Commit graph

23468 commits

Author SHA1 Message Date
Songchun Fan
2679d8e3a3 [selinux] permissions on new ioctls for filling blocks
(Cherry-picking)

Denial messages:

03-17 20:30:54.274  1445  1445 I PackageInstalle: type=1400 audit(0.0:6): avc: denied { ioctl } for path=2F646174612F696E6372656D656E74616C2F4D545F646174615F696E6372656D656E74616C5F746D705F313134353234353836342F6D6F756E742F2E70656E64696E675F7265616473202864656C6574656429 dev="incremental-fs" ino=2 ioctlcmd=0x6721 scontext=u:r:system_server:s0 tcontext=u:object_r:incremental_control_file:s0 tclass=file permissive=1

03-17 20:30:54.274  1445  1445 I PackageInstalle: type=1400 audit(0.0:7): avc: denied { ioctl } for path="/data/incremental/MT_data_incremental_tmp_1145245864/mount/.index/2b300000000000000000000000000000" dev="incremental-fs" ino=6794 ioctlcmd=0x6720 scontext=u:r:system_server:s0 tcontext=u:object_r:apk_data_file:s0 tclass=file permissive=1

03-17 20:49:11.797 16182 16182 I Binder:16182_6: type=1400 audit(0.0:13): avc: denied { ioctl } for path=2F646174612F696E6372656D656E74616C2F4D545F646174615F696E6372656D656E74616C5F746D705F3537383539353635322F6D6F756E742F2E70656E64696E675F7265616473202864656C6574656429 dev="incremental-fs" ino=2 ioctlcmd=0x6721 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:incremental_control_file:s0 tclass=file permissive=1 app=com.android.vending

03-17 20:49:11.797 16182 16182 I Binder:16182_6: type=1400 audit(0.0:14): avc: denied { ioctl } for path="/data/incremental/MT_data_incremental_tmp_578595652/mount/.index/626173652e61706b0000000000000000" dev="incremental-fs" ino=5810 ioctlcmd=0x6720 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:apk_data_file:s0 tclass=file permissive=1 app=com.android.vending

Test: manual
BUG: 150809360
Merged-In: If43fa9edad0848a59c0712b124adfcdbbd0c99a4
Change-Id: I10e95caba43e1e1c272b59b7191b36b1cff4ff67
2020-03-19 16:31:52 -07:00
Songchun Fan
19a5cc2bab [sepolicy] remove vendor_incremental_module from global sepolicy rules
(Cherry-picking)

Moving to coral-sepolicy

BUG: 150882666
Test: atest PackageManagerShellCommandIncrementalTest
Merged-Id: I55f5d53ee32d0557e06c070961526631e1bb1fc5
Change-Id: Ia9c4d8240787b0d2b349764cac9d61b9d8731fa2
2020-03-19 16:31:44 -07:00
Chi Zhang
3892e48eaa Merge "Allow radio to send pulled atoms to statsd." 2020-03-19 21:32:21 +00:00
Treehugger Robot
c8f294f0e5 Merge "Move system property rules to private" 2020-03-18 23:30:07 +00:00
Treehugger Robot
fa4a015fa1 Merge "Allow XML file paths to be customized with sysprop" 2020-03-18 22:51:16 +00:00
Jeffrey Huang
94452b2a50 Merge "Allow statsd to access a new metadata directory" 2020-03-18 22:22:24 +00:00
Chi Zhang
9750836dca Allow radio to send pulled atoms to statsd.
Bug: 146066107
Bug: 141631489
Bug: 122371089
Bug: 149880090
Bug: 127666858
Bug: 142026991
Test: build and statsd_testdrive
Change-Id: Iaf70fb9a25e44e060d4945ffadf3b71aebfe8377
2020-03-18 20:27:23 +00:00
Inseob Kim
55e5c9b513 Move system property rules to private
public/property split is landed to selectively export public types to
vendors. So rules happening within system should be in private. This
introduces private/property.te and moves all allow and neverallow rules
from any coredomains to system defiend properties.

