Skip to content
Snippets Groups Projects
Select Git revision
  • android-7.1.2_r28_klist
  • master default protected
  • pie-cts-release
  • pie-vts-release
  • pie-cts-dev
  • oreo-mr1-iot-release
  • sdk-release
  • oreo-m6-s4-release
  • oreo-m4-s12-release
  • pie-release
  • pie-r2-release
  • pie-r2-s1-release
  • oreo-vts-release
  • oreo-cts-release
  • oreo-dev
  • oreo-mr1-dev
  • pie-gsi
  • pie-platform-release
  • pie-dev
  • oreo-cts-dev
  • android-o-mr1-iot-release-1.0.4
  • android-9.0.0_r8
  • android-9.0.0_r7
  • android-9.0.0_r6
  • android-9.0.0_r5
  • android-8.1.0_r46
  • android-8.1.0_r45
  • android-n-iot-release-smart-display-r2
  • android-vts-8.1_r5
  • android-cts-8.1_r8
  • android-cts-8.0_r12
  • android-cts-7.1_r20
  • android-cts-7.0_r24
  • android-o-mr1-iot-release-1.0.3
  • android-cts-9.0_r1
  • android-8.1.0_r43
  • android-8.1.0_r42
  • android-n-iot-release-smart-display
  • android-p-preview-5
  • android-9.0.0_r3
40 results
Search by author
  • Any Author
  • Werner Sembach Matombo
  • dex dex dex
2 authors
  1. Feb 01, 2018
  3. Jan 31, 2018
    • Joel Galenson's avatar
      Track priv_app SELinux denial. · 2218696a
      Joel Galenson authored 
      This should fix presubmit tests.

Bug: 72749888
Test: Built policy.
Change-Id: I588bba52d26bcc7d93ebb16e28458d9125f73108
      2218696a
    • Bowgo Tsai's avatar
      Renames nonplat_* to vendor_* · 9aa8496f
      Bowgo Tsai authored 
      This change renames the non-platform sepolicy files on a DUT from
nonplat_* to vendor_*.

It also splits the versioned platform sepolicy from vendor_sepolicy.cil
to a new file /vendor/etc/selinux/plat_pub_versioned.cil. And only keeps
vendor customizations in vendor_sepolicy.cil.

Build variable BOARD_SEPOLICY_DIRS is also renamed to
BOARD_VENDOR_SEPOLICY_DIRS.

Bug: 64240127
Test: boot an existing device
Change-Id: Iea87a502bc6191cfaf8a2201f29e4a2add4ba7bf
      9aa8496f
    • Siarhei Vishniakou's avatar
      Allow input system access to /dev/v4l-touchX · 36a3df44
      Siarhei Vishniakou authored 
      Bug: 62940136
Test: read /dev/v4l-touchX from inputflinger

Change-Id: Ifcece4192c567e0cbaba1b7ad40d25c8f34f8e40
      36a3df44
  5. Jan 30, 2018
    • Joel Galenson's avatar
      Clean up bug_map. · 26ccebd7
      Joel Galenson authored 
      Remove bugs that have been fixed, re-map duped bugs, and alphabetize
the list.

Test: Booted Walleye and Sailfish, tested wifi and camera, and
observed no new denials.

Change-Id: I94627d532ea13f623fe29cf259dd404bfd850c13
      26ccebd7
    • Jeff Vander Stoep's avatar
      priv_app: suppress denials for /proc/stat · e88d6494
      Jeff Vander Stoep authored 
      Bug: 72668919
Test: build
Change-Id: Id156b40a572dc0dbfae4500865400939985949d9
      e88d6494
  7. Jan 29, 2018
    • Ruchi Kandoi's avatar
      SE Policy for Secure Element app and Secure Element HAL · 8a2b4a78
      Ruchi Kandoi authored 
      Test: App startup on boot
Change-Id: I7740aafc088aadf676328e3f1bb8db5175d97102
      8a2b4a78
    • Joel Galenson's avatar
      Track usbd SELinux denial. · 07efe37c
      Joel Galenson authored 
      This should fix presubmit tests.

