Commits · f5e90004a30a2cb5c1a1d70134a32d68994e2568 · halo / external_sepolicy

19 Dec, 2013 1 commit

Make bluetooth, nfc, radio and shell adb-installable · f5e90004

Takeshi Aimi authored 11 years ago

bluetooth, nfc, radio and shell are not explicitly declared
in installd.te. This prevents applications in those group
from upgrading by "adb install -r".

You can reproduce the issue by following step:
 1. adb pull /system/priv-app/Shell.apk
 2. adb install -r Shell.apk
 3. install failed with the error log blow

[Error in logcat]
E/installd(  338): couldn't symlink directory '/data/data/com.android.shell/lib' -> '/data/app-lib/com.android.shell-1': Permission denied
E/installd(  338): couldn't symlink directory '/data/data/com.android.shell/lib' -> '/data/app-lib/Shell': Permission denied

[Error in dmesg]
<5>[  112.053301] type=1400 audit(1387412796.071:10): avc:  denied  { create } for  pid=337 comm="installd" name="lib" scontext=u:r:installd:s0 tcontext=u:object_r:shell_data_file:s0 tclass=lnk_file

This operation fails only if the app belongs to any of the
groups specified in the commit title.

Change-Id: I7572df9fb6e471fad34f61137f0eeeda4c82659d

f5e90004

17 Sep, 2013 1 commit

Fix long-tail denials in enforcing domains. · 3bb1ccc2

Geremy Condra authored 11 years ago

The specific denials we see are:

denied { getattr } for pid=169 comm=""installd"" path=""/data/data/com.android.providers.downloads/cache/downloadfile.jpeg"" dev=""mmcblk0p23"" ino=602861 scontext=u:r:installd:s0 tcontext=u:object_r:download_file:s0 tclass=file
denied { fsetid } for pid=598 comm=""netd"" capability=4 scontext=u:r:netd:s0 tcontext=u:r:netd:s0 tclass=capability
denied { read } for pid=209 comm=""installd"" name=""cache"" dev=""mmcblk0p28"" ino=81694 scontext=u:r:installd:s0 tcontext=u:object_r:download_file:s0 tclass=dir

Bug: 10786017
Change-Id: Ia5d0b6337f3de6a168ac0d5a77df2a1ac419ec29

3bb1ccc2

11 Sep, 2013 2 commits

Switch installd to use r_dir_perms for download_file dirs. · a77068b3

Geremy Condra authored 11 years ago

This fixes an issue in which installd can't open download
file dirs.

Bug: 10710450
Change-Id: I1dd08188a88428143c4bb914e872175dc3755597

a77068b3

Switch installd to use r_dir_perms for download_file dirs. · 011094cc

Geremy Condra authored 11 years ago

This fixes an issue in which installd can't open download
file dirs.

Bug: 10710450
Change-Id: I1dd08188a88428143c4bb914e872175dc3755597

011094cc

10 Sep, 2013 3 commits

Permit installd to unlink all types of data_file_type. · 34a8e121

Alex Klyubin authored 11 years ago

This enables installd to uninstall or clear data of installed apps
whose data directory contains unusual file types, such as FIFO.

Bug: 10680357

(cherry picked from commit 839af9ed)

Change-Id: I5715f7d6d3214896ad0456d614b052cf5fb79eef

34a8e121

Backport part of to klp-dev · 9565c5ce

Nick Kralevich authored 11 years ago

Part of d615ef34 hasn't been backported
to klp-dev yet.  Do it now.

Change-Id: Ib4f26c64d376e236fa3f76166f5d78a9f28b79a3

9565c5ce

Allow installd to clear fifos and sockets · 839af9ed
Nick Kralevich authored 11 years ago
```
Bug: 10680357
Change-Id: I2a20f4aaaa53acbd53a404d369a79ae47246ad6f
```
839af9ed

04 Sep, 2013 1 commit
- Fix miscellaneous long-tail denials. · d615ef34
  Geremy Condra authored 11 years ago
```
Change-Id: Ie0947f79c63f962220d3c9316c5d5d82f677821f
```
  d615ef34
12 Jul, 2013 1 commit

Revert "Temporarily disable installd selinux protections" · 5bfdf340

Nick Kralevich authored 12 years ago

The emulator has been upgraded to ext4, which was the root cause
of bug 9685803. See https://code.google.com/p/android/issues/detail?id=38561 .
As a result, we can reenable installd protections.

