Google Git
Sign in
android / platform / external / sepolicy / refs/tags/android-6.0.1_r54
tag8dcdee83d23e5e125dce27ced9692827a4898c64
taggerThe Android Open Source Project <initial-contribution@android.com>Wed Jul 06 17:01:45 2016 -0700
objectc2d061235cdd4818f57eb7acba4724496810222f 
Android 6.0.1 Release 54 (MTC19Z)
commitc2d061235cdd4818f57eb7acba4724496810222f[log] [tgz]
authorNick Kralevich <nnk@google.com>Thu May 05 13:37:55 2016 -0700
committerThe Android Automerger <android-build@google.com>Fri May 27 11:07:55 2016 -0700
tree47af7c6b0fd59d723ea97793a08b487007c9d6a4
parentdaa2c25b87657f40477e46e32bbbf291b3a45541 [diff]
Remove generic socket access from untrusted processes

SELinux defines various classes for various socket types, including
tcp_socket, udp_socket, rawip_socket, netlink_socket, etc. Socket
classes not known to the SELinux kernel code get lumped into the generic
"socket" class. In particular, this includes the AF_MSM_IPC socket
class.

Bluetooth using apps were granted access to this generic socket class at
one point in 2012. In 1601132086b054adc70e7f8f38ed24574c90bc37,
a TODO was added indicating that this access was likely unnecessary. In
cb835a2852997dde0be2941173f8c879ebbef157, an auditallow was added to
test to see if this rule was actually used, and in master branch
d0113ae0aed1a455834f26ec847b6ca8610e3b16, this rule was completely
deleted.

Revoke access to the generic socket class for isolated_app,
untrusted_app, and shell for older Android releases. This is
conceptually a backport of d0113ae0aed1a455834f26ec847b6ca8610e3b16, but
affecting fewer domains to avoid potential breakage.

Add a neverallow rule asserting that this rule isn't present for the
untrusted domains. Contrary to our usual conventions, the neverallow
rule is placed in bluetooth.te, to avoid merge conflicts and simplify
patching.

Bug: 28612709
Bug: 25768265
Change-Id: Ibfbb67777e448784bb334163038436f3c4dc1b51
1 file changed
tree: 47af7c6b0fd59d723ea97793a08b487007c9d6a4
  1. tools/
  2. access_vectors
  3. adbd.te
  4. Android.mk
  5. app.te
  6. attributes
  7. binderservicedomain.te
  8. blkid.te
  9. blkid_untrusted.te
  10. bluetooth.te
  11. bootanim.te
  12. clatd.te
  13. debuggerd.te
  14. device.te
  15. dex2oat.te
  16. dhcp.te
  17. dnsmasq.te
  18. domain.te
  19. drmserver.te
  20. dumpstate.te
  21. file.te
  22. file_contexts
  23. fingerprintd.te
  24. fs_use
  25. fsck.te
  26. fsck_untrusted.te
  27. gatekeeperd.te
  28. genfs_contexts
  29. global_macros
  30. gpsd.te
  31. hci_attach.te
  32. healthd.te
  33. hostapd.te
  34. init.te
  35. initial_sid_contexts
  36. initial_sids
  37. inputflinger.te
  38. install_recovery.te
  39. installd.te
  40. ioctl_macros
  41. isolated_app.te
  42. kernel.te
  43. keys.conf
  44. keystore.te
  45. lmkd.te
  46. logd.te
  47. mac_permissions.xml
  48. mdnsd.te
  49. mediaserver.te
  50. mls
  51. mls_macros
  52. mtp.te
  53. net.te
  54. netd.te
  55. neverallow_macros
  56. nfc.te
  57. NOTICE
  58. perfprofd.te
  59. platform_app.te
  60. policy_capabilities
  61. port_contexts
  62. ppp.te
  63. procrank.te
  64. property.te
  65. property_contexts
  66. racoon.te
  67. radio.te
  68. README
  69. recovery.te
  70. rild.te
  71. roles
  72. runas.te
  73. sdcardd.te
  74. seapp_contexts
  75. security_classes
  76. service.te
  77. service_contexts
  78. servicemanager.te
  79. sgdisk.te
  80. shared_relro.te
  81. shell.te
  82. slideshow.te
  83. su.te
  84. surfaceflinger.te
  85. system_app.te
  86. system_server.te
  87. te_macros
  88. tee.te
  89. toolbox.te
  90. tzdatacheck.te
  91. ueventd.te
  92. uncrypt.te
  93. untrusted_app.te
  94. users
  95. vdc.te
  96. vold.te
  97. watchdogd.te
  98. wpa.te
  99. zygote.te