Skip to content
Snippets Groups Projects
Select Git revision
  • android-7.1.2_r28_klist
  • master default protected
  • pie-cts-release
  • pie-vts-release
  • pie-cts-dev
  • oreo-mr1-iot-release
  • sdk-release
  • oreo-m6-s4-release
  • oreo-m4-s12-release
  • pie-release
  • pie-r2-release
  • pie-r2-s1-release
  • oreo-vts-release
  • oreo-cts-release
  • oreo-dev
  • oreo-mr1-dev
  • pie-gsi
  • pie-platform-release
  • pie-dev
  • oreo-cts-dev
  • android-o-mr1-iot-release-1.0.4
  • android-9.0.0_r8
  • android-9.0.0_r7
  • android-9.0.0_r6
  • android-9.0.0_r5
  • android-8.1.0_r46
  • android-8.1.0_r45
  • android-n-iot-release-smart-display-r2
  • android-vts-8.1_r5
  • android-cts-8.1_r8
  • android-cts-8.0_r12
  • android-cts-7.1_r20
  • android-cts-7.0_r24
  • android-o-mr1-iot-release-1.0.3
  • android-cts-9.0_r1
  • android-8.1.0_r43
  • android-8.1.0_r42
  • android-n-iot-release-smart-display
  • android-p-preview-5
  • android-9.0.0_r3
40 results
Search by author
  • Any Author
  • Werner Sembach Matombo
  • dex dex dex
2 authors
  1. Sep 08, 2014
    • Stephen Smalley's avatar
      Annotate MLS trusted subjects and objects. · 45731c70
      Stephen Smalley authored 
      
When using MLS (i.e. enabling levelFrom= in seapp_contexts),
certain domains and types must be exempted from the normal
constraints defined in the mls file.  Beyond the current
set, adbd, logd, mdnsd, netd, and servicemanager need to
be able to read/write to any level in order to communicate
with apps running with any level, and the logdr and logdw
sockets need to be writable by apps running with any level.

This change has no impact unless levelFrom= is specified in
seapp_contexts, so by itself it is a no-op.

Change-Id: I36ed382b04a60a472e245a77055db294d3e708c3
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      45731c70
  3. Aug 21, 2014
    • Nick Kralevich's avatar
      tighten up neverallow rules for init binder operations · 65feafce
      Nick Kralevich authored 
      Init never uses binder, so allowing binder related operations
for init never makes sense. Disallow all binder opertions for
init.

This change expands on commit a730e50b,
disallowing any init binder operation, not just call operations, which
may be accidentally added by blindly running audit2allow.

Change-Id: I12547a75cf68517d54784873846bdadcb60c5112
      65feafce
  5. Jul 15, 2014
    • Riley Spahn's avatar
      Add access control for each service_manager action. · 344fc109
      Riley Spahn authored 
      Add SELinux MAC for the service manager actions list
and find. Add the list and find verbs to the
service_manager class. Add policy requirements for
service_manager to enforce policies to binder_use
macro.

(cherry picked from commit b8511e0d)

Change-Id: I980d4a8acf6a0c6e99a3a7905961eb5564b1be15
      344fc109
  7. Jul 14, 2014
    • Riley Spahn's avatar
      Add access control for each service_manager action. · b8511e0d
      Riley Spahn authored 
      Add SELinux MAC for the service manager actions list
and find. Add the list and find verbs to the
service_manager class. Add policy requirements for
service_manager to enforce policies to binder_use
macro.

Change-Id: I224b1c6a6e21e3cdeb23badfc35c82a37558f964
      b8511e0d
  9. Jun 12, 2014
    • Riley Spahn's avatar
      Add SELinux rules for service_manager. · f90c41f6
      Riley Spahn authored 
      Add a service_mananger class with the verb add.
Add a type that groups the services for each of the
processes that is allowed to start services in service.te
and an attribute for all services controlled by the service
manager. Add the service_contexts file which maps service
name to target label.

Bug: 12909011
Change-Id: I017032a50bc90c57b536e80b972118016d340c7d
      f90c41f6
  11. Oct 31, 2013
  13. Oct 29, 2013
  15. Oct 21, 2013
    • Nick Kralevich's avatar
      Move unconfined domains out of permissive mode. · 353c72e3
      Nick Kralevich authored 
      This change removes the permissive line from unconfined
domains. Unconfined domains can do (mostly) anything, so moving
these domains into enforcing should be a no-op.

The following domains were deliberately NOT changed:
1) kernel
2) init

In the future, this gives us the ability to tighten up the
rules in unconfined, and have those tightened rules actually
work.

When we're ready to tighten up the rules for these domains,
we can:

1) Remove unconfined_domain and re-add the permissive line.
2) Submit the domain in permissive but NOT unconfined.
3) Remove the permissive line
4) Wait a few days and submit the no-permissive change.

For instance, if we were ready to do this for adb, we'd identify
a list of possible rules which allow adbd to work, re-add
the permissive line, and then upload those changes to AOSP.
After sufficient testing, we'd then move adb to enforcing.
We'd repeat this for each domain until everything is enforcing
and out of unconfined.

Change-Id: If674190de3262969322fb2e93d9a0e734f8b9245
      353c72e3
  17. May 20, 2013
    • repo sync's avatar
      Make all domains unconfined. · 77d4731e
      repo sync authored 
      This prevents denials from being generated by the base policy.
Over time, these rules will be incrementally tightened to improve
security.

Change-Id: I4be1c987a5d69ac784a56d42fc2c9063c402de11
      77d4731e
  19. May 15, 2013
  21. Mar 19, 2013
    • Stephen Smalley's avatar
      Update binder-related policy. · 9ce99e39
      Stephen Smalley authored 
      
The binder_transfer_binder hook was changed in the kernel, obsoleting
the receive permission and changing the target of the transfer permission.
Update the binder-related policy to match the revised permission checking.

Change-Id: I1ed0dadfde2efa93296e967eb44ca1314cf28586
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      9ce99e39
  23. Jan 04, 2012