- Apr 03, 2018
-
-
Jeff Vander Stoep authoredTest: build Bug: 68774956 Change-Id: I0f9fd87eb41e67e14f35e49eba13e3d1de745250
-
Chenbo Feng authored
The file under /proc/net/xt_qtaguid is going away in future release. Apps should use the provided public api instead of directly reading the proc file. This change will block apps that based on SDK 28 or above to directly read that file and we will delete that file after apps move away from it. Test: Flashed with master branch on marlin, verified phone boot, can browse web, watch youtube video, make phone call and use google map for navigation with wifi on and off. run cts -m CtsNetTestCases -t android.net.cts.TrafficStatsTest run cts -m CtsAppSecurityHostTestCases -t \ android.appsecurity.cts.AppSecurityTests Change-Id: I4c4d6c9ab28b426acef23db53f171de8f20be1dc (cherry picked from commit 5ec8f843) -
Jeff Vander Stoep authored
This is a partial cherry pick of commit 6231b4d9 'Enforce per-app data protections for targetSdk 28+'. Untrusted_app_27 remains unreachable, but it's existence prevents future merge conflicts. Bug: 63897054 Test: build/boot aosp_walleye-userdebug Change-Id: I64b013874fe87b55f47e817a1279e76ecf86b7c0 Merged-In: I64b013874fe87b55f47e817a1279e76ecf86b7c0 (cherry picked from commit 6231b4d9)
-
Jeff Vander Stoep authored
tagSocket() now results in netd performing these actions on behalf of the calling process. Remove direct access to: /dev/xt_qtaguid /proc/net/xt_qtaguid/ctrl Bug: 68774956 Test: -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AppSecurityTests -m CtsNativeNetTestCases Test: stream youtube, browse chrome Test: go/manual-ab-ota Change-Id: I6a044f304c3ec4e7c6043aebeb1ae63c9c5a0beb
-
- Apr 02, 2018
-
-
Treehugger Robot authored
-
Andreas Gampe authored
Update for debugfs labeling changes. Update for simpleperf behavior with stack traces (temp file). Bug: 73175642 Test: m Test: manual - run profiling, look for logs Change-Id: Ie000a00ef56cc603f498d48d89001f566c03b661
-
Jaekyun Seok authored
A default value of persist.sys.sf.native_mode could be set by SoC partners in some devices including some pixels. So it should have vendor_init_settable accessibility. Bug: 74266614 Test: succeeded building and tested with a pixel device with PRODUCT_COMPATIBLE_PROPERTY_OVERRIDE=true. Change-Id: I5d7a029f82505983d21dc722541fb55761a8714d
-
Jiyong Park authored
This reverts commit 942500b9. Bug: 75287236 Test: boot a device Change-Id: If81a2d2a46979ffbd536bb95528c3b4ebe3483df
-
- Mar 31, 2018
-
-
Treehugger Robot authored
-
- Mar 30, 2018
-
-
Treehugger Robot authored
-
yro authored
Test: manually tested to prevent sepolicy violation Change-Id: I9ebcc86464a9fc61a49d5c9be40f19f3523b6785
-
Treehugger Robot authored
-
Yi Jin authored
Bug: 73354384 Test: manual Change-Id: Iaaeded69c287eae757aaf68dc18bc5a0c53b94e6
-
Treehugger Robot authored
-
Florian Mayer authored
See also go/perfetto-io-tracing-security. * Grant CAP_DAC_READ_SEARCH to traced_probes. * Allow traced_probes to list selected labels. * Change ext4 and f2fs events to be available on user builds. Bug: 74584014 Change-Id: I891a0209be981d760a828a69e4831e238248ebad
-
- Mar 29, 2018
-
-
Tri Vo authored
This will test that system/sepolicy/{public/, private/} are identical to prebuilts if PLATFORM_SEPOLICY_VERSION is not 10000.0. Bug: 74622750 Test: build policy Test: correctly catches divergence from prebuilts for frozen policies Change-Id: I2fa14b672544a021c2d42ad5968dfbac21b72f6a -
Joel Galenson authored
This allows init to write to it, which it does for atrace. Bug: 72643420 Test: Boot two devices, observe no denials, test atrace. Change-Id: I6810e5dcdfaff176bd944317e66d4fe612ccebed (cherry picked from commit dce07413)
-
Elliott Hughes authored
-
Treehugger Robot authored
-
Treehugger Robot authored
-
Chenbo Feng authored
