Commit graph

70 commits

Author SHA1 Message Date
David Brazdil
8faa47c3ec Make /dev/{kvm,vhost-vsock} accessible to all UIDs
We will continue to restrict access to /dev/kvm and /dev/vhost-vsock with SELinux.

Bug: 245727626
Test: atest -p packages/modules/Virtualization:avf-presubmit
Change-Id: Id4f3e19c18a51bc51e6363d6ffde31c1032cf967
2022-12-20 08:20:26 +00:00
Pete Bentley
6cb61610e6 Add AID for PRNG seeder daemon.
Also adjust permissions on /dev/hw_random to allow prng_seeder group
read access.

Manual testing protocol:
* Verify prng_seeder daemon is running and has the
  correct label and uid/gid.
* Verify prng_seeder socket present and has correct
  label and permissions
* Verify no SELinux denials
* strace a libcrypto process and verify it reads seeding
  data from prng_seeder (e.g. strace bssl rand -hex 1024)
* strace seeder daemon to observe incoming connections
  (e.g. strace -f -p `pgrep prng_seeder`)
* Kill daemon, observe that init restarts it
* strace again and observe clients now seed from new instance

Bug: 243933553
Test: Manual - see above
Change-Id: I4d526844b232fc2a1fa5ffd701ca5bc5c09e7e96
2022-09-26 17:50:09 +01:00
Jiyong Park
5b178328a3 /dev/[kvm|vhost-vsock] are owned by system
/dev/kvm and /dev/vhost-vsock are used by crosvm. Previously, it ran as
a custom UID `virtualizationservice`. However, this prevented us from
applying task profiles to the crosvm process because joining a process
to a cgroup requires system UID.

Now, crosvm (and its parent virtualizationservice as well) runs in
system UID. Therefore, the ownership of two device files are also
updated accorgly.

BUG=b:216788146
BUG=b:223790172
Test: watch TH

Change-Id: I1f63a12532d3a2cb5724291dbbb40210bd7c9203
2022-04-15 00:05:38 +09:00
Andrew Walbran
3aedc7edc8 Rename VirtManager to VirtualizationService.
Bug: 188042280
Test: atest VirtualizationTestCases
Change-Id: I0e549ef02c7327f57c3d04853b3eefed7403d8e8
2021-05-24 11:41:13 +00:00
Andrew Walbran
e76a7ef09c Give virtmanager user access to /dev/kvm and /dev/vhost-vsock for crosvm
Bug: 183583115
Test: Ran a VM manually with vm tool
Change-Id: Idf691c3ec3551c4cdadaecff96eddc2027dc8c79
2021-04-12 15:25:35 +00:00
Elliott Hughes
61fb3d0b69 Remove special config for /dev/hw_random.
There's no need for system_server to access this any more, so no need to
have weaker permissions than we'll get by default (ignoring the fact
that SELinux policy is our real protection here anyway).

Bug: http://b/179086242
Test: treehugger
Change-Id: I584e87f027f44e10190c2e5c2eb85785f61f8bd5
2021-02-10 15:13:46 -08:00
Tom Cherry
71dd7064cc ueventd: deprecate paths without /etc/
ueventd.rc scripts belong in the /etc/ directory of their given
partition, not the root of the partition.  This can cause problems,
especially since Android.bp cannot write to the root directly, forcing
vendors to use Android.mk for these files.  Note that
/system/etc/ueventd.rc moved long ago.

Test: Tree-hugger
Change-Id: I2dcaafc3c3f687f76ab6bc38af979c8b43346db0
2021-01-26 12:26:09 -08:00
Linzhao Ye
5a9b8577c9 Merge "Allow system server to access sysfs node of led lights." 2021-01-23 17:08:46 +00:00
Chris Ye
f41e334922 Allow system server to access sysfs node of led lights.
To support input device lights manager feature in frameworks, provide
sysfs node access to system server process.

