Commit graph

35307 commits

Author SHA1 Message Date
Josh Yang
8be76c8e5c Allow priv-app to report off body events to keystore.
Bug: 183564407
Test: the selinux error is gone.
Change-Id: I6783528a0ca6c94781b6c12d96ffebbfe8b25594
Merged-In: If40c2883edd39bee8e49e8e958eb12e9b29a0fe0
2022-02-07 22:42:51 +00:00
Florian Mayer
6020c42f2b Rename property for default MTE mode.
This was requested in aosp/1959650.

Change-Id: I96f8771a39606b0934e4455991a6a34aea40235b
2022-02-07 11:27:20 -08:00
Treehugger Robot
2f94a92cdc Merge "Allow microdroid_manager to BLKFLSBUF on the instance disk" am: 03b3b18c70
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1974319

Change-Id: I3065a65bd2c5bb4f780dfac95c9e5143f0990883
2022-02-07 11:59:23 +00:00
Treehugger Robot
03b3b18c70 Merge "Allow microdroid_manager to BLKFLSBUF on the instance disk" 2022-02-07 11:44:54 +00:00
Alan Stokes
55803ca572 Allow reading hypervisor capabilities
System server needs to do this to know whether a suitable VM for
CompOS can be created. System server does not need the ability to
actually start a VM, so we don't grant that.

Bug: 218276733
Test: Presubmits
Change-Id: Ibb198ad55819aa924f1bfde68ce5b22c89dca088
2022-02-07 11:33:18 +00:00
shubang
a1b9f186fb SE policy: rename iapp -> interactive_app
Bug: 205738783
Test: cuttlefish

Change-Id: I15fd60a2dba79dd5e2a3cf57ed542e5a930680f1
Merged-In: I15fd60a2dba79dd5e2a3cf57ed542e5a930680f1
2022-02-07 07:54:32 +00:00
Treehugger Robot
7defe78f93 Merge "Implement compat file generator" am: f7a825bc46
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1958842

Change-Id: I9f8cad39e2d14999c1afd1d4e2b1c88994c20a99
2022-02-07 06:29:06 +00:00
Treehugger Robot
f7a825bc46 Merge "Implement compat file generator" 2022-02-07 06:15:18 +00:00
Jiyong Park
30c416a4bd Allow microdroid_manager to BLKFLSBUF on the instance disk
Microdroid_manager uses the ioctl to flush data to the block device.

Bug: 208639280
Test: atest MicrodroidTestApp
Change-Id: Icd708702618850e1f003b16bdc8a1698c45f6442
2022-02-07 15:13:22 +09:00
Inseob Kim
9eadc83220 Implement compat file generator
sepolicy_generate_compat is a binary that creates a new compat file when
freezing sepolicy API.

Suppose that we are adding {ver} compat file, after freezing {ver}
sepolicy. Then the workflow would be:

1) copy prebuilts to system/sepolicy/prebuilts/api/{ver}
2) add {ver} to PLATFORM_SEPOLICY_COMPAT_VERSIONS under
   build/make/core/config.mk
3) touch the following three files
  - system/sepolicy/private/compat/{ver}/{ver}.cil
  - system/sepolicy/private/compat/{ver}/{ver}.compat.cil
  - system/sepolicy/private/compat/{ver}/{ver}.ignore.cil
  - system/sepolicy/prebuilts/api/{ver}/vendor_sepolicy.cil
  - system/sepolicy/prebuilts/api/{ver}/plat_pub_versioned.cil
  * This step is to build base compat files, and won't be needed in the
    future.
4) add compat module files (won't be needed in the future)
  - {ver}.cil
  - {ver}.compat.cil
  - {ver}.ignore.cil
  * This step is to build base compat files, and won't be needed in the
    future.
5) run the following command to update above three files:
  $ source build/envsetup.sh && lunch aosp_arm64-userdebug
  $ m sepolicy_generate_compat
  $ sepolicy_generate_compat --branch=(branch_for_ver) \
        --build latest --target-version {ver} \
        --latest-version {ver-1}
6) upload build/make and system/sepolicy changes.

This script still lacks:
- handling of plat_pub_versioned.cil
- test cases
We will tackle such problems with follow-up changes.

