Commits · 7acd15174a940d91aed76d82fa62786804b364b3 · Werner Sembach / AndroidSystemSEPolicy

Apr 26, 2017
- Merge "relax fuse_device neverallow rules" into oc-dev · 7acd1517
  Nick Kralevich authored 7 years ago
  
  am: c78db706 Change-Id: I7b866f588980ebb068629e326155976629bf2223
  7acd1517
- Merge "relax fuse_device neverallow rules" into oc-dev · c78db706
  TreeHugger Robot authored 7 years ago
  
  c78db706
- relax fuse_device neverallow rules · 45766d41
  Nick Kralevich authored 7 years ago
  
  The fuse_device neverallow rules are too aggressive and are inhibiting certain vendor customizations. Relax the /dev/fuse neverallow rules so that they better reflect the security invariants we want to uphold. Bug: 37496487 Test: policy compiles. Change-Id: Ie73b0ba7c76446afc2a7a23ebed1275c977d932d
  45766d41
- Merge "Remove rules blocking vrcore_app to connect to VR HWC and VirtualTouchpad" into oc-dev · 8784e1e7
  Daniel Nicoara authored 7 years ago
  
  am: a5647da3 Change-Id: I502e43626fd430da68f2a149704dafac024b3cc9
  8784e1e7
- Merge "Remove rules blocking vrcore_app to connect to VR HWC and VirtualTouchpad" into oc-dev · a5647da3
  TreeHugger Robot authored 7 years ago
  
  a5647da3
- Merge "Allow Bluetooth sys_nice and system_server setsched for Bluetooth HAL"... · 5a3e6710
  Philip Cuadra authored 7 years ago
  
  Merge "Allow Bluetooth sys_nice and system_server setsched for Bluetooth HAL" am: 2e8b0004 am: 1cc029ea am: 1d4bb3ac Change-Id: I319a76a77cab5f4af2f8eb98aaaa2752564e04b0
  5a3e6710
- Merge "Allow Bluetooth sys_nice and system_server setsched for Bluetooth HAL" am: 2e8b0004 · 1d4bb3ac
  Philip Cuadra authored 7 years ago
  
  am: 1cc029ea Change-Id: I4dc969584352c3181c3a0e49c90dff8a89940ea8
  1d4bb3ac
- Merge "Allow Bluetooth sys_nice and system_server setsched for Bluetooth HAL" · 1cc029ea
  Philip Cuadra authored 7 years ago
  
  am: 2e8b0004 Change-Id: I2e8648728c5e63037686981c154d16c3010ac095
  1cc029ea
- Merge "Allow Bluetooth sys_nice and system_server setsched for Bluetooth HAL" · 2e8b0004
  Philip Cuadra authored 7 years ago
  
  2e8b0004
- Merge "Assert ban on framework <-> vendor comms over VndBinder" into oc-dev · cdcfb552
  Alex Klyubin authored 7 years ago
  
  am: a9d7b895 Change-Id: I040a1874e3a08510d9b7c9a107a149845dd1976c
  cdcfb552
- Merge "Assert ban on framework <-> vendor comms over VndBinder" into oc-dev · a9d7b895
  Alex Klyubin authored 7 years ago
  
  a9d7b895
- Merge "Do not warn about empty typesets in neverallows" into oc-dev · 16fcbe8f
  Alex Klyubin authored 7 years ago
  
  am: 26564ce7 Change-Id: I8961e581bad56f118c112f6b1e6d2ba11a81ccf6
  16fcbe8f
- Merge "Do not warn about empty typesets in neverallows" into oc-dev · 26564ce7
  Alex Klyubin authored 7 years ago
  
  26564ce7
- Merge "Allow DRM hal to access fd allocated by mediaserver" into oc-dev · adee97e9
  Jeff Tinker authored 7 years ago
  
  am: f033cfdc Change-Id: I8d8c0e786bdbb7374fa4a77649507706176b28d9
  adee97e9
Apr 25, 2017

