597be44e9628eea56724e0ec576eebc2f0224d2a |
|
14-May-2018 |
Joel Galenson <jgalenson@google.com> |
Allow vendor_init to getattr vold_metadata_file. This relaxes the neverallow rule blocking vendor_init from doing anything to vold_metadata_file. The rules above it still prevent it from doing anything other than relabelto and getattr. Bug: 79681561 Test: Boot device and see no denials. Change-Id: I1beb25bb9f8d69323c9fee53a140c2a084b12124
/system/sepolicy/public/vold.te
|
5f79b334ff93cf89ab7c6f6c771ca0b5c7d0e2e5 |
|
20-Apr-2018 |
Paul Crowley <paulcrowley@google.com> |
Add metadata_file class for root of metadata folder. Bug: 77335096 Test: booted device with metadata encryption and without Change-Id: I5bc5d46deb4e91912725c4887fde0c3a41c9fc91
/system/sepolicy/public/vold.te
|
d25ccabd24339938b6b3bb93cb3cb96b4aa55958 |
|
08-Feb-2018 |
Jeff Vander Stoep <jeffv@google.com> |
label /data/vendor{_ce,_de} Restrictions introduced in vendor init mean that new devices may not no longer exempt vendor init from writing to system_data_file. This means we must introduce a new label for /data/vendor which vendor_init may write to. Bug: 73087047 Test: build and boot Taimen and Marlin. Complete SUW, enroll fingerprint No new denials. Change-Id: I65f904bb28952d4776aab947515947e14befbe34
/system/sepolicy/public/vold.te
|
d9a4e06ec59025a32a80b343ef8aa47eb7ddb308 |
|
01-Feb-2018 |
Paul Crowley <paulcrowley@google.com> |
Allow vendor_init and e2fs to enable metadata encryption Bug: 63927601 Test: Enable metadata encryption in fstab on Taimen, check boot success. Change-Id: Iddbcd05501d360d2adc4edf8ea7ed89816642d26
/system/sepolicy/public/vold.te
|
dcad0f04cfe423d490019d23528ed9fe1e54b047 |
|
23-Jan-2018 |
Tri Vo <trong@google.com> |
vold: clarify sysfs access And remove a redundant rule. Test: sesearch shows no changes to vold's sepolicy. Change-Id: Icccc18696e98b999968ecbe0fb7862c35575a9b3
/system/sepolicy/public/vold.te
|
e49714542ee846a7b14c8edb78303ec94cb4836e |
|
19-Oct-2017 |
Jaekyun Seok <jaekyun@google.com> |
Whitelist exported platform properties This CL lists all the exported platform properties in private/exported_property_contexts. Additionally accessing core_property_type from vendor components is restricted. Instead public_readable_property_type is used to allow vendor components to read exported platform properties, and accessibility from vendor_init is also specified explicitly. Note that whitelisting would be applied only if PRODUCT_COMPATIBLE_PROPERTY is set on. Bug: 38146102 Test: tested on walleye with PRODUCT_COMPATIBLE_PROPERTY=true Change-Id: I304ba428cc4ca82668fec2ddeb17c971e7ec065e
/system/sepolicy/public/vold.te
|
7ae939e84bff452beb0ba10c64983fb6f63e7712 |
|
08-Jan-2018 |
Luis Hector Chavez <lhchavez@google.com> |
Revert "Allow callers of uevent_kernel_*() access to /proc/sys/kernel/overflowuid" This reverts commit 640e595a68713d6d09eab4c436780498c46cdbcb. The corresponding code in libcutils was removed, so this is now unneeded. Bug: 71632076 Test: aosp_sailfish still works Change-Id: I615bab83e9a83bc14439b8ab90c00d3156b0a7c4
/system/sepolicy/public/vold.te
|
6a28b68d5479bb51035fb878f9bb3e7019d65180 |
|
21-Nov-2017 |
Jeff Vander Stoep <jeffv@google.com> |
