Commit graph

10197 commits

Author SHA1 Message Date
Kangping Dong
75f527a74e Merge "[Thread] move ot-daemon socket to /dev/socket/ot-daemon" into main 2024-01-24 10:08:28 +00:00
Jay Sullivan
895bf9d99c Merge "[ECM] Update SELinux policy for EnhancedConfirmationService" into main 2024-01-23 23:19:40 +00:00
Jay Thomas Sullivan
4e57c74f29 [ECM] Update SELinux policy for EnhancedConfirmationService
EnhancedConfirmationService is a new SystemService.

These changes are required before the service will boot.

Bug: 321053639
Change-Id: I15a4004ca57deb5c6f8757913c1894ba0ced399d
2024-01-23 23:15:16 +00:00
Roshan Pius
d41b0a66fe Merge "sepolicy(nfc): Changing selinux policy for signed NFC APK" into main 2024-01-22 22:45:48 +00:00
Kangping Dong
0d6679a410 [Thread] move ot-daemon socket to /dev/socket/ot-daemon
On Android, unix sockets are located in /dev/socket/ and managed by
init. This commit follows the convention for ot-daemon

Bug: 320451788
Test: verified that ot-daemon can create socket
/dev/socket/ot-daemon/thread-wpan.sock

Change-Id: I6b0fe45602bb54d6d482f5be46ddb5402bea477b
2024-01-23 00:00:01 +08:00
Maciej Żenczykowski
37ca69e5c8 sepolicy: allow netutils_wrapper access to fs_bpf_vendor
This is needed to allow vendor xt_bpf programs.

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I7ff8a0319bec2f3a57c7ce48939b13b2fca182de
2024-01-20 23:56:37 +00:00
Alice Wang
7a3d15416e Merge "[attestation] Allow virtualizationservice to retrieve keys" into main 2024-01-20 12:19:21 +00:00
Roshan Pius
23a929df62 sepolicy(nfc): Changing selinux policy for signed NFC APK
NFC stack is becoming an unbundled apex which embeds the existing NFC
APK. Unbundling requires the apex & apk to be signed by non-platform
certificates, hence adding new seapp_contexts rule for the NFC stack.

The old rule is also left behing to support `-next` config builds where
we are still using the platform signed NFC APK.

Ignore-AOSP-First: All of the NFC mainline work is only present in
internal master. Will cherry-pick this CL once we cherry-pick all its
dependencies.

Bug: 320583956
Test: Bootup test with signed NFC APK (within NFC apex)
Merged-In: I1d4d6370cce558c8dcc0ec73a7ce47c2b5495a33

Change-Id: I1d4d6370cce558c8dcc0ec73a7ce47c2b5495a33
2024-01-19 10:22:56 -08:00
Yu-Ting Tseng
04ea62b358 Merge "Rename uprobe_private to uprobestats for BPFs." into main 2024-01-19 18:15:45 +00:00
Alice Wang
260daf5164 [attestation] Allow virtualizationservice to retrieve keys
From RKPD.

Test: Run ServiceVmClientTestApp manually
Change-Id: I8831627318030745355f8d527e449a177e5db18f
2024-01-19 14:54:05 +00:00
Treehugger Robot
71f24dc788 Merge "add persist.bluetooth.leaudio_offload.disabled to bluetooth_a2dp_offload_prop" into main 2024-01-18 07:54:17 +00:00
Yu-Ting Tseng
baea64150d Rename uprobe_private to uprobestats for BPFs.
There will not be separate private/public BPF directories. All BPFs will
be under a uprobestats/ directory.

