f457e57db0e0497ac284125f5f78758bc7ab487b |
|
05-Nov-2014 |
Nick Kralevich <nnk@google.com> |
am 7adc8cfe: Allow adbd to write to /data/adb * commit '7adc8cfee367abc5cd17a21868b6b0bdb7b06eed': Allow adbd to write to /data/adb
|
7adc8cfee367abc5cd17a21868b6b0bdb7b06eed |
|
21-Oct-2014 |
Nick Kralevich <nnk@google.com> |
Allow adbd to write to /data/adb adbd writes debugging information to /data/adb when persist.adb.trace_mask is set. Allow it. Bug: https://code.google.com/p/android/issues/detail?id=72895 (cherry picked from commit 973877dbc1298ee59dce08397ce8425580cbbbb5) Change-Id: Ida2e0257c97941ab33ccdab59eb2cde95dca344f
/external/sepolicy/file_contexts
|
d7e004ebf949ae21b299a49cff9917f6560200a3 |
|
31-Oct-2014 |
Nick Kralevich <nnk@google.com> |
allow coredump functionality Change-Id: I7993698ac96f21db0039681275280dbd43ff61ba
/external/sepolicy/file_contexts
|
51bfecf49d50982f64aba1fa73bbbdd2e40a444f |
|
13-Oct-2014 |
Robin Lee <rgl@google.com> |
Pull keychain-data policy out of system-data Migrators should be allowed to write to /data/misc/keychain in order to remove it. Similarly /data/misc/user should be writable by system apps. TODO: Revoke zygote's rights to read from /data/misc/keychain on behalf of some preloaded security classes. Bug: 17811821 Change-Id: I9e9c6883cff1dca3755732225404909c16a0e547
/external/sepolicy/file_contexts
|
feedd3c62178d3c6413e467a98da3b708dd1f5f1 |
|
05-Aug-2014 |
Alex Light <allight@google.com> |
Make system use patchoat to relocate during runtime. Add patchoat selinux rules. Bug: 15358152 (cherry picked from commit fbc8ec2eacaff635a51b0334ea43ddaaa65655ea) Change-Id: Ic84a370548393be62db740092e8393b662bcf345
/external/sepolicy/file_contexts
|
8ee37b4f1c58e1dcd00b198a9bbfeafb4221fdc9 |
|
15-Jul-2014 |
Ed Heyl <edheyl@google.com> |
reconcile aosp (c103da877b72aae80616dbc192982aaf75dfe888) after branching. Please do not merge. Change-Id: Ic9dde806a30d3e7b9c4a066f247a9207fe9b94b4
/external/sepolicy/file_contexts
|
65edb75d530058ec3c8cb86d6d3e28f9394740ba |
|
08-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Allow netd to create data files in /data/misc/net/. This will be used to populate rt_tables (a mapping from routing table numbers to table names) that's read by the iproute2 utilities. Change-Id: I69deb1a64d5d6647470823405bf0cc55b24b22de
/external/sepolicy/file_contexts
|
9f6af083e8a31c9b5a9f9ac21885dfc3c0dc14b2 |
|
03-Jul-2014 |
Nick Kralevich <nnk@google.com> |
New domain "install_recovery" Create a new domain for the one-shot init service flash_recovery. This domain is initially in permissive_or_unconfined() for testing. Any SELinux denials won't be enforced for now. Change-Id: I7146dc154a5c78b6f3b4b6fb5d5855a05a30bfd8
/external/sepolicy/file_contexts
|
be092af039148e3cadcd49ee7042b8f39c7e95a2 |
|
07-Jul-2014 |
Jeff Sharkey <jsharkey@android.com> |
Rules to allow installing package directories. Earlier changes had extended the rules, but some additional changes are needed. avc: denied { relabelfrom } for name="vmdl-723825123.tmp" dev="mmcblk0p28" ino=162910 scontext=u:r:system_server:s0 tcontext=u:object_r:apk_data_file:s0 tclass=dir Bug: 14975160 Change-Id: I875cfc3538d4b098d27c7c7b756d1868a54cc976
/external/sepolicy/file_contexts
|
bf8a37b8eb00568d677c789f3857681ef41e4a92 |
|
21-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Create vdc domain The init.rc one-shot services "defaultcrypto" and "encrypt" call out to the /system/bin/vdc command line to ask vold to perform encryption operations. Create a new domain for these one-shot services. Allow the vdc domain to talk to vold. Change-Id: I73dc2ee4cc265bc16056b27307c254254940fd9f
/external/sepolicy/file_contexts
|
b4adc62a572f983f4c538d0b9a75843574f9ec21 |
|
17-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Force logwrapper to system_file Some device-specific policies are improperly creating a security domain for logwrapper, rather than removing the logwrapper lines from init.device.rc. Don't allow that. Explicitly add an entry for /system/bin/logwrapper to force it to a system_file. Attempting to override this will result in the following compile time error: obj/ETC/file_contexts_intermediates/file_contexts: Multiple different specifications for /system/bin/logwrapper (u:object_r:logwrapper_exec:s0 and u:object_r:system_file:s0). Bug: 15616899 Change-Id: Ia55394247a9fa16e00434d61091fff9d9d4ff125
/external/sepolicy/file_contexts
|
fad4d5fb00ddb1f61c22c003429e10f10b046d0d |
|
16-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Fix SELinux policies to allow resource overlays. The following commits added support for runtime resource overlays. New command line tool 'idmap' * 65a05fd56dbc9fd9c2511a97f49c445a748fb3c5 Runtime resource overlay, iteration 2 * 48d22323ce39f9aab003dce74456889b6414af55 Runtime resource overlay, iteration 2, test cases * ad6ed950dbfa152c193dd7e49c369d9e831f1591 During SELinux tightening, support for these runtime resource overlays was unknowingly broken. Fix it. This change has been tested by hackbod and she reports that everything is working after this change. I haven't independently verified the functionality. Test cases are available for this by running: * python frameworks/base/core/tests/overlaytests/testrunner.py Change-Id: I1c70484011fd9041bec4ef34f93f7a5509906f40
/external/sepolicy/file_contexts
|
84ed890aebce5235018b846fac734b47833ee364 |
|
04-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Merge adf_device into graphics_device As of sepolicy commit a16a59e2c7f1e2f09bf7b750101973a974c972e8 (https://android-review.googlesource.com/94580), adf_device and graphics_device have the exact same security properties. Merge them into one type to avoid a proliferation of SELinux types. Change-Id: Ib1a24f5d880798600e103b9e14934e41abb1ef95
/external/sepolicy/file_contexts
|
ad0d0fc722d04e465ce2b0bfd2f8e04714c75391 |
|
29-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Protect /data/property. /data/property is only accessible by root and is used by the init property service for storing persistent property values. Create a separate type for it and only allow init to write to the directory and files within it. Ensure that we do not allow access to other domains in future changes or device-specific policy via a neverallow rule. Change-Id: Iff556b9606c5651c0f1bba902e30b59bdd6f063a Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/sepolicy/file_contexts
|
9786af2bcaaf0ba25c0a50c81c748a05793ec847 |
|
23-May-2014 |
Torne (Richard Coles) <torne@google.com> |
Define SELinux policy for RELRO sharing support. Define a domain and appropriate access rules for shared RELRO files (used for loading the WebView native library). Any app is permitted to read the files as they are public data, but only the shared_relro process is permitted to create/update them. Bug: 13005501 Change-Id: I9d5ba9e9eedb9b8c80fe6f84a3fc85a68553d52e
/external/sepolicy/file_contexts
|
7cba5da2f6923316dea6542ef63883533337dfd8 |
|
23-May-2014 |
Nick Kralevich <nnk@google.com> |
Label /dev/socket/zygote_secondary zygote_secondary talks over a different socket named /dev/socket/zygote_secondary. Make sure it's properly labeled. See https://android-review.googlesource.com/89604 Addresses the following denial: <12>[ 48.442004] type=1400 audit(1400801842.179:5): avc: denied { write } for pid=1082 comm="main" name="zygote_secondary" dev="tmpfs" ino=9953 scontext=u:r:system_server:s0 tcontext=u:object_r:socket_device:s0 tclass=sock_file permissive=1 Bug: 13647418 Change-Id: I1ff5f1d614295a5870bb8a3992ad9167e1656c92
/external/sepolicy/file_contexts
|
5c655876780f017c472997d7ae2c6a36d5752f09 |
|
14-May-2014 |
Narayan Kamath <narayan@google.com> |
app_process is now a symlink. app_process is now a symlink to app_process32 or app_process64, so we have to update the selinux rules to explicitly refer to them. See change 5a7ee9ad63d for context. Change-Id: I7f7a107d79a8f7a3c193f97809e1e737540258f1
/external/sepolicy/file_contexts
|
56ecf4bdf8cb33362143f37cf683efd909415d5b |
|
01-May-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Introduce fwmarkd: a service to set the fwmark of sockets. (cherry picked from commit 7d51096d4106a441a15741592d9ccdd0bfaca907) Change-Id: Ib6198e19dbc306521a26fcecfdf6e8424d163fc9
/external/sepolicy/file_contexts
|
baf49bd541a9df4f38bf917fbfc850569a4cae94 |
|
12-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Label /data/.layout_version with its own type. installd creates /data/.layout_version. Introduce a separate type for this file (and any other file created by installd under a directory labeled system_data_file) so that we can allow create/write access by installd without allowing it to any system data files created by other processes. This prevents installd from overwriting other system data files, and ensure that any files it creates will require explicit rules in order to access. Change-Id: Id04e49cd571390d18792949c8b2b13b1ac59c016 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/sepolicy/file_contexts
|
7004789de39c1e712169ac6d4c98bdbe43dcce6e |
|
07-May-2014 |
