Commits · 5f98693a77722915016827f280c60c7814d88eed · Werner Sembach / AndroidSystemSEPolicy

Apr 04, 2018
- Allowing incidentd to get stack traces from processes. · 5f98693a
  Kweku Adams authored 6 years ago
  
  am: 985db6d8 Change-Id: I1c05fb2469df71f5572aaf8ed88333dc3c92d3c5
  5f98693a
- Allowing incidentd to get stack traces from processes. · 985db6d8
  Kweku Adams authored 7 years ago
  
  Bug: 72177715 Test: flash device and check incident output Change-Id: I16c172caec235d985a6767642134fbd5e5c23912
  985db6d8
- Merge "Rename qtaguid_proc to conform to name conventions" · d093691c
  Jeff Vander Stoep authored 6 years ago
  
  am: 38a84cf8 Change-Id: I76cbd596ac70b065c288b30855db956fd456b5f6
  d093691c
- Merge "Rename qtaguid_proc to conform to name conventions" · 38a84cf8
  Treehugger Robot authored 6 years ago
  
  38a84cf8
Apr 03, 2018

Merge "Block SDK 28 app from using proc/net/xt_qtaguid" · c9f91a8c
Chenbo Feng authored 6 years ago
```
am: c69cbe55

Change-Id: I741c90bf96d43b6ab5227696ac24d8891cf5dc97
```
c9f91a8c
Merge "Block SDK 28 app from using proc/net/xt_qtaguid" · c69cbe55
Treehugger Robot authored 6 years ago

c69cbe55
Allow getsockopt and setsockopt for Encap Sockets · 9f33cad7
Nathan Harold authored 6 years ago
```
am: 252b0153

Change-Id: I1800da081c5f164c35a470978053514f67c016da
```
9f33cad7

Allow getsockopt and setsockopt for Encap Sockets · 252b0153

Nathan Harold authored 7 years ago

Because applications should be able to set the receive
timeout on UDP encapsulation sockets, we need to allow
setsockopt(). getsockopt() is an obvious allowance as
well.

Bug: 68689438
Test: compilation
Merged-In: I2eaf72bcce5695f1aee7a95ec03111eca577651c
Change-Id: I2eaf72bcce5695f1aee7a95ec03111eca577651c

252b0153

Rename qtaguid_proc to conform to name conventions · bdf2a9c4
Jeff Vander Stoep authored 6 years ago
```
Test: build
Bug: 68774956
Change-Id: I0f9fd87eb41e67e14f35e49eba13e3d1de745250
```
bdf2a9c4

Block SDK 28 app from using proc/net/xt_qtaguid · c411ff70

Chenbo Feng authored 7 years ago

The file under /proc/net/xt_qtaguid is going away in future release.
Apps should use the provided public api instead of directly reading the
proc file. This change will block apps that based on SDK 28 or above to
directly read that file and we will delete that file after apps move
away from it.

Test: Flashed with master branch on marlin, verified phone boot, can
      browse web, watch youtube video, make phone call and use google
      map for navigation with wifi on and off.
      run cts -m CtsNetTestCases -t android.net.cts.TrafficStatsTest
      run cts -m CtsAppSecurityHostTestCases -t \
      		android.appsecurity.cts.AppSecurityTests

Change-Id: I4c4d6c9ab28b426acef23db53f171de8f20be1dc
(cherry picked from commit 5ec8f843)

c411ff70

Add untrusted_app_27 · 950388f0
Jeff Vander Stoep authored 6 years ago
```
am: 3aa7ca56

Change-Id: I964ce5b658d73b7ccfbc7b1d86ca11b1c7ad8459
```
950388f0

Add untrusted_app_27 · 3aa7ca56

Jeff Vander Stoep authored 6 years ago

This is a partial cherry pick of commit 6231b4d9
'Enforce per-app data protections for targetSdk 28+'.

Untrusted_app_27 remains unreachable, but it's existence
prevents future merge conflicts.

