Commits · 81e1c12f5688e338230c53546a7d138f96b6cc97 · Werner Sembach / AndroidSystemSEPolicy

Apr 03, 2017
- Merge "Grant vdc access to kmsg" into oc-dev · 81e1c12f
  Tom Cherry authored 7 years ago
  
  am: 0c31c85a Change-Id: I2e6c151eb6b3413054f52d0dea5ab93c91065319
  81e1c12f
- Merge "Grant vdc access to kmsg" into oc-dev · 0c31c85a
  Tom Cherry authored 7 years ago
  
  0c31c85a
- Merge "Add sepolicy for tv.input" into oc-dev · 7e9f5352
  Shubang Lu authored 7 years ago
  
  am: a1c06508 Change-Id: I7e586b6bf9c22ab0380f9982889f0c8c86115df1
  7e9f5352
- Merge "Add sepolicy for tv.input" into oc-dev · a1c06508
  Shubang Lu authored 7 years ago
  
  a1c06508
- Merge "VR: Add sepolicy for VR HWC service" into oc-dev · 888bc0bb
  Daniel Nicoara authored 7 years ago
  
  am: ed82acb9 Change-Id: I2c7dc59f0ea468fba1e34d38a55cc2e8e6cc3289
  888bc0bb
- Merge "VR: Add sepolicy for VR HWC service" into oc-dev · ed82acb9
  TreeHugger Robot authored 7 years ago
  
  ed82acb9
Apr 02, 2017
- Merge "Remove unused wificond sepolicy privilges" into oc-dev · 3c0561b1
  Ningyuan Wang authored 7 years ago
  
  am: a299bc80 Change-Id: I94b99a1ace48fafeb47280d1d6764cac70fb9464
  3c0561b1
- Merge "Remove unused wificond sepolicy privilges" into oc-dev · a299bc80
  Ningyuan Wang authored 7 years ago
  
  a299bc80
Apr 01, 2017

Merge "Ban core components from accessing vendor data types" into oc-dev · f9b6368a
Jeffrey Vander Stoep authored 7 years ago
```
am: 814edf8c

Change-Id: I9a8cd19a081ab7731f8caf098e406d0af9ce9c48
```
f9b6368a
Merge "Ban core components from accessing vendor data types" into oc-dev · 814edf8c
Jeffrey Vander Stoep authored 7 years ago

814edf8c

Ban core components from accessing vendor data types · 50563c03

Vendor and system components are only allowed to share files by
passing open FDs over HIDL. Ban all directory access and all file
accesses other than what can be applied to an open FD such as
ioctl/stat/read/write/append.

This commit asserts that core components marked with attribute
coredomain may only access core data types marked with attribute
core_data_file_type.

A temporary exemption is granted to domains that currently rely on
access.

(cherry picked from commit cd97e710)

Bug: 34980020
Test: build Marlin policy
Change-Id: I2f0442f2628fbac1f2f7aa5ddf2a13e16b2546cc

50563c03

Merge "Refactor sanitized library on-disk layout - SELinux." into oc-dev · 99575587
Vishwath Mohan authored 7 years ago
```
am: 45f699c7

Change-Id: Ib868a803f480a3c756102e59d49275b6eb4e6372
```
99575587
Merge "Refactor sanitized library on-disk layout - SELinux." into oc-dev · 45f699c7
TreeHugger Robot authored 7 years ago

45f699c7
Merge "domain: grant all domains access to zoneinfo" into oc-dev · 035a0424
Jeff Vander Stoep authored 7 years ago
```
am: 386f9460

Change-Id: Ieba3686f331cfa1c3a0907bf15db188a19d3f140
```
035a0424
Merge "domain: grant all domains access to zoneinfo" into oc-dev · 386f9460
TreeHugger Robot authored 7 years ago

386f9460

Refactor sanitized library on-disk layout - SELinux. · 063de1e0

Vishwath Mohan authored 7 years ago

This CL changes the policy for ASAN files on-disk to support the
changes made by the following CLs -
https://android-review.googlesource.com/#/c/359087/
https://android-review.googlesource.com/#/c/359389/

which refactor the on-disk layout of sanitized libraries in the following
manner -
/data/lib* --> /data/asan/system/lib*
/data/vendor/* --> /data/asan/vendor/*

There are a couple of advantages to this, including better isolation
from other components, and more transparent linker renaming and
SELinux policies.