Greg Hackmann <ghackmann@google.com> |
Add policies for Atomic Display Framework ADF is a modern replacement for fbdev. ADF's device nodes (/dev/adf[X]), interface nodes (/dev/adf-interface[X].[Y]), and overlay engine nodes (/dev/adf-overlay-engine[X].[Y]) are collectively used in similar contexts as fbdev nodes. Vendor HW composers (via SurfaceFlinger) and healthd will need to send R/W ioctls to these nodes to prepare and update the display. Ordinary apps should not talk to ADF directly. Change-Id: Ic0a76b1e82c0cc1e8f240f219928af1783e79343 Signed-off-by: Greg Hackmann <ghackmann@google.com>
/external/sepolicy/file_contexts
|
812f7d90d250578d3e9e275406ba5ae0a2775e79 |
|
05-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Escape dot (.) when it is intended to be literal. Otherwise it is treated as a regex and matches any character. Change-Id: I9e23f01b0e104d3ef57993fd1a3d9a5b13201910 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/sepolicy/file_contexts
|
19c509034ee309c60c958637841c151d3c273421 |
|
09-Apr-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Define a type for /data/dalvik-cache/profiles. I9b8e59e3bd7df8a1bf60fa7ffd376a24ba0eb42f added a profiles subdirectory to /data/dalvik-cache with files that must be app-writable. As a result, we have denials such as: W/Profiler( 3328): type=1400 audit(0.0:199): avc: denied { write } for name="com.google.android.setupwizard" dev="mmcblk0p28" ino=106067 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:dalvikcache_data_file:s0 tclass=file W/Profiler( 3328): type=1300 audit(0.0:199): arch=40000028 syscall=322 per=800000 success=yes exit=33 a0=ffffff9c a1=b8362708 a2=20002 a3=0 items=1 ppid=194 auid=4294967295 uid=10019 gid=10019 euid=10019 suid=10019 fsuid=10019 egid=10019 sgid=10019 fsgid=10019 tty=(none) ses=4294967295 exe="/system/bin/app_process" subj=u:r:untrusted_app:s0 key=(null) W/auditd ( 286): type=1307 audit(0.0:199): cwd="/" W/auditd ( 286): type=1302 audit(0.0:199): item=0 name="/data/dalvik-cache/profiles/com.google.android.setupwizard" inode=106067 dev=b3:1c mode=0100664 ouid=1012 ogid=50019 rdev=00:00 obj=u:object_r:dalvikcache_data_file:s0 We do not want to allow untrusted app domains to write to the existing type on other /data/dalvik-cache files as that could be used for code injection into another app domain, the zygote or the system_server. So define a new type for this subdirectory. The restorecon_recursive /data in init.rc will fix the labeling on devices that already have a profiles directory created. For correct labeling on first creation, we also need a separate change to installd under the same change id. Bug: 13927667 Change-Id: I4857d031f9e7e60d48b8c72fcb22a81b3a2ebaaa Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/sepolicy/file_contexts
|
6bf9bbc82951536645d2cc02de19d928b6be2889 |
|
04-Apr-2014 |
Nick Kralevich <nnk@google.com> |
label app_process64 as zygote_exec ... otherwise zygote 64 won't run in the correct SELinux domain. Bug: 13647418 Change-Id: Iada2bf26623784535b70647c472f69b735b8f4fc
/external/sepolicy/file_contexts
|
9fc0d40eff46d1319f282df68376c335c3115c36 |
|
26-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Label /dev/uio[0-9]* with its own type. Change-Id: Ibeeec6637022ee8bc9868e102b3d55e3b0d4762c Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/sepolicy/file_contexts
|
a00fb29b1982e21655ec4c084db0b8f37f23a33d |
|
18-Mar-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
Label /data/misc/sms as a radio_data_file. This change helps with the following denials. avc: denied { write } for pid=14157 comm="Thread-88" name="premium_sms_policy.xml" dev="mmcblk0p28" ino=618998 scontext=u:r:radio:s0 tcontext=u:object_r:system_data_file:s0 tclass=file avc: denied { write } for pid=14293 comm="Thread-89" name="sms" dev="mmcblk0p28" ino=618952 scontext=u:r:radio:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir Prior to this patch the directory was labeled as system_data_file which is a bit too generic. This directory contains xml files with regexs which represent premium numbers that are used to warn the user before sending. Change-Id: I98288b25aa1546477e05eee9f7622324b013e695 Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
/external/sepolicy/file_contexts
|
f9c3257fbaa16dbbffe3493b103d0b16ada1c0b5 |
|
12-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Get rid of separate download_file type. This appears to have been created to allow untrusted_app to access DownloadProvider cache files without needing to allow open access to platform_app_data_file. Now that platform_app_data_file is gone, there is no benefit to having this type. Retain a typealias for download_file to app_data_file until restorecon /data/data support is in place to provide compatibility. This change depends on: https://android-review.googlesource.com/#/c/87801/ Change-Id: Iab3c99d7d5448bdaa5c1e03a98fb6163804e1ec4 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/sepolicy/file_contexts
|
5f8d9f85b0b3b799f2ac15352ae3c92e61675dba |
|
12-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Label /data/misc/wifi/hostapd with wpa_socket type. hostapd creates sockets under /data/misc/wifi/hostapd. Ensure that they are labeled correctly both at runtime (type_transition) and during the init.rc restorecon_recursive /data (file_contexts). Addresses denials such as: avc: denied { create } for pid=20476 comm="hostapd" name="wlan0" scontext=u:r:hostapd:s0 tcontext=u:object_r:wifi_data_file:s0 tclass=sock_file avc: denied { setattr } for pid=20476 comm="hostapd" name="wlan0" dev="mmcblk0p23" ino=619005 scontext=u:r:hostapd:s0 tcontext=u:object_r:wifi_data_file:s0 tclass=sock_file avc: denied { unlink } for pid=20476 comm="hostapd" name="wlan0" dev="mmcblk0p23" ino=619005 scontext=u:r:hostapd:s0 tcontext=u:object_r:wifi_data_file:s0 tclass=sock_file Change-Id: I80a443faeb6017a9d6cbdb8da9d7416f29a7b85f Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/sepolicy/file_contexts
|
3dad7b611a448fa43a678ff760c23a00f387947e |
|
05-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Address system_server denials. Label /proc/sysrq-trigger and allow access. Label /dev/socket/mtpd and allow access. Resolves denials such as: avc: denied { getattr } for pid=12114 comm="Binder_2" path="socket:[219779]" dev="sockfs" ino=219779 scontext=u:r:untrusted_app:s0 tcontext=u:r:system_server:s0 tclass=tcp_socket avc: denied { call } for pid=1007 comm="Binder_8" scontext=u:r:system_server:s0 tcontext=u:r:su:s0 tclass=binder avc: denied { write } for pid=1024 comm="watchdog" name="sysrq-trigger" dev="proc" ino=4026533682 scontext=u:r:system_server:s0 tcontext=u:object_r:proc:s0 tclass=file avc: denied { write } for pid=11567 comm="LegacyVpnRunner" name="mtpd" dev="tmpfs" ino=36627 scontext=u:r:system_server:s0 tcontext=u:object_r:socket_device:s0 tclass=sock_file avc: denied { ptrace } for pid=10924 comm=5369676E616C2043617463686572 scontext=u:r:system_server:s0 tcontext=u:r:system_server:s0 tclass=process avc: denied { sigkill } for pid=26077 comm="NativeCrashRepo" scontext=u:r:system_server:s0 tcontext=u:r:zygote:s0 tclass=process avc: denied { write } for pid=1024 comm="android.bg" scontext=u:r:system_server:s0 tcontext=u:r:system_server:s0 tclass=netlink_socket avc: denied { getattr } for pid=473 comm="FinalizerDaemon" path="socket:[11467]" dev="sockfs" ino=11467 scontext=u:r:system_server:s0 tcontext=u:r:mediaserver:s0 tclass=tcp_socket avc: denied { getattr } for pid=473 comm="FinalizerDaemon" path="socket:[12076]" dev="sockfs" ino=12076 scontext=u:r:system_server:s0 tcontext=u:r:mediaserv er:s0 tclass=udp_socket avc: denied { getopt } for pid=473 comm="FinalizerDaemon" laddr=192.168.159.172 lport=51576 faddr=93.127.173.40 fport=554 scontext=u:r:system_server:s0 tcontext=u:r:mediaserver:s0 tclass=tcp_socket avc: denied { getopt } for pid=473 comm="FinalizerDaemon" lport=15658 scontext=u:r:system_server:s0 tcontext=u:r:mediaserver:s0 tclass=udp_socket avc: denied { read write } for pid=21384 comm="rtsp" path="socket:[443742]" dev="sockfs" ino=443742 scontext=u:r:system_server:s0 tcontext=u:r:mediaserver:s 0 tclass=tcp_socket avc: denied { read write } for pid=21384 comm="rtsp" path="socket:[444842]" dev="sockfs" ino=444842 scontext=u:r:system_server:s0 tcontext=u:r:mediaserver:s0 tclass=udp_socket avc: denied { setopt } for pid=1326 comm="Binder_9" lport=16216 scontext=u:r:system_server:s0 tcontext=u:r:mediaserver:s0 tclass=udp_socket avc: denied { setopt } for pid=1676 comm="Binder_6" laddr=192.168.156.130 lport=51044 faddr=74.125.214.81 fport=554 scontext=u:r:system_server:s0 tcontext=u:r:mediaserver:s0 tclass=tcp_socket avc: denied { getattr } for pid=10915 comm="system_server" path="/dev/mdm" dev="tmpfs" ino=7484 scontext=u:r:system_server:s0 tcontext=u:object_r:radio_device:s0 tclass=chr_file avc: denied { read } for pid=10915 comm="system_server" name="mdm" dev="tmpfs" ino=7484 scontext=u:r:system_server:s0 tcontext=u:object_r:radio_device:s0 tclass=chr_file avc: denied { unlink } for pid=14866 comm="system_server" name="wallpaper" dev="mmcblk0p9" ino=285715 scontext=u:r:system_server:s0 tcontext=u:object_r:wallpaper_file:s0 tclass=file avc: denied { getattr } for pid=12114 comm="Binder_2" path="socket:[219779]" dev="sockfs" ino=219779 scontext=u:r:untrusted_app:s0 tcontext=u:r:system_server:s0 tclass=tcp_socket avc: denied { getopt } for pid=32300 comm="Binder_1" laddr=::ffff:127.0.0.1 lport=4939 faddr=::ffff:127.0.0.1 fport=53318 scontext=u:r:untrusted_app:s0 tcontext=u:r:system_server:s0 tclass=tcp_socket avc: denied { read write } for pid=10840 comm="pool-17-thread-" path="socket:[205990]" dev="sockfs" ino=205990 scontext=u:r:untrusted_app:s0 tcontext=u:r:system_server:s0 tclass=tcp_socket avc: denied { write } for pid=20817 comm="dumpsys" path="/mnt/shell/emulated/0/aupt-output/bugreport-2014-02-22-11-17-16.txt.tmp" dev="fuse" ino=3100784040 scontext=u:r:system_server:s0 tcontext=u:object_r:sdcard_internal:s0 tclass=file Change-Id: I481ac26667b487031a5d3317b0a028a027a8e641 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/sepolicy/file_contexts
