aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Allow the zygote to stat all files it opens.stable/cm-13.0-ZNH0ENarayan Kamath2016-11-091-0/+7
| | | | | | | CYNGNOS-3303 bug: 30963384 Change-Id: I62b5ffd43469dbb0bba67e1bb1d3416e7354f9e5 (cherry picked from commit 3ff0b0282688c3776904b8e5409a4dfb7f231e73)
* expose control over unpriv perf access to shellDaniel Micay2016-08-011-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | This allows the shell user to control whether unprivileged access to perf events is allowed. To enable unprivileged access to perf: adb shell setprop security.perf_harden 0 To disable it again: adb shell setprop security.perf_harden 1 This allows Android to disable this kernel attack surface by default, while still allowing profiling tools to work automatically. It can also be manually toggled, but most developers won't ever need to do that if tools end up incorporating this. (Cherry picked from commit 38ac77e4c2b3c3212446de2f5ccc42a4311e65fc) Ticket: CYNGNOS-3177 Bug: 29054680 Change-Id: Idcf6a2f6cbb35b405587deced7da1f6749b16a5f (cherry picked from commit 0b7b9c258d9d85c3053b0b64e59775d952b99202)
* Further restrict socket ioctls available to appsJeff Vander Stoep2016-07-076-4/+15
| | | | | | | | | | | | | Restrict unix_dgram_socket and unix_stream_socket to a whitelist for all domains. Remove ioctl permission for netlink_selinux_socket and netlink_route_socket for netdomain. Bug: 28171804 Bug: 27424603 Ticket: CYNGNOS-3020 Change-Id: I650639115b8179964ae690a39e4766ead0032d2e (cherry picked from commit ce6d5e008aae91a793aaa471c20cd8d347f68faf)
* Remove generic socket access from untrusted processesNick Kralevich2016-07-071-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | SELinux defines various classes for various socket types, including tcp_socket, udp_socket, rawip_socket, netlink_socket, etc. Socket classes not known to the SELinux kernel code get lumped into the generic "socket" class. In particular, this includes the AF_MSM_IPC socket class. Bluetooth using apps were granted access to this generic socket class at one point in 2012. In 1601132086b054adc70e7f8f38ed24574c90bc37, a TODO was added indicating that this access was likely unnecessary. In cb835a2852997dde0be2941173f8c879ebbef157, an auditallow was added to test to see if this rule was actually used, and in master branch d0113ae0aed1a455834f26ec847b6ca8610e3b16, this rule was completely deleted. Revoke access to the generic socket class for isolated_app, untrusted_app, and shell for older Android releases. This is conceptually a backport of d0113ae0aed1a455834f26ec847b6ca8610e3b16, but affecting fewer domains to avoid potential breakage. Add a neverallow rule asserting that this rule isn't present for the untrusted domains. Contrary to our usual conventions, the neverallow rule is placed in bluetooth.te, to avoid merge conflicts and simplify patching. Bug: 28612709 Bug: 25768265 Ticket: CYNGNOS-3020 Change-Id: Ibfbb67777e448784bb334163038436f3c4dc1b51 (cherry picked from commit 31c17cd4de87639f673c2073d72b87c0736e28fc)
* Merge tag 'android-6.0.1_r20' into HEADJessica Wagantall2016-04-052-5/+12
|\ | | | | | | | | Ticket: CYNGNOS-2213 Android 6.0.1 release 20
| * DO NOT MERGE: Further restrict access to socket ioctl commandsJeff Vander Stoep2016-02-262-5/+12
| | | | | | | | | | | | | | | | | | | | Remove untrusted/isolated app access to device private commands. Only allow shell user to access unprivileged socket ioctl commands. Bug: 26324307 Bug: 26267358 Change-Id: Iddf1171bc05c7600e0292f925d18d748f13a98f2
* | Revert "property: Make the adb tcp port property a wildcard"Ethan Chen2015-12-141-1/+1
| | | | | | | | | | | | | | | | | | * Causes android.cts.security.SELinuxHostTest#testAospPropertyContexts test failure since it's looking for an exact string match. This reverts commit 60ddcc03e9401c3fb1e064bb84171a112a9bb8be. Change-Id: I66b5e1d59588be7b73b49f9b0e06d4834a008cf3
* | Merge tag 'android-6.0.1_r3' of ↵Steve Kondik2015-12-073-1/+5
