9aea69c0: Require entrypoint to be explicitly granted for unconfined domains. * commit '9aea69c004b2c2ce12458374ae32482775f599f4': Require entrypoint to be explicitly granted for unconfined domains.
|
346cae27813c803d3254871825e64c3805076d04 |
13-Mar-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
bluetooth app requires net_admin for enabling bluetooth. Change-Id: I571731169036a3203d0145af67f45b3d9eb6366b Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ssert.te
luetooth.te
|
cf141426d45067f4a9709d3cf79eef3609d63ab1 |
21-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Merge "Strengthen setenforce and setbool assertions"
|
9aea69c004b2c2ce12458374ae32482775f599f4 |
12-Mar-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Require entrypoint to be explicitly granted for unconfined domains. Change-Id: Ieeaa002061c9e4224ea90dfa60dffb112aa152c2 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
nconfined.te
|
193d1292fab464bde1e785b27b019cc869aac8a8 |
11-Feb-2013 |
William Roberts <w.roberts@sta.samsung.com> |
Strengthen setenforce and setbool assertions Change-Id: I58f15889c248b49f9e29028a3c0a86b4c950ff07
ssert.te
|
b633b4d3cde6fe8949b150e7216abb2a32e5ba9d |
21-Mar-2013 |
William Roberts <w.roberts@sta.samsung.com> |
am 15b3ceda: Add BOARD_SEPOLICY_IGNORE * commit '15b3ceda5cd0fea1f0b5b19d4795d7290a75b39d': Add BOARD_SEPOLICY_IGNORE
|
15b3ceda5cd0fea1f0b5b19d4795d7290a75b39d |
12-Feb-2013 |
William Roberts <w.roberts@sta.samsung.com> |
Add BOARD_SEPOLICY_IGNORE See README for further details. Change-Id: I4599c7ecd5a552e38de89d0a9e496e047068fe05
ndroid.mk
EADME
|
464952419b6813e5f2a8d0a16beca548f2dd5428 |
20-Mar-2013 |
Colin Cross <ccross@android.com> |
sepolicy: add /vendor to file_contexts /vendor has the same permissions as /system/vendor for devices that have a separate vendor partition. Bug: 8341435 Change-Id: If0c78b31f8a6e8e5680f1d076c323d1628fb07b2
ile_contexts
|
862909f7304b978888a83c0ff479a2c606eaae93 |
20-Mar-2013 |
Geremy Condra <gcondra@google.com> |
am acea73d5: Merge "Drop shell from having access to dmesg" * commit 'acea73d5dc42c4475f4f474343041765b558c5d4': Drop shell from having access to dmesg
|
acea73d5dc42c4475f4f474343041765b558c5d4 |
20-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Merge "Drop shell from having access to dmesg"
|
f4c8ca6b7d0d58747752baaa88446eb70a125d1d |
20-Mar-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 38084146: Generalize levelFromUid support. * commit '38084146e0fd665b68c8c4ff131cae9d07ef5993': Generalize levelFromUid support.
|
36c87bbdb81515fe35fa0d51d5f197c32576f62d |
20-Mar-2013 |
Geremy Condra <gcondra@google.com> |
am ae0fcf1f: Merge "watchdog security policy." * commit 'ae0fcf1fb60de1d63fc1944111398497b655224b': watchdog security policy.
|
9050e3696c1b99cd6f4e52a234201778373ca0dc |
20-Mar-2013 |
Geremy Condra <gcondra@google.com> |
am 566553e3: Merge "Update binder-related policy." * commit '566553e3080c2f07a1a14dbf0ccdca8454492a6a': Update binder-related policy.
|
38084146e0fd665b68c8c4ff131cae9d07ef5993 |
28-Nov-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Generalize levelFromUid support. Introduce a levelFrom=none|app|user|all syntax for specifying per-app, per-user, or per-combination level assignment. levelFromUid=true|false remains valid syntax but is deprecated. levelFromUid=true is equivalent to levelFrom=app. Update check_seapp to accept the new syntax. Update seapp_contexts to document the new syntax and switch from levelFromUid=true to levelFrom=app. No change in behavior. Change-Id: Ibaddeed9bc3e2586d524efc2f1faa5ce65dea470 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
eapp_contexts
ools/check_seapp.c
|
ae0fcf1fb60de1d63fc1944111398497b655224b |
20-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Merge "watchdog security policy."
|
566553e3080c2f07a1a14dbf0ccdca8454492a6a |
20-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Merge "Update binder-related policy."
|
b5b4377f11293147163ff3b85516e379a6ee32bb |
20-Mar-2013 |
Geremy Condra <gcondra@google.com> |
am 1446e714: Revert "Dynamic insertion of pubkey to mac_permissions.xml" * commit '1446e714af0b0c358b5ecf37c5d704c96c72cf7c': Revert "Dynamic insertion of pubkey to mac_permissions.xml"
|
b4014d393949762ac90384288962a1ec2e1f86f4 |
20-Mar-2013 |
William Roberts <w.roberts@sta.samsung.com> |
am 5a2988fc: Remove duplicate paths from sepolicy_replace_paths * commit '5a2988fcb5f1b76c87d9bf8e671c38d1b03188ab': Remove duplicate paths from sepolicy_replace_paths
|
45ed43dd56c4e2deab5ceb5f5c841e35fc435678 |
20-Mar-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 1f5939a9: Allow search of tmpfs mount for /storage/emulated. * commit '1f5939a97647bb71414588be8f26114773edceaf': Allow search of tmpfs mount for /storage/emulated.
|
c6bfb5c835cd1b858f8f74f879f94bc78b4b9c9a |
20-Mar-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 61362840: Permit fstat of property mapping. * commit '61362840813c3a396339a7f7b5d73ca825a83748': Permit fstat of property mapping.
|
cb6b5afd34977b44421d925f7ffb5ddfc9ee7d9e |
20-Mar-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am aeb512d2: Disable debugfs access by default. * commit 'aeb512d2edda496eb768d4b84a7c7fc2e7d09202': Disable debugfs access by default.
|
9709395b61b0b347039d78d4ec7c05c9962da254 |
20-Mar-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am c8106f12: Only allow read/write not open on platform_app_data_file. * commit 'c8106f12c09dfffebebcff6b435d4974e6b2a9d7': Only allow read/write not open on platform_app_data_file.
|
1d7081e3cc0d854babd8633751a749e6fa367bbf |
20-Mar-2013 |
Geremy Condra <gcondra@google.com> |
am d06104d8: Merge "property_contexts checks added to checkfc." * commit 'd06104d873a4256f8a6fb66ee0f930abbc15f8a1': property_contexts checks added to checkfc.
|
e0c0ad29496bf98bcb686d25305f350606cd8aaa |
19-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Revert "Dynamic insertion of pubkey to mac_permissions.xml" This reverts commit 22fc04103b70dd5a1cb1b5a8309ef20461e06289 Change-Id: I2d91b1262e8d0e82a21ea7c5333b1e86f3ed9bee
ndroid.mk
EADME
eys.conf
ac_permissions.xml
ools/Android.mk
ools/insertkeys.py
|
767abc077e10bd2325e2b566834e5d37d7765df0 |
24-Jan-2013 |
William Roberts <w.roberts@sta.samsung.com> |
Drop shell from having access to dmesg In normal, user builds, shell doesn't have the required DAC permissions to acess the kernel log. Change-Id: I001e6d65f508e07671bdb71ca2c0e1d53bc5b970
hell.te
|
1446e714af0b0c358b5ecf37c5d704c96c72cf7c |
19-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Revert "Dynamic insertion of pubkey to mac_permissions.xml" This reverts commit 22fc04103b70dd5a1cb1b5a8309ef20461e06289 Change-Id: I2d91b1262e8d0e82a21ea7c5333b1e86f3ed9bee
ndroid.mk
EADME
eys.conf
ac_permissions.xml
ools/Android.mk
ools/insertkeys.py
|
5a2988fcb5f1b76c87d9bf8e671c38d1b03188ab |
04-Jan-2013 |
William Roberts <w.roberts@sta.samsung.com> |
Remove duplicate paths from sepolicy_replace_paths Change-Id: I5d5362ad0055275052b0c2ba535b599a8e26112e
ndroid.mk
|
bac9992e860f634ef32354b4a0bcf39b300b059a |
03-Dec-2012 |
rpcraig <rpcraig@tycho.ncsc.mil> |
watchdog security policy. Initial policy for software watchdog daemon which is started by init. Change-Id: I042a5b1698bf53ce2e50ea06851c374e5123ee2c Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
evice.te
ile_contexts
atchdogd.te
|
9ce99e3908fcd81430bc9612e5d86819939b6db2 |
16-Nov-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Update binder-related policy. The binder_transfer_binder hook was changed in the kernel, obsoleting the receive permission and changing the target of the transfer permission. Update the binder-related policy to match the revised permission checking. Change-Id: I1ed0dadfde2efa93296e967eb44ca1314cf28586 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ccess_vectors
pp.te
ediaserver.te
ervicemanager.te
urfaceflinger.te
ystem.te
e_macros
nconfined.te
|
1f5939a97647bb71414588be8f26114773edceaf |
31-Jan-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow search of tmpfs mount for /storage/emulated. Change-Id: Ie79ff3fb9c0a893e348c4adb2f457cae42d7800f Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
omain.te
|
61362840813c3a396339a7f7b5d73ca825a83748 |
30-Jan-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Permit fstat of property mapping. Change-Id: Ie58185519252dad29a23d0d3d54b1cbafea83a83 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
omain.te
|
aeb512d2edda496eb768d4b84a7c7fc2e7d09202 |
11-Jan-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Disable debugfs access by default. Change-Id: I8265e34a76913a76eedd2d7a6fe3b14945fde924 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
omain.te
|
c8106f12c09dfffebebcff6b435d4974e6b2a9d7 |
11-Jan-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Only allow read/write not open on platform_app_data_file. Change-Id: Iad4ad43ce7ba3c00b69b7aac752b40bc2d3be002 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
|
a74dd1f0ead2e6c998dc9cae5eac14351fbf8f20 |
19-Mar-2013 |
Geremy Condra <gcondra@google.com> |
am 6d6c617f: Merge "Whitespace and doxygen fix" * commit '6d6c617f6d6644c71bd83a0a17d258b4041c98cf': Whitespace and doxygen fix
|
85f5972c4b3cd38db03234f0d6b5ed1087b73858 |
19-Mar-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am ee80bfb9: Add policy assertions (neverallow rules). * commit 'ee80bfb9cf5727ce9938f76d88ac50833edee48c': Add policy assertions (neverallow rules).
