Commit graph

47468 commits

Author SHA1 Message Date
Treehugger Robot
b637f1a413 Merge "Cameraserver: Allow camera to switch thread scheduling policy" into main 2024-03-20 16:25:50 +00:00
Sandro Montanari
8c569d673a Merge "Restrict SDK sandbox unix_stream_socket connections" into main 2024-03-20 15:36:31 +00:00
Sandro Montanari
d226ac41e2 Restrict SDK sandbox unix_stream_socket connections
Bug: 328729812
Test: atest --test-mapping packages/modules/AdServices/sdksandbox
Change-Id: If26e853d66039aebead20076df4387cd6ca9788d
2024-03-20 14:10:12 +00:00
Dennis Shen
10c1046a3f Merge "allow all domain search permission for aconfig_storage_metadata_file dir" into main 2024-03-20 11:56:57 +00:00
Emilian Peev
a31bbfe4e2 Cameraserver: Allow camera to switch thread scheduling policy
Allow camera server to switch the scheduling policy
for certain time critical threads.

Bug: 323292530
Test: Manual using camera application,
Camera CTS

Change-Id: Ib665009c095efc21f65b1d8b3ddd9c2528c1c794
2024-03-19 19:14:45 +00:00
Mitch Phillips
26477ab5a0 Merge "Allow permissive MTE to be set by non-root users" into main 2024-03-19 19:06:13 +00:00
Dennis Shen
cd560f115b allow all domain search permission for aconfig_storage_metadata_file dir
Just allow aconfig_storage_metadata_file:file read permission is not
enough to read the pb file, we also need
aconfig_storage_metadata_file:dir search permission.

Bug: b/312459182
Test: audit2allow after having demo app access the file
Change-Id: I1790ea84a56e83f43313af82378f245e2bb6597e
2024-03-19 17:50:16 +00:00
Treehugger Robot
1b45a0af5e Merge "Allow odrefresh to relabel staging files to apex_art_data_file." into main 2024-03-19 16:27:27 +00:00
Treehugger Robot
69fdfcde37 Merge "Add a trailing newline" into main 2024-03-19 15:34:45 +00:00
Treehugger Robot
2fa70270a2 Merge "Add rule for system_server to send Perfetto a signal" into main 2024-03-19 14:31:25 +00:00
Dennis Shen
30fdc75046 Merge "update aconfigd selinux policy" into main 2024-03-19 14:31:02 +00:00
Dennis Shen
89a2c6988a update aconfigd selinux policy
For aconfigd test, for atest to work, the shell domain needs to be able
to connect to aconfigd_socket. In addition, aconfigd needs to be able to
access the test storage files as shell_data_file. All these policies are
only needed for userdebug_or_eng build.

Bug: 312459182
Test: m, launch avd, atest, then audit2allow, no avc denials found
Change-Id: Ifb369f7e0000dfe35305fe976e330fa516ff440c
2024-03-19 12:24:23 +00:00
Carlos Galo
ea1bd5d68f lmkd: Add sepolicy rules around bpf for lmkd
LMKD needs to be able to attach BPF tracepoints. It needs to be able to
access tracefs, attach and run bpf programs.

Test: m
Test: Verified no denials with lmkd and libmemevents integration
Bug: 244232958
Change-Id: I57248b729c0f011937bec139930ca9d24ba91c3b
Signed-off-by: Carlos Galo <carlosgalo@google.com>
2024-03-19 00:46:47 -07:00
Carmen Jackson
33c057444a Add rule for system_server to send Perfetto a signal
Cancelling/ending traces wasn't working properly in the Developer
Telemetry APIs due to this missing rule. Now, calling destroyForcibly
on the Perfetto process running the trace successfully kills the
process.

