Commit graph

22037 commits

Author SHA1 Message Date
Robert Shih
487411abab Merge "allow mediaserver to access drm hidl" 2019-11-26 01:36:00 +00:00
Roshan Pius
3fbdcd4380 sepolicy: Add entry for wifi apex mainline module
Bug: 144722612
Test: Device boots up & connects to wifi networks
Change-Id: If9207075b87dc938926c1fc1432d3b8fe481bc02
2019-11-25 20:51:50 +00:00
Robert Shih
cc8a4d3bf2 allow mediaserver to access drm hidl
Previously mediaserver could only access hidl via mediadrmserver.
Required because mediadrmserver will be removed in R.

Bug: 134787536
Bug: 144731879
Test: MediaPlayerDrmTest
Change-Id: If0ae1453251e88775a43750e24f7dac198294780
2019-11-25 11:24:44 -08:00
Ashwini Oruganti
8f079fb0e2 Merge "Create a separate SELinux domain for gmscore" 2019-11-25 16:59:10 +00:00
Dan Willemsen
1f944107a3 Fix sepolicy_tests on Mac 10.15
This is dlopened by sepolicy_tests, which uses embeds the python
interpreter built from our tree. That python interpreter links against
the shared version of libc++, so mixing it with this static copy was
causing segfaults on Mac 10.15 (but apparently not elsewhere).

Test: SANITIZE_HOST=address m treble_sepolicy_tests
Test: `m` on Mac 10.15
Change-Id: I31744acd018ea4c980c46a9979bbad17ae1c4f68
2019-11-23 17:45:01 -08:00
Martijn Coenen
d1460a1111 Merge changes Ide8fc07c,Ia1f51db4
* changes:
  Allow vold to mount on top of /data/media.
  Revert "Temporarily relax Zygote storage mounting rules."
2019-11-23 09:10:34 +00:00
Benedict Wong
bf76bf82e1 Merge "Add file_contexts for com.android.ipsec" 2019-11-23 03:45:53 +00:00
Jooyung Han
c9e73b87e2 Merge "Make file_contexts as "android:path" property" 2019-11-23 03:37:33 +00:00
Mathieu Chartier
c075ef38d4 Merge "Revert "Remove ability to set profilebootimage and profilesystemserver"" 2019-11-22 22:52:45 +00:00
Raman Tenneti
9f793aff87 Merge "Revert submission" 2019-11-22 21:17:29 +00:00
Raman Tenneti
baa06ee2cd Revert submission
Reason for revert: BUG: 145006573

Change-Id: I87f640383ab0fc4005ce31f938e81dcfa6572058
2019-11-22 21:07:49 +00:00
Tomasz Wasilczyk
eeb6279953 Merge "Vehicle HAL: allow communication with CAN bus HAL and alternative service naming" 2019-11-22 20:27:23 +00:00
Ashwini Oruganti
c46a7bc759 Create a separate SELinux domain for gmscore
This change creates a gmscore_app domain for gmscore. The domain is
currently in permissive mode (for userdebug and eng builds), while we
observe the SELinux denials generated and update the gmscore_app rules
accordingly.

Bug: 142672293
Test: Flashed a device with this build and verified
com.google.android.gms runs in the gmscore_app domain. Tested different
flows on the Play Store app, e.g., create a new account, log in, update
an app, etc. and verified no new denials were generated.
Change-Id: Ie5cb2026f1427a21f25fde7e5bd00d82e859f9f3
2019-11-22 10:39:19 -08:00
David Sehr
c0bb680fee Merge "SELinux policy for system server JVMTI property" 2019-11-22 18:36:20 +00:00
Martijn Coenen
313cff7687 Allow vold to mount on top of /data/media.
For performance reasons, we want to bind-mount parts of the lower
filesystem on top of /data/media.

Bug: 137890172
Test: No denials when mounting
Change-Id: Ide8fc07cdeb6a6816585af1582bee69bc68043af
2019-11-22 16:02:07 +01:00
Martijn Coenen
357eb193e9 Revert "Temporarily relax Zygote storage mounting rules."
This reverts commit 9f02b30a72.

This is no longer needed, because we never shipped app storage
sandboxes.

Bug: 130812417
Test: builds
Change-Id: Ia1f51db4904742d2ef15222f2350c67af0dd4a28
2019-11-22 16:02:07 +01:00
Ashwini Oruganti
a227509173 Merge "Update permissioncontroller_app domain rules" 2019-11-22 01:10:02 +00:00
David Sehr
38f6e59bd6 SELinux policy for system server JVMTI property
Add the SELinux policy to implement a no-write persistent property
controlling whether to launch a JVMTI agent in the system server.

Bug: none
Test: none (other than the neverallow)
Change-Id: Ic70ee5b05c5507b4159ef4c825a360be47bc02b0
2019-11-21 15:50:37 -08:00
Treehugger Robot
88554af5c0 Merge "Add Keymaster 4.1" 2019-11-21 22:41:49 +00:00
Treehugger Robot
b7098cb480 Merge "Revert "sepolicy: dontaudit cap_sys_admin on userdebug/eng"" 2019-11-21 22:27:37 +00:00
Ashwini Oruganti
5064189c23 Update permissioncontroller_app domain rules
This adds permissions for content_capture_service,
incidentcompanion_service, media_session_service, and telecom_service.
These were observed via sedenials on dogfood builds.

