Skip to content
Snippets Groups Projects
Select Git revision
  • test default
1 result
Search by author
  • Any Author
0 authors
  1. Dec 15, 2014
    • dcashman's avatar
      Restrict service_manager find and list access. · cd82557d
      dcashman authored 
      All domains are currently granted list and find service_manager
permissions, but this is not necessary.  Pare the permissions
which did not trigger any of the auditallow reporting.

Bug: 18106000
Change-Id: Ie0ce8de2af8af2cbe4ce388a2dcf4534694c994a
      cd82557d
  3. Dec 12, 2014
  5. Dec 11, 2014
    • Stephen Smalley's avatar
      Allow fcntl F_SETLK on sockets. · 2c759185
      Stephen Smalley authored 
      
Addresses denials such as:
type=1400 : avc: denied { lock } for comm="PushCheckSendS" path="socket:[1834573]" dev="sockfs" ino=X scontext=u:r:untrusted_app:s0 tcontext=u:r:untrusted_app:s0 tclass=tcp_socket

Change-Id: Idbf6120cca9df634e2f8a876fd1cd836551e5ad7
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      2c759185
  7. Dec 10, 2014
  9. Dec 09, 2014
  11. Dec 05, 2014
  13. Dec 02, 2014
  15. Dec 01, 2014
    • William Roberts's avatar
      Fix sepolicy-analyze build with different toolchains · 47c14611
      William Roberts authored 
      host C: sepolicy-analyze <= external/sepolicy/tools/sepolicy-analyze/sepolicy-analyze.c
external/sepolicy/tools/sepolicy-analyze/sepolicy-analyze.c: In function 'usage':
external/sepolicy/tools/sepolicy-analyze/sepolicy-analyze.c:30:5: error: 'for' loop initial declarations are only allowed in C99 mode
external/sepolicy/tools/sepolicy-analyze/sepolicy-analyze.c:30:5: note: use option -std=c99 or -std=gnu99 to compile your code
make: *** [out/host/linux-x86/obj/EXECUTABLES/sepolicy-analyze_intermediates/sepolicy-analyze.o] Error 1

Change-Id: I9222e447b032d051c251c9718e2b8d5ffb9e9c35
      47c14611
  17. Nov 26, 2014
    • dcashman's avatar
      Remove entropy from service_contexts. · 69636551
      dcashman authored 
      Commit: 9287e0dd272b85b475e33bcbd7d868517a0f98f9 removed the registration
of EntropyMixer with servicemanager, so it no longer needs a context.

Bug: 18106000

Cherry-pick of commit: 7cfef98c

Change-Id: I9aeb35e7ffde75090f4234ea193514fb883b1425
      69636551
  19. Nov 18, 2014
  21. Nov 13, 2014
    • William Roberts's avatar
      Remove network shell script · f330f375
      William Roberts authored 
      This seems to not really being used, especially considering
that the init.rc does not have a oneshot service for it, and its
not using the build_policy() and other things to even make it
configurable.

Change-Id: I964f94b30103917ed39cf5d003564de456b169a5
      f330f375
  23. Nov 12, 2014
  25. Nov 10, 2014
    • Nick Kralevich's avatar
      Merge "allow run-as to access /data/local/tmp" · f19cca3e
      Nick Kralevich authored
      f19cca3e
    • Stephen Smalley's avatar
      Allow init to chown/chmod character devices. · 1c16abd3
      Stephen Smalley authored 
      
init.rc files can potentially chown/chmod any character device, so
allow it for everything except for kmem (prohibited by neverallow).
While we could whitelist each of the device types, doing so would also
require device-specific changes for the device-specific types and
may be difficult to maintain.

Resolves (permissive) denials such as:
avc:  denied  { read } for  pid=1 comm="init" name="ttySAC0" dev="tmpfs" ino=4208 scontext=u:r:init:s0 tcontext=u:object_r:hci_attach_dev:s0 tclass=chr_file permissive=1

avc:  denied  { open } for  pid=1 comm="init" name="ttySAC0" dev="tmpfs" ino=4208 scontext=u:r:init:s0 tcontext=u:object_r:hci_attach_dev:s0 tclass=chr_file permissive=1

avc:  denied  { setattr } for  pid=1 comm="init" name="ttySAC0" dev="tmpfs" ino=4208 scontext=u:r:init:s0 tcontext=u:object_r:hci_attach_dev:s0 tclass=chr_file permissive=1

