Commits · 448669540c0b7c22ee8b8293217818f8f92238b6 · Werner Sembach / AndroidSystemSEPolicy

Feb 15, 2017

system_server: replace sys_resource with sys_ptrace · 44866954

Nick Kralevich authored 8 years ago

Commit https://android.googlesource.com/kernel/common/+/f0ce0eee added
CAP_SYS_RESOURCE as a capability check which would allow access to
sensitive /proc/PID files. However, in an SELinux based world, allowing
this access causes CAP_SYS_RESOURCE to duplicate what CAP_SYS_PTRACE
(without :process ptrace) already provides.

Use CAP_SYS_PTRACE instead of CAP_SYS_RESOURCE.

Add a neverallow rule to prevent system_server from using this
capability to ptrace attach to any other process. This limits the
capability of system_server to only reading sensitive /proc files, but
not ptrace() access.

Test: Device boots, functionality remains identical, no sys_resource
denials from system_server.
Bug: 34951864
Change-Id: I04d745b436ad75ee1ebecf0a61c6891858022e34

44866954

Merge changes from topic 'selinux-targetSdkVersion' am: fb678339 am: d16878f9 am: a245e8b1 · fb03f7cd
Jeff Vander Stoep authored 8 years ago
```
am: e68f6fe4

Change-Id: I1c41631e19d8dc837c21f7748634f96d1ab0c994
```
fb03f7cd

Add minTargetSdkVersion input selector to seapp_contexts am: am:... · 4abad75b

Michael Peck authored 8 years ago

Add minTargetSdkVersion input selector to seapp_contexts am: f54b3622 am: 2afdf49a am: 4587df0f
am: b7aa5f76

Change-Id: I7e006cff53b7f9f030613a91843b8acc82a28b15

4abad75b

Merge changes from topic 'selinux-targetSdkVersion' am: fb678339 am: d16878f9 · e68f6fe4
Jeff Vander Stoep authored 8 years ago
```
am: a245e8b1

Change-Id: I5bc23ab43b2e6eda03cb0224fa9b2da59a9eda05
```
e68f6fe4
Add minTargetSdkVersion input selector to seapp_contexts am: f54b3622 am: 2afdf49a · b7aa5f76
Michael Peck authored 8 years ago
```
am: 4587df0f

Change-Id: I38418dfd353bb6b8ab5333ef0fb5a3907e7d3eab
```
b7aa5f76

Feb 14, 2017
- Merge changes from topic 'selinux-targetSdkVersion' am: fb678339 · a245e8b1
  Jeff Vander Stoep authored 8 years ago
  
  am: d16878f9 Change-Id: I4b129c8759994fbac3ef2b4961cfd9273c7ef112
  a245e8b1
- Add minTargetSdkVersion input selector to seapp_contexts am: f54b3622 · 4587df0f
  Michael Peck authored 8 years ago
  
  am: 2afdf49a Change-Id: Ic017d638035ce5be10ac2aeda60049a1087d83df
  4587df0f
- Merge changes from topic 'selinux-targetSdkVersion' · d16878f9
  Jeff Vander Stoep authored 8 years ago
  
  am: fb678339 Change-Id: Ife6c83dc50c381fcb1e2765beda3d69a26101401
  d16878f9
- Add minTargetSdkVersion input selector to seapp_contexts · 2afdf49a
  Michael Peck authored 8 years ago
  
  am: f54b3622 Change-Id: I0a304ed2b5591e58b0e39b37cb9fb8f392fe663b
  2afdf49a
- Merge changes from topic 'selinux-targetSdkVersion' · fb678339
  Treehugger Robot authored 8 years ago
  
  * changes: untrusted_app: policy versioning based on targetSdkVersion Add minTargetSdkVersion input selector to seapp_contexts
  fb678339
- untrusted_app: policy versioning based on targetSdkVersion · bacb6d79
  Jeff Vander Stoep authored 8 years ago
  
