aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-09-27Allow the zygote to stat all files it opens.android-6.0.1_r73marshmallow-mr1-releaseNarayan Kamath
bug: 30963384 Change-Id: I62b5ffd43469dbb0bba67e1bb1d3416e7354f9e5 (cherry picked from commit 3ff0b0282688c3776904b8e5409a4dfb7f231e73)
2016-06-23expose control over unpriv perf access to shellandroid-6.0.1_r69android-6.0.1_r65android-6.0.1_r57android-6.0.1_r56Daniel Micay
This allows the shell user to control whether unprivileged access to perf events is allowed. To enable unprivileged access to perf: adb shell setprop security.perf_harden 0 To disable it again: adb shell setprop security.perf_harden 1 This allows Android to disable this kernel attack surface by default, while still allowing profiling tools to work automatically. It can also be manually toggled, but most developers won't ever need to do that if tools end up incorporating this. (Cherry picked from commit 38ac77e4c2b3c3212446de2f5ccc42a4311e65fc) Bug: 29054680 Change-Id: Idcf6a2f6cbb35b405587deced7da1f6749b16a5f
2016-05-27Remove generic socket access from untrusted processesandroid-6.0.1_r48android-6.0.1_r47Nick Kralevich
SELinux defines various classes for various socket types, including tcp_socket, udp_socket, rawip_socket, netlink_socket, etc. Socket classes not known to the SELinux kernel code get lumped into the generic "socket" class. In particular, this includes the AF_MSM_IPC socket class. Bluetooth using apps were granted access to this generic socket class at one point in 2012. In 1601132086b054adc70e7f8f38ed24574c90bc37, a TODO was added indicating that this access was likely unnecessary. In cb835a2852997dde0be2941173f8c879ebbef157, an auditallow was added to test to see if this rule was actually used, and in master branch d0113ae0aed1a455834f26ec847b6ca8610e3b16, this rule was completely deleted. Revoke access to the generic socket class for isolated_app, untrusted_app, and shell for older Android releases. This is conceptually a backport of d0113ae0aed1a455834f26ec847b6ca8610e3b16, but affecting fewer domains to avoid potential breakage. Add a neverallow rule asserting that this rule isn't present for the untrusted domains. Contrary to our usual conventions, the neverallow rule is placed in bluetooth.te, to avoid merge conflicts and simplify patching. Bug: 28612709 Bug: 25768265 Change-Id: Ibfbb67777e448784bb334163038436f3c4dc1b51
2016-05-27Further restrict socket ioctls available to appsJeff Vander Stoep
Restrict unix_dgram_socket and unix_stream_socket to a whitelist for all domains. Remove ioctl permission for netlink_selinux_socket and netlink_route_socket for netdomain. Bug: 28171804 Bug: 27424603 Change-Id: I650639115b8179964ae690a39e4766ead0032d2e
2016-02-26DO NOT MERGE: Further restrict access to socket ioctl commandsandroid-6.0.1_r28android-6.0.1_r27android-6.0.1_r26android-6.0.1_r20Jeff Vander Stoep
Remove untrusted/isolated app access to device private commands. Only allow shell user to access unprivileged socket ioctl commands. Bug: 26324307 Bug: 26267358 Change-Id: Iddf1171bc05c7600e0292f925d18d748f13a98f2
2015-10-29Enable permission checking by binderservicedomain.android-6.0.1_r9android-6.0.1_r8android-6.0.1_r7android-6.0.1_r3android-6.0.1_r17android-6.0.1_r13android-6.0.1_r12android-6.0.1_r11android-6.0.1_r10android-6.0.1_r1android-6.0.0_r41dcashman
binderservicedomain services often expose their methods to untrusted clients and rely on permission checks for access control. Allow these services to query the permission service for access decisions. Bug: 25282923 Change-Id: I39bbef479de3a0df63e0cbca956f3546e13bbb9b
2015-10-19Merge "untrusted_apps: Allow untrusted apps to find healthd_service." into ↵Nick Kralevich
mnc-dr-dev
2015-10-19untrusted_apps: Allow untrusted apps to find healthd_service.Ruchi Kandoi
This allows apps to find the healthd service which is used to query battery properties. Bug: 24759218 Change-Id: I72ce5a28b2ffd57aa424faeb2d039b6c92f9597d Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com>
2015-10-14am 63af426a: bluetooth.te: Relax bluetooth neverallow rule. am: 33a779fecbNick Kralevich
* commit '63af426a6ebc5c340a7144164f7458b35002d6f5': bluetooth.te: Relax bluetooth neverallow rule.
