Commit graph

153 commits

Author SHA1 Message Date
Dennis Shen
584852eaa7 Update SELinux to allow vendor process access
Bug: b/298934058, b/295379636
Change-Id: I2521ae27a88d471263ba4bff69947b2ce28b4b4e
2023-09-11 14:30:29 +00:00
Jaewan Kim
4183cbb63c Label hypervisor test properties
Bug: 298306391
Change-Id: I160101325989f58ef3403ec5be20895468c2ccbb
Test: TH, atest CustomPvmfwHostTestCases
2023-09-01 02:43:38 +00:00
Pawan Wagh
60cc0b3a39 Adding ro.product.build.16k_page.enabled to property contexts
This property will be used to set 16k dev options on device.
This will be product specific property and will be added on
specific devices.

Test: m, booted device with PRODUCT_16K_DEVELOPER_OPTION ON/OFF and
verified option visibility.
Bug: 297922563

Change-Id: I2be5e7236eb8259ef6d5893e70712a5c89aaad52
2023-08-31 20:30:04 +00:00
Dennis Shen
df3a1680d2 Update name from trunk_stable_flags to aconfig flags
the name "trunk stable" is not recommended to appear in android code
base as it is an internal concept. therefore the name change.

Bug: b/295379636
Change-Id: Ice045ac00e2d4987221cc6516baa0d013e6e0943
2023-08-16 19:10:13 +00:00
Dennis Shen
d32299780f Setup a common channel to trunk stable flags in system properties
This is a common root node for native trunk stable flags in system properties. Each flag in a namespace will appear in the sys prop as

persist.device_config.trunk_stable_flags.<namespace>.<flag>

Bug: b/295379636
Change-Id: I42e4a799781a9ced442cbdcbdb6b905446d72d73
2023-08-14 14:23:59 +00:00
Dennis Shen
3b8c57fb93 SELinux allow listing core_experiements_team_internal namespace
Bug: b/291771863
Change-Id: I788e4d5241d824dee249aa8c6d7cb5405c0fac37
2023-07-25 20:15:02 +00:00
Pontus Lidman
0af0e71062 Add SELinux config for new SensorFusion property
Add required SELinux configuration to support the sensor
configuration property:
sensors.aosp_low_power_sensor_fusion.maximum_rate

Test: use getprop to verify presence and readability
of the new property. dumpsys sensorservice to verify
sensor service is picking up the property value.

Change-Id: I96b8fd6ce72d7a5bf69b028802b329b03f261585
2023-07-21 00:42:24 +00:00
Alexander Roederer
584a862df6 persist.sysui.notification.ranking_update_ashmem
Adds persist.syui.notification.ranking_update_ashmem property and
associated permissions, which will be used to flag guard a change in
core/...NotificationRankingUpdate.java.

Permissions are limited in scope to avoid unnecessary access.
Apps may need to read the flag (because NotificationRankingUpdate.java
is a core library), but setting should only be possible internally (and
via debug shell).

Test: manual flash+adb setprop/getprop
Bug: 249848655
Change-Id: I661644893714661d8c8b5553c943fa17d08c000c
2023-06-07 22:31:00 +00:00
Jin Jeong
9bd3eedbef Revert "Add setupwizard_esim_prop to access ro.setupwizard.esim_cid_ignore"
This reverts commit 489abecf67.

Reason for revert: b/279988311 we rename the vendor.modem property so we don't need to add the new rules

