Commits · f247dcba467020eabfd6b057b5f126f7395b2d3d · Werner Sembach / AndroidSystemSEPolicy

Aug 24, 2016
- Allow apps to read keychain_data_file links · f247dcba
  Chad Brubaker authored 8 years ago
  
  Bug: 28746284 Change-Id: I59aa235ecba05e22aaa531e387a77f47267ac9ae
  f247dcba
Aug 23, 2016
- Merge "Port from pcre to pcre2 (Fix wrong merge decision)" into stage-aosp-master · 9b5b32c0
  TreeHugger Robot authored 8 years ago
  
  9b5b32c0
- Allow system_server to make keystore_data_file links · 28a896bf
  Chad Brubaker authored 8 years ago
  
  am: a67411c9 Change-Id: If2ab59c09b2ccf444281fdf9003e36119eb7295f
  28a896bf
Aug 22, 2016
- Allow system_server to make keystore_data_file links · a67411c9
  Chad Brubaker authored 8 years ago
  
  Bug: 28746284 Change-Id: Ib5e294402c549d8ed6764722220484c5655951a9
  a67411c9
- Port from pcre to pcre2 (Fix wrong merge decision) · 750d797b
  Janis Danisevskis authored 8 years ago
  
  Ports check_seapp to pcre2. Change-Id: If3faac5b911765a66eab074f7da2511624c3fc97
  750d797b
Aug 19, 2016

am: a15ea578  -s ours

Change-Id: I8acaaf29d6cd06291c45f3a1fb2e246718543922

a7d5e610

Port from pcre to pcre2 · a15ea578

Janis Danisevskis authored 8 years ago

Ports check_seapp to pcre2.

Merged-In: Ib9977326cfbb19ce143b04504f41afb884f2ec17
Bug: 24091652
Change-Id: Ib9977326cfbb19ce143b04504f41afb884f2ec17

a15ea578

Aug 18, 2016
- Allow init to mount /odm, /vendor early · a54911b6
  Hung-ying Tyan authored 8 years ago
  
  am: c3774720 Change-Id: I7ffbc6c1d4213fe68c52ded884bd9db9f6b37fb1
  a54911b6
Aug 15, 2016

Allow init to mount /odm, /vendor early · c3774720

Hung-ying Tyan authored 9 years ago

Specifically we need init to relabel (/dev/device-mapper, /dev/block/dm-?)
and other files in /dev/block/* from tmpfs to dm_device and block_device
respectively.

BUG=27805372

Change-Id: I16af6e803f8e4150481137aba24d5406872f9c62

c3774720

Aug 14, 2016
- Merge "fine-grained policy for access to /proc/zoneinfo" · 9cb9c4bd
  Nick Kralevich authored 8 years ago
  
  am: 89a8ed4e Change-Id: I3733a74a23b3ece3a38fa2d7a2b3ea996f95c87f
  9cb9c4bd
- Merge "fine-grained policy for access to /proc/zoneinfo" · 89a8ed4e
  Nick Kralevich authored 8 years ago
  
  89a8ed4e
Aug 12, 2016
- Merge "Fix init's restorecon of /dev/kmsg." · b70abb6e
  Elliott Hughes authored 8 years ago
  
  am: c0937b6e Change-Id: I06890bb6755d084f37bf6fb6564e4e1abeac8c06
  b70abb6e
- Merge "Fix init's restorecon of /dev/kmsg." · c0937b6e
  Treehugger Robot authored 8 years ago
  
  c0937b6e
Aug 11, 2016

Fix init's restorecon of /dev/kmsg. · bbf7d257

Elliott Hughes authored 8 years ago

Bug: http://b/30699558
Change-Id: Id9b213967ab290f45d1b8a5ab6712845ac9a0b69
Merged-In: Id9b213967ab290f45d1b8a5ab6712845ac9a0b69

bbf7d257

Aug 10, 2016
- resolve merge conflicts of d63084d3 to stage-aosp-master · c2e2b4e0
  Alex Deymo authored 8 years ago
  