2015-10-14bluetooth.te: Relax bluetooth neverallow rule.Nick Kralevich
am: 33a779fecb * commit '33a779fecbdaa87756922adc690b4e38382d8e5f': bluetooth.te: Relax bluetooth neverallow rule.
2015-10-14bluetooth.te: Relax bluetooth neverallow rule.Nick Kralevich
Bug: 24866874 Change-Id: Ic13ad4d3292fe8284e5771a28abaebb0ec9590f0
2015-09-15Merge "Allow system_server to bind ping sockets." into mnc-dr-devmarshmallow-dr-devLorenzo Colitti
2015-09-14Allow system_server to bind ping sockets.Lorenzo Colitti
This allows NetworkDiagnostics to send ping packets from specific source addresses in order to detect reachability problems on the reverse path. This addresses the following denial: [ 209.744636] type=1400 audit(1441805730.510:14): avc: denied { node_bind } for pid=8347 comm="Thread-202" saddr=2400:xxxx:xxxx:xxxx:40b1:7e:a1d7:b3ae scontext=u:r:system_server:s0 tcontext=u:object_r:node:s0 tclass=rawip_socket permissive=0 Bug: 23661687 (cherry picked from commit c37121436be95ae2ed75cb83605940455446ef4e) Change-Id: Ia93c14bc7fec17e2622e1b48bfbf591029d84be2
2015-09-10Allow untrusted_app to list services.dcashman
CTS relies on the ability to see all services on the system to make sure the dump permission is properly enforced on all services. Allow this. Bug: 23476772 Change-Id: I144b825c3a637962aaca59565c9f567953a866e8
2015-08-28am 4496a389: am 78b54b5d: am bf323ff8: am 21827ff0: am f82f5e01: Accept ↵dcashman
command-line input for neverallow-check. * commit '4496a389b6efd95b174deb8503b8cbb6fcf0a5c5':
2015-08-28am f84c740b: am ed21ab14: am c9b882dc: am a045ca42: am 87f3802a: appdomain: ↵Nick Kralevich
relax netlink_socket neverallow rule * commit 'f84c740bff723ddfaf9fd3fde89ca3d752236b52':
2015-08-28am 5e911116: am f35d737d: am a669507e: am b5dd69a1: am c423b1aa: Add ↵Stephen Smalley
neverallow checking to sepolicy-analyze. * commit '5e911116a73d02dc5f170ed969fa9469b1a105c8':
2015-08-28am 7dea3ae2: am 22db098e: am 5c190886: am 57dec60c: am 6f201ddc: App: add ↵Jeff Hao
permissions to read symlinks from dalvik cache. * commit '7dea3ae2f1d850e56e0b21a8b9811fd150af7d07':
2015-08-28am c80e805c: am f08d0446: am 582620ae: am c2eb12b2: am 9f0af9ec: Merge ↵Jeff Hao
"zygote/dex2oat: Grant additional symlink permissions" into lmp-sprout-dev * commit 'c80e805ca0f2784d2fe344858321eeabeac9d6b1':
2015-08-28am eced16c0: am fd352211: am f83e617f: am 4008b6c6: am b7934922: allow ↵Nick Kralevich
run-as to access /data/local/tmp * commit 'eced16c05311f46f21fdf6f3d675abf45ff40dd4':
2015-08-28am 8ef2fed6: am d5d55306: am 330dd6e4: am 0edbecf2: am 7cd346a7: am ↵Nick Kralevich
0055ea90: Allow recovery to create device nodes and modify rootfs * commit '8ef2fed64f362ae79f434172c4561e093f9b5d48':
