We will continue to restrict access to /dev/kvm and /dev/vhost-vsock with SELinux.
Bug: 245727626
Test: atest -p packages/modules/Virtualization:avf-presubmit
Change-Id: Id4f3e19c18a51bc51e6363d6ffde31c1032cf967
Also adjust permissions on /dev/hw_random to allow prng_seeder group
read access.
Manual testing protocol:
* Verify prng_seeder daemon is running and has the
correct label and uid/gid.
* Verify prng_seeder socket present and has correct
label and permissions
* Verify no SELinux denials
* strace a libcrypto process and verify it reads seeding
data from prng_seeder (e.g. strace bssl rand -hex 1024)
* strace seeder daemon to observe incoming connections
(e.g. strace -f -p `pgrep prng_seeder`)
* Kill daemon, observe that init restarts it
* strace again and observe clients now seed from new instance
Bug: 243933553
Test: Manual - see above
Change-Id: I4d526844b232fc2a1fa5ffd701ca5bc5c09e7e96
/dev/kvm and /dev/vhost-vsock are used by crosvm. Previously, it ran as
a custom UID `virtualizationservice`. However, this prevented us from
applying task profiles to the crosvm process because joining a process
to a cgroup requires system UID.
Now, crosvm (and its parent virtualizationservice as well) runs in
system UID. Therefore, the ownership of two device files are also
updated accorgly.
BUG=b:216788146
BUG=b:223790172
Test: watch TH
Change-Id: I1f63a12532d3a2cb5724291dbbb40210bd7c9203
There's no need for system_server to access this any more, so no need to
have weaker permissions than we'll get by default (ignoring the fact
that SELinux policy is our real protection here anyway).
Bug: http://b/179086242
Test: treehugger
Change-Id: I584e87f027f44e10190c2e5c2eb85785f61f8bd5
ueventd.rc scripts belong in the /etc/ directory of their given
partition, not the root of the partition. This can cause problems,
especially since Android.bp cannot write to the root directly, forcing
vendors to use Android.mk for these files. Note that
/system/etc/ueventd.rc moved long ago.
Test: Tree-hugger
Change-Id: I2dcaafc3c3f687f76ab6bc38af979c8b43346db0
To support input device lights manager feature in frameworks, provide
sysfs node access to system server process.
Bug: 161633625
Test: atest LightsManagerTest, atest InputDeviceLightsManagerTest
Change-Id: Ic823539e9dd616b6ca4ae803756746e0f5349ec1
Property variables should be written ${x.y} to be expanded.
Bug: 175645356
Test: The property ro.hardware is expanded properly.
Change-Id: Idf7ff7ecc002e6e4de4ccef70e89dcc1c10e63d0
Add permissions for dev/dma_heap/system-uncached dmabuf heap.
This should match the dmabuf system heap.
Signed-off-by: John Stultz <john.stultz@linaro.org>
Change-Id: I9253d56c72d45e228539f709e76ba0862ae03d96
Jeffrey Vander Stoep noted the permissions for the system dmabuf
heap should be 444 instead of 666, as we only need to open and
call ioctl on the device.
Signed-off-by: John Stultz <john.stultz@linaro.org>
Change-Id: I650c9fabfffd1eac5f59bbc7fa1e0ae1f5646bd9
Vendors have an interest in importing ueventd files based on certain
property values. Instead of baking this logic in the ueventd binary,
add the import option from the init parser to the ueventd parser, to
allow vendors to expand as needed.
Test: imported files are parsed
Change-Id: I674987fd48f3218e4703528c6d905b1afb5fb366
We want ashmem to only be used via libcutils API, with long-term goal
being deprecation of ashmem with memfd. To do that we route libcutils to
a new source of ashmem fds. We then phase out uses of /dev/ashmem that
doesn't go through libcutils using SELinux.
In Q, we introduced ashmemd as the source of ashmem fds to libcutils.
However, having a separate process and, consequently, binder hops to
handle /dev/ashmem results in performance/memory overhead.
To address the overhead, replace ashmemd with a duplicate of
/dev/ashmem. Name it /dev/ashmem<boot_id>, where boot_id is a random
number generated on each boot. This way we make sure that developers
don't accidentally depend on /dev/ashmem<boot_id>, as that name can't be
hardcoded.
Bug: 139855428
Test: writing "add"/"remove" to /sys/class/misc/ashmem/uevent correctly
adds/removes /dev/ashmem and /dev/ashmem/boot_id
Change-Id: I36d23116048bfcd99903ba46cc133161835a2cfa
/dev/* nodes referenced in the removed rules are not present on Pixel
devices, i.e. android platform doesn't depend on these nodes. If a
device relies on one of these rules, the rule should be added to the
device-specific ueventd.rc.
v1->v2:
Added back usb-specific rules
/dev/bus/usb/* 0660 root usb
/dev/mtp_usb 0660 root mtp
Bug: 110962171
Test: boot walleye
Test: init_tests
Test: wired headset plays audio
Test: USB PTP works between 2 devices
Change-Id: Ic2d77806a01c8918b2485fb5f0bd9b670b01d1df
This reverts commit d3b0b2708b.
