Commit graph

692 commits

Author SHA1 Message Date
Inseob Kim
5a8afdcfa6 Make 31.0 prebuilts and compat files up to date
Bug: 208126864
Test: m selinux_policy 31.0_compat_test treble_sepolicy_tests_31.0
Change-Id: Ic97d17b39f7307ed5af200c97c8c09ca0511c216
2021-11-29 19:40:59 +09:00
Ji Luo
d338d0ef55 Fix bootchart on android12
Access denial of Apexd would cause runtime abort and the
bootchart is not working on Android 12:
  ...
  F nativeloader: Error finding namespace of apex: no namespace called com_android_art
  F zygote64: runtime.cc:669] Runtime aborting...
  F zygote64: runtime.cc:669] Dumping all threads without mutator lock held
  F zygote64: runtime.cc:669] All threads:
  F zygote64: runtime.cc:669] DALVIK THREADS (1):
  F zygote64: runtime.cc:669] "main" prio=10 tid=1 Runnable (still starting up)
  F zygote64: runtime.cc:669]   | group="" sCount=0 ucsCount=0 flags=0 obj=0x0 self=0xb4000072de0f4010
  ...

Bug: 205880718
Test: bootchart test.

Signed-off-by: Ji Luo <ji.luo@nxp.com>
Change-Id: Ia7d166605cd0b58849cb44d9a16dc3c73e1d4353
2021-11-11 16:53:24 +08:00
Bart Van Assche
e3cfa9e1d3 Revert "Remove the bdev_type and sysfs_block_type SELinux attributes"
This reverts commit 63930d3850.

Reason for revert: Broken build (https://android-build.googleplex.com/builds/submitted/7863094/aosp_raven-userdebug/latest/view/logs/error.log)

Change-Id: I1742d69d471e9b00359a2e7e654aa752513990df
2021-10-28 18:03:49 +00:00
Bart Van Assche
63930d3850 Remove the bdev_type and sysfs_block_type SELinux attributes
Remove these SELinux attributes since the apexd and init SELinux policies
no longer rely on these attributes.

The only difference between a previous version of this patch and the
current patch is that the current patch moves these attributes to the
'compat' policy. See also
https://android-review.googlesource.com/c/platform/system/sepolicy/+/1850656.

This patch includes a revert of commit 8b2b951349 ("Restore permission
for shell to list /sys/class/block"). That commit is no longer necessary
since it was a bug fix for the introduction of the sysfs_block type.

Bug: 202520796
Test: source build/envsetup.sh && lunch aosp_x86_64 && m && launch_cvd && adb -e shell dmesg | grep avc
Change-Id: Id7d32a914e48bc74da63d87ce6a09f11e323c186
Signed-off-by: Bart Van Assche <bvanassche@google.com>
2021-10-25 16:26:07 -07:00
Xin Li
e69c4ae635 Merge SP1A.210812.016
Merged-In: I7dec0a3d82c82b5dea4b5f3f38d9170bb1f40840
Change-Id: Idf4f6bebc2c849811bac8f6df34d1cd997978bb8
2021-09-28 19:55:59 +00:00
Orion Hodson
51bd92505b odrefresh: add permission to sigkill child processes
(cherry picked from commit 522bcbe9e6)
Ignore-AOSP-First: cherry-pick from aosp
Bug: 177432913
Bug: 196969404
Test: manually decrease odrefresh compilation timeout, no avc denied
Change-Id: I7dec0a3d82c82b5dea4b5f3f38d9170bb1f40840
(cherry picked from commit 86477d7933)
2021-08-20 00:34:06 +00:00
Eric Biggers
0fc214e291 Restore permission for shell to list /sys/class/block
As a side effect, commit ec50aa5180 ("Allow the init and apexd
processes to read all block device properties") removed permission for
the shell context to list the /sys/class/block directory.  There is a
CTS test that relies on this (CtsNativeEncryptionTestCases), so grant
permission to do this again.

Bug: 196521739
Bug: 194450129
Test: Before this change, 'adb shell ls /sys/class/block' fails.
      After this change, 'adb shell ls /sys/class/block' succeeds.
Change-Id: I87cb90880f927db1385887b35c84f4dd7f95021b
Merged-In: I87cb90880f927db1385887b35c84f4dd7f95021b
(cherry picked from commit ff53c4d16e)
2021-08-19 03:22:01 +00:00
Eric Biggers
2b7e9943d9 Merge "Restore permission for shell to list /sys/class/block" am: cc0f64416f
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1797007

Change-Id: I60b12f2a7cb088b8e648149d9356f9b00f97adbe
2021-08-17 19:17:07 +00:00
Eric Biggers
8b2b951349 Restore permission for shell to list /sys/class/block
As a side effect, commit ec50aa5180 ("Allow the init and apexd
processes to read all block device properties") removed permission for
the shell context to list the /sys/class/block directory.  There is a
CTS test that relies on this (CtsNativeEncryptionTestCases), so grant
permission to do this again.

