Age | Commit message (Collapse) | Author |
|
* commit '2f1f01a66094453fcf14a5a39bcea785a6205054':
flo: updates for SELinux
|
|
* Move binaries from /system/etc to /system/bin. That's the proper
place for binaries, and avoids having to preface each service entry
with /system/bin/sh
* Drop seclabel statements and rely on automatic domain transitions.
* remove call to init.qcom.class_main.sh , which doesn't exist.
This gets rid of the following unnecessary errors:
<3>[ 5.286834] init: Warning! Service qcom-c_main-sh needs a SELinux domain defined; please fix!
<5>[ 5.288970] type=1400 audit(1425327865.651:5): avc: denied { execute_no_trans } for pid=191 comm="init" path="/system/bin/sh" dev="mmcblk0p22" ino=341 scontext=u:r:init:s0 tcontext=u:object_r:shell_exec:s0 tclass=file
Fix some other minor policy issues.
Change-Id: Ib47d49b6c239ab7a2ebe6159465deb98b4b8cecb
|
|
vold now manages external storage in a much more dynamic fashion,
so we no longer need to define FUSE daemons or mount points.
Bug: 19993667
Change-Id: I17a468fe37ed6d1f7af8524b93072672c2ec2164
|
|
SELinux prohibits init from running executable code from
/data, so this is a no-op.
Also, we don't want to give any package named com.asus.debugger
a full root shell. Nexus devices don't ship with such a package,
and it's trivial for anyone to create a package by the same name.
Change-Id: I8604eb414c14fca5d873ff4b25105417759b491b
|
|
* commit '7f13d056dc12502073c7ed1c67d3e432de901200':
remove useless attempt to chmod /system/bin/ip
|
|
/system is mounted read-only. It's impossible for init to modify
the permissions on /system/bin/ip.
Change-Id: I7c224b7f488a887c5f0997dd1abccf960178ede8
|
|
* commit '679a5cd731b6a3f6a8f519ba0ee7a36f464c0742':
move /data/tombstone creation to system/core
|
|
Bug: https://code.google.com/p/android/issues/detail?id=93207
Change-Id: I40002b072669cee0df0573fb07472cb8bc1dac27
|
|
automerge: 346162b
* commit '346162be6d53b6b44f2f58e8d2e323456845e377':
Move wifi setup script from main to late_start
|
|
Bug: 17358965
Change-Id: I6064aee5aafc8bc5a8dcecab0a57f552f3233bfb
|
|
* commit '29a6e24d8e0f02177c42a1322de941758800a49d':
flo: Disable diag device in normal mode.
|
|
Remove the diag device when the device is in normal mode.
Bug: 18203257
Change-Id: I878ac648c49ef0940d55d5b6695bac24742847c8
|
|
/sys/devices/system/cpu/cpufreq/ondemand and its files."
* commit 'd0e1ea841ce9520f17cf8652d8854278b67c229e':
Label /sys/devices/system/cpu/cpufreq/ondemand and its files.
|
|
/sys/devices/system/cpu/cpufreq/ondemand and its files."
* commit 'd0e1ea841ce9520f17cf8652d8854278b67c229e':
Label /sys/devices/system/cpu/cpufreq/ondemand and its files.
|
|
This directory and its files are created in sysfs when the
scaling_governor is set to "ondemand" by the init.<board>.rc file.
As this occurs after the initial restorecon_recursive("/sys") by init
and it does not appear to trigger any uevent notification and thus
will not be labeled by ueventd fixup_sys_perms(), we need to explicitly
invoke restorecon_recursive on it from the init.<board>.rc file after
setting the scaling_governor.
Change-Id: Ia65a85e3156fb963a3ad5ea74d7c248cfe410bb8
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
|
Bug: 17626589
Change-Id: I581da1782aaf6008f7014795b0ba970503e6c373
|
|
Current policy assumes that the charger will run in the healthd domain.
Add a seclabel entry for the charger service to ensure that it runs
in the healthd domain even when the charger is a separate binary.
