Commit graph

397 commits

Author SHA1 Message Date
Kalesh Singh
6ba41462d5 Merge changes from topic "mglru-exp"
* changes:
  Add sepolicy for Multi-Gen LRU sysfs control
  Add sepolicy for mglru_native flag namespace
2022-04-12 13:48:48 +00:00
Kalesh Singh
98f63495b2 Add sepolicy for Multi-Gen LRU sysfs control
init is allowed to enable/disable MG-LRU.

Bug: 227651406
Bug: 228525049
Test: setprop persist.device_config.mglru_native.lru_gen_config
Test: verify no avc denials in logcat
Change-Id: I20223f3628cb6909c3fd2eb2b821ff2d52202dd2
2022-04-08 13:37:50 -07:00
Andy Yu
8337d04202 Add label and permission for game_mode_intervention.list
Bug: 219543620
Doc: go/game-dashboard-information-to-perfetto
Test: TBD
Change-Id: Ic6622aadef05e22c95d4ba739beed0e6fa1f3a38
2022-03-29 14:12:14 -07:00
Carlos Llamas
75821321c7 sepolicy: allow access to binderfs feature files
The binder driver now advertises the features it supports through
individual files under /dev/binderfs/features/*. Let all domains have
access to these files to determine how to interact with the driver.

Bug: 191910201
Tested: clients are able to read feature files via libbinder
Signed-off-by: Carlos Llamas <cmllamas@google.com>
Change-Id: Ice5de9efee74e571ef0a23ce093af162fc3b276e
2022-03-09 08:55:10 -08:00
Ramji Jiyani
4a556890f9 system_dlkm: sepolicy: add system_dlkm_file_type
Add new attribute system_dlkm_file_type for
/system_dlkm partition files.

Bug: 218392646
Bug: 200082547
Test: TH
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
Change-Id: I193c3f1270f7a1b1259bc241def3fe51d77396f3
2022-02-11 04:19:33 +00:00
Steven Moreland
c27d24c37c Allow BPF programs from vendor.
Who needs all those context switches?

bpfloader controls which types of vendor programs can be used.

Bug: 140330870
Bug: 162057235
Test: successfully load bpf programs from vendor
Change-Id: I36e4f6550da33fea5bad509470dfd39f301f13c8
2022-02-08 22:46:54 +00:00
Paul Lawrence
04cddf8af2 Merge "Allow bpfloader to read fuse's bpf_prog number" 2021-11-29 16:18:42 +00:00
Rajesh Nyamagoud
ce542660c9 Added sepolicy rule for vendor uuid mapping config
New type added in sepolicy to restrict Vendor defined uuid mapping
config file access to SecureElement.

Bug: b/180639372
Test: Run OMAPI CTS and VTS tests
Change-Id: I81d715fa5d5a72c893c529eb542ce62747afcd03
2021-11-20 01:08:11 +00:00
Paul Lawrence
e3e26b7bea Allow bpfloader to read fuse's bpf_prog number
Bug: 202785178
Test: Along with rest of topic, file
/sys/fs/bpf/prog_fuse_media_fuse_media
appears on boot with fuse-bpf in kernel

Merged-In: Ibccdf177c75fef0314c86319be3f0b0f249ce59d
Change-Id: Ibccdf177c75fef0314c86319be3f0b0f249ce59d
2021-11-19 01:43:58 +00:00
Maciej Żenczykowski
3702f3385e introduce new 'proc_bpf' for bpf related sysctls
What to tag chosen based on output of:
  find /proc 2>/dev/null | egrep bpf
on a 5.10 kernel.

