When the toolbox domain was introduced, we allowed all domains to exec it
to avoid breakage. However, only domains that were previously allowed the
ability to exec /system files would have been able to do this prior to the
introduction of the toolbox domain. Remove the rule from domain.te and add
rules to all domains that are already allowed execute_no_trans to system_file.
Requires coordination with device-specific policy changes with the same Change-Id.
Change-Id: Ie46209f0412f9914857dc3d7c6b0917b7031aae5
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Size increase taken as a precaution against recent built breakage
due to lack of space on a number of targets (e.g. x86, ARM64).
System and user-data image sizes set to match currently most common
setup for the emulator: system image: 1.25gb, user-data image 700mb.
Change-Id: I7118eb26dd78f5fa9e4f0006e15c8d47dee8e28c
This has been a null operation for a while, as devices are on the
extended font footprint by default.
Bug: 21785576
Change-Id: I884752876fa529b9ff29b14d08b0e9e618fa7348
This fixes the issue with the emulator "-shell" option.
Init tries to open the console which is passed through
the kernel androidboot.console property, but fails to
open it because "avc" denies it. Init only has permissions
to open console_device in rw mode. This ensures that
/dev/ttyS2 is properly labeled as console_device.
Replaced tabs with spaces.
Change-Id: I9ef94576799bb724fc22f6be54f12de10ed56768
Deal with a build failure in conflict with cl/152105
(cherrypicked from commit 1cc7735ffa)
Bug: 19608716
Change-Id: I1078046db3b159c1baf0a22435c3e777424453a1
The goldfish-setup service (essentially /system/etc/init.goldfish.sh)
executes the following commands when certain conditions are met:
setprop ro.radio.noril yes
stop ril-daemon
so as to stop the RIL daemon and emulate a WiFi-only device. Both would
fail, though, because goldfish-setup does not have the permissions to
set relevant properties.
This CL modifies the emulator's SELinux policy to grant the necessary
permissions. It is a step towards fixing the ril-daemon-keeps-getting-
killed-and-restarted problem with the new ("ranchu") emulator, which
does not support telephony emulation yet. (The other step is to have
init start goldfish-setup, which will be done in a seperate CL.)
(cherrypicked from commit 33dca8090f)
Change-Id: Ice7e7898804b7353ac4a8c49d871b1b2571d7a5f
Signed-off-by: Yu Ning <yu.ning@intel.com>
(cherrypicked from commit cccc901639)
Change-Id: I630ba0178439c935d08062892990d43a3cc1239e
Signed-off-by: William Roberts <william.c.roberts@linux.intel.com>
The goldfish-setup service (essentially /system/etc/init.goldfish.sh)
executes the following commands when certain conditions are met:
setprop ro.radio.noril yes
stop ril-daemon
so as to stop the RIL daemon and emulate a WiFi-only device. Both would
fail, though, because goldfish-setup does not have the permissions to
set relevant properties.
This CL modifies the emulator's SELinux policy to grant the necessary
permissions. It is a step towards fixing the ril-daemon-keeps-getting-
killed-and-restarted problem with the new ("ranchu") emulator, which
does not support telephony emulation yet. (The other step is to have
init start goldfish-setup, which will be done in a seperate CL.)
Change-Id: Ice7e7898804b7353ac4a8c49d871b1b2571d7a5f
Signed-off-by: Yu Ning <yu.ning@intel.com>
In goldfish kernel 3.10, the goldfish_tty device instantiates virtual
serial ports as /dev/ttyGF* (e.g. /dev/ttyGF0), not as /dev/ttyS* as in
goldfish kernel 3.4. However, in the emulator's SELinux security policy,
there is no specific security context assigned to /dev/ttyGF*, and the
one inherited from /dev (u:object_r:device:s0) prevents services such as
qemud and goldfish-logcat from reading and writing ttyGF*. Consequently,
qemud terminates abnormally on the classic x86_64 emulator:
init: Service 'qemud' (pid XXX) exited with status 1
Fix this issue by assigning /dev/ttyGF* the same security context as
/dev/ttyS*.