|
0296b9434f3b933b37f67c143788f87cb80b3325 |
|
25-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Move qemud and /dev/qemu policy bits to emulator-specific sepolicy. Change-Id: I620d4aef84a5d4565abb1695db54ce1653612bce Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/sepolicy/file_contexts
|
2c347e0a3676bb50cac796ca94eb6ab53c08fc87 |
|
25-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Drop obsolete keystore_socket type and rules. Change I6dacdc43bcc1a56e47655e37e825ee6a205eb56b switched the keystore to using binder instead of a socket, so this socket type and rules have been unused for a while. The type was only ever assigned to a /dev/socket socket file (tmpfs) so there is no issue with removing the type (no persistent files will have this xattr value). Change-Id: Id584233c58f6276774c3432ea76878aca28d6280 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/sepolicy/file_contexts
|
96ff4c053a238e04373fcc1f11d769418e8ce238 |
|
24-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Add a domain for mdnsd and allow connecting to it. Change-Id: I0a06fa32a46e515671b4e9a6f68e1a3f8b2c21a8 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/sepolicy/file_contexts
|
96eeb1ecb3980e34a5f9ed1a4afd8ffa6ada0cf0 |
|
19-Feb-2014 |
Nick Kralevich <nnk@google.com> |
initial policy for uncrypt. Add initial support for uncrypt, started via the pre-recovery service in init.rc. On an encrypted device, uncrypt reads an OTA zip file on /data, opens the underlying block device, and writes the unencrypted blocks on top of the encrypted blocks. This allows recovery, which can't normally read encrypted partitions, to reconstruct the OTA image and apply the update as normal. Add an exception to the neverallow rule for sys_rawio. This is needed to support writing to the raw block device. Add an exception to the neverallow rule for unlabeled block devices. The underlying block device for /data varies between devices within the same family (for example, "flo" vs "deb"), and the existing per-device file_context labeling isn't sufficient to cover these differences. Until I can resolve this problem, allow access to any block devices. Bug: 13083922 Change-Id: I7cd4c3493c151e682866fe4645c488b464322379
/external/sepolicy/file_contexts
|
f4c6579b247861ae069ac8152967d913f9b9950f |
|
19-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Delete unnecessary /data/data entries. /data/data subdirectories are labeled by installd at creation time based on seapp_contexts, not based on file_contexts, so we do not need the /data/data/.* entry, and the wallpaper file was moved from under com.android.settings/files to /data/system/users/N long ago so we can delete the old entry for it. Change-Id: I32af6813ff284e8fe9fd4867df482a642c728755 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/sepolicy/file_contexts
|
e55aac2a5a03585550ce6ca7efc5495a2d8d79fa |
|
16-Feb-2014 |
Dan Willemsen <dwillemsen@nvidia.com> |
Add debuggerd64 entry for 64-bit debuggerd daemon Change-Id: I4cd33a296de0d0597aa6166aa1be48f1b0b52129
/external/sepolicy/file_contexts
|
5467fce636d0cebb86f3684f7a69d883324384ca |
|
13-Feb-2014 |
Nick Kralevich <nnk@google.com> |
initial lmkd policy. * Allow writes to /proc/PID/oom_score_adj * Allow writes to /sys/module/lowmemorykiller/* Addresses the following denials: <5>[ 3.825371] type=1400 audit(9781555.430:5): avc: denied { write } for pid=176 comm="lmkd" name="minfree" dev="sysfs" ino=6056 scontext=u:r:lmkd:s0 tcontext=u:object_r:sysfs:s0 tclass=file <5>[ 48.874747] type=1400 audit(9781600.639:16): avc: denied { search } for pid=176 comm="lmkd" name="896" dev="proc" ino=9589 scontext=u:r:lmkd:s0 tcontext=u:r:system_server:s0 tclass=dir <5>[ 48.874889] type=1400 audit(9781600.639:17): avc: denied { dac_override } for pid=176 comm="lmkd" capability=1 scontext=u:r:lmkd:s0 tcontext=u:r:lmkd:s0 tclass=capability <5>[ 48.874982] type=1400 audit(9781600.639:18): avc: denied { write } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=8942 scontext=u:r:lmkd:s0 tcontext=u:r:system_server:s0 tclass=file <5>[ 48.875075] type=1400 audit(9781600.639:19): avc: denied { open } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=8942 scontext=u:r:lmkd:s0 tcontext=u:r:system_server:s0 tclass=file <5>[ 49.409231] type=1400 audit(9781601.169:20): avc: denied { write } for pid=176 comm="lmkd" name="minfree" dev="sysfs" ino=6056 scontext=u:r:lmkd:s0 tcontext=u:object_r:sysfs:s0 tclass=file <5>[ 209.081990] type=1400 audit(9781760.839:24): avc: denied { search } for pid=176 comm="lmkd" name="1556" dev="proc" ino=10961 scontext=u:r:lmkd:s0 tcontext=u:r:platform_app:s0 tclass=dir <5>[ 209.082240] type=1400 audit(9781760.839:25): avc: denied { write } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=11654 scontext=u:r:lmkd:s0 tcontext=u:r:platform_app:s0 tclass=file <5>[ 209.082498] type=1400 audit(9781760.839:26): avc: denied { open } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=11654 scontext=u:r:lmkd:s0 tcontext=u:r:platform_app:s0 tclass=file <5>[ 209.119673] type=1400 audit(9781760.879:27): avc: denied { search } for pid=176 comm="lmkd" name="1577" dev="proc" ino=12708 scontext=u:r:lmkd:s0 tcontext=u:r:release_app:s0 tclass=dir <5>[ 209.119937] type=1400 audit(9781760.879:28): avc: denied { write } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=11657 scontext=u:r:lmkd:s0 tcontext=u:r:release_app:s0 tclass=file <5>[ 209.120105] type=1400 audit(9781760.879:29): avc: denied { open } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=11657 scontext=u:r:lmkd:s0 tcontext=u:r:release_app:s0 tclass=file <5>[ 209.235597] type=1400 audit(9781760.999:30): avc: denied { search } for pid=176 comm="lmkd" name="1600" dev="proc" ino=11659 scontext=u:r:lmkd:s0 tcontext=u:r:shared_app:s0 tclass=dir <5>[ 209.235798] type=1400 audit(9781760.999:31): avc: denied { write } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=11667 scontext=u:r:lmkd:s0 tcontext=u:r:shared_app:s0 tclass=file <5>[ 209.236006] type=1400 audit(9781760.999:32): avc: denied { open } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=11667 scontext=u:r:lmkd:s0 tcontext=u:r:shared_app:s0 tclass=file <5>[ 214.297283] type=1400 audit(9781766.059:64): avc: denied { write } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=11211 scontext=u:r:lmkd:s0 tcontext=u:r:untrusted_app:s0 tclass=file <5>[ 214.297415] type=1400 audit(9781766.059:65): avc: denied { open } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=11211 scontext=u:r:lmkd:s0 tcontext=u:r:untrusted_app:s0 tclass=file <5>[ 214.355060] type=1400 audit(9781766.119:66): avc: denied { write } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=12907 scontext=u:r:lmkd:s0 tcontext=u:r:system_app:s0 tclass=file <5>[ 214.355236] type=1400 audit(9781766.119:67): avc: denied { open } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=12907 scontext=u:r:lmkd:s0 tcontext=u:r:system_app:s0 tclass=file <5>[ 214.516920] type=1400 audit(9781766.279:68): avc: denied { search } for pid=176 comm="lmkd" name="1907" dev="proc" ino=11742 scontext=u:r:lmkd:s0 tcontext=u:r:media_app:s0 tclass=dir <5>[ 214.678861] type=1400 audit(9781766.439:69): avc: denied { write } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=12915 scontext=u:r:lmkd:s0 tcontext=u:r:media_app:s0 tclass=file <5>[ 214.678992] type=1400 audit(9781766.439:70): avc: denied { open } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=12915 scontext=u:r:lmkd:s0 tcontext=u:r:media_app:s0 tclass=file <5>[ 214.708284] type=1400 audit(9781766.469:71): avc: denied { search } for pid=176 comm="lmkd" name="1765" dev="proc" ino=12851 scontext=u:r:lmkd:s0 tcontext=u:r:shared_app:s0 tclass=dir <5>[ 214.708435] type=1400 audit(9781766.469:72): avc: denied { write } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=12870 scontext=u:r:lmkd:s0 tcontext=u:r:shared_app:s0 tclass=file <5>[ 214.708648] type=1400 audit(9781766.469:73): avc: denied { open } for pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=12870 scontext=u:r:lmkd:s0 tcontext=u:r:shared_app:s0 tclass=file Change-Id: Ie3c1ab8ce9e77742d0cc3c73f40010afd018ccd4
