A few netd avc denials are observed. Supress audit messages since they
don't cause a problem.
Bug: 77870037
Test: build, flash, boot
Change-Id: I019c5af62630fcd0a35e22c560b9043bba58f6f1
ro.enable_boot_charger_mode and sys.boot_from_charger_mode are moved to
new property contexts for charger props to remove exported*_prop.
Bug: 155844385
Test: boot device with ro.enable_boot_charger_mode
Change-Id: I17d195d3c9c002a42125d46a5efcdb890f1c2a5c
tombstoned.max_tombstone_coun becomes tombstone_config_prop to remove
exported*_default_prop
Bug: 155844385
Test: tombstoned is running and logcat shows no denials
Change-Id: I57bebb5766d790dc52d40a6d106f480e0e34fa4e
keyguard.no_require_sim becomes keyguard_config_prop to remove
exported*_default_prop
Bug: 155844385
Test: boot and see no denials
Change-Id: Icffa88b650a1d35d8c1cd29f89daf0644a79ddd3
To remove ambiguous context name exported_default_prop
Bug: 71814576
Test: boot and see no denials
Change-Id: I40eb92653fabc509419e07bb4bfa7301a8762352
To remove bad context names exported[23]_default_prop
Bug: 155844385
Test: m selinux_policy
Change-Id: Ic4bbc8e45d810368a96f6985c2234798e73be82d
Merged-In: Ic4bbc8e45d810368a96f6985c2234798e73be82d
(cherry picked from commit 072b01438e)
To clean up bad context name exported[23]_default_prop
Bug: 155844385
Test: m selinux_policy
Test: enter recovery mode
Change-Id: I312b6fa911a90dfc069a973c7916c67d92b7baa5
Due to AIDL HAL introduction, vendors can publish services
with servicemanager. vendor_service_contexts is labeled as
vendor_service_contexts_file, not nonplat_service_contexts_file.
And pack it to vendor partition.
Bug: 154066722
Test: check file label
Change-Id: Ic74b12e4c8e60079c0872b6c27ab2f018fb43969
1. Add surfaceflinger_display_prop property context
2. Set context for graphics.display.kernel_idle_timer.enabled
3. Context for system property that is get by surfaceflinger
and set by vendor_init and system_app.
W /system/bin/init: type=1107 audit(0.0:5): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=vendor.display.enable_kernel_idle_timer pid=2396 uid=1000 gid=1000 scontext=u:r:system_app:s0 tcontext=u:object_r:vendor_display_prop:s0 tclass=property_service permissive=0'
Bug:137064289
Test: $ make selinux_policy. Check kernel idle timer works correct.
Change-Id: I77a82b5abfe5a771418dab5d40b404a1cdca4deb
To allow vold to abort it.
Bug: 153411204
Test: vold can access it
Merged-In: I334eaf3459905c27d614db8eda18c27e62bea5fa
Change-Id: I334eaf3459905c27d614db8eda18c27e62bea5fa
A device must indicate whether GPU profiling is supported or not through
setting these two properties properly. CTS needs to read these two
properties in order to run corresponding compliance tests. Hence need to
update sepolicy for these two properties.
Bug: b/157832445
Test: Test on Pixel 4
Change-Id: I6f400ecbbd5e78b645bb620fa24747e9367c2ff3
Merged-In: I6f400ecbbd5e78b645bb620fa24747e9367c2ff3
A device must indicate whether GPU profiling is supported or not through
setting these two properties properly. CTS needs to read these two
properties in order to run corresponding compliance tests. Hence need to
update sepolicy for these two properties.
Bug: b/157832445
Test: Test on Pixel 4
Change-Id: I6f400ecbbd5e78b645bb620fa24747e9367c2ff3
Merged-In: I6f400ecbbd5e78b645bb620fa24747e9367c2ff3
A device must indicate whether GPU profiling is supported or not through
setting these two properties properly. CTS needs to read these two
properties in order to run corresponding compliance tests. Hence need to
update sepolicy for these two properties.
Bug: b/157832445
Test: Test on Pixel 4
Change-Id: I6f400ecbbd5e78b645bb620fa24747e9367c2ff3
There should be no need for this, and it allows probing for file existence.
Access to /data and more specifically labeled directories under it
(e.g. /data/app) is not affected.
