btfloader is a standalone binary that receives a path to a bpf .o file
from bpfloader, parses & loads the BTF type info from the file, passes
BTF info back to bpfloader & exits. Include it in bpfloader's domain &
grant bpfloader permission to run it.
Bug: 203823368
Test: build & boot, bpfloader successfully executes btfloader
Signed-off-by: Connor O'Brien <connoro@google.com>
Change-Id: Ia08776a90763a8477d9f3e393d5d723b88a3176f
Contexts must have this permission to fetch remotely provisioned
attestation key blobs. It is expected that only credstore will have
this permission.
Test: manual, build and run cuttlefish
Bug: 194696876
Change-Id: Ieebd552129bc8be6b8831ec2e38eb6bda522b216
This reverts commit eee72d6cb3d9f5c6001192247861b28cb0787827.
REASON: not needed. See the other CL in the same topic.
Bug: 197358423
Test: m
Change-Id: Ice0813ed9e349e37c83b163e2c21f17bb1105013
Add diced to security_class and access_vectors so it can check its
permissions in side Microdroid.
This was part of commit 2b6c6063ae
outside the VM.
Bug: 214231981
Test: composd_cmd dice
Change-Id: Ia503db183d16a4efcb975f654bb4483df44f51ad
sepolicy_generate_compat will be used to generate compat files for ToT,
based on the mapping file from aosp_arm64-userdebug target of {ver}
source tree. For now, it only supports downloading a mapping file
system/etc/selinux/mapping/{ver}.cil from the Android build server.
Bug: 214336258
Test: sepolicy_generate_compat --branch sc-v2-dev --version 32.0
Change-Id: I48043c71a6866aa385ecd67462f7678561cc5a38
Since the clatd has some code cleanup, these privs are not required
anymore.
Bug: 212345928
Test: manual test
1. Connect to ipv6-only wifi.
2. Try IPv4 traffic.
$ ping 8.8.8.8
Change-Id: Ib801a190f9c14ee488bc77a43ac59c78c44773ab
simpleperf_boot is the secontext used to run simpleperf from init,
to generate boot-time profiles.
Bug: 214731005
Test: run simpleperf manually
Change-Id: I6f37515681f4963faf84cb1059a8d5845c2fe5a5
exceptions and dontaudit lists.
wpa_supplicant does not have a dump() method, so
dumpstate shouldn't need to access this HAL.
Bug: 213616004
Test: Treehugger tests
Change-Id: I5a0d80725434b56c9663948c3727faea9fb38db6
Now that we have sepolicy module in Android.bp, we can migrate contexts
tests. Also vendor_service_contexts_test will be run, as we now include
vendor_service_contexts unconditionally.
Unfortunately, vendor_service_contexts_test is now broken, due to a
malformed type hal_power_stats_vendor_service. We will temporarily
exempt the type from the test, to speed up migrating to Android.bp.
Bug: 33691272
Test: m selinux_policy and see tests running
Test: add a malformed type other than hal_power_stats_vendor_service and
run tests
Change-Id: Ic60eb38b9a7c79006f0b5ff4453768e03006604b
Allow rules in public/*.te can only reference types defined in
public/*.te files. This can be quite cumbersome in cases a rule needs to
be updated to reference a type that is only defined in private/*.te.
This change moves all the allow rules from public/app.te to
private/app.te to make it possible to reference private types in the
allow rules.
Bug: 211761016
Test: m
Test: presubmit
Change-Id: I0c4a3f1ef568bbfdfb2176869fcd92ee648617fa
Merged-In: I0c4a3f1ef568bbfdfb2176869fcd92ee648617fa
This is required for listing all key aliases of other APP domains' keys
in order to migrate keys on behalf of the updated app by PMS.
Test: builds
Bug: 211665859
Change-Id: I541fb81e6186288a1e852ce60882651f838e36dc
The logd binder service is on logd side.
The logcat binder service is on system_server side.
These two binder services facilitate the binder RPC
between logd and system_server.
Bug: 197901557
Test: manual
Change-Id: I5f08bbb44a88dc72302331ab11c7d54f94db16ac
Previously, all dalvik.vm.* properties were not used / ignored in
Microdroid. However this change makes use of
dalvik.vm.boot-dex2oat-threads which controls the concurrency level of
dex2oat.
Specifically, on the host-side, the number of vCPUs in the compos VM is
configured from the system property having the same name. Then inside
the compos VM, compsvc which runs in the compos domain, sets the system
property to be the number of vCPUs in the VM. In other words, the system
properties get the same value both in the host and the guest VMs. Then
finally, the dex2oat process running inside the VM reads the system
property and configures its concurrency level accordingly.
Bug: 197358423
Test: run compos
Change-Id: I8d2394a7192a7b55a910f317e12e2b1f60b89636
This is safe because methods in VirtualDeviceManager are guarded by
the internal|role permission CREATE_VIRTUAL_DEVICE, and all subseuqent
methods can only be called on the returned binder.
Fixes: 209527778
Test: Manual
Change-Id: I60a5cf76eec1e45803cf09ab4924331f7c12ced4
Builds:
- sepolicy_test - file that init mounts in /dev/selinux to demonstrate
that updatable sepolicy is loaded.
- apex_sepolicy.cil - Initially includes a rule allowing shell
to read sepolicy_test.
- apex_file_contexts - Initially includes mapping of
/dev/selinux/sepolicy_test.
- apex_sepolicy.sha256. Used by init to determine of
precompiled_sepolicy can be used.
- apex_service_contexts - Currently empty.
- apex_property_contexts - Currently empty.
- apex_seapp_contexts - Currently empty.
Bug: 199914227
Test: Build, boot, ls -laZ /dev/selinux/sepolicy_test
Change-Id: I6aa625dda5235c6e7a0cfff777a9e15606084c12
clatd binary is starting to be shipped by apex since T+ release
and the shipped clatd is belong to u:object_r:clatd_exec:s0.
Test: manual test
1. Connect to ipv6-only wifi.
2. Make IPv4 traffic.
$ ping 8.8.8.8
Change-Id: I4f6f0944e94e165983a19a5d3c3a117274f6bbac