|\| | | | | | | | | | | https://android.googlesource.com/platform/external/sepolicy into cm-13.0 Android 6.0.1 release 3
| * Enable permission checking by binderservicedomain.dcashman2015-10-291-0/+3
| | | | | | | | | | | | | | | | | | binderservicedomain services often expose their methods to untrusted clients and rely on permission checks for access control. Allow these services to query the permission service for access decisions. Bug: 25282923 Change-Id: I39bbef479de3a0df63e0cbca956f3546e13bbb9b
| * Merge "untrusted_apps: Allow untrusted apps to find healthd_service." into ↵Nick Kralevich2015-10-191-0/+1
| |\ | | | | | | | | | mnc-dr-dev
| | * untrusted_apps: Allow untrusted apps to find healthd_service.Ruchi Kandoi2015-10-191-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | This allows apps to find the healthd service which is used to query battery properties. Bug: 24759218 Change-Id: I72ce5a28b2ffd57aa424faeb2d039b6c92f9597d Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com>
| * | am 63af426a: bluetooth.te: Relax bluetooth neverallow rule. am: 33a779fecbNick Kralevich2015-10-141-1/+1
| |\ \ | | | | | | | | | | | | | | | | * commit '63af426a6ebc5c340a7144164f7458b35002d6f5': bluetooth.te: Relax bluetooth neverallow rule.
| | * \ bluetooth.te: Relax bluetooth neverallow rule.Nick Kralevich2015-10-141-1/+1
| | |\ \ | | | |/ | | |/| | | | | | | | | | | | | | | | | am: 33a779fecb * commit '33a779fecbdaa87756922adc690b4e38382d8e5f': bluetooth.te: Relax bluetooth neverallow rule.
| | | * bluetooth.te: Relax bluetooth neverallow rule.Nick Kralevich2015-10-141-1/+1
| | | | | | | | | | | | | | | | | | | | Bug: 24866874 Change-Id: Ic13ad4d3292fe8284e5771a28abaebb0ec9590f0
* | | | Merge tag 'android-6.0.0_r26' into cm-13.0Ricardo Cerqueira2015-11-052-1/+8
|\ \ \ \ | | | | | | | | | | | | | | | Android 6.0.0 release 26
| * \ \ \ merge in mnc-dr-release history after reset to mnc-dr-devThe Android Automerger2015-09-150-0/+0
| |\ \ \ \ | | |/ / / | |/| | |
| | * | | merge in mnc-dr-release history after reset to mnc-dr-devThe Android Automerger2015-09-130-0/+0
| | |\ \ \
| | | * \ \ merge in mnc-dr-release history after reset to mnc-dr-devThe Android Automerger2015-08-080-0/+0
| | | |\ \ \ | | | | |_|/ | | | |/| |
| | | | * | merge in mnc-dr-release history after reset to mnc-dr-devThe Android Automerger2015-08-040-0/+0
| | | | |\ \
| | | | | * \ merge in mnc-dr-release history after reset to mnc-dr-devThe Android Automerger2015-08-030-0/+0
| | | | | |\ \
| | | | | | * \ merge in mnc-dr-release history after reset to mnc-dr-devThe Android Automerger2015-08-010-0/+0
| | | | | | |\ \
| | | | | | | * \ merge in mnc-dr-release history after reset to mnc-dr-devThe Android Automerger2015-07-140-0/+0
| | | | | | | |\ \
| | | | | | | | * \ merge in mnc-dr-release history after reset to mnc-dr-devThe Android Automerger2015-07-060-0/+0
| | | | | | | | |\ \
| * | | | | | | | \ \ Merge "Allow system_server to bind ping sockets." into mnc-dr-devLorenzo Colitti2015-09-151-1/+5
| |\ \ \ \ \ \ \ \ \ \ | | |/ / / / / / / / / | |/| | | | | | | | |
| | * | | | | | | | | Allow system_server to bind ping sockets.Lorenzo Colitti2015-09-141-1/+5
| | | |_|_|_|_|_|_|/ | | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows NetworkDiagnostics to send ping packets from specific source addresses in order to detect reachability problems on the reverse path. This addresses the following denial: [ 209.744636] type=1400 audit(1441805730.510:14): avc: denied { node_bind } for pid=8347 comm="Thread-202" saddr=2400:xxxx:xxxx:xxxx:40b1:7e:a1d7:b3ae scontext=u:r:system_server:s0 tcontext=u:object_r:node:s0 tclass=rawip_socket permissive=0 Bug: 23661687 (cherry picked from commit c37121436be95ae2ed75cb83605940455446ef4e) Change-Id: Ia93c14bc7fec17e2622e1b48bfbf591029d84be2
| * / | | | | | | | Allow untrusted_app to list services.dcashman2015-09-101-0/+3
| |/ / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CTS relies on the ability to see all services on the system to make sure the dump permission is properly enforced on all services. Allow this. Bug: 23476772 Change-Id: I144b825c3a637962aaca59565c9f567953a866e8