Bug: 296108553
Test: m selinux_policy
Change-Id: I00934cb14ead44c457ccee6957763dc01370dac6
2024-01-16 14:02:59 -08:00
Jeff Pu
a2ca79aff5 Merge "Support Face Virtual HAL operation latency randomization" into main 2024-01-16 20:05:41 +00:00
Pawan Wagh
25b1829463 Merge "Allow binder calls from system app to update engine" into main 2024-01-12 19:42:36 +00:00
Radu Solea
c477a4ad32 Merge "Add sepolicy for suspend.debug.wakestats_log.enabled" into main 2024-01-11 18:09:25 +00:00
Ján Sebechlebský
9416a4c91e Merge "Allow binder calls between virtual_camera / mediaserver & codecs." into main 2024-01-11 11:53:47 +00:00
Yung Ti Su
ca6bf5e3f4 add persist.bluetooth.leaudio_offload.disabled to bluetooth_a2dp_offload_prop
Bug: 301213930
Test: manual

Change-Id: I5b8751a51afcfe852befe881de61c6bcf2951e43
Signed-off-by: Yung Ti Su <andysu@google.com>
2024-01-11 05:42:22 +00:00
Kangping Dong
582f3b2e34 Merge "[Thread] move Thread settings data to APEX data dir" into main 2024-01-09 11:58:42 +00:00
Akilesh Kailash
8765b78c68 Merge "snapuserd: sepolicy for setting task-profiles" into main 2024-01-09 04:51:32 +00:00
Pawan Wagh
c35c8affc3 Allow binder calls from system app to update engine
Allow system_app to call update engine and update engine
to call callback registered by system app.

Test: m Settings && adb install -r
$ANDROID_PRODUCT_OUT/system_ext/priv-app/Settings/Settings.apk,
Update using 16k dev option.
Bug: 295573133

Change-Id: Ice7e75f86283637ad67a675682ecd0d27038d9e7
2024-01-05 21:25:40 +00:00
Radu Solea
82db343e27 Add sepolicy for suspend.debug.wakestats_log.enabled
Add initial sepolicy for suspend.debug.wakestats_log.enabled
Allow set from init
Allow read by system suspend

Bug: 301657457
Test: manual
Change-Id: I1123e169d69eadb909ed474c0c246a8a45eab2f0
Signed-off-by: Radu Solea <radusolea@google.com>
2024-01-04 15:45:39 -08:00
Jeff Pu
16ea68ff90 Support Face Virtual HAL operation latency randomization
Bug: 294254230
Test: atest android.hardware.biometrics.face.*
Change-Id: I40b71a6eba91615d44b0bdcc977e3a51cec83ca1
2024-01-04 17:29:24 -05:00
Kyle Zhang
da5a09bcf9 Add neverallow rule for force l3 prop
Bug: 299987160
Change-Id: I17a02316a725578fbc5595ba88cb7ba9b1fd82e8
2024-01-04 01:07:41 +00:00
Kangping Dong
e21496b105 [Thread] move Thread settings data to APEX data dir
This commit includes two sepolicy changes:
1. change threadnetwork data file to
/data/misc/apexdata/com.android.tethering/threadnetwork
2. use apex_tethering_data_file for files under
   /data/misc/apexdata/com.android.tethering

The background is that the Thread daemon (ot_daemon) is merged into the
Tethering mainline module, which means the the Tehtering module now has
code running in both system_server and the standalone unprivileged
ot_daemon process. To prevent ot_daemon from accessing other
apex_system_server_data_file dirs, here use the specific
apex_tethering_data_file for both Tethering and Thread files (A
subdirectory threadnetwork/ will be created for Thread at runtime). This
is similar to apex_art_data_file and apex_virt_data_file.

Note that a file_contexts rule like
```
/data/misc/apexdata/com\.android\.tethering/threadnetwork(/.*)?  u:object_r:apex_threadnetwork_data_file:s0
```
won't work because the threadnetwork/ subdir doesn't exist before the
sepolicy rules are evaluated.

Bug: 309932508
Test: manually verified that Thread settings file can be written to
      /data/misc/apexdata/com.android.tethering/threadnetwork
Change-Id: I66539865ef388115c8e9b388b43291d8faf1f384
2024-01-03 23:01:24 +08:00
Inseob Kim
fb0ed7fcc4 Fix denial due to vfio_handler's IBoundDevice
As virtualizationmanager holds references to IBoundDevice returned by
vfio_handler, virtualizationmanager should also have permission to
binder_call.

