Commit graph

10 commits

Author SHA1 Message Date
Nick Kralevich
a73f58aee1 mediaprovider: add functionfs ioctl
Addresses the following denial:

type=1400 audit(0.0:51894): avc: denied { ioctl } for comm="MtpServer" path="/dev/usb-ffs/mtp/ep1" dev="functionfs" ino=30291 ioctlcmd=0x6782 scontext=u:r:mediaprovider:s0:c512,c768 tcontext=u:object_r:functionfs:s0 tclass=file permissive=0 app=com.android.providers.media

Test: policy compiles.
Change-Id: I5290abb2848e5824669dae4cea829d4cbea98ab4
2018-10-17 10:14:40 -07:00
Jerry Zhang
ddb89ab785 Allow mediaprovider to search /mnt/media_rw
Mtp needs access to this path in order to
change files on an sdcard.

Fixes denial:

05-14 17:40:58.803  3004  3004 W MtpServer: type=1400 audit(0.0:46):
avc: denied { search } for name="media_rw" dev="tmpfs" ino=10113
scontext=u:r:mediaprovider:s0:c512,c768
tcontext=u:object_r:mnt_media_rw_file:s0 tclass=dir permissive=0
b/77925342 app=com.android.providers.media

Bug: 77849654
Test: no denials using mtp with emulated sdcard
Change-Id: I27b5294fa211bb1eff6d011638b5fdc90334bc80
2018-05-14 12:37:11 -07:00
Chong Zhang
8e3fef3d2c allow mediaprovider to use media extractor
When extraction exif info, certain file formats may requires
parsing the container. Allow mediaprovider to use extractor
to do the parsing.

bug: 73978990
Test: manually test the scenario in b/73978990 and verify
      the Exif is extracted correctly.

Change-Id: I1cd46d793ebc9c38b816a3b63f361967e551d046
2018-03-19 13:05:24 -07:00
Jaekyun Seok
e49714542e Whitelist exported platform properties
This CL lists all the exported platform properties in
private/exported_property_contexts.

Additionally accessing core_property_type from vendor components is
restricted.
Instead public_readable_property_type is used to allow vendor components
to read exported platform properties, and accessibility from
vendor_init is also specified explicitly.

Note that whitelisting would be applied only if
PRODUCT_COMPATIBLE_PROPERTY is set on.

Bug: 38146102
Test: tested on walleye with PRODUCT_COMPATIBLE_PROPERTY=true
Change-Id: I304ba428cc4ca82668fec2ddeb17c971e7ec065e
2018-01-10 16:15:25 +00:00
Jeff Vander Stoep
182dbeb603 Suppress mediaprover access to certain cache dirs
avc: denied { getattr } for comm="sAsyncHandlerTh"
path="/data/cache/recovery" dev="sda13" ino=7086082
scontext=u:r:mediaprovider:s0:c512,c768
tcontext=u:object_r:cache_recovery_file:s0 tclass=dir
avc: denied { getattr } for path="/data/cache/backup"
scontext=u:r:mediaprovider:s0:c512,c768
tcontext=u:object_r:cache_private_backup_file:s0 tclass=dir

Bug: 63038506
Bug: 35197529
Test: build police
Change-Id: I51624c255e622bf712d41ca1bbf190ec3e4fefae
(cherry picked from commit fcf1b2083935bd298a2ece8d6d0c18712865a04b)
2017-11-09 18:39:58 +00:00
Jeff Vander Stoep
63f4677342 Allow vendor apps to use surfaceflinger_service
Vendor apps may only use servicemanager provided services
marked as app_api_service. surfaceflinger_service should be
available to vendor apps, so add this attribute and clean up
duplicate grants.

Addresses:
avc:  denied  { find } scontext=u:r:qtelephony:s0
tcontext=u:object_r:surfaceflinger_service:s0 tclass=service_manager
avc:  denied  { find } scontext=u:r:ssr_detector:s0
tcontext=u:object_r:surfaceflinger_service:s0 tclass=service_manager
avc:  denied  { find } scontext=u:r:qcneservice:s0
tcontext=u:object_r:surfaceflinger_service:s0 tclass=service_manager

Bug: 69064190
Test: build
Change-Id: I00fcf43b0a8bde232709aac1040a5d7f4792fa0f
2017-11-09 15:41:37 +00:00
Jerry Zhang
6f9ac6e4cc Add drm and kernel permissions to mediaprovider
These were missing when the sepolicy was migrated.

Addresses denials:

E SELinux : avc:  denied  { find } for service=drm.drmManager pid=11769
uid=10018 scontext=u:r:mediaprovider:s0:c512,c768
tcontext=u:object_r:drmserver_service:s0 tclass=service_manager

W kworker/u16:2: type=1400 audit(0.0:1667): avc: denied { use } for
path="/storage/emulated/0/DCIM/Camera/IMG_20170425_124723.jpg"
dev="sdcardfs" ino=1032250 scontext=u:r:kernel:s0
tcontext=u:r:mediaprovider:s0:c512,c768 tclass=fd permissive=0

Bug: 37685394
Bug: 37686255
Test: Sync files
Test: Open downloaded file

Change-Id: Ibb02d233720b8510c3eec0463b8909fcc5bbb73d
2017-04-26 11:15:44 -07:00
Jerry Zhang
9f152d98ea Split mediaprovider as a separate domain from priv_app
MediaProvider requires permissions that diverge from those
of a typical priv_app. This create a new domain and removes
Mtp related permissions from priv_app.

Bug: 33574909
Test: Connect with MTP, download apps and files, select ringtones
Test: DownloadProvider instrument tests, CtsProviderTestCases

Change-Id: I950dc11f21048c34af639cb3ab81873d2a6730a9
2017-04-17 15:30:35 -07:00
Jeff Sharkey
52da39d9a4 Partially revert "mediaprovider" SELinux domain.
The new domain wasn't fully tested, and it caused many regressions
on the daily build.  Revert back to using "priv_app" domain until we
can fully test and re-land the new domain.

Temporarily add the USB functionfs capabilities to priv_app domain
to keep remainder of MtpService changes working; 33574909 is tracking
removing that from the priv_app domain.

Test: builds, boots, verified UI and downloads
Bug: 33569176, 33568261, 33574909
Change-Id: I1bd0561d52870df0fe488e59ae8307b89978a9cb
2016-12-13 09:34:03 -07:00
Jerry Zhang
f921dd9cad Move MediaProvider to its own domain, add new MtpServer permissions
Also move necessary priv_app permissions into MediaProvider domain and
remove MediaProvider specific permissions from priv_app.

The new MtpServer permissions fix the following denials:

avc: denied { write } for comm=6D747020666673206F70656E name="ep0" dev="functionfs" ino=12326 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:functionfs:s0 tclass=file permissive=1

denial from setting property sys.usb.ffs.mtp.ready, context priv_app

Bug: 30976142
Test: Manual, verify permissions are allowed
Change-Id: I4e66c5a8b36be21cdb726b5d00c1ec99c54a4aa4
2016-12-12 11:05:33 -08:00