Bug: 72472544
Test: Built policy.
Change-Id: I01f0fe3dc759db66005e26d15395893d494c4bb7
      07efe37c
    • Tom Cherry's avatar
      Remove vendor_init from coredomain · 9c778045
      Tom Cherry authored 
      vendor_init exists on the system partition, but it is meant to be an
extention of init that runs with vendor permissions for executing
vendor scripts, therefore it is not meant to be in coredomain.

Bug: 62875318
Test: boot walleye
Merged-In: I01af5c9f8b198674b15b90620d02725a6e7c1da6
Change-Id: I01af5c9f8b198674b15b90620d02725a6e7c1da6
      9c778045
    • Primiano Tucci's avatar
      SELinux policies for Perfetto cmdline client (/system/bin/perfetto) · 1a9f4f7a
      Primiano Tucci authored 
      Instead of having statsd linking the perfetto client library
and talk directly to its socket, we let just statsd exec()
the /system/bin/perfetto cmdline client.

There are two reasons for this:
1) Simplify the interaction between statsd and perfetto, reduce
  dependencies, binary size bloat and isolate faults.
2) The cmdline client also takes care of handing the trace to
  Dropbox. This allows to expose the binder interaction surface
  to the short-lived cmdline client and avoid to grant binder
  access to the perfetto traced daemon.

This cmdline client will be used by:
 - statsd
 - the shell user (for our UI and Studio)

Bug: 70942310
Change-Id: I8cdde181481ad0a1a5cae5937ac446cedac54a1f
      1a9f4f7a
  9. Jan 28, 2018
  11. Jan 25, 2018
    • Joel Galenson's avatar
      Track crash_dump selinux denial. · 6e705357
      Joel Galenson authored 
      This should fix presubmit tests.

Bug: 72507494
Test: Built policy.
Change-Id: I56944d92232c7a715f0c88c13e24f65316805c39
      6e705357
    • Tom Cherry's avatar
      Neverallow vendor_init from accessing stats_data_file · c2653ae8
      Tom Cherry authored 
      The exception for vendor_init in this neverallow was never needed.

Bug: 62875318
Test: Build walleye, bullhead
Change-Id: Iac2b57df30b376492851d7520994e0400a87f1e1
      c2653ae8
    • Joel Galenson's avatar
      Suppress denials from idmap reading installd's files. · b050dccd
      Joel Galenson authored 
      We are occasionally seeing the following SELinux denial:

avc: denied { read } for comm="idmap" path="/proc/947/mounts" scontext=u:r:idmap:s0 tcontext=u:r:installd:s0 tclass=file

This commit suppresses that exact denial.

We believe this is occurring when idmap is forked from installd, which is reading its mounts file in another thread.

Bug: 72444813
Test: Boot Walleye and test wifi and camera.
Change-Id: I3440e4b00c7e5a708b562a93b304aa726b6a3ab9
      b050dccd
    • Andreas Gampe's avatar
      Sepolicy: Allow stack dumps of statsd · 7468db67
      Andreas Gampe authored 
      Allow dumpstate & system server watchdog to dump statsd stacks.

Bug: 72461610
Test: m
Change-Id: I4c3472881da253f85d54b5e5b767b06e2618af9c
      7468db67
    • Joel Galenson's avatar
      Track idmap selinux denial. · 7b1e9a5f
      Joel Galenson authored 
      This should fix presubmit tests.

Bug: 72444813
Test: Built policy.
Change-Id: I5b8661b34c9417cd95cb0d6b688443dcbe0d1c0b
      7b1e9a5f
  13. Jan 24, 2018
    • Jaekyun Seok's avatar
      Add a default rule for /product files · a90cae8c
      Jaekyun Seok authored 
      Since /product is an extension of /system, its file contexts should be
consistent with ones of /system.

