- Apr 26, 2016
-
-
Jeff Vander Stoep authoredTIOCGWINSZ = 0x00005413 avc: denied { ioctl } for comm="ls" path="socket:[362628]" dev="sockfs" ino=362628 ioctlcmd=5413 scontext=u:r:shell:s0 tcontext=u:r:adbd:s0 tclass=unix_stream_socket permissive=0 Bug: 28171804 Change-Id: I460e2469730d0cd90d714f30803ef849317d4be7
-
- Apr 24, 2016
-
-
Jeffrey Vander Stoep authored
-
Jeff Vander Stoep authored
camera_device was previously removed in AOSP commit: b7aace2d "camera_device: remove type and add typealias" because the same domains required access to both without exception, meaning there was no benefit to distinguishing between the two. However, with the split up of mediaserver this is no longer the case and distinguishing between the camera and video provides a legitimate security benefit. For example, the mediacodec domain requires access to the video_device for access to hardware accelerated codecs but does not require access to the camera. Bug: 28359909 Change-Id: I8a4592722d8e6391c0e91b440914284b7245e232
-
- Apr 22, 2016
-
-
Alex Deymo authored
The boot_control HAL is library loaded by our daemons (like update_engine and update_verifier) that interacts with the bootloader. The actual implementation of this library is provided by the vendor and its runtime permissions are tied to this implementation which varies a lot based on how the bootloader and the partitions it uses are structured. This patch moves these permissions to an attribute so the attribute can be expanded on each device without the need to repeat that on each one of our daemons using the boot_control HAL. Bug: 27107517 (cherry picked from commit 0f8d9261) Change-Id: Icb2653cb89812c0de81381ef48280e4ad1e9535c
-
Jeffrey Vander Stoep authored
-
Jeff Vander Stoep authored
Bug: 28348382 Change-Id: Iaab1430750dfbb997900d3d70993c9fff2a8745d
-
TreeHugger Robot authored
-
Andreas Gampe authored
Give mount & chroot permissions to otapreopt_chroot related to postinstall. Add postinstall_dexopt for otapreopt in the B partition. Allow the things installd can do for dexopt. Give a few more rights to dex2oat for postinstall files. Allow postinstall files to call the system server. Bug: 25612095 Change-Id: If7407473d50c9414668ff6ef869c2aadd14264e7
-
- Apr 21, 2016
-
-
Mukesh Agrawal authored
* changes: allow system server to set log.tag.WifiHAL limit shell's access to log.* properties
-
Jeff Vander Stoep authored
Define SIOCKILLADDR. Define wireless extension private types between SIOCIWFIRSTPRIV- SIOCIWLASTPRIV SIOCPROTOPRIVATE-SIOCPROTOPRIVLAST and SIOCDEVPRIVATE-SIOCDEVPRIVLAST Change-Id: I0237dec9e3ffb030ce6573dfa9b81835b7f4f95e
-
- Apr 20, 2016
-
-
Christopher Tate authored
Specifically, backup of wallpaper imagery needs to use hard links to achieve "real file" access to the large imagery files without rewriting the contents all the time just to stage for backup. They can't be symlinks because the underlying backup mechanisms refuse to act on symbolic links for other security reasons. Bug 25727875 Change-Id: Ic48fba3f94c92a4b16ced27a23646296acf8f3a5
-
- Apr 19, 2016
-
-
mukesh agrawal authored
On eng and userdebug builds (only), allow system server to change the value of log.tag.WifiHAL. WifiStateMachine will set this property to 'D' by default. If/when a user enables "Developer options -> Enable Wi-Fi Verbose Logging", WifiStateMachine change log.tag.WifiHAL to 'V'. BUG=27857554 TEST=manual (see below) Test detail 1. on user build: $ adb shell setprop log.tag.WifiHAL V $ adb shell getprop log.tag.WifiHAL <blank line> $ adb bugreport | grep log.tag.WifiHAL <11>[ 141.918517] init: avc: denied { set } for property=log.tag.WifiHAL pid=4583 uid=2000 gid=2000 scontext=u:r:shell:s0 tcontext=u:object_r:wifi_log_prop:s0 tclass=property_service permissive=0 <11>[ 141.918566] init: sys_prop: permission denied uid:2000 name:log.tag.WifiHAL 2. on userdebug build: $ adb shell getprop log.tag.WifiHAL $ <blank line> $ adb shell setprop log.tag.WifiHAL V $ adb shell getprop log.tag.WifiHAL V 3. on userdebug build with modified WifiStateMachine: $ adb shell getprop log.tag.WifiHAL D Change-Id: I9cdd52a2b47a3dd1065262ea8c329130b7b044db -
mukesh agrawal authored
