For ContentProvider case, private app can not access system app data. So we added this rule to solve this issue.
Bug: 157448040
Test: <Before modifying the rules, when the private app accesses files in the app-specific directory shared by the system app through the ContentProvider, the system will report selinux permission issue.
After modifying the rules and compiling the new version, the private app can access the files in the app-specific directory shared by the system app through the ContentProvider without any permission issues.>
Change-Id: I2433a6808d899c3729c6aa37c6c2d955e91e54a3
Adds sepolicy rules to allow MediaProvider to make binder calls into
statsd. That's to allow MediaProvider to register a StatsCallbackPuller
for metrics.
Test: build
Bug: 149669087
Change-Id: I9a13fc04c12557a0435724cfae04f752f856a06e
com.android.permissioncontroller was getting routed to platform_app
since specified seinfo takes precedence over unspecified seinfo. This
change adds seinfo=platform to the rule for
com.android.permissioncontroller so it correctly runs in the
permissioncontroller_app domain.
Bug: 158953123
Test: Treehugger + android.security.cts.SELinuxHostTest#testPermissionControllerDomain
Change-Id: I721fbf43a9774ed11414dd084bedaeb7216a76dd
Due to AIDL HAL introduction, vendors can publish services
with servicemanager. vendor_service_contexts is labeled as
vendor_service_contexts_file, not nonplat_service_contexts_file.
And pack it to vendor partition.
Bug: 154066722
Test: check file label
Change-Id: Ic74b12e4c8e60079c0872b6c27ab2f018fb43969
To allow vold to abort it.
Bug: 153411204
Test: vold can access it
Merged-In: I334eaf3459905c27d614db8eda18c27e62bea5fa
Change-Id: I334eaf3459905c27d614db8eda18c27e62bea5fa
FMRadio dlopen fail and can't work
avc: denied { open } for
path="/data/asan/system/system_ext/lib64/libfmjni.so" dev="mmcblk0p38"
ino=190 scontext=u:r:platform_app:s0:c512,c768
tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0
app=com.android.fmradio
Fixes: 157108870
Test: Launch FMRadio, it can work well with asan enabled.
Change-Id: Ida35ad7248f361efbf649c30e905eeb38e1bf0b4
A device must indicate whether GPU profiling is supported or not through
setting these two properties properly. CTS needs to read these two
properties in order to run corresponding compliance tests. Hence need to
update sepolicy for these two properties.
Bug: b/157832445
Test: Test on Pixel 4
Change-Id: I6f400ecbbd5e78b645bb620fa24747e9367c2ff3
Merged-In: I6f400ecbbd5e78b645bb620fa24747e9367c2ff3
There are probably more cases but this one blocks presubmit
for cuttlefish with mainline kernels.
Bug: 158304247
Change-Id: I6d769b16a230a113a804df61f8de4dcbce2193b6
There should be no need for this, and it allows probing for file existence.
Access to /data and more specifically labeled directories under it
(e.g. /data/app) is not affected.
Bug: 158088415
Test: Builds
Change-Id: Iac39629b1c7322dc2fd9a57c9f034cb2ba73793f
vendor_init is allowed to write any properties except for system
internal and system restricted props for old devices. Relaxing telephony
props to avoid build breakage.
Bug: N/A
Test: m selinux_policy with not_compatible_property
Change-Id: I1346a87b774099c837c329b977fbd993202af65b
To remove bad context names, two contexts are added.
- telephony_config_prop
- telephony_status_prop
exported_radio_prop, exported2_radio_prop are removed. Cleaning up
exported3_radio_prop will be a follow-up task.
Exempt-From-Owner-Approval: cherry-pick
Bug: 152471138
Bug: 155844385
Test: boot and see no denials
Test: usim works on blueline
Change-Id: Iff9a4635c709f3ebe266cd811df3a1b4d3a242c2
Merged-In: Iff9a4635c709f3ebe266cd811df3a1b4d3a242c2
(cherry picked from commit 4d36eae8af)
1. Allow gpuservice to access tracepoint id
2. Allow gpuservice to access bpf program
3. Allow gpuservice to attach bpf program to tracepoint
4. Allow gpuservice to access bpf filesystem
5. Allow gpuservice to run bpf program and read map through bpfloader
6. Allow gpuservice to check a property to ensure bpf program loaded
Bug: 136023082
Test: adb shell dumpsys gpu --gpumem
Change-Id: Ic808a7e452b71c54908cdff806f41f51ab66ffd8
Keystore access was reverted a while ago in ag/10598373.