Bug: 214336258
Test: manual
Change-Id: I21723a0832e5adadae7c22797c5aba867dc0174e
2022-02-07 13:06:49 +09:00
Inseob Kim
c02f7c6cf8 Neverallow domains other than VS from executing VM am: b20cb78404
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1970460

Change-Id: I80f29ae146dd8dae40cbae9be13a4ffe5a05238d
2022-02-07 03:53:41 +00:00
Inseob Kim
b20cb78404 Neverallow domains other than VS from executing VM
Bug: 216610937
Test: atest MicrodroidTests
Change-Id: I2ecea6974cb6650f8a7aa8b706ae38e1822805cd
2022-02-07 09:42:21 +09:00
Yabin Cui
c1fdafdb6c profcollectd: allow to call callbacks registered by system_server.
Bug: 213519191
Test: On oriole, profcollectd can call callbacks registered by
Test: ProfcollectForwardingService in system_server.
Change-Id: I8531a6e57e5e5c12033d5e8c7651ccff9a1d976a
2022-02-05 12:59:11 -08:00
Treehugger Robot
fb52b5754e Merge "Grant system_app permission to access cgroup_v2 directories" am: b289dc4d1d
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1966048

Change-Id: Ia0fee0a8ac12689bf2bc562b3fdab63a250e3d59
2022-02-04 19:39:02 +00:00
Treehugger Robot
b289dc4d1d Merge "Grant system_app permission to access cgroup_v2 directories" 2022-02-04 19:26:00 +00:00
Christine Franks
639c48d146 Add uhid_device to system_server
Bug: 217275682
Change-Id: I1ae74868344da290727df2474712b8b6ad2efdd7
Test: n/a
2022-02-04 15:13:43 +00:00
Treehugger Robot
eb03dcc59c Merge "Allow VM clients access to hypervisor capability" am: 391f2b26fc
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1970590

Change-Id: I4de2693ef001b522132f393ffe9c970fa8c652c3
2022-02-04 09:50:49 +00:00
Treehugger Robot
391f2b26fc Merge "Allow VM clients access to hypervisor capability" 2022-02-04 09:37:19 +00:00
Treehugger Robot
713984514c Merge "bluetooth.device.class_of_device should be type string" am: 7b7a42e6cf
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1969420

Change-Id: I6acf3397d7b922943f8ce144e95375bf1a66a001
2022-02-04 01:00:51 +00:00
Treehugger Robot
7b7a42e6cf Merge "bluetooth.device.class_of_device should be type string" 2022-02-04 00:38:52 +00:00
Kevin Han
641d56be3f Merge "Extend visibility of hibernation service for CTS" am: 4d81dc33f8
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1966099

Change-Id: I39ef4366bb10c73dfab63b73599e653ea9d3d288
2022-02-04 00:01:09 +00:00
Kevin Han
4d81dc33f8 Merge "Extend visibility of hibernation service for CTS" 2022-02-03 23:43:03 +00:00
Seth Moore
10ec76f621 Add remotely provisioned key pool se policy am: a75cad0d0a
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1969539

Change-Id: If71da72859fb454be505d02c40de2bcbf34bca97
2022-02-03 23:13:55 +00:00
Alan Stokes
3864ea8e4a Allow VM clients access to hypervisor capability
Clients of virtualization service use these properties to
determine whether normal and protected VMs are supported and tailor
their VM requests accordingly.

Bug: 217687661
Test: adb unroot; adb shell getprop | grep ro.boot.hypervisor
Change-Id: Ia1c017c2346217dbc45973cbfb5adbecabedf050
2022-02-03 12:18:11 +00:00
Seth Moore
a75cad0d0a Add remotely provisioned key pool se policy
Keystore now hosts a native binder for the remotely provisioned key
pool, which is used to services such as credstore to lookup remotely
provisioned keys.

Add a new service context and include it in the keystore services.

Add a dependency on this new service for credstore. Also include a
credstore dependency on IRemotelyProvisionedComponent, as it's needed
to make use of the key pool.