Tagged with prefixes to be more likely not require changes in the future

  $ adb root
  $ adb shell 'ls -lZ /proc/sys/net/core/bpf_* /proc/sys/kernel/*bpf*'

Before:
  -rw-r--r-- 1 root root u:object_r:proc:s0      0 2021-11-11 02:11 /proc/sys/kernel/bpf_stats_enabled
  -rw-r--r-- 1 root root u:object_r:proc:s0      0 2021-11-11 02:11 /proc/sys/kernel/unprivileged_bpf_disabled
  -rw-r--r-- 1 root root u:object_r:proc_net:s0  0 2021-11-11 02:11 /proc/sys/net/core/bpf_jit_enable
  -rw------- 1 root root u:object_r:proc_net:s0  0 2021-11-11 02:11 /proc/sys/net/core/bpf_jit_harden
  -rw------- 1 root root u:object_r:proc_net:s0  0 2021-11-11 02:11 /proc/sys/net/core/bpf_jit_kallsyms
  -rw------- 1 root root u:object_r:proc_net:s0  0 2021-11-11 02:11 /proc/sys/net/core/bpf_jit_limit

After:
  -rw-r--r-- 1 root root u:object_r:proc_bpf:s0  0 2021-11-11 02:08 /proc/sys/kernel/bpf_stats_enabled
  -rw-r--r-- 1 root root u:object_r:proc_bpf:s0  0 2021-11-11 02:08 /proc/sys/kernel/unprivileged_bpf_disabled
  -rw-r--r-- 1 root root u:object_r:proc_bpf:s0  0 2021-11-11 02:08 /proc/sys/net/core/bpf_jit_enable
  -rw------- 1 root root u:object_r:proc_bpf:s0  0 2021-11-11 02:08 /proc/sys/net/core/bpf_jit_harden
  -rw------- 1 root root u:object_r:proc_bpf:s0  0 2021-11-11 02:08 /proc/sys/net/core/bpf_jit_kallsyms
  -rw------- 1 root root u:object_r:proc_bpf:s0  0 2021-11-11 02:08 /proc/sys/net/core/bpf_jit_limit

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I46ea81ff42d3b915cf7a96735dc2636d9808ead6
2021-11-11 02:54:21 -08:00
Bart Van Assche
5e016c1721 Merge "Stop using the bdev_type and sysfs_block_type SELinux attributes" 2021-11-05 20:36:02 +00:00
Treehugger Robot
37919f5b87 Merge "Remove references to nonplat sepolicy" 2021-11-05 15:25:54 +00:00
Jeff Vander Stoep
f098071ac7 Remove references to nonplat sepolicy
"nonplat" was renamed to "vendor" in Android Pie, but was retained
here for Treble compatibility.

We're now outside of the compatbility window for these devices so
it can safely be removed.

Test: atest treble_sepolicy_tests
Change-Id: Iaa22af41a07b13adb7290f570db7a9d43b6e85cc
2021-11-05 15:07:57 +01:00
Alistair Delva
6092d633b0 Allow init to write to /proc/cpu/alignment
The root init.rc does "write /proc/cpu/alignment 4", but we don't
actually allow this write in core sepolicy. This seems to be a 32-bit
ARM only proc file.

Noticed when booting 32-bit ARM Cuttlefish.

Bug: 145371497
Change-Id: Ic099395708f7236bcc2fc5c561809a7e129786de
2021-11-01 10:17:26 -07:00
Bart Van Assche
4374a1fd83 Stop using the bdev_type and sysfs_block_type SELinux attributes
Stop using these SELinux attributes since the apexd and init SELinux
policies no longer rely on these attributes.

The difference between the previous versions of this patch and the
current patch is that the current patch does not remove any SELinux
attributes. See also
https://android-review.googlesource.com/c/platform/system/sepolicy/+/1850656.
See also
https://android-review.googlesource.com/c/platform/system/sepolicy/+/1862919.

This patch includes a revert of commit 8b2b951349 ("Restore permission
for shell to list /sys/class/block").  That commit is no longer necessary
since it was a bug fix for the introduction of the sysfs_block type.