Fix CTS regressions Commit 7688161 "hal_*_(client|server) => hal(client|server)domain" added neverallow rules on hal_*_client attributes while simultaneously expanding these attribute which causes them to fail CTS neverallow tests. Remove these neverallow rules as they do not impose specific security properties that we want to enforce. Modify Other neverallow failures which were imposed on hal_foo attributes and should have been enforced on hal_foo_server attributes instead. Bug: 69566734 Test: cts-tradefed run cts -m CtsSecurityHostTestCases -t \ android.cts.security.SELinuxNeverallowRulesTest CtsSecurityHostTestCases completed in 7s. 627 passed, 1 failed remaining failure appears to be caused by b/68133473 Test: build taimen-user/userdebug Change-Id: I619e71529e078235ed30dc06c60e6e448310fdbc
/system/sepolicy/public/vold.te
|
cd69bebf7646fd1fb9a2c378d7a3ccc80a00d450 |
|
21-Nov-2017 |
Jeffrey Vander Stoep <jeffv@google.com> |
Revert "Fix CTS regressions" This reverts commit ed876a5e969ce89d9887cc19a97aadbaf5118e4a. Fixes user builds. libsepol.report_failure: neverallow on line 513 of system/sepolicy/public/domain.te (or line 9149 of policy.conf) violated by allow update_verifier misc_block_device:blk_file { ioctl read write lock append open }; libsepol.check_assertions: 1 neverallow failures occurred Error while expanding policy Bug: 69566734 Test: build taimen-user Change-Id: I969b7539dce547f020918ddc3e17208fc98385c4
/system/sepolicy/public/vold.te
|
ed876a5e969ce89d9887cc19a97aadbaf5118e4a |
|
21-Nov-2017 |
Jeff Vander Stoep <jeffv@google.com> |
Fix CTS regressions Commit 7688161 "hal_*_(client|server) => hal(client|server)domain" added neverallow rules on hal_*_client attributes while simultaneously expanding these attribute which causes them to fail CTS neverallow tests. Remove these neverallow rules as they do not impose specific security properties that we want to enforce. Modify Other neverallow failures which were imposed on hal_foo attributes and should have been enforced on hal_foo_server attributes instead. Bug: 69566734 Test: cts-tradefed run cts -m CtsSecurityHostTestCases -t \ android.cts.security.SELinuxNeverallowRulesTest CtsSecurityHostTestCases completed in 7s. 627 passed, 1 failed remaining failure appears to be caused by b/68133473 Change-Id: I83dcb33c3a057f126428f88a90b95f3f129d9f0e
/system/sepolicy/public/vold.te
|
9b2e0cbeeaae560b07e4ffa6e5b8e505699e4a76 |
|
09-Nov-2017 |
Benjamin Gordon <bmgordon@google.com> |
sepolicy: Add rules for non-init namespaces In kernel 4.7, the capability and capability2 classes were split apart from cap_userns and cap2_userns (see kernel commit 8e4ff6f228e4722cac74db716e308d1da33d744f). Since then, Android cannot be run in a container with SELinux in enforcing mode. This change applies the existing capability rules to user namespaces as well as the root namespace so that Android running in a container behaves the same on pre- and post-4.7 kernels. This is essentially: 1. New global_capability_class_set and global_capability2_class_set that match capability+cap_userns and capability2+cap2_userns, respectively. 2. s/self:capability/self:global_capability_class_set/g 3. s/self:capability2/self:global_capability2_class_set/g 4. Add cap_userns and cap2_userns to the existing capability_class_set so that it covers all capabilities. This set was used by several neverallow and dontaudit rules, and I confirmed that the new classes are still appropriate. Test: diff new policy against old and confirm that all new rules add only cap_userns or cap2_userns; Boot ARC++ on a device with the 4.12 kernel. Bug: crbug.com/754831 Change-Id: I4007eb3a2ecd01b062c4c78d9afee71c530df95f
