- Feb 08, 2017
-
-
Alex Klyubin authored
This leaves only the existence of binderservicedomain attribute as public API. All other rules are implementation details of this attribute's policy and are thus now private. Test: No change to policy according to sesearch, except for disappearance of all allow rules to do with *_current targets referenced in binderservicedomain.te. Bug: 31364497 Change-Id: Ic830bcc5ffb6d624e0b3aec831071061cccc513c
-
- Feb 07, 2017
-
-
Joe Onorato authored
Test: adb shell incident Bug: 31122534 Change-Id: I4ac9c9ab86867f09b63550707673149fe60f1906
-
- Oct 06, 2016
-
-
dcashman authored
Divide policy into public and private components. This is the first step in splitting the policy creation for platform and non-platform policies. The policy in the public directory will be exported for use in non-platform policy creation. Backwards compatibility with it will be achieved by converting the exported policy into attribute-based policy when included as part of the non-platform policy and a mapping file will be maintained to be included with the platform policy that maps exported attributes of previous versions to the current platform version. Eventually we would like to create a clear interface between the platform and non-platform device components so that the exported policy, and the need for attributes is minimal. For now, almost all types and avrules are left in public. Test: Tested by building policy and running on device. Change-Id: Idef796c9ec169259787c3f9d8f423edf4ce27f8c
-
- Mar 07, 2016
-
-
Nick Kralevich authored
Bug: 27511071 Change-Id: I737aa9daac6c78846fe375300c3338e401d733ac
-
- Oct 29, 2015
-
-
dcashman authored
binderservicedomain services often expose their methods to untrusted clients and rely on permission checks for access control. Allow these services to query the permission service for access decisions. (cherry-pick of commit: 32d207e0) Bug: 25282923 Change-Id: I39bbef479de3a0df63e0cbca956f3546e13bbb9b
-
dcashman authored
binderservicedomain services often expose their methods to untrusted clients and rely on permission checks for access control. Allow these services to query the permission service for access decisions. Bug: 25282923 Change-Id: I39bbef479de3a0df63e0cbca956f3546e13bbb9b
-
- May 18, 2015
-
-
Chad Brubaker authored
Keystore is going through an API cleanup to make names more clear and remove unclear methods. (cherry-picked from commit cbc8f796) Change-Id: I06354ccd0a9a73fd20168bfce9350c451cfaced3
-
- May 14, 2015
-
-
Chad Brubaker authored
Keystore is going through an API cleanup to make names more clear and remove unclear methods. Change-Id: I06354ccd0a9a73fd20168bfce9350c451cfaced3
-
- Jul 01, 2014
-
-
Riley Spahn authored
Remove the auditallow statements from app.te and binderservicedomain.te which were causing log spam. Change-Id: If1c33d1612866df9f338e6d8c19d73950ee028eb
-
- Jun 30, 2014
-
-
Riley Spahn authored
Remove the allow rule for default services in binderservicedomain.te so we will need to whitelist any services to be registered. Change-Id: Ibca98b96a3c3a2cbb3722dd33b5eb52cb98cb531
-
- Jun 26, 2014
-
-
Riley Spahn authored
Add keystore_key class and an action for each action supported by keystore. Add policies that replicate the access control that already exists in keystore. Add auditallow rules for actions not known to be used frequently. Add macro for those domains wishing to access keystore. Change-Id: Iddd8672b9e9b72b45ee208e6eda608cc9dc61edc
-
- Jun 21, 2014
-
-
Nick Kralevich authored
