Commit graph

40583 commits

Author SHA1 Message Date
Jakub Rotkiewicz
1784feae44 Bluetooth: Added sepolicy for Snoop Logger filtering
Bug: 247859568
Tag: #feature
Test: atest BluetoothInstrumentationTests
Test: atest bluetooth_test_gd_unit

Change-Id: Ic5036cc03e638e38ff87e44d61ed241f6168f335
2023-01-27 14:13:52 +00:00
Alan Stokes
7e754a1c56 Remove references to asan_extract
This type doesn't exist in Microdroid.

Bug: 266871002
Test: m SANITIZE_TARGET=address com.android.virt
Change-Id: I2ca6db9669eafc4037bbf87bdcff60935893d93f
2023-01-27 10:42:45 +00:00
Inseob Kim
f9c5ae3360 Merge "microdroid: Add prop to wait for /data/tombstones" 2023-01-27 01:05:54 +00:00
Inseob Kim
ebc4742480 microdroid: Add prop to wait for /data/tombstones
Bug: 266470759
Test: atest MicrodroidHostTestCases MicrodroidTestApp
Change-Id: Ie9992e105e57f1088a6016f0179c7dc3d285a7ed
2023-01-26 22:16:28 +09:00
Tri Vo
59a30a8c17 credstore: Switch to new RKPD build flag.
Test: CtsIdentityTestCases
Change-Id: I6c0a533a890e4fa51c475452cf50ebe3706a90c8
2023-01-25 20:42:34 +00:00
Alessandra Loro
80ea9f1219 [automerger skipped] Drop back-compatibility for hiding ro.debuggable and ro.secure am: c6aec92b7c -s ours
am skip reason: Merged-In I47f2ddc4fa87bf6c8f872d2679348b2eecddcaad with SHA-1 8a7dcb5e1e is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2399373

Change-Id: I8513e2cf38a4c2e7bb1ba0202c22266803df5079
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-01-25 11:18:10 +00:00
Alessandra Loro
3d8ae78b71 [automerger skipped] Disallow untrusted apps to read ro.debuggable and ro.secure am: 0d68fc3525 -s ours
am skip reason: Merged-In I40ac5d43da5778b5fa863b559c28e8d72961f831 with SHA-1 d0e108fbbe is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2399372

Change-Id: Ia177a221b0d022f8db3af87df458f16788328080
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-01-25 11:18:08 +00:00
Seth Moore
0afe97a38f Add build flag indicating that rkpd is enabled.
Platforms, such as cuttlefish, are RKP only, and are using a new
version of keymint that is not compatible with the old
RemoteProvisioner. Therefore, we must ensure that the configuration
is fixed and cannot be turned off.

Bug: 266482839
Test: RemoteProvisionerUnitTests
Test: keystore2_client_tests
Test: RkpdAppUnitTests
Change-Id: Ib7b3128b27c4a26fdd2dbdc064b491f7a3d3cd92
2023-01-24 08:54:22 -08:00
Alessandra Loro
c6aec92b7c Drop back-compatibility for hiding ro.debuggable and ro.secure
Ignore-AOSP-First: cherry-pick for tm-qpr-dev
Bug: 193912100
Bug: 265874811
Test: N/A for cherry-pick
Change-Id: I47f2ddc4fa87bf6c8f872d2679348b2eecddcaad
Merged-In: I47f2ddc4fa87bf6c8f872d2679348b2eecddcaad
2023-01-23 12:06:37 +00:00
Alessandra Loro
0d68fc3525 Disallow untrusted apps to read ro.debuggable and ro.secure
ro.secure and ro.debuggable system properties are not intended
to be visible via Android SDK. This change blocks untrusted
apps from reading these properties.

Test: n/a  for cherry-pick
Ignore-AOSP-First: cherry-pick for tm-qpr-dev
Bug: 193912100
Bug: 265874811
Change-Id: I40ac5d43da5778b5fa863b559c28e8d72961f831
Merged-In: I40ac5d43da5778b5fa863b559c28e8d72961f831
2023-01-23 12:06:14 +00:00
Jeffrey Vander Stoep
eff7d756e1 Merge "runas_app: allow sigkill of untrusted_app" 2023-01-20 16:20:15 +00:00
Inseob Kim
fa7661b454 Merge "Add tombstone_transmit init property to microdroid" 2023-01-20 14:41:15 +00:00
Inseob Kim
ef0328cf94 Add tombstone_transmit init property to microdroid
Bug: 265594221
Test: atest MicrodroidHostTestCases
Change-Id: I5138e91cd53821fa9ab26e17e19123e55f89ae63
2023-01-20 17:37:47 +09:00
Jeff Vander Stoep
5a6c0a755d runas_app: allow sigkill of untrusted_app
It is safe to grant this permission because:
 * UID restrictions will prevent killing arbitrary apps.
 * Runas enforces restrictions preventing transitioning to UIDs of apps
   that are not debuggable.

