- Oct 17, 2017
-
-
Jeff Vander Stoep authored
As part of Treble, enforce that the communication between platform and vendor components use the official hw binder APIs. Prevent sharing of data by file path. Platform and vendor components may share files, but only via FD passed over hw binder. This change adds the violators attribute that will be used to mark violating domains that need to be fixed. Bug: 34980020 Test: build Change-Id: Id9acfbbc86bfd6fd0633b8164a37ce94d25ffa2c
-
- Oct 14, 2017
-
-
Todd Poynor authored
Allow PowerUI / platform_app to use thermalservice for receiving notifications of thermal events. Bug: 66698613 Test: PowerNotificationWarningsTest, PowerUITest, manual: marlin and <redacted> with artificially low temperature threshold and logcat debugging messages Change-Id: I5428bd5f99424f83ef72d981afaf769bdcd03629 Merged-In: I5428bd5f99424f83ef72d981afaf769bdcd03629
-
- Oct 13, 2017
-
-
Treehugger Robot authored
-
Treehugger Robot authored
-
Jeff Vander Stoep authored
Dontaudit denials for services that system_app may not use due to neverallow assertions. Bug: 67779088 Test: build Change-Id: I822a7909c86bee5c2fdeec6e13af1a9791883f72
-
Jeff Vander Stoep authored
This denial should not be allowed. Add bug information to the denial to give context. Bug: 63801215 Test: build Change-Id: I3dc5ce6a5aa1c6bf74c6fd13cab082c7f263c4e8
-
Treehugger Robot authored
-
Jeff Vander Stoep authored
Addresses: avc: denied { search } for comm="sh" name="bms" dev="sysfs" ino=47908 scontext=u:r:shell:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir Test: build Change-Id: I8a0197417c47feefba084e9c75933d28c5f6e5f1
-
Tri Vo authored
-
- Oct 12, 2017
-
-
Tri Vo authored
New types: sysfs_android_usb sysfs_ipv4 sysfs_power sysfs_rtc sysfs_switch sysfs_wakeup_reasons Labeled: /sys/class/android_usb, /sys/devices/virtual/android_usb ->sysfs_android_usb /sys/class/rtc -> sysfs_rtc /sys/class/switch, /sys/devices/virtual/switch -> sysfs_switch /sys/power/state, /sys/power/wakeup_count -> sysfs_power /sys/kernel/ipv4 -> sysfs_ipv4 /sys/kernel/wakeup_reasons -> sysfs_wakeup_reasons Removed access to sysfs and sysfs_type from system_server and added appropriate access to new types. Bug: 65643247 Test: sailfish boots without violation from system_server or to new labels. Change-Id: I27250fd537d76c8226defa138d84fe2a4ce2d5d5
-
Chong Zhang authored
-
Jeff Vander Stoep authored
Test: build aosp_sailfish Change-Id: Iaefe1df66885d3e78feb600c3d9845bd9fe671a2
-
- Oct 11, 2017
-
-
Chong Zhang authored
bug: 67029332 testing: - build - boot - CTS MediaCasTest on Pixel2 Change-Id: I019e0156c67c84875310d630f8a8bec7aaa483a6
-
- Oct 10, 2017
-
-
Tao Bao authored
Prior to this CL, /sys/devices/virtual/block/dm-X was using the generic sysfs label. This CL creates sysfs_dm label and grants the following accesses: - update_verifier to read sysfs_dm dir and file at /sys/devices/virtual/block/dm-X. - vold to write sysfs_dm. Bug: 63440407 Test: update_verifier successfully triggers blocks verification and marks a sucessful boot; Test: No sysfs_dm related denials on sailfish. Change-Id: I6349412707800f1bd3a2fb94d4fe505558400c95
-
Nick Kralevich authored
isolated_apps are intended to be strictly limited in the /sys files which can be read. Add a neverallow assertion to guarantee this on all Android compatible devices. Test: policy compiles. Change-Id: I2980291dcf4e74bb12c81199d61c5eb8a182036c
-
- Oct 09, 2017
-
-
Treehugger Robot authored
-
