Commits · cbaa2b7d37c0810009cc0ffa4026334b4bf3096e · Werner Sembach / AndroidSystemSEPolicy

Jan 04, 2016

Reduce the socket ioctl commands available to untrusted/isolated apps.
Neverallow accessing sensitive information or setting of network parameters.
Neverallow access to device private ioctls i.e. device specific
customizations as these are a common source of driver bugs.

Define common ioctl commands in ioctl_defines.

Bug: 26267358
Change-Id: Ic5c0af066e26d4cb2867568f53a3e65c5e3b5a5d

cbaa2b7d

Dec 11, 2015
- Merge "Add rules for running audio services in audioserver" · e02e6c03
  Andy Hung authored 9 years ago
  
  e02e6c03
- Migrate to upstream policy version 30 · 3a0ce49b
  Jeff Vander Stoep authored 9 years ago
  
  Grant untrusted_app and isolated_app unpriv_sock_perms, neverallow priv_sock_perms to disallow access to MAC address and ESSID. Change-Id: Idac3b657a153e7d7fdc647ff34b876a325d759b3
  3a0ce49b
- su.te: dontaudit su property_type:file am: 1638208f · 66e15129
  Nick Kralevich authored 9 years ago
  
  am: 5fc257e4 * commit '5fc257e4': su.te: dontaudit su property_type:file
  66e15129
- Restore sysfs_devices_system_cpu to domain.te am: 4e2d2245 · 4b3d1675
  Nick Kralevich authored 9 years ago
  
  am: 66e4cf84 * commit '66e4cf84': Restore sysfs_devices_system_cpu to domain.te
  4b3d1675
Dec 10, 2015

su.te: dontaudit su property_type:file · 5fc257e4
Nick Kralevich authored 9 years ago
```
am: 1638208f

* commit '1638208f':
  su.te: dontaudit su property_type:file
```
5fc257e4

su.te: dontaudit su property_type:file · 1638208f

Nick Kralevich authored 9 years ago

The "su" domain is in globally permissive mode on userdebug/eng
builds. No SELinux denials are suppose to be generated when running
under "su".

Get rid of useless SELinux denials coming from su trying to stat
files in /dev/__properties__. For example: "ls -la /dev/__properties__"
as root.

Addresses the following denials:

avc: denied { getattr } for pid=14692 comm="ls" path="/dev/__properties__/u:object_r:wc_transport_prop:s0" dev="tmpfs" ino=10597 scontext=u:r:su:s0 tcontext=u:object_r:wc_transport_prop:s0 tclass=file permissive=1
avc: denied { getattr } for pid=14692 comm="ls" path="/dev/__properties__/u:object_r:qseecomtee_prop:s0" dev="tmpfs" ino=10596 scontext=u:r:su:s0 tcontext=u:object_r:qseecomtee_prop:s0 tclass=file permissive=1
avc: denied { getattr } for pid=14692 comm="ls" path="/dev/__properties__/u:object_r:radio_atfwd_prop:s0" dev="tmpfs" ino=10595 scontext=u:r:su:s0 tcontext=u:object_r:radio_atfwd_prop:s0 tclass=file permissive=1
avc: denied { getattr } for pid=14692 comm="ls" path="/dev/__properties__/u:object_r:qcom_ims_prop:s0" dev="tmpfs" ino=10594 scontext=u:r:su:s0 tcontext=u:object_r:qcom_ims_prop:s0 tclass=file permissive=1
avc: denied { getattr } for pid=14692 comm="ls" path="/dev/__properties__/u:object_r:contexthub_prop:s0" dev="tmpfs" ino=10593 scontext=u:r:su:s0 tcontext=u:object_r:contexthub_prop:s0 tclass=file permissive=1

Change-Id: Ief051a107f48c3ba596a31d01cd90fb0f3442a69

1638208f

Restore sysfs_devices_system_cpu to domain.te · 66e4cf84
Nick Kralevich authored 9 years ago
```
am: 4e2d2245

* commit '4e2d2245':
  Restore sysfs_devices_system_cpu to domain.te
```
66e4cf84

Restore sysfs_devices_system_cpu to domain.te · 4e2d2245

Nick Kralevich authored 9 years ago

Lots of processes access CPU information. This seems to be triggered
by libraries loaded into every Android process. Allow the access.

