Tri Vo
4200338ec0
Merge "Revert "Neverallow coredomain to kernel interface files.""
2017-11-02 16:36:10 +00:00
Tobias Thierer
83a06805f0
Revert "Neverallow coredomain to kernel interface files."
...
This reverts commit 502e43f7d9
.
Reason for revert: Suspected to have broken a build, see b/68792382
Bug: 68792382
Change-Id: Ib5d465b7a50a73e3d8d8edd4e6b3426a7bde4249
2017-11-02 16:03:36 +00:00
Tri Vo
bf4786cf0e
Merge "Neverallow coredomain to kernel interface files."
2017-11-01 22:21:28 +00:00
Treehugger Robot
4326073b12
Merge "whitespace fix."
2017-11-01 18:57:31 +00:00
Nick Kralevich
35e92394f3
whitespace fix.
...
Test: code compiles.
Change-Id: I2677ebdaf7ca491c60697da9d3ebf5a5d8cb5036
2017-11-01 10:17:39 -07:00
Tri Vo
502e43f7d9
Neverallow coredomain to kernel interface files.
...
Core domains should not be allowed access to kernel interfaces,
which are not explicitly labeled. These interfaces include
(but are not limited to):
1. /proc
2. /sys
3. /dev
4. debugfs
5. tracefs
6. inotifyfs
7. pstorefs
8. configfs
9. functionfs
10. usbfs
11. binfmt_miscfs
We keep a lists of exceptions to the rule, which we will be gradually shrinking.
This will help us prevent accidental regressions in our efforts to label
kernel interfaces.
Bug: 68159582
Test: bullhead, sailfish can build
Change-Id: I8e466843e1856720f30964546c5c2c32989fa3a5
2017-10-31 16:20:58 -07:00
Yifan Hong
87ef6049f6
hal_health_default: permissions for default impl
...
Default health service needs following permissions to work:
- read /sys/class/power_supply
- uevent
- wakelock
Bug: 63702641
Test: no denials for health service
Change-Id: I2f3aed3ef3b5ac024da17d9d5400d9834038df9f
2017-10-31 15:11:23 -07:00
Jin Qian
98e99fb49f
Allow dumpstate to access netlink_generic_socket
...
avc: denied { create } for scontext=u:r:dumpstate:s0 tcontext=u:r:dumpstate:s0 tclass=netlink_generic_socket permissive=0
avc: denied { create } for comm="iotop" scontext=u:r:dumpstate:s0 tcontext=u:r:dumpstate:s0 tclass=netlink_generic_socket permissive=0
Bug: 68040531
Change-Id: I24a8a094d1b5c493cc695e332c927972f99ae49c
2017-10-30 18:59:23 +00:00
Treehugger Robot
61dc5fb26c
Merge "Allow installd to read system_data_file:lnk_file"
2017-10-27 03:35:34 +00:00
Calin Juravle
97b08903c7
Allow installd to read system_data_file:lnk_file
...
The permission was removed in
https://android-review.googlesource.com/#/c/platform/system/sepolicy/+/433615/
but is still needed in order to optimize application code.
Denial example:
10-26 16:29:51.234 894 1469 D PackageManager.DexOptimizer: Running
dexopt on: /data/user/0/com.google.android.gms/snet/installed/snet.jar
pkg=com.google.android.gms isa=[arm64]
dexoptFlags=boot_complete,public,secondary,force,storage_ce
target-filter=quicken
10-26 16:29:51.253 2148 2148 W Binder:695_5: type=1400 audit(0.0:39):
avc: denied { read } for name="0" dev="sda35" ino=917506
scontext=u:r:installd:s0 tcontext=u:object_r:system_data_file:s0
tclass=lnk_file permissive=0
Test: adb shell cmd package reconcile-secondary-dex-files
com.google.android.googlequicksearchbox
adb shell cmd package compile -m speed --secondary-dex
com.google.android.gms
Change-Id: I694d1a780e58fa953d9ebda807f5f5293dbb0d56
2017-10-26 18:34:18 -07:00
Tri Vo
c1329604ab
Recovery: remove sysfs access
...
Bug: 65643247
Test: adb sideload an ota package
Test: mount /system
Test: view recovery logs
Test: run graphics test
Test: run locale test
Test: wipe data/factory reset
Test: factory reset from Settings app
Tested on sailfish; no selinux denials to sysfs type are observed.
