LMKD needs to be able to attach BPF tracepoints. It needs to be able to
access tracefs, attach and run bpf programs.
Test: m
Test: Verified no denials with lmkd and libmemevents integration
Bug: 244232958
Change-Id: I57248b729c0f011937bec139930ca9d24ba91c3b
Signed-off-by: Carlos Galo <carlosgalo@google.com>
Cancelling/ending traces wasn't working properly in the Developer
Telemetry APIs due to this missing rule. Now, calling destroyForcibly
on the Perfetto process running the trace successfully kills the
process.
Bug: 293957254
Test: locally with atest ProfilingFrameworkTests#testRequestProfilingCancel
Change-Id: I91d83dde01897eb9e48cf4a90e44d088c3f2a45f
It is used by profcollectd to notify vendor_init to trigger
a manual probe of coresight etr.
Bug: 321061072
Test: build and run on device
Change-Id: I5aa65f8d5a25f1284f09111c940f0a2c1a62ac18
This will allow odrefresh to move files from staging dir to output dir
instead of copying.
Test: -
1. Patch https://r.android.com/2991838
2. atest odsign_e2e_tests_full
Change-Id: I8fec4db3ff720f84a58e41439089ea55e53301b4
Found when making the tests for permissive MTE, which are part of the
CTS test suite because I really, really don't want to fork hundreds of
lines of Java glue. But, CTS tests aren't supposed to only run on rooted
devices (even though there's examples of this in the tree already).
I think either way, ideologically, we should allow non-root users to
enable permissive MTE. This would be useful for a person who wants to
dogfood MTE with all apps on, but use a retail build. I can think of at
least a few researchers that would probably find this useful.
Bug: 328793166
Test: adb unroot && adb shell setprop persist.sys.mte.permissive 1
Change-Id: Ie905e23c9600986cb436e1cc7490e28678710696
we have CAP_CHOWN but we can't use it
to custom configure directory uid/gid.
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I41bdab8d5b7b4cfc5cdc568909c9c6b9947e2bca
The report_off_body permission of the "keystore2" class only guarded the
Binder API IKeystoreMaintenance#onDeviceOffBody() served by keystore2.
That API is being removed because it is unused
(https://r.android.com/2974277). Therefore, stop granting the
report_off_body permission.
Don't actually remove the permission from private/access_vectors. That
would break the build because it's referenced by rules in prebuilts/.
However, document the access vectors that are known to be unused.
Bug: 289849354
Test: atest CtsKeystoreTestCases
Change-Id: I344a1a8ad1dc12217b414899994397d5e62bd771
(so we can check if we need to change it)
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I229a772ec6ecebcd8826730af568980f578842ee
am skip reason: Merged-In I4a1af4fbdc48c5c5f4b0b33f124cea31af74dd87 with SHA-1 6c689e8438 is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3001629
Change-Id: If2550fe882cdba3c808129ac65f8fda85ff4a850
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
Other patch in this topic moves the initialisation of /dev/open-dice0 to
the first_stage_init which runs before the sepolicy is setup. However,
microdroid_manager should still be able to access the /dev/open-dice0,
hence this patch which grants ueventd permissions to relabel the device
and fix its permissions.
Bug: 287593065
Test: vm run-microdroid --protected
Change-Id: Iacf5b0aa9b85ee9f07abac35f6b43b7ec378bff4
Unfortunately 202404 sepolicy changed a little after vendor API freeze.
Bug: 279809333
Test: build
Change-Id: Ib690abbe0cf04cd3bd55b7a82124a284782ed335
There's no way to currently define a new domain with map_read/write
access.
That's clearly desirable for example for vendor use of xt_bpf programs.
I believe that also holds true for prog_load which is checked
at attachment, and will be needed in the future to support things
like vendor tracepoint attachment.
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I6125f3de2f8a8dde0891ddabedfafe35f521e681
Add policy to control ro.lmk.use_psi property for lmkd.
Test: m
Bug: 328681151
Change-Id: Ie30d1c62a7f0594961667b3e2d2064be89e91506
Signed-off-by: Carlos Galo <carlosgalo@google.com>
This reverts commit a6a3726ed2.
Reason for revert: Breaks an internal build (see b/329217616)
Bug: 329217616
Bug: 296875906
Change-Id: Iac204a3e7501cd2d0e691f10b5bca88586f315aa
Without this check, a release build may accidentally include additional
public types and attributes after "freeze".
Also this adds a detailed error message for how to fix.
Bug: 296875906
Test: manual
Change-Id: Iabc6bc8c8616089207acfff8ec4f05445fe7b2b3
am skip reason: Merged-In If2ad34fbbf2c0d29ac54ab5d1be430623f86f1f7 with SHA-1 c1b65e5d53 is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2980251
Change-Id: Ifd4ff576bc75fc28139c5e1d0df36a5ada7ce1dc
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
am skip reason: Merged-In If2ad34fbbf2c0d29ac54ab5d1be430623f86f1f7 with SHA-1 c1b65e5d53 is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2980251
Change-Id: I5a57c156e591a5bed9c65787300c29c342907bf2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
Should be the same as for update_engine
Test: Boot the VM, make sure the service works.
Test: checkfc -t private/file_contexts contexts/plat_file_contexts_test
Bug: 328227527
Change-Id: I8521716dcf43e5e7c41c4ecd36be128bacbe07b4
This change adds rules for system properties "sys.snapshotctl.map" and
"sys.snapshotctl.unmap", for controlling snapshotctl.
This change also adds the missing rules for snapshotctl to perform its
job. Initially, the rules for snapshotctl were added by
http://r.android.com/1126904, for running snapshotctl through init
(http://r.android.com/1123645). However, the trigger was then removed by
http://r.android.com/1239286. Since then, snapshotctl can be only run by
the root shell, in which case it is run in the "su" domain, so the rules
are not tested and therefore get stale over time. To make snapshotctl
function properly when run by init, we need to add the missing rules.
Bug: 311377497
Test: adb shell setprop sys.snapshotctl.map requested
Test: adb shell setprop sys.snapshotctl.unmap requested
Change-Id: I304be6e1825a6768f757d74b3365c4d759b9d07e
Bug: 327954176
Test: m treble_sepolicy_tests_202404
Test: m 202404_compat_test
Test: m selinux_policy
Change-Id: I6bdcbff305c0cc998bdd809006feb02e0609784d
Denials for this can cause local test failures.
The access is harmless, and is allowed in the host, so we also allow
it in the guest. And adbd does have a legitimate use for the access.
Bug: 328753027
Test: atest MicrodroidHostTests
Run repeatedly on my test device
Change-Id: Ic2e991122527ae9a22babb417ad90f2ceb8d15fc
/data/misc/connectivityblobdb/
The Settings app is expected to read and
write to the wifi database file.
Bug: 304553176
Test: Manual test
1. Add a call in the Settings app
to WifiKeystore#put().
2. Open the Settings app.
3. Verify that the call succeeds.
Change-Id: I0d48dd155f93c3cd25b5c422fe0174bcdbe0a727
