This change gives a new type (dalvik_dynamic_config_prop) to some ART
properties such as dalvik.vm.dex2oat-cpu-set and adds a new rule to
allow system server to set them.
Bug: 274530433
Test: Locally added some code to set those properties and saw it being
successfull.
Change-Id: Ie28602e9039b7647656594ce5c184d29778fa089
We still had policy for devices which do not currently exist in
Microdroid. Remove the unused types and all references to them in the
policy, since they have no effect and just bloat the policy.
While I'm here, delete all the bug_map entries. We don't use the
bug_map in Microdroid, and this is just an outdated snapshot from host
policy.
Bug: 274752167
Test: atest MicrodroidTests
Test: composd-cmd test-compile
Change-Id: I3ab90f8e3517c41eff0052a0c8f6610fa35ccdcb
Note: this is a somewhat minimal set of rules required to be able to
capture traces on Microdroid. After the trace is captured I still see a
bunch of SELinux denials. We might need to add more allow rules in the
follow up changes.
Bug: 249050813
Test: boot Microdroid VM, capture traces with record_android_traces
Change-Id: I62098fb79a8db65706a5bb28c8acce7ff3821f15
Change1# Add property export_tombstones.enabled - This is set by
microdroid_manager to indicate that tombstones in Microdroid be exported
out to host. This read by crash_dump (specifically tombstone_handler).
Change2# allow crash_dump to create/connect/write on vsock.
Change3# Deleting rules/domain related to tombstoned &
tombstone_transmit in Microdroid.
Test: atest MicrodroidHostTests#testTombstonesAreGeneratedUponUserspaceCrash
Test: Look for selinux denials in log
Bug: 243494912
Change-Id: Ibd607eb11202d492bcb0c4ba40a6888683420fb9
Nothing in Microdroid uses tcp/udp/rawip sockets. Removing netdomain
attribute for the capability. Note that some processes can use
networking via vsock.
Bug: N/A
Test: watch TH
Change-Id: Id10861d0520770578503dd93b0c72c3d6be993e8
In Android, adb root is disabled at build-time by not compiling
sepolicies which allows adbd to run in the `su` domain.
However in Microdroid, adb root should be supported even on user builds
because fully-debuggable VMs can be started and adb root is expected
there. Note that adb root is still not supported in non-debuggable VMs
by not starting it at all.
This change removes `userdebug_or_end` conditions from the policies for
adb root. In addition, the `su` domain where adbd runs when rooted is
explicitly marked as a permissive domain allowed.
Bug: 259729287
Test: build a user variant, run fully debuggable microdroid VM. adb root
works there.
Test: run non-debuggable microdroid VM. adb shell (not even adb root)
doesn't work.
Change-Id: I8bb40b7472dcda6619a587e832e22d3cb290c6b9
Microdroid doesn't have the executable `su`. Removing su_exec and any
reference to it.
Bug: N/A
Test: run Microdroid instance and adb root works.
Change-Id: If6c356acbf85ba20a1face3e29e4cb38d002ea06
Add a new selinux context: microdroid_lifecycle_prop for properties like
microdroid_manager.init_done. Also adding neverallow rule to not let
anyone other than init & microdroid_manager set it.
Bug: 260713790
Test: Builds
Change-Id: I81470ce596cfe5870b6777b6ae6fde3a0dc486d1
The binder_device in microdroid has been removed in aosp/2310572.
Bug: 222479468
Test: atest MicrodroidTests MicrodroidHostTests
Change-Id: Ie87e3b5ca1afc4046d5b35cba5fc2f99bbc09f43
As service_manager has been removed in microdroid.
Bug: 257260848
Test: atest MicrodroidTests MicrodroidHostTests
Change-Id: I05b3366a14ecd8d6aabfff5eca9b6fbf804dc97a
The binderfs in microdroid has been removed in aosp/2310572.
Bug: 222479468
Test: atest MicrodroidTests MicrodroidHostTests
Change-Id: I757ae39ebc841e8bb23300c4f65a3646ad8031fb
As servicemanager is removed from microdroid.
Bug: 222479468
Test: atest MicrodroidTests MicrodroidHostTests
Change-Id: Ie39e4b214f297258f3dceecc11fa3d8289af3be4
Since the microdroid.servicemanager has been removed.
Bug: 222479468
Test: atest MicrodroidTests MicrodroidHostTests
Change-Id: I90228ca2d1bc3c66a6967412942e1c3372ed09ca
This cl removes SELinux policies related to
authfs_service / servicemanager communication as authfs_service
now uses rpc binder instead of servicemanager.