Bug: 278008519
Test: boot microdroid with assigned devices
Change-Id: I7b87de099b0731c386666cec215807dc39d8c89c
2024-01-03 09:35:43 +09:00
Akilesh Kailash
047bc6669f snapuserd: sepolicy for setting task-profiles
Post OTA reboot, snapshot-merge threads will be run in the background cgroup so that they don't run on big cores. Hence, use SetTaskProfiles() API to move the thread to the relavant cgroup.

When setting SetTaskProfile API, /dev/cpuset/background/tasks path
is accessed which requires process to be in system group.

Use setgid to move the task to system group.

Bug: 311233916
Test: OTA on Pixel 6 - Verify that merge threads are not run on big
cores
Change-Id: Ie4921910985292b0b05f4ffc70b0d08ad9e4a662
Signed-off-by: Akilesh Kailash <akailash@google.com>
2023-12-29 23:02:17 +00:00
Jan Sebechlebsky
0fd6d1bd26 Allow binder calls between virtual_camera / mediaserver &
codecs.

This is required to allow Surface originating from
virtual_camera to be used by mediaserver & writen
to by codecs(for example to decode video into the
surface usign MediaPlayer).

Bug: 301023410
Test: Virtual Camera Test app
Change-Id: I2cac88accd4e1777f6c441c012cd0d36579a55e5
2023-12-27 17:26:52 +01:00
Steven Moreland
c0b40ed274 Merge "dumpstate += config_gz permission" into main 2023-12-21 23:23:20 +00:00
Alan Stokes
4639e046bc Merge "Allow su to access virtualization" into main 2023-12-21 09:04:27 +00:00
Steven Moreland
832dc374a6 dumpstate += config_gz permission
Bug: 317262099
Test: bugreport & check contents
Change-Id: Idd7ab04954e26a7b210c232ae8ac114b7ff64bf7
2023-12-21 01:22:13 +00:00
Tom Chan
58a63988e3 Merge "Update wearable_sensing_service to app_api_service" into main 2023-12-20 18:44:31 +00:00
Devin Moore
babb7070a5 Merge "Allow hidl_allocator_default service to set its own prop" into main 2023-12-20 16:46:01 +00:00
Alan Stokes
8b4d612fd7 Allow su to access virtualization
Use our standard macro for granting all the necessary permissions
instead of copying a part of it.

Add ioctl access for all clients for Unix stream sockets & pipes; this
allows them to be used for stdin/stdout without triggering
denials. (Only unpriv_sock_ioctls can be used.)

Together this allows a root shell to use `vm run` without getting
spurious denials such as:

avc:  denied  { ioctl } for  comm="crosvm" path="socket:[835168]"
dev="sockfs" ino=835168 ioctlcmd=0x5401 scontext=u:r:crosvm:s0
tcontext=u:r:su:s0 tclass=unix_stream_socket permissive=0

Bug: 316048644
Test: adb root,  adb shell /apex/com.android.virt/bin/vm run-microdroid
Test: atest MicrodroidTests
Change-Id: Ib5186c70714e295a770896cf8b628384f410b94d
2023-12-20 14:55:28 +00:00
Jeff Pu
6f873ffe82 Merge "Face Virtual HAL lockout support" into main 2023-12-20 14:45:23 +00:00
Alan Stokes
b5061088c8 Merge "Tweak sysfs_dt_avf permissions" into main 2023-12-20 09:41:02 +00:00
Jeff Pu
3c79af1f7c Face Virtual HAL lockout support
Bug: 294254230
Test: atest android.hardware.biometrics.face.FakeLockoutTrackerTest
Change-Id: If7fb024b2ab5d017f5255edf484c487f5406bb9b
2023-12-19 13:28:25 -05:00
Alan Stokes
ac5044870b Tweak sysfs_dt_avf permissions
Allow r_file_perms rather than just open+read, mainly because I saw
this denial:

avc:  denied  { getattr } for  comm="binder:11247_2"
path="/sys/firmware/devicetree/base/avf/guest/common/log"
dev="sysfs" ino=16469 scontext=u:r:virtualizationmanager:s0
tcontext=u:object_r:sysfs_dt_avf:s0 tclass=file permissive=0

Also refactor slightly in microdroid_manager.te.

