Commit graph

7695 commits

Author SHA1 Message Date
Treehugger Robot
d16bf50b26 Merge "Allow ueventd to read apexd property" 2023-05-25 01:40:11 +00:00
Steven Moreland
fd92d967ee Merge "strengthen proc_type neverallows" 2023-05-24 18:01:14 +00:00
Jin Jeong
d7558db004 Merge "Revert "Add setupwizard_esim_prop to access ro.setupwizard.esim_cid_ignore"" 2023-05-24 08:21:54 +00:00
Suchang Woo
6b4c45393b Allow ueventd to read apexd property
To run external firmware handler, ueventd should wait for apexd activation
by reading 'apexd.status' property.

Test: loading firmware from vendor apex using external firmware handler
Signed-off-by: Suchang Woo <suchang.woo@samsung.com>
Change-Id: Ic2057ab2d014540ce5eeb26bcac35d39294b5dc9
2023-05-23 14:12:40 +09:00
Steven Moreland
8634a88595 strengthen proc_type neverallows
These were unnecessarily lax. Some additional places
additionally exclude only the generic proc type, but
we don't care about those places.

Bug: 281877578
Test: boot
Change-Id: I9ebf410c12a41888ab1f5ecc21c95c34fc36c0d0
2023-05-22 22:59:08 +00:00
Steven Moreland
9a184232d7 Merge "strengthen system_file neverallows" 2023-05-19 21:37:26 +00:00
David Anderson
73d18c2bfe Merge "Allow ueventd to access device-mapper." 2023-05-19 19:43:21 +00:00
Suren Baghdasaryan
9c23982a48 allow modprobe to load modules from /system/lib/modules/
This is needed to load GKI leaf modules like zram.ko.

Bug: 279227085
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I8a8205e50aa00686f478aba5336299e03490bbb5
2023-05-18 22:33:26 +00:00
Steven Moreland
9c2a5cf0c9 strengthen system_file neverallows
no writing to system_file_type is the intention
here, but they only restricted system_file.

this does not touch the untrusted_app lock
neverallow, because it's specific to a single
system_file, and r_file_perms includes 'lock'.

Bug: 281877578
Test: build (neverallow only change)

Change-Id: I6c6078bc27c49e5a88862eaa330638f442dba9ee
2023-05-18 00:07:25 +00:00
David Anderson
e09c0eee36 Allow ueventd to access device-mapper.
ueventd needs access to device-mapper to fix a race condition in symlink
creation. When device-mapper uevents are received, we historically read
the uuid and name from sysfs. However it turns out sysfs may not be
fully populated at that time. It is more reliable to read this
information directly from device-mapper.

Bug: 270183812
Test: libdm_test, treehugger
Change-Id: I36b9b460a0fa76a37950d3672bd21b1c885a5069
2023-05-17 11:07:19 -07:00
Ken Chen
099da6da31 Allow netd to perform SIGKILL on process dnsmasq
In tetherStop(), netd will send SIGKILL to dnsmasq if SIGTERM is failed.
But there is no corresponding sepolicy in netd.te.

Bug: 256784822
Test: atest netd_integration_test:NetdBinderTest#TetherStartStopStatus
      with aosp/2591245 => fail

      atest netd_integration_test:NetdBinderTest#TetherStartStopStatus
      with aosp/2591245 + this commit => pass

Change-Id: I16a19a95c3c8ffb35dcc394b4dc329b20ecb26a3
2023-05-16 16:36:24 +08:00
Jin Jeong
9bd3eedbef Revert "Add setupwizard_esim_prop to access ro.setupwizard.esim_cid_ignore"
This reverts commit 489abecf67.

Reason for revert: b/279988311 we rename the vendor.modem property so we don't need to add the new rules

Change-Id: I19d1da02baf8cc4b5182a3410111a0e78831d7f8
Merged-In: I0c2bfe55987949ad52f62e468c84df954f39a4ad
2023-05-15 10:43:05 +00:00
Peiyong Lin
10c06cea0d Merge "Allow graphics_config_writable_prop to be modified." 2023-05-04 17:06:26 +00:00
Peiyong Lin
54229d8157 Allow graphics_config_writable_prop to be modified.
vendor_init needs to set graphics_config_writable_prop, moving it to
system_public_prop.