Bug: 293957254
Test: locally with atest ProfilingFrameworkTests#testRequestProfilingCancel
Change-Id: I91d83dde01897eb9e48cf4a90e44d088c3f2a45f
2024-03-19 05:36:22 +00:00
Inseob Kim
4914c17ded Add a trailing newline
Bug: 326134149
Test: TH
Change-Id: I7a47014a8cd9d586f521b8926197a3659dd13b6b
2024-03-19 10:24:55 +09:00
Eric Biggers
b58636b2d3 Merge "Stop granting permission to report_off_body to keystore2" into main 2024-03-18 21:08:40 +00:00
Yabin Cui
5c50d5921d Merge "Add profcollectd.etr.probe property and associated permissions" into main 2024-03-18 17:32:13 +00:00
Nikita Putikhin
2c434e9971 Merge "Add contexts for update_engine_nostats" into main 2024-03-18 11:31:57 +00:00
Yabin Cui
948ae15060 Add profcollectd.etr.probe property and associated permissions
It is used by profcollectd to notify vendor_init to trigger
a manual probe of coresight etr.

Bug: 321061072
Test: build and run on device
Change-Id: I5aa65f8d5a25f1284f09111c940f0a2c1a62ac18
2024-03-15 12:21:44 -07:00
Jiakai Zhang
8d24e01ba8 Allow odrefresh to relabel staging files to apex_art_data_file.
This will allow odrefresh to move files from staging dir to output dir
instead of copying.

Test: -
  1. Patch https://r.android.com/2991838
  2. atest odsign_e2e_tests_full
Change-Id: I8fec4db3ff720f84a58e41439089ea55e53301b4
2024-03-15 16:39:13 +00:00
Vadim Caen
68dc59dee5 Allow virtual_camera to use fd from surfaceflinger
Test: atest --rerun-until-failure 100 android.hardware.camera2.cts.CaptureRequestTest#testEffectModes
Fixes: 329837920
Change-Id: I2de4e119383e4c8d4183957bfa6e1e363cdbbe4f
2024-03-15 17:17:21 +01:00
Mitch Phillips
98b3e4bfd3 Allow permissive MTE to be set by non-root users
Found when making the tests for permissive MTE, which are part of the
CTS test suite because I really, really don't want to fork hundreds of
lines of Java glue. But, CTS tests aren't supposed to only run on rooted
devices (even though there's examples of this in the tree already).

I think either way, ideologically, we should allow non-root users to
enable permissive MTE. This would be useful for a person who wants to
dogfood MTE with all apps on, but use a retail build. I can think of at
least a few researchers that would probably find this useful.

Bug: 328793166
Test: adb unroot && adb shell setprop persist.sys.mte.permissive 1
Change-Id: Ie905e23c9600986cb436e1cc7490e28678710696
2024-03-15 16:26:31 +01:00
Treehugger Robot
3230efb5cf Merge "bpfloader: allow bpffs_type:dir setattr" into main 2024-03-15 10:11:44 +00:00
Treehugger Robot
e47e58771f Merge "bpfloader: allowing reading proc_bpf:file" into main 2024-03-15 10:10:25 +00:00
Jooyung Han
e164e993f6 Merge "Allow apexd to send atoms to statsd via socket" into main 2024-03-15 05:00:51 +00:00
Jooyung Han
a1927afd8a Allow apexd to send atoms to statsd via socket
apexd is going to send atoms (https://cs.android.com/android/platform/superproject/main/+/main:frameworks/proto_logging/stats/atoms/apex/apex_extension_atoms.proto) to statsd).

Bug: 281162849
Test: manual. statsd_testdrive 732 (id for an apexd atom)
Change-Id: Ic0f78ff17e868b2f3fa7e612a0884d5d4fa16eae
2024-03-15 05:00:26 +00:00
Maciej Żenczykowski
93a3d62f6b bpfloader: allow bpffs_type:dir setattr
we have CAP_CHOWN but we can't use it
to custom configure directory uid/gid.

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I41bdab8d5b7b4cfc5cdc568909c9c6b9947e2bca
2024-03-14 23:41:12 +00:00
Eric Biggers
92ca7b7af1 Stop granting permission to report_off_body to keystore2
The report_off_body permission of the "keystore2" class only guarded the
Binder API IKeystoreMaintenance#onDeviceOffBody() served by keystore2.
That API is being removed because it is unused
(https://r.android.com/2974277).  Therefore, stop granting the
report_off_body permission.

Don't actually remove the permission from private/access_vectors.  That
would break the build because it's referenced by rules in prebuilts/.
However, document the access vectors that are known to be unused.

