Commit graph

13644 commits

Author SHA1 Message Date
Treehugger Robot
4ca98248ca Merge "te_macros: remove print macro" 2018-02-02 20:25:42 +00:00
Treehugger Robot
eccb39f6bd Merge "Track priv_app SELinux denial." 2018-02-02 19:28:11 +00:00
Tri Vo
a7b63e4e44 Merge "Add prebuilts/api/27.0/nonplat_sepolicy.cil." 2018-02-02 18:32:15 +00:00
Joel Galenson
c883689b07 Track priv_app SELinux denial.
This should fix presubmit tests.

Bug: 72749888
Test: Built policy.
Change-Id: Ie55127f1b570832c03878d1c697262239ac14003
2018-02-02 09:31:34 -08:00
Jeff Vander Stoep
d28c0569ee te_macros: remove print macro
aosp/605217 adds the following lines:
genfscon tracefs /options/print-tgid u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/options/print-tgid u:object_r:debugfs_tracing:s0

However, the m4 pre-processing step of selinux policy compilation outputs:
genfscon tracefs /options/-tgid u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/options/-tgid u:object_r:debugfs_tracing:s0

And as a result of the "print" it prints:
m4: system/sepolicy/private/genfs_contexts: 177:
m4: system/sepolicy/private/genfs_contexts: 203:

Due to the following macro:
https://android.googlesource.com/platform/system/sepolicy/+/oreo-mr1-dev/public/te_macros#580

This change removes the now-deprecated print macro to unblock
aosp/605217.

Bug: 72862003
Test: verify that the m4 output for aosp/605217 is correct.
Change-Id: Ia4ec96e16b98e8df241cceb64e3f3b7bea9a7f3d
2018-02-02 09:21:24 -08:00
Treehugger Robot
5d422a305d Merge "Allow vendor_init and e2fs to enable metadata encryption" 2018-02-02 00:49:40 +00:00
Bowgo Tsai
e2f6013543 Revert "Renames nonplat_* to vendor_*"
This reverts commit 9aa8496fc9.
Fix angler/bullhead boot failure.

Bug: 72787689
Test: build
Change-Id: I77671a74cd952544a1dbb3daabc2bb449a7c2cf2
2018-02-02 08:14:02 +08:00
Bowgo Tsai
d0cbb90509 Revert "Using a python script to build sepolicy"
This reverts commit 3506ad3f31.
Fix angler/bullhead boot failure.

Bug: 72787689
Test: build
2018-02-02 08:00:38 +08:00
Paul Crowley
d9a4e06ec5 Allow vendor_init and e2fs to enable metadata encryption
Bug: 63927601
Test: Enable metadata encryption in fstab on Taimen, check boot success.

Change-Id: Iddbcd05501d360d2adc4edf8ea7ed89816642d26
2018-02-01 13:25:34 -08:00
Treehugger Robot
518ad4aaa5 Merge "Track priv_app SELinux denial." 2018-02-01 21:20:30 +00:00
Treehugger Robot
a4b7a7cc14 Merge "Add this rule allows incidentd CTS tests be able to use incident command to fetch data from shell." 2018-02-01 19:01:31 +00:00
Joel Galenson
0eee7ed32c Track priv_app SELinux denial.
This should fix presubmit tests.

Bug: 72811052
Test: Built policy.
Change-Id: Ifcfe71c717a3b1e59cd1810c7f9be588d48c99a5
2018-02-01 09:38:57 -08:00
Bowgo Tsai
37d474f0e9 Fix boot failure on angler/bullhead
Need use 'nonplat_service_contexts_file' as the file context for
/vendor_service_context on non full-treble device.
Otherwise, servicemanager can't read the file.

Bug: 72787689
Test: build
Change-Id: Ib54e4f2501c7bbf8b397eacf4afadfae344ddd03
2018-02-01 22:25:21 +08:00
Treehugger Robot
310e8a559b Merge "Add neverallow rules to restrict reading radio_prop" 2018-02-01 04:35:49 +00:00
Treehugger Robot
829a88b7ee Merge "Remove app access to qtaguid ctrl/stats file" 2018-02-01 02:00:15 +00:00
Tri Vo
9bcce08b14 Add prebuilts/api/27.0/nonplat_sepolicy.cil.
This file is /vendor/etc/selinux/nonplat_sepolicy.cil from aosp_arm64-eng
from mr1-dev

Bug: 69390067
Test: prebuilt only change
Change-Id: I717513ae66e806afe0071cf5b42e9f709264d0b6
2018-01-31 16:26:16 -08:00
Yin-Chia Yeh
15238f7cc9 Merge "Camera: sepolicy for external camera" 2018-01-31 22:35:24 +00:00
Treehugger Robot
c219fac94e Merge "Track priv_app SELinux denial." 2018-01-31 22:24:43 +00:00
Yi Jin
1002de4b24 Add this rule allows incidentd CTS tests be able to use incident
command to fetch data from shell.

Bug: 72502621
Test: N/A
Change-Id: I5b581f647c2f2932f0e3711965b98351ef7e6063
2018-01-31 12:33:57 -08:00
Joel Galenson
2218696a3d Track priv_app SELinux denial.
This should fix presubmit tests.

