Commits · 8ba28103bb69a93cafd73263a90ebad8c4150799 · Werner Sembach / AndroidSystemSEPolicy

Aug 08, 2016
- resolve merge conflicts of 9cc3a580 to stage-aosp-master · 8ba28103
  dcashman authored 8 years ago
  
  Change-Id: I2593e100bdad420d0d988fbaeb8d2ec259b8df1d
  8ba28103
- Merge "appdomain: neverallow direct input_device access" · 9cc3a580
  Treehugger Robot authored 8 years ago
  
  9cc3a580
Aug 05, 2016

resolve merge conflicts of 5423db6e to stage-aosp-master · 5e6aa65f
dcashman authored 8 years ago
```
Change-Id: I16706423534069f69bd0305ac500a9cd74db55a6
```
5e6aa65f

restrict access to timing information in /proc · 5423db6e

Daniel Micay authored 8 years ago

These APIs expose sensitive information via timing side channels. This
leaves access via the adb shell intact along with the current uses by
dumpstate, init and system_server.

The /proc/interrupts and /proc/stat files were covered in this paper:

https://www.lightbluetouchpaper.org/2016/07/29/yet-another-android-side-channel/

The /proc/softirqs, /proc/timer_list and /proc/timer_stats files are
also relevant.

Access to /proc has been greatly restricted since then, with untrusted
apps no longer having direct access to these, but stricter restrictions
beyond that would be quite useful.

Change-Id: Ibed16674856569d26517e5729f0f194b830cfedd

5423db6e

Merge "te_macros: drop unused macros" · 98ff70cc
William Roberts authored 8 years ago
```
am: 2b33112a

Change-Id: I08987ae7229ebbbbcf980be4aaef2eb8fb7e24da
```
98ff70cc
Merge "te_macros: drop unused macros" · 2b33112a
Treehugger Robot authored 8 years ago

2b33112a

Aug 04, 2016

te_macros: drop unused macros · 2925c1cc

William Roberts authored 8 years ago


boolean and setenforce macros are not used in base policy
and cannot be used in any policy, since they violate
neverallow rules.

Remove these from the policy.

Change-Id: Icc0780eaf06e95af36306031e1f615b05cb79869
Signed-off-by: William Roberts <william.c.roberts@intel.com>

2925c1cc

Aug 03, 2016

sepolicy: Add CAP_WAKE_ALARM to system_server.te · e4025649
John Stultz authored 8 years ago
```
am: 19b6485f

Change-Id: I0574ab7e70a8b3d906a5b11368239d58d1d64e70
```
e4025649

sepolicy: Add CAP_WAKE_ALARM to system_server.te · 19b6485f

John Stultz authored 8 years ago


With v4.8+ kernels, CAP_WAKE_ALARM is needed to set
alarmtimers via timerfd (this change is likely to be
backported to stable as well).

However, with selinux enabled, we also need to allow
the capability on the system_server so this enables it.

Change-Id: I7cd64d587906f3fbc8a129d48a4db07373c74c7e
Signed-off-by: John Stultz <john.stultz@linaro.org>

19b6485f

Jul 27, 2016
- Merge \"Simplify /dev/kmsg SELinux policy.\" · 98fbb318
  Elliott Hughes authored 8 years ago
  
  am: aa2aa219 Change-Id: I5e1634a8c0cee6cb759e0acea086b68dbd21fb7e
  98fbb318
- Merge "Simplify /dev/kmsg SELinux policy." · aa2aa219
  Elliott Hughes authored 8 years ago
  
  aa2aa219
Jul 26, 2016

appdomain: neverallow direct input_device access · e83b9f03

William Roberts authored 8 years ago


Applications should not access /dev/input/* for events, but
rather use events handled via the activity mechanism.

