Commit graph

6754 commits

Author SHA1 Message Date
Michael Ayoubi
77c10eff1e Add DCK eligibility properties
Bug: 186488185
Test: Confirm GMSCore access
Change-Id: I20baf5c9ae9fbebc9e43d2798401ad49776fb74a
2021-05-21 23:31:09 +00:00
Svet Ganov
365c57f338 Allow mediaserver/audioserver to access permission checker service
bug: 158792096

Test: atest CtsMediaTestCases
      atest CtsPermissionTestCases
      atest CtsPermission2TestCases
      atest CtsPermission3TestCases
      atest CtsPermission4TestCases

Change-Id: I392c87f0a85a09d891bceaaefeae1b3f9acff55a
2021-05-20 19:07:29 +00:00
Yabin Cui
4c26361472 Merge "Allow simpleperf_app_runner to write to shell pipe fds." 2021-05-14 20:45:39 +00:00
Yabin Cui
d34a1dd223 Allow simpleperf_app_runner to write to shell pipe fds.
Currently simpleperf knows whether an app is debuggable or profileable
by running commands via run-as and simpleperf_app_runner and seeing if
they fail. This isn't convenient. So we want simpleperf_app_runner to
pass app type to simpleperf through pipe fds.

Bug: 186469540
Test: run CtsSimpleperfTestCases.
Change-Id: Ia2d276def83361336bb25d9cf367073a01cb4932
2021-05-14 10:16:24 -07:00
Treehugger Robot
9327c4f1cc Merge "Allow /dev/dma_heap directory to be readable" 2021-05-14 05:10:33 +00:00
Hridya Valsaraju
920939df71 Allow /dev/dma_heap directory to be readable
Allow everyone to read /dev/dma_heap so that they can query the set of
available heaps with the GetDmabufHeapList() API in libdmabufheap.
This patch fixes the following denials that happen when clients use the
API:

avc: denied { read } for name="dma_heap" dev="tmpfs" ino=369
scontext=u:r:mediaswcodec:s0 tcontext=u:object_r:dmabuf_heap_device:s0
tclass=dir permissive=0
9507:05-12 17:19:59.567  1647  1647 W com.android.systemui: type=1400
audit(0.0:93): avc: denied { read } for
comm=4E444B204D65646961436F6465635F name="dma_heap" dev="tmpfs" ino=369
scontext=u:r:platform_app:s0:c512,c768
tcontext=u:object_r:dmabuf_heap_device:s0 tclass=dir permissive=0
app=com.android.systemui

Test: manual
Bug: 184397788
Change-Id: I84672bc0be5b409cd49080501d0bf3c269ca610c
2021-05-14 05:09:30 +00:00
liuyg
04c85dcfc4 Revert "Allow the MediaProvider app to set FUSE passthrough property"
This reverts commit c1e2918fd9.

Reason for revert: Build broke

Change-Id: I4b95e977cf66c586b0d0b465f1b3654c01074152
2021-05-13 18:18:28 +00:00
Alessio Balsini
c1e2918fd9 Allow the MediaProvider app to set FUSE passthrough property
Allow the MediaProvider app to write the system property
fuse.passthrough.enabled in case FUSE passthrough is enabled.
The need for this additional system property is due to the ScopedStorage
CTS tests that are assuming FUSE passtrhough is always on for devices
supporting it, but there may be some cases (e.g., GSI mixed builds)
where this is not possible true and the feature is disabled at runtime,
thus causing the tests to fail.
This additional system property is only set when FUSE passthrough is
actually being used by the system.