Bug: 142672293
Bug: 144677148
Test: Green builds, no more denials show up for these services.
Change-Id: Ifd93c54fb3ca3f0da781cd2038217a29e812a40f
2019-11-21 12:59:33 -08:00
Victor Hsieh
7a4064c5ee Revert "sepolicy: dontaudit cap_sys_admin on userdebug/eng"
Reason for revert: Kernel fix has been backported to coral kernel.

Bug: 132323675
Change-Id: Ie797e5cf212b15c6fff34d2a096ac96de31ce627
2019-11-21 18:37:52 +00:00
Ashwini Oruganti
288c14f137 PermissionController goes to the permissioncontroller_app domain
This change adds a rule for com.android.permissioncontroller to run in
the previously defined permissioncontroller_app.
com.android.permissioncontroller would require similar permissions to
com.google.android.permissioncontroller.

Bug: 142672293
Test: Green builds
Change-Id: I92e7175526380c0711f52fafe8d1f8d9531d07f8
2019-11-21 09:48:01 -08:00
Treehugger Robot
82eca37afa Merge "Revert "Don't run permissioncontroller_app in permissive mode"" 2019-11-21 04:18:39 +00:00
Ashwini Oruganti
6f795f3dc6 Revert "Don't run permissioncontroller_app in permissive mode"
This reverts commit 9076b9c541.

This is breaking incidentcompanion_service and preventing taking bug
reports from work profile.

Bug: 144677148
Bug: 142672293
Test: Green builds.
Change-Id: I7a82522a5bb21c05fbabd3f3f1c05d4a8c6ca8f4
2019-11-20 22:47:22 +00:00
Shawn Willden
10f0b53ef7 Add Keymaster 4.1
Bug: 140193672
Bug: 140192237
Bug: 140824829
Test: Manual boot test
Change-Id: Iccc8cc5e8fc7c9301478faa50d0e18fa917283fb
2019-11-20 12:14:36 -07:00
Nikita Ioffe
a0bba66aac Merge "Add selinux rules for userspace reboot related properties" 2019-11-20 13:04:16 +00:00
Jooyung Han
a9324749cc Make file_contexts as "android:path" property
Till now, file_contexts has been treated differently that other input
src files. Now it is tagged as `android:"path"` because it is.

Bug: 144732805
Test: m
Change-Id: I6b22a8d22417b75c5cb8cd3b2e534d67e958b074
2019-11-20 17:54:34 +09:00
Terry Wang
a7795f5e77 Merge "Add a new system service for app search management." 2019-11-19 22:06:20 +00:00
Nikita Ioffe
7065e46b5d Add selinux rules for userspace reboot related properties
By default sys.init.userspace_reboot.* properties are internal to
/system partition. Only exception is
sys.init.userspace_reboot.in_progress which signals to all native
services (including vendor ones) that userspace reboot is happening,
hence it should be a system_public_prop.

Only init should be allowed to set userspace reboot related properties.

Bug: 135984674
Test: builds
Test: adb reboot userspace
Change-Id: Ibb04965be2d5bf6e81b34569aaaa1014ff61e0d3
2019-11-19 17:41:28 +00:00
Mike Yu
f9f5b3c5eb Merge "Allow system server to dump netd stack traces" 2019-11-19 10:51:04 +00:00
Orion Hodson
abb7024a1e Merge "Add property contexts for dex2oat cpu-set properties" 2019-11-19 07:34:13 +00:00
Mike Yu
c205104505 Allow system server to dump netd stack traces
Bug: 144415436
Test: built, flashed, booted
      verified watchdog dumped netd stack traces during ANR

Change-Id: Ib013dd3b7e5a0fa1731559b9e056c74f30acd3cd
2019-11-19 14:55:00 +08:00
Terry Wang
9a2296252f Add a new system service for app search management.
This change app-search-service to sepolicy system service.

Bug: 142567528
Test: Manual
Change-Id: Ife7b09365d667da0ad370e586af828f8f4423660
2019-11-18 16:06:58 -08:00
Tianjie Xu
a54c82a1fc Merge "Add a new context for property ota.warm_reset" 2019-11-18 23:15:43 +00:00
Ilya Matyukhin
517fee8781 Merge "Add AuthService to sepolicy" 2019-11-18 20:45:38 +00:00
Ilya Matyukhin
d2309dafcb Add AuthService to sepolicy
AuthService is introduced in ag/9700446.

Bug: 141025588
Test: can successfully publish AuthService with publishBinderService(...)
Change-Id: I0f9fceac0c555d05a29467e4ab1380f389b60af4
2019-11-16 02:24:30 +00:00
Mathieu Chartier
7e5e99fcf8 Revert "Remove ability to set profilebootimage and profilesystemserver"
The ability to set these properties is required by the
profilebootclasspath Android products.

