Define new classes and access vectors recognised by the kernel.
Bug: 340491179
Test: boot and check logs for undefined class or permission
Change-Id: I9b32916ea231cf396aa326ed7e08cb14e4eb2c9b
These have been added to the kernel and to Android sepolicy, but not
yet here. This doesn't make much difference, but it does avoid some
(harmless) warnings at policy load time.
While I'm here, remove some userspace classes which don't exist in
Microdroid and probably never will.
Bug: 215093641
Test: Policy still builds; TH
Change-Id: Id2f778919e492162c1a7d77822d74d7978522118
Other patch in this topic moves the initialisation of /dev/open-dice0 to
the first_stage_init which runs before the sepolicy is setup. However,
microdroid_manager should still be able to access the /dev/open-dice0,
hence this patch which grants ueventd permissions to relabel the device
and fix its permissions.
Bug: 287593065
Test: vm run-microdroid --protected
Change-Id: Iacf5b0aa9b85ee9f07abac35f6b43b7ec378bff4
Denials for this can cause local test failures.
The access is harmless, and is allowed in the host, so we also allow
it in the guest. And adbd does have a legitimate use for the access.
Bug: 328753027
Test: atest MicrodroidHostTests
Run repeatedly on my test device
Change-Id: Ic2e991122527ae9a22babb417ad90f2ceb8d15fc
Although /proc/device-tree is symlink to /sys/firmware/devicetree/base,
/proc/device-tree is the stable API but the absolute path may be
changed in the future.
Bug: 322465386
Test: atest CustomPvmfwHostTestCases
Change-Id: I81cbe8a4dddbac97e4fb94e6684d2a91127f3378
Allow r_file_perms rather than just open+read, mainly because I saw
this denial:
avc: denied { getattr } for comm="binder:11247_2"
path="/sys/firmware/devicetree/base/avf/guest/common/log"
dev="sysfs" ino=16469 scontext=u:r:virtualizationmanager:s0
tcontext=u:object_r:sysfs_dt_avf:s0 tclass=file permissive=0
Also refactor slightly in microdroid_manager.te.
Test: TH
Change-Id: If2963441b3490a502c293c7a7cdd204d9db7d48a
payload_accessible_device label can be used by microdroid vendor's
file_contexts to allow payloads to access their assigned devices.
Bug: 306313100
Test: put vendor_file_contexts, boot microdroid, see labels
Change-Id: I91aeb3169d14160a2d80587e3eb2e7fde240f804
The denial is correct, but is causing test failures. However it
appears to be harmless and VMs are operating just fine.
Suppress it until the correct policy is ready.
Bug: 306516077
Test: atest MicrodroidHostTests
Change-Id: I5d8545add4927c2521c3d4e9dc2b5bedb91c0f45
This is in host sepolicy, looked like we pruned it because we didn't
need it - but now we do.
Bug: 297019386
Test: Run VM with encrypted storage, no denials
Change-Id: I6cd5f6bf98e9089ef7c3945c29242daea527592f
Allow Microdroid Manager to setuid/setgid when spawning Microdroid
Launcher.
Allow encryptedstore binary to chmod the root directory.
Also added some neverallow rules, because I was surprised that I
didn't trigger one.
Bug: 296393106
Test: atest MicrodroidTests
Change-Id: I1f224d59548162d0b36c2c9f32710db2c2da5869
While searching the policy I came across some ancient TODOs, which can
now be done.
Bug: 186396070
Test: atest MicrodroidTests MicrodroidHostTests
Test: Manually run vm_shell start-microdroid
Change-Id: I21b9f992394b637399cc074dca8339e3167cf5af
The first serial device of the VM can be made bi-directional. When it is
used as an output device, it's via /dev/kmsg. microdroid_payload already
has a write access to it. When it is used as an input device, it's via
/dev/console. Grant microdroid_payload read access to the device.
Bug: 263360203
Test: atest MicrodroidTestApp:com.android.microdroid.test.MicrodroidTests#testConsoleInputSupported
Change-Id: Ief039d06ffbddee1e254d662a6c1f321a607d5f5
The main motivation is to reduce log spams.
Bug: 268333203
Test: atest MicrodroidTests MicrodroidHostTestCases
Change-Id: Idffdcd7d543590d8c580b2282098d3abd8214f86
These were unnecessarily lax. Some additional places
additionally exclude only the generic proc type, but
we don't care about those places.
Bug: 281877578
Test: boot
Change-Id: I9ebf410c12a41888ab1f5ecc21c95c34fc36c0d0
ueventd needs access to device-mapper to fix a race condition in symlink
creation. When device-mapper uevents are received, we historically read
the uuid and name from sysfs. However it turns out sysfs may not be
fully populated at that time. It is more reliable to read this
information directly from device-mapper.
Bug: 270183812
Test: libdm_test, treehugger
Change-Id: I36b9b460a0fa76a37950d3672bd21b1c885a5069
Commit 22fb5c7d24 migrated from property
types to attributes in some Microdroid rules, but omitted to
associated the attribute with the relevant types. So we fix that.
Bug: 274530433
Bug: 275469579
Bug: 276895565
Test: Will schedule a test run
Change-Id: I11194be9d1e352fa456c24a3b5784c18ccc03a69
This change gives a new type (dalvik_dynamic_config_prop) to some ART
properties such as dalvik.vm.dex2oat-cpu-set and adds a new rule to
allow system server to set them.
Bug: 274530433
Test: Locally added some code to set those properties and saw it being
successfull.
Change-Id: Ie28602e9039b7647656594ce5c184d29778fa089
We still had policy for devices which do not currently exist in
Microdroid. Remove the unused types and all references to them in the
policy, since they have no effect and just bloat the policy.
While I'm here, delete all the bug_map entries. We don't use the
bug_map in Microdroid, and this is just an outdated snapshot from host
policy.
Bug: 274752167
Test: atest MicrodroidTests
Test: composd-cmd test-compile
Change-Id: I3ab90f8e3517c41eff0052a0c8f6610fa35ccdcb
Note: this is a somewhat minimal set of rules required to be able to
capture traces on Microdroid. After the trace is captured I still see a
bunch of SELinux denials. We might need to add more allow rules in the
follow up changes.
Bug: 249050813
Test: boot Microdroid VM, capture traces with record_android_traces
Change-Id: I62098fb79a8db65706a5bb28c8acce7ff3821f15
Change1# Add property export_tombstones.enabled - This is set by
microdroid_manager to indicate that tombstones in Microdroid be exported
out to host. This read by crash_dump (specifically tombstone_handler).
Change2# allow crash_dump to create/connect/write on vsock.
Change3# Deleting rules/domain related to tombstoned &
tombstone_transmit in Microdroid.
Test: atest MicrodroidHostTests#testTombstonesAreGeneratedUponUserspaceCrash
Test: Look for selinux denials in log
Bug: 243494912
Change-Id: Ibd607eb11202d492bcb0c4ba40a6888683420fb9