(cherrypicked from commit 4783467922)
Change-Id: Ia7394dc217bd82f566c4d1b7eda3cc8ce3ac612f
Signed-off-by: Yu Ning <yu.ning@intel.com>
In goldfish kernel 3.10, the goldfish_tty device instantiates virtual
serial ports as /dev/ttyGF* (e.g. /dev/ttyGF0), not as /dev/ttyS* as in
goldfish kernel 3.4. However, in the emulator's SELinux security policy,
there is no specific security context assigned to /dev/ttyGF*, and the
one inherited from /dev (u:object_r:device:s0) prevents services such as
qemud and goldfish-logcat from reading and writing ttyGF*. Consequently,
qemud terminates abnormally on the classic x86_64 emulator:
init: Service 'qemud' (pid XXX) exited with status 1
Fix this issue by assigning /dev/ttyGF* the same security context as
/dev/ttyS*.
Change-Id: Ia7394dc217bd82f566c4d1b7eda3cc8ce3ac612f
Signed-off-by: Yu Ning <yu.ning@intel.com>
In goldfish kernel 3.10, qemu_pipe has been renamed to goldfish_pipe.
However, in the emulator's SELinux policy, there is no specific security
context assigned to /dev/goldfish_pipe, and the one inherited from /dev
(u:object_r:device:s0) prevents various processes (qemud, qemu-props,
etc.) from reading and writing goldfish_pipe. Consequently, the classic
x86_64 emulator will not boot if GPU emulation is enabled ("-gpu host"),
and does not render the UI correctly if launched with "-gpu off".
Fix this issue by assigning /dev/goldfish_pipe the same security context
as /dev/qemu_pipe.
This CL also benefits the new ("ranchu") emulator, where all supported
ABIs (arm64, mips64, x86 and x86_64) use 3.10-based kernels. Without
this fix, the new emulator boots and works, but there are avc denials
related to goldfish_pipe.
Last but not least, it is now possible to boot the classic x86 emulator
with a 3.10-based kernel instead of the current 3.4-based one, without
disabling SELinux.
(cherry-pick of commit: a5053e6b35)
Change-Id: I52e75c94d3ae3758cbbf5bc0e1d84254fdf5c6cb
Signed-off-by: Yu Ning <yu.ning@intel.com>
In goldfish kernel 3.10, qemu_pipe has been renamed to goldfish_pipe.
However, in the emulator's SELinux policy, there is no specific security
context assigned to /dev/goldfish_pipe, and the one inherited from /dev
(u:object_r:device:s0) prevents various processes (qemud, qemu-props,
etc.) from reading and writing goldfish_pipe. Consequently, the classic
x86_64 emulator will not boot if GPU emulation is enabled ("-gpu host"),
and does not render the UI correctly if launched with "-gpu off".
Fix this issue by assigning /dev/goldfish_pipe the same security context
as /dev/qemu_pipe.
This CL also benefits the new ("ranchu") emulator, where all supported
ABIs (arm64, mips64, x86 and x86_64) use 3.10-based kernels. Without
this fix, the new emulator boots and works, but there are avc denials
related to goldfish_pipe.
Last but not least, it is now possible to boot the classic x86 emulator
with a 3.10-based kernel instead of the current 3.4-based one, without
disabling SELinux.
Change-Id: Iad979c0ee9d0a410be12b83ac1bef9476b50a6dc
Signed-off-by: Yu Ning <yu.ning@intel.com>
Define BOARD_SEPOLICY_DIRS for the arm64, mips64, and x86_64
emulator targets. As a first cut, simply inherit from the
existing policy directories used for generic and generic_x86.
We may need further board-specific policy added for these targets
but testing will require first enabling SELinux in the relevant
kernel configs.
(cherrypicked from commit 21ebc213bb)
Change-Id: I7b4459b32298698fc2908cbbdd0e3afadbe5ac24
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
For ART testing, we need:
1) A larger userdata partition. A lot of files end up there as it
is multi-arch.
2) Don't strip prebuilts. Technically we only care about core-libart,
but this is the best high-level change that doesn't impact other
files.
Change-Id: Ic36bfcf80ba50a602752ca0a3031dda89a0f3051
Define BOARD_SEPOLICY_DIRS for the arm64, mips64, and x86_64
emulator targets. As a first cut, simply inherit from the
existing policy directories used for generic and generic_x86.
