Commits · aaa363cd2698ae0e40cb00f4941ef828d520c931 · Werner Sembach / AndroidSystemSEPolicy

Aug 23, 2016

Port from pcre to pcre2 (Fix wrong merge decision) · aaa363cd
Janis Danisevskis authored 8 years ago
```
am: 750d797b

Change-Id: I1e9de6697e2755da0b9f0ff11a799ad976ccd8a0
```
aaa363cd
fix build: exclude bluetooth from neverallow restriction · 73150780
Nick Kralevich authored 8 years ago
```
am: 7e380216

Change-Id: I7cbf52fd8cee1f5e40fa06f114abf294cb9c61f5
```
73150780
Allow system_server to make keystore_data_file links am: a67411c9 · bb1270b9
Chad Brubaker authored 8 years ago
```
am: 28a896bf

Change-Id: I03d4d3dddf505125b09750f2b79b426edf06c158
```
bb1270b9
Allow system_server to make keystore_data_file links · 28a896bf
Chad Brubaker authored 8 years ago
```
am: a67411c9

Change-Id: If2ab59c09b2ccf444281fdf9003e36119eb7295f
```
28a896bf

fix build: exclude bluetooth from neverallow restriction · 7e380216

Nick Kralevich authored 8 years ago

Bluetooth is sometimes started from init.

Addresses the following compiler error:

  libsepol.report_failure: neverallow on line 489 of
  system/sepolicy/domain.te (or line 9149 of policy.conf) violated by
  allow init bluetooth:process { transition };
  libsepol.check_assertions: 1 neverallow failures occurred
  Error while expanding policy

Change-Id: I2bc1e15217892e1ba2a62c9683af0f3c0aa16b86

7e380216

Aug 22, 2016

Remove platform_app from neverallow execute from /data · b81614a7
Nick Kralevich authored 8 years ago
```
am: c55cf17a

Change-Id: I391b6da84ad3b390511a73f7b874e2de2c4399c1
```
b81614a7
Rework neverallow for /data execute permission · 4706ba48
Eino-Ville Talvala authored 8 years ago
```
am: eedacf83

Change-Id: I70ec1b35449727df62817f482c8199e5a58716aa
```
4706ba48
Allow system_server to make keystore_data_file links · a67411c9
Chad Brubaker authored 8 years ago
```
Bug: 28746284
Change-Id: Ib5e294402c549d8ed6764722220484c5655951a9
```
a67411c9

Remove platform_app from neverallow execute from /data · c55cf17a

Nick Kralevich authored 8 years ago

Apparently some manufacturers sign APKs with the platform key
which use renderscript. Renderscript works by compiling the
.so file, and placing it in the app's home directory, where the
app loads the content.

Drop platform_app from the neverallow restriction to allow partners
to add rules allowing /data execute for this class of apps.

We should revisit this in the future after we have a better
solution for apps which use renderscript.

Bug: 29857189
Change-Id: I058a802ad5eb2a67e657b6d759a3ef4e21cbb8cc

c55cf17a

Rework neverallow for /data execute permission · eedacf83

Eino-Ville Talvala authored 8 years ago

Previously appdomains allowed to execute off of /data
where whitelisted. This had the unfortunate side effect of
disallowing the creation of device specific app domains
with fewer permissions than untrusted_app. Instead grant
all apps a neverallow exemption and blacklist specific app
domains that should still abide by the restriction.

This allows devices to add new app domains that need
/data execute permission without conflicting with this rule.

Bug: 26906711

(cherry picked from commit c5266df9)

Change-Id: I4adb58e8c8b35122d6295db58cedaa355cdd3924

eedacf83

Port from pcre to pcre2 (Fix wrong merge decision) · 750d797b
Janis Danisevskis authored 8 years ago
```
Ports check_seapp to pcre2.

Change-Id: If3faac5b911765a66eab074f7da2511624c3fc97
```
750d797b

Aug 19, 2016

Port from pcre to pcre2 am: a15ea578 -s ours · c753392e
Janis Danisevskis authored 8 years ago
```
am: a7d5e610

Change-Id: I482b66f4a53034a16f7a943d105f73b7b07c07b0
```
c753392e

Port from pcre to pcre2 · a7d5e610

Janis Danisevskis authored 8 years ago

am: a15ea578  -s ours

Change-Id: I8acaaf29d6cd06291c45f3a1fb2e246718543922

a7d5e610

Port from pcre to pcre2 · a15ea578

Janis Danisevskis authored 8 years ago

Ports check_seapp to pcre2.