Treehugger Robot authored
-
Jeff Vander Stoep authored
Comments indicate that these permissions are used to access already open FDs. However, getattr of a directory is clearly not necessary for that, search of system_data_file is already granted to domain and following symlinks is clearly not needed for reading an already open FD. Bug: 34980020 Test: boot marlin. Test drm with google play movies, no related denials Test: cts-tradefed run cts -m CtsMediaTestCases -t \ android.media.cts.MediaCasTest 5/6 tests fail with no related selinux denials. The same 5/6 also fail in selinux permissive mode. Change-Id: Ib4b9a1e18bdc479d656b2d64917bbc0358515525
-
Dan Cashman authored
Bug: 64687998 Test: Builds. Change-Id: I7a5b65d34382b8b76e55c523811a0f17dd9c1051
-
Tri Vo authored
Bug: 65643247 Test: sailfish boots, can take pictures, use browser without denials form kernel domain. Change-Id: I4fc0555f0b65fc5537e0b2765142b384ed0560c8
-
- Oct 08, 2017
-
-
Jeffrey Vander Stoep authored
-
- Oct 07, 2017
-
-
Treehugger Robot authored
-
Nick Kralevich authored
-
Nick Kralevich authored
Bullhead and dragon are broken. Revert until I can fix those builds. Dragon: libsepol.report_failure: neverallow on line 113 of system/sepolicy/private/isolated_app.te (or line 26264 of policy.conf) violated by allow isolated_app sysfs_socinfo:file { ioctl read lock open }; Bullhead: libsepol.report_failure: neverallow on line 113 of system/sepolicy/private/isolated_app.te (or line 26283 of policy.conf) violated by allow isolated_app sysfs_power_management:file { ioctl read lock open }; libsepol.report_failure: neverallow on line 113 of system/sepolicy/private/isolated_app.te (or line 26283 of policy.conf) violated by allow isolated_app sysfs_socinfo:file { ioctl read lock open }; libsepol.report_failure: neverallow on line 113 of system/sepolicy/private/isolated_app.te (or line 26283 of policy.conf) violated by allow isolated_app sysfs_thermal:file { ioctl read lock open }; libsepol.check_assertions: 3 neverallow failures occurred This reverts commit 579366a0. Change-Id: I1ea4824e226c06628769898299f2e322060d0d06 Test: policy compiles.
-
Treehugger Robot authored
-
Nick Kralevich authored
Mediaextractor should only be operating on data passed directly to it. It shouldn't be attempting to open /data files on it's own. Add a neverallow statement (compile time assertion + CTS test) to ensure this is the case. Bug: 67454004 Test: policy compiles. No runtime impact. Change-Id: Ie94d4cb9aece7e72fbd13321f339dcf9d44d5d77
-
Treehugger Robot authored
-
Jeff Vander Stoep authored
Allows partners to add a new attribute definition to their public policy without causing a compatibility failure with the AOSP system image. Bug: 67092827 Bug: 37915794 Test: build and boot aosp_sailfish with new type declared in public policy Change-Id: I015c26fa7c399423e8a6e7079b5689007d031479
-
- Oct 06, 2017
-
-
Jeffrey Vander Stoep authored
-
Nick Kralevich authored
These denials are expected and the code has fallbacks to handle this case. Test: policy compiles. Bug: 67454004 Change-Id: I787625494d0a7c9945318428b6fd3f668a8a2564
-
Treehugger Robot authored
-
Tri Vo authored
Renamed this type: proc_asound_cards -> proc_asound Labeled /proc/asound/devices as proc_asound. We now use proc_asound type to label files under /proc/asound which we want to expose to system components. Bug: 66988327 Test: Pixel 2 boots, can play sound with or without headphones, and selinux denials to proc_asound are not seen. Change-Id: I453d9bfdd70eb80931ec9e80f17c8fd0629db3d0