We may need further board-specific policy added for these targets
but testing will require first enabling SELinux in the relevant
kernel configs.
Change-Id: I7b4459b32298698fc2908cbbdd0e3afadbe5ac24
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
As suggested in the comments on
https://android-review.googlesource.com/#/c/141560/
drop BOARD_SEPOLICY_UNION and simplify the build_policy logic.
Union all files found under BOARD_SEPOLICY_DIRS.
Change-Id: I4214893c999c23631f5456cb1b8edd59771ef13b
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
The extra system space is needed for mips64r6/mips32r6 quick
mode images and the extra userdata is needed to run ART tests.
Change-Id: I96dc1553d950dcf046b57feff10a369e9155bd4d
This was only needed for platform builds, and was removed in the gap between
armv5 being removed and being added back again for tapas builds. Otherwise it
would have been removed back then.
(I suspect that we don't need the system.prop file in here, either, but I
don't really know how to test that.)
Change-Id: I212ff7b3568b5d5ff3cc66150ec7c4fa0b8cac92
When building a generic arm 32-bit target, we also want to include
support for the ranchu board model for the updated Android emulator
based on recent upstream QEMU.
Since the emulator.mk file is included by both the generic and
generic_arm64 targets and already defines a PRODUCT_COPY_FILES and
PRODUCT_PACKAGES, move duplicate entries from
target/board/generic*/device.mk to target/product/emulator.mk.
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Change-Id: I7922ec0c4097776a185dbb245301d760ff332386
Switch the qemud domain from unconfined_domain() to
permissive_or_unconfined() so that we can start collecting and
addressing denials in -userdebug/-eng builds.
Also allow access to the serial device.
Change-Id: I9c7a6ddc8c2e64bfc6c5bb896eed1729ab205d60
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This assigns block device types as per device/generic/goldfish/fstab.goldfish.
Eliminates (permissive) avc: denied messages for fsck.
Change-Id: Ia72bdfb16975f051548b6b2c0636e4f907295789
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Allow apps running with any level to write to it.
Change-Id: I8fca1f377e14c624db5273bdacf8400addc6210d
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Build of sdk_google_phone_x86_64-sdk_addon product was failing with
the following error message:
error: ext4_allocate_best_fit_partial: failed to allocate 2420 blocks,
out of space?
Change-Id: Ib9e2d21bac86b12b6f8f75d4f30806dd20abcb90
Prebuilts are now preopted. This requires a bump in system image
size. Technically a 13M bump would have been fine, but round up
to 50M for a little bit of future breathing space.
Bug: 17772057
Change-Id: Ib10dc24960c0b2e03ef28c55c3c199382802d4e1
goldfish-setup, goldfish-logcat, and qemu-props are goldfish-specific
oneshot services that lacked domain definitions and thus were left in init's
domain.
This depends on a change to external/sepolicy with the same Change-Id
to define non-goldfish-specific types for properties and logcat.
Change-Id: Idce1fb5ed9680af84788ae69a5ace684c6663974
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
I've been told this is no longer in use, and it's the only user of
external/grub, which is distressingly out of date.
Change-Id: I434a55e0d68f6db97fa71e294e983ff1802e9ba6
(cherry picked from commit de21059acf)
I've been told this is no longer in use, and it's the only user of
external/grub, which is distressingly out of date.
Change-Id: I434a55e0d68f6db97fa71e294e983ff1802e9ba6
This patch ensures that the system image produced for the 'aosp_arm64'
build products can actually run under emulation with the new qemu-android
binaries [1]
The main issue is that the virtual board is named 'ranchu' instead of
'goldfish' (because the virtual hardware is _very_ different), and thus
requires specific files for the boot to start properly
(in particular fstab.ranchu is required to mount the system, data and
cache partitions, otherwise init will fail badly because /system/bin/
and /data/ are missing important files).
IMPORTANT: This requires the files under device/generic/goldfish/ from:
https://android-review.googlesource.com/#/c/105020/
[1] Binaries built from https://qemu-android.googlesource.com/qemu-android
BUG=17154406
Change-Id: Ic40360bf56e32aab708551c810000467d23793d4
This was accidentally removed by commit 8dc227f482.
