- Jan 22, 2016
-
-
dcashman authoredAddress the following: 01-21 13:35:41.147 5896 5896 W ndroid.music:ui: type=1400 audit(0.0:22): avc: denied { read } for name="ion" dev="tmpfs" ino=1237 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:ion_device:s0 tclass=chr_file permissive=0 01-21 13:35:41.152 5896 5896 E qdmemalloc: open_device: Failed to open ion device - Permission denied 01-21 13:35:41.152 5896 5896 E qdgralloc: Could not mmap handle 0x7f827d7260, fd=55 (Permission denied) 01-21 13:35:41.152 5896 5896 E qdgralloc: gralloc_register_buffer: gralloc_map failed and 01-22 08:58:47.667 7572 7572 W Thread-23: type=1400 audit(0.0:186): avc: denied { search } for name="xt_qtaguid" dev="proc" ino=4026535741 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:proc_net:s0 tclass=dir permissive=0 01-22 08:58:47.671 7498 7572 I qtaguid : Untagging socket 68 failed errno=-13 01-22 08:58:47.671 7498 7572 W NetworkManagementSocketTagger: untagSocket(68) failed with errno -13 Change-Id: Id4e253879fe0f6daadd04d148a257a10add68d38 -
Jeffrey Vander Stoep authored
-
- Jan 21, 2016
-
-
Jeff Vander Stoep authored
Bug: 22821100 Change-Id: I549abfd31f7286ad50be3adeadaf559816c0ee38
-
Jeffrey Vander Stoep authored
-
dcashman authored
Address the following denials: 01-21 12:44:53.704 4595 4595 W ndroid.calendar: type=1400 audit(0.0:21): avc: denied { getattr } for name="/" dev="dm-0" ino=2 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:labeledfs:s0 tclass=filesystem permissive=0 01-21 12:45:23.177 5544 5544 W roid.music:main: type=1400 audit(0.0:46): avc: denied { getattr } for name="/" dev="rootfs" ino=1 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:rootfs:s0 tclass=filesystem permissive=0 7618 W .android.chrome: type=1400 audit(0.0:413): avc: denied { getattr } for path="/" dev="rootfs" ino=1 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:rootfs:s0 tclass=dir permissive=0 01-21 12:44:53.709 4595 4595 D AndroidRuntime: Shutting down VM 01-21 12:44:53.727 4595 4595 E AndroidRuntime: FATAL EXCEPTION: main 01-21 12:44:53.727 4595 4595 E AndroidRuntime: Process: com.google.android.calendar, PID: 4595 01-21 12:44:53.727 4595 4595 E AndroidRuntime: java.lang.RuntimeException: Unable to get provider com.google.android.syncadapters.calendar.timely.TimelyProvider: java.lang.IllegalArgumentException: Invalid path: /data 01-21 12:44:53.727 4595 4595 E AndroidRuntime: at android.app.ActivityThread.installProvider(ActivityThread.java:5550) ... Change-Id: I0e9d65438d031e19c9abc5dca8969ed4356437a0 -
Jeff Vander Stoep authored
In libext2fs ext2fs_check_mount_point() calls is_swap_device() to verify that a device is swap before setting the EXT2_MF_SWAP mount flag. Addresses: avc: denied { getattr } for path="/dev/block/zram0" dev="tmpfs" ino=9951 scontext=u:r:fsck:s0 tcontext=u:object_r:swap_block_device:s0 tclass=blk_file Bug: 22821100 Change-Id: Ic7a1b6f83b34a40bf4bd35a1564300c58ca27089 -
Jeffrey Vander Stoep authored
-
Jeff Vander Stoep authored
Used in system/vold/MoveTask.cpp Addresses: avc: denied { execute } for name="toolbox" dev="mmcblk0p29" ino=359 scontext=u:r:vold:s0 tcontext=u:object_r:toolbox_exec:s0 tclass=file permissive=1 avc: denied { read open } for path="/system/bin/toolbox" dev="mmcblk0p29" ino=359 scontext=u:r:vold:s0 tcontext=u:object_r:toolbox_exec:s0 tclass=file permissive=1 avc: denied { execute_no_trans } for path="/system/bin/toolbox" dev="mmcblk0p29" ino=359 scontext=u:r:vold:s0 tcontext=u:object_r:toolbox_exec:s0 tclass=file permissive=1 Change-Id: I2eb6288aaed510ae5be0f3605088ace6b865ef83 -
Jeffrey Vander Stoep authored
-
Jeff Vander Stoep authored
Only used in AOSP by flounder. No denials when running Google Maps. Change-Id: I9902c263016b4d38f1b3ed0be0bc7c4cd17ee471
-
- Jan 20, 2016
-
-
Jeff Vander Stoep authored
Strengthen neverallow rule to enforce that no apps may write to system_data_file - the default label for /data/ Change-Id: I886e4340f300551754c9e33e9c1764fb730b6b14
-
- Jan 19, 2016
-
-
Jeffrey Vander Stoep authored
-
Rubin Xu authored
-
Rubin Xu authored
They are introduced for the device owner process logging feature. That is, for enterprise-owned devices with device owner app provisioned, the device owner may choose to turn on additional device-wide logging for auditing and intrusion detection purposes. Logging includes histories of app process startup, commands issued over ADB and lockscreen unlocking attempts. These logs will available to the device owner for analysis, potentially shipped to a remote server if it chooses to. ro.device_owner will be a master switch to turn off logging, if the device has no device owner provisioned. persist.logd.security is a switch that device owner can toggle (via DevicePoliyManager) to enable/disable logging. Writing to both properties should be only allowed by the system server. Bug: 22860162 Change-Id: Iabfe2347b094914813b9d6e0c808877c25ccd038
