Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 6d0e9c8f4ee4f326b2c2851fa2851193fec33a4e
commit6d0e9c8f4ee4f326b2c2851fa2851193fec33a4e[log] [tgz]
authorNick Kralevich <nnk@google.com>Sat Aug 01 20:14:21 2015 -0700
committerNick Kralevich <nnk@google.com>Mon Aug 24 15:24:33 2015 -0700
treecb03b2553d52aa05668930158e0b0eb495a01002
parent48d98e35419f74fe515ec560277726081c2fd0e3 [diff]
init.te: delete kernel load policy support

Remove the ability to dynamically update SELinux policy on the
device.

1) This functionality has never been used, so we have no idea if
it works or not.

2) If system_server is compromised, this functionality allows a
complete bypass of the SELinux policy on the device. In particular,
an attacker can force a regression of the following patch
  * https://android-review.googlesource.com/138510
see also https://code.google.com/p/android/issues/detail?id=181826

3) Dynamic policy update can be used to bypass neverallow protections
enforced in CTS, by pushing a policy to the device after certification.
Such an updated policy could bring the device out of compliance or
deliberately introduce security weaknesses.

(cherrypicked from commit e827a8ab27020be0f266a5a6083b11308fe1a349)

Bug: 22885422
Bug: 8949824
Change-Id: I802cb61fd18a452a2bb71c02fe57cfce5b7e9dc8
2 files changed
tree: cb03b2553d52aa05668930158e0b0eb495a01002
  1. tools/
  2. access_vectors
  3. adbd.te
  4. Android.mk
  5. app.te
  6. atrace.te
  7. attributes
  8. binderservicedomain.te
  9. blkid.te
  10. blkid_untrusted.te
  11. bluetooth.te
  12. bootanim.te
  13. clatd.te
  14. CleanSpec.mk
  15. debuggerd.te
  16. device.te
  17. dex2oat.te
  18. dhcp.te
  19. dnsmasq.te
  20. domain.te
  21. drmserver.te
  22. dumpstate.te
  23. file.te
  24. file_contexts
  25. file_contexts_asan
  26. fs_use
  27. fsck.te
  28. fsck_untrusted.te
  29. gatekeeperd.te
  30. genfs_contexts
  31. global_macros
  32. gpsd.te
  33. hci_attach.te
  34. healthd.te
  35. hostapd.te
  36. idmap.te
  37. init.te
  38. initial_sid_contexts
  39. initial_sids
  40. inputflinger.te
  41. install_recovery.te
  42. installd.te
  43. isolated_app.te
  44. kernel.te
  45. keys.conf
  46. keystore.te
  47. lmkd.te
  48. logd.te
  49. mac_permissions.xml
  50. mdnsd.te
  51. mediaserver.te
  52. mls
  53. mls_macros
  54. MODULE_LICENSE_PUBLIC_DOMAIN
  55. mtp.te
  56. net.te
  57. netd.te
  58. neverallow_macros
  59. nfc.te
  60. NOTICE
  61. perfprofd.te
  62. platform_app.te
  63. policy_capabilities
  64. port_contexts
  65. ppp.te
  66. procrank.te
  67. property.te
  68. property_contexts
  69. racoon.te
  70. radio.te
  71. README
  72. recovery.te
  73. rild.te
  74. roles
  75. runas.te
  76. sdcardd.te
  77. seapp_contexts
  78. security_classes
  79. service.te
  80. service_contexts
  81. servicemanager.te
  82. sgdisk.te
  83. shared_relro.te
  84. shell.te
  85. slideshow.te
  86. su.te
  87. surfaceflinger.te
  88. system_app.te
  89. system_server.te
  90. te_macros
  91. tee.te
  92. toolbox.te
  93. tzdatacheck.te
  94. ueventd.te
  95. uncrypt.te
  96. untrusted_app.te
  97. users
  98. vdc.te
  99. vold.te
  100. watchdogd.te
  101. wpa.te
  102. zygote.te