Breaks builds for apps that use gnustl_static for 32 bit compiles
on an arm64 target.
bug: 16951392
Change-Id: I89480943284944fd95543cccbf40a8de22852197
This removes the explicit list of fonts for the SDK and replaces it with
the fonts built for the generic device.
Also, the symlinked fonts are copied becuase Windows doesn't support
symlinks.
Change-Id: I8b18b2ab0149ab24448f27dbd5f9716e5d360029
The idea is that we want to be able to build a single 32+64 APK
whose 32 bit code can run on 32 bit devices, where we can't assume
cortex-a15 or NEON.
Change-Id: Ia6bf400fa472924a94b08cef83e9e5dea09222ab
Add mips64r6 target and corresponding mips32r6 target.
Defaults remain as mips64r2 and mips32r2.
Apply -FP64A codegen subsetting to mips32r6 only.
Access FR=0 odd-numbered 32-bit float regs only via
double-prec even-numbered regs, not by single-prec ops.
(cherry picked from commit 6bab974cdc)
Change-Id: I447337ce56c15e86cec505d68a6b45294fc3ba77
Use 4.9 mips64el toolchain for both 64- and 32-bit builds.
Tell ld when 32-bit links are required.
Override 4.9's changed defaults for mips floating point
register use, to get same assembler rules as 4.8 and earlier.
Also: drop unused soft-fp build targets, cleanout redundant
compiler options, and remove extraneous Android.mk file.
(cherry picked from commit 6670e24aed)
Change-Id: I34d2f8fc6113c9d1670e3acff1aff48634b9fe1b
Add mips64r6 target and corresponding mips32r6 target.
Defaults remain as mips64r2 and mips32r2.
Apply -FP64A codegen subsetting to mips32r6 only.
Access FR=0 odd-numbered 32-bit float regs only via
double-prec even-numbered regs, not by single-prec ops.
Change-Id: I1740a6c658304b6c41242be58d68753e6f171658
Use 4.9 mips64el toolchain for both 64- and 32-bit builds.
Tell ld when 32-bit links are required.
Override 4.9's changed defaults for mips floating point
register use, to get same assembler rules as 4.8 and earlier.
Also: drop unused soft-fp build targets, cleanout redundant
compiler options, and remove extraneous Android.mk file.
Change-Id: I86f1075266349edb2b08a7709b9f5472d8cfda32
We originally forked a complete copy of generic/sepolicy into
generic_x86/sepolicy, but we can instead inherit from it and
merely add rules as needed under generic_x86/sepolicy.
Change-Id: I21e1a1425ce08676a8ea69685a4761db3bfde628
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
I87d0976800557d73064e2da038315b0d019d7a60 removed zygote.te from
generic/sepolicy and generic/BoardConfig.mk but also incorrectly
removed it from generic_x86/BoardConfig.mk, even though
generic_x86/sepolicy/zygote.te still exists and contains rules
needed on the x86 emulator. Otherwise the zygote fails with
execmem denials on the x86 emulator.
(x86 emulator is also broken currently due to yaffs2 /cache yielding
unlabeled denials, but that is unrelated to this change).
Change-Id: Ie36ed4ed7ba478a377f9a0d4383d006b49bde5cc
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
A sensible default for the 32bit CPU_VARIANT of an ARM64 build is
cortex-a15. Please note that the AArch32 execution state of ARMv8
is a superset of ARMv7.
Change-Id: Id2b655172750e04609ae9ba22d621fe83cd69b1a
Signed-off-by: Serban Constantinescu <serban.constantinescu@arm.com>
x86 just bit me. I did manage to build mips today, but I assume it
can't be long before we hit the limit there too if every other target
has hit it already.
Change-Id: I28dfe3b4f9565cb79e0bf6b0ffc55a9d6e64a9b0
Also siezes the opportunity to remove the hardcoded
TARGET_PREFER_32_BIT_APPS directing in core_64_bit.mk.
This avoids the need for further hacks but needs supporting
changes to a few apps to force them to 32 bit.
Change-Id: I36ba9e5f5b08dd87d6a4afc27961a436306eed99
