- Oct 10, 2015
-
-
William Roberts authoredTo prevent assigning non property types to properties, introduce a neverallow to prevent non property_type types from being set. Change-Id: Iba9b5988fe0b6fca4a79ca1d467ec50539479fd5 Signed-off-by:
William Roberts <william.c.roberts@intel.com>
-
- Oct 07, 2015
-
-
Nick Kralevich authored
Simplify SELinux policy by deleting the procrank SELinux domain. procrank only exists on userdebug/eng builds, and anyone wanting to run procrank can just su to root. Bug: 18342188 Change-Id: I71adc86a137c21f170d983e320ab55be79457c16
-
Jeff Vander Stoep authored
Third party vpn apps must receive open tun fd from the framework for device traffic. neverallow untrusted_app open perm and auditallow bluetooth access to see if the neverallow rule can be expanded to include all of appdomain. Bug: 24677682 Change-Id: I68685587228a1044fe1e0f96d4dc08c2adbebe78
-
David Zeuthen authored
The update_engine daemon from Brillo is expected to be used also in Android so move its selinux policy to AOSP. Put update_engine in the whitelist (currently only has the recovery there) allowing it to bypass the notallow for writing to partititions labeled as system_block_device. Also introduce the misc_block_device dev_type as update_engine in some configurations may need to read/write the misc partition. Start migrating uncrypt to use this instead of overly broad block_device:blk_file access. Bug: 23186405 Test: Manually tested with Brillo build. Change-Id: Icf8cdb4133d4bbdf14bacc6c0fa7418810ac307a
-
- Oct 06, 2015
-
-
Nick Kralevich authored
vold hasn't use the generic "block_device" label since commit 273d7ea4 (Sept 2014), and the auditallow statement in vold hasn't triggered since that time. Remove the rule which allows vold access to the generic block_device label, and remove the vold exception. Thanks to jorgelo for reminding me about this. Change-Id: Idd6cdc20f5be9a40c5c8f6d43bbf902a475ba1c9
-
- Oct 03, 2015
-
-
Jeffrey Vander Stoep authored
* commit 'b01a18b9': grant installd rx perms on toybox
-
Jeffrey Vander Stoep authored
-
Jeff Vander Stoep authored
Installd uses cp when relocating apps to sdcard. avc: denied { execute } for name="toybox" dev="mmcblk0p10" ino=315 scontext=u:r:installd:s0 tcontext=u:object_r:toolbox_exec:s0 tclass=file Bug: 24617685 Change-Id: Id1a3039bbfc187c074aa50d426278964c40e4bde
-
- Oct 01, 2015
-
-
William Roberts authored
* commit '7fc865a4': service_contexts: don't delete intermediate on failure
-
William Roberts authored
* commit 'dcffd2b4': property_contexts: don't delete intermediate on failure
-
Colin Cross authored
* commit '9eb6c874': Revert "property_contexts: don't delete intermediate on failure"
-
Colin Cross authored
* commit 'efcaecab': Revert "service_contexts: don't delete intermediate on failure"
-
Jeffrey Vander Stoep authored
* commit '23c42c38': service_contexts: don't delete intermediate on failure
-
Jeffrey Vander Stoep authored
* commit 'e6e94762': property_contexts: don't delete intermediate on failure
-
William Roberts authored
When service_contexts fails to build, the file is deleted leaving only the error message for debugging. Build service_contexts and general variant as a temporary intermediate before running checkfc. Change-Id: Ib9dcbf21d0a28700d500cf0ea4e412b009758d5d Signed-off-by:William Roberts <william.c.roberts@intel.com> -
William Roberts authored
When property_contexts fails to build, the file is deleted leaving only the error message for debugging. Build property_contexts and general variant as a temporary intermediate before running checkfc. Change-Id: Ia86eb0480c9493ceab36fed779b2fe6ab85d2b3d Signed-off-by:William Roberts <william.c.roberts@intel.com> -
Colin Cross authored
This reverts commit 7f81b337. Change-Id: I79834d0ef3adbf2eed53b07d17160876e2a999c6
-
Colin Cross authored
This reverts commit f6ee7a52. Change-Id: I4f1396e6e4aeecd1109f9c24494c6e82645c0663
