For automotive (and I assume for other verticals) it make sense to keep
vertical-specific policies outside of /system/sepolicy as those not used
by the phones. However, there's no way to do it rather than using
BOARD_PLAT_{PUBLIC|PRIVATE}_SEPOLICY_DIR build variables.
Bug: 70637118
Test: lunch bat_land-userdebug && m
Test: verify it builds, boots and logs seems to be reasonable
Test: enable full treble for aosp_car_x86 - verify it builds, boots and
no denials in the logs
Change-Id: Ia5fd847f7a6152ff6cf99bbbc12e1e322f7946ab
Mtp needs access to this path in order to
change files on an sdcard.
Fixes denial:
05-14 17:40:58.803 3004 3004 W MtpServer: type=1400 audit(0.0:46):
avc: denied { search } for name="media_rw" dev="tmpfs" ino=10113
scontext=u:r:mediaprovider:s0:c512,c768
tcontext=u:object_r:mnt_media_rw_file:s0 tclass=dir permissive=0
b/77925342 app=com.android.providers.media
Bug: 77849654
Test: no denials using mtp with emulated sdcard
Change-Id: I27b5294fa211bb1eff6d011638b5fdc90334bc80
Add an exemption to neverallow rule to use sockets from HAL servers only
for automotive build
Bug: 78901167
Test: assign this attribute to hal_vehicle_default and try to open
socket from HAL implementation
Test: verify that new CTS test will fail for non-automotive build with
this attribute buing used
Test: make cts && cts-tradefed run singleCommand cts --skip-device-info
--skip-preconditions --abi arm64-v8a --module CtsSecurityHostTestCases
-t android.security.cts.SELinuxHostTest
Change-Id: I27976443dad4fc5b7425c089512cac65bb54d6d9
This relaxes the neverallow rule blocking vendor_init from doing
anything to vold_metadata_file. The rules above it still prevent it
from doing anything other than relabelto and getattr.
Bug: 79681561
Test: Boot device and see no denials.
Change-Id: I1beb25bb9f8d69323c9fee53a140c2a084b12124
The property is set on builds which profile the boot image.
Test: m
Bug: 73313191
(cherry-pick form commit d99f4acf2d)
Merged-In: Ie0cd54f23250df02850c38bb14e92d4b1fa04f16
Change-Id: Ie0cd54f23250df02850c38bb14e92d4b1fa04f16
Keymaster hal needs to be able to read the vendor SPL for purposes of
rollback protection.
Bug: 76428542
Test: Keymaster can access the hal_keymaster_default property
Change-Id: Ifa53adb23f6ab79346e9dd9616b34d8b24395a0a
The goal is to allow creating profile snapshots from the shell command in
order to be able to write CTS tests.
The system server will dump profiles for debuggable in /data/misc/profman
from where they will be pulled and verified by CTS tests.
Test: adb shell cmd package snapshot-profile com.android.vending
Bug: 74081010
Change-Id: I54690305284b92c0e759538303cb98c93ce92dd5
com.android.server.power.PowerManagerServiceTest#testGetLastShutdownReasonInternal due to "RuntimeException: failed to set system property"
W/roidJUnitRunner: type=1400 audit(0.0:6): avc: denied { write } for name="property_service" dev="tmpfs" ino=13178 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=0
W/libc : Unable to set property "test.sys.boot.reason" to "shutdown,thermal": connection failed; errno=13 (Permission denied)
Had to use precise property definition as com.android.phone accesses
test properties as well.
Test: compile
Bug: 78245377
Change-Id: I2cc810846f8615f2a2fae8e0d4f41de585b7abd7
This should help fix presubmit tests.
Bug: 79414024
Test: Built policy.
Change-Id: Ic840150767ff6c2799ac3b5ef22ba139108c94dd
(cherry picked from commit 06e09abd25)
Bug: 71430241
Test: build/flash, grep for "avc: denied { read }" for mediacodec, should be empty on walleye
Change-Id: I12e1b11a969d3f979ca0cfbe4ca7db2bc5e46165
Let the audioserver record metrics with media.metrics service.
This is for 'audiopolicy' metrics.
Bug: 78595399
Test: record from different apps, see records in 'dumpsys media.metrics'
Change-Id: I63f9d4ad2d2b08eb98a49b8de5f86b6797ba2995
On userdebug builds we can now profile system server without disabling
selinux. This is the final piece, and allows the system server to save its
own profile.
Test: manual, on a device with system server profiling enabled
Bug: 73313191
(cherry picked from commit 71d8467b75)
Change-Id: I93e7e01bfbd3146a8cfd26a1f6e88b640e9c4e0f
This is needed for interface configuration - see e.g. nl80211_configure_data_frame_filters.
Bug: 77903086
Test: Device boots, denial not seen, wifi works
(cherry picked from commit 72ed615228)
Change-Id: Ia781e7c56f6e8e77e654cd28ca34de09180e2213
Merged-In: Ia55c4af1fcee75ada0e67a162fdb92ecc0089312
It's used in build-time tests and in CTS.
Bug: 78898770
Test: build user-build
Change-Id: I254bf4d7ed0c0cb029b55110ceec982b84e4a91b
(cherry picked from commit beeb122405070a5b4cee326a0cdae92a1a791fbc)
The following properties will be whitelisted.
- ro.hdmi.device_type, ro.hdmi.wake_on_hotplug and
persist.sys.hdmi.keep_awake for hdmi
- ro.sf.disable_triple_buffer for SurfaceFlinger
- media.stagefright.cache-params and persist.sys.media.avsync for
nuplayer
Bug: 78205669
Bug: 78430613
Test: succeeded building
Change-Id: I5ee1a1de72c265bca87aa041c6acd9554f5f8c07
Merged-In: I5ee1a1de72c265bca87aa041c6acd9554f5f8c07
(cherry picked from commit 18aaaad937)
Grant fsetid as it was done for installd. Suppress write to
profile files.
(cherry picked from commit 006e160b1a)
Bug: 77958490
Test: m
Test: manual
Merged-In: I33f47db7c16f0eda41ffdb526cf43f8fa9484c62
Change-Id: I33f47db7c16f0eda41ffdb526cf43f8fa9484c62