Bug: 158088415
Test: Builds
Change-Id: Iac39629b1c7322dc2fd9a57c9f034cb2ba73793f
To remove bad context names, two contexts are added.
- telephony_config_prop
- telephony_status_prop
exported_radio_prop, exported2_radio_prop are removed. Cleaning up
exported3_radio_prop will be a follow-up task.
Exempt-From-Owner-Approval: cherry-pick
Bug: 152471138
Bug: 155844385
Test: boot and see no denials
Test: usim works on blueline
Change-Id: Iff9a4635c709f3ebe266cd811df3a1b4d3a242c2
Merged-In: Iff9a4635c709f3ebe266cd811df3a1b4d3a242c2
(cherry picked from commit 4d36eae8af)
To remove bad context names, two contexts are added.
- telephony_config_prop
- telephony_status_prop
exported_radio_prop, exported2_radio_prop are removed. Cleaning up
exported3_radio_prop will be a follow-up task.
Bug: 152471138
Bug: 155844385
Test: boot and see no denials
Test: usim works on blueline
Change-Id: Iff9a4635c709f3ebe266cd811df3a1b4d3a242c2
The fstab_suffix can be passed as 'androidboot.fstab_suffix=' on the
kernel command line, or as an Android DT node. It specifies an
override suffix for the fsmgr fstab search:
/odm/etc/fstab.${fstab_suffix}
/vendor/etc/fstab.${fstab_suffix}
/fstab.${fstab_suffix}
Bug: 142424832
Change-Id: I9c0acf7a5ae3cdba505460247decf2de9997cac1
Merged-In: I9c0acf7a5ae3cdba505460247decf2de9997cac1
Exported properties init.svc.* were world-readable, so making them
world-readable again to fix selinux denials.
Bug: 157474281
Test: m selinux_policy
Change-Id: I6d5a28b68061896e9cd2584c47aa60f6d36ed53f
Test: manually make sure that boot animation is resizing
when display is changed
Bug: 156448328
Merged-In: I9f754900a0b32551f656ce2097a3a41245b02218
Change-Id: I9f754900a0b32551f656ce2097a3a41245b02218
/apex/apex-info-file.xml is labeled as apex_info_file. It is
created/written by apexd once by apexd, and can be read by zygote and
system_server. The content of the file is essentially the same as the
return value of getAllPackages() call to apexd.
Bug: 154823184
Test: m
Merged-In: Ic6af79ddebf465b389d9dcb5fd569d3a786423b2
(cherry picked from commit f1de4c02cc)
Change-Id: Ic6af79ddebf465b389d9dcb5fd569d3a786423b2
compatible_property_only is meaningless to new types introduced after
Android P because the macro is for types which should have different
accessibilities depending on the device's launching API level.
Bug: N/A
Test: system/sepolicy/tools/build_policies.sh
Change-Id: If6b1cf5e4203c74ee65f170bd18c3a354dca2fd4
1) build_odm_prop and build_vendor_prop are added
These contexts will contain world-readable properties from
/odm/build.prop and /vendor/build.prop, respectively.
2) move more properties to build_prop
Following properties are set by /system/build.prop and now assigned as
build_prop:
- ro.adb.secure
- ro.build.type
- ro.product.cpu.abi
- ro.product.cpu.abilist
- ro.product.cpu.abilist32
- ro.product.cpu.abilist64
- ro.secure
Following properties are set by init/property_service.cpp and now
assigned as build_prop:
- ro.product.brand
- ro.product.device
- ro.product.manufacturer
- ro.product.model
- ro.product.name
Bug: 71814576
Bug: 155844385
Test: boot device and see no denials
Change-Id: Idd4f81de4d2d0fc4bdec2d7ecb08bb8e078dab58
This property allows us to disable sdcardfs if it is present. The old
property ended up getting repurposed, so a new one was needed.
Mediaprovider will also need to access this to determine what actions it
needs to take.
Test: builds
Bug: 155222498
Change-Id: I66ac106613cbb374f54659601e4ba3f61eaecd2f
Merged-In: I66ac106613cbb374f54659601e4ba3f61eaecd2f
To remove bad context names "exported*_prop". Other init.svc.*
properties explicitly become system internal prop.
Bug: 155844385
Test: boot and see no denials
Change-Id: I7a3b4103a4cea77035a6e831e3b6a49a45f15a35
The IPv6 link-local address is used to avoid expose device to out of
network segment.