Test: TH
Change-Id: If2963441b3490a502c293c7a7cdd204d9db7d48a
2023-12-19 17:42:05 +00:00
Devin Moore
01b91e790d Allow hidl_allocator_default service to set its own prop
This prop is read in its .rc file to stop the service. Otherwise,
evertyime the service exits, it is restarted.
We don't want it to be `oneshot` because under normal operation, it
should be restarted if it exits/crashes.

Test: remove kTempHidlSupport && m && launch_cvd
Bug: 218588089

Change-Id: I9a4c61778c244a08ff753689604e79168058dd4c
2023-12-19 17:05:59 +00:00
Alessandra Loro
587d6a2846 Merge "Revert "bug_map selinux test failure"" into main 2023-12-19 14:47:37 +00:00
Hang Shi
cb24b4facf Merge "Bluetooth LMP Events: Add Lmp Events Hal" into main 2023-12-19 02:34:53 +00:00
Tom Chan
4409ea458f Update wearable_sensing_service to app_api_service
Being a system_api_service prevents non-privileged apps from getting a reference to WearableSensingManager via Context#getSystemService (it returns null). CTS tests are run as non-privileged apps, so we need this change to properly test the API.

The API methods are protected by a signature|privileged permission. CTS tests can gain this permission by adopting the Shell's permission identity, but it can't get around the SELinux policy.

wearable_sensing_service is mostly modelled after ambient_context_service, which is an app_api_service, so we believe this change is fine from a security's perspective.

Test: A CTS test can get a WearableSensingManager via Context#getSystemService after this change.

Change-Id: I9d854353f48ff7b3fa5a07527bee0bcc83cb6236
2023-12-18 22:02:06 +00:00
Peter Collingbourne
fe69f400db Merge "Mount /tmp as tmpfs." into main 2023-12-18 21:39:38 +00:00
Treehugger Robot
cbfdcc450e Merge "Revert "bugmap selinux failure"" into main 2023-12-18 16:01:25 +00:00
Alessandra Loro
b7d3e34182 Revert "bug_map selinux test failure"
This reverts commit 7a8028bbb4.

Reason for revert: Fixed via aosp/2869455

Bug: 308043377
Change-Id: I2b9a4094c1e19455ac135d204efe0811cb922ffa
2023-12-18 15:29:44 +00:00
Alessandra Loro
0a9f5d4c1f Revert "bugmap selinux failure"
This reverts commit 6aa75739d5.

Reason for revert: Fixed via aosp/2869455

Bug: 308043377
Change-Id: Id9d6e1abaa4b60b775123c0b7ba2f19368234848
2023-12-18 14:59:51 +00:00
Brian Lindahl
0027546b06 Merge "Revert "bugmap selinux failure"" into main 2023-12-18 14:29:22 +00:00
Peter Collingbourne
4912d266e1 Mount /tmp as tmpfs.
/tmp is a volatile temporary storage location for the shell user.
As with /data/local/tmp, it is owned by shell:shell and is chmod 771.

Bug: 311263616
Change-Id: Ice0229d937989b097971d9db434d5589ac2da99a
2023-12-15 16:46:46 -08:00
Treehugger Robot
f336eec750 Merge "traced_probes: allow perfetto to read /proc/pressure entries" into main 2023-12-15 23:06:32 +00:00
Jared Duke
8db0b2be1e traced_probes: allow perfetto to read /proc/pressure entries
Allow perfetto to read /proc/pressure/* entries for cpu/io/memory.

Test: Capture perfetto psi traces manually
Bug: 315152880
Change-Id: I08c3d3eca39ee65eb3f93d609a8ef7cf9c25f6a0
2023-12-15 19:15:57 +00:00
Yu-Ting Tseng
4de7a537b0 Merge "Revert^2 "Update uprobestats SELinux policy"" into main 2023-12-15 18:02:57 +00:00