tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
36144 commits 1 branch 0 tags 50 MiB
Commit graph

36144 commits

This branch
This branch
All branches
Author SHA1 Message Date
Eric Biggers
534c5b7fc7 Merge "Remove init's write access to /data/user and /data/media" am: 7fdc84a4df 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2095485

Change-Id: Iabde4fd83b92cdee6356b111d1cda089456b58c0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-12 19:38:51 +00:00
Treehugger Robot
4bcc5afecb Merge "sepolicy: allow new BINDER_GET_EXTENDED_ERROR ioctl" 2022-05-12 19:22:55 +00:00
Eric Biggers
7fdc84a4df Merge "Remove init's write access to /data/user and /data/media" 2022-05-12 18:41:21 +00:00
Victor Hsieh
a50815b3cc Allow composd to pass some system properties to CompOS am: 3423bc4bcb 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2093956

Change-Id: I6ce182b8b1ba285ec5614919a8da659c8f99dc27
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-12 15:28:40 +00:00
Shiwangi Shah
1cda41b83a Allow app to write to sdk_sandbox am: ce2b6da673 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2088023

Change-Id: I5a6b8e1ef58cfd92dd42ce5d772e1539b31bd4c2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-12 15:28:20 +00:00
Rubin Xu
a274858e3b Allow Bluetooth stack to read security log sysprop 
Bluetooth stack needs to read persist.logd.security and
ro.organization_owned sysprop (via __android_log_security())
to control security logging for Bluetooth events.

Bug: 232283779
Test: manual
Change-Id: Ic8162cd4a4436981a15acea6ac75079081790525
 2022-05-12 15:44:57 +01:00
Eric Biggers
17369bef4a Remove init's write access to /data/user and /data/media 
As a follow-up to https://r.android.com/2078213, remove init's write
access to directories with type system_userdir_file or
media_userdir_file.  This has been made possible by moving the creation
of /data/user/0 and /data/media/obb to vold.

Bug: 156305599
Change-Id: Ib9f43f2b111518833efe08e8cacd727c75b80266
 2022-05-12 00:19:29 +00:00
Victor Hsieh
3423bc4bcb Allow composd to pass some system properties to CompOS 
Bug: 231579544
Test: see allowlisted system properties in the VM
Change-Id: Idb263087639e4677e437ac2fcd2726ee71547f48
 2022-05-10 16:19:19 -07:00
Shiwangi Shah
ce2b6da673 Allow app to write to sdk_sandbox 
Change-Id: I2e308ca9ce58e71ac9d7d9b0fa515bdf2f5dfa1f
Bug: b/229251344
Test: Manual
 2022-05-10 12:31:42 +00:00
Carlos Llamas
630f915345 sepolicy: allow new BINDER_GET_EXTENDED_ERROR ioctl 
All domains using libbinder need access to this new ioctl in order to
pull precise information upon failed binder operations.

Bug: 28321379
Tested: clients can now use the ioctl through libbinder
Signed-off-by: Carlos Llamas <cmllamas@google.com>
Change-Id: I8d6e5ca6b133b934855a7545cc1a9786e2c4ad65
 2022-05-10 04:20:09 +00:00
Jooyung Han
61079e06f2 Allow init to read apex-info-list.xml 
init should use subcontext (vendor_init) for actions/services from
/{vendor, odm} partitions. However, when configs are from vendor APEXes,
init can't tell whether the APEXes are from /{vendor, odm} just by
looking at the config file paths.

Instead, init can look up /apex/apex-info-list.xml for APEXes
preinstalled paths to tell APEXes' original partition.

Bug: 232021354
Test: atest CtsBluetoothTestCases
  (Cuttlefish has BT HAL APEX in /vendor)
Change-Id: I8cb5d9eb3970790499ef1eb1ee00851591a42e98
 2022-05-10 10:35:56 +09:00
Eric Biggers
d028b65ea0 Merge "Restrict creating per-user encrypted directories" am: b10cffe768 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2078213

Change-Id: I6157eb3c85e80e52325a5389b978ccdd472ac90e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-09 15:18:59 +00:00
Eric Biggers
b10cffe768 Merge "Restrict creating per-user encrypted directories" 2022-05-09 14:45:11 +00:00
Ling Ma
f2a540615b Removed telephony apex 
Will not need this in near future.