Bug: 112038744
Test: atest CtsAppSecurityHostTestCases:android.appsecurity.cts.ApkVerityInstallTest
Test: atest GtsPlayFsiTestCases GtsPlayFsiHostTestCases ApkVerityTest
Change-Id: Ic170624f5a718806adf54ab12e8f4b9f17c7775b
Exported properties init.svc.* were world-readable, so making them
world-readable again to fix selinux denials.
Bug: 157474281
Test: m selinux_policy
Change-Id: I6d5a28b68061896e9cd2584c47aa60f6d36ed53f
/apex/apex-info-file.xml is labeled as apex_info_file. It is
created/written by apexd once by apexd, and can be read by zygote and
system_server. The content of the file is essentially the same as the
return value of getAllPackages() call to apexd.
Bug: 154823184
Test: m
Merged-In: Ic6af79ddebf465b389d9dcb5fd569d3a786423b2
(cherry picked from commit f1de4c02cc)
Change-Id: Ic6af79ddebf465b389d9dcb5fd569d3a786423b2
ro.bootimage.build.date.* are not used anywhere.
ro.bootimage.build.fingerprint was used in the recovery mode, which has
now been switched to ro.build.fingerprint.
Bug: 117892318
Test: m
Change-Id: Ie920c5eee20baf61676b1b8b16b7f281e1dc2901
compatible_property_only is meaningless to new types introduced after
Android P because the macro is for types which should have different
accessibilities depending on the device's launching API level.
Bug: N/A
Test: system/sepolicy/tools/build_policies.sh
Change-Id: If6b1cf5e4203c74ee65f170bd18c3a354dca2fd4
The fstab_suffix can be passed as 'androidboot.fstab_suffix=' on the
kernel command line, or as an Android DT node. It specifies an
override suffix for the fsmgr fstab search:
/odm/etc/fstab.${fstab_suffix}
/vendor/etc/fstab.${fstab_suffix}
/fstab.${fstab_suffix}
Bug: 142424832
Change-Id: I9c0acf7a5ae3cdba505460247decf2de9997cac1
1) build_odm_prop and build_vendor_prop are added
These contexts will contain world-readable properties from
/odm/build.prop and /vendor/build.prop, respectively.
2) move more properties to build_prop
Following properties are set by /system/build.prop and now assigned as
build_prop:
- ro.adb.secure
- ro.build.type
- ro.product.cpu.abi
- ro.product.cpu.abilist
- ro.product.cpu.abilist32
- ro.product.cpu.abilist64
- ro.secure
Following properties are set by init/property_service.cpp and now
assigned as build_prop:
- ro.product.brand
- ro.product.device
- ro.product.manufacturer
- ro.product.model
- ro.product.name
Bug: 71814576
Bug: 155844385
Test: boot device and see no denials
Change-Id: Idd4f81de4d2d0fc4bdec2d7ecb08bb8e078dab58
To remove bad context names "exported*_prop". Other init.svc.*
properties explicitly become system internal prop.
Bug: 155844385
Test: boot and see no denials
Change-Id: I7a3b4103a4cea77035a6e831e3b6a49a45f15a35
This property allows us to disable sdcardfs if it is present. The old
property ended up getting repurposed, so a new one was needed.
Mediaprovider will also need to access this to determine what actions it
needs to take.
Test: builds
Bug: 155222498
Change-Id: I66ac106613cbb374f54659601e4ba3f61eaecd2f
This is to remove bad context name "exported3_system_prop".
- persist.sys.device_provisioned -> provisioned_prop
- sys.retaildemo.enabled -> retaildemo_prop
Bug: 154885206
Test: boot device and see no denials
Change-Id: Ia19a19d93d0689deb56d66fe0b039ace44e4836f
The IPv6 link-local address is used to avoid expose device to out of
network segment.
BUG: 155198345
Test: manual test.
Change-Id: I0ce8c12de9976c01e57a6433c7fb50235e907dc5
For whatever reason sys.usb.config* has been labeled as
system_radio_prop, which doesn't make sense. Changing context name as
usb_prop. For the same reason exported_system_radio_prop is also
renamed to usb-related names.
Bug: 71814576
Bug: 154885206
Test: m selinux_policy
Change-Id: If30bc620dbeac926a8b9bcde908357fda739a6c1
Merged-In: If30bc620dbeac926a8b9bcde908357fda739a6c1
(cherry picked from commit 44fbcdb677)
It was used within external/ims to save its internal state. Removing it
from property_contexts as it's deleted now (aosp/1209267).
Bug: 152471138
Test: N/A
Change-Id: I1451390aada3dfff6c147de585cc316c5307c0b4
