Commit graph

237 commits

Author SHA1 Message Date
Satoshi Niwa
4295510ad5 Set expandattribute false for property attributes in prebuilts am: fa3b250ad1 am: ae167c2105 am: 7c80be1c0e
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1435472

Change-Id: Ibbc11d08ad95664a3b89fd5a58fc88826cd54241
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-05-16 23:03:24 +00:00
Satoshi Niwa
7c80be1c0e Set expandattribute false for property attributes in prebuilts am: fa3b250ad1 am: ae167c2105
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1435472

Change-Id: I1664242c71d499e270da02c4dd70bc8b13029178
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-05-16 22:49:45 +00:00
Treehugger Robot
7e5a5e8b1f Merge "Remove compat test from treble sepolicy tests" am: 8e6b55a13d
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1985246

Change-Id: I9b7cb61dfb0dc823d39c8e35d1fff323675a835d
2022-02-17 01:46:44 +00:00
Inseob Kim
73f43ff847 Remove compat test from treble sepolicy tests
Treble sepolicy tests check whether previous versions are compatible to
ToT sepolicy or not. treble_sepolicy_tests_for_release.mk implements it,
but it also includes a compat test whether ToT sepolicy + {ver} mapping
+ {ver} plat_pub_versioned.cil can be built together or not. We
definitely need such tests, but we already have a test called "compat
test" which does exactly that, and testing it again with Treble sepolicy
tests is just redundant. The only difference between those two is that
Treble sepolicy tests can also test system_ext and product compat files,
which was contributed by a partner.

The ultimate goal here is to migrate *.mk to Soong, thus merging these
two tests (compat, Treble) into one. As we've already migrated the
compat test to Soong, this change removes the compat test part from
treble sepolicy tests. Instead, the compat test will be extended so it
can test system_ext and product compat files too.
prebuilts/api/{ver}/plat_pub_versioned.cil and
prebuilts/api/{ver}/vendor_sepolicy.cil are also removed as they aren't
used anymore: vendor_sepolicy.cil is an empty stub, and
plat_pub_versioned.cil can be built from the prebuilt source files.

Bug: 33691272
Test: m selinux_policy
Change-Id: I72f5ad0e8bbe6a7c0bbcc02f0f902b953df6ff1a
2022-02-16 04:09:29 +00:00
Gregory Montoir
2f2d4e9e9c Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} am: 1a6b37d838 am: ff22c64cbb am: 87d5e2ef90 am: 8554dcd97a
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16615268

Change-Id: Iea2cf75a2e875514756de5fd7ac2fce2dce531ec
2022-01-12 23:46:42 +00:00
Gregory Montoir
87d5e2ef90 Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} am: 1a6b37d838 am: ff22c64cbb
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16615268

Change-Id: Ied839549c500bfba3b46b2fc26e00baea7d2b11d
2022-01-12 23:15:02 +00:00
Gregory Montoir
ff22c64cbb Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} am: 1a6b37d838
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16615268

Change-Id: Ic7d459763baeaac4466ea599ff43176289d08203
2022-01-12 23:02:09 +00:00
Gregory Montoir
1a6b37d838 Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6}
File accesses go through com.android.ddmlib.SyncService for CTS
ListeningPortsTest.

Bug: 201645790
Test: atest ListeningPortsTest
Ignore-AOSP-First: Fix already in AOSP
Change-Id: I0c66fb5e35cda3b1799cf003402e454d7a951e96
2022-01-12 14:33:22 +00:00
Inseob Kim
9dc6d70044 Remove 26.0 and 27.0 compat support
Treble doesn't support T system + O vendor, so removing 26.0 (N) and
27.0 (O) prebuilts and compat files.

Bug: 207815515
Test: build
Change-Id: I98d5972221a8e77f3c45fc48ff50bb2b8eb94275
2021-12-02 10:22:10 +09:00
Satoshi Niwa
ae167c2105 Set expandattribute false for property attributes in prebuilts am: fa3b250ad1
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1435472

Change-Id: I09d504f312e95a63434c68211f5dd830b6b22f1a
2021-10-08 17:12:46 +00:00
Bill Yi
82fd149648 Merge RQ3A.210905.001 to aosp-master - DO NOT MERGE
Merged-In: I637157e5836746048bc597ccc97ad5cb506bf561
Merged-In: I7666150b5e36ef12e4bb4cc0d27bc48dc8bd8449
Merged-In: I7666150b5e36ef12e4bb4cc0d27bc48dc8bd8449
Change-Id: I5e73ddfc69c46aed26cb2a28533d2210c000c635
2021-09-08 17:57:11 -07:00
Jeff Vander Stoep
972b000898 system_app: remove adb data loader permissions
Per schfan@ these are no longer needed.

