This set of patches adds a way for the perfetto command line client to
save a trace to a hardcoded location,
/data/misc/perfetto-traces/incident-trace, and call into incidentd to
start a report, which will include said trace in a new section.
This is not a long-term solution, and is structured to minimize changes
to perfetto and incidentd. The latter is currently architected in a way
where it can only pull pre-defined information out of the system, so
we're resorting to persisting the intermediate results in a hardcoded
location.
This will introduce at most two more linked files at the same time.
Bug: 130543265
Bug: 134706389
Tested: manually on crosshatch-userdebug
Merged-In: I2aa27e25f0209b3a5cdf5d550d0312693932b808
Change-Id: I2aa27e25f0209b3a5cdf5d550d0312693932b808
(cherry picked from commit ce3a33ff18)
These lines are copied from update_engine.te, and are needed to update
dynamic partitions in recovery.
Bug: 132943965
Test: sideload OTA on cuttlefish
Change-Id: Id03a658aac69b8d20fa7bb758530a4469c75cf9c
Merged-In: Id03a658aac69b8d20fa7bb758530a4469c75cf9c
* changes:
Add vendor_misc_writer change to API 29 prebuilts.
Add vendor_misc_writer.
Add persist.sys.device_provisioned change to API 29 prebuilts.
Set persist.sys.device_provisioned vendor-init-readable.
This is a matching change for commit 8f39cce73a ("Add
vendor_misc_writer."), which updates the prebuilts for API 29.
Bug: 132906936
Test: Build crosshatch that includes misc_writer module. Invoke
/vendor/bin/misc_writer to write data to /misc.
Change-Id: Id12a1ed45c8cef6e4039a9dda6a1fb41f9e014de
The space between 2K and 16K in /misc is currently reserved for vendor's
use (as claimed in bootloader_message.h), but we don't allow vendor
module to access misc_block_device other than vendor_init.
The change in the topic adds a `misc_writer` tool as a vendor module,
which allows writing data to the vendor space to bridge the gap in the
short term. This CL adds matching labels to grant access.
Long term goal is to move /misc as vendor owned, then to provide HAL
access from core domain (b/132906936).
Bug: 132906936
Test: Build crosshatch that includes misc_writer module. Invoke
/vendor/bin/misc_writer to write data to /misc.
Change-Id: I4c18d78171a839ae5497b3a61800193ef9e51b3b
Merged-In: I4c18d78171a839ae5497b3a61800193ef9e51b3b
(cherry picked from commit 42c05cfcc1)
This is a matching change for commit 97d4561941 ("Set
persist.sys.device_provisioned vendor-init-readable."), which updates
the prebuilts for API 29.
Bug: 131702833
Bug: 132906936
Test: Set an init trigger that waits on `persist.sys.device_provisioned`.
Check that there's no longer a denial.
Change-Id: I2cea3d000b7faa471fa524dcd7a3d4843ae5960f
`persist.sys.device_provisioned` is set (more precisely, "will be set",
via internal change in ag/7567585) by system_server based on device
privisioning state. This CL grants vendor_init to set up action triggers
based on the property value.
avc: denied { read } for property=persist.sys.device_provisioned pid=0 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:system_prop:s0 tclass=file permissive=0
Bug: 131702833
Bug: 132906936
Test: Set an init trigger that waits on `persist.sys.device_provisioned`.
Check that there's no longer a denial.
Change-Id: I64e50bd31c90db4b3bdd3bd014a90d7bef708b57
Merged-In: I64e50bd31c90db4b3bdd3bd014a90d7bef708b57
(cherry picked from commit 264a929edb)
Similar to aosp/961857, but enables the logging of atrace events from
the camera HAL (primarily HIDL interactions, but also a couple of ION
events).
Keeping it confined to userdebug_or_eng. Longer-term planning belongs on
b/78136428.
Not adding fwk_camera_hwservice, as it is a HIDL interface to
cameraserver (which is already covered above).
Plus slight reorganization of existing atrace.te contents, and donaudits
to reduce logspam from denials (including pre-existing ones that were
hitting the rate limiter).
Specific denials addressed (listing HALs, finding camera HAL, notifying it):
05-15 18:07:19.684 618 618 E SELinux : avc: denied { list } for scontext=u:r:atrace:s0 tcontext=u:r:hwservicemanager:s0 tclass=hwservice_manager permissive=1
05-15 18:07:19.701 618 618 E SELinux : avc: denied { find } for interface=android.hardware.camera.provider::ICameraProvider sid=u:r:atrace:s0 pid=10137 scontext=u:r:atrace:s0 tcontext=u:object_r:hal_camera_hwservice:s0 tclass=hwservice_manager permissive=1
05-15 18:07:19.698 10137 10137 I atrace : type=1400 audit(0.0:273): avc: denied { call } for scontext=u:r:atrace:s0 tcontext=u:r:hal_camera_default:s0 tclass=binder permissive=1
Bug: 130543265
Tested: flashed blueline-userdebug, took a trace with perfetto, confirmed HIDL atrace slices present in camera hal trace.
