PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,318 Commits 17 Branches 0 Tags 42 MiB
4200338ec0
Commit Graph

12318 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tri Vo
4200338ec0 Merge "Revert "Neverallow coredomain to kernel interface files."" 2017-11-02 16:36:10 +00:00
Tobias Thierer
83a06805f0 Revert "Neverallow coredomain to kernel interface files." 
This reverts commit 502e43f7d9.

Reason for revert: Suspected to have broken a build, see b/68792382

Bug: 68792382
Change-Id: Ib5d465b7a50a73e3d8d8edd4e6b3426a7bde4249
 2017-11-02 16:03:36 +00:00
Tri Vo
bf4786cf0e Merge "Neverallow coredomain to kernel interface files." 2017-11-01 22:21:28 +00:00
Treehugger Robot
4326073b12 Merge "whitespace fix." 2017-11-01 18:57:31 +00:00
Nick Kralevich
35e92394f3 whitespace fix. 
Test: code compiles.
Change-Id: I2677ebdaf7ca491c60697da9d3ebf5a5d8cb5036
 2017-11-01 10:17:39 -07:00
Tri Vo
502e43f7d9 Neverallow coredomain to kernel interface files. 
Core domains should not be allowed access to kernel interfaces,
which are not explicitly labeled. These interfaces include
(but are not limited to):

1. /proc
2. /sys
3. /dev
4. debugfs
5. tracefs
6. inotifyfs
7. pstorefs
8. configfs
9. functionfs
10. usbfs
11. binfmt_miscfs

We keep a lists of exceptions to the rule, which we will be gradually shrinking.
This will help us prevent accidental regressions in our efforts to label
kernel interfaces.

Bug: 68159582
Test: bullhead, sailfish can build
Change-Id: I8e466843e1856720f30964546c5c2c32989fa3a5
 2017-10-31 16:20:58 -07:00
Yifan Hong
87ef6049f6 hal_health_default: permissions for default impl 
Default health service needs following permissions to work:
- read /sys/class/power_supply
- uevent
- wakelock

Bug: 63702641
Test: no denials for health service

Change-Id: I2f3aed3ef3b5ac024da17d9d5400d9834038df9f
 2017-10-31 15:11:23 -07:00
Jin Qian
98e99fb49f Allow dumpstate to access netlink_generic_socket 
avc: denied { create } for scontext=u:r:dumpstate:s0 tcontext=u:r:dumpstate:s0 tclass=netlink_generic_socket permissive=0
avc: denied { create } for comm="iotop" scontext=u:r:dumpstate:s0 tcontext=u:r:dumpstate:s0 tclass=netlink_generic_socket permissive=0

Bug: 68040531
Change-Id: I24a8a094d1b5c493cc695e332c927972f99ae49c
 2017-10-30 18:59:23 +00:00
Treehugger Robot
61dc5fb26c Merge "Allow installd to read system_data_file:lnk_file" 2017-10-27 03:35:34 +00:00
Calin Juravle
97b08903c7 Allow installd to read system_data_file:lnk_file 
The permission was removed in
https://android-review.googlesource.com/#/c/platform/system/sepolicy/+/433615/
but is still needed in order to optimize application code.

Denial example:

10-26 16:29:51.234   894  1469 D PackageManager.DexOptimizer: Running
dexopt on: /data/user/0/com.google.android.gms/snet/installed/snet.jar
pkg=com.google.android.gms isa=[arm64]
dexoptFlags=boot_complete,public,secondary,force,storage_ce
target-filter=quicken

10-26 16:29:51.253  2148  2148 W Binder:695_5: type=1400 audit(0.0:39):
avc: denied { read } for name="0" dev="sda35" ino=917506
scontext=u:r:installd:s0 tcontext=u:object_r:system_data_file:s0
tclass=lnk_file permissive=0

Test: adb shell cmd package reconcile-secondary-dex-files
com.google.android.googlequicksearchbox
adb shell cmd package compile -m speed --secondary-dex
com.google.android.gms

Change-Id: I694d1a780e58fa953d9ebda807f5f5293dbb0d56
 2017-10-26 18:34:18 -07:00
Tri Vo
c1329604ab Recovery: remove sysfs access 
Bug: 65643247
Test: adb sideload an ota package
Test: mount /system
Test: view recovery logs
Test: run graphics test
Test: run locale test
Test: wipe data/factory reset
Test: factory reset from Settings app
Tested on sailfish; no selinux denials to sysfs type are observed.