Merged-In: Ib9977326cfbb19ce143b04504f41afb884f2ec17
Bug: 24091652
Change-Id: Ib9977326cfbb19ce143b04504f41afb884f2ec17

a15ea578

Aug 18, 2016
- Allow init to mount /odm, /vendor early am: c3774720 · 3a0f4f60
  Hung-ying Tyan authored 8 years ago
  
  am: a54911b6 Change-Id: I694d22230efe31c8b05374311cbe479b06c062fb
  3a0f4f60
- Allow init to mount /odm, /vendor early · a54911b6
  Hung-ying Tyan authored 8 years ago
  
  am: c3774720 Change-Id: I7ffbc6c1d4213fe68c52ded884bd9db9f6b37fb1
  a54911b6
Aug 15, 2016

Allow init to mount /odm, /vendor early · c3774720

Hung-ying Tyan authored 9 years ago

Specifically we need init to relabel (/dev/device-mapper, /dev/block/dm-?)
and other files in /dev/block/* from tmpfs to dm_device and block_device
respectively.

BUG=27805372

Change-Id: I16af6e803f8e4150481137aba24d5406872f9c62

c3774720

Aug 14, 2016
- Merge "fine-grained policy for access to /proc/zoneinfo" am: 89a8ed4e · 1cf57199
  Nick Kralevich authored 8 years ago
  
  am: 9cb9c4bd Change-Id: I1b8dc30e19617d9081219d38e417c4157dd88be1
  1cf57199
- Merge "fine-grained policy for access to /proc/zoneinfo" · 9cb9c4bd
  Nick Kralevich authored 8 years ago
  
  am: 89a8ed4e Change-Id: I3733a74a23b3ece3a38fa2d7a2b3ea996f95c87f
  9cb9c4bd
- Merge "fine-grained policy for access to /proc/zoneinfo" · 89a8ed4e
  Nick Kralevich authored 8 years ago
  
  89a8ed4e
Aug 12, 2016
- Merge "Fix init's restorecon of /dev/kmsg." am: c0937b6e · b5396d98
  Elliott Hughes authored 8 years ago
  
  am: b70abb6e Change-Id: I1b1fed22276faec32759d9b705fce60caa093d20
  b5396d98
- Merge "Fix init's restorecon of /dev/kmsg." · b70abb6e
  Elliott Hughes authored 8 years ago
  
  am: c0937b6e Change-Id: I06890bb6755d084f37bf6fb6564e4e1abeac8c06
  b70abb6e
- Merge "Fix init's restorecon of /dev/kmsg." · c0937b6e
  Treehugger Robot authored 8 years ago
  
  c0937b6e
Aug 11, 2016

Fix init's restorecon of /dev/kmsg. · bbf7d257

Elliott Hughes authored 8 years ago

Bug: http://b/30699558
Change-Id: Id9b213967ab290f45d1b8a5ab6712845ac9a0b69
Merged-In: Id9b213967ab290f45d1b8a5ab6712845ac9a0b69

bbf7d257

Aug 10, 2016
- resolve merge conflicts of d63084d3 to stage-aosp-master · 0f41c34e
  Alex Deymo authored 8 years ago
  
  am: c2e2b4e0 Change-Id: I6a20e6985ae53875765710207c553ebbea4347e3
  0f41c34e
- resolve merge conflicts of d63084d3 to stage-aosp-master · c2e2b4e0
  Alex Deymo authored 8 years ago
  
  Change-Id: I21dbd14d4e1bd89619e6fff91a85ed3fba02c324
  c2e2b4e0
Aug 09, 2016

Allow executing update_engine_sideload from recovery. · d63084d3

Alex Deymo authored 8 years ago

The recovery flow for A/B devices allows to sideload an OTA downloaded
to a desktop and apply from recovery. This patch allows the "recovery"
context to perform all the operations required to apply an update as
update_engine would do in the background. These rules are now extracted
into a new attributte called update_engine_common shared between
recovery and update_engine.