Change-Id: I0182b6be1b7c69d96e4366ba59f14cee67be4beb
Signed-off-by: William Roberts <william.c.roberts@intel.com>

e83b9f03

Simplify /dev/kmsg SELinux policy. · 63b33dc2

Elliott Hughes authored 8 years ago

Bug: http://b/30317429
Change-Id: I5c499c48d5e321ebdf588a162d29e949935ad8ee
Test: adb shell dmesg | grep ueventd

63b33dc2

allow policy to create a file by vfat (fs_type) for a case using sdcardfs · 0f38c642
Eric Bae authored 8 years ago
```
am: 362d6ff1

Change-Id: Ibe19ac1955bad48b5fa1db7ffada46aa78781781
```
0f38c642
resolve merge conflicts of c15090b3 to stage-aosp-master · e88095d8
Daniel Rosenberg authored 8 years ago
```
Change-Id: I87b6797cd2bc9efafe2590e1f69d5787de99af07
```
e88095d8

Jul 22, 2016
- allow policy to create a file by vfat (fs_type) for a case using sdcardfs · 362d6ff1
  Eric Bae authored 8 years ago
  
  Change-Id: Ia938d73b1a49b9ba4acf906df37095d21edee22e
  362d6ff1
- sepolicy: Add policy for sdcardfs and configfs · c15090b3
  Daniel Rosenberg authored 9 years ago
  
  Change-Id: I4c318efba76e61b6ab0be9491c352f281b1c2bff Bug: 19160983
  c15090b3
Jul 20, 2016
- Merge \"logd: Add setpcap for Minijail use.\" · 4cffd854
  Jorge Lucangeli Obes authored 8 years ago
  
  am: 23d703ee Change-Id: I98383d496812ced491a892c1ffb29527d77c63a9
  4cffd854
- Merge "logd: Add setpcap for Minijail use." · 23d703ee
  Treehugger Robot authored 8 years ago
  
  23d703ee
- logd: Add setpcap for Minijail use. · b6287b1e
  Jorge Lucangeli Obes authored 8 years ago
  
  Bug: 30156807 Change-Id: Ie9faf72d35579fa69b4397bdffc8d674f040736c
  b6287b1e
- resolve merge conflicts of 56ed8a4d to stage-aosp-master · 2c4718fc
  Jeff Vander Stoep authored 8 years ago
  
  Change-Id: Ic549f8c8060a17981302f2af75debf34595475bb
  2c4718fc
- Merge changes I86958ebc,I0449575a · 56ed8a4d
  Treehugger Robot authored 8 years ago
  
  * changes: adbd: allow reading apk_data_file adbd: allow reading rootfs dir
  56ed8a4d
Jul 19, 2016

adbd: allow reading apk_data_file · d743ddea

Jeff Vander Stoep authored 8 years ago

avc: denied { search } for comm=73657276696365203139 name="app" dev="sda35" ino=770049 scontext=u:r:adbd:s0 tcontext=u:object_r:apk_data_file:s0 tclass=dir permissive=0

Bug: 30000600
Change-Id: I86958ebcca815ee1779f85fb425592493f40101a

d743ddea

adbd: allow reading rootfs dir · 7fcb3a61
Jeff Vander Stoep authored 8 years ago
```
Bug: 30213958
Change-Id: I0449575a5ec6cc4997bc36a13676474505a4190f
```
7fcb3a61

Jul 18, 2016
- Merge \"service_contexts: strip blank lines and comments\" · 7d9487c9
  William Roberts authored 8 years ago
  
  am: afad0c35 Change-Id: Id4a4937cc3b7c2ddd6d363144e6fafc90be60498
  7d9487c9
- Merge "service_contexts: strip blank lines and comments" · afad0c35
  Treehugger Robot authored 8 years ago
  
  afad0c35
Jul 15, 2016

Merge \"property_contexts: strip blank lines and comments\" · a584f2f6
William Roberts authored 8 years ago
```
am: ee69a2e7

Change-Id: If61f5720180243ec1b5aa9e16d66c95c37f49b88
```
a584f2f6
Merge "property_contexts: strip blank lines and comments" · ee69a2e7
Treehugger Robot authored 8 years ago

ee69a2e7
Grant untrusted_app dir access to asec_apk_file. · e0585ca8
dcashman authored 8 years ago
```
am: 83348b0b

Change-Id: Ia19aeffe64e733deb695206dcbd8cb824c9db222
```
e0585ca8

Grant untrusted_app dir access to asec_apk_file. · 83348b0b

dcashman authored 8 years ago

untrusted_app lost all of the domain_deprecated permissions in N,
including the ability to read asec_apk_file dirs.  This is used for
forward locked apps.