(cherry picked from commit 33ebdda8)

Bug: 36574794
Bug: 36674745
Test: m -j40 && SANITIZE_TARGET="address" m -j40 and the device
boots. All sanitized libraries are correctly located in /data/asan/*,
and have the right SELinux permissions.

Change-Id: Ib08e360cecc8d77754a768a9af0f7db35d6921a9

063de1e0

Merge "Tighten restrictions on core <-> vendor socket comms" into oc-dev · 6fa700c9
Alex Klyubin authored 7 years ago
```
am: ad80182a

Change-Id: I8ecf3458b0974043e4ded8ed343e8191b01b1942
```
6fa700c9

Remove unused wificond sepolicy privilges · f3443ee7

Ningyuan Wang authored 7 years ago

Bug: 33239267
Test: compile, run wifi, no selinux complaint for wificond
Change-Id: I9b3e874381ac6cd7c6ff1058cc4f313bd85481b8

f3443ee7

Merge "Tighten restrictions on core <-> vendor socket comms" into oc-dev · ad80182a
Alex Klyubin authored 7 years ago

ad80182a

Mar 31, 2017

storaged: allow shell to call dumpsys storaged · 12dc7f20
Jin Qian authored 7 years ago
```
am: a239f30f

Change-Id: Iee8134c83616720639c9ecb55f34c7b8bad9872a
```
12dc7f20

Grant vdc access to kmsg · e9614833

Tom Cherry authored 7 years ago

Init is no longer calling vdc with logwrapper, so it must take care of
logging to kmsg directly.

avc: denied { write } for pid=367 comm="vdc" name="kmsg" dev="tmpfs" ino=11056 scontext=u:r:vdc:s0 tcontext=u:object_r:kmsg_device:s0 tclass=chr_file permissive=0

Bug: 36278706
Test: observe vdc logging in kmsg on boot and stderr on normal usage

(cherry picked from commit bc4d3630)

Change-Id: Id7bc2fa87518aa0678c09495267c9e198ca8c968

e9614833

Add sepolicy for tv.input · c76e158c

Shubang authored 7 years ago

Test: build, flash; adb shell lshal
Bug: 36562029
Change-Id: If8f6d8dbd99d31e6627fa4b7c1fd4faea3b75cf2

c76e158c

Merge "Add reverse-attribute mapping to sepolicy-analyze." am: cb6f8f02 am: 22b00be7 · bb898002
Daniel Cashman authored 7 years ago
```
am: 537e9e98

Change-Id: Ia100e124b6d1bb4c0f37959acbbca63a26867c9b
```
bb898002
Merge "Add reverse-attribute mapping to sepolicy-analyze." am: cb6f8f02 · 537e9e98
Daniel Cashman authored 7 years ago
```
am: 22b00be7

Change-Id: Id8e7c42e8e92fed47611c083d40c2d574d3d6918
```
537e9e98
Merge "Add reverse-attribute mapping to sepolicy-analyze." · 22b00be7
Daniel Cashman authored 7 years ago
```
am: cb6f8f02

Change-Id: I47b6a0362f268ba1a599ab2354f72357fc7b79cc
```
22b00be7
Merge "Add reverse-attribute mapping to sepolicy-analyze." · cb6f8f02
Daniel Cashman authored 7 years ago

cb6f8f02

domain: grant all domains access to zoneinfo · 5aebe512

Jeff Vander Stoep authored 7 years ago

/data/misc/zoneinfo is provided by libc and is considered to be
VNDK stable. Grant read access to all domains and exempt from
neverallow rules asserting no vendor access to core data types.