Bug: 27178350
Change-Id: I97b301cb2c039fb002e8ebfb23c3599463ced03a

d63084d3

Aug 08, 2016
- resolve merge conflicts of 9cc3a580 to stage-aosp-master · 47566d65
  dcashman authored 8 years ago
  
  am: 8ba28103 Change-Id: I0f6d2305b824a9793faaab75e92715172fc30880
  47566d65
- resolve merge conflicts of 9cc3a580 to stage-aosp-master · 8ba28103
  dcashman authored 8 years ago
  
  Change-Id: I2593e100bdad420d0d988fbaeb8d2ec259b8df1d
  8ba28103
- fine-grained policy for access to /proc/zoneinfo · 7078e8b6
  Daniel Micay authored 8 years ago
  
  Change-Id: Ica9a16311075f5cc3744d0e0833ed876e201029f
  7078e8b6
- Merge "appdomain: neverallow direct input_device access" · 9cc3a580
  Treehugger Robot authored 8 years ago
  
  9cc3a580
Aug 05, 2016

resolve merge conflicts of 5423db6e to stage-aosp-master · b10f3fbc
Daniel Micay authored 8 years ago
```
am: 5e6aa65f

Change-Id: I0e9dbefe4f393b13662bf9a520c878de5f221397
```
b10f3fbc
resolve merge conflicts of 5423db6e to stage-aosp-master · 5e6aa65f
dcashman authored 8 years ago
```
Change-Id: I16706423534069f69bd0305ac500a9cd74db55a6
```
5e6aa65f
Merge "te_macros: drop unused macros" am: 2b33112a · 006582cd
William Roberts authored 8 years ago
```
am: 98ff70cc

Change-Id: Ia8d1ee546acddb9b19827e6db9d6ce1d8d25411d
```
006582cd

restrict access to timing information in /proc · 5423db6e

Daniel Micay authored 8 years ago

These APIs expose sensitive information via timing side channels. This
leaves access via the adb shell intact along with the current uses by
dumpstate, init and system_server.

The /proc/interrupts and /proc/stat files were covered in this paper:

https://www.lightbluetouchpaper.org/2016/07/29/yet-another-android-side-channel/

The /proc/softirqs, /proc/timer_list and /proc/timer_stats files are
also relevant.

Access to /proc has been greatly restricted since then, with untrusted
apps no longer having direct access to these, but stricter restrictions
beyond that would be quite useful.

Change-Id: Ibed16674856569d26517e5729f0f194b830cfedd

5423db6e

Merge "te_macros: drop unused macros" · 98ff70cc
William Roberts authored 8 years ago
```
am: 2b33112a

Change-Id: I08987ae7229ebbbbcf980be4aaef2eb8fb7e24da
```
98ff70cc
Merge "te_macros: drop unused macros" · 2b33112a
Treehugger Robot authored 8 years ago

2b33112a

Aug 04, 2016

te_macros: drop unused macros · 2925c1cc

William Roberts authored 8 years ago


boolean and setenforce macros are not used in base policy
and cannot be used in any policy, since they violate
neverallow rules.

Remove these from the policy.

Change-Id: Icc0780eaf06e95af36306031e1f615b05cb79869
Signed-off-by: William Roberts <william.c.roberts@intel.com>

2925c1cc

Aug 03, 2016
- sepolicy: Add CAP_WAKE_ALARM to system_server.te am: 19b6485f · 4a72e72a
  John Stultz authored 8 years ago
  
  am: e4025649 Change-Id: Ief8c1bb3927c2dca50459db8e71b330e0a58608e
  4a72e72a
- sepolicy: Add CAP_WAKE_ALARM to system_server.te · e4025649
  John Stultz authored 8 years ago
  
  am: 19b6485f Change-Id: I0574ab7e70a8b3d906a5b11368239d58d1d64e70
  e4025649