|
8b206260b45a6a412579e393a41b19f1ba7c1365 |
19-Mar-2013 |
Geremy Condra <gcondra@google.com> |
am c0890c89: Merge "Allow domain to random_device" * commit 'c0890c899f572785b6a14a91bae6122b72db4416': Allow domain to random_device
|
9a35a01401a3e73d9d800e7aa6b81ea5031c88dc |
19-Mar-2013 |
William Roberts <w.roberts@sta.samsung.com> |
am 6a64897a: Do not allow access to device:chr_file for system * commit '6a64897a4b098e834f7b6679c0c5b85fdbb752b2': Do not allow access to device:chr_file for system
|
842a9dce5a6dc2f427e5350c91a7269f3ac5bd22 |
19-Mar-2013 |
rpcraig <rpcraig@tycho.ncsc.mil> |
am 1c8464e1: App data backup security policy. * commit '1c8464e1365950538e9e4647a4f220910f79ab1e': App data backup security policy.
|
28866401280bf516cc88da014b30c47e19d57cfd |
19-Mar-2013 |
Geremy Condra <gcondra@google.com> |
am c57dbccb: Merge "Change security policy so all apps can read /dev/xt_qtaguid." * commit 'c57dbccb50ff804f2e002df8bd6db54b0477b877': Change security policy so all apps can read /dev/xt_qtaguid.
|
2b7e767cc94d4f061111fb931231188cb450999e |
19-Mar-2013 |
Geremy Condra <gcondra@google.com> |
am 5988bbf8: Merge "Dynamic insertion of pubkey to mac_permissions.xml" * commit '5988bbf8a2b6c4b7f329ee007e75004269d71817': Dynamic insertion of pubkey to mac_permissions.xml
|
61dddba79f6412f4c889d4fa010f433f1dbc6e04 |
19-Mar-2013 |
Geremy Condra <gcondra@google.com> |
am 04598de8: Merge "Replaceable mac_permission.xml support" * commit '04598de87251c433594f1073ebcd8116cee49345': Replaceable mac_permission.xml support
|
62495abcdce58c930eb5826eeb51ddaef5a0ac05 |
19-Mar-2013 |
Geremy Condra <gcondra@google.com> |
am 669f6792: Merge "mediaserver.te refactor" * commit '669f679243431084adaaacd6e4857e2eed92b93a': mediaserver.te refactor
|
cc32a792c07219e3078a7703200d740f0ab7431e |
19-Mar-2013 |
Geremy Condra <gcondra@google.com> |
am eeafabde: Merge "Label persist audio properties" * commit 'eeafabde6188a21d7df741fa93ab5156e1c10414': Label persist audio properties
|
d06104d873a4256f8a6fb66ee0f930abbc15f8a1 |
19-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Merge "property_contexts checks added to checkfc."
|
6d6c617f6d6644c71bd83a0a17d258b4041c98cf |
19-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Merge "Whitespace and doxygen fix"
|
ee80bfb9cf5727ce9938f76d88ac50833edee48c |
11-Jan-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Add policy assertions (neverallow rules). Change-Id: I384ea9516a5ed2369f7fa703499e284e29a2c0eb Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ssert.te
|
c0890c899f572785b6a14a91bae6122b72db4416 |
19-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Merge "Allow domain to random_device"
|
d98d26ef3c1fe9b44497ed4e2a1fcf66505092ba |
23-Jan-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
property_contexts checks added to checkfc. Change-Id: If361ea93fabd343728196eed2663fd572ecaa70b Signed-off-by: Robert Craig <rpcraig@tycho.ncsc.mil>
ndroid.mk
ools/checkfc.c
|
6a64897a4b098e834f7b6679c0c5b85fdbb752b2 |
18-Jan-2013 |
William Roberts <w.roberts@sta.samsung.com> |
Do not allow access to device:chr_file for system Also labels /dev/mpu and /dev/mpuirq as gps device. mpu is motion processing unit and is resposible for gyroscope functionality. Change-Id: If7f1a5752c550b72fac681566e1052f09e139ff0
ile_contexts
ystem.te
|
1c8464e1365950538e9e4647a4f220910f79ab1e |
04-Dec-2012 |
rpcraig <rpcraig@tycho.ncsc.mil> |
App data backup security policy. Policy covers: * backup_data_file type for labeling all files/dirs under /data dealing with backup mechanism. * cache_backup_file type for labeling all files/dirs under /cache dealing with backup mechanism. This also covers the the use of LocalTransport for local archive and restore testing. * the use of 'adb shell bmgr' to initiate backup mechanism from shell. * the use of 'adb backup/restore' to archive and restore the device's data. Change-Id: I700a92d8addb9bb91474bc07ca4bb71eb4fc840e Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
pp.te
ile.te
ile_contexts
ystem.te
|
c57dbccb50ff804f2e002df8bd6db54b0477b877 |
19-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Merge "Change security policy so all apps can read /dev/xt_qtaguid."
|
5988bbf8a2b6c4b7f329ee007e75004269d71817 |
19-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Merge "Dynamic insertion of pubkey to mac_permissions.xml"
|
04598de87251c433594f1073ebcd8116cee49345 |
19-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Merge "Replaceable mac_permission.xml support"
|
669f679243431084adaaacd6e4857e2eed92b93a |
19-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Merge "mediaserver.te refactor"
|
eeafabde6188a21d7df741fa93ab5156e1c10414 |
19-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Merge "Label persist audio properties"
|
17e91e8915d5b2463d6bc4da17761fbe8e6edea6 |
19-Feb-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am e468016b: zygote requires setpcap in order to drop from its bounding set. * commit 'e468016b1bd79b505e62fd410f59a03bad8bbe06': zygote requires setpcap in order to drop from its bounding set.
|
e468016b1bd79b505e62fd410f59a03bad8bbe06 |
19-Feb-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
zygote requires setpcap in order to drop from its bounding set. I8560fa5ad125bf31f0d13be513431697bc7d22bb changed the zygote to limit the bounding capability set to CAP_NET_RAW. This triggers a CAP_SETPCAP check by the kernel, which requires SELinux setpcap permission. Change-Id: Ib910d97dcf708273e2806e2824f4abe9fc239d6d Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ygote.te
|
40356b993a45c48d320636956ee4d8655813355a |
30-Jan-2013 |
William Roberts <w.roberts@sta.samsung.com> |
Allow domain to random_device Change-Id: I1a728cbc78e30c0b43309acc125169528d352f11
omain.te
|
78ec44500b44e835cd8540c7e1ec9bf80aae76da |
12-Jan-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 58b0fb6d: Fix invalid specification for adb_keys. * commit '58b0fb6ddee7257a6a27f31ba97d47fa23efac15': Fix invalid specification for adb_keys.
