Commit graph

114 commits

Author SHA1 Message Date
Felipe Leme
ba498b48bc Merge "Allow apps to read system_user_mode_emulation_prop." am: c696791a7f am: d221f197c2
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2072574

Change-Id: I8e01bac1b7708cee593163c65bb64164059826f0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-22 16:02:28 +00:00
Felipe Leme
b85242c00f Allow apps to read system_user_mode_emulation_prop.
As it's used by UserManager...

Test: sesearch --allow -s appdomain -t system_user_mode_emulation_prop $ANDROID_PRODUCT_OUT/vendor/etc/selinux/precompiled_sepolicy
Bug: 226643927

Change-Id: I1134a9e0b8ae758e3ebef054b96f9e3237a2401f
2022-04-21 18:49:12 -07:00
Jason Macnak
a93398051c Adds GPU sepolicy to support devices with DRM gralloc/rendering
... such as Cuttlefish (Cloud Android virtual device) which has a
DRM virtio-gpu based gralloc and (sometimes) DRM virtio-gpu based
rendering (when forwarding rendering commands to the host machine
with Mesa3D in the guest and virglrenderer on the host).

After this change is submitted, changes such as aosp/1997572 can
be submitted to removed sepolicy that is currently duplicated
across device/google/cuttlefish and device/linaro/dragonboard as
well.

Adds a sysfs_gpu type (existing replicated sysfs_gpu definitions
across several devices are removed in the attached topic). The
uses of `sysfs_gpu:file` comes from Mesa using libdrm's
`drmGetDevices2()` which calls into `drmParsePciDeviceInfo()` to
get vendor id, device id, version etc.

Bug: b/161819018
Test: launch_cvd
Test: launch_cvd --gpu_mode=gfxstream
Change-Id: I4f7d4b0fb90bfeef72f94396ff0c5fe44d53510c
Merged-In: I4f7d4b0fb90bfeef72f94396ff0c5fe44d53510c
2022-04-18 17:30:56 -07:00
Jason Macnak
365024e53f Adds GPU sepolicy to support devices with DRM gralloc/rendering
... such as Cuttlefish (Cloud Android virtual device) which has a
DRM virtio-gpu based gralloc and (sometimes) DRM virtio-gpu based
rendering (when forwarding rendering commands to the host machine
with Mesa3D in the guest and virglrenderer on the host).

After this change is submitted, changes such as aosp/1997572 can
be submitted to removed sepolicy that is currently duplicated
across device/google/cuttlefish and device/linaro/dragonboard as
well.

Adds a sysfs_gpu type (existing replicated sysfs_gpu definitions
across several devices are removed in the attached topic). The
uses of `sysfs_gpu:file` comes from Mesa using libdrm's
`drmGetDevices2()` which calls into `drmParsePciDeviceInfo()` to
get vendor id, device id, version etc.

Ignore-AOSP-First: must be submitted in internal as a topic first to
                   avoid having duplicate definitions of sysfs_gpu
                   in projects that are only available in internal

Bug: b/161819018
Test: launch_cvd
Test: launch_cvd --gpu_mode=gfxstream
Change-Id: I4f7d4b0fb90bfeef72f94396ff0c5fe44d53510c
Merged-In: I4f7d4b0fb90bfeef72f94396ff0c5fe44d53510c
2022-04-18 12:56:38 -07:00
Bram Bonne
b93f26fd89 Move sdk_sandbox sepolicy to AOSP.
Bug: 224796470
Bug: 203670791
Bug: 204989872
Bug: 211761016
Bug: 217543371
Bug: 217559719
Bug: 215105355
Bug: 220320098
Test: make, ensure device boots