Bug: 150331497
Test: system/sepolicy/tools/build_policies.sh
Change-Id: I0d929024ae9f4ae3830d4bf3d59e999febb22cbe
Merged-In: I0d929024ae9f4ae3830d4bf3d59e999febb22cbe
(cherry picked from commit 42c7d8966c)
2020-03-18 16:46:04 +00:00
Pawin Vongmasa
76d7cf961e Allow XML file paths to be customized with sysprop
Three properties are declared as vendor-init-settable:
ro.media.xml_variant.codecs
ro.media.xml_variant.codecs_performance
ro.media.xml_variant.profiles

media_codecs.xml can now be named
media_codecs${ro.media.xml_variant.codecs}.xml

media_codecs_performance.xml can now be named
media_codecs_performance${ro.media.xml_variant.codecs_performance}.xml

media_profiles_V1_0 can now be named
media_profiles${ro.media.xml_variant.profiles}.xml

Test: Rename "media_codecs.xml" to "media_codecs_test.xml",
set ro.media.xml_variant.codecs to "_test", then
call "stagefright -i".

Test: Rename "media_codecs_performance.xml" to
"media_codecs_performance_test.xml",
set ro.media.xml_variant.codecs_performance to "_test", then
run android.media.cts.VideoDecoderPerfTest.

Test: Rename "media_profiles_V1_0.xml" to "media_profiles_test.xml",
set ro.media.xml_variant.profiles to "_test", then
run vts_mediaProfiles_validate_test.

Bug: 142102953
Change-Id: I407a0a327fcc8e799bb4079b11048a497565be48
2020-03-18 06:02:55 -07:00
Chris Weir
c58ad4b82c Merge "Enable CAN HAL to scan /sys/devices for USB CAN" 2020-03-17 20:49:34 +00:00
chrisweir
05e9a6545c Enable CAN HAL to scan /sys/devices for USB CAN
CAN HAL needs access to /sys/devices to search for USB serial numbers
for SocketCAN devices and for USB serial devices.

Bug: 142654031
Test: Manual + VTS
Change-Id: I3d9bff94f8d8f936f7d859c01b9ff920fcbc5130
2020-03-17 12:10:07 -07:00
Treehugger Robot
6359566d31 Merge "private/fs_use: Enable selinux for virtiofs" 2020-03-17 10:11:34 +00:00
Nicolas Geoffray
81dbefecde Merge "Revert "Sepolicy: Allow system_server_startup to load dalvikcache artifacts"" 2020-03-16 16:43:23 +00:00
Nikita Ioffe
91c3795b2c Add userspace_reboot_test_prop
This property type represents properties used in CTS tests of userspace
reboot. For example, test.userspace_reboot.requested property which is
used to check that userspace reboot was successful and didn't result in
full reboot, e.g.:
* before test setprop test.userspace_reboot.requested 1
* adb reboot userspace
* wait for boot to complete
* verify that value of test.userspace_reboot.requested is still 1

Test: adb shell setprop test.userspace_reboot.requested 1
Bug: 150901232
Change-Id: I45d187f386149cec08318ea8545ab864b5810ca8
Merged-In: I45d187f386149cec08318ea8545ab864b5810ca8
(cherry picked from commit 3bd53a9cee)
2020-03-16 15:13:08 +00:00
Brian Lindahl
43bf7eaa48 Add system property to allow GPU composition to occur at a lower resolution
Add a vendor-specified system property to allow GPU fallback composition to occur at a lower resolution than the display mode resolution. This is required on platforms like TVs which have, for example, 2k GPUs but 4k capabilities, or 4k GPUs but 8k capabilities.

Bug: 144574809

Test: Tested with sysprop disabled, and tested backport in Android Q with sysprop enabled. Unable to test on Android R due to device issues.

