PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
cd40aa0ab7
android_system_sepolicy/public
History
chrisweir cd40aa0ab7 Modify SEPolicy to support SLCAN 
SLCAN setup requires certain ioctls and read/write operations to
certain tty's. This change allows the HAL to set up SLCAN devices while
complying with SEPolicy.

In addition to adding support for SLCAN, I've also included permissions
for using setsockopt. In order for the CAN HAL receive error frames from
the CAN bus controller, we need to first set the error mask and filter
via setsockopt.

Test: manual
Bug: 144458917
Bug: 144513919
Change-Id: I63a48ad6677a22f05d50d665a81868011c027898
2019-12-04 14:06:09 -08:00
..
adbd.te Allow adb start/stop mdnsd via ctl.start/stop 2019-04-16 08:39:33 -07:00
apexd.te Sepolicy: Allow crash_dump to ptrace apexd in userdebug 2019-03-05 09:59:50 -08:00
app_zygote.te Properly Treble-ize tmpfs access 2019-01-26 17:30:41 +00:00
app.te Revert "sepolicy: Permission changes for new wifi mainline module" 2019-11-22 09:49:32 -08:00
asan_extract.te Sync internal master and AOSP sepolicy. 2017-09-26 14:38:47 -07:00
attributes sepolicy: remove ashmemd 2019-09-27 17:43:53 +00:00
audioserver.te audioserver: allow audioserver to generate audio HAL tombstones 2019-11-04 18:05:28 -08:00
blkid_untrusted.te Move blkid policy to private 2017-02-07 23:57:53 +00:00
blkid.te Move blkid policy to private 2017-02-07 23:57:53 +00:00
bluetooth.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
bootanim.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
bootstat.te Allow zygote to write to statsd and refactor 2018-10-08 13:48:28 -07:00
bufferhubd.te Properly define hal_codec2 and related policies 2019-05-23 03:53:47 -07:00
camera_service_server.te Abstract use of cameraserver behind an attribute 2019-03-01 14:02:59 -08:00
cameraserver.te Properly define hal_codec2 and related policies 2019-05-23 03:53:47 -07:00
charger.te Allow charger to open health passthrough HAL 2019-10-17 16:35:43 -07:00
crash_dump.te crash_dump: suppress denials on properties 2019-02-07 08:45:15 -08:00
device.te sepolicy: ashmem entry point for libcutils 2019-09-25 11:26:18 -07:00
dhcp.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
display_service_server.te Add fwk_display_hwservice. 2017-05-17 11:00:28 -07:00
dnsmasq.te dnsmasq - allow getattr on unix stream sockets 2019-05-10 00:52:12 +00:00
domain.te allow mediaserver to access drm hidl 2019-11-25 11:24:44 -08:00
drmserver.te Allow drmserver to communicate with mediametrics 2019-08-22 11:31:03 -07:00
dumpstate.te Allow dumpstate to access PSI statistics 2019-10-01 14:43:55 -07:00
e2fs.te Allow e2fs more ioctls to device-mapper devices. 2019-02-05 18:05:50 -08:00
ephemeral_app.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
fastbootd.te Allow recovery and fastbootd to interact with libfiemap. 2019-11-13 18:46:57 -08:00
file.te system_suspend access to suspend, wakeup stats 2019-11-07 13:50:32 -08:00
fingerprintd.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
flags_health_check.te Add native flags namespace storage_native_boot 2019-10-04 11:05:48 +00:00
fsck_untrusted.te Sync internal master and AOSP sepolicy. 2017-09-27 18:55:47 -07:00
fsck.te fs_mgr: overlayfs support legacy devices (marlin) Part Deux 2019-02-15 15:56:16 +00:00
fwk_bufferhub.te Allow app to conntect to BufferHub service 2019-01-14 10:49:35 -08:00
gatekeeperd.te Allow gatekeeperd to read ro.gsid.image_running. 2019-02-19 21:08:22 +00:00
global_macros global_macros: trim back various watch* permissions 2019-08-28 12:36:58 -07:00
gmscore_app.te Create a separate SELinux domain for gmscore 2019-11-22 10:39:19 -08:00
gpuservice.te Game Driver: sepolicy update for plumbing GpuStats into GpuService 2019-02-08 18:15:17 -08:00
hal_allocator.te same_process_hal_file: access to individual coredomains 2018-10-26 18:03:01 +00:00
hal_atrace.te Add atrace HAL 1.0 sepolicy 2018-09-27 23:18:29 +00:00
hal_audio.te sepolicy: allow hal_omx to access audio devices 2019-05-22 10:35:16 -07:00