Bug: 202520796
Test: source build/envsetup.sh && lunch aosp_x86_64 && m && launch_cvd
Change-Id: I73e1133af8146c154af95d4b96132e49dbec730c
Signed-off-by: Bart Van Assche <bvanassche@google.com>
2021-10-29 15:22:09 -07:00
Bart Van Assche
e3cfa9e1d3 Revert "Remove the bdev_type and sysfs_block_type SELinux attributes"
This reverts commit 63930d3850.

Reason for revert: Broken build (https://android-build.googleplex.com/builds/submitted/7863094/aosp_raven-userdebug/latest/view/logs/error.log)

Change-Id: I1742d69d471e9b00359a2e7e654aa752513990df
2021-10-28 18:03:49 +00:00
Bart Van Assche
63930d3850 Remove the bdev_type and sysfs_block_type SELinux attributes
Remove these SELinux attributes since the apexd and init SELinux policies
no longer rely on these attributes.

The only difference between a previous version of this patch and the
current patch is that the current patch moves these attributes to the
'compat' policy. See also
https://android-review.googlesource.com/c/platform/system/sepolicy/+/1850656.

This patch includes a revert of commit 8b2b951349 ("Restore permission
for shell to list /sys/class/block"). That commit is no longer necessary
since it was a bug fix for the introduction of the sysfs_block type.

Bug: 202520796
Test: source build/envsetup.sh && lunch aosp_x86_64 && m && launch_cvd && adb -e shell dmesg | grep avc
Change-Id: Id7d32a914e48bc74da63d87ce6a09f11e323c186
Signed-off-by: Bart Van Assche <bvanassche@google.com>
2021-10-25 16:26:07 -07:00
Michał Brzeziński
e8739ba23a Revert "Remove the bdev_type and sysfs_block_type SELinux attributes"
Revert "Remove the bdev_type and sysfs_block_type SELinux attributes"

Revert "Remove the bdev_type and sysfs_block_type SELinux attributes"

Revert submission 1850578-remove-selinux-bdev-type

Reason for revert: DroidMonitor-triggered revert due to breakage, bug b/203480787

BUG: 203480787

Reverted Changes:
I263bce9c4:Remove the bdev_type and sysfs_block_type SELinux ...
Ibc9039f96:Revert "Add the 'bdev_type' attribute to all block...
Ic6ae83576:Remove the bdev_type and sysfs_block_type SELinux ...
Ie493022a8:Remove the bdev_type and sysfs_block_type SELinux ...
I1f1ca439b:Revert "Add the 'bdev_type' attribute to all block...
I283f8676b:Revert "Add the 'bdev_type' attribute to all block...
I7c5c242c5:Revert "Add the 'bdev_type' attribute to all block...
Id78d8f7dc:Remove the bdev_type and sysfs_block_type SELinux ...
I9c4b2c48b:Remove the bdev_type and sysfs_block_type SELinux ...
I51e9d384a:Remove the bdev_type and sysfs_block_type SELinux ...
I2c414de3b:Remove the sysfs_block_type SELinux attribute

Change-Id: I55609803d530772d507d9dca8ba202a96daf24b7
2021-10-19 10:57:42 +00:00
Bart Van Assche
c50f66900f Remove the bdev_type and sysfs_block_type SELinux attributes
Remove these SELinux attributes since adding these attributes introduces
a depencency from vendor SELinux policies on the generic SELinux policy,
something that is not allowed. This patch includes a revert of commit
8b2b951349 ("Restore permission for shell to list /sys/class/block").
That commit is no longer necessary since it was a bug fix for the
introduction of the sysfs_block type.

Bug: 202520796
Test: source build/envsetup.sh && lunch aosp_x86_64 && m && launch_cvd
Change-Id: Ic6ae835768212648ca09fd5c83c39180103c3b1b
Signed-off-by: Bart Van Assche <bvanassche@google.com>
2021-10-18 11:37:09 -07:00
Bart Van Assche
27f77dc9b0 Grant apexd access the SELinux type sysfs_devices_block
Commit ec50aa5180 ("Allow the init and apexd processes to read all
block device properties") did not include the SELinux type
sysfs_devices_block although it should have included that SELinux
type. Fix this.