Merge "Allow DRM hal to access fd allocated by mediaserver" into oc-dev · f033cfdc
TreeHugger Robot authored 7 years ago

f033cfdc
Merge "Remove underscore from Companion service name" into oc-dev · 2cad0f48
Eugene Susla authored 7 years ago
```
am: 364644eb

Change-Id: I83410880ad404a5cabd5d7ec287f5d538110556e
```
2cad0f48
Merge "Remove underscore from Companion service name" into oc-dev · 364644eb
TreeHugger Robot authored 7 years ago

364644eb

Do not warn about empty typesets in neverallows · c60d3ea1

Alex Klyubin authored 7 years ago

Empty typeset is not an issue in neverallow rules. The reason is that
it's completly normal for scontext or tcontext of neverallow rules to
evaluate to an empty type set. For example, there are neverallow rules
whose purpose is to test that all types with particular powers are
associated with a particular attribute:
  neverallow {
    untrusted_app_all
    -untrusted_app
    -untrusted_app_25
  } domain:process fork;

Test: sepolicy-analyze neverallow -w -n \
          'neverallow {} {}:binder call;'
      produces empty output instead of "Warning!  Empty type set"
Bug: 37357742
Change-Id: Id61b4fe22fafaf0522d8769dd4e23dfde6cd9f45

c60d3ea1

Allow DRM hal to access fd allocated by mediaserver · 3bc24e68

Jeff Tinker authored 7 years ago

Test: gts-tradefed run gts -m GtsMediaTestCases -t com.google.android.media.gts.MediaPlayerTest#testLLAMA_H264_BASELINE_240P_800_DOWNLOADED_V0_SYNC

bug:37548390
Change-Id: I9c2d446118d3a5f729730b75ec117954e383159b

3bc24e68

Assert ban on framework <-> vendor comms over VndBinder · 00657834

Alex Klyubin authored 7 years ago

This adds neverallow rules which enforce the prohibition on
communication between framework and vendor components over VendorBinder.
This prohibition is similar in spirit to the one for Binder
communications.

Most changes consist of adding neverallow rules, which do not affect
runtime behavior. The only change which does affect runtime behavior
is the change which takes away the right of servicemanager domain to
transfer Binder tokens to hwservicemanager and vndservicemanager. This
grant was there by accident (because it was overly broad) and is not
expected to be needed: servicemanager, hwservicemanager, and
vndservicemanager are not supposed to be communicating with each
other.

P. S. The new neverallow rules in app_neverallows.te are covered by
the new rules in domain.te. The rules were nevertheless added to
app_neverallows.te for consistency with other *Binder rules there.

Test: mmm system/sepolicy
Bug: 37663632
Change-Id: I7c2ae23924bf0f2fed3f1e3a8d4d603129286329

00657834

Fix typos in comment · 68266d06
Alex Klyubin authored 7 years ago
```
am: a8a03c84

Change-Id: I1157c928baa664d196ef0c81741ef6ffd24ba9b2
```
68266d06

Fix typos in comment · a8a03c84

Alex Klyubin authored 7 years ago

This is a follow-up to cbc0d2bb which
introduced the typos.

Test: mmm system/sepolicy -- comments only change
Bug: 37640821
Change-Id: Ibe0eda0b3ee9bbfb1e33ef98f2e81267ec580e59

a8a03c84

Merge "Add a TODO for the Audio HAL socket use violation" into oc-dev · 406fbf50
Alex Klyubin authored 7 years ago
```
am: 53b2c809

Change-Id: I0b2d4db7bbd33abde41229d6e40a4a2ef1f89085
```
406fbf50
Merge "Add a TODO for the Audio HAL socket use violation" into oc-dev · 53b2c809
TreeHugger Robot authored 7 years ago

53b2c809
Merge "Allow dumpstate to acquire xtables.lock" into oc-dev · cadce81f
Joel Scherpelz authored 7 years ago
```
am: 7a1074d2

Change-Id: I2dc21f2e4cb0fee5f072779728bb0a9394915d08
```
cadce81f
Merge "Allow dumpstate to acquire xtables.lock" into oc-dev · 7a1074d2
Joel Scherpelz authored 7 years ago

