- 23 Nov, 2015 1 commit
-
-
Richard Haines authored
am: be5f860e * commit 'be5f860e': Correct line count for property and service contexts files
-
- 22 Nov, 2015 1 commit
-
-
Richard Haines authored
When a line number is displayed for context errors they are x2 the correct value, so reset line count for each pass. Change-Id: I03cc6320b22d52ce989dafe4c8ecd854540d1367 Signed-off-by:
Richard Haines <richard_c_haines@btinternet.com>
-
- 18 Nov, 2015 1 commit
-
-
Jeffrey Vander Stoep authored
am: 02df2e30 * commit '02df2e30': libselinux: use /proc/thread-self when available
-
- 17 Nov, 2015 1 commit
-
-
Jeffrey Vander Stoep authored
-
- 16 Nov, 2015 1 commit
-
-
Jeffrey Vander Stoep authored
-
- 11 Nov, 2015 2 commits
-
-
Jeff Sharkey authored
am: c821cc2e * commit 'c821cc2e': Support for new file-based encryption paths.
-
Jeff Sharkey authored
We're adding "/data/user_de" paths which belong to apps, but are encrypted with a different set of keys. All the same security labels from "/data/user" paths should apply. Bug: 22358539 Change-Id: I7594d382da140c8fa4261a0fb271ff1d762cfb15
-
- 09 Nov, 2015 1 commit
-
-
Jeff Vander Stoep authored
Add isAutoPlayApp selector isAutoPlayApp is set when the seinfo value assigned by PackageManager contains ":autoplayapp" Change-Id: I5cd154257eb227a613a6a0c26f1b171500a401df
-
- 30 Oct, 2015 1 commit
-
-
William Roberts authored
am: a83098b6 * commit 'a83098b6': fix memory leaks and uninitialized jump
-
- 29 Oct, 2015 1 commit
-
-
William Roberts authored
am: 0f520fac * commit '0f520fac': fix memory leaks and uninitialized jump
-
- 27 Oct, 2015 1 commit
-
-
William Roberts authored
Some error's were reported by valgrind (below) fix them. The test cases on which these leaks were detected: 1. properly formed file_contexts file. 2. malformed file_contexts file, unknown type. 3. malformed file_contexts file, type that fails on validate callback. 4. malformed file_contexts file, invalid regex. 5. malformed file_contexts file, invalid mode. ==3819== Conditional jump or move depends on uninitialised value(s) ==3819== at 0x12A682: closef (label_file.c:577) ==3819== by 0x12A196: selabel_close (label.c:163) ==3819== by 0x10A2FD: cleanup (checkfc.c:218) ==3819== by 0x5089258: __run_exit_handlers (exit.c:82) ==3819== by 0x50892A4: exit (exit.c:104) ==3819== by 0x10A231: main (checkfc.c:361) ==3819== Uninitialised value was created by a heap allocation ==3819== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==3819== by 0x4C2CF1F: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==3819== by 0x12BB31: process_file (label_file.h:273) ==3819== by 0x12A2BA: selabel_file_init (label_file.c:522) ==3819== by 0x12A0BB: selabel_open (label.c:88) ==3819== by 0x10A038: main (checkfc.c:292) ==3819== ==3819== ==3819== HEAP SUMMARY: ==3819== in use at exit: 729 bytes in 19 blocks ==3819== total heap usage: 21,126 allocs, 21,107 frees, 923,854 bytes allocated ==3819== ==3819== 81 bytes in 1 blocks are definitely lost in loss record 1 of 2 ==3819== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==3819== by 0x50D5839: strdup (strdup.c:42) ==3819== by 0x12A2A6: selabel_file_init (label_file.c:517) ==3819== by 0x12A0BB: selabel_open (label.c:88) ==3819== by 0x10A038: main (checkfc.c:292) ==3819== ==4238== 40 bytes in 1 blocks are definitely lost in loss record 1 of 6 ==4238== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==4238== by 