Skip to content
Snippets Groups Projects
Select Git revision
  • android-7.1.2_r28_klist
  • master default protected
  • pie-cts-release
  • pie-vts-release
  • pie-cts-dev
  • oreo-mr1-iot-release
  • sdk-release
  • oreo-m6-s4-release
  • oreo-m4-s12-release
  • pie-release
  • pie-r2-release
  • pie-r2-s1-release
  • oreo-vts-release
  • oreo-cts-release
  • oreo-dev
  • oreo-mr1-dev
  • pie-gsi
  • pie-platform-release
  • pie-dev
  • oreo-cts-dev
  • android-o-mr1-iot-release-1.0.4
  • android-9.0.0_r8
  • android-9.0.0_r7
  • android-9.0.0_r6
  • android-9.0.0_r5
  • android-8.1.0_r46
  • android-8.1.0_r45
  • android-n-iot-release-smart-display-r2
  • android-vts-8.1_r5
  • android-cts-8.1_r8
  • android-cts-8.0_r12
  • android-cts-7.1_r20
  • android-cts-7.0_r24
  • android-o-mr1-iot-release-1.0.3
  • android-cts-9.0_r1
  • android-8.1.0_r43
  • android-8.1.0_r42
  • android-n-iot-release-smart-display
  • android-p-preview-5
  • android-9.0.0_r3
40 results
Search by author
  • Any Author
  • Werner Sembach Matombo
  • dex dex dex
2 authors
  1. Jan 19, 2016
    • Rubin Xu's avatar
      SELinux rule for ro.device_owner and persist.logd.security · 0c8286fe
      Rubin Xu authored 
      They are introduced for the device owner process logging feature.
That is, for enterprise-owned devices with device owner app provisioned,
the device owner may choose to turn on additional device-wide logging for
auditing and intrusion detection purposes. Logging includes histories of
app process startup, commands issued over ADB and lockscreen unlocking
attempts. These logs will available to the device owner for analysis,
potentially shipped to a remote server if it chooses to.

ro.device_owner will be a master switch to turn off logging, if the device
has no device owner provisioned. persist.logd.security is a switch that
device owner can toggle (via DevicePoliyManager) to enable/disable logging.
Writing to both properties should be only allowed by the system server.

Bug: 22860162
Change-Id: Iabfe2347b094914813b9d6e0c808877c25ccd038
      0c8286fe
  3. Nov 03, 2015
    • Jeff Vander Stoep's avatar
      Create attribute for moving perms out of domain · d22987b4
      Jeff Vander Stoep authored 
      Motivation: Domain is overly permissive. Start removing permissions
from domain and assign them to the domain_deprecated attribute.
Domain_deprecated and domain can initially be assigned to all
domains. The goal is to not assign domain_deprecated to new domains
and to start removing domain_deprecated where it is not required or
reassigning the appropriate permissions to the inheriting domain
when necessary.

Bug: 25433265
Change-Id: I8b11cb137df7bdd382629c98d916a73fe276413c
      d22987b4
  5. Sep 22, 2015
  7. Jun 02, 2015
    • Mark Salyzyn's avatar
      logd: logpersistd · 7e0838aa
      Mark Salyzyn authored 
      (cherry pick from commit 0d22c6ce)

- Enable logpersistd to write to /data/misc/logd
- Enable logpersistd to read from pstore to help complete any content
  lost by reboot disruption
- Enable shell readonly ability logpersistd files in /data/misc/logd
- Enable logcat -f when placed into logd context to act as a
  logpersistd (nee logcatd) agent, restrict access to run only in
  userdebug or eng

Bug: 19608716
Change-Id: I3209582bc796a1093c325c90068a48bf268e5ab5
      7e0838aa
    • Mark Salyzyn's avatar
      logd: logpersistd · 0d22c6ce
      Mark Salyzyn authored 
      - Enable logpersistd to write to /data/misc/logd
- Enable logpersistd to read from pstore to help complete any content
  lost by reboot disruption
- Enable shell readonly ability logpersistd files in /data/misc/logd
- Enable logcat -f when placed into logd context to act as a
  logpersistd (nee logcatd) agent, restrict access to run only in
  userdebug or eng

Bug: 19608716
Change-Id: I3209582bc796a1093c325c90068a48bf268e5ab5
      0d22c6ce
  9. Mar 11, 2015
    • Mark Salyzyn's avatar
      logd: allow access to system files · 61d665af
      Mark Salyzyn authored 
      - allow access for /data/system/packages.xml.
- deprecate access to /dev/logd_debug (can use /dev/kmsg for debugging)
- allow access to /dev/socket/logd for 'logd --reinit'

Bug: 19681572
Change-Id: Iac57fff1aabc3b061ad2cc27969017797f8bef54
      61d665af
  11. Oct 16, 2014
  13. Sep 08, 2014
    • Stephen Smalley's avatar
      Annotate MLS trusted subjects and objects. · 45731c70
      Stephen Smalley authored 
      
When using MLS (i.e. enabling levelFrom= in seapp_contexts),
certain domains and types must be exempted from the normal
constraints defined in the mls file.  Beyond the current
set, adbd, logd, mdnsd, netd, and servicemanager need to
be able to read/write to any level in order to communicate
with apps running with any level, and the logdr and logdw
sockets need to be writable by apps running with any level.

This change has no impact unless levelFrom= is specified in
seapp_contexts, so by itself it is a no-op.

Change-Id: I36ed382b04a60a472e245a77055db294d3e708c3
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      45731c70
  15. Apr 07, 2014
  17. Apr 01, 2014
  19. Feb 25, 2014
    • Stephen Smalley's avatar
      Clean up socket rules. · 16011320
      Stephen Smalley authored 
      
Replace * or any permission set containing create with
create_socket_perms or create_stream_socket_perms.

Add net_domain() to all domains using network sockets and
delete rules already covered by domain.te or net.te.

For netlink_route_socket, only nlmsg_write needs to be separately
granted to specific domains that are permitted to modify the routing
table.   Clarification:  read/write permissions are just ability to
perform read/recv() or write/send() on the socket, whereas nlmsg_read/
nlmsg_write permissions control ability to observe or modify the
underlying kernel state accessed via the socket.
See security/selinux/nlmsgtab.c in the kernel for the mapping of
netlink message types to nlmsg_read or nlmsg_write.

Delete legacy rule for b/12061011.

This change does not touch any rules where only read/write were allowed
to a socket created by another domain (inherited across exec or
received across socket or binder IPC).  We may wish to rewrite some or all
of those rules with the rw_socket_perms macro but that is a separate
change.

Change-Id: Ib0637ab86f6d388043eff928e5d96beb02e5450e
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      16011320
  21. Feb 04, 2014
    • Mark Salyzyn's avatar
      sepolicy: Add write_logd, read_logd & control_logd · 8ed750e9
      Mark Salyzyn authored 
      - Add write_logd, read_logd and control_logd macros added along
  with contexts for user space logd.
- Specify above on domain wide, or service-by-service basis
- Add logd rules.
- deprecate access_logcat as unused.
- 'allow <domain> zygote:unix_dgram_socket write;' rule added to
  deal with fd inheritance. ToDo: investigate means to allow
  references to close, and reopen in context of application
  or call setsockcreatecon() to label them in child context.

Change-Id: I35dbb9d5122c5ed9b8c8f128abf24a871d6b26d8
      8ed750e9