system/sepolicy should support both REL build and ToT build. That means
that system/sepolicy and prebuilts may differ. As the frozen sepolicy is
what vendor sepolicy uses, so we need to use prebuilts to run Treble
compat test.
Bug: 296875906
Test: m selinux_policy on REL
Change-Id: I4b290266ba87e3f011d640bec133fc88359ea52f
Rationale for this change:
1) Vendors use only public files, so we should be able to use only
public cil files for compatibility test.
2) treble_sepolicy_tests_for_release.mk is too complex, because it
requires compiled sepolicy. Reducing the complexity will help migrate
into REL build.
3) This fixes a tiny bug of treble_sepolicy_tests that it can't catch
public types being moved to private types, and then removed. 29.0.cil
and 30.0.cil change contains such missing public types.
Bug: 296875906
Test: m selinux_policy (with/without intentional breakage)
Change-Id: Ia2c0733176df898f268b5680195da25b588b09c7
... and remove redundant Makefile codes. This also updates commit hook
as we now only use Soong to build sepolicy.
Bug: 296875906
Test: m selinux_policy
Change-Id: I93f0d222a0c10e31c51c9380780a8927c47d62b1
For now, freeze_test compares prebuilts against sources with diff, to
ensure that sources are identical to prebuilts. However, it could be the
case that the branch should be able to build both REL and ToT. In that
case, changes to the sources are inevitable and the freeze test will
fail.
To fix the issue, freeze_test will now only check compatibility. To be
specific, it will check if any public types or attributes are removed.
Contexts files and neverallow rules are not checked, but they may be
added later. Also to support the new freeze_test
- build_files module is changed to use glob (because REL version won't
be in compat versions list)
- plat_pub_policy modules are added under prebuilts/api (because
freeze_test needs that)
Bug: 296875906
Test: m selinux_policy
Change-Id: I39c40992965b98664facea3b760d9d6be1f6b87e
Treble doesn't support U system + P vendor, so removing P (28.0)
prebuilts and compat files.
Bug: 267692547
Test: build
Change-Id: I3734a3d331ba8071d00cc196a2545773ae6a7a60
Treble sepolicy tests check whether previous versions are compatible to
ToT sepolicy or not. treble_sepolicy_tests_for_release.mk implements it,
but it also includes a compat test whether ToT sepolicy + {ver} mapping
+ {ver} plat_pub_versioned.cil can be built together or not. We
definitely need such tests, but we already have a test called "compat
test" which does exactly that, and testing it again with Treble sepolicy
tests is just redundant. The only difference between those two is that
Treble sepolicy tests can also test system_ext and product compat files,
which was contributed by a partner.
The ultimate goal here is to migrate *.mk to Soong, thus merging these
two tests (compat, Treble) into one. As we've already migrated the
compat test to Soong, this change removes the compat test part from
treble sepolicy tests. Instead, the compat test will be extended so it
can test system_ext and product compat files too.
prebuilts/api/{ver}/plat_pub_versioned.cil and
prebuilts/api/{ver}/vendor_sepolicy.cil are also removed as they aren't
used anymore: vendor_sepolicy.cil is an empty stub, and
plat_pub_versioned.cil can be built from the prebuilt source files.
Bug: 33691272
Test: m selinux_policy
Change-Id: I72f5ad0e8bbe6a7c0bbcc02f0f902b953df6ff1a
This is a port of If44653f436d4e5dcbd040af24f03b09ae8e7ac05 which
made this change to prebuilts/api/31.0/private/mediatranscoding.te.
This is required to pass CTS test.
Test: run cts -m CtsMediaTranscodingTestCases -t android.media.mediatranscoding.cts.MediaTranscodingManagerTest#testAddingClientUids
Bug: 207821225
Bug: 213141904
Change-Id: Iefe9f326572976e230eeeec74e612b6e20b31887
File accesses go through com.android.ddmlib.SyncService for CTS
ListeningPortsTest.
