Commits · 5bed3714f85cf4cfba3c5480cca568f4e5584661 · Werner Sembach / AndroidSystemSEPolicy

Dec 15, 2016
- Merge "Split mac_permissions.xml into plat and non-plat components." am: a24fae4f am: a733bed5 · 5bed3714
  dcashman authored 8 years ago
  
  am: dddf44d1 Change-Id: Id065ce7709a333435675ed2fb4948a9016cccfaa
  5bed3714
- Merge "Split mac_permissions.xml into plat and non-plat components." am: a24fae4f · dddf44d1
  dcashman authored 8 years ago
  
  am: a733bed5 Change-Id: I931316818a4fb6889ab1c46ee90d27025cd1496d
  dddf44d1
- Split mac_permissions.xml into plat and non-plat components. am: 90b3b948 am: e33de6a8 · 80549022
  dcashman authored 8 years ago
  
  am: 905c8133 Change-Id: I4a14309f90c98802b3db03e2a2fabe48fde7c5b0
  80549022
- Merge "Split mac_permissions.xml into plat and non-plat components." · a733bed5
  dcashman authored 8 years ago
  
  am: a24fae4f Change-Id: Ic5420da36c5653021010dcfceeaf3c915bb6ec2d
  a733bed5
- Split mac_permissions.xml into plat and non-plat components. am: 90b3b948 · 905c8133
  dcashman authored 8 years ago
  
  am: e33de6a8 Change-Id: Icae7ddef1df97f469317438f63dd3613a87f5545
  905c8133
- Split mac_permissions.xml into plat and non-plat components. · e33de6a8
  dcashman authored 8 years ago
  
  am: 90b3b948 Change-Id: Iee71ed7dd1edaa4507203708d4566e342b03e76c
  e33de6a8
- Merge "Split mac_permissions.xml into plat and non-plat components." · a24fae4f
  Treehugger Robot authored 8 years ago
  
  a24fae4f
- Merge "Enforce assumptions around metadata_block_device" am: 62f0b8ea am: 320e821e · fb4f3617
  Nick Kralevich authored 8 years ago
  
  am: c6bcdbdf Change-Id: Ic7045b9dbb99cda3edb30f47ed9ecdbf542da92e
  fb4f3617
- Merge "Enforce assumptions around metadata_block_device" am: 62f0b8ea · c6bcdbdf
  Nick Kralevich authored 8 years ago
  
  am: 320e821e Change-Id: I0bbb2bcc523e079650753f577f68b983b7086a39
  c6bcdbdf
- Merge "Enforce assumptions around metadata_block_device" · 320e821e
  Nick Kralevich authored 8 years ago
  
  am: 62f0b8ea Change-Id: I5c0d607d92f7ba76e113f4c5aaf746e48ddd2718
  320e821e
- Split mac_permissions.xml into plat and non-plat components. · 90b3b948
  dcashman authored 8 years ago
  
  Bug: 31363362 Test: Bullhead and Sailfish both build and boot w/out new denials. Change-Id: If6a451ddaab8c9b78a618c49b116a7ed766d0710
  90b3b948
- Merge "Enforce assumptions around metadata_block_device" · 62f0b8ea
  Treehugger Robot authored 8 years ago
  
  62f0b8ea
- Merge "All hal policies expressed as attributes." am: 5b8d87b2 am: 5529f036 · 42899fbb
  Steven Moreland authored 8 years ago
  
  am: c4ee4ca6 Change-Id: Ic57956bc6f897ea24584702a32bab52432e2d010
  42899fbb
- Merge "All hal policies expressed as attributes." am: 5b8d87b2 · c4ee4ca6
  Steven Moreland authored 8 years ago
  
  am: 5529f036 Change-Id: Ib9812cb072ad33e974dfb625fdaf421be01fea42
  c4ee4ca6
- Merge "All hal policies expressed as attributes." · 5529f036
  Steven Moreland authored 8 years ago
  
  am: 5b8d87b2 Change-Id: I7e28e34027887dde44d2c160891117596133700d
  5529f036
- Merge "All hal policies expressed as attributes." · 5b8d87b2
  Steven Moreland authored 8 years ago
  