-
Treehugger Robot authored
-
- Oct 05, 2017
-
-
Nick Kralevich authored
isolated_apps are intended to be strictly limited in the /sys files which can be read. Add a neverallow assertion to guarantee this on all Android compatible devices. Test: policy compiles. Change-Id: I47aceefa3f43a7ea9e526f6f0ef377d0b4efbe3a
-
Treehugger Robot authored
-
Marco Nelissen authored
-
Jeff Vander Stoep authored
FAILED: out/target/product/sailfish/obj/ETC/treble_sepolicy_tests_intermediates/treble_sepolicy_tests Error: library-path out/host/darwin-x86/lib64/libsepolwrap.so does not exist Note, fixing here instead of reverting to avoid reverting changes in CTS. Test: ctate testing on Mac Change-Id: I95f483b152d9bece1a16267cbc49eedb1f902990
-
- Oct 04, 2017
-
-
Marco Nelissen authored
so they can use MediaExtractor too. Bug: 67406992 Test: yes Change-Id: Iaacadc13b1fc032fe31eea1f3ecbbbabb741470a
-
Treehugger Robot authored
-
Jeff Vander Stoep authored
On Marlin/Sailfish, StorageManager tests in CTS are exposing a bug where the /proc/<pid>/ns/mnt files for system_server are briefly mislabeled as "proc" instead of "system_server". Resulting in the tests failing. Temporarily re-granting access to the default label until the labeling issue can be tracked down. Repro steps: cts-tradefed run commandAndExit cts-dev -m CtsOsTestCases \ -t android.os.storage.cts.StorageManagerTest Failures: android.os.storage.cts.StorageManagerTest#testOpenProxyFileDescriptor fail: java.lang.IllegalStateException: command '58 appfuse mount 10065 959 0' failed with '400 58 Command failed' android.os.storage.cts.StorageManagerTest#testOpenProxyFileDescriptor_async fail: java.lang.IllegalStateException: command '59 appfuse mount 10065 959 1' failed with '400 59 Command failed' android.os.storage.cts.StorageManagerTest#testOpenProxyFileDescriptor_error fail: java.lang.IllegalStateException: command '60 appfuse mount 10065 959 2' failed with '400 60 Command failed' From the log: 10-04 20:41:22.972 595 604 E vold : Failed to open namespace for /proc/959/ns/mnt: Permission denied 10-04 20:41:22.967 604 604 W vold : type=1400 audit(0.0:90): avc: denied { read } for dev="proc" ino=4026534249 scontext=u:r:vold:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0 10-04 20:41:23.051 604 604 W vold : type=1400 audit(0.0:91): avc: denied { read } for dev="proc" ino=4026534249 scontext=u:r:vold:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0 10-04 20:41:23.054 595 604 E vold : Failed to open namespace for /proc/959/ns/mnt: Permission denied 10-04 20:41:23.081 604 604 W vold : type=1400 audit(0.0:92): avc: denied { read } for dev="proc" ino=4026534249 scontext=u:r:vold:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0 10-04 20:41:23.086 595 604 E vold : Failed to open namespace for /proc/959/ns/mnt: Permission denied sailfish:/ # ps -AZ | grep 959 u:r:system_server:s0 system 959 628 \ 4557136 251500 SyS_epoll_wait 70e6df822c S system_server The file labels appear to be correct when checked manually. sailfish:/ # ls -lZ /proc/959/ns/ lrwxrwxrwx 1 system system u:r:system_server:s0 0 2017-10-04 17:19 mnt -> mnt:[4026534249] lrwxrwxrwx 1 system system u:r:system_server:s0 0 2017-10-04 20:55 net -> net:[4026531906] Bug: 67049235 Test: cts-tradefed run commandAndExit cts-dev -m CtsOsTestCases \ -t android.os.storage.cts.StorageManagerTes Change-Id: Id4d200856c02c023c6f516e3f3bfa060e100086c
-