tequilaOS/platform_system_sepolicy

Author	SHA1	Message	Date
Jooyung Han	cae2368d2d	Set apex. property as "system_restricted" Since the property is supposed to be used by vendor-side .rc file as read-only (especially by vendor apex), it should be "system_restricted". Also allow vendor_init to read the property. Bug: 232172382 Test: boot cuttlefish (with vendor apex using the property) Change-Id: I502388e550e0a3c961a51af2e2cf11335a45b992	2022-09-02 18:11:33 +09:00
Alice Wang	40718f45d6	Allow getopt to eliminate warnings in MicrodroidBenchmarks tests This CL allows getopt in sepolicy to eliminate getopt denied warnings in MicrodroidBenchmarks tests, e.g. $ atest MicrodroidBenchmarks W FinalizerDaemon: type=1400 audit(0.0:625): avc: denied { getopt } for scontext=u:r:untrusted_app:s0:c163,c256,c512, c768 tcontext=u:r:virtualizationservice:s0 tclass=vsock_socket permissive=0 app=com.android.microdroid.benchmark Bug: 236123069 Test: atest MicrodroidBenchmarks Change-Id: I2ed94ae6beab60176d9fac85a0b818089d563427	2022-08-31 13:21:46 +00:00
Yixiao Luo	aa98f8a58c	Merge "TV Input HAL 2.0 sepolicy"	2022-08-26 23:19:24 +00:00
Thiébaud Weksteen	c0fef5c1ae	Merge "Remove wpantund and lowpan_service"	2022-08-25 23:57:20 +00:00
Yixiao Luo	e83ae791aa	TV Input HAL 2.0 sepolicy Bug: 227673740 Test: atest VtsHalTvInputTargetTest Change-Id: I53f6537a8f911661e368824a5a5dc5db57413980	2022-08-25 14:31:49 -07:00
Paul Crowley	283aef2860	Add ro.keystore.boot_level_key.strategy Bug: 241241178 Test: set property on Cuttlefish, check logs for strategy used. Change-Id: Ifaaec811316c43fdae232f9a08c5d862011ccc71	2022-08-24 21:38:36 -07:00
Bart Van Assche	aa9113f378	Remove bdev_type Bug: 202520796 Change-Id: If067a0fa51e97a4fc2c6b60864e4dc7c51abeded Signed-off-by: Bart Van Assche <bvanassche@google.com>	2022-08-23 16:01:17 -07:00
Hongguang	9515559657	Add properties to configure whether the lazy tuner is enabled. ro.tuner.lazyhal: system_vendor_config_prop to decide whether the lazy tuner HAL is enabled. tuner.server.enable: system_internal_prop to decide whether tuner server should be enabled. Bug: 236002754 Test: Check tuner HAL and framework behavior Change-Id: I6a2ebced0e0261f669e7bda466f46556dedca016	2022-08-23 07:01:05 +00:00
Thiébaud Weksteen	8439a1ff29	Remove wpantund and lowpan_service Bug: 235018188 Test: TH Change-Id: I0e2f03ad6d17f5d9223b2c500b6c3183835ec807	2022-08-22 14:09:01 +10:00
Treehugger Robot	e2dd659d7a	Merge "Allow clients read ramdump piped through virtualizationservice"	2022-08-19 08:29:05 +00:00
Treehugger Robot	bd0a3fadd6	Merge "Allow dumpstate to access fscklogs"	2022-08-19 01:43:43 +00:00
Jiyong Park	cca5402261	Allow clients read ramdump piped through virtualizationservice When a kernel panic occurs in a debug-enabled VM, a crashdump is created in the VM and then it is flushed to the per-VM host-side file /data/misc/virtualizationservice/<cid>/ramdump. Virtualizationservice then opens the file and sends the FD to the owning client. This change allows the client to read the ramdump via the FD. A client accessing ramdump of other VM is prohibited since opening the ramdump file is not allowed for the client; only virtualizationservice can do it. Furthermore, ramdumping will be enabled only for the debuggable VMs, which means reading it doesn't actually reveal any (true) secret. Bug: 238278104 Test: do the ramdump Change-Id: I50e1fa83b99e8f24c849e278710b38f6ff9a25be	2022-08-18 14:44:11 +00:00
Alessandra Loro	50fa5cd9a0	Merge "Disallow untrusted apps to read ro.debuggable and ro.secure"	2022-08-17 12:34:24 +00:00
Richard Chang	6d5bb236da	Merge "sepolicy: allow vendor system native boot experiments property"	2022-08-17 06:29:30 +00:00
Alessandra Loro	d0e108fbbe	Disallow untrusted apps to read ro.debuggable and ro.secure ro.secure and ro.debuggable system properties are not intended to be visible via Android SDK. This change blocks untrusted apps from reading these properties. Test: android.security.SELinuxTargetSdkTest Bug: 193912100 Change-Id: I40ac5d43da5778b5fa863b559c28e8d72961f831	2022-08-16 14:24:27 +00:00
Jaegeuk Kim	5e5abd6f4f	Allow dumpstate to access fscklogs Bug: 241641121 Signed-off-by: Jaegeuk Kim <jaegeuk@google.com> Change-Id: I4561775a277e26eaca1351c6e90add1e9adea8e5	2022-08-12 10:59:40 -07:00
Richard Chang	74334efa4b	sepolicy: allow vendor system native boot experiments property Grant system_server and flags_health_check permission to set the properties that correspond to vendor system native boot experiments. Bug: 241730607 Test: Build Merged-In: Idc2334534c2d42a625b451cfce488d7d7a651036 Change-Id: I3e98f1b05058245cad345061d801ecd8de623109	2022-08-11 08:03:42 +00:00
Edwin Wong	078df507dc	Merge "Enable dumpsys widevine without root" am: `b7529adf07` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2166095 Change-Id: I11291fea53e0d4be42390f2848e050d128eb9839 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-08-09 05:58:48 +00:00
Edwin Wong	b7529adf07	Merge "Enable dumpsys widevine without root"	2022-08-09 05:37:28 +00:00
Edwin Wong	9730877236	Enable dumpsys widevine without root Before the addition of sepolicy: Error with service 'android.hardware.drm.IDrmFactory/widevine' while dumping: FAILED_TRANSACTION Success after change. Test: adb shell dumpsys android.hardware.drm.IDrmFactory/widevine Bug: 238682056 Change-Id: I3817c9487bdec0c812690823cbb941cff80f394f	2022-08-05 02:55:28 +00:00
Steven Moreland	4e7418fcf2	Merge "remove vendor_service" am: `f4f8aa0d84` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2153809 Change-Id: I14b6dcca0344e56e4a94c081c1ab2d1d03193bd6 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-08-04 01:54:36 +00:00
Steven Moreland	f4f8aa0d84	Merge "remove vendor_service"	2022-08-04 01:35:27 +00:00
Thiébaud Weksteen	7700bb7f95	Merge "Remove dumpstate from exception for hal_attribute_service" am: `b478c02402` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2171082 Change-Id: Ic45b67c9ff104b859c5d4ce2c66e4395644a18e6 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-08-02 22:30:02 +00:00
Thiébaud Weksteen	b478c02402	Merge "Remove dumpstate from exception for hal_attribute_service"	2022-08-02 21:59:04 +00:00
Steven Moreland	5c587349fd	Merge "Fully prepare vendor_service removal." am: `46138cca6a` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2140049 Change-Id: Ib5f07ce54608fcb325c0ba5cc1402ab25e13c3fa Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-08-01 23:35:20 +00:00
Steven Moreland	46138cca6a	Merge "Fully prepare vendor_service removal."	2022-08-01 23:20:05 +00:00
Thiébaud Weksteen	b18a9d9b65	Remove dumpstate from exception for hal_attribute_service Bug: 240362192 Test: TH Change-Id: Ifb54a4467c56bc8aee49ac928f84d83863c0a2b9	2022-08-01 11:34:09 +10:00
Steven Moreland	99d79a5737	Merge "servicemanager started property" am: `560a947de8` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2161201 Change-Id: I37959f094a56b64a0e61141e8dca613a7294322d Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-07-29 18:48:10 +00:00
Steven Moreland	560a947de8	Merge "servicemanager started property"	2022-07-29 18:30:14 +00:00
Treehugger Robot	de453119e2	Merge "Update SELinux policy for app compilation CUJ." am: `9e2f8aa7a1` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2160660 Change-Id: I76e3fa493a483a85fec07fd77f8aba15e4136b49 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-07-29 17:48:30 +00:00
Treehugger Robot	9e2f8aa7a1	Merge "Update SELinux policy for app compilation CUJ."	2022-07-29 17:22:44 +00:00
Jiakai Zhang	c871c1cc75	Update SELinux policy for app compilation CUJ. - Adapt installd rules for app compilation. - Add profman rules for checking the profile before compilation. This is new behavior compared to installd. Bug: 229268202 Test: - 1. adb shell pm art optimize-package -m speed-profile -f \ com.google.android.youtube 2. See no SELinux denial. Change-Id: Idfe1ccdb1b27fd275fdf912bc8d005551f89d4fc	2022-07-29 14:07:52 +00:00
Steven Moreland	fd1eb68337	servicemanager started property If something starts before servicemanager does, intelligently wait for servicemanager to start rather than sleeping for 1s. Bug: 239382640 Test: boot Change-Id: If0380c3a1fce937b0939cd6137fcb25f3e47d14c	2022-07-28 17:09:14 +00:00
Treehugger Robot	b3cf5e6948	Merge "Use dump_hal() macro for HAL services" am: `f97d76d210` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2162565 Change-Id: Ic2256293a1379ba457df8e97df93610182d47716 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-07-27 08:22:13 +00:00
Treehugger Robot	f97d76d210	Merge "Use dump_hal() macro for HAL services"	2022-07-27 08:10:45 +00:00
Thiébaud Weksteen	33263a0869	Use dump_hal() macro for HAL services Sort the list of services alphabetically. Test: build & boot bramble Change-Id: I3dae597ae3780d7ac97bb8aeeeaf964b375cdf5e	2022-07-27 13:13:47 +10:00
Treehugger Robot	503b01cf7a	Merge "Remove 'vendor_service' neverallows." am: `7e53b6a8af` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2164691 Change-Id: Iba89cd312dcfa86c30175ff9ea79d12108986eee Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-07-26 12:53:18 +00:00
Treehugger Robot	7e53b6a8af	Merge "Remove 'vendor_service' neverallows."	2022-07-26 12:34:31 +00:00
Steven Moreland	ffaa4e883f	remove vendor_service Now that all users are cleaned up, this is unused. Bug: 237115222 Test: build Change-Id: I22a303194bb760a40dac0e306895c348c5ce7b7a	2022-07-25 22:21:40 +00:00
Steven Moreland	e6b2acbfc4	Fully prepare vendor_service removal. Removes all references to vendor_service in policy except the definition of this type, which also needs to be removed by clients. We don't need this because interface type shouldn't be associated with where they are served. We can serve HALs from anywhere if they are implemented in software. Bug: 237115222 Test: builds Change-Id: If370a904af81e015e7e1f7a408c4bfde2ebff9a4	2022-07-25 22:20:16 +00:00