Bug: 196521739
Bug: 194450129
Test: Before this change, 'adb shell ls /sys/class/block' fails.
      After this change, 'adb shell ls /sys/class/block' succeeds.
Change-Id: I87cb90880f927db1385887b35c84f4dd7f95021b
2021-08-16 10:54:44 -07:00
Paul Crowley
c0cae7496e Merge "Allow vold to deleteAllKeys in Keystore" into sc-dev 2021-08-11 21:41:17 +00:00
Paul Crowley
cb00759831 Merge "Allow vold to deleteAllKeys in Keystore" am: d46569c261 am: 66b0b41923
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1789529

Change-Id: I03d240d980763f3a84971f185f207204bac2602d
2021-08-11 18:13:25 +00:00
Paul Crowley
4a664e8d5d Allow vold to deleteAllKeys in Keystore
Add deleteAllKeys to IKeystoreMaintenance and allow vold to call it.
Allow vold to read the property
`ro.crypto.metadata_init_delete_all_keys.enabled`

Bug: 187105270
Test: booted twice on Cuttlefish
Ignore-AOSP-First: no merge path to this branch from AOSP.
Merged-In: I2fb0e94db9d35c1f19ca7acb2f541cfb13c23524
Change-Id: I2fb0e94db9d35c1f19ca7acb2f541cfb13c23524
2021-08-11 10:16:28 -07:00
Paul Crowley
bf29c3a2dc Allow vold to deleteAllKeys in Keystore
Add deleteAllKeys to IKeystoreMaintenance and allow vold to call it.
Allow vold to read the property
`ro.crypto.metadata_init_delete_all_keys.enabled`

Bug: 187105270
Test: booted twice on Cuttlefish
Change-Id: I2fb0e94db9d35c1f19ca7acb2f541cfb13c23524
2021-08-10 21:51:09 -07:00
Bart Van Assche
db5e6c2424 Allow the init and apexd processes to read all block device properties
Addressing b/194450129 requires configuring the I/O scheduler and the
queue depth of loop devices. Doing this in a generic way requires
iterating over the block devices under /sys/class/block and also to
examine the properties of the boot device (/dev/sda). Hence this patch
that allows 'init' and 'apexd' to read the properties of all block
devices. The patch that configures the queue depth is available at
https://android-review.googlesource.com/c/platform/system/core/+/1783847.

Bug: 194450129
Test: Built Android images, installed these on an Android device and verified that modified init and apexd processes do not trigger any SELinux complaints.
Ignore-AOSP-First: This patch is already in AOSP.
Merged-In: Icb62449fe0d21b3790198768a2bb8e808c7b968e
Change-Id: Icb62449fe0d21b3790198768a2bb8e808c7b968e
Signed-off-by: Bart Van Assche <bvanassche@google.com>
2021-08-10 09:30:27 -07:00
Bart Van Assche
052995e65e init.te: Allow init to modify the properties of loop devices
The init process configures swapping over zram over a loop device. An
I/O scheduler is associated with the loop device. Tests have shown that
no I/O scheduler works better than the default, mq-deadline. Hence
allow the init process to configure the loop device I/O scheduler.

Without this patch, the following SELinux denials are reported during
boot:

1     1 I auditd  : type=1400 audit(0.0:4): avc: denied { read write } for comm="init" name="scheduler" dev="sysfs" ino=78312 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_loop:s0 tclass=file permissive=0
1     1 I auditd  : type=1400 audit(0.0:4): avc: denied { read write } for comm="init" name="scheduler" dev="sysfs" ino=78312 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_loop:s0 tclass=file permissive=0

Bug: 194450129
Test: Built Android images and installed these on an Android device.
Ignore-AOSP-First: This patch is already in AOSP.
Merged-In: I0af0a92c53bb1f68b57f6814c431a7f03d8ea967
Change-Id: I0af0a92c53bb1f68b57f6814c431a7f03d8ea967
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
2021-08-10 09:30:10 -07:00
Bart Van Assche
7efcbf568c Allow the init and apexd processes to read all block device properties am: ec50aa5180 am: b00618fb9f
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1783947

Change-Id: Iac344ff86cae6870c6f29fc2b4fb5529482a4219
2021-08-10 01:54:52 +00:00
Bart Van Assche
ec50aa5180 Allow the init and apexd processes to read all block device properties
Addressing b/194450129 requires configuring the I/O scheduler and the
queue depth of loop devices. Doing this in a generic way requires
iterating over the block devices under /sys/class/block and also to
examine the properties of the boot device (/dev/sda). Hence this patch
that allows 'init' and 'apexd' to read the properties of all block
devices. The patch that configures the queue depth is available at
https://android-review.googlesource.com/c/platform/system/core/+/1783847.