Change-Id: Ia96ae5407f5a83390ce1b610da0d49264e90d7e2
Merged-In: Ib085c49f29dab47268e479fe5266490a66adaa87
Merged-In: I2215ffe74e0fa19ff936e90c08c4ebfd177e5258
Merged-In: I478c9a16032dc1f1286f5295fc080cbe574f09c9
Merged-In: Ibf478466e5d6ab0ee08fca4da3b4bae974a82db0
Merged-In: I5d519605d9fbe80c7b4c9fb6572bc72425f6e90a
Merged-In: I05d2071e023d0de8a93dcd111674f8d8102a21ce
Merged-In: I6572a7a5c46c52c9421d0e9c9fc653ddbd6de145
Merged-In: I1b6d1a778cb658bdfd930b684e4ba0640031b226
Merged-In: I9fb98e0caee75bdaaa35d11d174004505f236799
2022-03-17 10:22:33 +01:00
Evan Rosky
45a0b3a858 Merge "Add a persist.wm.debug property type and associated permissions" am: bd4cd1ac70 am: ded5bd867f am: 9a2c7ceb13
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2005839

Change-Id: I2a56ce8dc08c16b3652387d57b12448c8a057310
2022-03-08 03:01:17 +00:00
Evan Rosky
5cfdf2bd6e Add a persist.wm.debug property type and associated permissions
This is intended for wm properties related to wmshell/sysui.
Using this context allows sysui to manipulate these properties
in debug builds.

Bug: 219067621
Test: manual
Change-Id: I5808bf92dbba37e9e6da5559f8e0a5fdac016bf3
2022-03-07 19:44:59 +00:00
Nikita Ioffe
e2da633ef7 Rename SupplementalProcess to SdkSandbox
Ignore-AOSP-First: sepolicy is not in aosp, yet
Bug: 220320098
Test: presubmit
Change-Id: I9fb98e0caee75bdaaa35d11d174004505f236799
2022-02-23 20:44:20 +00:00
Bram Bonne
718ac20edb Only allow supplemental_process to execute from read-only locations
Test: atest SupplementalProcessTest
Bug: 215105355

Ignore-AOSP-First: Cherry picking internally first to rename. Will be cherry-picked to AOSP right after.

Change-Id: I1b6d1a778cb658bdfd930b684e4ba0640031b226
Merged-In: I1b6d1a778cb658bdfd930b684e4ba0640031b226
(cherry picked from commit 8ea8587abb)
2022-02-23 03:54:17 +00:00
Nikita Ioffe
143987073f Don't allow supplemental_process to access internal and external storage
Ignore-AOSP-First: feature developed internally
Bug: 211761016
Test: builds
Test: manually checked sp can't write to external storage
Change-Id: I05d2071e023d0de8a93dcd111674f8d8102a21ce
2022-01-14 23:24:09 +00:00
Nikita Ioffe
269e7cfc51 Move allow rules from public/app.te to private/app.te
Allow rules in public/*.te can only reference types defined in
public/*.te files. This can be quite cumbersome in cases a rule needs to
be updated to reference a type that is only defined in private/*.te.

This change moves all the allow rules from public/app.te to
private/app.te to make it possible to reference private types in the
allow rules.

Bug: 211761016
Test: m
Test: presubmit
Change-Id: I0c4a3f1ef568bbfdfb2176869fcd92ee648617fa
Merged-In: I0c4a3f1ef568bbfdfb2176869fcd92ee648617fa
2022-01-13 22:56:14 +00:00
Nikita Ioffe
eb833f0b5d Move allow rules from public/app.te to private/app.te
Allow rules in public/*.te can only reference types defined in
public/*.te files. This can be quite cumbersome in cases a rule needs to
be updated to reference a type that is only defined in private/*.te.

This change moves all the allow rules from public/app.te to
private/app.te to make it possible to reference private types in the
allow rules.

