Commit graph

47407 commits

Author SHA1 Message Date
Mitch Phillips
26477ab5a0 Merge "Allow permissive MTE to be set by non-root users" into main 2024-03-19 19:06:13 +00:00
Treehugger Robot
1b45a0af5e Merge "Allow odrefresh to relabel staging files to apex_art_data_file." into main 2024-03-19 16:27:27 +00:00
Treehugger Robot
69fdfcde37 Merge "Add a trailing newline" into main 2024-03-19 15:34:45 +00:00
Treehugger Robot
2fa70270a2 Merge "Add rule for system_server to send Perfetto a signal" into main 2024-03-19 14:31:25 +00:00
Dennis Shen
30fdc75046 Merge "update aconfigd selinux policy" into main 2024-03-19 14:31:02 +00:00
Dennis Shen
89a2c6988a update aconfigd selinux policy
For aconfigd test, for atest to work, the shell domain needs to be able
to connect to aconfigd_socket. In addition, aconfigd needs to be able to
access the test storage files as shell_data_file. All these policies are
only needed for userdebug_or_eng build.

Bug: 312459182
Test: m, launch avd, atest, then audit2allow, no avc denials found
Change-Id: Ifb369f7e0000dfe35305fe976e330fa516ff440c
2024-03-19 12:24:23 +00:00
Carmen Jackson
33c057444a Add rule for system_server to send Perfetto a signal
Cancelling/ending traces wasn't working properly in the Developer
Telemetry APIs due to this missing rule. Now, calling destroyForcibly
on the Perfetto process running the trace successfully kills the
process.

Bug: 293957254
Test: locally with atest ProfilingFrameworkTests#testRequestProfilingCancel
Change-Id: I91d83dde01897eb9e48cf4a90e44d088c3f2a45f
2024-03-19 05:36:22 +00:00
Inseob Kim
4914c17ded Add a trailing newline
Bug: 326134149
Test: TH
Change-Id: I7a47014a8cd9d586f521b8926197a3659dd13b6b
2024-03-19 10:24:55 +09:00
Eric Biggers
b58636b2d3 Merge "Stop granting permission to report_off_body to keystore2" into main 2024-03-18 21:08:40 +00:00
Yabin Cui
5c50d5921d Merge "Add profcollectd.etr.probe property and associated permissions" into main 2024-03-18 17:32:13 +00:00
Nikita Putikhin
2c434e9971 Merge "Add contexts for update_engine_nostats" into main 2024-03-18 11:31:57 +00:00
Yabin Cui
948ae15060 Add profcollectd.etr.probe property and associated permissions
It is used by profcollectd to notify vendor_init to trigger
a manual probe of coresight etr.

Bug: 321061072
Test: build and run on device
Change-Id: I5aa65f8d5a25f1284f09111c940f0a2c1a62ac18
2024-03-15 12:21:44 -07:00
Jiakai Zhang
8d24e01ba8 Allow odrefresh to relabel staging files to apex_art_data_file.
This will allow odrefresh to move files from staging dir to output dir
instead of copying.

Test: -
  1. Patch https://r.android.com/2991838
  2. atest odsign_e2e_tests_full
Change-Id: I8fec4db3ff720f84a58e41439089ea55e53301b4
2024-03-15 16:39:13 +00:00
Mitch Phillips
98b3e4bfd3 Allow permissive MTE to be set by non-root users
Found when making the tests for permissive MTE, which are part of the
CTS test suite because I really, really don't want to fork hundreds of
lines of Java glue. But, CTS tests aren't supposed to only run on rooted
devices (even though there's examples of this in the tree already).

I think either way, ideologically, we should allow non-root users to
enable permissive MTE. This would be useful for a person who wants to
dogfood MTE with all apps on, but use a retail build. I can think of at
least a few researchers that would probably find this useful.

Bug: 328793166
Test: adb unroot && adb shell setprop persist.sys.mte.permissive 1
Change-Id: Ie905e23c9600986cb436e1cc7490e28678710696
2024-03-15 16:26:31 +01:00
Treehugger Robot
3230efb5cf Merge "bpfloader: allow bpffs_type:dir setattr" into main 2024-03-15 10:11:44 +00:00
Treehugger Robot
e47e58771f Merge "bpfloader: allowing reading proc_bpf:file" into main 2024-03-15 10:10:25 +00:00
Jooyung Han
e164e993f6 Merge "Allow apexd to send atoms to statsd via socket" into main 2024-03-15 05:00:51 +00:00
Jooyung Han
a1927afd8a Allow apexd to send atoms to statsd via socket
apexd is going to send atoms (https://cs.android.com/android/platform/superproject/main/+/main:frameworks/proto_logging/stats/atoms/apex/apex_extension_atoms.proto) to statsd).