Change-Id: Ic8487d53d90b7d1d050574e0b084627d1b6abdba
2017-10-26 22:04:44 +00:00
Treehugger Robot
cdac03d726
Merge "recovery: fix denials during factory reset"
2017-10-26 21:13:11 +00:00
Tri Vo
7e5c2883f3
recovery: fix denials during factory reset
...
Addresses these denials when wiping data on sailfish:
avc: denied { open } for pid=488 comm="mke2fs_static"
path="/proc/swaps" dev="proc" ino=4026532415 scontext=u:r:recovery:s0
tcontext=u:object_r:proc_swaps:s0 tclass=file permissive=1
avc: denied { search } for pid=488 comm="mke2fs_static"
name="features" dev="sysfs" ino=30084 scontext=u:r:recovery:s0
tcontext=u:object_r:sysfs_fs_ext4_features:s0 tclass=dir permissive=1
avc: denied { read } for pid=488 comm="mke2fs_static"
name="lazy_itable_init" dev="sysfs" ino=30085 scontext=u:r:recovery:s0
tcontext=u:object_r:sysfs_fs_ext4_features:s0 tclass=file permissive=1
Test: Wipe data/factory reset -> no selinux denials
Change-Id: Ia9e2e4fd4a1c604c9286a558ef0fe43fd153e3bc
2017-10-26 10:34:13 -07:00
Treehugger Robot
fe00f563ab
Merge "Remove fingerprintd access to sysfs_type and cgroup label."
2017-10-26 05:14:28 +00:00
Paul Crowley
5850a2ae6b
Move most of public/vold_prepare_subdirs.te to private
...
AIUI permissions should be in private unless they need to be public.
Bug: 25861755
Test: Boot device, create and remove a user, observe logs
Change-Id: I6c3521d50dab2d508fce4b614d51e163e7c8f3da
2017-10-25 13:06:25 -07:00
Tom Cherry
621c24cbab
add vendor_init.te
...
First pass at adding vendor_init.te
Bug: 62875318
Test: boot sailfish with vendor_init
Change-Id: I35cc9be324075d8baae866d6de4166c37fddac68
2017-10-25 09:21:30 -07:00
Tom Cherry
2286b39712
Merge "Add label for /proc/sys/vm/page-cluster"
2017-10-25 16:13:41 +00:00
Paul Crowley
59fba92095
Merge "C++ version of vold_create_subdirs needs extra permission"
2017-10-24 22:27:49 +00:00
Tom Cherry
8bdb1dab56
Add label for /proc/sys/vm/page-cluster
...
Test: boot sailfish with no audit when writing to page-cluster
Change-Id: I2bfebdf9342594d66d95daaec92d71195c93ffc8
2017-10-24 13:53:51 -07:00
Tri Vo
71b19aa601
Merge "/proc, /sys access from uncrypt, update_engine, postinstall_dexopt"
2017-10-24 20:36:22 +00:00
Paul Crowley
f0c7b46df5
C++ version of vold_create_subdirs needs extra permission
...
10-23 16:40:43.763 7991 7991 I auditd : type=1400 audit(0.0:79): avc: denied { open } for comm="vold_prepare_su" path="/dev/pts/1" dev="devpts" ino=4 scontext=u:r:vold_prepare_subdirs:s0 tcontext=u:object_r:devpts:s0 tclass=chr_file permissive=0
Bug: 67901036
Test: Boot device, create user, create files, remove user, observe logs
Change-Id: I8d33dfd2a0b24611773001f20101db40aeb13632
2017-10-24 13:32:57 -07:00
Bill Yi
37760442c0
Merge remote-tracking branch 'goog/stage-aosp-master' into HEAD
2017-10-24 11:33:08 -07:00
Treehugger Robot
8e805857f0
Merge "allow vold_prepare_subdirs to create storaged directories"
2017-10-24 18:14:17 +00:00
Max Bires
cee16b0553
Adding statscompanion_service and a dontaudit for find/add
...
am: 0187b23113
Change-Id: Id51afcd1de3c46463120a205624d77c33f636682
2017-10-24 17:32:16 +00:00
Tri Vo
04fb82f232
/proc, /sys access from uncrypt, update_engine, postinstall_dexopt
...
New types:
1. proc_random
2. sysfs_dt_firmware_android
Labeled:
1. /proc/sys/kernel/random as proc_random.
2. /sys/firmware/devicetree/base/firmware/android/{compatible, fstab,
vbmeta} as sysfs_dt_firmware_android.