Test: Built Android images, installed these on an Android device and verified that modified init and apexd processes do not trigger any SELinux complaints.
Change-Id: Icb62449fe0d21b3790198768a2bb8e808c7b968e
Signed-off-by: Bart Van Assche <bvanassche@google.com>
2021-08-09 13:46:41 -07:00
Martijn Coenen
025423495e Merge "Allow shell to read odsign properties." am: a194f2737e am: ee5b30b948
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1787990

Change-Id: I293034ab8a42c7b79f0db2b1004094ea9594fcbf
2021-08-09 07:19:16 +00:00
Martijn Coenen
a194f2737e Merge "Allow shell to read odsign properties." 2021-08-09 06:45:56 +00:00
Martijn Coenen
fd6d708cc1 Allow shell to read odsign properties.
The shell context can invoke app_process (ART runtime), which in turn
reads odsign_prop to determine whether we determined that the generated
artifacts are valid. Since this was denied until now, app processes
invoked through shell would fall back to JIT Zygote. This is probably
fine, but since fixing the denial is really simple (and not risky), this
option might be preferred over adding it to the bug map.

Bug: 194630189
Test: `adb shell sm` no longer generates a denial
Change-Id: Ia7c10aec53731e5fabd05f036b12e10d63878a30
2021-08-06 08:40:40 +02:00
Bart Van Assche
920fb6cb48 Merge "init.te: Allow init to modify the properties of loop devices" am: cb779773b7 am: a953822b61
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1782387

Change-Id: I783a810622dc05fc2eb667268596d50c4b21430e
2021-08-05 17:10:39 +00:00
Bart Van Assche
9059e215dc init.te: Allow init to modify the properties of loop devices
The init process configures swapping over zram over a loop device. An
I/O scheduler is associated with the loop device. Tests have shown that
no I/O scheduler works better than the default, mq-deadline. Hence
allow the init process to configure the loop device I/O scheduler.

Without this patch, the following SELinux denials are reported during
boot:

1     1 I auditd  : type=1400 audit(0.0:4): avc: denied { read write } for comm="init" name="scheduler" dev="sysfs" ino=78312 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_loop:s0 tclass=file permissive=0
1     1 I auditd  : type=1400 audit(0.0:4): avc: denied { read write } for comm="init" name="scheduler" dev="sysfs" ino=78312 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_loop:s0 tclass=file permissive=0

Bug: 194450129
Test: Built Android images and installed these on an Android device.
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Change-Id: I0af0a92c53bb1f68b57f6814c431a7f03d8ea967
2021-08-04 11:48:14 -07:00
Rick Yiu
7c14f44109 Move vendor_sched to common sepolicy
Previously vendor_sched is put under product area which will be replaced
by GSI. To solve it, move it to system/sepolicy.

Bug: 194656257
Test: build pass
Change-Id: I15801c0db0a8643cac2a2fc1f004db6fb21050dc
Merged-In: Ia0b855e3a876a58b58f79b4fba09293419797b47
2021-07-30 03:03:42 +00:00
Martijn Coenen
3f1c5d5c14 Merge "Allow odsign to stop itself." into sc-dev 2021-07-28 15:06:47 +00:00
Martijn Coenen
3ca856a1a9 Merge "Allow odsign to stop itself." am: 359aea7d49 am: 632c8e428f
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1779988

Change-Id: I863a95342f0a37f14107827df145a49f2a911c19
2021-07-28 12:20:34 +00:00
Martijn Coenen
28377a8a17 Allow odsign to stop itself.
Carve out a label for the property, and allow odsign to set it.

Bug: 194334176
Test: no denials
Change-Id: I9dafefabc27c679ed9f36e617e824f44f3b16bbd
Merged-In: I9dafefabc27c679ed9f36e617e824f44f3b16bbd
2021-07-28 11:52:48 +00:00
Martijn Coenen
359aea7d49 Merge "Allow odsign to stop itself." 2021-07-28 11:50:22 +00:00
Martijn Coenen
5f21a0fa92 Allow odsign to stop itself.
Carve out a label for the property, and allow odsign to set it.

