Commit graph

33643 commits

Author SHA1 Message Date
Victor Hsieh
6e5eb7cb11 Merge "Allow dex2oat to search in authfs directories" 2021-12-16 16:23:49 +00:00
Alan Stokes
14f188718a Grant compos permissions for signing
CompOS needs to read the artifacts on authfs that odrefresh has
created and write signature files for them.

(But it no longer needs to create any directories, so removed that.)

Fixes:
avc: denied { open } for comm="compsvc"
path="/data/misc/authfs/1/11/test-artifacts/...art" dev="fuse" ino=81
scontext=u:r:compos:s0 tcontext=u:object_r:authfs_fuse:s0 tclass=file
permissive=0
avc: denied { create } for comm="compsvc" name="compos.info"
scontext=u:r:compos:s0 tcontext=u:object_r:authfs_fuse:s0 tclass=file
permissive=0

Bug: 161471326
Test: composd_cmd async_odrefresh (with microdroid selinux enforced)
Change-Id: Ie02dedf1f18926cdbbd39e4a950c5aec80adee32
2021-12-16 13:40:38 +00:00
Alan Stokes
53c18dc939 Merge "Allow odrefresh to use FD inherited from compsvc" 2021-12-16 10:19:36 +00:00
Inseob Kim
7cb20812b2 Use se_build_files for technical_debt.cil
It's a no-op for now, but it will be used when migrating vendor sepolicy
to Android.bp.

Bug: 33691272
Test: build and boot
Change-Id: Ie0015d31e4929e7bd3316505bfd6d338a5e9eada
2021-12-16 16:52:14 +09:00
Richard Fung
0c7c2679b0 Add apexd_payload_metadata_prop
This should be read-only and corresponds to apexd.payload_metadata.path

Bug: 191097666
Test: android-sh -c 'setprop apexd.payload_metadata.path'
See permission denied
atest MicrodroidHostTestCases

Change-Id: Ifcb7da1266769895974d4fef86139bad5891a4ec
2021-12-16 03:00:06 +00:00
Ramji Jiyani
e3f20ee1e6 Merge "Add selinux context for /system_dlkm" 2021-12-16 02:41:25 +00:00
Victor Hsieh
a341025f87 Allow odrefresh to use FD inherited from compsvc
If FD use is not allowed, execve(2) returns EACCESS and the process is
killed by SIGSEGV.

Minijail closes any FDs by default and open /dev/null for FD 0-2. For
now, odrefresh doesn't use any FD. But until we could tell minijail to
not create FD 0-2 (which could be arguable), allow the permission.

Bug: 210909688
Test: composd_cmd async-odrefresh # exit 80 in enforced mode
Change-Id: I8643d8bfc8da03439a04491fba5ba6de663760eb
2021-12-15 16:54:28 -08:00
Victor Hsieh
e2a4d0c918 Allow dex2oat to search in authfs directories
dex2oat checks $ANDROID_ROOT exist, which is a directory in an authfs
mount. Give it permission to search along the path.

Strictly speaking, this isn't change how dex2oat execute in this
particular case, for now. Functions like LocationIsOnSystemFramework
make sure getenv(ANDROID_ROOT) exists. But either way, for those kind of
location checks, it won't match the mount path in /data/misc/authfs
anyway.

Bug: 205750213
Test: no more SELinux denials from dex2oat
Change-Id: I1b52dfdeb057443304f02784b6aa180d7db28bd8
2021-12-15 13:37:34 -08:00
Etienne Ruffieux
ac45ef86f5 Merge "Adding Bluetooth module sysprop" 2021-12-15 19:14:41 +00:00
Victor Hsieh
b415c7388f Declare dalvik.vm. property and dontaudit explicitly
dex2oat currently uses some properties as flags (see
art/libartbase/base/flags.cc). For CompOS, we don't really need such
properties, and actually should avoid global state. So dontaudit
explicitly.

