Skip to content
Snippets Groups Projects
Select Git revision
  • abef255597c0bd45b41832acdd9cb4dde383cd49
  • master default protected
  • android-7.1.2_r28_klist
  • pie-cts-release
  • pie-vts-release
  • pie-cts-dev
  • oreo-mr1-iot-release
  • sdk-release
  • oreo-m6-s4-release
  • oreo-m4-s12-release
  • pie-release
  • pie-r2-release
  • pie-r2-s1-release
  • oreo-vts-release
  • oreo-cts-release
  • oreo-dev
  • oreo-mr1-dev
  • pie-gsi
  • pie-platform-release
  • pie-dev
  • oreo-cts-dev
  • android-o-mr1-iot-release-1.0.4
  • android-9.0.0_r8
  • android-9.0.0_r7
  • android-9.0.0_r6
  • android-9.0.0_r5
  • android-8.1.0_r46
  • android-8.1.0_r45
  • android-n-iot-release-smart-display-r2
  • android-vts-8.1_r5
  • android-cts-8.1_r8
  • android-cts-8.0_r12
  • android-cts-7.1_r20
  • android-cts-7.0_r24
  • android-o-mr1-iot-release-1.0.3
  • android-cts-9.0_r1
  • android-8.1.0_r43
  • android-8.1.0_r42
  • android-n-iot-release-smart-display
  • android-p-preview-5
  • android-9.0.0_r3
41 results

debuggerd.te

Blame
    • Christopher Ferris's avatar
      b51c4dd3
      Allow debuggerd to redirect requests. · b51c4dd3
      Christopher Ferris authored
      On 64 bit systems, all requests will first go to the 64 bit debuggerd
      which will redirect to the 32 bit debuggerd if necessary. This avoids
      any permissions problems where a java process needs to be able to
      read the elf data for executables. Instead the permissions are granted
      to debuggerd instead.
      
      Also remove the permissions to read the /system/bin executables from
      dumpstate since they aren't necessary any more.
      
      Bug: https://code.google.com/p/android/issues/detail?id=97024
      Change-Id: I80ab1a177a110aa7381c2a4b516cfe71ef2a4808
      b51c4dd3
      History
      Allow debuggerd to redirect requests.
      Christopher Ferris authored
      On 64 bit systems, all requests will first go to the 64 bit debuggerd
      which will redirect to the 32 bit debuggerd if necessary. This avoids
      any permissions problems where a java process needs to be able to
      read the elf data for executables. Instead the permissions are granted
      to debuggerd instead.
      
      Also remove the permissions to read the /system/bin executables from
      dumpstate since they aren't necessary any more.
      
      Bug: https://code.google.com/p/android/issues/detail?id=97024
      Change-Id: I80ab1a177a110aa7381c2a4b516cfe71ef2a4808
    seapp_contexts 4.38 KiB
    # Input selectors:
    #	isSystemServer (boolean)
    #	isAutoPlayApp (boolean)
    #	isOwner (boolean)
    #	user (string)
    #	seinfo (string)
    #	name (string)
    #	path (string)
    #	isPrivApp (boolean)
    # isSystemServer=true can only be used once.
    # An unspecified isSystemServer defaults to false.
    # isAutoPlayApp=true will match apps marked by PackageManager as AutoPlay
    # isOwner=true will only match for the owner/primary user.
    # isOwner=false will only match for secondary users.
    # If unspecified, the entry can match either case.
    # An unspecified string selector will match any value.
    # A user string selector that ends in * will perform a prefix match.
    # user=_app will match any regular app UID.
    # user=_isolated will match any isolated service UID.
    # isPrivApp=true will only match for applications preinstalled in
    #       /system/priv-app.
    # All specified input selectors in an entry must match (i.e. logical AND).
    # Matching is case-insensitive.
    #
    # Precedence rules:
    # 	  (1) isSystemServer=true before isSystemServer=false.
    # 	  (2) Specified isAutoPlayApp= before unspecified isAutoPlayApp= boolean.
    # 	  (3) Specified isOwner= before unspecified isOwner= boolean.
    #	  (4) Specified user= string before unspecified user= string.
    #	  (5) Fixed user= string before user= prefix (i.e. ending in *).
    #	  (6) Longer user= prefix before shorter user= prefix.
    #	  (7) Specified seinfo= string before unspecified seinfo= string.
    #	      ':' character is reserved and may not be used.
    #	  (8) Specified name= string before unspecified name= string.
    #	  (9) Specified path= string before unspecified path= string.
    # 	  (10) Specified isPrivApp= before unspecified isPrivApp= boolean.
    #
    # Outputs:
    #	domain (string)
    #	type (string)
    #	levelFrom (string; one of none, all, app, or user)
    #	level (string)
    # Only entries that specify domain= will be used for app process labeling.
    # Only entries that specify type= will be used for app directory labeling.
    # levelFrom=user is only supported for _app or _isolated UIDs.
    # levelFrom=app or levelFrom=all is only supported for _app UIDs.
    # level may be used to specify a fixed level for any UID.
    #
    #
    # Neverallow Assertions
    # Additional compile time assertion checks can be added as well. The assertion
    # rules are lines beginning with the keyword neverallow. Full support for PCRE
    # regular expressions exists on all input and output selectors. Neverallow
    # rules are never output to the built seapp_contexts file. Like all keywords,
    # neverallows are case-insensitive. A neverallow is asserted when all key value
    # inputs are matched on a key value rule line.
    #
    
    # only the system server can be in system_server domain
    neverallow isSystemServer=false domain=system_server
    neverallow isSystemServer="" domain=system_server
    
    # system domains should never be assigned outside of system uid
    neverallow user=((?!system).)* domain=system_app
    neverallow user=((?!system).)* type=system_app_data_file
    
    # anything with a non-known uid with a specified name should have a specified seinfo
    neverallow user=_app name=.* seinfo=""
    neverallow user=_app name=.* seinfo=default
    
    # neverallow shared relro to any other domain
    # and neverallow any other uid into shared_relro
    neverallow user=shared_relro domain=((?!shared_relro).)*
    neverallow user=((?!shared_relro).)* domain=shared_relro
    
    # neverallow non-isolated uids into isolated_app domain
    # and vice versa
    neverallow user=_isolated domain=((?!isolated_app).)*
    neverallow user=((?!_isolated).)* domain=isolated_app
    
    # uid shell should always be in shell domain, however non-shell
    # uid's can be in shell domain
    neverallow user=shell domain=((?!shell).)*
    
    # AutoPlay Apps must run in the autoplay_app domain
    neverallow isAutoPlayApp=true domain=((?!autoplay_app).)*
    
    isSystemServer=true domain=system_server
    user=system seinfo=platform domain=system_app type=system_app_data_file
    user=bluetooth seinfo=platform domain=bluetooth type=bluetooth_data_file
    user=nfc seinfo=platform domain=nfc type=nfc_data_file
    user=radio seinfo=platform domain=radio type=radio_data_file
    user=shared_relro domain=shared_relro
    user=shell seinfo=platform domain=shell type=shell_data_file
    user=_isolated domain=isolated_app levelFrom=user
    user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user
    user=_app isAutoPlayApp=true domain=autoplay_app type=autoplay_data_file levelFrom=all
    user=_app isPrivApp=true domain=priv_app type=app_data_file levelFrom=user
    user=_app domain=untrusted_app type=app_data_file levelFrom=user