/external/sepolicy/file_contexts
|
48b18832c476f0bd8fcb8ee3e308258392f36aaf |
|
04-Feb-2014 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
Introduce asec_public_file type. This new type will allow us to write finer-grained policy concerning asec containers. Some files of these containers need to be world readable. Change-Id: Iefee74214d664acd262edecbb4f981d633ff96ce Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
/external/sepolicy/file_contexts
|
a7e4ace1765d6c4623613810c1e6bc19a6d3f564 |
|
04-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Add file_contexts entries for socket files. So that we do not relabel them on a restorecon -R /data. Change-Id: I8dd915d9bb80067339621b905ea2b4ea0fa8d71e Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/sepolicy/file_contexts
|
418e2abd39a3c86c4f8c7fcac93a1a7beea7a092 |
|
29-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Label /data/misc/wifi/sockets with wpa_socket. This will ensure that any sockets created in this directory will default to wpa_socket unless a type_transition is defined. Define a type transition for system_server to keep its separate system_wpa_socket type assigned for its socket. Allow wpa to create and unlink sockets in the directory. We leave the already existing rules for wifi_data_file in place for compatibility with existing devices that have wifi_data_file on /data/misc/wifi/sockets. Change-Id: I9e35cc93abf89ce3594860aa3193f84a3b42ea6e Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/sepolicy/file_contexts
|
8ed750e9731e6e3a21785e91e9b1cf7390c16738 |
|
13-Nov-2013 |
Mark Salyzyn <salyzyn@google.com> |
sepolicy: Add write_logd, read_logd & control_logd - Add write_logd, read_logd and control_logd macros added along with contexts for user space logd. - Specify above on domain wide, or service-by-service basis - Add logd rules. - deprecate access_logcat as unused. - 'allow <domain> zygote:unix_dgram_socket write;' rule added to deal with fd inheritance. ToDo: investigate means to allow references to close, and reopen in context of application or call setsockcreatecon() to label them in child context. Change-Id: I35dbb9d5122c5ed9b8c8f128abf24a871d6b26d8
/external/sepolicy/file_contexts
|
09f6a99b667c63cb4084583df10b13cde9b1e78a |
|
13-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow mediaserver to connect to bluetooth. Re-purpose the existing bluetooth_socket type, originally for /dev/socket/bluetooth used by bluetoothd in the old bluetooth stack, for sockets created by bluedroid under /data/misc/bluedroid, and allow mediaserver to connect to such sockets. This is required for playing audio on paired BT devices. Based on b/12417855. Change-Id: I24ecdf407d066e7c4939ed2a0edb97222a1879f6 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/sepolicy/file_contexts
|
94f322e016883f09fecedc0408171338a09f47aa |
|
18-Nov-2013 |
Nick Kralevich <nnk@google.com> |
Remove /sys/class/rfkill/rfkill.* lines These are all symlinks. The restorecon in /sys doesn't follow symlinks, so these lines have absolutely no effect, and just serve to confuse people. Remove them. Change-Id: I24373fa0308ec700011ed19b1ce29a491d1feff3
/external/sepolicy/file_contexts
|
d9b8ef435294359ac6e70f9d5981ee23fa0acedb |
|
16-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Drop legacy device types. powervr_device is obsoleted by the more general gpu_device. akm_device and accelerometer_device are obsoleted by the more general sensors_device. We could also drop the file_contexts entries altogether and take them to device-specific policy (in this case, they all came from crespo, so that is obsolete for master). Change-Id: I63cef43b0d66bc99b80b64655416cc050f443e7d Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/sepolicy/file_contexts
|
d362cdf8d99ce6c4e4b3815683f54a253da6adba |
|
08-Jan-2014 |
rpcraig <robertpcraig@gmail.com> |
Apply a label to /data/mediadrm files. /data/mediadrm is appearing on devices but is receiving the system_data_file type. Use the media_data_file label to help classify these files. This new label will help with the following denials. with exisiting allow rules for mediaserver are already in place. type=1400 msg=audit(1389139139.551:308): avc: denied { open } for pid=179 comm="mediaserver" name="ay64.dat" dev="mmcblk0p23" ino=136819 scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=file type=1400 msg=audit(1389139140.783:309): avc: denied { read } for pid=179 comm="mediaserver" name="IDM1013" dev="mmcblk0p23" ino=136818 scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir type=1400 msg=audit(1389139140.783:310): avc: denied { open } for pid=179 comm="mediaserver" name="IDM1013" dev="mmcblk0p23" ino=136818 scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir Change-Id: I84ac78517fdbb0264cf07379120a62675505fc95 Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
/external/sepolicy/file_contexts
|
c0493c8dfe78284c683184a7f3aefba6982bce40 |
|
08-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Drop extra _system_file types. They serve no purpose; these directories/files are normally accessible in the same way as the rest of /system. Also one of them has the wrong attributes (data_file_type), thereby making it writable by some domains, and under current policy, shell and apps cannot do ls -l /etc/ppp /etc/dhcpcd. Change-Id: I0c1baa434fe78373684f4eaab40a41fddf2bdd79 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/sepolicy/file_contexts
|
396015c3952bcbd5678dc20d5e5e4407cf6a4d4a |
|
07-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Remove ping domain. ping in Android no longer requires any additional privileges beyond the caller. Drop the ping domain and executable file type entirely. Also add net_domain() to shell domain so that it can create and use network sockets. Change-Id: If51734abe572aecf8f510f1a55782159222e5a67 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/sepolicy/file_contexts
|
e13fabd75a1adb47abdaa115a793d2f1ad247af7 |
|
17-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Label /data/media with its own type and allow access. /data/media presently is left in system_data_file, which requires anything that wants to write to it to be able to write to system_data_file. Introduce a new type for /data/media, media_rw_data_file (to match the media_rw UID assigned to it and distinguish it from /data/misc/media which has media UID and media_data_file type), and allow access to it. We allow this for all platform app domains as WRITE_MEDIA_STORAGE permission is granted to signature|system. We should not have to allow it to untrusted_app. Set up type transitions in sdcardd to automatically label any directories or files it creates with the new type. Change-Id: I5c7e6245b854a9213099e40a41d9583755d37d42 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/sepolicy/file_contexts
|
09e6abd91b3aaaa11a44d032e095360c64a97b3a |
|
14-Dec-2013 |
Nick Kralevich <nnk@google.com> |
initial dumpstate domain Add the necessary rules to support dumpstate. Start off initially in permissive until it has more testing. Dumpstate is triggered by running "adb bugreport" Change-Id: Ic17a60cca1f6f40daa4f2c51e9ad6009ef36cfbd
/external/sepolicy/file_contexts
|
caa6a32d76e22b350f58ee6cf35c95f6282f076e |
|
15-Dec-2013 |
Nick Kralevich <nnk@google.com> |
initial inputflinger domain Add a placeholder domain for inputflinger. Mark it initially unconfined and enforcing. Change-Id: I433fd9e1954486136cb8abb084b4e19bb7fc2f19
/external/sepolicy/file_contexts
|
7466f9b69341e3d86b0242d8ad18ae98d22f05a2 |
|
13-Dec-2013 |
Nick Kralevich <nnk@google.com> |
Label /data/misc/zoneinfo And allow any SELinux domain to read these timezone related files. Addresses the following denial: <5>[ 4.746399] type=1400 audit(3430294.470:7): avc: denied { open } for pid=197 comm="time_daemon" name="tzdata" dev="mmcblk0p28" ino=618992 scontext=u:r:time:s0 tcontext=u:object_r:system_data_file:s0 tclass=file Change-Id: Iff32465e62729d7aad8c79607848d89ce0aede86
/external/sepolicy/file_contexts
|
6a32eec74dc631e0bc06bca84cb2d0b3cd222c8b |
|
13-Dec-2013 |
Nick Kralevich <nnk@google.com> |
alphabetize /data/misc entries. Alphabetize the entries for the /data/misc subdirectories. Change-Id: I3690085cbb99c225545545668dedd66341a14edb
/external/sepolicy/file_contexts
|
acde43f23fbe9b2d180034c6a99b8711a6af7f21 |
|
11-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Define a domain for the bootanim service. Leave the domain permissive initially until it gets more testing. Change-Id: I9d88d76d1ffdc79a2eff4545d37a9e615482df50 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/sepolicy/file_contexts
|
2b392fccf35c790bdc55bdce51a196f4953644ce |
|
06-Dec-2013 |
Nick Kralevich <nnk@google.com> |
Move lmkd into it's own domain. lmkd low memory killer daemon The kernel low memory killer logic has been moved to a new daemon called lmkd. ActivityManager communicates with this daemon over a named socket. This is just a placeholder policy, starting off in unconfined_domain. Change-Id: Ia3f9a18432c2ae37d4f5526850e11432fd633e10
