This adds the type and permissions for dumping and appending prereboot
information.
Bug: 145203410
Test: Didn't see denials while dumping and appending prereboot info.
Change-Id: Ic08408b9bebc3648a7668ed8475f96a5302635fa
Dumpstate runs 'df', which in turn tries to get attributes on all
mounted filesystems. We don't care much for stats on /mnt/user, since
it's simply a mapping of /data. /mnt/installer is simply a bind mount of
/mnt/user, and we don't need to show that in df either.
Bug: 148761246
Test: atest
CtsSecurityHostTestCases:android.security.cts.SELinuxHostTest#testNoBugreportDenials
Change-Id: Ie71b9cde08eb08bd3a7a3e2659ea71c61ca5ab3b
This helps in the investigation of driver-related issues.
Bug: 145388549
Test: Manually, log collected on user build
Change-Id: I40631aac7878f58e399bc583898630055583fc7c
To include linkerconfig results into dumpstate, dumpstate needs extra
permission on lnkerconfig directory to search all items within the
directory. This change allows dumpstate to have extra access on
linkerconfig directory.
Bug: 148840832
Test: tested from cuttlefish
Change-Id: I955b54ec2cc3d1dcedaa34406e0e0776b6ac12f6
dumpstate creates an error log from CTS test because dumpstate does not
have access to linkerconfig directory. As df doesn't need to scan
linkerconfig directory, do not audit this directory in dumpstate
to get attributes.
Bug: 148760417
Test: m -j passed
Test: No sepolicy error from correspoding test
Change-Id: I3c1c3a489584450bd23fbce2d7cc9b09aaf9c002
We don't want to accidentally allow this, and a neverallow also means
that the issue will be found during development, instead of review.
Fixes: 148081219
Test: compile policy only
Change-Id: I57990a2a4ab9e5988b09dae2dd6a710ce8f53800
dumpstate need to access /proc/pressure/{cpu,mem,io}
Bug: 141884936
Test: adb bugreport and check bugreport file includes PSI metric
Change-Id: I01e7376206c07c1700d6ffe3690d61a1db8dfe84
Signed-off-by: Minchan Kim <minchan@google.com>
There is no reason to deny dumpstate from reading /data/misc/logd on
user builds. Logpersist is disallowed from running on those builds,
so there is no harm in copying this directory.
Bug: 136978224
Test: build
Change-Id: Ia58bde10e1f45978975597cd2ea1951a784d3b49
This is needed for bugreport to include ANR trace for the process.
Bug: 128878895
Test: adb bugreport
Change-Id: I92e6952b03ffb047e9fb75b0e44024f2623debb3
This is needed for bugreport to include ANR trace for the process.
Bug: 128878895
Test: adb bugreport
Change-Id: I31a2fceb9c8ec1d8588374bb97f3b518a075ddfb
To check issue on userbuild, wlan hal log
is helpful.
Bug: 122265104
Test: Manully, log collected on user build
Change-Id: I5aa96aa796ca7dfb92e97df3e7be054ff79f6e3d
While taking bugreports we sometimes see dumpstate try to find
hwservices. These are mostly neverallowed by macros, so hide them.
Bug: 116711254
Bug: 123540375
Test: Build.
Change-Id: Ic73a354bdae3d124eccc9477b7862bcad66fa076
Bug: 123006652
Bug: 111441001
Fix: 123006652
Test: Wrote a test app using BugreportManager, checked denials in logcat
Change-Id: Id1c4b1d166bc70aec833c3d644e8aea6ae94c35a
This prevents denials while taking a bugreport.
Bug: 116711254
Test: cts-tradefed run cts -m CtsSecurityHostTestCases -t
android.security.cts.SELinuxHostTest#testNoBugreportDenials
Change-Id: I64f441eb66c355d03eaf7755f2e9d3e970305ecd
This prevents denials while taking a bugreport.
Bug: 116711254
Test: cts-tradefed run cts -m CtsSecurityHostTestCases -t
android.security.cts.SELinuxHostTest#testNoBugreportDenials
Change-Id: Ie190bfa62cf5aa172ebfff8bfd82dea2a7d1a016
An incident.proto section has been added to the bugreport. Need
appropriate sepolicy changes to allow binder calls and fd access.
Bug: 119417232
Test: adb bugreport. Verify incident.proto is in the proto folder,
and there are no sepolicy violations.
Change-Id: Iac27cbf283a2e1cb41862c76343c2b639f6c0e1e
This prevents denials while taking a bugreport.
Test: cts-tradefed run cts -m CtsSecurityHostTestCases -t
android.security.cts.SELinuxHostTest#testNoBugreportDenials
Change-Id: I381b39fa127f82fcef5d820a04209fd1ba4f63cd
apex_service is already in the list of services dumpstate cannot find;
this ensures that the dontaudit list is the same. We hide the denial
caused by df reading one of its directories.
dumpstate can already call all binder services, so we enable it to
call bufferhubd.
Bug: 116711254
Test: cts-tradefed run cts -m CtsSecurityHostTestCases -t android.security.cts.SELinuxHostTest#testNoBugreportDenials
Change-Id: Ie5acc84326fa504199221df825549479f3cf50e1
apexd is a new daemon for managing APEX packages installed
on the device. It hosts a single binder service, "apexservice".
Bug: 112455435
Test: builds, binder service can be registered,
apexes can be accessed, verified and mounted
Change-Id: I634ad100f10b2edcd9a9c0df0d33896fa5d4ed97
system_file_type is a new attribute used to identify files which exist
on the /system partition. It's useful for allow rules in init, which are
based off of a blacklist of writable files. Additionally, it's useful
for constructing neverallow rules to prevent regressions.
Additionally, add commented out tests which enforce that all files on
the /system partition have the system_file_type attribute. These tests
will be uncommented in a future change after all the device-specific
policies are cleaned up.
Test: Device boots and no obvious problems.
Change-Id: Id9bae6625f042594c8eba74ca712abb09702c1e5