Change-Id: Ic8487d53d90b7d1d050574e0b084627d1b6abdba
 2017-10-26 22:04:44 +00:00
Treehugger Robot
cdac03d726 Merge "recovery: fix denials during factory reset" 2017-10-26 21:13:11 +00:00
Tri Vo
7e5c2883f3 recovery: fix denials during factory reset 
Addresses these denials when wiping data on sailfish:

avc:  denied  { open } for  pid=488 comm="mke2fs_static"
path="/proc/swaps" dev="proc" ino=4026532415 scontext=u:r:recovery:s0
tcontext=u:object_r:proc_swaps:s0 tclass=file permissive=1

avc:  denied  { search } for  pid=488 comm="mke2fs_static"
name="features" dev="sysfs" ino=30084 scontext=u:r:recovery:s0
tcontext=u:object_r:sysfs_fs_ext4_features:s0 tclass=dir permissive=1

avc:  denied  { read } for  pid=488 comm="mke2fs_static"
name="lazy_itable_init" dev="sysfs" ino=30085 scontext=u:r:recovery:s0
tcontext=u:object_r:sysfs_fs_ext4_features:s0 tclass=file permissive=1

Test: Wipe data/factory reset -> no selinux denials
Change-Id: Ia9e2e4fd4a1c604c9286a558ef0fe43fd153e3bc
 2017-10-26 10:34:13 -07:00
Treehugger Robot
fe00f563ab Merge "Remove fingerprintd access to sysfs_type and cgroup label." 2017-10-26 05:14:28 +00:00
Paul Crowley
5850a2ae6b Move most of public/vold_prepare_subdirs.te to private 
AIUI permissions should be in private unless they need to be public.

Bug: 25861755
Test: Boot device, create and remove a user, observe logs
Change-Id: I6c3521d50dab2d508fce4b614d51e163e7c8f3da
 2017-10-25 13:06:25 -07:00
Tom Cherry
621c24cbab add vendor_init.te 
First pass at adding vendor_init.te

Bug: 62875318
Test: boot sailfish with vendor_init
Change-Id: I35cc9be324075d8baae866d6de4166c37fddac68
 2017-10-25 09:21:30 -07:00
Tom Cherry
2286b39712 Merge "Add label for /proc/sys/vm/page-cluster" 2017-10-25 16:13:41 +00:00
Paul Crowley
59fba92095 Merge "C++ version of vold_create_subdirs needs extra permission" 2017-10-24 22:27:49 +00:00
Tom Cherry
8bdb1dab56 Add label for /proc/sys/vm/page-cluster 
Test: boot sailfish with no audit when writing to page-cluster
Change-Id: I2bfebdf9342594d66d95daaec92d71195c93ffc8
 2017-10-24 13:53:51 -07:00
Tri Vo
71b19aa601 Merge "/proc, /sys access from uncrypt, update_engine, postinstall_dexopt" 2017-10-24 20:36:22 +00:00
Paul Crowley
f0c7b46df5 C++ version of vold_create_subdirs needs extra permission 
10-23 16:40:43.763  7991  7991 I auditd  : type=1400 audit(0.0:79): avc: denied { open } for comm="vold_prepare_su" path="/dev/pts/1" dev="devpts" ino=4 scontext=u:r:vold_prepare_subdirs:s0 tcontext=u:object_r:devpts:s0 tclass=chr_file permissive=0

Bug: 67901036
Test: Boot device, create user, create files, remove user, observe logs

Change-Id: I8d33dfd2a0b24611773001f20101db40aeb13632
 2017-10-24 13:32:57 -07:00
Bill Yi
37760442c0 Merge remote-tracking branch 'goog/stage-aosp-master' into HEAD 2017-10-24 11:33:08 -07:00
Treehugger Robot
8e805857f0 Merge "allow vold_prepare_subdirs to create storaged directories" 2017-10-24 18:14:17 +00:00
Max Bires
cee16b0553 Adding statscompanion_service and a dontaudit for find/add 
am: 0187b23113

Change-Id: Id51afcd1de3c46463120a205624d77c33f636682
 2017-10-24 17:32:16 +00:00
Tri Vo
04fb82f232 /proc, /sys access from uncrypt, update_engine, postinstall_dexopt 
New types:
1. proc_random
2. sysfs_dt_firmware_android

Labeled:
1. /proc/sys/kernel/random as proc_random.
2. /sys/firmware/devicetree/base/firmware/android/{compatible, fstab,
vbmeta} as sysfs_dt_firmware_android.