Trying to run dumpsys from the serial console generates the following errors: shell@device:/ # dumpsys power [ 3244.099015] binder: 2259:2259 transaction failed 29201, size 28-8 [ 3244.099291] type=1400 audit(1403313679.642:12): avc: denied { read write } for pid=2259 comm="dumpsys" path="/dev/console" dev="tmpfs" ino=6188 scontext=u:r:system_server:s0 tcontext=u:object_r:console_device:s0 tclass=chr_file permissive=0 Error dumping service info: (Unknown error -2147483646) power and the operation fails. Allow binderservicedomains to perform writes to /dev/console. Bug: 15779131 Change-Id: Iff55ab09c3a4d40e12d49ff2308bf147f9cb6937
-
- Jun 12, 2014
-
-
Riley Spahn authored
Add a service_mananger class with the verb add. Add a type that groups the services for each of the processes that is allowed to start services in service.te and an attribute for all services controlled by the service manager. Add the service_contexts file which maps service name to target label. Bug: 12909011 Change-Id: I017032a50bc90c57b536e80b972118016d340c7d
-
- Mar 21, 2014
-
-
Stephen Smalley authored
Resolves denials such as: avc: denied { write } for pid=18959 comm="dumpsys" path="pipe:[42013]" dev="pipefs" ino=42013 scontext=u:r:surfaceflinger:s0 tcontext=u:r:untrusted_app:s0 tclass=fifo_file avc: denied { use } for pid=18959 comm="dumpsys" path="pipe:[42013]" dev="pipefs" ino=42013 scontext=u:r:keystore:s0 tcontext=u:r:untrusted_app:s0 tclass=fd avc: denied { use } for pid=18959 comm="dumpsys" path="pipe:[42013]" dev="pipefs" ino=42013 scontext=u:r:healthd:s0 tcontext=u:r:untrusted_app:s0 tclass=fd avc: denied { write } for pid=18959 comm="dumpsys" path="pipe:[42013]" dev="pipefs" ino=42013 scontext=u:r:drmserver:s0 tcontext=u:r:untrusted_app:s0 tclass=fifo_file avc: denied { use } for pid=18959 comm="dumpsys" path="pipe:[42013]" dev="pipefs" ino=42013 scontext=u:r:inputflinger:s0 tcontext=u:r:untrusted_app:s0 tclass=fd avc: denied { write } for pid=18959 comm="dumpsys" path="pipe:[42013]" dev="pipefs" ino=42013 scontext=u:r:inputflinger:s0 tcontext=u:r:untrusted_app:s0 tclass=fifo_file avc: denied { write } for pid=18959 comm="dumpsys" path="pipe:[42013]" dev="pipefs" ino=42013 scontext=u:r:mediaserver:s0 tcontext=u:r:untrusted_app:s0 tclass=fifo_file Change-Id: I289dcf4b2c5897b7a10e41e5dd8d56ef4b9a4a08 Signed-off-by:
Stephen Smalley <sds@tycho.nsa.gov>
-
- Jan 21, 2014
-
-
Nick Kralevich authored
Triggering a bug report via Settings > Developer Options > Take bug report generates a number of denials. Two bugs here: 1) According to the "allowed" list in frameworks/native/cmds/servicemanager/service_manager.c , media apps, nfc, radio, and apps with system/root UIDs can register as a binder service. However, they were not placed into the binder_service domain. Fix them. 2) The bugreport mechanism queries all the services and java programs and asks them to write to a shell owned file. Grant the corresponding SELinux capability. Addresses the following denials: <5>[ 149.342181] type=1400 audit(1389419775.872:17): avc: denied { write } for pid=4023 comm="dumpsys" path="/data/data/com.android.shell/files/bugreports/bugreport-2014-01-10-21-55-46.txt.tmp" dev="mmcblk0p28" ino=82094 scontext=u:r:keystore:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file <5>[ 149.371844] type=1400 audit(1389419775.902:18): avc: denied { write } for pid=4023 comm="dumpsys" path="/data/data/com.android.shell/files/bugreports/bugreport-2014-01-10-21-55-46.txt.tmp" dev="mmcblk0p28" ino=82094 scontext=u:r:healthd:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file <5>[ 149.980161] type=1400 