Ignore-AOSP-First: resolving merge conflict
Bug: 211761016
Test: m
Test: presubmit
Change-Id: I0c4a3f1ef568bbfdfb2176869fcd92ee648617fa
2022-01-07 03:22:01 +00:00
Thierry Strudel
78fc19e4fb Allow app to get dck_prop am: f4e3b06683 am: aa383c8bd3
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16530469

Change-Id: I39579cdfba378d2dbe1bf06b34431664e614037d
2021-12-24 07:03:28 +00:00
Thierry Strudel
aa383c8bd3 Allow app to get dck_prop am: f4e3b06683
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16530469

Change-Id: I87df425d523b3ed82abf5560cb63543287471222
2021-12-24 06:51:28 +00:00
Thierry Strudel
195149fcf8 Allow app to get dck_prop
Bug: 208742539
Test: gts-tradefed run gts -m GtsDckTestCases --log-level-display DEBUG
Merged-In: Ie3f7c54805b9947fd43fe5118fd4808b4744664d
Signed-off-by: Thierry Strudel <tstrudel@google.com>
Change-Id: Ie3f7c54805b9947fd43fe5118fd4808b4744664d
2021-12-24 06:50:53 +00:00
Thierry Strudel
f4e3b06683 Allow app to get dck_prop
Ignore-AOSP-First: Touches prebuilts/api/32.0/private/app.te
Bug: 208742539
Test: gts-tradefed run gts -m GtsDckTestCases --log-level-display DEBUG
Signed-off-by: Thierry Strudel <tstrudel@google.com>
Change-Id: Ie3f7c54805b9947fd43fe5118fd4808b4744664d
2021-12-24 06:22:31 +00:00
RafayKamran
eaa18ce0aa Initial sepolicy for supplemental process
Almost 1:1 of the sepolicy for ephemeral apps

Test: make

Bug: 203670791
Ignore-AOSP-First: Feature is developed in internal branch

Change-Id: Ib085c49f29dab47268e479fe5266490a66adaa87
2021-12-06 14:36:08 +00:00
Tianjie
b729aa6c5e Add context for checkin directory
Checkin apps use /data/misc_ce/<id>/checkin to backup the checkin
metadata. So users won't lose the checkin tokens when they clear
the app's storage.

One example is when GMScore is used for checkin, users may clear
GMScore data via "settings". If the device accidentally loses the
token without backup, it won't be able to checkin again until
factory reset.

The contents in checkin dir will be cleaned up when a user is removed
from the device. We also plan to add Gmscore test to ensure the dir
is cleaned up at checkin time, thus prevent other Gmscore modules
from using this storage by mistake.

Bug: 197636740
Test: boot device, check selinux label, check gmscore writes to the new dir
Change-Id: If3ff5e0fb75b4d49ce80d91b0086b58db002e4fb
2021-10-14 16:21:10 -07:00
Alan Stokes
39f497013c SEPolicy for compos_verify_key.
Remove some allow rules for odsign, since it no longer directly
modifies CompOs files. Instead allow it to run compos_verify_key in
its own domain.

Grant compos_verify_key what it needs to access the CompOs files and
start up the VM.

Currently we directly connect to the CompOs VM; that will change once
some in-flight CLs have landed.

As part of this I moved the virtualizationservice_use macro to
te_macros so I can use it here. I also expanded it to include
additional grants needed by any VM client that were previously done
for individual domains (and then deleted those rules as now
redundant).

I also removed the grant of VM access to all apps; instead we allow it
for untrusted apps, on userdebug or eng builds only. (Temporarily at
least.)

Bug: 193603140
Test: Manual - odsign successfully runs the VM at boot when needed.
Change-Id: I62f9ad8c7ea2fb9ef2d468331e26822d08e3c828
2021-09-03 16:31:02 +01:00
Jiyong Park
5e20d83cfb Add rules for virtualizationservice and crosvm
The test for the services has been running with selinux disabled. To
turn selinux on, required rules are allowed.

Below is the summary of the added rules.