Bug: 194726804
Change-Id: Ia299a0a8b28160c634863e15ae66fae8f18a5efb
Signed-off-by: Bart Van Assche <bvanassche@google.com>
2021-09-23 09:52:11 -07:00
Suren Baghdasaryan
6988677f22 Allow init to execute extra_free_kbytes.sh script
extra_free_kbytes.sh is used by init to set /sys/vm/watermark_scale_factor
value. Allow init to execute extra_free_kbytes.sh and the script to access
/proc/sys/vm/watermark_scale_factor and /proc/sys/vm/extra_free_kbytes
files.

Bug: 109664768
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I55ec07e12a1cc5322cfdd4a48d0bdc607f45d832
2021-08-17 17:02:38 +00:00
Jiyong Park
11d2b1c5c9 Merge "Don't prevent crosvm from accessing vendor-owned VM disk images" 2021-08-10 01:34:08 +00:00
Bart Van Assche
ec50aa5180 Allow the init and apexd processes to read all block device properties
Addressing b/194450129 requires configuring the I/O scheduler and the
queue depth of loop devices. Doing this in a generic way requires
iterating over the block devices under /sys/class/block and also to
examine the properties of the boot device (/dev/sda). Hence this patch
that allows 'init' and 'apexd' to read the properties of all block
devices. The patch that configures the queue depth is available at
https://android-review.googlesource.com/c/platform/system/core/+/1783847.

Test: Built Android images, installed these on an Android device and verified that modified init and apexd processes do not trigger any SELinux complaints.
Change-Id: Icb62449fe0d21b3790198768a2bb8e808c7b968e
Signed-off-by: Bart Van Assche <bvanassche@google.com>
2021-08-09 13:46:41 -07:00
Jiyong Park
3fee5a43c1 Don't prevent crosvm from accessing vendor-owned VM disk images
There can be VM disk images that are specific to the underlying SoC.
e.g. in case where SoC-specific hardware is dedicated to a VM and the VM
needs drivers (or HALs) for the hardware.

Don't prevent crosvm from reading such a SoC-specific VM disk images.

Note that this doesn't actually allow crosvm to do that in AOSP. Such an
allow rule could be added in downstreams where such use cases exist.

Bug: 193605879
Test: m
Change-Id: If19c0b6adae4c91676b142324c2903879548a135
2021-08-09 11:13:54 +09:00
Rick Yiu
b31ec34eef Move vendor_sched to common sepolicy
Previously vendor_sched is put under product area which will be replaced
by GSI. To solve it, move it to system/sepolicy.

Bug: 194656257
Test: build pass
Change-Id: Ia0b855e3a876a58b58f79b4fba09293419797b47
2021-07-30 03:01:32 +00:00
David Anderson
bf5b6ce422 Add new snapuserd socket and property rules.
This adds a new property prefix owned by snapuserd, for communicating
when the service is ready to accept connections (snapuserd.ready and
snapuserd.proxy_ready).

This also adds a new socket context. This is a seqpacket socket used to
communicate with a special instance of snapuserd that bridges to the
first-stage daemon.

Bug: 193833730
Test: no denials after OTA applies and boots
Change-Id: Ibad03659eba5c25e205ba00f27d0b4f98585a84b
2021-07-27 10:50:59 -07:00
Alan Stokes
fa10a14fac Refactor apex data file types.
We ended up with 4 labels for specific APEX files that were all
identical; I've replaced them with a single one
(apex_system_server_data_file).

Additionally I created an attribute to be applied to a "standard" APEX
module data file type that establishes the basics (it can be managed
by vold_prepare_subdirs and apexd), to make it easier to add new such
types - which I'm about to do.

