Commits · 48b18832c476f0bd8fcb8ee3e308258392f36aaf · Werner Sembach / AndroidSystemSEPolicy

Feb 11, 2014

Introduce asec_public_file type. · 48b18832

Robert Craig authored 11 years ago


This new type will allow us to write finer-grained
policy concerning asec containers. Some files of
these containers need to be world readable.

Change-Id: Iefee74214d664acd262edecbb4f981d633ff96ce
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>

48b18832

Feb 04, 2014

Revert "Move tlcd_sock policy over to manta." · 1a1ad959

Nick Kralevich authored 11 years ago

This doesn't compile on non-manta devices because of a
missing drmserver_socket declaration.

external/sepolicy/mediaserver.te":68:ERROR 'unknown type drmserver_socket' at token ';' on line 6764:
#line 68
allow mediaserver drmserver_socket:sock_file write;
checkpolicy:  error(s) encountered while parsing configuration
make: *** [out/target/product/flo/obj/ETC/sepolicy_intermediates/sepolicy] Error 1
make: *** Waiting for unfinished jobs....

This reverts commit 8cd400d3.

Change-Id: Ib8f07b57008b9ed1165b945057502779e806f0f8

1a1ad959

Move tlcd_sock policy over to manta. · 8cd400d3

Stephen Smalley authored 11 years ago


Change-Id: I7d5a5f964133177e7d466b9759fcf6300fec345d
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

8cd400d3

Jan 31, 2014

drmserver: allow looking in efs_file directories · 7cbe44f2

Nick Kralevich authored 11 years ago

We can read any efs_files, but can't look in the directory
containing them. Allow it.

Without this patch, high resolution movie playback is broken.

Addresses the following denial:

[  276.780046] type=1400 audit(1391105234.431:5): avc:  denied  { search } for  pid=125 comm="drmserver" name="/" dev="mmcblk0p1" ino=2 scontext=u:r:drmserver:s0 tcontext=u:object_r:efs_file:s0 tclass=dir

Bug: 12819852

Change-Id: Ie9d13a224cef5e229de1bdb78d605841ed387a21

7cbe44f2

Jan 25, 2014
- Make drmserver enforcing. · 5eca63f1
  Nick Kralevich authored 11 years ago
  
  Change-Id: I7c1d2fc7b4d5a962f872d5f032b6d9e31efe7a24
  5eca63f1
Jan 16, 2014

Allow drmserver to unlink old socket file. · e11935d9

Stephen Smalley authored 11 years ago


Change-Id: I35728c4f058fa9aeb51a7960395759590e20b083
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

e11935d9

Jan 11, 2014

Support forcing permissive domains to unconfined. · 623975fa

Nick Kralevich authored 11 years ago

Permissive domains are only intended for development.
When a device launches, we want to ensure that all
permissive domains are in, at a minimum, unconfined+enforcing.

Add FORCE_PERMISSIVE_TO_UNCONFINED to Android.mk. During
development, this flag is false, and permissive domains
are allowed. When SELinux new feature development has been
frozen immediately before release, this flag will be flipped
to true. Any previously permissive domains will move into
unconfined+enforcing.

This will ensure that all SELinux domains have at least a
minimal level of protection.

Unconditionally enable this flag for all user builds.

Change-Id: I1632f0da0022c80170d8eb57c82499ac13fd7858

623975fa

Jan 06, 2014

fix mediaserver selinux denials. · 37339c76

Nick Kralevich authored 11 years ago

mediaserver needs the ability to read media_rw_data_file files.
Allow it. Similarly, this is also needed for drmserver. Addresses
the following denials:

<5>[   22.812859] type=1400 audit(1389041093.955:17): avc:  denied  { read } for  pid=1655 comm="MediaScannerSer" path="/data/media/0/DCIM/Camera/VID_20140106_124115.mp4" dev="mmcblk0p28" ino=122204 scontext=u:r:mediaserver:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file
<5>[   22.813103] type=1400 audit(1389041093.955:18): avc:  denied  { getattr } for  pid=849 comm="Binder_2" path="/data/media/0/DCIM/Camera/VID_20140106_124115.mp4" dev="mmcblk0p28" ino=122204 scontext=u:r:mediaserver:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file
<5>[   22.832041] type=1400 audit(1389041093.975:19): avc:  denied  { read } for  pid=849 comm="Binder_2" path="/data/media/0/DCIM/Camera/VID_20140106_124115.mp4" dev="mmcblk0p28" ino=122204 scontext=u:r:drmserver:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file
<5>[   52.357470] type=1400 audit(1389041123.494:29): avc:  denied  { read } for  pid=2757 comm="ImageLoader" path="/data/media/0/DCIM/Camera/VID_20140106_124520.mp4" dev="mmcblk0p28" ino=122211 scontext=u:r:mediaserver:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file
<5>[   52.357717] type=1400 audit(1389041123.494:30): avc:  denied  { getattr } for  pid=849 comm="Binder_2" path="/data/media/0/DCIM/Camera/VID_20140106_124520.mp4" dev="mmcblk0p28" ino=122211 scontext=u:r:mediaserver:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file
<5>[   52.382276] type=1400 audit(1389041123.524:31): avc:  denied  { read } for  pid=849 comm="Binder_2" path="/data/media/0/DCIM/Camera/VID_20140106_124520.mp4" dev="mmcblk0p28" ino=122211 scontext=u:r:drmserver:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file

Allow anyone who has access to video_device:chr_file to also
have read access to video_device:dir. Otherwise, the
chracter devices may not be reachable.

