Skip to content
Snippets Groups Projects
  1. Sep 27, 2017
  2. Sep 26, 2017
  3. Sep 25, 2017
    • Jeff Vander Stoep's avatar
      Preserve hal_cas_server attribute · 6b8088ba
      Jeff Vander Stoep authored
      It's used in CTS neverallow tests.
      
      Addresses:
      Warning!  Type or attribute hal_cas_server used in neverallow
      undefined in policy being checked.
      
      Bug: 66910049
      Test: build
      Change-Id: Ia185f266fc1e3cb87c39939fdd45d02efa6c2c94
      Merged-In: I1092aff40da9dcf09bd044400bedd1f549eb7e38
      6b8088ba
  4. Sep 23, 2017
    • Jeff Vander Stoep's avatar
      Remove domain_deprecated audit logging · 5d8b059f
      Jeff Vander Stoep authored
      These are no longer necessary as domain_deprecated has been
      removed in AOSP master.
      
      Bug: 66749762
      Test: build
      Merged-In: I99953ecc7d275fdbe8e56d8f47a27d1f9e1cc09a
      Change-Id: I01878a4410f8cb3c97ff96c67845dfaa7b0051ce
      5d8b059f
  5. Sep 18, 2017
    • Peng Xu's avatar
      Allow sensor hal to use wakelock · 4c4b433c
      Peng Xu authored
      Added permission related to use of wake lock. Wakelock in sensor
      HAL is used to gurantee delivery of wake up sensor events before
      system go back to sleep.
      
      Bug: 63995095
      Test: QCOM and nanohub sensor hal are able to acquire wakelock
            successfuly.
      
      Change-Id: Id4ac3552e18a1cad252017e3dc9ab3d4be8d4ab9
      Merged-In: Id4ac3552e18a1cad252017e3dc9ab3d4be8d4ab9
      4c4b433c
  6. Sep 15, 2017
    • Jeff Vander Stoep's avatar
      do not expand hal_cas attribute · aa5f37da
      Jeff Vander Stoep authored
      Addresses:
      junit.framework.AssertionFailedError: The following errors were
      encountered when validating the SELinuxneverallow rule:
      neverallow {   domain   -adbd   -dumpstate   -hal_drm -hal_cas -init
      -mediadrmserver   -recovery   -shell   -system_server }
      serialno_prop:file { getattr open read ioctl lock map };
      Warning!  Type or attribute hal_cas used in neverallow undefined in
      policy being checked.
      libsepol.report_failure: neverallow violated by allow mediaextractor
      serialno_prop:file { ioctl read getattr lock map open };
      libsepol.report_failure: neverallow violated by allow mediacodec
      serialno_prop:file { ioctl read getattr lock map open };
      libsepol.report_failure: neverallow violated by allow hal_cas_default
      serialno_prop:file { ioctl read getattr lock map open };
      libsepol.check_assertions: 3 neverallow failures occurred
      
      Bug: 65681219
      Test: build
      Change-Id: I2a6445d6372ee4e768cc2cea2140c6de97707a74
      Merged-In: I1092aff40da9dcf09bd044400bedd1f549eb7e38
      aa5f37da
  7. Sep 01, 2017
  8. Aug 31, 2017
    • Steven Moreland's avatar
      Add permissions for screencap for dumpstate. · b5dd44b1
      Steven Moreland authored
      screencap domain needs additional permissions for
      dumpstate to dump screenshots.
      
      Test: adb shell cmd activity bug-report
      Bug: 65206688
      Change-Id: I824f345fd90d286454d570576c5888d7719c4c5c
      b5dd44b1
    • Ray Essick's avatar
      Give media.metrics service access to uid/pkg info · 9b0924e1
      Ray Essick authored
      relax the sepolicy for media.metrics to allow access to
      package manager for uid->packagename mapping functionality.
      
      Bug: 65027506
      Test: read output of 'dumpsys media.metrics'
      Change-Id: I0d25af16c06dc65154cfda854e28ab70ada097c4
      9b0924e1
    • Steven Moreland's avatar
      Permissions for screencap saving files to /sdcard/ · c12c7349
      Steven Moreland authored
      Before screencap was in its own domain, it was able to do
      this by using all of shell's permissions.
      
