- Sep 27, 2017
-
-
TreeHugger Robot authored
-
TreeHugger Robot authored
-
Jeff Vander Stoep authored
type=1400 audit(0.0:6): avc: denied { read } for comm="Thread-5" name="cache" dev="dm-0" ino=13 scontext=u:r:system_server:s0 tcontext=u:object_r:cache_file:s0 tclass=lnk_file permissive=0 Bug: 64067152 Bug: 65843095 Test: build Change-Id: Ie90c0343a834aa87b7ded41f503e05d9b63b3244 (cherry picked from commit a4cada74)
-
- Sep 26, 2017
-
-
Jeff Vander Stoep authored
Particularly useful for suppressing selinux logspam for debug-only permissions. Bug: 65843095 Test: build, boot, and run tests on user and userdebug builds. Change-Id: I18ce0b2cf1e96ca037e93309dddb476a150b677f
-
- Sep 25, 2017
-
-
Jeff Vander Stoep authored
It's used in CTS neverallow tests. Addresses: Warning! Type or attribute hal_cas_server used in neverallow undefined in policy being checked. Bug: 66910049 Test: build Change-Id: Ia185f266fc1e3cb87c39939fdd45d02efa6c2c94 Merged-In: I1092aff40da9dcf09bd044400bedd1f549eb7e38
-
- Sep 23, 2017
-
-
Jeff Vander Stoep authored
These are no longer necessary as domain_deprecated has been removed in AOSP master. Bug: 66749762 Test: build Merged-In: I99953ecc7d275fdbe8e56d8f47a27d1f9e1cc09a Change-Id: I01878a4410f8cb3c97ff96c67845dfaa7b0051ce
-
- Sep 18, 2017
-
-
Peng Xu authored
Added permission related to use of wake lock. Wakelock in sensor HAL is used to gurantee delivery of wake up sensor events before system go back to sleep. Bug: 63995095 Test: QCOM and nanohub sensor hal are able to acquire wakelock successfuly. Change-Id: Id4ac3552e18a1cad252017e3dc9ab3d4be8d4ab9 Merged-In: Id4ac3552e18a1cad252017e3dc9ab3d4be8d4ab9
-
- Sep 15, 2017
-
-
Jeff Vander Stoep authored
Addresses: junit.framework.AssertionFailedError: The following errors were encountered when validating the SELinuxneverallow rule: neverallow { domain -adbd -dumpstate -hal_drm -hal_cas -init -mediadrmserver -recovery -shell -system_server } serialno_prop:file { getattr open read ioctl lock map }; Warning! Type or attribute hal_cas used in neverallow undefined in policy being checked. libsepol.report_failure: neverallow violated by allow mediaextractor serialno_prop:file { ioctl read getattr lock map open }; libsepol.report_failure: neverallow violated by allow mediacodec serialno_prop:file { ioctl read getattr lock map open }; libsepol.report_failure: neverallow violated by allow hal_cas_default serialno_prop:file { ioctl read getattr lock map open }; libsepol.check_assertions: 3 neverallow failures occurred Bug: 65681219 Test: build Change-Id: I2a6445d6372ee4e768cc2cea2140c6de97707a74 Merged-In: I1092aff40da9dcf09bd044400bedd1f549eb7e38
-
- Sep 01, 2017
-
-
Ray Essick authored
-
TreeHugger Robot authored
-
TreeHugger Robot authored
-
Jeff Vander Stoep authored
Allows groups to be mounted at /dev/memcg Addresses: avc: denied { associate } for comm="init" name="memcg" scontext=u:object_r:cgroup:s0 tcontext=u:object_r:tmpfs:s0 tclass=filesystem permissive=0 Bug: 64067152 Test: build Change-Id: Ic8f641e841fe09c8f7fd487ed67cf0ab4860a1cc
-
Robert Benea authored
Currently lmkd is not able to read memcg info. The mem/swap usage info are used by lmkd to ugrade medium pressure events to critical level. Test: tested on gobo Bug: 65180281 Change-Id: I19d0eb53d5e754c176ffeda1b5d07049e6af8570
-
Steven Moreland authored
This reverts commit f27bba93. Bug: 65206688 Change-Id: I8e61b77a1abe9543e4fba77defb8062407676fcf
-
Steven Moreland authored
This reverts commit c12c7349. Bug: 65206688 Change-Id: Ia2a04906f8585bf295b8c75e0b3d09490afb5d24
-
Steven Moreland authored
This reverts commit b5dd44b1. Bug: 65206688 Change-Id: I00431ae7834a562e34e8959446d84a0077834091
-
- Aug 31, 2017
-
-
Steven Moreland authored