  5b8d87b2
- Enforce assumptions around metadata_block_device · 5207ca6a
  Nick Kralevich authored 8 years ago
  
  Add a compile time assertion that only authorized SELinux domains are allowed to touch the metadata_block_device. This domain may be wiped at will, and we want to ensure that we're not inadvertently destroying other people's data. Test: policy compiles. Change-Id: I9854b527c3d83e17f717d6cc8a1c6b50e0e373b6
  5207ca6a
- Merge "Add btsnoop_hci.log to bugreport zip (2/2)" into nyc-mr2-dev · 737cb669
  Ajay Panicker authored 8 years ago
  
  am: 27eb6492 Change-Id: Ifbea25c85e2eae67f0da3a9dfd19a1e6bb873c80
  737cb669
- Add btsnoop_hci.log to bugreport zip (2/2) · 88cd6584
  Ajay Panicker authored 8 years ago
  
  am: cea7171f Change-Id: I54073aa11166a38b6d280e894ebbd459954ddedf
  88cd6584
- Allow bluetooth service to access bluetooth directory and add /logs (3/14) · a2d4d11a
  Ajay Panicker authored 8 years ago
  
  am: 7a2107c1 Change-Id: I8ce6d21c0df0002fd0f0f62da3aafd9652a39f24
  a2d4d11a
- Merge "Add btsnoop_hci.log to bugreport zip (2/2)" into nyc-mr2-dev · 27eb6492
  Ajay Panicker authored 8 years ago
  
  View commit 27eb6492 16 tags
  
  27eb6492
- Merge "Allow binder IPC between ephemeral app and appdomain" am: 0046853f am: 377e50d7 · 8bc6e51d
  Chad Brubaker authored 8 years ago
  
  am: 393b96e3 Change-Id: Ib556294ff0b0a64db1088c5e790a3eec6dd4f58a
  8bc6e51d
- Merge "Allow binder IPC between ephemeral app and appdomain" am: 0046853f · 393b96e3
  Chad Brubaker authored 8 years ago
  
  am: 377e50d7 Change-Id: I405de2d676bf01053bf1e36049edd348675d183a
  393b96e3
- Merge "Allow binder IPC between ephemeral app and appdomain" · 377e50d7
  Chad Brubaker authored 8 years ago
  
  am: 0046853f Change-Id: Ib21c9b4dad410270ef280786a7eca0db21069e88
  377e50d7
- Merge "Allow binder IPC between ephemeral app and appdomain" · 0046853f
  Chad Brubaker authored 8 years ago
  
  0046853f
Dec 14, 2016

Assign a label to the ro.boottime.* properties am: bb9a3888 am: 18f61a0f · 3b7df33e
Nick Kralevich authored 8 years ago
```
am: 1b0ec79f

Change-Id: Ib4d85189639a4ef7228f9b8dd639b6a2eb59ea39
```
3b7df33e
Assign a label to the ro.boottime.* properties am: bb9a3888 · 1b0ec79f
Nick Kralevich authored 8 years ago
```
am: 18f61a0f

Change-Id: I05a0657ab76f1143f0fd808de7948bfc2e7b21f8
```
1b0ec79f
Assign a label to the ro.boottime.* properties · 18f61a0f
Nick Kralevich authored 8 years ago
```
am: bb9a3888

Change-Id: I6f9175baa166d7f8b887b12fbc6266e602f24173
```
18f61a0f

Assign a label to the ro.boottime.* properties · bb9a3888

Nick Kralevich authored 8 years ago

system/core commit 331cf2fb7c16b5b25064f8d2f00284105a9b413f created a
number of new properties of the form:

  [ro.boottime.init]: [5294587604]
  [ro.boottime.InputEventFind]: [10278767840]
  [ro.boottime.adbd]: [8359267180]
  ...