  Motivation: Provide the ability to phase in new security policies by applying them to apps with a minimum targetSdkVersion. Place untrusted apps with targetSdkVersion<=25 into the untrustd_app_25 domain. Apps with targetSdkVersion>=26 are placed into the untrusted_app domain. Common rules are included in the untrusted_app_all attribute. Apps with a more recent targetSdkVersion are granted fewer permissions. Test: Marlin builds and boots. Apps targeting targetSdkVersion<=25 run in untrusted_app_25 domain. Apps targeting the current development build >=26 run in the untrusted_app domain with fewer permissions. No new denials observed during testing. Bug: 34115651 Bug: 35323421 Change-Id: Ie6a015566fac07c44ea06c963c40793fcdc9a083
  bacb6d79
- Add minTargetSdkVersion input selector to seapp_contexts · f54b3622
  Michael Peck authored 8 years ago
  
  This new input selector allows phasing in new security policies by giving app developers an opportunity to make any needed compatibility changes before updating each app's targetSdkVersion. When all else is equal, matching entries with higher minTargetSdkVersion= values are preferred over entries with lower minTargetSdkVersion= values. Test: Marlin builds and boots. Apps targeting targetSdkVersion<=25 run in untrusted_app_25 domain. Apps targeting the current development build >=26 run in the untrusted_app domain with fewer permissions. No new denials observed during testing. Bug: 34115651 Change-Id: I14bf4f51dbe26cb9bd3f62ad0b281085441d9806
  f54b3622
- Merge "sepolicy: Fix the path of policy.conf" am: 3b06b971 am: 44badf75 am: 1e2b5557 · 6cfd1fdf
  Bin Chen authored 8 years ago
  
  am: 1cec98f5 Change-Id: I624f753f0014dc2a3e6dfe8055d9dd7284d9a892
  6cfd1fdf
- Merge "sepolicy: Fix the path of policy.conf" am: 3b06b971 am: 44badf75 · 1cec98f5
  Bin Chen authored 8 years ago
  
  am: 1e2b5557 Change-Id: I8cc26d76dbdc2540d9d88d2df3101f358caa866a
  1cec98f5
- Merge "sepolicy: Fix the path of policy.conf" am: 3b06b971 · 1e2b5557
  Bin Chen authored 8 years ago
  
  am: 44badf75 Change-Id: I1116bc27b2a5deb4c51934d21a132279ab502ce3
  1e2b5557
- Merge "sepolicy: Fix the path of policy.conf" · 44badf75
  Bin Chen authored 8 years ago
  
  am: 3b06b971 Change-Id: I3ea2bbb2ed2e1b2e9293b3766904b681a70e9896
  44badf75
- Merge "sepolicy: Fix the path of policy.conf" · 3b06b971
  Treehugger Robot authored 8 years ago
  
  3b06b971
- Merge "shell.te: hwbinder for lshal" am: ee2faadc am: 6832909b am: e5d7a8ce · 549042ba
  Steven Moreland authored 8 years ago
  
  am: 94651e19 Change-Id: I4e535ce2cb740c37bd96682d23f812dc260fd00a
  549042ba
- Merge "shell.te: hwbinder for lshal" am: ee2faadc am: 6832909b · 94651e19
  Steven Moreland authored 8 years ago
  
  am: e5d7a8ce Change-Id: I3c4398a0845d98c9824bde7f6a96bce2ac4ca665
  94651e19
- Merge "shell.te: hwbinder for lshal" am: ee2faadc · e5d7a8ce
  Steven Moreland authored 8 years ago
  
  am: 6832909b Change-Id: I0acd257b35f55e9f125ea805b2152aa1296ffa88
  e5d7a8ce
- Merge "shell.te: hwbinder for lshal" · 6832909b
  Steven Moreland authored 8 years ago
  
  am: ee2faadc Change-Id: Ic12fe80e16972a172092291058c12dd53c95ee14
  6832909b
- Merge "shell.te: hwbinder for lshal" · ee2faadc
  Treehugger Robot authored 8 years ago
  
  ee2faadc
- Merge "Move hals to vendor partition." am: d734f151 am: 8eb8beba am: 12649249 · b9a51064
  Steven Moreland authored 8 years ago
  
  am: 4e270210 -s ours Change-Id: I4fbb7538db0a094a8d9fa3feaa74c13f3b1bd453
  b9a51064
- Merge "Move hals to vendor partition." am: d734f151 am: 8eb8beba · 4e270210
  Steven Moreland authored 8 years ago
  
