Commits · 41cccd87c9cb7235e8d69830eb6fdded994b3f9c · CodeLinaro / public-release-test / platform / system / sepolicy

Jun 20, 2017
- Avoid audit when running `adb shell -t run-as xxx`. am: 3b7d9e49 am: 6e46ccdf am: ed88246c · 41cccd87
  Yabin Cui authored 7 years ago
```
am: e786cbfc

Change-Id: I5978af4044cd59f853a82d2397bb700ebe907433
```
  41cccd87
- Avoid audit when running `adb shell -t run-as xxx`. am: 3b7d9e49 am: 6e46ccdf · e786cbfc
  Yabin Cui authored 7 years ago
```
am: ed88246c

Change-Id: Id7a784cbe65961f876f4d2d167303dcf7854ae21
```
  e786cbfc
- Avoid audit when running `adb shell -t run-as xxx`. am: 3b7d9e49 · ed88246c
  Yabin Cui authored 7 years ago
```
am: 6e46ccdf

Change-Id: I5241333ec9099c7db3154cfcdb41003c65e235a0
```
  ed88246c
- Avoid audit when running `adb shell -t run-as xxx`. · 6e46ccdf
  Yabin Cui authored 7 years ago
```
am: 3b7d9e49

Change-Id: I5f12ae2d4c00efe648d1eecbe8a322de93e6447d
```
  6e46ccdf
- Merge "Remove unused attribute." · 6c43be59
  TreeHugger Robot authored 7 years ago
  
  6c43be59
Jun 19, 2017

Merge "allow recovery to run mke2fs tools" · fbf072bc
TreeHugger Robot authored 7 years ago

fbf072bc

Avoid audit when running `adb shell -t run-as xxx`. · 3b7d9e49

Yabin Cui authored 7 years ago

run-as uses file descriptor created by adbd when running
`adb shell -t run-as xxx`. It produces audit warnings like below:

[ 2036.555371] c1    509 type=1400 audit(1497910817.864:238): avc: granted { use } for pid=4945 comm="run-as" path="/dev/pts/0" dev="devpts" ino=3 scontext=u:r:runas:s0 tcontext=u:r:adbd:s0 tclass=fd

Bug: http://b/62358246
Test: test manually that the warning disappears.
Change-Id: I19023ac876e03ce2afe18982fe753b07e4c876bb

3b7d9e49

Merge "Temporarily revert back to using file_contexts for tracefs." · e10a01f1
TreeHugger Robot authored 7 years ago

e10a01f1
Merge "Add getpgid to system_service and init" into oc-dr1-dev am: 0e6a3d87 · 471d8706
Tom Cherry authored 7 years ago
```
am: ac178672

Change-Id: I1c7919c78b60997a5ead95e8efa604069cbc61d3
```
471d8706
Merge "Add getpgid to system_service and init" into oc-dr1-dev · ac178672
Tom Cherry authored 7 years ago
```
am: 0e6a3d87

Change-Id: I3af30f8f65918e273f634a9aa120c5cbeefd3a65
```
ac178672

Temporarily revert back to using file_contexts for tracefs. · d0d488ee

Joel Galenson authored 7 years ago

An earlier commit moved tracefs file labels from file_contexts to
tracefs.  But this requires a kernel patch that is not present on all
devices, so let's revert it until that is merged.

Bug: 62485981
Test: Built, flashed, and booted two devices.  Verified that the files
have the correct context.  Verified that traceur works.

Change-Id: I8ee3ea9864f73a92943cdbc550131d4a71b842ba

d0d488ee

Merge "Add getpgid to system_service and init" into oc-dr1-dev · 0e6a3d87
Tom Cherry authored 7 years ago

0e6a3d87

allow recovery to run mke2fs tools · 7e577318

Jin Qian authored 7 years ago

recovery exec /system/bin/{mke2fs,e2fsdroid} to format userdata

Bug: 35219933
Change-Id: I77e75c2dc55d4bea7984707f27bc215de186c4d1

7e577318

Update 26.0 SELinux prebuilts. · 148578a6

Dan Cashman authored 7 years ago

More changes went into oc-dev after the freeze-date.  Reflect them.

Bug: 37896931
Test: prebuilts - none.
Change-Id: I3300751ea7362d5d96b327138544be65eb9fc483

148578a6

Add getpgid to system_service and init · d5f0aba0

Tom Cherry authored 7 years ago

In libprocessgroup, we want to only send signals once to processes,
particularly for SIGTERM.  We must send the signal both to all
processes within a POSIX process group and a cgroup.  To ensure that
we do not duplicate the signals being sent, we check the processes in
the cgroup to see if they're in the POSIX process groups that we're
killing.  If they are, we skip sending a second signal.  This requires
getpgid permissions, hence this SELinux change.