Bug: 12416198
Change-Id: I649cd52ec7f1a25afb3aea479482e3f270bfe074

37339c76

Oct 29, 2013

Confine drmserver, but leave it permissive for now. · 3b268488

Stephen Smalley authored 11 years ago


Change-Id: I8f344dda3ab9766b4a72c404061f242e054129cd
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

3b268488

Oct 21, 2013

Move unconfined domains out of permissive mode. · 353c72e3

Nick Kralevich authored 11 years ago

This change removes the permissive line from unconfined
domains. Unconfined domains can do (mostly) anything, so moving
these domains into enforcing should be a no-op.

The following domains were deliberately NOT changed:
1) kernel
2) init

In the future, this gives us the ability to tighten up the
rules in unconfined, and have those tightened rules actually
work.

When we're ready to tighten up the rules for these domains,
we can:

1) Remove unconfined_domain and re-add the permissive line.
2) Submit the domain in permissive but NOT unconfined.
3) Remove the permissive line
4) Wait a few days and submit the no-permissive change.

For instance, if we were ready to do this for adb, we'd identify
a list of possible rules which allow adbd to work, re-add
the permissive line, and then upload those changes to AOSP.
After sufficient testing, we'd then move adb to enforcing.
We'd repeat this for each domain until everything is enforcing
and out of unconfined.

Change-Id: If674190de3262969322fb2e93d9a0e734f8b9245

353c72e3

May 20, 2013

Make all domains unconfined. · 77d4731e

repo sync authored 11 years ago

This prevents denials from being generated by the base policy.
Over time, these rules will be incrementally tightened to improve
security.

Change-Id: I4be1c987a5d69ac784a56d42fc2c9063c402de11

77d4731e

May 15, 2013
- Move domains into per-domain permissive mode. · 50e37b93
  repo sync authored 11 years ago
  
  Bug: 4070557 Change-Id: I027f76cff6df90e9909711cb81fbd17db95233c1
  50e37b93
Apr 05, 2013
- Give the drmserver the ability to connect to the tee. · d381b97e
  Geremy Condra authored 11 years ago
  
  Bug: 8539042 Change-Id: I6a9c3247688f49bed4a1637c728e77c2e865afd2
  d381b97e
- Allow drmserver to interact with apk_data_file sock_files. · 207c709e
  Geremy Condra authored 11 years ago
  
  Bug: 8539042 Change-Id: I255930759ce0612f6ec9b931bfe545342ef808fc
  207c709e
- Give drmserver the ability to interact with apk_data_file dirs. · 03d436a4
  Geremy Condra authored 11 years ago
  
  Bug: 8539042 Change-Id: I87165fd83b1abef9eb7bf4c403714150aaefed6e
  03d436a4
- Allow drmserver to read the wv keys. · 8ee49795
  Geremy Condra authored 11 years ago
  
  Bug: 8539042 Change-Id: I31e7a3ae6ba783b78c3b38756966950a20f2f2aa
  8ee49795
Apr 03, 2013
- Give the drmserver the ability to connect to the tee. · fa246145
  Geremy Condra authored 11 years ago
  
  Bug: 8539042 Change-Id: I6a9c3247688f49bed4a1637c728e77c2e865afd2
  fa246145
- Allow drmserver to interact with apk_data_file sock_files. · fe9ff457
  Geremy Condra authored 11 years ago
  
  Bug: 8539042 Change-Id: I255930759ce0612f6ec9b931bfe545342ef808fc
  fe9ff457
- Give drmserver the ability to interact with apk_data_file dirs. · 70c1e329
  Geremy Condra authored 11 years ago
  
  Bug: 8539042 Change-Id: I87165fd83b1abef9eb7bf4c403714150aaefed6e
  70c1e329
- Allow drmserver to read the wv keys. · 7a380b07
  Geremy Condra authored 11 years ago
  
  Bug: 8539042 Change-Id: I31e7a3ae6ba783b78c3b38756966950a20f2f2aa
  7a380b07
Mar 27, 2013

Revert "Revert "Various minor policy fixes based on CTS."" · e69552ba

Geremy Condra authored 12 years ago

This reverts commit ba84bf1d

Hidden dependency resolved.

Change-Id: I9f0844f643abfda8405db2c722a36c847882c392

e69552ba

Mar 22, 2013

Revert "Various minor policy fixes based on CTS." · ba84bf1d
Geremy Condra authored 12 years ago
```
This reverts commit 8a814a76

Change-Id: Id1497cc42d07ee7ff2ca44ae4042fc9f2efc9aad
```
ba84bf1d

Various minor policy fixes based on CTS. · 8a814a76

Stephen Smalley authored 12 years ago


Change-Id: I5a3584b6cc5eda2b7d82e85452f9fe457877f1d1
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

8a814a76

Split internal and external sdcards · c195ec31

William Roberts authored 12 years ago

Two new types are introduced:
sdcard_internal
sdcard_external

The existing type of sdcard, is dropped and a new attribute
sdcard_type is introduced.

The boolean app_sdcard_rw has also been changed to allow for
controlling untrusted_app domain to use the internal and external
sdcards.

Change-Id: Ic7252a8e1703a43cb496413809d01cc6cacba8f5

c195ec31

Aug 13, 2012
- Trusted Execution Environment policy. · e07b8a56
  rpcraig authored 12 years ago
  
  e07b8a56
Aug 10, 2012
- Additions for grouper/JB · abd977a7
  rpcraig authored 12 years ago
  
  abd977a7
Mar 07, 2012
- Policy changes to support running the latest CTS. · c83d0087
  Stephen Smalley authored 13 years ago
  
  c83d0087
Jan 04, 2012
- SE Android policy. · 2dd4e51d
  Stephen Smalley authored 13 years ago
  
  2dd4e51d