* crosvm can read the composite disk files and other files (APKs,
APEXes) that serve as backing store of the composite disks.
* virtualizationservice has access to several binder services
  - permission_service: to check Android permission
  - apexd: to get apex files list (this will be removed eventually)
* Both have read access to shell_data_file (/data/local/tmp/...) for
testing purpose. This is not allowed for the user build.
* virtualizationservice has access to the pseudo terminal opened by adbd
so that it can write output to the terminal when the 'vm' tool is
invoked in shell.

Bug: 168588769
Test: /apex/com.android.virt/bin/vm run-app --log /dev/null
/data/local/tmp/virt/MicrodroidDemoApp.apk
/data/local/tmp/virt/MicrodroidDemoApp.apk.idsig
/data/local/tmp/virt/instance.img
assets/vm_config.json

without disabling selinux.

Change-Id: I54ca7c255ef301232c6e8e828517bd92c1fd8a04
2021-07-26 10:45:08 +09:00
Calin Juravle
d802bd8964 Enable ART properties modularization
ART is becoming a module and we need to be able to add new properties
without modifying the non updatable part of the platform:

- convert ART properties to use prefix in the namespace of
[ro].dalvik.vm.
- enable appdomain and coredomain to read device_config properties
that configure ART

(cherry picked from commit 0b2ca6c22c)

Test: boot
Bug: 181748174
Merged-In: Id23ff78474dba947301e1b6243a112b0f5b4a832
Change-Id: Id23ff78474dba947301e1b6243a112b0f5b4a832
2021-06-02 21:18:13 +00:00
Calin Juravle
0b2ca6c22c Enable ART properties modularization
ART is becoming a module and we need to be able to add new properties
without modifying the non updatable part of the platform:

- convert ART properties to use prefix in the namespace of
[ro].dalvik.vm.
- enable appdomain and coredomain to read device_config properties
that configure ART

Test: boot
Bug: 181748174
Change-Id: Id23ff78474dba947301e1b6243a112b0f5b4a832
2021-06-01 16:14:55 -07:00
liuyg
04c85dcfc4 Revert "Allow the MediaProvider app to set FUSE passthrough property"
This reverts commit c1e2918fd9.

Reason for revert: Build broke

Change-Id: I4b95e977cf66c586b0d0b465f1b3654c01074152
2021-05-13 18:18:28 +00:00
Alessio Balsini
c1e2918fd9 Allow the MediaProvider app to set FUSE passthrough property
Allow the MediaProvider app to write the system property
fuse.passthrough.enabled in case FUSE passthrough is enabled.
The need for this additional system property is due to the ScopedStorage
CTS tests that are assuming FUSE passtrhough is always on for devices
supporting it, but there may be some cases (e.g., GSI mixed builds)
where this is not possible true and the feature is disabled at runtime,
thus causing the tests to fail.
This additional system property is only set when FUSE passthrough is
actually being used by the system.

Bug: 186635810
Test: CtsScopedStorageDeviceOnlyTest
Signed-off-by: Alessio Balsini <balsini@google.com>
Change-Id: I623042d67399253a9167188c3748d93eb0f2d41f
2021-05-13 17:38:16 +00:00
Orion Hodson
13ee65392e app.te: enable mapping ART apexdata cache executable
Some jars, such com.android.location.provider.jar, are both on the
system_server classpath and loaded as libraries. If the .oat files are
in the ART apexdata cache (due to being system_server classpath), they
need to be execute permission to be usable as AOT compiled libraries.

Bug: 184881321
Test: install an updated ART apex, open apps, see no more denials
Change-Id: I89b74dfa047699c568575d99a29c5e74abdef076
2021-04-27 16:41:23 +01:00
Zim
b61bcc87ed Allow appdomain sepolicy search access to /mnt/media_rw
untrusted apps were already granted this policy and we now extend it
to all apps. This allows FileManager apps with the
MANAGE_EXTERNAL_STORAGE permisssion to access USB OTG volumes mounted
on /mnt/media_rw/<vol>.

This permission access in the framework is implemented by granting
those apps the external_storage gid. And at the same time USB volumes
will be mounted on /mnt/media_rw/<vol> with the external_storage gid.
There is no concern of interferring with FUSE on USB volumes because
they are not FUSE mounted.