|
58b0fb6ddee7257a6a27f31ba97d47fa23efac15 |
11-Jan-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Fix invalid specification for adb_keys. A prior change added an entry for adb_keys without any security context, yielding warnings like the following during build: out/target/product/manta/root/file_contexts: line 7 is missing fields, skipping This adds the missing security context field. Change-Id: If48731c8aa7d22a3f547d0854f288ff68f9006da Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ile_contexts
|
19740e1806a2464935c8bcc4c26f242623afc212 |
28-Dec-2012 |
Colin Cross <ccross@android.com> |
am 92b9aa0e: add file_contexts entries for root filesystem * commit '92b9aa0eeff49e5bc3dc6297f3d35ec41d6ab73d': add file_contexts entries for root filesystem
|
92b9aa0eeff49e5bc3dc6297f3d35ec41d6ab73d |
21-Dec-2012 |
Colin Cross <ccross@android.com> |
add file_contexts entries for root filesystem It may be useful to generate an ext4 image of the root filesystem instead of using a ramdisk. Whitelist entries in file_contexts to support selinux labeling a root filesystem image. Change-Id: I91a38d0aee4408c46cbfe5dc5e6eda198572e90f
ile_contexts
|
22fc04103b70dd5a1cb1b5a8309ef20461e06289 |
05-Dec-2012 |
William Roberts <w.roberts@sta.samsung.com> |
Dynamic insertion of pubkey to mac_permissions.xml Support the inseretion of the public key from pem files into the mac_permissions.xml file at build time. Change-Id: Ia42b6cba39bf93723ed3fb85236eb8f80a08962a
ndroid.mk
EADME
eys.conf
ac_permissions.xml
ools/Android.mk
ools/insertkeys.py
|
2c8a55dcf4e571c198118dd4459d62894f6378f3 |
30-Nov-2012 |
William Roberts <w.roberts@sta.samsung.com> |
Replaceable mac_permission.xml support Support overriding ma_permissions.xml in BOARD_SEPOLICY_REPLACE Change-Id: If0bca8bf29bc431a291b6d7b20de132e68cd6a79
ndroid.mk
|
4c266ba1bc71b8aeb09deb1574550f44807ac0e3 |
03-Dec-2012 |
rpcraig <rpcraig@tycho.ncsc.mil> |
Change security policy so all apps can read /dev/xt_qtaguid. Generic init.rc allows any process to use socket tagging. Adjust app policy to ensure that any app can read from the misc device. Change-Id: I4076f0fbc1795f57a4227492f6bfc39a4398ffa5 Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
pp.te
|
4e030c2a0f712e1e2b219239babca2d8bd007588 |
28-Nov-2012 |
William Roberts <w.roberts@sta.samsung.com> |
mediaserver.te refactor Change-Id: Ieaff9f3362c71e25e5c8e7204397a85ff14fff97
ediaserver.te
|
e2ad318e45861ae649924e75db605fc6006240f6 |
28-Nov-2012 |
William Roberts <w.roberts@sta.samsung.com> |
Label persist audio properties label all persist.audio.* properties and allow mediaserver access to them. Change-Id: If5755d9783dce298e66a25bcb7f17ff17bd83ea7
ediaserver.te
roperty.te
roperty_contexts
|
fff2980a1ac2aca5966f6b54fa030309a0d98e0c |
27-Nov-2012 |
William Roberts <w.roberts@sta.samsung.com> |
Whitespace and doxygen fix Change-Id: I7b6ad050051854120dc8031b17da6aec0e644be3
ools/check_seapp.c
|
7e7003ca163d8f1d153c3543dc974d3c4198e984 |
27-Nov-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
am e8848726: Add policy for run-as program. * commit 'e8848726553e3abee6033200c98a657c9ca7cdb8': Add policy for run-as program.
|
ab1a61f28cc55a4f7fd646c90f84761799112783 |
27-Nov-2012 |
Kenny Root <kroot@android.com> |
am fdaa7869: Merge "README for configuration of selinux policy" * commit 'fdaa7869a5541b55413f59845dc5f7c56bab0614': README for configuration of selinux policy
|
8afb51c117f2db067df18b98e2ef66df199acd93 |
27-Nov-2012 |
William Roberts <w.roberts@sta.samsung.com> |
am c34a2527: Allow shell to connect to property service * commit 'c34a2527837daeeef51cde0fe77582d51a3bc744': Allow shell to connect to property service
|
e8848726553e3abee6033200c98a657c9ca7cdb8 |
13-Nov-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Add policy for run-as program. Add policy for run-as program and label it in file_contexts. Drop MLS constraints on local socket checks other than create/relabel as this interferes with connections with services, in particular for adb forward. Change-Id: Ib0c4abeb7cbef559e150a620c45a7c31e0531114 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ile.te
ile_contexts
ls
unas.te
hell.te
|
fdaa7869a5541b55413f59845dc5f7c56bab0614 |
27-Nov-2012 |
Kenny Root <kroot@android.com> |
Merge "README for configuration of selinux policy"
|
c34a2527837daeeef51cde0fe77582d51a3bc744 |
27-Nov-2012 |
William Roberts <w.roberts@sta.samsung.com> |
Allow shell to connect to property service Change-Id: I06ea2b400cc826c684b6ad25e12b021c2667b48a
hell.te
|
3f1ed6ec62aba794e4f3f06eba1f6c38d40b7875 |
13-Nov-2012 |
William Roberts <w.roberts@sta.samsung.com> |
README for configuration of selinux policy This README intends to document the various configuration options that exist for specifiying device specific additions to the policy. Change-Id: I7db708429a67deeb89b0c155a116606dcbbbc975
EADME
|
ba953625338e201ecb8eda5f95dbe1d0decb256e |
19-Nov-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 61c80d5e: Update policy for Android 4.2 / latest master. * commit '61c80d5ec8632cadcf754eed0986b23284217c06': Update policy for Android 4.2 / latest master.
|
61c80d5ec8632cadcf754eed0986b23284217c06 |
16-Nov-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Update policy for Android 4.2 / latest master. Update policy for Android 4.2 / latest master. Primarily this consists of changes around the bluetooth subsystem. The zygote also needs further permissions to set up /storage/emulated. adbd service now gets a socket under /dev/socket. keystore uses the binder. Change-Id: I8c5aeb8d100313c75169734a0fa614aa974b3bfc Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
dbd.te
luetooth.te
ile.te
ile_contexts
eystore.te
eapp_contexts
ystem.te
ygote.te
|
82616b4f148e6c8aad652774cdab01073c7b58ea |
01-Nov-2012 |
Jean-Baptiste Queru <jbq@google.com> |
am eab23895: Merge "Revert "Include su.te only for userdebug/eng builds."" into jb-mr1-dev-plus-aosp * commit 'eab23895cd13ccb2a552dd9713bd1e88cf41e522': Revert "Include su.te only for userdebug/eng builds."
|
eab23895cd13ccb2a552dd9713bd1e88cf41e522 |
01-Nov-2012 |
Jean-Baptiste Queru <jbq@google.com> |
Merge "Revert "Include su.te only for userdebug/eng builds."" into jb-mr1-dev-plus-aosp
|
6b3c9e1d3d6e516808859b2a18cb5f353a559ca2 |
01-Nov-2012 |
Kenny Root <kroot@android.com> |
am 8c87a18d: am df822f41: Merge "Add SELinux policy for asec containers." * commit '8c87a18d39db0104d97d72ed51e4654c9d29fd4b': Add SELinux policy for asec containers.
|
dccd2395c1f65573ac77715a6d9d26316a70cf8d |
01-Nov-2012 |
Alice Chu <alice.chu@sta.samsung.com> |
am eefaa83d: am cdfb06f5: Moved Android policy tools to tools directory * commit 'eefaa83d4c8437b216718115f6d4d407b2e9d0d8': Moved Android policy tools to tools directory
|
8c87a18d39db0104d97d72ed51e4654c9d29fd4b |
01-Nov-2012 |
Kenny Root <kroot@android.com> |
am df822f41: Merge "Add SELinux policy for asec containers." * commit 'df822f4168b71629e336e3f484028b510ed21ee4': Add SELinux policy for asec containers.
|
eefaa83d4c8437b216718115f6d4d407b2e9d0d8 |
01-Nov-2012 |
Alice Chu <alice.chu@sta.samsung.com> |
am cdfb06f5: Moved Android policy tools to tools directory * commit 'cdfb06f55394d68a7df1110d83070961a2cc52aa': Moved Android policy tools to tools directory
|
df822f4168b71629e336e3f484028b510ed21ee4 |
01-Nov-2012 |
Kenny Root <kroot@android.com> |
Merge "Add SELinux policy for asec containers."