Fix: 230729916
Test: Build
Change-Id: Iec5049bb2cc16de1d947e07eec0f151182f5a22a
 2022-05-05 14:18:14 -07:00
Alex Buynytskyy
e5eb6ad6ed Allow system_server to read apk root hash. am: 0105944bbc 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2086314

Change-Id: I4e36f495bd37b96eb51556cd4c957456a65252a1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-05 17:38:09 +00:00
Eric Biggers
9a5992336e Restrict creating per-user encrypted directories 
Creating a per-user encrypted directory such as /data/system_ce/0 and
the subdirectories in it too early has been a recurring bug.  Typically,
individual services in system_server are to blame; system_server has
permission to create these directories, and it's easy to write
"mkdirs()" instead of "mkdir()".  Such bugs are very bad, as they
prevent these directories from being encrypted, as encryption policies
can only be set on empty directories.  Due to recent changes, a factory
reset is now forced in such cases, which helps detect these bugs;
however, it would be much better to prevent them in the first place.

This CL locks down the ability to create these directories to just vold
and init, or to just vold when possible.  This is done by assigning new
types to the directories that contain these directories, and then only
allowing the needed domains to write to these parent directories.  This
is similar to what https://r.android.com/1117297 did for /data itself.

Three new types are used instead of just one, since these directories
had three different types already (system_data_file, media_rw_data_file,
vendor_data_file), and this allows the policy to be a bit more precise.

A significant limitation is that /data/user/0 is currently being created
by init during early boot.  Therefore, this CL doesn't help much for
/data/user/0, though it helps a lot for the other directories.  As the
next step, I'll try to eliminate the /data/user/0 quirk.  Anyway, this
CL is needed regardless of whether we're able to do that.

Test: Booted cuttlefish.  Ran 'sm partition disk:253,32 private', then
      created and deleted a user.  Used 'ls -lZ' to check the relevant
      SELinux labels on both internal and adoptable storage.  Also did
      similar tests on raven, with the addition of going through the
      setup wizard and using an app that creates media files.  No
      relevant SELinux denials seen during any of this.
Bug: 156305599
Change-Id: I1fbdd180f56dd2fe4703763936f5850cef8ab0ba
 2022-05-05 04:12:46 +00:00
Alex Buynytskyy
0105944bbc Allow system_server to read apk root hash. 
Bug: 231354111
Test: presubmit
Change-Id: I01ec32d46014aafff58aaf94146d7a5953ec023e
 2022-05-04 16:30:21 -07:00
Jaegeuk Kim
4d61b7d969 Merge "allow rename fscklogs" am: cec541e9ab 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2084724

Change-Id: Ia6f9843ed08612236de521ed8b196e003f4abc40
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-04 08:18:35 +00:00
Jaegeuk Kim
cec541e9ab Merge "allow rename fscklogs" 2022-05-04 07:35:09 +00:00
Treehugger Robot
ffd8551ec5 Merge "Allow crosvm to write shell_data_file" am: c42d7afe70 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2085623

Change-Id: I87d595e2b61550691795152516816ab649bbc835
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-04 01:48:50 +00:00
Treehugger Robot
c42d7afe70 Merge "Allow crosvm to write shell_data_file" 2022-05-04 00:29:39 +00:00
Shiwangi Shah
44c5d09b45 Merge "Add access to hardware_properties and linker" am: 0a6c81f6ce 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2077565

Change-Id: Ib3caebc948fd194eba5a63268724ff2f0880aabd
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-03 20:06:59 +00:00
Shiwangi Shah
0a6c81f6ce Merge "Add access to hardware_properties and linker" 2022-05-03 19:27:55 +00:00
Jean-Michel Trivi
c62ce77d7a Spatial audio: add property for headtracking am: ad4a63a5aa 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2085743

Change-Id: I363f6481afb14ad496e44428617c319f59091be0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-03 17:26:58 +00:00
Jean-Michel Trivi
ad4a63a5aa Spatial audio: add property for headtracking 
Add a property to be read by system_server's AudioService that
indicates whether the spatializer effect can use head tracking.
If true, head tracking functionality will be initialized and
the corresponding APIs will be active.

Bug: 226474336
Test: atest android.media.audio.cts.SpatializerTest
Change-Id: Id8f574ecd2303034a29da58615018586b68bf55d
 2022-05-03 15:16:52 +00:00
Jiyong Park
2eab15e22b Allow crosvm to write shell_data_file 
The compliance tests rely on this.