Change-Id: I19d1da02baf8cc4b5182a3410111a0e78831d7f8
Merged-In: I0c2bfe55987949ad52f62e468c84df954f39a4ad
2023-05-15 10:43:05 +00:00
Jinyoung Jeong
489abecf67 Add setupwizard_esim_prop to access ro.setupwizard.esim_cid_ignore
bug: 279548423
Test:  http://fusion2/b7c803be-2dca-4195-b91f-6c4939746b5b, http://fusion2/bb76429b-7d84-4e14-b127-8458abb3e2ed
Change-Id: I4b190fca2f3825a09d27cfc74e8a528831f4f15b
Merged-In: I4b190fca2f3825a09d27cfc74e8a528831f4f15b
2023-05-02 01:24:23 +00:00
Alexander Roederer
cf1ac9a714 Merge "Add persist.sysui.notification.builder_extras_ovrd" 2023-04-03 13:47:09 +00:00
Jiakai Zhang
22fb5c7d24 Allow system server to set dynamic ART properties.
This change gives a new type (dalvik_dynamic_config_prop) to some ART
properties such as dalvik.vm.dex2oat-cpu-set and adds a new rule to
allow system server to set them.

Bug: 274530433
Test: Locally added some code to set those properties and saw it being
  successfull.
Change-Id: Ie28602e9039b7647656594ce5c184d29778fa089
2023-03-31 11:46:05 +01:00
Alexander Roederer
829d974505 Add persist.sysui.notification.builder_extras_ovrd
Adds persist.sysui.notification.builder_extras_override property
and associated permissions, which will be used to flag guard
a change in core/...Notification.java.

Permissions are limited in scope to avoid unnecessary access.
Apps may need to read the flag (because Notification.java
is a core library), but setting should only be possible
internally (and via debug shell).

Test: manual flash+adb setprop/getprop
Bug: 169435530
Change-Id: I3f7e2220798d22c90f4326570732a52b0deeb54d
2023-03-29 16:35:39 +00:00
Tri Vo
0099ba37f3 Merge "Remove RemoteProvisioner and remoteprovisioning services" 2023-03-17 17:18:01 +00:00
Vikram Gaur
01390087b1 Add set property permissions to RKPD application.
Test: atest RkpdAppGoogleIntegrationTests
Change-Id: Ib1680319f7299b27aab2cc36cc917a8da35ec216
2023-03-16 18:05:10 +00:00
Tri Vo
4bb2d30701 Remove RemoteProvisioner and remoteprovisioning services
Bug: 273325840
Test: keystore2_test
Change-Id: I295ccdda5a3d87b568098fdf97b0ca5923e378bf
2023-03-14 15:45:35 -07:00
Seth Moore
d3bd68607e Allow shell to change RKP properties
This way, we can change things like the RKP hostname or enablement
from the shell for tests.

Bug: 265196434
Test: manual (adb shell setprop ...)
Change-Id: Ib853eaf29b395705eba57d241df064152220457e
2023-02-24 13:33:36 -08:00
Avichal Rakesh
e2cb0f2813 Prevent non-system apps from read ro.usb.uvc.enabled
ro.us.uvc.enabled should not be readable from apps that can't or
shouldn't act on UVC support. This means all non-system apps. This CL
adds an explicit neverallow rule to prevent all appdomains (except
system_app and device_as_webcam).

Bug: 242344221
Bug: 242344229
Test: Build passes, manually confirmed that non-system apps cannot
      access the property
Change-Id: I1a40c3c3cb10cebfc9ddb791a06f26fcc9342ed9
2023-02-02 12:26:33 -08:00
Avichal Rakesh
a12d3103be Add selinux permissions for ro.usb.uvc.enabled
This CL the selinux rules for the property ro.usb.uvc.enabled which will
be used to toggle UVC Gadget functionality on the Android Device.

Bug: 242344221
Bug: 242344229
Test: Manually tested that the property can only be read at runtime,
      not written to.
Change-Id: I0fd6051666d9554037acc68fa81226503f514a45
2023-01-31 11:17:50 -08:00
Seth Moore
7ed4c00496 Add remote_provisioning.hostname property
This property contains the server name for the remote provisioning
service, if any, used by the device.