Bug: 281162849
Test: manual. statsd_testdrive 732 (id for an apexd atom)
Change-Id: Ic0f78ff17e868b2f3fa7e612a0884d5d4fa16eae
2024-03-15 05:00:26 +00:00
Maciej Żenczykowski
93a3d62f6b bpfloader: allow bpffs_type:dir setattr
we have CAP_CHOWN but we can't use it
to custom configure directory uid/gid.

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I41bdab8d5b7b4cfc5cdc568909c9c6b9947e2bca
2024-03-14 23:41:12 +00:00
Eric Biggers
92ca7b7af1 Stop granting permission to report_off_body to keystore2
The report_off_body permission of the "keystore2" class only guarded the
Binder API IKeystoreMaintenance#onDeviceOffBody() served by keystore2.
That API is being removed because it is unused
(https://r.android.com/2974277).  Therefore, stop granting the
report_off_body permission.

Don't actually remove the permission from private/access_vectors.  That
would break the build because it's referenced by rules in prebuilts/.
However, document the access vectors that are known to be unused.

Bug: 289849354
Test: atest CtsKeystoreTestCases
Change-Id: I344a1a8ad1dc12217b414899994397d5e62bd771
2024-03-14 22:40:42 +00:00
Nikita Ioffe
2300dc5e64 Merge changes from topic "derive-microdroid-vendor-dice-node" into main
* changes:
  Allow ueventd to relabel /dev/open-dice0
  Add /microdroid_resources to file_contexts
2024-03-14 11:20:06 +00:00
Maciej Żenczykowski
446c8c0837 bpfloader: allowing reading proc_bpf:file
(so we can check if we need to change it)

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I229a772ec6ecebcd8826730af568980f578842ee
2024-03-14 10:47:45 +00:00
Florian Mayer
43c2a181d0 [automerger skipped] Allow shell and adb to read tombstones am: 56053a3060 -s ours
am skip reason: Merged-In I4a1af4fbdc48c5c5f4b0b33f124cea31af74dd87 with SHA-1 6c689e8438 is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3001629

Change-Id: If2550fe882cdba3c808129ac65f8fda85ff4a850
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-03-14 05:20:37 +00:00
Florian Mayer
56053a3060 Allow shell and adb to read tombstones
tombstones are now openable by these domains:

allow adbd tombstone_data_file:dir { getattr ioctl lock open read search watch watch_reads };
allow adbd tombstone_data_file:file { getattr ioctl lock map open read watch watch_reads };
allow dumpstate tombstone_data_file:dir { getattr ioctl lock open read search watch watch_reads };
allow dumpstate tombstone_data_file:file { getattr ioctl lock map open read watch watch_reads };
allow init tombstone_data_file:dir { add_name create getattr ioctl open read relabelfrom relabelto remove_name rmdir search setattr write };
allow init tombstone_data_file:fifo_file { create getattr open read relabelfrom relabelto setattr unlink };
allow init tombstone_data_file:file { create getattr map open read relabelfrom relabelto setattr unlink write };
allow init tombstone_data_file:sock_file { create getattr open read relabelfrom relabelto setattr unlink };
allow shell tombstone_data_file:dir { getattr ioctl lock open read search watch watch_reads };
allow shell tombstone_data_file:file { getattr ioctl lock map open read watch watch_reads };
allow system_server tombstone_data_file:dir { add_name getattr ioctl lock open read remove_name search watch watch_reads write };
allow system_server tombstone_data_file:file { append create getattr ioctl lock map open read rename setattr unlink watch watch_reads write };
allow tombstoned tombstone_data_file:dir { add_name getattr ioctl lock open read remove_name search watch watch_reads write };
allow tombstoned tombstone_data_file:file { append create getattr ioctl link lock map open read rename setattr unlink watch watch_reads write };

