system/sepolicy should support both REL build and ToT build. That means
that system/sepolicy and prebuilts may differ. As the frozen sepolicy is
what vendor sepolicy uses, so we need to use prebuilts to run Treble
compat test.
Bug: 296875906
Test: m selinux_policy on REL
Change-Id: I4b290266ba87e3f011d640bec133fc88359ea52f
Rationale for this change:
1) Vendors use only public files, so we should be able to use only
public cil files for compatibility test.
2) treble_sepolicy_tests_for_release.mk is too complex, because it
requires compiled sepolicy. Reducing the complexity will help migrate
into REL build.
3) This fixes a tiny bug of treble_sepolicy_tests that it can't catch
public types being moved to private types, and then removed. 29.0.cil
and 30.0.cil change contains such missing public types.
Bug: 296875906
Test: m selinux_policy (with/without intentional breakage)
Change-Id: Ia2c0733176df898f268b5680195da25b588b09c7
... and remove redundant Makefile codes. This also updates commit hook
as we now only use Soong to build sepolicy.
Bug: 296875906
Test: m selinux_policy
Change-Id: I93f0d222a0c10e31c51c9380780a8927c47d62b1
For now, freeze_test compares prebuilts against sources with diff, to
ensure that sources are identical to prebuilts. However, it could be the
case that the branch should be able to build both REL and ToT. In that
case, changes to the sources are inevitable and the freeze test will
fail.
To fix the issue, freeze_test will now only check compatibility. To be
specific, it will check if any public types or attributes are removed.
Contexts files and neverallow rules are not checked, but they may be
added later. Also to support the new freeze_test
- build_files module is changed to use glob (because REL version won't
be in compat versions list)
- plat_pub_policy modules are added under prebuilts/api (because
freeze_test needs that)
Bug: 296875906
Test: m selinux_policy
Change-Id: I39c40992965b98664facea3b760d9d6be1f6b87e
Treble doesn't support U system + P vendor, so removing P (28.0)
prebuilts and compat files.
Bug: 267692547
Test: build
Change-Id: I3734a3d331ba8071d00cc196a2545773ae6a7a60
Treble sepolicy tests check whether previous versions are compatible to
ToT sepolicy or not. treble_sepolicy_tests_for_release.mk implements it,
but it also includes a compat test whether ToT sepolicy + {ver} mapping
+ {ver} plat_pub_versioned.cil can be built together or not. We
definitely need such tests, but we already have a test called "compat
test" which does exactly that, and testing it again with Treble sepolicy
tests is just redundant. The only difference between those two is that
Treble sepolicy tests can also test system_ext and product compat files,
which was contributed by a partner.
The ultimate goal here is to migrate *.mk to Soong, thus merging these
two tests (compat, Treble) into one. As we've already migrated the
compat test to Soong, this change removes the compat test part from
treble sepolicy tests. Instead, the compat test will be extended so it
can test system_ext and product compat files too.
prebuilts/api/{ver}/plat_pub_versioned.cil and
prebuilts/api/{ver}/vendor_sepolicy.cil are also removed as they aren't
used anymore: vendor_sepolicy.cil is an empty stub, and
plat_pub_versioned.cil can be built from the prebuilt source files.
Bug: 33691272
Test: m selinux_policy
Change-Id: I72f5ad0e8bbe6a7c0bbcc02f0f902b953df6ff1a
File accesses go through com.android.ddmlib.SyncService for CTS
ListeningPortsTest.
Bug: 201645790
Test: atest ListeningPortsTest
Ignore-AOSP-First: Fix already in AOSP
Change-Id: I0c66fb5e35cda3b1799cf003402e454d7a951e96
Treble doesn't support T system + O vendor, so removing 26.0 (N) and
27.0 (O) prebuilts and compat files.
Bug: 207815515
Test: build
Change-Id: I98d5972221a8e77f3c45fc48ff50bb2b8eb94275
Per schfan@ these are no longer needed.
