openkylin
/
platform_system_core
mirror of https://gitee.com/openkylin/platform_system_core.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity
26,477 Commits 2 Branches 1 Tag 197 MiB
C++ 88.7%
C 8.4%
Shell 1.7%
Python 0.6%
Makefile 0.4%
Go to file
Nick Kralevich 8adb4d9d12 Send property_service AVC messages to the kernel audit system 
The property service uses an SELinux userspace check to determine if a
process is allowed to set a property. If the security check fails, a
userspace SELinux denial is generated. Currently, these denials are only
sent to dmesg.

Instead of sending these denials to dmesg, send it to the kernel audit
system. This will cause these userspace denials to be treated similarly
to kernel generated denials (eg, logd will pick them up and process
them). This will ensure that denials generated by the property service
will show up in logcat / dmesg / event log.

After this patch, running "setprop asdf asdf" from the unprivileged adb
shell user will result in the following audit message:

  type=1107 audit(39582851.013:48): pid=1 uid=0 auid=4294967295
  ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for
  property=asdf pid=5537 uid=2000 gid=2000 scontext=u:r:shell:s0
  tcontext=u:object_r:default_prop:s0 tclass=property_service'

Test: manual
Bug: 27878170
Change-Id: I0b8994888653501f2f315eaa63d9e2ba32d851ef
 		2017-01-03 13:50:13 -08:00
adb Merge "adb: fix adb trace tag" 2016-12-17 00:07:41 +00:00
adf system/core Replace cutils/log.h with android/log.h 2016-09-30 12:47:05 -07:00
base [nit] Fix typo in properties.h 2016-12-15 10:47:32 +00:00
bootstat bootstat: Fix the boot complete signal for FBE devices. 2016-12-01 14:02:17 -08:00
cpio mkbootfs: Fix the default st_mode for root directory. 2016-10-07 16:14:27 -07:00
debuggerd Improve crasher. 2016-12-14 17:33:46 -08:00
fastboot fastboot: fix set_active for legacy A/B. 2016-12-15 16:27:48 -08:00
fingerprintd system/core Replace cutils/log.h with android/log.h 2016-09-30 12:47:05 -07:00
fs_mgr modify a minor error in mount_with_alternatives 2016-12-16 07:02:57 +00:00
gatekeeperd Switch to memcpy for accessing misaligned data. 2016-12-07 03:46:55 -08:00
healthd resolve merge conflicts of a4398c1 to stage-aosp-master am: 195669febc 2016-10-14 02:55:55 +00:00
include Merge "Make libziparchive C++-only." 2016-12-30 19:40:56 +00:00
init Send property_service AVC messages to the kernel audit system 2017-01-03 13:50:13 -08:00
libappfuse Support SOCK_STREAM for bridge between system and app 2016-12-12 14:53:03 +09:00
libbacktrace Remove obsolete mentions of LLVM_HOST_BUILD_MK 2016-12-17 13:34:05 -08:00
libbinderwrapper Move libbinderwrapper's headers into libbinderwrapper. 2016-09-16 09:02:47 -07:00
libcrypto_utils Rely on the platform -std default. 2016-10-10 14:31:12 -07:00
libcutils libcutils: Use strnlen for default property values 2016-12-22 09:21:06 -08:00
libdiskconfig system/core Replace log/log.h with android/log.h 2016-09-30 12:47:05 -07:00
libion ion.c: add O_CLOEXEC to /dev/ion open 2016-11-29 15:20:33 -08:00
liblog liblog: test failures due to permission issues 2016-12-27 10:01:42 -08:00
libmemtrack system/core Replace log/log.h with android/log.h 2016-09-30 12:47:05 -07:00
libmemunreachable Rely on the platform -std default. 2016-10-10 14:31:12 -07:00
libnativebridge Allow different namespace types for different classloaders 2016-11-04 15:21:13 -07:00
libnativeloader Allow different namespace types for different classloaders 2016-11-04 15:21:13 -07:00
libnetutils system/core Replace cutils/log.h with android/log.h 2016-09-30 12:47:05 -07:00
libpackagelistparser system/core Replace cutils/log.h with android/log.h 2016-09-30 12:47:05 -07:00
libpixelflinger system/core: preparation to pull back interfaces from android/log.h 2016-10-20 08:11:39 -07:00
libprocessgroup Switch fastboot/init/libprocessgroup to std::this_thread::sleep_for. 2016-11-14 17:08:47 -08:00
libprocinfo libprocinfo: introduce. 2016-11-14 13:42:18 -08:00
libsparse libsparse: add a function to retrieve the data blocks 2016-11-30 19:16:28 -08:00
libsuspend libsuspend: move to exponential backoff am: fb896944b6 2016-10-12 18:20:51 +00:00
libsync Update for kernel headers v4.8.14. 2016-12-12 18:59:42 -08:00
libsysutils Merge "system/core: preparation to pull back interfaces from android/log.h" 2016-10-20 18:03:57 +00:00
libusbhost usb-bulk-transfer: Clarify sign-iy-ness of param 2016-09-21 15:51:35 +00:00
libutils Enable libbase/libutils/libziparchive on host bionic 2016-11-29 13:38:53 -08:00
libziparchive libziparchive: use _FILE_OFFSET_BITS=64 2016-12-21 12:05:10 +00:00
lmkd system/core: preparation to pull back interfaces from android/log.h 2016-10-20 08:11:39 -07:00
logcat logcat: unit test produces log stutter 2016-12-27 19:13:00 +00:00
logd logd: gtest: logd.timeout socket does not clean up properly 2016-12-29 12:59:22 -08:00
logwrapper Rely on the platform -std default. 2016-10-10 14:31:12 -07:00
mkbootimg mkbootimg: use int for os_version and os_patch_level 2016-03-29 16:06:37 -07:00
reboot Convert more Android.mk files to Android.bp 2016-07-13 17:41:45 -07:00
rootdir Merge "Improve init bootcharting." 2016-12-16 17:32:27 +00:00
run-as Define range of GIDs for cached app data. 2016-12-13 13:28:08 -07:00
sdcard Merge "Switch sdcardfs over to bind mounts." 2016-11-30 05:20:40 +00:00
toolbox delete toolbox/r.c 2016-11-29 15:45:11 -08:00
trusty system/core: preparation to pull back interfaces from android/log.h 2016-10-20 08:11:39 -07:00
tzdatacheck Convert more Android.mk files to Android.bp 2016-07-13 17:41:45 -07:00
.gitignore Ignore adb/*.pyc files 2015-08-11 12:59:58 -07:00
Android.bp Add system/core/Android.bp 2016-12-20 10:58:18 -08:00
Android.mk Remove the simulator target from all makefiles. 2011-07-11 22:12:32 -07:00
CleanSpec.mk init.rc: have hwservicemanager start the HAL class 2016-09-26 00:23:51 -07:00
MODULE_LICENSE_APACHE2 auto import from //depot/cupcake/@135843 2013-07-30 13:56:49 -07:00
NOTICE Fix omission in NOTICE file. 2013-07-30 13:56:55 -07:00