2015-08-28am 58aa4481: am f992c4fa: am aa03e496: am e2ba13b9: am 7adc8cfe: Allow adbd ↵Nick Kralevich
to write to /data/adb * commit '58aa4481d34f165e30cc2d33a5d63b99ade4d2cf':
2015-08-28am 78b54b5d: am bf323ff8: am 21827ff0: am f82f5e01: Accept command-line ↵dcashman
input for neverallow-check. * commit '78b54b5ddf8242be40ec26d543333bf82f7479a2':
2015-08-28am ed21ab14: am c9b882dc: am a045ca42: am 87f3802a: appdomain: relax ↵Nick Kralevich
netlink_socket neverallow rule * commit 'ed21ab14105d013bef84e97bc2c2f26499170312':
2015-08-28am f35d737d: am a669507e: am b5dd69a1: am c423b1aa: Add neverallow checking ↵Stephen Smalley
to sepolicy-analyze. * commit 'f35d737de36b78de5507c3bb09100a42892171c0':
2015-08-28am 22db098e: am 5c190886: am 57dec60c: am 6f201ddc: App: add permissions to ↵Jeff Hao
read symlinks from dalvik cache. * commit '22db098eb763fc8993d0f451aab9dc8a1edd78f8':
2015-08-28am f08d0446: am 582620ae: am c2eb12b2: am 9f0af9ec: Merge "zygote/dex2oat: ↵Jeff Hao
Grant additional symlink permissions" into lmp-sprout-dev * commit 'f08d04464ac29a17602a625b7d216b01b279c5a5':
2015-08-28am fd352211: am f83e617f: am 4008b6c6: am b7934922: allow run-as to access ↵Nick Kralevich
/data/local/tmp * commit 'fd352211d7c84447c4e058bd6208e0a11cdd4a2b':
2015-08-28am d5d55306: am 330dd6e4: am 0edbecf2: am 7cd346a7: am 0055ea90: Allow ↵Nick Kralevich
recovery to create device nodes and modify rootfs * commit 'd5d5530616af213918140e08aa17095d2861dee2':
2015-08-28am f992c4fa: am aa03e496: am e2ba13b9: am 7adc8cfe: Allow adbd to write to ↵Nick Kralevich
/data/adb * commit 'f992c4fa90b77e3acb5d4fce82dab04a5e497f64':
2015-08-28am bf323ff8: am 21827ff0: am f82f5e01: Accept command-line input for ↵android-cts-5.1_r9android-cts-5.1_r8android-cts-5.1_r7android-cts-5.1_r6android-cts-5.1_r5android-cts-5.1_r4android-cts-5.1_r3android-cts-5.1_r28android-cts-5.1_r27android-cts-5.1_r26android-cts-5.1_r25android-cts-5.1_r24android-cts-5.1_r23android-cts-5.1_r22android-cts-5.1_r21android-cts-5.1_r20android-cts-5.1_r19android-cts-5.1_r18android-cts-5.1_r17android-cts-5.1_r16android-cts-5.1_r15android-cts-5.1_r14android-cts-5.1_r13android-cts-5.1_r10lollipop-mr1-cts-releaselollipop-mr1-cts-devdcashman
neverallow-check. * commit 'bf323ff8037e92cdb0bb215aeec6f5c6142c74a2':
2015-08-28am c9b882dc: am a045ca42: am 87f3802a: appdomain: relax netlink_socket ↵Nick Kralevich
neverallow rule * commit 'c9b882dc9a4f190a4842ac6ced39d06d0c4e9ca0':
2015-08-28am a669507e: am b5dd69a1: am c423b1aa: Add neverallow checking to ↵Stephen Smalley
sepolicy-analyze. * commit 'a669507e0cbf131963cb158ddf0727c52c1f3203':
2015-08-28am 5c190886: am 57dec60c: am 6f201ddc: App: add permissions to read symlinks ↵Jeff Hao
from dalvik cache. * commit '5c190886bf094808c8a8ada5f0d675bd67033d3c':
