Commit graph

47502 commits

Author SHA1 Message Date
Steven Moreland
0f1df85994 Merge "OWNERS cleanup" into main 2024-03-06 14:13:56 +00:00
Steven Moreland
c826453ca2 OWNERS cleanup
Bug: N/A
Test: N/A
Change-Id: I3e4bc8a5bc4dddb0bad25d5b9cb7ad1f84e8f041
2024-03-06 12:47:46 +00:00
Alice Ryhl
6b9aa6dc33 kcmdlinectrl: define system property for kcmdlinectrl
This defines the kcmdline_prop context for properties controlled by
kcmdlinectrl, and defines a property called kcmdline.binder for
switching between the Rust and C implementations of the Binder driver.

It is intended that additional kcmdline properties introduced in the
future would share the same kcmdline_prop context.

Test: Verified that setprop/getprop work and that the value is loaded properly at boot
Bug: 326222756
Change-Id: Iea362df98d729ee110b6058c6e5fa6b6ace03d8e
2024-03-06 12:05:24 +00:00
Treehugger Robot
157fa3fc22 Merge "Allow postinstall script to invoke pm shell commands." into main 2024-03-06 11:12:49 +00:00
Hansen Kurli
956d235e33 Remove tests for removed legacy vpns
Follow up of aosp/2849357 and aosp/2849358. Tests related to the
removed file_context objects should also be removed

Bug: 161776767
Test: checkfc -t private/file_contexts contexts/plat_file_contexts_test
Change-Id: Id986b739cc81af91aadf8853d685d41ad4238292
2024-03-06 15:47:59 +08:00
Jooyung Han
c6d23b47d8 Merge "Relax neverallows for vendor to use /system/bin/sh" into android14-tests-dev am: a1260cfa21
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2988072

Change-Id: If21747c23ef463345f1f2e19e0c389e084b2fd90
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-03-06 06:58:55 +00:00
Treehugger Robot
02d52b60d4 [automerger skipped] Merge "Grant lockdown integrity to all processes" into android14-tests-dev am: 9dba1b8892 -s ours
am skip reason: Merged-In If2ad34fbbf2c0d29ac54ab5d1be430623f86f1f7 with SHA-1 99a4cbcee7 is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2983718

Change-Id: Id6e863be8adeb1f2c35b31ac7336d8b3b0cd800d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-03-06 06:58:44 +00:00
Thiébaud Weksteen
27d142fe16 [automerger skipped] Grant lockdown integrity to all processes am: c1b65e5d53 -s ours
am skip reason: Merged-In If2ad34fbbf2c0d29ac54ab5d1be430623f86f1f7 with SHA-1 99a4cbcee7 is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2983718

Change-Id: I9f31a1c6be5825173d96e45f417332262cbaef84
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-03-06 06:58:40 +00:00
Jooyung Han
a1260cfa21 Merge "Relax neverallows for vendor to use /system/bin/sh" into android14-tests-dev 2024-03-06 06:18:53 +00:00
Treehugger Robot
9dba1b8892 Merge "Grant lockdown integrity to all processes" into android14-tests-dev 2024-03-06 06:18:07 +00:00
Yanfei Zhou
f89aad81a5 sepolicy: Grant hal_bluetooth_server to access udp_socket
This change updates neverallow list to allow accessing udp
sockets from hal_bluetooth_server.

Bug: 305104428
Bug: 328147587
Change-Id: Ic1d80c7cb1aa62969b541ee30686afd57ec51fb0
(cherry picked from commit 3a739f9bed)
2024-03-06 01:28:15 +00:00
Hansen Kurli
0e638112f2 Sepolicy setup for /data/misc/connectivityblobdb/
Create a new folder for connectivity blobs, to be used by
ConnectivityBlobStore for VPN and WIFI to replace legacy
keystore.
System server will need permissions to manage databases in the
folder and system server will create the folder in init.rc.

