Merge "Allowing vold to search /mnt/vendor/*"
diff --git a/OWNERS b/OWNERS
index ff29677..4b9cbf3 100644
--- a/OWNERS
+++ b/OWNERS
@@ -3,6 +3,8 @@
jbires@google.com
jeffv@google.com
jgalenson@google.com
+nnk@google.com
+smoreland@google.com
sspatil@google.com
tomcherry@google.com
trong@google.com
diff --git a/public/app.te b/public/app.te
index 411ce59..169e619 100644
--- a/public/app.te
+++ b/public/app.te
@@ -405,6 +405,14 @@
# ptrace access to non-app domains.
neverallow appdomain { domain -appdomain }:process ptrace;
+# The Android security model guarantees the confidentiality and integrity
+# of application data and execution state. Ptrace bypasses those
+# confidentiality guarantees. Disallow ptrace access from system components
+# to apps. Crash_dump is excluded, as it needs ptrace access to
+# produce stack traces.
+
+neverallow { domain -appdomain -crash_dump } appdomain:process ptrace;
+
# Read or write access to /proc/pid entries for any non-app domain.
# A different form of hidepid=2 like protections
neverallow appdomain { domain -appdomain }:file no_w_file_perms;
diff --git a/public/te_macros b/public/te_macros
index cdfdc89..a9814ff 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -178,6 +178,12 @@
allow $1 $1_tmpfs:file execute;
neverallow { $1 -shell } { domain -$1 }:file no_rw_file_perms;
neverallow { appdomain -shell -$1 } $1:file no_rw_file_perms;
+# The Android security model guarantees the confidentiality and integrity
+# of application data and execution state. Ptrace bypasses those
+# confidentiality guarantees. Disallow ptrace access from system components
+# to apps. Crash_dump is excluded, as it needs ptrace access to
+# produce stack traces.
+neverallow { domain -$1 -crash_dump } $1:process ptrace;
')
#####################################
diff --git a/public/vendor_init.te b/public/vendor_init.te
index 9b537c1..941303c 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -57,7 +57,7 @@
-unlabeled
-vendor_file_type
-vold_metadata_file
-}:file { create getattr open read write setattr relabelfrom unlink };
+}:file { create getattr open read write setattr relabelfrom unlink map };
allow vendor_init {
file_type
@@ -104,7 +104,7 @@
-proc_uid_time_in_state
-proc_uid_concurrent_active_time
-proc_uid_concurrent_policy_time
-}:file { open read setattr };
+}:file { open read setattr map };
allow vendor_init {
fs_type
@@ -146,7 +146,7 @@
r_dir_file(vendor_init, vendor_file_type)
# Vendor init can read properties
-allow vendor_init serialno_prop:file { getattr open read };
+allow vendor_init serialno_prop:file { getattr open read map };
# Vendor init can perform operations on trusted and security Extended Attributes
allow vendor_init self:global_capability_class_set sys_admin;
diff --git a/tests/sepol_wrap.cpp b/tests/sepol_wrap.cpp
index 39b618b..41f13bf 100644
--- a/tests/sepol_wrap.cpp
+++ b/tests/sepol_wrap.cpp
@@ -29,7 +29,7 @@
if (!out) {
std::cerr << "Failed to allocate genfs iterator" << std::endl;
- return NULL;
+ return nullptr;
}
policydb_t *db = static_cast<policydb_t *>(policydbp);
@@ -66,8 +66,8 @@
}
i->ocon = i->ocon->next;
- if (i->ocon == NULL) {
- if (i->genfs->next != NULL) {
+ if (i->ocon == nullptr) {