-
- Jan 16, 2016
-
-
Nick Kralevich authored
-
Nick Kralevich authored
-
Nick Kralevich authored
-
Nick Kralevich authored
auditallow says not needed. Change-Id: Iafa048377e159ca3c7cc1f31653002c41ef9ef2b
-
Nick Kralevich authored
auditallow says not needed. Change-Id: If44f64aeb5d0be78fd166d1b3eee298c5f7c860d
-
Nick Kralevich authored
This is actually used. Addresses the following SELinux audit logs: avc: granted { create } for comm="Thread-157" name="uncrypt_file" scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:cache_recovery_file:s0:c512,c768 tclass=file avc: granted { add_name } for comm="Thread-157" name="uncrypt_file" scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:cache_recovery_file:s0 tclass=dir avc: granted { write } for comm="Thread-157" path="/cache/recovery/uncrypt_file" dev="mmcblk0p38" ino=22 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:cache_recovery_file:s0:c512,c768 tclass=file avc: granted { write } for comm="Thread-157" path="/cache/recovery/command" dev="mmcblk0p38" ino=23 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:cache_recovery_file:s0:c512,c768 tclass=file avc: granted { setattr } for comm="Thread-157" name="uncrypt_file" dev="mmcblk0p38" ino=22 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:cache_recovery_file:s0:c512,c768 tclass=file Change-Id: Idab00ebc8eacd7d8bb793b9342249227f91986a1 -
Nick Kralevich authored
auditallow says it's not used. Bug: 25331459 Change-Id: Ic414efcd0a3be6d744ab66382c20f0ea4c9ea116
-
- Jan 15, 2016
-
-
Jeffrey Vander Stoep authored
-
Jeffrey Vander Stoep authored
* changes: fc_sort: initial commit checkfc: do not die on 0 length fc's
-
Nick Kralevich authored
-
Nick Kralevich authored
-
Nick Kralevich authored
-
Nick Kralevich authored
auditallow says never used. Change-Id: I789f32bd7d2bbfc583a12bf8a05662e812f09a38
-
Nick Kralevich authored
no SELinux denials from auditallow Change-Id: Ied61f7f97b148b1c10d0f71e9ab30c136a123738
-
Nick Kralevich authored
auditallow says no denials. Change-Id: Ib4e38f5393d3f3ba67277017abc848f5e7c04efd
-
Nick Kralevich authored
auditallow says never used. Change-Id: I6a3f82740bfecf483e0ccbb528b7218af36d37b8
-
William Roberts authored
Ordering matters in fc files; the last match wins. In builds where many BOARD_SEPOLICY_DIRS are set, the order of that list becomes increasingly important in order to maintain a cohesive built file_contexts. To correct this, we sort the device specific file_contexts entries with the upstream fc_sort tool. Change-Id: I3775eae11bfa5905cad0d02a0bf26c76ac03437c Signed-off-by:
William Roberts <william.c.roberts@intel.com> -
William Roberts authored
Checkfc was treating 0 size fc files as a fatal error. An empty fc file should be treated as "nothing to check" so long as the -e option is passed. We add this option, so we don't allow empty file_context files to pass CTS checking. Change-Id: Ibca6bd948a13389e10c605d613acc48c5504443e Signed-off-by:William Roberts <william.c.roberts@intel.com>
-
- Jan 14, 2016
-
-
Jeffrey Vander Stoep authored
-
Jeffrey Vander Stoep authored
Breaks builds with no device specific policy. Bug: 26568553 This reverts commit 29d14688. Change-Id: If9254d4ad3f104a96325beedebc05dd22664084a
-
William Roberts authored
Change-Id: I0e63f90cafc5b1ca9cc112e852e172046b16a17e Signed-off-by:William Roberts <william.c.roberts@intel.com> -
Jeffrey Vander Stoep authored
-
Nick Kralevich authored
toolbox_exec is executed by dhcpcd-run-hooks. Addresses the following auditallow log spam: avc: granted { read open } for comm="dhcpcd-run-hook" path="/system/bin/toybox" dev="dm-0" ino=650 scontext=u:r:dhcp:s0 tcontext=u:object_r:toolbox_exec:s0 tclass=file avc: granted { read } for comm="setprop" name="toybox" dev="dm-0" ino=650 scontext=u:r:dhcp:s0 tcontext=u:object_r:toolbox_exec:s0 tclass=file avc: granted { execute } for comm="dhcpcd-run-hook" name="toybox" dev="dm-0" ino=650 scontext=u:r:dhcp:s0 tcontext=u:object_r:toolbox_exec:s0 tclass=file avc: granted { execute_no_trans } for comm="dhcpcd-run-hook" path="/system/bin/toybox" dev="dm-0" ino=650 scontext=u:r:dhcp:s0 tcontext=u:object_r:toolbox_exec:s0 tclass=file avc: granted { read execute } for comm="setprop" path="/system/bin/toybox" dev="dm-0" ino=639 scontext=u:r:dhcp:s0 tcontext=u:object_r:toolbox_exec:s0 tclass=file Change-Id: Ib83c291961a5573397830032a67a2f6861ae2e71
-
- Jan 13, 2016
-
-
Daniel Cashman authored
-
dcashman authored
Bug: 26219114 Change-Id: I300899d610258704eb2d45488700eadb7a686606
-
Daniel Cashman authored
-