Also guard all profcollect related entries with userdebug/eng only and
move them into one place.
Test: manual
Bug: 183487233
Bug: 194155753
Change-Id: If3399bb78b60f0367267e67573007ed72508279a
It's a test tool which is generally run as root, and will be deleted
eventually. It doesn't need its own label; system_file works fine.
We never actually allowed it anything, nor defined a transition into
the domain.
Bug: 194474784
Test: Device boots, no denials
Test: compos_key_cmd run from root works
Change-Id: If118798086dae2faadeda658bc02b6eb6e6bf606
This adds a new property prefix owned by snapuserd, for communicating
when the service is ready to accept connections (snapuserd.ready and
snapuserd.proxy_ready).
This also adds a new socket context. This is a seqpacket socket used to
communicate with a special instance of snapuserd that bridges to the
first-stage daemon.
Bug: 193833730
Test: no denials after OTA applies and boots
Change-Id: Ibad03659eba5c25e205ba00f27d0b4f98585a84b
microdroid_payload attribute is for processes meant to be run by
microdroid_manager as a payload. Other than microdroid_payload and
crash_dump, transition from microdroid_manager will not be permitted.
Bug: 191263171
Test: atest MicrodroidHostTestCases
Test: atest ComposHostTestCases
Change-Id: I959a8ad8ed83c8de254d7af61fd30bcbffe6b070
The test for the services has been running with selinux disabled. To
turn selinux on, required rules are allowed.
Below is the summary of the added rules.
* crosvm can read the composite disk files and other files (APKs,
APEXes) that serve as backing store of the composite disks.
* virtualizationservice has access to several binder services
- permission_service: to check Android permission
- apexd: to get apex files list (this will be removed eventually)
* Both have read access to shell_data_file (/data/local/tmp/...) for
testing purpose. This is not allowed for the user build.
* virtualizationservice has access to the pseudo terminal opened by adbd
so that it can write output to the terminal when the 'vm' tool is
invoked in shell.
Bug: 168588769
Test: /apex/com.android.virt/bin/vm run-app --log /dev/null
/data/local/tmp/virt/MicrodroidDemoApp.apk
/data/local/tmp/virt/MicrodroidDemoApp.apk.idsig
/data/local/tmp/virt/instance.img
assets/vm_config.json
without disabling selinux.
Change-Id: I54ca7c255ef301232c6e8e828517bd92c1fd8a04
The denial occurs when system_server dynamically loads AOT artifacts at
runtime.
Sample message:
type=1400 audit(0.0:4): avc: denied { execute } for comm="system_server" path="/data/misc/apexdata/com.android.art/dalvik-cache/arm64/system@framework@com.android.location.provider.jar@classes.odex" dev="dm-37" ino=296 scontext=u:r:system_server:s0 tcontext=u:object_r:apex_art_data_file:s0 tclass=file permissive=0
Currently, system_server is only allowed to load AOT artifacts at startup. odrefresh compiles jars in SYSTEMSERVERCLASSPATH, which are supposed to be loaded by system_server at startup. However, com.android.location.provider is a special case that is not only loaded at startup, but also loaded dynamically as a shared library, causing the denial.
Therefore, this denial is currently expected. We need to compile com.android.location.provider so that its AOT artifacts can be picked up at system_server startup, but we cannot allow the artifacts to be loaded dynamically for now because further discussion about its security implications is needed. We will find a long term solution to this, tracked by b/194054685.
Test: Presubmits
Bug: 194054685
Change-Id: I3850ae022840bfe18633ed43fb666f5d88e383f6
This is necessary (but not sufficient) to allow CompOsTestCase to
run. Without it we have problems because
system/sepolicy/apex/com.android.art-file_contexts references
dex2oat_exec, and we get an error:
SELinux : Context u:object_r:dex2oat_exec:s0 is not valid (left unmapped).
Bug: 194474784
Test: atest CompOsTestCase (with memory fix patched in)
Change-Id: If229b9891c8fb1acce8d0502675c1712bfed180c
These services are used for running tests on Cuttlefish.
Bug: 191781736
Test: atest aidl_lazy_test
Test: atest hidl_lazy_test
Change-Id: Iec43c3d19ba5072dbfa6573a6d74106672f94972
Like the existing dontaudit, fsverity_init shouldn't need to view
unrelevant keys.
Bug: 193474772
Test: m
Change-Id: I177bacdb89d0ed967cae84f109a5e841f2e7349f
Allow system_suspend to server the suspend AIDL hal service.
Bug: 170260236
Test: Check logcat for supend avc denials
Change-Id: Ie4c07e2e8d75fd4b12e55db15511060e09be59cf
Allows dexopt to read odsign verification status and use on-device
generated artifacts when dexopting after an OTA.
Bug: 194069492
Test: manually apply ota, see no denials for reading property
Change-Id: I97acfc17ffd9291d1a81906c75039f01624dff0f
This service was renamed in
commit 8aaf796f980f21a8acda73180a876095b960fc28
after the mapping files were originally created in
commit 4f20ff73ee.
Bug: 191304621
Test: Merge redfin_vf_s T-based system with S-based vendor.
Change-Id: I3430f13a3438c06c6cb469a35a80390f83b1c0b4
Virtualizationservice should be able to read
* /apex/apex-info-list.xml: apex_info_file
* /data/apex/{active, uncompressed}: staging_data_file,
apex_data_file
and pass them to guest OS.
Bug: n/a
Test: atest MicrodroidHostTestCases
(see logcat for denials)
Change-Id: Ia9dab957a6f912aa193d58e2817a00d4a39b4536
ro.lmk.filecache_min_kb property allows vendors to specify min filecache
size in KB that should be reached after thrashing is detected.
Bug: 193293513
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I927f4a1c81db3f284353fe4ab93bf454acff69b7
This means that toolbox doesn't need permission to delete it.
Bug: 192917795
Bug: 193365943
Test: flashed on a VIM3L and booted
Change-Id: Ic0182c1c4eb84eb94f4db27d00effcd906ebed09
As "/storage/emulated/0/Android/obb, /storage/emulated/0/Android/data" might be labeledfs (f2fs),
Zygote needs to be allowed to unmount labeledfs while unmounting "/storage".
Here's the warning if we do not add it.
avc: denied { unmount } for scontext=u:r:zygote:s0 tcontext=u:object_r:labeledfs:s0 tclass=filesystem permissive=0
Bug:192989523
Test:adb shell stop; adb shell start; check no warning log
Change-Id: I74ce9bed29ec7da536a261a4fea25628f3d382ef
Grant access to odsign to read & delete pending key files. Eventually
we will grant the CompOS daemon write access.
Bug: 190166662
Test: Via odsign; no denials seen.
Change-Id: I6d3c3e5b2aec8ef65bd28cbb274d18263534ce66
