d2d91e60de20e789cec4fe4604083ae71e095626 |
|
05-Apr-2018 |
Max Bires <jbires@google.com> |
Adding ability for keystore to find dropbox This will allow the logging in keystore to actually work. Bug: 36549319 Test: keystore dropbox logging is successful Change-Id: Ic135fa9624c289c54187e946affbd0caacef13c1 (cherry picked from commit 2e69afc079a175070279674be78aacbe4434c367)
/system/sepolicy/public/keystore.te
|
76aab82cb3a7560d3d78f93c7f2d00ed381192c4 |
|
15-May-2017 |
Jeff Vander Stoep <jeffv@google.com> |
Move domain_deprecated into private policy This attribute is being actively removed from policy. Since attributes are not being versioned, partners must not be able to access and use this attribute. Move it from private and verify in the logs that rild and tee are not using these permissions. Bug: 38316109 Test: build and boot Marlin Test: Verify that rild and tee are not being granted any of these permissions. Change-Id: I31beeb5bdf3885195310b086c1af3432dc6a349b
/system/sepolicy/public/keystore.te
|
53656c1742c126c92df178ee143dec5dcf93c88a |
|
14-Apr-2017 |
Alex Klyubin <klyubin@google.com> |
Restrict access to hwservicemanager This adds fine-grained policy about who can register and find which HwBinder services in hwservicemanager. Test: Play movie in Netflix and Google Play Movies Test: Play video in YouTube app and YouTube web page Test: In Google Camera app, take photo (HDR+ and conventional), record video (slow motion and normal), and check that photos look fine and videos play back with sound. Test: Cast screen to a Google Cast device Test: Get location fix in Google Maps Test: Make and receive a phone call, check that sound works both ways and that disconnecting the call frome either end works fine. Test: Run RsHelloCompute RenderScript demo app Test: Run fast subset of media CTS tests: make and install CtsMediaTestCases.apk adb shell am instrument -e size small \ -w 'android.media.cts/android.support.test.runner.AndroidJUnitRunner' Test: Play music using Google Play music Test: Adjust screen brightness via the slider in Quick Settings Test: adb bugreport Test: Enroll in fingerprint screen unlock, unlock screen using fingerprint Test: Apply OTA update: Make some visible change, e.g., rename Settings app. make otatools && \ make dist Ensure device has network connectivity ota_call.py -s <serial here> --file out/dist/sailfish-ota-*.zip Confirm the change is now live on the device Bug: 34454312 (cherry picked from commit 632bc494f199d9d85c37c1751667fe41f4b094cb) Merged-In: Iecf74000e6c68f01299667486f3c767912c076d3 Change-Id: I7a9a487beaf6f30c52ce08e04d415624da49dd31
/system/sepolicy/public/keystore.te
|
9a14704f62488795f896793339ab0d5a62757483 |
|
04-Apr-2017 |
Alex Klyubin <klyubin@google.com> |
Wifi Keystore HAL is not a HAL Wifi Keystore HAL is a HwBinder service (currently offered by keystore daemon) which is used by Wifi Supplicant HAL. This commit thus switches the SELinux policy of Wifi Keystore HAL to the approach used for non-HAL HwBinder services. The basic idea is simimilar to how we express Binder services in the policy, with two tweaks: (1) we don't have 'hwservicemanager find' and thus there's no add_hwservice macro, and (2) we need loosen the coupling between core and vendor components. For example, it should be possible to move a HwBinder service offered by a core component into another core component, without having to update the SELinux policy of the vendor image. We thus annotate all components offering HwBinder service x across the core-vendor boundary with x_server, which enables the policy of clients to contain rules of the form: binder_call(mydomain, x_server), and, if the service uses IPC callbacks, also binder_call(x_server, mydomain). Test: mmm system/sepolicy Test: sesearch indicates to changes to binder { call transfer} between keystore and hal_wifi_supplicant_default domains Bug: 36896667 Change-Id: I45c4ce8159b63869d7bb6df5c812c5291776d892
/system/sepolicy/public/keystore.te
|
9af7c95f86bf46e2a337d7d851ebb502a192e6a1 |
|
29-Mar-2017 |
Roshan Pius <rpius@google.com> |
sepolicy: Add new wifi keystore HAL Moving the wpa_supplicant interaction from the binder keystore service to the new wifi keystore HAL. Denials addressed: 03-29 00:04:52.075 734 734 E SELinux : avc: denied { get } for pid=638 uid=1010 scontext=u:r:hal_wifi_keystore_default:s0 tcontext=u:r:keystore:s0 tclass=keystore_key Bug: 34603782 Test: Able to connect to wifi passpoint networks. Denials no longer seen. Change-Id: I97eb9a4aa9968056a2f1fcc7ce5509ceb62fd41e
/system/sepolicy/public/keystore.te
|
f7543d27b8371107ed69d9a1900c21954a77b6a4 |
|
23-Feb-2017 |
Alex Klyubin <klyubin@google.com> |