/system/sepolicy/public/vold.te
|
640e595a68713d6d09eab4c436780498c46cdbcb |
|
02-Nov-2017 |
Luis Hector Chavez <lhchavez@google.com> |
Allow callers of uevent_kernel_*() access to /proc/sys/kernel/overflowuid Bug: 62378620 Test: Android in Chrome OS can call uevent_kernel_recv() and not fail with EIO. Test: bullhead networking still works Change-Id: I4dd5d2148ee1704c4fa23d7fd82d1ade19b58cbd
/system/sepolicy/public/vold.te
|
2f4a4b78582414b4e50defa430380865596eb869 |
|
17-Oct-2017 |
Paul Crowley <paulcrowley@google.com> |
vold_prepare_subdirs needs to recursively delete Bug: 25861755 Test: Boot device, create user, create files, remove user, observe logs Change-Id: I195514eb45a99c1093998786ab385338463269c0 Merged-In: I195514eb45a99c1093998786ab385338463269c0 (cherry picked from commit eb7340d94ed44b16cdb731590577a177e7046375)
/system/sepolicy/public/vold.te
|
5b962cfd7b2f41cf2b4bba4c6622cd4fe49e3a46 |
|
13-Oct-2017 |
Paul Crowley <paulcrowley@google.com> |
vold_prepare_subdirs sets policy in vold-created dirs. Bug: 25861755 Test: Boot device, observe logs Change-Id: I6c13430d42e9794003eb48e6ca219b874112b900 Merged-In: I6c13430d42e9794003eb48e6ca219b874112b900 (cherry picked from commit 47f3ed09d222ee126cf2fe23b5fe15cd0b64520e)
/system/sepolicy/public/vold.te
|
5b4bea438a4bcb7dd49ab022b46884e3f683dc44 |
|
05-Oct-2017 |
Tao Bao <tbao@google.com> |
Create sysfs_dm label. Prior to this CL, /sys/devices/virtual/block/dm-X was using the generic sysfs label. This CL creates sysfs_dm label and grants the following accesses: - update_verifier to read sysfs_dm dir and file at /sys/devices/virtual/block/dm-X. - vold to write sysfs_dm. Bug: 63440407 Test: update_verifier successfully triggers blocks verification and marks a sucessful boot; Test: No sysfs_dm related denials on sailfish. Change-Id: I6349412707800f1bd3a2fb94d4fe505558400c95
/system/sepolicy/public/vold.te
|
aadf611ed9fea53f5b4fe18d361795258ff00c3c |
|
04-Oct-2017 |
Jeff Vander Stoep <jeffv@google.com> |
vold: temporarily re-grant access to default proc label On Marlin/Sailfish, StorageManager tests in CTS are exposing a bug where the /proc/<pid>/ns/mnt files for system_server are briefly mislabeled as "proc" instead of "system_server". Resulting in the tests failing. Temporarily re-granting access to the default label until the labeling issue can be tracked down. Repro steps: cts-tradefed run commandAndExit cts-dev -m CtsOsTestCases \ -t android.os.storage.cts.StorageManagerTest Failures: android.os.storage.cts.StorageManagerTest#testOpenProxyFileDescriptor fail: java.lang.IllegalStateException: command '58 appfuse mount 10065 959 0' failed with '400 58 Command failed' android.os.storage.cts.StorageManagerTest#testOpenProxyFileDescriptor_async fail: java.lang.IllegalStateException: command '59 appfuse mount 10065 959 1' failed with '400 59 Command failed' android.os.storage.cts.StorageManagerTest#testOpenProxyFileDescriptor_error fail: java.lang.IllegalStateException: command '60 appfuse mount 10065 959 2' failed with '400 60 Command failed' From the log: 10-04 20:41:22.972 595 604 E vold : Failed to open namespace for /proc/959/ns/mnt: Permission denied 10-04 20:41:22.967 604 604 W vold : type=1400 audit(0.0:90): avc: denied { read } for dev="proc" ino=4026534249 scontext=u:r:vold:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0 10-04 20:41:23.051 604 604 W vold : type=1400 