+ if (i->genfs->next != nullptr) {
i->genfs = i->genfs->next;
i->ocon = i->genfs->head;
} else {
@@ -103,10 +103,10 @@
if (!out) {
std::cerr << "Failed to allocate type type iterator" << std::endl;
- return NULL;
+ return nullptr;
}
- if (type == NULL) {
+ if (type == nullptr) {
out->length = db->p_types.nprim;
out->bit = 0;
if (is_attr)
@@ -119,11 +119,11 @@
if (is_attr && out->d->flavor != TYPE_ATTRIB) {
std::cerr << "\"" << type << "\" MUST be an attribute in the policy" << std::endl;
free(out);
- return NULL;
+ return nullptr;
} else if (!is_attr && out->d->flavor !=TYPE_TYPE) {
std::cerr << "\"" << type << "\" MUST be a type in the policy" << std::endl;
free(out);
- return NULL;
+ return nullptr;
}
if (is_attr) {
@@ -191,14 +191,14 @@
fp = fopen(policy_path, "re");
if (!fp) {
std::cerr << "Invalid or non-existing policy file: " << policy_path << std::endl;
- return NULL;
+ return nullptr;
}
db = (policydb_t *) calloc(1, sizeof(policydb_t));
if (!db) {
std::cerr << "Failed to allocate memory for policy db." << std::endl;
fclose(fp);
- return NULL;
+ return nullptr;
}
sidtab_t sidtab;
@@ -210,17 +210,17 @@
std::cerr << "Failed to stat the policy file" << std::endl;
free(db);
fclose(fp);
- return NULL;
+ return nullptr;
}
auto unmap = [=](void *ptr) { munmap(ptr, sb.st_size); };
std::unique_ptr<void, decltype(unmap)> map(
- mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fileno(fp), 0), unmap);
+ mmap(nullptr, sb.st_size, PROT_READ, MAP_PRIVATE, fileno(fp), 0), unmap);
if (!map) {
std::cerr << "Failed to map the policy file" << std::endl;
free(db);
fclose(fp);
- return NULL;
+ return nullptr;
}
struct policy_file pf;
@@ -232,7 +232,7 @@
std::cerr << "Failed to initialize policydb" << std::endl;
free(db);
fclose(fp);
- return NULL;
+ return nullptr;
}
if (policydb_read(db, &pf, 0)) {
@@ -240,7 +240,7 @@
policydb_destroy(db);
free(db);
fclose(fp);
- return NULL;
+ return nullptr;
}
return static_cast<void *>(db);
@@ -266,7 +266,7 @@
size_t len;
for (; avtab_i->i < avtab_i->avtab->nslot; (avtab_i->i)++) {
- if (avtab_i->cur == NULL) {
+ if (avtab_i->cur == nullptr) {
avtab_i->cur = avtab_i->avtab->htable[avtab_i->i];
}
for (; avtab_i->cur; avtab_i->cur = (avtab_i->cur)->next) {
@@ -286,7 +286,7 @@
}
return 0;
}
- avtab_i->cur = NULL;
+ avtab_i->cur = nullptr;
}
return 1;
@@ -306,7 +306,7 @@
calloc(1, sizeof(struct avtab_iter));
if (!out) {
std::cerr << "Failed to allocate avtab iterator" << std::endl;
- return NULL;
+ return nullptr;
}
out->avtab = in;
@@ -344,7 +344,7 @@
calloc(1, sizeof(struct avtab_iter));
if (!out) {
std::cerr << "Failed to allocate avtab iterator" << std::endl;
- return NULL;
+ return nullptr;
}
avtab_t *avtab = (avtab_t *) calloc(1, sizeof(avtab_t));
@@ -352,7 +352,7 @@
if (!avtab) {
std::cerr << "Failed to allocate avtab" << std::endl;
free(out);
- return NULL;
+ return nullptr;
}
out->avtab = avtab;
@@ -360,14 +360,14 @@
std::cerr << "Failed to initialize avtab" << std::endl;
free(avtab);
free(out);
- return NULL;
+ return nullptr;
}
if (expand_avtab(p, in, out->avtab)) {
std::cerr << "Failed to expand avtab" << std::endl;
free(avtab);
free(out);
- return NULL;
+ return nullptr;
}
return out;
}