Change-Id: Ife63c21a6e959d16e796d57956dd7dda2f5d383e
2020-03-13 08:39:19 +01:00
Xusong Wang
d2b2e5cdbb Merge "Configure sepolicy to allow NN HAL services to use gralloc buffers." 2020-03-13 02:34:08 +00:00
Treehugger Robot
5476d80b9a Merge "Merge public/property_contexts into private" 2020-03-13 02:06:47 +00:00
Ryan Savitski
485fe7b14b Merge "perfetto: fix missing fd:use for producer-supplied shared memory" 2020-03-12 14:05:32 +00:00
Inseob Kim
3efe91b8e0 Merge public/property_contexts into private
Originally public/property_contexts was introduced to create a whitelist
of system properties which can be accessed from vendor, and to be used
from VTS to ensure that the whitelist isn't modified. But it doesn't fit
well on sepolicy public/private split as the split isn't for stability,
but for letting vendor compile their sepolicy with public types. Also it
doesn't make sense only to check the whitelist on VTS, because platform
internal ones must also be unchanged.

This commit merges public/property_contexts into private as before. This
gives consistency with other context files such as file_contexts which
are already containing entries for vendor but are only defined in
private. This also simplifies property_contexts as there will be only one
property_contexts file. Another benefit is that VTS will check all
entries defined by system, not only exported ones.

Bug: 150331497
Test: m && run VtsTrebleSysProp manually
Change-Id: Ib9429e27b645ef21a36946fbaea069a718c3c6eb
Merged-In: Ib9429e27b645ef21a36946fbaea069a718c3c6eb
(cherry picked from commit 31391fa78e)
2020-03-12 21:07:18 +09:00
Ryan Savitski
3baeb1ea80 perfetto: fix missing fd:use for producer-supplied shared memory
The previous attempt (aosp/1225417) had a missing piece: while we
allowed traced to use the shared memory, we haven't allowed it to use
the file descriptors in the producers' domains. Since the shared memory
is being transferred as an fd (obtained from memfd_create), the service
ends up hitting a denial (see below for an example).

We ended up missing the general case as we only tested with the shell
domain at the time, and traced is already allowed to use shell's fds for
other reasons.

To reiterate, the tracing service treats producers as inherently
untrusted/adversarial, so its implementation should never attempt to use
a file descriptor that isn't otherwise validated (such as checking seals
for the memfds).

Example denial from a chromium apk that is exercising this path:

traced  : type=1400 audit(0.0:80): avc: denied { use } for
path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429
dev="tmpfs" ino=151536 scontext=u:r:traced:s0
tcontext=u:r:untrusted_app_29:s0:c136,c256,c512,c768 tclass=fd
permissive=0

(deobfuscated path in the denial: /memfd:perfetto_shmem (deleted))

Tested: experimental chromium apk no longer crashes when trying to hand
        over shared memory to traced
Bug: 148841422
Change-Id: I7390fb174e2083ba7693c3160da44b4cfa7b1c8b
2020-03-11 22:12:09 +00:00
A. Cody Schuffelen
71b0b85a94 Add sepolicy for the securityfs mount type.
See discussion in aosp/1233645. There was a concern about this
filesystem automounting when enabled, so this change adds sepolicy to
preemptively lock it down.

I'm not confident it actually automounts. If it does, it'll land in
/sys/kernel/security, which is also protected with the sysfs policy.

Test: Builds
Bug: 148102533
Change-Id: I78a246a5c18953f2471f84367ab383afb2742908
2020-03-11 12:24:24 -07:00
Nicolas Geoffray
86111c9cd5 Revert "Sepolicy: Allow system_server_startup to load dalvikcache artifacts"
Bug: 128688902
Bug: 150032912
Test: boots