      The following denials are caused (along with times from running the below test command)
      when screencap is invoked to write a file onto the sdcard:
      08-30 21:03:32.009  4986  4986 I screencap: type=1400 audit(0.0:23): avc: denied { read } for name="primary" dev="tmpfs" ino=19547 scontext=u:r:screencap:s0 tcontext=u:object_r:storage_file:s0 tclass=lnk_file permissive=1
      08-30 21:03:32.009  4986  4986 I screencap: type=1400 audit(0.0:24): avc: denied { search } for name="/" dev="tmpfs" ino=19529 scontext=u:r:screencap:s0 tcontext=u:object_r:tmpfs:s0 tclass=dir permissive=1
      08-30 21:03:32.009  4986  4986 I screencap: type=1400 audit(0.0:25): avc: denied { search } for name="user" dev="tmpfs" ino=19535 scontext=u:r:screencap:s0 tcontext=u:object_r:mnt_user_file:s0 tclass=dir permissive=1
      08-30 21:03:32.009  4986  4986 I screencap: type=1400 audit(0.0:26): avc: denied { read } for name="primary" dev="tmpfs" ino=31198 scontext=u:r:screencap:s0 tcontext=u:object_r:mnt_user_file:s0 tclass=lnk_file permissive=1
      08-30 21:03:32.009  4986  4986 I screencap: type=1400 audit(0.0:27): avc: denied { search } for name="/" dev="sdcardfs" ino=1310722 scontext=u:r:screencap:s0 tcontext=u:object_r:sdcardfs:s0 tclass=dir permissive=1
      08-30 21:03:32.009  4986  4986 I screencap: type=1400 audit(0.0:28): avc: denied { write } for name="image.png" dev="sdcardfs" ino=1310764 scontext=u:r:screencap:s0 tcontext=u:object_r:sdcardfs:s0 tclass=file permissive=1
      08-30 21:03:32.009  4986  4986 I screencap: type=1400 audit(0.0:29): avc: denied { open } for path="/storage/emulated/0/image.png" dev="sdcardfs" ino=1310764 scontext=u:r:screencap:s0 tcontext=u:object_r:sdcardfs:s0 tclass=file permissive=1
      08-30 21:03:32.009  4986  4986 I screencap: type=1400 audit(0.0:30): avc: denied { write open } for path="/data/media/0/image.png" dev="sda45" ino=1310764 scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file permissive=1
      08-30 21:03:32.582  4990  4990 I screencap: type=1400 audit(0.0:31): avc: denied { execute } for name="sh" dev="dm-0" ino=998 scontext=u:r:screencap:s0 tcontext=u:object_r:shell_exec:s0 tclass=file permissive=1
      08-30 21:03:32.582  4990  4990 I screencap: type=1400 audit(0.0:32): avc: denied { read open } for path="/system/bin/sh" dev="dm-0" ino=998 scontext=u:r:screencap:s0 tcontext=u:object_r:shell_exec:s0 tclass=file permissive=1
      08-30 21:03:32.582  4990  4990 I screencap: type=1400 audit(0.0:33): avc: denied { execute_no_trans } for path="/system/bin/sh" dev="dm-0" ino=998 scontext=u:r:screencap:s0 tcontext=u:object_r:shell_exec:s0 tclass=file permissive=1
      08-30 21:03:32.582  4990  4990 I sh      : type=1400 audit(0.0:34): avc: denied { getattr } for path="/system/bin/sh" dev="dm-0" ino=998 scontext=u:r:screencap:s0 tcontext=u:object_r:shell_exec:s0 tclass=file permissive=1
      08-30 21:03:32.586  4990  4990 I sh      : type=1400 audit(0.0:35): avc: denied { ioctl } for path="socket:[57515]" dev="sockfs" ino=57515 ioctlcmd=5401 scontext=u:r:screencap:s0 tcontext=u:r:adbd:s0 tclass=unix_stream_socket permissive=1
      08-30 21:03:32.586  4990  4990 I sh      : type=1400 audit(0.0:36): avc: denied { getattr } for path="socket:[57515]" dev="sockfs" ino=57515 scontext=u:r:screencap:s0 tcontext=u:r:adbd:s0 tclass=unix_stream_socket permissive=1
      08-30 21:03:32.589  4991  4991 I sh      : type=1400 audit(0.0:37): avc: denied { execute_no_trans } for path="/system/bin/am" dev="dm-0" ino=1178 scontext=u:r:screencap:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=1
      08-30 21:03:32.739  4992  4992 I cmd     : type=1400 audit(0.0:38): avc: denied { call } for scontext=u:r:screencap:s0 tcontext=u:r:system_server:s0 tclass=binder permissive=1
      08-30 21:03:32.739  4992  4992 I cmd     : type=1400 audit(0.0:39): avc: denied { use } for path="/dev/null" dev="tmpfs" ino=19514 scontext=u:r:system_server:s0 tcontext=u:r:screencap:s0 tclass=fd permissive=1
      08-30 21:03:32.739  4992  4992 I cmd     : type=1400 audit(0.0:40): avc: denied { transfer } for scontext=u:r:screencap:s0 tcontext=u:r:system_server:s0 tclass=binder permissive=1
      08-30 21:03:32.741   575   575 E SELinux : avc:  denied  { find } for service=activity pid=4992 uid=2000 scontext=u:r:screencap:s0 tcontext=u:object_r:activity_service:s0 tclass=service_manager permissive=1
      08-30 21:03:32.749   837   837 I Binder:837_9: type=1400 audit(0.0:41): avc: denied { call } for scontext=u:r:system_server:s0 tcontext=u:r:screencap:s0 tclass=binder permissive=1
      