Restrict the ability of the shell to set the log.* properties. Namely: only allow the shell to set such properities on eng and userdebug builds. The shell (and other domains) can continue to read log.* properties on all builds. While there: harmonize permissions for log.* and persist.log.tag. Doing so introduces two changes: - log.* is now writable from from |system_app|. This mirrors the behavior of persist.log.tag, which is writable to support "Developer options" -> "Logger buffer sizes" -> "Off". (Since this option is visible on user builds, the permission is enabled for all builds.) - persist.log.tag can now be set from |shell| on userdebug_or_eng(). BUG=28221972 TEST=manual (see below) Testing details - user build (log.tag) $ adb shell setprop log.tag.foo V $ adb shell getprop log.tag <blank line> $ adb bugreport | grep log.tag.foo [ 146.525836] init: avc: denied { set } for property=log.tag.foo pid=4644 uid=2000 gid=2000 scontext=u:r:shell:s0 tcontext=u:object_r:log_prop:s0 tclass=property_service permissive=0 [ 146.525878] init: sys_prop: permission denied uid:2000 name:log.tag.foo - userdebug build (log.tag) $ adb shell getprop log.tag.foo <blank line> $ adb shell setprop log.tag.foo V $ adb shell getprop log.tag.foo V - user build (persist.log.tag) $ adb shell getprop | grep log.tag <no match> - Developer options -> Logger buffer sizes -> Off $ adb shell getprop | grep log.tag [persist.log.tag]: [Settings] [persist.log.tag.snet_event_log]: [I] Change-Id: Idf00e7a623723a7c46bf6d01e386aeca92b2ad75 -
Lorenzo Colitti authored
-
Lorenzo Colitti authored
Bug: 28251026 Change-Id: I73dce178b873d45e703896f12c10325af2ade81d
-
Nick Kralevich authored
Doesn't appear to be needed anymore. Change-Id: I7a1fcf4c17fa69c313daebb87c9b0bf654169ee0
-
- Apr 18, 2016
-
-
Jeff Vander Stoep authored
Bug: 27549740 Change-Id: I3f646984fbd9cbcb58636d158a9ac0afc5a930ce
-
- Apr 16, 2016
-
-
TreeHugger Robot authored
-
- Apr 15, 2016
-
-
TreeHugger Robot authored
-
Jeff Vander Stoep authored
(cherry picked from commit 6ba383c5) Restrict unix_dgram_socket and unix_stream_socket to a whitelist. Disallow all ioctls for netlink_selinux_socket and netlink_route_socket. Neverallow third party app use of all ioctls other than unix_dgram_socket, unix_stream_socket, netlink_selinux_socket, netlink_route_socket, tcp_socket, udp_socket and rawip_socket. Bug: 28171804 Change-Id: Icfe3486a62fc2fc2d2abd8d4030a5fbdd0ab30ab
-
Nick Kralevich authored
(cherry picked from commit 1df23cbf) This does not appear needed anymore. Bug: 27549740 Change-Id: I3128ab610c742b18008f4cfc2a7116b210f770e7
-
Nick Kralevich authored
Add a neverallow rule (compile time assertion + CTS test) that isolated_apps and untrusted_apps can't do anything else but append to /data/anr/traces.txt. In particular, assert that they can't read from the file, or overwrite other data which may already be in the file. Bug: 18340553 Bug: 27853304 (cherry picked from commit 369cf8cd) Change-Id: Ib33e7ea0342ad28e5a89dfffdd9bc16fe54d8b3d
-
- Apr 14, 2016
-
-
Andy Hung authored
-
Andy Hung authored
-
Lorenzo Colitti authored
-
Andy Hung authored
Bug: 28179196 Change-Id: I580f0ae2b3d86f9f124195271f6dbb6364e4fade
-
- Apr 13, 2016
-
-
Andy Hung authored
Bug: 28169802 Change-Id: Ibc063470a42601ea232b1fa535663641a761eea7
-
Andy Hung authored
Bug: 28049120 Change-Id: Id288092402f36daafc3347db9b62d341a1de2eb3
-
TreeHugger Robot authored
-
TreeHugger Robot authored
-
dcashman authored
Bug: 28165026 Change-Id: I3deecd692b348dbb28bf1d36a88696e4bc1db92d
-
Jeff Vander Stoep authored
Move from privileged macro to unprivileged. Bug: 28164785 Change-Id: Ide39dc0009871c209249a41e574e84009ac47380
-
Lorenzo Colitti authored
1. Allow the system server to create the dns_listener service. 2. Allow netd to use said service. Change-Id: Ic6394d7b2bdebf1c4d6cf70a79754a4996e943e2
-
Nick Kralevich authored
Allow adbd and app domains to read the symlink at /mnt/sdcard. This symlink was suppose to have been removed in the Gingerbread time frame, but lives on. Read access for this symlink was removed from adbd and the shell user in 8ca19368, and from untrusted_app in cbf7ba18. Addresses the following denials: avc: denied { read } for name="sdcard" dev="tmpfs" ino=9486 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:tmpfs:s0 tclass=lnk_file permissive=0 avc: denied { read } for pid=4161 comm=73657276696365203137 name="sdcard" dev="tmpfs" ino=5114 scontext=u:r:adbd:s0 tcontext=u:object_r:tmpfs:s0 tclass=lnk_file permissive=0 Bug: 25801877 Bug: 28108983 Change-Id: Ia31cd8b53c9c3a5b7d11be42c2fde170f96affb0
-
- Apr 12, 2016
-
-
Peng Xu authored
-
- Apr 11, 2016
-
-
Peng Xu authored
This allows system app, regular app as well as test app to access ContextHubManager API. Additional "signature|privilige" permission requirement (LOCATION_HARDWARE) still exist to prevent security issues, misuse and abuse. Change-Id: I47f3d243a3de7f1202c933fc715a935c43cf319b
-
- Apr 09, 2016
-
-
Alex Deymo authored
postinstall_file was an exec_type so it could be an entrypoint for the domain_auto_trans from update_engine domain to postinstall domain. This patch removes the exec_type from postinstall_file and exempts it from the neverallow rule to become an entrypoint. Bug: 28008031 TEST=postinstall_example still runs as the "postinstall" domain on edison-eng. (cherry picked from commit a9671c6b) Change-Id: I2e1f61ed42f8549e959edbe047c56513903e8e9c
-
- Apr 08, 2016
- Apr 07, 2016
-
-
Jeffrey Vander Stoep authored
-