Commit graph

35342 commits

Author SHA1 Message Date
Ankit Goyal
07b5aa323e Merge "Add sepolicy for graphics IAllocator AIDL based HAL" am: b9314baf97
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2000351

Change-Id: I799ec9df6349033df237f473e0c524bdd531b683
2022-02-25 19:44:00 +00:00
Robert Shih
5869511f62 Merge "Allow dumpstate to call dump() on drm hals" am: 9846fb4082
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2000271

Change-Id: I794e8e754076e2e7dfbf67a7c5843906e010417d
2022-02-25 19:43:49 +00:00
Ankit Goyal
b9314baf97 Merge "Add sepolicy for graphics IAllocator AIDL based HAL" 2022-02-25 19:34:38 +00:00
Robert Shih
9846fb4082 Merge "Allow dumpstate to call dump() on drm hals" 2022-02-25 19:19:46 +00:00
Alan Stokes
4c79e09417 Allow shell to read updated APEXes am: 5490752cfc
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1998997

Change-Id: I85fe4921c571f90e9f1fd321d460832c1fed192f
2022-02-25 15:06:53 +00:00
Alan Stokes
5490752cfc Allow shell to read updated APEXes
This is useful for certain tests. Note that it is already possible to
access these files without root via adb pull, since adbd has
access. Shell also already has access to non-updated APEXes on
/system/apex.

Bug: 220918654
Test: adb unroot; pm install --apex /data/apex/decompressed/X.decompressed.apex
Change-Id: I35725499365b297a64c9005c8e45325531d3991d
2022-02-25 12:16:14 +00:00
Treehugger Robot
936d704f76 Merge "Block crash_dump from no_crash_dump_domain" am: a4e2f0ce01
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1998992

Change-Id: I3550c702e1bcf192b00f8da50c4ea66d633c6cab
2022-02-25 09:10:17 +00:00
Treehugger Robot
a4e2f0ce01 Merge "Block crash_dump from no_crash_dump_domain" 2022-02-25 08:53:36 +00:00
Robert Shih
bf4d7522d7 Allow dumpstate to call dump() on drm hals
Bug: 220996660
Test: adb bugreport
Change-Id: I222c5e845d481dd9f3dcf796d50ca91c6174a023
2022-02-25 06:07:53 +00:00
Ankit Goyal
2736da21a4 Add sepolicy for graphics IAllocator AIDL based HAL
Bug: 217776226
Bug: 218383959
Test: Boots to home with the new HAL
Change-Id: I8d0d2182d389c39b54f492d4d6df64ca14737997
2022-02-24 17:14:29 -08:00
Alan Stokes
ff648192d9 Block crash_dump from no_crash_dump_domain
These domains already can't transition to crash_dump, but also need to
make sure crash_dump can't be run and pointed at them.

Bug: 218494522
Test: Builds
Change-Id: I76f88faf8ff4c88e85eaf6a8db546dc644a71928
2022-02-24 16:36:40 +00:00
Daniele Di Proietto
60f6de3137 Silence error when traced_probes invokes atrace with pipes am: 6872b1db69
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1998990

Change-Id: I4ce4bb1bd4ec6c745e7cbe4add540432a95746d8
2022-02-24 15:47:43 +00:00
Daniele Di Proietto
6872b1db69 Silence error when traced_probes invokes atrace with pipes
perfetto traced_probes executes atrace with a pipe for stdout/stderr.
That aleady works because atrace can `write` onto traced_probes's pipes.

Now traced_probes needs to invoke atrace at boot time. This revealed a
problem (I'm pretty sure it was an existing problem and it was
completely harmless):

```
02-23 22:00:41.951   605   605 I auditd  : type=1400 audit(0.0:94): avc:
denied { getattr } for comm="atrace" path="pipe:[17964]" dev="pipefs"
ino=17964 scontext=u:r:atrace:s0 tcontext=u:r:traced_probes:s0
tclass=fifo_file permissive=0
```

atrace doesn't just need `write` permissions on its
stdout/stderr pipes, it also needs `getattr` permissions (probably
because of [this][1]?)

[1]: https://cs.android.com/android/platform/superproject/+/master:bionic/libc/bionic/libc_init_common.cpp;l=156;drc=7a2386bf89f9bfd4e53eba9304e4239b3fdf0d06)
Bug: 219393750
Change-Id: I53b0f60cdd763863c834a883fbb77664e528dd15
2022-02-24 13:14:04 +00:00
Alan Stokes
d4f00ed894 Allow piping console output to clients am: 23161e51cc
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1997006

Change-Id: I94b59f8e7c92affdea59010257142f26479dc312
2022-02-24 10:15:37 +00:00
Alan Stokes
23161e51cc Allow piping console output to clients
Any virtualization service client should be able to use a pipe for the
VM log fds.

We previously had some support for this in crosvm (but appdomain is
the wrong label), but not for virtualizationservice. Instead I've
centralised it in the virtualizationservice_use macro so it applies to
exactly those things that can start a VM.

I've removed read permission from crosvm; it doesn't seem to be
needed, and logically it shouldn't be.