|
9ceb47b0c0f693e760d6ad0535f4a165491fa772 |
01-Nov-2012 |
Kenny Root <kroot@google.com> |
Revert "Include su.te only for userdebug/eng builds." This reverts commit af56ac19545ff083ceb3c1ddf4bf8e2663d4b934. Change-Id: Id658a90b58ea31365051c0878c58393fd055fc69
ndroid.mk
onditional/su.te
u.te
|
cdfb06f55394d68a7df1110d83070961a2cc52aa |
01-Nov-2012 |
Alice Chu <alice.chu@sta.samsung.com> |
Moved Android policy tools to tools directory Change-Id: I57b0dd9f8071eae492020f410c87f465ba820711
ndroid.mk
heck_seapp/Android.mk
heck_seapp/check_seapp.c
heckfc.c
ools/Android.mk
ools/check_seapp.c
ools/checkfc.c
|
9eeb758f55037509be0a1df8977b56de31a28b17 |
31-Oct-2012 |
Alice Chu <alice.chu@sta.samsung.com> |
am 83dde220: am f6647eb9: Change 0 to NULL Byte * commit '83dde22099e69b7751d112b061ca22e24cac639c': Change 0 to NULL Byte
|
83dde22099e69b7751d112b061ca22e24cac639c |
31-Oct-2012 |
Alice Chu <alice.chu@sta.samsung.com> |
am f6647eb9: Change 0 to NULL Byte * commit 'f6647eb9f40a6a3d6dc3c1374d583e176a735498': Change 0 to NULL Byte
|
f6647eb9f40a6a3d6dc3c1374d583e176a735498 |
31-Oct-2012 |
Alice Chu <alice.chu@sta.samsung.com> |
Change 0 to NULL Byte Change-Id: I16b47f8dbf64e8dffb550b5a89321f920604ef7a
heck_seapp/check_seapp.c
|
2d086adc06b0956806a9ae43fe7515b4c6f3f829 |
30-Oct-2012 |
Kenny Root <kroot@google.com> |
am a2517b20: resolved conflicts for merge of 47cd396b to jb-mr1-dev-plus-aosp * commit 'a2517b20cb340a6dd19c846b21f34ed0244b65d6': Add better per-device sepolicy support.
|
a2517b20cb340a6dd19c846b21f34ed0244b65d6 |
30-Oct-2012 |
Kenny Root <kroot@google.com> |
resolved conflicts for merge of 47cd396b to jb-mr1-dev-plus-aosp Change-Id: I3112f4cf0fafb6e7e3c9c60084a097f5e6190c22
|
47cd396b11ca4b62d4d99902bec1b981760e818a |
18-Oct-2012 |
rpcraig <robertpcraig@gmail.com> |
Add better per-device sepolicy support. This is a rewrite of the existing implementation. Three new variables are now needed to add/modify the exisitng base policy. They are, BOARD_SEPOLICY_REPLACE and BOARD_SEPOLICY_UNION which govern what files are replaced and concatenated, and BOARD_SEPOLICY_DIRS which lists the various directories that will contain the BOARD_SEPOLICY_REPLACE and BOARD_SEPOLICY_UNION policy files. Change-Id: Id33381268cef03245c56bc5242fec7da9b6c6493 Signed-off-by: rpcraig <robertpcraig@gmail.com>
ndroid.mk
|
467f85bb8abce27b601447efebfff9f862d0b10c |
26-Oct-2012 |
Ying Wang <wangying@google.com> |
am 6b964fa1: am d8b122c7: Use file target as dependency. * commit '6b964fa1f265c1c0d6f236efbf3c471b76fdf05c': Use file target as dependency.
|
6b964fa1f265c1c0d6f236efbf3c471b76fdf05c |
26-Oct-2012 |
Ying Wang <wangying@google.com> |
am d8b122c7: Use file target as dependency. * commit 'd8b122c7bbe3a57620bee0a5c6bfcb8f7c574081': Use file target as dependency.
|
d8b122c7bbe3a57620bee0a5c6bfcb8f7c574081 |
26-Oct-2012 |
Ying Wang <wangying@google.com> |
Use file target as dependency. "sepolicy" is a phony target defined by the build system. If you use it as dependency of a file target, you'll get unnecessary rebuild. Change-Id: I3a948ebbaff6a146050eb86a3d04cdc050f7c001
ndroid.mk
|
f1cd33ff0564dfccf02d994ce793cd0d139a4717 |
24-Oct-2012 |
rpcraig <rpcraig@tycho.ncsc.mil> |
am 8f4600c0: am 5dbfdc0b: Add double free protection to checkseapp. * commit '8f4600c0f84584ebbf23f17821b4461e71550f05': Add double free protection to checkseapp.
|
8f4600c0f84584ebbf23f17821b4461e71550f05 |
24-Oct-2012 |
rpcraig <rpcraig@tycho.ncsc.mil> |
am 5dbfdc0b: Add double free protection to checkseapp. * commit '5dbfdc0b0fec04d670912c4eed179983f98abe8a': Add double free protection to checkseapp.
|
5dbfdc0b0fec04d670912c4eed179983f98abe8a |
23-Oct-2012 |
rpcraig <rpcraig@tycho.ncsc.mil> |
Add double free protection to checkseapp. A double free error occurs when building with non glibc devices. The hdestroy() function frees all comparison keys internally in these cases. So avoid an explicit call to free(). Change-Id: If9c5dc1a969605cd1eeb9218de02a9f8dbbd3ae1 Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
heck_seapp/check_seapp.c
|
7672eac5fb0d0ce3bcb52f11b125b25ac597ea3f |
22-Oct-2012 |
rpcraig <rpcraig@tycho.ncsc.mil> |
Add SELinux policy for asec containers. Creates 2 new types: - asec_apk_file : files found under /mnt/asec when the asec images are mounted - asec_image_file : the actual encrypted apks under /data/app-asec Change-Id: I963472add1980ac068d3a6d36a24f27233022832 Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
pp.te
omain.te
ile.te
ile_contexts
nstalld.te
old.te
|
560463548fd84881e77b22c85e3243bf593f0ee4 |
19-Oct-2012 |
Kenny Root <kroot@android.com> |
am 84b7472d: am 6766cc9e: Merge "allow apps access to the keystore, dhcp/pptp fixes, wifi fixes and isolated_app access" * commit '84b7472db097580a68899470b20f5770de9eaf4e': allow apps access to the keystore, dhcp/pptp fixes, wifi fixes and isolated_app access
|
d7de0b7f4c470d34ef7f75b4b97bf169e18c8cda |
19-Oct-2012 |
Kenny Root <kroot@android.com> |
am ca895fbc: am 91c12e3c: Merge "file class macro cleanup" * commit 'ca895fbc0b6bf4070c2c275945cbdfae22150590': file class macro cleanup
|
84b7472db097580a68899470b20f5770de9eaf4e |
19-Oct-2012 |
Kenny Root <kroot@android.com> |
am 6766cc9e: Merge "allow apps access to the keystore, dhcp/pptp fixes, wifi fixes and isolated_app access" * commit '6766cc9e3c1d5dcec5db445a8d06bb6d4f301562': allow apps access to the keystore, dhcp/pptp fixes, wifi fixes and isolated_app access
|
ca895fbc0b6bf4070c2c275945cbdfae22150590 |
19-Oct-2012 |
Kenny Root <kroot@android.com> |
am 91c12e3c: Merge "file class macro cleanup" * commit '91c12e3c0c7639cae727e8dec2d390474de546f9': file class macro cleanup
|
6766cc9e3c1d5dcec5db445a8d06bb6d4f301562 |
19-Oct-2012 |
Kenny Root <kroot@android.com> |
Merge "allow apps access to the keystore, dhcp/pptp fixes, wifi fixes and isolated_app access"
|
91c12e3c0c7639cae727e8dec2d390474de546f9 |
19-Oct-2012 |
Kenny Root <kroot@android.com> |
Merge "file class macro cleanup"
|
37c885ac1e304e40aad94148d4ee6fc54ad154d5 |
17-Oct-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
am ced365aa: am 01a58af1: Add a checkfc utility to check file_contexts validity and invoke it. * commit 'ced365aa645d35f022f413f53731af61ada812fd': Add a checkfc utility to check file_contexts validity and invoke it.
|
ced365aa645d35f022f413f53731af61ada812fd |
17-Oct-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 01a58af1: Add a checkfc utility to check file_contexts validity and invoke it. * commit '01a58af19494420bb259505bc5404790a21fdd64': Add a checkfc utility to check file_contexts validity and invoke it.
|
01a58af19494420bb259505bc5404790a21fdd64 |
02-Oct-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Add a checkfc utility to check file_contexts validity and invoke it. Change-Id: I4b12dc3dcb432edbdf95dd3bc97f809912ce86d1 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ndroid.mk
heckfc.c
|
b3e8a10e0b7b4454380a07a0ee47450c58da1447 |
17-Oct-2012 |
Kenny Root <kroot@google.com> |
am b83bb3f0: Revert "ISSUE 6849488 Bluedroid stack, remove system/bluetooth." * commit 'b83bb3f05d6fe76ec5dbdd3e669b81ca9563459e': Revert "ISSUE 6849488 Bluedroid stack, remove system/bluetooth."