Test: adb unroot, ls, cat, adb pull
Bug: 312740614
Bug: 325709490
(cherry picked from https://android-review.googlesource.com/q/commit:6c689e84388ee85ef0203c064bf20dc8eb8339af)
Merged-In: I4a1af4fbdc48c5c5f4b0b33f124cea31af74dd87
Change-Id: I4a1af4fbdc48c5c5f4b0b33f124cea31af74dd87
2024-03-14 02:33:03 +00:00
Nikita Ioffe
73282e4d1b Allow ueventd to relabel /dev/open-dice0
Other patch in this topic moves the initialisation of /dev/open-dice0 to
the first_stage_init which runs before the sepolicy is setup. However,
microdroid_manager should still be able to access the /dev/open-dice0,
hence this patch which grants ueventd permissions to relabel the device
and fix its permissions.

Bug: 287593065
Test: vm run-microdroid --protected
Change-Id: Iacf5b0aa9b85ee9f07abac35f6b43b7ec378bff4
2024-03-13 15:24:31 +00:00
Dennis Shen
f879f74d60 Merge "allow system server to search into /metadata/aconfig dir" into main 2024-03-13 13:10:01 +00:00
Treehugger Robot
c3274647b9 Merge "Add ro.lmk.use_psi property policy" into main 2024-03-13 09:06:03 +00:00
Treehugger Robot
ced9b5c164 Merge "bpfloader - relax neverallows for map_read/write/prog_run" into main 2024-03-13 07:24:39 +00:00
Inseob Kim
c35639d615 Sync 202404 prebuilts
Unfortunately 202404 sepolicy changed a little after vendor API freeze.

Bug: 279809333
Test: build
Change-Id: Ib690abbe0cf04cd3bd55b7a82124a284782ed335
2024-03-13 13:18:05 +09:00
Maciej Żenczykowski
f83e395a4a bpfloader - relax neverallows for map_read/write/prog_run
There's no way to currently define a new domain with map_read/write
access.

That's clearly desirable for example for vendor use of xt_bpf programs.

I believe that also holds true for prog_load which is checked
at attachment, and will be needed in the future to support things
like vendor tracepoint attachment.

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I6125f3de2f8a8dde0891ddabedfafe35f521e681
2024-03-13 00:38:45 +00:00
Carlos Galo
005875d7ed Add ro.lmk.use_psi property policy
Add policy to control ro.lmk.use_psi property for lmkd.

Test: m
Bug: 328681151
Change-Id: Ie30d1c62a7f0594961667b3e2d2064be89e91506
Signed-off-by: Carlos Galo <carlosgalo@google.com>
2024-03-12 19:27:16 +00:00
Dennis Shen
662d5e68f1 allow system server to search into /metadata/aconfig dir
Bug: b/312459182
Test: m
Change-Id: I44a2113b53b23a47d30460d0e7120bbeceb3ecbf
2024-03-12 17:43:51 +00:00
Nikita Ioffe
8cc0e508ef Add /microdroid_resources to file_contexts
Bug: 287593065
Test: builds
Test: atest MicrodroidTests
Change-Id: Ide20bd031b85d73fa246d8b040245ce1f3983b5d
2024-03-12 15:39:00 +00:00
Roland Levillain
b229d824ad Merge "Revert "Check added types/attributes on freeze test too"" into main 2024-03-12 15:35:32 +00:00
Roland Levillain
590bbddbd0 Revert "Check added types/attributes on freeze test too"
This reverts commit a6a3726ed2.

Reason for revert: Breaks an internal build (see b/329217616)

Bug: 329217616
Bug: 296875906
Change-Id: Iac204a3e7501cd2d0e691f10b5bca88586f315aa
2024-03-12 15:32:12 +00:00
Treehugger Robot
ed4d6b7929 Merge "Check added types/attributes on freeze test too" into main 2024-03-12 07:38:59 +00:00
Thiébaud Weksteen
8372e1fd71 Merge "Define persist.bootanim.color in platform policy" into main 2024-03-12 05:06:31 +00:00
Inseob Kim
a6a3726ed2 Check added types/attributes on freeze test too
Without this check, a release build may accidentally include additional
public types and attributes after "freeze".

Also this adds a detailed error message for how to fix.