Test: build
Bug: 188554048
Change-Id: Idda1d9775fdd38cbd53c3652b567ddfc5beca0a6
(cherry picked from commit 07aee66679)
Ignore-AOSP-First: It was submitted in aosp first.
(cherry picked from commit 16b7d5d829)
Per schfan@ these are no longer needed.
Test: build
Bug: 188554048
Change-Id: Idda1d9775fdd38cbd53c3652b567ddfc5beca0a6
(cherry picked from commit 07aee66679)
Ignore-AOSP-First: It was submitted in aosp first.
Add policies to control ro.lmk.thrashing_limit_critical lmkd property.
Bug: 181778155
Signed-off-by: Martin Liu <liumartin@google.com>
Merged-In: I25eeb84e6e073510e2f516fd38b80c67afe26917
Change-Id: I25eeb84e6e073510e2f516fd38b80c67afe26917
Chrome Crashpad uses the the dynamic linker to load native executables
from an APK (b/112050209, crbug.com/928422)
We made the equivalent change to untrusted_app_all in
9ea8c0701d but webview also runs in
priv_app contexts.
(Cherry-pick of 25cb9046ef, with manual
update to the prebuilts.)
Bug: http://b/112050209
Test: treehugger
Change-Id: I19bbadc7f9c9e668e2c6d932c7da24f18e7731bd
Commit 67c36884 changed the label of service.adb.tcp.port to allow
vendor init to set it, but accidentally prevented adbd from setting it,
which broke `adb tcpip`.
Bug: 171280882
Bug: 183177056
Test: `adb tcpip`
Change-Id: Ifeeda5c4f06451158fc7e43ca23f580092008fe7
Merged-In: Ifeeda5c4f06451158fc7e43ca23f580092008fe7
Merged-In: I154e2f43a4d3b72b27508ce02d66298673939738
(cherry picked from commit 0cac6fd17a)
(cherry picked from commit f08778d513b69bd9966d04dd1c874b1bede93289)
adbd and apps (SystemUI and CTS test apps) need to read it.
BUG: 162205386
BUG: 183177056
Test: Connect to device which sets service.adb.tcp.port in vendor
partition through TCP adb.
Change-Id: Ia37dd0dd3239381feb2a4484179a0c7847166b29
Merged-In: Ia37dd0dd3239381feb2a4484179a0c7847166b29
(cherry picked from commit 67c3688497)
(cherry picked from commit 9271a3ee8aa4174a78c681e79883627bce918b4a)
Allow netd to get adb port from property service.adb.tcp.port
Bug: b/161861298
Bug: b/183177056
Test: atest android.net.cts.Ikev2VpnTest#testStartStopVpnProfileV4
Change-Id: I05ce21683b01cf05a16b9fb30030cf4fc879fb20
Merged-In: I05ce21683b01cf05a16b9fb30030cf4fc879fb20
(cherry picked from commit d3e8f6fc84)
(cherry picked from commit 540474bbe4525cb8d44c8e47548f42b5a5daa613)
Access to /proc/locks is necessary to activity manager to determine
wheter a process holds a lock or not prior freezing it.
Test: verified access of /proc/locks while testing other CLs in the same
topic.
Bug: 176928302
Change-Id: I14a65da126ff26c6528edae137d3ee85d3611509
Merged-In: I14a65da126ff26c6528edae137d3ee85d3611509
IncFS in S adds a bunch of new ioctls, and requires the users
to read its features in sysfs directory. This change adds
all the features, maps them into the processes that need to
call into them, and allows any incfs user to query the features
Bug: 170231230
Test: incremental unit tests
Change-Id: Ieea6dca38ae9829230bc17d0c73f50c93c407d35
Adds sepolicy rules to allow MediaProvider to make binder calls into
statsd. That's to allow MediaProvider to register a StatsCallbackPuller
for metrics.
Bug: 149669087
Merged-In: I9a13fc04c12557a0435724cfae04f752f856a06e
Change-Id: Ifcf06b58596c3e8a8738f758506d003ca3878437
(cherry picked from commit 736566db66)
For whatever reason, system/sepolicy/prebuilts/api/30.0 and rvc-dev's
system/sepolicy differ a little. This makes 30.0 prebuilts up-to-date
and also updates plat_pub_versioned.cil, built from aosp_arm64-eng
target on rvc-dev branch.