Bug: 201645790
Test: atest ListeningPortsTest
Ignore-AOSP-First: Fix already in AOSP
Change-Id: I0c66fb5e35cda3b1799cf003402e454d7a951e96
Treble doesn't support T system + O vendor, so removing 26.0 (N) and
27.0 (O) prebuilts and compat files.
Bug: 207815515
Test: build
Change-Id: I98d5972221a8e77f3c45fc48ff50bb2b8eb94275
Steps taken to produce the mapping files:
1. Add prebuilts/api/31.0/plat_pub_versioned.cil from the
/vendor/etc/selinux/plat_pub_versioned.cil file built on sc-dev with
lunch target aosp_arm64-eng. Add prebuilts/api/31.0/vendor_sepolicy.cil
as an empty file.
2. Add new file private/compat/31.0/31.0.cil by doing the following:
- copy /system/etc/selinux/mapping/31.0.cil from sc-dev aosp_arm64-eng
device to private/compat/31.0/31.0.cil
- remove all attribute declaration statement (typeattribute ...) and
sort lines alphabetically
- some selinux types were added/renamed/deleted w.r.t 31 sepolicy.
Find all such types using treble_sepolicy_tests_31.0 test.
- for all these types figure out where to map them by looking at
30.0.[ignore.]cil files and add approprite entries to 31.0.[ignore.]cil.
This change also enables treble_sepolicy_tests_31.0 and installs
31.0.cil mapping file onto the device.
Bug: 189161483
Bug: 207344718
Test: m treble_sepolicy_tests_31.0
Test: m 31.0_compat_test
Test: m selinux_policy
Change-Id: I6264b9cf77b80543dfea93157b45b864157e2b14
Merged-In: I6264b9cf77b80543dfea93157b45b864157e2b14
(cherry picked from commit 4f20ff73ee)
Access denial of Apexd would cause runtime abort and the
bootchart is not working on Android 12:
...
F nativeloader: Error finding namespace of apex: no namespace called com_android_art
F zygote64: runtime.cc:669] Runtime aborting...
F zygote64: runtime.cc:669] Dumping all threads without mutator lock held
F zygote64: runtime.cc:669] All threads:
F zygote64: runtime.cc:669] DALVIK THREADS (1):
F zygote64: runtime.cc:669] "main" prio=10 tid=1 Runnable (still starting up)
F zygote64: runtime.cc:669] | group="" sCount=0 ucsCount=0 flags=0 obj=0x0 self=0xb4000072de0f4010
...
Bug: 205880718
Test: bootchart test.
Signed-off-by: Ji Luo <ji.luo@nxp.com>
Change-Id: Ia7d166605cd0b58849cb44d9a16dc3c73e1d4353
Remove these SELinux attributes since the apexd and init SELinux policies
no longer rely on these attributes.
The only difference between a previous version of this patch and the
current patch is that the current patch moves these attributes to the
'compat' policy. See also
https://android-review.googlesource.com/c/platform/system/sepolicy/+/1850656.
This patch includes a revert of commit 8b2b951349 ("Restore permission
for shell to list /sys/class/block"). That commit is no longer necessary
since it was a bug fix for the introduction of the sysfs_block type.
Bug: 202520796
Test: source build/envsetup.sh && lunch aosp_x86_64 && m && launch_cvd && adb -e shell dmesg | grep avc
Change-Id: Id7d32a914e48bc74da63d87ce6a09f11e323c186
Signed-off-by: Bart Van Assche <bvanassche@google.com>
Bug: 203385941
Test: config ro.config.per_app_memcg=true && turn on the screen && leave it for 11 minutes
Change-Id: I7eac9c39f2ed0d9761852dbe2a26d54c27b72237
Bug: 185400304
Buh: 201957239
Test: mm
This CL was merged to sc-dev, but reverted due to wrong Merged-In tag.
It resulted in mismatch between sc-dev and other branches like aosp,
internal main, etc. This change needs to reland on sc-dev.