BUG: 152544169
BUG: 155198345
Test: manual test.
Change-Id: I0ce8c12de9976c01e57a6433c7fb50235e907dc5
Merged-In: I0ce8c12de9976c01e57a6433c7fb50235e907dc5
Merged-In: I409aeccd31293bf0ae3be5b1dbafe5a74daaaa9d
/apex/apex-info-file.xml is labeled as apex_info_file. It is
created/written by apexd once by apexd, and can be read by zygote and
system_server. The content of the file is essentially the same as the
return value of getAllPackages() call to apexd.
Bug: 154823184
Test: m
Change-Id: Ic6af79ddebf465b389d9dcb5fd569d3a786423b2
This property allows us to disable sdcardfs if it is present. The old
property ended up getting repurposed, so a new one was needed.
Mediaprovider will also need to access this to determine what actions it
needs to take.
Test: builds
Bug: 155222498
Change-Id: I66ac106613cbb374f54659601e4ba3f61eaecd2f
This is to remove bad context name "exported3_system_prop".
- persist.sys.device_provisioned -> provisioned_prop
- sys.retaildemo.enabled -> retaildemo_prop
Bug: 154885206
Test: boot device and see no denials
Change-Id: Ia19a19d93d0689deb56d66fe0b039ace44e4836f
Bug: 156710131
Test: tested in userdebug with dumpstate.unroot set to true
Change-Id: Iabd636f109e719753fdd650f05e1a7af835c49d7
Signed-off-by: TeYuan Wang <kamewang@google.com>
The gpt_fdisk project was updated recently, but sepolicy was not updated
with it :) Now sgdisk can use BLKPBSZGET to detect the physical block
size. Seen on cuttlefish when adding external SD Card support to it.
avc: denied { ioctl } for comm="sgdisk" path="/dev/block/vold/disk:252,16"
dev="tmpfs" ino=8625 ioctlcmd=0x127b scontext=u:r:sgdisk:s0
tcontext=u:object_r:vold_device:s0 tclass=blk_file permissive=0
Bug: 156286088
Change-Id: I9f2df88ee253261b52f3022838380fbb1cab6da0
The gpt_fdisk project was updated recently, but sepolicy was not updated
with it :) Now sgdisk can use BLKPBSZGET to detect the physical block
size. Seen on cuttlefish when adding external SD Card support to it.
avc: denied { ioctl } for comm="sgdisk" path="/dev/block/vold/disk:252,16"
dev="tmpfs" ino=8625 ioctlcmd=0x127b scontext=u:r:sgdisk:s0
tcontext=u:object_r:vold_device:s0 tclass=blk_file permissive=0
Bug: 156286088
Change-Id: I9f2df88ee253261b52f3022838380fbb1cab6da0
For whatever reason sys.usb.config* has been labeled as
system_radio_prop, which doesn't make sense. Changing context name as
usb_prop. For the same reason exported_system_radio_prop is also
renamed to usb-related names.
Bug: 71814576
Bug: 154885206
Test: m selinux_policy
Change-Id: If30bc620dbeac926a8b9bcde908357fda739a6c1
Merged-In: If30bc620dbeac926a8b9bcde908357fda739a6c1
(cherry picked from commit 44fbcdb677)
For whatever reason sys.usb.config* has been labeled as
system_radio_prop, which doesn't make sense. Changing context name as
usb_prop. For the same reason exported_system_radio_prop is also
renamed to usb-related names.
Bug: 71814576
Bug: 154885206
Test: m selinux_policy
Change-Id: If30bc620dbeac926a8b9bcde908357fda739a6c1
Configures SELinux to allow ActivityManagerService to start a cacheinfo
service that is responsible for dumping per-process cache state.
Bug: 153661880
Test: adb shell dumpsys cacheinfo
Test: adb bugreport
Change-Id: Id6a4bdf2a9cb6d7f076b08706e0f91d377f38603
persist.sys.dalvik.vm.lib.2 is moved to a new context
dalvik_runtime_prop from bad context name.
Bug: 154885206
Test: boot device and see logcat
Change-Id: I9dea95105c266088d5f071bf2d890048f0999b0b
This is needed for the transcoding service to read from the
source fd and write to destination fd.
Bug: 145628554
Test: atest MediaTranscodeManagerTest
Change-Id: Icffed1e402bc2fb593e925de0742c0d7552b50bc
