When receiving the binder transaction errors reported by Android
applications, AMS needs a way to verify that information. Currently
Linux kernel doesn't provide such an API. Use binderfs instead until
kernel binder driver adds that functionality in the future.
Bug: 199336863
Test: send binder calls to frozen apps and check logcat
Test: take bugreport and check binder stats logs
Change-Id: I3bab3d4f35616b4a7b99d6ac6dc79fb86e7f28d4
The denial is correct, but is causing test failures. However it
appears to be harmless and VMs are operating just fine.
Suppress it until the correct policy is ready.
Bug: 306516077
Test: atest MicrodroidHostTests
Change-Id: I5d8545add4927c2521c3d4e9dc2b5bedb91c0f45
A new mode for checkfc is introduced (-t) which takes a file_contexts
and a test data file. Each line in the test data file contains a path
and the expected type. checkfc loads the file_contexts and repeatedly
calls selabel_lookup(3) to verify that the computed type is as expected.
This mode can be used to confirm that any modification to file_contexts
or its build process is benign.
A test data file (plat_file_contexts_test) is added. This file was
manually created based on private/file_contexts. Each static path was
copied as-is. Each regular expression was expanded into a couple of
entries. For instance, /dev/adf[0-9]* generated /dev/adf, /dev/adf0 and
/dev/adf123.
libselinux keeps track of which specification is being hit when using
selabel_lookup. When calling selabel_stats(3), the file backend will
output a warning if a specification has not been used. This can be
leveraged to ensure that each rule is at least hit once. This property
will be leveraged in a follow-up change (by running the test as part of
the build process), to ensure that the plat_file_contexts_test file
remains up-to-date (that is, when an entry is added to
private/file_contexts, the build will fail unless a test is also added
to plat_file_contexts_test to exercice the specification/regular
expression).
Test: m checkfc && checkfc -t ./private/file_contexts ./tests/plat_file_contexts_test
Bug: 299839280
Change-Id: Ibf56859a16bd17e1f878ce7b0570b2aead79c7e0
The get_state permission of the "keystore2" class only guarded the
Binder API IKeystoreMaintenance#getState() served by keystore2. That
API has been removed because it was unused
(https://r.android.com/2768246). Therefore, stop granting the get_state
permission.
Don't actually remove the permission from private/access_vectors. That
would break the build because it's referenced by rules in prebuilts/.
Bug: 296464083
Test: atest CtsKeystoreTestCases
Change-Id: Ie6c7b17a8652f86a75d48c134a6e71a634d63772
When keystore was replaced with keystore2 in Android 12, the SELinux
class of keystore keys was changed from keystore_key to keystore2_key.
However, the rules that granted access to keystore_key were never
removed. This CL removes them, as they are no longer needed.
Don't actually remove the class and its permissions from
private/security_classes and private/access_vectors. That would break
the build because they're referenced by rules in prebuilts/.
Bug: 171305684
Test: atest CtsKeystoreTestCases
Flag: exempt, removing obsolete code
Change-Id: I35d9ea22c0d069049a892def15a18696c4f287a3
We may want to use a dedicated selinux context
for this in the future, but in the mean time we
need this.
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ib3ed06efc4d2e3a621f187543fad4ab1a84027ec
btfloader is dead. bpfloader is being split in twain.
(it will eventually get it's own context, but for now this works)
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I7577e777545a0fa77a6467fb425aefc99a6e68d0
A parallel implementation of certain VDM APIs that need to
be exposed to native framework code.
Similar to package_native_service.
Not meant to be used directly by apps but should still be
available in the client process via the corresponding native
manager (e.g. SensorManager).
Starting the service: ag/24955732
Testing the service: ag/24955733
Bug: 303535376
Change-Id: I90bb4837438de5cb964d0b560585b085cc8eabef
Test: manual
This allows OEM to get a copy of precompiled SEPolicy. This can be
useful when an OEM needs to bind-mount some of the Android partitions
across the VM boundary to ensure the correct labeling.
Bug: 301629552
Test: Presubmit builds should be enough.
Change-Id: I3339a7abfe2612993ee659fd5492c323aa895999