Bug: 289849354
Test: atest CtsKeystoreTestCases
Change-Id: I344a1a8ad1dc12217b414899994397d5e62bd771
2024-03-14 22:40:42 +00:00
Nikita Ioffe
2300dc5e64 Merge changes from topic "derive-microdroid-vendor-dice-node" into main
* changes:
  Allow ueventd to relabel /dev/open-dice0
  Add /microdroid_resources to file_contexts
2024-03-14 11:20:06 +00:00
Maciej Żenczykowski
446c8c0837 bpfloader: allowing reading proc_bpf:file
(so we can check if we need to change it)

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I229a772ec6ecebcd8826730af568980f578842ee
2024-03-14 10:47:45 +00:00
Florian Mayer
43c2a181d0 [automerger skipped] Allow shell and adb to read tombstones am: 56053a3060 -s ours
am skip reason: Merged-In I4a1af4fbdc48c5c5f4b0b33f124cea31af74dd87 with SHA-1 6c689e8438 is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3001629

Change-Id: If2550fe882cdba3c808129ac65f8fda85ff4a850
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-03-14 05:20:37 +00:00
Florian Mayer
56053a3060 Allow shell and adb to read tombstones
tombstones are now openable by these domains:

allow adbd tombstone_data_file:dir { getattr ioctl lock open read search watch watch_reads };
allow adbd tombstone_data_file:file { getattr ioctl lock map open read watch watch_reads };
allow dumpstate tombstone_data_file:dir { getattr ioctl lock open read search watch watch_reads };
allow dumpstate tombstone_data_file:file { getattr ioctl lock map open read watch watch_reads };
allow init tombstone_data_file:dir { add_name create getattr ioctl open read relabelfrom relabelto remove_name rmdir search setattr write };
allow init tombstone_data_file:fifo_file { create getattr open read relabelfrom relabelto setattr unlink };
allow init tombstone_data_file:file { create getattr map open read relabelfrom relabelto setattr unlink write };
allow init tombstone_data_file:sock_file { create getattr open read relabelfrom relabelto setattr unlink };
allow shell tombstone_data_file:dir { getattr ioctl lock open read search watch watch_reads };
allow shell tombstone_data_file:file { getattr ioctl lock map open read watch watch_reads };
allow system_server tombstone_data_file:dir { add_name getattr ioctl lock open read remove_name search watch watch_reads write };
allow system_server tombstone_data_file:file { append create getattr ioctl lock map open read rename setattr unlink watch watch_reads write };
allow tombstoned tombstone_data_file:dir { add_name getattr ioctl lock open read remove_name search watch watch_reads write };
allow tombstoned tombstone_data_file:file { append create getattr ioctl link lock map open read rename setattr unlink watch watch_reads write };

Test: adb unroot, ls, cat, adb pull
Bug: 312740614
Bug: 325709490
(cherry picked from https://android-review.googlesource.com/q/commit:6c689e84388ee85ef0203c064bf20dc8eb8339af)
Merged-In: I4a1af4fbdc48c5c5f4b0b33f124cea31af74dd87
Change-Id: I4a1af4fbdc48c5c5f4b0b33f124cea31af74dd87
2024-03-14 02:33:03 +00:00
Nikita Ioffe
73282e4d1b Allow ueventd to relabel /dev/open-dice0
Other patch in this topic moves the initialisation of /dev/open-dice0 to
the first_stage_init which runs before the sepolicy is setup. However,
microdroid_manager should still be able to access the /dev/open-dice0,
hence this patch which grants ueventd permissions to relabel the device
and fix its permissions.

Bug: 287593065
Test: vm run-microdroid --protected
Change-Id: Iacf5b0aa9b85ee9f07abac35f6b43b7ec378bff4
2024-03-13 15:24:31 +00:00
Dennis Shen
f879f74d60 Merge "allow system server to search into /metadata/aconfig dir" into main 2024-03-13 13:10:01 +00:00
Treehugger Robot
c3274647b9 Merge "Add ro.lmk.use_psi property policy" into main 2024-03-13 09:06:03 +00:00
Treehugger Robot
ced9b5c164 Merge "bpfloader - relax neverallows for map_read/write/prog_run" into main 2024-03-13 07:24:39 +00:00
Inseob Kim
c35639d615 Sync 202404 prebuilts
Unfortunately 202404 sepolicy changed a little after vendor API freeze.