Test: Patch in https://r.android.com/1997004, see no denials
Change-Id: Ia9cff469c552dd297ed02932e9e91a5a8cc2c13f
2022-02-23 17:28:49 +00:00
Treehugger Robot
9d631321c9 Merge "Dontaudit property access by odrefresh in the VM" am: 275836a9af
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1996010

Change-Id: Ie28a45a8d7e2a820d6962ec67144cc4ee1e45ff9
2022-02-23 16:49:24 +00:00
Treehugger Robot
7be1327191 Merge "Remove now-unused permissions" am: 383b946787
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1995010

Change-Id: I69b69cf867775d892b0ec3a7dd34f741dffa84b2
2022-02-23 16:36:40 +00:00
Treehugger Robot
275836a9af Merge "Dontaudit property access by odrefresh in the VM" 2022-02-23 12:07:45 +00:00
Treehugger Robot
383b946787 Merge "Remove now-unused permissions" 2022-02-23 11:23:25 +00:00
Victor Hsieh
e2156d071e Dontaudit property access by odrefresh in the VM
Bug: 210030607
Test: composd_cmd test-compile, no more denials in vm.log
Change-Id: I728398f812680354b813d03e0d23eecca330c47e
2022-02-22 23:10:04 +00:00
Treehugger Robot
8d1ef06ab3 Merge "Allow hal_graphics_composer to write to a pipe We would like SurfaceFlinger to be able to create a pipe and provide the write-end to the graphics composer to dump debug info for dumpsys. Bug: 220171623 Test: atest VtsHalGraphicsComposer3_TargetTest Test: adb shell dumpsys SurfaceFlinger Test: adb shell dumpsys android.hardware.graphics.composer3.IComposer/default" am: 5beaf4adfb
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1991020

Change-Id: I04c8a51df78ead1cd9c34d341db17fd1e28baa29
2022-02-22 18:31:47 +00:00
Treehugger Robot
5beaf4adfb Merge "Allow hal_graphics_composer to write to a pipe We would like SurfaceFlinger to be able to create a pipe and provide the write-end to the graphics composer to dump debug info for dumpsys. Bug: 220171623 Test: atest VtsHalGraphicsComposer3_TargetTest Test: adb shell dumpsys SurfaceFlinger Test: adb shell dumpsys android.hardware.graphics.composer3.IComposer/default" 2022-02-22 18:05:24 +00:00
Alan Stokes
0c5449b193 Remove now-unused permissions
CompOS no longer talks directly to DICE (compos_key_helper does). odsign
no longer promotes or deletes instance CompOS files, and the key files
don't exist any more.

Bug: 218494522
Test: Manual; trigger compilation, reboot & watch odsign
Change-Id: Ibc251180122e6e4789b4be5669da3da67517b49c
2022-02-22 17:40:05 +00:00
Treehugger Robot
27553e2b3e Merge "Add ro.lmk.stall_limit_critical property policies" am: ffad0ee0e1
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1992292

Change-Id: Ie94a54c2fcd4f206fde3a840ab5c448725e4430a
2022-02-22 11:19:32 +00:00
Treehugger Robot
ffad0ee0e1 Merge "Add ro.lmk.stall_limit_critical property policies" 2022-02-22 09:41:27 +00:00
Anton Kulakov
995d44896b Add file contexts for AdServices APEX am: dc4332b32b
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1992910

Change-Id: I85085378f6150f58232d75342c69f0c32ef8381c
2022-02-21 13:40:46 +00:00
Anton Kulakov
dc4332b32b Add file contexts for AdServices APEX
Test: Build
Bug: 220336612
Change-Id: Iab64d228a5edcd3a9f71b59c5adf3a9460cd1947
2022-02-21 09:55:07 +00:00
Shikha Malhotra
ddfb8a99cc Adding more permission for selinux to some attributes and flags
Test: atest installd/StorageHostTest
Test: atest installd/installd_service_test.cpp
Change-Id: I7a2d4055b7e4050394304a92279c595d2153da23
2022-02-19 14:35:55 +00:00
Ady Abraham
3f045e296e Allow hal_graphics_composer to write to a pipe
We would like SurfaceFlinger to be able to create a pipe and provide
the write-end to the graphics composer to dump debug info for dumpsys.
    
 Bug: 220171623
 Test: atest VtsHalGraphicsComposer3_TargetTest
 Test: adb shell dumpsys SurfaceFlinger
 Test: adb shell dumpsys android.hardware.graphics.composer3.IComposer/default

Change-Id: Ie2cbe76fb0d224235a8ea99f68a20e2139e1cc56
2022-02-19 01:09:41 +00:00
Suren Baghdasaryan
e121dc5ae2 Add ro.lmk.stall_limit_critical property policies
Add policies to control ro.lmk.stall_limit_critical lmkd property.

