Cross Reference: /system/sepolicy/priv

History log of /system/sepolicy/priv_app.te
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
6c3f2831aca571ec3b01f60996965a432aa8164d	25-May-2016	Tao Bao <tbao@google.com>	Add ota_package_file label for OTA packages. Allow priv_app, uncrypt, update_engine to access the OTA packages at /data/ota_package (both A/B and non-A/B). GMSCore (priv_app) checks the existence of the folder, and downloads the package there if present. Bug: 28944800 Change-Id: I3c0717861fce7f93b33874a99f6a4a55567612a5 /system/sepolicy/priv_app.te
49ac2a3d7a40d998e3b1be0b0172be8f651bc935	20-May-2016	Fyodor Kupolov <fkupolov@google.com>	SELinux policies for /data/preloads directory A new directory is created in user data partition that contains preloaded content such as a retail mode demo video and pre-loaded APKs. The new directory is writable/deletable by system server. It can only be readable (including directory list) by privileged or platform apps Bug: 28855287 Change-Id: I3816cd3a1ed5b9a030965698a66265057214f037 /system/sepolicy/priv_app.te
7df44d82767ea036a71ecca0dd936eb55d8b9216	02-Apr-2016	Peng Xu <pengxu@google.com>	Allow all apps to discover contexthub_service This allows system app, regular app as well as test app to access ContextHubManager API. Additional "signature\|privilige" permission requirement (LOCATION_HARDWARE) still exist to prevent security issues, misuse and abuse. Change-Id: I47f3d243a3de7f1202c933fc715a935c43cf319b /system/sepolicy/priv_app.te
94cb11fb2f8ad88075613f4b0b35624fb5858457	30-Mar-2016	Jeff Vander Stoep <jeffv@google.com>	priv_app: allow safetynet to read exec_type on /system Bug: 27545805 Change-Id: I6281dd64c51f74b467deb7acd5cd4403696dcff2 /system/sepolicy/priv_app.te
abead06f60370dfe4adcca7eac6420045fb402e0	16-Mar-2016	Nick Kralevich <nnk@google.com>	allow priv_app self:process ptrace The changes to ptrace in https://android-review.googlesource.com/#/c/175786/ (removing it from app.te and only adding it to isolated_app and untrusted_app) broke WebView crash handling in cases where privileged apps (like gmscore) use WebView. The only way to fix this would be to allow priv_app to self-ptrace as well. :/ Bug: 27697529 Change-Id: Ib9a3810dddc9f4213b6260133cbae23f669ae8dc /system/sepolicy/priv_app.te
1c50994e1b9e10754134c195e741628932ee2d72	14-Feb-2016	Peng Xu <pengxu@google.com>	Create SELinux label for contexhub_service SELinux label is created for contexthub_service system service. ContextHub service manages all available context hubs and serves fulfil communication between apps and underlying context hub hardware. Change-Id: I8470fedd9c79a00012e1cdb9b548a1b632ba7de6 /system/sepolicy/priv_app.te
7aed1b253f53705c7e9d16657199cdfac9463a17	09-Mar-2016	Jeff Vander Stoep <jeffv@google.com>	priv_app: allow access to mediadrmserver_service Addresses: avc: denied { find } for service=media.drm pid=6030 uid=10012 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:mediadrmserver_service:s0 tclass=service_manager Bug: 27553530 Change-Id: I060de7ee1f66c7a545076b7de8363bebaac61f2c /system/sepolicy/priv_app.te
8c09b65d8f17f190091b62e2b2014aefcafd310d	02-Mar-2016	Jeff Sharkey <jsharkey@android.com>	Allow Phone to write cached ringtones. avc: denied { write } for path="/data/system_de/0/ringtones/ringtone_cache" dev="mmcblk0p44" ino=1602501 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:ringtone_file:s0 tclass=file permissive=0 Bug: 27366059 Change-Id: I120a69ac4f58c64db6f169ae4f9942ce357b0b1f /system/sepolicy/priv_app.te