Bug: 72749888
Test: Built policy.
Change-Id: I588bba52d26bcc7d93ebb16e28458d9125f73108
2018-01-31 12:22:30 -08:00
Ruchi Kandoi
0be3fbf5b2 Add sepolicy for NFC 1.1 HAL service
Bug: 72746517
Test: Boot a device and check NFC 1.1 service loads
Change-Id: Ia281af8add0371525971f076bf513c694e7ea912
2018-01-31 11:18:35 -08:00
Treehugger Robot
31f2ec19e8 Merge "Clean up bug_map." 2018-01-31 17:32:27 +00:00
Joel Galenson
60575233bc Disallow most domains from getting dac_override and dac_read_search.
Instead of getting these permissions, it is better to add the process
to a group or change the permissions of the files it tries to access.

Test: Built the policy for many devices.
Change-Id: If023d98bcc479bebbedeedf525965ffb17a0e331
2018-01-31 08:45:03 -08:00
Bowgo Tsai
3506ad3f31 Using a python script to build sepolicy
Current sepolicy CIL files are built by several command-line tools
in Android.mk. This change extracts some of the build logic into a
python script to relief the effort in Android.mk.

The first command is `build_sepolicy build_cil`. It's possible to add
more sub-commands under the build_sepolicy script in the future.

Bug: 64240127
Test: build and boot a device
Test: checks the content of $OUT/vendor/etc/selinux/vendor_sepolicy.cil
      is the same as before
Change-Id: I0b64f1088f413172e97b579b4f7799fa392762df
2018-01-31 14:37:47 +08:00
Bowgo Tsai
9aa8496fc9 Renames nonplat_* to vendor_*
This change renames the non-platform sepolicy files on a DUT from
nonplat_* to vendor_*.

It also splits the versioned platform sepolicy from vendor_sepolicy.cil
to a new file /vendor/etc/selinux/plat_pub_versioned.cil. And only keeps
vendor customizations in vendor_sepolicy.cil.

Build variable BOARD_SEPOLICY_DIRS is also renamed to
BOARD_VENDOR_SEPOLICY_DIRS.

Bug: 64240127
Test: boot an existing device
Change-Id: Iea87a502bc6191cfaf8a2201f29e4a2add4ba7bf
2018-01-31 14:37:39 +08:00
Treehugger Robot
6a12458fe4 Merge "Allow input system access to /dev/v4l-touchX" 2018-01-31 05:14:24 +00:00
Jaekyun Seok
5205905568 Add neverallow rules to restrict reading radio_prop
This CL will allow only specific components to read radio_prop.

Bug: 72459527
Test: tested with walleye
Change-Id: I6b6c90870987de976187ff675005c5d964b48cda
2018-01-31 13:23:08 +09:00
Treehugger Robot
fd6709c0ab Merge changes from topic "label_core_data"
* changes:
  Correctly label data types
  Test that /data is properly labeled
2018-01-31 03:56:04 +00:00
Siarhei Vishniakou
36a3df44ec Allow input system access to /dev/v4l-touchX
Bug: 62940136
Test: read /dev/v4l-touchX from inputflinger

Change-Id: Ifcece4192c567e0cbaba1b7ad40d25c8f34f8e40
2018-01-31 02:10:32 +00:00
Yin-Chia Yeh
746c61f015 Camera: sepolicy for external camera
Allow external camera HAL to monitor video device add/removal.

Bug: 64874137
Change-Id: I1a3116a220df63c0aabb3c9afd7450552e6cd417
2018-01-30 16:27:47 -08:00
Joel Galenson
26ccebd74a Clean up bug_map.
Remove bugs that have been fixed, re-map duped bugs, and alphabetize
the list.

Test: Booted Walleye and Sailfish, tested wifi and camera, and
observed no new denials.

Change-Id: I94627d532ea13f623fe29cf259dd404bfd850c13
2018-01-30 15:01:54 -08:00
Chenbo Feng
fad0b04de1 Remove app access to qtaguid ctrl/stats file
Remove the untrusted apps and priviledged apps from the group that can
directly access xt_qtaguid module related file. All apps that need to
access app network usage data need to use the public API provided in
framework.

Test: Flashed with master branch on marlin, verified phone boot, can
      browse web, watch youtube video, make phone call and use google
      map for navigation with either wifi is on or off.
      run cts -m CtsNetTestCases -t android.net.cts.TrafficStatsTest
      run cts -m CtsNativeNetTestCases
Bug: 68774956 30950746

Change-Id: I9b3db819d6622611d5b512ef821abb4c28d6c9eb
2018-01-30 15:00:06 -08:00
Jeff Vander Stoep
8be8322b78 Correctly label data types
Data outside /data/vendor must have the core_data_file_type
attribute.