2015-08-28am 582620ae: am c2eb12b2: am 9f0af9ec: Merge "zygote/dex2oat: Grant ↵Jeff Hao
additional symlink permissions" into lmp-sprout-dev * commit '582620ae4c9f6216dcdfd6c6ca67fb94992d94c6':
2015-08-28am f83e617f: am 4008b6c6: am b7934922: allow run-as to access /data/local/tmpNick Kralevich
* commit 'f83e617f48ac859411ae54004916aa4b215d530e':
2015-08-28am 330dd6e4: am 0edbecf2: am 7cd346a7: am 0055ea90: Allow recovery to create ↵Nick Kralevich
device nodes and modify rootfs * commit '330dd6e4f6766f0d9a4b5d866417185e9753eef5':
2015-08-28am aa03e496: am e2ba13b9: am 7adc8cfe: Allow adbd to write to /data/adbNick Kralevich
* commit 'aa03e49603a74f3dfc7e354b5a32c680c4cf82b0':
2015-08-28am 21827ff0: am f82f5e01: Accept command-line input for neverallow-check.dcashman
* commit '21827ff0dd6840b97d0835c0b85a3b74665e4602':
2015-08-28am a045ca42: am 87f3802a: appdomain: relax netlink_socket neverallow ruleNick Kralevich
* commit 'a045ca42ccf6aba69901b06942c65d4eb2c8147c':
2015-08-28am b5dd69a1: am c423b1aa: Add neverallow checking to sepolicy-analyze.Stephen Smalley
* commit 'b5dd69a1aa92cf1b9f2ca9d65f66fc31b0b54db6':
2015-08-28am 57dec60c: am 6f201ddc: App: add permissions to read symlinks from dalvik ↵Jeff Hao
cache. * commit '57dec60cf3e1a59ad397424047c91c49cba2fef6':
2015-08-28am c2eb12b2: am 9f0af9ec: Merge "zygote/dex2oat: Grant additional symlink ↵Jeff Hao
permissions" into lmp-sprout-dev * commit 'c2eb12b24c0c8b265745d049c0bed9f9fd1e4241':
2015-08-28am 4008b6c6: am b7934922: allow run-as to access /data/local/tmpNick Kralevich
* commit '4008b6c627d9cd1bbbacd315a4e1d3456bb3b41c':
2015-08-28am 0edbecf2: am 7cd346a7: am 0055ea90: Allow recovery to create device nodes ↵Nick Kralevich
and modify rootfs * commit '0edbecf21a4638f24a2f0a84e2d8244ac9ce428e':
2015-08-28am e2ba13b9: am 7adc8cfe: Allow adbd to write to /data/adbNick Kralevich
* commit 'e2ba13b9ef97e843cc536c84c2043db0f19befeb':
2015-08-28am f82f5e01: Accept command-line input for neverallow-check.dcashman
* commit 'f82f5e01bf17d2856109f72659a3aead9e10b14f': Accept command-line input for neverallow-check.
2015-08-28am 87f3802a: appdomain: relax netlink_socket neverallow ruleNick Kralevich
* commit '87f3802a8edcb1ee9668417b118844132a207df0': appdomain: relax netlink_socket neverallow rule
2015-08-28am c423b1aa: Add neverallow checking to sepolicy-analyze.Stephen Smalley
* commit 'c423b1aae888296edc70dc4367d93a1314c61fa9': Add neverallow checking to sepolicy-analyze.
2015-08-28am 6f201ddc: App: add permissions to read symlinks from dalvik cache.Jeff Hao
* commit '6f201ddc79f5badfbe0e0a6c5d9d9c4a94f4e8a4': App: add permissions to read symlinks from dalvik cache.
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-09 11:39:06 +0000