45f8e4af038825c6dd7b2b5959501cc4723d89e9	03-Feb-2016	Tao Bao <tbao@google.com>	Add recovery service. RecoverySystemService is separated from PowerManagerService as a dedicated system service to handle recovery related requests (such as invoking uncrypt to uncrypt an OTA package on /data or to set up / clear the bootloader control block (i.e. /misc) and etc). The matching CL in frameworks/base is in: Change-Id: Ic606fcf5b31c54ce54f0ab12c1768fef0fa64560. Bug: 26830925 Change-Id: Iee0583c458f784bfa422d0f7af5d1f2681d9609e (cherry picked from commit 65b5fde912285ebeeefc9c7486f4453dd86d994f) /system/sepolicy/priv_app.te
8f5a891ff8c394ae462632bd62dc42e4392d646f	10-Feb-2016	dcashman <dcashman@google.com>	Make voiceinteractionservice app_api_service. Address the following denial from 3rd party voice interaction test: SELinux : avc: denied { find } for service=voiceinteraction pid=30281 uid=10139 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:voiceinteraction_service:s0 tclass=service_manager permissive=0 Bug: 27105570 Change-Id: Ib87d364673cbc883df017bcda7fe1e854a76654f /system/sepolicy/priv_app.te
c3ba2e5130d28a0025f798f8b739ee86084fe9da	03-Feb-2016	Marco Nelissen <marcone@google.com>	selinux rules for codec process Bug: 22775369 Change-Id: Ic6abe3d0e18ba6f7554d027e0ec05fd19011709b /system/sepolicy/priv_app.te
4e6d20c7ba3a066d148ffa932f5d64f207fcf8a7	06-Feb-2016	Daichi Hirono <hirono@google.com>	Merge "Add SELinux label for app fuse." am: e3965aa295 am: 52719ea514 * commit '52719ea514f534743052eaf0986961a1eaa39c88': Add SELinux label for app fuse.
e178ac5a7147f6f808844ab9ba4f0d6eb948cb88	28-Jan-2016	Daichi Hirono <hirono@google.com>	Add SELinux label for app fuse. The labels for filesystem and files are assigned by vold with using context= mount option. Change-Id: I8a9d701a46a333093a27107fc3c52b17a2af1a94 /system/sepolicy/priv_app.te
b1bf83fd794c5863289edf459c8c05a906dac9f7	28-Jan-2016	Marco Nelissen <marcone@google.com>	Revert "selinux rules for codec process" This reverts commit 2afb217b681d05d3fe2cc2f1377e71c0d67b6ebd. Change-Id: Ie2ba8d86f9c7078f970afbb06230f9573c28e0ed /system/sepolicy/priv_app.te
4000cc33de54035e0906a269d450d9ff0b8ed55d	28-Jan-2016	Chien-Yu Chen <cychen@google.com>	Merge "selinux: Update policies for cameraserver"
8a7887470be108514f3b66eb6cf5d803fd65ca79	27-Jan-2016	Daniel Cashman <dcashman@google.com>	Merge "Reduce accessibility of voiceinteraction_service."
e0378303b5ec8a4440fcdea38cca7ebf695dc2b3	04-Dec-2015	Chien-Yu Chen <cychen@google.com>	selinux: Update policies for cameraserver Update policies for cameraserver so it has the same permissions as mediaserver. Bug: 24511454 Change-Id: I1191e2ac36c00b942282f8dc3db9903551945adb /system/sepolicy/priv_app.te
87a79cf9dd5e677b9ae51a4196dec27d480b9b69	27-Jan-2016	Marco Nelissen <marcone@google.com>	Merge "selinux rules for codec process"
aedf22365661918f24fbee6d530f828327fb1e55	27-Jan-2016	dcashman <dcashman@google.com>	Reduce accessibility of voiceinteraction_service. The services under this label are not meant to be exposed to all apps. Currently only priv_app needs access. Bug: 26799206 Change-Id: I07c60752d6ba78f27f90bf5075bcab47eba90b55 /system/sepolicy/priv_app.te
51523e59da2b7b263aa8832cfcc2819b2b40ac03	26-Jan-2016	Tao Bao <tbao@google.com>	resolve merge conflicts of 42baca019b to master. Change-Id: I7fe13cbe563dcd2f286696010f0a5034dfee0202