Test: build
Bug: 188554048
Change-Id: Idda1d9775fdd38cbd53c3652b567ddfc5beca0a6
(cherry picked from commit 07aee66679)
Ignore-AOSP-First: It was submitted in aosp first.
(cherry picked from commit 16b7d5d829)
2021-06-30 23:59:40 +00:00
Jeff Vander Stoep
c493691bac system_app: remove adb data loader permissions am: 16b7d5d829 am: d775d04e7e
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/14881537

Change-Id: I32ce439f2aac808a2510673c56c034828ee52f90
2021-06-30 17:24:00 +00:00
Jeff Vander Stoep
d775d04e7e system_app: remove adb data loader permissions am: 16b7d5d829
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/14881537

Change-Id: I9899465b81011dbbec2a468111ad6ab8b357f081
2021-06-30 17:12:51 +00:00
Jeff Vander Stoep
16b7d5d829 system_app: remove adb data loader permissions
Per schfan@ these are no longer needed.

Test: build
Bug: 188554048
Change-Id: Idda1d9775fdd38cbd53c3652b567ddfc5beca0a6
(cherry picked from commit 07aee66679)
Ignore-AOSP-First: It was submitted in aosp first.
2021-06-08 18:48:36 +00:00
Martin Liu
03ebaec971 Add lmkd. ro.lmk.thrashing_limit_critical property policies
Add policies to control ro.lmk.thrashing_limit_critical lmkd property.

Bug: 181778155
Signed-off-by: Martin Liu <liumartin@google.com>
Merged-In: I25eeb84e6e073510e2f516fd38b80c67afe26917
Change-Id: I25eeb84e6e073510e2f516fd38b80c67afe26917
2021-04-07 14:09:44 +08:00
Elliott Hughes
a9bbfd600d Allow priv_app system_linker_exec:file execute_no_trans am: 970a8fcd2b
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/14066480

Change-Id: I96dfd23c1581fda7a59d331929a46a62b16fd6b5
2021-04-06 16:49:18 +00:00
Elliott Hughes
970a8fcd2b Allow priv_app system_linker_exec:file execute_no_trans
Chrome Crashpad uses the the dynamic linker to load native executables
from an APK (b/112050209, crbug.com/928422)

We made the equivalent change to untrusted_app_all in
9ea8c0701d but webview also runs in
priv_app contexts.

(Cherry-pick of 25cb9046ef, with manual
update to the prebuilts.)

Bug: http://b/112050209
Test: treehugger
Change-Id: I19bbadc7f9c9e668e2c6d932c7da24f18e7731bd
2021-04-06 15:57:58 +00:00
Josh Gao
e12aec6388 Let adbd set service.adb.tcp.port.
Commit 67c36884 changed the label of service.adb.tcp.port to allow
vendor init to set it, but accidentally prevented adbd from setting it,
which broke `adb tcpip`.

Bug: 171280882
Bug: 183177056
Test: `adb tcpip`
Change-Id: Ifeeda5c4f06451158fc7e43ca23f580092008fe7
Merged-In: Ifeeda5c4f06451158fc7e43ca23f580092008fe7
Merged-In: I154e2f43a4d3b72b27508ce02d66298673939738
(cherry picked from commit 0cac6fd17a)
(cherry picked from commit f08778d513b69bd9966d04dd1c874b1bede93289)
2021-03-24 21:03:17 +08:00
Hongguang Chen
04fb7a6d67 Allow vendor_init to set service.adb.tcp.port
adbd and apps (SystemUI and CTS test apps) need to read it.

BUG: 162205386
BUG: 183177056
Test: Connect to device which sets service.adb.tcp.port in vendor
      partition through TCP adb.