  Change-Id: I21dbd14d4e1bd89619e6fff91a85ed3fba02c324
  c2e2b4e0
Aug 09, 2016

Allow executing update_engine_sideload from recovery. · d63084d3

Alex Deymo authored 8 years ago

The recovery flow for A/B devices allows to sideload an OTA downloaded
to a desktop and apply from recovery. This patch allows the "recovery"
context to perform all the operations required to apply an update as
update_engine would do in the background. These rules are now extracted
into a new attributte called update_engine_common shared between
recovery and update_engine.

Bug: 27178350
Change-Id: I97b301cb2c039fb002e8ebfb23c3599463ced03a

d63084d3

Aug 08, 2016
- resolve merge conflicts of 9cc3a580 to stage-aosp-master · 8ba28103
  dcashman authored 8 years ago
  
  Change-Id: I2593e100bdad420d0d988fbaeb8d2ec259b8df1d
  8ba28103
- fine-grained policy for access to /proc/zoneinfo · 7078e8b6
  Daniel Micay authored 8 years ago
  
  Change-Id: Ica9a16311075f5cc3744d0e0833ed876e201029f
  7078e8b6
- Merge "appdomain: neverallow direct input_device access" · 9cc3a580
  Treehugger Robot authored 8 years ago
  
  9cc3a580
Aug 05, 2016

resolve merge conflicts of 5423db6e to stage-aosp-master · 5e6aa65f
dcashman authored 8 years ago
```
Change-Id: I16706423534069f69bd0305ac500a9cd74db55a6
```
5e6aa65f

restrict access to timing information in /proc · 5423db6e

Daniel Micay authored 8 years ago

These APIs expose sensitive information via timing side channels. This
leaves access via the adb shell intact along with the current uses by
dumpstate, init and system_server.

The /proc/interrupts and /proc/stat files were covered in this paper:

https://www.lightbluetouchpaper.org/2016/07/29/yet-another-android-side-channel/

The /proc/softirqs, /proc/timer_list and /proc/timer_stats files are
also relevant.

Access to /proc has been greatly restricted since then, with untrusted
apps no longer having direct access to these, but stricter restrictions
beyond that would be quite useful.

Change-Id: Ibed16674856569d26517e5729f0f194b830cfedd

5423db6e

Merge "te_macros: drop unused macros" · 98ff70cc
William Roberts authored 8 years ago
```
am: 2b33112a

Change-Id: I08987ae7229ebbbbcf980be4aaef2eb8fb7e24da
```
98ff70cc
Merge "te_macros: drop unused macros" · 2b33112a
Treehugger Robot authored 8 years ago

2b33112a

Aug 04, 2016

te_macros: drop unused macros · 2925c1cc

William Roberts authored 8 years ago


boolean and setenforce macros are not used in base policy
and cannot be used in any policy, since they violate
neverallow rules.

Remove these from the policy.

Change-Id: Icc0780eaf06e95af36306031e1f615b05cb79869
Signed-off-by: William Roberts <william.c.roberts@intel.com>

2925c1cc

Aug 03, 2016

sepolicy: Add CAP_WAKE_ALARM to system_server.te · e4025649
John Stultz authored 8 years ago
```
am: 19b6485f

Change-Id: I0574ab7e70a8b3d906a5b11368239d58d1d64e70
```
e4025649

sepolicy: Add CAP_WAKE_ALARM to system_server.te · 19b6485f

John Stultz authored 8 years ago


With v4.8+ kernels, CAP_WAKE_ALARM is needed to set
alarmtimers via timerfd (this change is likely to be
backported to stable as well).

However, with selinux enabled, we also need to allow
the capability on the system_server so this enables it.

