The netutils_wrapper is a process used by vendor code to update the
iptable rules on devices. When it update the rules for a specific chain.
The iptable module will reload the whole chain with the new rule. So
even the netutils_wrapper do not need to add any rules related to xt_bpf
module, it will still reloading the existing iptables rules about xt_bpf
module and need pass through the selinux check again when the rules are
reloading. So we have to grant it the permission to reuse the pinned
program in fs_bpf when it modifies the corresponding iptables chain so
the vendor module will not crash anymore.
Test: device boot and no more denials from netutils_wrapper
Bug: 72111305
Change-Id: I62bdfd922c8194c61b13e2855839aee3f1e349be
A default value of persist.radio.multisim.config can be set by SoC
vendors, and so vendor-init-settable should be allowed to it.
Bug: 73871799
Test: succeeded building and tested with taimen
Change-Id: Ie62b91e7e3d7e05425b742838417f1cab7b3fed4
This reverts commit 6f2040f873.
Reason for revert: not needed anymore after ag/3773705
This was meant to allow system_server toggling the property on/off.
Later we realized that we needed a separate property for that
(see discussion in b/76077784) and system server happens to
have already permissions to write to sys.* properties even without
this CL.
Reverting because at this point this creates just unnecessary clutter.
Change-Id: Ia73d000aad3c4288a5652047dfe10896e231b0b1
Test: perfetto_integrationtests
Bug: 76077784
This allows an optimization that consists in the "perfetto" cmdline
client passing directly the file descriptor for the output trace
to traced (as opposite to having traced streaming back the trace
data to "perfetto" and having that one doing the write() into file).
This reduces sensibly the memory traffic and CPU overhead of traces
with a minor change.
Bug: 73625179
Test: builds + perfetto_integrationtests w/ long_trace.cfg
Change-Id: I81f5a230338ced20dc543fd91c5a0bd0e58725f2
The permission to allow system_server to access sys/fs/bpf/ directory
is missing. Add it back so it can get the bpf maps from the bpf_fs.
Test: device boot and no more denial information of system_server try to
searcg in fs_bpf
atest android.net.cts.TrafficStatsTest
Bug: 75285088
Change-Id: I1040cde6c038eccc4e91c69a10b20aa7a18b19f6
Follow up to aosp/635599. It broke user builds again
despite being tree hugged because of b/74344625.
Adding missing ignore entries.
Bug: b/73340039
Change-Id: Iba195d571aec9579195d79d4970f760e417608c6
This CL adds the SELinux permissions required to execute
atrace and get userspace tracing events from system services.
This is to enable tracing of events coming from surfaceflinger,
audio HAL, etc.
atrace, when executed, sets a bunch of debug.atrace. properties
and sends an IPC via binder/hwbinder to tell the services to
reload that property.
This CL does NOT affect systrace. In that case (i.e. when
atrace is executed from adb/shell) atrace still runs in
the shell domain and none of those changes apply.
Change-Id: I11b096d5c5c5593f18bce87f06c1a7b1ffa7910e
Bug: b/73340039
To better record the network traffic stats for each network interface.
We use xt_bpf netfilter module to do the iface stats accounting instead
of the cgroup bpf filter we currently use for per uid stats accounting.
The xt_bpf module will take pinned eBPF program as iptables rule and run
the program when packet pass through the netfilter hook. To setup the
iptables rules. netd need to be able to access bpf filesystem and run the
bpf program at boot time. The program used will still be created and
pinned by the bpfloader process.
Test: With selinux enforced, run "iptables -L -t raw" should show the
xt_bpf related rule present in bw_raw_PREROUTING chain.
Bug: 72111305
Change-Id: I11efe158d6bd5499df6adf15e8123a76cd67de04
So that perfprofd can send larger packets to dropbox.
Follow-up of commit 3fa95acb1e.
Bug: 73175642
Test: m
Test: manual
Change-Id: I88d1f83962243589909ff1ce3d02195e7c494256
When extraction exif info, certain file formats may requires
parsing the container. Allow mediaprovider to use extractor
to do the parsing.
bug: 73978990
Test: manually test the scenario in b/73978990 and verify
the Exif is extracted correctly.
