Commits · 8f81dcad5bb322a75bc61c8b42f8287e2afeaddc · CodeLinaro / public-release-test / platform / system / sepolicy

Mar 05, 2015

Revert "Drop special handling of app_data_file in mls constraints." · 60cfe79f

dcashman authored 10 years ago

This reverts commit 27042f6d.

Managed profiles are represented by new android users which have the ability to
communicate across profiles as governed by an IntentFilter provisioned by the
DevicePolicyManager.  This communication includes reading and writing content
URIs, which is currently obstructed by the mls separation between an owning user
and its managed profile.

Bug: 19444116
Bug: 19525465
Bug: 19540297
Bug: 19592525
Change-Id: Id9a97f24081902bceab5a96ddffd9276d751775b

60cfe79f

Feb 28, 2015

Remove read access from mls constraints. · e8f95b36

dcashman authored 10 years ago

Addresses the following denial encountered when sharing photos between personal
and managed profiles:

Binder_5: type=1400 audit(0.0:236): avc: denied { read } for path="/data/data/com.google.android.apps.plus/cache/media/3/3bbca5f1bcfa7f1-a-nw" dev="dm-0" ino=467800 scontext=u:r:untrusted_app:s0:c529,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file permissive=0

Bug: 19540297
Change-Id: If51108ec5820ca40e066d5ca3e527c7a0f03eca5

e8f95b36

Feb 20, 2015

sepolicy: allow cross-user unnamed pipe access · 7d1b6c87

Stephen Smalley authored 10 years ago


Exempt unnamed pipes from the MLS constraints so that they can
be used for cross-user communications when passed over binder or
local socket IPC.

Addresses denials such as:
avc: denied { read } for path="pipe:[59071]" dev="pipefs" ino=59071 scontext=u:r:untrusted_app:s0:c522,c768 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=fifo_file

Bug: 19087939

Change-Id: I77d494c4a38bf473fec05b728eaf253484deeaf8
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

7d1b6c87

Mar 12, 2014

Drop special handling of app_data_file in mls constraints. · 27042f6d

Stephen Smalley authored 11 years ago


This was a legacy of trying to support per-app level isolation
in a compatible manner by blocking direct open but permitting
read/write via passing of open files over Binder or local sockets.
It is no longer relevant and just confusing to anyone trying to use
the mls support for anything else.

Change-Id: I6d92a7cc20bd7d2fecd2c9357e470a30f10967a3
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

27042f6d

Nov 27, 2012

Add policy for run-as program. · e8848726

Stephen Smalley authored 12 years ago


Add policy for run-as program and label it in file_contexts.
Drop MLS constraints on local socket checks other than create/relabel
as this interferes with connections with services, in particular for
adb forward.

Change-Id: Ib0c4abeb7cbef559e150a620c45a7c31e0531114
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

e8848726

Mar 19, 2012
- Rewrite MLS constraints to only constrain open for app_data_file, not read/write. · 0e85c17e
  Stephen Smalley authored 13 years ago
  
  0e85c17e
Jan 04, 2012
- SE Android policy. · 2dd4e51d
  Stephen Smalley authored 13 years ago
  
  2dd4e51d