hal_audiocontrol.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_authsecret.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_bluetooth.te Add rules for accessing the related bluetooth_audio_hal_prop 2019-03-20 03:12:25 +00:00
hal_bootctl.te add hal_bootctl to white-list of sys_rawio 2019-02-13 12:38:22 +00:00
hal_broadcastradio.te Allow radio server to client binder callback 2019-03-29 15:22:16 -07:00
hal_camera.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_can.te Modify SEPolicy to support SLCAN 2019-12-04 14:06:09 -08:00
hal_cas.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_codec2.te Properly define hal_codec2 and related policies 2019-05-23 03:53:47 -07:00
hal_configstore.te In native coverage builds, allow all domains to access /data/misc/trace 2019-06-19 16:27:17 -07:00
hal_confirmationui.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_contexthub.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_drm.te Give hal_drm_server appdomain fd access. 2019-06-05 10:12:28 -07:00
hal_dumpstate.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_evs.te Update sepolicy for EVS v1.x 2019-07-30 13:22:03 -07:00
hal_face.te Revert "Allow hal_face to write to /data/vendor/camera_calibration/*." 2019-06-19 20:15:50 +00:00
hal_fingerprint.te Revert "Add placeholder iris and face policy for vold data directory" 2018-11-19 15:00:19 -08:00
hal_gatekeeper.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_gnss.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_graphics_allocator.te same_process_hal_file: access to individual coredomains 2018-10-26 18:03:01 +00:00
hal_graphics_composer.te Initial selinux policy support for memfd 2019-01-30 19:11:49 +00:00
hal_health_storage.te health.filesystem HAL renamed to health.storage 2018-09-20 04:12:45 +00:00
hal_health.te Allow to getattr kmsg_device 2019-03-25 10:14:20 -07:00
hal_input_classifier.te Permissions for InputClassifier HAL 2019-01-11 02:08:19 +00:00
hal_ir.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_keymaster.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_light.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_lowpan.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_memtrack.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_neuralnetworks.te Allow NNAPI HAL services access model files provided by privapp. 2019-04-24 21:15:45 -07:00
hal_neverallows.te SEPolicy rules for CAN bus HAL 2019-08-01 10:24:00 -07:00
hal_nfc.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_oemlock.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_omx.te Properly define hal_codec2 and related policies 2019-05-23 03:53:47 -07:00
hal_power_stats.te Add power.stats HAL 1.0 sepolicy 2018-12-11 00:11:08 +00:00
hal_power.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_secure_element.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_sensors.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_telephony.te Remove sepolicy for /dev/alarm. 2018-12-06 04:23:22 +00:00
hal_tetheroffload.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_thermal.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_tv_cec.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_tv_input.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_tv_tuner.te Tuner Hal 1.0 Enable ITuner service 2019-08-14 11:22:09 -07:00
hal_usb_gadget.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_usb.te Allow hal_usb to call getsockopt on uevent socket 2018-12-03 18:37:25 +00:00
hal_vehicle.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_vibrator.te stable aidl vibrator policy 2019-10-29 16:39:55 -07:00
hal_vr.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_weaver.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_wifi_hostapd.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_wifi_offload.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_wifi_supplicant.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_wifi.te Allow dumpstate to dump wlan hal log on userbuild 2019-03-21 12:27:44 +08:00
healthd.te drop "allow healthd self:process execmem;" 2019-05-23 11:17:21 -07:00
heapprofd.te Add userdebug selinux config for heapprofd. 2018-11-14 09:22:07 +00:00