Addresses the following denials:
avc: denied { search } for name="asec" dev="tmpfs" ino=9298 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:asec_apk_file:s0 tclass=dir permissive=0
avc: denied { getattr } for path="/mnt/asec" dev="tmpfs" ino=9298 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:asec_apk_file:s0 tclass=dir permissive=0

(cherry-pick of internal commit: addd3c9f)

Bug: 30082229
Change-Id: I87758f1daee19197d9299bca261f0324e01af5e0

83348b0b

Jul 11, 2016
- Merge \"init.te: allow writting to /proc/sys/vm/overcommit_memory\" · 47b12481
  Yongqin Liu authored 8 years ago
  
  am: 87f2ca2d Change-Id: Ia0ebfddad770c09ded5fecd2273f78d560507e9f
  47b12481
- Merge "init.te: allow writting to /proc/sys/vm/overcommit_memory" · 87f2ca2d
  Jeffrey Vander Stoep authored 8 years ago
  
  View commit 87f2ca2d 4 tags
  
  87f2ca2d
Jul 08, 2016
- Merge \"lmkd: grant read access to all of /sys\" · a86ae374
  Jeff Vander Stoep authored 8 years ago
  
  am: ad03e7db Change-Id: I1fa0ced9c61bacc1b577ccee9c5a47459066d45f
  a86ae374
- Merge "lmkd: grant read access to all of /sys" · ad03e7db
  Treehugger Robot authored 8 years ago
  
  ad03e7db
- resolve merge conflicts of 91e7ac92 to stage-aosp-master · 43c1d482
  Mark Salyzyn authored 8 years ago
  
  Change-Id: I874557582d244956a5a7a4305c00ac2f0c190a88
  43c1d482
- logcatd: trampoline persist.logd.logpersistd to logd.logpersistd · 91e7ac92
  Mark Salyzyn authored 8 years ago
  
  Bug: 28936216 Change-Id: I90dc7ca296dc5c9b6d13e7920ebb864981a112b5
  91e7ac92
Jul 07, 2016

init.te: allow writting to /proc/sys/vm/overcommit_memory · b34480dc

Yongqin Liu authored 8 years ago


Since there is "write /proc/sys/vm/overcommit_memory 1" line in init.rc

Change-Id: I5899d2802e7fa56b438a06d4cadb4eb6827bfe16
Signed-off-by: Yongqin Liu <yongqin.liu@linaro.org>

b34480dc

Jul 01, 2016

service_contexts: strip blank lines and comments · c9fce3fa

William Roberts authored 8 years ago


Strip whitespace and comments from service_context files
to reduce size. On an aosp_x86_64 build it saves 36 bytes.

However, on builds with more synclines and comments, further
space savings can be realized.

Change-Id: I3cb4effad1d1b404bf53605a3793e3070cb95651
Signed-off-by: William Roberts <william.c.roberts@intel.com>

c9fce3fa

property_contexts: strip blank lines and comments · 371918c1

William Roberts authored 8 years ago


Strip whitespace and comments from property_context files
to reduce size. On an aosp_x86_64 build it saves 851 bytes.

However, on builds with more synclines and comments, further
space savings can be realized.

Change-Id: I43caf1deaab53d4753c835918898c8982f477ef0
Signed-off-by: William Roberts <william.c.roberts@intel.com>

371918c1

Jun 28, 2016
- Merge commit '2931f84c ' into HEAD · 92b58b81
  Bill Yi authored 8 years ago
  
  92b58b81