Commits · 03177f05f9ae94c89c0051b285b3e1df2532f2b9 · Werner Sembach / AndroidSystemSEPolicy

Nov 20, 2017

Revert "Move platform/vendor data violations to device policy" · 03177f05
Jeff Vander Stoep authored 7 years ago
```
This reverts commit d4785c37.

Temporarily revert to fix crosshatch.

Test: crosshatch now builds
```
03177f05
Move platform/vendor data violations to device policy am: d4785c37 am: 497e7aeb · 6f94f1da
Jeff Vander Stoep authored 7 years ago
```
am: f9108496

Change-Id: If570c2eea00974f67253b1868973822c987f45e0
```
6f94f1da
Move platform/vendor data violations to device policy am: d4785c37 · f9108496
Jeff Vander Stoep authored 7 years ago
```
am: 497e7aeb

Change-Id: I85c0ecaeabf37362b84497055db441aa64c92eb0
```
f9108496
Move platform/vendor data violations to device policy · 497e7aeb
Jeff Vander Stoep authored 7 years ago
```
am: d4785c37

Change-Id: I41603590882cb4d70cb1636af5902edad1af0118
```
497e7aeb

Move platform/vendor data violations to device policy · d4785c37

Sharing data folders by path will be disallowed because it violates
the approved API between platform and vendor components tested by
VTS. Move all violating permissions from core selinux policy to
device specific policy so that we can exempt existing devices from
the ban and enforce it on new devices.

Bug: 34980020
Test: Move permissions. Build and test wifi, wifi AP, nfc, fingerprint
    and Play movies on Marlin and Taimen.
Test: build on Angler, Bullhead, Dragon, Fugu, Marlin, Walleye

Change-Id: Ib6fc9cf1403e74058aaae5a7b0784922f3172b4e

d4785c37

Nov 17, 2017

Allow AOSP processes to read pm_prop am: 0f5ad4e5 am: 21ce3450 · dd9df723
Jeff Vander Stoep authored 7 years ago
```
am: 4eb9687f

Change-Id: I4b31f1067f7e845afce4d1cf6c77176d2b97ff4b
```
dd9df723
Allow AOSP processes to read pm_prop am: 0f5ad4e5 · 4eb9687f
Jeff Vander Stoep authored 7 years ago
```
am: 21ce3450

Change-Id: Ic4cabef801675f28f6fe81c6034cff377ec59791
```
4eb9687f
Allow AOSP processes to read pm_prop · 21ce3450
Jeff Vander Stoep authored 7 years ago
```
am: 0f5ad4e5

Change-Id: Idcf4b52877a51c2c330a72ba416076c686e29535
```
21ce3450

Allow AOSP processes to read pm_prop · 0f5ad4e5

Jeff Vander Stoep authored 7 years ago

Exclude vendor processes.

Bug: 69309298
Test: cts-tradefed run cts -m CtsCompilationTestCases
    completed in 33s. 5 passed, 0 failed
Test: runtest frameworks-services -c \
    com.android.server.pm.dex.DexoptOptionsTests \
    --install=".*FrameworksServicesTests.apk"
    OK (5 tests)

Change-Id: Ic02caf373e2214b4b931a724ca8d4f4effbc0741

0f5ad4e5

Merge "shell: neverallow access to 'proc' label." am: 6faa3a1a am: 51251212 · d7679834
Tri Vo authored 7 years ago
```
am: feabf294

Change-Id: Id66b3cd36f5b7306de3684714b22a4ff51842e6f
```
d7679834
Merge "shell: neverallow access to 'proc' label." am: 6faa3a1a · feabf294
Tri Vo authored 7 years ago
```
am: 51251212

Change-Id: Ie3194b1314cef76240ff518ac2b86e094b9baa81
```
feabf294
Merge "shell: neverallow access to 'proc' label." · 51251212
Tri Vo authored 7 years ago
```
am: 6faa3a1a

Change-Id: Ica1a165a67f4db803e69757009a14145bb17c5b9
```
51251212
Merge "shell: neverallow access to 'proc' label." · 6faa3a1a
Tri Vo authored 7 years ago

