Commit graph

22723 commits

Author SHA1 Message Date
Kiyoung Kim
b8f4e9280c Merge "Allow linkerconfig to be executed from recovery" 2019-12-13 01:09:58 +00:00
Roshan Pius
fbfcfe7de9 sepolicy: Add filegroup for wifi apex
Bug: 146163587
Test: atest wifi_e2e_tests
Change-Id: I4238f585fb535f163e39a7ac1c61cb04bb15eacd
2019-12-12 15:01:17 -08:00
Ashwini Oruganti
e80d00ff34 gmscore_app: suppress denials for system_data_file
This denial is generally a sign that apps are attempting to access
encrypted storage before the ACTION_USER_UNLOCKED intent is delivered.
Suppress this denial to prevent logspam.

While gmscore_app is running in permissive mode, there might be other
denials for related actions (that won't show up in enforcing mode after
the first action is denied). This change adds a bug_map entry to track
those denials and prevent presubmit flakes.

Bug: 142672293
Test: Happy builds
Change-Id: Id2f8f8ff5cde40e74be24daa0b1100b91a7a4dbb
2019-12-12 14:38:40 -08:00
Songchun Fan
f3380b151d selinux config for Incremental service
BUG: 136132412
Test: boots
Change-Id: I0bff222af54d617b7c849bbed6fa52b96d945e32
2019-12-12 22:01:00 +00:00
Ytai Ben-tsvi
8f7a81ef5d Merge changes I7620902b,Ia7cb4f84,Iff95982d
* changes:
  Allow audio_server to access soundtrigger_middleware service
  Allow soundtrigger_middleware system service
  Allow system service to access audio HAL (for soundtrigger)
2019-12-12 21:42:23 +00:00
Songchun Fan
7a9f01d159 Merge "selinux config for data loader manager service" 2019-12-12 19:50:40 +00:00
Ytai Ben-Tsvi
43a474271f Allow audio_server to access soundtrigger_middleware service
In order to update it when external capture is taking place.

Change-Id: I7620902bfdd93b3f80f3ab2921b6adae2e77166f
Bug: 142070343
2019-12-12 10:56:35 -08:00
Ytai Ben-Tsvi
29c819c015 Allow soundtrigger_middleware system service
New system service, intended to replace all of the soundtrigger
middleware.

Change-Id: Ia7cb4f8436719ca3bf71ea4c2bc32995568ff01d
Bug: 142070343
2019-12-12 10:56:35 -08:00
Ytai Ben-Tsvi
3b1a106957 Allow system service to access audio HAL (for soundtrigger)
Change-Id: Iff95982db276d3622cbfaf7bf7d04e7e1427926c
Bug: 142070343
2019-12-12 10:56:35 -08:00
Treehugger Robot
a5328d2614 Merge "Allow gmscore to ptrace itself" 2019-12-12 15:40:37 +00:00
Treehugger Robot
7e5c0ec673 Merge "Allow tethering find netork stack service" 2019-12-12 12:31:26 +00:00
markchien
c5aa4845d0 Allow tethering find netork stack service
Allow tethering service which is running in the same process as network
stack service "find" network stack service. Original design is passing
network_stack binder to tethering service directly when tethering
service is created. To allow creating tethering service and network
stack service in parallel. Let tethering service query network_stack
binder instead.

Bug: 144320246
Test: boot, flash, build
      OFF/ON hotspot

Change-Id: Ife0c2f4bdb2cfee4b5788d63d1cfc76af0ccc33c
2019-12-12 12:54:57 +08:00
Songchun Fan
c111e5a9b3 selinux config for data loader manager service
Test: boots
Change-Id: If489054a51838d4215202b5768d46c6278ed1aa2
2019-12-11 17:09:44 -08:00
Ashwini Oruganti
9ba277df83 Allow gmscore to ptrace itself
This is needed to debug native crashes within the gmscore app.

Now that GMS core is running in gmscore_app and not in the priv_app
domain, we need this rule for the new domain. This also adds an
auditallow to the same rule for priv_app, so we can delete it once no
logs show up in go/sedenials for this rule triggerring.

Bug: 142672293
Test: TH
Change-Id: I7d28bb5df1a876d0092758aff321e62fa2979694
2019-12-11 17:09:05 -08:00
Treehugger Robot
84307d501f Merge "Allow GMS core to call dumpsys storaged" 2019-12-11 22:25:55 +00:00
Chris Weir
6ad4f3207a Merge "Modify SEPolicy to support SLCAN" 2019-12-11 21:25:14 +00:00
Ashwini Oruganti
7493bb52c1 Allow GMS core to call dumpsys storaged
Now that GMS core is running in gmscore_app and not priv_app, we need
this rule for the new domain. This also adds an auditallow to the same
rule for priv_app, so we can delete it once no logs show up in
go/sedenials for this rule triggerring.

Bug: 142672293
Test: TH
Change-Id: I308d40835156e0c19dd5074f69584ebf1c72ad58
2019-12-11 12:49:04 -08:00
Nikita Ioffe
8330719908 Merge "Allow init to read /sys/block/dm-XX/dm/name" 2019-12-11 18:40:21 +00:00
Anton Hansson
5ebc4dc792 Add ro.build.version.extensions. policy
Public-readable int sysprops for the extension versions
will be in this bucket, e.g. ro.build.version.extensions.r

Bug: 137191822
Bug: 143937447
Test: boot and getprop ro.build.version.extensions.r
Change-Id: I200165d8903221b2d5b824e4eea77ef933919b74
2019-12-11 14:52:55 +00:00
Jeffrey Vander Stoep
9a38c23cee Merge "system_server: allow signull signal on zygote" 2019-12-11 08:42:22 +00:00
Kiyoung Kim
2c271aab42 Allow linkerconfig to be executed from recovery
Add extra policy to enable linkerconfig to be executed from recovery.