Changed access:
1. uncrypt, update_engine, postinstall_dexopt have access to generic proc
and sysfs labels removed.
2. appropriate permissions were added to uncrypt, update_engine,
update_engine_common, postinstall_dexopt.
Bug: 67416435
Bug: 67416336
Test: fake ota go/manual-ab-ota runs without denials
Test: adb sideload runs without denials to new types
Change-Id: Id31310ceb151a18652fcbb58037a0b90c1f6505a
2017-10-24 16:40:45 +00:00
Max Bires
0187b23113
Adding statscompanion_service and a dontaudit for find/add
...
Instead of removing the denial generating code, a dontaudit and a
service label will be provided so that the team working on this new
feature doesn't have to get slowed up with local revision patches.
The dontaudit should be removed upon resolution of the linked bug.
Bug: 67468181
Test: statscompanion denials aren't audited
Change-Id: Ib4554a7b6c714e7409ea504f5d0b82d5e1283cf7
2017-10-23 16:45:13 -07:00
Jeffrey Vander Stoep
0787c2ea35
Merge "hal_audio: remove access to audiohal_data_file"
...
am: 1b223839e0
Change-Id: I5502508d7548a2772dd56155c9c8e08814fce5ef
2017-10-23 22:57:20 +00:00
Jeffrey Vander Stoep
1b223839e0
Merge "hal_audio: remove access to audiohal_data_file"
2017-10-23 22:49:35 +00:00
Nick Kralevich
773b60d101
Merge "Revert "Ensure only com.android.shell can run in the shell domain.""
...
am: 1ff4148c6a
Change-Id: I6dc8530628027cdafd7929cd9ed30bb6c2e5a1bc
2017-10-23 22:21:49 +00:00
Treehugger Robot
1ff4148c6a
Merge "Revert "Ensure only com.android.shell can run in the shell domain.""
2017-10-23 22:15:57 +00:00
Tri Vo
d1f8f2227f
Merge "shell: grant access to /proc/version"
...
am: f040f63230
Change-Id: I2f475ad00ca02367c89316f504ece42814538229
2017-10-23 20:55:17 +00:00
Tri Vo
f040f63230
Merge "shell: grant access to /proc/version"
2017-10-23 20:49:23 +00:00
Nick Kralevich
bf0c2a59f8
Revert "Ensure only com.android.shell can run in the shell domain."
...
The following error is occurring on master:
10-23 16:24:24.785 shell 4884 4884 E SELinux : seapp_context_lookup: No match for app with uid 2000, seinfo platform, name com.google.android.traceur
10-23 16:24:24.785 shell 4884 4884 E SELinux : selinux_android_setcontext: Error setting context for app with uid 2000, seinfo platform:targetSdkVersion=23:complete: Success
10-23 16:24:24.785 shell 4884 4884 E Zygote : selinux_android_setcontext(2000, 0, "platform:targetSdkVersion=23:complete", "com.google.android.traceur") failed
10-23 16:24:24.785 shell 4884 4884 F zygote64: jni_internal.cc:593] JNI FatalError called: frameworks/base/core/jni/com_android_internal_os_Zygote.cpp:648: selinux_android_setcontext failed
10-23 16:24:24.818 shell 4884 4884 F zygote64: runtime.cc:535] Runtime aborting...
Bug: 68126425
Bug: 68032516
This reverts commit 714ee5f293
.
Change-Id: I7356c4e4facb1e532bfdeb575acf2d83761a0852
2017-10-23 20:22:07 +00:00
Jin Qian
c0125335e5
allow vold_prepare_subdirs to create storaged directories
...
Test: Boot device, observe logs
Bug: 63740245
Change-Id: I1068304b12ea90736b7927b7368ba1a213d2fbae
2017-10-23 11:34:47 -07:00
Tri Vo
4b829da526
shell: grant access to /proc/version
...
Addresses this denial during CtsBionicTestCases:
avc: denied { getattr } for path="/proc/version" dev="proc"
ino=4026532359 scontext=u:r:shell:s0 tcontext=u:object_r:proc_version:s0
tclass=file permissive=0
Bug: 68067856
Test: cts-tradefed run commandAndExit cts -m CtsBionicTestCases
--skip-all-system-status-check --primary-abi-only --skip-preconditions
No more denials to /proc/version
Change-Id: I7e927fbaf1a8ce3637e09452cbd50f475176838e
2017-10-23 11:33:43 -07:00
Jin Qian
6840b66a7e
storaged: move storaged file from DE to CE
...
am: 81d8b0ee01
Change-Id: I5844b79cb367936ec3c02f343f5b90759c29cbcc
2017-10-23 17:04:28 +00:00
Paul Crowley
3a0579c7ee
Merge "vold_prepare_subdirs needs to recursively delete"
...
am: 89b41f32ac
Change-Id: I4544a3f5add13c144b633561624fa1bebfeac29c
2017-10-23 15:31:53 +00:00
Jin Qian
81d8b0ee01
storaged: move storaged file from DE to CE
...