Bug: 205182133
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: Ie5e68dc358c1657501cb59afaba0385697210ccf
2022-02-18 13:39:28 -08:00
Yabin Cui
06e7873d64 Merge "profcollectd: allow to request wakelock from system_suspend." am: 2f2ff42a24
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1989138

Change-Id: Iddf70d8dcf23d2ba00f15d09a9dfe5573aaf763a
2022-02-18 16:40:35 +00:00
Yabin Cui
2f2ff42a24 Merge "profcollectd: allow to request wakelock from system_suspend." 2022-02-18 16:16:01 +00:00
Treehugger Robot
33f0d49ae4 Merge "SELinux issues:" am: c9ab4a420c
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1991271

Change-Id: I08990e0ad83b7a090838d7837d303aa52bca201e
2022-02-18 10:07:53 +00:00
Treehugger Robot
c9ab4a420c Merge "SELinux issues:" 2022-02-18 09:42:04 +00:00
Treehugger Robot
46aba72e48 Merge "Modify sepolicy for compos key changes" am: 5273f3a486
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1988307

Change-Id: I09762bb3672b50549dcd492f9d8031e552825576
2022-02-18 09:24:42 +00:00
Treehugger Robot
cffdca309f Merge "Remove needless bootloader_prop rule" am: 92ec679578
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1987806

Change-Id: I375e8364a63bc8d51346e3be98ce3cf6db2c6286
2022-02-18 09:24:16 +00:00
Treehugger Robot
16546e1760 Merge "Let the DICE HAL getattr the device node" am: bbb21324b1
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1990107

Change-Id: I41285713a811517e84ee13e00620c23e4949dbaa
2022-02-18 09:24:07 +00:00
Treehugger Robot
6ee88d68eb Merge "dontaudit denial on the odex file of location provider." am: c1e11bbea5
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1988446

Change-Id: I65f3a3cf6530bc50ac66c34b216b767b04f41bb6
2022-02-18 09:23:58 +00:00
Thiébaud Weksteen
71b8ad6234 Merge "Associate hal_service_type with all HAL services" am: b18abcdd51
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1987147

Change-Id: I9d202c1eabadb613f02c9447cb94c12eb494ea64
2022-02-18 09:23:49 +00:00
Treehugger Robot
5273f3a486 Merge "Modify sepolicy for compos key changes" 2022-02-18 09:03:30 +00:00
Shashwat Razdan
d581bd244d SELinux issues:
```
02-18 01:02:35.599     1     1 I auditd  : type=1107 audit(0.0:149): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=vendor.wlan.firmware.version pid=478 uid=1010 gid=1010 scontext=u:r:hal_wifi_default:s0 tcontext=u:object_r:vendor_default_prop:s0 tclass=property_service permissive=0'
02-18 01:02:35.599     1     1 I auditd  : type=1107 audit(0.0:150): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=vendor.wlan.driver.version pid=478 uid=1010 gid=1010 scontext=u:r:hal_wifi_default:s0 tcontext=u:object_r:vendor_default_prop:s0 tclass=property_service permissive=0'
```


Bug: 220258444
Change-Id: I5a99d1895d5ef9c5e784cf9e92c0c8847da21b58
Test: Presubmits
2022-02-18 07:38:19 +00:00
Yabin Cui
409d019f9b profcollectd: allow to request wakelock from system_suspend.
Bug: 219934028
Test: run profcollectd and
Test: dumpsys suspend_control_internal --wakelocks
Change-Id: I3cefb0139781a6d5cf32507871f0f7f2b8306614
2022-02-17 10:20:08 -08:00
Treehugger Robot
92ec679578 Merge "Remove needless bootloader_prop rule" 2022-02-17 15:51:31 +00:00
Treehugger Robot
bbb21324b1 Merge "Let the DICE HAL getattr the device node" 2022-02-17 14:15:43 +00:00
Andrew Scull
9738638c03 Let the DICE HAL getattr the device node
Make sure all the permissions are granted to let the HAL do its work
properly.

Bug: 214231981
Test: atest MicrodroidTestApp
Change-Id: I54c633b8163ea313c87856fb0513074a76ac86a1
2022-02-17 12:35:22 +00:00
Alan Stokes
766caba5de Modify sepolicy for compos key changes
Add the compos_key_helper domain for the process which has access to
the signing key, make sure it can't be crashdumped. Also extend that
protection to diced & its HAL.

Rename compos_verify_key to compos_verify, because it doesn't verify
keys any more.

Move exec types used by Microdroid to file.te in the host rather than
their own dedicated files.

Bug: 218494522
Test: atest CompOsSigningHostTest CompOsDenialHostTest
Change-Id: I942667355d8ce29b3a9eb093e0b9c4f6ee0df6c1
2022-02-17 12:14:40 +00:00
Treehugger Robot
c1e11bbea5 Merge "dontaudit denial on the odex file of location provider." 2022-02-17 10:25:22 +00:00
Thiébaud Weksteen
b18abcdd51 Merge "Associate hal_service_type with all HAL services" 2022-02-17 04:28:09 +00:00
Treehugger Robot
7e5a5e8b1f Merge "Remove compat test from treble sepolicy tests" am: 8e6b55a13d
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1985246

Change-Id: I9b7cb61dfb0dc823d39c8e35d1fff323675a835d
2022-02-17 01:46:44 +00:00
Treehugger Robot
8e6b55a13d Merge "Remove compat test from treble sepolicy tests" 2022-02-17 01:26:04 +00:00