screencap domain needs additional permissions for dumpstate to dump screenshots. Test: adb shell cmd activity bug-report Bug: 65206688 Change-Id: I824f345fd90d286454d570576c5888d7719c4c5c
-
Ray Essick authored
relax the sepolicy for media.metrics to allow access to package manager for uid->packagename mapping functionality. Bug: 65027506 Test: read output of 'dumpsys media.metrics' Change-Id: I0d25af16c06dc65154cfda854e28ab70ada097c4
-
Steven Moreland authored
Before screencap was in its own domain, it was able to do this by using all of shell's permissions. The following denials are caused (along with times from running the below test command) when screencap is invoked to write a file onto the sdcard: 08-30 21:03:32.009 4986 4986 I screencap: type=1400 audit(0.0:23): avc: denied { read } for name="primary" dev="tmpfs" ino=19547 scontext=u:r:screencap:s0 tcontext=u:object_r:storage_file:s0 tclass=lnk_file permissive=1 08-30 21:03:32.009 4986 4986 I screencap: type=1400 audit(0.0:24): avc: denied { search } for name="/" dev="tmpfs" ino=19529 scontext=u:r:screencap:s0 tcontext=u:object_r:tmpfs:s0 tclass=dir permissive=1 08-30 21:03:32.009 4986 4986 I screencap: type=1400 audit(0.0:25): avc: denied { search } for name="user" dev="tmpfs" ino=19535 scontext=u:r:screencap:s0 tcontext=u:object_r:mnt_user_file:s0 tclass=dir permissive=1 08-30 21:03:32.009 4986 4986 I screencap: type=1400 audit(0.0:26): avc: denied { read } for name="primary" dev="tmpfs" ino=31198 scontext=u:r:screencap:s0 tcontext=u:object_r:mnt_user_file:s0 tclass=lnk_file permissive=1 08-30 21:03:32.009 4986 4986 I screencap: type=1400 audit(0.0:27): avc: denied { search } for name="/" dev="sdcardfs" ino=1310722 scontext=u:r:screencap:s0 tcontext=u:object_r:sdcardfs:s0 tclass=dir permissive=1 08-30 21:03:32.009 4986 4986 I screencap: type=1400 audit(0.0:28): avc: denied { write } for name="image.png" dev="sdcardfs" ino=1310764 scontext=u:r:screencap:s0 tcontext=u:object_r:sdcardfs:s0 tclass=file permissive=1 08-30 21:03:32.009 4986 4986 I screencap: type=1400 audit(0.0:29): avc: denied { open } for path="/storage/emulated/0/image.png" dev="sdcardfs" ino=1310764 scontext=u:r:screencap:s0 tcontext=u:object_r:sdcardfs:s0 tclass=file permissive=1 08-30 21:03:32.009 4986 4986 I screencap: type=1400 audit(0.0:30): avc: denied { write open } for path="/data/media/0/image.png" dev="sda45" ino=1310764 scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file permissive=1 08-30 21:03:32.582 4990 4990 I screencap: type=1400 audit(0.0:31): avc: denied { execute } for name="sh" dev="dm-0" ino=998 scontext=u:r:screencap:s0 tcontext=u:object_r:shell_exec:s0 tclass=file permissive=1 08-30 21:03:32.582 4990 4990 I screencap: type=1400 audit(0.0:32): avc: denied { read open } for path="/system/bin/sh" dev="dm-0" ino=998 scontext=u:r:screencap:s0 tcontext=u:object_r:shell_exec:s0 tclass=file permissive=1 08-30 21:03:32.582 4990 4990 I screencap: type=1400 audit(0.0:33): avc: denied { execute_no_trans } for path="/system/bin/sh" dev="dm-0" ino=998 scontext=u:r:screencap:s0 tcontext=u:object_r:shell_exec:s0 tclass=file permissive=1 08-30 21:03:32.582 4990 4990 I sh : type=1400 audit(0.0:34): avc: denied { getattr } for path="/system/bin/sh" dev="dm-0" ino=998 scontext=u:r:screencap:s0 tcontext=u:object_r:shell_exec:s0 tclass=file permissive=1 08-30 21:03:32.586 4990 4990 I sh : type=1400 audit(0.0:35): avc: denied { ioctl } for path="socket:[57515]" dev="sockfs" ino=57515 ioctlcmd=5401 scontext=u:r:screencap:s0 tcontext=u:r:adbd:s0 tclass=unix_stream_socket permissive=1 08-30 21:03:32.586 4990 4990 I sh : type=1400 audit(0.0:36): avc: denied { getattr } for path="socket:[57515]" dev="sockfs" ino=57515 scontext=u:r:screencap:s0 tcontext=u:r:adbd:s0 tclass=unix_stream_socket permissive=1 08-30 21:03:32.589 4991 4991 I sh : type=1400 audit(0.0:37): avc: denied { execute_no_trans } for path="/system/bin/am" dev="dm-0" ino=1178 scontext=u:r:screencap:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=1 08-30 21:03:32.739 4992 4992 I cmd : type=1400 audit(0.0:38): avc: denied { call } for scontext=u:r:screencap:s0 tcontext=u:r:system_server:s0 tclass=binder permissive=1 08-30 21:03:32.739 4992 4992 I cmd : type=1400 audit(0.0:39): avc: denied { use } for path="/dev/null" dev="tmpfs" ino=19514 scontext=u:r:system_server:s0 tcontext=u:r:screencap:s0 tclass=fd permissive=1 08-30 21:03:32.739 4992 4992 I cmd : type=1400 audit(0.0:40): avc: denied { transfer } for scontext=u:r:screencap:s0 tcontext=u:r:system_server:s0 tclass=binder permissive=1 08-30 21:03:32.741 575 575 E SELinux : avc: denied { find } for service=activity pid=4992 uid=2000 scontext=u:r:screencap:s0 tcontext=u:object_r:activity_service:s0 tclass=service_manager permissive=1 08-30 21:03:32.749 837 837 I Binder:837_9: type=1400 audit(0.0:41): avc: denied { call } for scontext=u:r:system_server:s0 tcontext=u:r:screencap:s0 tclass=binder permissive=1 If /data/media/ is deleted, the following denials also occur: 08-31 00:45:45.966 8899 8899 I screencap: type=1400 audit(0.0:43): avc: denied { search } for name="0" dev="sda45" ino=1310728 scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=dir permissive=1 08-31 00:45:45.966 8899 8899 I screencap: type=1400 audit(0.0:44): avc: denied { read open } for path="/data/media/0" dev="sda45" ino=1310728 scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=dir permissive=1 08-31 00:45:45.966 8899 8899 I screencap: type=1400 audit(0.0:48): avc: denied { write } for name="0" dev="sda45" ino=1310728 scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=dir permissive=1 08-31 00:45:45.966 8899 8899 I screencap: type=1400 audit(0.0:49): avc: denied { add_name } for name="image.png" scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=dir permissive=1 08-31 00:45:45.966 8899 8899 I screencap: type=1400 audit(0.0:50): avc: denied { create } for name="image.png" scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file permissive=1 08-31 00:45:45.966 8899 8899 I screencap: type=1400 audit(0.0:51): avc: denied { setattr } for name="image.png" dev="sda45" ino=1310764 scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file permissive=1 08-31 00:45:45.966 8899 8899 I screencap: type=1400 audit(0.0:53): avc: denied { write open } for path="/data/media/0/image.png" dev="sda45" ino=1310764 scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file permissive=1 08-31 01:04:29.741 6625 6625 W screencap: type=1400 audit(0.0:23): avc: denied { write } for name="0" dev="sdcardfs" ino=655364 scontext=u:r:screencap:s0 tcontext=u:object_r:sdcardfs:s0 tclass=dir permissive=0 Test: adb shell screencap -p /sdcard/phone.png Bug: 65206688 Change-Id: I808429b25fa3118fef7931050ab757c9bcd61881
-
- Aug 29, 2017
-
-
TreeHugger Robot authored
-
Tomasz Wasilczyk authored
-
TreeHugger Robot authored
-
Jeff Vander Stoep authored
This is needed to retain app's previous access to /sys/devices/system/cpu. When these files were previously labeled in file_contexts, symlinks were labeled as sysfs_devices_system_cpu. When labeling was moved to genfs_contexts symlinks all have the default sysfs label. avc: denied { getattr } for comm="main" path="/sys/devices/system/cpu/cpu0/cpufreq" dev="sysfs" ino=41897 scontext=u:r:untrusted_app_25:s0:c512,c768 tcontext=u:object_r:sysfs:s0 tclass=lnk_file permissive=0 Change-Id: Idaa565390bca13d3819e147fcea4214956c0f589 Bug: 64270911 Test: build aosp_marlin (cherry picked from commit 8d021a94)
-
- Aug 28, 2017
-
-
Tomasz Wasilczyk authored
Bug: 63600413 Test: VTS, instrumentation, audit2allow Change-Id: I57c0150a52c13f1ce21f9ae2147e3814aad0fb7e
-
- Aug 26, 2017
-
-
