When we removed /data/dalvik-cache execute permission for system_server
(b/37214733, b/31780877), I forgot to fixup this neverallow rule.
Fix rule.
Test: policy compiles.
Change-Id: I38b821a662e0d8304b8390a69a6d9e923211c31e
Dumpstate lists all services and then enumerates over them. Suppress
"find" denials for services which dumpstate is neverallowed access
to.
Dumpstate includes the kernel command line in bug reports. Grant access
to /proc/cmdline.
Test: build. Run adb bugreport.
Change-Id: I89b546c728a034638f9257c6cf93366d99a10762
Don't allow apps to run with uid=shell or selinux domain=shell unless
the package is com.android.shell.
Add a neverallow assertion (compile time assertion + CTS test) to ensure
no regressions.
Bug: 68032516
Test: policy compiles, device boots, and no obvious problems.
Change-Id: Ic6600fa5608bfbdd41ff53840d904f97d17d6731
The use of SIOCATMARK is not recommended per rfc6093.
This ioctl is not currently allowed on Android. Add a neverallowxperm
statement (compile time assertion + CTS test) to ensure this never
regresses.
Bug: 68014825
Test: policy compiles.
Change-Id: I41272a0cb157ac9aa38c8e67aabb8385403815f9
This is to simplify access for hal_audio
Test: ls -Z in /proc/asound correctly shows everything with proc_asound
selinux label
Change-Id: I66ed8babf2363bee27a748147eb358d57a4594c4
Access to /sys/class/android_usb/ was lost when that dir received a new
label sysfs_android_usb.
Bug: 65643247
Test: can enter recovery mode and sideload through usb without denials to /sys
Change-Id: I22821bab9833b832f13e0c45ff8da4dae115fa4d
Code review of:
- https://android-review.googlesource.com/#/c/platform/system/sepolicy/+/512420/
had some comments. These were addressed and upstreamed here:
- 65620e0f94
Bring these changes back into the AOSP tree.
Test: verify that output sorted device files did not change hashes when built.
Change-Id: I7f07d3f74923cf731e853629034469784fc669f7
Signed-off-by: William Roberts <william.c.roberts@intel.com>
This file is necessary for using an mr1 system image in conjunction
with an oc-dev vendor image. This is currently needed by GSI testing,
for example.
(cherry-pick of commit: 03596f28a4)
Bug: 66358348
Test: File is included on system image.
Change-Id: Ie694061d08acf17453feb596480e42974f8c714c
Now hwservicemanager can send ctl.interface_start messages
to init.
Note that 'set_prop(ctl.*, "foo")' maps to property context
for ctl.foo.
Bug: 64678982
Test: hwservicemanager can start interfaces
Change-Id: I9ab0bacd0c33edb0dcc4186fa0b7cc28fd8d2f30
As part of Treble, enforce that the communication between platform
and vendor components use the official hw binder APIs. Prevent sharing
of data by file path. Platform and vendor components may share
files, but only via FD passed over hw binder.
This change adds the violators attribute that will be used to mark
violating domains that need to be fixed.
Bug: 34980020
Test: build
Change-Id: Id9acfbbc86bfd6fd0633b8164a37ce94d25ffa2c
rw access to sysfs_power file is not enough; in some cases search access
is also needed
Bug: 67895406
Test: system_server can access memory power statistics
Change-Id: I471e8e60626e6eed35e74e25a0f4be470885a459
This change allows wpantund to call any binder callbacks that have
been registered with it. Generally, only privileged apps are allowed
to register callbacks with wpantund, so we are limiting the scope for
callbacks to only privileged apps. We also add shell to allow the
command-line utility `lowpanctl` to work properly from `adb shell`.
Bug: b/67393078
Test: manual
Change-Id: I64c52cc5e202725a81230dc67e1cd7c911cf8e1c
(cherry picked from commit 17319cb35c)
As a consequence, hal_audio_default (and any domain with hal_audio attribute)
loses access to proc label.
Bug: 65643247
Test: sailfish boots, can play sound through speakers and headset
(3.5mm, usb, and bluetooth) without denials from hal_audio to proc.
Test: VtsHalAudioEffectV2_0Target
Test: VtsHalAudioV2_0Target
Change-Id: I3eead5a26ef36b8840d31c5e078f006b0c2266a3
Update to commit:
- 5490639ac9
This solves all reported clang analyzer issues and is inline with upstream.
Test: veerify that md5sum of output files do not change.
Change-Id: I942145b8f9748c8ecd185f730c94d57cb77f5acc
Signed-off-by: William Roberts <william.c.roberts@intel.com>