During removing cache data using Zipper application, I found violation logs.

avc:  denied  { write } for  pid=198 comm="installd" name="cache" dev="mmcblk0p29" ino=81680 scontext=u:r:installd:s0 tcontext=u:object_r:download_file:s0 tclass=dir
avc:  denied  { remove_name } for  pid=198 comm="installd" name="downloadfile.apk" dev="mmcblk0p29" ino=82247 scontext=u:r:installd:s0 tcontext=u:object_r:download_file:s0 tclass=dir
avc:  denied  { unlink } for  pid=198 comm="installd" name="downloadfile.apk" dev="mmcblk0p29" ino=82247 scontext=u:r:installd:s0 tcontext=u:object_r:download_file:s0 tclass=file

Reproduction path is like below
1. Downloading Zipper application from Google Play (I used Zipper 1.9.9.2)
2. Clicking option and clicking "removing cache" button
3. Select "yes"
4. Violation show up

Change-Id: I7993f1d20e3aa4c3e19c4aba9b4bef6760831a87

bluetooth, nfc, radio and shell are not explicitly declared
in installd.te. This prevents applications in those group
from upgrading by "adb install -r".

You can reproduce the issue by following step:
 1. adb pull /system/priv-app/Shell.apk
 2. adb install -r Shell.apk
 3. install failed with the error log blow

[Error in logcat]
E/installd(  338): couldn't symlink directory '/data/data/com.android.shell/lib' -> '/data/app-lib/com.android.shell-1': Permission denied
E/installd(  338): couldn't symlink directory '/data/data/com.android.shell/lib' -> '/data/app-lib/Shell': Permission denied

[Error in dmesg]
<5>[  112.053301] type=1400 audit(1387412796.071:10): avc:  denied  { create } for  pid=337 comm="installd" name="lib" scontext=u:r:installd:s0 tcontext=u:object_r:shell_data_file:s0 tclass=lnk_file

This operation fails only if the app belongs to any of the
groups specified in the commit title.

Change-Id: I7572df9fb6e471fad34f61137f0eeeda4c82659d

The specific denials we see are:

denied  { getattr } for  pid=169 comm=""installd"" path=""/data/data/com.android.providers.downloads/cache/downloadfile.jpeg"" dev=""mmcblk0p23"" ino=602861 scontext=u:r:installd:s0 tcontext=u:object_r:download_file:s0 tclass=file
denied  { fsetid } for  pid=598 comm=""netd"" capability=4  scontext=u:r:netd:s0 tcontext=u:r:netd:s0 tclass=capability
denied  { read } for  pid=209 comm=""installd"" name=""cache"" dev=""mmcblk0p28"" ino=81694 scontext=u:r:installd:s0 tcontext=u:object_r:download_file:s0 tclass=dir

Bug: 10786017
Change-Id: Ia5d0b6337f3de6a168ac0d5a77df2a1ac419ec29

This fixes an issue in which installd can't open download
file dirs.

Bug: 10710450
Change-Id: I1dd08188a88428143c4bb914e872175dc3755597

This fixes an issue in which installd can't open download
file dirs.

Bug: 10710450
Change-Id: I1dd08188a88428143c4bb914e872175dc3755597

This enables installd to uninstall or clear data of installed apps
whose data directory contains unusual file types, such as FIFO.

Bug: 10680357

(cherry picked from commit 839af9ed)

Change-Id: I5715f7d6d3214896ad0456d614b052cf5fb79eef

Part of d615ef34 hasn't been backported
to klp-dev yet.  Do it now.

Change-Id: Ib4f26c64d376e236fa3f76166f5d78a9f28b79a3

Bug: 10680357
Change-Id: I2a20f4aaaa53acbd53a404d369a79ae47246ad6f

Change-Id: Ie0947f79c63f962220d3c9316c5d5d82f677821f

The emulator has been upgraded to ext4, which was the root cause
of bug 9685803. See https://code.google.com/p/android/issues/detail?id=38561 .
As a result, we can reenable installd protections.

This reverts commit 201cfae4.

Bug: 9685803
Change-Id: I4ed47f7aeaef4aac504e13c2ae23fb416e4e6e49

For unlabeled files, revert to DAC rules. This is for backwards
compatibility, as files created before SELinux was in place may
not be properly labeled.

Over time, the number of unlabeled files will decrease, and we can
(hopefully) remove this rule in the future.

To prevent inadvertantly introducing the "relabelto" permission, add
a neverallow domain, and add apps which have a legitimate need to
relabel to this domain.

Bug: 9777552
Change-Id: I71b0ff8abd4925432062007c45b5be85f6f70a88

This is breaking the emulator.

Bug: 9685803
Change-Id: Ibd5b312b97d52fdac9289e44a40e9bba07be1c7f

This change enables SELinux security enforcement on the installd
process.

For the installd.te file only, this change is equivalent to reverting
the following commits:

    * 50e37b93
    * 77d4731e

No other changes were required.

Testing: As much as possible, I've tested that package installation
works, from both adb and via Android market. There were no denials
in the kernel dmesg log, and everything appears to be working correctly.

It's quite possible I've missed something. If we experience problems,
I'm happy to roll back this change.

Bug: 9662644
Change-Id: Id93d4ee7b517dfa28c9a0b1d45d936b56892ac0a

This prevents denials from being generated by the base policy.
Over time, these rules will be incrementally tightened to improve
security.

Change-Id: I4be1c987a5d69ac784a56d42fc2c9063c402de11

Bug: 4070557
Change-Id: I027f76cff6df90e9909711cb81fbd17db95233c1

/data/security is another location that policy
files can reside. In fact, these policy files
take precedence over their rootfs counterparts
under certain circumstances. Give the appropriate
players the rights to read these policy files.

Change-Id: I9951c808ca97c2e35a9adb717ce5cb98cda24c41

/data/security is another location that policy
files can reside. In fact, these policy files
take precedence over their rootfs counterparts
under certain circumstances. Give the appropriate
players the rights to read these policy files.

Change-Id: I9951c808ca97c2e35a9adb717ce5cb98cda24c41

Creates 2 new types:
- asec_apk_file : files found under /mnt/asec
                  when the asec images are mounted
- asec_image_file : the actual encrypted apks under
                    /data/app-asec

Change-Id: I963472add1980ac068d3a6d36a24f27233022832
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>