5d30beb1b234b31ccd6485d4bad5813103833794 |
|
07-Feb-2017 |
Alex Klyubin <klyubin@google.com> |
Move surfaceflinger policy to private This leaves only the existence of surfaceflinger domain as public API. All other rules are implementation details of this domain's policy and are thus now private. Test: No change to policy according to sesearch, except for disappearance of all allow rules to do with surfaceflinger_current except those created by other domains' allow rules referencing surfaceflinger domain from public and vendor policies. Bug: 31364497 Change-Id: I177751afad82ec27a5b6d2440cf0672cb5b9dfb8
/system/sepolicy/public/surfaceflinger.te
|
1b95d88c6d719e9b2475639599425ee856b5d1e9 |
|
03-Feb-2017 |
Chia-I Wu <olv@google.com> |
Allow HWC to be binderized Test: manual Bug: 32021609 Change-Id: I6793794f3b1fb95b8dd9336f75362447de618274
/system/sepolicy/public/surfaceflinger.te
|
ebec1aa2b74906e49b388cedb9ab61114b6ac854 |
|
19-Jan-2017 |
Jiyong Park <jiyong@google.com> |
configstore: add selinux policy for configstore@1.0 hal This change adds selinux policy for configstore@1.0 hal. Currently, only surfaceflinger has access to the HAL, but need to be widen. Bug: 34314793 Test: build & run Merged-In: I40e65032e9898ab5f412bfdb7745b43136d8e964 Change-Id: I40e65032e9898ab5f412bfdb7745b43136d8e964 (cherry picked from commit 5ff0f178ba077594e80d9777bbe7a13d25d2484d)
/system/sepolicy/public/surfaceflinger.te
|
d33a9a194b1333113671a1353fab60d2df3478a5 |
|
08-Nov-2016 |
Mark Salyzyn <salyzyn@google.com> |
logd: restrict access to /dev/event-log-tags Create an event_log_tags_file label and use it for /dev/event-log-tags. Only trusted system log readers are allowed direct read access to this file, no write access. Untrusted domain requests lack direct access, and are thus checked for credentials via the "plan b" long path socket to the event log tag service. Test: gTest logd-unit-tests, liblog-unit-tests and logcat-unit-tests Bug: 31456426 Bug: 30566487 Change-Id: Ib9b71ca225d4436d764c9bc340ff7b1c9c252a9e
/system/sepolicy/public/surfaceflinger.te
|
606d2fd6651027204727b5141c03e5e47ed1f6e4 |
|
19-Jan-2017 |
William Roberts <william.c.roberts@intel.com> |
te_macros: introduce add_service() macro Introduce the add_service() macro which wraps up add/find permissions for the source domain with a neverallow preventing others from adding it. Only a particular domain should add a particular service. Use the add_service() macro to automatically add a neverallow that prevents other domains from adding the service. mediadrmserver was adding services labeled mediaserver_service. Drop the add permission as it should just need the find permission. Additionally, the macro adds the { add find } permission which causes some existing neverallow's to assert. Adjust those neverallow's so "self" can always find. Test: compile and run on hikey and emulator. No new denials were found, and all services, where applicable, seem to be running OK. Change-Id: Ibbd2a5304edd5f8b877bc86852b0694732be993c Signed-off-by: William Roberts <william.c.roberts@intel.com>
/system/sepolicy/public/surfaceflinger.te
|
d5b6043f51604303ba4f7a7783b4265d55d2e540 |
|
19-Jan-2017 |
Nick Kralevich <nnk@google.com> |
more ephemeral_app cleanup As of https://android-review.googlesource.com/324092, ephemeral_app is now an appdomain, so places where both appdomain and ephemeral_app are granted the same set of rules can be deleted. Test: policy compiles. Change-Id: Ideee710ea47af7303e5eb3af1331653afa698415
/system/sepolicy/public/surfaceflinger.te
|
6a259ccd9ddc01fdeb6ead7ed3f9a3e3beb36cfe |