audit(0.0:91): avc: denied { read } for dev="proc" ino=4026534249 scontext=u:r:vold:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0 10-04 20:41:23.054 595 604 E vold : Failed to open namespace for /proc/959/ns/mnt: Permission denied 10-04 20:41:23.081 604 604 W vold : type=1400 audit(0.0:92): avc: denied { read } for dev="proc" ino=4026534249 scontext=u:r:vold:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0 10-04 20:41:23.086 595 604 E vold : Failed to open namespace for /proc/959/ns/mnt: Permission denied sailfish:/ # ps -AZ | grep 959 u:r:system_server:s0 system 959 628 \ 4557136 251500 SyS_epoll_wait 70e6df822c S system_server The file labels appear to be correct when checked manually. sailfish:/ # ls -lZ /proc/959/ns/ lrwxrwxrwx 1 system system u:r:system_server:s0 0 2017-10-04 17:19 mnt -> mnt:[4026534249] lrwxrwxrwx 1 system system u:r:system_server:s0 0 2017-10-04 20:55 net -> net:[4026531906] Bug: 67049235 Test: cts-tradefed run commandAndExit cts-dev -m CtsOsTestCases \ -t android.os.storage.cts.StorageManagerTes Change-Id: Id4d200856c02c023c6f516e3f3bfa060e100086c
/system/sepolicy/public/vold.te
|
91d398d802b4fbd33c2b88da9f56ecee8bdc363c |
|
26-Sep-2017 |
Dan Cashman <dcashman@google.com> |
Sync internal master and AOSP sepolicy. Bug: 37916906 Test: Builds 'n' boots. Change-Id: Ia1d86264446ebecc1ca79f32f11354921bc77668 Merged-In: I208ec6a864127a059fb389417a9c6b259d7474cb
/system/sepolicy/public/vold.te
|
f295758caeab2628d671d06d983088eaf25a493c |
|
30-Aug-2017 |
Peter Enderborg <peter.enderborg@sony.com> |
Restrict functions for vold Raw sockets usually imply advanced parsers that might have flaws. If vold need such odd thing, force it to have that in a other domain like filesystem checks. Debug features like ptrace does not belong to vold. Bug: 64791922 Test: Manual Change-Id: I75c62d13f998621f80b2049bce0505442862bf0b
/system/sepolicy/public/vold.te
|
acb4871ff320f0e3c0745cc25fbc5cf78421960d |
|
30-Aug-2017 |
Peter Enderborg <peter.enderborg@sony.com> |
Only allow init to start vold Hardening vold. Vold has much rights to system sensitive parts and are started by init. Enforce this security. Bug: 64791922 Test: Manual Change-Id: I077d251d1eb7b7292e1a4a785093cb7bf5524a83
/system/sepolicy/public/vold.te
|
2cf7fba53988ed17c9ca2f407703e62a2aa16dd6 |
|
24-Jul-2017 |
Jeff Vander Stoep <jeffv@google.com> |
domain_deprecate: remove system_data_file access am: 2b75437dc8 Change-Id: I0b90ed2e870640b6b7524207c2edfc8e5578fc6e
|
2b75437dc82b43d8e9c3cbda8bd92452968d6071 |
|
12-Jul-2017 |
Jeff Vander Stoep <jeffv@google.com> |
domain_deprecate: remove system_data_file access scontext=installd avc: granted { getattr } for comm="Binder:1153_7" path="/data/user/0" dev="sda13" ino=1097730 scontext=u:r:installd:s0 tcontext=u:object_r:system_data_file:s0 tclass=lnk_file scontext=runas avc: granted { getattr } for comm="run-as" path="/data/user/0" dev="sda35" ino=942082 scontext=u:r:runas:s0 tcontext=u:object_r:system_data_file:s0 tclass=lnk_file scontext=vold avc: granted { getattr } for comm="vold" path="/data/data" dev="sda45" ino=12 scontext=u:r:vold:s0 tcontext=u:object_r:system_data_file:s0 tclass=lnk_file avc: granted { read } for comm="secdiscard" name="3982c444973581d4.spblob" dev="sda45" ino=4620302 scontext=u:r:vold:s0 tcontext=u:object_r:system_data_file:s0 tclass=file Bug: 28760354 Test: Build Change-Id: Id16c43090675572af35f1ad9defd4c368abc906b
