This also adds an auditallow to the same rule for priv_app, so we can
delete it once no logs show up in go/sedenials for this rule
triggerring.
Bug: 142672293
Test: TH
Change-Id: I57f887e96d721ca69a7228df0a75515596776778
Apps can cause selinux denials by accessing CE storage
and/or external storage. In either case, the selinux denial is
not the cause of the failure, but just a symptom that
storage isn't ready. Many apps handle the failure appropriately.
These denials are not helpful, are not the cause of a problem,
spam the logs, and cause presubmit flakes. Suppress them.
Bug: 145267097
Test: build
Change-Id: If87b9683e5694fced96a81747b1baf85ef6b2124
As suggested by nnk@, I have moved the definition for usb_serial_device
to system/sepolicy/public/device.te from
/system/sepolicy/public/hal_can.te.
See suggestion in aosp/1166865
Test: Manually bring up SLCAN device on test hardware with this change
in place
Change-Id: I0a11556a7eae0be2c9e4b090b051969566c2343e
Looking at go/sedenials, we have learnt a lot of other priv-apps rely on
this permission. The auditallow has served its purpose and can now be
removed.
Bug: 142672293
Test: Treehugger
Change-Id: Iba81773b223d2bddbd32a0594c5aa01829252847
From go/sedenials, we see that com.android.vending needs this
permission. The auditallow was in place to see if any priv-apps other
than GMS core need this, and now we know.
Bug: 142672293
Test: Treehugger
Change-Id: Iad6caeb648bc23e85571b758a35649924cdeec69
Zygote/Installd now can do the following operations in app data directory:
- Mount on it
- Create directories in it
- Mount directory for each app data, and get/set attributes
Bug: 143937733
Test: No denials at boot
Test: No denials seen when creating mounts
Change-Id: I6e852a5f5182f1abcb3136a3b23ccea69c3328db
Due to Factory OTA client install in product partition but it also declare coredomian in
its sepolicy setting. That will let Factory OTA unable to find a property type could write system property.
But now Factory OTA have a restore NFC wake function need to write system property for communicate with bootloader.
So we need to create a new property type in system framework which could allow Factory OTA client to write system property.
Bug: 145178094
Test: Manual
Change-Id: Ic549cc939893ec67a46bf28a23ebeb9f9b81bd0b
This denial is generally a sign that apps are attempting to access
encrypted storage before the ACTION_USER_UNLOCKED intent is delivered.
Suppress this denial to prevent logspam.
While gmscore_app is running in permissive mode, there might be other
denials for related actions (that won't show up in enforcing mode after
the first action is denied). This change adds a bug_map entry to track
those denials and prevent presubmit flakes.
Bug: 142672293
Test: Happy builds
Change-Id: Id2f8f8ff5cde40e74be24daa0b1100b91a7a4dbb
* changes:
Allow audio_server to access soundtrigger_middleware service
Allow soundtrigger_middleware system service
Allow system service to access audio HAL (for soundtrigger)
Allow tethering service which is running in the same process as network
stack service "find" network stack service. Original design is passing
network_stack binder to tethering service directly when tethering
service is created. To allow creating tethering service and network
stack service in parallel. Let tethering service query network_stack
binder instead.
Bug: 144320246
Test: boot, flash, build
OFF/ON hotspot
Change-Id: Ife0c2f4bdb2cfee4b5788d63d1cfc76af0ccc33c
This is needed to debug native crashes within the gmscore app.
Now that GMS core is running in gmscore_app and not in the priv_app
domain, we need this rule for the new domain. This also adds an
auditallow to the same rule for priv_app, so we can delete it once no
logs show up in go/sedenials for this rule triggerring.
Bug: 142672293
Test: TH
Change-Id: I7d28bb5df1a876d0092758aff321e62fa2979694
Now that GMS core is running in gmscore_app and not priv_app, we need
this rule for the new domain. This also adds an auditallow to the same
rule for priv_app, so we can delete it once no logs show up in
go/sedenials for this rule triggerring.
Bug: 142672293
Test: TH
Change-Id: I308d40835156e0c19dd5074f69584ebf1c72ad58
Public-readable int sysprops for the extension versions
will be in this bucket, e.g. ro.build.version.extensions.r
Bug: 137191822
Bug: 143937447
Test: boot and getprop ro.build.version.extensions.r
Change-Id: I200165d8903221b2d5b824e4eea77ef933919b74
Add extra policy to enable linkerconfig to be executed from recovery.
Bug: 139638519
Test: Tested from crosshatch recovery
Change-Id: I40cdea4c45e8a649f933ba6ee73afaa7ab3f5348
gsid needs access to /sys/fs/f2fs/<dev>/features to detect whether
pin_file support is enabled in the kernel.
Bug: 134949511
Test: libsnapshot_test gtest
Change-Id: I5c7ddba85c5649654097aa51285d7fa5c53f4702
This can be used as an existence check on a process
before calling kill (which is already granted).
Addresses:
avc: denied { signull } for comm="Binder:1328_1"
scontext=u:r:system_server:s0 tcontext=u:r:webview_zygote:s0
tclass=process permissive=0
Bug: 143627693
Test: build
Change-Id: I01dfe3c0cb2f4fec2d1f1191ee8243870cdd1bc6
When an OTA is downloaded, the RecoverySystem can be triggered to store
the user's lock screen knowledge factor in a secure way using the
IRebootEscrow HAL. This will allow the credential encrypted (CE)
storage, keymaster credentials, and possibly others to be unlocked when
the device reboots after an OTA.
Bug: 63928581
Test: make
Test: boot emulator with default implementation
Test: boot Pixel 4 with default implementation
Change-Id: I1f02e7a502478715fd642049da01eb0c01d112f6
In order to remount ext4 userdata into checkpointing mode, init will
need to delete all devices from dm-stack it is mounted onto (e.g.
dm-bow, dm-crypto). For that it needs to get name of a dm-device by
reading /sys/block/dm-XX/dm/name file.
Test: adb shell setprop sys.init.userdata_remount.force_umount_f2fs 1
Test: adb shell /system/bin/vdc checkpoint startCheckpoint 1
Test: adb reboot userspace
Test: adb shell dumpsys activity
Bug: 135984674
Bug: 143970043
Change-Id: I919a4afdce8a4f88322f636fdf796a2f1a955d04
Was missing permission to write to dumpstate's file, so this was failing
to dump.
Fixes: 145776393
Test: bugreport now shows:
-------------------------------------------------------------------------------
DUMP OF SERVICE android.hardware.vibrator.IVibrator/default:
HIDL:
...
Kernel:
...
(note, will fix 'HIDL' reference from AIDL HAL separately).
Change-Id: I5fbd55a4dbbd31a9c08260a247559e3dbd9a4046
This adds a new apex_rollback_data_file type for the snapshots (backups)
of APEX data directories that can be restored in the event of a rollback.
Permission is given for apexd to create files and dirs in those directories
and for vold_prepare_subdirs to create the directories.
See go/apex-data-directories for details.
Bug: 141148175
Test: Built and flashed, checked directory was created with the correct
type.
Change-Id: I94b448dfc096e5702d3e33ace6f9df69f58340fd
This adds a new apex_module_data_file type for the APEX data directories
under /data/misc/apexdata and /data/misc_[de|ce]/<u>/apexdata.
Permission is given for vold to identify which APEXes are present and
create the corresponding directories under apexdata in the ce/de user
directories.
See go/apex-data-directories.
Bug: 141148175
Test: Built & flashed, checked directories were created.
Change-Id: I95591e5fe85fc34f7ed21e2f4a75900ec2cfacfa