avc: denied { getpgid } for pid=797 comm="ActivityManager" scontext=u:r:system_server:s0 tcontext=u:r:untrusted_app_25:s0:c512,c768 tclass=process permissive=1
avc: denied { getpgid } for pid=797 comm="ActivityManager" scontext=u:r:system_server:s0 tcontext=u:r:untrusted_app_25:s0:c512,c768 tclass=process permissive=1
avc: denied { getpgid } for pid=797 comm="ActivityManager" scontext=u:r:system_server:s0 tcontext=u:r:system_app:s0 tclass=process permissive=1
avc: denied { getpgid } for pid=797 comm="ActivityManager" scontext=u:r:system_server:s0 tcontext=u:r:system_app:s0 tclass=process permissive=1
avc: denied { getpgid } for pid=1 comm="init" scontext=u:r:init:s0 tcontext=u:r:zygote:s0 tclass=process permissive=1
avc: denied { getpgid } for pid=1 comm="init" scontext=u:r:init:s0 tcontext=u:r:zygote:s0 tclass=process permissive=1
avc: denied { getpgid } for pid=1 comm="init" scontext=u:r:init:s0 tcontext=u:r:system_server:s0 tclass=process permissive=1
avc: denied { getpgid } for pid=1 comm="init" scontext=u:r:init:s0 tcontext=u:r:system_server:s0 tclass=process permissive=1

Bug: 37853905
Bug: 62418791
Test: Boot, kill zygote, reboot
Change-Id: Ib6c265dbaac8833c47145ae28fb6594ca8545570
(cherry picked from commit c59eb4d8)

d5f0aba0

Jun 16, 2017

Merge "Suppress safetynet denials" into oc-dr1-dev am: 1468f85f · 8a3aae5c
Jeff Vander Stoep authored 7 years ago
```
am: 3c7156b5

Change-Id: I20743966a8eedb8a5168356d6af3907234431e31
```
8a3aae5c
Merge "Add rules for vfat for sdcardfs" into oc-dev am: 58d0d1e4 am: 29713c8d · b304e960
Daniel Rosenberg authored 7 years ago
```
am: 581069bf

Change-Id: I58f7e0c44e68908101cb874789994885ed9a15e9
```
b304e960
Merge "Add rules for vfat for sdcardfs" into oc-dev am: 58d0d1e4 am: 39c4f76b · 8d89f81c
Daniel Rosenberg authored 7 years ago
```
am: 77ea7ccb

Change-Id: I6ce8f52e97f0198cf712a60fd6af1e77090ec338
```
8d89f81c
Merge "Suppress safetynet denials" into oc-dr1-dev · 3c7156b5
Jeff Vander Stoep authored 7 years ago
```
am: 1468f85f

Change-Id: Idd803017a8087ac9e9221c0ca6ac5893391db6de
```
3c7156b5
Merge "Add rules for vfat for sdcardfs" into oc-dev am: 58d0d1e4 · 581069bf
Daniel Rosenberg authored 7 years ago
```
am: 29713c8d

Change-Id: I7089b62f8c54e24af47263325e085f092231f29d
```
581069bf
Merge "Suppress safetynet denials" into oc-dr1-dev · 1468f85f
TreeHugger Robot authored 7 years ago

1468f85f
Merge "Add rules for vfat for sdcardfs" into oc-dev am: 58d0d1e4 · 77ea7ccb
Daniel Rosenberg authored 7 years ago
```
am: 39c4f76b

Change-Id: I54b821fa20f428eaad1c8ab934a7e479664a6038
```
77ea7ccb
Merge "Add rules for vfat for sdcardfs" into oc-dev · 39c4f76b
Daniel Rosenberg authored 7 years ago
```
am: 58d0d1e4

Change-Id: I1a2207be3509ec5bc7797b906e15da16099190ad
```
39c4f76b
Merge "Add rules for vfat for sdcardfs" into oc-dev · 29713c8d
Daniel Rosenberg authored 7 years ago
```
am: 58d0d1e4

Change-Id: Ia53beb365c39d501c9d6cd53a4cb72dec14b610b
```
29713c8d
Merge "Add rules for vfat for sdcardfs" into oc-dev · 58d0d1e4
TreeHugger Robot authored 7 years ago

58d0d1e4
Merge "Allow only system_server to read uid_time_in_state" · 9babe8f1
Andres Oportus authored 7 years ago

9babe8f1

Merge "Add extraneous neverallow rule to enforce attribute inclusion." into... · 518e1e85

Dan Cashman authored 7 years ago

Merge "Add extraneous neverallow rule to enforce attribute inclusion." into oc-dev am: b5aeaf6d am: 2f2fd365
am: 04d9f833

Change-Id: I0eaf6ae7cd00f3f53efd2243ffe15a1bb4e97442

518e1e85

Merge "DO NOT MERGE. Restore property to match oc-dev." into oc-dr1-dev am: d4faa3ce · acbbe43c
Dan Cashman authored 7 years ago
```
am: dbd2b320

Change-Id: I1d4a04a8d79325f4dd7f06b995956e254668303b
```
acbbe43c

