BOARD_SEPOLICY_DIRS is deprecated and references should be updated.
Signed-off-by: Felix <google@ix5.org>
Change-Id: I063940a63256a881206740e8a7ecae215f3a5ca8
bug_map is not picked up correctly when BOARD_VENDOR_SEPOLICY_DIRS is
used. And BOARD_SEPOLICY_DIRS is deprecated.
Test: m selinux_policy
Change-Id: I1dcc6ac6f7b6d0f41f29d5894bef81f3fbf841e6
This set of patches adds a way for the perfetto command line client to
save a trace to a hardcoded location,
/data/misc/perfetto-traces/incident-trace, and call into incidentd to
start a report, which will include said trace in a new section.
This is not a long-term solution, and is structured to minimize changes
to perfetto and incidentd. The latter is currently architected in a way
where it can only pull pre-defined information out of the system, so
we're resorting to persisting the intermediate results in a hardcoded
location.
This will introduce at most two more linked files at the same time.
Bug: 130543265
Bug: 134706389
Tested: manually on blueline-userdebug
Change-Id: I2aa27e25f0209b3a5cdf5d550d0312693932b808
We want "vendor domain" which is referred to as { domain -coredomain
-appdomain }, to behave the same on user vs userdebug builds.
Bug: 134161662
Test: m selinux_policy / Check logcat for denials
Change-Id: If6757c820ed657ba2b70263bb546a456adcc7cff
Steps taken to produce the mapping files:
1. Add prebuilts/api/29.0/[plat_pub_versioned.cil|vendor_sepolicy.cil]
plat_pub_versioned.cil contains all public attributes and types from Q
Leave vendor_sepolicy.cil is empty.
2. Add new file private/compat/29.0/29.0.cil by doing the following:
- copy /system/etc/selinux/mapping/29.0.cil from pi-dev aosp_arm64-eng
device to private/compat/29.0/29.0.cil
- remove all attribute declaration statement (typeattribute ...) and
sort lines alphabetically
- some selinux types were added/renamed/deleted w.r.t 29 sepolicy.
Find all such types using treble_sepolicy_tests_29.0 test.
- for all these types figure out where to map them by looking at
28.0.[ignore.]cil files and add approprite entries to 29.0.[ignore.]cil.
This change also enables treble_sepolicy_tests_29.0 and installs
29.0.cil mapping file onto the device.
Bug: 133155528
Bug: 133196056
Test: m treble_sepolicy_tests_29.0
Test: m 29.0_compat_test
Test: m selinux_policy
Change-Id: I9e83e9bf118c8b8f8fcf84d5c0dcb6eb588e0d55
I took current AOSP policy as base, then removed sepolicy so that the
set of type and attributes was a subset of types and attributes in Q
sepolicy, with exception of those that have not yet been cleand up in
current AOSP:
mediaswcodec_server
netd_socket
mediaextractor_update_service
thermalserviced
thermalserviced_exec
Bug: 133196056
Test: n/a
Change-Id: I863429d61d3fad0272c1d3f1e429cd997513a74a
Merged-In: I3e091652fa8d1757b1f71f7559186d5b32f000d5
Set the bootanim_file context for files in the com.android.boootanim
apex-module.
Bug: 116821733
Test: Verify that the new boot animation is used from next boot
Change-Id: I15e7b00bb8044eee550a4490a271b05ae14587b6
*_context_test / sepolicy_tests / treble_sepolicy_tests_* /
sepolicy_freeze_test files are installed on /system/etc.
By being FAKE modules, test files are not installed on target.
Additionally, we need to set up dependency from droidcore to
selinux_policy to make tests run on normal builds (m).
Bug: 133460071
Test: m & see if tests run and no test files on /system/etc
Test: m selinux_policy & see if tests run
Change-Id: Icacf004d5c1c8ec720c7cedef7bae8aa648cbe49
/system/apex/com.android.runtime is labeled as runtime_apex_dir
and init is allowed to mount on it.
When TARGET_FLATTEN_APEX is true (= ro.apex.updatable is unset or set to
false), apexd is not used to activate the built-in flattened APEXes.
Init simply bind-mounts /system/apex to /apex.
However, there is a special case here. The runtime APEX is installed as
either /system/apex/com.android.runtime.debug or
/system/apex/com.android.runtime.release, whereas it should be activated
on /apex/com.android.runtime - without the .debug or .release suffix.
To handle that case, the build system creates an empty directory
/system/apex/com.android.runtime and the .debug or .release directory
is bind-mounted to the empty directory by init at runtime.
Bug: 132413565
Test: marlin is bootable
Merged-In: I3fde5ff831429723fecd1fa5c10e44f636a63f09
Change-Id: I3fde5ff831429723fecd1fa5c10e44f636a63f09
(cherry picked from commit 99902a175b)
Steps taken to produce the mapping files:
1. Add prebuilts/api/29.0/[plat_pub_versioned.cil|vendor_sepolicy.cil]
plat_pub_versioned.cil contains all public attributes and types from Q
Leave vendor_sepolicy.cil is empty.
2. Add new file private/compat/29.0/29.0.cil by doing the following:
- copy /system/etc/selinux/mapping/29.0.cil from pi-dev aosp_arm64-eng
device to private/compat/29.0/29.0.cil
- remove all attribute declaration statement (typeattribute ...) and
sort lines alphabetically
- some selinux types were added/renamed/deleted w.r.t 29 sepolicy.