Changed access:
1. uncrypt, update_engine, postinstall_dexopt have access to generic proc
and sysfs labels removed.
2. appropriate permissions were added to uncrypt, update_engine,
update_engine_common, postinstall_dexopt.

Bug: 67416435
Bug: 67416336
Test: fake ota go/manual-ab-ota runs without denials
Test: adb sideload runs without denials to new types
Change-Id: Id31310ceb151a18652fcbb58037a0b90c1f6505a
 2017-10-24 16:40:45 +00:00
Max Bires
0187b23113 Adding statscompanion_service and a dontaudit for find/add 
Instead of removing the denial generating code, a dontaudit and a
service label will be provided so that the team working on this new
feature doesn't have to get slowed up with local revision patches.

The dontaudit should be removed upon resolution of the linked bug.

Bug: 67468181
Test: statscompanion denials aren't audited
Change-Id: Ib4554a7b6c714e7409ea504f5d0b82d5e1283cf7
 2017-10-23 16:45:13 -07:00
Jeffrey Vander Stoep
0787c2ea35 Merge "hal_audio: remove access to audiohal_data_file" 
am: 1b223839e0

Change-Id: I5502508d7548a2772dd56155c9c8e08814fce5ef
 2017-10-23 22:57:20 +00:00
Jeffrey Vander Stoep
1b223839e0 Merge "hal_audio: remove access to audiohal_data_file" 2017-10-23 22:49:35 +00:00
Nick Kralevich
773b60d101 Merge "Revert "Ensure only com.android.shell can run in the shell domain."" 
am: 1ff4148c6a

Change-Id: I6dc8530628027cdafd7929cd9ed30bb6c2e5a1bc
 2017-10-23 22:21:49 +00:00
Treehugger Robot
1ff4148c6a Merge "Revert "Ensure only com.android.shell can run in the shell domain."" 2017-10-23 22:15:57 +00:00
Tri Vo
d1f8f2227f Merge "shell: grant access to /proc/version" 
am: f040f63230

Change-Id: I2f475ad00ca02367c89316f504ece42814538229
 2017-10-23 20:55:17 +00:00
Tri Vo
f040f63230 Merge "shell: grant access to /proc/version" 2017-10-23 20:49:23 +00:00
Nick Kralevich
bf0c2a59f8 Revert "Ensure only com.android.shell can run in the shell domain." 
The following error is occurring on master:

10-23 16:24:24.785 shell  4884  4884 E SELinux : seapp_context_lookup:  No match for app with uid 2000, seinfo platform, name com.google.android.traceur
10-23 16:24:24.785 shell  4884  4884 E SELinux : selinux_android_setcontext:  Error setting context for app with uid 2000, seinfo platform:targetSdkVersion=23:complete: Success
10-23 16:24:24.785 shell  4884  4884 E Zygote  : selinux_android_setcontext(2000, 0, "platform:targetSdkVersion=23:complete", "com.google.android.traceur") failed
10-23 16:24:24.785 shell  4884  4884 F zygote64: jni_internal.cc:593] JNI FatalError called: frameworks/base/core/jni/com_android_internal_os_Zygote.cpp:648: selinux_android_setcontext failed
10-23 16:24:24.818 shell  4884  4884 F zygote64: runtime.cc:535] Runtime aborting...

Bug: 68126425
Bug: 68032516

This reverts commit 714ee5f293.

Change-Id: I7356c4e4facb1e532bfdeb575acf2d83761a0852
 2017-10-23 20:22:07 +00:00
Jin Qian
c0125335e5 allow vold_prepare_subdirs to create storaged directories 
Test: Boot device, observe logs
Bug: 63740245
Change-Id: I1068304b12ea90736b7927b7368ba1a213d2fbae
 2017-10-23 11:34:47 -07:00
Tri Vo
4b829da526 shell: grant access to /proc/version 
Addresses this denial during CtsBionicTestCases:
avc: denied { getattr } for path="/proc/version" dev="proc"
ino=4026532359 scontext=u:r:shell:s0 tcontext=u:object_r:proc_version:s0
tclass=file permissive=0

Bug: 68067856
Test: cts-tradefed run commandAndExit cts -m CtsBionicTestCases
--skip-all-system-status-check --primary-abi-only --skip-preconditions
No more denials to /proc/version
Change-Id: I7e927fbaf1a8ce3637e09452cbd50f475176838e
 2017-10-23 11:33:43 -07:00
Jin Qian
6840b66a7e storaged: move storaged file from DE to CE 
am: 81d8b0ee01