      If /data/media/ is deleted, the following denials also occur:
      08-31 00:45:45.966  8899  8899 I screencap: type=1400 audit(0.0:43): avc: denied { search } for name="0" dev="sda45" ino=1310728 scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=dir permissive=1
      08-31 00:45:45.966  8899  8899 I screencap: type=1400 audit(0.0:44): avc: denied { read open } for path="/data/media/0" dev="sda45" ino=1310728 scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=dir permissive=1
      08-31 00:45:45.966  8899  8899 I screencap: type=1400 audit(0.0:48): avc: denied { write } for name="0" dev="sda45" ino=1310728 scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=dir permissive=1
      08-31 00:45:45.966  8899  8899 I screencap: type=1400 audit(0.0:49): avc: denied { add_name } for name="image.png" scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=dir permissive=1
      08-31 00:45:45.966  8899  8899 I screencap: type=1400 audit(0.0:50): avc: denied { create } for name="image.png" scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file permissive=1
      08-31 00:45:45.966  8899  8899 I screencap: type=1400 audit(0.0:51): avc: denied { setattr } for name="image.png" dev="sda45" ino=1310764 scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file permissive=1
      08-31 00:45:45.966  8899  8899 I screencap: type=1400 audit(0.0:53): avc: denied { write open } for path="/data/media/0/image.png" dev="sda45" ino=1310764 scontext=u:r:screencap:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file permissive=1
      08-31 01:04:29.741  6625  6625 W screencap: type=1400 audit(0.0:23): avc: denied { write } for name="0" dev="sdcardfs" ino=655364 scontext=u:r:screencap:s0 tcontext=u:object_r:sdcardfs:s0 tclass=dir permissive=0
      
      Test: adb shell screencap -p /sdcard/phone.png
      Bug: 65206688
      Change-Id: I808429b25fa3118fef7931050ab757c9bcd61881
      c12c7349
  9. Aug 29, 2017
  10. Aug 28, 2017
  11. Aug 26, 2017
  12. Aug 25, 2017
  13. Aug 24, 2017
    • Jeff Vander Stoep's avatar
      Fix label on /dev/input · a43209eb
      Jeff Vander Stoep authored
      Commit 780a71e7 changed ueventd's selinux label lookup from /dev/input/
      to /dev/input which no longer matches the regex in core policy
      file_contexts. Fix the regex to match /dev/input and /dev/input/.
      
      avc: denied { read } for name="input" dev="tmpfs" ino=14092
      scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:device:s0
      tclass=dir
      avc: denied { open } for path="/dev/input" dev="tmpfs"
      ino=14092 scontext=u:r:hal_camera_default:s0
      tcontext=u:object_r:device:s0 tclass=dir
      
      Change-Id: I8f42f5cd96fc8353bf21d3ee6c3de9e2872f229f
      Fixes: 64997761
      Fixes: 64954704
      Test: no camera HAL denials
      a43209eb
    • TreeHugger Robot's avatar
    • TreeHugger Robot's avatar
    • John Stultz's avatar
      sepolicy: Define and allow map permission for vendor dir · 9f3f3784
      John Stultz authored
      This patch tries to provide similar functionality as the previous
      change made here:
      https://android-review.googlesource.com/#/c/platform/system/sepolicy/+/432339/
      
      
      
      Only, making sure we add the same map permissions for the vendor
      directory.
      
      Signed-off-by: default avatarJohn Stultz <john.stultz@linaro.org>
      
      (cherry picked from commit 24537b2e)
      
      Bug: 65011018
      Test: policy compiles.
      Change-Id: I4d0319011ef4ef043134bf299dc4823a6c418717
      9f3f3784
    • Jeff Vander Stoep's avatar
      hal_configstore: use crash_dump fallback path · c5884836
      Jeff Vander Stoep authored
      Configstore HAL uses a seccomp filter which blocks the standard
      path of execing crash_dump to collect crash data. Add permission
      to use crash_dump's fallback mechanism.
      
      Allowing configstore to write to the socket provided by tombstoned
      required either exempting configstore from a neverallow rule, or
      removing the neverallow rule entirely. Since the neverallow rule
      could potentially prevent partners for doing security hardening,
      it has been removed.
      
      Bug: 64768925
      Bug: 36453956
      
      Test: killall -ABRT android.hardware.configstore@1.1-service
          Results in a call stack in logcat, and tombstone in
          /data/tombstones
      Test: configstore runs without crashing
      Test: SANITIZE_TARGET="address coverage" make vts -j64
          vts-tradefedrun commandAndExit vts --skip-all-system-status-check \
          -primary-abi-only --skip-preconditions -l VERBOSE --module \
          VtsHalConfigstoreV1_0IfaceFuzzer
      
      Change-Id: I1ed5265f173c760288d856adb9292c4026da43d6
      (cherry picked from commit 9924d782)
      c5884836
  14. Aug 23, 2017
    • Michael Wright's avatar
      O MR1 is API 27 · a9bfbbfe
      Michael Wright authored
      Bug: 64982450
      Test: manual
      Change-Id: Ic5d25b8a12271e5bfa71e30843a36fb643b914ff
      a9bfbbfe
  15. Aug 18, 2017
  16. Aug 17, 2017
  17. Aug 16, 2017
Loading