/external/sepolicy/file_contexts
|
7adb999e701ee96356c506ffa93fce190791e8b7 |
|
06-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Restrict the ability to set usermodehelpers and proc security settings. Limit the ability to write to the files that configure kernel usermodehelpers and security-sensitive proc settings to the init domain. Permissive domains can also continue to set these values. The current list is not exhaustive, just an initial set. Not all of these files will exist on all kernels/devices. Controlling access to certain kernel usermodehelpers, e.g. cgroup release_agent, will require kernel changes to support and cannot be addressed here. Expected output on e.g. flo after the change: ls -Z /sys/kernel/uevent_helper /proc/sys/fs/suid_dumpable /proc/sys/kernel/core_pattern /proc/sys/kernel/dmesg_restrict /proc/sys/kernel/hotplug /proc/sys/kernel/kptr_restrict /proc/sys/kernel/poweroff_cmd /proc/sys/kernel/randomize_va_space /proc/sys/kernel/usermodehelper -rw-r--r-- root root u:object_r:usermodehelper:s0 uevent_helper -rw-r--r-- root root u:object_r:proc_security:s0 suid_dumpable -rw-r--r-- root root u:object_r:usermodehelper:s0 core_pattern -rw-r--r-- root root u:object_r:proc_security:s0 dmesg_restrict -rw-r--r-- root root u:object_r:usermodehelper:s0 hotplug -rw-r--r-- root root u:object_r:proc_security:s0 kptr_restrict -rw-r--r-- root root u:object_r:usermodehelper:s0 poweroff_cmd -rw-r--r-- root root u:object_r:proc_security:s0 randomize_va_space -rw------- root root u:object_r:usermodehelper:s0 bset -rw------- root root u:object_r:usermodehelper:s0 inheritable Change-Id: I3f24b4bb90f0916ead863be6afd66d15ac5e8de0 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/sepolicy/file_contexts
|
b2547644effa3994766d7ebf1df3f712fb06577a |
|
04-Dec-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
Drop tegra specific label from policy. This label was originally used for Motorola Xoom devices. nvmap is the tegra gpu memory manager and the various nvhost drivers are for tegra graphics related functionality, i.e. display serial interface, image signal processor, or media processing stuff. Only grouper and tilapia presently need this policy. Change-Id: I2a7000f69abf3185724d88d428e8237e0ca436ec
/external/sepolicy/file_contexts
|
081aed21338f79774f91a98fe0cfae4eceee67ec |
|
02-Dec-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Default to socket_device for anything under /dev/socket. Otherwise sockets that have no specific entry match the /dev(/.*) entry instead, leaving them in device type rather than socket_device type. Every socket should get its own entry regardless, but this at least puts it into a more specific type by default. Change-Id: I97f7999af7f9f83484d3a51440dda791d3726f1a Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/sepolicy/file_contexts
|
8510d31ed3b5d53c2232b7aac5f65b32d38753d0 |
|
07-Nov-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Rename camera_calibration_file and audio_firmware_file. Use more general type names for the contents of /data/misc/camera and /data/misc/audio. These were the names used in our policy until 4.3 was released, at which point we switched to be consistent with AOSP. However, the Galaxy S4 4.2.2 image, Galaxy S4 4.3 image, and Galaxy Note 3 4.3 image all shipped with policies using _data_file names because they were based on our older policy. So we may as well switch AOSP to these names. Not sure if in fact these could be all coalesced to the new media_data_file type for /data/misc/media introduced by Ic374488f8b62bd4f8b3c90f30da0e8d1ed1a7343. Options to fix already existing devices, which would only apply to Nexus devices with 4.3 or 4.4 at this point: 1) Add restorecon_recursive /data/misc/audio /data/misc/camera to either the system/core init.rc or to the device-specific init.*.rc files. -or- 2) Add a typealias declaration in the policy to remap the old type names. to the new ones. Then existing types on persistent storage will be remapped internally to the new ones. -or- 3) Some sort of relabeld. Option #2 is implemented by this change. Change-Id: Id36203f5bb66b5200efc1205630b5b260ef97496 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/sepolicy/file_contexts
|
af47ebb67aa64d699615693bf4603ec173417175 |
|
04-Nov-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Label /dev/fscklogs and allow system_server access to it. Otherwise you get denials such as: type=1400 audit(1383590310.430:623): avc: denied { getattr } for pid=1629 comm="Thread-78" path="/dev/fscklogs/log" dev="tmpfs" ino=1642 scontext=u:r:system_server:s0 tcontext=u:object_r:device:s0 tclass=file type=1400 audit(1383590310.430:624): avc: denied { open } for pid=1629 comm="Thread-78" name="log" dev="tmpfs" ino=1642 scontext=u:r:system_server:s0 tcontext=u:object_r:device:s0 tclass=file type=1400 audit(1383590310.430:625): avc: denied { write } for pid=1629 comm="Thread-78" name="fscklogs" dev="tmpfs" ino=1628 scontext=u:r:system_server:s0 tcontext=u:object_r:device:s0 tclass=dir type=1400 audit(1383590310.430:625): avc: denied { remove_name } for pid=1629 comm="Thread-78" name="log" dev="tmpfs" ino=1642 scontext=u:r:system_server:s0 tcontext=u:object_r:device:s0 tclass=dir type=1400 audit(1383590310.430:625): avc: denied { unlink } for pid=1629 comm="Thread-78" name="log" dev="tmpfs" ino=1642 scontext=u:r:system_server:s0 tcontext=u:object_r:device:s0 tclass=file Change-Id: Ia7ae06a6d4cc5d2a59b8b85a5fb93cc31074fd37 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/sepolicy/file_contexts
|
a771671877d306804dbbf5a8e6baa03c877f890d |
|
04-Nov-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Label /data/misc/media and allow mediaserver access to it. Otherwise we get denials like these on 4.4: type=1400 audit(1383590170.360:29): avc: denied { write } for pid=61 comm="mediaserver" name="media" dev="mtdblock1" ino=6416 scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir type=1400 audit(1383590170.360:29): avc: denied { add_name } for pid=61 comm="mediaserver" name="emulator.camera.hotplug.0" scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir type=1400 audit(1383590170.360:29): avc: denied { create } for pid=61 comm="mediaserver" name="emulator.camera.hotplug.0" scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=file type=1400 audit(1383590170.360:29): avc: denied { write open } for pid=61 comm="mediaserver" name="emulator.camera.hotplug.0" dev="mtdblock1" ino=6431 scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=file type=1400 audit(1383590255.100:231): avc: denied { write } for pid=832 comm="mediaserver" name="emulator.camera.hotplug.0" dev="mtdblock1" ino=6431 scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=file type=1400 audit(1383590255.100:231): avc: denied { open } for pid=832 comm="mediaserver" name="emulator.camera.hotplug.0" dev="mtdblock1" ino=6431 scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=file Change-Id: Ic374488f8b62bd4f8b3c90f30da0e8d1ed1a7343 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/sepolicy/file_contexts
|
aaac24688ee623a19525f25fe1fc81b60197f6f5 |
|
05-Nov-2013 |
Elliott Hughes <enh@google.com> |
/system/bin/ash and /system/bin/mksh are dead. Long live /system/bin/sh! Change-Id: I5af63c1bdc3585835ee273ed9995d8fac14792da
/external/sepolicy/file_contexts
|
a7c8ea864ee9f82ca7aeb8e0bc13af72fcf6e096 |
|
06-Nov-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Move audio_firmware_file and /data/misc/audio entry to core sepolicy. Change-Id: Ib8c96ab9e19d34e8e34a4c859528345763be4906 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/sepolicy/file_contexts
|
b3c48b66bcc9dad62a461fdc3595a70c07ff8fd3 |
|
23-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Change the type on /dev/uinput to match /dev/uhid. /dev/uinput is accessed in the same way as /dev/uhid, and unlike /dev/input/*. bluetooth requires access to the former and not to the latter, while shell requires access to the latter and not the former. This is also consistent with their DAC group ownerships (net_bt_stack for /dev/uinput and /dev/uhid vs input for /dev/input/*). Change-Id: I0059d832a7fe036ed888c91e1fb96f3e6e0bd2d4 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/sepolicy/file_contexts
|
967f39a6e88c60b5f65a37397d6619197a1d0514 |
|
30-Oct-2013 |
Nick Kralevich <nnk@google.com> |
