6c3f2831aca571ec3b01f60996965a432aa8164d |
|
25-May-2016 |
Tao Bao <tbao@google.com> |
Add ota_package_file label for OTA packages. Allow priv_app, uncrypt, update_engine to access the OTA packages at /data/ota_package (both A/B and non-A/B). GMSCore (priv_app) checks the existence of the folder, and downloads the package there if present. Bug: 28944800 Change-Id: I3c0717861fce7f93b33874a99f6a4a55567612a5
/system/sepolicy/priv_app.te
|
49ac2a3d7a40d998e3b1be0b0172be8f651bc935 |
|
20-May-2016 |
Fyodor Kupolov <fkupolov@google.com> |
SELinux policies for /data/preloads directory A new directory is created in user data partition that contains preloaded content such as a retail mode demo video and pre-loaded APKs. The new directory is writable/deletable by system server. It can only be readable (including directory list) by privileged or platform apps Bug: 28855287 Change-Id: I3816cd3a1ed5b9a030965698a66265057214f037
/system/sepolicy/priv_app.te
|
7df44d82767ea036a71ecca0dd936eb55d8b9216 |
|
02-Apr-2016 |
Peng Xu <pengxu@google.com> |
Allow all apps to discover contexthub_service This allows system app, regular app as well as test app to access ContextHubManager API. Additional "signature|privilige" permission requirement (LOCATION_HARDWARE) still exist to prevent security issues, misuse and abuse. Change-Id: I47f3d243a3de7f1202c933fc715a935c43cf319b
/system/sepolicy/priv_app.te
|
94cb11fb2f8ad88075613f4b0b35624fb5858457 |
|
30-Mar-2016 |
Jeff Vander Stoep <jeffv@google.com> |
priv_app: allow safetynet to read exec_type on /system Bug: 27545805 Change-Id: I6281dd64c51f74b467deb7acd5cd4403696dcff2
/system/sepolicy/priv_app.te
|
abead06f60370dfe4adcca7eac6420045fb402e0 |
|
16-Mar-2016 |
Nick Kralevich <nnk@google.com> |
allow priv_app self:process ptrace The changes to ptrace in https://android-review.googlesource.com/#/c/175786/ (removing it from app.te and only adding it to isolated_app and untrusted_app) broke WebView crash handling in cases where privileged apps (like gmscore) use WebView. The only way to fix this would be to allow priv_app to self-ptrace as well. :/ Bug: 27697529 Change-Id: Ib9a3810dddc9f4213b6260133cbae23f669ae8dc
/system/sepolicy/priv_app.te
|
1c50994e1b9e10754134c195e741628932ee2d72 |
|
14-Feb-2016 |
Peng Xu <pengxu@google.com> |
Create SELinux label for contexhub_service SELinux label is created for contexthub_service system service. ContextHub service manages all available context hubs and serves fulfil communication between apps and underlying context hub hardware. Change-Id: I8470fedd9c79a00012e1cdb9b548a1b632ba7de6
/system/sepolicy/priv_app.te
|
7aed1b253f53705c7e9d16657199cdfac9463a17 |
|
09-Mar-2016 |
Jeff Vander Stoep <jeffv@google.com> |
priv_app: allow access to mediadrmserver_service Addresses: avc: denied { find } for service=media.drm pid=6030 uid=10012 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:mediadrmserver_service:s0 tclass=service_manager Bug: 27553530 Change-Id: I060de7ee1f66c7a545076b7de8363bebaac61f2c
/system/sepolicy/priv_app.te
|
8c09b65d8f17f190091b62e2b2014aefcafd310d |
|
02-Mar-2016 |
Jeff Sharkey <jsharkey@android.com> |
Allow Phone to write cached ringtones. avc: denied { write } for path="/data/system_de/0/ringtones/ringtone_cache" dev="mmcblk0p44" ino=1602501 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:ringtone_file:s0 tclass=file permissive=0 Bug: 27366059 Change-Id: I120a69ac4f58c64db6f169ae4f9942ce357b0b1f
/system/sepolicy/priv_app.te
|
45f8e4af038825c6dd7b2b5959501cc4723d89e9 |
