Commit graph

7911 commits

Author SHA1 Message Date
Alan Stokes
766caba5de Modify sepolicy for compos key changes
Add the compos_key_helper domain for the process which has access to
the signing key, make sure it can't be crashdumped. Also extend that
protection to diced & its HAL.

Rename compos_verify_key to compos_verify, because it doesn't verify
keys any more.

Move exec types used by Microdroid to file.te in the host rather than
their own dedicated files.

Bug: 218494522
Test: atest CompOsSigningHostTest CompOsDenialHostTest
Change-Id: I942667355d8ce29b3a9eb093e0b9c4f6ee0df6c1
2022-02-17 12:14:40 +00:00
Ramji Jiyani
ba8615a186 Merge "system_dlkm: sepolicy: add system_dlkm_file_type" 2022-02-11 18:36:04 +00:00
Ramji Jiyani
4a556890f9 system_dlkm: sepolicy: add system_dlkm_file_type
Add new attribute system_dlkm_file_type for
/system_dlkm partition files.

Bug: 218392646
Bug: 200082547
Test: TH
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
Change-Id: I193c3f1270f7a1b1259bc241def3fe51d77396f3
2022-02-11 04:19:33 +00:00
Florian Mayer
94782041d1 Merge "[MTE] Add property to specify default MTE mode for apps." 2022-02-10 23:38:23 +00:00
Treehugger Robot
f07e7c31a4 Merge "dmesgd: sepolicies" 2022-02-10 21:00:56 +00:00
Treehugger Robot
48f59f9ec2 Merge changes from topic "revert-1979386-revert-1967140-EVS_sepolicy_updates_T-MBLQTXKQEY-UVTCTRHQWF"
* changes:
  Revert^2 "Updates sepolicy for EVS HAL"
  Revert^2 "Adds a sepolicy for EVS manager service"
2022-02-10 20:50:42 +00:00
Kevin Jeon
25dfbfec14 Merge "Make Traceur seapp_context reflect platform status" 2022-02-10 19:09:45 +00:00
Kevin Jeon
9118e3a5ca Make Traceur seapp_context reflect platform status
Because Traceur is being signed with the platform key in aosp/1961100,
the platform seinfo identifier is being added to Traceur so that SELinux
will correctly identify it as a platform app.

Bug: 209476712
Test: - Checked that Traceur can still take normal and long traces on
        AOSP userdebug and internal user/userdebug.
      - Checked that the Traceur app is now located in /system/app/
	instead of /system/priv-app/.
Change-Id: Ibe7881d48798e3b71bb40e566fa8243cbb630b04
Merged-In: Ibe7881d48798e3b71bb40e566fa8243cbb630b04
2022-02-10 17:51:28 +00:00
Alexander Potapenko
0a64d100b8 dmesgd: sepolicies
dmesgd is a daemon that collects kernel memory error reports.

When system_server notices that a kernel error occured, it sets the
dmesgd.start system property to 1, which results in init starting
dmesgd.

Once that happens, dmesgd runs `dmesg` and parses its output to collect
the last error report. That report, together with the headers containing
device- and build-specific information is stored in Dropbox.

Empirically, dmesgd needs the following permissions:
- execute shell (for popen()) and toolbox (for dmesg),
  read system_log (for dmesg)
- read /proc/version (to generate headers)
- perform Binder calls to servicemanager and system_server,
  find dropbox_service (for dropbox)
- create files in /data/misc/dmesgd (to store persistent state)

Bug: 215095687
Test: run dmesgd on a user device with injected KFENCE bugs
Change-Id: Iff21a2ffd99fc31b89a58ac774299b5e922721ea
2022-02-10 17:42:52 +00:00
Changyeon Jo
eacb1095a8 Revert^2 "Updates sepolicy for EVS HAL"
418f41ad13

Bug: 216727303
Test: m -j selinux_policy on failed targets reported
      in b/218802298
Change-Id: Iec8fd2a1e9073bf3dc679e308407572a8fcf44d9
2022-02-10 17:21:54 +00:00
Changyeon Jo
8c12609bce Revert^2 "Adds a sepolicy for EVS manager service"
0137c98b90