Move sysfs_devices_system_cpu to the central policy. Every device has a CPU. This is not device specific. Allow every domain to read these files/directories. For unknown reasons, these files are accessed by A LOT of processes. Allow ueventd to write to these files. This addresses the following denials seen on mako: <5>[ 4.935602] type=1400 audit(1383167737.512:4): avc: denied { read } for pid=140 comm="ueventd" name="cpu0" dev="sysfs" ino=3163 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=dir <5>[ 4.935785] type=1400 audit(1383167737.512:5): avc: denied { open } for pid=140 comm="ueventd" name="cpu0" dev="sysfs" ino=3163 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=dir <5>[ 4.935937] type=1400 audit(1383167737.512:6): avc: denied { search } for pid=140 comm="ueventd" name="cpu0" dev="sysfs" ino=3163 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=dir <5>[ 4.936120] type=1400 audit(1383167737.512:7): avc: denied { write } for pid=140 comm="ueventd" name="uevent" dev="sysfs" ino=3164 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=file <5>[ 4.936303] type=1400 audit(1383167737.512:8): avc: denied { open } for pid=140 comm="ueventd" name="uevent" dev="sysfs" ino=3164 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=file Change-Id: I4766dc571762d8fae06aa8c26828c070b80f5936
/external/sepolicy/file_contexts
|
ec7d39ba168a5b620e6bb526f316581acc5c1238 |
|
29-Sep-2013 |
William Roberts <wroberts@tresys.com> |
Introduce controls on wake lock interface Change-Id: Ie0ee266e9e6facb2ab2abd652f68765239a41af1
/external/sepolicy/file_contexts
|
8d688315aeb053eadc2606badbe4ce52899bb694 |
|
03-Oct-2013 |
Alex Klyubin <klyubin@google.com> |
Restrict access to /dev/hw_random to system_server and init. /dev/hw_random is accessed only by init and by EntropyMixer (which runs inside system_server). Other domains are denied access because apps/services should be obtaining randomness from the Linux RNG. Change-Id: Ifde851004301ffd41b2189151a64a0c5989c630f
/external/sepolicy/file_contexts
|
55540755bc2f95ec3e0fb941a9e98dbf8aa24e7f |
|
30-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Label adb keys file and allow access to it. The /adb_keys entry will only take effect if a restorecon is applied by init.rc on a kernel that includes the rootfs labeling support, but does no harm otherwise. The /data/misc/adb labeling ensures correct labeling of the adb_keys file created if the device has ro.adb.secure=1 set. Allow adbd to read the file. Change-Id: I97b3d86a69681330bba549491a2fb39df6cf20ef Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/sepolicy/file_contexts
|
b0712c1e65b3007675952a9f8a9a123734051245 |
|
27-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Remove /data/local/tmp/selinux entry. Change-Id I027f76cff6df90e9909711cb81fbd17db95233c1 added a /data/local/tmp/selinux entry at the same time domains were made permissive. I do not know why, and do not see how this is used. So remove it. Change-Id: I3218cc18de9781bc65ae403f2cf4c234847ef5f5 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/sepolicy/file_contexts
|
189558f64affb73b554b568db90d62eb7d2a9ada |
|
26-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Remove legacy entries from crespo (Nexus S). These device nodes were specific to crespo / Nexus S and if ever needed again, should be re-introduced in the per-device sepolicy, not here. Change-Id: I8366de83967974122c33937f470d586d49c34652 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/sepolicy/file_contexts
|
567ee4116e0a7f842862bfc35d97f2fb9fe082a0 |
|
20-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Label /dev/socket/gps with its own type. The type was already defined and used in type transitions for cases where the gps socket is created at runtime by gpsd, but on some devices it is created by init based on an init.<board>.rc socket entry and therefore needs a file_contexts entry. Before: $ ls -Z /dev/socket/gps srw-rw---- gps system u:object_r:device:s0 gps After: $ ls -Z /dev/socket/gps srw-rw---- gps system u:object_r:gps_socket:s0 gps Change-Id: I8eef08d80e965fc4f3e9dd09d4fa446aaed82624 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/sepolicy/file_contexts
|
4caf8c997a30d214c8c2236cbe8a93e43e37699f |
|
19-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Label /dev/socket/mdns with its own type. Otherwise it gets left in the general device type, and we get denials such as: type=1400 msg=audit(1379617262.940:102): avc: denied { write } for pid=579 comm="mDnsConnector" name="mdns" dev="tmpfs" ino=3213 scontext=u:r:system_server:s0 tcontext=u:object_r:device:s0 tclass=sock_file This of course only shows up if using a confined system_server. Change-Id: I2456dd7aa4d72e6fd15b55c251245186eb54a80a Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/sepolicy/file_contexts
|
a770f55b18da45a2b40436060e64096a5a0ba883 |
|
10-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Remove dbusd policy; dbusd is no more. Change-Id: I9652284bd34d07bd47e2e7df66fcbe5db185ab3f Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/sepolicy/file_contexts
|
1d435de685e0842e8d9902480db8b408f43911f6 |
|
10-Sep-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Remove bluetoothd policy; bluetoothd is no more. Change-Id: I153b0aa8a747d6c79839d06fc04b3923eacfa213 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/sepolicy/file_contexts
|
0f7641d83d7044431db44d4dd2377e6f8ef93e85 |
|
03-May-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Label all files under /sys/qemu_trace with sysfs_writable. Otherwise we have different security contexts but the same DAC permissions: -rw-rw-rw- root root u:object_r:sysfs_writable:s0 process_name -rw-rw-rw- root root u:object_r:sysfs:s0 state -rw-rw-rw- root root u:object_r:sysfs:s0 symbol This change fixes denials such as: type=1400 msg=audit(1379096020.770:144): avc: denied { write } for pid=85 comm="SurfaceFlinger" name="symbol" dev="sysfs" ino=47 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:sysfs:s0 tclass=file Change-Id: I261c7751da3778ee9241ec6b5476e8d9f96ba5ed Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/sepolicy/file_contexts
|
ab7dfabb611ce4b1c32abbf91a467f098ab0188b |
|
05-Aug-2013 |
Lorenzo Colitti <lorenzo@google.com> |
Fix clatd, broken by selinux policing /dev/tun Bug: 10175701 Change-Id: I185df22bdbaafd56725760ec6c71340b67455046
/external/sepolicy/file_contexts
|
3632bb29f0a3583677d0b3ea7077be332874e75a |
|
15-Jul-2013 |
Nick Kralevich <nnk@google.com> |
Remove /sys from file_contexts /sys was getting labeled as a rootfs file, but according to genfs_contexts, it's really a sysfs file. This conflict is causing problems when patch f29c533c49ab1c90eae612b1c454f2c6879a6658 from system/core is applied. Change-Id: I3f34c9ee68bedb171ebebfcd356e924c987b58ff
/external/sepolicy/file_contexts
|
dbd28d91d3c6d970f1704df8350b0333b51758b1 |
|
28-Jun-2013 |
Nick Kralevich <nnk@google.com> |
Enable SELinux protections for netd. This change does several things: 1) Restore domain.te to the version present at cd516a32663b4eb11b2e3356b86450020e59e279 . This is the version currently being distributed in AOSP. 2) Add "allow domain properties_device:file r_file_perms;" to domain.te, to allow all domains to read /dev/__properties__ . This change was missing from AOSP. 3) Restore netd.te to the version present at 80c9ba5267f1a6ceffcf979471d101948b520ad6 . This is the version currently being distributed in AOSP. 4) Remove anything involving module loading from netd.te. CTS enforces that Android kernels can't have module loading enabled. 5) Add several new capabilities, plus data file rules, to netd.te, since netd needs to write to files owned by wifi. 6) Add a new unconfined domain called dnsmasq.te, and allow transitions from netd to that domain. Over time, we'll tighten up the dnsmasq.te domain. 7) Add a new unconfined domain called hostapd.te, and allow transitions from netd to that domain. Over time, we'll tighten up the hostapd.te domain. The net effect of these changes is to re-enable SELinux protections for netd. The policy is FAR from perfect, and allows a lot of wiggle room, but we can improve it over time. Testing: as much as possible, I've exercised networking related functionality, including turning on and off wifi, entering airplane mode, and enabling tethering and portable wifi hotspots. It's quite possible I've missed something, and if we experience problems, I can roll back this change. Bug: 9618347 Change-Id: I23ff3eebcef629bc7baabcf6962f25f116c4a3c0
/external/sepolicy/file_contexts
|
50e37b93ac97631dcac6961285b92af5026557af |
|
15-May-2013 |
repo sync <gcondra@google.com> |
Move domains into per-domain permissive mode. Bug: 4070557 Change-Id: I027f76cff6df90e9909711cb81fbd17db95233c1
/external/sepolicy/file_contexts
|
77ec892be6b59e2808cc4c3472bf179d33851ebe |
|
09-May-2013 |
Alex Klyubin <klyubin@google.com> |
SELinux policy for users of libcutils klog_write. klog_write/init create /dev/__kmsg__ backed by a kernel character device, keep the file descriptor, and then immediately unlink the file. Change-Id: I729d224347a003eaca29299d216a53c99cc3197c
/external/sepolicy/file_contexts
|
ca326e2c64f2e3ea0e68809bba9d53cd9627d971 |
|
02-May-2013 |
repo sync <gcondra@google.com> |
Add policy for ping. Change-Id: I168f681d8c67f470b6e639f0b1bf39346c4eb396
/external/sepolicy/file_contexts
|
1e25b980747025eb74fe14923167f3711f7b0807 |
|
25-Apr-2013 |
Nick Kralevich <nnk@google.com> |
Revert "Add the sysrq_file special file and give ADB write access." This rule doesn't work, as /proc/sysrq-trigger isn't properly labeled. Revert this change for now. This reverts commit bb2591e56f0b88570e8bed0008b932bf7c51f533.