This reverts commit e074312077.
2020-03-11 15:26:27 +00:00
Treehugger Robot
6862377b84 Merge "sepolicy: Add context for ro.boot.product.vendor.sku" 2020-03-09 20:08:55 +00:00
Steven Moreland
48eed15c35 Merge "Allow vndservicemanager to self-register." 2020-03-06 17:36:02 +00:00
Chirantan Ekbote
b8b7bb2aed private/fs_use: Enable selinux for virtiofs
BUG: b/136128512
Test: manual
Change-Id: Iee5e7856106d61cfb18ed849b4cf6f1cf95acf1c
2020-03-06 17:19:04 +09:00
Treehugger Robot
d9514b860e Merge "property_contexts: Drop COMPATIBLE_PROP guard" 2020-03-06 02:47:35 +00:00
Bill Yi
6b7f6599fa Merge stage-aosp-master to aosp-master - DO NOT MERGE
Change-Id: I46fe648ce4bd015b1ffff8d5a001d33311d2363b
2020-03-05 09:51:38 -08:00
Steven Moreland
52a96cc7dd Allow vndservicemanager to self-register.
This is useful for tools like dumpsys, so that they work on all services
equally as well. Also, so that there is no difference with the regular
service manager.

Bug: 150579832
Test: 'adb shell /vendor/bin/dumpsys -l' shows 'manager'
Test: denial is no longer present:
03-05 12:23:47.346   221   221 E SELinux : avc:  denied  { add } for pid=221 uid=1000 name=manager scontext=u:r:vndservicemanager:s0 tcontext=u:object_r:service_manager_vndservice:s0 tclass=service_manager permissive=0

Change-Id: Id6126e8277462a2c4d5f6022ab67a4bacaa3241e
2020-03-05 17:43:35 +00:00
Automerger Merge Worker
e7c95cb7a2 Merge "Add rules to dump fingerprint hal traces" am: 4f027f0eff
Change-Id: I3eee908d3b625f963f4b48d4b4fff4cbeb3cba07
2020-03-05 17:01:37 +00:00
Automerger Merge Worker
100d38e316 Merge "Allow update_engine to search metadata_file:dir." am: fe45425667
Change-Id: I2a1bacd9c2234233c28bf81c1140b0abdf6de12a
2020-03-05 17:00:50 +00:00
KRIS CHEN
4f027f0eff Merge "Add rules to dump fingerprint hal traces" 2020-03-05 16:46:52 +00:00
Yifan Hong
fe45425667 Merge "Allow update_engine to search metadata_file:dir." 2020-03-05 16:41:16 +00:00
Automerger Merge Worker
f35884b84f Allow apps to use mmap on fuse fds. am: 975215578f
Change-Id: I5bc9dc24cb69563fd131991381dc8abc575fde8b
2020-03-05 04:45:17 +00:00
Sudheer Shanka
975215578f Allow apps to use mmap on fuse fds.
This is needed for the following denial:
type=1400 audit(0.0:124): avc: denied { map } for
comm=54696D652D6C696D69746564207465 path="/mnt/appfuse/10182_2/2"
dev="fuse" ino=2 scontext=u:r:untrusted_app:s0:c182,c256,c512,c768
tcontext=u:object_r:app_fuse_file:s0 tclass=file permissive=0

Bug: 150801745
Test: atest CtsBlobStoreTestCases:com.android.cts.blob.BlobStoreManagerTest#testOpenBlob -- --abi x86
Merged-In: Ib7ca64e11b24f8835874698df15a9a0fdce67454
Change-Id: I4dc4ce91da3513a2d1f08ada401741f6d5a090c3
2020-03-04 17:21:18 -08:00
Jeffrey Huang
687aa037f6 Allow statsd to access a new metadata directory
Test: m -j
Bug: 149838525
Change-Id: I8633d21feb827c67288eb2894bafae166b103f92
2020-03-04 15:09:54 -08:00
Automerger Merge Worker
3c777ae94c Merge "Allow gsid to callback system server for oneway method" am: 4e47834266
Change-Id: Ia8f911d46f4b7bf8e98cb4fcfdbf6a41fa0bb131
2020-03-04 09:34:59 +00:00
Howard Chen
4e47834266 Merge "Allow gsid to callback system server for oneway method" 2020-03-04 09:16:47 +00:00
Kris Chen
258442b3d4 Add rules to dump fingerprint hal traces
Bug: 150008549
Test: adb shell am hang
Test: adb bugreport
Change-Id: I0440bb8fd3cc1205a43eca6c7ef5f8d0afc92396
2020-03-03 16:58:58 +08:00
Yifan Hong
b34ede070d Allow update_engine to search metadata_file:dir.
This is previously needed by snapshotctl to initiate the merge,
but now update_engine is responsible for initiating the merge.