Steven Moreland	7d2abdfce2	Remove 'vendor_service' neverallows. In preparation for removing 'vendor_service'. Bug: 237115222 Test: build Change-Id: I607eecfd3346906b9843ee028945eeb3c3586733	2022-07-25 22:20:02 +00:00
Treehugger Robot	08ebdc9892	Merge "Allow kernel to write to shell_data_file loop devices in userdebug builds." am: `5f3149434c` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2161336 Change-Id: Ia9d566090914d0f8786c900d0ca22b6d4d3bd97e Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-07-23 03:59:40 +00:00
Treehugger Robot	5f3149434c	Merge "Allow kernel to write to shell_data_file loop devices in userdebug builds."	2022-07-23 03:18:58 +00:00
David Anderson	e7cd1ef0be	Merge "Allow update_engine to inotify_add_watch dm-user device nodes." am: `23b5027d30` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2163416 Change-Id: Ifc9cfb1cec491584e3239ce1344f50c266192333 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-07-22 20:33:22 +00:00
David Anderson	b7bb3d0071	Allow update_engine to inotify_add_watch dm-user device nodes. inotify_add_watch requires read permissions and these were only granted to the /dev/block/dm-user directory, not the device nodes. Denial: avc: denied { read } for pid=1918 comm="update_engine" name="product_b-user-cow" dev="tmpfs" ino=162 scontext=u:r:update_engine:s0 tcontext=u:object_r:dm_user_device:s0 tclass=chr_file permissive=0 Bug: 238572067 Test: apply OTA Change-Id: I3fa7c9600873f4a2638fd140287511005f5aac1d	2022-07-21 12:47:46 -07:00
David Anderson	568fd1f0ad	Allow kernel to write to shell_data_file loop devices in userdebug builds. Tests around Virtual A/B, DSUs, remount etc need to create loop devices and write to them, which requires the kernel domain to have file write access. However there are very few contexts where this is allowed, and most are for testing. These testing locations are not consistently available (eg, /data/nativetest does not always exist). We already allow readonly loop devices in /data/local/tmp for testing purposes, so this adds write support as well (userdebug/eng only). Bug: 218976943 Test: fiemap_image_test Change-Id: Ic83ff5ef57241215240228ecaee3d9d07ff31d8e	2022-07-20 11:43:20 -07:00
Treehugger Robot	22f508a58e	Merge "Don't disallow vendor app hal_service_type" am: `9617447817` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2153808 Change-Id: Ica4bf13a474751efe61c5073165390a15d394338 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-07-19 18:39:53 +00:00
Steven Moreland	0ce7b3c92a	Don't disallow vendor app hal_service_type Currently, vendor_service is excluded from this neverallow for the same reason. However, the current plan is to remove vendor_service. Since some vendor HAL services are not marked as hal_service_type, this part of the change needs to be submitted independently in order to clean them up. Bug: 237115222 Test: build Change-Id: I7893184c4d1011881b721d0b851e07c17f73732b	2022-07-15 19:44:21 +00:00
Siarhei Vishniakou	5fc093f370	Allow dumping of InputProcessor HAL am: `889d8aa9a7` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2147322 Change-Id: I35913c59f0c1708ab59676534e964b26a798b9fc Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-07-11 19:26:56 +00:00
Siarhei Vishniakou	889d8aa9a7	Allow dumping of InputProcessor HAL In order to see the HAL state in bugreports, we need to allow the HAL to write to file where the dump is going. Bug: 237233372 Test: adb shell dumpsys android.hardware.input.processor.IInputProcessor/default Change-Id: Idf78269e4ee9798c078ac3b7ee4f375515d7aadc	2022-07-11 18:33:54 +00:00
Treehugger Robot	e36b5af694	Merge "Allow dumpstate to get InputProcessor traces" am: `2a3c76f09f` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2147021 Change-Id: I3e975e341d719997c4d1e269e8159534babc62fc Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-07-06 19:14:02 +00:00
Siarhei Vishniakou	c982ef878d	Allow dumpstate to get InputProcessor traces When the InputProcessor HAL is getting dumped, allow the dumpstate process to trigger the trace collection. In the future, we will also add a 'dump' facility to this HAL. Bug: 237347585 Bug: 237322365 Test: adb bugreport Change-Id: Iecc525c212c1b899962a032df9643bdd8b0dcdb6	2022-07-06 08:28:50 -07:00
Xin Li	b347e9fd52	Merge tm-dev-plus-aosp-without-vendor@8763363 Bug: 236760014 Merged-In: I036e48530e37f7213a21b250b858a37fba3e663b Change-Id: Ic7d4432aea1d37546d342df3e2157b9dc8207770	2022-06-27 23:40:18 +00:00
David Anderson	af348da192	Merge "Allow fastbootd to execute dmesg in userdebug builds."	2022-06-24 21:10:55 +00:00
Kelvin Zhang	f70d708544	Merge "Add proper permission for AIDL bootcontrol server"	2022-06-23 23:44:39 +00:00
Thiébaud Weksteen	091943f99d	Merge "Ignore access to /sys for dumpstate"	2022-06-23 13:22:45 +00:00
Maciej Żenczykowski	5c8461a277	much more finegrained bpf selinux privs for networking mainline am: `15715aea32` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/19039305 Change-Id: I0a8443a02956251a9d5da3bd582f711d0999fd08 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-06-23 11:15:50 +00:00
Maciej Żenczykowski	afa8ca689f	Merge "much more finegrained bpf selinux privs for networking mainline"	2022-06-23 11:05:03 +00:00
Almaz Mingaleev	0e70ea793f	Merge "Remove TZUvA feature."	2022-06-23 07:47:26 +00:00
Maciej Żenczykowski	b13921c3f0	much more finegrained bpf selinux privs for networking mainline Goal is to gain a better handle on who has access to which maps and to allow (with bpfloader changes to create in one directory and move into the target directory) per-map selection of selinux context, while still having reasonable defaults for stuff pinned directly into the target location. BPFFS (ie. /sys/fs/bpf) labelling is as follows: subdirectory selinux context mainline usecase / usable by / fs_bpf no () core operating system (ie. platform) /net_private fs_bpf_net_private yes, T+ network_stack /net_shared fs_bpf_net_shared yes, T+ network_stack & system_server /netd_readonly fs_bpf_netd_readonly yes, T+ network_stack & system_server & r/o to netd /netd_shared fs_bpf_netd_shared yes, T+ network_stack & system_server & netd [] /tethering fs_bpf_tethering yes, S+ network_stack /vendor fs_bpf_vendor no, T+ vendor initial support for bpf was added back in P, but things worked differently back then with no bpfloader, and instead netd doing stuff by hand, bpfloader with pinning into /sys/fs/bpf was (I believe) added in Q (and was definitely there in R) ** additionally bpf programs are accesible to netutils_wrapper for use by iptables xt_bpf extensions 'mainline yes' currently means shipped by the com.android.tethering apex, but this is really another case of bad naming, as it's really the 'networking/connectivity/tethering' apex / mainline module. Long term the plan is to merge a few other networking mainline modules into it (and maybe give it a saner name...). The reason for splitting net_private vs tethering is that: S+ must support 4.9+ kernels and S era bpfloader v0.2+ T+ must support 4.14+ kernels and T beta3 era bpfloader v0.13+ The kernel affects the intelligence of the in-kernel bpf verifier and the available bpf helper functions. Older kernels have a tendency to reject programs that newer kernels allow. / && /vendor are not shipped via mainline, so only need to work with the bpfloader that's part of the core os. Bug: 218408035 Test: TreeHugger, manually on cuttlefish Signed-off-by: Maciej Żenczykowski <maze@google.com> Change-Id: I674866ebe32aca4fc851818c1ffcbec12ac4f7d4 (cherry picked from commit `15715aea32`)	2022-06-22 16:07:42 -07:00
Maciej Żenczykowski	15715aea32	much more finegrained bpf selinux privs for networking mainline Goal is to gain a better handle on who has access to which maps and to allow (with bpfloader changes to create in one directory and move into the target directory) per-map selection of selinux context, while still having reasonable defaults for stuff pinned directly into the target location. BPFFS (ie. /sys/fs/bpf) labelling is as follows: subdirectory selinux context mainline usecase / usable by / fs_bpf no () core operating system (ie. platform) /net_private fs_bpf_net_private yes, T+ network_stack /net_shared fs_bpf_net_shared yes, T+ network_stack & system_server /netd_readonly fs_bpf_netd_readonly yes, T+ network_stack & system_server & r/o to netd /netd_shared fs_bpf_netd_shared yes, T+ network_stack & system_server & netd [] /tethering fs_bpf_tethering yes, S+ network_stack /vendor fs_bpf_vendor no, T+ vendor initial support for bpf was added back in P, but things worked differently back then with no bpfloader, and instead netd doing stuff by hand, bpfloader with pinning into /sys/fs/bpf was (I believe) added in Q (and was definitely there in R) ** additionally bpf programs are accesible to netutils_wrapper for use by iptables xt_bpf extensions 'mainline yes' currently means shipped by the com.android.tethering apex, but this is really another case of bad naming, as it's really the 'networking/connectivity/tethering' apex / mainline module. Long term the plan is to merge a few other networking mainline modules into it (and maybe give it a saner name...). The reason for splitting net_private vs tethering is that: S+ must support 4.9+ kernels and S era bpfloader v0.2+ T+ must support 4.14+ kernels and T beta3 era bpfloader v0.13+ The kernel affects the intelligence of the in-kernel bpf verifier and the available bpf helper functions. Older kernels have a tendency to reject programs that newer kernels allow. / && /vendor are not shipped via mainline, so only need to work with the bpfloader that's part of the core os. Ignore-AOSP-First: will be cherrypicked from tm-dev to aosp/master Bug: 218408035 Test: TreeHugger, manually on cuttlefish Signed-off-by: Maciej Żenczykowski <maze@google.com> Change-Id: I674866ebe32aca4fc851818c1ffcbec12ac4f7d4	2022-06-22 15:16:07 -07:00