Ignore-AOSP-First: already merged in AOSP; this is a reland
(cherry picked from commit 407b21b3cd)
Change-Id: I66703249de472bc6da16b147a69803ff141c54d3
As a side effect, commit ec50aa5180 ("Allow the init and apexd
processes to read all block device properties") removed permission for
the shell context to list the /sys/class/block directory. There is a
CTS test that relies on this (CtsNativeEncryptionTestCases), so grant
permission to do this again.
Bug: 196521739
Bug: 194450129
Test: Before this change, 'adb shell ls /sys/class/block' fails.
After this change, 'adb shell ls /sys/class/block' succeeds.
Change-Id: I87cb90880f927db1385887b35c84f4dd7f95021b
Merged-In: I87cb90880f927db1385887b35c84f4dd7f95021b
(cherry picked from commit ff53c4d16e)
As a side effect, commit ec50aa5180 ("Allow the init and apexd
processes to read all block device properties") removed permission for
the shell context to list the /sys/class/block directory. There is a
CTS test that relies on this (CtsNativeEncryptionTestCases), so grant
permission to do this again.
Bug: 196521739
Bug: 194450129
Test: Before this change, 'adb shell ls /sys/class/block' fails.
After this change, 'adb shell ls /sys/class/block' succeeds.
Change-Id: I87cb90880f927db1385887b35c84f4dd7f95021b
Merged-In: I87cb90880f927db1385887b35c84f4dd7f95021b
As a side effect, commit ec50aa5180 ("Allow the init and apexd
processes to read all block device properties") removed permission for
the shell context to list the /sys/class/block directory. There is a
CTS test that relies on this (CtsNativeEncryptionTestCases), so grant
permission to do this again.
Bug: 196521739
Bug: 194450129
Test: Before this change, 'adb shell ls /sys/class/block' fails.
After this change, 'adb shell ls /sys/class/block' succeeds.
Change-Id: I87cb90880f927db1385887b35c84f4dd7f95021b
Add deleteAllKeys to IKeystoreMaintenance and allow vold to call it.
Allow vold to read the property
`ro.crypto.metadata_init_delete_all_keys.enabled`
Bug: 187105270
Test: booted twice on Cuttlefish
Ignore-AOSP-First: no merge path to this branch from AOSP.
Merged-In: I2fb0e94db9d35c1f19ca7acb2f541cfb13c23524
Change-Id: I2fb0e94db9d35c1f19ca7acb2f541cfb13c23524
Add debug property name with phone id.
Bug: 194281028
Test: Build and verified there is no avc denied in the log
Change-Id: Ia7ca93a3390b2f59e894ca7ebce4cae9c0f83d28
Merged-In: Ia7ca93a3390b2f59e894ca7ebce4cae9c0f83d28
Add deleteAllKeys to IKeystoreMaintenance and allow vold to call it.
Allow vold to read the property
`ro.crypto.metadata_init_delete_all_keys.enabled`
Bug: 187105270
Test: booted twice on Cuttlefish
Change-Id: I2fb0e94db9d35c1f19ca7acb2f541cfb13c23524
Addressing b/194450129 requires configuring the I/O scheduler and the
queue depth of loop devices. Doing this in a generic way requires
iterating over the block devices under /sys/class/block and also to
examine the properties of the boot device (/dev/sda). Hence this patch
that allows 'init' and 'apexd' to read the properties of all block
devices. The patch that configures the queue depth is available at
https://android-review.googlesource.com/c/platform/system/core/+/1783847.
Bug: 194450129
Test: Built Android images, installed these on an Android device and verified that modified init and apexd processes do not trigger any SELinux complaints.
Ignore-AOSP-First: This patch is already in AOSP.
Merged-In: Icb62449fe0d21b3790198768a2bb8e808c7b968e
Change-Id: Icb62449fe0d21b3790198768a2bb8e808c7b968e
Signed-off-by: Bart Van Assche <bvanassche@google.com>