For sdcards (non-USB) volumes mounted on /mnt/media_rw/<vol>, those
volumes are mounted with the media_rw gid, so even though they are
FUSE mounted on /storage/<vol>, arbitrary apps cannot access the
/mnt/media_rw path since only the FUSE daemon is granted the media_rw
gid.

Test: Manual
Bug: 182732333
Change-Id: I70a3eb1f60f32d051f44253b0db2c7b852d79ba1
2021-04-13 14:56:44 +00:00
Martijn Coenen
4825e8662d Allow apps to read apex_art_data_file:dir
This should be ok since apps are already allowed to read the contained
files; the dir is iterated by tests to ensure that all files are signed
correctly.

Bug: 165630556
Test: new test passes

Change-Id: Ib6c298f2b267839a802c17288230a8151a1eec86
2021-03-29 13:51:47 +02:00
Yifan Hong
4f3a86d1e9 Revert "Allow CTS DeviceInfo to read VAB prop."
This reverts commit 809eb75553.

Reason for revert: should allow shell to do it instead

Change-Id: Ie07b86d1308cb41885957d2214ed7ce190f5ae18
Test: pass
Bug: 179427873
2021-02-18 12:46:42 -08:00
Josh Gao
ce1c4a54ae Let apps read tombstones given to them.
Bug: http://b/159164105
Test: atest CtsNativeTombstoneTestCases
Change-Id: I278c7ab815bb044b939afeb1f8a5ae37ec2f4c91
2021-02-08 17:19:43 -08:00
Yifan Hong
809eb75553 Allow CTS DeviceInfo to read VAB prop.
Test: adb shell am instrument -w \
  com.android.compatibility.common.deviceinfo/androidx.test.runner.AndroidJUnitRunner
Fixes: 179427873
Change-Id: I1dd2c480408b7695ab0285645de5b06b8b6137c5
2021-02-04 19:56:07 -08:00
Seigo Nonaka
9c3707f76a Add /data/fonts/files directory
The updated font files will be stored to /data/fonts/files and
all application will read it for drawing text.
Thus, /data/fonts/files needs to be readable by apps and only writable
by system_server (and init).

Bug: 173517579
Test: atest CtsGraphicsTestCases
Test: Manually done
Change-Id: Ia76b109704f6214eb3f1798e8d21260343eda231
2021-01-22 11:58:55 -08:00
Orion Hodson
8f75f76fbd Permissions for odrefresh and /data/misc/apexdata/com.android.art
odrefresh is the process responsible for checking and creating ART
compilation artifacts that live in the ART APEX data
directory (/data/misc/apexdata/com.android.art).

There are two types of change here:

1) enabling odrefresh to run dex2oat and write updated boot class path
   and system server AOT artifacts into the ART APEX data directory.

2) enabling the zygote and assorted diagnostic tools to use the
   updated AOT artifacts.

odrefresh uses two file contexts: apex_art_data_file and
apex_art_staging_data_file. When odrefresh invokes dex2oat, the
generated files have the apex_art_staging_data_file label (which allows
writing). odrefresh then moves these files from the staging area to
their installation area and gives them the apex_art_data_file label.

Bug: 160683548
Test: adb root && adb shell /apex/com.android.art/bin/odrefresh
Change-Id: I9fa290e0c9c1b7b82be4dacb9f2f8cb8c11e4895
2021-01-13 10:38:22 +00:00
Inseob Kim
0cef0fe5ac Add contexts for sqlite debug properties
These are read by some apps, but don't have any corresponding property
contexts. This adds a new context as we're going to remove default_prop
access.