Bug: 161633625
Test: atest LightsManagerTest, atest InputDeviceLightsManagerTest
Change-Id: Ic823539e9dd616b6ca4ae803756746e0f5349ec1
2021-01-17 06:58:39 +00:00
Hridya Valsaraju
f7c0f3d830 Setup ueventd to support DMA-BUF system-secure heap
Memory allocated from this heap will be used for secure playback.

Test: manual
Bug: 175697666
Change-Id: I16275ef0cef39b7b56cdce7c3545622712d438dc
2021-01-12 12:49:24 -08:00
Youkichi Hosoi
63fdd1ba24 ueventd: Fix property variable for ro.hardware in ueventd.rc
Property variables should be written ${x.y} to be expanded.

Bug: 175645356
Test: The property ro.hardware is expanded properly.
Change-Id: Idf7ff7ecc002e6e4de4ccef70e89dcc1c10e63d0
2020-12-16 15:54:15 +09:00
John Stultz
efb6e07e0a ueventd.rc: Add /dev/dma_heap/system-uncached permissions
Add permissions for dev/dma_heap/system-uncached dmabuf heap.

This should match the dmabuf system heap.

Signed-off-by: John Stultz <john.stultz@linaro.org>
Change-Id: I9253d56c72d45e228539f709e76ba0862ae03d96
2020-12-14 23:29:55 +00:00
John Stultz
dc01a02a1a ueventd.rc: Reduce permissions for /dev/dma_heap/system to 444
Jeffrey Vander Stoep noted the permissions for the system dmabuf
heap should be 444 instead of 666, as we only need to open and
call ioctl on the device.

Signed-off-by: John Stultz <john.stultz@linaro.org>
Change-Id: I650c9fabfffd1eac5f59bbc7fa1e0ae1f5646bd9
2020-12-14 23:29:35 +00:00
Tom Cherry
5b271797de ueventd: add the import option from the init parser
Vendors have an interest in importing ueventd files based on certain
property values.  Instead of baking this logic in the ueventd binary,
add the import option from the init parser to the ueventd parser, to
allow vendors to expand as needed.

Test: imported files are parsed
Change-Id: I674987fd48f3218e4703528c6d905b1afb5fb366
2020-12-08 13:21:26 -08:00
Hridya Valsaraju
72a0f10f51 Setup ueventd to support DMA-BUF heaps
Test: tested on cuttelfish with DMA-BUF heaps enabled.
Bug: 168333162
Change-Id: I2e7ed71d329edbb77319ca3cfbc4f0bf6be8fd98
2020-09-11 14:42:31 -07:00
Tri Vo
ff89b8d8c2 ueventd: duplicate /dev/ashmem
We want ashmem to only be used via libcutils API, with long-term goal
being deprecation of ashmem with memfd. To do that we route libcutils to
a new source of ashmem fds. We then phase out uses of /dev/ashmem that
doesn't go through libcutils using SELinux.

In Q, we introduced ashmemd as the source of ashmem fds to libcutils.
However, having a separate process and, consequently, binder hops to
handle /dev/ashmem results in performance/memory overhead.

To address the overhead, replace ashmemd with a duplicate of
/dev/ashmem. Name it /dev/ashmem<boot_id>, where boot_id is a random
number generated on each boot. This way we make sure that developers
don't accidentally depend on /dev/ashmem<boot_id>, as that name can't be
hardcoded.

Bug: 139855428
Test: writing "add"/"remove" to /sys/class/misc/ashmem/uevent correctly
adds/removes /dev/ashmem and /dev/ashmem/boot_id
Change-Id: I36d23116048bfcd99903ba46cc133161835a2cfa
2019-09-25 12:49:38 -07:00
Tri Vo
4f408746cf ueventd.rc: Move device-specific entries to /vendor/ueventd.rc.
Bug: 110962171
Test: boot sailfish, taimen, blueline
Change-Id: If740c2bd85409c9a057cff68f8bfd870cad35b37
2019-01-06 16:15:07 -08:00
Tri Vo
16cdffe8cb Reland "Remove obsolete ueventd.rc rules."
/dev/* nodes referenced in the removed rules are not present on Pixel
devices, i.e. android platform doesn't depend on these nodes. If a
device relies on one of these rules, the rule should be added to the
device-specific ueventd.rc.

