Commit graph

16193 commits

Author SHA1 Message Date
Jeff Vander Stoep
3d4d8899d1 crash_dump: disallow ptrace of TCB components
am: 573d333589

Change-Id: I5d0bd81b6b486a6a5cffd8159d99cfcdcf0f464f
2018-07-13 21:35:08 -07:00
Jeff Vander Stoep
7f6df93026 crash_dump: disallow ptrace of TCB components
am: f0e6a70ab5

Change-Id: Ia2c196281ae051e2d3ee1ad3f810b12901af8d69
2018-07-13 21:34:51 -07:00
Steven Thomas
7bec967402 Selinux changes for vr flinger vsync service
Add selinux policy for the new Binder-based vr flinger vsync service.

Bug: 72890037

Test: - Manually confirmed that I can't bind to the new vsync service
from a normal Android application, and system processes (other than
vr_hwc) are prevented from connecting by selinux.

- Confirmed the CTS test
  android.security.cts.SELinuxHostTest#testAospServiceContexts, when
  built from the local source tree with this CL applied, passes.

- Confirmed the CTS test
  android.cts.security.SELinuxNeverallowRulesTest#testNeverallowRules521,
  when built from the local source tree with this CL applied, passes.

Change-Id: Ib7a6bfcb1c2ebe1051f3accc18b481be1b188b06
2018-07-13 17:17:01 -07:00
Yifan Hong
b1b3a31e61 Merge changes from topic "coredomain_batteryinfo" am: 6397d7e0cb
am: c74c0fbb34

Change-Id: I43163ef3484dd31d0ead3f5432b572bc5568bde3
2018-07-13 13:08:55 -07:00
Yifan Hong
c74c0fbb34 Merge changes from topic "coredomain_batteryinfo"
am: 6397d7e0cb

Change-Id: I88c793acd19ce05e275d6f2883f90540f37d52b6
2018-07-13 12:42:47 -07:00
Treehugger Robot
6397d7e0cb Merge changes from topic "coredomain_batteryinfo"
* changes:
  vold: not allowed to read sysfs_batteryinfo
  full_treble: coredomain must not have access to sysfs_batteryinfo
2018-07-13 18:42:32 +00:00
Yifan Hong
711908e60b vold: not allowed to read sysfs_batteryinfo
It doesn't need to read batteryinfo to function properly.
Bug: 110891415
Test: builds and boots

Change-Id: I7f388180a25101bfd0c088291ef03a9bf8ba2b2c
2018-07-12 11:45:28 -07:00
Yifan Hong
b5f7f28c26 full_treble: coredomain must not have access to sysfs_batteryinfo
... but should do it via health HAL and healthd.

Bug: 110891415
Test: builds
Change-Id: Ib124f82d31f1dfbe99a56475dba04a37f81bdca3
2018-07-12 11:45:28 -07:00
Jeff Vander Stoep
573d333589 crash_dump: disallow ptrace of TCB components
Remove permissions.

Bug: 110107376
Test: kill -6 <components excluded from ptrace>
Change-Id: If8b9c932af03a551e40e786d591544ecdd4e5c98
Merged-In: If8b9c932af03a551e40e786d591544ecdd4e5c98
(cherry picked from commit f1554f1588)
2018-07-12 11:33:30 -07:00
Jeff Vander Stoep
f0e6a70ab5 crash_dump: disallow ptrace of TCB components
Remove permissions and add neverallow assertion.

Bug: 110107376
Test: kill -6 <components excluded from ptrace>
Change-Id: If8b9c932af03a551e40e786d591544ecdd4e5c98
Merged-In: If8b9c932af03a551e40e786d591544ecdd4e5c98
(cherry picked from commit f1554f1588)
2018-07-12 17:30:25 +00:00
Aalique Grahame
c1e84a6ac5 Merge "sepolicy: create rules for system properties" am: 280c6afab2
am: 5626ee67a9

Change-Id: Icd66784f207472346ac823ad565e6e7b834dcbc8
2018-07-10 21:45:02 -07:00
Aalique Grahame
5626ee67a9 Merge "sepolicy: create rules for system properties"
am: 280c6afab2