Merged-In: I0f8ce989355603e41d6c05c3de07e7dd615555eb
Change-Id: I0f8ce989355603e41d6c05c3de07e7dd615555eb
(cherry picked from commit 19459a3802)
This allows the atrace cmd to notify cameraserver (the host of
media.camera service) that the set of tracing-related system properties
have changed. This allows the cameraserver to notice that it might need
to enable its trace events.
The atrace cmd has the necessary permission when running as shell, but
not when it is running as the "atrace" domain (notably when exec'd by
perfetto's traced_probes).
We're adding cameraserver to the whitelist as it contains important
events for investigating the camera stack.
Example denial:
05-14 22:29:43.501 8648 8648 W atrace : type=1400 audit(0.0:389): avc: denied { call } for scontext=u:r:atrace:s0 tcontext=u:r:cameraserver:s0 tclass=binder permissive=0
Tested: flashed blueline-userdebug, captured a perfetto trace with "camera" atrace category, confirmed that userspace atrace events are included in the trace.
Bug: 130543265
Merged-In: Ifd3fd5fd3a737c7618960343b9f89d3bf7141c94
Change-Id: Ifd3fd5fd3a737c7618960343b9f89d3bf7141c94
(cherry picked from commit 232295e8db)
installd has been deleting files on the primary (emulated) storage
device for awhile now, but it was lacking the ability to delete files
on secondary (physical) storage devices.
Even though we're always going through an sdcardfs layer, the
kernel checks our access against the label of the real underlying
files.
Instead of tediously listing each possible storage label, using
"sdcard_type" is more descriptive and future-proof as new
filesystems are added.
avc: denied { read open } for path="/mnt/media_rw/1B82-12F6/Android/data/com.android.cts.writeexternalstorageapp" dev="loop9p1" ino=1224 scontext=u:r:installd:s0 tcontext=u:object_r:vfat:s0 tclass=dir permissive=1
avc: denied { write search } for name="cache" dev="loop9p1" ino=1225 scontext=u:r:installd:s0 tcontext=u:object_r:vfat:s0 tclass=dir permissive=1
avc: denied { remove_name } for name="probe" dev="loop9p1" ino=1232 scontext=u:r:installd:s0 tcontext=u:object_r:vfat:s0 tclass=dir permissive=1
avc: denied { unlink } for name="probe" dev="loop9p1" ino=1232 scontext=u:r:installd:s0 tcontext=u:object_r:vfat:s0 tclass=file permissive=1
avc: denied { rmdir } for name="cache" dev="loop9p1" ino=1225 scontext=u:r:installd:s0 tcontext=u:object_r:vfat:s0 tclass=dir permissive=1
Bug: 113277754
Test: atest android.appsecurity.cts.StorageHostTest
Test: atest android.appsecurity.cts.ExternalStorageHostTest
Test: atest --test-mapping frameworks/base/services/core/java/com/android/server/pm/
Change-Id: Id79d8f31627c0bfb490b4280c3b0120d0ef699bf
ART generically locks profile files, and this avoids
special casing the ART code for read-only partitions.
An example on how ART does it:
https://android-review.googlesource.com/c/platform/art/+/958222/3/runtime/jit/jit.cc#731
Bug: 119800099
Test: system server locking a system file, no denial
(cherry picked from commit db3fde05b5)
Change-Id: I5623f5d548dd1226e5788e369333922a27f14021
Merged-In: I4339f19af999d43e07995ddb77478a2384bbe209
bpf programs/maps are now loaded by the bpfloader, not netd
Test: built/installed on crosshatch which uses eBPF - no avc denials
Bug: 131268436
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I1ebd82e6730d62d1966da3c4634ecd78ce703543
Merged-In: I1ebd82e6730d62d1966da3c4634ecd78ce703543
(cherry picked from commit 487fcb87c0)
No longer needed, since this is now done by netd.
In a separate commit so it can potentially not be backported to Q
if we so desire.
Test: build/installed on crosshatch with netd/clatd changes,
and observed functioning ipv4 on ipv6 only network with no
avc denials
Bug: 65674744
Bug: 131268436
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Id927ee73469d3e90f5111bd5e31ed760a58c8ebe
Merged-In: Id927ee73469d3e90f5111bd5e31ed760a58c8ebe
(cherry picked from commit 3e41b297d2)