| * | | | | | | | am 4496a389: am 78b54b5d: am bf323ff8: am 21827ff0: am f82f5e01: Accept ↵dcashman2015-08-280-0/+0
| |\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | command-line input for neverallow-check. * commit '4496a389b6efd95b174deb8503b8cbb6fcf0a5c5':
| | * \ \ \ \ \ \ \ am 78b54b5d: am bf323ff8: am 21827ff0: am f82f5e01: Accept command-line ↵dcashman2015-08-280-0/+0
| | |\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | input for neverallow-check. * commit '78b54b5ddf8242be40ec26d543333bf82f7479a2':
| | | * \ \ \ \ \ \ \ am bf323ff8: am 21827ff0: am f82f5e01: Accept command-line input for ↵dcashman2015-08-280-0/+0
| | | |\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | neverallow-check. * commit 'bf323ff8037e92cdb0bb215aeec6f5c6142c74a2':
| | | | * \ \ \ \ \ \ \ am 21827ff0: am f82f5e01: Accept command-line input for neverallow-check.dcashman2015-08-280-0/+0
| | | | |\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * commit '21827ff0dd6840b97d0835c0b85a3b74665e4602':
| | | | | * \ \ \ \ \ \ \ am f82f5e01: Accept command-line input for neverallow-check.dcashman2015-08-2816-1032/+1217
| | | | | |\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * commit 'f82f5e01bf17d2856109f72659a3aead9e10b14f': Accept command-line input for neverallow-check.
| * | | | | | | | | | | | | am f84c740b: am ed21ab14: am c9b882dc: am a045ca42: am 87f3802a: appdomain: ↵Nick Kralevich2015-08-280-0/+0
| |\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | relax netlink_socket neverallow rule * commit 'f84c740bff723ddfaf9fd3fde89ca3d752236b52':
| | * | | | | | | | | | | | am ed21ab14: am c9b882dc: am a045ca42: am 87f3802a: appdomain: relax ↵Nick Kralevich2015-08-280-0/+0
| | |\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | netlink_socket neverallow rule * commit 'ed21ab14105d013bef84e97bc2c2f26499170312':
| | | * | | | | | | | | | | am c9b882dc: am a045ca42: am 87f3802a: appdomain: relax netlink_socket ↵Nick Kralevich2015-08-280-0/+0
| | | |\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | neverallow rule * commit 'c9b882dc9a4f190a4842ac6ced39d06d0c4e9ca0':
| | | | * | | | | | | | | | am a045ca42: am 87f3802a: appdomain: relax netlink_socket neverallow ruleNick Kralevich2015-08-280-0/+0
| | | | |\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * commit 'a045ca42ccf6aba69901b06942c65d4eb2c8147c':
| | | | | * | | | | | | | | am 87f3802a: appdomain: relax netlink_socket neverallow ruleNick Kralevich2015-08-282-4/+6
| | | | | |\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * commit '87f3802a8edcb1ee9668417b118844132a207df0': appdomain: relax netlink_socket neverallow rule
| * | | | | | | | | | | | | | am 5e911116: am f35d737d: am a669507e: am b5dd69a1: am c423b1aa: Add ↵Stephen Smalley2015-08-280-0/+0
| |\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | neverallow checking to sepolicy-analyze. * commit '5e911116a73d02dc5f170ed969fa9469b1a105c8':
| | * | | | | | | | | | | | | am f35d737d: am a669507e: am b5dd69a1: am c423b1aa: Add neverallow checking ↵Stephen Smalley2015-08-280-0/+0
| | |\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | to sepolicy-analyze. * commit 'f35d737de36b78de5507c3bb09100a42892171c0':
| | | * | | | | | | | | | | | am a669507e: am b5dd69a1: am c423b1aa: Add neverallow checking to ↵Stephen Smalley2015-08-280-0/+0
| | | |\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | sepolicy-analyze. * commit 'a669507e0cbf131963cb158ddf0727c52c1f3203':
| | | | * | | | | | | | | | | am b5dd69a1: am c423b1aa: Add neverallow checking to sepolicy-analyze.Stephen Smalley2015-08-280-0/+0
| | | | |\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * commit 'b5dd69a1aa92cf1b9f2ca9d65f66fc31b0b54db6':
| | | | | * | | | | | | | | | am c423b1aa: Add neverallow checking to sepolicy-analyze.Stephen Smalley2015-08-282-5/+497
| | | | | |\ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * commit 'c423b1aae888296edc70dc4367d93a1314c61fa9': Add neverallow checking to sepolicy-analyze.