Kelvin Zhang	65d6bf5391	Add proper permission for AIDL bootcontrol server Bug: 227536004 Test: th Change-Id: I6aff2742fb23bf7e7ce8d09493f02c4be9262fd3	2022-06-22 13:38:01 -07:00
Thiébaud Weksteen	5e8a384f5a	Ignore access to /sys for dumpstate avc: denied { read } for name="stat" dev="sysfs" ino=26442 scontext=u:r:dumpstate:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0 Bug: 236566714 Test: TH Change-Id: Id4e781908573607b28782fbb2da7cd553d6826fe	2022-06-23 01:48:23 +10:00
David Anderson	9a33615580	Allow fastbootd to execute dmesg in userdebug builds. This enables users to run "fastboot getvar dmesg" which is important to debugging flashing failures in automation. The command is only allowed on unlocked devices running userdebug builds. Bug: 230269532 Test: fastboot getvar dmesg Change-Id: Ia27268fd984f903ca73e69b5717f4206a3cf1ae9	2022-06-21 18:01:52 -07:00
Treehugger Robot	d1e6ba9a7b	Merge "SELinux configuration for memory safety device configs." am: `13b939a91a` am: `c0866fe311` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2120412 Change-Id: If4a0b99f14d37155a840c997cd36da4ecd334b2e Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-06-16 07:10:04 +00:00
Florian Mayer	7564cb1833	Merge "Add property for MTE permissive mode." am: `981f5581f6` am: `255cbf108a` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2101776 Change-Id: If09152789586c662abfa9cbabeecde200f786a0a Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-06-15 17:36:53 +00:00
Florian Mayer	5b3a8333af	SELinux configuration for memory safety device configs. These will get read by system libraries in arbitrary processes, so it's a public property with read access by `domain`. Bug: 235129567 Change-Id: I1ab880626e4efa2affe90165ce94a404b918849d	2022-06-15 10:34:54 -07:00
Florian Mayer	981f5581f6	Merge "Add property for MTE permissive mode."	2022-06-15 16:58:25 +00:00
Treehugger Robot	9c667a3cb6	Merge "Don't audit mnt_produt_file in dumpstate." am: `f31b1f45d5` am: `94b7580c3c` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2112768 Change-Id: I809bdff6f1bcff957269e84e0efcb50566dc1cfb Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-06-15 10:23:46 +00:00
Treehugger Robot	f31b1f45d5	Merge "Don't audit mnt_produt_file in dumpstate."	2022-06-15 09:42:49 +00:00
Florian Mayer	56af9a268a	Add property for MTE permissive mode. Bug: 202037138 Change-Id: I272996f124ca8391f9312150d1d8757751fe6acb	2022-06-14 10:21:25 -07:00
Neil Fuller	37888b33ba	Remove TZUvA feature. The feature was superseded by tzdata mainline module(s). Bug: 148144561 Test: see system/timezone Test: m selinux_policy Change-Id: I48d445ac723ae310b8a134371342fc4c0d202300 Merged-In: I48d445ac723ae310b8a134371342fc4c0d202300	2022-06-13 11:45:50 +00:00
Treehugger Robot	1f3e23185a	Merge "Remove the last traces of idmap (replaced by idmap2)" am: `850045ae07` am: `4ed1cb5a1e` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2122593 Change-Id: Ie6eab2f168e8587b6a3b7a94e3ce92098a16e3f4 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-06-13 07:58:39 +00:00
Treehugger Robot	850045ae07	Merge "Remove the last traces of idmap (replaced by idmap2)"	2022-06-13 07:19:11 +00:00
Devin Moore	92c36611e3	Merge "Add permissions for new netd AIDL HAL" am: `e47782171a` am: `ff958713a2` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2095165 Change-Id: I7d2b464664e78b2cb32820adef2595a248203969 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-06-10 20:30:09 +00:00
Mårten Kongstad	0547fb5ab2	Remove the last traces of idmap (replaced by idmap2) Remove mention of the /system/bin/idmap binary: the file no longer exists. Remove interaction between the domains installd and idmap to interact: installd used to fork and exec the idmap binary, but the idmap2 binary has its own binder service. Bug: 118711077 Bug: 119264713 Test: atest FrameworksServicesTests:com.android.server.om OverlayDeviceTests OverlayHostTests CtsAppSecurityHostTestCases:OverlayHostTest Change-Id: I06d22057308984e43cb84ff365dbdd1864c7064b	2022-06-10 12:58:21 +02:00
Devin Moore	309a355088	Add permissions for new netd AIDL HAL Netd is now serving an AIDL HAL to replace the old HIDL HAL. Bug: 205764585 Test: Boot and check for avc denials Change-Id: I1ca5ed4ff3b79f082ea2f6d3e81f60a64ca04855	2022-06-09 22:39:15 +00:00
Steven Terrell	06c506940e	Merge "Add System Property Controlling Animators"	2022-06-08 15:33:44 +00:00
Treehugger Robot	27945bccb0	Merge "Add sepolicy for IBootControl AIDL" am: `921af40c4b` am: `8fbf709eb0` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2050816 Change-Id: Ib687153be4608959548009903420a48def7e9891 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-06-08 10:32:27 +00:00
Treehugger Robot	921af40c4b	Merge "Add sepolicy for IBootControl AIDL"	2022-06-08 09:40:21 +00:00
Kelvin Zhang	187cb2c64c	Add sepolicy for IBootControl AIDL Test: th Bug: 227536004 Change-Id: I1206b4aae1aab904a76836c893ee583b5ce54624	2022-06-07 16:26:19 -07:00
Steven Terrell	879f41c5f2	Add System Property Controlling Animators Adding a new system property that will act as a toggle enabling/disabling the framework changes that were submitted to prevent leaked animators. Bug: 233391022 Test: manual. Merged-In: I57225feb50a3f3b4ac8c39998c47f263ae211b66 Change-Id: Ifc339efc1c3a5e19920b77d1f24bef19c39d5f44	2022-06-07 20:22:10 +00:00
Steven Terrell	399f831f56	Merge "Add System Property Controlling Animators" into tm-dev am: `6eb7171c4b` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/18565495 Change-Id: I0f8e5c4b1f876545c192812851b5d18c8897acfd Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-06-07 19:57:37 +00:00
Steven Terrell	6eb7171c4b	Merge "Add System Property Controlling Animators" into tm-dev	2022-06-07 19:49:48 +00:00
Jaihind Yadav	fd04d1e908	Don't audit mnt_produt_file in dumpstate. CTS testcase is failing because of the AVC denails for dumpstate trying to search mnt_product. Bug:234086759 Test: android.security.cts.SELinuxHostTest#testNoBugreportDenials Change-Id: I794de8c296992b1d3cdafdb802376870a0eecce7	2022-06-01 12:13:13 +00:00
Patrick Rohr	205c7123ea	sepolicy: allow TUNSETLINK and TUNSETCARRIER am: `02b55354bd` am: `df9cd0c7bd` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2112201 Change-Id: I5dae26e8b8a707368ab36330a9850bfd78a7cbb5 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-06-01 09:16:44 +00:00
Patrick Rohr	69fa8ca6f2	sepolicy: allow TUNSETLINK and TUNSETCARRIER This is required for testing new ethernet APIs in T. This change is not identical to the corresponding AOSP change because it also needs to update the T prebuilts. Test: TH Bug: 171872016 Merged-In: I1e6024d7d649be50aa2321543b289f81fcdfc483 (cherry picked from commit `02b55354bd`) Change-Id: I1d620bcd9b3d02c6acb45636bb862f40282f636d	2022-06-01 17:26:10 +09:00
Lorenzo Colitti	ee87a35010	Merge changes from topic "cherrypicker-L90100000954806085:N90400001269057103" into tm-dev * changes: Add xfrm netlink permissions for system server Fix system server and network stack netlink permissions	2022-06-01 07:47:45 +00:00
Patrick Rohr	02b55354bd	sepolicy: allow TUNSETLINK and TUNSETCARRIER This is required for testing new ethernet APIs in T. Test: TH Bug: 171872016 Change-Id: I1e6024d7d649be50aa2321543b289f81fcdfc483	2022-05-31 20:36:33 -07:00
Patrick Rohr	d0478822ce	Fix system server and network stack netlink permissions Give system_server and network_stack the same permissions as netd. This is needed as we are continuously moving code out of netd into network_stack and system_server. This change is not identical to the corresponding AOSP change because it also needs to update the T prebuilts. Test: TH Bug: 233300834 Change-Id: I9559185081213fdeb33019733654ce95af816d99 (cherry picked from commit `ab02397814`) Merged-In: I9559185081213fdeb33019733654ce95af816d99	2022-05-31 15:30:32 +09:00
Steven Terrell	bc844c5c2b	Add System Property Controlling Animators Adding a new system property that will act as a toggle enabling/disabling the framework changes that were submitted to prevent leaked animators. Bug: 233391022 Test: manual. Ignore-AOSP-First: planning to commit to tm-dev then cherry-pick over to AOSP later. Change-Id: I57225feb50a3f3b4ac8c39998c47f263ae211b66	2022-05-27 20:00:37 +00:00
Patrick Rohr	1c319bd326	Merge "Fix system server and network stack netlink permissions" am: `817d82bcf5` am: `3684e7af8f` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2101773 Change-Id: I17d97fba15dcee3cb4e0b5bbbab1d445bd3e4d0e Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-05-27 02:21:22 +00:00
Patrick Rohr	817d82bcf5	Merge "Fix system server and network stack netlink permissions"	2022-05-27 01:39:00 +00:00
Treehugger Robot	8e6f91863f	Merge "Allow zoned device support in f2fs" am: `a98ea3d8cf` am: `32d64b7b82` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2103273 Change-Id: I0d7e16bacdf9406d4fe1cb15b71875c8f774aefc Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-05-25 02:05:23 +00:00
Jaegeuk Kim	b0f5998f1d	Allow zoned device support in f2fs This patch allows ioctls() to support zoned device. Bug: 172377740 Signed-off-by: Jaegeuk Kim <jaegeuk@google.com> Change-Id: I69b322ceffd45c7e191d3a37e67ac7324c5b7ee2	2022-05-25 00:33:57 +00:00