Bug: 173360450
Test: no sepolicy denials
Change-Id: I9be28d8e641eb6380d080150bee785a3cc304ef4
2020-11-18 12:14:20 +09:00
Inseob Kim
4ae7ec1915 Remove exported3_radio_prop
It's renamed to radio_control_prop

Bug: 162214733
Test: boot
Change-Id: Idede1a1ab471a354a6f5df12b6889abc7c1ad869
2020-08-03 09:23:39 +00:00
Hongguang Chen
67c3688497 Allow vendor_init to set service.adb.tcp.port
adbd and apps (SystemUI and CTS test apps) need to read it.

BUG: 162205386
Test: Connect to device which sets service.adb.tcp.port in vendor
      partition through TCP adb.

Change-Id: Ia37dd0dd3239381feb2a4484179a0c7847166b29
2020-07-28 02:13:03 +00:00
Inseob Kim
c97a97cd3f Move more properties out of exported3_default_prop
This is to remove exported3_default_prop. Contexts of these properties
are changed.

- ro.boot.wificountrycode
This becomes wifi_config_prop

- ro.opengles.version
This becomes graphics_config_prop. Also it's read by various domains, so
graphics_config_prop is now readable from coredomain.

- persist.config.calibration_fac
This becomes camera_calibration_prop. It's only readable by appdomain.

Bug: 155844385
Test: no denials on Pixel devices
Test: connect wifi
Change-Id: If2b6c10fa124e29d1612a8f94ae18b223849e2a9
2020-07-21 13:11:57 +09:00
Inseob Kim
c80b024241 Relabel various exported3_default_prop
This removes bad context names "exported*_prop". Property contexts of
following properties are changed. All properties are settable only by
vendor-init.

- ro.config.per_app_memcg
This becomes lmkd_config_prop.

- ro.zygote
This becomes dalvik_config_prop.

- ro.oem_unlock_supported
This becomes oem_unlock_prop. It's readable by system_app which includes
Settings apps.

- ro.storage_manager.enabled
This becomes storagemanagr_config_prop. It's readable by coredomain.
Various domains in coredomain seem to read it.

- sendbug.preferred.domain
This bcomes sendbug_config_prop. It's readable by appdomain.

There are still 3 more exported3_default_prop, which are going to be
tracked individually.

Bug: 155844385
Test: selinux denial check on Pixel devices
Change-Id: I340c903ca7bda98a92d0f157c65f6833ed00df05
2020-07-20 16:11:58 +09:00
Inseob Kim
d2c0b7bf9e Remove redundant get_prop rule
The rule "get_prop(coredomain, vts_status_prop)" is duplicated by
mistake. It's already in coredomain.te, and it should be deleted from
app.te

Bug: N/A
Test: m selinux_policy
Change-Id: I816c8da74940fc6ccdd50fe377aa54eae36237b4
2020-07-16 16:10:57 +00:00
Inseob Kim
212e2b621a Add property contexts for vts props
vts_config_prop and vts_status_prop are added to remove exported*_prop.
ro.vts.coverage becomes vts_config_prop, and vts.native_server.on
becomes vts_status_prop.

Bug: 155844385
Test: Run some vts and then getprop, e.g. atest \
      VtsHalAudioEffectV4_0TargetTest && adb shell getprop
Test: ro.vts.coverage is read without denials
Change-Id: Ic3532ef0ae7083db8d619d80e2b73249f87981ce
2020-07-16 16:26:17 +09:00
Inseob Kim
dddf6f561f Relabel media.recorder.show_manufacturer_and_model
To remove exported*_default_prop

Bug: 155844385
Test: capture video
Test: atest writerTest
Change-Id: I74223c8daa44acf0aba33bff31cfe21f6242f941
2020-07-08 15:32:57 +09:00
Inseob Kim
5eacf72460 Allow apps to read packagemanager_config_prop
To fix regression of CTS privappPermissionsMustBeEnforced

Bug: 159647344
Test: atest PrivappPermissionsTest#privappPermissionsMustBeEnforced
Change-Id: I88af05305f9aef6e813d0a72adad63b6b8f99487
Merged-In: I88af05305f9aef6e813d0a72adad63b6b8f99487
2020-07-01 02:29:53 +00:00
Peiyong Lin
37dea070ce Update sepolicy for GPU profiling properties.
A device must indicate whether GPU profiling is supported or not through
setting these two properties properly. CTS needs to read these two
properties in order to run corresponding compliance tests. Hence need to
update sepolicy for these two properties.

