Commit graph

33485 commits

Author SHA1 Message Date
Treehugger Robot
ff77fc8072 Merge "More neverallow rules" 2021-12-09 09:00:17 +00:00
Chris Weir
e2040a2f81 Merge "Give Netlink Interceptor route_socket perms" am: b7ed015cd8
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1907018

Change-Id: I73cc3ce85d4de095417de3124b37bfc509d894af
2021-12-09 02:07:59 +00:00
Chris Weir
b7ed015cd8 Merge "Give Netlink Interceptor route_socket perms" 2021-12-09 01:52:32 +00:00
Victor Hsieh
1494f6b9a5 Allow odrefresh to read from a pipe from compos
This is copied from dex2oat.te. By using minijail, the child process
currently requires to communicate with the parent by a pipe, before
actually exec'ing the executable.

Bug: 205750213
Test: no longer see the avc error
Change-Id: I4d59fc8d32150d9e08abba06203eb5164ecd3c75
2021-12-08 15:00:22 -08:00
Alan Stokes
d747eafec0 Restrict making memory executable am: 26239da92b
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1913889

Change-Id: Ic8f96d61b66ad2212723baa39332991cedf2af3c
2021-12-08 16:36:37 +00:00
Alan Stokes
72c0134384 More neverallow rules
When we cut down microdroid policy we removed a whole lot of
neverallow rules that were in public/domain.te. Many of these are
irrelevant, but there are some that look quite important. So this CL
restores many of them. This makes no immediate difference (none of
these rules are currently violated, except as mentioned below), but it
might catch mistakes, or at least make us stop and think before
introducing potentially risky policy changes.

Process:
- Paste in all the neverallow rules from public/domain.te in Android
  policy.
- Delete all references to non-existent labels.
- Delete everything makred full-trebly-only,

I also deleted some attributes we clearly don't need, and hence
associated neverallows. (I suspect there are more attributes we could
remove.)

And then I fixed a neverallow violation for microdroid_payload - we
were allowing it unrestricted ioctl access.

Bug: 204853211
Test: Policy builds without error
Test: No denials running composd_cmd forced-compile-test
Change-Id: I21035dee93a881b34941338cc7ce82503cc65e59
2021-12-08 14:56:45 +00:00
Alan Stokes
26239da92b Restrict making memory executable
All code must reside in files.

Bug: 204853211
Test: Builds, no neverallow violations
Change-Id: I124a4c567fff76e143582e189b8cb9feeae5d7d0
2021-12-08 12:36:05 +00:00
Treehugger Robot
f8fd79c0d3 Merge "microdroid: Add support for extra apk files" am: 04a2389d59
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1903974

Change-Id: I6e6327743cc378123eef7d2d7aec3313f5282bcd
2021-12-08 09:21:34 +00:00
Treehugger Robot
04a2389d59 Merge "microdroid: Add support for extra apk files" 2021-12-08 09:05:59 +00:00
Yifan Hong
9d822c3f9a Merge changes from topic "fastbootd-health-aidl" am: 71d99f1316
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1913615

Change-Id: I3be7d6bc85f03c7770bd36401b9b5523105c9fc9
2021-12-08 07:41:53 +00:00
Treehugger Robot
0dda08cf20 Merge "sepolicy: Fix potential avc denials" am: 69faf0b8d1
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1903290

Change-Id: I10c87237f2da6372fe681fb4396fa04d7f8f5a6d
2021-12-08 07:41:31 +00:00
Yifan Hong
71d99f1316 Merge changes from topic "fastbootd-health-aidl"
* changes:
  recovery/fastbootd: allow to talk to health HAL.
  servicemanager: allow to read VINTF files in recovery.
2021-12-08 07:33:48 +00:00
Treehugger Robot
69faf0b8d1 Merge "sepolicy: Fix potential avc denials" 2021-12-08 07:26:55 +00:00
Yu Shan
78be3081e7 Add hal_vehicle_service for AIDL VHAL service.
Add selinux policy for AIDL Vehicel HAL service.
This CL mostly follows https://android-review.googlesource.com/c/platform/system/sepolicy/+/1541205/.

Test: Manually test on emulator, verify AIDL VHAL service is up and
accessible by client.
Bug: 209718034

Change-Id: Icad92e357dacea681b8539f6ebe6110a8ca8b357
2021-12-07 22:23:50 -08:00
Thiébaud Weksteen
c4fc34f4d1 Merge "Migrate build/ to Python 3" am: a1a894be50
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1911015

Change-Id: I420563991cd9894fdbd4c883c3d465103a569037
2021-12-08 06:13:47 +00:00
Thiébaud Weksteen
a1a894be50 Merge "Migrate build/ to Python 3" 2021-12-08 05:56:27 +00:00
Inseob Kim
8565b96a3a microdroid: Add support for extra apk files
extra_apk_file is a new label only for APK files passed to microdroid.
microdroid_manager will create directories under /mnt/extra-apk/, and
zipfuse will mount APK block devices to the directories.