Bug: 257260848
Test: atest ComposHostTestCases
Change-Id: I3e3de94a837c95e8f486438cc6a76fea39ffc6f3
The DICE service is deleted and microdroid_maanger takes over the DICE
logic.
Bug: 243133253
Test: atest MicrodroidTests
Test: atest ComposHostTestCases
Change-Id: Idc4cb53f46aa0bc1f197c6267b05f6c5678a34ae
Allow zipfuse to signal to microdroid_manager via property when it is
ready.
Bug: 243513572
Test: atest MicrodroidTests (locally & via acloud)
Change-Id: Ifcf3d0924faa61ce87124a5ac55bd6a2b193cd99
The DICE HAL and diced are replaced with dice-service which implements
the diced services and also contains the HAL logic directly, without
exposing an implementation of the HAL service.
Bug: 243133253
Test: atest MicrodroidTests
Change-Id: Ia0edeadb04a3fdd37ee1a69a875a7b29586702c5
VintfObject will monitor for /apex directory for VINTF data.
Add permissions for service managers to read this data.
Bug: 239055387
Test: m && boot
Change-Id: I179e008dadfcb323cde58a8a460bcfa2825a7b4f
Allow microdroid_manager to start authfs when needed.
Migrate the authfs-related permissions from compos to
microdroid_payload, so it can be used by any payload.
Move a neverallow to the correct file.
Bug: 245262525
Test: atest MicrodroidTests MicrodroidHostTestCases
Test: atest ComposHostTestCases
Change-Id: I0f5eb9c11bdb427b1f78c9fc721c40de76add484
Previously in Microdroid, processes send log messages to logd over
socket and then logcat ran to hand the message to the host side over the
serial console.
That has changed. Now, the liblog library which processes use to emit
logs directly sends the given message to the serial console. Liblog does
this by reading a new system property ro.log.file_logger.path. When this
is set, liblog doesn't use the logd logger, but opens the file that the
sysprop refers to and writes logs there.
This change implments sepolicy side of the story.
* logd and logcat types are removed since they no longer are needed.
* existing references to those types are removed as well.
* a new property type `log_prop` is introduced and the two system
properties are labaled as log_prop
* all processes have read access to the system properties
* all processes have append access to /dev/hvc2
Bug: 222592894
Test: run microdroid, see log is still emitted.
Change-Id: I4c4f3f4fd0e7babeab28ddf39471e914445ef4da
If something starts before servicemanager does,
intelligently wait for servicemanager to start rather
than sleeping for 1s.
Bug: 239382640
Test: boot
Change-Id: If0380c3a1fce937b0939cd6137fcb25f3e47d14c
Removes all references to vendor_service in policy except the
definition of this type, which also needs to be removed by
clients.
We don't need this because interface type shouldn't be associated
with where they are served. We can serve HALs from anywhere if they are
implemented in software.
Bug: 237115222
Test: builds
Change-Id: If370a904af81e015e7e1f7a408c4bfde2ebff9a4
We don't use MLS in Microdroid, so we don't need MLS rules, nor
mlstrusted[subject|object] labels. (We keep one MLS rule to satisfy
checkpolicy.)
A lot of attributes are unused in Microdroid, so we can remove their
declarations and any references to them. (That may not make the
compiled policy smaller, since hopefully they get optimised out
anyway, but it means there is less policy for humans to deal with.)
Remove labels that relate only to apps, which we don't have - MAC
permissions, run-as, seapp_contexts.
In passing, fix a comment snafu in both system & microdroid policy.
Bug: 223596375
Test: Run staged-apex-compile & compos_verify, no denials
Test: atest MicrodroidTests MicrodroidHostTestCases
Change-Id: Ifd3589945a2d8b4c0361e00eec5678795513fd8c
Give microdroid_manager and the DICE HAL access to the AVF chosen node
properties that are used to indicate that the VM is booting in strict
more and that the current boot is provisioning a new VM instance.
Bug: 221051866
Bug: 217376291
Test: atest MicrodroidTests
Change-Id: Ie8451fc80671557086f8d825ad01600f9cb4557a
Add the compos_key_helper domain for the process which has access to
the signing key, make sure it can't be crashdumped. Also extend that
protection to diced & its HAL.
Rename compos_verify_key to compos_verify, because it doesn't verify
keys any more.
Move exec types used by Microdroid to file.te in the host rather than
their own dedicated files.
Bug: 218494522
Test: atest CompOsSigningHostTest CompOsDenialHostTest
Change-Id: I942667355d8ce29b3a9eb093e0b9c4f6ee0df6c1