Bug: 230660133
Test: run MicrodroidHostTests on a user build
Merged-In: Ic061632d80285182ec2ae7d31f3527948702cf32
Change-Id: Ic061632d80285182ec2ae7d31f3527948702cf32
 2022-05-03 23:21:59 +09:00
Treehugger Robot
fd3e4b1a32 Merge "Allow deleting old virtualization files" am: 25a665ded7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2080182

Change-Id: I9df8a19c96d624be03bb2ff62fde0d71927f006c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-03 13:22:40 +00:00
Treehugger Robot
25a665ded7 Merge "Allow deleting old virtualization files" 2022-05-03 09:28:57 +00:00
Treehugger Robot
470e54c22f Merge "[MS82.3] Add sepolicy to access connectivity apex directory" am: 1d79fd5071 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2069127

Change-Id: Iabf13e810cb556e4e370f4b1e372bf5a6a042660
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-03 08:45:35 +00:00
Richard Chang
31260126a0 Merge "Allow vendor services to access vendor_system_native_prop" am: 0b25ca45cf 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2083463

Change-Id: Ia1b76616ece8b8a99d48c6fa10cea2aa1f240dc5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-03 08:45:14 +00:00
Jiyong Park
1c2f9f14ab Allow untrusted app to use virtualizationservice - even on user builds am: 8a5c1598ca 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2083946

Change-Id: I65c66a87f354425fa4f7ead44f2c2729e893bcef
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-03 08:44:50 +00:00
Treehugger Robot
1d79fd5071 Merge "[MS82.3] Add sepolicy to access connectivity apex directory" 2022-05-03 08:00:18 +00:00
Richard Chang
0b25ca45cf Merge "Allow vendor services to access vendor_system_native_prop" 2022-05-03 07:48:51 +00:00
Jiyong Park
8a5c1598ca Allow untrusted app to use virtualizationservice - even on user builds 
This only makes it difficult to run (test/demo) apps using AVF. They
have to be pre-installed on the device which is infeasible on
user-build devices.

Removing the guard so that untrusted apps can use virtualizationservice
even on user builds. Note that the use is still gated by the
MANAGE_VIRTUAL_MACHINE permission, which can be granted only by
pre-installing or explicitly via `adb shell pm grant`. So there's no
risk of 3p apps downloaded from the net having its own VM.

Bug: 231080171
Test: run MicrodroidDemoApp on a user build
Merged-In: Ie0b1b9801dd7726633f97456a38bc0ea349013db
Change-Id: Ie0b1b9801dd7726633f97456a38bc0ea349013db
 2022-05-03 14:38:28 +09:00
Treehugger Robot
97569d867d Merge "Allow microdroid_manager to set dev.bootcomplete" am: 0d66aff97f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2084003

Change-Id: Ia5154c7c853f195507272f94ce54a6961343c85d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-03 05:22:28 +00:00
Richard Chang
af8fac1c56 Allow vendor services to access vendor_system_native_prop 
Bug: 226456604
Test: Build
Change-Id: Icc11b9bf06fd0fb8069388ca5a32e8aedf1743a8
 2022-05-03 04:19:07 +00:00
Treehugger Robot
0d66aff97f Merge "Allow microdroid_manager to set dev.bootcomplete" 2022-05-03 02:43:35 +00:00
Treehugger Robot
9c142ddafc Merge changes from topic "33.0_sepolicy_mapping_file" am: 4410dab4de 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2083164

Change-Id: Ib87df883bca1c7a81cf9270609f888769418d971
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-03 02:21:52 +00:00
Yurii Zubrytskyi
ac14146a95 platform/system/sepolicy - SEPolicy Prebuilts for Tiramisu am: 9d9c730f1c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2083163

Change-Id: I82afd93fc40e78a7ea4026c591e8bbaff320ec9b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-03 02:21:49 +00:00
Treehugger Robot
4410dab4de Merge changes from topic "33.0_sepolicy_mapping_file" 
* changes:
  Add 33.0 mapping files
  platform/system/sepolicy - SEPolicy Prebuilts for Tiramisu
 2022-05-03 00:32:17 +00:00
Jaegeuk Kim
90b7070b37 allow rename fscklogs 
Bug: 230637147
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change-Id: Idd45e0f4135f95d9f650c5492481b5e19321c633
 2022-05-02 17:19:43 -07:00
Treehugger Robot
4a0b80879a Merge "Add "ro.hardware.egl_legacy" for ANGLE system driver" am: fe1ad47b3b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2078298