|
10-Dec-2016 |
Nick Kralevich <nnk@google.com> |
remove more domain_deprecated Test: no denials showing up in log collection Test: device boots Bug: 28760354 Change-Id: I089cfcf486464952fcbb52cce9f6152caf662c23
/system/sepolicy/public/surfaceflinger.te
|
fb08872a40a7299954a92cf043fb8f498e286aa9 |
|
18-Oct-2016 |
Chia-I Wu <olv@google.com> |
Add sepolicy for hwcomposer HAL Allow SurfaceFlinger to call into IComposer, and vice versa for IComposerCallback. Specifically, hwbinder_use(...) for avc: denied { call } for scontext=u:r:hal_graphics_composer:s0 tcontext=u:r:hwservicemanager:s0 tclass=binder permissive=1 avc: denied { transfer } for scontext=u:r:hal_graphics_composer:s0 tcontext=u:r:hwservicemanager:s0 tclass=binder permissive=1 binder_call(..., surfaceflinger) for avc: denied { call } for scontext=u:r:hal_graphics_composer:s0 tcontext=u:r:surfaceflinger:s0 tclass=binder permissive=1 allow ... gpu_device:chr_file rw_file_perms for avc: denied { read write } for name="kgsl-3d0" dev="tmpfs" ino=14956 scontext=u:r:hal_graphics_composer:s0 tcontext=u:object_r:gpu_device:s0 tclass=chr_file permissive=1 avc: denied { open } for path="/dev/kgsl-3d0" dev="tmpfs" ino=14956 scontext=u:r:hal_graphics_composer:s0 tcontext=u:object_r:gpu_device:s0 tclass=chr_file permissive=1 avc: denied { ioctl } for path="/dev/kgsl-3d0" dev="tmpfs" ino=14956 ioctlcmd=940 scontext=u:r:hal_graphics_composer:s0 tcontext=u:object_r:gpu_device:s0 tclass=chr_file permissive=1 allow ... ion_device:chr_file r_file_perms for avc: denied { ioctl } for path="/dev/ion" dev="tmpfs" ino=15014 ioctlcmd=4900 scontext=u:r:hal_graphics_composer:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file permissive=1 allow ... graphics_device ... for avc: denied { ioctl } for path="/dev/graphics/fb0" dev="tmpfs" ino=15121 ioctlcmd=5380 scontext=u:r:hal_graphics_composer:s0 tcontext=u:object_r:graphics_device:s0 tclass=chr_file permissive=1 allow ... ...:fd use for avc: denied { use } for path="anon_inode:dmabuf" dev="anon_inodefs" ino=12794 scontext=u:r:hal_graphics_composer:s0 tcontext=u:r:hal_graphics_allocator_service:s0 tclass=fd permissive=1 avc: denied { use } for path="anon_inode:sync_fence" dev="anon_inodefs" ino=12794 scontext=u:r:hal_graphics_composer:s0 tcontext=u:r:bootanim:s0 tclass=fd permissive=1 avc: denied { use } for path="anon_inode:sync_fence" dev="anon_inodefs" ino=12794 scontext=u:r:hal_graphics_composer:s0 tcontext=u:r:surfaceflinger:s0 tclass=fd permissive=1 avc: denied { use } for path="anon_inode:sync_fence" dev="anon_inodefs" ino=12794 scontext=u:r:hal_graphics_composer:s0 tcontext=u:r:platform_app:s0:c512,c768 tclass=fd permissive=1 binder_call(surfaceflinger, ...) for avc: denied { call } for scontext=u:r:surfaceflinger:s0 tcontext=u:r:hal_graphics_composer:s0 tclass=binder permissive=1 avc: denied { transfer } for scontext=u:r:surfaceflinger:s0 tcontext=u:r:hal_graphics_composer:s0 tclass=binder permissive=1 avc: denied { use } for path="anon_inode:sync_fence" dev="anon_inodefs" ino=12794 ioctlcmd=3e02 scontext=u:r:surfaceflinger:s0 tcontext=u:r:hal_graphics_composer:s0 tclass=fd permissive=1 avc: denied { use } for path="anon_inode:sync_fence" dev="anon_inodefs" ino=12794 scontext=u:r:surfaceflinger:s0 tcontext=u:r:hal_graphics_composer:s0 tclass=fd permissive=1 allow bootanim ...:fd use for avc: denied { use } for path="anon_inode:sync_fence" dev="anon_inodefs" ino=11947 scontext=u:r:bootanim:s0 tcontext=u:r:hal_graphics_composer:s0 tclass=fd permissive=1 Bug: 32021609 Test: make bootimage Change-Id: I036cdbebf0c619fef7559f294f1865f381b17588