/external/sepolicy/file_contexts
|
a3f656859024293d2ceb1ad00e443057bb6ec4ea |
|
25-Apr-2013 |
Ben Murdoch <benm@google.com> |
Revert "DO NOT MERGE Split some device nodes out from device." This reverts commit 69fbbdd54b04e648b07cdf522760247f3dafd362.
/external/sepolicy/file_contexts
|
69fbbdd54b04e648b07cdf522760247f3dafd362 |
|
23-Apr-2013 |
repo sync <gcondra@google.com> |
DO NOT MERGE Split some device nodes out from device. Some of these will get factored out into device-specific configs later. Change-Id: I359915e2607b56112bb22456d28e06c162fcbdff
/external/sepolicy/file_contexts
|
bb2591e56f0b88570e8bed0008b932bf7c51f533 |
|
04-Apr-2013 |
Geremy Condra <gcondra@google.com> |
Add the sysrq_file special file and give ADB write access. Change-Id: Ief2d412dddf4cefdf43a26538c4be060df4cc787
/external/sepolicy/file_contexts
|
bfb26e7b0761121039dea36ad34b6c5054babcfa |
|
04-Apr-2013 |
Geremy Condra <gcondra@google.com> |
Add downloaded file policy. Change-Id: I6f68323cddcf9e13b2a730b8d6b8730587fb4366
/external/sepolicy/file_contexts
|
74ba8c86137d85285a09780999b79034c7e935b1 |
|
05-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
run-as policy fixes. - Remove dac_read_search as it is no longer required by run-as. - Introduce a separate type for /dev/tty so that we can allow use of own tty for for a run-as shell without allowing access to other /dev/tty[0-9]* nodes. - Allow sigchld notifications for death of run-as and its descendants by adbd. - Drop redundant rules for executing shell or system commands from untrusted_app; now covered by rules in app.te. Change-Id: Ic3bf7bee9eeabf9ad4a20f61fbb142a64bb37c6c
/external/sepolicy/file_contexts
|
ffd8c441a5903772af1705ddea5756d117bc9ec9 |
|
03-Apr-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
Add new domains for private apps. /data/app-private is used when making an app purchase or forward locking. Provide a new label for the directory as well as the tmp files that appear under it. Change-Id: I910cd1aa63538253e10a8d80268212ad9fc9fca5 Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
/external/sepolicy/file_contexts
|
c529c66f2c80fc243053310e0c92ff093ed1d01f |
|
01-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Add policy for __properties__ device. Change-Id: Ie9b391283362fb6930f1ae858f0a879835c91e32
/external/sepolicy/file_contexts
|
ebbee43efbec565baa9f5e6b118990129e9d07d1 |
|
27-Mar-2013 |
Geremy Condra <gcondra@google.com> |
am e69552ba: Revert "Revert "Various minor policy fixes based on CTS."" * commit 'e69552ba2d76174d443d1b8457295e4d72f2a986': Revert "Revert "Various minor policy fixes based on CTS.""
|
350d2ae9c97cbec5d8dcba1f3b164191d6cae66a |
|
27-Mar-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
am 65d4f44c: Various policy updates. * commit '65d4f44c1fd999d9cf9c4ef4dc65deb71bafcd8e': Various policy updates.
|
e69552ba2d76174d443d1b8457295e4d72f2a986 |
|
26-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Revert "Revert "Various minor policy fixes based on CTS."" This reverts commit ba84bf1dec64d745b6efc516799b2c722a672cd9 Hidden dependency resolved. Change-Id: I9f0844f643abfda8405db2c722a36c847882c392
/external/sepolicy/file_contexts
|
65d4f44c1fd999d9cf9c4ef4dc65deb71bafcd8e |
|
27-Mar-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
Various policy updates. Assortment of policy changes include: * Bluetooth domain to talk to init and procfs. * New device node domains. * Allow zygote to talk to its executable. * Update system domain access to new device node domains. * Create a post-process sepolicy with dontaudits removed. * Allow rild to use the tty device. Change-Id: Ibb96b590d0035b8f6d1606cd5e4393c174d10ffb Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
/external/sepolicy/file_contexts
|
2a6d0ace882979537c8b2589be3399a0e77d244b |
|
26-Mar-2013 |
Geremy Condra <gcondra@google.com> |
am 1620c671: Merge "Introduce security labels for 2 new device nodes." * commit '1620c671f2b946333958d07420643caf98534a01': Introduce security labels for 2 new device nodes.
|
f62af81817b1e8c4be5e71cbcef7b91e1b7b2bbf |
|
30-Jan-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
Introduce security labels for 2 new device nodes. iio: Industrial I/O subsystem usb_accessory: accessory protocol for usb Allow system access in both cases. Change-Id: I02db9775ec2ddaaeda40fae6d5e56e320957b09c Signed-off-by: Robert Craig <rpcraig@tycho.ncsc.mil>
/external/sepolicy/file_contexts
|
a851e6dab970d548f83ef0705bee7aff1da0dd9f |
|
23-Mar-2013 |
Geremy Condra <gcondra@google.com> |
am c3295802: Merge "New users need a wallpaper_file type." * commit 'c3295802d7fb22213c073705480d1c1314d71d27': New users need a wallpaper_file type.
|
c5baaff7a6738a148d36260c4050355cbc2d2efc |
|
30-Nov-2012 |
rpcraig <rpcraig@tycho.ncsc.mil> |
New users need a wallpaper_file type. Change-Id: I7ff4ed9f73f43918cac05a026af68cca8dbe02c3 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/sepolicy/file_contexts
|
27382687cbc57c85184a9e236c01420fda4ed69e |
|
23-Mar-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
am 18b5f87e: racoon policy. * commit '18b5f87ea18baaf7356a1f1729dc2737be3c141e': racoon policy.
|
18b5f87ea18baaf7356a1f1729dc2737be3c141e |
|
07-Jan-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
racoon policy. Initial policy for racoon (IKE key management). Signed-off-by: Robert Craig <rpcraig@tycho.ncsc.mil> Change-Id: If1e344f39ea914e42afbaa021b272ba1b7113479
/external/sepolicy/file_contexts
|
7dfe9956b36e1b605559883132c67fa7709cfdb1 |
|
22-Mar-2013 |
Geremy Condra <gcondra@google.com> |
am dbb82fd8: Merge "Revert "Various minor policy fixes based on CTS."" * commit 'dbb82fd8f063fdc5854f9d6359d2be0a570ad0cc': Revert "Various minor policy fixes based on CTS."
|
ba84bf1dec64d745b6efc516799b2c722a672cd9 |
|
22-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Revert "Various minor policy fixes based on CTS." This reverts commit 8a814a7604afd20f12c9ff3dcdae7d10e9b75f84 Change-Id: Id1497cc42d07ee7ff2ca44ae4042fc9f2efc9aad
/external/sepolicy/file_contexts
|
140a9a3870e99289bba33781ff6f94b06e9ee3a4 |
|
22-Mar-2013 |
Geremy Condra <gcondra@google.com> |
am 9c0f2df1: Merge changes I5a3584b6,Ic7252a8e,I2d4ace75 * commit '9c0f2df1832f82bd2867d2e2fa18dde31b05e63e': Various minor policy fixes based on CTS. Split internal and external sdcards Give sdcard sys_admin capability.