Bug: 279809333
Test: build
Change-Id: Ib690abbe0cf04cd3bd55b7a82124a284782ed335
2024-03-13 13:18:05 +09:00
Maciej Żenczykowski
f83e395a4a bpfloader - relax neverallows for map_read/write/prog_run
There's no way to currently define a new domain with map_read/write
access.

That's clearly desirable for example for vendor use of xt_bpf programs.

I believe that also holds true for prog_load which is checked
at attachment, and will be needed in the future to support things
like vendor tracepoint attachment.

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I6125f3de2f8a8dde0891ddabedfafe35f521e681
2024-03-13 00:38:45 +00:00
Carlos Galo
005875d7ed Add ro.lmk.use_psi property policy
Add policy to control ro.lmk.use_psi property for lmkd.

Test: m
Bug: 328681151
Change-Id: Ie30d1c62a7f0594961667b3e2d2064be89e91506
Signed-off-by: Carlos Galo <carlosgalo@google.com>
2024-03-12 19:27:16 +00:00
Dennis Shen
662d5e68f1 allow system server to search into /metadata/aconfig dir
Bug: b/312459182
Test: m
Change-Id: I44a2113b53b23a47d30460d0e7120bbeceb3ecbf
2024-03-12 17:43:51 +00:00
Nikita Ioffe
8cc0e508ef Add /microdroid_resources to file_contexts
Bug: 287593065
Test: builds
Test: atest MicrodroidTests
Change-Id: Ide20bd031b85d73fa246d8b040245ce1f3983b5d
2024-03-12 15:39:00 +00:00
Roland Levillain
b229d824ad Merge "Revert "Check added types/attributes on freeze test too"" into main 2024-03-12 15:35:32 +00:00
Roland Levillain
590bbddbd0 Revert "Check added types/attributes on freeze test too"
This reverts commit a6a3726ed2.

Reason for revert: Breaks an internal build (see b/329217616)

Bug: 329217616
Bug: 296875906
Change-Id: Iac204a3e7501cd2d0e691f10b5bca88586f315aa
2024-03-12 15:32:12 +00:00
Treehugger Robot
ed4d6b7929 Merge "Check added types/attributes on freeze test too" into main 2024-03-12 07:38:59 +00:00
Thiébaud Weksteen
8372e1fd71 Merge "Define persist.bootanim.color in platform policy" into main 2024-03-12 05:06:31 +00:00
Inseob Kim
a6a3726ed2 Check added types/attributes on freeze test too
Without this check, a release build may accidentally include additional
public types and attributes after "freeze".

Also this adds a detailed error message for how to fix.

Bug: 296875906
Test: manual
Change-Id: Iabc6bc8c8616089207acfff8ec4f05445fe7b2b3
2024-03-12 11:25:14 +09:00
Inseob Kim
d3afbdfffa Merge changes from topic "202404_sepolicy_mapping" into main
* changes:
  Add 202404 mapping files
  Vendor API level 202404 is now frozen
2024-03-12 00:10:16 +00:00
Treehugger Robot
17c2c80f7b Merge "sepolicy: Grant hal_bluetooth_server to access udp_socket" into android14-tests-dev am: d7d7463dbc
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2989876

Change-Id: I5153850c98ce0e31fac87416a68a3c15b9d75504
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-03-11 22:52:24 +00:00
Treehugger Robot
d7d7463dbc Merge "sepolicy: Grant hal_bluetooth_server to access udp_socket" into android14-tests-dev 2024-03-11 22:13:33 +00:00
Thiébaud Weksteen
e26898d633 [automerger skipped] Grant lockdown integrity to all processes am: 30404a42b8 -s ours am: 3b40904a9d -s ours
am skip reason: Merged-In If2ad34fbbf2c0d29ac54ab5d1be430623f86f1f7 with SHA-1 c1b65e5d53 is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2980251

Change-Id: Ifd4ff576bc75fc28139c5e1d0df36a5ada7ce1dc
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-03-11 21:25:35 +00:00