/system/sepolicy/public/vold.te
|
76aab82cb3a7560d3d78f93c7f2d00ed381192c4 |
|
15-May-2017 |
Jeff Vander Stoep <jeffv@google.com> |
Move domain_deprecated into private policy This attribute is being actively removed from policy. Since attributes are not being versioned, partners must not be able to access and use this attribute. Move it from private and verify in the logs that rild and tee are not using these permissions. Bug: 38316109 Test: build and boot Marlin Test: Verify that rild and tee are not being granted any of these permissions. Change-Id: I31beeb5bdf3885195310b086c1af3432dc6a349b
/system/sepolicy/public/vold.te
|
f627e5581c479013e067494c5af71adf13aa260a |
|
14-Apr-2017 |
Jeff Vander Stoep <jeffv@google.com> |
restore permissions to /vendor for non-treble devices Relabeling /vendor and /system/vendor to vendor_file removed previously granted permissions. Restore these for non-treble devices. Addresses: avc: denied { execute_no_trans } for pid=2944 comm="dumpstate" path="/system/vendor/bin/wpa_cli" dev="mmcblk0p10" ino=1929 scontext=u:r:dumpstate:s0 tcontext=u:object_r:vendor_file:s0 tclass=file And potentially some other bugs that have yet to surface. Bug: 37105075 Test: build Fugu Change-Id: I8e7bd9c33819bf8206f7c110cbce72366afbcef8
/system/sepolicy/public/vold.te
|
c9cf7361c1f5000834f125d287df8d2708b4d634 |
|
24-Mar-2017 |
Sandeep Patil <sspatil@google.com> |
file_context: explicitly label all file context files file_context files need to be explicitly labeled as they are now split across system and vendor and won't have the generic world readable 'system_file' label. Bug: 36002414 Test: no new 'file_context' denials at boot complete on sailfish Test: successfully booted into recovery without denials and sideloaded OTA update. Test: ./cts-tradefed run singleCommand cts --skip-device-info \ --skip-preconditions --skip-connectivity-check --abi \ arm64-v8a --module CtsSecurityHostTestCases -t \ android.security.cts.SELinuxHostTest#testAospFileContexts Change-Id: I603157e9fa7d1de3679d41e343de397631666273 Signed-off-by: Sandeep Patil <sspatil@google.com>
/system/sepolicy/public/vold.te
|
3f724c95a86e6c08f23ff4f424b144cee81014dd |
|
26-Mar-2017 |
Jeff Sharkey <jsharkey@android.com> |
Grant kernel access to new "virtual_disk" file. This is a special file that can be mounted as a loopback device to exercise adoptable storage code on devices that don't have valid physical media. For example, they may only support storage media through a USB OTG port that is being used for an adb connection. avc: denied { read } for path="/data/misc/vold/virtual_disk" dev="sda35" ino=508695 scontext=u:r:kernel:s0 tcontext=u:object_r:vold_data_file:s0 tclass=file permissive=0 Bug: 34903607 Change-Id: I84721ec0e9495189a7d850461875df1839826212
/system/sepolicy/public/vold.te
|
a8e0f76c44af41cbdd5e452a976171ffe379d035 |
|
26-Mar-2017 |
Jeff Sharkey <jsharkey@android.com> |
Define policy for "loop-control" device. Per loop(4), this device is the preferred way of allocating new loop devices since Linux 3.1. avc: denied { read write } for name="loop-control" dev="tmpfs" ino=15221 scontext=u:r:vold:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0 Bug: 34903607 Change-Id: I1f5f62cf0a1c24c6f6453100004812af4b8e1503
/system/sepolicy/public/vold.te
|
2b291121b92f44971e702929d7ae4cc7d5e35078 |
|
04-Mar-2017 |
Calin Juravle <calin@google.com> |