Change-Id: Ia37dd0dd3239381feb2a4484179a0c7847166b29
Merged-In: Ia37dd0dd3239381feb2a4484179a0c7847166b29
(cherry picked from commit 67c3688497)
(cherry picked from commit 9271a3ee8aa4174a78c681e79883627bce918b4a)
2021-03-24 19:15:06 +08:00
Karthik Ramakrishnan
e9b2199b15 Fix sepolicy to netd.
Allow netd to get adb port from property service.adb.tcp.port

Bug: b/161861298
Bug: b/183177056
Test: atest android.net.cts.Ikev2VpnTest#testStartStopVpnProfileV4

Change-Id: I05ce21683b01cf05a16b9fb30030cf4fc879fb20
Merged-In: I05ce21683b01cf05a16b9fb30030cf4fc879fb20
(cherry picked from commit d3e8f6fc84)
(cherry picked from commit 540474bbe4525cb8d44c8e47548f42b5a5daa613)
2021-03-24 19:04:33 +08:00
Marco Ballesio
99a51b23b1 sepolicy: allow system_server to read /proc/locks
Access to /proc/locks is necessary to activity manager to determine
wheter a process holds a lock or not prior freezing it.

Test: verified access of /proc/locks while testing other CLs in the same
topic.
Bug: 176928302

Change-Id: I14a65da126ff26c6528edae137d3ee85d3611509
Merged-In: I14a65da126ff26c6528edae137d3ee85d3611509
2021-01-21 00:10:56 +00:00
Yurii Zubrytskyi
80dfa06984 IncFS: update SE policies for the new API
IncFS in S adds a bunch of new ioctls, and requires the users
to read its features in sysfs directory. This change adds
all the features, maps them into the processes that need to
call into them, and allows any incfs user to query the features

Bug: 170231230
Test: incremental unit tests
Change-Id: Ieea6dca38ae9829230bc17d0c73f50c93c407d35
2021-01-19 12:57:15 -08:00
Shafik Nassar
ffea11d09b Allow MediaProvider to binder call into statsd
Adds sepolicy rules to allow MediaProvider to make binder calls into
statsd. That's to allow MediaProvider to register a StatsCallbackPuller
for metrics.

Bug: 149669087

Merged-In: I9a13fc04c12557a0435724cfae04f752f856a06e

Change-Id: Ifcf06b58596c3e8a8738f758506d003ca3878437
(cherry picked from commit 736566db66)
2021-01-13 12:11:51 +00:00
Treehugger Robot
66ed360b5e Merge "Update 30.0 prebuilts to latest rvc-dev policy" am: 34d974838e
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1521437

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I49504f4d757ff4449cf7940f743687d2b2a86e84
2020-12-09 16:45:03 +00:00
Inseob Kim
3b8b4251b7 Update 30.0 prebuilts to latest rvc-dev policy
For whatever reason, system/sepolicy/prebuilts/api/30.0 and rvc-dev's
system/sepolicy differ a little. This makes 30.0 prebuilts up-to-date
and also updates plat_pub_versioned.cil, built from aosp_arm64-eng
target on rvc-dev branch.

Bug: 168159977
Test: m selinux_policy
Change-Id: I03e8a40bf021966c32f0926972cc2a483458ce5b
2020-12-09 20:44:38 +09:00
Xin Li
8d50c1aec5 Merge rvc-qpr-dev-plus-aosp-without-vendor@6881855
Bug: 172690556
Merged-In: Idbcb6bf897fd6aa54b3ba9cafa63f35c9369de3b
Change-Id: Iece36c90c316dab58687e54bb93d6810454d9822
2020-12-02 00:11:27 -08:00
martinwu
c366ba73c6 Fix TH build error because of file.te
Add proc_net rules into prebuilts/api/30.0/public/file.te to fix build
errors

After applying AOSP/1468206, TH complains a build error:
Files system/sepolicy/prebuilts/api/30.0/public/file.te and
system/sepolicy/public/file.te differ

Bug: 145579144
Bug: 170265025
Test: build pass and reboot to check avc message in bugreport
Change-Id: I2085366b345c044e1b69f726809100fa43336c34
2020-10-26 11:09:23 +08:00
Primiano Tucci
5d026b3152 Keep AOSP sepolicy up to date with internal master
This re-alignes aosp and internal master to avoid
conflicts when uploading CLs upstream.

Bug: 170126760
Change-Id: I9c087e70998cd529b71dec7428641c4bfef10d31
2020-10-13 18:52:25 +00:00
Adam Shih
e712c3db12 Suppress errors that are not needed
The purpose of misc_writer is to write misc partition. However,
when it includes libfstab, it will probe files like kernal command
line (proc/cmdline) and metadata, which are permissions it does not
need.