Treehugger Robot	2a00925335	Merge "Allow sysfs_dm in fsck.f2fs" am: `c53f08e3b3` am: `21db6b734f` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2096867 Change-Id: I40166baf11dac05dcf8524aa4e9fb50752b514aa Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-05-24 20:56:55 +00:00
Treehugger Robot	c53f08e3b3	Merge "Allow sysfs_dm in fsck.f2fs"	2022-05-24 20:03:57 +00:00
Jaegeuk Kim	74a884b23f	Allow sysfs_dm in fsck.f2fs Commit ea9921f4f5b9 ("f2fs-tools: support zoned device in Android") in f2fs-tools supports zoned device in Android. When detecting the disk supports zoned device with proper types, we need to access its sysfs entry. Note that, we need to check sysfs entries by default for non-zoned disks in general as well. If a product doesn't use metadata encryption which sets a device mapper, vendor selinux needs to allow sysfs entries for raw disks such as sysfs_scsi_devices or sysfs_devices_block. avc: denied { search } for comm="fsck.f2fs" name="dm-44" dev="sysfs" ino=82102 scontext=u:r:fsck:s0 tcontext=u:object_r:sysfs_dm:s0 tclass=dir permissive=0 avc: denied { read } for comm="fsck.f2fs" name="zoned" dev="sysfs" ino=82333 scontext=u:r:fsck:s0 tcontext=u:object_r:sysfs_dm:s0 tclass=file permissive=0 Bug: 172377740 Signed-off-by: Jaegeuk Kim <jaegeuk@google.com> Change-Id: Iaa4dc9826b614b71b928c33ebc207afab96e586a	2022-05-23 15:05:12 -07:00
Jason Macnak	e902c95f7d	Merge "Add gpu_device access to hal_neuralnetworks" am: `b947c73850` am: `77e360b673` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2097238 Change-Id: I4c99bd8b3853df5ae819d6378f018ba46cd4ecd6 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-05-23 20:21:45 +00:00
Jason Macnak	b947c73850	Merge "Add gpu_device access to hal_neuralnetworks"	2022-05-23 19:20:42 +00:00
Patrick Rohr	ab02397814	Fix system server and network stack netlink permissions Give system_server and network_stack the same permissions as netd. This is needed as we are continuously moving code out of netd into network_stack and system_server. Test: TH Bug: 233300834 Change-Id: I9559185081213fdeb33019733654ce95af816d99	2022-05-19 22:07:49 -07:00
Treehugger Robot	3e78ff7f5d	Merge "Iorapd and friends have been removed" am: `f6fefa9d61` am: `74607b608e` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2098987 Change-Id: I6582ca6634d76a54e73900d76b9f3534cb04c192 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-05-19 09:57:40 +00:00
Treehugger Robot	f6fefa9d61	Merge "Iorapd and friends have been removed"	2022-05-19 08:58:37 +00:00
TreeHugger Robot	7467534c2c	Merge "Allow vendor_init to read device config vendor_system_native properties" into tm-dev am: `3669484abd` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/18400350 Change-Id: Ife1dbb50f5c07a1ee12bd9ec327dfe73e2cbeeaf Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-05-19 07:55:22 +00:00
Jeff Vander Stoep	b07c12c39d	Iorapd and friends have been removed Remove references in sepolicy. Leave a few of the types defined since they're public and may be used in device-specific policy. Bug: 211461392 Test: build/boot cuttlefish Change-Id: I615137b92b82b744628ab9b7959ae5ff28001169	2022-05-18 12:07:39 +02:00
Richard Chang	6c29066f65	Allow vendor_init to read device config vendor_system_native properties Let vendor_init can react Vendor System Native Experiment changes via persist.device_config.vendor_system_native.* properties. Bug: 223685902 Test: Build and check no avc denied messages in dmesg Change-Id: If69d1dab02d6c36cdb1f6e668887f8afe03e5b0e Merged-In: If69d1dab02d6c36cdb1f6e668887f8afe03e5b0e	2022-05-18 05:16:12 +00:00
Richard Chang	5eca1a0bf7	Allow vendor_init to read device config vendor_system_native properties Let vendor_init can react Vendor System Native Experiment changes via persist.device_config.vendor_system_native.* properties. Ignore-AOSP-First: Will cherry-pick Bug: 223685902 Test: Build and check no avc denied messages in dmesg Change-Id: If69d1dab02d6c36cdb1f6e668887f8afe03e5b0e	2022-05-18 05:09:21 +00:00
Joshua Mccloskey	4d7110412c	Merge "Add sysprops for virtual Fingerprint/Face HAL" am: `3fda68d6ca` am: `e0ae396b92` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2089003 Change-Id: I8621db1c764ae9bd99a373aaf9a280b6a40a5874 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-05-16 17:08:08 +00:00
Joshua Mccloskey	3fda68d6ca	Merge "Add sysprops for virtual Fingerprint/Face HAL"	2022-05-16 16:25:53 +00:00
Joshua McCloskey	f42a5c953b	Add sysprops for virtual Fingerprint/Face HAL Test: Manually verified virtual Fingerprint/Face HAL could set/get props Bug: 230514750 Change-Id: I7ab5ff81d128b486ef181824c67cfa0ded230e08	2022-05-13 22:52:50 +00:00
Richard Chang	ee5fc96178	Allow vendor services to access vendor_system_native_prop Bug: 226456604 Bug: 223685902 Test: Build Ignore-AOSP-First: Already merged in aosp/2083463 Merged-In: Icc11b9bf06fd0fb8069388ca5a32e8aedf1743a8 Change-Id: Ie95ca796656d7727540db67feef31e28e2c602b0	2022-05-13 17:57:18 +00:00
Jooyung Han	c316187ef9	Merge "Allow init to read apex-info-list.xml" am: `945c072d12` am: `ae70159c94` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2093007 Change-Id: I6b9c6169c5510713ce92bf83f1f9df5bd6d32bb7 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-05-13 03:55:36 +00:00
Jooyung Han	945c072d12	Merge "Allow init to read apex-info-list.xml"	2022-05-13 01:47:40 +00:00
Jason Macnak	21021194c4	Add gpu_device access to hal_neuralnetworks ... as this is needed for the hal to access and map gralloc buffers on devices such as Cuttlefish. Previously, this sepolicy is added in device specific directories but the Cuttlefish team is looking at centralizing the sepolicy. Bug: b/161819018 Test: `atest CtsNNAPITestCases` Test: `atest VtsHalNeuralnetworksV1_0TargetTest` Change-Id: Ia5b2704e2cdeedfa19d160e546d811b7d1c21aa9	2022-05-12 21:01:45 +00:00
Treehugger Robot	05de04b3df	Merge "sepolicy: allow new BINDER_GET_EXTENDED_ERROR ioctl" am: `4bcc5afecb` am: `c5741402c1` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1998994 Change-Id: I4ca17ef309d2f3ae1d7deaea4e19f457a50ba572 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-05-12 19:58:07 +00:00
Eric Biggers	5d94ce21db	Merge "Remove init's write access to /data/user and /data/media" am: `7fdc84a4df` am: `534c5b7fc7` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2095485 Change-Id: I1fce5e0a72107cb9e84c5b0a02d7ccd9d876cdab Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-05-12 19:57:48 +00:00
Treehugger Robot	4bcc5afecb	Merge "sepolicy: allow new BINDER_GET_EXTENDED_ERROR ioctl"	2022-05-12 19:22:55 +00:00
Eric Biggers	17369bef4a	Remove init's write access to /data/user and /data/media As a follow-up to https://r.android.com/2078213, remove init's write access to directories with type system_userdir_file or media_userdir_file. This has been made possible by moving the creation of /data/user/0 and /data/media/obb to vold. Bug: 156305599 Change-Id: Ib9f43f2b111518833efe08e8cacd727c75b80266	2022-05-12 00:19:29 +00:00
Carlos Llamas	630f915345	sepolicy: allow new BINDER_GET_EXTENDED_ERROR ioctl All domains using libbinder need access to this new ioctl in order to pull precise information upon failed binder operations. Bug: 28321379 Tested: clients can now use the ioctl through libbinder Signed-off-by: Carlos Llamas <cmllamas@google.com> Change-Id: I8d6e5ca6b133b934855a7545cc1a9786e2c4ad65	2022-05-10 04:20:09 +00:00
Jooyung Han	61079e06f2	Allow init to read apex-info-list.xml init should use subcontext (vendor_init) for actions/services from /{vendor, odm} partitions. However, when configs are from vendor APEXes, init can't tell whether the APEXes are from /{vendor, odm} just by looking at the config file paths. Instead, init can look up /apex/apex-info-list.xml for APEXes preinstalled paths to tell APEXes' original partition. Bug: 232021354 Test: atest CtsBluetoothTestCases (Cuttlefish has BT HAL APEX in /vendor) Change-Id: I8cb5d9eb3970790499ef1eb1ee00851591a42e98	2022-05-10 10:35:56 +09:00
Eric Biggers	971a048ec1	Merge "Restrict creating per-user encrypted directories" am: `b10cffe768` am: `d028b65ea0` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2078213 Change-Id: Ic4c288418c6744827f29121a02e81900674c7695 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-05-09 15:47:53 +00:00
Eric Biggers	9a5992336e	Restrict creating per-user encrypted directories Creating a per-user encrypted directory such as /data/system_ce/0 and the subdirectories in it too early has been a recurring bug. Typically, individual services in system_server are to blame; system_server has permission to create these directories, and it's easy to write "mkdirs()" instead of "mkdir()". Such bugs are very bad, as they prevent these directories from being encrypted, as encryption policies can only be set on empty directories. Due to recent changes, a factory reset is now forced in such cases, which helps detect these bugs; however, it would be much better to prevent them in the first place. This CL locks down the ability to create these directories to just vold and init, or to just vold when possible. This is done by assigning new types to the directories that contain these directories, and then only allowing the needed domains to write to these parent directories. This is similar to what https://r.android.com/1117297 did for /data itself. Three new types are used instead of just one, since these directories had three different types already (system_data_file, media_rw_data_file, vendor_data_file), and this allows the policy to be a bit more precise. A significant limitation is that /data/user/0 is currently being created by init during early boot. Therefore, this CL doesn't help much for /data/user/0, though it helps a lot for the other directories. As the next step, I'll try to eliminate the /data/user/0 quirk. Anyway, this CL is needed regardless of whether we're able to do that. Test: Booted cuttlefish. Ran 'sm partition disk:253,32 private', then created and deleted a user. Used 'ls -lZ' to check the relevant SELinux labels on both internal and adoptable storage. Also did similar tests on raven, with the addition of going through the setup wizard and using an app that creates media files. No relevant SELinux denials seen during any of this. Bug: 156305599 Change-Id: I1fbdd180f56dd2fe4703763936f5850cef8ab0ba	2022-05-05 04:12:46 +00:00