dce317cf43e458e85ca94d6488beb865f13f4868	26-Jan-2016	Tao Bao <tbao@google.com>	Allow update_engine to use Binder IPC. Register service with servicemanager and name the context. avc: denied { call } for scontext=u:r:update_engine:s0 tcontext=u:r:servicemanager:s0 tclass=binder avc: denied { add } for service=android.os.IUpdateEngine scontext=u:r:update_engine:s0 tcontext=u:object_r:update_engine_service:s0 tclass=service_manager Also allow priv_app to communicate with update_engine. avc: denied { find } for service=android.os.IUpdateEngine scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:update_engine_service:s0 tclass=service_manager avc: denied { call } for scontext=u:r:priv_app:s0:c512,c768 tcontext=u:r:update_engine:s0 tclass=binder avc: denied { call } for scontext=u:r:update_engine:s0 tcontext=u:r:priv_app:s0 tclass=binder Change-Id: Ib4498717c1a72f5faab5ea04c636924ee4eb412c /system/sepolicy/priv_app.te
2afb217b681d05d3fe2cc2f1377e71c0d67b6ebd	17-Dec-2015	Marco Nelissen <marcone@google.com>	selinux rules for codec process Bug: 22775369 Change-Id: I9733457b85dbaeb872b8f4aff31d0b8808fa7d44 /system/sepolicy/priv_app.te
1d221c1618cc4f3c5025c950f82a4e0c8c9bab10	16-Jan-2016	Nick Kralevich <nnk@google.com>	Merge "priv_app.te: drop auditallows on cache_recovery_file" am: 4cd2f53018 am: 7a8631c299 * commit '7a8631c2998db9ed1aefddf32943db7ed878efe3': priv_app.te: drop auditallows on cache_recovery_file
b8d794a1e08ddeecff89ded5fad0b7d2923adc4e	16-Jan-2016	Nick Kralevich <nnk@google.com>	priv_app.te: drop auditallows on cache_recovery_file This is actually used. Addresses the following SELinux audit logs: avc: granted { create } for comm="Thread-157" name="uncrypt_file" scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:cache_recovery_file:s0:c512,c768 tclass=file avc: granted { add_name } for comm="Thread-157" name="uncrypt_file" scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:cache_recovery_file:s0 tclass=dir avc: granted { write } for comm="Thread-157" path="/cache/recovery/uncrypt_file" dev="mmcblk0p38" ino=22 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:cache_recovery_file:s0:c512,c768 tclass=file avc: granted { write } for comm="Thread-157" path="/cache/recovery/command" dev="mmcblk0p38" ino=23 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:cache_recovery_file:s0:c512,c768 tclass=file avc: granted { setattr } for comm="Thread-157" name="uncrypt_file" dev="mmcblk0p38" ino=22 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:cache_recovery_file:s0:c512,c768 tclass=file Change-Id: Idab00ebc8eacd7d8bb793b9342249227f91986a1 /system/sepolicy/priv_app.te
bed9b3d212688d9d42e5a5846699e1747bf60c08	08-Jan-2016	Nick Kralevich <nnk@google.com>	priv_app.te: refine cache_recovery_file auditallow rules am: eb6656ce0d am: a50a5eaacd * commit 'a50a5eaacda693869f908deadf6301653f0cf555': priv_app.te: refine cache_recovery_file auditallow rules
eb6656ce0ddc583c4cd6f4e47271f05376ccff53	08-Jan-2016	Nick Kralevich <nnk@google.com>	priv_app.te: refine cache_recovery_file auditallow rules priv_app reads from /cache/recovery, but I'm still not sure if it writes. Eliminate the read auditallow rules and allow the writes to show up (if any). Eliminates the following auditallow messages: avc: granted { search } for comm="IntentService[S" name="recovery" dev="mmcblk0p38" ino=12 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:cache_recovery_file:s0 tclass=dir avc: granted { getattr } for comm="Thread-1" path="/cache/recovery/last_install" dev="mmcblk0p27" ino=29891 scontext=u:r:priv_app:s0:c525,c768 tcontext=u:object_r:cache_recovery_file:s0 tclass=file avc: granted { read open } for comm="Thread-1" name="recovery" dev="mmcblk0p27" ino=29889 scontext=u:r:priv_app:s0:c525,c768 tcontext=u:object_r:cache_recovery_file:s0 tclass=dir Change-Id: Ibc0640f5366aae50e3fd09d17657374390b24a5c /system/sepolicy/priv_app.te
