Commit graph

14 commits

Author SHA1 Message Date
Wilson Sung
a296496996 Allow fastbootd set boottime property
Bug: 264489957
Test: flash and no related avc error
Change-Id: Ia9a6d4918aa78e6b3e7df39496d786921192c8af
Signed-off-by: Wilson Sung <wilsonsung@google.com>
2023-04-28 07:31:11 +00:00
Gil Cukierman
214294ce75 Add SELinux Policy For io_uring
Brings in the io_uring class and associated restrictions and adds a new
macro, `io_uring_use`, to sepolicy.

In more detail, this change:

* Adds a new macro expands to ensure the domain it is passed can undergo a
type transition to a new type, `<domain>_iouring`, when the anon_inode
being accessed is labeled `[io_uring]`. It also allows the domain to
create, read, write, and map the io_uring anon_inode.

* Adds the ability for a domain to use the `IORING_SETUP_SQPOLL` flag
during `io_uring_setup` so that a syscall to `io_uring_enter` is not
required by the caller each time it wishes to submit IO. This can be
enabled securely as long as we don't enable sharing of io_uring file
descriptors across domains. The kernel polling thread created by `SQPOLL`
will inherit the credentials of the thread that created the io_uring [1].

* Removes the selinux policy that restricted all domains that make use of
the `userfault_fd` macro from any `anon_inode` created by another domain.
This is overly restrictive, as it prohibits the use of two different
`anon_inode` use cases in a single domain e.g. userfaultfd and io_uring.

This change also replaces existing sepolicy in fastbootd and snapuserd
that enabled the use of io_uring.

[1] https://patchwork.kernel.org/project/linux-security-module/patch/163159041500.470089.11310853524829799938.stgit@olly/

Bug: 253385258
Test: m selinux_policy
Test: cd external/liburing; mm; atest liburing_test; # requires WIP CL ag/20291423
Test: Manually deliver OTAs (built with m dist) to a recent Pixel device
and ensure snapuserd functions correctly (no io_uring failures)

Change-Id: I96f38760b3df64a1d33dcd6e5905445ccb125d3f
2023-01-27 11:44:59 -05:00
Sandeep Dhavale
f0ea953e60 Fastboot AIDL Sepolicy changes
Bug: 205760652
Test: Build & flash
Change-Id: I2709c5cc2ca859481aac6fecbc99fe30a52a668b
Signed-off-by: Sandeep Dhavale <dhavale@google.com>
2022-11-09 22:21:27 +00:00
Kelvin Zhang
853085bd65 Fix selinux denials for fastbootd
Test: flash on O6, flash an image using git_master system + mainline
kernel
Bug: 244785938

Change-Id: I1b0e1ea0f1937abd2ad96a606b565812ee8096e1
2022-09-05 17:41:07 +00:00
David Anderson
9e21df22d4 Allow update_engine, recovery, and fastbootd to read snapuserd properties.
Bug: 193833730
Test: OTA applies and boots
Change-Id: I81c089e1763a7e25b23df245f76e04acd52a337e
2021-07-28 22:30:22 -07:00
David Anderson
08a08ab21f Fix fastbootd denials when using /proc/bootconfig.
Bug: 189493387
Test: fastboot flashall on device using bootconfig
Change-Id: Ibfb7c8a2861f61803a449a4b0ec9ed92ded5c4de
2021-06-07 18:40:24 -07:00
David Anderson
018004d9d1 Allow fastbootd to mount /metadata in recovery.
It is important that fastbootd is able to mount /metadata in recovery, in
order to check whether Virtual A/B snapshots are present. This is
enabled on userdebug builds, but currently fails on user builds.

Fixes:

        audit: type=1400 audit(7258310.023:24): avc:  denied  { mount } for pid=511 comm="fastbootd" name="/" dev="sda15" ino=2 scontext=u:r:fastbootd:s0 tcontext=u:object_r:labeledfs:s0 tclass=filesystem permissive=0

Bug: 181097763
Test: fastboot flash on user build
Change-Id: I1abeeaa3109e08755a1ba44623a46b12d9bfdedc
2021-05-05 16:37:56 -07:00
David Anderson
8303577f09 Allow snapuserd interaction in recovery and fastbootd.
This is needed to support VABC merges on data wipes and via "fastboot
snapshot-update merge".

Bug: 168258606
Test: fastboot snapshot-update merge
      data wipe during VABC merge
Change-Id: I32770a2e74f2c2710e4964f65c42ae779c1a0b90
2021-02-04 22:48:55 -08:00
Hongguang Chen
91a5f4e783 Support TCP based fastbootd in recovery mode.
The IPv6 link-local address is used to avoid expose device to out of
network segment.

BUG: 155198345
Test: manual test.
Change-Id: I0ce8c12de9976c01e57a6433c7fb50235e907dc5
2020-05-15 22:23:42 +00:00
Inseob Kim
bfb3708234 Rename contexts of ffs props
Bug: 71814576
Bug: 154885206
Test: m sepolicy_test
Change-Id: Idacc3635851b14b833bccca177d784f4bb92c763
2020-05-11 21:23:37 +09:00
Inseob Kim
55e5c9b513 Move system property rules to private
public/property split is landed to selectively export public types to
vendors. So rules happening within system should be in private. This
introduces private/property.te and moves all allow and neverallow rules
from any coredomains to system defiend properties.

Bug: 150331497
Test: system/sepolicy/tools/build_policies.sh
Change-Id: I0d929024ae9f4ae3830d4bf3d59e999febb22cbe
Merged-In: I0d929024ae9f4ae3830d4bf3d59e999febb22cbe
(cherry picked from commit 42c7d8966c)
2020-03-18 16:46:04 +00:00
Jerry Zhang
1d85efa9f4 Add sepolicy for fastbootd
Also allow adb and fastboot to talk to recovery
through recovery_socket. This enables changing
between modes with usb commands.

Test: No selinux denials
Bug: 78793464
Change-Id: I80c54d4eaf3b94a1fe26d2280af4e57cb1593790
2018-08-15 08:45:22 -07:00
Florian Mayer
c2ab15b798 Revert "Add sepolicy for fastbootd"
This reverts commit 0fd3ed3b8b.

Reason for revert: Broke user builds.

Change-Id: If95f1a25d22425a5a2b68a02d1561352fb5a52f0
2018-08-15 09:38:40 +00:00
Jerry Zhang
0fd3ed3b8b Add sepolicy for fastbootd
Also allow adb and fastboot to talk to recovery
through recovery_socket. This enables changing
between modes with usb commands.

Test: No selinux denials
Bug: 78793464
Change-Id: I1f97659736429fe961319c642f458c80f199ffb4
2018-08-14 20:21:36 +00:00