Change-Id: Ie03cf3b98f9f295f57fcd012dcc94c8abb0e1108
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-02 18:59:27 +00:00
Yu Shan
565699bc61 Allow vehicle_binding_util to access AIDL VHAL. am: d5af7b7cea 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2082539

Change-Id: If60eb04fc41df3ce30212bb0763590f2b69f4edd
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-02 18:58:42 +00:00
Eric Biggers
cf064c32a1 Merge "zygote.te: clean up and tighten app data isolation rules" am: a77c2963e9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2078007

Change-Id: Ia6806138f6c09c885a61f98799828e4fd3477690
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-02 18:57:58 +00:00
Treehugger Robot
fe1ad47b3b Merge "Add "ro.hardware.egl_legacy" for ANGLE system driver" 2022-05-02 18:41:39 +00:00
Victor Hsieh
a62b3ff58a Allow microdroid_manager to set dev.bootcomplete 
... and shell to get the same property for testing.

Bug: 230774156
Test: atest MicrodroidTestCase
Change-Id: Iaf04072c2b394d44ef1253fd048d5ccf757a8b89
 2022-05-02 10:33:49 -07:00
Inseob Kim
4ae05118c1 Add 33.0 mapping files 
Steps taken to produce the mapping files:

0. Add 33.0 prebuilts to prebuilts/api/33.0/.

1. Add the following Android.bp modules.

    33.0.board.compat.map
    33.0.board.compat.cil
    33.0.board.ignore.map
    plat_33.0.cil
    system_ext_33.0.cil
    product_33.0.cil
    33.0.ignore.cil
    system_ext_33.0.ignore.cil
    product_33.0.ignore.cil
    33.0.compat.cil
    system_ext_33.0.compat.cil

2. Touch the following three files.

    private/compat/33.0/33.0.cil
    private/compat/33.0/33.0.compat.cil
    private/compat/33.0/33.0.ignore.cil

3. Add 33.0 to PLATFORM_SEPOLICY_COMPAT_VERSIONS on
build/make/core/config.mk. Note that we don't update
sepolicy_major_vers to 33, but just update compat versions.

4. Run the following command.

    $ source build/make/rbesetup.sh && lunch aosp_arm64-userdebug
    $ m sepolicy_generate_compat
    $ sepolicy_generate_compat --branch=tm-dev \
        --build latest --target-version 33.0 \
        --latest-version 32.0

This change also enables treble_sepolicy_tests_33.0 and installs
33.0.cil mapping file onto the device.

Test: m treble_sepolicy_tests_33.0
Test: m 33.0_compat_test
Test: m slinux_policy
Change-Id: Ie969ff0372ff1268776165cee5cb5b07d303453c
 2022-05-02 14:12:28 +09:00
Yurii Zubrytskyi
9d9c730f1c platform/system/sepolicy - SEPolicy Prebuilts for Tiramisu 
Bug: 225745567
Test: Build
Change-Id: I49fb91c7a60fb1e871bdf3553d978bb16c476fd7
Merged-In: I49fb91c7a60fb1e871bdf3553d978bb16c476fd7
(cherry picked from commit f9a00364c8)
 2022-05-02 13:24:45 +09:00
Ian Elliott
92251f5d15 Add "ro.hardware.egl_legacy" for ANGLE system driver 
This supports the ability to switch between ANGLE and a legacy GLES
driver in cases when transitioning from a legacy GLES driver to ANGLE
as the system driver.  With ANGLE as the GLES system driver, the
platform needs a way to identify the legacy GLES driver, so that it
can be used for particular applications.

Test: CtsAngleDeveloperOptionHostTest
Bug: 224558229
Change-Id: I359b37daa96eb6f8424bde530bb1ac79affd1b04
 2022-04-29 18:35:16 -06:00
Yu Shan
d5af7b7cea Allow vehicle_binding_util to access AIDL VHAL. 
AIDL service requires binder_use not hwbinder_use.

Test: None
Bug: None
Change-Id: Ic2245c4b1961cc3a5bbd61a1cb6134d92b8752c1
 2022-04-29 16:39:03 -07:00