Bug: 36730929
Test: Marlin Policy builds
Change-Id: I13766a661d6314f5393639fc20f1ab55d802f35f

5aebe512

storaged: allow shell to call dumpsys storaged · a239f30f

Jin Qian authored 8 years ago

Test: adb kill-server && adb shell dumpsys storaged
Bug: 36492915
Change-Id: I3a1a2ad2f016ddd5770d585cae82c8be69001df9

a239f30f

Merge "Grant vdc access to kmsg" am: 6b92e26a am: 58cb5787 · 3ccbea52
Tom Cherry authored 7 years ago
```
am: bb51a941

Change-Id: Ibeacdffdbcd24e0a34617ef1f259764242db2d3e
```
3ccbea52
Merge "Refactor sanitized library on-disk layout - SELinux." am: a2e9664c am: ebe26cbb · 91b0903c
Vishwath Mohan authored 7 years ago
```
am: ba0c430b

Change-Id: I81611c73460132d34d9bc4c30df6d99b3f0d97a4
```
91b0903c
Merge "Further lock down access to services from ephemeral apps" into oc-dev · d14187d6
Chad Brubaker authored 7 years ago
```
am: 5af76fca

Change-Id: I705f9a6cc45c6c8829d148d2c2ba333ba23759ac
```
d14187d6
Merge "Grant vdc access to kmsg" am: 6b92e26a · bb51a941
Tom Cherry authored 7 years ago
```
am: 58cb5787

Change-Id: I219d6074cf3ff7253ef74ebc6d8aa5372d296243
```
bb51a941
Merge "Refactor sanitized library on-disk layout - SELinux." am: a2e9664c · ba0c430b
Vishwath Mohan authored 7 years ago
```
am: ebe26cbb

Change-Id: If6ca7b2337a0b80b6fe2c0163e9a8bec2e7d6829
```
ba0c430b
Merge "Grant vdc access to kmsg" · 58cb5787
Tom Cherry authored 7 years ago
```
am: 6b92e26a

Change-Id: Ie76aa1f95e72b6183c13be4f9dc86481a2d63077
```
58cb5787
Merge "Refactor sanitized library on-disk layout - SELinux." · ebe26cbb
Vishwath Mohan authored 7 years ago
```
am: a2e9664c

Change-Id: I184d353b6ca0c8e5b712da11b4de777e04a5b79f
```
ebe26cbb
Merge "Grant vdc access to kmsg" · 6b92e26a
Tom Cherry authored 7 years ago

6b92e26a
Merge "Further lock down access to services from ephemeral apps" into oc-dev · 5af76fca
Chad Brubaker authored 7 years ago

5af76fca
Merge "Refactor sanitized library on-disk layout - SELinux." · a2e9664c
Treehugger Robot authored 7 years ago

a2e9664c

Tighten restrictions on core <-> vendor socket comms · 2f6151ea

Alex Klyubin authored 7 years ago

This futher restricts neverallows for sockets which may be exposed as
filesystem nodes. This is achieved by labelling all such sockets
created by core/non-vendor domains using the new coredomain_socket
attribute, and then adding neverallow rules targeting that attribute.

This has now effect on what domains are permitted to do. This only
changes neverallow rules.

Test: mmm system/sepolicy
Bug: 36577153

(cherry picked from commit cf2ffdf0)

Change-Id: Iffeee571a2ff61fb9515fa6849d060649636524e

2f6151ea

Add reverse-attribute mapping to sepolicy-analyze. · d444ebed

Dan Cashman authored 7 years ago

sepolicy-analyze allows users to see all types that have a given
attribute, but not the reverse case: all attributes of a given type.
Add a '--reverse' option which enables this, but keeps the previous
interface.

Usage: sepolicy-analyze sepolicy attribute -r init

Bug: 36508258
Test: Build and run against current policy.
Change-Id: Ice6893cf7aa2ec4706a7411645a8e0a8a3ad01eb

d444ebed