audit(1389419776.512:22): avc: denied { write } for pid=4023 comm="dumpsys" path="/data/data/com.android.shell/files/bugreports/bugreport-2014-01-10-21-55-46.txt.tmp" dev="mmcblk0p28" ino=82094 scontext=u:r:drmserver:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file <5>[ 150.095066] type=1400 audit(1389419776.622:23): avc: denied { write } for pid=1514 comm="Binder_C" path="/data/data/com.android.shell/files/bugreports/bugreport-2014-01-10-21-55-46.txt.tmp" dev="mmcblk0p28" ino=82094 scontext=u:r:system_app:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file <5>[ 150.096748] type=1400 audit(1389419776.632:24): avc: denied { getattr } for pid=3178 comm="Binder_3" path="/data/data/com.android.shell/files/bugreports/bugreport-2014-01-10-21-55-46.txt.tmp" dev="mmcblk0p28" ino=82094 scontext=u:r:system_app:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file <5>[ 150.097090] type=1400 audit(1389419776.632:25): avc: denied { write } for pid=1514 comm="Binder_C" path="/data/data/com.android.shell/files/bugreports/bugreport-2014-01-10-21-55-46.txt.tmp" dev="mmcblk0p28" ino=82094 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file <5>[ 154.545583] type=1400 audit(1389419781.072:43): avc: denied { write } for pid=1423 comm="Binder_A" path="/data/data/com.android.shell/files/bugreports/bugreport-2014-01-10-21-55-46.txt.tmp" dev="mmcblk0p28" ino=82094 scontext=u:r:media_app:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file <5>[ 156.000877] type=1400 audit(1389419782.532:44): avc: denied { write } for pid=1423 comm="Binder_A" path="/data/data/com.android.shell/files/bugreports/bugreport-2014-01-10-21-55-46.txt.tmp" dev="mmcblk0p28" ino=82094 scontext=u:r:radio:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file <5>[ 156.022567] type=1400 audit(1389419782.552:45): avc: denied { write } for pid=1423 comm="Binder_A" path="/data/data/com.android.shell/files/bugreports/bugreport-2014-01-10-21-55-46.txt.tmp" dev="mmcblk0p28" ino=82094 scontext=u:r:radio:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file <5>[ 156.043463] type=1400 audit(1389419782.572:46): avc: denied { write } for pid=1423 comm="Binder_A" path="/data/data/com.android.shell/files/bugreports/bugreport-2014-01-10-21-55-46.txt.tmp" dev="mmcblk0p28" ino=82094 scontext=u:r:nfc:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file <5>[ 156.062550] type=1400 audit(1389419782.592:47): avc: denied { write } for pid=1423 comm="Binder_A" path="/data/data/com.android.shell/files/bugreports/bugreport-2014-01-10-21-55-46.txt.tmp" dev="mmcblk0p28" ino=82094 scontext=u:r:radio:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file Change-Id: I365d530c38ce176617e48b620c05c4aae01324d3
-
- Dec 20, 2013
-
-
Nick Kralevich authored
Allow adb shell to run dumpsys. Addresses the following denials: 23.720402 type=1400 audit(1387473582.512:12): avc: denied { read write } for pid=1469 comm="dumpsys" path="/dev/pts/0" dev="devpts" ino=3 scontext=u:r:system_server:s0 tcontext=u:object_r:devpts:s0 tclass=chr_file 23.862719 type=1400 audit(1387473582.652:13): avc: denied { getattr } for pid=696 comm="Binder_3" path="/dev/pts/0" dev="devpts" ino=3 scontext=u:r:system_server:s0 tcontext=u:object_r:devpts:s0 tclass=chr_file Change-Id: I6c56f9267d769d579514dca3cfde8d5a99170456
-
- Dec 16, 2013
-
-
Nick Kralevich authored
Add the necessary rules to support dumpstate. Start off initially in permissive until it has more testing. Dumpstate is triggered by running "adb bugreport" Change-Id: Ic17a60cca1f6f40daa4f2c51e9ad6009ef36cfbd
-