Merge "Add extraneous neverallow rule to enforce attribute inclusion." into... · 9ba4e8f8

Dan Cashman authored 7 years ago

Merge "Add extraneous neverallow rule to enforce attribute inclusion." into oc-dev am: b5aeaf6d am: 6f94efaf
am: 3b2bf73d

Change-Id: I666e91ca83ad916b04c325d4f75570d550fc0c61

9ba4e8f8

Merge "Add extraneous neverallow rule to enforce attribute inclusion." into oc-dev am: b5aeaf6d · 04d9f833
Dan Cashman authored 7 years ago
```
am: 2f2fd365

Change-Id: Ice4004ddb745f5936fc430f7ff44d1df3236687a
```
04d9f833
Merge "DO NOT MERGE. Restore property to match oc-dev." into oc-dr1-dev · dbd2b320
Dan Cashman authored 7 years ago
```
am: d4faa3ce

Change-Id: I1791a5758eae1907dc0f15c2eeba36a0ad6577ce
```
dbd2b320
Merge "Add extraneous neverallow rule to enforce attribute inclusion." into oc-dev am: b5aeaf6d · 3b2bf73d
Dan Cashman authored 7 years ago
```
am: 6f94efaf

Change-Id: I1aceeeb61ca9e558dd32b3ef33e07b6a551387e6
```
3b2bf73d
Merge "Add extraneous neverallow rule to enforce attribute inclusion." into oc-dev · 2f2fd365
Dan Cashman authored 7 years ago
```
am: b5aeaf6d

Change-Id: Ib0ac9cf10c7cb9fd2462e0036307e2552d19b93b
```
2f2fd365
Merge "Add extraneous neverallow rule to enforce attribute inclusion." into oc-dev · 6f94efaf
Dan Cashman authored 7 years ago
```
am: b5aeaf6d

Change-Id: Ibcf17f7bbea4923abc5d1713227568bb35c6674b
```
6f94efaf
Merge "DO NOT MERGE. Restore property to match oc-dev." into oc-dr1-dev · d4faa3ce
TreeHugger Robot authored 7 years ago

d4faa3ce
Merge "Add extraneous neverallow rule to enforce attribute inclusion." into oc-dev · b5aeaf6d
TreeHugger Robot authored 7 years ago

b5aeaf6d

Add rules for vfat for sdcardfs · 260a4485

Daniel Rosenberg authored 7 years ago


This adds parellel rules to the ones added for media_rw_data_file
to allow apps to access vfat under sdcardfs. This should be reverted
if sdcardfs is modified to alter the secontext it used for access to
the lower filesystem

Change-Id: Idb123206ed2fac3ead88b0c1ed0b66952597ac65
Bug: 62584229
Test: Run android.appsecurity.cts.ExternalStorageHostTest with
      an external card formated as vfat
Signed-off-by: Daniel Rosenberg <drosen@google.com>

260a4485

Allow only system_server to read uid_time_in_state · 4dc88795

Andres Oportus authored 7 years ago

Bug: 62706738
Bug: 34133340
Test: Check that uid_time_in_state can't be read from
the shell without root permissions and that
"dumpsys batterystats --checkin| grep ctf" shows frequency
data (system_server was able to read uid_time_in_state)

Change-Id: Ic6a54da4ebcc9e10b0e3af8f14a45d7408e8686e

4dc88795

Add extraneous neverallow rule to enforce attribute inclusion. · 939b50ff

Dan Cashman authored 7 years ago

Due to the massively increased number of attributes in SELinux policy
as part of the treble changes, we have had to remove attributes from
policy for performance reasons.  Unfortunately, some attributes are
required to be in policy to ensure that our neverallow rules are being
properly enforced.  Usually this is not a problem, since neverallow rules
indicate that an attribute should be kept, but this is not currently the
case when the attribute is part of a negation in a group.

This is particularly problematic with treble since some attributes may
exist for HALs that have no implementation, and thus no types.  In
particular, this has caused an issue with the neverallows added in our
macros.  Add an extraneous neverallow rule to each of those auto-generated
neverallow rules to make sure that they are not removed from policy, until
the policy compiler is fixed to avoid this.  Also add corresponding rules
for other types which have been removed due to no corresponding rules.

Bug: 62591065
Bug: 62658302
Test: Attributes present in policy and CTS passes.  sepolicy-analyze also
works on platform-only policy.
Change-Id: Ic3fc034cdbd04a94167f8240cf562297e8d7c762

939b50ff

Merge changes from topic 'am-a2bbd4d08b064a12884b60ef5f323817' into oc-dr1-dev-plus-aosp · e1fc9b0a
Sandeep Patil authored 7 years ago
```
am: 8e955869

Change-Id: I7ccc82bc5590b099eee3a329bdd7a63fde7a8e0b
```
e1fc9b0a