1. 23 Nov, 2015 1 commit
  2. 22 Nov, 2015 1 commit
  3. 18 Nov, 2015 1 commit
  4. 17 Nov, 2015 1 commit
  5. 16 Nov, 2015 1 commit
  6. 11 Nov, 2015 2 commits
  7. 09 Nov, 2015 1 commit
    • Jeff Vander Stoep's avatar
      support for AutoPlay apps · 6f612a0f
      Jeff Vander Stoep authored
      Add isAutoPlayApp selector
      
      isAutoPlayApp is set when the seinfo value assigned by PackageManager
      contains ":autoplayapp"
      
      Change-Id: I5cd154257eb227a613a6a0c26f1b171500a401df
      6f612a0f
  8. 30 Oct, 2015 1 commit
  9. 29 Oct, 2015 1 commit
  10. 27 Oct, 2015 1 commit
    • William Roberts's avatar
      fix memory leaks and uninitialized jump · 0f520fac
      William Roberts authored
      
      Some error's were reported by valgrind (below) fix them. The test
      cases on which these leaks were detected:
      
      1. properly formed file_contexts file.
      2. malformed file_contexts file, unknown type.
      3. malformed file_contexts file, type that fails on validate callback.
      4. malformed file_contexts file, invalid regex.
      5. malformed file_contexts file, invalid mode.
      
      ==3819== Conditional jump or move depends on uninitialised value(s)
      ==3819==    at 0x12A682: closef (label_file.c:577)
      ==3819==    by 0x12A196: selabel_close (label.c:163)
      ==3819==    by 0x10A2FD: cleanup (checkfc.c:218)
      ==3819==    by 0x5089258: __run_exit_handlers (exit.c:82)
      ==3819==    by 0x50892A4: exit (exit.c:104)
      ==3819==    by 0x10A231: main (checkfc.c:361)
      ==3819==  Uninitialised value was created by a heap allocation
      ==3819==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
      ==3819==    by 0x4C2CF1F: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
      ==3819==    by 0x12BB31: process_file (label_file.h:273)
      ==3819==    by 0x12A2BA: selabel_file_init (label_file.c:522)
      ==3819==    by 0x12A0BB: selabel_open (label.c:88)
      ==3819==    by 0x10A038: main (checkfc.c:292)
      ==3819==
      ==3819==
      ==3819== HEAP SUMMARY:
      ==3819==     in use at exit: 729 bytes in 19 blocks
      ==3819==   total heap usage: 21,126 allocs, 21,107 frees, 923,854 bytes allocated
      ==3819==
      ==3819== 81 bytes in 1 blocks are definitely lost in loss record 1 of 2
      ==3819==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
      ==3819==    by 0x50D5839: strdup (strdup.c:42)
      ==3819==    by 0x12A2A6: selabel_file_init (label_file.c:517)
      ==3819==    by 0x12A0BB: selabel_open (label.c:88)
      ==3819==    by 0x10A038: main (checkfc.c:292)
      ==3819==
      