TreeHugger Robot authored
-
- Aug 25, 2017
-
-
TreeHugger Robot authored
-
- Aug 24, 2017
-
-
Jeff Vander Stoep authored
Commit 780a71e7 changed ueventd's selinux label lookup from /dev/input/ to /dev/input which no longer matches the regex in core policy file_contexts. Fix the regex to match /dev/input and /dev/input/. avc: denied { read } for name="input" dev="tmpfs" ino=14092 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:device:s0 tclass=dir avc: denied { open } for path="/dev/input" dev="tmpfs" ino=14092 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:device:s0 tclass=dir Change-Id: I8f42f5cd96fc8353bf21d3ee6c3de9e2872f229f Fixes: 64997761 Fixes: 64954704 Test: no camera HAL denials
-
TreeHugger Robot authored
-
TreeHugger Robot authored
-
John Stultz authored
This patch tries to provide similar functionality as the previous change made here: https://android-review.googlesource.com/#/c/platform/system/sepolicy/+/432339/ Only, making sure we add the same map permissions for the vendor directory. Signed-off-by:
John Stultz <john.stultz@linaro.org> (cherry picked from commit 24537b2e) Bug: 65011018 Test: policy compiles. Change-Id: I4d0319011ef4ef043134bf299dc4823a6c418717
-
Jeff Vander Stoep authored
Configstore HAL uses a seccomp filter which blocks the standard path of execing crash_dump to collect crash data. Add permission to use crash_dump's fallback mechanism. Allowing configstore to write to the socket provided by tombstoned required either exempting configstore from a neverallow rule, or removing the neverallow rule entirely. Since the neverallow rule could potentially prevent partners for doing security hardening, it has been removed. Bug: 64768925 Bug: 36453956 Test: killall -ABRT android.hardware.configstore@1.1-service Results in a call stack in logcat, and tombstone in /data/tombstones Test: configstore runs without crashing Test: SANITIZE_TARGET="address coverage" make vts -j64 vts-tradefedrun commandAndExit vts --skip-all-system-status-check \ -primary-abi-only --skip-preconditions -l VERBOSE --module \ VtsHalConfigstoreV1_0IfaceFuzzer Change-Id: I1ed5265f173c760288d856adb9292c4026da43d6 (cherry picked from commit 9924d782)
-
- Aug 23, 2017
-
-
Michael Wright authored
Bug: 64982450 Test: manual Change-Id: Ic5d25b8a12271e5bfa71e30843a36fb643b914ff
-
- Aug 18, 2017
-
-
TreeHugger Robot authored
-
- Aug 17, 2017
-
-
TreeHugger Robot authored
* changes: DO NOT MERGE: use 'expandattribute' for untrusted_app_visible_hwservice DO NOT MERGE: Add a way to allow untrusted_apps to talk to halserver domains DO NOT MERGE: Revert "Revert "Remove neverallow preventing hwservice access for apps.""
-
Sandeep Patil authored
Bug: 62658302 Test: Boot device and observe no new denials Change-Id: If9a21610897b14a419f276289818127412c29c55 Signed-off-by:
Sandeep Patil <sspatil@google.com>
-
Sandeep Patil authored
Vendor HAL extentsions are currently allowed to discover hardware services that are labelled with 'untrusted_app_visible_hwservice'. However, the policy doesn't allow these apps to talk to these services. This CL makes sure that is now possible via the 'untrusted_app_visible_halserver' attribute for vendor domains that host such a service. Bug: 64382381 Test: Boot device and observe no new denials. Change-Id: I1ffc1a62bdf7506a311f5a19acdab8c7caec902b Signed-off-by:
Sandeep Patil <sspatil@google.com>
-
TreeHugger Robot authored
-
TreeHugger Robot authored
-
- Aug 16, 2017
-
-
Corey Tabaka authored
Performanced needs to talk to the permission service to verify permissions of clients to access certain restricted scheduler policies. Bug: 64337476 Test: performance_service_tests passes; logs do not contain avc denials for performanced -> permission service. Change-Id: I31618ab1d3e79c3c10138d567b0f5606527020f9
-
Yifan Hong authored
-