Bug: 296875906
Test: manual
Change-Id: Iabc6bc8c8616089207acfff8ec4f05445fe7b2b3
2024-03-12 11:25:14 +09:00
Inseob Kim
d3afbdfffa Merge changes from topic "202404_sepolicy_mapping" into main
* changes:
  Add 202404 mapping files
  Vendor API level 202404 is now frozen
2024-03-12 00:10:16 +00:00
Treehugger Robot
17c2c80f7b Merge "sepolicy: Grant hal_bluetooth_server to access udp_socket" into android14-tests-dev am: d7d7463dbc
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2989876

Change-Id: I5153850c98ce0e31fac87416a68a3c15b9d75504
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-03-11 22:52:24 +00:00
Treehugger Robot
d7d7463dbc Merge "sepolicy: Grant hal_bluetooth_server to access udp_socket" into android14-tests-dev 2024-03-11 22:13:33 +00:00
Thiébaud Weksteen
e26898d633 [automerger skipped] Grant lockdown integrity to all processes am: 30404a42b8 -s ours am: 3b40904a9d -s ours
am skip reason: Merged-In If2ad34fbbf2c0d29ac54ab5d1be430623f86f1f7 with SHA-1 c1b65e5d53 is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2980251

Change-Id: Ifd4ff576bc75fc28139c5e1d0df36a5ada7ce1dc
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-03-11 21:25:35 +00:00
Thiébaud Weksteen
3b40904a9d [automerger skipped] Grant lockdown integrity to all processes am: 30404a42b8 -s ours
am skip reason: Merged-In If2ad34fbbf2c0d29ac54ab5d1be430623f86f1f7 with SHA-1 c1b65e5d53 is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2980251

Change-Id: I5a57c156e591a5bed9c65787300c29c342907bf2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-03-11 21:01:51 +00:00
Nikita Putikhin
69a21c0167 Add contexts for update_engine_nostats
Should be the same as for update_engine

Test: Boot the VM, make sure the service works.
Test: checkfc -t private/file_contexts contexts/plat_file_contexts_test
Bug: 328227527
Change-Id: I8521716dcf43e5e7c41c4ecd36be128bacbe07b4
2024-03-11 19:24:56 +01:00
Jiakai Zhang
efcc8dbdd7 Merge "Add rules for snapshotctl map/unmap." into main 2024-03-11 16:55:25 +00:00
Treehugger Robot
210e8b5651 Merge "Adding on_device_intelligence selinux policy to allow system appliations to retrieve this service" into main 2024-03-11 15:21:42 +00:00
sandeepbandaru
600e395339 Adding on_device_intelligence selinux policy to allow system appliations to retrieve this service
Bug: 316589195
Test: flashed on device and ran service with a demo app
Change-Id: I708d715525dd1c4f3985dfcc1560383d045f1a6f
2024-03-11 11:33:18 +00:00
Jiakai Zhang
b9cf68a2f5 Add rules for snapshotctl map/unmap.
This change adds rules for system properties "sys.snapshotctl.map" and
"sys.snapshotctl.unmap", for controlling snapshotctl.

This change also adds the missing rules for snapshotctl to perform its
job. Initially, the rules for snapshotctl were added by
http://r.android.com/1126904, for running snapshotctl through init
(http://r.android.com/1123645). However, the trigger was then removed by
http://r.android.com/1239286. Since then, snapshotctl can be only run by
the root shell, in which case it is run in the "su" domain, so the rules
are not tested and therefore get stale over time. To make snapshotctl
function properly when run by init, we need to add the missing rules.

Bug: 311377497
Test: adb shell setprop sys.snapshotctl.map requested
Test: adb shell setprop sys.snapshotctl.unmap requested
Change-Id: I304be6e1825a6768f757d74b3365c4d759b9d07e
2024-03-11 11:18:50 +00:00
Inseob Kim
f038c8f1ac Add 202404 mapping files
Bug: 327954176
Test: m treble_sepolicy_tests_202404
Test: m 202404_compat_test
Test: m selinux_policy
Change-Id: I6bdcbff305c0cc998bdd809006feb02e0609784d
2024-03-11 16:38:02 +09:00
Devin Moore
1f93d9bca5 Vendor API level 202404 is now frozen
Bug: 279809333
Test: build
Change-Id: If6ef4c3b02d06212923e757fb68aa74e38c68db3
(cherry picked from commit 39dd515546)
2024-03-11 14:30:35 +09:00