0x12A1D2: selabel_file_init (label_file.c:886) ==4238== by 0x12A0BB: selabel_open (label.c:88) ==4238== by 0x10A038: main (checkfc.c:292) ==4238== ==4238== 81 bytes in 1 blocks are definitely lost in loss record 2 of 6 ==4238== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==4238== by 0x50D5839: strdup (strdup.c:42) ==4238== by 0x12A2A6: selabel_file_init (label_file.c:517) ==4238== by 0x12A0BB: selabel_open (label.c:88) ==4238== by 0x10A038: main (checkfc.c:292) ==4238== ==4238== 386 bytes in 24 blocks are definitely lost in loss record 3 of 6 ==4238== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==4238== by 0x50D5889: strndup (strndup.c:45) ==4238== by 0x12CDDF: read_spec_entries (label_support.c:37) ==4238== by 0x12B72D: process_file (label_file.h:392) ==4238== by 0x12A2BA: selabel_file_init (label_file.c:522) ==4238== by 0x12A0BB: selabel_open (label.c:88) ==4238== by 0x10A038: main (checkfc.c:292) ==4238== ==4238== 648 bytes in 18 blocks are definitely lost in loss record 4 of 6 ==4238== at 0x4C2CC70: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==4238== by 0x117C9B: avtab_insert_node (avtab.c:105) ==4238== by 0x117C10: avtab_insert (avtab.c:163) ==4238== by 0x11880A: avtab_read_item (avtab.c:566) ==4238== by 0x118BD3: avtab_read (avtab.c:600) ==4238== by 0x125BDD: policydb_read (policydb.c:3854) ==4238== by 0x109F87: main (checkfc.c:273) ==4238== ==4238== 1,095 bytes in 12 blocks are definitely lost in loss record 5 of 6 ==4238== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==4238== by 0x12D8D1: pcre_compile2 (pcre_compile.c:9217) ==4238== by 0x12B239: compile_regex (label_file.h:357) ==4238== by 0x12B9C7: process_file (label_file.h:429) ==4238== by 0x12A2BA: selabel_file_init (label_file.c:522) ==4238== by 0x12A0BB: selabel_open (label.c:88) ==4238== by 0x10A038: main (checkfc.c:292) ==4238== ==4238== 1,296 bytes in 12 blocks are definitely lost in loss record 6 of 6 ==4238== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==4238== by 0x13EBE5: pcre_study (pcre_study.c:1565) ==4238== by 0x12B25D: compile_regex (label_file.h:366) ==4238== by 0x12B9C7: process_file (label_file.h:429) ==4238== by 0x12A2BA: selabel_file_init (label_file.c:522) ==4238== by 0x12A0BB: selabel_open (label.c:88) ==4238== by 0x10A038: main (checkfc.c:292) Change-Id: I2f7ed4ffbdcc3d0646f7caf66187d87347220c60 Signed-off-by:
William Roberts <william.c.roberts@intel.com>
-
- 22 Oct, 2015 2 commits
-
-
William Roberts authored
am: ca65fd51 * commit 'ca65fd51': Use libpackageparser
-
William Roberts authored
am: 6d5e6edc * commit '6d5e6edc': Use libpackageparser
-
- 14 Oct, 2015 4 commits
-
-
William Roberts authored
Switch from the internal packages.list parser implementation to a common parser library. Change-Id: I7aee10c9395310919779ed2463aab6b2f8b380cc Signed-off-by:
William Roberts <william.c.roberts@intel.com>
-
Jeff Vander Stoep authored
* commit '04badd25': Add privapp flag to libselinux
-
Jeff Vander Stoep authored
* commit '2857a7ec': Add privapp flag to libselinux
-
Jeff Vander Stoep authored
Run privileged apps in their own domain. Search seinfo string for ":privapp" specifier. Motivation: Untrusted_app is overprivileged due to the inclusion of privileged apps like gmscore, play store and finsky. Moving these and other privileged apps to their own domain reduces the permissions required by untrusted_app. A separate priv_app domain also protects priv-apps by further isolating them from third party apps. Bug: 22033466 Change-Id: I6e85ae13cbd130415600ecc25ef8ac053a19d0d8