Bug: b/157832445
Test: Test on Pixel 4
Change-Id: I6f400ecbbd5e78b645bb620fa24747e9367c2ff3
Merged-In: I6f400ecbbd5e78b645bb620fa24747e9367c2ff3
2020-06-05 12:03:29 -07:00
Inseob Kim
641cffeb0e Grant app and hal access to telephony_config_prop
To resolve regression.

Bug: 158254452
Test: m selinux_policy
Change-Id: If0db9b9a4af6c34a007d0549aa7a5dd465e4ed63
2020-06-05 10:40:16 +09:00
Inseob Kim
dbcc459b90 Take new types out of compatible_property_only
compatible_property_only is meaningless to new types introduced after
Android P because the macro is for types which should have different
accessibilities depending on the device's launching API level.

Bug: N/A
Test: system/sepolicy/tools/build_policies.sh
Change-Id: If6b1cf5e4203c74ee65f170bd18c3a354dca2fd4
2020-05-25 17:31:26 +09:00
Daniel Rosenberg
afede84ad5 Add sdcardfs variable to storage_config_props
This property allows us to disable sdcardfs if it is present. The old
property ended up getting repurposed, so a new one was needed.
Mediaprovider will also need to access this to determine what actions it
needs to take.

Test: builds
Bug: 155222498
Change-Id: I66ac106613cbb374f54659601e4ba3f61eaecd2f
2020-05-19 00:30:52 -07:00
Jeff Vander Stoep
67896eef07 Reduce graphics logspam
There is no change in behavior. These denials were already
being blocked.

Bug: 79617173
Test: build
Change-Id: Iffd1e5ba42854615eeea9490fe9150678ac98796
2020-04-02 13:43:26 +02:00
Jeff Vander Stoep
607bc67cc9 Prevent apps from causing presubmit failures
Apps can cause selinux denials by accessing CE storage
and/or external storage. In either case, the selinux denial is
not the cause of the failure, but just a symptom that
storage isn't ready. Many apps handle the failure appropriately.

These denials are not helpful, are not the cause of a problem,
spam the logs, and cause presubmit flakes. Suppress them.

Bug: 145267097
Test: build
Change-Id: If87b9683e5694fced96a81747b1baf85ef6b2124
2019-12-16 11:19:05 +01:00
Florian Mayer
5e52281372 Allow Java domains to be Perfetto producers.
This is needed to get Java heap graphs.

Test: flash aosp; profile system_server with setenforce 1

Bug: 136210868

Change-Id: I87dffdf28d09e6ce5f706782422510c615521ab3
2019-10-10 10:40:26 +01:00
Xiao Ma
e2876a3d11 revert ipmemorystore selinux policy.
Since ipmemorystore service has been moved to network stack from
system service, also should revert the relevant sepolicy which is
corresponding to the previous configuration.

Bug: 128392280
Test: atest FrameworksNetTests NetworkStackTests
Change-Id: I1ae09696e620b246f817db71e7b71c32aae9be05
2019-04-01 16:37:25 +09:00
Jeff Vander Stoep
9f5d0d90a3 Initial selinux policy support for memfd
Move all app tmpfs types to appdomain_tmpfs. These are still protected
by mls categories and DAC. TODO clean up other app tmpfs types in a
separate change.

Treble-ize tmpfs passing between graphics composer HAL and
surfaceflinger.

Bug: 122854450
Test: boot Blueline with memfd enabled.
Change-Id: Ib98aaba062f10972af6ae80fb85b7a0f60a32eee
2019-01-30 19:11:49 +00:00