Skip to content
Snippets Groups Projects
Select Git revision
  • android-7.1.2_r28_klist
  • master default protected
  • pie-cts-release
  • pie-vts-release
  • pie-cts-dev
  • oreo-mr1-iot-release
  • sdk-release
  • oreo-m6-s4-release
  • oreo-m4-s12-release
  • pie-release
  • pie-r2-release
  • pie-r2-s1-release
  • oreo-vts-release
  • oreo-cts-release
  • oreo-dev
  • oreo-mr1-dev
  • pie-gsi
  • pie-platform-release
  • pie-dev
  • oreo-cts-dev
  • android-o-mr1-iot-release-1.0.4
  • android-9.0.0_r8
  • android-9.0.0_r7
  • android-9.0.0_r6
  • android-9.0.0_r5
  • android-8.1.0_r46
  • android-8.1.0_r45
  • android-n-iot-release-smart-display-r2
  • android-vts-8.1_r5
  • android-cts-8.1_r8
  • android-cts-8.0_r12
  • android-cts-7.1_r20
  • android-cts-7.0_r24
  • android-o-mr1-iot-release-1.0.3
  • android-cts-9.0_r1
  • android-8.1.0_r43
  • android-8.1.0_r42
  • android-n-iot-release-smart-display
  • android-p-preview-5
  • android-9.0.0_r3
40 results
Search by author
  • Any Author
  • Werner Sembach Matombo
  • dex dex dex
2 authors
  1. Jan 19, 2018
  3. Jan 10, 2018
    • Jaekyun Seok's avatar
      Whitelist exported platform properties · e4971454
      Jaekyun Seok authored 
      This CL lists all the exported platform properties in
private/exported_property_contexts.

Additionally accessing core_property_type from vendor components is
restricted.
Instead public_readable_property_type is used to allow vendor components
to read exported platform properties, and accessibility from
vendor_init is also specified explicitly.

Note that whitelisting would be applied only if
PRODUCT_COMPATIBLE_PROPERTY is set on.

Bug: 38146102
Test: tested on walleye with PRODUCT_COMPATIBLE_PROPERTY=true
Change-Id: I304ba428cc4ca82668fec2ddeb17c971e7ec065e
      e4971454
  5. Dec 11, 2017
    • Tri Vo's avatar
      Remove access to 'sysfs' files from healtd and charger. · d276b434
      Tri Vo authored 
      We rely on vendors to label all dependencies of healthd/charger under
/sys/class/power_supply with sysfs_batteryinfo type.

Bug: 65643247
Bug: 32659667
Test: boots without denials from healthd, to sysfs_batteryinfo or to
sysfs_msm_subsys.
Test: charging with device turned off works without /sys denials.

Change-Id: I893f309ecad8a0caf7d0b81f5f945725907255c2
      d276b434
  7. Nov 21, 2017
    • Benjamin Gordon's avatar
      sepolicy: Add rules for non-init namespaces · 9b2e0cbe
      Benjamin Gordon authored 
      In kernel 4.7, the capability and capability2 classes were split apart
from cap_userns and cap2_userns (see kernel commit
8e4ff6f228e4722cac74db716e308d1da33d744f). Since then, Android cannot be
run in a container with SELinux in enforcing mode.

This change applies the existing capability rules to user namespaces as
well as the root namespace so that Android running in a container
behaves the same on pre- and post-4.7 kernels.

This is essentially:
  1. New global_capability_class_set and global_capability2_class_set
     that match capability+cap_userns and capability2+cap2_userns,
     respectively.
  2. s/self:capability/self:global_capability_class_set/g
  3. s/self:capability2/self:global_capability2_class_set/g
  4. Add cap_userns and cap2_userns to the existing capability_class_set
     so that it covers all capabilities.  This set was used by several
     neverallow and dontaudit rules, and I confirmed that the new
     classes are still appropriate.

Test: diff new policy against old and confirm that all new rules add
      only cap_userns or cap2_userns;
      Boot ARC++ on a device with the 4.12 kernel.
Bug: crbug.com/754831

Change-Id: I4007eb3a2ecd01b062c4c78d9afee71c530df95f
      9b2e0cbe
  9. Nov 15, 2017
    • Tri Vo's avatar
      charger: read permissions to /sys/power/state · cb043a58
      Tri Vo authored 
      Fixes these denials:
avc:  denied  { read } for  pid=585 comm="charger" name="state"
dev="sysfs" ino=18844 scontext=u:r:charger:s0
tcontext=u:object_r:sysfs_power:s0 tclass=file permissive=1

avc:  denied  { open } for  pid=585 comm="charger"
path="/sys/power/state" dev="sysfs" ino=18844 scontext=u:r:charger:s0
tcontext=u:object_r:sysfs_power:s0 tclass=file permissive=1

Test: above denials not observed in charger mode.
Change-Id: I5660e63315fada7f24d6cfe2e0bd2b383b556670
      cb043a58
  11. Nov 08, 2017
    • Yifan Hong's avatar
      charger: reads /sys/power/state · 869386d7
      Yifan Hong authored 
      /sys/power/state is labled as sysfs_power now. Allow charger to
write to it instead of writing to sysfs.

Test: no denials for charger on this file
Change-Id: Idf8c2656fa1094a69a627c1a705a83893bf3afb3
      869386d7
  13. Dec 16, 2016
    • Sandeep Patil's avatar
      healthd: create SEPolicy for 'charger' and reduce healthd's scope · dc08245c
      Sandeep Patil authored 
      
healthd is being split into 'charger' and 'healthd' processes, that
will never run together. 'charger' is to be run only in charge-only
and recovery, while healthd runs with Android.

While they both share much of battery monitoring code, they both now
have reduced scope. E.g. 'charger', doesn't need to use binder anymore
and healthd doesn't need to do charging ui animation. So, amend the
SEPolicy for healthd to reduce it's scope and add a new one for charger.

Test: Tested all modes {recovery, charger-only, android} with new policy

Change-Id: If7f81875c605f7f07da4d23a313f308b9dde9ce8
Signed-off-by: default avatarSandeep Patil <sspatil@google.com>
(cherry picked from commit c73d0022)
      dc08245c
  15. Nov 04, 2016
    • Sandeep Patil's avatar
      healthd: create SEPolicy for 'charger' and reduce healthd's scope · c73d0022
      Sandeep Patil authored 
      
healthd is being split into 'charger' and 'healthd' processes, that
will never run together. 'charger' is to be run only in charge-only
and recovery, while healthd runs with Android.

While they both share much of battery monitoring code, they both now
have reduced scope. E.g. 'charger', doesn't need to use binder anymore
and healthd doesn't need to do charging ui animation. So, amend the
SEPolicy for healthd to reduce it's scope and add a new one for charger.

Test: Tested all modes {recovery, charger-only, android} with new policy

Change-Id: If7f81875c605f7f07da4d23a313f308b9dde9ce8
Signed-off-by: default avatarSandeep Patil <sspatil@google.com>
      c73d0022