|
b83bb3f05d6fe76ec5dbdd3e669b81ca9563459e |
26-Sep-2012 |
Kenny Root <kroot@google.com> |
Revert "ISSUE 6849488 Bluedroid stack, remove system/bluetooth." This reverts commit b620dc60b17a5abaf88e05c1872367bf5e9c416f. (cherry picked from commit 128db96282d907ea2b81e7598d45bba68c33d472) Change-Id: I21227e6232c925a42597e5c8fc0fcc0585d7a876
luetoothd.te
ile.te
ile_contexts
ystem.te
|
1cabf0f41e41ac6a78783f73526387c884cafef2 |
17-Oct-2012 |
Kenny Root <kroot@google.com> |
am 44374bc5: am 659aaced: Remove HAVE_SELINUX guard * commit '44374bc5edc0ed46d402d1f0353fd9ff1e2ee0ac': Remove HAVE_SELINUX guard
|
44374bc5edc0ed46d402d1f0353fd9ff1e2ee0ac |
17-Oct-2012 |
Kenny Root <kroot@google.com> |
am 659aaced: Remove HAVE_SELINUX guard * commit '659aaced054c21048c712fe1f5831a86c99213d8': Remove HAVE_SELINUX guard
|
f26d813033b6e2b669efc7e030a705fd0fa6d0ca |
26-Sep-2012 |
Joshua Brindle <jbrindle@tresys.com> |
allow apps access to the keystore, dhcp/pptp fixes, wifi fixes and isolated_app access - allow all apps to connect to the keystore over unix socket - dhcp runs scripts in /system/etc/dhcpcd/dhcpcd-hooks and creates/removes lease files - mtp connects to dnsproxyd when a pptp vpn connection is established - allow appdomain to also open qtaguid_proc and release_app to read qtaguid_device - WifiWatchDog uses packet_socket when wifi comes up - apps interact with isolated_apps when an app uses an isolated service and uses sockets for that interaction - for apps with levelFromUid=true to interact with isolated_app, isolated_app must be an mlstrustedsubject Change-Id: I09ff676267ab588ad4c73f04d8f23dba863c5949 Signed-off-by: Joshua Brindle <jbrindle@tresys.com>
pp.te
hcp.te
tp.te
eapp_contexts
ystem.te
|
659aaced054c21048c712fe1f5831a86c99213d8 |
10-Oct-2012 |
Kenny Root <kroot@google.com> |
Remove HAVE_SELINUX guard Change-Id: I45b4a749bf4fb085d96d912871bae33aa5288119
ndroid.mk
|
7104df5caef0dd9b695e8ac7d11fbfccb2f1a0eb |
03-Oct-2012 |
William Roberts <w.roberts@sta.samsung.com> |
file class macro cleanup Change-Id: I328bc882b3d6e200742e017aa23154fb01e638a5
lobal_macros
|
7f5975ca102ff2f64886cffe9d19d489334093e5 |
26-Sep-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 382381b6: am 3ac1d26a: Switch app_* and isolated to _app and _isolated in seapp_contexts. * commit '382381b6d108a961967c106a82d4da7f6d5760db': Switch app_* and isolated to _app and _isolated in seapp_contexts.
|
382381b6d108a961967c106a82d4da7f6d5760db |
26-Sep-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 3ac1d26a: Switch app_* and isolated to _app and _isolated in seapp_contexts. * commit '3ac1d26a585b0cef73b626656e90005617725662': Switch app_* and isolated to _app and _isolated in seapp_contexts.
|
128db96282d907ea2b81e7598d45bba68c33d472 |
26-Sep-2012 |
Kenny Root <kroot@google.com> |
Revert "ISSUE 6849488 Bluedroid stack, remove system/bluetooth." This reverts commit b620dc60b17a5abaf88e05c1872367bf5e9c416f.
luetoothd.te
ile.te
ile_contexts
ystem.te
|
3ac1d26a585b0cef73b626656e90005617725662 |
24-Sep-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Switch app_* and isolated to _app and _isolated in seapp_contexts. The app_* syntax was a legacy of the original approach of looking up the username returned by getpwuid() and the original username encoding scheme by bionic. With the recent changes to move away from this approach, there is no reason to retain that syntax. Instead, just use _app to match app UIDs and _isolated to match isolated service UIDs. The underscore prefix is to signify that these are not real usernames and to avoid conflicts with any system usernames. Requires a corresponding change to libselinux. Change-Id: Ic388a12c1c9d3e47386c8849db607140ef8a3d75 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
eapp_contexts
|
acbded32b2663b65605878f32d45894f4948a388 |
21-Sep-2012 |
Zhihai Xu <zhihaixu@google.com> |
Merge "ISSUE 6849488 Bluedroid stack, remove system/bluetooth." into jb-mr1-dev
|
c6c6aba0ecb4fee6757bbe72cad2609567c4a327 |
20-Sep-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 061f254d: Define security labeling for isolated processes. * commit '061f254def394fdc4784fe6c446bdd779cfec768': Define security labeling for isolated processes.
|
b620dc60b17a5abaf88e05c1872367bf5e9c416f |
20-Sep-2012 |
Zhihai Xu <zhihaixu@google.com> |
ISSUE 6849488 Bluedroid stack, remove system/bluetooth. remove system/bluetooth dependency. bug 6849488 Change-Id: I259322385adafa4128deef5324e854bebef2b033
luetoothd.te
ile.te
ile_contexts
ystem.te
|
061f254def394fdc4784fe6c446bdd779cfec768 |
20-Sep-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Define security labeling for isolated processes. Used when an app service is declared with android:isolatedProcess="true". Place such processes in a separate domain, and further isolate them from each other via categories. Change-Id: I1d64f8278f0619eedb448f9a741f1d2c31985325 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
pp.te
eapp_contexts
|
9822c1d08f11c9fb98a6f2530ba693285fe12f2b |
19-Sep-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
am 66a3e8d9: Drop the use of a policy version suffix on the sepolicy file. * commit '66a3e8d91ef6098dd7cab127530f1cdb7973f53e': Drop the use of a policy version suffix on the sepolicy file.
|
66a3e8d91ef6098dd7cab127530f1cdb7973f53e |
18-Sep-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Drop the use of a policy version suffix on the sepolicy file. The policy version suffix support was carried over from conventional Linux distributions, where we needed to support simultaneous installation of multiple kernels and policies. This isn't required for Android, so get rid of it and thereby simplify the policy pathname. We still default to generating a specific policy version (the highest one supported by the emulator kernel), but this can be overridden by setting POLICYVERS on the make command-line or in the environment. Requires a corresponding change to libselinux. Change-Id: I40c88e13e8063ea37c2b9ab5b3ff8b0aa595402a Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ndroid.mk
|
dfd4cfc32c0244698a4a69ee69b30eead56af194 |
18-Sep-2012 |
Kenny Root <kroot@android.com> |
am fc6b1032: Merge changes I98fc14e1,If334ba73 * commit 'fc6b1032349381315bde67a82cf4312dbd53b9f4': Fix for segfault/jmp depends on unitialized variable Fix check_seapp segfault and undefined linking err
|
fc6b1032349381315bde67a82cf4312dbd53b9f4 |
18-Sep-2012 |
Kenny Root <kroot@android.com> |
Merge changes I98fc14e1,If334ba73 * changes: Fix for segfault/jmp depends on unitialized variable Fix check_seapp segfault and undefined linking err
|
b3ab56c2bf35214b6ef81027b0a08c09e3dc916f |
17-Sep-2012 |
William Roberts <w.roberts@sta.samsung.com> |
Fix for segfault/jmp depends on unitialized variable When realloc creates the first block of memory, it must be initialized to NULL for the following strcat functions to operate correctly. Change-Id: I98fc14e1b19de5aa205354d16e54445293430d8e
heck_seapp/check_seapp.c
|
a53ccf39c2793cb5a5894948de41242feea1ea31 |
17-Sep-2012 |
William Roberts <w.roberts@sta.samsung.com> |
Fix check_seapp segfault and undefined linking err When LINK_SEPOL_STATIC was not defined, symbol log_warning was trying to be resolved by the linker. That symbol was not defined as it should have been log_warn and not log_warning. When a key would be validated in key_map_validate(), an unchecked key, like user, could cuase a segfault when the se_key was getting free'd no matter what at the end of the function, even if no se_key was alloc'd. Change-Id: If334ba7350e6d2ad1fa9bed142bb2fabe7caa057
heck_seapp/check_seapp.c
|
2e44ea3c1b3387c95e268aede9d775dc912fa4a9 |
17-Sep-2012 |
Kenny Root <kroot@android.com> |
am 9c08abbd: Merge "Allow domain access to /dev/ion" * commit '9c08abbd3b21f61544335d350b7b982a5cc54eee': Allow domain access to /dev/ion
|
9c08abbd3b21f61544335d350b7b982a5cc54eee |
17-Sep-2012 |
Kenny Root <kroot@android.com> |
Merge "Allow domain access to /dev/ion"
|
c2cb712a0df482d3438e03fa4313b8009dce9e76 |
14-Sep-2012 |
William Roberts <w.roberts@sta.samsung.com> |
am c27d30a6: Correct spelling mistake * commit 'c27d30a6ad46963988ca1e312fa824196687e231': Correct spelling mistake
|
ccc8271aba19327dbf61f3d4234cdd250594a221 |
12-Sep-2012 |
William Roberts <w.roberts@sta.samsung.com> |
Allow domain access to /dev/ion Change-Id: I87f81a632ed61f284f2fe09726f5c4529d36f252
omain.te
ediaserver.te
|
c27d30a6ad46963988ca1e312fa824196687e231 |
07-Sep-2012 |
William Roberts <w.roberts@sta.samsung.com> |
Correct spelling mistake Change-Id: If4deccfe740c8de6b88929a0d0439667c3ea340d
ile.te
|
d0f027ccc8f4a7aa8d872df9a195197590f234dc |
06-Sep-2012 |
Jean-Baptiste Queru <jbq@google.com> |
am 10f9a372: Merge upstream sepolicy into AOSP * commit '10f9a3727a5c46ef23f5f0385ae4ffec20cb46d9': Corrected gramatical issues Added new line to end of file Changed seapp_contexts temporary file naming Fix mls checking code Support overrides in seapp_contexts Add tf_daemon labeling support. Add ppp/mtp policy. per device seapp_context support dhcp policy. Trusted Execution Environment policy.