      ==4238== 40 bytes in 1 blocks are definitely lost in loss record 1 of 6
      ==4238==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
      ==4238==    by 0x12A1D2: selabel_file_init (label_file.c:886)
      ==4238==    by 0x12A0BB: selabel_open (label.c:88)
      ==4238==    by 0x10A038: main (checkfc.c:292)
      ==4238==
      ==4238== 81 bytes in 1 blocks are definitely lost in loss record 2 of 6
      ==4238==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
      ==4238==    by 0x50D5839: strdup (strdup.c:42)
      ==4238==    by 0x12A2A6: selabel_file_init (label_file.c:517)
      ==4238==    by 0x12A0BB: selabel_open (label.c:88)
      ==4238==    by 0x10A038: main (checkfc.c:292)
      ==4238==
      ==4238== 386 bytes in 24 blocks are definitely lost in loss record 3 of 6
      ==4238==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
      ==4238==    by 0x50D5889: strndup (strndup.c:45)
      ==4238==    by 0x12CDDF: read_spec_entries (label_support.c:37)
      ==4238==    by 0x12B72D: process_file (label_file.h:392)
      ==4238==    by 0x12A2BA: selabel_file_init (label_file.c:522)
      ==4238==    by 0x12A0BB: selabel_open (label.c:88)
      ==4238==    by 0x10A038: main (checkfc.c:292)
      ==4238==
      ==4238== 648 bytes in 18 blocks are definitely lost in loss record 4 of 6
      ==4238==    at 0x4C2CC70: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
      ==4238==    by 0x117C9B: avtab_insert_node (avtab.c:105)
      ==4238==    by 0x117C10: avtab_insert (avtab.c:163)
      ==4238==    by 0x11880A: avtab_read_item (avtab.c:566)
      ==4238==    by 0x118BD3: avtab_read (avtab.c:600)
      ==4238==    by 0x125BDD: policydb_read (policydb.c:3854)
      ==4238==    by 0x109F87: main (checkfc.c:273)
      ==4238==
      ==4238== 1,095 bytes in 12 blocks are definitely lost in loss record 5 of 6
      ==4238==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
      ==4238==    by 0x12D8D1: pcre_compile2 (pcre_compile.c:9217)
      ==4238==    by 0x12B239: compile_regex (label_file.h:357)
      ==4238==    by 0x12B9C7: process_file (label_file.h:429)
      ==4238==    by 0x12A2BA: selabel_file_init (label_file.c:522)
      ==4238==    by 0x12A0BB: selabel_open (label.c:88)
      ==4238==    by 0x10A038: main (checkfc.c:292)
      ==4238==
      ==4238== 1,296 bytes in 12 blocks are definitely lost in loss record 6 of 6
      ==4238==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
      ==4238==    by 0x13EBE5: pcre_study (pcre_study.c:1565)
      ==4238==    by 0x12B25D: compile_regex (label_file.h:366)
      ==4238==    by 0x12B9C7: process_file (label_file.h:429)
      ==4238==    by 0x12A2BA: selabel_file_init (label_file.c:522)
      ==4238==    by 0x12A0BB: selabel_open (label.c:88)
      ==4238==    by 0x10A038: main (checkfc.c:292)
      
      Change-Id: I2f7ed4ffbdcc3d0646f7caf66187d87347220c60
      Signed-off-by: default avatarWilliam Roberts <william.c.roberts@intel.com>
      0f520fac
  11. 22 Oct, 2015 2 commits
  12. 14 Oct, 2015 4 commits
  13. 10 Oct, 2015 3 commits
  14. 06 Oct, 2015 1 commit
    • William Roberts's avatar
      audit: log permissive from access decision · c49a2755
      William Roberts authored
      
      The userspace object managers were missing the permissive=0|1 as found in the
      kernel logs. This is important when debugging potential policy issues.
      
      To remedy this, add the permissive result from the access decision at the
      end of the audit logs. A shortened log sample from Android:
      
      avc:  denied  { find } <snip> tclass=service_manager permissive=1
      
      Change-Id: Ic92852f3bad258982d8f68dc93d978612a52db04
      Signed-off-by: default avatarWilliam Roberts <william.c.roberts@intel.com>
      c49a2755
  15. 22 Sep, 2015 3 commits
  16. 21 Sep, 2015 2 commits
  17. 20 Sep, 2015 4 commits
  18. 19 Sep, 2015 3 commits
  19. 18 Sep, 2015 2 commits
    • dcashman's avatar
      Revert "Enable restorecon to properly label symlinks." · e036e11f
      dcashman authored
      This change resulted in //data being used for restorecon, rather than
      /data, causing the check to fail when deciding whether or not init
      should label app data files.
      
      This reverts commit 249094fc.
      
      (cherry-pick of commit: 02797a0e)
      
      Bug: 24190361
      Change-Id: I1a0f64404da3c54a03890df60b8b5d9102d1efa3
      e036e11f
    • dcashman's avatar
      Revert "Enable restorecon to properly label symlinks." · 02797a0e
      dcashman authored
      This change resulted in //data being used for restorecon, rather than
      /data, causing the check to fail when deciding whether or not init
      should label app data files.
      
      This reverts commit 249094fc.
      
      Bug: 24190361
      Change-Id: I803b9a644e02983c30f47b00806b52a4493801ed
      02797a0e
  20. 17 Sep, 2015 3 commits
  21. 27 Aug, 2015 2 commits