hwservice.te Merge "sepolicy: remove ashmemd" 2019-10-01 16:22:57 +00:00
hwservicemanager.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
idmap.te idmap: add binderservice permissions 2019-09-18 13:47:09 +02:00
incident_helper.te Selinux permissions for incidentd project 2018-01-23 19:08:49 +00:00
incident.te Add incident command and incidentd daemon se policy. 2017-02-07 15:52:07 -08:00
incidentd.te Add incident command and incidentd daemon se policy. 2017-02-07 15:52:07 -08:00
init.te allow init to communicate with lmkd and lmkd to kill native processes 2019-11-07 18:19:44 +00:00
inputflinger.te SEPolicy for InputFlinger Service. 2018-11-16 21:52:01 +00:00
installd.te sepolicy: remove ashmemd 2019-09-27 17:43:53 +00:00
ioctl_defines Allow vold to use new ioctls to add/remove fscrypt keys 2019-09-30 13:11:49 -07:00
ioctl_macros more ioctl work 2018-10-17 11:12:18 -07:00
iorap_prefetcherd.te sepolicy: Add iorap_prefetcherd rules 2019-10-22 12:45:46 -07:00
iorapd.te iorapd: add tmpfs type 2019-01-26 12:55:13 -08:00
isolated_app.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
kernel.te Update kernel permissions to pass libdm snapshot unit test 2019-11-05 23:54:29 +00:00
keystore.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
llkd.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
lmkd.te allow init to communicate with lmkd and lmkd to kill native processes 2019-11-07 18:19:44 +00:00
logd.te Relabel /data/system/packages.list to new type. 2019-03-28 10:27:43 +00:00
logpersist.te logpersist is now a shell script, so give it the appropriate permissions 2019-10-30 13:54:35 -07:00
mdnsd.te Move mdnsd policy to private 2017-02-06 15:02:32 -08:00
mediadrmserver.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
mediaextractor.te In native coverage builds, allow all domains to access /data/misc/trace 2019-06-19 16:27:17 -07:00
mediametrics.te Allow mediametrics to log records to statsd 2019-02-25 20:09:54 -08:00
mediaprovider.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
mediaserver.te Remove mediacodec_service. 2019-08-21 01:19:20 +00:00
mediaswcodec.te Properly define hal_codec2 and related policies 2019-05-23 03:53:47 -07:00
modprobe.te modprobe: shouldn't load kernel modules from /system 2018-03-23 14:16:25 -07:00
mtp.te mtp: support using pppox_socket family 2019-05-08 06:01:58 -07:00
net.te netlink_route_socket: add new nlmsg_readpriv perm 2019-10-16 16:14:16 +02:00
netd.te Revert "sepolicy: Permission changes for new wifi mainline module" 2019-11-22 09:49:32 -08:00
netutils_wrapper.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
network_stack.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
neverallow_macros neverallow_macros: add watch* perms 2019-09-05 09:54:43 -07:00
nfc.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
perfetto.te Allow to signal perfetto from shell. 2018-12-13 10:46:42 +00:00
performanced.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
platform_app.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
postinstall.te Allow postinstall scripts to trigger F2FS GC 2019-02-20 22:40:53 +00:00
ppp.te ppp: support using pppox_socket family 2019-05-06 14:11:02 -07:00
priv_app.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
profman.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
property_contexts Merge "Revert "Remove ability to set profilebootimage and profilesystemserver"" 2019-11-22 22:52:45 +00:00
property.te Revert^2 "SELinux policy for system server JVMTI" 2019-11-25 15:53:52 -08:00
racoon.te racoon: allow ioctl TUNSETIFF 2018-11-15 10:32:45 -08:00
radio.te Add new time zone detection service 2019-11-15 13:33:23 +00:00
recovery_persist.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
recovery_refresh.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
recovery.te Allow recovery and fastbootd to interact with libfiemap. 2019-11-13 18:46:57 -08:00
roles sepolicy: add version_policy tool and version non-platform policy. 2016-12-06 08:56:02 -08:00
rs.te sepolicy: Add "rs" and "rs_exec" to public policy 2018-12-21 17:47:54 +00:00
rss_hwm_reset.te SELinux policy for rss_hwm_reset 2018-12-15 10:13:03 +00:00