|
10f9a3727a5c46ef23f5f0385ae4ffec20cb46d9 |
06-Sep-2012 |
Jean-Baptiste Queru <jbq@google.com> |
Merge upstream sepolicy into AOSP Change-Id: If3ed9998033378de5b47472315444f5b8bd4743e
|
1148bc2a6be14fb38fdc210137e91cd9f0a0be20 |
05-Sep-2012 |
seandroid <sds@tycho.nsa.gov> |
Merge checkseapp support.
|
ae23a1f36a9372bb23ebe21c8267d4192cb45a30 |
05-Sep-2012 |
William Roberts <w.roberts@sta.samsung.com> |
Corrected gramatical issues Change-Id: I62ce62475f4a17d278243cc96db773872b2dc89c
heck_seapp/check_seapp.c
|
a8613180748385dc793c5095f61b89de484dbbb7 |
05-Sep-2012 |
William Roberts <w.roberts@sta.samsung.com> |
Added new line to end of file Change-Id: I4f0576a47ca2e99bca719bf321349c7d7d05cd3c
heck_seapp/check_seapp.c
|
98ed392e68e041340ca8881ebf0a3cdf6bd5e880 |
05-Sep-2012 |
William Roberts <w.roberts@sta.samsung.com> |
Changed seapp_contexts temporary file naming Change-Id: I4f522869eeaa6f84771e4ee2328f65296dcc29db
ndroid.mk
|
0ae3a8a2d50799d0b91d992434cdd4d3151b0348 |
04-Sep-2012 |
William Roberts <w.roberts@sta.samsung.com> |
Fix mls checking code Change-Id: I614caa520e218f8f148eef641fed2301571da8e1
ndroid.mk
heck_seapp/check_seapp.c
|
f0e0a94e032e55c13bc54f1cffe243f04872278e |
28-Aug-2012 |
William Roberts <w.roberts@sta.samsung.com> |
Support overrides in seapp_contexts Provides support for overriding seapp_contexts declerations in per device seapp_contexts files. Change-Id: I23a0ffa1d24f1ce57825b168f29a2e885d3e1c51
ndroid.mk
heck_seapp/Android.mk
heck_seapp/check_seapp.c
|
a363683c5769c992fe16625ff5fb68e77c5f1dfc |
24-Aug-2012 |
rpcraig <rpcraig@tycho.ncsc.mil> |
Add tf_daemon labeling support.
ile_contexts
|
d49f7e6e363014b010b755ab8ee23d3f7c0a9344 |
20-Aug-2012 |
rpcraig <rpcraig@tycho.ncsc.mil> |
Add ppp/mtp policy. Initial policy for Point-to-Point tunneling and tunneling manager services.
ile_contexts
tp.te
pp.te
ystem.te
|
171a06257124401af2e7c33fbbcbc69c18e45486 |
16-Aug-2012 |
William Roberts <bill.c.roberts@gmail.com> |
per device seapp_context support
ndroid.mk
|
867ae0561c9b5587853c8e62ceb9036e79217b92 |
15-Aug-2012 |
rpcraig <rpcraig@tycho.ncsc.mil> |
dhcp policy.
hcp.te
ile_contexts
|
aa7fb3be1b456a2884c3fa707aa590196b2c70c3 |
13-Aug-2012 |
Jean-Baptiste Queru <jbq@google.com> |
resolved conflicts for merge of 0c2e5705 to jb-mr1-dev Change-Id: Iee1d877788b9397ca29a6cfe7bc3015c3edbe5ac
|
0c2e5705d8ed926b4735e07f40b356f731b60093 |
13-Aug-2012 |
Jean-Baptiste Queru <jbq@google.com> |
Merge upstream sepolicy into AOSP Change-Id: Ia292607cbd06514a8ac3b0ad49eaefcdce12ef16
|
e07b8a56b9ce87733024797018543c7faf7e6aa2 |
13-Aug-2012 |
rpcraig <rpcraig@tycho.ncsc.mil> |
Trusted Execution Environment policy.
rmserver.te
psd.te
eystore.te
ediaserver.te
ee.te
|
a1ce2fa2218a768823a7c39426983a248b6e4f50 |
10-Aug-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Define wake_alarm and block_suspect capabilities.
ccess_vectors
|
abd977a79ec0a1f90cf236339e080775491b9919 |
10-Aug-2012 |
rpcraig <rpcraig@tycho.ncsc.mil> |
Additions for grouper/JB
pp.te
ebuggerd.te
rmserver.te
eystore.te
ediaserver.te
pa_supplicant.te
|
fed246510c971d09a170a8de7a73bf24885c49a9 |
09-Aug-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow debugfs access and setsched for mediaserver.
omain.te
ystem.te
|
6cce6199c3b949918c53574576f2777ffd598f5e |
31-Jul-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Merge asec changes.
|
1d19f7e356b2a2444cd754a6c464d6b77127282e |
31-Jul-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow system_server to relabel /data/anr.
ystem.te
|
5f9917c1360a158e11efd0a6b561fb065efe5223 |
31-Jul-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow debuggerd to restorecon the tombstone directory.
ebuggerd.te
|
901cc36664399f5803c64bd5a26932807d6749aa |
30-Jul-2012 |
Haiqing Jiang <hqjiang1988@gmail.com> |
Untrusted_app gets route information
pp.te
|
c70dc4e3c745e3e63b2186b78adc96ccb71bd120 |
30-Jul-2012 |
Haiqing Jiang <hqjiang1988@gmail.com> |
domain writes to cgroup pseudo filesystem
omain.te
|
d28714c6f9169b4a3ac6e8ada9b3ffdd1a225480 |
30-Jul-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Introduce app_read_logs boolean.
pp.te
|
3261feef9794db542516097faba62c58492c13bb |
30-Jul-2012 |
Haiqing Jiang <hqjiang1988@gmail.com> |
untrusted_app reads logs when android_cts enabled
pp.te
|
173cbdd35212bc79de1c654e38b1290253cf6181 |
30-Jul-2012 |
Haiqing Jiang <hqjiang1988@gmail.com> |
read permission over lnk_file to devices when android_cts enabled
ts.te
|
e7e65d474f6d547c8bafd3095e63855f39c68d6e |
30-Jul-2012 |
rpcraig <rpcraig@tycho.ncsc.mil> |
New asec container labeling. This patchset covers the /mnt/asec variety only.
ile.te
ile_contexts
|
b19665c39da76c0e24c8cd9583e30c4a50567510 |
30-Jul-2012 |
rpcraig <rpcraig@tycho.ncsc.mil> |
Add mac_permissions.xml file. This was moved from external/mac-policy.git
ndroid.mk
ac_permissions.xml
|
1f0f77fcdf95fefb5ac7737f33a891e0bff42455 |
28-Jul-2012 |
Haiqing Jiang <hqjiang1988@gmail.com> |
Allow CTS Test apps to access to system_data_file
pp.te
|
59e9680825b6d07c2ce42a0bd70fa420b8d90acd |
28-Jul-2012 |
Haiqing Jiang <hqjiang1988@gmail.com> |
socket permissions to untrusted_app
pp.te
|
1ce0fe382ab154425d17c07d2f72362bf9f97c0f |
28-Jul-2012 |
Haiqing Jiang <hqjiang1988@gmail.com> |
appdomain r/w apk_tmp_file and shell_data_file on android_cts enabled
ts.te
|
dd31ddfd87e37acddf875a4aa5535ea8abcb49fb |
27-Jul-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
seinfo can be used to select types, and sebool is now supported.