Bug: 64195575
Test: tested installing a RRO, apps, priv-apps and permissions
Change-Id: I7560aaaed852ba07ebe1eb23b303301481c897f2
      a90cae8c
    • yinxu's avatar
      Add sepolicy for radio.config · 612350e3
      yinxu authored 
      Bug: 64131518
Test: Compile and flash the device, check whether service vendor.radio-config-hal-1-0 starts
Change-Id: Id728658b4acdda87748259b74e6b7438f6283ea5
      612350e3
    • yro's avatar
      Allow binder call between statsd and healthd. Also allow statsd to find · 53164f40
      yro authored 
      health hal service for battery metrics.

Test: cts test, manual test

Change-Id: I73a801f6970e25bee5921479f2f7078bcb1973a9
      53164f40
    • Pavel Grafov's avatar
      Allow Keystore to check security logging property. · c5b3330c
      Pavel Grafov authored 
      This is needed to allow it to log audit events.

Test: manual, import a key and see adb shell su system logcat -b security
Bug: 70886042
Change-Id: Icd3c13172d47f8eac7c2a97c306d8c654e634f88
      c5b3330c
    • yro's avatar
      Update sepolicy of statsd to be able to find incident_service · cf38ca5e
      yro authored 
      Test: manual testing
Change-Id: Ia97c956c08d2062af6b33622c6b61ca3810b0cb1
      cf38ca5e
    • Janis Danisevskis's avatar
      Added default policy for Confirmation UI HAL · 97c56bdd
      Janis Danisevskis authored 
      Bug: 63928580
Test: Manually tested.

Change-Id: If6bb10cb7c009883d853e46dcdeb92cd33877d53
      97c56bdd
    • Max Bires's avatar
      Adding permission for traceur to use content provider · 278147eb
      Max Bires authored 
      This change will allow traceur to pass a file descriptor to another app
in order to allow that app to process trace data files. E.g. in the use
case that someone would like to email the traces they collected and pass
the trace data files to gmail, this will now be permitted.

Bug:68126425
Test: Traceur can pass fd's to untrusted apps for processing
Change-Id: If0507b5d1f06fd8400e04bd60e06a44153dc59b7
      278147eb
    • Marissa Wall's avatar
      sepolicy: restrict access to uid_cpupower files · dfe063c3
      Marissa Wall authored 
      Do not let apps read /proc/uid_cpupower/time_in_state,
/proc/uid_cpupower/concurrent_active_time,
/proc/uid_cpupower/concurrent_policy_time.

b/71718257

Test: Check that they can't be read from the shell
    without root permissions and system_server was able
    to read them

Change-Id: I812694adfbb4630f7b56aa7096dc2e6dfb148b15
      dfe063c3
    • Joel Galenson's avatar
      Fix init error trying to access file. · cf391269
      Joel Galenson authored 
      Init tries to write /proc/sys/vm/min_free_order_shift but fails due to
a SELinux denial.  This gives the file a new label and gives init the
ability to write it.

Test: Build and booted Sailfish (a couple of days ago).
Change-Id: Ic93862b85c468afccff2019d84b927af9ed2a84d
      cf391269
  15. Jan 23, 2018
    • Tom Cherry's avatar
      Label /vendor_file_contexts as file_contexts_file · ecc4868f
      Tom Cherry authored 
      vendor_init doesn't have permissions to read rootfs labeled files, but
needs to read /vendor_file_contexts to do restorecon correctly.  This
file is a file_contexts file, so labeling it as such seems appropriate.

Test: bullhead + vendor_init doesn't hit this audit
Change-Id: I1f2cf7dd7de17806ac0f1dfe2483fb6d6659939b
      ecc4868f
    • Dongwon Kang's avatar
      Allow mediaextractor to load libraries from apk_data_file · 1134bd00
      Dongwon Kang authored 
      This is an experimental feature only on userdebug and eng build.