Bug: 194334176
Test: no denials
Change-Id: I9dafefabc27c679ed9f36e617e824f44f3b16bbd
2021-07-28 10:50:35 +02:00
Jiakai Zhang
7f60ff9cda Track system_server->apex_art_data_file denial. am: 329cbf4d4e am: 82a576c1a4
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1771168

Change-Id: Ic90844a9811fcd55283acd10db3d930707d3af9c
2021-07-24 10:06:37 +00:00
Jiakai Zhang
329cbf4d4e Track system_server->apex_art_data_file denial.
The denial occurs when system_server dynamically loads AOT artifacts at
runtime.

Sample message:
type=1400 audit(0.0:4): avc: denied { execute } for comm="system_server" path="/data/misc/apexdata/com.android.art/dalvik-cache/arm64/system@framework@com.android.location.provider.jar@classes.odex" dev="dm-37" ino=296 scontext=u:r:system_server:s0 tcontext=u:object_r:apex_art_data_file:s0 tclass=file permissive=0

Currently, system_server is only allowed to load AOT artifacts at startup. odrefresh compiles jars in SYSTEMSERVERCLASSPATH, which are supposed to be loaded by system_server at startup. However, com.android.location.provider is a special case that is not only loaded at startup, but also loaded dynamically as a shared library, causing the denial.

Therefore, this denial is currently expected. We need to compile com.android.location.provider so that its AOT artifacts can be picked up at system_server startup, but we cannot allow the artifacts to be loaded dynamically for now because further discussion about its security implications is needed. We will find a long term solution to this, tracked by b/194054685.

Test: Presubmits
Bug: 194054685

Change-Id: I3850ae022840bfe18633ed43fb666f5d88e383f6
2021-07-24 09:42:03 +08:00
TreeHugger Robot
8797257e3f Merge "property_contexts: Add ro.lmk.filecache_min_kb property context" into sc-dev 2021-07-21 07:34:31 +00:00
Orion Hodson
5194040519 Merge "postinstall_dexopt: allow reading odsign.verification.status" am: ae132647b1 am: 14b66293ba
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1771328

Change-Id: I1b7b3d5f34c4fff9ba4282afa2cdec97895bfd6e
2021-07-20 11:21:34 +00:00
Orion Hodson
ae132647b1 Merge "postinstall_dexopt: allow reading odsign.verification.status" 2021-07-20 10:58:57 +00:00
Daniel Norman
072de7b4b2 Merge "Rename vpnprofilestore to legacykeystore in 31.0 mapping files." am: f541acd250 am: ffb2010a0a
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1771593

Change-Id: I7699781df4dccce679a8baccdb5e47074e0fb3db
2021-07-20 00:44:25 +00:00
Orion Hodson
07cafca82a postinstall_dexopt: allow reading odsign.verification.status
Allows dexopt to read odsign verification status and use on-device
generated artifacts when dexopting after an OTA.

(cherry pick from change 5fcce9ded3)
Bug: 194069492
Ignore-AOSP-First: cherry pick of https://r.android.com/1771328
Test: manually apply ota, see no denials for reading property
Merged-In: I97acfc17ffd9291d1a81906c75039f01624dff0f
Change-Id: I05453570add7365e1c094d3ea316d53d7c52023a
2021-07-19 19:47:33 +00:00
Orion Hodson
5fcce9ded3 postinstall_dexopt: allow reading odsign.verification.status
Allows dexopt to read odsign verification status and use on-device
generated artifacts when dexopting after an OTA.

Bug: 194069492
Test: manually apply ota, see no denials for reading property
Change-Id: I97acfc17ffd9291d1a81906c75039f01624dff0f
2021-07-19 20:37:20 +01:00
Daniel Norman
31aaac3f18 Rename vpnprofilestore to legacykeystore in 31.0 mapping files.
This service was renamed in
commit 8aaf796f980f21a8acda73180a876095b960fc28
after the mapping files were originally created in
commit 4f20ff73ee.

Bug: 191304621
Test: Merge redfin_vf_s T-based system with S-based vendor.
Change-Id: I3430f13a3438c06c6cb469a35a80390f83b1c0b4
2021-07-19 11:51:14 -07:00
Suren Baghdasaryan
ff51a7bf96 property_contexts: Add ro.lmk.filecache_min_kb property context
ro.lmk.filecache_min_kb property allows vendors to specify min filecache
size in KB that should be reached after thrashing is detected.