Addresses:
avc: denied { sigkill } for scontext=u:r:runas_app:s0:c87,c257,c512,c768
tcontext=u:r:untrusted_app:s0:c87,c257,c512,c768 tclass=process
permissive=0 app=com.example.myapplication

Bug: 263379256
Test: Build and deploy any Android app in debug mode
   adb shell
   run-as com.example.myapplication
   kill -SIGKILL <pid>
Change-Id: I1e4588a9a1c7ee71e0396fbd1ea5e1b24720bd62
2023-01-20 09:02:19 +01:00
Yuyang Huang
cfdea5f4f3 Blocks untrusted apps to access /dev/socket/mdnsd from U
The untrusted apps should not directly access /dev/socket/mdnsd since
API level 34 (U). Only adbd and netd should remain to have access to
/dev/socket/mdnsd. For untrusted apps running with API level 33-, they
still have access to /dev/socket/mdnsd for backward compatibility.

Bug: 265364111
Test: Manual test
Change-Id: Id37998fcb9379fda6917782b0eaee29cd3c51525
2023-01-20 15:25:46 +09:00
Seth Moore
e6945d0046 Merge "Add remote_provisioning.hostname property" 2023-01-19 22:56:21 +00:00
Tri Vo
7fc3a5f4a5 Merge "credstore: Add missing permissions" 2023-01-19 18:18:33 +00:00
Seth Moore
4836d9c6ee Merge "Allow remote provisioner to read rkpd enablement property" 2023-01-19 17:43:17 +00:00
Jörg Wagner
9a3d794113 Merge "Grant surfaceflinger and graphics allocator access to the secure heap" 2023-01-19 13:03:06 +00:00
Jörg Wagner
213e1d8ea0 Grant surfaceflinger and graphics allocator access to the secure heap
Transfers access permissions into the system policy which
would otherwise be setup on a per-device basis in exactly
the same recurring way.

For surfacefliner it avoids errors when it
(via its dependent graphics libraries) tries to allocate
memory from the protected heap, e.g. when operating on a
Vulkan device with protected memory support.

Bug: 235618476
Change-Id: I7f9a176c067ead2f3bd38b8c34fc55fa39d87655
2023-01-19 09:02:56 +00:00
Jiakai Zhang
9bbc1c0e72 Explicitly list "pm.dexopt." sysprops.
Bug: 256639711
Test: m
Change-Id: I5e6bd4fd8ec516a23f4e3a5658a651f04d40412c
2023-01-19 12:07:25 +08:00
Seth Moore
02ff4b02cc Allow remote provisioner to read rkpd enablement property
This way, remote provisioner can decide to noop when rkpd is
enabled.

Test: RemoteProvisionerUnitTests
Change-Id: I9c300360dc08c6d70431b83e1db714941d8caca1
2023-01-19 03:13:23 +00:00
Treehugger Robot
347a7d5c3c Merge "Modify the automotive display service file context" 2023-01-19 00:35:18 +00:00
Alistair Delva
e7fc603518 Merge "Add missing permissions for default bluetooth hal" 2023-01-18 22:16:06 +00:00
Seth Moore
7ed4c00496 Add remote_provisioning.hostname property
This property contains the server name for the remote provisioning
service, if any, used by the device.

Test: RkpdAppUnitTests
Change-Id: Iad7805fe6da1ce89a9311d5caf7c9c651af2d16d
2023-01-18 13:44:47 -08:00
Treehugger Robot
9b69f0de58 Merge "Allow mkfs/fsck for zoned block device" 2023-01-18 15:45:02 +00:00
Orion Hodson
2ff660e134 Merge "Additional sepolicy rules for dex2oat" 2023-01-18 11:35:39 +00:00
Jaegeuk Kim
b5f16b2392 Allow mkfs/fsck for zoned block device
Zoned block device will be used along with userdata_block_device
for /data partition.

Bug: 197782466
Change-Id: I777a8b22b99614727086e72520a48dbd8306885b
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
2023-01-17 17:59:28 -08:00
Tri Vo
99f88846ff credstore: Add missing permissions
Bug: 261214100
Test: CtsIdentityTestCases
Change-Id: I6a70ed279f65d1cb4bfa0d53fa0e0f25d00d44b5
2023-01-17 16:07:19 -08:00
Lorenzo Colitti
b8194ca7fb Merge "Update SEPolicy for Tetheroffload AIDL" 2023-01-18 00:04:51 +00:00
Jiakai Zhang
7789460457 Allow artd to create dirs and files for artifacts before restorecon.
Bug: 262230400
Test: -
  1. Remove the "oat" directory of an app.
  2. Dexopt the app using ART Service.
  3. See no SELinux denials.
Change-Id: I717073b0172083d73a1b84e5c2bea59076663b2f
2023-01-18 01:07:49 +08:00
Orion Hodson
c09e7e4674 Additional sepolicy rules for dex2oat
Enable reading vendor overlay files and /proc.

