Skip to content
Snippets Groups Projects
Select Git revision
  • android-7.1.2_r28_klist
  • master default protected
  • pie-cts-release
  • pie-vts-release
  • pie-cts-dev
  • oreo-mr1-iot-release
  • sdk-release
  • oreo-m6-s4-release
  • oreo-m4-s12-release
  • pie-release
  • pie-r2-release
  • pie-r2-s1-release
  • oreo-vts-release
  • oreo-cts-release
  • oreo-dev
  • oreo-mr1-dev
  • pie-gsi
  • pie-platform-release
  • pie-dev
  • oreo-cts-dev
  • android-o-mr1-iot-release-1.0.4
  • android-9.0.0_r8
  • android-9.0.0_r7
  • android-9.0.0_r6
  • android-9.0.0_r5
  • android-8.1.0_r46
  • android-8.1.0_r45
  • android-n-iot-release-smart-display-r2
  • android-vts-8.1_r5
  • android-cts-8.1_r8
  • android-cts-8.0_r12
  • android-cts-7.1_r20
  • android-cts-7.0_r24
  • android-o-mr1-iot-release-1.0.3
  • android-cts-9.0_r1
  • android-8.1.0_r43
  • android-8.1.0_r42
  • android-n-iot-release-smart-display
  • android-p-preview-5
  • android-9.0.0_r3
40 results
Search by author
  • Any Author
  • Werner Sembach Matombo
  • dex dex dex
2 authors
  1. Sep 28, 2017
  3. Sep 26, 2017
  5. Sep 20, 2017
    • Tri Vo's avatar
      Explicitly label filesystem files in /proc · 62f2842c
      Tri Vo authored 
      proc files needed by fwk that were labeled:
/proc/filesystems -> proc_filesystems
/proc/mounts -> proc_mounts
/proc/swaps -> proc_mounts

Removed access to proc label from these domains:
e2fs, fsck, fsck_untrusted, sdcardd

e2fs: added access to proc_filesystems, proc_mounts, proc_swaps
fsck: added access to proc_mounts, proc_swaps
fsck_untrusted: added access to proc_mounts
sdcardd: added access to proc_filesystems
vold: added access to proc_filesystems, proc_mounts

Bug: 66199084
Test: device boots without selinux denials to new labels or proc label.
Change-Id: If0f19e22074419dab0b3a0c6f3a300ea8cb94523
      62f2842c
  7. Jul 24, 2017
    • Jeff Vander Stoep's avatar
      Move domain_deprecated into private policy · 7c34e83f
      Jeff Vander Stoep authored 
      This attribute is being actively removed from policy. Since
attributes are not being versioned, partners must not be able to
access and use this attribute. Move it from private and verify in
the logs that rild and tee are not using these permissions.

Bug: 38316109
Test: build and boot Marlin
Test: Verify that rild and tee are not being granted any of these
      permissions.
Merged-In: I31beeb5bdf3885195310b086c1af3432dc6a349b
Change-Id: I31beeb5bdf3885195310b086c1af3432dc6a349b
(cherry picked from commit 76aab82c)
      7c34e83f
  9. May 15, 2017
    • Jeff Vander Stoep's avatar
      Move domain_deprecated into private policy · 76aab82c
      Jeff Vander Stoep authored 
      This attribute is being actively removed from policy. Since
attributes are not being versioned, partners must not be able to
access and use this attribute. Move it from private and verify in
the logs that rild and tee are not using these permissions.

Bug: 38316109
Test: build and boot Marlin
Test: Verify that rild and tee are not being granted any of these
      permissions.
Change-Id: I31beeb5bdf3885195310b086c1af3432dc6a349b
      76aab82c
  11. Feb 17, 2017
    • Nick Kralevich's avatar
      fsck: allow stat access on /dev/block files · 585d9767
      Nick Kralevich authored 
      To determine if it is safe to run fsck on a filesystem, e2fsck
must first determine if the filesystem is mounted. To do that,
e2fsck scans through /proc/mounts and collects all the mounted
block devices. With that information, it runs stat() on each block
device, comparing the major and minor numbers to the filesystem
passed in on the command line. If there is a match, then the filesystem
is currently mounted and running fsck is dangerous.
Allow stat access to all block devices so that fsck can compare
major/minor values.