Bug: 210030607
Test: no more default_prop denials for dex2oat
Change-Id: I10852f2a7df4dac7a9389eab3f53f91328104f96
2021-12-15 09:30:22 -08:00
Victor Hsieh
3ea775e483 Include log.tag and persist.log.tag in log_tag_prop
The two properties are not just prefixes. See __android_log_level in
system/logging/liblog/properties.cpp.

Bug: 210030607
Test: no longer seeing denials with default_prop in odrefresh
Change-Id: If2c9cba7aa65802e81c79c7d3d9735cbf14a6efa
2021-12-15 09:21:23 -08:00
Victor Hsieh
fe95b5b318 Define ro.build.version.{codename,sdk} in microdroid
The `__builtin_available` macro is used in used in several libraries in
microdroid, including liblog. The macro internally uses
ro.build.version.{codename,sdk}[1]. This change defines the context for
these properties.

[1] https://reviews.llvm.org/rG516a01b5f36d4188778a34202cd11856d70ac808

Bug: 210030607
Test: No longer seeing denied access of default_prop from odrefresh
Change-Id: I51bc52f679a174daccc05a1e2d6c9fda9e6b12cb
2021-12-15 08:11:13 -08:00
Etienne Ruffieux
9203c915d1 Adding Bluetooth module sysprop
Added Bluetooth sysprop to be able to remove calls to
SystemProperty.set in Bluetooth module.

Tag: #feature
Bug: 197210455
Test: set/get sysprop with SystemProperties
Merged-In: I8070a493fa082ddaa16cd793ed25ad99971950c0
Change-Id: Ia390bd8b3bb064fcae252edb6307e26f07bd53e7
2021-12-15 13:44:33 +00:00
Treehugger Robot
afc596f8f8 Merge "Allow compos_fd_server to create artifacts" 2021-12-15 11:09:24 +00:00
Treehugger Robot
ac9f469ff0 Merge "Add rule for new gesture_prop." 2021-12-15 05:03:42 +00:00
Super Liu
078141a921 Add rule for new gesture_prop.
Bug: 209713977
Bug: 193467627
Test: local build and manual check.
Signed-off-by: Super Liu <supercjliu@google.com>
Change-Id: Ib1d2d6dcc7d6ddc6243c806a883d9252d7c081af
2021-12-15 09:32:01 +08:00
Alan Stokes
8dc7800578 Allow compos_fd_server to create artifacts
Previously this was always done by odrefresh. But now we are running
odrefresh in the VM we need to allow FD server to do it as its proxy.

Bug: 209572241
Bug: 209572296
Test: composd_cmd forced-oderefresh
Change-Id: I4bc10d6a3ec73789721a0541f04dd7e3865fe826
2021-12-14 16:06:31 +00:00
Jeff Vander Stoep
bc0fa66cbe Policy for using Apex sepolicy
Bug: 199914227
Test: aosp/1910032
Change-Id: I0726facbf0c28c486ef6501718a6013a040e4b0e
2021-12-14 13:54:03 +01:00
Treehugger Robot
5ca82c1645 Merge "Remove nonplat_sepolicy.cil from test" am: 3e1c3f7324
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1918578

Change-Id: I172df62634fc43aaaa85087a8b6d89278eee8121
2021-12-14 01:58:33 +00:00
Treehugger Robot
3e1c3f7324 Merge "Remove nonplat_sepolicy.cil from test" 2021-12-14 01:44:23 +00:00
Inseob Kim
e3bc8ffa36 Remove nonplat_sepolicy.cil from test
Because it's out of the Treble window.

Bug: 210536608
Test: build
Change-Id: I96a068ad579d1e9a9353aac1438a894829741aad
2021-12-14 01:43:44 +00:00
Treehugger Robot
8d35437e6a Merge "[NC#2] clatd: allow clatd access raw and packet socket inherited from netd" am: 7c5faaf3d2
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1903466

Change-Id: Ia47f1a5558cad907d1800bab9a42c0decd41e5c8
2021-12-13 08:35:30 +00:00
Treehugger Robot
7c5faaf3d2 Merge "[NC#2] clatd: allow clatd access raw and packet socket inherited from netd" 2021-12-13 08:16:26 +00:00
Inseob Kim
f79a045530 Merge "Refactor sepolicy version related codes" am: 7b63c95fe1
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1916618

