Skip to content
Snippets Groups Projects
Select Git revision
  • android-7.1.2_r28_klist
  • master default protected
  • pie-cts-release
  • pie-vts-release
  • pie-cts-dev
  • oreo-mr1-iot-release
  • sdk-release
  • oreo-m6-s4-release
  • oreo-m4-s12-release
  • pie-release
  • pie-r2-release
  • pie-r2-s1-release
  • oreo-vts-release
  • oreo-cts-release
  • oreo-dev
  • oreo-mr1-dev
  • pie-gsi
  • pie-platform-release
  • pie-dev
  • oreo-cts-dev
  • android-o-mr1-iot-release-1.0.4
  • android-9.0.0_r8
  • android-9.0.0_r7
  • android-9.0.0_r6
  • android-9.0.0_r5
  • android-8.1.0_r46
  • android-8.1.0_r45
  • android-n-iot-release-smart-display-r2
  • android-vts-8.1_r5
  • android-cts-8.1_r8
  • android-cts-8.0_r12
  • android-cts-7.1_r20
  • android-cts-7.0_r24
  • android-o-mr1-iot-release-1.0.3
  • android-cts-9.0_r1
  • android-8.1.0_r43
  • android-8.1.0_r42
  • android-n-iot-release-smart-display
  • android-p-preview-5
  • android-9.0.0_r3
40 results
Search by author
  • Any Author
  • Werner Sembach Matombo
  • dex dex dex
2 authors
  1. Jan 14, 2016
  3. Jan 07, 2016
    • William Roberts's avatar
      fc_sort: initial commit · 29d14688
      William Roberts authored 
      
Ordering matters in fc files; the last match wins. In builds where
many BOARD_SEPOLICY_DIRS are set, the order of that list becomes
increasingly important in order to maintain a cohesive built
file_contexts.

To correct this, we sort the device specific file_contexts entries
with the upstream fc_sort tool.

Change-Id: Id79cc6f434c41179d5c0d0d739c4718918b0b1dc
Signed-off-by: default avatarWilliam Roberts <william.c.roberts@intel.com>
      29d14688
  5. Dec 29, 2015
    • William Roberts's avatar
      Android.mk: cleanse all set but not unset variables · 50a478ef
      William Roberts authored 
      
Discovered by diffing the set of "set variables" with
the set of "cleared variables".

Script:

mydir=$(mktemp -d)

grep -E '(^[a-z].)[a-z0-9_\.]*\s*:?=.' Android.mk  | cut -d' ' -f 1-1 | sort | uniq > $mydir/set_vars
grep -E '(^[a-z].)[a-z0-9_\.]*\s*:?=$' Android.mk | cut -d' ' -f1-1 | sort | uniq > $mydir/unset_vars
diff $mydir/set_vars $mydir/unset_vars
rm -rf $mydir

Change-Id: Ib50abac6b417a1bcc1894d9a7bafdbdca371006a
Signed-off-by: default avatarWilliam Roberts <william.c.roberts@intel.com>
      50a478ef
    • William Roberts's avatar
      Android.mk: clean dependencies and clear variables · 46749752
      William Roberts authored 
      
Dependencies being built with newline files in between
were also including the list of files without the newlines,
thus make would have to process 3n-1 files instead of 2n-1
where n is the number of files to process.

Additionally the *_with_nl variables were not being cleared
out and polluting Make's global name-space.

Change-Id: I76ea1a3dfae994b32991730aea7e4308da52a583
Signed-off-by: default avatarWilliam Roberts <william.c.roberts@intel.com>
      46749752
  7. Dec 16, 2015
    • William Roberts's avatar
      sectxfile_nl: fix superfluous dependencies · cb1ab985
      William Roberts authored 
      
The target sectxfile_nl, which is an auto-generated newline file,
has dependencies on itself and the other files. The dependencies
should be on the other files and this newline file, not the other
way around. Ideally, the *_contexts recipes should have the
dependency recorded for their "contexts" files and the newline
file.

Additionally, recipe dependencies for building the *_contexts files
depended on the list of all the contexts files with the newline file
in that list, however an additional explicit addition of the newline
file was also added in. Remove this, since its in the full list of
files.