Change-Id: I3fb6d3cd298dbec15165bf02496b2388a55f4b59
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
|
* commit '01902a06526bdc737b5c36e917fa5cab70b36763':
Drop ppd selinux policy.
|
|
The ppd service which runs the mm-pp-daemon binary appears
to no longer be used. The last occurrence of the binary for
either flo or deb is with the jss15r and jls36i builds
respectively. In fact, current builds report that the ppd
service is explicitly being disabled.
<3>[ 5.023345] init: cannot find '/system/bin/mm-pp-daemon', disabling 'ppd'
Thus, just drop the selinux policy for it. While we're
at it, drop the ppd service entries from the init.flo.rc
file too.
Change-Id: I5902b6876d5bea33bb65dcaa505fc4ee13a61677
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
|
|
thermald to avoid dac_override denial."
* commit '03cb58a7d553b3263ca7f650b95be5ede8e78b9a':
SELinux: Add system group to thermald to avoid dac_override denial.
|
|
Change helps resolve the following denial.
avc: denied { dac_override } for pid=441 comm="thermald" capability=1 scontext=u:r:thermald:s0 tcontext=u:r:thermald:s0 tclass=capability
A similar change already exists for the hammerhead policy. Future
changes might need to be added here to accommodate additional
dac_override denials that might happen beyond this change. Consult
hammerhead change Ied2293d9effb1b2d9e043e01c08b5e7be407c868 for
some additional insight.
Change-Id: Ica6d657e5c37851b725f0b2bbe6b46d18ceb84bb
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
|
|
* commit '966f7e5ebc3d487a9c4870a7ae28c252380e2b83':
Address new SELinux denial.
|
|
system/core commit 75b287b771b302c99797d812122b72f83d2f56f9 fixed
/sys/devices/system/cpu/cpu*/cpufreq/scaling_* so that it was properly
owned by uid/gid system. That started generating the following SELinux
denial:
<4>[ 380.676844] type=1400 audit(1398985976.921:19): avc: denied { dac_override } for pid=2033 comm="mpdecision" capability=1 scontext=u:r:mpdecision:s0 tcontext=u:r:mpdecision:s0 tclass=capability
Add mpdecision to the system group. This stops the DAC override denial
by giving mpdecision DAC read/write access.
Change-Id: Iae2d9693f83de36f6b6db7d3e173a1858b20ec59
|
|
init.flo.rc file."
* commit '5293d1ea60ff6c23880d0b9cb5d435b3bd430435':
Drop restorecons from init.flo.rc file.
|
|
Recent changes have obsoleted the need to call
restorecon on any of /data files and dirs. This
patch drops those restorecons from the file.
Also use a global macro where appropriate.
Change-Id: Id3322180cfe431a4065cfd39046711d7ddfd9f31
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
|
|
Bug: 10893961
Change-Id: I489251a3383039c99ecbdb35347e0e86ccf6d728
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
|
|
Change-Id: I0217f69a7de1e678e57cb009edff3394ae46fcbe
|
|
/data/misc/dhcp to main init.rc file."
* commit 'c87267c8a95564e0f0181f45f15ca79c3cd51092':
Move creation of /data/misc/wifi and /data/misc/dhcp to main init.rc file.
|
|
mkdir /data/misc/wifi subdirectories and /data/misc/dhcp is performed
in the various device-specific init*.rc files but seems generic.
Move it to the main init.rc file.
Change-Id: I51b09c5e40946673a38732ea9f601b2d047d3b62
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
|
/data/app/sensor_ctl_socket on boot."
* commit '2292d8008a591f2950a037289f5c08e0840b846c':
Remove /data/app/sensor_ctl_socket on boot.
|
|
/data/misc/audio."
* commit '741f806c938827eb0a6411f59f77b66f79952919':
restorecon /data/media and /data/misc/audio.
|
|
Unix domain sockets need to be unlinked and re-created on each
reboot regardless, and removing the old socket left by a prior boot
ensures that we do not have a dead socket file in the wrong security
context, thereby yielding denials and preventing proper removal
and re-creation by the sensors service.
Change-Id: Ibe15768d9ae6955a0358568b11804f0267a1680e
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
|
Just as with hammerhead. Other files/directories were already
addressed for flo.
