Create a new label for /data/system/dropbox, and neverallow direct
access to anything other than init and system_server.
While all apps may write to the dropbox service, only apps with
android.permission.READ_LOGS, a signature|privileged|development
permission, may read them. Grant access to priv_app, system_app,
and platform_app, and neverallow access to all untrusted_apps.
Bug: 31681871
Test: atest CtsStatsdHostTestCases
Test: atest DropBoxTest
Test: atest ErrorsTests
Change-Id: Ice302b74b13c4d66e07b069c1cdac55954d9f5df
The out-of-tree keychord driver is only intended for use by init.
Test: build
Bug: 64114943
Bug: 78174219
Change-Id: I96a7fbcd9a54a38625063606f5c4ab6d40d701f6
This reverts commit 12e73685b7.
Reason for revert: Rolling original change forward again, more carefully.
Change-Id: I266b181915c829d743c6d8d0b8c0d70b6bf3d620
After adding a new user, deleting it, and rebooting, some of the user's data still remained. This adds the SELinux permissions necessary to remove all of the data. It fixes the followign denials:
avc: denied { rmdir } for scontext=u:r:vold_prepare_subdirs:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir
avc: denied { unlink } for scontext=u:r:vold_prepare_subdirs:s0 tcontext=u:object_r:system_data_file:s0 tclass=file
Bug: 74866238
Test: Create user, delete user, reboot user, see no denials or
leftover data.
Change-Id: Ibc43bd2552b388a9708bf781b5ad206f21df62dc
Bug: 74114758
Test: Checked radio-service and sap-service is on the lshal after running the service
Change-Id: I1b18711286e000a7d17664e7d3a2045aeeb8c285
Merged-In: I1b18711286e000a7d17664e7d3a2045aeeb8c285
(cherry picked from commit 64839e874b)
This adds numerous bug_map entries to try to annotate all denials
we've seen.
Bug: 78117980
Test: Build
Change-Id: I1da0690e0b4b0a44d673a54123a0b49a0d115a49
dumpstate needs to read all the system properties for debugging.
Bug: 77277669
Test: succeeded building and tested with taimen
Change-Id: I3603854b3be67d4fc55d74f7925a21bfa59c81ee
Allow lmkd read access to /proc/meminfo for retrieving information
on memory state.
Change-Id: I7cf685813a5a49893c8f9a6ac4b5f6619f3c18aa
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Tombstoned unlinks "trace_XX" files if there are too many of them.
avc: denied { unlink } for comm="tombstoned" name="trace_12"
scontext=u:r:tombstoned:s0 tcontext=u:object_r:anr_data_file:s0
tclass=file
Bug: 77970585
Test: Build/boot taimen. adb root; sigquit an app.
Change-Id: I2c7cf81a837d82c4960c4c666b38cd910885d78d
We're adding support for OEMs to ship exFAT, which behaves identical
to vfat. Some rules have been manually enumerating labels related
to these "public" volumes, so unify them all behind "sdcard_type".
Test: atest
Bug: 67822822
Change-Id: I09157fd1fc666ec5d98082c6e2cefce7c8d3ae56
Vendors may use this to write custom messages to their bootloader, and
as the bootloader is under vendor control, this makes sense to allow.
Bug: 77881566
Test: build
Change-Id: I78f80400e5f386cad1327a9209ee1afc8e334e56
Values of the following properties are set by SoC vendors on some
devices including Pixels.
- persist.bluetooth.a2dp_offload.cap
- persist.bluetooth.a2dp_offload.enable
- persist.vendor.bluetooth.a2dp_offload.enable
- ro.bt.bdaddr_path
- wlan.driver.status
So they should be whitelisted for compatibility.
Bug: 77633703
Test: succeeded building and tested with Pixels
Change-Id: Ib2b81bcc1fd70ddd571dc7fb2b923b576d62b7d5
Statsd monitors battery capacity, which requires calls to the health
hal.
Fixes: 77923174
Bug: 77916472
Test: run cts-dev -m CtsStatsdHostTestCases -t android.cts.statsd.atom.HostAtomTests#testFullBatteryCapacity
Change-Id: I2d6685d4b91d8fbc7422dfdd0b6ed96bbddc0886
We often see the following denials:
avc: denied { sys_rawio } for comm="update_engine" capability=17 scontext=u:r:update_engine:s0 tcontext=u:r:update_engine:s0 tclass=capability permissive=0
avc: denied { sys_rawio } for comm="boot@1.0-servic" capability=17 scontext=u:r:hal_bootctl_default:s0 tcontext=u:r:hal_bootctl_default:s0 tclass=capability permissive=0
These are benign, so we are hiding them.
Bug: 37778617
Test: Boot device.
Change-Id: Iac196653933d79aa9cdeef7670076f0efc97b44a
Without this, we only have visibility into writes.
Looking at traces, we realised for many of the files we care about (.dex, .apk)
most filesystem events are actually reads.
See aosp/661782 for matching filesystem permission change.
Bug: 73625480
Change-Id: I6ec71d82fad8f4679c7b7d38e3cb90aff0b9e298
We have seen crash_dump denials for radio_data_file,
shared_relro_file, shell_data_file, and vendor_app_file. This commit
widens an existing dontaudit to include them as well as others that we
might see.
Test: Boot device.
Change-Id: I9ad2a2dafa8e73b13c08d0cc6886274a7c0e3bac
This will allow adb shell getprop ro.vendor.build.security_patch to
properly return the correct build property, whereas previously it was
offlimits due to lack of label.
Test: adb shell getprop ro.vendor.build.security_patch successfully
returns whatever VENDOR_SECURITY_PATCH is defined to be in the Android
.mk files
Change-Id: Ie8427738125fc7f909ad8d51e4b76558f5544d49
This reverts commit db83323a03.
Reason for revert: breaks some builds due to duplicate genfs entries
Change-Id: I47813bd84ff10074a32cf483501a9337f556e92a