Change-Id: I1cd46d793ebc9c38b816a3b63f361967e551d046
To enable/disable the traced and traced_probes deamons remotely we would
like system server to be able to set persist.traced.enable.
See also ag/3736001.
Denial:
selinux: avc: denied { set } for
property=persist.traced.enable
pid=1606 uid=1000 gid=1000
scontext=u:r:system_server:s0
tcontext=u:object_r:default_prop:s0 tclass=property_service
permissive=0\x0a
Run:
$ adb shell 'ps -A | grep traced'
Should see traced.
$ adb shell 'settings put global sys_traced 0'
$ adb shell 'ps -A | grep traced'
Should no longer see traced.
Test: See above.
Change-Id: I245b7df3853cabeb0e75db41fb4facaa178ab8f1
This change adds the support of odm sepolicy customization, which can
be configured through the newly added build varaible:
- BOARD_ODM_SEPOLICY_DIRS += device/${ODM_NAME}/${BOM_NAME}/sepolicy
Also moving precompiled sepolicy to /odm when BOARD_ODM_SEPOLICY_DIRS
is set. On a DUT, precompiled sepolicy on /odm will override the one in
/vendor. This is intentional because /odm is the hardware customization
for /vendor and both should be updated together if desired.
Bug: 64240127
Test: boot a device with /odm partition
Change-Id: Ia8f81a78c88cbfefb3ff19e2ccd2648da6284d09
Only untrusted apps had privilegs to read file descriptors passed in
from traceur, which was an oversight. This fixes the policy so that priv
apps can also access file descriptors from traceur in order to read
reports shared from traceur.
Bug: 74435522
Test: better bug has access to reports shared from traceur
Change-Id: I591872cdac31eec62edbc81d95f1220f1152427f
Provide read/write access to audioserver for Bluetooth
properties used with A2DP offload.
Bug: 68824150
Test: Manual; TestTracker/148125
Change-Id: I40c932d085ac55bc45e6654f966b2c9d244263d0
(cherry picked from commit 041049bc7a)
Add rule to allow Binder call from Bluetooth process to Bluetooth
audio HIDL interface running in audio HAL service process.
Bug: 72242910
Test: Manual; TestTracker/148125
Change-Id: I1981a78bece10b8e516f218d3edde8b77943d130
(cherry picked from commit e8cfac90e8)
This reverts commit 016f0a58a9.
Reason for revert: Was temporarily reverted, merging back in with fix.
Test: Basic telephony sanity, treehugger
Bug: 74486619
Bug: 36427227
Merged-in: Ide68726a90d5485c2758673079427407aee1e4f2
Change-Id: Ide68726a90d5485c2758673079427407aee1e4f2
(cherry picked from commit 312248ff72)
This reverts commit aed57d4e4d.
Reason for revert: This CL is expected to break pre-submit tests (b/74486619)
Merged-in: I103c3faa1604fddc27b3b4602b587f2d733827b1
Change-Id: I0eb7a744e0d43ab15fc490e7e7c870d0f44e1401
Also change the neverallow exceptions to be for hal_telephony_server
instead of rild.
Test: Basic telephony sanity, treehugger
Bug: 36427227
Merged-in: If892b28416d98ca1f9c241c5fcec70fbae35c82e
Change-Id: If892b28416d98ca1f9c241c5fcec70fbae35c82e
This should fix presubmit tests.
Bug: 74331887
Test: Built policy.
Change-Id: Ie9ef75a7f9eaebf1103e3d2f3b4521e9abaf2fe7
(cherry picked from commit 2995e996b9)
Remove a fixed bug from bug_map.
Bug: 62140539
Test: Built policy.
Change-Id: I2ce9e48de92975b6e37ca4a3a4c53f9478b006ef
(cherry picked from commit f3f93eaf1d)
Sub directories under /odm (or /vendor/odm when there isn't an odm
partition) are labeled so that artifacts under the sub directories are
treated the same as their counterpart in the vendor partition.
For example, /odm/app/* is labeled as vendor_app_file just like
/vendor/app/*.
Bug: 71366495
Test: m -j
Change-Id: I72a14fd55672cd2867edd88ced9828ea49726694
