Commits · db4510d87a70784ce469f05180956cd057424ae2 · CodeLinaro / public-release-test / platform / system / sepolicy

Oct 04, 2016

Create unique labels for /dev/snd/{seq,timer} · db4510d8

No core android component needs access to /dev/snd/{seq,timer}, but
currently audioserver, bootanim, init, system_server and ueventd have
access. Seq and timer have been the source of many bugs in the past
[1]. Giving these files new labels without explicitly granting access
removes access from audioserver, bootanim, and system_server.
Init and ueventd still require access for /dev setup.

TODO: Explore unsetting CONFIG_SND_TIMER device kernels.

[1] https://github.com/google/syzkaller/wiki/Found-Bugs

Test: media CTS "cts-tradefed run cts -m CtsMediaTestCases" on Bullhead
and Dragon completed with no denials.

Bug: 29045223
Change-Id: I2d069920e792ce8eef70c7b4a038b9e7000f39f5

db4510d8

Sep 29, 2016
- add policy for android.hardware.nfc@1.0-service am: b8df90a2 am: 13142e7b am: bbcfa6bb · 377dec47
  Iliyan Malchev authored 8 years ago
```
am: a9123b7a

Change-Id: Idca8b217a18122d9cd1721c3f7d27c7cfb2d1a82
```
  377dec47
- add policy for android.hardware.nfc@1.0-service am: b8df90a2 am: 13142e7b · a9123b7a
  Iliyan Malchev authored 8 years ago
```
am: bbcfa6bb

Change-Id: I8ce977417f5778883c4ed21d1cef286503816110
```
  a9123b7a
- add policy for android.hardware.nfc@1.0-service am: b8df90a2 · bbcfa6bb
  Iliyan Malchev authored 8 years ago
```
am: 13142e7b

Change-Id: Ie9dc7f858e2edff0f3d5500d519f6bac39a27021
```
  bbcfa6bb
- add policy for android.hardware.nfc@1.0-service · 13142e7b
  Iliyan Malchev authored 8 years ago
```
am: b8df90a2

Change-Id: Ic186d9506499a9666f3a548cffa3a271629f3076
```
  13142e7b
Sep 28, 2016

add policy for android.hardware.nfc@1.0-service · b8df90a2

Iliyan Malchev authored 8 years ago


android.hardware.nfc@1.0-service is the generic binderized
HIDL package implementation of android.hardware.nfc@1.0

Denials:
avc: denied { read write } for pid=432 comm="android.hardwar"
name="pn548" dev="tmpfs" ino=10228
scontext=u:r:android_hardware_nfc_1_0_service:s0
tcontext=u:object_r:nfc_device:s0 tclass=chr_file

avc: denied { search } for pid=443 comm="Binder:430_1" name="nfc"
dev="dm-0" ino=670433 scontext=u:r:android_hardware_nfc_1_0_service:s0
tcontext=u:object_r:nfc_data_file:s0 tclass=dir

Test: pass

Change-Id: Id022b8d1706253ef65a37406c74ff883e12415b2
Signed-off-by: Iliyan Malchev <malchev@google.com>

b8df90a2

Sep 27, 2016
- Merge "Audit access to libart" am: 6552138b am: 77346b45 am: 3e5a6bd2 · 6577128b
  Jeff Vander Stoep authored 8 years ago
```
am: 87036a35

Change-Id: Iaed4b5f3416157b51de8f2b468071c88200980fb
```
  6577128b
- Merge "Audit access to libart" am: 6552138b am: 77346b45 · 87036a35
  Jeff Vander Stoep authored 8 years ago
```
am: 3e5a6bd2

Change-Id: I7503b3005abb57363ecfe2496fd6cb62523622a9
```
  87036a35
- Merge "Audit access to libart" am: 6552138b · 3e5a6bd2
  Jeff Vander Stoep authored 8 years ago
```
am: 77346b45

Change-Id: I608384065c017aa83d951d673ff8058d61ee503f
```
  3e5a6bd2
- Merge "Audit access to libart" · 77346b45
  Jeff Vander Stoep authored 8 years ago
```
am: 6552138b

Change-Id: I68ec0acd43b5b7a1d3a434bcb4e3bbc3e2cfd67f
```
  77346b45
- Merge "Audit access to libart" · 6552138b
  Treehugger Robot authored 8 years ago
  
