Commit graph

33036 commits

Author SHA1 Message Date
Victor Hsieh
90b7b00391 Allow composd to run fd_server
Besides the basic execution that is similar to the (deprecating)
odrefresh case, fd_server also needs to be able to create and change
files in the output directory.

Bug: 205750213
Test: /apex/com.android.compos/bin/composd_cmd forced-odrefresh
      # Saw composd started the fd_server and the VM
Change-Id: Ia66015b72c4bd232c623604be326c7d7145c0a38
2021-12-07 08:07:50 -08:00
Treehugger Robot
edf5fa0091 Merge "Allow composd to create odrefresh staging directory" 2021-12-07 01:07:08 +00:00
Alessio Balsini
fd3e9d838e mediaprovider_app can access BPF resources
The FUSE daemon in MediaProvider needs to access the file descriptor of
its pinned BPF program and the maps used to commuicate with the kernel.

Bug: 202785178
Test: adb logcat FuseDaemon:V \*:S (in git_master)
Ignore-AOSP-First: mirroring AOSP for prototyping
Signed-off-by: Alessio Balsini <balsini@google.com>
Change-Id: I99d641658d37fb765ecc5d5c0113962f134ee1ae
2021-12-06 19:12:55 +00:00
Victor Hsieh
33aa1a3c52 Allow composd to create odrefresh staging directory
composd in responsible to prepare the staging directory for odrefresh
(in the VM) to write the output to. Temporary output should be put in a
staged directory with a temporary apex_art_staging_data_file context.
When a compilation is finished, the files can then be moved to the final
directory with the final context.

Bug: 205750213
Test: No denials

Change-Id: I9444470b31518242c1bb84fc755819d459d21d68
2021-12-06 08:41:31 -08:00
Thiébaud Weksteen
eb424f43f2 Merge "Migrate insertkeys.py to Python3" 2021-12-06 08:21:39 +00:00
Thiébaud Weksteen
9870725336 Migrate insertkeys.py to Python3
PEM files are ASCII-encoded, open them as text file (as opposed to
binary). Avoid relying on __del__. Introduce a prologue and epilogue
methods to emit the <policy> tag only once per output.

Test: build plat_mac_permissions.xml on bramble and compare with
      previous version; identical
Test: build product_mac_permissions.xml on bramble and compare with
      previous version; identical
Test: build system_ext_mac_permissions.xml on bramble and compare with
      previous version; identical
Test: build vendor_mac_permissions.xml on bramble and compare with
      previous version; identical
Bug: 200119288
Change-Id: Iced0acf75bff756453918a411aecb9f4ef8f825d
2021-12-06 13:46:23 +11:00
Victor Hsieh
1f117c26c6 Allow composd to read ART's properties
Only ro.zygote is currently used, though we'll need to a few others of
the same property context.

Bug: 205750213
Test: composd_cmd forced-odrefresh # less SELinux denial
Change-Id: I2efbbc1637142f522a66c47bdd17471c4bde227a
2021-12-02 17:58:23 -08:00
Treehugger Robot
26950bb361 Merge "Remove 26.0 and 27.0 compat support" 2021-12-02 06:26:58 +00:00
Treehugger Robot
f5646ff42b Merge "Add logd.ready" 2021-12-02 03:34:00 +00:00
Inseob Kim
9dc6d70044 Remove 26.0 and 27.0 compat support
Treble doesn't support T system + O vendor, so removing 26.0 (N) and
27.0 (O) prebuilts and compat files.

Bug: 207815515
Test: build
Change-Id: I98d5972221a8e77f3c45fc48ff50bb2b8eb94275
2021-12-02 10:22:10 +09:00
Inseob Kim
7182b2e56b Merge "Add hal_dumpstate_service to ignore" 2021-12-02 00:43:51 +00:00
Thiébaud Weksteen
df4f088f9e Merge "Migrate tests/ to Python 3" 2021-12-02 00:29:18 +00:00
Inseob Kim
a00439e69a Add hal_dumpstate_service to ignore
Bug: 208705795
Test: build
Change-Id: I211e6e0b98c964ba34db5ffd4bcf7a3cf959a8b5
2021-12-02 09:23:06 +09:00
Treehugger Robot
6cf460c45e Merge "Add 32.0 mapping files" 2021-12-01 23:10:38 +00:00
Thiébaud Weksteen
f24b457dd0 Migrate tests/ to Python 3
In general, it appears that libselinux and libsepol interpret paths and
contexts as bytes. For instance, selabel_file(5) mentions about the path
field of file_contexts:

  Strings representing paths are processed as bytes (as opposed to
  Unicode), meaning that non-ASCII characters are not matched
  by a single wildcard.

libsepol also uses primitives such as strchr[1], which explicitly
operate at the byte level (see strchr(3)). However, practically, Android
paths and contexts all uses ASCII characters.