Change-Id: Iac658923f23a8d9263d392c44003b6bda4064646
Signed-off-by: default avatarWilliam Roberts <william.c.roberts@intel.com>
      cb1ab985
  9. Dec 14, 2015
    • William Roberts's avatar
      checkfc: add attribute test · ad3cb39e
      William Roberts authored 
      
Enable checkfc to check *_contexts against a set of valid attributes
which must be associated with all types in the contexts file that
is being checked.

Since it's imperative that checkfc knows which file its checking to
choose the proper attribute set, the -s option is introduced to
indicate the service_contexts file. The property_contexts file continues
to use the existing -p and file_contexts requires no specification, aka
it's the default.

Failure examples:
file_contexts:
Error: type "init" is not of set: "fs_type, dev_type, file_type"

service_contexts:
Error: type "init_exec" is not of set: "service_manager_type"

property_contexts:
Error: type "bluetooth_service" is not of set: "property_type"

Change-Id: I62077e4d0760858a9459e753e14dfd209868080f
Signed-off-by: default avatarWilliam Roberts <william.c.roberts@intel.com>
      ad3cb39e
  11. Dec 13, 2015
  13. Dec 08, 2015
  15. Oct 23, 2015
    • Jeff Vander Stoep's avatar
      Temporarily downgrade to policy version number · 0fc831c3
      Jeff Vander Stoep authored 
      Temporarily move from policy version 30 to 29 until device kernels
and prebuilts are all upgraded to the accepted upstream version of
the selinux ioctl command whitelisting code.

(cherry picked from commit 89765083)

Bug: 22846070

Change-Id: I31d1e80aaee164cf41a2f01c6ca846a000898ef4
      0fc831c3
  17. Oct 01, 2015
  19. Sep 29, 2015
  21. Sep 28, 2015
  23. Sep 18, 2015
  25. Aug 13, 2015
  27. Aug 12, 2015
    • Richard Haines's avatar
      Update Android.mk to support file_contexts.bin · c2d01914
      Richard Haines authored 
      
This change supports external/libselinux changes to implement
PCRE formatted binary file_contexts and general_file_contexts.bin
files.

The $(intermediates) directory will contain the original text file
(that is no longer used on the device) with a .tmp extension as well
as the .bin file to aid analysis.

A CleanSpec.mk file is added to remove the old file_contexts file.

Change-Id: I75a781100082c23536f70ce3603f7de42408b5ba
Signed-off-by: default avatarRichard Haines <richard_c_haines@btinternet.com>
      c2d01914
  29. Aug 11, 2015
    • Dan Willemsen's avatar
      Don't assume ordering of $(wildcard ...) · bc2a49f2
      Dan Willemsen authored 
      There are no guarantees on the order of the results from a call to the
wildcard function. In fact, the order usually changes between make 3.81
and make 4.0 (and kati).

Instead, sort the results of wildcard in each sepolicy directory, so
that directory order is preserved, but content ordering is reliable.

Change-Id: I1620f89bbdd2b2902f2e0c40526e893ccf5f7775
      bc2a49f2
  31. Jul 24, 2015
  33. Jul 17, 2015
    • Colin Cross's avatar
      Use build fingerprint from file · 29a463d5
      Colin Cross authored 
      Improve incremental ninja builds by keeping the command line the same
across builds.

Change-Id: Iedbaa40c9f816f91afc8f073a9ed7f9ffd5d9a53
      29a463d5
  35. Jul 16, 2015
  37. Jul 10, 2015
  39. Jul 07, 2015
  41. Jun 30, 2015
  43. Jun 29, 2015
  45. Jun 27, 2015
  47. Jun 25, 2015
    • William Roberts's avatar
      check_seapp: add support for "neverallow" checks · 81e1f90c
      William Roberts authored 
      
Introduce "neverallow" rules for seapp_contexts. A neverallow rule is
similar to the existing key-value-pair entries but the line begins
with "neverallow". A neverallow violation is detected when all keys,
both inputs and outputs are matched. The neverallow rules value
parameter (not the key) can contain regular expressions to assist in
matching. Neverallow rules are never output to the generated
seapp_contexts file.

Also, unless -o is specified, checkseapp runs in silent mode and
outputs nothing. Specifying - as an argument to -o outputs to stdout.