Bug: 147696014
Test: no selinux denial on boot.
Change-Id: I7804af1354d95683f4d05fc5593d78602aefe5a7
2020-03-02 18:20:37 -08:00
Automerger Merge Worker
8c0a066211 Merge "vold: allow to set boottime prop" am: 94dc474264
Change-Id: Ifaeadbf36f4486af3d566f9be774fecc4d8b9d32
2020-03-03 00:47:32 +00:00
Jaegeuk Kim
94dc474264 Merge "vold: allow to set boottime prop" 2020-03-03 00:33:50 +00:00
Felix
342b58a2ee property_contexts: Drop COMPATIBLE_PROP guard
public/property_contexts needs to be included regardless of
API level so that the property *labels* are always included.
Else, devices without PRODUCT_COMPATIBLE_PROPERTY (shipping
API level <27) will run into denials because the props are
labeled `default_prop`.

As a side benefit, this reduces deviation in test matrices.

The guard was originally introduced in:
e49714542e "Whitelist exported platform properties"

Test: Build for device without PRODUCT_COMPATIBLE_PROPERTY,
no more denials for accessing `default_prop` from e.g. HALs.

Change-Id: I5bbe5d078040bb26dd48d353953661c9375d2009
Signed-off-by: Felix <google@ix5.org>
2020-03-02 16:28:38 +01:00
Automerger Merge Worker
8b3a64da52 Merge "Add new apexd.status value of "activated"." am: f3f5163f0c
Change-Id: I0e854139d1d43a30c4e7507fc6cd09ce3ead707f
2020-03-02 10:33:47 +00:00
Oli Lan
f3f5163f0c Merge "Add new apexd.status value of "activated"." 2020-03-02 10:24:21 +00:00
Jaegeuk Kim
9c38162d28 vold: allow to set boottime prop
Bug: 149595111
Bug: 149844577
Bug: 138909685
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change-Id: I46b8828569dd008944685a1f0c45cbddc4870002
2020-02-28 17:20:47 -08:00
Automerger Merge Worker
4d07ceb77c Whitelist prop persist.device_config.configuration. am: 1d9daf1c6e
Change-Id: Ibcc0621551b4094a01122fa3e97e41dbb2814edd
2020-02-28 18:12:35 +00:00
Hongyi Zhang
1d9daf1c6e Whitelist prop persist.device_config.configuration.
For system prop flags from DeviceConfig namespace "Configuration".

Test: Build and run on local device
Bug: 149420506

Change-Id: If4196b4bf231e7c52f98b92cc0031a08dad06120
2020-02-27 14:06:58 -08:00
Howard Chen
389bc7baec Allow gsid to callback system server for oneway method
Bug: 149790245
Bug: 149716497
Test: adb shell am start-activity \
    -n com.android.dynsystem/com.android.dynsystem.VerificationActivity \
    -a android.os.image.action.START_INSTALL \
    -d file:///storage/emulated/0/Download/system.raw.gz \
    --el KEY_SYSTEM_SIZE $(du -b system.raw|cut -f1) \
    --el KEY_USERDATA_SIZE 8589934592

Change-Id: I41c7b1278cfc103c90282b6a6781eab66fc9dcdb
2020-02-27 16:32:25 +08:00
Automerger Merge Worker
b55baf51eb Merge "Add resize2fs to fsck_exec file context" am: aa6dba2770
Change-Id: Iac634e675fd7c2d8091894177842b2eb9d5ab025
2020-02-27 03:21:11 +00:00
Keun-young Park
aa6dba2770 Merge "Add resize2fs to fsck_exec file context" 2020-02-27 03:02:02 +00:00