SElinux: Clean up code related to foreign dex use We simplified the way we track whether or not a dex file is used by other apps. DexManager in the framework keeps track of the data and we no longer need file markers on disk. Test: device boots, foreign dex markers are not created anymore Bug: 32871170 Change-Id: I464ed6b09439cf0342020ee07596f9aa8ae53b62
/system/sepolicy/public/vold.te
|
f7543d27b8371107ed69d9a1900c21954a77b6a4 |
|
23-Feb-2017 |
Alex Klyubin <klyubin@google.com> |
Switch Keymaster HAL policy to _client/_server This switches Keymaster HAL policy to the design which enables us to conditionally remove unnecessary rules from domains which are clients of Keymaster HAL. Domains which are clients of Keymaster HAL, such as keystore and vold domains, are granted rules targeting hal_keymaster only when the Keymaster HAL runs in passthrough mode (i.e., inside the client's process). When the HAL runs in binderized mode (i.e., in another process/domain, with clients talking to the HAL over HwBinder IPC), rules targeting hal_keymaster are not granted to client domains. Domains which offer a binderized implementation of Keymaster HAL, such as hal_keymaster_default domain, are always granted rules targeting hal_keymaster. Test: Password-protected sailfish boots up and lock screen unlocks -- this exercises vold -> Keymaster HAL interaction Test: All Android Keystore CTS tests pass -- this exercises keystore -> Keymaster HAL interaction: make cts cts-tradefed cts-tradefed run singleCommand cts --skip-device-info \ --skip-preconditions --skip-connectivity-check --abi arm64-v8a \ --module CtsKeystoreTestCases Bug: 34170079 Change-Id: I2254d0fdee72145721654d6c9e6e8d3331920ec7
/system/sepolicy/public/vold.te
|
a1b45600882032aab5b13381a636734f0a3f91f0 |
|
10-Feb-2017 |
Jeff Vander Stoep <jeffv@google.com> |
Remove logspam Grant observed uses of permissions being audited in domain_deprecated. fsck avc: granted { getattr } for path="/" dev="dm-0" ino=2 scontext=u:r:fsck:s0 tcontext=u:object_r:rootfs:s0 tclass=dir keystore avc: granted { read open } for path="/vendor/lib64/hw" dev="dm-1" ino=168 scontext=u:r:keystore:s0 tcontext=u:object_r:system_file:s0 tclass=dir sdcardd avc: granted { read open } for path="/proc/filesystems" dev="proc" ino=4026532412 scontext=u:r:sdcardd:s0 tcontext=u:object_r:proc:s0 tclass=file update_engine avc: granted { getattr } for path="/proc/misc" dev="proc" ino=4026532139 scontext=u:r:update_engine:s0 tcontext=u:object_r:proc:s0 tclass=file avc: granted { read open } for path="/proc/misc" dev="proc" ino=4026532139 scontext=u:r:update_engine:s0 tcontext=u:object_r:proc:s0 tclass=file avc: granted { read } for name="hw" dev="dm-1" ino=168 scontext=u:r:update_engine:s0 tcontext=u:object_r:system_file:s0 tclass=dir vold avc: granted { read open } for path="/vendor/lib64/hw" dev="dm-1" ino=168 scontext=u:r:vold:s0 tcontext=u:object_r:system_file:s0 tclass=dir Test: Marlin builds and boots, avc granted messages no longer observed. Bug: 35197529 Change-Id: Iae34ae3b9e22ba7550cf7d45dc011ab043e63424
/system/sepolicy/public/vold.te
|
e8acd7695b96434cde84c8bc16b364d39856857d |
|
28-Jan-2017 |
Janis Danisevskis <jdanis@google.com> |
Preliminary policy for hal_keymaster (TREBLE) This adds the premissions required for android.hardware.keymaster@2.0-service to access the keymaster TA as well as for keystore and vold to lookup and use android.hardware.keymaster@2.0-service. IT DOES NOT remove the privileges from keystore and vold to access the keymaster TA directly. Test: Run keystore CTS tests Bug: 32020919 (cherry picked from commit 5090d6f3241ffbd96f5a0b24df602bd2559f3cf4) Change-Id: Ib02682da26e2dbcabd81bc23169f9bd0e832eb19