Use the str type (i.e., Unicode) for all Python code to avoid a larger
refactoring. Ensure we convert to bytes for inputs and outputs of
libsepolwrap.so. The encoding "ascii" is used, which will raise an error
should a context or type contain non-ASCII characters.

Update headers to match development/docs/copyright-templates.

[1] https://cs.android.com/android/platform/superproject/+/master:external/selinux/libsepol/src/context_record.c;l=224;drc=454466e2e49fd99f36db78396e604962b8682cb4

Bug: 200119288
Test: lunch aosp_bramble-userdebug && m
Test: atest --host fc_sort_test
Test: manually run searchpolicy
Change-Id: I72d41a35f90b2d4112e481cd8d7408764a6c8132
2021-12-01 21:45:13 +00:00
Treehugger Robot
2d059f520c Merge "microdroid: Run apk mount utils from MM" 2021-12-01 17:06:44 +00:00
Kedar Chitnis
bb0315bab9 Merge "Update sepolicy to add dumpstate device service for AIDL HAL" 2021-12-01 12:16:33 +00:00
Inseob Kim
2df19cba08 microdroid: Run apk mount utils from MM
For now, the command for apkdmverity and zipfuse is hard-coded in the
init script file. To support passing extra APKs, microdroid_manager
needs to parse the vm config, and then manually run apkdmverity and
zipfuse with appropriate parameters.

Bug: 205224817
Test: atest MicrodroidHostTestCases ComposHostTestCases
Change-Id: I482b548b2a414f3b5136cea199d551cc88402caf
2021-12-01 19:46:33 +09:00
Inseob Kim
bee558e4bb Add 32.0 mapping files
Steps taken to produce the mapping files:

1. Add prebuilts/api/32.0/plat_pub_versioned.cil from the
/vendor/etc/selinux/plat_pub_versioned.cil file built on sc-v2-dev with
lunch target aosp_arm64-eng. Add prebuilts/api/32.0/vendor_sepolicy.cil
as an empty file.

When adding plat_pub_versioned.cil, leave only type and typeattribute
statements, removing the other statements: allow, neverallow, role, etc.

2. Add new file private/compat/32.0/32.0.cil by doing the following:
- copy /system/etc/selinux/mapping/32.0.cil from sc-v2-dev
aosp_arm64-eng device to private/compat/32.0/32.0.cil
- remove all attribute declaration statement (typeattribute ...) and
sort lines alphabetically
- some selinux types were added/renamed/deleted w.r.t 32 sepolicy.
Find all such types using treble_sepolicy_tests_32.0 test.
- for all these types figure out where to map them by looking at
31.0.[ignore.]cil files and add approprite entries to 32.0.[ignore.]cil.

This change also enables treble_sepolicy_tests_32.0 and installs
32.0.cil mapping file onto the device.

Bug: 206330997
Test: m treble_sepolicy_tests_32.0
Test: m 32.0_compat_test
Test: m selinux_policy
Change-Id: I8b2991e64e2f531ce12db7aaacad955e4e8ed687
2021-12-01 10:58:25 +09:00
Treehugger Robot
825936c473 Merge "Restrict system_server_startup domain" 2021-11-30 10:29:10 +00:00
Jiyong Park
ff3048349a Add logd.ready
logd.ready is a system property that logd sets when it is ready to
serve incoming socket requests for reading and writing logs. Clients of
logd (e.g. logcat) can use this to synchronize with logd, otherwise they
may experience a crash due to the refused socket connection to logd when
they are started before logd is ready.

Bug: 206826522
Test: run microdroid. see logcat logs are shown immediately
Change-Id: Iee13485b0f4c2beda9bc8434f514c4e32e119492
2021-11-30 15:10:53 +09:00
Inseob Kim
43b6a317bc Add SEPolicy prebuilts for Sv2 (API 32)
Bug: 206330997
Test: Build
Change-Id: I26082be343b15c9d6c7cabf0acd44711fbcc8113
2021-11-30 12:04:43 +09:00
Treehugger Robot
53b6de0642 Merge "Grant BetterBug access ot WM traces attributes" 2021-11-29 18:38:12 +00:00
Nataniel Borges
6b624a5a0c Grant BetterBug access ot WM traces attributes
Currently BetterBug (privileged app) cannot access the details form
/data/misc/wmtrace.