  6552138b
- Audit access to libart · 88cef4df
  Jeff Vander Stoep authored 8 years ago
```
Grant access to all processes and audit access. The end goal is to
whitelist all access to the interpreter. Several processes including
dex2oat, apps, and zygote were observed using libart, so omit them
from auditing and explicitly grant them access.

Test: Angler builds and boots

Bug: 29795519
Change-Id: I9b93c7dbef5c49b95a18fd26307955d05a1c8e88
```
  88cef4df
- Merge "logd: remove domain_deprecated attribute" am: 915a1c25 am: 62229ad3 am: be4683a9 · 7b0d15f2
  Jeff Vander Stoep authored 8 years ago
```
am: 24940b8f

Change-Id: I9d029e24695a2480c2a7d4ab91787c4433561c5c
```
  7b0d15f2
- Merge "logd: remove domain_deprecated attribute" am: 915a1c25 am: 62229ad3 · 24940b8f
  Jeff Vander Stoep authored 8 years ago
```
am: be4683a9

Change-Id: Ib0eedc2bd4e4b5ceeeca19d9d557daacc29ceda5
```
  24940b8f
- Merge "logd: remove domain_deprecated attribute" am: 915a1c25 · be4683a9
  Jeff Vander Stoep authored 8 years ago
```
am: 62229ad3

Change-Id: I4d5b354b984eed4e9a8f6c289d7082083dd2ab7a
```
  be4683a9
- Merge "logd: remove domain_deprecated attribute" · 62229ad3
  Jeff Vander Stoep authored 8 years ago
```
am: 915a1c25

Change-Id: Idefe0d2483ffba1667d85c9ec71df80f292061b8
```
  62229ad3
- Merge "logd: remove domain_deprecated attribute" · 915a1c25
  Treehugger Robot authored 8 years ago
  