Bug: 216727303
Test: m -j selinux_policy on failed targets reported
      in b/218802298
Change-Id: I2ae2fc85a4055f2cb7d19ff70b120e7b7ff0957d
2022-02-10 17:21:14 +00:00
Treehugger Robot
605715d665 Merge "Support legacy apexdata labels" 2022-02-10 11:44:11 +00:00
Mohammed Rashidy
7f1eaf1b45 Merge changes from topic "revert-1967140-EVS_sepolicy_updates_T-MBLQTXKQEY"
* changes:
  Revert "Adds a sepolicy for EVS manager service"
  Revert "Updates sepolicy for EVS HAL"
2022-02-10 11:38:40 +00:00
Mohammed Rashidy
0137c98b90 Revert "Adds a sepolicy for EVS manager service"
Revert submission 1967140-EVS_sepolicy_updates_T

Reason for revert: triggered revert due to breakage https://android-build.googleplex.com/builds/quarterdeck?branch=git_master&target=cf_x86_64_auto-userdebug&lkgb=8168894&lkbb=8168958&fkbb=8168947, bug b/218802298
Reverted Changes:
I730d56ab1:Allows hal_evs_default to read directories
I2df8e10f5:Updates sepolicy for EVS HAL
Ie6cb3e269:Adds a sepolicy for EVS manager service

Change-Id: I207c261bcf2c8498d937ab02c499bf709a5f1b15
2022-02-10 10:07:44 +00:00
Mohammed Rashidy
418f41ad13 Revert "Updates sepolicy for EVS HAL"
Revert submission 1967140-EVS_sepolicy_updates_T

Reason for revert: triggered revert due to breakage https://android-build.googleplex.com/builds/quarterdeck?branch=git_master&target=cf_x86_64_auto-userdebug&lkgb=8168894&lkbb=8168958&fkbb=8168947, bug b/218802298
Reverted Changes:
I730d56ab1:Allows hal_evs_default to read directories
I2df8e10f5:Updates sepolicy for EVS HAL
Ie6cb3e269:Adds a sepolicy for EVS manager service

Change-Id: I1cc37b0e56646db61bdb34cb209aefe7376c5a50
2022-02-10 10:07:44 +00:00
Sandro Montanari
306fca99db Merge "Allow apexd to write to /metadata/sepolicy" 2022-02-10 09:41:34 +00:00
Treehugger Robot
2cedd28cf9 Merge changes from topic "EVS_sepolicy_updates_T"
* changes:
  Updates sepolicy for EVS HAL
  Adds a sepolicy for EVS manager service
2022-02-10 08:02:04 +00:00
Changyeon Jo
a083d7a8d8 Updates sepolicy for EVS HAL
This CL updates hal_evs_default to be sufficient for the defautl EVS HAL
implementation and modifies other services' policies to be able to
communicate with EVS HAL implementations

Bug: 217271351
Test: m -j selinux_policy and Treehugger
Change-Id: I2df8e10f574d62f8b84e0ff0381656ab1b18b52f
2022-02-10 01:42:59 +00:00
Changyeon Jo
5c3bc58163 Adds a sepolicy for EVS manager service
Bug: 170401743
Bug: 216727303
Test: m -j selinux_policy and TreeHugger
Change-Id: Ie6cb3e269fc46a61b56ca93efd69fbc447da0e3d
2022-02-10 01:42:21 +00:00
Steven Moreland
6598175e06 bpfdomain: attribute for domain which can use BPF
Require all domains which can be used for BPF to be marked as
bpfdomain, and add a restriction for these domains to not
be able to use net_raw or net_admin. We want to make sure the
network stack has exclusive access to certain BPF attach
points.

Bug: 140330870
Bug: 162057235
Test: build (compile-time neverallows)
Change-Id: I29100e48a757fdcf600931d5eb42988101275325
2022-02-10 00:34:50 +00:00
Florian Mayer
360ddf5583 [MTE] Add property to specify default MTE mode for apps.
Bug: 216305376
Change-Id: I9374c8681510037279deaf3e5ae011e8f9111f17
2022-02-09 22:13:59 +00:00
Yabin Cui
c30b45e242 Merge "profcollectd: allow to call callbacks registered by system_server." 2022-02-09 18:09:59 +00:00
Steven Moreland
2536bf9dac Merge "Allow BPF programs from vendor." 2022-02-09 17:28:16 +00:00
sandrom
e9a5e7ca6c Allow apexd to write to /metadata/sepolicy
Test: manual tests
Bug: 218672709
Change-Id: I91e173cc41bca0f8fd62d5a783e514f6bbb0e214
2022-02-09 15:11:06 +00:00
Jayant Chowdhary
b00bf9d282 Merge "System wide sepolicy changes for aidl camera hals." 2022-02-09 03:08:37 +00:00
Steven Moreland
c27d24c37c Allow BPF programs from vendor.
Who needs all those context switches?

bpfloader controls which types of vendor programs can be used.