eapp_contexts
|
2b47c3fc351977b801d1c154bb7a8def2e784948 |
27-Jul-2012 |
Haiqing Jiang <hqjiang1988@gmail.com> |
allocate perms to platformappdomain over system_data_file
pp.te
|
19e7fbeb25a2d0f05f23c9e356913ce9bdd4257e |
27-Jul-2012 |
Haiqing Jiang <hqjiang1988@gmail.com> |
mediaserver and system require abstract socket connnection
ediaserver.te
ystem.te
|
f6ca1605bc5d8feb06e6cc14bd2a69af172b75ed |
27-Jul-2012 |
Haiqing Jiang <hqjiang1988@gmail.com> |
installd unlink platform_app_data_file
nstalld.te
|
7585fc64003a2caf56643e80fbc9984903cf3d2d |
27-Jul-2012 |
Haiqing Jiang <hqjiang1988@gmail.com> |
Platform app domain sdcard accesses
pp.te
|
b9760aa0d59aafe5c36ee4522fb36d51a9c147df |
27-Jul-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Only enforce per-app process and file isolation via SELinux for third party apps, not platform apps. Platform (any of the apps signed by build keys, i.e. platform|release|shared|media) apps expect to be able to share files with each other or with third party apps by passing open files or pathnames over Binder. Therefore, we switch to only enforcing the per-app process and file isolation via SELinux on third party apps, not platform apps. Make the platform app domains mlstrustedsubjects so that they can access any files created by third party apps. Introduce a new platform_app_data_file type for platform apps so that we can mark it as a mlstrustedobject and allow third party apps to read/write files created by the platform apps. Specify this new type for the platform app entries in seapp_contexts. Remove levelFromUid=true for the platform apps in seapp_contexts since we are no longer enforcing per-app separation among them.
pp.te
ttributes
ile.te
eapp_contexts
e_macros
|
3296dea4277842a7b791342588583b094acb6bf6 |
24-Jul-2012 |
Haiqing Jiang <hqjiang1988@gmail.com> |
external/sepolicy: mediaserver open application data files
ediaserver.te
|
569f589aa6a34b99ba01ca2c034311ca433ec192 |
23-Jul-2012 |
hqjiang <hqjiang1988@gmail.com> |
external/sepolicy: system r/w udp_socket of appdomain
ystem.te
|
8f781f5767318ed48cd0bfa9a57543109253463e |
23-Jul-2012 |
hqjiang <hqjiang1988@gmail.com> |
external/sepolicy: install daemon unlink application data files
nstalld.te
|
4c06d273bc3d278e7061bf93cfa97fdf2a4e8ee3 |
19-Jul-2012 |
hqjiang <hqjiang1988@gmail.com> |
Target the denials/policies over qtaguid file and device: 1. Relabel /proc/net/xt_qtaguid/ctrl from "qtaguid" to "qtaguid_proc"; 2. Label /dev/xt_qtaguid with "qtaguid_device"; 3. Allow mediaserver read/[write] to qtaguid_proc and qtaguid_device; 4. Allow media apps read/[write] to qtaguid_proc and qtaguid_device; 5. Allow system read/[write] to qtaguid_proc and qtaguid_device. Actually, some of policies related to qtaguid have been there already, but we refind existing ones and add new ones.
pp.te
evice.te
ile.te
ile_contexts
enfs_contexts
ediaserver.te
ystem.te
|
20d6963ac27b3d401922450ce8dcb89749c20404 |
19-Jul-2012 |
hqjiang <hqjiang1988@gmail.com> |
allow camera calibration
ile.te
ile_contexts
ediaserver.te
|
af56ac19545ff083ceb3c1ddf4bf8e2663d4b934 |
17-Jul-2012 |
Matt Finifter <finifter@google.com> |
Include su.te only for userdebug/eng builds. Change-Id: Ia544f13910abbe5e9f6a6cafae397415a41a7a94
ndroid.mk
onditional/su.te
u.te
|
1c7351652c69bc571b8edfa4a8874b58c73568aa |
12-Jul-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Address various denials introduced by JB/4.1.
pp.te
dcardd.te
urfaceflinger.te
ystem.te
old.te
|
c331d0fefaec9e4b29847731d4a864aa44b1899f |
12-Jul-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Restore devnull initial sid context.
nitial_sid_contexts
|
dc1072365e99cef38e0d234989ba29e0e2df2b4c |
12-Jul-2012 |
William Roberts <bill.c.roberts@gmail.com> |
Support for ocontexts per device. ocontexts was split up into 4 files: 1.fs_use 2.genfs_contexts 3.initial_sid_contexts 4.port_contexts Each file has their respective declerations in them. Devices, in their respective device directory, can now specify sepolicy.fs_use, sepolicy.genfs_contexts, sepolicy.port_contexts, and sepolicy.initial_sid_contexts. These declerations will be added right behind their respective sepolicy counterparts in the concatenated configuration file.
ndroid.mk
s_use
enfs_contexts
nitial_sid_contexts
contexts
ort_contexts
|
96bf5059621cd3903e1a402b2c90dbb652aedf90 |
11-Jul-2012 |
Michal Mašek <michal.masek@circletech.net> |
Fix the app_ndk policy boolean allow rule.
pp.te
|
e1c545d82f064e322575be96b14c9447b2c02b38 |
11-Jul-2012 |
hqjiang <hqjiang1988@gmail.com> |
correct denies of inter system processes communication over named pipe
ediaserver.te
|
ee5f400562f7b76da69f8a31e2c19e20f3384566 |
11-Jul-2012 |
hqjiang <hqjiang1988@gmail.com> |
Correct denies of rpmsg device when accessing to remote processors.
evice.te
ile_contexts
ediaserver.te
|
81039ab556b72d43b703da0ac1eb93b979ee6bc4 |
10-Jul-2012 |
hqjiang <hqjiang1988@gmail.com> |
Corrected denials for LocationManager when accessing gps over uart.
evice.te
ile.te
contexts
ild.te
ystem.te
|
60e4f114acb237bdd195d9cc433a754d0471005a |
28-Jun-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Add key_socket class to socket_class_set macro. Allow system to trigger module auto-loading and to write to sockets created under /dev.
lobal_macros
ystem.te
|
965f2ff1b4804a91b3537a3799814dc54ed478f8 |
14-Jun-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow system_app to set MAC enforcing mode and read MAC denials.
ystem.te
|
03d2803c542cbae539dba785153e58d81c503bf3 |
25-Jun-2012 |
William Roberts <bill.c.roberts@gmail.com> |
media app should have rw access to sdcard dir and files.
pp.te
|
f3b587cab01a7a54a5a2c3296844083d90fc6641 |
21-Jun-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Rewrite app domains and seapp_contexts to leverage new seinfo tags.
pp.te
eapp_contexts
|
92495b38d5d8e0a0b71e802bb72dc41f292e4e9c |
17-May-2012 |
Bob Craig <rpcraig@tycho.ncsc.mil> |
Add persist.mac_enforcing_mode context
roperty_contexts
|
35c8d4fddecf5eaf86d1ef335e7c64389f942679 |
27-Jun-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
system needs open permission to qtaguid ctrl file.
ystem.te
|
322b37a96ccad3ab18778ed254eec36e81eb9038 |
27-Jun-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Update system rule for qtaguid file.
ystem.te
|
e4682a63ab87f79130b4f914b79be0867e0d669d |
27-Jun-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow apps to write to /proc/net/xt_qtaguid/ctrl.
pp.te
ile.te
contexts
|
6c39ee00e19dbea82782bf1a83cc28d0293f3ba0 |
27-Jun-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Make wallpaper_file a mlstrustedobject to permit writes from any app level.
ile.te
ystem.te
|
56ad8c7322c6911422cfb55d3bc514c6331dc039 |
25-Jun-2012 |
William Roberts <bill.c.roberts@gmail.com> |
This patch fixes rild trying to access the bluetooth efs dir with read perms.
ild.te
|
70d4fc2243721a54cd177959e05cf81b54c4e226 |
20-Jun-2012 |
Joshua Brindle <jbrindle@tresys.com> |
Add selinux network script to policy Signed-off-by: Joshua Brindle <jbrindle@tresys.com>
ndroid.mk
elinux-network.sh
|
07ef7227f9fb8257574602b057f125b9fb592445 |
20-Jun-2012 |
William Roberts <w.roberts@sta.samsung.com> |
ion fix
evice.te
ile_contexts
ediaserver.te
|
e8bc32b46e4f1af73c27c3f4a68abb23acf76949 |
19-Jun-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Public domain notice
OTICE
|
f6f87105d45795f284855ad69167ee704b08f4a9 |
07-Jun-2012 |
William Roberts <bill.c.roberts@gmail.com> |
Remove all denials caused by rild on tuna devices. Tested on a maguro variant.