|
03-Feb-2016 |
Tao Bao <tbao@google.com> |
Add recovery service. RecoverySystemService is separated from PowerManagerService as a dedicated system service to handle recovery related requests (such as invoking uncrypt to uncrypt an OTA package on /data or to set up / clear the bootloader control block (i.e. /misc) and etc). The matching CL in frameworks/base is in: Change-Id: Ic606fcf5b31c54ce54f0ab12c1768fef0fa64560. Bug: 26830925 Change-Id: Iee0583c458f784bfa422d0f7af5d1f2681d9609e (cherry picked from commit 65b5fde912285ebeeefc9c7486f4453dd86d994f)
/system/sepolicy/priv_app.te
|
8f5a891ff8c394ae462632bd62dc42e4392d646f |
|
10-Feb-2016 |
dcashman <dcashman@google.com> |
Make voiceinteractionservice app_api_service. Address the following denial from 3rd party voice interaction test: SELinux : avc: denied { find } for service=voiceinteraction pid=30281 uid=10139 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:voiceinteraction_service:s0 tclass=service_manager permissive=0 Bug: 27105570 Change-Id: Ib87d364673cbc883df017bcda7fe1e854a76654f
/system/sepolicy/priv_app.te
|
c3ba2e5130d28a0025f798f8b739ee86084fe9da |
|
03-Feb-2016 |
Marco Nelissen <marcone@google.com> |
selinux rules for codec process Bug: 22775369 Change-Id: Ic6abe3d0e18ba6f7554d027e0ec05fd19011709b
/system/sepolicy/priv_app.te
|
4e6d20c7ba3a066d148ffa932f5d64f207fcf8a7 |
|
06-Feb-2016 |
Daichi Hirono <hirono@google.com> |
Merge "Add SELinux label for app fuse." am: e3965aa295 am: 52719ea514 * commit '52719ea514f534743052eaf0986961a1eaa39c88': Add SELinux label for app fuse.
|
e178ac5a7147f6f808844ab9ba4f0d6eb948cb88 |
|
28-Jan-2016 |
Daichi Hirono <hirono@google.com> |
Add SELinux label for app fuse. The labels for filesystem and files are assigned by vold with using context= mount option. Change-Id: I8a9d701a46a333093a27107fc3c52b17a2af1a94
/system/sepolicy/priv_app.te
|
b1bf83fd794c5863289edf459c8c05a906dac9f7 |
|
28-Jan-2016 |
Marco Nelissen <marcone@google.com> |
Revert "selinux rules for codec process" This reverts commit 2afb217b681d05d3fe2cc2f1377e71c0d67b6ebd. Change-Id: Ie2ba8d86f9c7078f970afbb06230f9573c28e0ed
/system/sepolicy/priv_app.te
|
4000cc33de54035e0906a269d450d9ff0b8ed55d |
|
28-Jan-2016 |
Chien-Yu Chen <cychen@google.com> |
Merge "selinux: Update policies for cameraserver"
|
8a7887470be108514f3b66eb6cf5d803fd65ca79 |
|
27-Jan-2016 |
Daniel Cashman <dcashman@google.com> |
Merge "Reduce accessibility of voiceinteraction_service."
|
e0378303b5ec8a4440fcdea38cca7ebf695dc2b3 |
|
04-Dec-2015 |
Chien-Yu Chen <cychen@google.com> |
selinux: Update policies for cameraserver Update policies for cameraserver so it has the same permissions as mediaserver. Bug: 24511454 Change-Id: I1191e2ac36c00b942282f8dc3db9903551945adb
/system/sepolicy/priv_app.te
|
87a79cf9dd5e677b9ae51a4196dec27d480b9b69 |
|
27-Jan-2016 |
Marco Nelissen <marcone@google.com> |
Merge "selinux rules for codec process"
|
aedf22365661918f24fbee6d530f828327fb1e55 |
|
27-Jan-2016 |
dcashman <dcashman@google.com> |
Reduce accessibility of voiceinteraction_service. The services under this label are not meant to be exposed to all apps. Currently only priv_app needs access. Bug: 26799206 Change-Id: I07c60752d6ba78f27f90bf5075bcab47eba90b55
/system/sepolicy/priv_app.te
|
51523e59da2b7b263aa8832cfcc2819b2b40ac03 |
|
26-Jan-2016 |
Tao Bao <tbao@google.com> |
resolve merge conflicts of 42baca019b to master. Change-Id: I7fe13cbe563dcd2f286696010f0a5034dfee0202
|