Bug: 307903113
Test: checkfc -t private/file_contexts contexts/plat_file_contexts_test
Test: build and manual test.
Change-Id: Ib51632af9624d8c3ebf2f752547e162a3fbbb1b0
2024-03-05 19:52:20 +00:00
Daniele Di Proietto
113f34aab8 Merge "Add perfetto persistent tracing configuration file" into main am: edfb82499e
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2967564

Change-Id: I7bf682d11afd9cd8dbb5717afc0dba0c9e25a1a7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-03-05 14:37:14 +00:00
Daniele Di Proietto
edfb82499e Merge "Add perfetto persistent tracing configuration file" into main 2024-03-05 14:25:23 +00:00
Treehugger Robot
fbd5ca646f Merge "tracefs: remove debugfs/tracing rules on release devices" into main am: a3a3559743
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2973489

Change-Id: Ib81b790347f8cbba93e08df9dee3ae5d52ea49c2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-03-05 14:15:27 +00:00
Treehugger Robot
a3a3559743 Merge "tracefs: remove debugfs/tracing rules on release devices" into main 2024-03-05 13:33:02 +00:00
Ryan Savitski
5ee2595e8b Merge "tracefs: allow using "/sys/kernel/tracing/buffer_percent" on release devices" into main am: d7a3de50a3
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2976491

Change-Id: I2ca80ec6e19eb00b753b5104995d1ed7f47e7980
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-03-05 12:05:30 +00:00
Kangping Dong
29c440880d Merge "[Thread] limit ot-daemon socket to ot-ctl" into main am: 564f1296b8
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2984172

Change-Id: I310acdc5860501c6725b91ca33165fb2778af7f7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-03-05 12:05:18 +00:00
Ryan Savitski
d7a3de50a3 Merge "tracefs: allow using "/sys/kernel/tracing/buffer_percent" on release devices" into main 2024-03-05 12:04:12 +00:00
Daniele Di Proietto
9a997590e1 Add perfetto persistent tracing configuration file
Bug: 325622427
Change-Id: Ia77a029dfddfb3108bb6fdd2d3c6d5b4d9909f7b
2024-03-05 11:30:36 +00:00
Kangping Dong
564f1296b8 Merge "[Thread] limit ot-daemon socket to ot-ctl" into main 2024-03-05 11:18:56 +00:00
Jooyung Han
6ece857f4f Relax neverallows for vendor to use /system/bin/sh
Since 202404, vendor components will use /system/bin/sh for system(3),
popen(3), etc.

Bug: 324142245
Test: system("readlink /proc/$$/exe") in vendor HALs
Change-Id: I521499678e87a7d0216a276e014888867f495803
(cherry picked from commit f0ba322926)
2024-03-05 19:09:05 +09:00
Maciej Żenczykowski
45686712d0 [automerger skipped] Merge "sepolicy: allow netutils_wrapper access to fs_bpf_vendor" into android14-tests-dev am: 4e02fed10f -s ours am: 4e3c63263f -s ours
am skip reason: Merged-In I7ff8a0319bec2f3a57c7ce48939b13b2fca182de with SHA-1 37ca69e5c8 is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2978635

Change-Id: I8f3e6e956b3481c98c42f7119a84e6a7b6e00967
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-03-05 08:29:57 +00:00
Maciej Żenczykowski
fc3aae7693 [automerger skipped] sepolicy: allow netutils_wrapper access to fs_bpf_vendor am: a4208e9f10 -s ours am: 405115efd7 -s ours
am skip reason: Merged-In I7ff8a0319bec2f3a57c7ce48939b13b2fca182de with SHA-1 37ca69e5c8 is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2978635

Change-Id: I98965df2edfec7ca4c17b420b29f243524f6996f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-03-05 08:29:54 +00:00
Maciej Żenczykowski
4e3c63263f [automerger skipped] Merge "sepolicy: allow netutils_wrapper access to fs_bpf_vendor" into android14-tests-dev am: 4e02fed10f -s ours
am skip reason: Merged-In I7ff8a0319bec2f3a57c7ce48939b13b2fca182de with SHA-1 37ca69e5c8 is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2978635

Change-Id: I325e645ddeeb165617ff7ee2199f0751b56fee76
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-03-05 07:47:28 +00:00
Maciej Żenczykowski
405115efd7 [automerger skipped] sepolicy: allow netutils_wrapper access to fs_bpf_vendor am: a4208e9f10 -s ours
am skip reason: Merged-In I7ff8a0319bec2f3a57c7ce48939b13b2fca182de with SHA-1 37ca69e5c8 is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2978635