Change-Id: I90d10e2654d5e52d40a553a9b7db4d8e5989037b
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
|
* commit 'e2cf0ad97c78d20fea04a9130ee801b25a251f65':
Relabel sensors files
|
|
In 9d6624a0, /data/misc/sensors and /data/system/sensors
were changed from system_data_file to sensors_data_file.
/data/nfc was changed from system_data_file to nfc_data_file.
However, we forgot to fix up existing files.
Addresses the following sensors denials:
<5>[ 103.234466] type=1400 audit(1387408621.036:26): avc: denied { setattr } for pid=4833 comm="sensors.qcom" name="debug" dev="mmcblk0p31" ino=188441 scontext=u:r:sensors:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir
<5>[ 103.254089] type=1400 audit(1387408621.066:27): avc: denied { append } for pid=4833 comm="sensors.qcom" name="error_log" dev="mmcblk0p31" ino=188442 scontext=u:r:sensors:s0 tcontext=u:object_r:system_data_file:s0 tclass=file
<5>[ 103.273681] type=1400 audit(1387408621.086:28): avc: denied { open } for pid=4833 comm="sensors.qcom" name="error_log" dev="mmcblk0p31" ino=188442 scontext=u:r:sensors:s0 tcontext=u:object_r:system_data_file:s0 tclass=file
<5>[ 103.293914] type=1400 audit(1387408621.106:29): avc: denied { read } for pid=4833 comm="sensors.qcom" name="debug" dev="mmcblk0p31" ino=188441 scontext=u:r:sensors:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir
<5>[ 103.313537] type=1400 audit(1387408621.126:30): avc: denied { open } for pid=4833 comm="sensors.qcom" name="debug" dev="mmcblk0p31" ino=188441 scontext=u:r:sensors:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir
nfc denials:
<5>[ 579.726409] type=1400 audit(1387410509.432:35): avc: denied { write } for pid=1257 comm=4173796E635461736B202331 name="nfc" dev="mmcblk0p31" ino=253953 scontext=u:r:nfc:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir
<5>[ 579.746185] type=1400 audit(1387410509.452:36): avc: denied { add_name } for pid=1257 comm=4173796E635461736B202331 name="halStorage.bin4" scontext=u:r:nfc:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir
<5>[ 579.765014] type=1400 audit(1387410509.472:37): avc: denied { create } for pid=1257 comm=4173796E635461736B202331 name="halStorage.bin4" scontext=u:r:nfc:s0 tcontext=u:object_r:system_data_file:s0 tclass=file
<5>[ 579.783477] type=1400 audit(1387410509.492:38): avc: denied { write } for pid=1257 comm=4173796E635461736B202331 name="halStorage.bin4" dev="mmcblk0p31" ino=253956 scontext=u:r:nfc:s0 tcontext=u:object_r:system_data_file:s0 tclass=file
Change-Id: I4a1824ecb4c339d849b0a25c331d53be70837994
|
|
* commit '965bf8c2eae4ab2c1597c85ba690815e8dd27a0d':
SELinux policy updates.
|
|
* Make gpu_device a trusted object since all apps can
write to the device.
denied { write } for pid=3460 comm="ense_free.menus" name="kgsl-3d0" dev="tmpfs" ino=7606 scontext=u:r:untrusted_app:s0:c92,c256 tcontext=u:object_r:gpu_device:s0 tclass=chr_file
* Drop dead type mpdecision_device.
* Create policy for mm-pp-daemon and keep it permissive.
Address the following initial denials.
denied { write } for pid=220 comm="mm-pp-daemon" name="property_service" dev="tmpfs" ino=7289 scontext=u:r:ppd:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file
denied { connectto } for pid=220 comm="mm-pp-daemon" path="/dev/socket/property_service" scontext=u:r:ppd:s0 tcontext=u:r:init:s0 tclass=unix_stream_socket
denied { read write } for pid=220 comm="mm-pp-daemon" name="fb0" dev="tmpfs" ino=8523 scontext=u:r:ppd:s0 tcontext=u:object_r:graphics_device:s0 tclass=chr_file
denied { open } for pid=220 comm="mm-pp-daemon" name="fb0" dev="tmpfs" ino=8523 scontext=u:r:ppd:s0 tcontext=u:object_r:graphics_device:s0 tclass=chr_file
denied { ioctl } for pid=220 comm="mm-pp-daemon" path="/dev/graphics/fb0" dev="tmpfs" ino=8523 scontext=u:r:ppd:s0 tcontext=u:object_r:graphics_device:s0 tclass=chr_file
* Add kickstart_exec labels for kickstart binaries
that are used by deb devices.
