Skip to content
Snippets Groups Projects
Select Git revision
  • android-7.1.2_r28_klist
  • master default protected
  • pie-cts-release
  • pie-vts-release
  • pie-cts-dev
  • oreo-mr1-iot-release
  • sdk-release
  • oreo-m6-s4-release
  • oreo-m4-s12-release
  • pie-release
  • pie-r2-release
  • pie-r2-s1-release
  • oreo-vts-release
  • oreo-cts-release
  • oreo-dev
  • oreo-mr1-dev
  • pie-gsi
  • pie-platform-release
  • pie-dev
  • oreo-cts-dev
  • android-o-mr1-iot-release-1.0.4
  • android-9.0.0_r8
  • android-9.0.0_r7
  • android-9.0.0_r6
  • android-9.0.0_r5
  • android-8.1.0_r46
  • android-8.1.0_r45
  • android-n-iot-release-smart-display-r2
  • android-vts-8.1_r5
  • android-cts-8.1_r8
  • android-cts-8.0_r12
  • android-cts-7.1_r20
  • android-cts-7.0_r24
  • android-o-mr1-iot-release-1.0.3
  • android-cts-9.0_r1
  • android-8.1.0_r43
  • android-8.1.0_r42
  • android-n-iot-release-smart-display
  • android-p-preview-5
  • android-9.0.0_r3
40 results
Search by author
  • Any Author
  • Werner Sembach Matombo
  • dex dex dex
2 authors
  1. Feb 21, 2014
    • Stephen Smalley's avatar
      Clarify init_shell, shell, and su domain usage. · b3cb9695
      Stephen Smalley authored 
      
init_shell domain is now only used for shell commands or scripts
invoked by init*.rc files, never for an interactive shell.  It
was being used for console service for a while but console service
is now assigned shell domain via seclabel in init.rc.  We may want
to reconsider the shelldomain rules for init_shell and whether they
are still appropriate.

shell domain is now used by both adb shell and console service, both
of which also run in the shell UID.

su domain is now used not only for /system/bin/su but also for
adbd and its descendants after an adb root is performed.

Change-Id: I502ab98aafab7dafb8920ccaa25e8fde14a8f572
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      b3cb9695
  3. Dec 18, 2013
    • Stephen Smalley's avatar
      Confine shell domain in -user builds only. · 712ca0a4
      Stephen Smalley authored 
      
Confine the domain for an adb shell in -user builds only.
The shell domain in non-user builds is left permissive.
init_shell (shell spawned by init, e.g.  console service)
remains unconfined by this change.
Introduce a shelldomain attribute for rules common to all shell
domains, assign it to the shell types, and add shelldomain.te for
its rules.

Change-Id: I01ee2c7ef80b61a9db151abe182ef9af7623c461
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      712ca0a4
  5. Oct 21, 2013
    • Nick Kralevich's avatar
      Move unconfined domains out of permissive mode. · 353c72e3
      Nick Kralevich authored 
      This change removes the permissive line from unconfined
domains. Unconfined domains can do (mostly) anything, so moving
these domains into enforcing should be a no-op.

The following domains were deliberately NOT changed:
1) kernel
2) init

In the future, this gives us the ability to tighten up the
rules in unconfined, and have those tightened rules actually
work.

When we're ready to tighten up the rules for these domains,
we can:

1) Remove unconfined_domain and re-add the permissive line.
2) Submit the domain in permissive but NOT unconfined.
3) Remove the permissive line
4) Wait a few days and submit the no-permissive change.

For instance, if we were ready to do this for adb, we'd identify
a list of possible rules which allow adbd to work, re-add
the permissive line, and then upload those changes to AOSP.
After sufficient testing, we'd then move adb to enforcing.
We'd repeat this for each domain until everything is enforcing
and out of unconfined.

Change-Id: If674190de3262969322fb2e93d9a0e734f8b9245
      353c72e3
  7. May 20, 2013
    • repo sync's avatar
      Make all domains unconfined. · 77d4731e
      repo sync authored 
      This prevents denials from being generated by the base policy.
Over time, these rules will be incrementally tightened to improve
security.

Change-Id: I4be1c987a5d69ac784a56d42fc2c9063c402de11
      77d4731e
  9. May 06, 2013