dce317cf43e458e85ca94d6488beb865f13f4868 |
|
26-Jan-2016 |
Tao Bao <tbao@google.com> |
Allow update_engine to use Binder IPC. Register service with servicemanager and name the context. avc: denied { call } for scontext=u:r:update_engine:s0 tcontext=u:r:servicemanager:s0 tclass=binder avc: denied { add } for service=android.os.IUpdateEngine scontext=u:r:update_engine:s0 tcontext=u:object_r:update_engine_service:s0 tclass=service_manager Also allow priv_app to communicate with update_engine. avc: denied { find } for service=android.os.IUpdateEngine scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:update_engine_service:s0 tclass=service_manager avc: denied { call } for scontext=u:r:priv_app:s0:c512,c768 tcontext=u:r:update_engine:s0 tclass=binder avc: denied { call } for scontext=u:r:update_engine:s0 tcontext=u:r:priv_app:s0 tclass=binder Change-Id: Ib4498717c1a72f5faab5ea04c636924ee4eb412c
/system/sepolicy/priv_app.te
|
2afb217b681d05d3fe2cc2f1377e71c0d67b6ebd |
|
17-Dec-2015 |
Marco Nelissen <marcone@google.com> |
selinux rules for codec process Bug: 22775369 Change-Id: I9733457b85dbaeb872b8f4aff31d0b8808fa7d44
/system/sepolicy/priv_app.te
|
1d221c1618cc4f3c5025c950f82a4e0c8c9bab10 |
|
16-Jan-2016 |
Nick Kralevich <nnk@google.com> |
Merge "priv_app.te: drop auditallows on cache_recovery_file" am: 4cd2f53018 am: 7a8631c299 * commit '7a8631c2998db9ed1aefddf32943db7ed878efe3': priv_app.te: drop auditallows on cache_recovery_file
|
b8d794a1e08ddeecff89ded5fad0b7d2923adc4e |
|
16-Jan-2016 |
Nick Kralevich <nnk@google.com> |
priv_app.te: drop auditallows on cache_recovery_file This is actually used. Addresses the following SELinux audit logs: avc: granted { create } for comm="Thread-157" name="uncrypt_file" scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:cache_recovery_file:s0:c512,c768 tclass=file avc: granted { add_name } for comm="Thread-157" name="uncrypt_file" scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:cache_recovery_file:s0 tclass=dir avc: granted { write } for comm="Thread-157" path="/cache/recovery/uncrypt_file" dev="mmcblk0p38" ino=22 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:cache_recovery_file:s0:c512,c768 tclass=file avc: granted { write } for comm="Thread-157" path="/cache/recovery/command" dev="mmcblk0p38" ino=23 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:cache_recovery_file:s0:c512,c768 tclass=file avc: granted { setattr } for comm="Thread-157" name="uncrypt_file" dev="mmcblk0p38" ino=22 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:cache_recovery_file:s0:c512,c768 tclass=file Change-Id: Idab00ebc8eacd7d8bb793b9342249227f91986a1
/system/sepolicy/priv_app.te
|
bed9b3d212688d9d42e5a5846699e1747bf60c08 |
|
08-Jan-2016 |
Nick Kralevich <nnk@google.com> |
priv_app.te: refine cache_recovery_file auditallow rules am: eb6656ce0d am: a50a5eaacd * commit 'a50a5eaacda693869f908deadf6301653f0cf555': priv_app.te: refine cache_recovery_file auditallow rules
|
eb6656ce0ddc583c4cd6f4e47271f05376ccff53 |
|
08-Jan-2016 |
Nick Kralevich <nnk@google.com> |
priv_app.te: refine cache_recovery_file auditallow rules priv_app reads from /cache/recovery, but I'm still not sure if it writes. Eliminate the read auditallow rules and allow the writes to show up (if any). Eliminates the following auditallow messages: avc: granted { search } for comm="IntentService[S" name="recovery" dev="mmcblk0p38" ino=12 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:cache_recovery_file:s0 tclass=dir avc: granted { getattr } for comm="Thread-1" path="/cache/recovery/last_install" dev="mmcblk0p27" ino=29891 scontext=u:r:priv_app:s0:c525,c768 tcontext=u:object_r:cache_recovery_file:s0 tclass=file avc: granted { read open } for comm="Thread-1" name="recovery" dev="mmcblk0p27" ino=29889 scontext=u:r:priv_app:s0:c525,c768 tcontext=u:object_r:cache_recovery_file:s0 tclass=dir Change-Id: Ibc0640f5366aae50e3fd09d17657374390b24a5c