Test: RkpdAppUnitTests
Change-Id: Iad7805fe6da1ce89a9311d5caf7c9c651af2d16d
2023-01-18 13:44:47 -08:00
Florian Mayer
152f832904 Allow system_server to set arm64 memtag property
Bug: 262763327
Bug: 244290023
Test: atest MtePolicyTest on user build
Test: manually with TestDPC
Change-Id: If1ed257fede6fa424604eed9775eb3a3b8365afe
2022-12-16 16:58:36 -08:00
Andrew Scull
edba76d514 Revert "Allow vendors to set remote_prov_prop properties"
This reverts commit a87c7be419.

Reason for revert: I was mistaken and this isn't a property that the vendor should set, but the OEM should override from the product partition. That doesn't require sepolicy changes.

Bug: 256109167
Change-Id: Idebfb623dce960b2b595386ade1e4c4b92a6e402
2022-10-31 18:27:29 +00:00
Andrew Scull
a87c7be419 Allow vendors to set remote_prov_prop properties
Vendors should be able to set the `remote_provisioning.tee.rkp_only` and
`remote_provisioning.strongbox.rkp_only` properties via
PRODUCT_VENDOR_PROPERTIES so grant `vendor_init` the permission to set
them.

The property wasn't able to use `system_vendor_config_prop()` as
`remote_prov_app` has tests which override the properties.

Bug: 256109167
Test: manual test setting the property from device.mk for cuttlefish
Change-Id: I174315b9c0b53929f6a11849efd20bf846f8ca29
2022-10-28 10:07:54 +00:00
Vikram Gaur
e1c49f5524 Add SELinux policies for remote_key_provisioning_native namespace.
We need to separate out the feature flags in use by remote key
provisioning daemon (RKPD). For this, I have set up a new namespace
remote_key_provisioning_native. This change adds the SELinux policies to
make sure appropriate permissions are present when accessing the feature
flag for read/write.

Change-Id: I9e73a623f847a058b6236dd0aa370a7f9a9e6da7
Test: TreeHugger
2022-09-29 21:32:58 +00:00
Neil Fuller
b9f8aad52c Merge changes I20b40cbe,Iac1bc330,I8d818342
* changes:
  Limit processes that can change settings sysprops
  Add new type for system settings metadata
  Reduce use of exported_system_prop
2022-09-27 23:01:26 +00:00
Neil Fuller
bbb00fa4cf Add new type for system settings metadata
Add a new selinux type for a system property used to hold metadata about
the time zone setting system property. Although system settings are
world readable, the associated metadata only needs to be readable by the
system server (currently).

Bug: 236612872
Test: treehugger
Change-Id: Iac1bc3301a049534ea5f69edf27cd85443e6a92e
2022-09-27 16:06:57 +00:00
Florian Mayer
51382a3af0 [MTE] allow mtectrl to sync state to property.
Bug: 245624194
Change-Id: If580f3e64a839ee409b58e80300b927f6898c894
2022-09-27 15:56:33 +00:00
Jiyong Park
c4f84bcb37 Don't let ro.log.file_logger.path to be set
ro.log.file_logger.path is a system property that liblog uses to
determine if file_logger should be used (instead of logd) and what file
the logs should be emitted to. It is primarily meant for non-Android
environment like Microdroid, and doesn't need to be set in Android. In
fact, setting it to a wrong value can break the system logging
functionality. This change prevents such a problem by assigning a
dedicated property context (log_file_logger_prop) to the property and
making it non-writable. (Note that it still has to be readable because
liblog reads it and liblog can be loaded in any process)

Bug: 222592894
Test: try to set ro.log.file_logger.path

Change-Id: Ic6b527327f5bd4ca70a58b6e45f7be382e093318
2022-09-18 23:39:41 +09:00
Suren Baghdasaryan
9fdb29826f Add policies for ro.kernel.watermark_scale_factor property
New ro.kernel.watermark_scale_factor property is used to store the
original value read from /proc/sys/vm/watermark_scale_factor before
extra_free_kbytes.sh changes it. The original value is necessary to
use the same reference point in case the script is invoked multiple
times. The property is set by init the first time script is invoked
and should never be changed afterwards.