Change-Id: I879d46d8e004a4ea63c1b131cdb5348e90adca0d
2018-07-10 21:40:58 -07:00
Florian Mayer
9d144e1f00 Merge "Allow to read events/header_page with debugfs_tracing" am: 7d7328b807
am: 139bb3f279

Change-Id: Ifb564911815c938a489c32f4c648d9b8c3612c6f
2018-07-10 21:38:01 -07:00
Treehugger Robot
280c6afab2 Merge "sepolicy: create rules for system properties" 2018-07-11 04:36:36 +00:00
Florian Mayer
139bb3f279 Merge "Allow to read events/header_page with debugfs_tracing"
am: 7d7328b807

Change-Id: I6bd14e069dd07b81b6cf33cfe8dd22e641d8f1f9
2018-07-10 21:35:06 -07:00
Treehugger Robot
7d7328b807 Merge "Allow to read events/header_page with debugfs_tracing" 2018-07-11 04:28:23 +00:00
Aalique Grahame
2fc89a71f7 sepolicy: create rules for system properties
Add new sepolicy rules to support audio system properties

Bug: 110564278
Change-Id: If774a40b50e56f9e83bcb4ab8a84581dc03058ad
2018-07-03 08:54:04 -07:00
Anton Hansson
64bcf9ddda Merge "Split selinux_policy module into two." am: 43a0a8e10c
am: 72a3251989

Change-Id: Ie898a9ef453521c010ac7a7fcdcb04b026a988dc
2018-07-03 06:31:11 -07:00
Anton Hansson
72a3251989 Merge "Split selinux_policy module into two."
am: 43a0a8e10c

Change-Id: Iba96f0b88256b7549eb1278bdf87e65bca041594
2018-07-03 06:27:44 -07:00
Anton Hansson
43a0a8e10c Merge "Split selinux_policy module into two." 2018-07-03 13:19:35 +00:00
Anton Hansson
8cfe1e6128 Split selinux_policy module into two.
Create one _system and one _nonsystem target, which together contains
the same artifacts as before, just split by whether they go on the
system partition or not.

The product build hierarchy is being refactored to be split by
partition, so these targets facilitate inclusion of just the
system parts where necessary. Also keep the selinux_policy target
around for products that don't need the split.

Bug: 80410283
Test: for t in eng userdebug user; do lunch mainline_arm64-${t}; m nothing; done
Test: verified walleye /system and /vendor identical before and after, via:
Test: /google/data/rw/users/cc/ccross/bin/compare-target-files.sh P6259983 walleye-userdebug "SYSTEM/*" "VENDOR/*"
Test: only diffs are in build.prop files (timestamps and the like)

Change-Id: I0f5d8a1558a164ce5cfb7d521f34b431855ac260
2018-07-03 14:04:20 +01:00
Florian Mayer
a62ce04a8c Allow to read events/header_page with debugfs_tracing
Bug: 110900684
Change-Id: I9fd141e0d56d0135c563467b7ca2f08b6af6700b`
2018-07-03 09:36:42 +00:00
Bowgo Tsai
6e5e109333 Merge "Sepolicy for rw mount point for product extensions." am: 589dbe1429
am: dc7e8d3de5

Change-Id: I2f726b1cf758e3d2744966552bf30ad8756aa754
2018-07-02 19:06:48 -07:00
Pawin Vongmasa
6dea29712a Merge "Allow surfaceflinger to call into mediacodec" am: 48f1c4ce22
am: 35f9e08bcd

Change-Id: I561ce4fb68e165b1c18f8dee5138941b68fd7276
2018-07-02 19:06:08 -07:00
Bowgo Tsai
dc7e8d3de5 Merge "Sepolicy for rw mount point for product extensions."
am: 589dbe1429

Change-Id: Ife838a971f7145583d2d1444a2c366515060e5a4
2018-07-02 19:03:52 -07:00
Pawin Vongmasa
35f9e08bcd Merge "Allow surfaceflinger to call into mediacodec"
am: 48f1c4ce22