Bug: b/270994705
Test: atest CtsAngleIntegrationHostTestCases
Test: m && boot
Change-Id: I2f47c1048aad4565cb13d4289b9a018734d18c07
2023-05-04 15:56:33 +00:00
Jin Jeong
27d3cc7483 Merge "Add setupwizard_esim_prop to access ro.setupwizard.esim_cid_ignore" 2023-05-02 08:33:33 +00:00
Treehugger Robot
5ab4239bfb Merge "Allow snapuserd to write log files to /data/misc" 2023-05-02 02:52:58 +00:00
Jinyoung Jeong
489abecf67 Add setupwizard_esim_prop to access ro.setupwizard.esim_cid_ignore
bug: 279548423
Test:  http://fusion2/b7c803be-2dca-4195-b91f-6c4939746b5b, http://fusion2/bb76429b-7d84-4e14-b127-8458abb3e2ed
Change-Id: I4b190fca2f3825a09d27cfc74e8a528831f4f15b
Merged-In: I4b190fca2f3825a09d27cfc74e8a528831f4f15b
2023-05-02 01:24:23 +00:00
Kelvin Zhang
dbe230a193 Allow snapuserd to write log files to /data/misc
snapuserd logs are important when OTA failures happen. To make debugging
easier, allow snapuserd to persist logs in /data/misc/snapuserd_logs ,
and capture these logs in bugreport.

Bug: 280127810
Change-Id: I49e30fd97ea143e7b9c799b0c746150217d5cbe0
2023-05-01 17:15:17 -07:00
Roman Kiryanov
1f4b85c9f8 Allow servicemanager to make binder calls to gnss
not device specific

Bug: 274041413
Test: boot emulator
Change-Id: I5a70562865f64a258feefd19042949365197b990
2023-05-01 14:38:21 -07:00
Martin Stjernholm
87143bd904 Revert "Introduce a new sdk_sandbox domain"
This reverts commit 304962477a.

Reason for revert: b/279565840

Change-Id: I6fc3a102994157ea3da751364f80730f4d0e87f0
2023-04-25 12:40:37 +00:00
Mugdha Lakhani
304962477a Introduce a new sdk_sandbox domain
Define the selinux domain to apply to SDK runtime for
targetSdkVersion=34.
The existing sdk_sandbox domain has been renamed to sdk_sandbox_next.
Future CLs will add logic to apply one of these to the SDK runtime
processes on the device, based on a flag.

auditallow block from sdk_sandbox has been removed as we haven't yet
measured the system health impact of adding this. It'll be added to an
audit domain later after we've ruled out negative system health impact.

Bug: 270148964
Test: make and boot the test device, load SDK using test app
Change-Id: I7438fb16c1c5e85e30683e421ce463f9e0b1470d
2023-04-21 17:26:26 +00:00
Charles Chen
27a8f43fde Fix attribute plurals for isolated_compute_allowed
Following the naming convention.

Bug: N/A
Test: m
Change-Id: Ie26d67423f9ee484ea91038143ba763ed8f97e2f
2023-04-20 16:39:39 +00:00
Charles Chen
c8ab3593d0 Move isolated_compute_app to be public
This will allow vendor customization of isolated_compute_app. New permissions added should be associated with isolated_compute_allowed.

Bug: 274535894
Test: m
Change-Id: I4239228b80544e6f5ca1dd68ae1f44c0176d1bce
2023-04-20 05:39:29 +00:00
Yuxin Hu
b011ba5ffb Merge "Add a new system property persist.graphics.egl" 2023-04-13 18:49:26 +00:00
Yuxin Hu
889dd078e9 Add a new system property persist.graphics.egl
This new system property will be read and written
by a new developer option switch, through gpuservice.

Based on the value stored in persis.graphics.egl,
we will load different GLES driver.

e.g.
persist.graphics.egl == $ro.hardware.egl: load native GLES driver
persist.graphics.egl == angle: load angle as GLES driver

Bug: b/270994705
Test: m; flash and check Pixel 7 boots fine
Change-Id: Idec4b947d0c69c52cd798df4f834053bd306cf5f
2023-04-13 04:38:46 +00:00
Yu Shan
9eb72464b5 Define sepolicy for ivn HAL.
Test: manually verify ivn HAL on gcar_emu.
Bug: 274139217
Change-Id: Ie12dccb723078d83b561c152cc4458e52c0f8090
2023-04-10 17:42:51 -07:00
Treehugger Robot
f784149627 Merge "Use kernel sys/fs/fuse/features/fuse_bpf flag to enable fuse_bpf" 2023-03-31 22:29:31 +00:00
Jiakai Zhang
326d35c04b Merge "Allow system server to set dynamic ART properties." 2023-03-31 14:02:56 +00:00
Jiakai Zhang
22fb5c7d24 Allow system server to set dynamic ART properties.
This change gives a new type (dalvik_dynamic_config_prop) to some ART
properties such as dalvik.vm.dex2oat-cpu-set and adds a new rule to
allow system server to set them.