Richard Chang	1b95e83cb0	Merge "Allow vendor services to access vendor_system_native_prop" am: `0b25ca45cf` am: `31260126a0` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2083463 Change-Id: I1d3d7b9b69096a76a4c5ff33fc0a806a11f63767 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-05-03 09:11:03 +00:00
Richard Chang	af8fac1c56	Allow vendor services to access vendor_system_native_prop Bug: 226456604 Test: Build Change-Id: Icc11b9bf06fd0fb8069388ca5a32e8aedf1743a8	2022-05-03 04:19:07 +00:00
Jaegeuk Kim	f6f9740623	Allow shutdown /data Bug: 229406072 Signed-off-by: Jaegeuk Kim <jaegeuk@google.com> Change-Id: I7bdd9acd2e85311ecb59b3f0eb1f503a93e240ef Merged-In: I7bdd9acd2e85311ecb59b3f0eb1f503a93e240ef	2022-04-29 20:17:23 +00:00
Eric Biggers	39b18f6963	Merge "toolbox.te: remove unneeded FS_IOC_FS[GS]ETXATTR permission" am: `74e65cb878` am: `4cc45b3537` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2077301 Change-Id: Ida13a7a627603ffdcdc6b7f1770a92ff04e17e26 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-04-27 20:27:50 +00:00
Eric Biggers	52238a1e0c	toolbox.te: remove unneeded FS_IOC_FS[GS]ETXATTR permission These ioctls don't need to be allowed, as they'd only be needed to set project quota IDs. But this is only done by other domains (installd, vold, and mediaprovider_app). Probably it was originally planned for an init script to run 'chattr -p ID', but this didn't end up happening. This is a basically revert of commit `4de3228c46` ("Allow toolbox to set project quota IDs.") (https://r.android.com/1224007). Also remove an outdated comment at the top of the file. Test: booted Cuttlefish, no denials seen. Change-Id: If61179a35f419c6cbfcf1432a86b2c1375db71ed	2022-04-27 03:45:36 +00:00
Jaegeuk Kim	0c79bd6255	Merge "Allow shutdown /data" am: `9ca36ec91b` am: `41e521a784` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2072141 Change-Id: Ifa0403b3ab683731fbf5edeba1d1c73e44513641 Ignore-AOSP-First: this is an automerge Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-04-25 17:50:13 +00:00
Jaegeuk Kim	3a45ffec11	Allow shutdown /data Bug: 229406072 Signed-off-by: Jaegeuk Kim <jaegeuk@google.com> Change-Id: I7bdd9acd2e85311ecb59b3f0eb1f503a93e240ef	2022-04-22 09:34:02 -07:00
Felipe Leme	ba498b48bc	Merge "Allow apps to read system_user_mode_emulation_prop." am: `c696791a7f` am: `d221f197c2` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2072574 Change-Id: I8e01bac1b7708cee593163c65bb64164059826f0 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-04-22 16:02:28 +00:00
Felipe Leme	b85242c00f	Allow apps to read system_user_mode_emulation_prop. As it's used by UserManager... Test: sesearch --allow -s appdomain -t system_user_mode_emulation_prop $ANDROID_PRODUCT_OUT/vendor/etc/selinux/precompiled_sepolicy Bug: 226643927 Change-Id: I1134a9e0b8ae758e3ebef054b96f9e3237a2401f	2022-04-21 18:49:12 -07:00
Mitch Phillips	a4e951b3bf	Merge "[GWP-ASan] Add sysprop, allow shell and system apps to set it." am: `800e948e61` am: `e3256e3d21` am: `41949ce19f` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2040964 Change-Id: I93cc3b9a1ff2fe74bea47ed0e7898daf7fef4a4e Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-04-21 19:18:20 +00:00
Mitch Phillips	800e948e61	Merge "[GWP-ASan] Add sysprop, allow shell and system apps to set it."	2022-04-21 18:12:43 +00:00
Alistair Delva	ce19c41b8f	Merge "Adds GPU sepolicy to support devices with DRM gralloc/rendering"	2022-04-21 04:21:45 +00:00
Eric Biggers	02fbbfda85	Merge "vold.te: stop allowing use of keymaster HAL directly" am: `39b27b87ba` am: `60ac375f3a` am: `bbbe7065ff` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2065468 Change-Id: I9608f3e7740358e5bc276596f6f2c793c40aa3b7 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-04-20 19:33:12 +00:00
Treehugger Robot	ab3bbb8f39	Merge "Remove obsolete rule allowing installd to use fsverity ioctls" am: `12399e945e` am: `7fd8710e46` am: `765d9cbd6e` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2065527 Change-Id: I8bb8dcc11ed364acf78ad34bc5e70e09b5f22d45 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-04-20 06:21:10 +00:00
Eric Biggers	20dcec9d16	Merge "Remove some FDE rules and update comments" am: `b83a6d1168` am: `fa1f9cb2b8` am: `1eacebf142` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2065887 Change-Id: I98e0e9f1c6131617119aa966bb88d7ec229b1d66 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-04-20 06:14:22 +00:00
Eric Biggers	bf717e18f1	vold.te: stop allowing use of keymaster HAL directly Since Android 12, vold goes through the keystore daemon instead of using the keymaster HAL directly. Therefore, the SELinux rules that allow vold to use the keymaster HAL directly are no longer needed. Bug: 181910578 Change-Id: I8ecc47530cba82128c869ffd2fed9009dd7d5e05	2022-04-19 21:57:18 +00:00
Treehugger Robot	12399e945e	Merge "Remove obsolete rule allowing installd to use fsverity ioctls"	2022-04-19 20:49:43 +00:00
Jason Macnak	a93398051c	Adds GPU sepolicy to support devices with DRM gralloc/rendering ... such as Cuttlefish (Cloud Android virtual device) which has a DRM virtio-gpu based gralloc and (sometimes) DRM virtio-gpu based rendering (when forwarding rendering commands to the host machine with Mesa3D in the guest and virglrenderer on the host). After this change is submitted, changes such as aosp/1997572 can be submitted to removed sepolicy that is currently duplicated across device/google/cuttlefish and device/linaro/dragonboard as well. Adds a sysfs_gpu type (existing replicated sysfs_gpu definitions across several devices are removed in the attached topic). The uses of `sysfs_gpu:file` comes from Mesa using libdrm's `drmGetDevices2()` which calls into `drmParsePciDeviceInfo()` to get vendor id, device id, version etc. Bug: b/161819018 Test: launch_cvd Test: launch_cvd --gpu_mode=gfxstream Change-Id: I4f7d4b0fb90bfeef72f94396ff0c5fe44d53510c Merged-In: I4f7d4b0fb90bfeef72f94396ff0c5fe44d53510c	2022-04-18 17:30:56 -07:00
Jason Macnak	365024e53f	Adds GPU sepolicy to support devices with DRM gralloc/rendering ... such as Cuttlefish (Cloud Android virtual device) which has a DRM virtio-gpu based gralloc and (sometimes) DRM virtio-gpu based rendering (when forwarding rendering commands to the host machine with Mesa3D in the guest and virglrenderer on the host). After this change is submitted, changes such as aosp/1997572 can be submitted to removed sepolicy that is currently duplicated across device/google/cuttlefish and device/linaro/dragonboard as well. Adds a sysfs_gpu type (existing replicated sysfs_gpu definitions across several devices are removed in the attached topic). The uses of `sysfs_gpu:file` comes from Mesa using libdrm's `drmGetDevices2()` which calls into `drmParsePciDeviceInfo()` to get vendor id, device id, version etc. Ignore-AOSP-First: must be submitted in internal as a topic first to avoid having duplicate definitions of sysfs_gpu in projects that are only available in internal Bug: b/161819018 Test: launch_cvd Test: launch_cvd --gpu_mode=gfxstream Change-Id: I4f7d4b0fb90bfeef72f94396ff0c5fe44d53510c Merged-In: I4f7d4b0fb90bfeef72f94396ff0c5fe44d53510c	2022-04-18 12:56:38 -07:00
Eric Biggers	9bf0a0c141	Remove some FDE rules and update comments Now that FDE (Full Disk Encryption) is no longer supported, the SELinux policy doesn't need to support it. Remove two rules that are no longer needed. Also update some comments that implied that other rules were needed only because of FDE support, when actually they are still needed for other reasons. Finally, fix some outdated documentation links. Bug: 208476087 Change-Id: I4e03dead91d34fcefdfcdc68d44dd97f433d6eaf	2022-04-15 21:06:51 +00:00
Eric Biggers	7be3e86f48	Remove obsolete rule allowing installd to use fsverity ioctls The code that needed this was removed by https://r.android.com/1977357. Bug: 120629632 Change-Id: I771a0f93b28c9b44715c718eaf534a8a65f2ae30	2022-04-15 01:03:28 +00:00
Xinyi Zhou	2c05b69417	Change nearby from system_api_service to app_api_service am: `791567ece6` am: `4bf6ea7727` am: `223c2b078b` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2064652 Change-Id: I2dc8d8ceb3d4e5d82b81d1980579c63ca3ca5fff Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-04-14 18:23:57 +00:00
Xinyi Zhou	791567ece6	Change nearby from system_api_service to app_api_service This fixes CTS tests where NearbyManager is null because of SELinux is in enforcing mode. Detailed explanation: https://docs.google.com/document/d/1CiGn7Vg6LYwrMFvWonuK3fhNDCG5Sm4uCvefkvqpDcY/edit?usp=sharing NearbyManager APIs are using BLUETOOTH_PRIVILEDGED permission so only System apps can use them. Fix: 228273869 Test: -m Change-Id: I091fbea408cea52e934cb6a3917226fb1b2adbc4	2022-04-13 21:18:47 -07:00
Mitch Phillips	8cd32cd93e	[GWP-ASan] Add sysprop, allow shell and system apps to set it. Bug: 219651032 Test: atest bionic-unit-tests Change-Id: Ic4804ce0e4f3b6ba8eb8d82aca11b400b45c03dc	2022-04-12 13:20:05 -07:00
Kalesh Singh	ae50165897	Merge changes from topic "mglru-exp" am: `6ba41462d5` am: `65164b314d` am: `0c82758926` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2056411 Change-Id: I319daa2c5e8b58e67eb3f5685dfba87836cf5f20 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-04-12 14:43:26 +00:00