Bug: 186635810
Test: CtsScopedStorageDeviceOnlyTest
Signed-off-by: Alessio Balsini <balsini@google.com>
Change-Id: I623042d67399253a9167188c3748d93eb0f2d41f
2021-05-13 17:38:16 +00:00
Vova Sharaienko
ad8cf2fe1b Merge "Stats: Marked service as app_api_service" 2021-05-07 16:05:57 +00:00
Vova Sharaienko
a96cb4d339 Stats: Marked service as app_api_service
Marked the fwk_stats_service service as app_api_service so that
it can be reached by apps (also means that it's stable)

Bug: 185789914
Test: Build, flash, boot & and logcat | grep "SELinux"
Change-Id: Ifbb111dbee0429d8aaea4688c0390ee80e25cb22
2021-05-06 22:03:47 +00:00
David Anderson
018004d9d1 Allow fastbootd to mount /metadata in recovery.
It is important that fastbootd is able to mount /metadata in recovery, in
order to check whether Virtual A/B snapshots are present. This is
enabled on userdebug builds, but currently fails on user builds.

Fixes:

        audit: type=1400 audit(7258310.023:24): avc:  denied  { mount } for pid=511 comm="fastbootd" name="/" dev="sda15" ino=2 scontext=u:r:fastbootd:s0 tcontext=u:object_r:labeledfs:s0 tclass=filesystem permissive=0

Bug: 181097763
Test: fastboot flash on user build
Change-Id: I1abeeaa3109e08755a1ba44623a46b12d9bfdedc
2021-05-05 16:37:56 -07:00
Hridya Valsaraju
f35c70b0dd Merge changes If26ba23d,Ibea38822
* changes:
  Revert "Revert "Exclude vendor_modprobe from debugfs neverallow restrictions""
  Revert "Revert "Add neverallows for debugfs access""
2021-05-05 17:31:35 +00:00
Songchun Fan
633f7ca868 [sepolicy] allow system server to read incfs metrics from sysfs
Address denial messages like:

05-05 05:02:21.480  1597  1597 W Binder:1597_12: type=1400 audit(0.0:140): avc: denied { read } for name="reads_delayed_min" dev="sysfs" ino=107358 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

BUG: 184844615
Test: atest android.cts.statsdatom.incremental.AppErrorAtomTests#testAppCrashOnIncremental
Change-Id: I201e27e48a08f99f41a030e06c6f22518294e056
2021-05-04 22:56:41 -07:00
Hridya Valsaraju
498318cc65 Revert "Revert "Exclude vendor_modprobe from debugfs neverallow restrictions""
This reverts commit 231c04b2b9.

Now that b/186727553 is fixed, it should be safe to revert this revert.

Test: build
Bug: 184381659
Change-Id: If26ba23df19e9854a121bbcf10a027c738006515
2021-05-04 22:07:08 -07:00
Hridya Valsaraju
23f9f51fcd Revert "Revert "Add neverallows for debugfs access""
This reverts commit e95e0ec0a5.

Now that b/186727553 is fixed, it should be safe to revert this revert.

Test: build
Bug: 184381659
Change-Id: Ibea3882296db880f5cafe4f9efa36d79a183c8a1
2021-05-04 22:06:46 -07:00
Hridya Valsaraju
a885dd84c7 Revert "Revert "Add a neverallow for debugfs mounting""
This reverts commit f9dbb72654.
Issues with GSI testing fixed with
https://android-review.googlesource.com/c/platform/build/+/1686425/

Bug: 184381659
Test: manual
Change-Id: Icd07430c606e294dfaad2fc9b37d34e3dae8cbfc
2021-05-02 21:41:53 -07:00
Shawn Willden
bdc4f744da Merge "Allowing userdebug/eng builds crash dump access to ks" 2021-04-30 22:19:04 +00:00
Max Bires
f09391624a Allowing userdebug/eng builds crash dump access to ks
This will make debugging of keystore issues in dogfood populations much
easier than it previously was, as developers will have detailed crash
dump reporting on any issues that do occur.