Sample Output:
Error: Rule in File "external/sepolicy/seapp_contexts" on line 87: "user=fake domain=system_app type=app_data_file" violates neverallow in File "external/sepolicy/seapp_contexts" on line 57: "user=((?!system).)* domain=system_app"

Change-Id: Ia4dcbf02feb774f2e201bb0c5d4ce385274d8b8d
Signed-off-by: default avatarWilliam Roberts <william.c.roberts@intel.com>
      81e1f90c
  49. Jun 13, 2015
  51. Jun 05, 2015
    • Jeff Vander Stoep's avatar
      restrict app access to socket ioctls · de9b5301
      Jeff Vander Stoep authored 
      Create a macro of unprivileged ioctls including
- All common socket ioctls except MAC address
- All wireless extensions ioctls except get/set ESSID
- Some commonly used tty ioctls

Bug: 21657002
Change-Id: Ib08be9cb70d08c1fa2c8bddbae519e7c2df5293c
      de9b5301
  53. May 04, 2015
  55. Apr 01, 2015
    • Stephen Smalley's avatar
      Drop BOARD_SEPOLICY_UNION. · 8e0ca886
      Stephen Smalley authored 
      As suggested in the comments on
https://android-review.googlesource.com/#/c/141560/


drop BOARD_SEPOLICY_UNION and simplify the build_policy logic.
Union all files found under BOARD_SEPOLICY_DIRS.

Unlike BOARD_SEPOLICY_REPLACE/IGNORE, on which we trigger an error
to catch any lingering uses and force updating of the BoardConfig.mk
files, we only warn on uses of BOARD_SEPOLICY_UNION to avoid
breaking the build until all device BoardConfig*.mk files have been
updated, and since they should be harmless - the files will be unioned
regardless.

Change-Id: I4214893c999c23631f5456cb1b8edd59771ef13b
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      8e0ca886
  57. Mar 13, 2015
    • Stephen Smalley's avatar
      sepolicy: Drop BOARD_SEPOLICY_IGNORE/REPLACE support. · b4f17069
      Stephen Smalley authored 
      With changes I431c1ab22fc53749f623937154b9ec43469d9645 and
Ia54aa263f2245c7090f4b9d9703130c19f11bd28, it is no longer
legitimate to use BOARD_SEPOLICY_IGNORE or REPLACE with
any of the *_contexts files since the CTS requires the AOSP
entries to be present in the device files.

Further, these changes render BOARD_SEPOLICY_IGNORE unusable for
most policy files since all domains and types referenced within any
of the AOSP *_contexts entries must be defined in the kernel policy, so
you cannot use BOARD_SEPOLICY_IGNORE to exclude any .te file
that defines a type referenced in any of those *_contexts files.
There does not seem to be a significant need for such a facility,
as AOSP policy is small and only domains and types used by most
devices should be defined in external/sepolicy.

BOARD_SEPOLICY_REPLACE is commonly misused to eliminate neverallow rules
from AOSP policy, which will only lead to CTS failures, especially
since change Iefe508df265f62efa92f8eb74fc65542d39e3e74 introduced neverallow
checking on the entire policy via sepolicy-analyze.  The only remaining
legitimate function of BOARD_SEPOLICY_REPLACE is to support overriding
AOSP .te files with more restrictive rule sets.  However, the need for this
facility has been significantly reduced by the fact that AOSP policy
is now fully confined + enforcing for all domains, and further restrictions
beyond AOSP carry a compatibility risk.

Builders of custom policies and custom ROMs still have the freedom to
apply patches on top of external/sepolicy to tighten rule sets (which are
likely more maintainable than maintaining a completely separate copy of
the file via BOARD_SEPOLICY_REPLACE) and/or of using their own separate
policy build system as exemplified by
https://bitbucket.org/quarksecurity/build-policies



Change-Id: I2611e983f7cbfa15f9d45ec3ea301e94132b06fa
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      b4f17069
    • Stephen Smalley's avatar
      Fix rules for general_property_contexts. · c9361731
      Stephen Smalley authored 
      
Failed to include base_rules.mk, so this target was not being built.

Change-Id: I2414fa6c3e3e37c74f63c205e3694d1a811c956e
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      c9361731
  59. Mar 12, 2015