Addresses the following denials:

adbd : type=1400 audit(0.0:3): avc: denied { search } for name="cpu" dev="sysfs" ino=32 scontext=u:r:adbd:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=dir permissive=1
adbd : type=1400 audit(0.0:4): avc: denied { read } for name="online" dev="sysfs" ino=34 scontext=u:r:adbd:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=file permissive=1
adbd : type=1400 audit(0.0:5): avc: denied { open } for path="/sys/devices/system/cpu/online" dev="sysfs" ino=34 scontext=u:r:adbd:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=file permissive=1
adbd : type=1400 audit(0.0:6): avc: denied { getattr } for path="/sys/devices/system/cpu/online" dev="sysfs" ino=34 scontext=u:r:adbd:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=file permissive=1

Change-Id: Ie7bfae53bdf670028db724d2720447ead42bad35

4e2d2245

Dec 09, 2015
- Merge "autoplay_app: access to services and other permissions" · f3a05203
  Jeffrey Vander Stoep authored 9 years ago
  
  f3a05203
- autoplay_app: access to services and other permissions · b7baa7fd
  Jeff Vander Stoep authored 9 years ago
  
  Change-Id: I01bb0ad7c93e807cd76135bce554abf0908a54ab
  b7baa7fd
- Remove core_property_type from ctl_* properties am: f01453ad · 003eddfc
  Nick Kralevich authored 9 years ago
  
  am: 4b689152 * commit '4b689152': Remove core_property_type from ctl_* properties
  003eddfc
- Remove core_property_type from ctl_* properties · 4b689152
  Nick Kralevich authored 9 years ago
  
  am: f01453ad * commit 'f01453ad': Remove core_property_type from ctl_* properties
  4b689152
- Remove core_property_type from ctl_* properties · f01453ad
  Nick Kralevich authored 9 years ago
  
  Per https://android-review.googlesource.com/185392 , ctl.* properties are not represented as files in the filesystem. So there's no need to grant read access to them, since it's pointless. Remove core_property_type from these properties, which has the net effect of removing read access to these non-existent files. Change-Id: Ic1ca574668a3511c335a7036a2bb7993ff02c1e3
  f01453ad
- Remove property read access for non-core properties am: 5a570a4b · ea285aaa
  Nick Kralevich authored 9 years ago
  
  am: 4c1bbc30 * commit '4c1bbc30': Remove property read access for non-core properties
  ea285aaa
- Revert "Migrate to upstream policy version 30" am: 5ca5696e · e5c99c07
  Jeffrey Vander Stoep authored 9 years ago
  
  am: 4cf49a91 * commit '4cf49a91': Revert "Migrate to upstream policy version 30"
  e5c99c07
- Remove property read access for non-core properties · 4c1bbc30
  Nick Kralevich authored 9 years ago
  
  am: 5a570a4b * commit '5a570a4b': Remove property read access for non-core properties
  4c1bbc30
- Revert "Migrate to upstream policy version 30" · 4cf49a91
  Jeffrey Vander Stoep authored 9 years ago
  
  am: 5ca5696e * commit '5ca5696e': Revert "Migrate to upstream policy version 30"
  4cf49a91
Dec 08, 2015
- Remove property read access for non-core properties · 5a570a4b
  Nick Kralevich authored 9 years ago
  
  Instead of allowing global read access to all properties, only allow read access to the properties which are part of core SELinux policy. Device-specific policies are no longer readable by default and need to be granted in device-specific policy. Grant read-access to any property where the person has write access. In most cases, anyone who wants to write a property needs read access to that property. Change-Id: I2bd24583067b79f31b3bb0940b4c07fc33d09918
  5a570a4b
- Merge "mediaextractor service doesn't need execmem" · 5b1cfcf8
  Marco Nelissen authored 9 years ago
  
  5b1cfcf8
- Revert "Migrate to upstream policy version 30" · 4f9107df
  Jeffrey Vander Stoep authored 9 years ago
  
  This reverts commit 2ea23a6e. Change-Id: I5e9efa56d74ab22030611cab515e050e0bb77aca
  4f9107df
- Revert "Migrate to upstream policy version 30" · 5ca5696e
  Jeffrey Vander Stoep authored 9 years ago
  