Also fixed renamed property.

Bug: 139883463
Test: manually verified

This reverts commit 3079462443.

Change-Id: I7e8fceb974f34ea584799dd3e458279adee53e11
2019-11-15 13:20:25 -08:00
Treehugger Robot
e2aabe5012 Merge "Add new time zone detection service" 2019-11-15 19:55:49 +00:00
Neil Fuller
dcda8d0bb7 Add new time zone detection service
Add entries necessary for the new time zone detection service.

Bug:140712361
Test: See related frameworks/base change
Change-Id: Ide4244104e2add843c1d699d528328dd71a6b525
2019-11-15 13:33:23 +00:00
Orion Hodson
7b2ee48cd2 Add property contexts for dex2oat cpu-set properties
New properties are:

 dalvik.vm.dex2oat-cpu-set [default compiler thread affinity]
 dalvik.vm.boot-dex2oat-cpu-set [compiler thread affinity for boot]
 dalvik.vm.image-dex2oat-cpu-set [thread affinity recompiling the boot image]

Bug: 141446571
Test: Run installd tests with new properties defined in target mk file.
Change-Id: Idcbb1332aa9c18f6082b827eae0334d063644a41
2019-11-15 13:18:18 +00:00
David Anderson
899d721779 Merge "Allow recovery and fastbootd to interact with libfiemap." 2019-11-15 04:27:59 +00:00
Treehugger Robot
a1f3cae304 Merge "sepolicy: Allow system_server to use execmem in emulator builds with software rendering." 2019-11-15 02:48:43 +00:00
Ashwini Oruganti
c77ff3727c Create a separate domain for VzwOmaTrigger
This creates a new vzwomatrigger_app domain. The domain is
currently in permissive mode (for userdebug and eng builds), while we
observe the SELinux denials generated and update permissions.
Bug: 142672293
Test: Build, flash, boot successfully

Change-Id: I552df772b66e8e7edb1ccee754d1ea8dd1acece0
2019-11-14 16:13:00 -08:00
Tianjie Xu
f5ddc0444b Add a new context for property ota.warm_reset
The property is set to inform kernel to do a warm_reset on the next
reboot. This is useful to persist the logs to debug device boot
failures. More details in http://go/rvc-ota-persist-logs.

The property is set to 1 by update_engine after an OTA. And it's set to
0 by update_verifier or vold after we mark the current slot boot
successful.
The property is read by vendor_init. And according to its value,
vendor_init writes a particular sysfs file to schedule a warm reset
on the following reboot.

Without the new context, the denial message says:
[   13.423163] audit: type=1107 audit(1746393.166:8): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc:  denied  { read } for property=ota.warm_reset pid=0 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0'
[   23.096497] init: Unable to set property 'OTA.warm_reset' from uid:0 gid:2001 pid:841: SELinux permission check failed
[   23.096574] type=1107 audit(1573768000.668:42): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=OTA.warm_reset pid=841 uid=0 gid=2001 scontext=u:r:update_verifier:s0 tcontext=u:object_r:default_prop:s0 tclass=property_service permissive=0'
[   23.108430] update_verifier: Failed to reset the warm reset flag

Bug: 143489994
Test: check the property can be set by update_engine, and read by vendor_init
Change-Id: I87c12a53a138b72ecfed3ab6a4d846c20f5a8484
2019-11-14 15:24:25 -08:00
Ashwini Oruganti
64e36cf38d Merge "Don't run permissioncontroller_app in permissive mode" 2019-11-14 23:09:41 +00:00
Nikita Ioffe
8a4805265b Allow apexd to be fork_execvp'ed from init during userspace reboot
Test: builds
Test: adb reboot userspace
Bug: 135984674
Change-Id: I089078232c40d533b712736b83a5ed757dde689e
2019-11-14 15:31:47 +00:00
David Anderson
b45bbe2e55 Allow recovery and fastbootd to interact with libfiemap.
In normal Android, libsnapshot interacts with libfiemap over binder (via
IGsid). There is no binder in recovery, so instead, we directly link to
the library and therefore need appropriate sepolicy changes.

Bug: 139154945
Test: no denials in recovery or fastbootd
Change-Id: I356d7b5b906ac198e6f32c4d0cdd206c97faeb84
2019-11-13 18:46:57 -08:00
Ashwini Oruganti
9076b9c541 Don't run permissioncontroller_app in permissive mode
Looking at go/sedenials, we're fairly confident that this domain has all
the necessary permissions. This change enforces all the defined rules
for the permissioncontroller_app domain and unsets the permissive mode.
Bug: 142672293
Test: Build successfully, flashed a phone and basic usage of Permission Manager seemed to work well.

Change-Id: I3fb9cfaa216ddbd865b56e72124374eb1c75dea8
2019-11-13 16:37:49 -08:00
Tri Vo
c03def15ed Merge "system_suspend: sysfs path resolution" 2019-11-13 00:25:26 +00:00