Skip to content

GitLab

Switch branch/tag
  1. 26 Aug, 2016 2 commits
    • Arve Hjønnevåg's avatar
      ServiceManager: Allow system services running as secondary users to add services · 047eec45
      Arve Hjønnevåg authored 
      This should be reverted when all system services have been cleaned up to not
do this. A process looking up a service while running in the background will
see the service registered by the active user (assuming the service is
registered on every user switch), not the service registered by the user that
the process itself belongs to.

BUG: 30795333
Change-Id: I1b74d58be38ed358f43c163692f9e704f8f31dbe
(cherry picked from commit e6bbe69b)
      047eec45
    • Arve Hjønnevåg's avatar
      ServiceManager: Restore basic uid check · d3c6ce46
      Arve Hjønnevåg authored 
      Prevent apps from registering services without relying on selinux checks.

Bug: 29431260

Change-Id: I38c6e8bc7f7cba1cbd3568e8fed1ae7ac2054a9b
(cherry picked from commit 2b74d2c1)
      d3c6ce46
  3. 19 Feb, 2016 3 commits
  5. 05 Oct, 2015 1 commit
    • William Roberts's avatar
      servicemanager: log pid and uid on selinux denial · 8fb0f92e
      William Roberts authored 
      
The audit logs for servicemanager were missing the pid and uid of the source.
This is useful for debugging.

Before:
... SELinux : avc:  denied  { find } for service=android.security.keystore scontext=u:r:system_app:s0 ...
After:
... SELinux : avc:  denied  { find } for service=android.security.keystore pid=1252 uid=1000 scontext=u:r:system_app:s0 ...

Change-Id: Id1a6f38b99f11a31315439620ead2f01108b18b2
Signed-off-by: default avatarWilliam Roberts <william.c.roberts@intel.com>
      8fb0f92e
  7. 03 Jun, 2015 2 commits
  9. 04 Apr, 2015 1 commit
  11. 01 Apr, 2015 1 commit
    • Mark Salyzyn's avatar
      servicemanager: service_manager missing include for string.h · 13df5f5f
      Mark Salyzyn authored 
      service_manager.c gets string.h inherited from
private/android_filesystem_config.h it should
not rely on this in the future. The intent is
to move fs_config function into libcutils and
thus deprecate any need for string.h in this
include file.

Bug: 19908228
Change-Id: Icc95ee02bf02c596463868b1330d209d1bd5c58a
      13df5f5f
  13. 05 Mar, 2015 1 commit
    • Nick Kralevich's avatar
      service_manager: reorder permission checks for find · b27bbd18
      Nick Kralevich authored 
      Reorder the find permission checks. This avoids generating misleading
SELinux denials when a service doesn't exist, or when a service is
prohibited to isolated apps.

The original reason for structuring the code this way is explained
in https://android-review.googlesource.com/#/c/100530/4/cmds/servicemanager/service_manager.c@172
The concern at the time was to avoid leaking a situation where
a caller could probe for the existance of a service. This turns out
to be unnecessary. The same return value is used for both a
permission denied and a service not found. The only side effect
is the generation of an SELinux audit log, which likely won't be
accessible to the calling application.

Change-Id: I9760e1821ed16102fa5f9bec07f8c34944565be9
      b27bbd18
  15. 15 Jul, 2014 1 commit
    • Riley Spahn's avatar
      Add MAC for remaining service_manager functionality. · 2a0e4094
      Riley Spahn authored 
      Add SELinux MAC for the list and find functionality
to service_manager. By default the list action uses
the service_manager_type attribute as its target
object.

(cherry picked from commit c67e6307)

Change-Id: Iaf14b21346822a6b544091a0f4a9949117934b9a
      2a0e4094
  17. 14 Jul, 2014 2 commits
    • Nick Kralevich's avatar
      service_manager: check binder passed lengths · 652c4854
      Nick Kralevich authored 
      1) Pass length through to str8 function.
2) Fix implicit function definition warning.
3) Check for NULL from bio_get_string16 functions.

Bug: 15886919
Bug: 15888753

(cherry picked from commit 7d42a3c3)

Change-Id: I1f826b88826561ea126d811c087ba30623141511
      652c4854
    • Riley Spahn's avatar
      Add MAC for remaining service_manager functionality. · c67e6307
      Riley Spahn authored 
      Add SELinux MAC for the list and find functionality
to service_manager. By default the list action uses
the service_manager_type attribute as its target
object.

Change-Id: I7630f21a9f3232ae3d6d8b9a1119230b40899aef
      c67e6307
  19. 12 Jul, 2014 1 commit
    • Nick Kralevich's avatar
      service_manager: check binder passed lengths · 7d42a3c3
      Nick Kralevich authored 
      1) Pass length through to str8 function.
2) Fix implicit function definition warning.
3) Check for NULL from bio_get_string16 functions.

Bug: 15886919
Bug: 15888753
Change-Id: I78a401d55b84f382ab83911be32b8d501998aa82
      7d42a3c3
  21. 26 Jun, 2014 1 commit
  23. 12 Jun, 2014 1 commit
    • Riley Spahn's avatar
      Add SELinux checks when adding a service. · 69154df9
      Riley Spahn authored 
      Add a MAC check to the svc_can_register function in
service_manager. The types are defined in
external/sepolicy/service.te and the mapping from service
names is defined in external/sepolicy/service_contexts.
Currently uses the property context backend to parse the
contexts file.

Bug: 12909011
Change-Id: I5d90a614263c60571c7c70c2882e6fa929911ca5
      69154df9
  25. 11 Jun, 2014 1 commit
  27. 03 Jun, 2014 1 commit
  29. 28 May, 2014 1 commit
  31. 22 May, 2014 1 commit
  33. 01 Feb, 2014 1 commit
  35. 31 Jan, 2014 5 commits
  37. 18 Sep, 2013 1 commit
  39. 11 Sep, 2013 1 commit
  41. 16 Jan, 2013 1 commit
  43. 14 Nov, 2012 1 commit
  45. 24 Oct, 2012 1 commit