tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
43039 commits 1 branch 0 tags 50 MiB
Commit graph

269 commits

Author SHA1 Message Date
Steven Moreland
0bb95dd4fd Merge "strengthen proc_type neverallows" am: fd92d967ee am: 12523b02c3 am: 79190c4da7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2599509

Change-Id: I210c48f15715cb5c4f808341d39beefc996e30c7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-24 20:14:29 +00:00
Steven Moreland
fd92d967ee Merge "strengthen proc_type neverallows" 2023-05-24 18:01:14 +00:00
Steven Moreland
8634a88595 strengthen proc_type neverallows 
These were unnecessarily lax. Some additional places
additionally exclude only the generic proc type, but
we don't care about those places.

Bug: 281877578
Test: boot
Change-Id: I9ebf410c12a41888ab1f5ecc21c95c34fc36c0d0
 2023-05-22 22:59:08 +00:00
David Anderson
465859abb7 Merge "Allow ueventd to access device-mapper." am: 73d18c2bfe am: 5f2482d0dd am: d223637c8a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2591728

Change-Id: I76ff312e6d37a2abaf5b5144a6d13fcfc9c9421a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-19 21:34:43 +00:00
David Anderson
e09c0eee36 Allow ueventd to access device-mapper. 
ueventd needs access to device-mapper to fix a race condition in symlink
creation. When device-mapper uevents are received, we historically read
the uuid and name from sysfs. However it turns out sysfs may not be
fully populated at that time. It is more reliable to read this
information directly from device-mapper.

Bug: 270183812
Test: libdm_test, treehugger
Change-Id: I36b9b460a0fa76a37950d3672bd21b1c885a5069
 2023-05-17 11:07:19 -07:00
Treehugger Robot
e0339e83fd Merge "Fix dalvik property attribute for Microdroid" am: f850317561 am: 2325d5b92f am: d63c987ca2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2519481

Change-Id: Ibbaa84dc3ffc65db06e22ea8c2de7e9aa3cde916
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-05 11:01:49 +00:00
Alan Stokes
f85f298b2f Fix dalvik property attribute for Microdroid 
Commit 22fb5c7d24 migrated from property
types to attributes in some Microdroid rules, but omitted to
associated the attribute with the relevant types. So we fix that.

Bug: 274530433
Bug: 275469579
Bug: 276895565
Test: Will schedule a test run
Change-Id: I11194be9d1e352fa456c24a3b5784c18ccc03a69
 2023-04-04 15:29:40 +01:00
Jiakai Zhang
2d0d80ae7f Merge "Allow system server to set dynamic ART properties." am: 326d35c04b am: 1502d1e604 am: afd4aee92d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2513825

Change-Id: Ibe28079aa1641ee7503d2de375eb41b1c4b81e45
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-31 15:37:27 +00:00
Jiakai Zhang
22fb5c7d24 Allow system server to set dynamic ART properties. 
This change gives a new type (dalvik_dynamic_config_prop) to some ART
properties such as dalvik.vm.dex2oat-cpu-set and adds a new rule to
allow system server to set them.

Bug: 274530433
Test: Locally added some code to set those properties and saw it being
  successfull.
Change-Id: Ie28602e9039b7647656594ce5c184d29778fa089
 2023-03-31 11:46:05 +01:00
Nikita Ioffe
8c6c971b75 Merge "Add domain level neverallow to restrict access to ptrace" am: 1b4e9393d3 am: 41d6edd0e7 am: e63a597a47 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2505897

Change-Id: I9a6eb11e53ee60de60db6e6fc7fd9349c03f9540
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-29 13:05:22 +00:00
Nikita Ioffe
1b4e9393d3 Merge "Add domain level neverallow to restrict access to ptrace" 2023-03-29 11:46:26 +00:00
Treehugger Robot
982f5c6d29 Merge "microdroid: allow microdroid_manager to read AVF debug policy" am: 35a1bb8e32 am: d395216ffc am: aabbb5c6ca 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2505675