/system/sepolicy/public/surfaceflinger.te
|
dd958e5a21ca6a744432902c479ce827b72eedde |
|
12-Oct-2016 |
Chia-I Wu <olv@google.com> |
Add sepolicy for gralloc-alloc HAL Allow SurfaceFlinger to call into IAllocator, and allow everyone to access IAllocator's fd. Specifically, hwbinder_use(...) for avc: denied { call } for scontext=u:r:hal_graphics_allocator:s0 tcontext=u:r:hwservicemanager:s0 tclass=binder permissive=1 avc: denied { transfer } for scontext=u:r:hal_graphics_allocator:s0 tcontext=u:r:hwservicemanager:s0 tclass=binder permissive=1 allow ... ion_device:chr_file r_file_perms for avc: denied { read } for name="ion" dev="tmpfs" ino=15014 scontext=u:r:hal_graphics_allocator:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file permissive=1 avc: denied { open } for path="/dev/ion" dev="tmpfs" ino=15014 scontext=u:r:hal_graphics_allocator:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file permissive=1 avc: denied { ioctl } for path="/dev/ion" dev="tmpfs" ino=15014 ioctlcmd=4900 scontext=u:r:hal_graphics_allocator:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file permissive=1 allow ... gpu_device:chr_file rw_file_perms; for avc: denied { read write } for name="kgsl-3d0" dev="tmpfs" ino=14956 scontext=u:r:hal_graphics_allocator:s0 tcontext=u:object_r:gpu_device:s0 tclass=chr_file permissive=1 avc: denied { open } for path="/dev/kgsl-3d0" dev="tmpfs" ino=14956 scontext=u:r:hal_graphics_allocator:s0 tcontext=u:object_r:gpu_device:s0 tclass=chr_file permissive=1 avc: denied { ioctl } for path="/dev/kgsl-3d0" dev="tmpfs" ino=14956 ioctlcmd=940 scontext=u:r:hal_graphics_allocator:s0 tcontext=u:object_r:gpu_device:s0 tclass=chr_file permissive=1 binder_call(surfaceflinger, ...) for avc: denied { call } for scontext=u:r:surfaceflinger:s0 tcontext=u:r:hal_graphics_allocator:s0 tclass=binder permissive=1 allow ... ...:fd use for avc: denied { use } for path="anon_inode:dmabuf" dev="anon_inodefs" ino=12794 scontext=u:r:surfaceflinger:s0 tcontext=u:r:hal_graphics_allocator:s0 tclass=fd permissive=1 Bug: 32021161 Test: make bootimage Change-Id: Ie7700142313407ac438c43dd1a85544dc4c67f13
/system/sepolicy/public/surfaceflinger.te
|
06cf31eb63fc9023d64af97b45b6faab2c0ef91c |
|
06-Oct-2016 |
Chad Brubaker <cbrubaker@google.com> |
Rename autoplay_app to ephemeral_app Test: Builds and boots Change-Id: I3db64e12f0390c6940f5745eae83ce7efa7d65a9
/system/sepolicy/public/surfaceflinger.te
|
cc39f637734a8d84bc861b649bfd109290c06401 |
|
22-Jul-2016 |
dcashman <dcashman@google.com> |
Split general policy into public and private components. Divide policy into public and private components. This is the first step in splitting the policy creation for platform and non-platform policies. The policy in the public directory will be exported for use in non-platform policy creation. Backwards compatibility with it will be achieved by converting the exported policy into attribute-based policy when included as part of the non-platform policy and a mapping file will be maintained to be included with the platform policy that maps exported attributes of previous versions to the current platform version. Eventually we would like to create a clear interface between the platform and non-platform device components so that the exported policy, and the need for attributes is minimal. For now, almost all types and avrules are left in public. Test: Tested by building policy and running on device. Change-Id: Idef796c9ec169259787c3f9d8f423edf4ce27f8c
/system/sepolicy/public/surfaceflinger.te
|