bb1ece494ffb160690e045fb383c93140f471a77	06-Jan-2016	Jeff Vander Stoep <jeffv@google.com>	app: expand socket ioctl restrictions to all apps Exempt bluetooth which has net_admin capability. Allow Droidguard to access the MAC address - droidguard runs in priv_app domain. Change-Id: Ia3cf07f4a96353783b2cfd7fc4506b7034daa2f1 /system/sepolicy/priv_app.te
e97bd887ca353ae02dd1641687431786d7d60cd6	05-Jan-2016	Felipe Leme <felipeal@google.com>	Creates a new permission for /cache/recovery am: 549ccf77e3 am: b16fc899d7 * commit 'b16fc899d718f91935932fb9b15de0a0b82835c8': Creates a new permission for /cache/recovery
05e68e126917ef243a89844076000a4fac398381	05-Jan-2016	dcashman <dcashman@google.com>	resolve merge conflicts of 8350a7f152 to master. Change-Id: I80109bb0167f06a8d39d8b036b3c487ec2f06124
549ccf77e3fd23bb6c690da7023441c1007c4fd8	22-Dec-2015	Felipe Leme <felipeal@google.com>	Creates a new permission for /cache/recovery This permission was created mostly for dumpstate (so it can include recovery files on bugreports when an OTA fails), but it was applied to uncrypt and recovery as well (since it had a wider access before). Grant access to cache_recovery_file where we previously granted access to cache_file. Add auditallow rules to determine if this is really needed. BUG: 25351711 Change-Id: I07745181dbb4f0bde75694ea31b3ab79a4682f18 /system/sepolicy/priv_app.te
36f255ff5209cb8b13217ec050d8def5472aed23	04-Jan-2016	dcashman <dcashman@google.com>	Create sysfs_zram label. Address following denials: avc: denied { getattr } for path="/sys/devices/virtual/block/zram0/disksize" dev="sysfs" ino=14958 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_zram:s0 tclass=file permissive=0 avc: denied { search } for name="zram0" dev="sysfs" ino=14903 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs_zram:s0 tclass=dir permissive=0 avc: denied { read } for name="mem_used_total" dev="sysfs" ino=14970 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs_zram:s0 tclass=file permissive=0 avc: denied { write } for name="uevent" dev="sysfs" ino=14904 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_zram:s0 tclass=file permissive=0 avc: denied { open } for path="/sys/devices/virtual/block/zram0/uevent" dev="sysfs" ino=14904 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_zram:s0 tclass=file permissive=0 avc: denied { read } for pid=348 comm="vold" name="zram0" dev="sysfs" ino=15223 scontext=u:r:vold:s0 tcontext=u:object_r:sysfs_zram:s0 tclass=dir permissive=0 avc: denied { search } for pid=3494 comm="ContactsProvide" name="zram0"dev="sysfs" ino=15223 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:sysfs_zram:s0 tclass=dir permissive=0 Bug: 22032619 Change-Id: I40cf918b7cafdba6cb3d42b04b1616a84e4ce158 /system/sepolicy/priv_app.te
6dde20ed4d92d0cdefba65f670d484aeec4b585f	24-Dec-2015	Daichi Hirono <hirono@google.com>	Add new rules for appfuse. am: a20802ddb8 am: 0912601e89 * commit '0912601e897905549292c15445acbf1225938f3d': Add new rules for appfuse.