  am: 12649249 Change-Id: Idbccec64163fe70c146b653c0c71c6b14b8ba797
  4e270210
- Merge "Move hals to vendor partition." am: d734f151 · 12649249
  Steven Moreland authored 8 years ago
  
  am: 8eb8beba Change-Id: Ie468fabd56f01c1340c49632760ce1e7ba65420b
  12649249
- Merge "Move hals to vendor partition." · 8eb8beba
  Steven Moreland authored 8 years ago
  
  am: d734f151 Change-Id: I600ecaf5fac9401db036a733a7afa186f6de7eb2
  8eb8beba
- Merge "Move hals to vendor partition." · d734f151
  Steven Moreland authored 8 years ago
  
  d734f151
- Merge "Move hals to vendor partition." · 66bb6b64
  TreeHugger Robot authored 8 years ago
  
  66bb6b64
- Merge "Remove selinux denial" am: ff5784f3 am: 7bb3d92a am: 8f022478 · e9e440f0
  Paul Lawrence authored 8 years ago
  
  am: 75877b24 Change-Id: Ic8688a5f7835ec689d47b1aad7d3e95424e28625
  e9e440f0
- Merge "Sepolicy for OMX hal." am: 5b4f15e1 am: 6f443b87 am: d1eb4564 · 8c985ed5
  Pawin Vongmasa authored 8 years ago
  
  am: d85cd20d Change-Id: I3dbea2d195d5dd8fa27e6c702c5772b2d5b0825b
  8c985ed5
- Merge "Remove selinux denial" am: ff5784f3 am: 7bb3d92a · 75877b24
  Paul Lawrence authored 8 years ago
  
  am: 8f022478 Change-Id: Id2bf23854f29d453e8e280a50e6b2fee308e6db2
  75877b24
- Merge "Sepolicy for OMX hal." am: 5b4f15e1 am: 6f443b87 · d85cd20d
  Pawin Vongmasa authored 8 years ago
  
  am: d1eb4564 Change-Id: Ic7a0b8ad7469778a2cf5ef2673de493fe34eabd9
  d85cd20d
- Merge "Remove selinux denial" am: ff5784f3 · 8f022478
  Paul Lawrence authored 8 years ago
  
  am: 7bb3d92a Change-Id: I77e60157551af8e13bb4fb45da86aae86347f084
  8f022478
- Merge "Sepolicy for OMX hal." am: 5b4f15e1 · d1eb4564
  Pawin Vongmasa authored 8 years ago
  
  am: 6f443b87 Change-Id: I46dc0e9a5350dca7861fc81f0cf00d698c57ec0b
  d1eb4564
- Merge "Remove selinux denial" · 7bb3d92a
  Paul Lawrence authored 8 years ago
  
  am: ff5784f3 Change-Id: Ieb6e5cc4711add33fbd7b276bbbd362f249fb51e
  7bb3d92a
- Merge "Sepolicy for OMX hal." · 6f443b87
  Pawin Vongmasa authored 8 years ago
  
  am: 5b4f15e1 Change-Id: Ic7c0de32ac3970c000062bc35bb0c50254510b3a
  6f443b87
- Merge "Remove selinux denial" · ff5784f3
  Treehugger Robot authored 8 years ago
  
  ff5784f3
- Merge "Sepolicy for OMX hal." · 5b4f15e1
  Pawin Vongmasa authored 8 years ago
  
  5b4f15e1
Feb 13, 2017

shell.te: hwbinder for lshal · 867aa27f

Steven Moreland authored 8 years ago

Update shell.te to reflect the fact that hwbinder_user permission is for
lshal, not dumpsys.

Bug: 33382892
Test: pass
Change-Id: I1d298261cea82177436a662afbaa767f00117b16

867aa27f

Move hals to vendor partition. · aa11b6a9

Steven Moreland authored 8 years ago

Bug: 34135607
Test: hals work

Merged-In: I6a1f87438bb5b540fce900e9ec5df07d3f4f6bd4
Change-Id: I6a1f87438bb5b540fce900e9ec5df07d3f4f6bd4

aa11b6a9