This is the common type for domains that executes charger's
functionalities, including setting and getting necessary properties,
permissions to maintain the health loop, writing to kernel log, handling
inputs and drawing screens, etc.
Permissions specific to the system charger is not moved.
Also enforce stricter neverallow rules on charger_{status,config}_prop.
For charger_config_prop, only init / vendor_init can set.
For charger_status_prop, only init / vendor_init / charger / health HAL
can set.
For both, only init / vendor_init / charger / dumpstate / health HAL
can get.
(Health HAL is determined by the intersection of charger_type and
hal_health_server.)
A follow up CL will be added to add charger_type to hal_health_default,
the default domain for health HAL servers. Vendors may add charger_type
to their domains that serves the health AIDL HAL as well.
Test: manual
Bug: 203246116
Change-Id: I0e99b6b68d381b7f73306d93ee4f8c5c8abdf026
Some devices might have the ODM partition so set those properties
as well.
Bug: 203720638
Test: Presubmit
Change-Id: I50ee65e21c471f0691f4c1dfc93be8eb1677ad1b
Move type to public so that it can be vendor customized. This
can be necessary if (for example) the gralloc/gpu same-process-HAL
requires additional permissions.
Bug: 199581284
Test: build
Change-Id: I61a5a3ad96112d4293fd4bf6d55f939c974643ce
Revert "Remove the bdev_type and sysfs_block_type SELinux attributes"
Revert "Remove the bdev_type and sysfs_block_type SELinux attributes"
Revert submission 1850578-remove-selinux-bdev-type
Reason for revert: DroidMonitor-triggered revert due to breakage, bug b/203480787
BUG: 203480787
Reverted Changes:
I263bce9c4:Remove the bdev_type and sysfs_block_type SELinux ...
Ibc9039f96:Revert "Add the 'bdev_type' attribute to all block...
Ic6ae83576:Remove the bdev_type and sysfs_block_type SELinux ...
Ie493022a8:Remove the bdev_type and sysfs_block_type SELinux ...
I1f1ca439b:Revert "Add the 'bdev_type' attribute to all block...
I283f8676b:Revert "Add the 'bdev_type' attribute to all block...
I7c5c242c5:Revert "Add the 'bdev_type' attribute to all block...
Id78d8f7dc:Remove the bdev_type and sysfs_block_type SELinux ...
I9c4b2c48b:Remove the bdev_type and sysfs_block_type SELinux ...
I51e9d384a:Remove the bdev_type and sysfs_block_type SELinux ...
I2c414de3b:Remove the sysfs_block_type SELinux attribute
Change-Id: I55609803d530772d507d9dca8ba202a96daf24b7
Some permissions used to make denials, but it seems that it's not the
case anymore.
Bug: 195751698
Test: atest MicrodroidHostTestCases
Change-Id: I3329bb9a6d4d17dc49a2469bae2cf17e6f0e49a9
The existing host-side tests for virtualizationservice will be migrated
to device tests. In order for the self-instrumented test apks be able to
talk to the service, re-introduce the allow rule only for the
non-production builds.
Note that the access to the service is still guarded with the app
permission whose protection level now has the 'development' bit. So,
ordinary apks that are not testing-purpose (i.e. no
android:testOnly="true") can't use the service.
Bug: 203483081
Test: run MicrodroidDemoApp
Change-Id: Ia441fc5ca0a1f076d2e267a26e0df7c11730ec94
Remove these SELinux attributes since adding these attributes introduces
a depencency from vendor SELinux policies on the generic SELinux policy,
something that is not allowed. This patch includes a revert of commit
8b2b951349 ("Restore permission for shell to list /sys/class/block").
That commit is no longer necessary since it was a bug fix for the
introduction of the sysfs_block type.
Bug: 202520796
Test: source build/envsetup.sh && lunch aosp_x86_64 && m && launch_cvd
Change-Id: Ic6ae835768212648ca09fd5c83c39180103c3b1b
Signed-off-by: Bart Van Assche <bvanassche@google.com>
Bug: 199200417
Test: Build cuttlefish with an 'android'-targeting RRO in a
vendor APEX. Observe no SELinux errors.
Change-Id: I4c73cb6d98b70282e10354d2596b261bd7c409db
repack_bootimg can use the userdebug_plat_sepolicy.cil artifact to
prepare a debuggable boot image for VTS testing.
(TODO in follow-up) The eliminates the need for GSI
boot-with-debug-ramdisk-*.img, and we can skip building them to
conserve build resources.
Bug: 202129499
Test: m out/target/product/generic_arm64/userdebug_plat_sepolicy.cil
Test: Check presubmit artifacts include userdebug_plat_sepolicy.cil
Change-Id: I7629e462d4febd05ebe8a89a7bc00e8724dcb4a4
Checkin apps use /data/misc_ce/<id>/checkin to backup the checkin
metadata. So users won't lose the checkin tokens when they clear
the app's storage.
One example is when GMScore is used for checkin, users may clear
GMScore data via "settings". If the device accidentally loses the
token without backup, it won't be able to checkin again until
factory reset.
The contents in checkin dir will be cleaned up when a user is removed
from the device. We also plan to add Gmscore test to ensure the dir
is cleaned up at checkin time, thus prevent other Gmscore modules
from using this storage by mistake.
Bug: 197636740
Test: boot device, check selinux label, check gmscore writes to the new dir
Change-Id: If3ff5e0fb75b4d49ce80d91b0086b58db002e4fb
This reverts commit f20fea50f1.
Reason for revert: unbreak the git_sc-v2-dev-plus-aosp tests
Bug: 202879263
Change-Id: I79245afb4ba7f5be8ee46f2e91921a7327b650c5
We are no longer reading the ashmem size on every transaction.
Fixes: 195752513
Test: atest ComposHostTestCases (no denial logs)
Change-Id: If27c2b1d0efdccf30bc8c09e1004feb789e2425d
Stop using these attributes since these will be removed soon.
Bug: 202520796
Test: source build/envsetup.sh && lunch aosp_x86_64 && m && launch_cvd
Change-Id: I61dffb482f4e952299156f34be642ae52fcbfeb3
Signed-off-by: Bart Van Assche <bvanassche@google.com>
Although there has been a plan to add code to the init process that
requires access to block device properties, that plan has not been
realized. Hence stop granting the init process access to block device
properties
Bug: 202520796
Test: source build/envsetup.sh && lunch aosp_x86_64 && m && launch_cvd
Change-Id: I0ed83bd533a901f85986d15f636c9b3f39fec271
Signed-off-by: Bart Van Assche <bvanassche@google.com>