6faa3a1a
Merge "Allow netd to read the /dev/xt_qtaguid" am: cd753d11 am: a6966554 · 1262e5fa
Chenbo Feng authored 7 years ago
```
am: 997fcf16

Change-Id: Ic4fe495fb1064d32b4bac28242c53dae06e7ed70
```
1262e5fa
Merge "Allow netd to read the /dev/xt_qtaguid" am: cd753d11 · 997fcf16
Chenbo Feng authored 7 years ago
```
am: a6966554

Change-Id: I8c09069290ffe1827212206b81616e9302bfe7ea
```
997fcf16
Merge "Allow netd to read the /dev/xt_qtaguid" · a6966554
Chenbo Feng authored 7 years ago
```
am: cd753d11

Change-Id: I01a332c51aa4a5c62e5b2bb4ba13565b48c46b88
```
a6966554
Merge "Allow netd to read the /dev/xt_qtaguid" · cd753d11
Treehugger Robot authored 7 years ago

cd753d11
Merge "Add window trace files SELinux policy rules" am: 97c86514 am: dcd0baf6 · 219d62c1
Vishnu Nair authored 7 years ago
```
am: 51871966

Change-Id: Id7363e8c5e6bc6a41bb74e0536eb80577189107d
```
219d62c1
Merge "Add window trace files SELinux policy rules" am: 97c86514 · 51871966
Vishnu Nair authored 7 years ago
```
am: dcd0baf6

Change-Id: I07782169b7a9b4ad05d8915e43599c0ae158fb2b
```
51871966
Merge "Add window trace files SELinux policy rules" · dcd0baf6
Vishnu Nair authored 7 years ago
```
am: 97c86514

Change-Id: I170162843b04280105c76d4e5d7a8d3f89583588
```
dcd0baf6
Merge "Add window trace files SELinux policy rules" · 97c86514
Treehugger Robot authored 7 years ago

97c86514

shell: neverallow access to 'proc' label. · c4ef3630

Tri Vo authored 7 years ago

Added access to proc_uptime and proc_asound to address these denials:

avc: denied { read } for name="uptime" dev="proc" ino=4026532080
scontext=u:r:shell:s0 tcontext=u:object_r:proc_uptime:s0 tclass=file
permissive=1

avc: denied { getattr } for path="/proc/asound/version" dev="proc"
ino=4026532017 scontext=u:r:shell:s0 tcontext=u:object_r:proc_asound:s0
tclass=file permissive=1

Bug: 65643247
Test: device boots with no denial from 'shell' domain.
Test: lsmod, ps, top, netstat
Test: No denials triggered from CtsSecurityHostTestCases
Test: external/toybox/run-tests-on-android.sh does not pass, but triggers
no denials from 'shell' domain to 'proc' type.

Change-Id: Ia4c26fd616e33e5962c6707a855dc24e338ec153

c4ef3630

Merge "mediaserver: remove access to 'sysfs' type." am: 499fd010 am: 92652912 · 92a4cb2e
Tri Vo authored 7 years ago
```
am: 80f63e0b

Change-Id: I93aa25bf35797a98fee8368711ef736614dcb0a4
```
92a4cb2e
Merge "mediaserver: remove access to 'sysfs' type." am: 499fd010 · 80f63e0b
Tri Vo authored 7 years ago
```
am: 92652912

Change-Id: Id419994de8b6ca9dc29e0cb3a3c0d05cd07b982a
```
80f63e0b
Merge "mediaserver: remove access to 'sysfs' type." · 92652912
Tri Vo authored 7 years ago
```
am: 499fd010

Change-Id: Ifdf2102a4305b3aa51607e78a1c6ce529b45d382
```
92652912
Merge "mediaserver: remove access to 'sysfs' type." · 499fd010
Tri Vo authored 7 years ago

499fd010
Merge "system_server: access to /proc/sys/fs/pipe-max-size" am: 25576730 am: 1bd4443a · a0875812
Tri Vo authored 7 years ago
```
am: 00057abc

Change-Id: I6d6b75701e35b35501935162670f906f9c757d4b
```
a0875812
Merge "system_server: access to /proc/sys/fs/pipe-max-size" am: 25576730 · 00057abc
Tri Vo authored 7 years ago
```
am: 1bd4443a

Change-Id: Ia72d55f0a38fb9415166d5cf03cd67b2e9e2162c
```
00057abc
Merge "system_server: access to /proc/sys/fs/pipe-max-size" · 1bd4443a
Tri Vo authored 7 years ago
```
am: 25576730

Change-Id: I97842c1a293bc68daa11adffec29514a9afbb868
```
1bd4443a