runas_app.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
runas.te Relabel /data/system/packages.list to new type. 2019-03-28 10:27:43 +00:00
scheduler_service_server.te Treble-ize sepolicy for fwk HIDL services. 2019-04-22 17:07:06 -07:00
sdcardd.te Move layout_version to /data/misc/installd 2019-08-21 10:11:35 -07:00
secure_element.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
sensor_service_server.te Treble-ize sepolicy for fwk HIDL services. 2019-04-22 17:07:06 -07:00
service.te Revert "sepolicy: Permission changes for new wifi mainline module" 2019-11-22 09:49:32 -08:00
servicemanager.te Service context for servicemanager. 2019-10-16 16:31:42 -07:00
sgdisk.te sgdisk: allow BLKRRPART 2018-11-02 14:26:23 -07:00
shared_relro.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
shell.te Add label for persist.pm.mock-upgrade 2019-10-14 18:09:11 +01:00
simpleperf_app_runner.te Relabel /data/system/packages.list to new type. 2019-03-28 10:27:43 +00:00
slideshow.te sepolicy: Add rules for non-init namespaces 2017-11-21 08:34:32 -07:00
stats_service_server.te Treble-ize sepolicy for fwk HIDL services. 2019-04-22 17:07:06 -07:00
statsd.te Remove perfprofd references. 2019-07-19 11:15:12 -07:00
su.te Tuner Hal 1.0 Enable ITuner service 2019-08-14 11:22:09 -07:00
surfaceflinger.te Initial selinux policy support for memfd 2019-01-30 19:11:49 +00:00
system_app.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
system_server.te Initial selinux policy support for memfd 2019-01-30 19:11:49 +00:00
system_suspend_server.te Decouple system_suspend from hal attributes. 2019-02-26 18:10:28 -08:00
te_macros Fix BUILD_BROKEN documentation 2019-10-17 19:29:39 +09:00
tee.te Revert "Add placeholder iris and face policy for vold data directory" 2018-11-19 15:00:19 -08:00
tombstoned.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
toolbox.te Allow toolbox to rm -rf /data/per_boot 2019-09-16 10:18:57 -07:00
traced_probes.te Make traced_probes mlstrustedsubject. 2018-04-17 18:12:28 +00:00
traced.te Allow iorapd to access perfetto 2019-01-23 22:43:47 +00:00
traceur_app.te Add selinux rule to allow Traceur to enable the traced daemon. 2019-04-26 16:18:56 -07:00
tzdatacheck.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
ueventd.te ueventd: allow using external firmware handlers 2019-08-15 11:34:07 +09:00
uncrypt.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
untrusted_app.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
update_engine_common.te update_engine: rules to apply virtual A/B OTA 2019-10-02 12:46:47 -07:00
update_engine.te Add a new context for property ota.warm_reset 2019-11-14 15:24:25 -08:00
update_verifier.te Add a new context for property ota.warm_reset 2019-11-14 15:24:25 -08:00
usbd.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
vdc.te Allow to getattr kmsg_device 2019-03-25 10:14:20 -07:00
vendor_init.te Revert^2 "SELinux policy for system server JVMTI" 2019-11-25 15:53:52 -08:00
vendor_misc_writer.te Ignore the denial due to vendor_misc_writer reading DT fstab. 2019-10-10 22:17:53 -07:00
vendor_shell.te Allow shell to start vendor shell 2018-01-16 18:28:51 +00:00
vendor_toolbox.te Allow init to run vendor toybox for modprobe 2017-05-24 15:01:20 -07:00
virtual_touchpad.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
vndservice.te Add default label and mapping for vendor services 2017-04-28 14:56:57 -07:00
vndservicemanager.te Initial sepolicy for vndservicemanager. 2017-03-23 00:20:43 +00:00
vold_prepare_subdirs.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
vold.te Merge changes Ide8fc07c,Ia1f51db4 2019-11-23 09:10:34 +00:00
vr_hwc.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
watchdogd.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
webview_zygote.te Properly Treble-ize tmpfs access 2019-01-26 17:30:41 +00:00
wificond.te Revert "sepolicy: Permission changes for new wifi mainline module" 2019-11-22 09:49:32 -08:00
wpantund.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
zygote.te Properly Treble-ize tmpfs access 2019-01-26 17:30:41 +00:00