Change-Id: I9362732c00cf9daf4b68f30885664a000dd0f3b8
2018-07-02 19:03:07 -07:00
Treehugger Robot
589dbe1429 Merge "Sepolicy for rw mount point for product extensions." 2018-07-03 00:21:01 +00:00
Treehugger Robot
48f1c4ce22 Merge "Allow surfaceflinger to call into mediacodec" 2018-07-03 00:19:50 +00:00
Yabin Cui
474389dfb4 Merge "Export more files in proc_perf." am: 74f86551af
am: ca685e9e91

Change-Id: I87a9f426c49807a273943612bcf495854624f059
2018-07-02 15:22:27 -07:00
Yabin Cui
ca685e9e91 Merge "Export more files in proc_perf."
am: 74f86551af

Change-Id: I16f29c89431a5ca4ac604869e21cd8312bd37f9e
2018-07-02 15:18:49 -07:00
Yabin Cui
74f86551af Merge "Export more files in proc_perf." 2018-07-02 22:12:03 +00:00
Yongqin Liu
cb7a9e8aae public/netd.te: allow netd to operate icmp_socket that passed to it am: 8a8d4ef532
am: 29ed5f16ed

Change-Id: Ibabe55bc17d64226b5ebbe221f8e8cbb4ca4926f
2018-07-02 14:59:46 -07:00
Yongqin Liu
29ed5f16ed public/netd.te: allow netd to operate icmp_socket that passed to it
am: 8a8d4ef532

Change-Id: Ib48576d7f47811870661e0bb66cebad0f26a6782
2018-07-02 14:55:41 -07:00
Yabin Cui
09464811ca Export more files in proc_perf.
Export /proc/sys/kernel/perf_cpu_time_max_percent and
/proc/sys/kernel/perf_event_mlock_kb in proc_perf. So
they can be read in shell and written by init.

This is needed by simpleperf to control cpu percent and
memory used for profiling.

Bug: 110706031
Test: build and boot hikey960 successfully.

Change-Id: I2a01f583508003ab73427bab30a7982a27dfa677
2018-07-02 11:39:40 -07:00
Yongqin Liu
8a8d4ef532 public/netd.te: allow netd to operate icmp_socket that passed to it
This should be supplement for the change here:
https://android-review.googlesource.com/c/platform/system/sepolicy/+/708638

When test the cts libcore.libcore.io.OsTest#test_socketPing test case, it will fail
with avc denial message like following:

[ 1906.617027] type=1400 audit(1530527518.195:10496): avc: denied { read write } for comm="netd" path="socket:[32066]" dev="sockfs" ino=32066 scontext=u:r:netd:s0 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=icmp_socket permissive=1
[ 1906.617189] type=1400 audit(1530527518.195:10496): avc: denied { read write } for comm="netd" path="socket:[32066]" dev="sockfs" ino=32066 scontext=u:r:netd:s0 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=icmp_socket permissive=1
[ 1906.617206] type=1400 audit(1530527518.195:10497): avc: denied { getopt } for comm="netd" lport=2 scontext=u:r:netd:s0 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=icmp_socket permissive=1
[ 1906.617313] type=1400 audit(1530527518.195:10497): avc: denied { getopt } for comm="netd" lport=2 scontext=u:r:netd:s0 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=icmp_socket permissive=1
[ 1906.617330] type=1400 audit(1530527518.195:10498): avc: denied { setopt } for comm="netd" lport=2 scontext=u:r:netd:s0 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=icmp_socket permissive=1
[ 1907.832425] type=1400 audit(1530527518.195:10498): avc: denied { setopt } for comm="netd" lport=2 scontext=u:r:netd:s0 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=icmp_socket permissive=1

Test: run cts -m CtsLibcoreTestCases -t libcore.libcore.io.OsTest#test_socketPing

Change-Id: If41cb804292834b8994333f170d1f7f837bcd7df
Signed-off-by: Yongqin Liu <yongqin.liu@linaro.org>
2018-07-02 18:34:18 +08:00
Pawin Vongmasa
ff2dccaf38 Allow surfaceflinger to call into mediacodec
Test: adb logcat | grep "Wrong interface type."