Bug: 140330870
Bug: 162057235
Test: successfully load bpf programs from vendor
Change-Id: I36e4f6550da33fea5bad509470dfd39f301f13c8
2022-02-08 22:46:54 +00:00
Christine Franks
c98bde94c4 Merge "Add uhid_device to system_server" 2022-02-08 17:13:32 +00:00
Treehugger Robot
0fc6fae857 Merge "Rename property for default MTE mode." 2022-02-08 16:47:32 +00:00
Alan Stokes
53c76a25bb Support legacy apexdata labels
This partly reverts fa10a14fac. There we
removed individual labels for various apexdata labels, replacing them
with apex_system_server_data_file.

Unfortunately that doesn't handle upgrade scenarios well, e.g. when
updating system but keeping the old vendor sepolicy. The directories
keep their old labels, and vold_prepare_subdirs is unable to relabel
them as there is no policy to allow it to.

So we bring back the legacy labels, in private not public, and add the
rules needed to ensure system_server and vold_prepare_subdirs have the
access they need. All the other access needed is obtained via the
apex_data_file_type attribute.

Bug: 217581286
Test: Reset labels using chcon, reboot, directories are relabeled, no denials
Change-Id: If696882450f2634e382f217dab8f9f3882bff03f
2022-02-08 16:07:08 +00:00
Treehugger Robot
e335de9aeb Merge "Allow reading hypervisor capabilities" 2022-02-08 11:49:33 +00:00
Treehugger Robot
2e468b48c5 Merge "bpfloader: use kernel logs" 2022-02-08 10:51:39 +00:00
Jayant Chowdhary
e3019be3db System wide sepolicy changes for aidl camera hals.
Bug: 196432585

Test: Camera CTS

Change-Id: I0ec0158c9cf82937d6c00841448e6e42f6ff4bb0
Signed-off-by: Jayant Chowdhary <jchowdhary@google.com>
2022-02-08 09:37:17 +00:00
Treehugger Robot
d83aba62f6 Merge "Allow priv-app to report off body events to keystore." 2022-02-07 23:46:05 +00:00
Steven Moreland
233d4aabf6 bpfloader: use kernel logs
Boots early. logd no workie!

Bug: 210919187
Test: see bpfloader logs
Change-Id: I313f55b0a6e1164fdffeb2d07952988d5e560ae7
2022-02-07 23:16:55 +00:00
Josh Yang
8be76c8e5c Allow priv-app to report off body events to keystore.
Bug: 183564407
Test: the selinux error is gone.
Change-Id: I6783528a0ca6c94781b6c12d96ffebbfe8b25594
Merged-In: If40c2883edd39bee8e49e8e958eb12e9b29a0fe0
2022-02-07 22:42:51 +00:00
Florian Mayer
6020c42f2b Rename property for default MTE mode.
This was requested in aosp/1959650.

Change-Id: I96f8771a39606b0934e4455991a6a34aea40235b
2022-02-07 11:27:20 -08:00
Alan Stokes
55803ca572 Allow reading hypervisor capabilities
System server needs to do this to know whether a suitable VM for
CompOS can be created. System server does not need the ability to
actually start a VM, so we don't grant that.

Bug: 218276733
Test: Presubmits
Change-Id: Ibb198ad55819aa924f1bfde68ce5b22c89dca088
2022-02-07 11:33:18 +00:00
shubang
a1b9f186fb SE policy: rename iapp -> interactive_app
Bug: 205738783
Test: cuttlefish