Allow vold/system_server to call storaged service
Test: adb shell storaged -u
Bug: 63740245
Change-Id: I88219e32520006db20299468b7a8c7ce0bfa58e0
Merged-In: I88219e32520006db20299468b7a8c7ce0bfa58e0
(cherry picked from commit fa6c3d7c4c
)
2017-10-23 08:31:46 -07:00
Paul Crowley
89b41f32ac
Merge "vold_prepare_subdirs needs to recursively delete"
2017-10-23 15:28:00 +00:00
Jeff Vander Stoep
b1a921e24e
hal_audio: remove access to audiohal_data_file
...
This is no longer used and violates Treble data separation.
Bug: 68057930
Test: verify on Sailfish that /data/misc/audiohal doesn't exist
This dir appears to be Qualcomm specific and should not have
been defined in core policy.
Change-Id: I55fba7564203a7f8a1d8612abd36ec1f89dc869d
2017-10-21 03:29:36 +00:00
Jeff Vander Stoep
a4a2c829d0
Merge "priv_app: move logspam suppression to core policy"
...
am: d1467ad8c8
Change-Id: I40639979883bf2e7b1d57d6c23abfa5da704eb6f
2017-10-20 23:02:30 +00:00
Treehugger Robot
d1467ad8c8
Merge "priv_app: move logspam suppression to core policy"
2017-10-20 22:54:21 +00:00
Nick Kralevich
88b23b42af
Merge "Fixup neverallow rule"
...
am: 917cf072d2
Change-Id: Ifa8e92e90810eaae408254c949aa86411730e8d2
2017-10-20 22:46:57 +00:00
Treehugger Robot
917cf072d2
Merge "Fixup neverallow rule"
2017-10-20 22:40:31 +00:00
Tri Vo
98f1821456
Restrict netd fwk policy.
...
am: 8dabc2ce74
Change-Id: Id5b3e446c5ac050fc73beb5a7473789ab59d2baf
2017-10-20 22:14:06 +00:00
Jeff Vander Stoep
bf5a4b71e7
Merge changes Icb6ea6ce,I89b546c7
...
am: 4bd0c6fcc3
Change-Id: Iacb037f79b4af9c2024fbb54484205b0bc2753c9
2017-10-20 22:13:42 +00:00
Paul Crowley
2f4a4b7858
vold_prepare_subdirs needs to recursively delete
...
Bug: 25861755
Test: Boot device, create user, create files, remove user, observe logs
Change-Id: I195514eb45a99c1093998786ab385338463269c0
Merged-In: I195514eb45a99c1093998786ab385338463269c0
(cherry picked from commit eb7340d94e
)
2017-10-20 15:07:49 -07:00
Tri Vo
8dabc2ce74
Restrict netd fwk policy.
...
Remove netd access to sysfs_type attribute.
These were moved from vendor to fwk policy:
1. sysfs_net type declaration
2. labeling of /sys/devices/virtual/net with sysfs_net
3. netd access to sysfs_net
Bug: 65643247
Test: can browse internet without netd denials
Test: netd_unit_test, netd_integration_test without netd denials
Merged-In: Ic1b95a098f438c4c6bc969bee801bf7dd1a13f6e
Change-Id: Ic1b95a098f438c4c6bc969bee801bf7dd1a13f6e
(cherry picked from commit e62a56b717
)
2017-10-20 22:07:01 +00:00
Treehugger Robot
4bd0c6fcc3
Merge changes Icb6ea6ce,I89b546c7
...
* changes:
Shell: grant permission to run lsmod
Dumpstate: cleanup denial logspam
2017-10-20 21:59:27 +00:00
Max Bires
5788e111ca
Merge "Relabeling /proc/asound so everything has proc_asound label"
...
am: 4a14d16ecb
Change-Id: I29eff41d008886b19218864923a1e48fc2945c26
2017-10-20 21:50:22 +00:00