| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
binderservicedomain services often expose their methods to untrusted
clients and rely on permission checks for access control. Allow these
services to query the permission service for access decisions.
Bug: 25282923
Change-Id: I39bbef479de3a0df63e0cbca956f3546e13bbb9b
|
|
|
|
|
|
|
|
|
| |
Keystore is going through an API cleanup to make names more clear and
remove unclear methods.
(cherry-picked from commit cbc8f796551151c0d9651500d5d9f116177a07dc)
Change-Id: I06354ccd0a9a73fd20168bfce9350c451cfaced3
|
|
|
|
|
|
|
| |
Remove the auditallow statements from app.te and
binderservicedomain.te which were causing log spam.
Change-Id: If1c33d1612866df9f338e6d8c19d73950ee028eb
|
|
|
|
|
|
|
|
| |
Remove the allow rule for default services in
binderservicedomain.te so we will need to whitelist any
services to be registered.
Change-Id: Ibca98b96a3c3a2cbb3722dd33b5eb52cb98cb531
|
|
|
|
|
|
|
|
|
|
| |
Add keystore_key class and an action for each action supported
by keystore. Add policies that replicate the access control that
already exists in keystore. Add auditallow rules for actions
not known to be used frequently. Add macro for those domains
wishing to access keystore.
Change-Id: Iddd8672b9e9b72b45ee208e6eda608cc9dc61edc
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Trying to run dumpsys from the serial console generates the
following errors:
shell@device:/ # dumpsys power
[ 3244.099015] binder: 2259:2259 transaction failed 29201, size 28-8
[ 3244.099291] type=1400 audit(1403313679.642:12): avc: denied { read write } for pid=2259 comm="dumpsys" path="/dev/console" dev="tmpfs" ino=6188 scontext=u:r:system_server:s0 tcontext=u:object_r:console_device:s0 tclass=chr_file permissive=0
Error dumping service info: (Unknown error -2147483646) power
and the operation fails. Allow binderservicedomains to perform
writes to /dev/console.
Bug: 15779131
Change-Id: Iff55ab09c3a4d40e12d49ff2308bf147f9cb6937
|
|
|
|
|
|
|
|
|
|
|
| |
Add a service_mananger class with the verb add.
Add a type that groups the services for each of the
processes that is allowed to start services in service.te
and an attribute for all services controlled by the service
manager. Add the service_contexts file which maps service
name to target label.
Bug: 12909011
Change-Id: I017032a50bc90c57b536e80b972118016d340c7d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Resolves denials such as:
avc: denied { write } for pid=18959 comm="dumpsys" path="pipe:[42013]" dev="pipefs" ino=42013 scontext=u:r:surfaceflinger:s0 tcontext=u:r:untrusted_app:s0 tclass=fifo_file
avc: denied { use } for pid=18959 comm="dumpsys" path="pipe:[42013]" dev="pipefs" ino=42013 scontext=u:r:keystore:s0 tcontext=u:r:untrusted_app:s0 tclass=fd
avc: denied { use } for pid=18959 comm="dumpsys" path="pipe:[42013]" dev="pipefs" ino=42013 scontext=u:r:healthd:s0 tcontext=u:r:untrusted_app:s0 tclass=fd
avc: denied { write } for pid=18959 comm="dumpsys" path="pipe:[42013]" dev="pipefs" ino=42013 scontext=u:r:drmserver:s0 tcontext=u:r:untrusted_app:s0 tclass=fifo_file
avc: denied { use } for pid=18959 comm="dumpsys" path="pipe:[42013]" dev="pipefs" ino=42013 scontext=u:r:inputflinger:s0 tcontext=u:r:untrusted_app:s0 tclass=fd
avc: denied { write } for pid=18959 comm="dumpsys" path="pipe:[42013]" dev="pipefs" ino=42013 scontext=u:r:inputflinger:s0 tcontext=u:r:untrusted_app:s0 tclass=fifo_file
avc: denied { write } for pid=18959 comm="dumpsys" path="pipe:[42013]" dev="pipefs" ino=42013 scontext=u:r:mediaserver:s0 tcontext=u:r:untrusted_app:s0 tclass=fifo_file
Change-Id: I289dcf4b2c5897b7a10e41e5dd8d56ef4b9a4a08
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Triggering a bug report via
Settings > Developer Options > Take bug report
generates a number of denials.
Two bugs here:
1) According to the "allowed" list in
frameworks/native/cmds/servicemanager/service_manager.c ,
media apps, nfc, radio, and apps with system/root UIDs can register
as a binder service. However, they were not placed into the
binder_service domain. Fix them.
2) The bugreport mechanism queries all the services and java
programs and asks them to write to a shell owned file. Grant the
corresponding SELinux capability.