Currently only payload can read the files.

Bug: 205224817
Test: manually edit vm config and see APK files mounted
Change-Id: Ie5afb3156f22bb18979ec70904be675e8ff285a7
2021-12-08 14:10:28 +09:00
Rick Yiu
8cb0bb81f0 sepolicy: Fix potential avc denials
Bug: 206970384
Test: make selinux_policy pass
Change-Id: I2516987ea609b4328951b519f437405bef7a78d5
2021-12-08 10:24:30 +08:00
Treehugger Robot
b7b5c14e40 Merge changes I81ab0a73,Ia66015b7 am: 9a93d79a92
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1908178

Change-Id: I442363d22877b04c021259f502aaa3364f08b7e2
2021-12-08 00:49:53 +00:00
Treehugger Robot
9a93d79a92 Merge changes I81ab0a73,Ia66015b7
* changes:
  Allow compsvc to execute odrefresh
  Allow composd to run fd_server
2021-12-08 00:28:52 +00:00
Yifan Hong
035ce4b7f4 Add charger_vendor type
This is the context when health HAL runs in offline
charging mode.

This has the same permissions as the health HAL, but
is also able to do charger specific things.

Also restrict neverallow rules in charger_type.

Test: manual in offline charging mode
Bug: 203246116
Change-Id: I6034853c113dff95b26461153501ad0528d10279
2021-12-07 16:24:23 -08:00
Yifan Hong
adc0f709b6 recovery/fastbootd: allow to talk to health HAL.
- Allow to use binder.
- Allow to talk to health HAL.

Test: manual in recovery
Test: fastboot getvar battery-voltage
Bug: 177269435
Change-Id: Ic3b1619ac34a10cb6007b8e011a01841343e9e8b
2021-12-07 16:22:53 -08:00
Yifan Hong
259491ba0b servicemanager: allow to read VINTF files in recovery.
Test: manual
Bug: 206888109
Change-Id: I2b7f0f33c27beb0d4401d1d697fdc58e7c62986f
2021-12-07 16:22:53 -08:00
Thiébaud Weksteen
b05a1a1f75 Migrate build/ to Python 3
Test: mm
Bug: 200119288
Change-Id: I0594074b9a74ec7272da325232e7bd8ec0ec705b
2021-12-08 10:03:00 +11:00
Yifan Hong
3a4f392ce3 Merge "recovery: allow to talk to health HAL." am: d725f8acaf
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1907020

Change-Id: I1a620d9c4244eb7a154a34315e494a354e765681
2021-12-07 18:37:33 +00:00
Yifan Hong
d725f8acaf Merge "recovery: allow to talk to health HAL." 2021-12-07 18:18:07 +00:00
Victor Hsieh
f97cc1fd26 Allow compsvc to execute odrefresh
Bug: 205750213
Test: /apex/com.android.compos/bin/composd_cmd forced-odrefresh
      # With SELinux enforced in the VM, plus some hacks in ART,
      # observed odrefresh exited 80.
Change-Id: I81ab0a73314fdcea69c69350c792ff7acab5aab8
2021-12-07 08:08:00 -08:00
Victor Hsieh
90b7b00391 Allow composd to run fd_server
Besides the basic execution that is similar to the (deprecating)
odrefresh case, fd_server also needs to be able to create and change
files in the output directory.

Bug: 205750213
Test: /apex/com.android.compos/bin/composd_cmd forced-odrefresh
      # Saw composd started the fd_server and the VM
Change-Id: Ia66015b72c4bd232c623604be326c7d7145c0a38
2021-12-07 08:07:50 -08:00
Treehugger Robot
5edf794c1f Merge "Allow microdroid_manager to read /proc/bootconfig" am: f05ad45789
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1911591

Change-Id: I858da2474030170af89cd4bca310768c3c5378b6
2021-12-07 11:45:26 +00:00
Treehugger Robot
f05ad45789 Merge "Allow microdroid_manager to read /proc/bootconfig" 2021-12-07 11:06:07 +00:00
Treehugger Robot
9cdacff2aa Merge "Allow composd to create odrefresh staging directory" am: edf5fa0091
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1910491

Change-Id: I2e43c4b68ac248dc981edd031d7c64dffaaef802
2021-12-07 01:31:55 +00:00
Treehugger Robot
edf5fa0091 Merge "Allow composd to create odrefresh staging directory" 2021-12-07 01:07:08 +00:00
Alessio Balsini
27b2b6d8f5 mediaprovider_app can access BPF resources am: fd3e9d838e
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1907857

Change-Id: I3b059674434fd067efef4e999f5b4887d2a2efba
2021-12-07 00:36:42 +00:00
Alessio Balsini
fd3e9d838e mediaprovider_app can access BPF resources
The FUSE daemon in MediaProvider needs to access the file descriptor of
its pinned BPF program and the maps used to commuicate with the kernel.