Fix: 189415223
Test: Presubmits
Change-Id: I4406f6680aa8aa0e38afddb2f3ba75f8bfbb8c3c
2021-07-12 14:41:04 +01:00
Martin Liu
4db56b0b52 allow init to access watermark_boost_factor
Bug: 189938926
Test: boot
Signed-off-by: Martin Liu <liumartin@google.com>
Change-Id: I07c8490c94c837952921e95f12efa6213edbf056
2021-07-01 12:24:52 +08:00
Thiébaud Weksteen
9ec532752d Add fusefs_type for FUSE filesystems
Any FUSE filesystem will receive the 'fuse' type when mounted. It is
possible to change this behaviour by specifying the "context=" or
"fscontext=" option in mount().

Because 'fuse' has historically been used only for the emulated storage,
it also received the 'sdcard_type' attribute. Replace the 'sdcard_type'
attribute from 'fuse' with the new 'fusefs_type'. This attribute can be
attached on derived types (such as app_fusefs).

This change:
- Remove the neverallow restriction on this new type. This means any
  custom FUSE implementation can be mounted/unmounted (if the correct
  allow rule is added). See domain.te.
- Change the attribute of 'fuse' from 'sdcard_type' to 'fusefs_type'.
  See file.te.
- Modify all references to 'sdcard_type' to explicitly include 'fuse'
  for compatibility reason.

Bug: 177481425
Bug: 190804537
Test: Build and boot aosp_cf_x86_64_phone-userdebug
Change-Id: Id4e410a049f72647accd4c3cf43eaa55e94c318f
2021-06-28 13:18:46 +02:00
Alexander Dorokhine
0b2553a32b Allow the appsearch apex access to the apexdata misc_ce dir.
Bug: 177685938
Test: AppSearchSessionCtsTest
Change-Id: I727860a02cb9e612ce6c322662d418cddc2ff358
2021-05-26 09:47:19 -07:00
Hridya Valsaraju
f35c70b0dd Merge changes If26ba23d,Ibea38822
* changes:
  Revert "Revert "Exclude vendor_modprobe from debugfs neverallow restrictions""
  Revert "Revert "Add neverallows for debugfs access""
2021-05-05 17:31:35 +00:00
Songchun Fan
633f7ca868 [sepolicy] allow system server to read incfs metrics from sysfs
Address denial messages like:

05-05 05:02:21.480  1597  1597 W Binder:1597_12: type=1400 audit(0.0:140): avc: denied { read } for name="reads_delayed_min" dev="sysfs" ino=107358 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

BUG: 184844615
Test: atest android.cts.statsdatom.incremental.AppErrorAtomTests#testAppCrashOnIncremental
Change-Id: I201e27e48a08f99f41a030e06c6f22518294e056
2021-05-04 22:56:41 -07:00
Hridya Valsaraju
23f9f51fcd Revert "Revert "Add neverallows for debugfs access""
This reverts commit e95e0ec0a5.

Now that b/186727553 is fixed, it should be safe to revert this revert.

Test: build
Bug: 184381659
Change-Id: Ibea3882296db880f5cafe4f9efa36d79a183c8a1
2021-05-04 22:06:46 -07:00
Hridya Valsaraju
7362f58895 Merge changes from topic "revert-1668411-MWQWEZISXF"
* changes:
  Revert "Add a neverallow for debugfs mounting"
  Revert "Add neverallows for debugfs access"
  Revert "Exclude vendor_modprobe from debugfs neverallow restrictions"
  Revert "Check that tracefs files are labelled as tracefs_type"
2021-04-23 22:06:31 +00:00
Hridya Valsaraju
e95e0ec0a5 Revert "Add neverallows for debugfs access"
Revert submission 1668411

Reason for revert: Suspect for b/186173384
Reverted Changes:
Iaa4fce9f0:Check that tracefs files are labelled as tracefs_t...
I743a81489:Exclude vendor_modprobe from debugfs neverallow re...
I63a22402c:Add neverallows for debugfs access
I289f2d256:Add a neverallow for debugfs mounting