Change-Id: I5844b79cb367936ec3c02f343f5b90759c29cbcc
 2017-10-23 17:04:28 +00:00
Paul Crowley
3a0579c7ee Merge "vold_prepare_subdirs needs to recursively delete" 
am: 89b41f32ac

Change-Id: I4544a3f5add13c144b633561624fa1bebfeac29c
 2017-10-23 15:31:53 +00:00
Jin Qian
81d8b0ee01 storaged: move storaged file from DE to CE 
Allow vold/system_server to call storaged service

Test: adb shell storaged -u
Bug: 63740245
Change-Id: I88219e32520006db20299468b7a8c7ce0bfa58e0
Merged-In: I88219e32520006db20299468b7a8c7ce0bfa58e0
(cherry picked from commit fa6c3d7c4c)
 2017-10-23 08:31:46 -07:00
Paul Crowley
89b41f32ac Merge "vold_prepare_subdirs needs to recursively delete" 2017-10-23 15:28:00 +00:00
Jeff Vander Stoep
b1a921e24e hal_audio: remove access to audiohal_data_file 
This is no longer used and violates Treble data separation.

Bug: 68057930
Test: verify on Sailfish that /data/misc/audiohal doesn't exist
    This dir appears to be Qualcomm specific and should not have
    been defined in core policy.

Change-Id: I55fba7564203a7f8a1d8612abd36ec1f89dc869d
 2017-10-21 03:29:36 +00:00
Jeff Vander Stoep
a4a2c829d0 Merge "priv_app: move logspam suppression to core policy" 
am: d1467ad8c8

Change-Id: I40639979883bf2e7b1d57d6c23abfa5da704eb6f
 2017-10-20 23:02:30 +00:00
Treehugger Robot
d1467ad8c8 Merge "priv_app: move logspam suppression to core policy" 2017-10-20 22:54:21 +00:00
Nick Kralevich
88b23b42af Merge "Fixup neverallow rule" 
am: 917cf072d2

Change-Id: Ifa8e92e90810eaae408254c949aa86411730e8d2
 2017-10-20 22:46:57 +00:00
Treehugger Robot
917cf072d2 Merge "Fixup neverallow rule" 2017-10-20 22:40:31 +00:00
Tri Vo
98f1821456 Restrict netd fwk policy. 
am: 8dabc2ce74

Change-Id: Id5b3e446c5ac050fc73beb5a7473789ab59d2baf
 2017-10-20 22:14:06 +00:00
Jeff Vander Stoep
bf5a4b71e7 Merge changes Icb6ea6ce,I89b546c7 
am: 4bd0c6fcc3

Change-Id: Iacb037f79b4af9c2024fbb54484205b0bc2753c9
 2017-10-20 22:13:42 +00:00
Paul Crowley
2f4a4b7858 vold_prepare_subdirs needs to recursively delete 
Bug: 25861755
Test: Boot device, create user, create files, remove user, observe logs
Change-Id: I195514eb45a99c1093998786ab385338463269c0
Merged-In: I195514eb45a99c1093998786ab385338463269c0
(cherry picked from commit eb7340d94e)
 2017-10-20 15:07:49 -07:00
Tri Vo
8dabc2ce74 Restrict netd fwk policy. 
Remove netd access to sysfs_type attribute.

These were moved from vendor to fwk policy:
1. sysfs_net type declaration
2. labeling of /sys/devices/virtual/net with sysfs_net
3. netd access to sysfs_net

Bug: 65643247
Test: can browse internet without netd denials
Test: netd_unit_test, netd_integration_test without netd denials
Merged-In: Ic1b95a098f438c4c6bc969bee801bf7dd1a13f6e
Change-Id: Ic1b95a098f438c4c6bc969bee801bf7dd1a13f6e
(cherry picked from commit e62a56b717)
 2017-10-20 22:07:01 +00:00
Treehugger Robot
4bd0c6fcc3 Merge changes Icb6ea6ce,I89b546c7 
* changes:
  Shell: grant permission to run lsmod
  Dumpstate: cleanup denial logspam
 2017-10-20 21:59:27 +00:00
Max Bires
5788e111ca Merge "Relabeling /proc/asound so everything has proc_asound label" 
am: 4a14d16ecb

Change-Id: I29eff41d008886b19218864923a1e48fc2945c26
 2017-10-20 21:50:22 +00:00