Bug: 202785178
Test: adb logcat FuseDaemon:V \*:S (in git_master)
Ignore-AOSP-First: mirroring AOSP for prototyping
Signed-off-by: Alessio Balsini <balsini@google.com>
Change-Id: I99d641658d37fb765ecc5d5c0113962f134ee1ae
2021-12-06 19:12:55 +00:00
Victor Hsieh
33aa1a3c52 Allow composd to create odrefresh staging directory
composd in responsible to prepare the staging directory for odrefresh
(in the VM) to write the output to. Temporary output should be put in a
staged directory with a temporary apex_art_staging_data_file context.
When a compilation is finished, the files can then be moved to the final
directory with the final context.

Bug: 205750213
Test: No denials

Change-Id: I9444470b31518242c1bb84fc755819d459d21d68
2021-12-06 08:41:31 -08:00
Jiyong Park
3db645b83d Allow microdroid_manager to read /proc/bootconfig
... so that it can ensure that the bootconfig hasn't changed since the
last boot.

Bug: 208639280
Test: m
Change-Id: I2310a0df0ebbef9d6fe47dbad2538ecbe7bc84e6
2021-12-06 21:16:09 +09:00
Thiébaud Weksteen
95824753b2 Merge "Migrate insertkeys.py to Python3" am: eb424f43f2
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1908682

Change-Id: Icf95d913dbbf2a57bb0d29253530b9903b7ea793
2021-12-06 08:35:57 +00:00
Thiébaud Weksteen
eb424f43f2 Merge "Migrate insertkeys.py to Python3" 2021-12-06 08:21:39 +00:00
Thiébaud Weksteen
9870725336 Migrate insertkeys.py to Python3
PEM files are ASCII-encoded, open them as text file (as opposed to
binary). Avoid relying on __del__. Introduce a prologue and epilogue
methods to emit the <policy> tag only once per output.

Test: build plat_mac_permissions.xml on bramble and compare with
      previous version; identical
Test: build product_mac_permissions.xml on bramble and compare with
      previous version; identical
Test: build system_ext_mac_permissions.xml on bramble and compare with
      previous version; identical
Test: build vendor_mac_permissions.xml on bramble and compare with
      previous version; identical
Bug: 200119288
Change-Id: Iced0acf75bff756453918a411aecb9f4ef8f825d
2021-12-06 13:46:23 +11:00
Victor Hsieh
7b8647e628 Allow composd to read ART's properties am: 1f117c26c6
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1908176

Change-Id: I66ef9b455449df1e5b20163c7d9824d2799f7294
2021-12-03 20:38:10 +00:00
Victor Hsieh
1f117c26c6 Allow composd to read ART's properties
Only ro.zygote is currently used, though we'll need to a few others of
the same property context.

Bug: 205750213
Test: composd_cmd forced-odrefresh # less SELinux denial
Change-Id: I2efbbc1637142f522a66c47bdd17471c4bde227a
2021-12-02 17:58:23 -08:00
Treehugger Robot
f4d3471aac Merge "Remove 26.0 and 27.0 compat support" am: 26950bb361
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1903972

Change-Id: I4b9eb4e5d85cc0a0f49eabd47ce23aaf95db7213
2021-12-02 06:46:29 +00:00
Treehugger Robot
26950bb361 Merge "Remove 26.0 and 27.0 compat support" 2021-12-02 06:26:58 +00:00
Treehugger Robot
9a922c3ce2 Merge "Add logd.ready" am: f5646ff42b
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1895329

Change-Id: I0a0bfe16bf07ecf9cf231f175125dffaa22c4689
2021-12-02 03:49:13 +00:00
Treehugger Robot
f5646ff42b Merge "Add logd.ready" 2021-12-02 03:34:00 +00:00
Inseob Kim
9dc6d70044 Remove 26.0 and 27.0 compat support
Treble doesn't support T system + O vendor, so removing 26.0 (N) and
27.0 (O) prebuilts and compat files.

Bug: 207815515
Test: build
Change-Id: I98d5972221a8e77f3c45fc48ff50bb2b8eb94275
2021-12-02 10:22:10 +09:00
Inseob Kim
ae574d77d3 Merge "Add hal_dumpstate_service to ignore" am: 7182b2e56b
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1908650

Change-Id: Id04ec79fd5635f00a0ec5adb3652f65bfd2dae95
2021-12-02 00:55:30 +00:00
Thiébaud Weksteen
bc0d972e48 Merge "Migrate tests/ to Python 3" am: df4f088f9e
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1903451

Change-Id: Iddceab2ad8786cbf7bedeac43a3896e5ca6e0ee3
2021-12-02 00:55:17 +00:00
Inseob Kim
7182b2e56b Merge "Add hal_dumpstate_service to ignore" 2021-12-02 00:43:51 +00:00
Thiébaud Weksteen
df4f088f9e Merge "Migrate tests/ to Python 3" 2021-12-02 00:29:18 +00:00