Bug: 274530433
Test: Locally added some code to set those properties and saw it being
  successfull.
Change-Id: Ie28602e9039b7647656594ce5c184d29778fa089
2023-03-31 11:46:05 +01:00
Steven Moreland
ccbe862858 Merge "Introduce vm_manager_device_type for crosvm" 2023-03-30 15:57:43 +00:00
Elliot Berman
ae5869abf4 Introduce vm_manager_device_type for crosvm
Introduce hypervisor-generic type for VM managers:
vm_manager_device_type.

Bug: 274758531
Change-Id: I0937e2c717ff973eeb61543bd05a7dcc2e5dc19c
Suggested-by: Steven Moreland <smoreland@google.com>
Signed-off-by: Elliot Berman <quic_eberman@quicinc.com>
2023-03-29 10:19:06 -07:00
Treehugger Robot
1ab1f7cd01 Merge "Add sepolicy rules for CpuMonitorService." 2023-03-28 21:02:14 +00:00
Steven Moreland
f7fa8ead83 Merge "remove iorapd from sepolicy" 2023-03-28 19:32:32 +00:00
Steven Moreland
c0ce089045 remove iorapd from sepolicy
It's already marked as removed in:
   ./private/compat/33.0/33.0.cil

Bug: N/A
Test: builds
Change-Id: I1b31f83fb5b210be047edb2896c7b66b58353784
2023-03-27 20:55:55 +00:00
Lakshman Annadorai
124be07e24 Add sepolicy rules for CpuMonitorService.
Change-Id: Icda952c148150e4d7824e303d163996679a0f36b
Test: m
Bug: 242722241
2023-03-27 16:29:09 +00:00
Hector Dearman
c9ff8d010b Merge "Allow traced_probes to subscribe to statsd atoms" 2023-03-27 16:04:42 +00:00
Alan Stokes
a45646c024 Allow CompOS to read VM config properties
We want to allow both the VM and ART to contribute to the VM config
(e.g. memory size), so define labels for 2 sets of properties and
grant the necessary access.

Bug: 274102209
Test: builds
Change-Id: Iaca1e0704301c9155f44e1859fc5a36198917568
2023-03-23 15:40:14 +00:00
Hector Dearman
7ca04a7e7f Allow traced_probes to subscribe to statsd atoms
Denials:
SELinux : avc:  denied  { find } for pid=1279 uid=9999 name=stats scontext=u:r:traced_probes:s0 tcontext=u:object_r:stats_service:s0 tclass=service_manager permissive=0
traced_probes: type=1400 audit(0.0:11): avc: denied { call } for scontext=u:r:traced_probes:s0 tcontext=u:r:statsd:s0 tclass=binder permissive=1
traced_probes: type=1400 audit(0.0:12): avc: denied { transfer } for scontext=u:r:traced_probes:s0 tcontext=u:r:statsd:s0 tclass=binder permissive=1
binder:1076_7: type=1400 audit(0.0:13): avc: denied { call } for scontext=u:r:statsd:s0 tcontext=u:r:traced_probes:s0 tclass=binder permissive=1

See go/ww-atom-subscriber-api

Testing steps:
Patch ag/21985690
Run:
$ adb push test/configs/statsd.cfg /data/misc/perfetto-configs/statsd.cfg
$ adb shell perfetto --txt -c /data/misc/perfetto-configs/statsd.cfg -o /data/misc/perfetto-traces/statsd.pb
$ adb pull /data/misc/perfetto-traces/statsd.pb statsd.pb
$ out/linux_clang_debug/traceconv text statsd.pb
Check logcat for denials.