Addresses the following denials:

avc: denied { getattr } for comm="e2fsck" path="/dev/block/sde5"
dev="tmpfs" ino=15649 scontext=u:r:fsck:s0
tcontext=u:object_r:metadata_block_device:s0 tclass=blk_file
permissive=0

avc: denied { getattr } for comm="e2fsck" path="/dev/block/sda25"
dev="tmpfs" ino=15528 scontext=u:r:fsck:s0
tcontext=u:object_r:modem_block_device:s0 tclass=blk_file permissive=0

avc: denied { getattr } for comm="e2fsck" path="/dev/block/sda31"
dev="tmpfs" ino=15552 scontext=u:r:fsck:s0
tcontext=u:object_r:system_block_device:s0 tclass=blk_file permissive=0

avc: denied { getattr } for comm="e2fsck" path="/dev/block/sdd3"
dev="tmpfs" ino=15600 scontext=u:r:fsck:s0
tcontext=u:object_r:block_device:s0 tclass=blk_file permissive=0

Bug: 35324014
Bug: 33781554
Test: device boots and no SELinux denials.
Change-Id: I5af4a334ec41952887914eec4eee5c60cc441a66
      585d9767
  13. Oct 06, 2016
    • dcashman's avatar
      Split general policy into public and private components. · cc39f637
      dcashman authored 
      Divide policy into public and private components.  This is the first
step in splitting the policy creation for platform and non-platform
policies.  The policy in the public directory will be exported for use
in non-platform policy creation.  Backwards compatibility with it will
be achieved by converting the exported policy into attribute-based
policy when included as part of the non-platform policy and a mapping
file will be maintained to be included with the platform policy that
maps exported attributes of previous versions to the current platform
version.

Eventually we would like to create a clear interface between the
platform and non-platform device components so that the exported policy,
and the need for attributes is minimal.  For now, almost all types and
avrules are left in public.

Test: Tested by building policy and running on device.

Change-Id: Idef796c9ec169259787c3f9d8f423edf4ce27f8c
      cc39f637
  15. Sep 10, 2016
  17. Sep 09, 2016
  19. Aug 29, 2016
  21. Jun 06, 2016
  23. Feb 05, 2016
    • Nick Kralevich's avatar
      Replace "neverallow domain" by "neverallow *" · 35a14514
      Nick Kralevich authored 
      Modify many "neverallow domain" rules to be "neverallow *" rules
instead. This will catch more SELinux policy bugs where a label
is assigned an irrelevant rule, as well as catch situations where
a domain attribute is not assigned to a process.

Change-Id: I5b83a2504c13b384f9dff616a70ca733b648ccdf
      35a14514
  25. Jan 27, 2016
  27. Jan 22, 2016
    • Jeff Vander Stoep's avatar
      Remove domain_deprecated from sdcard domains · 0c7bc58e
      Jeff Vander Stoep authored 
      Remove from blkid, blkid_untrusted, fsck, fsck_untrusted, sdcardd and
sgdisk.

Tested by adding external sdcard with and without
"adb shell sm set-force-adoptable true" command.

Address the following denials:
avc: denied { read } for name="swaps" dev="proc" ino=4026536590 scontext=u:r:fsck:s0 tcontext=u:object_r:proc:s0 tclass=file
avc: denied { open } for path="/proc/swaps" dev="proc" ino=4026536590 scontext=u:r:fsck:s0 tcontext=u:object_r:proc:s0 tclass=file
avc: denied { getattr } for path="/proc/swaps" dev="proc" ino=4026536590 scontext=u:r:fsck:s0 tcontext=u:object_r:proc:s0 tclass=file
avc: denied { read } for name="filesystems" dev="proc" ino=4026536591 scontext=u:r:blkid:s0 tcontext=u:object_r:proc:s0 tclass=file
avc: denied { open } for path="/proc/filesystems" dev="proc" ino=4026536591 scontext=u:r:blkid:s0 tcontext=u:object_r:proc:s0 tclass=file
avc: denied { getattr } for path="/proc/filesystems" dev="proc" ino=4026536591 scontext=u:r:blkid:s0 tcontext=u:object_r:proc:s0 tclass=file

Change-Id: I097e2ba5205e43f8ee613dae063f773a35ce3d73
      0c7bc58e
  29. Nov 03, 2015
    • Jeff Vander Stoep's avatar
      Create attribute for moving perms out of domain · d22987b4
      Jeff Vander Stoep authored 
      Motivation: Domain is overly permissive. Start removing permissions
from domain and assign them to the domain_deprecated attribute.
Domain_deprecated and domain can initially be assigned to all
domains. The goal is to not assign domain_deprecated to new domains
and to start removing domain_deprecated where it is not required or
reassigning the appropriate permissions to the inheriting domain
when necessary.

Bug: 25433265
Change-Id: I8b11cb137df7bdd382629c98d916a73fe276413c
      d22987b4
  31. Apr 01, 2015
    • Jeff Sharkey's avatar
      Different blkid and fsck execution domains. · 84e1c611
      Jeff Sharkey authored 
      vold works with two broad classes of block devices: untrusted devices
that come in from the wild, and trusted devices.

When running blkid and fsck, we pick which SELinux execution domain
to use based on which class the device belongs to.

Bug: 19993667
Change-Id: I44f5bac5dd94f0f76f3e4ef50ddbde5a32bd17a5
      84e1c611