Addresses the following denials:
<5>[ 149.342181] type=1400 audit(1389419775.872:17): avc: denied { write } for pid=4023 comm="dumpsys" path="/data/data/com.android.shell/files/bugreports/bugreport-2014-01-10-21-55-46.txt.tmp" dev="mmcblk0p28" ino=82094 scontext=u:r:keystore:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file
<5>[ 149.371844] type=1400 audit(1389419775.902:18): avc: denied { write } for pid=4023 comm="dumpsys" path="/data/data/com.android.shell/files/bugreports/bugreport-2014-01-10-21-55-46.txt.tmp" dev="mmcblk0p28" ino=82094 scontext=u:r:healthd:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file
<5>[ 149.980161] type=1400 audit(1389419776.512:22): avc: denied { write } for pid=4023 comm="dumpsys" path="/data/data/com.android.shell/files/bugreports/bugreport-2014-01-10-21-55-46.txt.tmp" dev="mmcblk0p28" ino=82094 scontext=u:r:drmserver:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file
<5>[ 150.095066] type=1400 audit(1389419776.622:23): avc: denied { write } for pid=1514 comm="Binder_C" path="/data/data/com.android.shell/files/bugreports/bugreport-2014-01-10-21-55-46.txt.tmp" dev="mmcblk0p28" ino=82094 scontext=u:r:system_app:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file
<5>[ 150.096748] type=1400 audit(1389419776.632:24): avc: denied { getattr } for pid=3178 comm="Binder_3" path="/data/data/com.android.shell/files/bugreports/bugreport-2014-01-10-21-55-46.txt.tmp" dev="mmcblk0p28" ino=82094 scontext=u:r:system_app:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file
<5>[ 150.097090] type=1400 audit(1389419776.632:25): avc: denied { write } for pid=1514 comm="Binder_C" path="/data/data/com.android.shell/files/bugreports/bugreport-2014-01-10-21-55-46.txt.tmp" dev="mmcblk0p28" ino=82094 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file
<5>[ 154.545583] type=1400 audit(1389419781.072:43): avc: denied { write } for pid=1423 comm="Binder_A" path="/data/data/com.android.shell/files/bugreports/bugreport-2014-01-10-21-55-46.txt.tmp" dev="mmcblk0p28" ino=82094 scontext=u:r:media_app:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file
<5>[ 156.000877] type=1400 audit(1389419782.532:44): avc: denied { write } for pid=1423 comm="Binder_A" path="/data/data/com.android.shell/files/bugreports/bugreport-2014-01-10-21-55-46.txt.tmp" dev="mmcblk0p28" ino=82094 scontext=u:r:radio:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file
<5>[ 156.022567] type=1400 audit(1389419782.552:45): avc: denied { write } for pid=1423 comm="Binder_A" path="/data/data/com.android.shell/files/bugreports/bugreport-2014-01-10-21-55-46.txt.tmp" dev="mmcblk0p28" ino=82094 scontext=u:r:radio:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file
<5>[ 156.043463] type=1400 audit(1389419782.572:46): avc: denied { write } for pid=1423 comm="Binder_A" path="/data/data/com.android.shell/files/bugreports/bugreport-2014-01-10-21-55-46.txt.tmp" dev="mmcblk0p28" ino=82094 scontext=u:r:nfc:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file
<5>[ 156.062550] type=1400 audit(1389419782.592:47): avc: denied { write } for pid=1423 comm="Binder_A" path="/data/data/com.android.shell/files/bugreports/bugreport-2014-01-10-21-55-46.txt.tmp" dev="mmcblk0p28" ino=82094 scontext=u:r:radio:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file
Change-Id: I365d530c38ce176617e48b620c05c4aae01324d3
|
|
|
|
|
|
|
|
|
|
|
| |
Allow adb shell to run dumpsys.
Addresses the following denials:
23.720402 type=1400 audit(1387473582.512:12): avc: denied { read write } for pid=1469 comm="dumpsys" path="/dev/pts/0" dev="devpts" ino=3 scontext=u:r:system_server:s0 tcontext=u:object_r:devpts:s0 tclass=chr_file
23.862719 type=1400 audit(1387473582.652:13): avc: denied { getattr } for pid=696 comm="Binder_3" path="/dev/pts/0" dev="devpts" ino=3 scontext=u:r:system_server:s0 tcontext=u:object_r:devpts:s0 tclass=chr_file
Change-Id: I6c56f9267d769d579514dca3cfde8d5a99170456
|
|
Add the necessary rules to support dumpstate.
Start off initially in permissive until it has more testing.
Dumpstate is triggered by running "adb bugreport"
Change-Id: Ic17a60cca1f6f40daa4f2c51e9ad6009ef36cfbd
|