Currently, both untrusted apps and priv-apps use the SELinux file label
"app_data_file" for files in their /data/data directory. This is
problematic, as we really want different rules for such files. For
example, we may want to allow untrusted apps to load executable code
from priv-app directories, but disallow untrusted apps from loading
executable code from their own home directories.
This change adds a new file type "privapp_data_file". For compatibility,
we adjust the policy to support access privapp_data_files almost
everywhere we were previously granting access to app_data_files
(adbd and run-as being exceptions). Additional future tightening is
possible here by removing some of these newly added rules.
This label will start getting used in a followup change to
system/sepolicy/private/seapp_contexts, similar to:
-user=_app isPrivApp=true domain=priv_app type=app_data_file levelFrom=user
+user=_app isPrivApp=true domain=priv_app type=privapp_data_file levelFrom=user
For now, this newly introduced label has no usage, so this change
is essentially a no-op.
Test: Factory reset and boot - no problems on fresh install.
Test: Upgrade to new version and test. No compatibility problems on
filesystem upgrade.
Change-Id: I9618b7d91d1c2bcb5837cdabc949f0cf741a2837
Steps taken to produce the mapping files:
1. Add prebuilts/api/28.0/[plat_pub_versioned.cil|vendor_sepolicy.cil]
from the /vendor/etc/selinux/[plat_pub_versioned.cil|vendor_sepolicy.cil]
files built on pi-dev with lunch target aosp_arm64-eng
2. Add new file private/compat/28.0/28.0.cil by doing the following:
- copy /system/etc/selinux/mapping/28.0.cil from pi-dev aosp_arm64-eng
device to private/compat/28.0/28.0.cil
- remove all attribute declaration statement (typeattribute ...) and
sort lines alphabetically
- some selinux types were added/renamed/deleted w.r.t 28 sepolicy.
Find all such types using treble_sepolicy_tests_28.0 test.
- for all these types figure out where to map them by looking at
27.0.[ignore.]cil files and add approprite entries to 28.0.[ignore.]cil.
This change also enables treble_sepolicy_tests_28.0 and install 28.0.cil
mapping onto the device.
Bug: 72458734
Test: m selinux_policy
Change-Id: I90e17c0b43af436da4b62c16179c198b5c74002c
This hwservice isn't registered with hwservicemanager but rather passed
to the thermal hal, so it doesn't need sepolicy associated with it to
do so.
Test: manual: boot, inspect logs
Test: VtsHalThermalV1_1TargetTest
Bug: 109802374
Change-Id: Ifb727572bf8eebddc58deba6c0ce513008e01861
Merged-In: Ifb727572bf8eebddc58deba6c0ce513008e01861
(cherry picked from commit c6afcb7fc0)
Avoids subsequent merge conflicts in this section of the file.
Test: manual: compile
Change-Id: I9af723dccff54039031dc4d8f3e5ee34be5960d1
Merged-In: I9af723dccff54039031dc4d8f3e5ee34be5960d1
(cherry picked from commit 6682530515)
Add selinux policy for the new Binder-based vr flinger vsync service.
Bug: 72890037
Test: - Manually confirmed that I can't bind to the new vsync service
from a normal Android application, and system processes (other than
vr_hwc) are prevented from connecting by selinux.
- Confirmed the CTS test
android.security.cts.SELinuxHostTest#testAospServiceContexts, when
built from the local source tree with this CL applied, passes.
- Confirmed the CTS test
android.cts.security.SELinuxNeverallowRulesTest#testNeverallowRules521,
when built from the local source tree with this CL applied, passes.
Change-Id: Ib7a6bfcb1c2ebe1051f3accc18b481be1b188b06
This hwservice isn't registered with hwservicemanager but rather passed
to the thermal hal, so it doesn't need sepolicy associated with it to
do so.
Test: manual: boot, inspect logs
Test: VtsHalThermalV1_1TargetTest
Bug: 109802374
Change-Id: Ifb727572bf8eebddc58deba6c0ce513008e01861
Merged-In: Ifb727572bf8eebddc58deba6c0ce513008e01861
This change makes it such that only init can start adbd directly. It
also introduces new rules for ctl.{start,stop,restart} properties such
that only usbd and recovery (and su, since it's permissive) can directly
ask init to start adbd.
Bug: 64720460
Test: adbd still runs
Test: /data/nativetest64/adbd_test/adbd_test
Test: python system/core/adb/test_adb.py
Test: "USB debugging" in System Settings still start/stop adbd
Test: Recovery menu still make the device show as "recovery" in adb
devices
Test: "Apply update from ADB" in recovery menu still works
Change-Id: Iafcda8aa44e85129afcc958036b472d856fa1192
This property is read by the audio service in system server to toggle
camera shutter sound enforcement on a device-specific basis.
Test: Camera shutter sound enforcement works when audio.camerasound.force is set
Bug: 110126976
Change-Id: I2720d3c699c4712d1a328f59dde0b16bbf1016f3
This adds a label for system properties that will affect system-wide
time / time detection logic.
The first example will be something like:
persist.time.detection_impl_version
Bug: 78217059
Test: build
Change-Id: I46044f1e28170760001da9acf2496a1e3037e48a
Add sepolicy entries for the new time zone detector service.
The timezonedetector_service will be called from the
telephony process.
Bug: 78217059
Test: make / booted device
Change-Id: Ib719a4bb444b2af7dd71910fb0bd12992df9d88c
This change removes references to the common time management
service.
Bug: 80462439
Test: build / boot
Merged-In: I2c8fca44fe05e3a35f5580d23e23a4c033075613
Change-Id: I2c8fca44fe05e3a35f5580d23e23a4c033075613