Test: build (this is a build time test)
Bug: 34980020
Change-Id: Ia727fcad813d5fcfbe8f714246364bae0bda43bd
Merged-In: Ibacfcc938deab40096b54b8d0e608d53ca91b947
2018-01-30 13:18:06 -08:00
Jeff Vander Stoep
ccf965e9ca Test that /data is properly labeled
Data outside of /data/vendor should have the core_data_file_type.
Exempt data_between_core_and_vendor for some types.

Ensure core_data_file_type and coredomain_socket do not get expanded
to their underlying types.

Test: build sepolicy for all targets in master (this is a build time
    test)
Bug: 34980020
Change-Id: I59387a87875f4603a001fb03f22fa31cae84bf5a
(cherry picked from commit bdd454792d)
2018-01-30 10:11:38 -08:00
Jeff Vander Stoep
be6489d1bf tools/build_policies.sh make tool executable
chmod +x

Test: build all sepolicy targets.
Change-Id: I9e47b78667e4a213c31ecce0e37fe7f84abd9655
2018-01-30 10:08:34 -08:00
Treehugger Robot
d0574f97d6 Merge "Allow Keystore to check security logging property." 2018-01-30 15:10:29 +00:00
Jeff Vander Stoep
e88d64944e priv_app: suppress denials for /proc/stat
Bug: 72668919
Test: build
Change-Id: Id156b40a572dc0dbfae4500865400939985949d9
2018-01-30 05:04:23 +00:00
Treehugger Robot
6b81d43537 Merge "Add a script to build multiple SELinux targets." 2018-01-30 02:49:25 +00:00
Ruchi Kandoi
6a60cb3e69 Merge "SE Policy for Secure Element app and Secure Element HAL" 2018-01-30 01:06:41 +00:00
Treehugger Robot
39ed6d6918 Merge "Track usbd SELinux denial." 2018-01-30 00:35:35 +00:00
Joel Galenson
c17c5abe22 Add a script to build multiple SELinux targets.
This script will build the SELinux policy for multiple targets in parallel.

To use it, run:
./build_policies.sh <Android root directory> <output directory> [specific targets to build]

If you do not pass any individual targets, it will build all targets it can find.

It will print out the list of failing targets.  You can open up the corresponding log file in the output directory to see the exact errors.

This script is still a work in progress.  It currently cannot discover all build targets (it misses ones "lunch" does not list).

Bug: 33463570
Test: Ran script to build multiple targets with and without failures.
Change-Id: Iee8ccf4da38e5eb7ce2034431613fe10c65696ab
2018-01-29 15:48:15 -08:00
Ruchi Kandoi
8a2b4a783e SE Policy for Secure Element app and Secure Element HAL
Test: App startup on boot
Change-Id: I7740aafc088aadf676328e3f1bb8db5175d97102
2018-01-29 21:31:42 +00:00
Primiano Tucci
426b1b468b Merge "SELinux policies for Perfetto cmdline client (/system/bin/perfetto)" 2018-01-29 19:41:06 +00:00
Joel Galenson
07efe37c5f Track usbd SELinux denial.
This should fix presubmit tests.

Bug: 72472544
Test: Built policy.
Change-Id: I01f0fe3dc759db66005e26d15395893d494c4bb7
2018-01-29 10:39:34 -08:00
Treehugger Robot
eed08f6eff Merge "Track untrusted_app SELinux denial." 2018-01-29 18:37:36 +00:00
Treehugger Robot
de8c30d1d2 Merge "Fix compatible property neverallows" 2018-01-29 18:09:33 +00:00
Tom Cherry
9c778045b2 Remove vendor_init from coredomain
vendor_init exists on the system partition, but it is meant to be an
extention of init that runs with vendor permissions for executing
vendor scripts, therefore it is not meant to be in coredomain.

Bug: 62875318
Test: boot walleye
Merged-In: I01af5c9f8b198674b15b90620d02725a6e7c1da6
Change-Id: I01af5c9f8b198674b15b90620d02725a6e7c1da6
2018-01-29 18:07:41 +00:00
Treehugger Robot
03ba445326 Merge "Neverallow vendor_init from writing system_data_file" 2018-01-29 18:05:39 +00:00
Primiano Tucci
1a9f4f7a7a SELinux policies for Perfetto cmdline client (/system/bin/perfetto)
Instead of having statsd linking the perfetto client library
and talk directly to its socket, we let just statsd exec()
the /system/bin/perfetto cmdline client.

There are two reasons for this:
1) Simplify the interaction between statsd and perfetto, reduce
  dependencies, binary size bloat and isolate faults.
2) The cmdline client also takes care of handing the trace to
  Dropbox. This allows to expose the binder interaction surface
  to the short-lived cmdline client and avoid to grant binder
  access to the perfetto traced daemon.

This cmdline client will be used by:
 - statsd
 - the shell user (for our UI and Studio)

Bug: 70942310
Change-Id: I8cdde181481ad0a1a5cae5937ac446cedac54a1f
2018-01-29 11:06:00 +00:00
Joel Galenson
56345fdecd Track untrusted_app SELinux denial.
This should fix presubmit tests.

Bug: 72550646
Test: Built policy.
Change-Id: I51345468b7e74771bfa2958efc45a2a839c50283
2018-01-28 08:40:55 -08:00