Change-Id: If132bed3272ba8445ba3c9ba131ddc4b5926d7cc
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-03-05 07:47:24 +00:00
Maciej Żenczykowski
4e02fed10f Merge "sepolicy: allow netutils_wrapper access to fs_bpf_vendor" into android14-tests-dev 2024-03-05 07:14:51 +00:00
Matt Buckley
ee100057e0 Merge "Allow apps to access PowerHAL for FMQ" into main am: 19cb4c541f
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2978555

Change-Id: I27a9a5a1012270c305a2727951c3561c2eb56634
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-03-04 22:55:48 +00:00
Matt Buckley
19cb4c541f Merge "Allow apps to access PowerHAL for FMQ" into main 2024-03-04 22:22:41 +00:00
Stefan Andonian
efd8723a4e Merge "Enable platform_app to use perfetto/trace_data_file permissions in debug/eng builds." into main am: 79d1388d86
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2924820

Change-Id: I984a94aa4b6267aafc49adaf5ae45c99869080a8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-03-04 21:26:12 +00:00
Stefan Andonian
79d1388d86 Merge "Enable platform_app to use perfetto/trace_data_file permissions in debug/eng builds." into main 2024-03-04 20:23:11 +00:00
Ján Sebechlebský
449b8ccd88 Merge "Allow virtual camera to use fd's from graphic composer" into main am: f8ab94fa08
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2977091

Change-Id: I4a49700af6b9798045cf026c06d3cb68913cb596
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-03-04 15:49:46 +00:00
Ján Sebechlebský
f8ab94fa08 Merge "Allow virtual camera to use fd's from graphic composer" into main 2024-03-04 15:20:49 +00:00
Jiakai Zhang
625c4a9543 Allow postinstall script to invoke pm shell commands.
Bug: 311377497
Change-Id: I46653dcbbe1d1b87b3d370bee80aae2d60998fbe
Test: manual - Install an OTA package and see the hook called.
2024-02-29 23:12:32 +00:00
Dennis Shen
1bfa2552ad Merge "aconfig_storage: setup RO partitions aconfig storage files SELinux policy" into main am: 3041c33c91
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2982791

Change-Id: I3c601bb71699e80fb052b9d5c087fe792ec87f52
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-29 19:32:49 +00:00
Dennis Shen
3041c33c91 Merge "aconfig_storage: setup RO partitions aconfig storage files SELinux policy" into main 2024-02-29 19:03:00 +00:00
Kangping Dong
90495cc79f [Thread] limit ot-daemon socket to ot-ctl
It's better to explicitly disallow access to ot-daemon from other than
ot-ctl.

Bug: 323502847
Change-Id: Ic46ad4e8f3a1d21bbfc9f4f01e6a692aafcdb815
2024-02-29 23:43:34 +08:00
Dennis Shen
f008c29e47 aconfig_storage: setup RO partitions aconfig storage files SELinux
policy

system, system_ext, product and vendor partitions have aconfig storage
files under /<partition>/etc/aconfig dir. need to grant access to
aconfigd.

Bug: b/312459182
Test: m and tested with AVD
Change-Id: I9750c24ffa26994e4f5deadd9d772e31211a446a
2024-02-29 15:28:48 +00:00
Thiébaud Weksteen
c1b65e5d53 Grant lockdown integrity to all processes
The default policy for the "lockdown" access vector on Android was
introduced in commit bcfca1a6. While the "confidentiality" permission
was granted to all processes, the "integrity" was marked as
neverallowed.

Upstream, the support for that access vector was removed from kernel
5.16 onwards.

It was found that the "integrity" permission either does not apply to
Android or duplicates other access control (e.g., capabilities
sys_admin).

Instead of simply removing the neverallow rule, the access is granted to
all processes. This will prevent the proliferation of references to this
access vector in vendors' policies and ultimately facilitate its
removal.

Test: presubmit
Bug: 285443587
Bug: 269377822
Bug: 319390252
Change-Id: If2ad34fbbf2c0d29ac54ab5d1be430623f86f1f7
(cherry picked from commit 99a4cbcee7)
Merged-In: If2ad34fbbf2c0d29ac54ab5d1be430623f86f1f7
2024-02-28 18:10:29 -08:00
Stefan Andonian
ff413fd7d0 Enable platform_app to use perfetto/trace_data_file permissions in
debug/eng builds.