/system/sepolicy/priv_app.te
|
bb1ece494ffb160690e045fb383c93140f471a77 |
|
06-Jan-2016 |
Jeff Vander Stoep <jeffv@google.com> |
app: expand socket ioctl restrictions to all apps Exempt bluetooth which has net_admin capability. Allow Droidguard to access the MAC address - droidguard runs in priv_app domain. Change-Id: Ia3cf07f4a96353783b2cfd7fc4506b7034daa2f1
/system/sepolicy/priv_app.te
|
e97bd887ca353ae02dd1641687431786d7d60cd6 |
|
05-Jan-2016 |
Felipe Leme <felipeal@google.com> |
Creates a new permission for /cache/recovery am: 549ccf77e3 am: b16fc899d7 * commit 'b16fc899d718f91935932fb9b15de0a0b82835c8': Creates a new permission for /cache/recovery
|
05e68e126917ef243a89844076000a4fac398381 |
|
05-Jan-2016 |
dcashman <dcashman@google.com> |
resolve merge conflicts of 8350a7f152 to master. Change-Id: I80109bb0167f06a8d39d8b036b3c487ec2f06124
|
549ccf77e3fd23bb6c690da7023441c1007c4fd8 |
|
22-Dec-2015 |
Felipe Leme <felipeal@google.com> |
Creates a new permission for /cache/recovery This permission was created mostly for dumpstate (so it can include recovery files on bugreports when an OTA fails), but it was applied to uncrypt and recovery as well (since it had a wider access before). Grant access to cache_recovery_file where we previously granted access to cache_file. Add auditallow rules to determine if this is really needed. BUG: 25351711 Change-Id: I07745181dbb4f0bde75694ea31b3ab79a4682f18
/system/sepolicy/priv_app.te
|
36f255ff5209cb8b13217ec050d8def5472aed23 |
|
04-Jan-2016 |
dcashman <dcashman@google.com> |
Create sysfs_zram label. Address following denials: avc: denied { getattr } for path="/sys/devices/virtual/block/zram0/disksize" dev="sysfs" ino=14958 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_zram:s0 tclass=file permissive=0 avc: denied { search } for name="zram0" dev="sysfs" ino=14903 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs_zram:s0 tclass=dir permissive=0 avc: denied { read } for name="mem_used_total" dev="sysfs" ino=14970 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs_zram:s0 tclass=file permissive=0 avc: denied { write } for name="uevent" dev="sysfs" ino=14904 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_zram:s0 tclass=file permissive=0 avc: denied { open } for path="/sys/devices/virtual/block/zram0/uevent" dev="sysfs" ino=14904 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_zram:s0 tclass=file permissive=0 avc: denied { read } for pid=348 comm="vold" name="zram0" dev="sysfs" ino=15223 scontext=u:r:vold:s0 tcontext=u:object_r:sysfs_zram:s0 tclass=dir permissive=0 avc: denied { search } for pid=3494 comm="ContactsProvide" name="zram0"dev="sysfs" ino=15223 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:sysfs_zram:s0 tclass=dir permissive=0 Bug: 22032619 Change-Id: I40cf918b7cafdba6cb3d42b04b1616a84e4ce158
/system/sepolicy/priv_app.te
|
6dde20ed4d92d0cdefba65f670d484aeec4b585f |
|
24-Dec-2015 |
Daichi Hirono <hirono@google.com> |
Add new rules for appfuse. am: a20802ddb8 am: 0912601e89 * commit '0912601e897905549292c15445acbf1225938f3d': Add new rules for appfuse.