Bug: 193293513
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I927f4a1c81db3f284353fe4ab93bf454acff69b7
Merged-In: I927f4a1c81db3f284353fe4ab93bf454acff69b7
2021-07-19 09:48:54 +00:00
Orion Hodson
638ee80658 Add get_prop(odsign_prop) to incidentd.te am: 6f9b65aac7
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/15235557

Change-Id: Ia3383c71d0d855db09c197db8c311d38afc59625
2021-07-12 20:31:38 +00:00
Hasini Gunasinghe
806c7eb133 Allow keystore to read and write keystore.crash_count system property.
Additionally, remove the obsolete permission which allows keystore to
register callbacks with statsd. There's no direct communication between
keystore and statsd now.

Ignore-AOSP-First: Resolving merge conflicts.
Bug: 188590587
Test: statsd TestDrive script.
Merged-In: I31d202751ba78bb547822020260a7e366cb8826e

Change-Id: I31d202751ba78bb547822020260a7e366cb8826e
2021-07-09 16:20:07 +00:00
Orion Hodson
6f9b65aac7 Add get_prop(odsign_prop) to incidentd.te
Prevents SELinux denial when capturing a bugreport.

Bug: 192895524
Bug: 193084909
Bug: 193096842
Bug: 193097008
Bug: 193097511
Bug: 193097845
Bug: 193097886
Ignore-AOSP-First: cherry pick of https://r.android.com/1761447
Test: adb bugreport and check no denial in logcat.
Change-Id: Ide5d95782929836cffc5b3921bffae3295773532
2021-07-09 16:03:35 +01:00
Hasini Gunasinghe
2a5ab82215 Merge "Allow keystore to read and write keystore.crash_count system property." into sc-dev 2021-07-09 00:08:41 +00:00
Hasini Gunasinghe
4fa6b1a037 Allow keystore to read and write keystore.crash_count system property.
Additionally, remove the obsolete permission which allows keystore to
register callbacks with statsd. There's no direct communication between
keystore and statsd now.

Ignore-AOSP-First: No mergepath to AOSP.
Bug: 188590587
Test: statsd TestDrive script.
Merged-In: I31d202751ba78bb547822020260a7e366cb8826e

Change-Id: I31d202751ba78bb547822020260a7e366cb8826e
2021-07-08 17:54:58 +00:00
Hasini Gunasinghe
9fe1532ade Allow keystore to read and write keystore.crash_count system property.
Additionally, remove the obsolete permission which allows keystore to
register callbacks with statsd. There's no direct communication between
keystore and statsd now.

Ignore-AOSP-First: No mergepath to AOSP.
Bug: 188590587
Test: statsd TestDrive script.
Merged-In: I31d202751ba78bb547822020260a7e366cb8826e

Change-Id: I31d202751ba78bb547822020260a7e366cb8826e
2021-07-08 14:29:44 +00:00
Orion Hodson
2e7eebe266 Merge "Allow app_zygote to read zygote_tmpfs." into sc-dev am: b03c657b2b
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/15179050

Change-Id: Id46091314cb8d3f3c8e36c4c3bbabb6401920110
2021-07-05 15:41:51 +00:00
Orion Hodson
b03c657b2b Merge "Allow app_zygote to read zygote_tmpfs." into sc-dev 2021-07-05 15:31:17 +00:00
Martijn Coenen
67db7e2d88 Allow app_zygote to read zygote_tmpfs.
app_zygote inherits tmpfs files from zygote, and needs to be able to
stat them after fork.

Bug: 192634726
Bug: 192572973
Bug: 119800099
Test: forrest
Ignore-AOSP-First: cherry pick of https://r.android.com/1753279
Change-Id: I6ddf433dbbf4a894fcb6d35c0cb723444d360e47
2021-07-05 13:54:28 +00:00
Jayant Chowdhary
487df8589b Merge "Define property ro.camera.enableCamera1MaxZsl" into sc-dev am: cf2b1eff87
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/14683766

Change-Id: I21a6b1cc1e6311c256110d2764300617fe583173
2021-07-02 23:18:27 +00:00
Jayant Chowdhary
cf2b1eff87 Merge "Define property ro.camera.enableCamera1MaxZsl" into sc-dev 2021-07-02 23:05:50 +00:00
Orion Hodson
e0641bba4d Allow zygotes and installd to read odsign properties am: be6873bd15
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/15175855

Change-Id: Ib72bda2605e614e4e1224d2ffe2e2693c842adfe
2021-07-02 17:48:39 +00:00