Change-Id: I1f7fb57a0f0476fcec64656a30ef29366f7a2b7f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-27 16:16:58 +00:00
Treehugger Robot
35a1bb8e32 Merge "microdroid: allow microdroid_manager to read AVF debug policy" 2023-03-27 14:48:13 +00:00
Nikita Ioffe
4bfda5ba89 Add domain level neverallow to restrict access to ptrace 
Bug: 271562015
Test: m
Change-Id: I48f9a0fc5e708e15dd103d6ed369c8fe43d70495
 2023-03-27 14:45:33 +01:00
Alan Stokes
5f7af06cb8 Remove policy for non-existent devices am: 4f92d5bd99 am: 1d33d118a5 am: cd10974d13 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2506240

Change-Id: Ibe1b923b0168ed58d75539626bb0714c4b65edf3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-27 09:27:33 +00:00
Jaewan Kim
867bc33ede microdroid: allow microdroid_manager to read AVF debug policy 
Bug: 272752814
Test: atest on devices without AVF debug policy
Change-Id: I3fdbdd49f0e775b4b054328dc25c5f2ba1f9712f
 2023-03-27 03:52:27 +00:00
Alan Stokes
4f92d5bd99 Remove policy for non-existent devices 
We still had policy for devices which do not currently exist in
Microdroid. Remove the unused types and all references to them in the
policy, since they have no effect and just bloat the policy.

While I'm here, delete all the bug_map entries. We don't use the
bug_map in Microdroid, and this is just an outdated snapshot from host
policy.

Bug: 274752167
Test: atest MicrodroidTests
Test: composd-cmd test-compile
Change-Id: I3ab90f8e3517c41eff0052a0c8f6610fa35ccdcb
 2023-03-24 18:13:18 +00:00
Shikha Panwar
590598e469 Merge "Microdroid sepolicy changes to handle crash export" am: 9d34facd25 am: 5517c11a15 am: 71e6ad2e2b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2422867

Change-Id: I894f06542bae2d29228bcbae1b687357628eabe1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-21 19:05:14 +00:00
Shikha Panwar
9d34facd25 Merge "Microdroid sepolicy changes to handle crash export" 2023-03-21 18:14:12 +00:00
Nikita Ioffe
7955a327ee Merge "Add selinux rules for perfetto daemones" am: 103794c43c am: b164310273 am: ca0aad6185 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2468440

Change-Id: Ib606ac7f86ec4cc5c8328cf3aa83dd97f16d5695
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-15 00:29:33 +00:00
Nikita Ioffe
6069e7c8f2 Add selinux rules for perfetto daemones 
Note: this is a somewhat minimal set of rules required to be able to
capture traces on Microdroid. After the trace is captured I still see a
bunch of SELinux denials. We might need to add more allow rules in the
follow up changes.

Bug: 249050813
Test: boot Microdroid VM, capture traces with record_android_traces
Change-Id: I62098fb79a8db65706a5bb28c8acce7ff3821f15
 2023-03-14 15:07:54 +00:00
Shikha Panwar
cf5d5051ff Microdroid sepolicy changes to handle crash export 
Change1# Add property export_tombstones.enabled - This is set by
microdroid_manager to indicate that tombstones in Microdroid be exported
out to host. This read by crash_dump (specifically tombstone_handler).

Change2# allow crash_dump to create/connect/write on vsock.

Change3# Deleting rules/domain related to tombstoned &
tombstone_transmit in Microdroid.

Test: atest MicrodroidHostTests#testTombstonesAreGeneratedUponUserspaceCrash
Test: Look for selinux denials in log
Bug: 243494912
Change-Id: Ibd607eb11202d492bcb0c4ba40a6888683420fb9
 2023-03-09 16:01:35 +00:00
Jaewan Kim
49b8fa9d49 Merge "microdroid: allow init_debug_policy.sh to handle AVF debug policy" am: 11feefd839 am: 7a942187a1 am: 154e678fe8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2439933

Change-Id: If8e75c9cfa8ff597549a84708a9b90411561ccfa
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-07 12:06:49 +00:00
Jaewan Kim
11feefd839 Merge "microdroid: allow init_debug_policy.sh to handle AVF debug policy" 2023-03-07 10:23:51 +00:00
Jaewan Kim
dc8ce5f8dc microdroid: allow init_debug_policy.sh to handle AVF debug policy 
Test: Boot microdroid with no issue
Bug: 2437372
Change-Id: I485228864cce58922e7e3b3eed4b9bd1c5cce306
 2023-03-07 08:27:34 +09:00
Alice Wang
4a8ab250c8 [dice] Remove all the sepolicy relating the hal service dice am: 5e94b1698c am: 13e58cf7b1 am: a9a8c0cb93 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2426073