|
a20802ddb87befbbd80d19e0a206aeb493528319 |
|
02-Dec-2015 |
Daichi Hirono <hirono@google.com> |
Add new rules for appfuse. The new rules are used to allow to mount FUSE file system for priv-app. Change-Id: I5ce2d261be501e2b3fef09b7666f1e5d1cddbe52
/system/sepolicy/priv_app.te
|
b03831fe58be86cfd94c31b91def6ae53ebd614f |
|
09-Sep-2015 |
Marco Nelissen <marcone@google.com> |
Add rules for running audio services in audioserver audioserver has the same rules as mediaserver so there is no loss of rights or permissions. media.log moves to audioserver. TBD: Pare down permissions. Bug: 24511453 Change-Id: I0fff24c14b712bb3d498f75e8fd66c2eb795171d
/system/sepolicy/priv_app.te
|
977e0b1df7a5a0a7d91be1034ff70610957255f5 |
|
03-Dec-2015 |
Jeffrey Vander Stoep <jeffv@google.com> |
Merge "Allow priv_apps to stat files on the system partition" am: 1d58b2fdea am: d95780ac93 am: 0636639880 * commit '0636639880d72c4d4d2177a6cb4530d1a112abff': Allow priv_apps to stat files on the system partition
|
2b56e4844e94db1ddbf016ffb8c36e796f81a3a3 |
|
03-Dec-2015 |
Jeff Vander Stoep <jeffv@google.com> |
Allow priv_apps to stat files on the system partition Allows safetynet to scan the system partition which is made up of files labeled system_file (already allowed) and/or files with the exec_type attribute. Bug: 25821333 Change-Id: I9c1c9c11bc568138aa115ba83238ce7475fbc5e4
/system/sepolicy/priv_app.te
|
d20a46ef175079d210da8320d8c8ce32cbe8207f |
|
04-Nov-2015 |
Jeff Vander Stoep <jeffv@google.com> |
Create attribute for moving perms out of domain am: d22987b4da am: e2280fbcdd am: b476b95488 * commit 'b476b954882a48bf2c27da0227209c197dcfb666': Create attribute for moving perms out of domain
|
d22987b4daf02a8dae5bb10119d9ec5ec9f637cf |
|
03-Nov-2015 |
Jeff Vander Stoep <jeffv@google.com> |
Create attribute for moving perms out of domain Motivation: Domain is overly permissive. Start removing permissions from domain and assign them to the domain_deprecated attribute. Domain_deprecated and domain can initially be assigned to all domains. The goal is to not assign domain_deprecated to new domains and to start removing domain_deprecated where it is not required or reassigning the appropriate permissions to the inheriting domain when necessary. Bug: 25433265 Change-Id: I8b11cb137df7bdd382629c98d916a73fe276413c
/system/sepolicy/priv_app.te
|
0f754edf7b72582ed28d062a9c8f1b911d57a6f3 |
|
22-Sep-2015 |
Marco Nelissen <marcone@google.com> |
Update selinux policies for mediaextractor process Change-Id: If761e0370bf9731a2856d0de2c6a6af1671143bd
/system/sepolicy/priv_app.te
|
bcbb32e763a4656c6bcd310be2afb7d2fc1fbf59 |
|
19-Oct-2015 |
Jeff Vander Stoep <jeffv@google.com> |
grant priv_app access to /dev/mtp_usb android.process.media needs access to mtp_usb when MTP is enabled. Bug: 25074672 Change-Id: Ic48a3ba8e4395104b0b957f7a9bad69f0e5ee38e
/system/sepolicy/priv_app.te
|
7f09a94596be98415d0546d927c8a4bc15867621 |
|
19-Oct-2015 |
Jeff Vander Stoep <jeffv@google.com> |
Policy for priv_app domain Verifier needs access to apk files. avc: denied { search } for pid=11905 comm="ackageinstaller" name="vmdl2040420713.tmp" dev="dm-2" ino=13647 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:apk_tmp_file:s0 tclass=dir permissive=0 Give bluetooth_manager_service and trust_service the app_api_service attribute. avc: denied { find } for service=bluetooth_manager pid=7916 uid=10058 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:bluetooth_manager_service:s0 tclass=service_manager permissive=0 avc: denied { find } for service=trust pid=25664 uid=10069 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:trust_service:s0 tclass=service_manager permissive=0 Bug: 25066911 Change-Id: I6be695546f8a951e3329c1ec412936b8637e5835
/system/sepolicy/priv_app.te
|
879df8338456c4645688adc69ce8a34754e06322 |
|
16-Oct-2015 |
Jeff Vander Stoep <jeffv@google.com> |
Privileged apps require access to cache gmscore uses cache for updates Bug: 24977552 Change-Id: I45a713fcfc70b71a2de712e77b64fb9feab67dd7
/system/sepolicy/priv_app.te
|
ee9c0b5fb6d0c66756e1890711fe0afdacc7ea0c |
|
05-Oct-2015 |
Jeff Vander Stoep <jeffv@google.com> |
Add priv_app domain to global seapp_context Assign priviliged apps not signed with the platform key to the priv_app domain. Bug: 22033466 Change-Id: Idf7fbe7adbdc326835a179b554f96951b69395bc
/system/sepolicy/priv_app.te
|