v1->v2:
Added back usb-specific rules
/dev/bus/usb/*            0660   root       usb
/dev/mtp_usb              0660   root       mtp

Bug: 110962171
Test: boot walleye
Test: init_tests
Test: wired headset plays audio
Test: USB PTP works between 2 devices
Change-Id: Ic2d77806a01c8918b2485fb5f0bd9b670b01d1df
2018-12-14 14:57:54 -08:00
Treehugger Robot
36b5dd845c Merge "Revert "Remove obsolete ueventd.rc rules."" 2018-12-11 17:47:11 +00:00
Andy Hung
3fddf92465 Revert "Remove obsolete ueventd.rc rules."
This reverts commit d3b0b2708b.

Reason for revert: Regression in USB audio handling

Test: USB audio playback on Crosshatch
Bug: 120795549
Change-Id: Ibd05cd9b419f3e7988ce24a45f800d4bfe91ef6a
2018-12-11 04:14:30 +00:00
Tri Vo
dc978cc15b Merge "Remove obsolete ueventd.rc rules." 2018-12-07 17:53:00 +00:00
Tri Vo
d3b0b2708b Remove obsolete ueventd.rc rules.
/dev/* nodes referenced in the removed rules are not present on Pixel
devices, i.e. android platform doesn't depend on these nodes. If a
device relies on one of these rules, the rule should be added to the
device-specific ueventd.rc.

Bug: 110962171
Test: boot walleye
Test: init_tests
Change-Id: I3262475d4ff22386e8da0436efaf98b208e4fa1c
2018-12-06 16:07:20 -08:00
Tom Cherry
e29101077c ueventd: allow configuring SO_RCVBUF(FORCE) for the ueventd socket
Some configurations won't allow ueventd to have CAP_NET_ADMIN, so the
new default size of 16M is not possible for those.  Those
configurations also won't need such a large buffer size, so this
change allows devices to customize the SO_RCVBUF(FORCE) size for the
uevent socket.

This is done by adding the line 'uevent_socket_rcvbuf_size <size>' to
your device's ueventd.rc file.  <size> is specified as a byte count,
for example '16M' is 16MiB.

The last parsed uevent_socket_rcvbuf_size line is the one that is
used.

Bug: 120485624
Test: boot sailfish
Test: ueventd unit tests
Change-Id: If8123b92ca8a9b089ad50318caada2f21bc94707
2018-12-06 13:35:52 -08:00
Siarhei Vishniakou
e615b2aa76 Permissions for /dev/uinput
Currently /dev/uinput is owned by system/bluetooth.
But that's inconsistent with some of the sepolicies for uhid_device.
This also means that the new native tests for inputflinger aren't able
to execute properly, because they require the ability to register a new
input device via uinput.

Bug: none
Test: atest inputflinger_test
The newly added EventHub_test is still under review

Change-Id: I53524738db1a5d3ba962b9bec35ef322ed3028f2
2018-11-27 11:21:21 -08:00
Tom Cherry
7421fa1aed ueventd: let scripts provide firmware directories
Since some vendors will have firmware in mount points in
/mnt/vendor/..., we extend the ueventd script language to allow
specifying the firmware directories.

Also, move the existing 4 directories to ueventd.rc as a primary user
of this mechanism.

