Commit graph

303 commits

Author SHA1 Message Date
Inseob Kim
ff2018fa84 Fix bpfmt
Bug: N/A
Test: N/A
Flag: NONE trivial format change
Change-Id: I8f6293dcc47a4ead347c4861ba929d4b3042c311
2024-04-17 09:55:49 +09:00
Nikita Ioffe
f1d47f78d2 Add sepolicy rules for microdroid_resources_file
Bug: 287593065
Test: run microdroid with vendor VM
Test: builds
Change-Id: I8c8fe90a0ed14d6af430206fe947a0f4ce4f68e5
2024-04-04 13:05:34 +00:00
Inseob Kim
9bad60cb1f Minimize microdroid public policy
Like core sepolicy.

Bug: 232023812
Test: atest MicrodroidHostTests MicrodroidTests
Change-Id: I704f8da4656d3bacf327792a2445d15aba8ecf2a
2024-03-28 15:23:18 +09:00
Nikita Ioffe
73282e4d1b Allow ueventd to relabel /dev/open-dice0
Other patch in this topic moves the initialisation of /dev/open-dice0 to
the first_stage_init which runs before the sepolicy is setup. However,
microdroid_manager should still be able to access the /dev/open-dice0,
hence this patch which grants ueventd permissions to relabel the device
and fix its permissions.

Bug: 287593065
Test: vm run-microdroid --protected
Change-Id: Iacf5b0aa9b85ee9f07abac35f6b43b7ec378bff4
2024-03-13 15:24:31 +00:00
Nikita Ioffe
8cc0e508ef Add /microdroid_resources to file_contexts
Bug: 287593065
Test: builds
Test: atest MicrodroidTests
Change-Id: Ide20bd031b85d73fa246d8b040245ce1f3983b5d
2024-03-12 15:39:00 +00:00
Alan Stokes
55ae799b21 Allow adbd to read file_contexts
Denials for this can cause local test failures.

The access is harmless, and is allowed in the host, so we also allow
it in the guest. And adbd does have a legitimate use for the access.

Bug: 328753027
Test: atest MicrodroidHostTests
      Run repeatedly on my test device
Change-Id: Ic2e991122527ae9a22babb417ad90f2ceb8d15fc
2024-03-08 16:47:06 +00:00
Jaewan Kim
2141ad5877 Use /proc/device-tree for reading AVF DT
Although /proc/device-tree is symlink to /sys/firmware/devicetree/base,
/proc/device-tree is the stable API but the absolute path may be
changed in the future.

Bug: 322465386
Test: atest CustomPvmfwHostTestCases
Change-Id: I81cbe8a4dddbac97e4fb94e6684d2a91127f3378
2024-02-01 01:53:59 +00:00
Inseob Kim
7bb2d4aa8b Allow microdroid's init to load vendor modules
Test: boot microdroid with customized rc script
Change-Id: Ic00a18f409d97f5c21912e3cf5dbb9110adc2269
2024-01-03 09:35:43 +09:00
Alan Stokes
ac5044870b Tweak sysfs_dt_avf permissions
Allow r_file_perms rather than just open+read, mainly because I saw
this denial:

avc:  denied  { getattr } for  comm="binder:11247_2"
path="/sys/firmware/devicetree/base/avf/guest/common/log"
dev="sysfs" ino=16469 scontext=u:r:virtualizationmanager:s0
tcontext=u:object_r:sysfs_dt_avf:s0 tclass=file permissive=0

Also refactor slightly in microdroid_manager.te.

Test: TH
Change-Id: If2963441b3490a502c293c7a7cdd204d9db7d48a
2023-12-19 17:42:05 +00:00
Inseob Kim
b85293be41 Add a label for payload accessible devices
payload_accessible_device label can be used by microdroid vendor's
file_contexts to allow payloads to access their assigned devices.