7a1074d2
Merge "Allow UDP Sockets to be returned from IpSecService" am: 327d7cb9 am: a9be5320 · 21582f73
nharold authored 7 years ago
```
am: cda872a8

Change-Id: I364c5cc081f9c906e92844a9d456b78ae90a3895
```
21582f73
Merge "Allow UDP Sockets to be returned from IpSecService" am: 327d7cb9 · cda872a8
nharold authored 7 years ago
```
am: a9be5320

Change-Id: Iee7069f192593f4b7588f8b6d272b1bef5fbd36c
```
cda872a8
Merge "Allow UDP Sockets to be returned from IpSecService" · a9be5320
nharold authored 7 years ago
```
am: 327d7cb9

Change-Id: Ie9399516244e38f0c5f57205fe9f0da35aec8ba7
```
a9be5320
Merge "Allow UDP Sockets to be returned from IpSecService" · 327d7cb9
nharold authored 7 years ago

327d7cb9

Allow dumpstate to acquire xtables.lock · ca097979

Joel Scherpelz authored 7 years ago

iptables recently changed its behavior to strictly require xtables.lock.
dumpstate selinux policy must be updated to allow access.

Bug: 37648320
Test: dumpstate succeeds with no avc: denied ... xtables.lock messages
Change-Id: Ic7e243739f375a60fa14fe67fac910d31d978ffd

ca097979

Merge "Add a TODO for the NFC HAL socket use violation" into oc-dev · c29f6955
Alex Klyubin authored 7 years ago
```
am: 3f6b7ff0

Change-Id: I0639248d7f1e2ed1012a563c9b0b4db1fb651bb4
```
c29f6955
Merge "Add a TODO for the NFC HAL socket use violation" into oc-dev · 3f6b7ff0
TreeHugger Robot authored 7 years ago

3f6b7ff0

Allow Bluetooth sys_nice and system_server setsched for Bluetooth HAL · 6eee6eb2

Philip Cuadra authored 8 years ago

Bluetooth needs the capability to set audio-related threads to be RT
scheduled.  Grant it sys_nice.

system_server needs to set priority for the Bluetooth HAL.  Allow it.

Bug 37518404
Test:  Play Bluetooth audio, confirm RT scheduling with systrace
Change-Id: Iaf7b85a11a51883744d72a50addfd320b6fbbc2f

6eee6eb2

Merge "Assert untrusted apps can't add or list hwservicemanager" into oc-dev · 3b130767
Alex Klyubin authored 7 years ago
```
am: f84989e5

Change-Id: I4391c7b44d495efadf39b8f14cfccfe2d966b419
```
3b130767
Merge "Assert untrusted apps can't add or list hwservicemanager" into oc-dev · f84989e5
TreeHugger Robot authored 7 years ago

f84989e5

Apr 24, 2017
- Merge "Android.mk: fix dependency typo" into oc-dev · 90b1abcc
  Jeffrey Vander Stoep authored 7 years ago
  
  am: e5f4d874 Change-Id: Ibd9708b1db37e54946c856b7c52c1e1a7eb7c58d
  90b1abcc
- Merge "Android.mk: fix dependency typo" into oc-dev · e5f4d874
  Jeffrey Vander Stoep authored 7 years ago
  
  e5f4d874
- Android.mk: fix dependency typo · 5edd96d9
  Jeff Vander Stoep authored 7 years ago
  
  Bug: 37646565 Test: build marlin-userdebug Change-Id: I3325d027fa7bdafb48f1f53ac052f2a68352c1dc
  5edd96d9
- Merge "Retain neverallow rules in CIL files" into oc-dev · 38f3692f
  Jeff Vander Stoep authored 7 years ago
  
  am: 4d71b96e Change-Id: I363c0ce1fc27d560da94b857d54a5149467d56ba
  38f3692f