Bug: 186868271
Bug: 184006658
Test: crash dumps appear if keystore2 explodes
Change-Id: Ifb36cbf96eb063c9290905178b2fdc5934050b99
2021-04-30 18:50:54 +00:00
Songchun Fan
979a1f8f34 [sepolicy] allow system_server to ioctl INCFS_IOC_GET_LAST_READ_ERROR
Solves the denial message like:

04-30 03:54:46.972 21944 21944 I Binder:21944_17: type=1400 audit(0.0:502): avc: denied { ioctl } for path=2F646174612F696E6372656D656E74616C2F4D545F646174615F6170705F766D646C3133352F6D6F756E742F2E70656E64696E675F7265616473202864656C6574656429 dev="incremental-fs" ino=2 ioctlcmd=0x6727 scontext=u:r:system_server:s0 tcontext=u:object_r:incremental_control_file:s0 tclass=file permissive=1

BUG: 184844615
Test: manual
Change-Id: I3ef32613de348bca1d58cddf4ec1296d4828b51a
2021-04-30 16:46:06 +00:00
Nicolas Geoffray
82bf10a79c Merge "Allow boot animation to update boot status." 2021-04-29 07:53:05 +00:00
Christian Wailes
6553a8dbe6 Merge "Add SELinux properties for artd" 2021-04-28 16:41:09 +00:00
Xusong Wang
c5bae6f802 Merge "Allow NN HAL service to read files from apk data files" 2021-04-28 15:09:42 +00:00
Nicolas Geoffray
6a311471a6 Allow boot animation to update boot status.
This CL was missed from the topic:
https://android-review.googlesource.com/q/topic:bootanim-percent

Test: update ART module, see animation go to 100%
Bug: 184881321
Change-Id: I59706718af11751a7e1f4b5ab1ff2793f554fb19
2021-04-28 15:17:09 +01:00
Chris Wailes
467d8a80ea Add SELinux properties for artd
Test: boot device and check for artd process
Change-Id: I2a161701102ecbde3e293af0346d1db0b11d4aab
2021-04-27 14:49:13 -07:00
Treehugger Robot
98914119ae Merge "[incfs] Allow everyone read the IncFS sysfs features" 2021-04-26 22:19:37 +00:00
Treehugger Robot
206d6d80a1 Merge "Fix permissions for vold.post_fs_data_done" 2021-04-26 20:36:34 +00:00
Eric Biggers
040ce199b2 Fix permissions for vold.post_fs_data_done
The system property "vold.post_fs_data_done" is used by init and vold to
communicate with each other in order to set up FDE on devices that use
FDE.  It needs to be gettable and settable by vold, and settable by init
and vendor_init.  This was the case in Android 11 and earlier; however,
the change
https://android-review.googlesource.com/c/platform/system/sepolicy/+/1277447
("Rename exported and exported2 vold prop") broke this by giving this
property the type "vold_config_prop", which made it no longer settable
by vold.

Since none of the existing property types appear to be appropriate for
this particular property, define a new type "vold_post_fs_data_prop" and
grant the needed domains permission to get/set it.

This is one of a set of changes that is needed to get FDE working again
so that devices that launched with FDE can be upgraded to Android 12.

Bug: 186165644
Test: Tested FDE on Cuttlefish
Change-Id: I2fd8af0091f8b921ec37381ad3b85a156d074566
2021-04-26 12:43:05 -07:00
Hridya Valsaraju
7362f58895 Merge changes from topic "revert-1668411-MWQWEZISXF"
* changes:
  Revert "Add a neverallow for debugfs mounting"
  Revert "Add neverallows for debugfs access"
  Revert "Exclude vendor_modprobe from debugfs neverallow restrictions"
  Revert "Check that tracefs files are labelled as tracefs_type"
2021-04-23 22:06:31 +00:00
Robert Horvath
dbfe4809ba Merge "Add bootanim property context, ro.bootanim.quiescent.enabled property" 2021-04-23 16:45:32 +00:00
Hridya Valsaraju
f9dbb72654 Revert "Add a neverallow for debugfs mounting"
Revert submission 1668411

Reason for revert: Suspect for b/186173384
Reverted Changes:
Iaa4fce9f0:Check that tracefs files are labelled as tracefs_t...
I743a81489:Exclude vendor_modprobe from debugfs neverallow re...
I63a22402c:Add neverallows for debugfs access
I289f2d256:Add a neverallow for debugfs mounting