Test: play MP4 file. install & uninstall media update apk.
Bug: 67908547
Change-Id: I513cdbfda962f00079e886b7a42f9928e81f6474
      1134bd00
    • Yi Jin's avatar
      Selinux permissions for incidentd project · bc24ba72
      Yi Jin authored 
      Bug: 64222712
Test: manual
Change-Id: Ica77ae3c9e535eddac9fccf11710b0bcb3254ab3
      bc24ba72
    • Max Bires's avatar
      Fixing traceur selinux permission error · 842cc268
      Max Bires authored 
      getattr for trace_data_file:dir permissions was missing, impacting
functionality.

Bug:68126425
Test: Traceur functionality is properly working
Change-Id: I2c8ae5cf3463a8e5309b8402713744e036a64171
      842cc268
    • Tri Vo's avatar
      dumpstate: remove access to 'proc' and 'sysfs' types. · 218d87c0
      Tri Vo authored 
      And grant appropriate permissions to more granular types.

Bug: 29319732
Bug: 65643247
Test: adb bugreport; no new denials to /proc or /sys files.

Change-Id: Ied99546164e79bfa6148822858c165177d3720a5
      218d87c0
  17. Jan 22, 2018
    • Steven Moreland's avatar
      Clarify sysfs_leds neverallow. · 623d9f06
      Steven Moreland authored 
      Now that init no longer uses it.

Fixes: 70846424
Test: no neverallows tripped
Change-Id: I5c22dd272b66fd32b4758c1dce659ccd98b8a7ba
      623d9f06
    • Max Bires's avatar
      Adding write permissions to traceur · 35c36389
      Max Bires authored 
      Fixing denials that stopped traceur from being able to write to
debugfs_tracing. Also cleaning up general find denials for services that
traceur doesn't have permission to access.

Additionally, labeling /data/local/trace as a trace_data_file in order
to give traceur a UX friendly area to write its traces to now that it
will no longer be a shell user. It will be write/readable by traceur,
and deletable/readable by shell.

Test: Traceur functionality is not being blocked by selinux policy
Bug: 68126425
Change-Id: I201c82975a31094102e90bc81454d3c2a48fae36
      35c36389
    • Steven Moreland's avatar
      Add policy for 'blank_screen'. · 8bda3dfa
      Steven Moreland authored 
      This util allows init to turn off the screen
without any binder dependencies.

Bug: 70846424
Test: manual + init use
Change-Id: I4f41a966d6398e959ea6baf36c2cfe6fcebc00de
      8bda3dfa
  19. Jan 20, 2018
  21. Jan 19, 2018
    • Tao Bao's avatar
      Add rules for system_update service. · d7d9cfca
      Tao Bao authored 
      system_update service manages system update information: system updater
(priv_app) publishes the pending system update info through the service,
while other apps can read the info accordingly (design doc in
go/pi-ota-platform-api).

This CL adds the service type, and grants priv_app to access the service.

Bug: 67437079
Test: Build and flash marlin image. The system_update service works.
Change-Id: I7a3eaee3ecd3e2e16b410413e917ec603566b375
      d7d9cfca
    • Paul Crowley's avatar
      Allow access to the metadata partition for metadata encryption. · ab318e30
      Paul Crowley authored 
      Bug: 63927601
Test: Enable metadata encryption in fstab on Taimen, check boot success.
Change-Id: Id425c47d48f413d6ea44ed170835a52d0af39f9f
      ab318e30
    • Daniel Rosenberg's avatar
      Label esdfs as sdcardfs · 9d0d6856
      Daniel Rosenberg authored 
      Test: esdfs should be mountable and usable with selinux on
Bug: 63876697
Change-Id: I7a1d96d3f0d0a6dbc1c98f0c4a96264938011b5e
      9d0d6856
    • Yifan Hong's avatar
      move /vendor VINTF data to /vendor/etc/vintf · 8d8da6a2
      Yifan Hong authored 
      Test: boots
Test: hwservicemanager can read these files
Bug: 36790901
Change-Id: I0431a7f166face993c1d14b6209c9b502a506e09
      8d8da6a2