Kalesh Singh	6ba41462d5	Merge changes from topic "mglru-exp" * changes: Add sepolicy for Multi-Gen LRU sysfs control Add sepolicy for mglru_native flag namespace	2022-04-12 13:48:48 +00:00
Kalesh Singh	98f63495b2	Add sepolicy for Multi-Gen LRU sysfs control init is allowed to enable/disable MG-LRU. Bug: 227651406 Bug: 228525049 Test: setprop persist.device_config.mglru_native.lru_gen_config Test: verify no avc denials in logcat Change-Id: I20223f3628cb6909c3fd2eb2b821ff2d52202dd2	2022-04-08 13:37:50 -07:00
Lorenzo Colitti	ce493bd00d	Merge "Connectivity Native AIDL interface Sepolicy" am: `bf8af42bf5` am: `5ef1893f50` am: `4d7cd06a40` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1943988 Change-Id: I330642784c6fddd6949a55156d1fa6b198425a4a Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-04-01 22:36:20 +00:00
Lorenzo Colitti	bf8af42bf5	Merge "Connectivity Native AIDL interface Sepolicy"	2022-04-01 21:46:37 +00:00
Neha Pattan	1838513cca	Merge "Sepolicy changes for adding new system service for AdServices." am: `dcb324bdb3` am: `e5d6614096` am: `c5c329718a` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2046744 Change-Id: I6f1d6ee7b30e7d6a5f26282268b4a56fa57cb873 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-04-01 19:33:33 +00:00
Neha Pattan	dcb324bdb3	Merge "Sepolicy changes for adding new system service for AdServices."	2022-04-01 18:38:07 +00:00
Andy Yu	1055581f7a	Merge "Add label and permission for game_mode_intervention.list" am: `6a10d563ea` am: `e4e8932d22` am: `7c187abfea` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2045643 Change-Id: Iad6e7ea44a3c98823c7121e554764b64130cb620 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-03-30 20:27:27 +00:00
Andy Yu	6a10d563ea	Merge "Add label and permission for game_mode_intervention.list"	2022-03-30 19:35:59 +00:00
Andy Yu	8337d04202	Add label and permission for game_mode_intervention.list Bug: 219543620 Doc: go/game-dashboard-information-to-perfetto Test: TBD Change-Id: Ic6622aadef05e22c95d4ba739beed0e6fa1f3a38	2022-03-29 14:12:14 -07:00
Adam Shih	7357fdc82d	Merge "suppress su behavior when running lsof" am: `8296a542fe` am: `213d717fc4` am: `19863ea4df` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2044870 Change-Id: Ia4ec5d797c84663f5d772d170236173756f6f151 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-03-29 06:25:03 +00:00
Neha Pattan	64ef8be1de	Sepolicy changes for adding new system service for AdServices. Test: build Bug: 216375107 Change-Id: I238ac3f8966ce05768aef17bd05217a9772cf2f3	2022-03-28 19:26:50 +00:00
Adam Shih	ae4dbf54d8	suppress su behavior when running lsof Relevant error logs show up when dumpstate do lsof using su identity: RunCommand("LIST OF OPEN FILES", {"lsof"}, CommandOptions::AS_ROOT); This is an intended behavior and the log is useless for debugging so I suppress them. Bug: 226717429 Test: do bugreport with relevant error gone. Change-Id: Ide03315c1189ae2cbfe919566e6b97341c5991bb	2022-03-28 05:55:41 +00:00
Mikhail Naganov	d08f5c240f	Merge "Add AIDL audio HAL service to SEPolicy" am: `1704f61dcf` am: `ba497daa6c` am: `3cb68e23a1` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2040968 Change-Id: Ice3516fe2dc57fd35c0b2c67b8cf9e397e2d3018 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-03-25 23:24:33 +00:00
Mikhail Naganov	1704f61dcf	Merge "Add AIDL audio HAL service to SEPolicy"	2022-03-25 22:23:40 +00:00
Treehugger Robot	ba6b6196ff	Merge "Add search in bpf directory for bpfdomains" am: `d796c9eb6c` am: `383b9f8467` am: `ffb744699e` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2034669 Change-Id: I9f0fe5f591f8195b96eb84a570507760581c2af8 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-03-25 21:23:39 +00:00
Treehugger Robot	d796c9eb6c	Merge "Add search in bpf directory for bpfdomains"	2022-03-25 20:32:15 +00:00
Treehugger Robot	c97d76e491	Merge "Remove media crash neverallow exception." am: `34f4ca820f` am: `a5003227d3` am: `a7b911daf6` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2027103 Change-Id: I1635dcb6ffd32050fa9f18f3f0163f4dda2d86b2	2022-03-24 12:21:29 +00:00
Treehugger Robot	34f4ca820f	Merge "Remove media crash neverallow exception."	2022-03-24 11:22:39 +00:00
Mikhail Naganov	676da7273f	Add AIDL audio HAL service to SEPolicy This adds the two top interfaces: IConfig and IModule to service context, allows the HAL service to call Binder, and registers the example implementation service executable. Bug: 205884982 Test: m Change-Id: I322e813c96123167ea29b6c25a08ec9677c9b4d1	2022-03-24 01:39:29 +00:00
Gary Jian	1527fda402	Merge "Allow system_app to access radio_config system properties" am: `ee0b51e099` am: `c19e667cbd` am: `b3c40d2a23` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2024724 Change-Id: Ia43175b3e4073a065c7ea7515216f5a1cc8e202d	2022-03-23 06:56:18 +00:00
Adam Shih	f3c203bd9f	Merge "suppress su behavior when running lsof" am: `92f87ac0b9` am: `052730e12c` am: `f7de4bd498` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2038023 Change-Id: I6613f2d8da09ecbbe49052d95f1cb31837e0156b	2022-03-23 05:52:50 +00:00
Gary Jian	ee0b51e099	Merge "Allow system_app to access radio_config system properties"	2022-03-23 05:46:22 +00:00
Treehugger Robot	5f8eb928e9	Merge "Allow init to relabelto console_device" am: `3a8977155c` am: `5cc5fc4d31` am: `aecb8dbfb6` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2035646 Change-Id: Ie53faddd95bdd5aa268d83f2cb31cf701d535710	2022-03-23 05:18:51 +00:00
Adam Shih	92f87ac0b9	Merge "suppress su behavior when running lsof"	2022-03-23 05:03:02 +00:00
Treehugger Robot	3a8977155c	Merge "Allow init to relabelto console_device"	2022-03-23 04:29:53 +00:00
Adam Shih	643d2439c2	suppress su behavior when running lsof Relevant error logs show up when dumpstate do lsof using su identity: RunCommand("LIST OF OPEN FILES", {"lsof"}, CommandOptions::AS_ROOT); This is an intended behavior and the log is useless for debugging so I suppress them. Bug: 225767289 Test: do bugreport with no su related avc errors Change-Id: I0f322cfc8a461da9ffb17f7493c6bbdc58cce7b6	2022-03-23 10:52:00 +08:00
Ocean Chen	7eae0544a4	Merge "Add persist.device_config.storage_native_boot.smart_idle_maint_enabled property policies" am: `b299b79473` am: `eeeb06a4ee` am: `1739c39853` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2030532 Change-Id: Ib7cf6da50ce19e543e10cd4c76be28f2190d5798	2022-03-23 02:47:01 +00:00
Ocean Chen	b299b79473	Merge "Add persist.device_config.storage_native_boot.smart_idle_maint_enabled property policies"	2022-03-23 01:51:08 +00:00
Shikha Malhotra	3a0a549d44	Merge "Added permission to allow for ioctl to be added to install_data_file" am: `b00341ad1e` am: `9e7c0e6ead` am: `14218bf4d3` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2030123 Change-Id: I02c2e50b2cc02dc5107643bb07d564dc3f214f25	2022-03-22 17:05:46 +00:00
Shikha Malhotra	b00341ad1e	Merge "Added permission to allow for ioctl to be added to install_data_file"	2022-03-22 16:32:40 +00:00
Stephane Lee	a499a7a280	Merge "Add sepolicies to allow hal_health_default to load BPFs." am: `68e028b731` am: `affee5160d` am: `7529345cfd` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2020276 Change-Id: I4265c46b275c8ad9d859b80f877f5173b23bd534	2022-03-22 16:11:51 +00:00
Stephane Lee	68e028b731	Merge "Add sepolicies to allow hal_health_default to load BPFs."	2022-03-22 15:29:20 +00:00
Inseob Kim	85091cd806	Allow init to relabelto console_device Init will try restorecon /dev/console, together with /dev, at the second stage boot. Bug: 193118220 Test: atest MicrodroidHostTestCases Change-Id: Ie9796368b54bb0773eabf5ff6feb2b4aa41d0bfa	2022-03-22 22:11:03 +09:00
Ocean Chen	63e6e1dc02	Add persist.device_config.storage_native_boot.smart_idle_maint_enabled property policies Add policies to set persist.device_config.storage_native_boot.smart_idle_maint_enabled property. Bug: 202283480 Bug: 181079477 Bug: 215443809 Change-Id: I998e6dca950a8ceebb5fbc39568e3e8d6b86e8ce	2022-03-22 08:33:40 +00:00
Yi-yo Chiang	6867f096c4	Merge "Add proc_cmdline read permission to read_fstab" am: `bc3f8b3486` am: `c58b9fc8ad` am: `35386f8a93` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2033184 Change-Id: I194331fbf2393652784dfceb376530118d5235e6	2022-03-22 03:23:48 +00:00
Stephane Lee	b30e888b5c	Add search in bpf directory for bpfdomains Bug: 203462310 Test: Ensure that associated BPFs can be loaded Change-Id: I317a890abb518cf4ac47cd089e882315434342ce	2022-03-21 17:31:17 -07:00
Stephane Lee	52862a32c1	Add sepolicies to allow hal_health_default to load BPFs. Bug: 203462310 Test: Ensure that the BPF filter can be loaded Change-Id: Ib507d4c1718dd56fb336501ed7598de7b44a687b	2022-03-21 12:54:49 -07:00
Yi-Yo Chiang	cdd95be894	Add proc_cmdline read permission to read_fstab ReadDefaultFstab() calls fs_mgr_get_boot_config() which could read /proc/bootconfig and /proc/cmdline. Bug: 225310919 Test: TH presubmit Change-Id: Ibe66a41d0d74d7b71dc70436af68b7a7eed721b6	2022-03-20 16:35:19 +08:00
Shikha Malhotra	7c81cab94e	Added permission to allow for ioctl to be added to install_data_file This is in addition to allowing setting of extended attributes (for project quota IDs) on files and dirs and to enable project ID inheritance through FS_IOC_SETFLAGS Bug: b/215154615 Test: atest installd/StorageHostTest Test: atest installd/installd_service_test.cpp Change-Id: I769ae7ed110175dbb5d511a4345c57057d71ae64	2022-03-17 10:53:13 +00:00