Change-Id: I3c3b4bfc416c64f837869b8a80e3876cbfef8865
2021-12-13 04:13:31 +00:00
Inseob Kim
7b63c95fe1 Merge "Refactor sepolicy version related codes" 2021-12-13 03:57:36 +00:00
Treehugger Robot
e197d7519c Merge "Add hal_vehicle_service for AIDL VHAL service." am: 885bc3ca66
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1914197

Change-Id: I2f992666b000f97efcf1e1a3df2b1ef40b26a1f5
2021-12-11 01:09:16 +00:00
Treehugger Robot
885bc3ca66 Merge "Add hal_vehicle_service for AIDL VHAL service." 2021-12-11 00:49:12 +00:00
Hungming Chen
e544438399 [NC#3] clatd: remove raw and packet socket creation privs
Don't need these permission anymore because the raw and packet
socket setup are moved from clatd to netd.

Test: manual test
1. Connect to ipv6-only wifi.
2. Try IPv4 traffic.
   $ ping 8.8.8.8

Change-Id: I07d890df2d1b8d9c1736aa5e6dc36add4f46345b
2021-12-10 20:42:27 +08:00
Hungming Chen
cef08e5d58 [NC#2] clatd: allow clatd access raw and packet socket inherited from netd
Needed because the raw and packet socket setup are moved from
clatd to netd. Netd pass the configured raw and packet sockets
to clatd. clatd needs the permission to access inherited
objects.

Test: manual test
1. Connect to ipv6-only wifi.
2. Try IPv4 traffic.
   $ ping 8.8.8.8

Test:
Change-Id: If6479f815a37f56715d7650c714202fcc1ec466b
2021-12-10 20:42:00 +08:00
Inseob Kim
24e7cdabc7 Merge "Fix vendor contexts files in mixed build" am: 95249165b5
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1914430

Change-Id: I8ad9a1f7086a5a98dffe0017fbfee92c0840b47c
2021-12-10 12:29:48 +00:00
Inseob Kim
95249165b5 Merge "Fix vendor contexts files in mixed build" 2021-12-10 12:13:36 +00:00
Alan Stokes
144edbc844 Merge "Revert "Revert "More neverallow rules""" am: 6e48ea981a
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1916483

Change-Id: I7e0f458fdffa5eeaf8a7049970949936c8227391
2021-12-10 10:42:44 +00:00
Alan Stokes
6e48ea981a Merge "Revert "Revert "More neverallow rules""" 2021-12-10 10:27:13 +00:00
Inseob Kim
ed2dc8c08e Refactor sepolicy version related codes
1. Move BOARD_SEPOLICY_VERS to build/make/core/config.mk where
PLATFORM_SEPOLICY_VERSION is set.

2. Remove hard-coded versions for the treble tests.

Test: build
Change-Id: I57178c9f213b089a276e35b8de1144665788e7ab
2021-12-10 09:36:58 +00:00
Joanne Chung
f9637630c6 Add rule for new system service am: eed1918f7f
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1891636

Change-Id: I826fbfa08ebc3f898d9468380d70f8dd197650f6
2021-12-10 09:17:23 +00:00
Alan Stokes
9c2e162e87 Revert "Revert "More neverallow rules""
This reverts commit a0e49cea04.

Reason for revert: I don't think this was the culprit after all
Bug: 204853211

Change-Id: Iadc1c8df5ec2affcdbbf9e7bdc3eac54c47f4ebf
2021-12-10 09:06:08 +00:00
Joanne Chung
eed1918f7f Add rule for new system service
Update policy for new system service, used for Apps to present the
toolbar UI.

Bug: 190030331
Bug: 205822301
Test: manual. Can boot to home and get manager successfully.