Test: See above
Bug: 268661096

Change-Id: I58045b55ca8a4aa6f00774cc2d72d7b10a232922
2023-03-22 19:53:34 +00:00
Devin Moore
9a3f429b00 Merge "Allow dumpstate to dump /proc/bootconfig" 2023-03-22 16:11:44 +00:00
Devin Moore
19bc295bb1 Allow dumpstate to dump /proc/bootconfig
Test: adb shell dumpstate
Bug: 274528501
Change-Id: I0a4663a742e82d571811cb3fa9c15b8baaeeb847
2023-03-21 16:27:13 +00:00
Devin Moore
ce04629db7 Merge changes I4128f428,I8c796dfe
* changes:
  Add permissions for dumpstate to dump more hals
  Give dumpstate permissions to dump the sensor HAL
2023-03-21 16:05:54 +00:00
Devin Moore
7c0e17f987 Add permissions for dumpstate to dump more hals
Dumpstate already has permissions to get these services to dump their
stack and they are listed in dump_utils.cpp.

Test: adb shell bugreport && check bugreport
Bug: 273937310
Change-Id: I4128f4285da2693242aa02fec1bb2928e34cfcbf
2023-03-16 21:19:37 +00:00
Devin Moore
fdaed41d46 Give dumpstate permissions to dump the sensor HAL
Test: adb shell dumpstate && check the bugreport
Bug: 273937310
Change-Id: I8c796dfe5fc1377a9eb14d62eee74f983b6442fc
2023-03-16 20:51:59 +00:00
Tri Vo
4bb2d30701 Remove RemoteProvisioner and remoteprovisioning services
Bug: 273325840
Test: keystore2_test
Change-Id: I295ccdda5a3d87b568098fdf97b0ca5923e378bf
2023-03-14 15:45:35 -07:00
Ye Jiao
10a639613a Fix SE policy violation of Wi-Fi vendor AIDL service
Wi-Fi vendor AIDL service uses NDK to register itself to service
manager. AServiceManager_registerLazyService registers an
IClientCallback to service manager. The callback is invoked when there
is a transition between having >= 1 clients and having 0 clients (or
vice versa). Please check IClientCallback.aidl. As a result servicemanager may
make binder call to Wi-Fi vendor AIDL service. Since this is not allowed
per current SE policies, "avc denied" occurred:

servicemanager: type=1400 audit(0.0:248): avc: denied { call } for scontext=u:r:servicemanager:s0 tcontext=u:r:hal_wifi_default:s0 tclass=binder permissive=0

We add SE policy for hal_wifi_default to allow binder call like this.

Bug: 270511173
Test: manually build and test, check logs for avc denied

Change-Id: Ia6fcf5fc1cafff0381fc9857805bdc61cc838c1e
2023-03-03 02:10:50 +00:00
Paul Lawrence
6b5da95419 Use kernel sys/fs/fuse/features/fuse_bpf flag to enable fuse_bpf
Bug: 262887267
Test: ro.fuse.bpf.is_running is true
Change-Id: I9c4a54e9ac232e9f35a6be5b3bcc3cc040d64b47
2023-03-01 14:45:57 -08:00
Neil Fuller
05f8ebe1db Allow timedetector_service access 4 ephemeral apps
Allow timedetector_service access for ephemeral apps.

The service call behind currentNetworkTimeClock() moved from
AlarmManager to TimeDetector.

Before this change, alarm_service is accessible by ephemeral apps but
timedetector_service is not. After this change, timedetector_service is
accessible by ephemeral apps, unbreaking the call.

The breakage was not previously noticed because the test involved does
not run in the ephemeral case because of restrictions around what test
infra can do in the ephemeral case. A recent test refactor tests the
method in a different way, revealing the issue.

Bug: 270788539
Test: run cts -m CtsOsTestCases -t android.os.cts.SystemClockNetworkTimeTest#testCurrentNetworkTimeClock
Change-Id: Iafdfb9f13d473bcc65c4e60733e57f1d25c511ab
2023-02-28 10:11:28 +00:00
Alice Wang
5e94b1698c [dice] Remove all the sepolicy relating the hal service dice
As the service is not used anywhere for now and in the near future.

Bug: 268322533
Test: m
Change-Id: I0350f5e7e0d025de8069a9116662fee5ce1d5150
2023-02-24 08:34:26 +00:00
Nathan Huckleberry
ffb9f8855a Allow vold to use FS_IOC_GET_ENCRYPTION_KEY_STATUS
This ioctl can be used to avoid a race condition between key
reinstallation and busy files clean up.

Test: Trigger busy file clean-up and ensure that the ioctl succeeds
Bug: 140762419

Change-Id: I153c2e7b2d5eb39e0f217c9ef8b9dceba2a5a487
2023-02-23 00:49:42 +00:00
Atneya Nair
b2ad5b058b Merge "Allow STHAL to read model params from system" 2023-02-22 18:11:28 +00:00