Change-Id: Ia58829024a4eec19239f71fb93aa01649f08b192
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-24 21:23:06 +00:00
Alice Wang
5e94b1698c [dice] Remove all the sepolicy relating the hal service dice 
As the service is not used anywhere for now and in the near future.

Bug: 268322533
Test: m
Change-Id: I0350f5e7e0d025de8069a9116662fee5ce1d5150
 2023-02-24 08:34:26 +00:00
Treehugger Robot
697cadd955 Merge "Allow dex2oat access to relevant properties" am: ce230383ae am: 6fb804af4e am: ae7f49678b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2412099

Change-Id: I5c3357387272f738f4930a7c281e609e28828dc6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-03 10:17:04 +00:00
Treehugger Robot
ce230383ae Merge "Allow dex2oat access to relevant properties" 2023-02-03 08:57:34 +00:00
Alan Stokes
8b40e907f4 Allow dex2oat access to relevant properties 
I noticed a bunch of denials in the logs like this:

avc: denied { read } for pid=187 comm="dex2oat64"
name="u:object_r:device_config_runtime_native_boot_prop:s0"
dev="tmpfs" ino=76 scontext=u:r:dex2oat:s0
tcontext=u:object_r:device_config_runtime_native_boot_prop:s0
tclass=file permissive=0

But we actually want to be able to access these properties.

Bug: 264496291
Test: atest android.compos.test.ComposTestCase#testOdrefreshSpeed
Change-Id: I6ce8ee74a1024a9ddd6ef91e73111d68da878899
 2023-02-02 11:46:12 +00:00
Shikha Panwar
20830f7568 Merge "Allow MM to open/syncfs/close encryptedstore dir" am: 2d91b6fc97 am: db1018c3ff am: b13ccd0a35 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2376232

Change-Id: I7d7de50a1427279ac32bb0b05c8b51dfa8de25f3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-01 12:35:13 +00:00
Shikha Panwar
2d91b6fc97 Merge "Allow MM to open/syncfs/close encryptedstore dir" 2023-02-01 11:13:01 +00:00
Inseob Kim
416338ac16 Add property_service_for_system on microdroid 
Bug: 262237198
Test: boot microdroid
Ignore-AOSP-First: Security fix
Change-Id: I6ddeff2962f723abc10e25f768e7507fd620e274
 2023-01-30 12:42:50 +09:00
Alan Stokes
7e754a1c56 Remove references to asan_extract 
This type doesn't exist in Microdroid.

Bug: 266871002
Test: m SANITIZE_TARGET=address com.android.virt
Change-Id: I2ca6db9669eafc4037bbf87bdcff60935893d93f
 2023-01-27 10:42:45 +00:00
Inseob Kim
ebc4742480 microdroid: Add prop to wait for /data/tombstones 
Bug: 266470759
Test: atest MicrodroidHostTestCases MicrodroidTestApp
Change-Id: Ie9992e105e57f1088a6016f0179c7dc3d285a7ed
 2023-01-26 22:16:28 +09:00
Inseob Kim
ef0328cf94 Add tombstone_transmit init property to microdroid 
Bug: 265594221
Test: atest MicrodroidHostTestCases
Change-Id: I5138e91cd53821fa9ab26e17e19123e55f89ae63
 2023-01-20 17:37:47 +09:00
Shikha Panwar
992245d1b2 Allow MM to open/syncfs/close encryptedstore dir 
Microdroid Manager needs these permissions to sync the encryptedstore
filesystem.

Test: Builds
Test: Check selinux denials in logs
Change-Id: Iee020ae653f5d42af086ca91068e3df52c992305
 2023-01-06 08:57:02 +00:00
Jiyong Park
bce697f3c5 Merge "prng_seeder is a bootstrap process in microdroid" 2022-12-23 03:31:18 +00:00
Jiyong Park
c4cf20a146 prng_seeder is a bootstrap process in microdroid 
It is started very early before linker namespaces are configured, thus
making it a bootstrap process.