Bug: 168159977
Test: m selinux_policy
Change-Id: I03e8a40bf021966c32f0926972cc2a483458ce5b
Add proc_net rules into prebuilts/api/30.0/public/file.te to fix build
errors
After applying AOSP/1468206, TH complains a build error:
Files system/sepolicy/prebuilts/api/30.0/public/file.te and
system/sepolicy/public/file.te differ
Bug: 145579144
Bug: 170265025
Test: build pass and reboot to check avc message in bugreport
Change-Id: I2085366b345c044e1b69f726809100fa43336c34
This re-alignes aosp and internal master to avoid
conflicts when uploading CLs upstream.
Bug: 170126760
Change-Id: I9c087e70998cd529b71dec7428641c4bfef10d31
The purpose of misc_writer is to write misc partition. However,
when it includes libfstab, it will probe files like kernal command
line (proc/cmdline) and metadata, which are permissions it does not
need.
Bug: 170189742
Test: Boot under permissive mode and find the errors gone.
Change-Id: Icda3200660a3bee5cadb6f5e0026fa71941ae5dc
To prevent these from being optimized away.
(Follow-up CL for aosp/1427751 )
Bug: 161083890
Test: atest CtsSecurityHostTestCases
Change-Id: I11669b1643671f386c53136de0b7adea2b43bc28
the new ioctl allows system server to verfiry the state of a frozen
binder inderface before unfreezing a process.
Bug: 143717177
Test: verified ActivityManager could access the ioctl
Change-Id: Id9d90d072ce997ed20faa918ec68f1110e2bac8f
Merged-In: Id9d90d072ce997ed20faa918ec68f1110e2bac8f
BINDER_FREEZE is used to block ipc transactions to frozen processes, so
only system_server must be allowed to use it.
Bug: 143717177
Test: manually verified that attempts to use BINDER_FREEZE by processes other
than system_server receive a sepolicy denial
Test: verified that system_server can enable/disable the freezer in
binder
Change-Id: I0fae3585c6ec409809e8085c1cc9862be4755889
Merged-In: I0fae3585c6ec409809e8085c1cc9862be4755889
dexoptanalyzer need read access on the secondary
dex files and of the main apk files in order to successfully evaluate
and optimize them.
Example of denial:
audit(0.0:30): avc: denied { read } for
path="/data/app/~~Zux_isdY0NBkRWPp01oAVg==/com.example.secondaryrepro-wH9zezMSCzIjcKdIMtrw7A==/base.apk"
dev="vdc" ino=40966 scontext=u:r:dexoptanalyzer:s0
tcontext=u:object_r:apk_data_file:s0 tclass=file permissive=0
app=com.example.secondaryrepro
Test: adb shell cmd package compile -r bg-dexopt --secondary-dex app
Bug: 160471235
Bug: 160351055
Merged-In: Id0bda5237d3ce1620d4f6ee89595836b4e1f3abf
Change-Id: Id0bda5237d3ce1620d4f6ee89595836b4e1f3abf
(cherry picked from commit 0bee120900)
The type name change from cgroup_bpf into cgroup_v2 caused
http://b/166064067. Rename back to cgroup_bpf.
Bug: 166064067
Test: compiled and booted on a sunfish. Manually tested network and app
freezer
Change-Id: Ib39eb104e73d6dca3b1f61b108a3deeea31ff880
Merged-In: Idfb3f6e77b60dad032d1e306d2f9b58cd5775960
During boot, system_server will need to write to files under
/sys/fs/cgroup/freezer. Change the cgroup_v2 policy to allow this
operation.
Test: booted device with change, verified that files are properly
accessed.
Bug: 154548692
Change-Id: I2ccc112c8870129cb1b8312023b54268312efcca
Merged-In: I2ccc112c8870129cb1b8312023b54268312efcca