This reverts commit 201cfae4.

Bug: 9685803
Change-Id: I4ed47f7aeaef4aac504e13c2ae23fb416e4e6e49

5bfdf340

11 Jul, 2013 1 commit

domain.te: Add backwards compatibility for unlabeled files · 0c9708b2

Nick Kralevich authored 12 years ago

For unlabeled files, revert to DAC rules. This is for backwards
compatibility, as files created before SELinux was in place may
not be properly labeled.

Over time, the number of unlabeled files will decrease, and we can
(hopefully) remove this rule in the future.

To prevent inadvertantly introducing the "relabelto" permission, add
a neverallow domain, and add apps which have a legitimate need to
relabel to this domain.

Bug: 9777552
Change-Id: I71b0ff8abd4925432062007c45b5be85f6f70a88

0c9708b2

03 Jul, 2013 1 commit
- Temporarily disable installd selinux protections · 201cfae4
  Nick Kralevich authored 12 years ago
```
This is breaking the emulator.

Bug: 9685803
Change-Id: Ibd5b312b97d52fdac9289e44a40e9bba07be1c7f
```
  201cfae4
02 Jul, 2013 1 commit

installd: enable SELinux restrictions · 51946bc8

Nick Kralevich authored 12 years ago

This change enables SELinux security enforcement on the installd
process.

For the installd.te file only, this change is equivalent to reverting
the following commits:

    * 50e37b93
    * 77d4731e

No other changes were required.

Testing: As much as possible, I've tested that package installation
works, from both adb and via Android market. There were no denials
in the kernel dmesg log, and everything appears to be working correctly.

It's quite possible I've missed something. If we experience problems,
I'm happy to roll back this change.

Bug: 9662644
Change-Id: Id93d4ee7b517dfa28c9a0b1d45d936b56892ac0a

51946bc8

20 May, 2013 1 commit

Make all domains unconfined. · 77d4731e

repo sync authored 12 years ago

This prevents denials from being generated by the base policy.
Over time, these rules will be incrementally tightened to improve
security.

Change-Id: I4be1c987a5d69ac784a56d42fc2c9063c402de11

77d4731e

15 May, 2013 1 commit
- Move domains into per-domain permissive mode. · 50e37b93
  repo sync authored 12 years ago
```
Bug: 4070557
Change-Id: I027f76cff6df90e9909711cb81fbd17db95233c1
```
  50e37b93
05 Apr, 2013 2 commits

Give domains read access to security_file domain. · 7bb2a55c

William Roberts authored 12 years ago

/data/security is another location that policy
files can reside. In fact, these policy files
take precedence over their rootfs counterparts
under certain circumstances. Give the appropriate
players the rights to read these policy files.

Change-Id: I9951c808ca97c2e35a9adb717ce5cb98cda24c41

7bb2a55c

Give domains read access to security_file domain. · 6c4c27e6

William Roberts authored 12 years ago

/data/security is another location that policy
files can reside. In fact, these policy files
take precedence over their rootfs counterparts
under certain circumstances. Give the appropriate
players the rights to read these policy files.

Change-Id: I9951c808ca97c2e35a9adb717ce5cb98cda24c41

6c4c27e6

22 Oct, 2012 1 commit

Add SELinux policy for asec containers. · 7672eac5

rpcraig authored 12 years ago


Creates 2 new types:
- asec_apk_file : files found under /mnt/asec
                  when the asec images are mounted
- asec_image_file : the actual encrypted apks under
                    /data/app-asec

Change-Id: I963472add1980ac068d3a6d36a24f27233022832
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>

7672eac5

27 Jul, 2012 1 commit
- installd unlink platform_app_data_file · f6ca1605
  Haiqing Jiang authored 13 years ago
  
  f6ca1605
24 Jul, 2012 1 commit
- external/sepolicy: install daemon unlink application data files · 8f781f57
  hqjiang authored 13 years ago
  
  8f781f57
19 Mar, 2012 1 commit
- Introduce a separate apk_tmp_file type for the vmdl.*\.tmp files. · 59d28035
  Stephen Smalley authored 13 years ago
  
  59d28035
04 Jan, 2012 1 commit
- SE Android policy. · 2dd4e51d
  Stephen Smalley authored 13 years ago
  
  2dd4e51d