a20802ddb87befbbd80d19e0a206aeb493528319	02-Dec-2015	Daichi Hirono <hirono@google.com>	Add new rules for appfuse. The new rules are used to allow to mount FUSE file system for priv-app. Change-Id: I5ce2d261be501e2b3fef09b7666f1e5d1cddbe52 /system/sepolicy/priv_app.te
b03831fe58be86cfd94c31b91def6ae53ebd614f	09-Sep-2015	Marco Nelissen <marcone@google.com>	Add rules for running audio services in audioserver audioserver has the same rules as mediaserver so there is no loss of rights or permissions. media.log moves to audioserver. TBD: Pare down permissions. Bug: 24511453 Change-Id: I0fff24c14b712bb3d498f75e8fd66c2eb795171d /system/sepolicy/priv_app.te
977e0b1df7a5a0a7d91be1034ff70610957255f5	03-Dec-2015	Jeffrey Vander Stoep <jeffv@google.com>	Merge "Allow priv_apps to stat files on the system partition" am: 1d58b2fdea am: d95780ac93 am: 0636639880 * commit '0636639880d72c4d4d2177a6cb4530d1a112abff': Allow priv_apps to stat files on the system partition
2b56e4844e94db1ddbf016ffb8c36e796f81a3a3	03-Dec-2015	Jeff Vander Stoep <jeffv@google.com>	Allow priv_apps to stat files on the system partition Allows safetynet to scan the system partition which is made up of files labeled system_file (already allowed) and/or files with the exec_type attribute. Bug: 25821333 Change-Id: I9c1c9c11bc568138aa115ba83238ce7475fbc5e4 /system/sepolicy/priv_app.te
d20a46ef175079d210da8320d8c8ce32cbe8207f	04-Nov-2015	Jeff Vander Stoep <jeffv@google.com>	Create attribute for moving perms out of domain am: d22987b4da am: e2280fbcdd am: b476b95488 * commit 'b476b954882a48bf2c27da0227209c197dcfb666': Create attribute for moving perms out of domain
d22987b4daf02a8dae5bb10119d9ec5ec9f637cf	03-Nov-2015	Jeff Vander Stoep <jeffv@google.com>	Create attribute for moving perms out of domain Motivation: Domain is overly permissive. Start removing permissions from domain and assign them to the domain_deprecated attribute. Domain_deprecated and domain can initially be assigned to all domains. The goal is to not assign domain_deprecated to new domains and to start removing domain_deprecated where it is not required or reassigning the appropriate permissions to the inheriting domain when necessary. Bug: 25433265 Change-Id: I8b11cb137df7bdd382629c98d916a73fe276413c /system/sepolicy/priv_app.te
0f754edf7b72582ed28d062a9c8f1b911d57a6f3	22-Sep-2015	Marco Nelissen <marcone@google.com>	Update selinux policies for mediaextractor process Change-Id: If761e0370bf9731a2856d0de2c6a6af1671143bd /system/sepolicy/priv_app.te
bcbb32e763a4656c6bcd310be2afb7d2fc1fbf59	19-Oct-2015	Jeff Vander Stoep <jeffv@google.com>	grant priv_app access to /dev/mtp_usb android.process.media needs access to mtp_usb when MTP is enabled. Bug: 25074672 Change-Id: Ic48a3ba8e4395104b0b957f7a9bad69f0e5ee38e /system/sepolicy/priv_app.te
7f09a94596be98415d0546d927c8a4bc15867621	19-Oct-2015	Jeff Vander Stoep <jeffv@google.com>	Policy for priv_app domain Verifier needs access to apk files. avc: denied { search } for pid=11905 comm="ackageinstaller" name="vmdl2040420713.tmp" dev="dm-2" ino=13647 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:apk_tmp_file:s0 tclass=dir permissive=0 Give bluetooth_manager_service and trust_service the app_api_service attribute. avc: denied { find } for service=bluetooth_manager pid=7916 uid=10058 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:bluetooth_manager_service:s0 tclass=service_manager permissive=0 avc: denied { find } for service=trust pid=25664 uid=10069 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:trust_service:s0 tclass=service_manager permissive=0 Bug: 25066911 Change-Id: I6be695546f8a951e3329c1ec412936b8637e5835 /system/sepolicy/priv_app.te
879df8338456c4645688adc69ce8a34754e06322	16-Oct-2015	Jeff Vander Stoep <jeffv@google.com>	Privileged apps require access to cache gmscore uses cache for updates Bug: 24977552 Change-Id: I45a713fcfc70b71a2de712e77b64fb9feab67dd7 /system/sepolicy/priv_app.te
ee9c0b5fb6d0c66756e1890711fe0afdacc7ea0c	05-Oct-2015	Jeff Vander Stoep <jeffv@google.com>	Add priv_app domain to global seapp_context Assign priviliged apps not signed with the platform key to the priv_app domain. Bug: 22033466 Change-Id: Idf7fbe7adbdc326835a179b554f96951b69395bc /system/sepolicy/priv_app.te