Commit graph

20 commits

Author SHA1 Message Date
David Anderson
b45bbe2e55 Allow recovery and fastbootd to interact with libfiemap.
In normal Android, libsnapshot interacts with libfiemap over binder (via
IGsid). There is no binder in recovery, so instead, we directly link to
the library and therefore need appropriate sepolicy changes.

Bug: 139154945
Test: no denials in recovery or fastbootd
Change-Id: I356d7b5b906ac198e6f32c4d0cdd206c97faeb84
2019-11-13 18:46:57 -08:00
David Anderson
483e70bd2a Allow fastbootd and update_engine to read from sysfs_dm.
Bug: 135771280
Test: device flashes, boots
Change-Id: I07816b94566d9da6e7831e29c69dbd06a09bbef8
2019-07-08 12:20:58 -07:00
Yifan Hong
ab85caaa56 super_block_device -> super_block_device_type
Domains that access super_block_device should instead
access super_block_device_type, which includes appropriate
block devices for retrofit DAP devices.

Test: boots (sanity)
Test: manual OTA
Bug: 128991918
Change-Id: Ie025b1e3c17e82330042aaa4a3e2e4a02ec1265b
2019-03-28 18:08:19 +00:00
Yifan Hong
5d89abde99 Allow to getattr kmsg_device
These denials occur on boot when android_get_control_file also
changes from readlink() to realpath(), because realpath() will
lstat() the given path.

Some other domains (fastbootd, update_engine, etc.) also uses
libcutils to write to kernel log, where android_get_control_file()
is invoked, hence getattr is added to them as well.

04-28 06:15:22.290   618   618 I auditd  : type=1400 audit(0.0:4): avc: denied { getattr } for comm="logd" path="/dev/kmsg" dev="tmpfs" ino=20917 scontext=u:r:logd:s0 tcontext=u:object_r:kmsg_device:s0 tclass=chr_file permissive=0
03-20 19:52:23.431   900   900 I auditd  : type=1400 audit(0.0:7): avc: denied { getattr } for comm="android.hardwar" path="/dev/kmsg" dev="tmpfs" ino=20917 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:kmsg_device:s0 tclass=chr_file permissive=0
...
03-20 22:40:42.316     1     1 W init    : type=1400 audit(0.0:33): avc: denied { getattr } for path="/dev/kmsg" dev="tmpfs" ino=21999 scontext=u:r:init:s0 tcontext=u:object_r:kmsg_device:s0 tclass=chr_file permissive=0

Test: no denials related to these
Change-Id: I5263dd6b64c06fb092f3461858f57a1a09107429
2019-03-25 10:14:20 -07:00
Mark Salyzyn
86f0e54dfa fastboot: fs_mgr: overlay: suppress noise
Suppress noise associated with test mounting scratch partition.

Add internal fs_mgr_is_ext4 and fs_mgr_is_f2fs to get heads up on
mount failures and thus bypass trying.  Resolve all the avc
complaints associated with overlay handling including these new
operations.

Test: adb-remount-test.sh
Bug: 109821005
Change-Id: Ieb1f8c19ced930b6fe2d1791ef710ce528da7e37
2019-03-15 13:25:11 -07:00
Hridya Valsaraju
1912daf6a9 Fastbootd must be able to erase logical partitions
This CL adds permissions to allow fastbootd to erase
logical partitions.

[   33.423370] c5    587 audit: type=1400 audit(2073228.303:11): avc:  denied  { ioctl } for
pid=587 comm="fastbootd" path="/dev/block/dm-0" dev="tmpfs" ino=25433 ioctlcmd=0x127d
scontext=u:r:fastbootd:s0 tcontext=u:object_r:dm_device:s0 tclass=blk_file permissive=0^M
[   33.446927] c5    587 audit: type=1400 audit(2073228.326:12): avc:  denied  { ioctl }
for  pid=587 comm="fastbootd" path="/dev/block/dm-0" dev="tmpfs" ino=25433 ioctlcmd=0x1277
scontext=u:r:fastbootd:s0 tcontext=u:object_r:dm_device:s0 tclass=blk_file permissive=0^M

Test: fastboot erase system
Bug: 125391557

Change-Id: I0c99db123ed5357ceb7e16e192042e8e044e3557
2019-02-21 12:36:28 -08:00
Hridya Valsaraju
e6c36ef12f Add permissions required for flashing
These are required to handle the following denials:

audit: type=1400 audit(96805.060:7): avc:  denied  { sys_admin } for
pid=517 comm="fastbootd" capability=21  scontext=u:r:fastbootd:s0 tcontext=u:r:fastbootd:s0
tclass=capability permissive=0␍␊

[14:14:36:606] [   11.196190] audit: type=1400 audit(103042.976:10): avc:  denied  { read } for
pid=520 comm="fastbootd" name="by-name" dev="tmpfs" ino=18500 scontext=u:r:fastbootd:s0
tcontext=u:object_r:block_device:s0 tclass=dir permissive=1