Bug: 170189742
Test: Boot under permissive mode and find the errors gone.
Change-Id: Icda3200660a3bee5cadb6f5e0026fa71941ae5dc
2020-10-07 08:52:51 +00:00
Satoshi Niwa
fa3b250ad1 Set expandattribute false for property attributes in prebuilts
To prevent these from being optimized away.

(Follow-up CL for aosp/1427751 )

Bug: 161083890
Test: atest CtsSecurityHostTestCases
Change-Id: I11669b1643671f386c53136de0b7adea2b43bc28
2020-09-24 10:43:09 +09:00
Marco Ballesio
63322ae7e6 sepolicy: allow system server for BINDER_GET_FROZEN_INFO
the new ioctl allows system server to verfiry the state of a frozen
binder inderface before unfreezing a process.

Bug: 143717177
Test: verified ActivityManager could access the ioctl
Change-Id: Id9d90d072ce997ed20faa918ec68f1110e2bac8f
Merged-In: Id9d90d072ce997ed20faa918ec68f1110e2bac8f
2020-09-11 15:35:06 -07:00
Marco Ballesio
6ee8dcd172 Merge "sepolicy: restrict BINDER_FREEZE to system_server" into rvc-qpr-dev 2020-09-09 18:48:58 +00:00
Alex Hong
a59853f652 Merge "Add the missing labels for dalvik properties" into rvc-qpr-dev 2020-09-07 03:14:39 +00:00
Marco Ballesio
b88423d591 sepolicy: restrict BINDER_FREEZE to system_server
BINDER_FREEZE is used to block ipc transactions to frozen processes, so
only system_server must be allowed to use it.

Bug: 143717177
Test: manually verified that attempts to use BINDER_FREEZE by processes other
than system_server receive a sepolicy denial
Test: verified that system_server can enable/disable the freezer in
binder

Change-Id: I0fae3585c6ec409809e8085c1cc9862be4755889
Merged-In: I0fae3585c6ec409809e8085c1cc9862be4755889
2020-09-03 14:00:37 -07:00
Calin Juravle
623f3f5cef Fix sepolicy for secondary dex files
dexoptanalyzer need read access on the secondary
dex files and of the main apk files in order to successfully evaluate
and optimize them.

Example of denial:
audit(0.0:30): avc: denied { read } for
path="/data/app/~~Zux_isdY0NBkRWPp01oAVg==/com.example.secondaryrepro-wH9zezMSCzIjcKdIMtrw7A==/base.apk"
dev="vdc" ino=40966 scontext=u:r:dexoptanalyzer:s0
tcontext=u:object_r:apk_data_file:s0 tclass=file permissive=0
app=com.example.secondaryrepro

Test: adb shell cmd package compile -r bg-dexopt --secondary-dex app
Bug: 160471235
Bug: 160351055
Merged-In: Id0bda5237d3ce1620d4f6ee89595836b4e1f3abf
Change-Id: Id0bda5237d3ce1620d4f6ee89595836b4e1f3abf
(cherry picked from commit 0bee120900)
2020-09-03 17:55:59 +00:00
Xin Li
11da9e6792 Merge Android R (rvc-dev-plus-aosp-without-vendor@6692709)
Bug: 166295507
Merged-In: I6d0b1be1a46288fff42c3689dbef2f7443efebcc
Change-Id: I133180d20457b9f805f3da0915e2cf6e48229132
2020-08-29 01:45:24 -07:00
Marco Ballesio
e756e983bb sepolicy: rename cgroup_v2 back to cgroup_bpf
The type name change from cgroup_bpf into cgroup_v2 caused
http://b/166064067. Rename back to cgroup_bpf.

Bug: 166064067
Test: compiled and booted on a sunfish. Manually tested network and app
freezer

Change-Id: Ib39eb104e73d6dca3b1f61b108a3deeea31ff880
Merged-In: Idfb3f6e77b60dad032d1e306d2f9b58cd5775960
2020-08-27 11:24:36 -07:00
Alex Hong
062ea395c3 Add the missing labels for dalvik properties
Conflicts:
        public/property_contexts