Bug: 77924251
Change-Id: Idf9d7ae6db0d41bb0c2f94b2183bfe23f0c21155
2018-07-01 19:04:03 -07:00
Todd Poynor
c66af8944e [automerger skipped] remove thermalcallback_hwservice am: c6afcb7fc0 -s ours
am: 29e292e9d2

Change-Id: Id9655ad460a971cb6a93ab77591998ca1b8bc226
2018-06-29 19:19:11 -07:00
Todd Poynor
29e292e9d2 [automerger skipped] remove thermalcallback_hwservice
am: c6afcb7fc0  -s ours

Change-Id: I9c89b5179d68943f4e090fbd596b4cd4be68100f
2018-06-29 19:14:10 -07:00
Todd Poynor
c6afcb7fc0 remove thermalcallback_hwservice
This hwservice isn't registered with hwservicemanager but rather passed
to the thermal hal, so it doesn't need sepolicy associated with it to
do so.

Test: manual: boot, inspect logs
Test: VtsHalThermalV1_1TargetTest
Bug: 109802374
Change-Id: Ifb727572bf8eebddc58deba6c0ce513008e01861
Merged-In: Ifb727572bf8eebddc58deba6c0ce513008e01861
2018-06-29 23:01:43 +00:00
Jeff Vander Stoep
cdc79fd4f2 Merge "priv_app: dontaudit read access to default sysfs label" am: 05fc3f2526
am: 9256ec00b8

Change-Id: Ie768a8e68e34c59eda6777d29372606527766b24
2018-06-29 15:03:31 -07:00
Jeff Vander Stoep
9256ec00b8 Merge "priv_app: dontaudit read access to default sysfs label"
am: 05fc3f2526

Change-Id: Iebf4303790c7b87cd9e82abf073c895f7b4fa38e
2018-06-29 14:41:05 -07:00
Treehugger Robot
05fc3f2526 Merge "priv_app: dontaudit read access to default sysfs label" 2018-06-29 20:43:53 +00:00
Jeff Vander Stoep
4894d9fde8 priv_app: dontaudit read access to default sysfs label
Suppress selinux logspam for non-API files in /sys.

Bug: 110914297
Test: build
Change-Id: I9b3bcf2dbf80f282ae5c74b61df360c85d02483c
2018-06-29 11:06:10 -07:00
John Reck
ca5028a56c Merge "Add record-tgid tracefs support" am: d6c47bc1b5
am: 10caa0c412

Change-Id: I1e5ed2ccd01030102d80ae25306dbd92fe188f98
2018-06-29 10:59:03 -07:00
John Reck
10caa0c412 Merge "Add record-tgid tracefs support"
am: d6c47bc1b5

Change-Id: I9f8f996c182701bb52cb60c8403c9e817f777691
2018-06-29 10:54:55 -07:00
Treehugger Robot
d6c47bc1b5 Merge "Add record-tgid tracefs support" 2018-06-29 17:51:07 +00:00
Jeff Vander Stoep
e8627153e9 vendor_init: enforce similar restrictions as init am: ff91d5d605
am: 97c7dbbba9

Change-Id: Idf220cff0d3acd13bf51b0c742d8c937f84f811f
2018-06-29 07:59:13 -07:00
Jeff Vander Stoep
97c7dbbba9 vendor_init: enforce similar restrictions as init
am: ff91d5d605

Change-Id: I4d7fcb2a08b8d95342a075ce95abd931bae73ad3
2018-06-29 07:55:08 -07:00
Bowgo Tsai
c287032f61 Sepolicy for rw mount point for product extensions.
Bug: 110808288
Test: device boots with /mnt/product present and selinux label
      mnt_product_file applied correctly.

Change-Id: I596e4b79285fe1a79d31ad1b07f4bcffe6a6cd98
2018-06-29 22:54:42 +08:00
Jeff Vander Stoep
ff91d5d605 vendor_init: enforce similar restrictions as init
Test: build aosp_taimen-userdebug
Change-Id: Ie35ffcb8d2e3b83b6592f863caca946270aa4032
2018-06-28 23:06:40 +00:00