Reason for revert: Regression in USB audio handling
Test: USB audio playback on Crosshatch
Bug: 120795549
Change-Id: Ibd05cd9b419f3e7988ce24a45f800d4bfe91ef6a
/dev/* nodes referenced in the removed rules are not present on Pixel
devices, i.e. android platform doesn't depend on these nodes. If a
device relies on one of these rules, the rule should be added to the
device-specific ueventd.rc.
Bug: 110962171
Test: boot walleye
Test: init_tests
Change-Id: I3262475d4ff22386e8da0436efaf98b208e4fa1c
Some configurations won't allow ueventd to have CAP_NET_ADMIN, so the
new default size of 16M is not possible for those. Those
configurations also won't need such a large buffer size, so this
change allows devices to customize the SO_RCVBUF(FORCE) size for the
uevent socket.
This is done by adding the line 'uevent_socket_rcvbuf_size <size>' to
your device's ueventd.rc file. <size> is specified as a byte count,
for example '16M' is 16MiB.
The last parsed uevent_socket_rcvbuf_size line is the one that is
used.
Bug: 120485624
Test: boot sailfish
Test: ueventd unit tests
Change-Id: If8123b92ca8a9b089ad50318caada2f21bc94707
Currently /dev/uinput is owned by system/bluetooth.
But that's inconsistent with some of the sepolicies for uhid_device.
This also means that the new native tests for inputflinger aren't able
to execute properly, because they require the ability to register a new
input device via uinput.
Bug: none
Test: atest inputflinger_test
The newly added EventHub_test is still under review
Change-Id: I53524738db1a5d3ba962b9bec35ef322ed3028f2
Since some vendors will have firmware in mount points in
/mnt/vendor/..., we extend the ueventd script language to allow
specifying the firmware directories.
Also, move the existing 4 directories to ueventd.rc as a primary user
of this mechanism.
Bug: 111337229
Test: boot sailfish; firmwares load
Change-Id: I0854b0b786ad761e40d2332312c637610432fce2
This CL is in support of another CL c/2048848, topic
'Refactor hid command in /frameworks/base/cmds' in
internal master. Adding the permissions for
shell here to access uhid_node as part of the
new 'uhid' group.
Bug: 34052337
Test: Tested on angler, bluetooth mouse works OK.
Change-Id: If9e100aa1262d689fb8adc5c0ce93f157c96399e
This was marked deprecated in 2014 and removed in 2015, let's remove
the uevent rule now too.
Test: see that logging still works on bullhead
Change-Id: Idaf3f49a1afe7046eba6c976628b9f1c8b3ec094
This prevents the shell user from injecting input as if it were coming
from an existing input device, which in turn makes it easier for malware
/ abuse analysis to detect when someone is injecting input via the
command line vs a real user using a device.
(cherrypick of 95637eb2a332b9a09914b1bf32c10fccfba4a175.)
Bug: 30861057
Test: ran getevent, saw correct output, played with device
Change-Id: Ib53eea1b7767f25510b5d36fe6109101a9fad8e0
Everything should be using the functionfs interface instead by now.
Bug: http://b/34228376
Test: grepping for f_adb, android_adb in source tree
Test: m
Change-Id: I6bc41049c49a867499832588dac8ed108c636c11
This was causing some confusion during shark bringup and we weren't able
to find docs online, so let's add some hints at the top of the file in
case it comes up again.
Change-Id: Ica2cd8a0fb28efb99077fdc98673dbbdd6f58ff6
Signed-off-by: Kevin Cernekee <cernekee@google.com>
/dev/pmsg0 used to record the Android log messages, then
on reboot /sys/fs/pstore/pmsg-ramoops-0 provides a means
to pull and triage user-space activities leading
up to a panic. A companion to the pstore console logs.
Change-Id: Id92cacb8a30339ae10b8bf9e5d46bb0bd4a284c4
cpufreq
The owner and permissions for the sysfs file
/sys/devices/system/cpu*/cpufreq/scaling_max/min_freq is changed.
This would allow the PowerHAL to change the max/min cpufreq even after
the associated CPU's are hotplugged out and back in.
Change-Id: Ibe0b4aaf3db555ed48e89a7fcd0c5fd3a18cf233
Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com>
Remove world-readable, reduce group permissions to readable by system
daemons
Change-Id: I6c7d7d78b8d8281960659bb8490a01cf7fde28b4
Signed-off-by: Greg Hackmann <ghackmann@google.com>