avc:  denied  { read } for  pid=1 comm="init" name="smd7" dev="tmpfs" ino=6181 scontext=u:r:init:s0 tcontext=u:object_r:radio_device:s0 tclass=chr_file

avc:  denied  { open } for  pid=1 comm="init" name="smd7" dev="tmpfs" ino=6181 scontext=u:r:init:s0 tcontext=u:object_r:radio_device:s0 tclass=chr_file

avc:  denied  { read } for  pid=1 comm="init" name="wcnss_wlan" dev="tmpfs" ino=7475 scontext=u:r:init:s0 tcontext=u:object_r:wlan_device:s0 tclass=chr_file

avc:  denied  { open } for  pid=1 comm="init" name="wcnss_wlan" dev="tmpfs" ino=7475 scontext=u:r:init:s0 tcontext=u:object_r:wlan_device:s0 tclass=chr_file

avc:  denied  { setattr } for  pid=1 comm="init" name="wcnss_wlan" dev="tmpfs" ino=7475 scontext=u:r:init:s0 tcontext=u:object_r:wlan_device:s0 tclass=chr_file

Change-Id: If8d14e9e434fab645d43db12cc1bdbfd3fc5d354
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      1c16abd3
  27. Nov 08, 2014
    • Nick Kralevich's avatar
      allow run-as to access /data/local/tmp · dd8571aa
      Nick Kralevich authored 
      Otherwise denials like the following occur:

avc: denied { write } for path="/data/local/tmp/foo" dev="dm-0" ino=325769 scontext=u:r:runas:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file
avc: denied { read } for path="/data/local/tmp/foo" dev="dm-0" ino=325769 scontext=u:r:runas:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file

Steps to reproduce:

$ run-as com.google.android.talk id > /data/local/tmp/id.out
$ run-as com.google.android.talk cat < /data/local/tmp/id.out

Change-Id: I68a7b804336a3d5776dcc31622f1279380282030
      dd8571aa
  29. Nov 07, 2014
  31. Nov 06, 2014
  33. Nov 05, 2014
    • Nick Kralevich's avatar
      recovery.te: add /data neverallow rules · a17a266e
      Nick Kralevich authored 
      Recovery should never be accessing files from /data.
In particular, /data may be encrypted, and the files within
/data will be inaccessible to recovery, because recovery doesn't
know the decryption key.

Enforce write/execute restrictions on recovery. We can't tighten
it up further because domain.te contains some /data read-only
access rules, which shouldn't apply to recovery but do.

Create neverallow_macros, used for storing permission macros
useful for neverallow rules. Standardize recovery.te and
property_data_file on the new macros.

Change-Id: I02346ab924fe2fdb2edc7659cb68c4f8dffa1e88
      a17a266e
  35. Nov 04, 2014
  37. Nov 03, 2014
  39. Oct 31, 2014
  41. Oct 30, 2014
  43. Oct 29, 2014
    • Stephen Smalley's avatar
      Switch kernel and init to permissive_or_unconfined(). · a523aaca
      Stephen Smalley authored 
      
Switch the kernel and init domains from unconfined_domain()
to permissive_or_unconfined() so that we can start collecting
and addressing denials in -userdebug/-eng builds.

Also begin to address denials for kernel and init seen after
making this switch.

I intentionally did not allow the following denials on hammerhead:
avc:  denied  { create } for  pid=1 comm="init" name="memory.move_charge_at_immigrate" scontext=u:r:init:s0 tcontext=u:object_r:init_tmpfs:s0 tclass=file
avc:  denied  { open } for  pid=1 comm="init" name="memory.move_charge_at_immigrate" dev="tmpfs" ino=6550 scontext=u:r:init:s0 tcontext=u:object_r:init_tmpfs:s0 tclass=file

These occur when init.rc does:
write /sys/fs/cgroup/memory/memory.move_charge_at_immigrate 1
because the prior command to mount the cgroup failed:
mount cgroup none /sys/fs/cgroup/memory memory

I think this is because that cgroup is not enabled in the
kernel configuration.  If the cgroup mount succeeded,
then this would have been a write to a cgroup:file and
would have been allowed already.

Change-Id: I9d7e31bef6ea91435716aa4312c721fbeaeb69c0
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      a523aaca
    • Igor Murashkin's avatar
      am 0ae33a8d: Merge "zygote/dex2oat: Grant additional symlink permissions" · f48951a9
      Igor Murashkin authored 
      * commit '0ae33a8d':
  zygote/dex2oat: Grant additional symlink permissions
      f48951a9
  45. Oct 28, 2014