Change-Id: Ie04d7a4265ace43ba21a108af85f82ec137c6af0
2021-04-23 16:38:20 +00:00
Hridya Valsaraju
e95e0ec0a5 Revert "Add neverallows for debugfs access"
Revert submission 1668411

Reason for revert: Suspect for b/186173384
Reverted Changes:
Iaa4fce9f0:Check that tracefs files are labelled as tracefs_t...
I743a81489:Exclude vendor_modprobe from debugfs neverallow re...
I63a22402c:Add neverallows for debugfs access
I289f2d256:Add a neverallow for debugfs mounting

Change-Id: I9b7d43ac7e2ead2d175b265e97c749570c95e075
2021-04-23 16:38:20 +00:00
Hridya Valsaraju
231c04b2b9 Revert "Exclude vendor_modprobe from debugfs neverallow restrictions"
Revert submission 1668411

Reason for revert: Suspect for b/186173384
Reverted Changes:
Iaa4fce9f0:Check that tracefs files are labelled as tracefs_t...
I743a81489:Exclude vendor_modprobe from debugfs neverallow re...
I63a22402c:Add neverallows for debugfs access
I289f2d256:Add a neverallow for debugfs mounting

Change-Id: I04f8bfdc0e5fe8d2f7d6596ed7b840332d611485
2021-04-23 16:38:20 +00:00
Andrew Walbran
3b6a385137 Merge "Add crosvm domain and give virtmanager and crosvm necessary permissions." 2021-04-22 18:57:15 +00:00
Treehugger Robot
005ae599cd Merge changes from topic "debugfs_neverallow"
* changes:
  Check that tracefs files are labelled as tracefs_type
  Exclude vendor_modprobe from debugfs neverallow restrictions
  Add neverallows for debugfs access
  Add a neverallow for debugfs mounting
2021-04-22 16:41:06 +00:00
David Massoud
47b6227134 Merge "Allow traced_probes to read devfreq" 2021-04-22 00:18:35 +00:00
Yurii Zubrytskyi
b382f02bf4 [incfs] Allow everyone read the IncFS sysfs features
Every process needs to be able to determine the IncFS features
to choose the most efficient APIs to call

Bug: 184357957
Test: build + atest PackageManagerShellCommandTest
Change-Id: Ia84e3fecfd7be1209af076452cc27cc68aefd80d
2021-04-21 15:15:40 -07:00
Hridya Valsaraju
4b6d50dcb4 Exclude vendor_modprobe from debugfs neverallow restrictions
vendor_modprobe loads kernel modules which may create files in
debugfs during module_init().

Bug: 179760914
Test: build
Change-Id: I743a81489f469d52f94a88166f8583a7d797db16
2021-04-21 14:13:41 -07:00
Hridya Valsaraju
a0b504a484 Add neverallows for debugfs access
Android R launching devices and newer must not ship with debugfs
mounted. For Android S launching devices and newer, debugfs must only be
mounted in userdebug/eng builds by init(for boot time initializations)
and dumpstate(for grabbing debug information from debugfs using the
dumpstate HAL).

This patch adds neverallow statements to prevent othe processes
being provided access to debugfs when the flag PRODUCT_SET_DEBUGFS_RESTRICTIONS
is set to true.

Test: make with/without PRODUCT_SET_DEBUGFS_RESTRICTIONS
Bug: 184381659
Change-Id: I63a22402cf6b1f57af7ace50000acff3f06a49be
2021-04-21 14:13:22 -07:00
Hridya Valsaraju
1c3d898d87 Add a neverallow for debugfs mounting
Android R launching devices and newer must not ship with debugfs
mounted. For Android S launching devices and newer, debugfs must only be
mounted in userdebug/eng builds by init(for boot time initializations)
and dumpstate(for grabbing debug information from debugfs). This patch
adds a neverallow statement that prevents processes other than init
from being provided access to mount debugfs in non-user builds
when the flag PRODUCT_SET_DEBUGFS_RESTRICTIONS is set to true.