Bug: 263398430
Test: watch boottime benchmark
Change-Id: I60411601a6be78f8401e43d136b567615002797c
 2022-12-22 10:24:26 +09:00
Jiyong Park
f59f5d2eba Merge "Add rules for prng_seeder" 2022-12-21 12:15:32 +00:00
Jiyong Park
02df74af6d Add rules for prng_seeder 
The process has the exclusive access to /dev/hw_random. It instead opens
provides a socket (/dev/prng_seeder/socket) which any process can
connect to to get random numbers.

This CL is basically a Microdroid version of aosp/2215051

Bug: 247781653
Test: same as aosp/I0a7e339115a2cf6b819730dcf5f8b189a339c57d
    * Verify prng_seeder daemon is running and has the
      correct label (via ps -Z)
    * Verify prng_seeder socket present and has correct
      label (via ls -Z)
    * Verify no SELinux denials
    * strace a libcrypto process and verify it reads seeding
      data from prng_seeder (e.g. strace bssl rand -hex 1024)
    * strace seeder daemon to observe incoming connections
      (e.g. strace -f -p `pgrep prng_seeder`)

Change-Id: I3483132ead0f5d101b5b3365f78cc36d89528f0e
 2022-12-20 22:01:57 +09:00
Nikita Ioffe
f8ece0f19e Allow microdroid_manager to drop capabilities from it's bounding set 
In the other change in the same topic microdroid_manager starts to drop
the capabilities before execve'ing the payload binary.

Test: m
Bug: 243633980
Change-Id: Ia70d15db413c822b174a708dedfa5557c8abde65
 2022-12-17 02:36:49 +00:00
Treehugger Robot
3997a8fff0 Merge "Add more zipfuse mount done props" 2022-12-14 10:51:40 +00:00
Treehugger Robot
f1e8772660 Merge "Selinux label for /mnt/encryptedstore" 2022-12-13 20:16:12 +00:00
Seungjae Yoo
2ca7ebd8a2 Merge "Cleanup ro.boot.microdroid.app_debuggable" 2022-12-12 00:16:58 +00:00
Treehugger Robot
d838f6443e Merge "Remove netdomain from Microdroid" 2022-12-10 06:57:54 +00:00
Shikha Panwar
1aeaaedbc9 Selinux label for /mnt/encryptedstore 
Create a label for the encrypted storage. encryptedstore_file & _fs
corresponding to the file & fs type.

encryptedstore process mounts the device on /mnt/encryptedstore with
fscontext & context.

microdroid_payload will have rw & related permissions on it. Also, add a
neverallow rule to deny execute permission on all domains.

encryptedstore needs relabel permission from tmpfs to
encryptedstore_file, along with mount like permissions on the later.

Bug: 261477008
Test: atest MicrodroidTests#encryptedStorageAvailable

Change-Id: Iffa1eb400f90874169d26fc2becb1dda9a1269a9
 2022-12-09 19:26:34 +00:00
Jiyong Park
2660633d34 Remove netdomain from Microdroid 
Nothing in Microdroid uses tcp/udp/rawip sockets. Removing netdomain
attribute for the capability. Note that some processes can use
networking via vsock.

Bug: N/A
Test: watch TH

Change-Id: Id10861d0520770578503dd93b0c72c3d6be993e8
 2022-12-09 14:31:40 +09:00
Seungjae Yoo
8fbe216555 Cleanup ro.boot.microdroid.app_debuggable 
Bug: 260147409
Test: N/A
Change-Id: I3d3e5dc7d26733b7faeeafb854f768d74831a648
 2022-12-09 13:46:26 +09:00
Alan Stokes
26aa754f36 Add more zipfuse mount done props 
Allow one property per APK for zipfuse to signal readiness to
microdroid manager.

Bug: 252811466
Test: atest MicrodroidTests
Test: composd_cmd test-compile
Change-Id: Ibe5d0756cda807e677de68335258b96364e91880
 2022-12-08 14:26:19 +00:00