Bug: 111337229
Test: boot sailfish; firmwares load
Change-Id: I0854b0b786ad761e40d2332312c637610432fce2
2018-07-13 15:34:25 -07:00
Siarhei Vishniakou
38d4352fce Allow input system access to /dev/v4l-touch
Bug: 62940136
Test: read /dev/v4l-touchX from inputflinger

Change-Id: I394686e4167855f50ddd6ff9aebcf3c94f6550b0
2017-12-22 17:06:24 -08:00
Siarhei Vishniakou
b995b58631 Merge "Adding 'uhid' permission for access to /dev/uhid." am: cecbc9993d am: 04daed4793
am: d819380f50

Change-Id: If06b07c88276c32cdf5b53e6afcf0563e6538544
2017-05-12 01:00:46 +00:00
Siarhei Vishniakou
0729dd1edb Adding 'uhid' permission for access to /dev/uhid.
This CL is in support of another CL c/2048848, topic
'Refactor hid command in /frameworks/base/cmds' in
internal master. Adding the permissions for
shell here to access uhid_node as part of the
new 'uhid' group.

Bug: 34052337
Test: Tested on angler, bluetooth mouse works OK.

Change-Id: If9e100aa1262d689fb8adc5c0ce93f157c96399e
2017-05-11 01:28:53 +00:00
Tom Cherry
aa85663027 Merge changes Ie5ec609a,I5a2ac369,I690137b5 am: 659b78ed10 am: 01b87aac9c
am: 8d9eee4f2b

Change-Id: I5cd7d00f71bfd3970189481f381629cedc358c9b
2017-04-13 21:45:58 +00:00
Tom Cherry
780a71e779 ueventd: move subsystem logic from code to ueventd.rc
Test: Boot bullhead
Test: Boot sailfish, observe no boot time regression
Test: init unit tests

Change-Id: I690137b584fcc2b9cd2dd932a2678f75a56d6737
2017-04-12 16:36:20 -07:00
Tom Cherry
6289bb1341 Merge "ueventd: remove /dev/log" am: 120add07ab am: 9ae606d659
am: 6c2e8b10fe

Change-Id: Ic257774710a74e72a97f4187e48587150ee3d613
2017-04-12 08:17:29 +00:00
Tom Cherry
d4ff8d83d3 ueventd: remove /dev/log
This was marked deprecated in 2014 and removed in 2015, let's remove
the uevent rule now too.

Test: see that logging still works on bullhead
Change-Id: Idaf3f49a1afe7046eba6c976628b9f1c8b3ec094
2017-04-11 21:35:46 +00:00
Martijn Coenen
62c5b47b9f Add /dev/vndbinder to ueventd.rc
Bug: 36052864
Test: vndservicemanager can access /dev/vndbinder
Change-Id: I208ae91e722185f015fe8f0047c54087be6d21a2
2017-04-03 17:04:02 -07:00
Michael Wright
14667c19cd Revert "Only allow system to write to existing input nodes."
This reverts commit 344e929e6d.

Bug: 35301292
Change-Id: Ib6805c986c0aa88d14652de59ad4602b1cce8b56
2017-02-21 17:12:59 +00:00
Michael Wright
344e929e6d Only allow system to write to existing input nodes.
This prevents the shell user from injecting input as if it were coming
from an existing input device, which in turn makes it easier for malware
/ abuse analysis to detect when someone is injecting input via the
command line vs a real user using a device.

(cherrypick of 95637eb2a332b9a09914b1bf32c10fccfba4a175.)

Bug: 30861057
Test: ran getevent, saw correct output, played with device
Change-Id: Ib53eea1b7767f25510b5d36fe6109101a9fad8e0
2017-02-09 14:45:25 -08:00
Josh Gao
183b73e665 adb: remove support for legacy f_adb interface.
Everything should be using the functionfs interface instead by now.