Bug: 242837506
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I7760484854a41394a2efda9445cff8cb61587514
2022-09-08 19:35:34 +00:00
Jooyung Han
cae2368d2d Set apex. property as "system_restricted"
Since the property is supposed to be used by vendor-side .rc file as
read-only (especially by vendor apex), it should be "system_restricted".

Also allow vendor_init to read the property.

Bug: 232172382
Test: boot cuttlefish (with vendor apex using the property)
Change-Id: I502388e550e0a3c961a51af2e2cf11335a45b992
2022-09-02 18:11:33 +09:00
Jooyung Han
ba80cd59a7 Merge changes from topics "apex-ready-prop", "apex-update-prop"
* changes:
  Modifed sepolicy for new apex ready prop
  Remove init.apex.<apex-name>.load/unload property
2022-09-02 06:46:54 +00:00
Deyao Ren
7848d3a437 Modifed sepolicy for new apex ready prop
Bug: 232172382
Test: atest ApexTestCases
Change-Id: I2947b2c9b1d983bdbc410e67509508f73efff1f4
2022-09-01 22:20:10 +00:00
Deyao Ren
3fab00fab2 Remove init.apex.<apex-name>.load/unload property
Bug: 240533726
Test: atest CtsInitTestCases ApexTestCases
Change-Id: Ibe4d1c199157397a747bb87918848917a24f0535
2022-09-01 16:24:55 +00:00
Hongguang
9515559657 Add properties to configure whether the lazy tuner is enabled.
ro.tuner.lazyhal: system_vendor_config_prop to decide whether the lazy
tuner HAL is enabled.
tuner.server.enable: system_internal_prop to decide whether tuner server
should be enabled.

Bug: 236002754
Test: Check tuner HAL and framework behavior
Change-Id: I6a2ebced0e0261f669e7bda466f46556dedca016
2022-08-23 07:01:05 +00:00
Jooyung Han
ccfb0ef146 Added properties for rebootless apex install
When apexd installs an apex without reboot, init also need to do some
work around the installation (e.g. terminating services from the apex
and remove data read from the apex and updating linker configuration
etc)

Apexd sets control properties to unload and load apex and init notifies
the completion with state properties.

These new properties are supposed to be used by apexd/init interaction.

Bug: 232114573
Bug: 232173613
Test: CtsStagedInstallHostTestCases
Test: CtsInitTestCases
Change-Id: I5af6b36310f3c81f1cd55537473e54756541d347
2022-07-08 12:12:45 +09:00
Richard Chang
af8fac1c56 Allow vendor services to access vendor_system_native_prop
Bug: 226456604
Test: Build
Change-Id: Icc11b9bf06fd0fb8069388ca5a32e8aedf1743a8
2022-05-03 04:19:07 +00:00
Felipe Leme
b85242c00f Allow apps to read system_user_mode_emulation_prop.
As it's used by UserManager...

Test: sesearch --allow -s appdomain -t system_user_mode_emulation_prop $ANDROID_PRODUCT_OUT/vendor/etc/selinux/precompiled_sepolicy
Bug: 226643927

Change-Id: I1134a9e0b8ae758e3ebef054b96f9e3237a2401f
2022-04-21 18:49:12 -07:00
Mitch Phillips
800e948e61 Merge "[GWP-ASan] Add sysprop, allow shell and system apps to set it." 2022-04-21 18:12:43 +00:00
Seth Moore
222e99e26f Merge "Allow the remote provisioner app to set rkp_only properties" 2022-04-21 17:23:11 +00:00
Seth Moore
8bfdd82123 Allow the remote provisioner app to set rkp_only properties
The properties for rkp_only are no longer read only.

This allows remote provisioner unit tests to enable/disable the remote
provisioning only mode, which is required to fully verify functionality.

Test: RemoteProvisionerUnitTests
Bug: 227306369
Change-Id: I8006712a49c4d0605f6268068414b49714bbd939
2022-04-20 17:15:20 -07:00
Felipe Leme
9a385b2112 Adds system_user_mode_emulation_prop property.
It will be used by system_server only (i.e., not even Shell) to let
developers change the system user mode (to be headless or full).