Bug: 162791243
Bug: 159833646
Test: Flash SELinux modules and the device can boot to home
      $ adb shell getprop -Z | grep dalvik
      [dalvik.vm.restore-dex2oat-cpu-set]: [u:object_r:exported_dalvik_prop:s0]
      [dalvik.vm.restore-dex2oat-threads]: [u:object_r:exported_dalvik_prop:s0]
Change-Id: Ie73dc57c714a37b778cebc4d41bee27a8e925396
2020-08-27 11:25:56 +08:00
Alex Hong
a33ac30dd3 Add the missing labels for dalvik properties
Bug: 162791243
Bug: 159833646
Test: Flash SELinux modules and the device can boot to home
      $ adb shell getprop -Z | grep dalvik
      [dalvik.vm.restore-dex2oat-cpu-set]: [u:object_r:exported_dalvik_prop:s0]
      [dalvik.vm.restore-dex2oat-threads]: [u:object_r:exported_dalvik_prop:s0]
Change-Id: Ie73dc57c714a37b778cebc4d41bee27a8e925396
Merged-In: Ie73dc57c714a37b778cebc4d41bee27a8e925396
2020-08-27 11:15:52 +08:00
Marco Ballesio
de065facd8 sepolicy: allow system_server to write to cgroup_v2
During boot, system_server will need to write to files under
/sys/fs/cgroup/freezer. Change the cgroup_v2 policy to allow this
operation.

Test: booted device with change, verified that files are properly
accessed.
Bug: 154548692

Change-Id: I2ccc112c8870129cb1b8312023b54268312efcca
Merged-In: I2ccc112c8870129cb1b8312023b54268312efcca
2020-08-26 01:14:35 +00:00
Songchun Fan
b82924d490 Merge "[selinux] allow system_server to call INCFS_IOC_GET_FILLED_BLOCKS ioctl" am: 1d4f2221cd am: 8af2dcd05c am: 1a87c9862a am: 51b516a6f6
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1404978

Change-Id: Icc14c9e72dd276696363795c93405260f4389342
2020-08-20 18:16:24 +00:00
Songchun Fan
1a87c9862a Merge "[selinux] allow system_server to call INCFS_IOC_GET_FILLED_BLOCKS ioctl" am: 1d4f2221cd am: 8af2dcd05c
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1404978

Change-Id: Ibbdff0c532a6c9da88005059e87e75e467cf03f7
2020-08-20 17:41:07 +00:00
Songchun Fan
1d4f2221cd Merge "[selinux] allow system_server to call INCFS_IOC_GET_FILLED_BLOCKS ioctl" 2020-08-20 17:07:40 +00:00
Songchun Fan
4be0afbfb7 [selinux] allow system_server to call INCFS_IOC_GET_FILLED_BLOCKS ioctl
This allows Incremental Service (part of system_server) to query the
filled blocks of files on Incremental File System.

Test: atest service.incremental_test
BUG: 165799231
Change-Id: Id63f8f325d92fef978a1ad75bd6eaa8aa5e9e68b
2020-08-20 16:00:00 +00:00
JaeMan
f1ecf7a9e5 Add ro.vendor.build.version.sdk to property_contexts am: 15f64fc5f8 am: 38e0d2c778 am: a93831de1c
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/12326247

Change-Id: I063a96c8571acc051e3e66e8c6851fa4a186e7e0
2020-08-20 00:45:38 +00:00
JaeMan
a93831de1c Add ro.vendor.build.version.sdk to property_contexts am: 15f64fc5f8 am: 38e0d2c778
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/12326247

Change-Id: I38608caefe05f7b58589d4efe62db49743337905
2020-08-20 00:33:23 +00:00
Marco Ballesio
8f6b03cae7 sepolicy support for cgroup v2
cgroup v2 is going to be used for freezer v2 support. The cgroup v2 hiearchy
will be mounted by init under /sys/fs/cgroup hence proper access rights
are necessary for sysfs. After mounting, the cgroup v2 kernfs will use
the label cgroup_v2 and system_manager will handle the freezer

Bug: 154548692
Test: verified that the freezer works as expected after applying this patch

Change-Id: Idfb3f6e77b60dad032d1e306d2f9b58cd5775960
Merged-In: Idfb3f6e77b60dad032d1e306d2f9b58cd5775960
2020-08-17 12:10:57 -07:00
Yiming Jing
202b3463c0 Merge "Merge "Allow dumpstate to dump auto hal servers" am: 142d16a964 am: ce2c6fd783 am: 828a7bad6e am: a71f8aec29" into rvc-qpr-dev 2020-08-12 23:53:55 +00:00
Martijn Coenen
bdcfad55c8 Merge "Add policy for LOOP_CONFIGURE ioctl." am: cdecd3ca4c am: df9dc40e9b
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1396648

Change-Id: I7f47e60c627b4638fab773eb2f838dc6c3531298
2020-08-12 07:16:40 +00:00