Test: fastboot flashall
Bug: 124410201
Change-Id: I80041a78a5b6df09c6526be6a4066eb771887265
2019-02-15 14:45:18 -08:00
David Anderson
db90b91ea0 Full sepolicy for gsid.
Bug: 122556707
Test: manual test
Change-Id: I2536deefb3aa75deee4aeae7df074349b705b0f0
2019-02-08 05:56:58 +00:00
Hridya Valsaraju
44f3d0f097 Add a few permissions required by fastbootd
These address the following denials:

avc: denied { getattr } for pid=547 comm="fastbootd"
path="/dev/block" dev="tmpfs" ino=18532 scontext=u:r:fastbootd:s0
tcontext=u:object_r:block_device:s0 tclass=dir permissive=1␍

avc: denied { read } for pid=547 comm="fastbootd" name="fstab"
dev="sysfs" ino=25820 scontext=u:r:fastbootd:s0
tcontext=u:object_r:sysfs_dt_firmware_android:s0 tclass=dir permissive=1␍␊

avc: denied { open } for pid=547 comm="fastbootd"
path="/sys/firmware/devicetree/base/firmware/android/fstab" dev="sysfs"]
ino=25820 scontext=u:r:fastbootd:s0
tcontext=u:object_r:sysfs_dt_firmware_android:s0 tclass=dir permissive=1

Bug: 119115481
Test: fastboot flashall
Change-Id: I97dc783ceef396145e3baa5d79194560fc0634f7
2018-12-11 11:18:32 -08:00
Mark Salyzyn
33442f57e7 fastboot: /mnt/scratch refined access on userdebug
Already has permissions to remove the scratch partition, but to allow
more refined cleansing (eg: just remove vendor override), need the
ability to mount and scrub overlay directories.

Test: manual
Bug: 117605276
Change-Id: Ibc272c0aa7ce207280023912f5f119ccf5079a7f
2018-11-01 14:57:01 +00:00
David Anderson
bf0bf05a0c Allow BLKIOMIN and BLKALIGNOFF ioctls to the super device in fastbootd.
These ioctls are similar to BLKGETSIZE64; they return benign information
about the partition's alignment, and are used by liblp to optimally
align dynamic partition extents.

The system_block_device is included here because on retrofit devices,
the "super" partition is mapped to the system partition.

Bug: 116802789
Test: fastboot flashall
Change-Id: I38282904828105cf5f16ce9d4b5884d2b0e89d38
2018-10-30 15:44:03 -07:00
Nick Kralevich
392ac0fd53 fastbootd.te: Delete allowxperm statement
system/sepolicy commit 4c8eaba75a, reviewed in
https://android-review.googlesource.com/c/platform/system/sepolicy/+/793958
started enforcing explicit ioctl permission checks for all block device
files. As part of that commit, the following lines were added to
domain.te:

  # If a domain has access to perform an ioctl on a block device, allow these
  # very common, benign ioctls
  allowxperm domain dev_type:blk_file ioctl { BLKGETSIZE64 BLKSSZGET };

In essence, if a domain is granted ioctl access to any device in
policy (for example, via adding "ioctl" to the allow rule, or by using
the macro "r_file_perms" which includes the ioctl permission), then the
two ioctls BLKGETSIZE64 and BLKSSZGET will be automatically allowed. As
such, it is redundent for a domain to explicitly request these two
ioctls.

Delete the now redundant allowxperm rule.

Test: policy compiles
Change-Id: I1964ed93a7c7601393cc9e2416f3640ea22db51b
2018-10-22 10:01:10 -07:00
Hridya Valsaraju
2e645853ce Allow fastbootd to read endpoint descriptor for fastboot usb device
Test: fastboot flashall
Bug: 78793464
Change-Id: I8e1e982e3a9e356738944df5bfa1e802794a6a25
2018-10-12 13:33:42 -07:00
Hridya Valsaraju
073efc34e7 Allow fastbootd to wipe metadata.
Metadata needs to be erased as part of fastboot flashall -w.

Test: fastboot erase metadata
Bug: 113648914
Change-Id: I38a0debd9face16cad9d9a13a48549f3f58652fa
2018-09-13 17:55:28 +00:00
Hridya Valsaraju
e9fcce5642 Fastbootd does not require read access to system and boot partitions
Bug: 78793464
Test: fastboot flashall

Change-Id: I5b65b818dc43a01f90a38202e3a1b810fef70ca8
2018-09-07 00:09:34 +00:00
Hridya Valsaraju
f97026db4a Allow fastbootd to wipe userdata.
This is needed for flashall -w to wipe userdata.
Bug: 113648914
Test: fastboot erase userdata

Change-Id: I7e89cf885c9a67c78de67b79ed16af7e50104bf7
2018-09-05 13:40:30 -07:00
Hridya Valsaraju
4ae8fe9b84 Define 'super_block_device' type
Bug: 78793464
Test: fastboot getvar partition-size:super

'super_block_device' corresponds to the super partition
required for flashing dynamic partitions.

Change-Id: I323634b6797ead7c5face117a7028bf9ab947aea
2018-08-20 10:55:03 -07:00
Jerry Zhang
1d85efa9f4 Add sepolicy for fastbootd
Also allow adb and fastboot to talk to recovery
through recovery_socket. This enables changing
between modes with usb commands.

Test: No selinux denials
Bug: 78793464
Change-Id: I80c54d4eaf3b94a1fe26d2280af4e57cb1593790
2018-08-15 08:45:22 -07:00
Florian Mayer
c2ab15b798 Revert "Add sepolicy for fastbootd"
This reverts commit 0fd3ed3b8b.

Reason for revert: Broke user builds.

Change-Id: If95f1a25d22425a5a2b68a02d1561352fb5a52f0
2018-08-15 09:38:40 +00:00
Jerry Zhang
0fd3ed3b8b Add sepolicy for fastbootd
Also allow adb and fastboot to talk to recovery
through recovery_socket. This enables changing
between modes with usb commands.

Test: No selinux denials
Bug: 78793464
Change-Id: I1f97659736429fe961319c642f458c80f199ffb4
2018-08-14 20:21:36 +00:00