Bug: 306313100
Test: put vendor_file_contexts, boot microdroid, see labels
Change-Id: I91aeb3169d14160a2d80587e3eb2e7fde240f804
2023-11-09 16:08:49 +09:00
Treehugger Robot
adbef0cf37 Merge "Revert "Suppress a denial on VM boot"" into main 2023-10-31 02:29:57 +00:00
Nate Myren
0e15f2d9c5 Add appcompat override files and contexts to SELinux
This also allows the zygote to bind mount the system properties

Bug: 291814949
Test: manual
Change-Id: Ie5540faaf3508bc2d244c952904838d56aa67434
2023-10-23 18:34:12 +00:00
Nate Myren
8dff040569 Revert "Suppress a denial on VM boot"
This reverts commit faa538dbfc.

Reason for revert: aosp/2786963 implements the correct SEPolicy
Test: atest MicrodroidHostTests
Fixes: 306516077

Change-Id: Ia7e6db4ee4f7fa870093a34d1b8fde96d9e9b80a
2023-10-20 19:14:26 +00:00
Alan Stokes
faa538dbfc Suppress a denial on VM boot
The denial is correct, but is causing test failures. However it
appears to be harmless and VMs are operating just fine.

Suppress it until the correct policy is ready.

Bug: 306516077
Test: atest MicrodroidHostTests
Change-Id: I5d8545add4927c2521c3d4e9dc2b5bedb91c0f45
2023-10-20 10:59:52 +01:00
Inseob Kim
075c18b495 Remove remaining APEX sepolicy types am: 2f0bcc1b0a
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2761425

Change-Id: Id60354d0340ccd4be990c99b9a58d0eea01e1ebc
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-09-25 09:06:41 +00:00
Inseob Kim
2f0bcc1b0a Remove remaining APEX sepolicy types
Bug: 297794885
Test: boot cuttlefish
Change-Id: I2ff465217adcf1bb0267ea6d487a9a46b6584458
2023-09-25 11:19:44 +09:00
Xin Li
80690d5086 Merge "Merge Android U (ab/10368041)" into aosp-main-future 2023-08-28 22:13:48 +00:00
Treehugger Robot
33a68d6284 Merge "Policy changes for running payloads not as root" into main 2023-08-24 08:07:21 +00:00
Xin Li
e07dbe0a63 Merge Android U (ab/10368041)
Bug: 291102124
Merged-In: Id2cc5dbbafffb4633706e5cc728cb44abd417340
Change-Id: I77e68f17a1273958bcdc32b5a4b6a0ff3ffdfd2a
2023-08-23 17:20:59 -07:00
Alan Stokes
3105e3ef43 Allow init to access user mode helpers
This is in host sepolicy, looked like we pruned it because we didn't
need it - but now we do.

Bug: 297019386
Test: Run VM with encrypted storage, no denials
Change-Id: I6cd5f6bf98e9089ef7c3945c29242daea527592f
2023-08-23 16:25:50 +01:00
Alan Stokes
76fb93871d Policy changes for running payloads not as root
Allow Microdroid Manager to setuid/setgid when spawning Microdroid
Launcher.

Allow encryptedstore binary to chmod the root directory.

Also added some neverallow rules, because I was surprised that I
didn't trigger one.

Bug: 296393106
Test: atest MicrodroidTests
Change-Id: I1f224d59548162d0b36c2c9f32710db2c2da5869
2023-08-23 13:44:40 +01:00
Alan Stokes
25ab737cb7 Remove redundant allows
While searching the policy I came across some ancient TODOs, which can
now be done.

Bug: 186396070
Test: atest MicrodroidTests MicrodroidHostTests
Test: Manually run vm_shell start-microdroid
Change-Id: I21b9f992394b637399cc074dca8339e3167cf5af
2023-07-26 17:12:23 +01:00
Jiyong Park
bd1be6c554 Allow microdroid_payload to read /dev/console
The first serial device of the VM can be made bi-directional. When it is
used as an output device, it's via /dev/kmsg. microdroid_payload already
has a write access to it. When it is used as an input device, it's via
/dev/console. Grant microdroid_payload read access to the device.