/system/sepolicy/public/vold.te
|
626f90c541add3560e5eb23cca6c2c9d6cebdcf4 |
|
20-Jan-2017 |
Max Bires <jbires@google.com> |
Adding a neverallow rule to prevent renaming of device and char files This neverallow addition addresses the renaming of files in exploits in order to bypass denied permissions. An example of a similar use case of using mv to bypass permission denials appeared in a recent project zero ChromeOS exploit as one of the steps in the exploit chain. https://googleprojectzero.blogspot.com/2016/12/chrome-os-exploit-one-byte-overflow-and.html Additionally, vold and init both had permission sets that allowed them to rename, but neither of them seem to need it. Therefore the rename permission has also been removed from these two .te files. Test: The device boots successfully Change-Id: I07bbb58f058bf050f269b083e836c2c9a5bbad80
/system/sepolicy/public/vold.te
|
16c889c51f0667c7d063f959922b5c98bcebfd7a |
|
14-Dec-2016 |
Max <jbires@google.com> |
Removing file system remount permission from vold There is no reason for vold to have this permission, and a proper auditallow rule has been used and monitored to ensure that nothing on android uses this permission. Bug: 26901147 Test: Phone boots Change-Id: Id36ed2722348f433fe3d046a3429066338230fec
/system/sepolicy/public/vold.te
|
314d8c5801a47523f18eb703205183f8fdd0068b |
|
30-Nov-2016 |
Max <jbires@google.com> |
Added an auditallow rule to track vold remounting filesystems. Vold shouldn't have this selinux permission, so this will be left in for a few weeks to keep track of if removing it would be an issue to any other processes. If not, then a follow-up CL will remove both the rule and the auditallow Test: This CL is a test in itself, auditallow rules shouldn't change behavior of SELinux policy by themselves Bug: 26901147 Change-Id: Ib076448863bd54278df59a3b514c9e877eb22ee5
/system/sepolicy/public/vold.te
|
ca04f9b3c489391f4026d5f688fe76a4aa0cd0cb |
|
17-Nov-2016 |
Max <jbires@google.com> |
Removed a duplicate rule. Test: Device boots Change-Id: I151c5fb6f56850eaa215e1a917ac9ad609dbdd4a
/system/sepolicy/public/vold.te
|
cc39f637734a8d84bc861b649bfd109290c06401 |
|
22-Jul-2016 |
dcashman <dcashman@google.com> |
Split general policy into public and private components. Divide policy into public and private components. This is the first step in splitting the policy creation for platform and non-platform policies. The policy in the public directory will be exported for use in non-platform policy creation. Backwards compatibility with it will be achieved by converting the exported policy into attribute-based policy when included as part of the non-platform policy and a mapping file will be maintained to be included with the platform policy that maps exported attributes of previous versions to the current platform version. Eventually we would like to create a clear interface between the platform and non-platform device components so that the exported policy, and the need for attributes is minimal. For now, almost all types and avrules are left in public. Test: Tested by building policy and running on device. Change-Id: Idef796c9ec169259787c3f9d8f423edf4ce27f8c
/system/sepolicy/public/vold.te
|