Fix: 187016929
Test: m
Change-Id: I7df17b4fcc8a449abe2af4bc8394d0224243799c
2023-01-17 15:43:58 +00:00
Treehugger Robot
cc39bf74f1 Merge "Allow all system properties with the "pm.dexopt." prefix." 2023-01-17 01:24:34 +00:00
Jiakai Zhang
cda13660d7 Allow all system properties with the "pm.dexopt." prefix.
We use this as a namespace of all system properties used by ART Service.
As ART Service is in the updatable ART module, we need to be able to add
new properties.

Bug: 256639711
Test: Presubmit
Change-Id: Idcee583abccef9c0807699122074eb26927ca57b
2023-01-16 21:24:07 +08:00
Changyeon Jo
edf5420830 Modify the automotive display service file context
The automotive display service is moved to /system_ext partition.

Bug: 246656948
Test: Build selinux policy for aosp_cf_x86_64_only_auto target.
      > lunch aosp_cf_x86_64_only_auto-userdebug
      > m -j selinux_policy
Change-Id: If822e54aa99053c1aaee9f41d067860ea965c2f2
2023-01-15 01:31:09 +00:00
Treehugger Robot
fa767b0e4a Merge "dontaudit crosvm reading VM's pipe" 2023-01-14 00:14:23 +00:00
Tri Vo
9a63dcb2ee Merge "Add rkpdapp access to remote_prov_prop" 2023-01-13 18:16:19 +00:00
David Brazdil
28e9b97993 Merge "virtualizationservice: Allow checking permissions" 2023-01-13 13:00:48 +00:00
Treehugger Robot
c8882d3e23 Merge "refactor: get_prop(bpfdomain, bpf_progs_loaded_prop)" 2023-01-13 11:27:11 +00:00
Akilesh Kailash
bae423e9c5 Merge "Allow files to be created /metadata/ota" 2023-01-13 06:35:33 +00:00
Inseob Kim
42798af0cb dontaudit crosvm reading VM's pipe
Bug: 238593451
Test: boot microdroid and see console
Change-Id: I46712759240a9f091936c6a81bb02679c267b8b8
2023-01-13 14:08:16 +09:00
David Brazdil
ccf9164abc virtualizationservice: Allow checking permissions
Bug: 245727626
Test: atest -p packages/modules/Virtualization:avf-presubmit
Change-Id: Ia49d7db3edeb465fd8b851aed8646964ee6f5af2
2023-01-12 21:10:33 +00:00
Henri Chataing
9ff3423527 Add missing permissions for default bluetooth hal
Test: launch_cvd
Bug: 205758693
Change-Id: Ie55352bbe48c5eef281a293bedc5aa057f5dcdad
Merged-In: Ie55352bbe48c5eef281a293bedc5aa057f5dcdad
2023-01-12 19:02:57 +00:00
Tri Vo
7b9b6a04ed Add rkpdapp access to remote_prov_prop
Test: presubmit
Change-Id: I7f4593e580f9d762a38b6e1b3e9db7c74e3eb984
2023-01-12 09:50:28 -08:00
Thomas Nguyen
3445819d5a Add IRadioSatellite context
Bug: 260644201
Test: atest VtsHalRadioTargetTes

Change-Id: I43555e1f076cdf96fb0b7805cd664d7ba6798aec
2023-01-10 18:27:41 +00:00
Nathalie Le Clair
98e20da831 Merge "HDMI: Refactor HDMI packages" 2023-01-10 17:05:17 +00:00
Kalesh Singh
460c2ac995 Merge "suspend: Allow access to /sys/power/wake_[un]lock" 2023-01-09 17:55:09 +00:00
Alan Stokes
c5b914670f Suppress harmless denial
Commit 2d736569e716b5c143f296ae124bcfed9630a4d2 improved the logging
in virtualization service by attempting to get the real path from
/proc/self/fd/N for various files.

However, CompOS stores its log files in a directory
(/data/misc/apexdata/...) which VS has no access to, triggering an
SELinux denial:

avc: denied { search } for name="apexdata"
scontext=u:r:virtualizationmanager:s0
tcontext=u:object_r:apex_module_data_file:s0 tclass=dir

Suppress this denial, since it causes no harm (we just don't log the
real path).

Bug: 264496291
Bug: 251751405
Test: composd_cmd test-compile;
 see no denials
Change-Id: Ia55e593c0c0735b8f3085a964f0c789c177375f2
2023-01-09 11:34:52 +00:00
Thiébaud Weksteen
d03656b281 Merge "Grant SIGTERM and SIGKILL to dumpstate on incident" 2023-01-09 02:02:48 +00:00
Bill Yi
8c544a4c73 Merge "Merge TQ1A.230105.002 to aosp-master - DO NOT MERGE" 2023-01-06 19:33:52 +00:00