| * | | | | | | | | | | | | | | am 7dea3ae2: am 22db098e: am 5c190886: am 57dec60c: am 6f201ddc: App: add ↵Jeff Hao2015-08-280-0/+0
| |\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | permissions to read symlinks from dalvik cache. * commit '7dea3ae2f1d850e56e0b21a8b9811fd150af7d07':
| | * | | | | | | | | | | | | | am 22db098e: am 5c190886: am 57dec60c: am 6f201ddc: App: add permissions to ↵Jeff Hao2015-08-280-0/+0
| | |\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | read symlinks from dalvik cache. * commit '22db098eb763fc8993d0f451aab9dc8a1edd78f8':
| | | * | | | | | | | | | | | | am 5c190886: am 57dec60c: am 6f201ddc: App: add permissions to read symlinks ↵Jeff Hao2015-08-280-0/+0
| | | |\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | from dalvik cache. * commit '5c190886bf094808c8a8ada5f0d675bd67033d3c':
| | | | * | | | | | | | | | | | am 57dec60c: am 6f201ddc: App: add permissions to read symlinks from dalvik ↵Jeff Hao2015-08-280-0/+0
| | | | |\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | cache. * commit '57dec60cf3e1a59ad397424047c91c49cba2fef6':
| | | | | * | | | | | | | | | | am 6f201ddc: App: add permissions to read symlinks from dalvik cache.Jeff Hao2015-08-281-0/+1
| | | | | |\ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * commit '6f201ddc79f5badfbe0e0a6c5d9d9c4a94f4e8a4': App: add permissions to read symlinks from dalvik cache.
| * | | | | | | | | | | | | | | | am c80e805c: am f08d0446: am 582620ae: am c2eb12b2: am 9f0af9ec: Merge ↵Jeff Hao2015-08-280-0/+0
| |\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | "zygote/dex2oat: Grant additional symlink permissions" into lmp-sprout-dev * commit 'c80e805ca0f2784d2fe344858321eeabeac9d6b1':
| | * | | | | | | | | | | | | | | am f08d0446: am 582620ae: am c2eb12b2: am 9f0af9ec: Merge "zygote/dex2oat: ↵Jeff Hao2015-08-280-0/+0
| | |\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Grant additional symlink permissions" into lmp-sprout-dev * commit 'f08d04464ac29a17602a625b7d216b01b279c5a5':
| | | * | | | | | | | | | | | | | am 582620ae: am c2eb12b2: am 9f0af9ec: Merge "zygote/dex2oat: Grant ↵Jeff Hao2015-08-280-0/+0
| | | |\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | additional symlink permissions" into lmp-sprout-dev * commit '582620ae4c9f6216dcdfd6c6ca67fb94992d94c6':
| | | | * | | | | | | | | | | | | am c2eb12b2: am 9f0af9ec: Merge "zygote/dex2oat: Grant additional symlink ↵Jeff Hao2015-08-280-0/+0
| | | | |\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | permissions" into lmp-sprout-dev * commit 'c2eb12b24c0c8b265745d049c0bed9f9fd1e4241':
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-27 22:33:43 +0000