Bug: 63897054
Test: build/boot aosp_walleye-userdebug
Change-Id: I64b013874fe87b55f47e817a1279e76ecf86b7c0
Merged-In: I64b013874fe87b55f47e817a1279e76ecf86b7c0
(cherry picked from commit 6231b4d9)

3aa7ca56

Remove deprecated tagSocket() permissions · c1753b7a
Jeff Vander Stoep authored 6 years ago
```
am: 0d1e52a5

Change-Id: I82c95f1fa1494d6b380823c4fd4436081e62bea0
```
c1753b7a

Remove deprecated tagSocket() permissions · 0d1e52a5

Jeff Vander Stoep authored 6 years ago

tagSocket() now results in netd performing these actions on behalf
of the calling process.

Remove direct access to:
/dev/xt_qtaguid
/proc/net/xt_qtaguid/ctrl

Bug: 68774956
Test: -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AppSecurityTests
    -m CtsNativeNetTestCases
Test: stream youtube, browse chrome
Test: go/manual-ab-ota
Change-Id: I6a044f304c3ec4e7c6043aebeb1ae63c9c5a0beb

0d1e52a5

Apr 02, 2018

Merge "Allow vendor_init_settable for persist.sys.sf.native_mode" · 27aa211d
Jaekyun Seok authored 6 years ago
```
am: f22c062c

Change-Id: I1c1a4c68adb49113ef6b6ff95326de8cb2ce8e25
```
27aa211d
Merge "Allow vendor_init_settable for persist.sys.sf.native_mode" · f22c062c
Treehugger Robot authored 6 years ago

f22c062c
Selinux: Fix perfprofd policy · bd81409f
Andreas Gampe authored 6 years ago
```
am: c8fe29ff

Change-Id: I70261798153c0151aa04f64064e58edb81e87805
```
bd81409f
Reland "Allow dexopt to follow /odm/lib(64) symlinks."" · ee92ff78
Jiyong Park authored 6 years ago
```
am: a6d9d6b6

Change-Id: If482dd99535d544fa39e287ed5787aa156dcac56
```
ee92ff78

Selinux: Fix perfprofd policy · c8fe29ff

Andreas Gampe authored 7 years ago

Update for debugfs labeling changes.

Update for simpleperf behavior with stack traces (temp file).

Bug: 73175642
Test: m
Test: manual - run profiling, look for logs
Change-Id: Ie000a00ef56cc603f498d48d89001f566c03b661

c8fe29ff

Allow vendor_init_settable for persist.sys.sf.native_mode · 0dc35873

Jaekyun Seok authored 6 years ago

A default value of persist.sys.sf.native_mode could be set by SoC
partners in some devices including some pixels.
So it should have vendor_init_settable accessibility.

Bug: 74266614
Test: succeeded building and tested with a pixel device with
PRODUCT_COMPATIBLE_PROPERTY_OVERRIDE=true.

Change-Id: I5d7a029f82505983d21dc722541fb55761a8714d

0dc35873

Reland "Allow dexopt to follow /odm/lib(64) symlinks."" · a6d9d6b6

Jiyong Park authored 6 years ago

This reverts commit 942500b9.

Bug: 75287236
Test: boot a device
Change-Id: If81a2d2a46979ffbd536bb95528c3b4ebe3483df

a6d9d6b6

Mar 31, 2018
- Merge "Update sepolicy to have system_server access stats_data" · 7718295a
  yro authored 7 years ago
  
  am: 8b11302e Change-Id: Iaed05ea224d163f69047ef9ffd4053e2abe03e6f
  7718295a
- Merge "Update sepolicy to have system_server access stats_data" · 8b11302e
  Treehugger Robot authored 7 years ago
  
  8b11302e
Mar 30, 2018
- Merge "Allow incidentd to read LAST_KMSG only for userdebug builds" · 1bcbab21
  Yi Jin authored 7 years ago
  
  am: 855c6c16 Change-Id: I0da863030a919dbd4f6f9591edc0f74d88357b02
  1bcbab21
- Merge "Allow incidentd to read LAST_KMSG only for userdebug builds" · 855c6c16
  Treehugger Robot authored 7 years ago
  