Test: sesearch --allow -t system_user_mode_emulation_prop $ANDROID_PRODUCT_OUT/vendor/etc/selinux/precompiled_sepolicy

Bug: 226643927

Change-Id: Iaba42fd56dce0d8d794ef129634df78f9599260f
2022-04-20 13:28:01 -07:00
Richard Chang
1c8df204ff Merge "sepolicy: allow vendor system native experiments property" 2022-04-15 03:47:28 +00:00
Mitch Phillips
8cd32cd93e [GWP-ASan] Add sysprop, allow shell and system apps to set it.
Bug: 219651032
Test: atest bionic-unit-tests

Change-Id: Ic4804ce0e4f3b6ba8eb8d82aca11b400b45c03dc
2022-04-12 13:20:05 -07:00
Kalesh Singh
6ba41462d5 Merge changes from topic "mglru-exp"
* changes:
  Add sepolicy for Multi-Gen LRU sysfs control
  Add sepolicy for mglru_native flag namespace
2022-04-12 13:48:48 +00:00
Richard Chang
7057e4abca sepolicy: allow vendor system native experiments property
Grant system_server and flags_health_check permission to set the
properties that correspond to vendor system native experiments.

Bug: 226456604
Test: Build
Change-Id: Ib2420cf6eaf1645e7f938db32c93d085dd8950a3
2022-04-12 08:11:53 +00:00
Kalesh Singh
9e25714cd7 Add sepolicy for mglru_native flag namespace
Bug: 227651406
Bug: 228525049
Change-Id: I9311b23bd10573fcdb62aba65eb2c6e3d177b467
2022-04-08 13:37:34 -07:00
Max Bires
aaacfdb054 Add ro.remote_provisioning.*.rkp_only properties.
These properties are used to inform keystore2 and the RemoteProvisioner
app how they should behave in the system in the event that RKP keys are
exhausted. The usual behavior in a hybrid system is not to take any
action and fallback to the factory provisioned key if key attestation is
requested and no remotely provisioned keys are available.

However, there are instances where this could happen on a device that
was intended to be RKP only, in which case the system needs to know that
it should go ahead and attempt to remotely provision new certificates or
throw an error in the case where none are available.

Test: New properties are accessible from the two domains
Change-Id: I8d6c9e650566499bf08cfda2f71c64d5c2b26fd6
2022-04-04 11:23:12 -07:00
Alexander Potapenko
0a64d100b8 dmesgd: sepolicies
dmesgd is a daemon that collects kernel memory error reports.

When system_server notices that a kernel error occured, it sets the
dmesgd.start system property to 1, which results in init starting
dmesgd.

Once that happens, dmesgd runs `dmesg` and parses its output to collect
the last error report. That report, together with the headers containing
device- and build-specific information is stored in Dropbox.

Empirically, dmesgd needs the following permissions:
- execute shell (for popen()) and toolbox (for dmesg),
  read system_log (for dmesg)
- read /proc/version (to generate headers)
- perform Binder calls to servicemanager and system_server,
  find dropbox_service (for dropbox)
- create files in /data/misc/dmesgd (to store persistent state)

Bug: 215095687
Test: run dmesgd on a user device with injected KFENCE bugs
Change-Id: Iff21a2ffd99fc31b89a58ac774299b5e922721ea
2022-02-10 17:42:52 +00:00
Yabin Cui
f17fb4270c Add sepolicy for simpleperf_boot.
simpleperf_boot is the secontext used to run simpleperf from init,
to generate boot-time profiles.

Bug: 214731005
Test: run simpleperf manually
Change-Id: I6f37515681f4963faf84cb1059a8d5845c2fe5a5
2022-01-15 16:12:51 -08:00
Florian Mayer
11db93a15b Merge "[MTE] Allow system_app to write memtag property." 2022-01-10 21:12:02 +00:00