Bram Bonne	b93f26fd89	Move sdk_sandbox sepolicy to AOSP. Bug: 224796470 Bug: 203670791 Bug: 204989872 Bug: 211761016 Bug: 217543371 Bug: 217559719 Bug: 215105355 Bug: 220320098 Test: make, ensure device boots Change-Id: Ia96ae5407f5a83390ce1b610da0d49264e90d7e2 Merged-In: Ib085c49f29dab47268e479fe5266490a66adaa87 Merged-In: I2215ffe74e0fa19ff936e90c08c4ebfd177e5258 Merged-In: I478c9a16032dc1f1286f5295fc080cbe574f09c9 Merged-In: Ibf478466e5d6ab0ee08fca4da3b4bae974a82db0 Merged-In: I5d519605d9fbe80c7b4c9fb6572bc72425f6e90a Merged-In: I05d2071e023d0de8a93dcd111674f8d8102a21ce Merged-In: I6572a7a5c46c52c9421d0e9c9fc653ddbd6de145 Merged-In: I1b6d1a778cb658bdfd930b684e4ba0640031b226 Merged-In: I9fb98e0caee75bdaaa35d11d174004505f236799	2022-03-17 10:22:33 +01:00
Jaegeuk Kim	9ca7b96fc3	SELinux policy for /dev/sys/block/by-name/rootdisk am: `be66c59171` am: `7592330707` am: `e1d9f6d0fe` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2006729 Change-Id: Iabc3077691cc91c6071761c474f3a8b9b2fa4e61	2022-03-16 23:22:21 +00:00
Jaegeuk Kim	be66c59171	SELinux policy for /dev/sys/block/by-name/rootdisk Signed-off-by: Jaegeuk Kim <jaegeuk@google.com> Change-Id: I550dfb5649ccb5ca61ea5abbf730bd84756f047e	2022-03-16 11:04:39 -07:00
Alan Stokes	807162fe31	Remove redundant sepolicy am: `7bde36e94e` am: `e61cf0a4a5` am: `7af9000b77` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2026608 Change-Id: Iede7911169de5d49d43b60b9a9211c8b7febf574	2022-03-16 10:06:50 +00:00
Steven Moreland	7fd8933f0c	Remove media crash neverallow exception. Unneeded. Bug: N/A Test: compile time Change-Id: I0557794a33ae942bd7764d5e41515d7d4bb77ed6	2022-03-15 18:02:36 +00:00
Alan Stokes	7bde36e94e	Remove redundant sepolicy We don't use MLS in Microdroid, so we don't need MLS rules, nor mlstrusted[subject\|object] labels. (We keep one MLS rule to satisfy checkpolicy.) A lot of attributes are unused in Microdroid, so we can remove their declarations and any references to them. (That may not make the compiled policy smaller, since hopefully they get optimised out anyway, but it means there is less policy for humans to deal with.) Remove labels that relate only to apps, which we don't have - MAC permissions, run-as, seapp_contexts. In passing, fix a comment snafu in both system & microdroid policy. Bug: 223596375 Test: Run staged-apex-compile & compos_verify, no denials Test: atest MicrodroidTests MicrodroidHostTestCases Change-Id: Ifd3589945a2d8b4c0361e00eec5678795513fd8c	2022-03-15 15:43:50 +00:00
Gary Jian	874dd08030	Allow system_app to access radio_config system properties Bug: 220995034 Test: manual Change-Id: Ib71e45c74b5f561ca40548de6aa36c5f7044ecd1	2022-03-15 14:58:03 +08:00
Carlos Llamas	f6be743d0e	Merge "sepolicy: allow access to binderfs feature files" am: `82a5ceb80c` am: `21d01b7bb6` am: `bf8b11fe42` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1998993 Change-Id: I768ca3460466752d9d4dc19906f58e688cb5b750	2022-03-10 06:32:13 +00:00
Carlos Llamas	75821321c7	sepolicy: allow access to binderfs feature files The binder driver now advertises the features it supports through individual files under /dev/binderfs/features/*. Let all domains have access to these files to determine how to interact with the driver. Bug: 191910201 Tested: clients are able to read feature files via libbinder Signed-off-by: Carlos Llamas <cmllamas@google.com> Change-Id: Ice5de9efee74e571ef0a23ce093af162fc3b276e	2022-03-09 08:55:10 -08:00
Shikha Malhotra	dec9767d04	Merge "Adding more permission for selinux to some attributes and flags" am: `2df2acd1e8` am: `e790959c0f` am: `41c72af5e3` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1933140 Change-Id: Ib642508925521387cf911ab26e107f6de6fc9350	2022-03-09 10:48:01 +00:00
Shikha Malhotra	2df2acd1e8	Merge "Adding more permission for selinux to some attributes and flags"	2022-03-09 08:19:09 +00:00
Evan Rosky	45a0b3a858	Merge "Add a persist.wm.debug property type and associated permissions" am: `bd4cd1ac70` am: `ded5bd867f` am: `9a2c7ceb13` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2005839 Change-Id: I2a56ce8dc08c16b3652387d57b12448c8a057310	2022-03-08 03:01:17 +00:00
Evan Rosky	5cfdf2bd6e	Add a persist.wm.debug property type and associated permissions This is intended for wm properties related to wmshell/sysui. Using this context allows sysui to manipulate these properties in debug builds. Bug: 219067621 Test: manual Change-Id: I5808bf92dbba37e9e6da5559f8e0a5fdac016bf3	2022-03-07 19:44:59 +00:00
Nikita Ioffe	1bd088d1d0	Merge "Rename SupplementalProcess to SdkSandbox" into tm-dev	2022-03-01 17:07:16 +00:00
Robert Shih	480ed0f632	Merge "Allow dumpstate to call dump() on drm hals" am: `9846fb4082` am: `5869511f62` am: `d74671eba8` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2000271 Change-Id: I57c2996ac08da6d456793a8f23cc733b70dcdeb2	2022-02-25 20:29:45 +00:00
Robert Shih	bf4d7522d7	Allow dumpstate to call dump() on drm hals Bug: 220996660 Test: adb bugreport Change-Id: I222c5e845d481dd9f3dcf796d50ca91c6174a023	2022-02-25 06:07:53 +00:00
Tyler Wear	691def4fd5	Connectivity Native AIDL interface Sepolicy Sepolicy files for new ConnectivityNative service. This is a new service implemented in java accessible from native code. Stable aidl is used to avoid having to manually write the unparcling code in two different languages. A new service is required because there is no connectivity service in the system server that exposes a stable aidl interface. Bug: 179733303 Change-Id: If2372712a4a8ac7b0631a2195aabc910d1a829cc	2022-02-24 08:53:13 -08:00
Alan Stokes	acd6ba29f9	Allow piping console output to clients am: `23161e51cc` am: `d4f00ed894` am: `dafeb398e6` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1997006 Change-Id: I594edf2a21ace103f68cec5be2f6ddd036284d81	2022-02-24 10:58:27 +00:00
Nikita Ioffe	e2da633ef7	Rename SupplementalProcess to SdkSandbox Ignore-AOSP-First: sepolicy is not in aosp, yet Bug: 220320098 Test: presubmit Change-Id: I9fb98e0caee75bdaaa35d11d174004505f236799	2022-02-23 20:44:20 +00:00
Alan Stokes	23161e51cc	Allow piping console output to clients Any virtualization service client should be able to use a pipe for the VM log fds. We previously had some support for this in crosvm (but appdomain is the wrong label), but not for virtualizationservice. Instead I've centralised it in the virtualizationservice_use macro so it applies to exactly those things that can start a VM. I've removed read permission from crosvm; it doesn't seem to be needed, and logically it shouldn't be. Test: Patch in https://r.android.com/1997004, see no denials Change-Id: Ia9cff469c552dd297ed02932e9e91a5a8cc2c13f	2022-02-23 17:28:49 +00:00
Treehugger Robot	e69edec168	Merge "Allow hal_graphics_composer to write to a pipe We would like SurfaceFlinger to be able to create a pipe and provide the write-end to the graphics composer to dump debug info for dumpsys. Bug: 220171623 Test: atest VtsHalGraphicsComposer3_TargetTest Test: adb shell dumpsys SurfaceFlinger Test: adb shell dumpsys android.hardware.graphics.composer3.IComposer/default" am: `5beaf4adfb` am: `8d1ef06ab3` am: `11b45863c9` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1991020 Change-Id: Ie057e41548f3cb971e615e439944198e3db6b627	2022-02-22 19:14:09 +00:00
Shikha Malhotra	ddfb8a99cc	Adding more permission for selinux to some attributes and flags Test: atest installd/StorageHostTest Test: atest installd/installd_service_test.cpp Change-Id: I7a2d4055b7e4050394304a92279c595d2153da23	2022-02-19 14:35:55 +00:00
Ady Abraham	3f045e296e	Allow hal_graphics_composer to write to a pipe We would like SurfaceFlinger to be able to create a pipe and provide the write-end to the graphics composer to dump debug info for dumpsys. Bug: 220171623 Test: atest VtsHalGraphicsComposer3_TargetTest Test: adb shell dumpsys SurfaceFlinger Test: adb shell dumpsys android.hardware.graphics.composer3.IComposer/default Change-Id: Ie2cbe76fb0d224235a8ea99f68a20e2139e1cc56	2022-02-19 01:09:41 +00:00
Thiébaud Weksteen	e7d529fed6	Merge "Associate hal_service_type with all HAL services" am: `b18abcdd51` am: `71b8ad6234` am: `351e89d5d3` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1987147 Change-Id: I7220245e469f58126ea4af0744690f907e9d2928	2022-02-18 10:07:48 +00:00
Thiébaud Weksteen	373cf3ba8e	Associate hal_service_type with all HAL services By default, HAL's services are not accessible by dumpstate. HIDL implementations were silenced via a dontaudit on hwservice_manager. But AIDL implementations will trigger a denial, unless authorized via `dump_hal`. Mark all HAL services with a new attribute `hal_service_type` so they can be ignored by dumpstate. Test: m selinux_policy Bug: 219172252 Change-Id: Ib484368fdeff814d4799792d57a238d6d6e965fd	2022-02-16 10:49:21 +11:00
Ramji Jiyani	982c6d39a2	Merge "system_dlkm: sepolicy: add system_dlkm_file_type" am: `ba8615a186` am: `86cfb85d49` am: `b925768cb3` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1978574 Change-Id: I17438ed404b798434e5cee28981ebd2b78b48e98	2022-02-11 19:24:08 +00:00
Daniel Norman	d309c7225c	Merge "Expose the APEX multi-install props to non-root `getprop`." am: `ea98866236` am: `17327ac36a` am: `004827ac14` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1965921 Change-Id: Ie247ac133be1573e4d8c3f1978b81e59729b4106	2022-02-11 19:23:55 +00:00
Ramji Jiyani	ba8615a186	Merge "system_dlkm: sepolicy: add system_dlkm_file_type"	2022-02-11 18:36:04 +00:00
Daniel Norman	ea98866236	Merge "Expose the APEX multi-install props to non-root `getprop`."	2022-02-11 18:25:27 +00:00
Ramji Jiyani	4a556890f9	system_dlkm: sepolicy: add system_dlkm_file_type Add new attribute system_dlkm_file_type for /system_dlkm partition files. Bug: 218392646 Bug: 200082547 Test: TH Signed-off-by: Ramji Jiyani <ramjiyani@google.com> Change-Id: I193c3f1270f7a1b1259bc241def3fe51d77396f3	2022-02-11 04:19:33 +00:00