* Add tee policy. Label /data/misc/playready and
allow tee access.
denied { write } for pid=259 comm="qseecomd" name="misc" dev="mmcblk0p30" ino=635233 scontext=u:r:tee:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir
denied { read } for pid=232 comm="qseecomd" name="/" dev="mmcblk0p30" ino=2 scontext=u:r:tee:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir
denied { create } for pid=306 comm="qseecomd" name="playready" scontext=u:r:tee:s0 tcontext=u:object_r:drm_data_file:s0 tclass=dir
denied { search } for pid=282 comm="qseecomd" name="playready" dev="mmcblk0p30" ino=635262 scontext=u:r:tee:s0 tcontext=u:object_r:drm_data_file:s0 tclass=dir
denied { read } for pid=282 comm="qseecomd" name="playready" dev="mmcblk0p30" ino=635262 scontext=u:r:tee:s0 tcontext=u:object_r:drm_data_file:s0 tclass=dir
denied { write } for pid=265 comm="qseecomd" name="playready" dev="mmcblk0p30" ino=635262 scontext=u:r:tee:s0 tcontext=u:object_r:drm_data_file:s0 tclass=dir
denied { create } for pid=252 comm="qseecomd" name="tzdrm.log" scontext=u:r:tee:s0 tcontext=u:object_r:drm_data_file:s0 tclass=file
denied { read write open } for pid=271 comm="qseecomd" name="tzdrm.log" dev="mmcblk0p30" ino=635264 scontext=u:r:tee:s0 tcontext=u:object_r:drm_data_file:s0 tclass=file
* Give surfaceflinger access to /dev/socket/pps and allow
access to certain sysfs nodes.
denied { write } for pid=181 comm="surfaceflinger" name="pps" dev="tmpfs" ino=7958 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:ppd_socket:s0 tclass=sock_file
denied { write } for pid=182 comm="surfaceflinger" name="hpd" dev="sysfs" ino=9639 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:sysfs:s0 tclass=file
Change-Id: Ia7a5c63365593af7ac5adc207b27fad113b01dd3
|
|
* commit '5f1df0863503b9a9aa465b10b5045ad3aa59de81':
Add to selinux policy.
|
|
* commit '3dd91d0298097d990ff37ddc6885fe63d819eae2':
Add to selinux policy.
|
|
|
|
Bring policy over from the mako board which
has a lot of similar domains and services.
mako is also a Qualcomm board which allows
a lot of that policy to be directly brought
over and applied.
Included in this are some radio specific
pieces. Though not directly applicable to
flo, the deb board inherits this policy.
Change-Id: I6b294c7dc830189c08f1f981a239234a2c3f577f
|
|
* commit '844ca90669666dea9791994bf1e1fe2874157a7a':
Avoid logwrapper calls
|
|
* commit 'adf59eed02d281b43926e62d8cb250c5e84789e9':
Avoid logwrapper calls
|
|
* commit '409b90f8507b9c967b2e443b72a9df9d45654fd8':
Avoid logwrapper calls
|
|
|
|
socket creation."
* commit '4318e8bb332c462f013051c7364bf9e607041e2b':
Drop incorrect param for socket creation.
|
|
* commit '32c5e2e06578d8c0f8d6d771537143346d4976f3':
Drop incorrect param for socket creation.
|
|
* commit '4cae69465c8cce60a00b6d9f00dd58e38b52f132':
Drop incorrect param for socket creation.
|
|
The socket line in the service stanza doesn't
support multiple groups. Adding multiple listed
groups will conflict with setting the security
context if used.
Change-Id: I4a9e91e6bd5e2d2997789af990f7e5315522dcaa
|
|
Logwrapper is useful for debugging, but isn't intended to be
kept on for production devices. Remove it.
Change-Id: I11c5aaf0cec65e162fcf9a6cc1785f3bc1ed17c1
|