Bug: 194696876
Test: CtsIdentityTestCases
Change-Id: I0fa71c5be79922a279eb1056305bbd3e8078116e
2022-02-02 15:07:26 -08:00
Sal Savage
724381a97a bluetooth.device.class_of_device should be type string
Bug: 217452259
Test: Manual, set property in system.prop, build, flash, make sure value
is reflected in getprop | grep bluetooth.device

Change-Id: Id4bfebb4da5bcd64ea4bac8e3c9e9754c96256c6
2022-02-02 14:13:41 -08:00
Bart Van Assche
be3ff9b93a Grant system_app permission to access cgroup_v2 directories
Without this change, the migration of the blkio controller to the cgroup
v2 hierarchy triggers the following denials:

01-31 19:00:59.086  4494  4494 I auditd  : type=1400 audit(0.0:7): avc: denied { write } for comm=4173796E635461736B202331 name="pid_4494" dev="cgroup2" ino=3545 scontext=u:r:system_app:s0 tcontext=u:object_r:cgroup_v2:s0 tclass=dir permissive=0
01-31 19:00:59.086  4494  4494 I auditd  : type=1400 audit(0.0:8): avc: denied { write } for comm=4173796E635461736B202331 name="pid_4494" dev="cgroup2" ino=3545 scontext=u:r:system_app:s0 tcontext=u:object_r:cgroup_v2:s0 tclass=dir permissive=0
01-31 19:00:59.086  4494  4494 I auditd  : type=1400 audit(0.0:7): avc: denied { write } for comm=4173796E635461736B202331 name="pid_4494" dev="cgroup2" ino=3545 scontext=u:r:system_app:s0 tcontext=u:object_r:cgroup_v2:s0 tclass=dir permissive=0
01-31 19:00:59.086  4494  4494 I auditd  : type=1400 audit(0.0:8): avc: denied { write } for comm=4173796E635461736B202331 name="pid_4494" dev="cgroup2" ino=3545 scontext=u:r:system_app:s0 tcontext=u:object_r:cgroup_v2:s0 tclass=dir permissive=0

Bug: 213617178
Test: Booted Android in the Cuttlefish emulator.
Change-Id: I20f136d5cd58fa4ebabbb5a328fc6001b11110d7
Signed-off-by: Bart Van Assche <bvanassche@google.com>
2022-02-02 17:37:45 +00:00
Andrew Scull
e1a1607e1b Merge changes I82f0c2ef,I013894de am: 7e07941d3d
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1966617

Change-Id: Ia20dfb636599a2e0ab2d46efd8df46c9dcc3f8d8
2022-02-02 14:13:55 +00:00
Jonas 5 Persson
aa9d421655 Allow policy tests to support space in file names
Though libsepol supports it since selinux commit 644c5bbb,
test code couldn't handle whitespace in file name in policy
database.

Solved by splitting string once from left and then once
from right to avoid split of whitespace in file name.

Minimal reproducing example:
$ echo '(genfscon sysfs "/s/p a/ce" (USER ROLE TYPE ((SENS) (SENS))))' > s.cil
$ secilc -m -o s.db external/selinux/secilc/test/minimum.cil s.cil
$ searchpolicy --libpath out/host/linux-x86/lib64/libsepolwrap.so -sX --allow s.db
Traceback (most recent call last):
  File "/tmp/Soong.python_ra9it1nk/searchpolicy.py", line 52, in <module>
    pol = policy.Policy(args.policy, None, args.libpath)
  File "/tmp/Soong.python_ra9it1nk/policy.py", line 460, in __init__
    self.__InitGenfsCon()
  File "/tmp/Soong.python_ra9it1nk/policy.py", line 419, in __InitGenfsCon
    self.__GenfsDictAdd(self.__GenfsDict, buf.value.decode("ascii"))
  File "/tmp/Soong.python_ra9it1nk/policy.py", line 399, in __GenfsDictAdd
    fs, path, context = buf.split(" ")
ValueError: too many values to unpack (expected 3)

Test: manual, as described above
Test: cts SELinuxHostTest with spaces in a genfscon path
Change-Id: I7c74292513a63819ee7dc03ab4977ce9363589a4
2022-02-02 15:12:43 +01:00
Andrew Scull
7e07941d3d Merge changes I82f0c2ef,I013894de
* changes:
  Let VirtualizationService access hypervisor properties
  Tag new hypervisor properties
2022-02-02 13:54:11 +00:00
Andrew Scull
792b03ddb5 Let VirtualizationService access hypervisor properties
VirtualizationService uses the properties to discover hypervisor
capabilities. Allow it access for this purpose.