Change-Id: I7cd64d587906f3fbc8a129d48a4db07373c74c7e
Signed-off-by: John Stultz <john.stultz@linaro.org>

19b6485f

Jul 27, 2016
- Merge \"Simplify /dev/kmsg SELinux policy.\" · 98fbb318
  Elliott Hughes authored 8 years ago
  
  am: aa2aa219 Change-Id: I5e1634a8c0cee6cb759e0acea086b68dbd21fb7e
  98fbb318
- Merge "Simplify /dev/kmsg SELinux policy." · aa2aa219
  Elliott Hughes authored 8 years ago
  
  aa2aa219
Jul 26, 2016

appdomain: neverallow direct input_device access · e83b9f03

William Roberts authored 8 years ago


Applications should not access /dev/input/* for events, but
rather use events handled via the activity mechanism.

Change-Id: I0182b6be1b7c69d96e4366ba59f14cee67be4beb
Signed-off-by: William Roberts <william.c.roberts@intel.com>

e83b9f03

Simplify /dev/kmsg SELinux policy. · 63b33dc2

Elliott Hughes authored 8 years ago

Bug: http://b/30317429
Change-Id: I5c499c48d5e321ebdf588a162d29e949935ad8ee
Test: adb shell dmesg | grep ueventd

63b33dc2

allow policy to create a file by vfat (fs_type) for a case using sdcardfs · 0f38c642
Eric Bae authored 8 years ago
```
am: 362d6ff1

Change-Id: Ibe19ac1955bad48b5fa1db7ffada46aa78781781
```
0f38c642
resolve merge conflicts of c15090b3 to stage-aosp-master · e88095d8
Daniel Rosenberg authored 8 years ago
```
Change-Id: I87b6797cd2bc9efafe2590e1f69d5787de99af07
```
e88095d8

Jul 22, 2016
- allow policy to create a file by vfat (fs_type) for a case using sdcardfs · 362d6ff1
  Eric Bae authored 8 years ago
  
  Change-Id: Ia938d73b1a49b9ba4acf906df37095d21edee22e
  362d6ff1
- sepolicy: Add policy for sdcardfs and configfs · c15090b3
  Daniel Rosenberg authored 9 years ago
  
  Change-Id: I4c318efba76e61b6ab0be9491c352f281b1c2bff Bug: 19160983
  c15090b3
Jul 20, 2016
- Merge \"logd: Add setpcap for Minijail use.\" · 4cffd854
  Jorge Lucangeli Obes authored 8 years ago
  
  am: 23d703ee Change-Id: I98383d496812ced491a892c1ffb29527d77c63a9
  4cffd854
- Merge "logd: Add setpcap for Minijail use." · 23d703ee
  Treehugger Robot authored 8 years ago
  
  23d703ee
- logd: Add setpcap for Minijail use. · b6287b1e
  Jorge Lucangeli Obes authored 8 years ago
  
  Bug: 30156807 Change-Id: Ie9faf72d35579fa69b4397bdffc8d674f040736c
  b6287b1e
- resolve merge conflicts of 56ed8a4d to stage-aosp-master · 2c4718fc
  Jeff Vander Stoep authored 8 years ago
  
  Change-Id: Ic549f8c8060a17981302f2af75debf34595475bb
  2c4718fc
- Merge changes I86958ebc,I0449575a · 56ed8a4d
  Treehugger Robot authored 8 years ago
  
  * changes: adbd: allow reading apk_data_file adbd: allow reading rootfs dir
  56ed8a4d
Jul 19, 2016

adbd: allow reading apk_data_file · d743ddea

Jeff Vander Stoep authored 8 years ago

avc: denied { search } for comm=73657276696365203139 name="app" dev="sda35" ino=770049 scontext=u:r:adbd:s0 tcontext=u:object_r:apk_data_file:s0 tclass=dir permissive=0

Bug: 30000600
Change-Id: I86958ebcca815ee1779f85fb425592493f40101a

d743ddea