ADHOC/replicant-vendor_replicant
3
0
Fork 0
Code Issues 6 Pull Requests Releases Activity
2,666 Commits 2 Branches 0 Tags 430 MiB
72f4855807
Commit Graph

10 Commits

Author SHA1 Message Date
FrozenCow
ec0322e31b cm: sepolicy: allow kernel to read storage 
This fixes issues where the kernel would need to read and write
files from internal or external storage. More specifically, the
kernel needs these rules for USB mass storage to work correctly.

Change-Id: I8cb0307727bc0c464d5470e55275ad808e748ee0
 2016-02-20 14:26:41 -08:00
codeworkx
01490eface sepolicy: fix denial for sudaemon 
fixes root access for apps

Change-Id: Iff443bf4cbea817917da72bbfc58f9fe42acceb5
 2015-11-22 09:57:08 -08:00
myfluxi
8501771607 sepolicy: Make superuser_device and sudaemon mlstrustedobjects 
Address:
avc: denied { write } for pid=8782 comm="su" name="su-daemon" dev="tmpfs" ino=9462
scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:superuser_device:s0
tclass=sock_file permissive=0

avc: denied { connectto } for pid=6666 comm="su" path="/dev/socket/su-daemon/su-daemon"
scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:sudaemon:s0
tclass=unix_stream_socket permissive=0

And thus fix su.

Change-Id: I666277067c5ff9f2a985c243075c63fd87090b27
 2015-11-05 23:53:50 +01:00
Dan Pasanen
9ca9d95a76 sepolicy: remove sudaemon type declaration 
* this is already defined in external/sepolicy

Change-Id: I541b5de5bb6057f4fa3d88b6e9b9425b65f9963e
 2015-10-17 09:22:14 -05:00
Ricardo Cerqueira
a7dfa18fd5 sepolicy: Add policies for the new superuser sockets. 
Change-Id: Ia3e1044616bee95eb4774254fb098487d983b5db
 2015-01-04 01:16:25 +00:00
Ricardo Cerqueira
4df29e013d selinux: Workaround for devices with PR_SET_NO_NEW_PRIVS enforcement 
PR_SET_NO_NEW_PRIVS blocks domain transitions from within app_process,
unless the new domain is bounded by the app's context. So we can't
switch to a domain that has perms not available to untrusted_app :(

This means any app can talk to the daemon, bypassing the su executable
client. That's not a good thing, and needs to be resolved.

Change-Id: I85b74f90b8737caaa193a0555b5262e7392519b2
 2014-12-10 20:38:34 +00:00
Ricardo Cerqueira
7cd698341f Revert "SELinux: su: update policies" 
This reverts commit 04fd9192b0.

Change-Id: I69e51fb6c151a48972cf81947c1c59c6f26f60e9
 2014-12-10 17:19:14 +00:00
Pawit Pornkitprasan
04fd9192b0 SELinux: su: update policies 
- Integrate policies from domain.te (fixes ES File Manager which uses unix socket)
- Allow platform_app to use su (fixes CM File Manager)

Change-Id: I39dd55e63b44590575bbe6d889c8d77141ba8545
 2014-12-08 05:43:14 +00:00
Chirayu Desai
9e0dba30b7 SELinux: su: Remove extra quote in a comment 
* Fixes
  vendor/cm/sepolicy/su.te:46:WARNING 'unrecognized character' at token '''

Change-Id: I3957ba7ac05062766cbf6c8f3c3975f20c95532e
 2014-11-30 03:05:41 +00:00
Ricardo Cerqueira
09159ac7ce Add selinux policies for superuser 
Change-Id: I878eaa9d25feaedf46e89083f91d6a21f4aff37a
 2014-11-27 01:45:53 +00:00