  This reverts commit 2ea23a6e. Change-Id: I5e9efa56d74ab22030611cab515e050e0bb77aca
  5ca5696e
- Merge "Allow update_verifier to access bootctrl_block_device." am: e8b176ed am: 7a0b8efe · 690866fa
  Tao Bao authored 9 years ago
  
  am: ac60c3a4 * commit 'ac60c3a4': Allow update_verifier to access bootctrl_block_device.
  690866fa
- Merge "Allow update_verifier to access bootctrl_block_device." am: e8b176ed · ac60c3a4
  Tao Bao authored 9 years ago
  
  am: 7a0b8efe * commit '7a0b8efe': Allow update_verifier to access bootctrl_block_device.
  ac60c3a4
- Allow update_verifier to access bootctrl_block_device. am: 14b6f449 · 8bb76fd1
  Tao Bao authored 9 years ago
  
  am: 85af2526 * commit '85af2526': Allow update_verifier to access bootctrl_block_device.
  8bb76fd1
- Merge "Allow update_verifier to access bootctrl_block_device." · 7a0b8efe
  Tao Bao authored 9 years ago
  
  am: e8b176ed * commit 'e8b176ed': Allow update_verifier to access bootctrl_block_device.
  7a0b8efe
- Allow update_verifier to access bootctrl_block_device. · 85af2526
  Tao Bao authored 9 years ago
  
  am: 14b6f449 * commit '14b6f449': Allow update_verifier to access bootctrl_block_device.
  85af2526
- Allow update_verifier to access bootctrl_block_device. · 14b6f449
  Tao Bao authored 9 years ago
  
  Bug: 26039641 Change-Id: Ifd96b105f054b67f881529db3fe94718cab4a0f4 (cherry picked from commit 8eaf2585)
  14b6f449
- Merge "Allow update_verifier to access bootctrl_block_device." · e8b176ed
  Tao Bao authored 9 years ago
  
  e8b176ed
- Change /dev/ion from read-only to read-write am: 71fd337f am: 637af04e · 146f9101
  Nick Kralevich authored 9 years ago
  
  am: def6593d * commit 'def6593d': Change /dev/ion from read-only to read-write
  146f9101
- Change /dev/ion from read-only to read-write am: 71fd337f · def6593d
  Nick Kralevich authored 9 years ago
  
  am: 637af04e * commit '637af04e': Change /dev/ion from read-only to read-write
  def6593d
- Change /dev/ion from read-only to read-write · 637af04e
  Nick Kralevich authored 9 years ago
  
  am: 71fd337f * commit '71fd337f': Change /dev/ion from read-only to read-write
  637af04e
- Change /dev/ion from read-only to read-write · 71fd337f
  Nick Kralevich authored 9 years ago
  
  Even though /dev/ion can allocate memory when opened in read-only mode, some processes seem to unnecessarily open it in read-write mode. This doesn't seem to be harmful, and was originally allowed in domain_deprecated. Re-allow it. Bug: 25965160 Change-Id: Icaf948be89a8f2805e9b6a22633fa05b69988e4f
  71fd337f
- mediaextractor service doesn't need execmem · 577655b1
  Marco Nelissen authored 9 years ago
  
  Change-Id: I6f07a36af3ff3cf5ba13322e1910b4455d2adbb7
  577655b1
- Merge "Migrate to upstream policy version 30" am: 9a3d490e am: 862e4ab1 · e0bc1627
  Jeffrey Vander Stoep authored 9 years ago
  
  am: af56999e * commit 'af56999e': Migrate to upstream policy version 30
  e0bc1627
- shell.te: Restore /proc/net access am: 99c78bf2 am: ce890bf8 · 46e7d2bc
  Nick Kralevich authored 9 years ago
  
  am: 3dd51b99 * commit '3dd51b99': shell.te: Restore /proc/net access
  46e7d2bc
- Merge "Migrate to upstream policy version 30" am: 9a3d490e · af56999e
  Jeffrey Vander Stoep authored 9 years ago
  
  am: 862e4ab1 * commit '862e4ab1': Migrate to upstream policy version 30
  af56999e
- shell.te: Restore /proc/net access am: 99c78bf2 · 3dd51b99
  Nick Kralevich authored 9 years ago
  
  am: ce890bf8 * commit 'ce890bf8': shell.te: Restore /proc/net access
  3dd51b99
- Merge "Migrate to upstream policy version 30" · 862e4ab1
  Jeffrey Vander Stoep authored 9 years ago
  
  am: 9a3d490e * commit '9a3d490e': Migrate to upstream policy version 30
  862e4ab1
- shell.te: Restore /proc/net access · ce890bf8
  Nick Kralevich authored 9 years ago
  
  am: 99c78bf2 * commit '99c78bf2': shell.te: Restore /proc/net access
  ce890bf8