  855c6c16
- Update sepolicy to have system_server access stats_data · 36dd2a41
  yro authored 7 years ago
  
  Test: manually tested to prevent sepolicy violation Change-Id: I9ebcc86464a9fc61a49d5c9be40f19f3523b6785
  36dd2a41
- Merge "Allow netutils_wrapper to use pinned bpf program" · 4a0c24ed
  Chenbo Feng authored 7 years ago
  
  am: 4fb1a145 Change-Id: Idc53868180280f2710d75dacb42918f6e27599a7
  4a0c24ed
- Merge "Allow netutils_wrapper to use pinned bpf program" · 4fb1a145
  Treehugger Robot authored 7 years ago
  
  4fb1a145
- Merge "Test frozen sepolicy has not diverged from prebuilts." · 654134a4
  Tri Vo authored 7 years ago
  
  am: 8cafb58a Change-Id: Iedffb50a6cdbc0fd84169f15e0fddb19b476aeff
  654134a4
- Allow incidentd to read LAST_KMSG only for userdebug builds · 76238cd4
  Yi Jin authored 7 years ago
  
  Bug: 73354384 Test: manual Change-Id: Iaaeded69c287eae757aaf68dc18bc5a0c53b94e6
  76238cd4
- Merge "Test frozen sepolicy has not diverged from prebuilts." · 8cafb58a
  Treehugger Robot authored 7 years ago
  
  8cafb58a
- SELinux changes for I/O tracing. · bf456fa7
  Florian Mayer authored 7 years ago
  
  am: 9fcf22bb Change-Id: Ic61e460916a6bd07c117367d240e8883f4ca1fa2
  bf456fa7
- Label /proc/sys/kernel/sched_schedstats. · c4201260
  Joel Galenson authored 7 years ago
  
  am: 4b625e4a Change-Id: Iee12d5e7573c0681b4adba682085ceb3cc26e0ee
  c4201260
- SELinux changes for I/O tracing. · 9fcf22bb
  Florian Mayer authored 7 years ago
  
  See also go/perfetto-io-tracing-security. * Grant CAP_DAC_READ_SEARCH to traced_probes. * Allow traced_probes to list selected labels. * Change ext4 and f2fs events to be available on user builds. Bug: 74584014 Change-Id: I891a0209be981d760a828a69e4831e238248ebad
  9fcf22bb
Mar 29, 2018

Test frozen sepolicy has not diverged from prebuilts. · 81198bb8

Tri Vo authored 7 years ago

This will test that system/sepolicy/{public/, private/} are identical to
prebuilts if PLATFORM_SEPOLICY_VERSION is not 10000.0.

Bug: 74622750
Test: build policy
Test: correctly catches divergence from prebuilts for frozen policies

Change-Id: I2fa14b672544a021c2d42ad5968dfbac21b72f6a

81198bb8

Label /proc/sys/kernel/sched_schedstats. · 4b625e4a

Joel Galenson authored 7 years ago

This allows init to write to it, which it does for atrace.

Bug: 72643420
Test: Boot two devices, observe no denials, test atrace.
Change-Id: I6810e5dcdfaff176bd944317e66d4fe612ccebed
(cherry picked from commit dce07413)

4b625e4a

Merge "Remove unused dalvik.vm.stack-trace-dir." · 6bf3198e
Elliott Hughes authored 7 years ago
```
am: 242399a1

Change-Id: I62e7477947cb7e8f7210aaeb0740c969cadfa8d7
```
6bf3198e
Merge "Remove unused dalvik.vm.stack-trace-dir." · 242399a1
Elliott Hughes authored 7 years ago

242399a1
Merge "Suppress harmless denials for file creation in cgroupfs." · 7d39a531
Alan Stokes authored 7 years ago
```
am: 9a76c280

Change-Id: I7a6b5de668d06fe709a0ae922623fcc76474de12
```
7d39a531
Merge "Suppress harmless denials for file creation in cgroupfs." · 9a76c280
Treehugger Robot authored 7 years ago

9a76c280