Change-Id: I9b7d43ac7e2ead2d175b265e97c749570c95e075
2021-04-23 16:38:20 +00:00
Treehugger Robot
005ae599cd Merge changes from topic "debugfs_neverallow"
* changes:
  Check that tracefs files are labelled as tracefs_type
  Exclude vendor_modprobe from debugfs neverallow restrictions
  Add neverallows for debugfs access
  Add a neverallow for debugfs mounting
2021-04-22 16:41:06 +00:00
Hridya Valsaraju
a0b504a484 Add neverallows for debugfs access
Android R launching devices and newer must not ship with debugfs
mounted. For Android S launching devices and newer, debugfs must only be
mounted in userdebug/eng builds by init(for boot time initializations)
and dumpstate(for grabbing debug information from debugfs using the
dumpstate HAL).

This patch adds neverallow statements to prevent othe processes
being provided access to debugfs when the flag PRODUCT_SET_DEBUGFS_RESTRICTIONS
is set to true.

Test: make with/without PRODUCT_SET_DEBUGFS_RESTRICTIONS
Bug: 184381659
Change-Id: I63a22402cf6b1f57af7ace50000acff3f06a49be
2021-04-21 14:13:22 -07:00
David Massoud
c50fecd8ef Allow traced_probes to read devfreq
- Add dir read access to /sys/class/devfreq/
- Add file read access to /sys/class/devfreq/$DEVICE/cur_freq

Resolves the following denials:
W traced_probes: type=1400 audit(0.0:8):
avc: denied { read } for name="devfreq" dev="sysfs"
ino=28076 scontext=u:r:traced_probes:s0
tcontext=u:object_r:sysfs:s0 tclass=dir permissive=0

W traced_probes: type=1400 audit(0.0:226):
avc: denied { read } for name="cur_freq" dev="sysfs"
ino=54729 scontext=u:r:traced_probes:s0
tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

See ag/14187061 for device specific sysfs_devfreq_cur labels

Bug: 181850306
Test: ls -Z, record perfetto trace
Change-Id: I23cebb16505313160e14b49e82e24da9b81cad70
2021-04-16 20:02:06 +08:00
Yabin Cui
49806a1067 Merge "Add vendor_kernel_modules type to public." 2021-04-08 17:49:16 +00:00
Yabin Cui
2e2df6b3a7 Add vendor_kernel_modules type to public.
Bug: 166559473
Bug: 183135316
Test: build and boot
Change-Id: Idc9f6235a1b69236ce274d9b3173f6d39ee04c82
Merged-In: Idc9f6235a1b69236ce274d9b3173f6d39ee04c82
(cherry picked from commit 3b23f17eae)
2021-04-06 14:28:36 -07:00
Yi-Yo Chiang
806898db48 Split gsi_metadata_file and add gsi_metadata_file_type attribute
Split gsi_metadata_file into gsi_metadata_file plus
gsi_public_metadata_file, and add gsi_metadata_file_type attribute.
Files that are okay to be publicly readable are labeled with
gsi_public_metadata_file. Right now only files needed to infer the
device fstab belong to this label.
The difference between gsi_metadata_file and gsi_public_metadata_file is
that gsi_public_metadata_file has relaxed neverallow rules, so processes
who wish to read the fstab can add the respective allow rules to their
policy files.
Allow gsid to restorecon on gsi_metadata_file to fix the file context of
gsi_public_metadata_file.

Bug: 181110285
Test: Build pass
Test: Issue a DSU installation then verify no DSU related denials and
  files under /metadata/gsi/ are labeled correctly.
Change-Id: I54a5fe734dd345e28fd8c0874d5fceaf80ab8c11
2021-03-29 03:09:35 +00:00
Alexander Potapenko
3d52817da4 Selinux policy for bootreceiver tracing instance
Create contexts for /sys/kernel/tracing/instances/bootreceiver
Allow read access to files in this dir for system_server.