Test: make with/without PRODUCT_SET_DEBUGFS_RESTRICTIONS
Bug: 184381659
Change-Id: I289f2d25662a78678929e29f83cb31cebd8ca737
2021-04-21 14:13:02 -07:00
Steven Moreland
7534762861 Merge "sepolicy: allow BINDER_ENABLE_ONEWAY_SPAM_DETECTION for all processes" 2021-04-21 16:42:26 +00:00
Treehugger Robot
c78b80667c Merge "Make suspend_prop system_vendor_config_prop" 2021-04-21 00:28:12 +00:00
Benjamin Schwartz
c171a1d9b6 Make suspend_prop system_vendor_config_prop
Bug: 185810834
Test: adb shell getprop suspend.short_suspend_threshold_millis
Change-Id: I270057e5f81b220b7168573b516dd102650f11e1
2021-04-20 09:13:02 -07:00
Seth Moore
84742a3d92 Merge "Enable pull metrics from keystore" 2021-04-20 16:00:46 +00:00
Hang Lu
a251b7ed65 sepolicy: allow BINDER_ENABLE_ONEWAY_SPAM_DETECTION for all processes
BINDER_ENABLE_ONEWAY_SPAM_DETECTION is used to enable/disable oneway
spamming detection in binder driver, and can be set per-proc.

Bug: 181190340
Change-Id: Id799b19ee5a74b458e286dc29122c140a047bdad
2021-04-20 14:07:56 +08:00
Treehugger Robot
f5ec134342 Merge "Add a property to enable runtime debugfs restrictions in non-user builds" 2021-04-20 06:07:53 +00:00
Yo Chiang
9c66e3dfa3 Merge "Allow health storage HAL to read default fstab" 2021-04-20 02:36:06 +00:00
Xusong Wang
c4e559e04f Allow NN HAL service to read files from apk data files
This allows NNAPI users to pass in model data from the asset folder.

Bug: 184880878
Test: nnapi demo app with model data from asset file
Test: NNAPI benchmark CTS
Change-Id: I79ded4e9f35eb15e1f9f0d91308840e8b318d218
2021-04-19 16:39:49 -07:00
Svet Ganov
214a65213a Add permission checker service
bug: 158792096

Test: atest CtsPermission5TestCases

Change-Id: I9dbbf2fe84131ba38ac70e7171e3bd826c150640
2021-04-17 23:41:50 +00:00
David Massoud
c50fecd8ef Allow traced_probes to read devfreq
- Add dir read access to /sys/class/devfreq/
- Add file read access to /sys/class/devfreq/$DEVICE/cur_freq

Resolves the following denials:
W traced_probes: type=1400 audit(0.0:8):
avc: denied { read } for name="devfreq" dev="sysfs"
ino=28076 scontext=u:r:traced_probes:s0
tcontext=u:object_r:sysfs:s0 tclass=dir permissive=0

W traced_probes: type=1400 audit(0.0:226):
avc: denied { read } for name="cur_freq" dev="sysfs"
ino=54729 scontext=u:r:traced_probes:s0
tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

See ag/14187061 for device specific sysfs_devfreq_cur labels

Bug: 181850306
Test: ls -Z, record perfetto trace
Change-Id: I23cebb16505313160e14b49e82e24da9b81cad70
2021-04-16 20:02:06 +08:00
Hridya Valsaraju
8403ed70de Add a property to enable runtime debugfs restrictions in non-user builds
This patch adds ro.product.enforce_debugfs_restrictions to
property_contexts. When the property is set to true in non-user builds,
init mounts debugfs in early-init to enable boot-time debugfs
initializations and unmounts it on boot complete. Similarly dumpstate
will mount debugfs to collect information from debugfs during bugreport
collection via the dumpstate HAL and unmount debugfs once done. Doing
so will allow non-user builds to keep debugfs disabled during runtime.

Test: make with/without PRODUCT_SET_DEBUGFS_RESTRICTIONS, adb shell am
bugreport
Bug: 184381659

Change-Id: Ib720523c7f94a4f9ce944d46977a3c01ed829414
2021-04-15 22:38:23 -07:00