Add window trace files SELinux policy rules · 2d6942d3

Vishnu Nair authored 7 years ago

- Allow system_server to create and write to /data/misc/wmtrace/*
- Allow surfaceflinger to create and write files from /data/misc/wmtrace/*
- Allow dumpstate to read files from /data/misc/wmtrace/*
permissions are restricted to userdebug or eng builds

Bug: 64831661

Test: adb shell cmd window tracing start && adb shell cmd window tracing stop
Test: adb shell su root service call SurfaceFlinger 1025 i32 1 >/dev/null && adb shell su root service call SurfaceFlinger 1025 i32 0 >/dev/null
Test: adb bugreport ~/tmp.zip && adb shell su root dmesg | grep 'avc: '

Change-Id: I0b15166560739d73d7749201f3ad197dbcf5791c

2d6942d3

Merge "system_server: access to /proc/sys/fs/pipe-max-size" · 25576730
Treehugger Robot authored 7 years ago

25576730

mediaserver: remove access to 'sysfs' type. · 2ea12cd3

Tri Vo authored 7 years ago

Bug: 65643247
Test: cts-tradefed run cts-dev -m \
CtsMediaTestCases --compatibility:module-arg \
CtsMediaTestCases:include-annotation:\
android.platform.test.annotations.RequiresDevice
No denials from mediaserver domain to sysfs type are observed.
Change-Id: Icb5c12f04af213452d82e226993fe13085c5c33f

2ea12cd3

Nov 16, 2017

Remove unused permissions from tee am: 13c69b89 am: f6aa0695 · f384658a
Jeff Vander Stoep authored 7 years ago
```
am: c31c9096

Change-Id: I63b9ef7dc9ef200bdf4c520c6c93649655e63d33
```
f384658a
Remove unused permissions from tee am: 13c69b89 · c31c9096
Jeff Vander Stoep authored 7 years ago
```
am: f6aa0695

Change-Id: I109c44d4ebbb08aa5eb78e4d8a3b8ac106411dc2
```
c31c9096
Remove unused permissions from tee · f6aa0695
Jeff Vander Stoep authored 7 years ago
```
am: 13c69b89

Change-Id: I81e8cc02afa5b87419a4e70ab46a70ca43b85c43
```
f6aa0695

system_server: access to /proc/sys/fs/pipe-max-size · e7f4934d

Tri Vo authored 7 years ago

Label /proc/sys/fs/pipe-max-size with new type proc_pipe_conf and give
system_server access to it.

Addresses this denial:
avc: denied { read } for name="pipe-max-size" dev="proc" ino=93817
scontext=u:r:system_server:s0 tcontext=u:object_r:proc:s0 tclass=file
permissive=0

Bug: 69175449
Bug: 69324398
Test: sailfish boots
Test: adb bugreport
Test: craft an unresponsive app, trigger ANR, make sure traces are dumped
into /data/anr
Above denial from system_server not observed, no denials to proc_pipe_conf
observed.
Change-Id: I7c71f05820a4945ba982e29f76e9d9f4458b2b59

e7f4934d

Remove unused permissions from tee · 13c69b89

Jeff Vander Stoep authored 7 years ago

Only getattr and read are necessary for lnk_file. Open violates a new
neverallow for separating system and vendor data.

Bug: 34980020
Test: Enroll fingerprint on Taimen
Change-Id: I9434afbd5b4ecc1ead9f0ba47c7582fb5a6c6bf0

13c69b89

Merge "Revert "Revert "Put pm.* property in new pm_prop context""" am: 0d7e5047 am: 0181d23f · 2b669ed3
Nicolas Geoffray authored 7 years ago
```
am: fa7f3a9d

Change-Id: Id56db24bfb5821d7a7255b8646fb2dfcf22271d9
```
2b669ed3
Merge "Revert "Revert "Put pm.* property in new pm_prop context""" am: 0d7e5047 · fa7f3a9d
Nicolas Geoffray authored 7 years ago
```
am: 0181d23f

Change-Id: I7c75b607ce60eb60f8b0bfb58ed8a190940a8239
```
fa7f3a9d
Merge "Revert "Revert "Put pm.* property in new pm_prop context""" · 0181d23f
Nicolas Geoffray authored 7 years ago
```
am: 0d7e5047

Change-Id: I29fd343005136d580763eff843fa94e8e3318c06
```
0181d23f