  915a1c25
- Don't allow dumpstate to call ioctl on netlink_tcpdiag_socket. am: a8239c61... · 9a6fb6b0
  Lorenzo Colitti authored 8 years ago
```
Don't allow dumpstate to call ioctl on netlink_tcpdiag_socket. am: a8239c61 am: 1376638d am: 0a10b00e
am: d0ed9d0a

Change-Id: I439bd7cf7cd1e3b8d6f64357db66c44b53cca1c0
```
  9a6fb6b0
- Allow dumpstate to run ss. am: bb9b4dd8 am: 1971b13e am: b4e26018 · ef086b6f
  Lorenzo Colitti authored 8 years ago
```
am: 40196b4b

Change-Id: I22a4ad5b606d8477ee9f8213f0b79c0909ccb8a4
```
  ef086b6f
- Don't allow dumpstate to call ioctl on netlink_tcpdiag_socket. am: a8239c61 am: 1376638d · d0ed9d0a
  Lorenzo Colitti authored 8 years ago
```
am: 0a10b00e

Change-Id: I35ec7f134e24193e189d9fc7c9bd1d325b70ff6a
```
  d0ed9d0a
- Allow dumpstate to run ss. am: bb9b4dd8 am: 1971b13e · 40196b4b
  Lorenzo Colitti authored 8 years ago
```
am: b4e26018

Change-Id: I8b8826c5545a75308d3a472f00de3995ca5d01d0
```
  40196b4b
- Don't allow dumpstate to call ioctl on netlink_tcpdiag_socket. am: a8239c61 · 0a10b00e
  Lorenzo Colitti authored 8 years ago
```
am: 1376638d

Change-Id: Ief3104b69f825a47c68dfa1bf0c372e340fabd6d
```
  0a10b00e
- Allow dumpstate to run ss. am: bb9b4dd8 · b4e26018
  Lorenzo Colitti authored 8 years ago
```
am: 1971b13e

Change-Id: I63401682aafffd24793deddef6d5c63aae4ceebf
```
  b4e26018
- Don't allow dumpstate to call ioctl on netlink_tcpdiag_socket. · 1376638d
  Lorenzo Colitti authored 8 years ago
```
am: a8239c61

Change-Id: I8f7e2d3719b3ecea40eb9db92849d827c47e0567
```
  1376638d
- Allow dumpstate to run ss. · 1971b13e
  Lorenzo Colitti authored 8 years ago
```
am: bb9b4dd8

Change-Id: Iaff8ca029168072e061ba66cde1f7c0f91366ff5
```
  1971b13e
- DO NOT MERGE - fix truncated boot sound. am: c6effa90 am: 53452b08 · c894d8c3
  Eric Laurent authored 8 years ago
```
am: 8b78fef9  -s ours

Change-Id: I8f3892fac605ec0b897615ef3241d832ed7bb3a5
```
  c894d8c3
- Don't allow dumpstate to call ioctl on netlink_tcpdiag_socket. · a8239c61
  Lorenzo Colitti authored 8 years ago
```
This fixes the build error:

=====
libsepol.report_assertion_extended_permissions: neverallowxperm on line 166 of system/sepolicy/domain.te (or line 9201 of policy.conf) violated by
allow dumpstate dumpstate:netlink_tcpdiag_socket { ioctl };
libsepol.check_assertions: 1 neverallow failures occurred
=====

Which is caused, in AOSP and downstream branches, by
I123e5d40955358665800fe3b86cd5f8dbaeb8717.

Test: builds.
Change-Id: I925dec63df7c3a0f731b18093a8ac5c70167c970
```
  a8239c61
- Allow dumpstate to run ss. · bb9b4dd8
  Lorenzo Colitti authored 8 years ago
```
(cherry picked from commit 63c7ad6e)

Bug: 23113288
Test: see http://ag/1476096
Change-Id: I3beb21f1af092c93eceb3d5115f823c1b993727d
```
  bb9b4dd8
- DO NOT MERGE - fix truncated boot sound. am: c6effa90 am: 21d78e0f am:... · 63310aae
  Eric Laurent authored 8 years ago
```
DO NOT MERGE - fix truncated boot sound. am: c6effa90 am: 21d78e0f am: f781f952 am: ef2da1d7
am: ea95e74c  -s ours

Change-Id: Iadcb9d9bf0abec3e4db860086ca1897b7503da53
```
  63310aae
- DO NOT MERGE - fix truncated boot sound. am: c6effa90 · 8b78fef9
  Eric Laurent authored 8 years ago
```
am: 53452b08

Change-Id: I946eaa269356da41f98ca46d648cd7690dfa9e25
```
  8b78fef9
- DO NOT MERGE - fix truncated boot sound. am: c6effa90 am: 21d78e0f am: f781f952 · ea95e74c
  Eric Laurent authored 8 years ago
```
am: ef2da1d7

Change-Id: I4c2edb4452da80631675c4099d3da29adbaa5faf
```
  ea95e74c
- DO NOT MERGE - fix truncated boot sound. am: c6effa90 am: 21d78e0f · ef2da1d7
  Eric Laurent authored 8 years ago
```
am: f781f952

Change-Id: If31aa1ecf8dae506d7e556702f3ca08d0efdabc9
```
  ef2da1d7
- DO NOT MERGE - fix truncated boot sound. am: c6effa90 · f781f952
  Eric Laurent authored 8 years ago
```
am: 21d78e0f

Change-Id: I2f9829077cf1f48b718afefc4d7d35f92d6e73b9
```
  f781f952
- DO NOT MERGE - fix truncated boot sound. · 21d78e0f
  Eric Laurent authored 8 years ago
```
am: c6effa90

Change-Id: Id257877621b9375bca7d32e68d90c7a5c2a91f5d
```
  21d78e0f
- Allow dumpstate to run ss. am: 63c7ad6e am: 0dbd1bc1 · 6845b7a0
  Lorenzo Colitti authored 8 years ago
```
am: c2ec7576

Change-Id: I05f71916a1e0ff7aee201db46c098ffad00920b1
```
  6845b7a0
- Allow dumpstate to run ss. am: 63c7ad6e · c2ec7576
  Lorenzo Colitti authored 8 years ago
```
am: 0dbd1bc1

Change-Id: I19711aae28cb9d477248161a5ae51bbec39d9ad7
```
  c2ec7576
- Allow dumpstate to run ss. · 0dbd1bc1
  Lorenzo Colitti authored 8 years ago
```
am: 63c7ad6e

Change-Id: I5b9383b4c50d2eecd995db6943a0a27e50fb6fdd
```
  0dbd1bc1
- DO NOT MERGE - fix truncated boot sound. · 53452b08
  Eric Laurent authored 8 years ago
```
am: c6effa90

Change-Id: I6a381ca782c55bf504909857cde5ebca87e3bed6
```
  53452b08
- sepolicy: allow hwservicemanager to set properties am: 96031a83 am: bfde4e0b am: 60fafb00 · 9c0f4466
  Iliyan Malchev authored 8 years ago
```
am: 1a13b55b

Change-Id: I9648192863cee89fa91f89445f414e15fec0fcac
```
  9c0f4466
- sepolicy: allow hwservicemanager to set properties am: 96031a83 am: bfde4e0b · 1a13b55b
  Iliyan Malchev authored 8 years ago
```
am: 60fafb00

Change-Id: I46986355ea197af1d559d2b1b6111c9f1ff3a13a
```
  1a13b55b