This change is to allow SystemUI, a platform_app, to start, stop,
and share Perfetto/Winscope traces.

Bug: 305049544
Test: Verified everything works on my local device.
Change-Id: I8fc35a5a570c2199cfdd95418a6caf0c48111c46
2024-02-28 20:31:44 +00:00
Dennis Shen
154a08ef7e Merge "aconfigd: create aconfig daemon selinux policy" into main am: 067f7db593
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2976451

Change-Id: Ib86e806430e8decea25e8de9b5f314891561e521
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-28 13:21:35 +00:00
Dennis Shen
067f7db593 Merge "aconfigd: create aconfig daemon selinux policy" into main 2024-02-28 12:31:26 +00:00
Carmen Jackson
6475d3676b [automerger skipped] Add rules for Perfetto to be used from system_server am: 77b2e52f74 -s ours am: 7fdf451d8d -s ours
am skip reason: Merged-In I7e4c044a6a2afb48c33d65cc421e797d77aacc12 with SHA-1 28b811df1c is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2977032

Change-Id: I674060405e05470708ce20d95cf828ab9c5b2b17
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-28 03:47:26 +00:00
Carmen Jackson
7fdf451d8d [automerger skipped] Add rules for Perfetto to be used from system_server am: 77b2e52f74 -s ours
am skip reason: Merged-In I7e4c044a6a2afb48c33d65cc421e797d77aacc12 with SHA-1 28b811df1c is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2977032

Change-Id: Ie115d6f1b4683ddc625809756a7caf824cd406d4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-28 03:06:01 +00:00
Matt Buckley
52c9b3b9a9 Allow apps to access PowerHAL for FMQ
This patch allows apps to access PowerHAL FMQ memory to send ADPF
messages.

Test: n/a
Bug: 315894228
Change-Id: I2733955807c40e63b688fcb0624db8acc8f9a139
2024-02-27 16:35:55 -08:00
Maciej Żenczykowski
a4208e9f10 sepolicy: allow netutils_wrapper access to fs_bpf_vendor
This is needed to allow vendor xt_bpf programs.

Bug: 325709490
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I7ff8a0319bec2f3a57c7ce48939b13b2fca182de
(cherry picked from commit 37ca69e5c8)
Merged-In: I7ff8a0319bec2f3a57c7ce48939b13b2fca182de
2024-02-27 23:46:04 +00:00
Thiébaud Weksteen
30404a42b8 Grant lockdown integrity to all processes
The default policy for the "lockdown" access vector on Android was
introduced in commit bcfca1a6. While the "confidentiality" permission
was granted to all processes, the "integrity" was marked as
neverallowed.

Upstream, the support for that access vector was removed from kernel
5.16 onwards.

It was found that the "integrity" permission either does not apply to
Android or duplicates other access control (e.g., capabilities
sys_admin).

Instead of simply removing the neverallow rule, the access is granted to
all processes. This will prevent the proliferation of references to this
access vector in vendors' policies and ultimately facilitate its
removal.

Test: presubmit
Bug: 285443587
Bug: 269377822
Bug: 319390252
Change-Id: If2ad34fbbf2c0d29ac54ab5d1be430623f86f1f7
(cherry picked from commit 99a4cbcee7)
Merged-In: If2ad34fbbf2c0d29ac54ab5d1be430623f86f1f7
2024-02-27 22:10:53 +00:00
Carmen Jackson
77b2e52f74 Add rules for Perfetto to be used from system_server
This includes rules for starting Perfetto as well as rules for
communicating over stdio between Perfetto and system_server.

This is a cherrypick of aosp/2958867 with prebuilts updated.

Bug: 325709490
Test: Presubmit
Change-Id: I7e4c044a6a2afb48c33d65cc421e797d77aacc12
Merged-In: I7e4c044a6a2afb48c33d65cc421e797d77aacc12
2024-02-27 04:22:31 +00:00
Florian Mayer
9ceda37b18 Merge "Allow shell and adb to read tombstones" into main am: 9d7d3c4a0e
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2974016

Change-Id: I2fdfb22d91512d081d1760952e23611a1d2e4917
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-26 22:02:00 +00:00
Florian Mayer
9d7d3c4a0e Merge "Allow shell and adb to read tombstones" into main 2024-02-26 21:12:25 +00:00