Treehugger Robot	a77159c365	Merge changes from topic "revert-1979386-revert-1967140-EVS_sepolicy_updates_T-MBLQTXKQEY-UVTCTRHQWF" am: `48f59f9ec2` am: `33f3804491` am: `35d788475c` am: `05ef2c2c88` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1978173 Change-Id: Id411487bab280f9c0e5d5f575ec8d9e3154fd447	2022-02-10 22:06:17 +00:00
Treehugger Robot	48f59f9ec2	Merge changes from topic "revert-1979386-revert-1967140-EVS_sepolicy_updates_T-MBLQTXKQEY-UVTCTRHQWF" * changes: Revert^2 "Updates sepolicy for EVS HAL" Revert^2 "Adds a sepolicy for EVS manager service"	2022-02-10 20:50:42 +00:00
Changyeon Jo	eacb1095a8	Revert^2 "Updates sepolicy for EVS HAL" `418f41ad13` Bug: 216727303 Test: m -j selinux_policy on failed targets reported in b/218802298 Change-Id: Iec8fd2a1e9073bf3dc679e308407572a8fcf44d9	2022-02-10 17:21:54 +00:00
Changyeon Jo	8c12609bce	Revert^2 "Adds a sepolicy for EVS manager service" `0137c98b90` Bug: 216727303 Test: m -j selinux_policy on failed targets reported in b/218802298 Change-Id: I2ae2fc85a4055f2cb7d19ff70b120e7b7ff0957d	2022-02-10 17:21:14 +00:00
Mohammed Rashidy	1ea99c86e9	Merge changes from topic "revert-1967140-EVS_sepolicy_updates_T-MBLQTXKQEY" am: `7f1eaf1b45` am: `aa0cb606c3` am: `3bed79292e` am: `f1ea833625` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1979387 Change-Id: I8ad7455e22999359816e3e47dfcb5b95845a63e4	2022-02-10 12:32:56 +00:00
Mohammed Rashidy	5e3beea9bc	Revert "Updates sepolicy for EVS HAL" am: `418f41ad13` am: `4d67e0d02b` am: `a46cbab128` am: `7f9b355e86` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1979386 Change-Id: I6e704950a709e76c8e2c5fdb3829487a4012f887	2022-02-10 12:32:54 +00:00
Mohammed Rashidy	4d67e0d02b	Revert "Updates sepolicy for EVS HAL" am: `418f41ad13` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1979386 Change-Id: If3080898b802cf7551c01c9425499591b815da6b	2022-02-10 11:55:30 +00:00
Mohammed Rashidy	7f1eaf1b45	Merge changes from topic "revert-1967140-EVS_sepolicy_updates_T-MBLQTXKQEY" * changes: Revert "Adds a sepolicy for EVS manager service" Revert "Updates sepolicy for EVS HAL"	2022-02-10 11:38:40 +00:00
Mohammed Rashidy	0137c98b90	Revert "Adds a sepolicy for EVS manager service" Revert submission 1967140-EVS_sepolicy_updates_T Reason for revert: triggered revert due to breakage https://android-build.googleplex.com/builds/quarterdeck?branch=git_master&target=cf_x86_64_auto-userdebug&lkgb=8168894&lkbb=8168958&fkbb=8168947, bug b/218802298 Reverted Changes: I730d56ab1:Allows hal_evs_default to read directories I2df8e10f5:Updates sepolicy for EVS HAL Ie6cb3e269:Adds a sepolicy for EVS manager service Change-Id: I207c261bcf2c8498d937ab02c499bf709a5f1b15	2022-02-10 10:07:44 +00:00
Mohammed Rashidy	418f41ad13	Revert "Updates sepolicy for EVS HAL" Revert submission 1967140-EVS_sepolicy_updates_T Reason for revert: triggered revert due to breakage https://android-build.googleplex.com/builds/quarterdeck?branch=git_master&target=cf_x86_64_auto-userdebug&lkgb=8168894&lkbb=8168958&fkbb=8168947, bug b/218802298 Reverted Changes: I730d56ab1:Allows hal_evs_default to read directories I2df8e10f5:Updates sepolicy for EVS HAL Ie6cb3e269:Adds a sepolicy for EVS manager service Change-Id: I1cc37b0e56646db61bdb34cb209aefe7376c5a50	2022-02-10 10:07:44 +00:00
Treehugger Robot	47f43ab23c	Merge changes from topic "EVS_sepolicy_updates_T" am: `2cedd28cf9` am: `177cf20196` am: `85c9e1cf9e` am: `feb9f3f2c2` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1967009 Change-Id: I112edf374e2b96e74f786897d580d396bec33c29	2022-02-10 08:52:51 +00:00
Maciej Żenczykowski	cd95bce516	Merge "bpfdomain: attribute for domain which can use BPF" am: `337e6b1e1c` am: `960f03e7e6` am: `03fdb25b24` am: `cefda06338` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1978573 Change-Id: Ie478be8bae6218b7b06c5df549acb9e780171818	2022-02-10 08:06:16 +00:00
Treehugger Robot	2cedd28cf9	Merge changes from topic "EVS_sepolicy_updates_T" * changes: Updates sepolicy for EVS HAL Adds a sepolicy for EVS manager service	2022-02-10 08:02:04 +00:00
Changyeon Jo	a083d7a8d8	Updates sepolicy for EVS HAL This CL updates hal_evs_default to be sufficient for the defautl EVS HAL implementation and modifies other services' policies to be able to communicate with EVS HAL implementations Bug: 217271351 Test: m -j selinux_policy and Treehugger Change-Id: I2df8e10f574d62f8b84e0ff0381656ab1b18b52f	2022-02-10 01:42:59 +00:00
Changyeon Jo	5c3bc58163	Adds a sepolicy for EVS manager service Bug: 170401743 Bug: 216727303 Test: m -j selinux_policy and TreeHugger Change-Id: Ie6cb3e269fc46a61b56ca93efd69fbc447da0e3d	2022-02-10 01:42:21 +00:00
Steven Moreland	6598175e06	bpfdomain: attribute for domain which can use BPF Require all domains which can be used for BPF to be marked as bpfdomain, and add a restriction for these domains to not be able to use net_raw or net_admin. We want to make sure the network stack has exclusive access to certain BPF attach points. Bug: 140330870 Bug: 162057235 Test: build (compile-time neverallows) Change-Id: I29100e48a757fdcf600931d5eb42988101275325	2022-02-10 00:34:50 +00:00
Steven Moreland	706d6649bb	Merge "Allow BPF programs from vendor." am: `2536bf9dac` am: `4e83d24871` am: `75fba000fe` am: `6ba9fb383f` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1189663 Change-Id: I7c2c05d981dac467a9dc1d4fe0c7486ade14141f	2022-02-09 18:33:39 +00:00
Steven Moreland	2536bf9dac	Merge "Allow BPF programs from vendor."	2022-02-09 17:28:16 +00:00
Jayant Chowdhary	58c0794156	Merge "System wide sepolicy changes for aidl camera hals." am: `b00bf9d282` am: `4c51fa993e` am: `f3ccb9095a` am: `887847beaa` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1975831 Change-Id: If90113a972d3f96bed74db0ae65da50caff1afbf	2022-02-09 04:04:33 +00:00
Jayant Chowdhary	b00bf9d282	Merge "System wide sepolicy changes for aidl camera hals."	2022-02-09 03:08:37 +00:00
Steven Moreland	c27d24c37c	Allow BPF programs from vendor. Who needs all those context switches? bpfloader controls which types of vendor programs can be used. Bug: 140330870 Bug: 162057235 Test: successfully load bpf programs from vendor Change-Id: I36e4f6550da33fea5bad509470dfd39f301f13c8	2022-02-08 22:46:54 +00:00
Treehugger Robot	9fb9dcf800	Merge "Add rule to allow servicemanager to call the hostapd service." am: `14db21eafa` am: `5d45c0bc91` am: `e026b73807` am: `e1656b7cb0` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1975506 Change-Id: I93e9aeb113bda9950de8a139f7c1ee9fa65fbb3b	2022-02-08 21:12:04 +00:00
Gabriel Biren	d59d96c476	Add rule to allow servicemanager to call the hostapd service. Needed in order to allow hostapd to receive a callback from servicemanager when the active service count changes. Bug: 213475388 Test: atest VtsHalHostapdTargetTest Change-Id: I3a5ec8219d23227fab85325f90d8b4aee6c76973	2022-02-08 18:00:15 +00:00
Jayant Chowdhary	e3019be3db	System wide sepolicy changes for aidl camera hals. Bug: 196432585 Test: Camera CTS Change-Id: I0ec0158c9cf82937d6c00841448e6e42f6ff4bb0 Signed-off-by: Jayant Chowdhary <jchowdhary@google.com>	2022-02-08 09:37:17 +00:00
Treehugger Robot	7693f8aff2	Merge "Allow VM clients access to hypervisor capability" am: `391f2b26fc` am: `eb03dcc59c` am: `8f2e879b23` am: `67cd76be91` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1970590 Change-Id: I6f6bf1dca397ee20d7e025a50e3618933bc13c4d	2022-02-04 10:53:47 +00:00
Treehugger Robot	391f2b26fc	Merge "Allow VM clients access to hypervisor capability"	2022-02-04 09:37:19 +00:00
Kevin Han	1c02210689	Merge "Extend visibility of hibernation service for CTS" am: `4d81dc33f8` am: `641d56be3f` am: `461c5fd19d` am: `d9b5d64cdd` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1966099 Change-Id: I2af8f4ff4785dc779a4ef375e3230ad06bb77ec1	2022-02-04 00:37:48 +00:00
Seth Moore	3f7ee1390e	Add remotely provisioned key pool se policy am: `a75cad0d0a` am: `10ec76f621` am: `7a7ac7d5aa` am: `38ed66df25` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1969539 Change-Id: If922ac778d3afbb210b284dfd167fc9212ef691f	2022-02-04 00:00:45 +00:00
Kevin Han	4d81dc33f8	Merge "Extend visibility of hibernation service for CTS"	2022-02-03 23:43:03 +00:00
Alan Stokes	3864ea8e4a	Allow VM clients access to hypervisor capability Clients of virtualization service use these properties to determine whether normal and protected VMs are supported and tailor their VM requests accordingly. Bug: 217687661 Test: adb unroot; adb shell getprop \| grep ro.boot.hypervisor Change-Id: Ia1c017c2346217dbc45973cbfb5adbecabedf050	2022-02-03 12:18:11 +00:00
Seth Moore	a75cad0d0a	Add remotely provisioned key pool se policy Keystore now hosts a native binder for the remotely provisioned key pool, which is used to services such as credstore to lookup remotely provisioned keys. Add a new service context and include it in the keystore services. Add a dependency on this new service for credstore. Also include a credstore dependency on IRemotelyProvisionedComponent, as it's needed to make use of the key pool. Bug: 194696876 Test: CtsIdentityTestCases Change-Id: I0fa71c5be79922a279eb1056305bbd3e8078116e	2022-02-02 15:07:26 -08:00
Treehugger Robot	a068287a1e	Merge "Adds selinux rules for ICarDisplayProxy service" am: `108fdbc5f7` am: `8a96be8df9` am: `2ac9d08d7e` am: `baebbb72fd` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1965562 Change-Id: Id6c66d646e8ee01db0250097c3cd967c2be8ecfe	2022-01-31 22:49:41 +00:00
Treehugger Robot	108fdbc5f7	Merge "Adds selinux rules for ICarDisplayProxy service"	2022-01-31 21:52:46 +00:00
Changyeon Jo	66eba13833	Adds selinux rules for ICarDisplayProxy service Bug: 170401743 Test: m -j selinux_policy Change-Id: Idf3f09d0bcf24de18d6eddb05e51991b4c5edbe8	2022-01-31 19:40:20 +00:00

... 3 4 5 6 7 ...

7695 commits