Commit graph

8 commits

Author SHA1 Message Date
Steven Moreland
5c3f315771 servicemanager: kernel log perms
Bug: 210919187
Fixes: 235390578
Test: boot (logs still only show up sometimes)
Change-Id: I16b9814260103ce550836655d0409d43b8850ea0
2022-10-17 21:30:50 +00:00
Steven Moreland
52a96cc7dd Allow vndservicemanager to self-register.
This is useful for tools like dumpsys, so that they work on all services
equally as well. Also, so that there is no difference with the regular
service manager.

Bug: 150579832
Test: 'adb shell /vendor/bin/dumpsys -l' shows 'manager'
Test: denial is no longer present:
03-05 12:23:47.346   221   221 E SELinux : avc:  denied  { add } for pid=221 uid=1000 name=manager scontext=u:r:vndservicemanager:s0 tcontext=u:object_r:service_manager_vndservice:s0 tclass=service_manager permissive=0

Change-Id: Id6126e8277462a2c4d5f6022ab67a4bacaa3241e
2020-03-05 17:43:35 +00:00
Jon Spivack
b58c4c2a62 Allow vndservicemanager to start processes
Used to lazily start AIDL services.

Bug: 138756857
Test: Manual
Change-Id: I890ca70e654f8e8bb795189abb4018c0d5d05865
2019-08-19 16:05:13 -07:00
Tom Cherry
a099830e3d Prevent vendor_init from using binder or sockets
Bug: 72809699
Test: build
Change-Id: Ifb66ad13557af7d2dc6d3ef823e326a5fba51b24
2018-02-09 19:32:59 +00:00
Sandeep Patil
2ee66e7d14 sepolicy: make exec_types in /vendor a subset of vendor_file_type
We install all default hal implementations in /vendor/bin/hw along with
a few domains that are defined in vendor policy and installed in
/vendor. These files MUST be a subset of the global 'vendor_file_type'
which is used to address *all files installed in /vendor* throughout the
policy.

Bug: 36463595
Test: Boot sailfish without any new denials

Change-Id: I3d26778f9a26f9095f49d8ecc12f2ec9d2f4cb41
Signed-off-by: Sandeep Patil <sspatil@google.com>
2017-04-11 17:20:36 +00:00
Martijn Coenen
6676c234fc Add target for vndservice_contexts.
So we can limit vndservicemanager access to
just vndservice_contexts.

Bug: 36052864
Test: servicemanager,vndservicemanager work
Change-Id: I7b132d4f616ba1edd0daf7be750d4b7174c4e188
2017-04-03 15:39:42 -07:00
Alex Klyubin
f5446eb148 Vendor domains must not use Binder
On PRODUCT_FULL_TREBLE devices, non-vendor domains (except vendor
apps) are not permitted to use Binder. This commit thus:
* groups non-vendor domains using the new "coredomain" attribute,
* adds neverallow rules restricting Binder use to coredomain and
  appdomain only, and
* temporarily exempts the domains which are currently violating this
  rule from this restriction. These domains are grouped using the new
  "binder_in_vendor_violators" attribute. The attribute is needed
  because the types corresponding to violators are not exposed to the
  public policy where the neverallow rules are.

Test: mmm system/sepolicy
Test: Device boots, no new denials
Test: In Chrome, navigate to ip6.me, play a YouTube video
Test: YouTube: play a video
Test: Netflix: play a movie
Test: Google Camera: take a photo, take an HDR+ photo, record video with
      sound, record slow motion video with sound. Confirm videos play
      back fine and with sound.
Bug: 35870313
Change-Id: I0cd1a80b60bcbde358ce0f7a47b90f4435a45c95
2017-03-24 07:54:00 -07:00
Martijn Coenen
e7d8f4c3c8 Initial sepolicy for vndservicemanager.
vndservicemanager is the context manager for binder services
that are solely registered and accessed from vendor processes.

Bug: 36052864
Test: vendorservicemanager runs
Merged-In: Ifbf536932678d0ff13d019635fe6347e185ef387
Change-Id: I430f1762eb83825f6cd4be939a69d46a8ddc80ff
2017-03-23 00:20:43 +00:00