-
- 10 Oct, 2015 3 commits
-
-
Nick Kralevich authored
* commit 'a31a56a6': audit: log permissive from access decision
-
Nick Kralevich authored
* commit '80890a97': audit: log permissive from access decision
-
Nick Kralevich authored
-
- 06 Oct, 2015 1 commit
-
-
William Roberts authored
The userspace object managers were missing the permissive=0|1 as found in the kernel logs. This is important when debugging potential policy issues. To remedy this, add the permissive result from the access decision at the end of the audit logs. A shortened log sample from Android: avc: denied { find } <snip> tclass=service_manager permissive=1 Change-Id: Ic92852f3bad258982d8f68dc93d978612a52db04 Signed-off-by:
William Roberts <william.c.roberts@intel.com>
-
- 22 Sep, 2015 3 commits
-
-
Dan Cashman authored
* commit 'deb18b51': Enable restorecon to properly label symlinks.
-
Dan Cashman authored
* commit '0feca1dd': Enable restorecon to properly label symlinks.
-
Dan Cashman authored
* commit '87ceb1e2': Enable restorecon to properly label symlinks.
-
- 21 Sep, 2015 2 commits
-
-
Dan Cashman authored
commit: 06d45512 changed restorecon to only operate on paths which had undergone a realpath transformation. Unfortunately, this made it impossible to directly restorecon a symlink, since the symlink would be followed. Change restorecon to only perform realpath on the directory prefix, so that symlinks can be labeled. Bug: 21732016 Change-Id: Iebb5d5e9c637c2ef3da5d5674f73babf094af131
-
Jeffrey Vander Stoep authored
* commit '72a4168c': Fix mmap memory release for file labeling
-
- 20 Sep, 2015 4 commits
-
-
Jeffrey Vander Stoep authored
* commit '3763c321': Fix mmap memory release for file labeling
-
Jeffrey Vander Stoep authored
* commit 'd4b197ab': Fix mmap memory release for file labeling
-
Jeffrey Vander Stoep authored
-
Richard Haines authored
Ensure the mmap start address and length are not modified so the memory used can be released when selabel_close(3) is called. Change-Id: I241ca517cc0a2b3d10faacb4a370d3770803781c Signed-off-by:
Richard Haines <richard_c_haines@btinternet.com>
-
- 19 Sep, 2015 3 commits
-
- 18 Sep, 2015 2 commits
-
-
dcashman authored
This change resulted in //data being used for restorecon, rather than /data, causing the check to fail when deciding whether or not init should label app data files. This reverts commit 249094fc. (cherry-pick of commit: 02797a0e) Bug: 24190361 Change-Id: I1a0f64404da3c54a03890df60b8b5d9102d1efa3
-
- 17 Sep, 2015 3 commits
-
-
Dan Cashman authored
* commit '74900f76': Enable restorecon to properly label symlinks.
-
Dan Cashman authored
* commit '249094fc': Enable restorecon to properly label symlinks.
-
Dan Cashman authored
commit: 06d45512 changed restorecon to only operate on paths which had undergone a realpath transformation. Unfortunately, this made it impossible to directly restorecon a symlink, since the symlink would be followed. Change restorecon to only perform realpath on the directory prefix, so that symlinks can be labeled. Bug: 21732016 Change-Id: I95e18f9a8e9ffda8cf9ab8676052486c68216b00
-
- 27 Aug, 2015 2 commits
-
-
Richard Haines authored
* commit 'a0fb33c1':
-
Nick Kralevich authored
* commit '5f83d69a':
-