Bug: http://b/34228376
Test: grepping for f_adb, android_adb in source tree
Test: m
Change-Id: I6bc41049c49a867499832588dac8ed108c636c11
2017-01-11 15:00:03 -08:00
Martijn Coenen
f5110ea029 Add hwbinder dev node permissions.
b/31458381
Test: pass

Change-Id: I8ec92a29287b17636c363c55a8565dacab19043d
Signed-off-by: Iliyan Malchev <malchev@google.com>
2016-09-26 00:23:51 -07:00
Ajay Panicker
604208e957 Remove net_bt_stack group and replace it with bluetooth
Bug: 31549206
Change-Id: I667963e5f9fd1a5dc9ad74378b318e3b782e6883
2016-09-20 12:01:33 -07:00
Kevin Cernekee
fa432b0e2f Merge "ueventd.rc: Document the different rule formats for /dev and /sys nodes" 2016-01-26 23:44:56 +00:00
Kevin Cernekee
1f0dd2210b ueventd.rc: Document the different rule formats for /dev and /sys nodes
This was causing some confusion during shark bringup and we weren't able
to find docs online, so let's add some hints at the top of the file in
case it comes up again.

Change-Id: Ica2cd8a0fb28efb99077fdc98673dbbdd6f58ff6
Signed-off-by: Kevin Cernekee <cernekee@google.com>
2015-05-12 09:56:34 -07:00
Terry Heo
bf81356e22 rootdir: add permission for /dev/dvb*
Bug: 20112245
Change-Id: I513c6ed5b65d5bd4edef6cb12d7fc20eb9cad4f1
2015-05-07 16:49:00 +09:00
Mark Salyzyn
8c7380b476 am 3802b5d4: Merge "rootdir: add pstore"
* commit '3802b5d4c5cb14864dcdd8820e9140b81a2d7d78':
  rootdir: add pstore
2015-01-14 17:46:46 +00:00
Mark Salyzyn
4b0313e4d3 rootdir: add pstore
/dev/pmsg0 used to record the Android log messages, then
on reboot /sys/fs/pstore/pmsg-ramoops-0 provides a means
to pull and triage user-space activities leading
up to a panic. A companion to the pstore console logs.

Change-Id: Id92cacb8a30339ae10b8bf9e5d46bb0bd4a284c4
2015-01-14 17:15:39 +00:00
Arve Hjønnevåg
7770252a84 rootdir: Make trusty version readable by dumpstate
Change-Id: I761650d286b454f1fe01a585e7cd6ec769bfc527
2014-10-16 16:11:37 -07:00
Ruchi Kandoi
75b287b771 ueventd: Ueventd changes the permission of sysfs files for max/min
cpufreq

The owner and permissions for the sysfs file
/sys/devices/system/cpu*/cpufreq/scaling_max/min_freq is changed.
This would allow the PowerHAL to change the max/min cpufreq even after
the associated CPU's are hotplugged out and back in.

Change-Id: Ibe0b4aaf3db555ed48e89a7fcd0c5fd3a18cf233
Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com>
2014-05-01 17:30:41 +00:00
Greg Hackmann
b34fed34af rootdir: reduce permissions on /dev/rtc0
Remove world-readable, reduce group permissions to readable by system
daemons

Change-Id: I6c7d7d78b8d8281960659bb8490a01cf7fde28b4
Signed-off-by: Greg Hackmann <ghackmann@google.com>
2014-03-27 15:52:01 -07:00
Greg Hackmann
a585e662e0 rootdir: add permissions for /dev/rtc0
Change-Id: If9d853bdae2399b1e7434f45df375ba1fd6dbe9c
Signed-off-by: Greg Hackmann <ghackmann@google.com>
2013-12-17 14:45:39 -08:00
Greg Hackmann
95b348c5d7 rootdir: add ueventd.rc rule for adf subsystem
Change-Id: I727d91355229692c11e0e309c0fcac051269eba3
Signed-off-by: Greg Hackmann <ghackmann@google.com>
2013-11-26 13:18:26 -08:00
Alex Klyubin
b2478a713a Expose /dev/hw_random to group "system".
This is needed to let EntropyMixer (runs inside system_server) read
from /dev/hw_random.

Change-Id: Ifde851004301ffd41b2189151a64a0c5989c630f
2013-10-03 13:32:36 -07:00
Zhihai Xu
9f239afc35 second user doesnot pickup input operations from A2DP
bug 7335014

Change-Id: I39e450d254647f0b84a07f38f2f2571711fca075
2012-10-16 17:32:51 -07:00