Test: access a trace from /data/misc/wmtrace/ in betterbug
Change-Id: I4cf864ab4729e85f05df8f9e601a75ff8b92bdc8
2021-11-29 18:22:58 +01:00
Paul Lawrence
04cddf8af2 Merge "Allow bpfloader to read fuse's bpf_prog number" 2021-11-29 16:18:42 +00:00
Treehugger Robot
906797a9bc Merge "Make 31.0 prebuilts and compat files up to date" 2021-11-29 13:03:45 +00:00
Inseob Kim
5a8afdcfa6 Make 31.0 prebuilts and compat files up to date
Bug: 208126864
Test: m selinux_policy 31.0_compat_test treble_sepolicy_tests_31.0
Change-Id: Ic97d17b39f7307ed5af200c97c8c09ca0511c216
2021-11-29 19:40:59 +09:00
sunliang
e8d1e97ef2 Change the label of /product/overlay to u:object_r:system_file:s0
Overlayfs product/overlay in init first stage is allowed in AndroidS.
product/overlay directory contains RRO apks, it is plausible to allow
dumpstate to access it since dumpstate will call df command.
Or there will be an avc denial:
01-01 07:09:37.234 13582 13582 W df : type=1400 audit(0.0:1717): avc: denied { getattr } for path="/product/overlay"
dev="overlay" ino=2 scontext=u:r:dumpstate:s0 tcontext=u:object_r:vendor_overlay_file:s0 tclass=dir permissive=0

Actually, it is more reasonable to set /product/overlay to u:object_r:system_file:s0 since
there already had definiitions releated to /product/overlay
/mnt/scratch/overlay/(system|product)/upper u:object_r:system_file:s0
/(product|system/product)/vendor_overlay/[0-9]+/.*          u:object_r:vendor_file:s0

Bug: https://b.corp.google.com/u/0/issues/186342252

Signed-off-by: sunliang <sunliang@oppo.com>
Change-Id: I493fab20b5530c6094bd80767a24f3250d7117a8
2021-11-29 08:24:37 +00:00
Alan Stokes
665c295efc Restrict system_server_startup domain
This seems like an oversight when system_server_startup was
introduced (commit caf42d615d).

Test: Presubmits
Change-Id: Ia371caa8dfc2c250d6ca6f571cf002e25703e793
2021-11-26 11:41:51 +00:00
Jiyong Park
cc82a6ae89 Merge "app_data_file is the only app_data_file_type that is allowed for crosvm" 2021-11-26 06:11:03 +00:00
Jiyong Park
028e722934 app_data_file is the only app_data_file_type that is allowed for crosvm
Bug: 204852957
Test: monitor TH
Change-Id: Ie92aa25336087519661002624b486cb35740cda6
2021-11-26 01:20:20 +09:00
Kedar Chitnis
a465cbc194 Update sepolicy to add dumpstate device service for AIDL HAL
- Add hal_dumpstate_service AIDL service to hal_dumpstate.te,
  service.te
- Add default example hal_dumpstate service to file_contexts,
  service_contexts
- Adde hal_dumpstate_service to API level 31 compatibility
  ignore list (31.0.ignore.cil)

Bug: 205760700
Test: VtsHalDumpstateTargetTest, dumpstate, dumpstate_test, dumpsys
Change-Id: If49fa16ac5ab1d3a1930bb800d530cbd32c5dec1
2021-11-25 07:52:32 +00:00
Thiébaud Weksteen
274636c958 Merge "Refactor fc_sort and add unit tests" 2021-11-25 04:59:56 +00:00
Thiébaud Weksteen
b75b4d2477 Refactor fc_sort and add unit tests
Clean up fc_sort to facilitate the migration to Python3. Use PEP8 for
naming scheme.

Test: atest --host fc_sort_test
Bug: 200119288
Change-Id: Ia2c40a850a48ec75e995d5233b5abaae10917a89
2021-11-25 13:18:05 +11:00
Navinprashath
d35bd44109 sepolicy: Add badge for gsm properties
Add badge for gsm.operator.iso-country and gsm.sim.operator.iso-country.