Switch Keymaster HAL policy to _client/_server This switches Keymaster HAL policy to the design which enables us to conditionally remove unnecessary rules from domains which are clients of Keymaster HAL. Domains which are clients of Keymaster HAL, such as keystore and vold domains, are granted rules targeting hal_keymaster only when the Keymaster HAL runs in passthrough mode (i.e., inside the client's process). When the HAL runs in binderized mode (i.e., in another process/domain, with clients talking to the HAL over HwBinder IPC), rules targeting hal_keymaster are not granted to client domains. Domains which offer a binderized implementation of Keymaster HAL, such as hal_keymaster_default domain, are always granted rules targeting hal_keymaster. Test: Password-protected sailfish boots up and lock screen unlocks -- this exercises vold -> Keymaster HAL interaction Test: All Android Keystore CTS tests pass -- this exercises keystore -> Keymaster HAL interaction: make cts cts-tradefed cts-tradefed run singleCommand cts --skip-device-info \ --skip-preconditions --skip-connectivity-check --abi arm64-v8a \ --module CtsKeystoreTestCases Bug: 34170079 Change-Id: I2254d0fdee72145721654d6c9e6e8d3331920ec7
/system/sepolicy/public/keystore.te
|
a1b45600882032aab5b13381a636734f0a3f91f0 |
|
10-Feb-2017 |
Jeff Vander Stoep <jeffv@google.com> |
Remove logspam Grant observed uses of permissions being audited in domain_deprecated. fsck avc: granted { getattr } for path="/" dev="dm-0" ino=2 scontext=u:r:fsck:s0 tcontext=u:object_r:rootfs:s0 tclass=dir keystore avc: granted { read open } for path="/vendor/lib64/hw" dev="dm-1" ino=168 scontext=u:r:keystore:s0 tcontext=u:object_r:system_file:s0 tclass=dir sdcardd avc: granted { read open } for path="/proc/filesystems" dev="proc" ino=4026532412 scontext=u:r:sdcardd:s0 tcontext=u:object_r:proc:s0 tclass=file update_engine avc: granted { getattr } for path="/proc/misc" dev="proc" ino=4026532139 scontext=u:r:update_engine:s0 tcontext=u:object_r:proc:s0 tclass=file avc: granted { read open } for path="/proc/misc" dev="proc" ino=4026532139 scontext=u:r:update_engine:s0 tcontext=u:object_r:proc:s0 tclass=file avc: granted { read } for name="hw" dev="dm-1" ino=168 scontext=u:r:update_engine:s0 tcontext=u:object_r:system_file:s0 tclass=dir vold avc: granted { read open } for path="/vendor/lib64/hw" dev="dm-1" ino=168 scontext=u:r:vold:s0 tcontext=u:object_r:system_file:s0 tclass=dir Test: Marlin builds and boots, avc granted messages no longer observed. Bug: 35197529 Change-Id: Iae34ae3b9e22ba7550cf7d45dc011ab043e63424
/system/sepolicy/public/keystore.te
|
e8acd7695b96434cde84c8bc16b364d39856857d |
|
28-Jan-2017 |
Janis Danisevskis <jdanis@google.com> |
Preliminary policy for hal_keymaster (TREBLE) This adds the premissions required for android.hardware.keymaster@2.0-service to access the keymaster TA as well as for keystore and vold to lookup and use android.hardware.keymaster@2.0-service. IT DOES NOT remove the privileges from keystore and vold to access the keymaster TA directly. Test: Run keystore CTS tests Bug: 32020919 (cherry picked from commit 5090d6f3241ffbd96f5a0b24df602bd2559f3cf4) Change-Id: Ib02682da26e2dbcabd81bc23169f9bd0e832eb19
/system/sepolicy/public/keystore.te
|
606d2fd6651027204727b5141c03e5e47ed1f6e4 |
|
19-Jan-2017 |
William Roberts <william.c.roberts@intel.com> |
te_macros: introduce add_service() macro Introduce the add_service() macro which wraps up add/find permissions for the source domain with a neverallow preventing others from adding it. Only a particular domain should add a particular service. Use the add_service() macro to automatically add a neverallow that prevents other domains from adding the service. mediadrmserver was adding services labeled mediaserver_service. Drop the add permission as it should just need the find permission. Additionally, the macro adds the { add find } permission which causes some existing neverallow's to assert. Adjust those neverallow's so "self" can always find. Test: compile and run on hikey and emulator. No new denials were found, and all services, where applicable, seem to be running OK. Change-Id: Ibbd2a5304edd5f8b877bc86852b0694732be993c Signed-off-by: William Roberts <william.c.roberts@intel.com>
/system/sepolicy/public/keystore.te
|
cc39f637734a8d84bc861b649bfd109290c06401 |
|
22-Jul-2016 |
dcashman <dcashman@google.com> |
Split general policy into public and private components. Divide policy into public and private components. This is the first step in splitting the policy creation for platform and non-platform policies. The policy in the public directory will be exported for use in non-platform policy creation. Backwards compatibility with it will be achieved by converting the exported policy into attribute-based policy when included as part of the non-platform policy and a mapping file will be maintained to be included with the platform policy that maps exported attributes of previous versions to the current platform version. Eventually we would like to create a clear interface between the platform and non-platform device components so that the exported policy, and the need for attributes is minimal. For now, almost all types and avrules are left in public. Test: Tested by building policy and running on device. Change-Id: Idef796c9ec169259787c3f9d8f423edf4ce27f8c
/system/sepolicy/public/keystore.te
|