The netutils_wrapper is a process used by vendor code to update the iptable rules on devices. When it update the rules for a specific chain. The iptable module will reload the whole chain with the new rule. So even the netutils_wrapper do not need to add any rules related to xt_bpf module, it will still reloading the existing iptables rules about xt_bpf module and need pass through the selinux check again when the rules are reloading. So we have to grant it the permission to reuse the pinned program in fs_bpf when it modifies the corresponding iptables chain so the vendor module will not crash anymore. Test: device boot and no more denials from netutils_wrapper Bug: 72111305 Change-Id: I62bdfd922c8194c61b13e2855839aee3f1e349be
-
Alan Stokes authored
The kernel generates file creation audits when O_CREAT is passed even if the file already exists - which it always does in the cgroup cases. We add neverallow rules to prevent mistakenly allowing unnecessary create access. We also suppress these denials, which just add noise to the log, for the more common culprits. Bug: 72643420 Bug: 74182216 Test: Ran build_policies.sh and checked failures were unrelated. Test: Device still boots, denials gone. Change-Id: I034b41ca70da1e73b81fe90090e656f4a3b542dc (cherry picked from commit 92c149d0)
-
Treehugger Robot authored
-
Treehugger Robot authored
-
Treehugger Robot authored
-
Alan Stokes authored
In permissive mode we get more spurious denials when O_CREAT is used with an already-existing file. They're harmless so we don't need to audit them. Example denials: denied { add_name } for name="trigger" scontext=u:r:init:s0 tcontext=u:object_r:sysfs_leds:s0 tclass=dir permissive=1 denied { create } for name="trigger" scontext=u:r:init:s0 tcontext=u:object_r:sysfs_leds:s0 tclass=file permissive=1 Bug: 72643420 Bug: 74182216 Test: Device boots, denials gone. Change-Id: I54b1a0c138ff5167f1d1d12c4b0b9e9afaa5bca0 (cherry picked from commit 7d4294cb) -
Tri Vo authored
Bug: 74182216 Change-Id: Ia1c6b67ac93ed6e88c50c1527b48275365bf5fd5 Test: build policy
-
Treehugger Robot authored
-
- Mar 28, 2018
-
-
Tri Vo authored
-
-
Jeff Vander Stoep authored
Access to these files was removed in Oreo. Enforce that access is not granted by partners via neverallow rule. Also disallow most untrusted app access to net.dns.* properties. Bug: 77225170 Test: system/sepolicy/tools/build_policies.sh Change-Id: I85b634af509203393dd2d9311ab5d30c65f157c1
-
Treehugger Robot authored
-
Joel Galenson authored
These denials occur fairly often, causing some logspam. Bug: 77225170 Test: Boot device. Merged-In: Icd73a992aee44007d0873743f706758f9a19a112 Change-Id: Icd73a992aee44007d0873743f706758f9a19a112 (cherry picked from commit a66d1a45)
-
Elliott Hughes authored
Bug: http://b/73140330 Test: boots Change-Id: I8fd27c6eb8c99870cb77019ae06bdb46a934ffc9
-
Tri Vo authored
Bug: 74182216 Test: build policy Change-Id: Ice800c571e9be469dffa212c478c10e63b80deca
-
Treehugger Robot authored
-
Treehugger Robot authored
-
- Mar 27, 2018
-
-
Tri Vo authored
We only need this change for aosp devices. Internal sepolicy for healthd domain is different and does not need this. Addresses this denial: avc: denied { open } for path="/sys/class/power_supply" dev="sysfs" ino=25340 scontext=u:r:healthd:s0 tcontext=u:object_r:sysfs:s0 tclass=dir permissive=1 Test: $OUT/vendor/etc/selinux/precompiled_sepolicy contains the new permission. Change-Id: Ie47c231af800026fd9d8a1f752253bb338768c13 -
Janis Danisevskis authored
The ConfirmationUI API has a callback interface by which confirmation results are presented to the calling app. This requires keystore to call into apps. Test: Device boots and no more denials when call back is delivered to apps. Bug: 63928580 Change-Id: Ie23211aeb74c39956c3c3b8b32843d35afa1315a -
Andreas Gampe authored
Give statsd rights to connect to perfprofd in userdebug. Test: mmma system/extras/perfprofd Change-Id: Idea0a6b757d1b16ec2e6c8719e24900f1e5518fd
-