Bug: 172316664
Bug: 181778620
Test: manual runs with KFENCE enabled
Signed-off-by: Alexander Potapenko <glider@google.com>
Change-Id: I7021a9f32b1392b9afb77294a1fd0a1be232b1f2
2021-03-05 08:53:39 +01:00
Wonsik Kim
08a25e6709 Revert "Selinux policy for bootreceiver tracing instance"
Revert submission 1572240-kernel_bootreceiver

Reason for revert: DroidMonitor: Potential culprit for Bug 181778620 - verifying through Forrest before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted.
Reverted Changes:
Ic1c49a695:init.rc: set up a tracing instance for BootReceive...
I828666ec3:Selinux policy for bootreceiver tracing instance

Change-Id: I9a8da7ae501a4b7c3d6cb5bf365458cfd1bef906
2021-03-03 22:47:02 +00:00
Alexander Potapenko
31251aa6ec Selinux policy for bootreceiver tracing instance
Create contexts for /sys/kernel/tracing/instances/bootreceiver
Allow read access to files in this dir for system_server.

Bug: 172316664
Test: manual runs with KFENCE enabled
Signed-off-by: Alexander Potapenko <glider@google.com>
Change-Id: I828666ec3154aadf138cfa552832a66ad8f4a201
2021-03-02 16:53:12 +01:00
Devin Moore
840d4f3bf3 Add sepolicy for /proc/bootconfig
Vendor boot hal, init, and vold processes all require permission.

Test: build and boot aosp_cf_x86_64_phone
Bug: 173815685
Change-Id: I15692dcd39dfc9c3a3b7d8c12d03eff0a7c96f72
2021-02-23 07:42:06 -08:00
Kelvin Zhang
a1e58814a8 Add necessary sepolicy for update_engine to reserve space on data
Test: serve an OTA, make sure /data/apex/reserved is present
Bug: 172911822

Change-Id: I9f7967c9047ae834eb55a48d56ffc34a7b37f5db
2021-02-19 11:30:50 +00:00
Gavin Corkery
3bb3559e2e Merge "Add sepolicy for scheduling module data directories" 2021-02-18 20:51:51 +00:00
Gavin Corkery
cd3bb575ab Add sepolicy for scheduling module data directories
Test: Manually test writing and reading files
Bug: 161353402
Change-Id: Ifbc0e4db0ec51f6565a0f52df06b1d148577b788
2021-02-15 22:31:27 +00:00
Maciej Żenczykowski
d68cb48e90 apply 'fs_bpf_tethering' label to /sys/fs/bpf/tethering
We want to label /sys/fs/bpf/tethering/... with a new label distinct
from /sys/fs/bpf, as this will allow locking down the programs/maps
tighter then is currently possible with the existing system.

These programs and maps are provided via the tethering mainline module,
and as such their number, names, key/value types, etc. are all prone to
be changed by a tethering mainline module update.

Test: atest, TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ifc4108d76a1106a936b941a3dda1abc5a65c05b0
2021-02-11 17:45:06 -08:00
Hridya Valsaraju
2c3ef29ed5 Allow dumpsys to read total DMA-BUF heap pool size
These permissions are added to allow dumpsys to read
/sys/kernel/dma_heap/total_pools_kb.

Fixes the following sepolicy denials:
avc: denied { read } for name="total_pools_kb" dev="sysfs" ino=3252
scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
avc: denied { open } for path="/sys/kernel/dma_heap/total_pools_kb"
dev="sysfs" ino=3252 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs:s0
tclass=file permissive=1
avc: denied { getattr } for path="/sys/kernel/dma_heap/total_pools_kb"
dev="sysfs" ino=3252 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs:s0
tclass=file permissive=1

Bug: 167709539
Test: dumpsys meminfo
Change-Id: I1c15b41b067da84a7b629cafe27972f30c86ae27
2021-02-03 21:42:09 -08:00