Bug: 263360203
Test: atest MicrodroidTestApp:com.android.microdroid.test.MicrodroidTests#testConsoleInputSupported
Change-Id: Ief039d06ffbddee1e254d662a6c1f321a607d5f5
2023-06-29 19:03:34 +09:00
Nikita Ioffe
2db2ef7074 Merge "Reland "Change the stem name to microdroid_precompiled_s..."" am: d16d7d17e5 am: 4eb36f4615 am: c41885d19c
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2627369

Change-Id: I71474499b330e978abfd83392a1cfcc02425932c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-06-15 13:14:18 +00:00
Nikita Ioffe
d16d7d17e5 Merge "Reland "Change the stem name to microdroid_precompiled_s..."" 2023-06-15 10:27:39 +00:00
Nikita Ioffe
4e6839e677 Reland "Change the stem name to microdroid_precompiled_s..."
Bug: 285855150
Test: presubmit
Change-Id: I3343b7cf22165541f880fd1c88b27b0204c94c4b
2023-06-14 20:31:29 +00:00
Pawan Wagh
bd2b6d181a Merge "Revert "Change the stem name to microdroid_precompiled_sepolicy"" am: 899f6c0537 am: b23a691e10 am: 3d5b12e5e8
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2626909

Change-Id: I38d84ca00f8e30e42b4392ed53509040345e84a2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-06-14 20:05:48 +00:00
Pawan Wagh
899f6c0537 Merge "Revert "Change the stem name to microdroid_precompiled_sepolicy"" 2023-06-14 18:40:59 +00:00
Pawan Wagh
8f2923421e Revert "Change the stem name to microdroid_precompiled_sepolicy"
Revert submission 2625691

Reason for revert: b/287283650

Reverted changes: /q/submissionid:2625691

Change-Id: I775d07a388556796d25b4f5d99135d5878489ce8
2023-06-14 18:28:17 +00:00
Nikita Ioffe
714fc2abf1 Merge "Change the stem name to microdroid_precompiled_sepolicy" am: 437f31c328 am: 789c5a3430 am: 2d78078ee0
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2617776

Change-Id: I5f21a403fecf288f36b3f6cbc1234a5834a3c87b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-06-14 16:37:50 +00:00
Nikita Ioffe
437f31c328 Merge "Change the stem name to microdroid_precompiled_sepolicy" 2023-06-14 15:20:18 +00:00
Inseob Kim
367845c850 Add missing properties to microdroid am: deaa8b9f4a am: 20a9d569d2 am: 54ba7286ca
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2106044

Change-Id: If9cedd91479d5ea33bb986dd880d42f11bf8f7ff
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-06-09 06:32:49 +00:00
Inseob Kim
deaa8b9f4a Add missing properties to microdroid
The main motivation is to reduce log spams.

Bug: 268333203
Test: atest MicrodroidTests MicrodroidHostTestCases
Change-Id: Idffdcd7d543590d8c580b2282098d3abd8214f86
2023-06-09 11:30:24 +09:00
Nikita Ioffe
31d82c0dcd Change the stem name to microdroid_precompiled_sepolicy
Bug: 285855150
Test: m
Change-Id: I112ef67a7804f91e2a7c6b0998c8bbb436c57566
2023-06-08 00:00:06 +01:00
Steven Moreland
0bb95dd4fd Merge "strengthen proc_type neverallows" am: fd92d967ee am: 12523b02c3 am: 79190c4da7
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2599509

Change-Id: I210c48f15715cb5c4f808341d39beefc996e30c7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-05-24 20:14:29 +00:00
Steven Moreland
fd92d967ee Merge "strengthen proc_type neverallows" 2023-05-24 18:01:14 +00:00
Steven Moreland
8634a88595 strengthen proc_type neverallows
These were unnecessarily lax. Some additional places
additionally exclude only the generic proc type, but
we don't care about those places.