Change-Id: I15fd60a2dba79dd5e2a3cf57ed542e5a930680f1
Merged-In: I15fd60a2dba79dd5e2a3cf57ed542e5a930680f1
2022-02-07 07:54:32 +00:00
Inseob Kim
b20cb78404 Neverallow domains other than VS from executing VM
Bug: 216610937
Test: atest MicrodroidTests
Change-Id: I2ecea6974cb6650f8a7aa8b706ae38e1822805cd
2022-02-07 09:42:21 +09:00
Yabin Cui
c1fdafdb6c profcollectd: allow to call callbacks registered by system_server.
Bug: 213519191
Test: On oriole, profcollectd can call callbacks registered by
Test: ProfcollectForwardingService in system_server.
Change-Id: I8531a6e57e5e5c12033d5e8c7651ccff9a1d976a
2022-02-05 12:59:11 -08:00
Treehugger Robot
b289dc4d1d Merge "Grant system_app permission to access cgroup_v2 directories" 2022-02-04 19:26:00 +00:00
Christine Franks
639c48d146 Add uhid_device to system_server
Bug: 217275682
Change-Id: I1ae74868344da290727df2474712b8b6ad2efdd7
Test: n/a
2022-02-04 15:13:43 +00:00
Treehugger Robot
7b7a42e6cf Merge "bluetooth.device.class_of_device should be type string" 2022-02-04 00:38:52 +00:00
Seth Moore
a75cad0d0a Add remotely provisioned key pool se policy
Keystore now hosts a native binder for the remotely provisioned key
pool, which is used to services such as credstore to lookup remotely
provisioned keys.

Add a new service context and include it in the keystore services.

Add a dependency on this new service for credstore. Also include a
credstore dependency on IRemotelyProvisionedComponent, as it's needed
to make use of the key pool.

Bug: 194696876
Test: CtsIdentityTestCases
Change-Id: I0fa71c5be79922a279eb1056305bbd3e8078116e
2022-02-02 15:07:26 -08:00
Sal Savage
724381a97a bluetooth.device.class_of_device should be type string
Bug: 217452259
Test: Manual, set property in system.prop, build, flash, make sure value
is reflected in getprop | grep bluetooth.device

Change-Id: Id4bfebb4da5bcd64ea4bac8e3c9e9754c96256c6
2022-02-02 14:13:41 -08:00
Bart Van Assche
be3ff9b93a Grant system_app permission to access cgroup_v2 directories
Without this change, the migration of the blkio controller to the cgroup
v2 hierarchy triggers the following denials:

01-31 19:00:59.086  4494  4494 I auditd  : type=1400 audit(0.0:7): avc: denied { write } for comm=4173796E635461736B202331 name="pid_4494" dev="cgroup2" ino=3545 scontext=u:r:system_app:s0 tcontext=u:object_r:cgroup_v2:s0 tclass=dir permissive=0
01-31 19:00:59.086  4494  4494 I auditd  : type=1400 audit(0.0:8): avc: denied { write } for comm=4173796E635461736B202331 name="pid_4494" dev="cgroup2" ino=3545 scontext=u:r:system_app:s0 tcontext=u:object_r:cgroup_v2:s0 tclass=dir permissive=0
01-31 19:00:59.086  4494  4494 I auditd  : type=1400 audit(0.0:7): avc: denied { write } for comm=4173796E635461736B202331 name="pid_4494" dev="cgroup2" ino=3545 scontext=u:r:system_app:s0 tcontext=u:object_r:cgroup_v2:s0 tclass=dir permissive=0
01-31 19:00:59.086  4494  4494 I auditd  : type=1400 audit(0.0:8): avc: denied { write } for comm=4173796E635461736B202331 name="pid_4494" dev="cgroup2" ino=3545 scontext=u:r:system_app:s0 tcontext=u:object_r:cgroup_v2:s0 tclass=dir permissive=0

Bug: 213617178
Test: Booted Android in the Cuttlefish emulator.
Change-Id: I20f136d5cd58fa4ebabbb5a328fc6001b11110d7
Signed-off-by: Bart Van Assche <bvanassche@google.com>
2022-02-02 17:37:45 +00:00
Andrew Scull
7e07941d3d Merge changes I82f0c2ef,I013894de
* changes:
  Let VirtualizationService access hypervisor properties
  Tag new hypervisor properties
2022-02-02 13:54:11 +00:00
Andrew Scull
792b03ddb5 Let VirtualizationService access hypervisor properties
VirtualizationService uses the properties to discover hypervisor
capabilities. Allow it access for this purpose.

Bug: 216639283
Test: build
Change-Id: I82f0c2ef30c8fb2eefcac1adf83531dd3917fdb8
2022-02-02 13:53:50 +00:00
Lalit Maganti
fb9d097d03 Merge "sepolicy: Allow system domains to be profiled" 2022-02-02 12:04:38 +00:00
Andrew Walbran
48cf9591f6 Merge "virtualizationservice no longer tries to check for pKVM extension." 2022-02-02 09:08:18 +00:00