These properties were assigned the default_prop SELinux label because a
better label did not exist. Properties labeled with the default_prop
label are readable to any SELinux domain, which is overly broad.

  bullhead:/ $ getprop -Z ro.boottime.adbd
  u:object_r:default_prop:s0

Instead, create a new label for the ro.boottime.* properties so we can
apply more fine grain read access control to these properties.

  bullhead:/ $ getprop -Z ro.boottime.adbd
  u:object_r:boottime_prop:s0

New SELinux property labels have minimal permissions by default. As a
result, after this change, ro.boottime.* properties will only be
readable to system_server, bootstat, init (because it manages the property
space), and "adb root" (because no SELinux permissions are enforced there).

Additional read access can be granted as-needed.

This is part of a larger effort to implement fine-grain access control
on the properties managed by init.

Test: Device boots and no SELinux denials on boot.
Change-Id: Ibf981cb81898f4356fdc5c1b6f15dd93c0d6d84d

bb9a3888

Allow binder IPC between ephemeral app and appdomain · 641d5d8f

Chad Brubaker authored 8 years ago

Address denial type=1400 audit(0.0:42): avc: denied { call } for
scontext=u:r:untrusted_app:s0:c512,c768
tcontext=u:r:ephemeral_app:s0:c207,c258,c512,c768 tclass=binder

Test: Above denial no longer happens
Change-Id: I351269ee4671cfd51c981d3db5d0f3944d14e702

641d5d8f

Merge "Do not allow new additions to core_property_type" am: d57dd813 am: f13dcbb4 · 47e2f081
Nick Kralevich authored 8 years ago
```
am: 5bfa8509

Change-Id: Idb6a5e42bff4bab0781db7bad1a497e9b2c169e5
```
47e2f081
Merge "Do not allow new additions to core_property_type" am: d57dd813 · 5bfa8509
Nick Kralevich authored 8 years ago
```
am: f13dcbb4

Change-Id: Ife8946bdd99b4121b6ad80a21c345d9ee0af1777
```
5bfa8509
Merge "Do not allow new additions to core_property_type" · f13dcbb4
Nick Kralevich authored 8 years ago
```
am: d57dd813

Change-Id: I5e911f7d301ba8421184b80f485e043178f225fb
```
f13dcbb4
Merge "Do not allow new additions to core_property_type" · d57dd813
Treehugger Robot authored 8 years ago

d57dd813
Removing file system remount permission from vold am: 16c889c5 am: 37f17c5b · 5b6e4ecc
Max authored 8 years ago
```
am: 2d5426ae

Change-Id: Iae51b513b88597b8837c869e93c67a58f52db2b1
```
5b6e4ecc
Removing file system remount permission from vold am: 16c889c5 · 2d5426ae
Max authored 8 years ago
```
am: 37f17c5b

Change-Id: I9f2147b904b48cfc6f6f898056e8ae3acd6d7aea
```
2d5426ae
Removing file system remount permission from vold · 37f17c5b
Max authored 8 years ago
```
am: 16c889c5

Change-Id: Icfa43cb11246de34f6f8f3c96726bec67680c5ff
```
37f17c5b

All hal policies expressed as attributes. · 29eed9fa

Steven Moreland authored 8 years ago

Bug: 32123421
Bug: 32905206

Test: compiles, nfc works
Change-Id: Ibf72ef70255573e4df0863ea640354b3c37eb47d

29eed9fa

Do not allow new additions to core_property_type · d310df20

Nick Kralevich authored 8 years ago

core_property_type is an attribute which was given to all existing
properties known to core SELinux policy. Any property with this label is
readable to all SELinux domains, which is overly broad. The long term
goal is to remove the core_property_type attribute entirely.

Add a neverallow rule prohibiting the introduction of new properties
with the core_property_type attribute. Device specific properties, or
new properties in core SELinux policy, should not have this attribute.

Test: policy compiles
Change-Id: Ie89a9f0d81c8561616001ff8451496ce2278dbb2

d310df20

Dec 13, 2016
- Add sepolicy for consumerir HIDL HAL am: a95c52e3 am: 7724c229 · c540824b
  Connor O'Brien authored 8 years ago
  
  am: 5f50fd90 Change-Id: I643d05381fd866f43717dc37b55ad5beb589a2bc
  c540824b