|
8a814a7604afd20f12c9ff3dcdae7d10e9b75f84 |
|
12-Mar-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Various minor policy fixes based on CTS. Change-Id: I5a3584b6cc5eda2b7d82e85452f9fe457877f1d1 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/sepolicy/file_contexts
|
e59451ae68a58101402486bb3c674ab0f488d492 |
|
22-Mar-2013 |
William Roberts <w.roberts@sta.samsung.com> |
am 9e70c8bf: Move policy files * commit '9e70c8bf681aa51b2c0b870e817bf7a0276ff03c': Move policy files
|
9e70c8bf681aa51b2c0b870e817bf7a0276ff03c |
|
23-Jan-2013 |
William Roberts <w.roberts@sta.samsung.com> |
Move policy files Update the file_contexts for the new location of the policy files, as well as update the policy for the management of these types. Change-Id: Idc475901ed437efb325807897e620904f4ff03e9
/external/sepolicy/file_contexts
|
464952419b6813e5f2a8d0a16beca548f2dd5428 |
|
20-Mar-2013 |
Colin Cross <ccross@android.com> |
sepolicy: add /vendor to file_contexts /vendor has the same permissions as /system/vendor for devices that have a separate vendor partition. Bug: 8341435 Change-Id: If0c78b31f8a6e8e5680f1d076c323d1628fb07b2
/external/sepolicy/file_contexts
|
bac9992e860f634ef32354b4a0bcf39b300b059a |
|
03-Dec-2012 |
rpcraig <rpcraig@tycho.ncsc.mil> |
watchdog security policy. Initial policy for software watchdog daemon which is started by init. Change-Id: I042a5b1698bf53ce2e50ea06851c374e5123ee2c Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
/external/sepolicy/file_contexts
|
6a64897a4b098e834f7b6679c0c5b85fdbb752b2 |
|
18-Jan-2013 |
William Roberts <w.roberts@sta.samsung.com> |
Do not allow access to device:chr_file for system Also labels /dev/mpu and /dev/mpuirq as gps device. mpu is motion processing unit and is resposible for gyroscope functionality. Change-Id: If7f1a5752c550b72fac681566e1052f09e139ff0
/external/sepolicy/file_contexts
|
1c8464e1365950538e9e4647a4f220910f79ab1e |
|
04-Dec-2012 |
rpcraig <rpcraig@tycho.ncsc.mil> |
App data backup security policy. Policy covers: * backup_data_file type for labeling all files/dirs under /data dealing with backup mechanism. * cache_backup_file type for labeling all files/dirs under /cache dealing with backup mechanism. This also covers the the use of LocalTransport for local archive and restore testing. * the use of 'adb shell bmgr' to initiate backup mechanism from shell. * the use of 'adb backup/restore' to archive and restore the device's data. Change-Id: I700a92d8addb9bb91474bc07ca4bb71eb4fc840e Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
/external/sepolicy/file_contexts
|
58b0fb6ddee7257a6a27f31ba97d47fa23efac15 |
|
11-Jan-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Fix invalid specification for adb_keys. A prior change added an entry for adb_keys without any security context, yielding warnings like the following during build: out/target/product/manta/root/file_contexts: line 7 is missing fields, skipping This adds the missing security context field. Change-Id: If48731c8aa7d22a3f547d0854f288ff68f9006da Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/sepolicy/file_contexts
|
92b9aa0eeff49e5bc3dc6297f3d35ec41d6ab73d |
|
21-Dec-2012 |
Colin Cross <ccross@android.com> |
add file_contexts entries for root filesystem It may be useful to generate an ext4 image of the root filesystem instead of using a ramdisk. Whitelist entries in file_contexts to support selinux labeling a root filesystem image. Change-Id: I91a38d0aee4408c46cbfe5dc5e6eda198572e90f
/external/sepolicy/file_contexts
|
e8848726553e3abee6033200c98a657c9ca7cdb8 |
|
13-Nov-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Add policy for run-as program. Add policy for run-as program and label it in file_contexts. Drop MLS constraints on local socket checks other than create/relabel as this interferes with connections with services, in particular for adb forward. Change-Id: Ib0c4abeb7cbef559e150a620c45a7c31e0531114 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/sepolicy/file_contexts
|
61c80d5ec8632cadcf754eed0986b23284217c06 |
|
16-Nov-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Update policy for Android 4.2 / latest master. Update policy for Android 4.2 / latest master. Primarily this consists of changes around the bluetooth subsystem. The zygote also needs further permissions to set up /storage/emulated. adbd service now gets a socket under /dev/socket. keystore uses the binder. Change-Id: I8c5aeb8d100313c75169734a0fa614aa974b3bfc Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/sepolicy/file_contexts
|
7672eac5fb0d0ce3bcb52f11b125b25ac597ea3f |
|
22-Oct-2012 |
rpcraig <rpcraig@tycho.ncsc.mil> |
Add SELinux policy for asec containers. Creates 2 new types: - asec_apk_file : files found under /mnt/asec when the asec images are mounted - asec_image_file : the actual encrypted apks under /data/app-asec Change-Id: I963472add1980ac068d3a6d36a24f27233022832 Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
/external/sepolicy/file_contexts
|
a363683c5769c992fe16625ff5fb68e77c5f1dfc |
|
24-Aug-2012 |
rpcraig <rpcraig@tycho.ncsc.mil> |
Add tf_daemon labeling support.
/external/sepolicy/file_contexts
|
d49f7e6e363014b010b755ab8ee23d3f7c0a9344 |
|
20-Aug-2012 |
rpcraig <rpcraig@tycho.ncsc.mil> |
Add ppp/mtp policy. Initial policy for Point-to-Point tunneling and tunneling manager services.
/external/sepolicy/file_contexts
|
867ae0561c9b5587853c8e62ceb9036e79217b92 |
|
15-Aug-2012 |
rpcraig <rpcraig@tycho.ncsc.mil> |
dhcp policy.
/external/sepolicy/file_contexts
|
e7e65d474f6d547c8bafd3095e63855f39c68d6e |
|
30-Jul-2012 |
rpcraig <rpcraig@tycho.ncsc.mil> |
New asec container labeling. This patchset covers the /mnt/asec variety only.
/external/sepolicy/file_contexts
|
4c06d273bc3d278e7061bf93cfa97fdf2a4e8ee3 |
|
19-Jul-2012 |
hqjiang <hqjiang1988@gmail.com> |
Target the denials/policies over qtaguid file and device: 1. Relabel /proc/net/xt_qtaguid/ctrl from "qtaguid" to "qtaguid_proc"; 2. Label /dev/xt_qtaguid with "qtaguid_device"; 3. Allow mediaserver read/[write] to qtaguid_proc and qtaguid_device; 4. Allow media apps read/[write] to qtaguid_proc and qtaguid_device; 5. Allow system read/[write] to qtaguid_proc and qtaguid_device. Actually, some of policies related to qtaguid have been there already, but we refind existing ones and add new ones.
/external/sepolicy/file_contexts
|
20d6963ac27b3d401922450ce8dcb89749c20404 |
|
19-Jul-2012 |
hqjiang <hqjiang1988@gmail.com> |
allow camera calibration
/external/sepolicy/file_contexts
|
ee5f400562f7b76da69f8a31e2c19e20f3384566 |
|
11-Jul-2012 |
hqjiang <hqjiang1988@gmail.com> |
Correct denies of rpmsg device when accessing to remote processors.
/external/sepolicy/file_contexts
|
07ef7227f9fb8257574602b057f125b9fb592445 |
|
20-Jun-2012 |
William Roberts <w.roberts@sta.samsung.com> |
ion fix
/external/sepolicy/file_contexts
|
80ea1d230526810986964e8c7ed93c3a51159c78 |
|
31-May-2012 |
William Roberts <bill.c.roberts@gmail.com> |
sdcard policy and fuse device label.
/external/sepolicy/file_contexts
|
2cb1b31f903f2d2747f3fd05b872d9823838af1d |
|
03-Apr-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Allow adbd to access the qemu device and label /dev/eac correctly.
/external/sepolicy/file_contexts
|
f7948230ef65b8617db0762acc9b2fa54adf8ff9 |
|
19-Mar-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Integrate nfc_power and rild rules from tuna sepolicy by Bryan Hinton.
/external/sepolicy/file_contexts
|
f6cbbe255bc57a241f35c35629705e8f63bdd77a |
|
19-Mar-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Introduce a separate wallpaper_file type for the wallpaper file.
/external/sepolicy/file_contexts
|
59d28035a1e0779a81cde104ea9afffd2bb1a77f |
|
19-Mar-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Introduce a separate apk_tmp_file type for the vmdl.*\.tmp files.
/external/sepolicy/file_contexts
|
c83d0087e457787fc0441d959a20d56fc5200048 |
|
07-Mar-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Policy changes to support running the latest CTS.
/external/sepolicy/file_contexts
|
c94e2392f6d92064e3aa32fff2c5a70116c7398a |
|
06-Jan-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Further policy for Motorola Xoom.
/external/sepolicy/file_contexts
|
2dd4e51d5c2a2dfc0bfdee9303269f5a665f6e35 |
|
04-Jan-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
SE Android policy.
/external/sepolicy/file_contexts
|