Find all such types using treble_sepolicy_tests_29.0 test.
- for all these types figure out where to map them by looking at
28.0.[ignore.]cil files and add approprite entries to 29.0.[ignore.]cil.
This change also enables treble_sepolicy_tests_29.0 and installs
29.0.cil mapping file onto the device.
Bug: 133155528
Bug: 133196056
Test: m treble_sepolicy_tests_29.0
Test: m 29.0_compat_test
Test: m selinux_policy
Change-Id: I59f6251e9baa6527a358dec024e9fae62388db2b
I took current AOSP policy as base, then removed sepolicy so that the
set of type and attributes was a subset of types and attributes in Q
sepolicy, with exception of those that have not yet been cleand up in
current AOSP:
mediaswcodec_server
netd_socket
mediaextractor_update_service
thermalserviced
thermalserviced_exec
Bug: 133196056
Test: n/a
Change-Id: I2cbe749777684146114c89e1e6fc3f07400c0ae5
The execmem capability indicates that the processes creates anonymous
executable memory, which is most commonly used for JITing functionality.
All of the healthd executable code comes from the filesystem, and
healthd does not rely on JITing or loading code from non-file based
sources, so this permission is unnecessary.
Bug: 32659667
Test: compiles and boots
Change-Id: Ifb2b68625b191cb002dbb134cace6ddd215236e8
These lines are copied from update_engine.te, and are needed to update
dynamic partitions in recovery.
Bug: 132943965
Test: sideload OTA on cuttlefish
Change-Id: Id03a658aac69b8d20fa7bb758530a4469c75cf9c
The space between 2K and 16K in /misc is currently reserved for vendor's
use (as claimed in bootloader_message.h), but we don't allow vendor
module to access misc_block_device other than vendor_init.
The change in the topic adds a `misc_writer` tool as a vendor module,
which allows writing data to the vendor space to bridge the gap in the
short term. This CL adds matching labels to grant access.
Long term goal is to move /misc as vendor owned, then to provide HAL
access from core domain (b/132906936).
Bug: 132906936
Test: Build crosshatch that includes misc_writer module. Invoke
/vendor/bin/misc_writer to write data to /misc.
Change-Id: I4c18d78171a839ae5497b3a61800193ef9e51b3b
`persist.sys.device_provisioned` is set (more precisely, "will be set",
via internal change in ag/7567585) by system_server based on device
privisioning state. This CL grants vendor_init to set up action triggers
based on the property value.
avc: denied { read } for property=persist.sys.device_provisioned pid=0 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:system_prop:s0 tclass=file permissive=0
Bug: 131702833
Bug: 132906936
Test: Set an init trigger that waits on `persist.sys.device_provisioned`.
Check that there's no longer a denial.
Change-Id: I64e50bd31c90db4b3bdd3bd014a90d7bef708b57
Fixes: 132249401
Test: build aosp_blueline. Verify these tests are not in /system/etc/
Test: Verify that syntax error 27.0.compat.cil results in a broken build.
Change-Id: I3382fcec4ba1ca3f639d7d892c7da8515b22812b
Fixes the following denial during boot:
[ 1.358156] selinux: SELinux: Could not set context for
/dev/block/platform/soc/1d84000.ufshc/by-name/super: Permission denied\x0a
[ 1.358275] audit: type=1400 audit(951562.676:7):
avc: denied { relabelto } for pid=1 comm="init" name="super"
dev="tmpfs" ino=17657 scontext=u:r:init:s0 tcontext=u:object_r:super_block_device:s0
tclass=lnk_file permissive=0
Bug: 124410201
Test: make
Change-Id: Ib6752b8a6ae4211ba8c0a7417295b8144a2fed67
Similar to aosp/961857, but enables the logging of atrace events from
the camera HAL (primarily HIDL interactions, but also a couple of ION
events).
Keeping it confined to userdebug_or_eng. Longer-term planning belongs on
b/78136428.
Not adding fwk_camera_hwservice, as it is a HIDL interface to
cameraserver (which is already covered above).
Plus slight reorganization of existing atrace.te contents, and donaudits
to reduce logspam from denials (including pre-existing ones that were
hitting the rate limiter).
Specific denials addressed (listing HALs, finding camera HAL, notifying it):
05-15 18:07:19.684 618 618 E SELinux : avc: denied { list } for scontext=u:r:atrace:s0 tcontext=u:r:hwservicemanager:s0 tclass=hwservice_manager permissive=1
05-15 18:07:19.701 618 618 E SELinux : avc: denied { find } for interface=android.hardware.camera.provider::ICameraProvider sid=u:r:atrace:s0 pid=10137 scontext=u:r:atrace:s0 tcontext=u:object_r:hal_camera_hwservice:s0 tclass=hwservice_manager permissive=1
05-15 18:07:19.698 10137 10137 I atrace : type=1400 audit(0.0:273): avc: denied { call } for scontext=u:r:atrace:s0 tcontext=u:r:hal_camera_default:s0 tclass=binder permissive=1
Bug: 130543265
Tested: flashed blueline-userdebug, took a trace with perfetto, confirmed HIDL atrace slices present in camera hal trace.
Change-Id: I0f8ce989355603e41d6c05c3de07e7dd615555eb
