This commit includes two sepolicy changes:
1. change threadnetwork data file to
/data/misc/apexdata/com.android.tethering/threadnetwork
2. use apex_tethering_data_file for files under
/data/misc/apexdata/com.android.tethering
The background is that the Thread daemon (ot_daemon) is merged into the
Tethering mainline module, which means the the Tehtering module now has
code running in both system_server and the standalone unprivileged
ot_daemon process. To prevent ot_daemon from accessing other
apex_system_server_data_file dirs, here use the specific
apex_tethering_data_file for both Tethering and Thread files (A
subdirectory threadnetwork/ will be created for Thread at runtime). This
is similar to apex_art_data_file and apex_virt_data_file.
Note that a file_contexts rule like
```
/data/misc/apexdata/com\.android\.tethering/threadnetwork(/.*)? u:object_r:apex_threadnetwork_data_file:s0
```
won't work because the threadnetwork/ subdir doesn't exist before the
sepolicy rules are evaluated.
Bug: 309932508
Test: manually verified that Thread settings file can be written to
/data/misc/apexdata/com.android.tethering/threadnetwork
Change-Id: I66539865ef388115c8e9b388b43291d8faf1f384
/tmp is a volatile temporary storage location for the shell user.
As with /data/local/tmp, it is owned by shell:shell and is chmod 771.
Bug: 311263616
Change-Id: Ice0229d937989b097971d9db434d5589ac2da99a
This reverts commit 5e1d7f1c85.
Reason for revert: retry with a fix to the failed tests
Test: atest art_standalone_oatdump_tests
Change-Id: I28872c643ba4ec07ef41b1f9be86036c592a6e4e
The changes include
- allow binder calls to ActivityManager and NativePackageManager
- allow binder calls from system server
- allow writes of statsd atoms
- allow init to start uprobestats
- permission for uprobestats config files and propery
- allow execution of oatdump so it can look up code offsets
- allow scanning /proc.
Test: m selinux_policy
Change-Id: Id1864b7dac3a2c5dcd8736c4932778e36b658ce3
This allows AccessibilityManagerService in system_server to
interact with a HID-supported Braille Display.
Bug: 303522222
Test: ls -z /dev/hidraw0
Test: plat_file_contexts_test
Test: Open FileInputStream and FileOutputStream on this device
path from AccessibilityManagerService
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:67a63cc046769759aa43cf1653f11e57c55cd1db)
Merged-In: I2982e907bd2a70c1e4e8161647d6efd65110b99c
Change-Id: I2982e907bd2a70c1e4e8161647d6efd65110b99c
In AVF, virtualizationmanager checks the selinux label of given disk
image for proving whether the given image is edited maliciously.
Existing one(vendor_configs_file, /vendor/etc/*) was too wide to use for this purpose.
Bug: 285854379
Test: m
Change-Id: I6c966c92b238a2262d2eb7f41041ed4c359e9e0a
Remove a duplicate entry with its comment as the sorting logic is not
applied since commit dfa4a48b.
Bug: 299839280
Test: m selinux_policy
Change-Id: I4fa556c2ff8f114b56bba7ab32fac1d17373ef8b
Add test entries for property_service_for_system and virtual_camera.
Re-order file_contexts so that /data/vendor/tombstones/wifi and
/data/misc/perfetto-traces/bugreport are labelled correctly.
Bug: 299839280
Test: checkfc -t ./private/file_contexts ./contexts/plat_file_contexts_test pass
Change-Id: Ifb4453d02327b5cf678e6a4cd927b5df0960086b
btfloader is dead. bpfloader is being split in twain.
(it will eventually get it's own context, but for now this works)
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I7577e777545a0fa77a6467fb425aefc99a6e68d0
This reverts commit e2bd44d48d.
Reason for revert: 2nd attempt to add the policy change
Test: m selinux_policy
Change-Id: I5b9a102879a65917d496ba2194187ddd2b4545d1
Partial revert of:
commit 3e1dc57bf4
commit 30ae427ed0
The current file contexts could break potential implementations of NTFS
by partners in future. I am not rolling back the adjoining
fuseblkd_exec andfuseblkd_untrusted_exec code, because secure
implementations of fuseblk drivers should still endeavour to use the
more compartmentalised policies.
However, as we don't support NTFS officially, we should give
implementors the choices whether to use it or not, even if it will open
the door to potentially less secure implementations.
NTFS Context: http://b/254407246,
https://docs.google.com/document/d/1b5RjdhN2wFFqmLCK0P_chVyiEhiYqNlTn52TFBMNwxk
Bug: 294925212
Test: Builds and boot.
Change-Id: I6d3858517e797b3f7388f9d3f18dd4a11770d5bc
/data/bootanim location is changed to /data/misc/bootanim as a follow up
change to aosp/q/topic:"bootanim_data_folder". The label is updated for the new file location.
Bug: 210757252
Test: /data/misc/bootanim is labeled correctly. BootAnimation can access this folder.
Change-Id: I9a54cf0dba470302df4180fb17fb104fb483b23d
It will be used to mount bootstrap APEXes. (with bind-mount to /apex)
Bug: 290148078
Test: atest VendorApexHostTestCases
Change-Id: I1a82af37db368a0eb2bf3a002a47439fb1f8b61d
Since the fsverity_init binary is being removed, remove the
corresponding SELinux rules too.
For now, keep the rule "allow domain kernel:key search", which existed
to allow the fsverity keyring to be searched. It turns out to actually
be needed for a bit more than that. We should be able to replace it
with something more precise, but we need to be careful.
Bug: 290064770
Test: Verified no SELinux denials when booting Cuttlefish
Change-Id: I992b75808284cb8a3c26a84be548390193113668
We want to remove these by default from Android V+ devices and still
allow some devices to add them back. So they are moved to system_ext.
Test: m && launch_cvd # check for hwservicemanager running
Bug: 218588089
Change-Id: I67611c8759b82750de829a38b857b3dffd6da83a
Add drmserver(32|64) for supporting 64-bit only devices. The patch is
for setting up the sepolicy for drmserver(32|64).
Bug: 282603373
Test: make gsi_arm64-user; Check the sepolicy
Change-Id: If8451de8120372b085de1977ea8fd1b28e5b9ab0
Merged-In: If8451de8120372b085de1977ea8fd1b28e5b9ab0