Bug: 281877578
Test: boot
Change-Id: I9ebf410c12a41888ab1f5ecc21c95c34fc36c0d0
2023-05-22 22:59:08 +00:00
David Anderson
465859abb7 Merge "Allow ueventd to access device-mapper." am: 73d18c2bfe am: 5f2482d0dd am: d223637c8a
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2591728

Change-Id: I76ff312e6d37a2abaf5b5144a6d13fcfc9c9421a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-05-19 21:34:43 +00:00
David Anderson
e09c0eee36 Allow ueventd to access device-mapper.
ueventd needs access to device-mapper to fix a race condition in symlink
creation. When device-mapper uevents are received, we historically read
the uuid and name from sysfs. However it turns out sysfs may not be
fully populated at that time. It is more reliable to read this
information directly from device-mapper.

Bug: 270183812
Test: libdm_test, treehugger
Change-Id: I36b9b460a0fa76a37950d3672bd21b1c885a5069
2023-05-17 11:07:19 -07:00
Treehugger Robot
e0339e83fd Merge "Fix dalvik property attribute for Microdroid" am: f850317561 am: 2325d5b92f am: d63c987ca2
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2519481

Change-Id: Ibbaa84dc3ffc65db06e22ea8c2de7e9aa3cde916
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-04-05 11:01:49 +00:00
Alan Stokes
f85f298b2f Fix dalvik property attribute for Microdroid
Commit 22fb5c7d24 migrated from property
types to attributes in some Microdroid rules, but omitted to
associated the attribute with the relevant types. So we fix that.

Bug: 274530433
Bug: 275469579
Bug: 276895565
Test: Will schedule a test run
Change-Id: I11194be9d1e352fa456c24a3b5784c18ccc03a69
2023-04-04 15:29:40 +01:00
Jiakai Zhang
2d0d80ae7f Merge "Allow system server to set dynamic ART properties." am: 326d35c04b am: 1502d1e604 am: afd4aee92d
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2513825

Change-Id: Ibe28079aa1641ee7503d2de375eb41b1c4b81e45
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-03-31 15:37:27 +00:00
Jiakai Zhang
22fb5c7d24 Allow system server to set dynamic ART properties.
This change gives a new type (dalvik_dynamic_config_prop) to some ART
properties such as dalvik.vm.dex2oat-cpu-set and adds a new rule to
allow system server to set them.

Bug: 274530433
Test: Locally added some code to set those properties and saw it being
  successfull.
Change-Id: Ie28602e9039b7647656594ce5c184d29778fa089
2023-03-31 11:46:05 +01:00
Nikita Ioffe
8c6c971b75 Merge "Add domain level neverallow to restrict access to ptrace" am: 1b4e9393d3 am: 41d6edd0e7 am: e63a597a47
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2505897

Change-Id: I9a6eb11e53ee60de60db6e6fc7fd9349c03f9540
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-03-29 13:05:22 +00:00
Nikita Ioffe
1b4e9393d3 Merge "Add domain level neverallow to restrict access to ptrace" 2023-03-29 11:46:26 +00:00
Treehugger Robot
982f5c6d29 Merge "microdroid: allow microdroid_manager to read AVF debug policy" am: 35a1bb8e32 am: d395216ffc am: aabbb5c6ca
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2505675

Change-Id: I1f7fb57a0f0476fcec64656a30ef29366f7a2b7f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-03-27 16:16:58 +00:00
Treehugger Robot
35a1bb8e32 Merge "microdroid: allow microdroid_manager to read AVF debug policy" 2023-03-27 14:48:13 +00:00
Nikita Ioffe
4bfda5ba89 Add domain level neverallow to restrict access to ptrace
Bug: 271562015
Test: m
Change-Id: I48f9a0fc5e708e15dd103d6ed369c8fe43d70495
2023-03-27 14:45:33 +01:00
Alan Stokes
5f7af06cb8 Remove policy for non-existent devices am: 4f92d5bd99 am: 1d33d118a5 am: cd10974d13
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2506240

Change-Id: Ibe1b923b0168ed58d75539626bb0714c4b65edf3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-03-27 09:27:33 +00:00
Jaewan Kim
867bc33ede microdroid: allow microdroid_manager to read AVF debug policy
Bug: 272752814
Test: atest on devices without AVF debug policy
Change-Id: I3fdbdd49f0e775b4b054328dc25c5f2ba1f9712f
2023-03-27 03:52:27 +00:00