Bug: 216639283
Test: build
Change-Id: I82f0c2ef30c8fb2eefcac1adf83531dd3917fdb8
2022-02-02 13:53:50 +00:00
Lalit Maganti
139cce7cc7 Merge "sepolicy: Allow system domains to be profiled" am: fb9d097d03
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1966610

Change-Id: I53c4ae3c26dcc5579391e7a9319c939e75086a70
2022-02-02 12:21:46 +00:00
Lalit Maganti
fb9d097d03 Merge "sepolicy: Allow system domains to be profiled" 2022-02-02 12:04:38 +00:00
Andrew Walbran
7e78484d39 Merge "virtualizationservice no longer tries to check for pKVM extension." am: 48cf9591f6
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1965102

Change-Id: I901ae736b9e79507248f78def350af7ba21534d3
2022-02-02 09:25:26 +00:00
Andrew Walbran
48cf9591f6 Merge "virtualizationservice no longer tries to check for pKVM extension." 2022-02-02 09:08:18 +00:00
Roopa Sattiraju
dd862e57ee Changing sepolicy file to the right apex name am: 89556c69df
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1967166

Change-Id: Ib38c787a25ced135ff427eb7345247f1e239dcc4
2022-02-02 05:34:27 +00:00
Roopa Sattiraju
89556c69df Changing sepolicy file to the right apex name
Bug: 216476895
Test: Compile
Change-Id: I31a5534bad0f5c01ee163f109fa5dd0b54835ea8
2022-02-01 15:59:30 -08:00
Andrew Scull
87ac3c3f80 Tag new hypervisor properties
The properties that report hypervisor capabilities are grouped with the
other hypervisor properties for sepolicy.

Bug: 216639283
Test: buid
Change-Id: I013894de637bb7e40a450df6439ebbd5cba28c2b
2022-02-01 18:17:10 +00:00
Andrew Walbran
2f27f96022 virtualizationservice no longer tries to check for pKVM extension.
This was fixed in https://r.android.com/1963701, as it never worked.
This partially reverts commit 2dd48d0400.

Change-Id: I6e7096e20fd594465fb1574b11d6fecc82f5d82f
2022-02-01 16:37:13 +00:00
Lalit Maganti
bb197bba02 sepolicy: Allow system domains to be profiled
Bug: 217368496
Doc: go/field-tracing-t
Change-Id: Ie95c0cc2b1f9e8fa03f6112818936af692edf584
2022-02-01 16:27:26 +00:00
Andrew Scull
50094d86cf Merge "Allow the microdroid app to use diced" am: 4bbfaa6a2d
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1965106

Change-Id: Ic340f816742ca2ad713521012a7d42279b660f99
2022-02-01 13:39:02 +00:00
Andrew Scull
4bbfaa6a2d Merge "Allow the microdroid app to use diced" 2022-02-01 13:23:20 +00:00
Treehugger Robot
8a96be8df9 Merge "Adds selinux rules for ICarDisplayProxy service" am: 108fdbc5f7
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1965562

Change-Id: I4954e05e2c8e7ce34f09120c137102fe134d1227
2022-01-31 22:09:21 +00:00
Treehugger Robot
108fdbc5f7 Merge "Adds selinux rules for ICarDisplayProxy service" 2022-01-31 21:52:46 +00:00
Changyeon Jo
66eba13833 Adds selinux rules for ICarDisplayProxy service
Bug: 170401743
Test: m -j selinux_policy
Change-Id: Idf3f09d0bcf24de18d6eddb05e51991b4c5edbe8
2022-01-31 19:40:20 +00:00
Treehugger Robot
d2eabdb5a0 Merge "Build precompiled_sepolicy.apex_sepolicy.sha256" am: d0120eb4ac
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1965099

Change-Id: Ica7c23a256f9ee99c2f4a19cc00b4f0496297f84
2022-01-31 09:29:38 +00:00
Treehugger Robot
d0120eb4ac Merge "Build precompiled_sepolicy.apex_sepolicy.sha256" 2022-01-31 09:11:05 +00:00
Andrew Scull
248e8a998f Allow the microdroid app to use diced
Bug: 214231981
Test: atest MicrodroidTestApp
Change-Id: I9672d678c7b698d15a0efa8dab567dbc2696ca81
2022-01-30 22:42:38 +00:00
Thiébaud Weksteen
0603b86049 Merge "Split sepolicy_neverallow rule" am: 080a201dee
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1962379

Change-Id: Iaa5cf554b34902865b0a5c7f09a9c198d97354a3
2022-01-30 22:23:39 +00:00
Thiébaud Weksteen
080a201dee Merge "Split sepolicy_neverallow rule" 2022-01-30 22:16:35 +00:00