GitLab

Neverallow access to privileged commands.

Change-Id: I443be5bbcd8cdf55e23c2c4d8fee93c4ebf30e55

Exempt bluetooth which has net_admin capability.

Allow Droidguard to access the MAC address - droidguard runs in
priv_app domain.

Change-Id: Ia3cf07f4a96353783b2cfd7fc4506b7034daa2f1

am: 1ae69e4f

* commit '1ae69e4f':
  domain_deprecated.te: Exclude recovery from auditallow for /cache/recovery

am: 829a7493

* commit '829a7493':
  domain_deprecated.te: Exclude recovery from auditallow for /cache/recovery

Recovery uses /cache/recovery. Exclude it from auditallow coverage.

Addresses the following SELinux log spam:

  avc:  granted  { search } for  pid=323 comm="recovery" name="recovery" dev="mmcblk0p38" ino=12 scontext=u:r:recovery:s0 tcontext=u:object_r:cache_recovery_file:s0 tclass=dir
  avc:  granted  { read } for  pid=323 comm="recovery" name="block.map" dev="mmcblk0p38" ino=26 scontext=u:r:recovery:s0 tcontext=u:object_r:cache_recovery_file:s0 tclass=file
  avc:  granted  { getattr } for  pid=323 comm="recovery" path="/cache/recovery/block.map" dev="mmcblk0p38" ino=26 scontext=u:r:recovery:s0 tcontext=u:object_r:cache_recovery_file:s0 tclass=file

Change-Id: Ib6c7b44ac23fccaf2ea506429fb760ee85e87c76

am: e139b40f

* commit 'e139b40f':
  untrusted_app: remove mtp_device perms

am: 956ca4c5

* commit '956ca4c5':
  untrusted_app: remove mtp_device perms

No longer necessary after android.process.media moved to the
priv_app domain. Verified no new denials via audit2allow rule.

Bug: 25085347
Change-Id: I2d9498d5d92e79ddabd002b4a5c6f918e1eb9bcc

Change-Id: Ide2e832ab1ce7af98d735992d11be176f96f1f3f

am: f02db47b

* commit 'f02db47b':
  Add sysfs_batteryinfo label.

am: 4706a088

* commit '4706a088':
  debuggerd.te: allow debuggerd to drop root.

am: 751c0075

* commit '751c0075':
  debuggerd.te: allow debuggerd to drop root.

Shell user needs to be able to get current device battery_level via
/sys/class/power_supply/battery/capacity.  Create a global label and
corresponding policy for accessing this.  Rely on each device to label
the appropriate sysfs entry.

Bug: 26219114
Change-Id: I2c5ef489a9db2fdf7bbd5afd04278214b814351c

Bug: http://b/25195825
Change-Id: I70257d5e40332f315020547baaa77a92fdfc58b0

am: 36dabd96

* commit '36dabd96':
  Log app access to sysfs for removal.

am: f226b0c9

* commit 'f226b0c9':
  Log app access to sysfs for removal.

Bug: 22032619
Change-Id: Ic160e0beef353c6dc5fb5e2d6a09a5628f067fe3

Disallow access to all sockets other than unix_stream and unix_dgram

Change-Id: Ie8ff80db7051ce57e56ef0365a4873aacdd5b652

From self to domain

Change-Id: I97aeea67a6b66bc307715a050cf7699e5be9715e

Enforce via neverallow rule by adding WAN_IOC_ADD_FLT_RULE
and WAN_IOC_ADD_FLT_RULE_INDEX to neverallow macro.

Bug: 26324307
Change-Id: I5350d9339e45ddeefd5423c3fe9a0ea14fe877b2

Only allow shell to access the same subset of ioctl commands as
untrusted_app. This reduces the attack surface of the kernel
available to a local attacker.

Bug: 26324307
Bug: 26267358
Change-Id: Ib8ecb9546af5fb480d2622149d4e00ec50cd4cde

am: b16fc899

* commit 'b16fc899':
  Creates a new permission for /cache/recovery

Change-Id: I80109bb0167f06a8d39d8b036b3c487ec2f06124

am: 549ccf77

* commit '549ccf77':
  Creates a new permission for /cache/recovery

This permission was created mostly for dumpstate (so it can include
recovery files on bugreports when an OTA fails), but it was applied to
uncrypt and recovery as well (since it had a wider access before).

Grant access to cache_recovery_file where we previously granted access
to cache_file. Add auditallow rules to determine if this is really
needed.

BUG: 25351711
Change-Id: I07745181dbb4f0bde75694ea31b3ab79a4682f18

am: 36f255ff

* commit '36f255ff':
  Create sysfs_zram label.

Address following denials:
avc: denied { getattr } for path="/sys/devices/virtual/block/zram0/disksize" dev="sysfs" ino=14958 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_zram:s0 tclass=file permissive=0
avc: denied { search } for name="zram0" dev="sysfs" ino=14903 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs_zram:s0 tclass=dir permissive=0
avc: denied { read } for name="mem_used_total" dev="sysfs" ino=14970 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs_zram:s0 tclass=file permissive=0
avc: denied { write } for name="uevent" dev="sysfs" ino=14904 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_zram:s0 tclass=file permissive=0
avc: denied { open } for path="/sys/devices/virtual/block/zram0/uevent" dev="sysfs" ino=14904 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_zram:s0 tclass=file permissive=0
avc: denied { read } for pid=348 comm="vold" name="zram0" dev="sysfs" ino=15223 scontext=u:r:vold:s0 tcontext=u:object_r:sysfs_zram:s0 tclass=dir permissive=0
avc: denied { search } for pid=3494 comm="ContactsProvide" name="zram0"dev="sysfs" ino=15223 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:sysfs_zram:s0 tclass=dir permissive=0

Bug: 22032619
Change-Id: I40cf918b7cafdba6cb3d42b04b1616a84e4ce158

Reduce the socket ioctl commands available to untrusted/isolated apps.
Neverallow accessing sensitive information or setting of network parameters.
Neverallow access to device private ioctls i.e. device specific
customizations as these are a common source of driver bugs.

Define common ioctl commands in ioctl_defines.

Bug: 26267358
Change-Id: Ic5c0af066e26d4cb2867568f53a3e65c5e3b5a5d

am: 26f06d17

* commit '26f06d17':
  Android.mk: cleanse all set but not unset variables
  Android.mk: clean dependencies and clear variables

am: 1e5b7a19

* commit '1e5b7a19':
  Android.mk: cleanse all set but not unset variables
  Android.mk: clean dependencies and clear variables

* changes:
  Android.mk: cleanse all set but not unset variables
  Android.mk: clean dependencies and clear variables

am: 7b2e1719

* commit '7b2e1719':
  Minor cleanup to align the content with Master

am: 97a39212

* commit '97a39212':
  Minor cleanup to align the content with Master

No functional changes.

Change-Id: Ib6246932a2b491b77bafb1ce19e7b2285abec65e