Test: Manual test
Bug: 205807505
Change-Id: If4f399cd97b2297094ef9431450f29e0a91e5300
2021-11-24 16:46:55 +08:00
Jack Yu
b25774f53c Merge changes from topic "OMAPI_VNTF"
* changes:
  Added sepolicy rule for vendor uuid mapping config
  Support for OMAPI Vendor stable interface
2021-11-23 04:54:02 +00:00
Richard Fung
6d3bc08dbb Merge "Support reading block apexes from system_server" 2021-11-23 03:19:05 +00:00
Richard Fung
d34435c257 Support reading block apexes from system_server
This relaxes the neverallow so that it is possible to write a new
SELinux allow for system_server to read /dev/block/vd*. It still isn't
possible unless a vendor enables it.

Bug: 196965847
Test: m -j
local_test_runner arc.Boot.vm

Change-Id: Idad79284778cf02066ff0b982480082828f24e19
2021-11-22 21:18:54 +00:00
Akilesh Kailash
b295d44694 Merge "New property to control virtual a/b user-space snapshots" 2021-11-22 20:16:06 +00:00
Treehugger Robot
441be957ca Merge "Mark safety_center_service as app_api_service in SELinux Policy." 2021-11-22 12:54:32 +00:00
Treehugger Robot
6d485dfd89 Merge "Split composd's service in two" 2021-11-22 11:19:40 +00:00
Alan Stokes
8788f7afe2 Split composd's service in two
They are served by the same process but have different clients:
- the main interface is exposed to system server;
- the internal interface is called by odrefresh when spawned by composd.

Test: compos_cmd forced-compile-test
Bug: 199147668
Change-Id: Ie1561b7700cf633d7d5c8df68ff58797a8d8bced
2021-11-22 09:36:45 +00:00
Rajesh Nyamagoud
ce542660c9 Added sepolicy rule for vendor uuid mapping config
New type added in sepolicy to restrict Vendor defined uuid mapping
config file access to SecureElement.

Bug: b/180639372
Test: Run OMAPI CTS and VTS tests
Change-Id: I81d715fa5d5a72c893c529eb542ce62747afcd03
2021-11-20 01:08:11 +00:00
Rajesh Nyamagoud
453dcf6752 Support for OMAPI Vendor stable interface
Label defined for OMAPI Vendor Stable Interface

Bug: b/180639372
Test: Run OMAPI CTS and VTS tests
Change-Id: Ifa67a22c85ffb38cb377a6e347b0e1f18af1d0f8
2021-11-20 01:05:07 +00:00
Elliot Sisteron
6703102c79 Mark safety_center_service as app_api_service in SELinux Policy.
This is to make the SafetyCenterManager usable in CTS tests.
Test: SafetyCenterManager CTS test in ag/16284943
Bug: 203098016

Change-Id: I28a42da32f1f7f93c45294c7e984e6d1fd2cdd8d
2021-11-20 00:14:50 +00:00
Akilesh Kailash
8a9ec2a496 New property to control virtual a/b user-space snapshots
Bug: 193863443
Test: OTA on pixel
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: I89e5d105071c2529c9ceb661c04588ff88ffdd76
2021-11-19 23:35:32 +00:00
Treehugger Robot
d6c57bb99d Merge "recovery init domain_trans to health HAL." 2021-11-19 21:25:33 +00:00
Yuntao Xu
9fcf271f71 Merge "Split property/file/service contexts modules" 2021-11-19 19:24:55 +00:00
Elliot Sisteron
67cedde1fe SELinux policy changes for SafetyCenter APIs.
Context about this is on ag/16182563.

Test: Ensure no build failures, ensure no SecurityException on boot when
SafetyCenterService is added as boot phase
Bug: 203098016

Change-Id: I4c20980301a3d0f53e6d8cba0b56ae0992833c30
2021-11-19 14:32:11 +00:00
Yuntao Xu
42e732c861 Split property/file/service contexts modules
1. Splitted plat_property_contexts, plat_file_contexts, and
plat_service_contexts so they can be included by the
CtsSecurityHostTestCases module.

2. Add temporary seapp_contexts Soong module, which are needed by the
CtsSecurityHostTestCases, and makefile_goal is an interim solution before
migrating both of them to Soong.

Bug: 194096505
Test: m CtsSecurityHostTestCases
Change-Id: I99ba55b1a89f196b3c8504e623b65960a9262165
2021-11-19 18:23:12 +09:00