-
Jeffrey Vander Stoep authored
-
Jeffrey Vander Stoep authored
-
Nick Kralevich authored
* commit '331c2e96': Add audit_read permission to capability2
-
Nick Kralevich authored
-
Woojung Min authored
In kernel 3.18 following error message is seen since audit_read is added to capability2 at classmap.h So add audit_read permission to capability2. SELinux: Permission audit_read in class capability2 not defined in policy. SELinux: the above unknown classes and permissions will be denied The kernel change from AOSP is: https://android.googlesource.com/kernel/common/+/3a101b8de0d39403b2c7e5c23fd0b005668acf48%5E%21/security/selinux/include/classmap.h Change-Id: I236fbb8ac575c5cb8df097014da6395e20378175 Signed-off-by:
Woojung Min <wmin@nvidia.com>
-
- Sep 29, 2015
-
-
William Roberts authored
When service_contexts fails to build, the file is deleted leaving only the error message for debugging. Build service_contexts and general variant as a temporary intermediate before running checkfc. Change-Id: Ib9c9247d36e6a6406b4df84d10e982921c07d492 Signed-off-by:William Roberts <william.c.roberts@intel.com> -
William Roberts authored
When property_contexts fails to build, the file is deleted leaving only the error message for debugging. Build property_contexts and general variant as a temporary intermediate before running checkfc. Change-Id: I431d6f4494fa119c1873eab0e77f0eed3fb5754e Signed-off-by:William Roberts <william.c.roberts@intel.com> -
Daniel Cashman authored
* commit '226caf49': Remove mediaserver sysfs write permissions.
-
Daniel Cashman authored
-
- Sep 28, 2015
-
-
William Roberts authored
* commit '3746a0ae': file_contexts: don't delete intermediate on failure
-
William Roberts authored
Currently, if an error is detected in a file_contexts file, the intermediate file_context.tmp file is removed, thus making debugging of build issues problematic. Instead, employ checkfc tool during the compilation recipe so the m4 concatenated intermediate is preserved on failure. Change-Id: Ic827385d3bc3434b6c2a9bba5313cd42b5f15599 Signed-off-by:William Roberts <william.c.roberts@intel.com>
-
- Sep 22, 2015
-
-
dcashman authored
Mediaserver no longer appears, and maybe never did, need write permission to sysfs files. commit: 1de9c492 added auditing to make sure this is the case, and such access has not been observed. Remove the permissions and the associated auditallow rule to further confine the mediaserver sandbox. Bug: 22827371 Change-Id: I44ca1521b9791db027300aa84e54c074845aa735
-
Jeff Vander Stoep authored
* commit '483fd267': Enforce no persistent logging on user builds
-
Jeff Vander Stoep authored
For userdebug and eng builds enforce that: - only logd and shell domains may access logd files - logd is only allowed to write to /data/misc/logd Change-Id: Ie909cf701fc57109257aa13bbf05236d1777669a
-
- Sep 19, 2015
-
-
Ivan Krasin authored
* commit '9aa41303': asan: update condition to work with multiple SANITIZE_TARGET values.
-
- Sep 18, 2015
-
-
Ivan Krasin authored
The goal is to enable SANITIZE_TARGET='address coverage', which will be used by LLVMFuzzer. Bug: 22850550 Change-Id: I953649186a7fae9b2495159237521f264d1de3b6
-
- Sep 16, 2015
-
-
Nick Kralevich authored
* commit 'eb8b2188': document the non-ART-related reasons for execmem
-
Nick Kralevich authored
-
- Sep 15, 2015
-
-
Daniel Rosenberg authored
* commit 'a984a9bf': file_contexts: Change file_contexts to file_contexts.bin
-
David Pursell authored
* commit '05056457': adb: add adbd -> shell signal permissions.
-
Daniel Rosenberg authored
Change-Id: I0c17b4e36a14afd24763343c09eaca650ea4cefd
-
David Pursell authored
adbd needs to kill spawned subprocesses if the client terminates the connection. SIGHUP will be used for this purpose, which requires the process:signal permission. Bug: http://b/23825725 Change-Id: I36d19e14809350dd6791a8a44f01b2169effbfd4
-