fc.te
ild.te
eventd.te
|
80ea1d230526810986964e8c7ed93c3a51159c78 |
31-May-2012 |
William Roberts <bill.c.roberts@gmail.com> |
sdcard policy and fuse device label.
evice.te
ile_contexts
dcardd.te
|
7fa2f9e0f5ea5c24d4e14ba4aef14cfc7090a388 |
31-May-2012 |
William Roberts <bill.c.roberts@gmail.com> |
Policy for hci_attach service.
evice.te
ile.te
ci_attach.te
ild.te
|
efd6d6e0dab97a49706f1116dde2ec87257f79c1 |
18-May-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Apply m4 to file_contexts and property_contexts to support includes.
ndroid.mk
|
4e85633384a4eda497a0084fc36e9919bc4fdfa9 |
19-Apr-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Merge branch 'aosp'
|
a83fc379c68d0cad9bd590fb1bfd9d04f8f250fc |
13-Apr-2012 |
James Carter <jwcart2@tycho.nsa.gov> |
Added policy to allow SEAndroidManager to read AVC messages.
ystem.te
|
d045eaec2c2e54806d0a9040674bf6b1a7668004 |
10-Apr-2012 |
The Android Open Source Project <initial-contribution@android.com> |
am f5f899c3: Merge from upstream sepolicy * commit 'f5f899c3c0f684ffba6950b343e652abd78d0fd9': Rework the radio vs rild property split. Only label properties with the ril. prefix with rild_prop. Allow rild and system (and radio) to set radio_prop. Only rild can set rild_prop presently. Allow apps to write to anr_data_file for /data/anr/traces.txt. Add policy for property service. New property_contexts file for property selabel backend. New property.te file with property type declarations. New property_service security class and set permission. Allow rules for setting properties. Allow adbd to access the qemu device and label /dev/eac correctly. Integrate nfc_power and rild rules from tuna sepolicy by Bryan Hinton. Rewrite MLS constraints to only constrain open for app_data_file, not read/write. Introduce a separate wallpaper_file type for the wallpaper file. Introduce a separate apk_tmp_file type for the vmdl.*\.tmp files. Allow the shell to create files on the sdcard. Drop redundant rules. Policy changes to support running the latest CTS. Limit per-device policy files to a well-defined sepolicy prefix. Add support for per-device .te and .fc files.
|
911dd71d68ddc058c6f5dbdb9025cd23f3177db5 |
10-Apr-2012 |
Ying Wang <wangying@google.com> |
am f4ea5b25: Use the checkpolicy built from source. * commit 'f4ea5b25399e4c6a10aa353b0c3d40564f78e89c': Use the checkpolicy built from source.
|
f5f899c3c0f684ffba6950b343e652abd78d0fd9 |
10-Apr-2012 |
The Android Open Source Project <initial-contribution@android.com> |
Merge from upstream sepolicy Change-Id: I99085d575e3d884fb04ac03ac998eb3c53eb2d9f
|
f4ea5b25399e4c6a10aa353b0c3d40564f78e89c |
10-Apr-2012 |
Ying Wang <wangying@google.com> |
Use the checkpolicy built from source. Change-Id: I22f49db3d59b50ed8975d8c1146bb9c322adbf7e
ndroid.mk
|
f7741483b9e8b33ca6dcfe2878b8d4a197f2a81b |
10-Apr-2012 |
Ying Wang <wangying@google.com> |
Use the checkpolicy built from source. Change-Id: I22f49db3d59b50ed8975d8c1146bb9c322adbf7e
ndroid.mk
|
730957aef3f96ef5fa294515829ab7a37fd141cf |
04-Apr-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Rework the radio vs rild property split. Only label properties with the ril. prefix with rild_prop. Allow rild and system (and radio) to set radio_prop. Only rild can set rild_prop presently.
roperty_contexts
ild.te
ystem.te
|
a883c3863739d5ada3509517af148a9499401600 |
04-Apr-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow apps to write to anr_data_file for /data/anr/traces.txt.
pp.te
ile.te
|
124720a6976a69357522299afbe5591854e40775 |
04-Apr-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Add policy for property service. New property_contexts file for property selabel backend. New property.te file with property type declarations. New property_service security class and set permission. Allow rules for setting properties.
ndroid.mk
ccess_vectors
ttributes
roperty.te
roperty_contexts
adio.te
ild.te
ecurity_classes
hell.te
urfaceflinger.te
ystem.te
nconfined.te
old.te
|
2cb1b31f903f2d2747f3fd05b872d9823838af1d |
03-Apr-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow adbd to access the qemu device and label /dev/eac correctly.
dbd.te
ile_contexts
|
f7948230ef65b8617db0762acc9b2fa54adf8ff9 |
19-Mar-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Integrate nfc_power and rild rules from tuna sepolicy by Bryan Hinton.
ile.te
ile_contexts
fc.te
ild.te
ystem.te
|
0e85c17e6ee1f881ce543eef26b62f2a6dc0661b |
19-Mar-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Rewrite MLS constraints to only constrain open for app_data_file, not read/write.
ls
|
f6cbbe255bc57a241f35c35629705e8f63bdd77a |
19-Mar-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Introduce a separate wallpaper_file type for the wallpaper file.
pp.te
ile.te
ile_contexts
ystem.te
|
59d28035a1e0779a81cde104ea9afffd2bb1a77f |
19-Mar-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Introduce a separate apk_tmp_file type for the vmdl.*\.tmp files.
pp.te
ile.te
ile_contexts
nstalld.te
ystem.te
|
b660916b0a8ca9604bf9d425f5e385aa13393a1f |
08-Mar-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow the shell to create files on the sdcard.
hell.te
|
d5a70a7f7c4c970733fdec8b1516837e048c399e |
07-Mar-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Drop redundant rules.
hell.te
|
c83d0087e457787fc0441d959a20d56fc5200048 |
07-Mar-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Policy changes to support running the latest CTS.
dbd.te
pp.te
ebuggerd.te
omain.te
rmserver.te
ile.te
ile_contexts
hell.te
ystem.te
e_macros
eventd.te
|
64935c7d87ce76ed542e16fce3dde9883b507d7a |
06-Mar-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Limit per-device policy files to a well-defined sepolicy prefix. Avoid any future collisions with the use of .fc or .te suffixes in the per-device directories. If we want multiple file support, add a separate subdirectory for sepolicy files.
ndroid.mk
|
5b340befb4f964365c856606050254a65df909d1 |
06-Mar-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Add support for per-device .te and .fc files.
ndroid.mk
|
4c6f1ce8eede62acbaaa02e9fa72b3f218660b8c |
02-Feb-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow Settings to set enforcing and booleans if settings_manage_selinux is true.
ystem.te
e_macros
|
7e8cf24f58651228029eb4e53e4094a86f4d2bdb |
02-Feb-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Do not build if HAVE_SELINUX=false.
ndroid.mk
|
2b826fcbe8231bf13affd63dbed865b315e1eddc |
24-Jan-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Add a dependency on checkpolicy.
ndroid.mk
|
02fb5f3c6abbb7f12c278a04966314d06f6378e3 |
18-Jan-2012 |
Ying Wang <wangying@google.com> |
Rewrite Android.mk.
ndroid.mk
|
beefbe5c4de92dfeb8aca88929f8f1c69240da1b |
12-Jan-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Add explicit role declaration for newer checkpolicy versions.
oles
|
6261d6d8232ffb9acdb0bb67de8ac5833941acc4 |
12-Jan-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow reading of properties area, which is now created before init has switched contexts. Revisit this later - we should explicitly label the properties file.
dbd.te
hell.te
e_macros
eventd.te
|
0d76f4e5c2efba89ad5e714cf6a86e2f50fd84e4 |
10-Jan-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow system server to set scheduling info for apps.
ystem.te
|
c94e2392f6d92064e3aa32fff2c5a70116c7398a |
06-Jan-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Further policy for Motorola Xoom.
pp.te
evice.te
ile_contexts
etd.te
ystem.te
|
2dd4e51d5c2a2dfc0bfdee9303269f5a665f6e35 |
04-Jan-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
SE Android policy.
ndroid.mk
ccess_vectors
dbd.te
pp.te
ttributes
luetooth.te
luetoothd.te
ts.te
busd.te
ebuggerd.te
evice.te
omain.te
rmserver.te
ile.te
ile_contexts
lobal_macros
psd.te
nit.te
nitial_sids
nstalld.te
ernel.te
eystore.te
ediaserver.te
ls
ls_macros
et.te
etd.te
fc.te
contexts
olicy_capabilities
emud.te
adio.te
ild.te
oles
eapp_contexts
ecurity_classes
ervicemanager.te
hell.te
u.te
urfaceflinger.te
ystem.te
e_macros
eventd.te
nconfined.te
sers
old.te
pa_supplicant.te
ygote.te
|