Change-Id: Iee88681a93ae272a90896ccd2a6b64c26c809e82
2021-12-10 13:30:55 +08:00
Treehugger Robot
14c5d92e83 Merge "[NC#1] netd: allow netd to setup packet socket for clatd" am: f128becfa4
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1903465

Change-Id: I8f248bfd4876ea0e55ed774f726cf818ee66972c
2021-12-10 04:54:56 +00:00
Treehugger Robot
f128becfa4 Merge "[NC#1] netd: allow netd to setup packet socket for clatd" 2021-12-10 04:33:13 +00:00
Treehugger Robot
9f386d408d Merge "Add charger_vendor type" am: 0ce3e70c84
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1870393

Change-Id: Iea5151cd7c7c5e6cc810ee90a581f6897a1b8b5e
2021-12-10 02:38:24 +00:00
Treehugger Robot
0ce3e70c84 Merge "Add charger_vendor type" 2021-12-10 02:16:55 +00:00
Treehugger Robot
9ccdb85c22 Merge "Refactor Android.bp build modules for readability" am: 8bc0b04555
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1916617

Change-Id: I4c6a05500cb43ac38a2f0e30292bb0c6d448e00f
2021-12-09 17:19:40 +00:00
Treehugger Robot
8bc0b04555 Merge "Refactor Android.bp build modules for readability" 2021-12-09 16:57:33 +00:00
Inseob Kim
0a707fadb2 Refactor Android.bp build modules for readability
When we compile sepolicy files into a cil file, we first gather all
sepolicy files to create a conf file, and then convert the conf file to
a cil file with checkpolicy. The problem is that checkpolicy is
sensitive to the input order; the conf file should contain statements in
a specific order: classes, initial_sid, access vectors, macros, mls,
etc.

This restriction has made Android.bp migration difficult, and we had to
create a magical module called "se_build_files" to correctly include
source files in the designated order. It works, but significant
readability problem has happened. For example, when we write
":se_build_files{.system_ext_public}", how can we easily figure out that
the tag actually includes plat public + system_ext public + reqd mask,
without taking a look at the build system code?

This change refactors the se_build_files module and se_policy_conf
module, so we can easily see the desginated files for each module, just
like we did in the Android.mk. se_policy_conf module now stably sorts
source files in an order which will make checkpolicy happy.
se_build_files module is also refactored, so one tag can represent
exactly one set of policy files, rather than doing magical works behind
the scene. For example, system_ext public policy module is changed from:

se_policy_conf {
    name: "system_ext_pub_policy.conf",
    // se_build_files automatically adds plat public and reqd mask
    srcs: [":se_build_files{.system_ext_public}"],
}

to:

se_policy_conf {
    name: "system_ext_pub_policy.conf",
    // se_policy_conf automatically sorts the input files
    srcs: [
        ":se_build_files{.plat_public}",
        ":se_build_files{.system_ext_public}",
        ":se_build_files{.reqd_mask}",
    ],
}

Bug: 209933272
Test: build and diff before/after
Change-Id: I97a76ed910645c1607d913fd646c27e87af0afd3
2021-12-10 00:31:53 +09:00
Alan Stokes
afa367c241 Merge "Revert "More neverallow rules"" am: c6c31eb7b3
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1916298

Change-Id: Idaf80901abe05efe6b303d4c9751df14b2734e80
2021-12-09 14:23:32 +00:00
Alan Stokes
c6c31eb7b3 Merge "Revert "More neverallow rules"" 2021-12-09 14:06:35 +00:00
Treehugger Robot
4f10fa72d9 Merge "Run Virtualization tests when we change microdroid policy" am: c9d812e359
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1916299

Change-Id: I77ac14a0fc447c76fd362432d7121bf7c36c1440
2021-12-09 13:35:45 +00:00
Treehugger Robot
c9d812e359 Merge "Run Virtualization tests when we change microdroid policy" 2021-12-09 13:12:55 +00:00
Treehugger Robot
56d1b9e39a Merge "Remove obsolete TODO" am: 8a564d32b7
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1916038

Change-Id: Ice1abda99554c50c25137f360837dba0abd4f2e3
2021-12-09 12:13:08 +00:00
Treehugger Robot
8a564d32b7 Merge "Remove obsolete TODO" 2021-12-09 11:53:29 +00:00