Bug: 139638519
Test: Tested from crosshatch recovery
Change-Id: I40cdea4c45e8a649f933ba6ee73afaa7ab3f5348
2019-12-11 15:50:35 +09:00
Treehugger Robot
fa7898c3b6 Merge "Set odm and vendor build.version.incremental to be publicly readable" 2019-12-11 03:50:54 +00:00
Kiyoung Kim
cd74ef82fd Merge "Move linker config under /linkerconfig" 2019-12-11 02:55:06 +00:00
Treehugger Robot
45bc889a23 Merge "Allow telephony access to platform_compat" 2019-12-11 00:35:28 +00:00
David Anderson
d2a70f100b Enable gsid to read /sys/fs/f2fs
gsid needs access to /sys/fs/f2fs/<dev>/features to detect whether
pin_file support is enabled in the kernel.

Bug: 134949511
Test: libsnapshot_test gtest
Change-Id: I5c7ddba85c5649654097aa51285d7fa5c53f4702
2019-12-10 16:28:59 -08:00
Treehugger Robot
898a71352c Merge "Allow PermissionController app to to request and collect incident reports" 2019-12-10 18:25:44 +00:00
Treehugger Robot
596f644c2d Merge "Allow dumping vibrator HAL." 2019-12-10 17:47:35 +00:00
Kenny Root
6a9f7b265a Merge "Support Resume on Reboot" 2019-12-10 12:59:35 +00:00
Jeff Vander Stoep
4ae2aa7895 system_server: allow signull signal on zygote
This can be used as an existence check on a process
before calling kill (which is already granted).

Addresses:
avc: denied { signull } for comm="Binder:1328_1"
scontext=u:r:system_server:s0 tcontext=u:r:webview_zygote:s0
tclass=process permissive=0

Bug: 143627693
Test: build
Change-Id: I01dfe3c0cb2f4fec2d1f1191ee8243870cdd1bc6
2019-12-10 11:40:10 +01:00
Ashwini Oruganti
73e1229c96 Allow PermissionController app to to request and collect incident reports
This change adds rules related to incidentd and incident_service.

Bug: 142672293
Test: TH
Change-Id: I578ad5f1d893b9f640983d44eed770d0933ebf60
2019-12-09 16:38:20 -08:00
Oliver Nguyen
fad5f819e7 Clang coverage also enables global write to /data/misc/trace.
Bug: 143977934
Test: kill -37 <pid>, check for file in /data/misc/trace and no selinux
denials

Change-Id: I0d61f9ed4cae9b27694434521d6a066b22ae5f6c
2019-12-09 16:37:59 -08:00
Kenny Root
76ea325a3d Support Resume on Reboot
When an OTA is downloaded, the RecoverySystem can be triggered to store
the user's lock screen knowledge factor in a secure way using the
IRebootEscrow HAL. This will allow the credential encrypted (CE)
storage, keymaster credentials, and possibly others to be unlocked when
the device reboots after an OTA.

Bug: 63928581
Test: make
Test: boot emulator with default implementation
Test: boot Pixel 4 with default implementation
Change-Id: I1f02e7a502478715fd642049da01eb0c01d112f6
2019-12-09 14:25:04 -08:00
Nikita Ioffe
23ba976f34 Allow init to read /sys/block/dm-XX/dm/name
In order to remount ext4 userdata into checkpointing mode, init will
need to delete all devices from dm-stack it is mounted onto (e.g.
dm-bow, dm-crypto). For that it needs to get name of a dm-device by
reading /sys/block/dm-XX/dm/name file.

Test: adb shell setprop sys.init.userdata_remount.force_umount_f2fs 1
Test: adb shell /system/bin/vdc checkpoint startCheckpoint 1
Test: adb reboot userspace
Test: adb shell dumpsys activity
Bug: 135984674
Bug: 143970043
Change-Id: I919a4afdce8a4f88322f636fdf796a2f1a955d04
2019-12-09 21:21:55 +00:00
Steven Moreland
7ebce7d666 Allow dumping vibrator HAL.
Was missing permission to write to dumpstate's file, so this was failing
to dump.

Fixes: 145776393
Test: bugreport now shows:
-------------------------------------------------------------------------------
DUMP OF SERVICE android.hardware.vibrator.IVibrator/default:
HIDL:
...

Kernel:
...

(note, will fix 'HIDL' reference from AIDL HAL separately).

Change-Id: I5fbd55a4dbbd31a9c08260a247559e3dbd9a4046
2019-12-09 11:17:55 -08:00
Oli Lan
91ce5b9c22 Add type for directories containing snapshots of apex data.
This adds a new apex_rollback_data_file type for the snapshots (backups)
of APEX data directories that can be restored in the event of a rollback.

Permission is given for apexd to create files and dirs in those directories
and for vold_prepare_subdirs to create the directories.

See go/apex-data-directories for details.

Bug: 141148175
Test: Built and flashed, checked directory was created with the correct
type.

Change-Id: I94b448dfc096e5702d3e33ace6f9df69f58340fd
2019-12-09 11:16:24 +00:00
Oli Lan
79b4e1af4a Add type for APEX data directories.
This adds a new apex_module_data_file type for the APEX data directories
under /data/misc/apexdata and /data/misc_[de|ce]/<u>/apexdata.

Permission is given for vold to identify which APEXes are present and
create the corresponding directories under apexdata in the ce/de user
directories.

See go/apex-data-directories.

Bug: 141148175
Test: Built & flashed, checked directories were created.
Change-Id: I95591e5fe85fc34f7ed21e2f4a75900ec2cfacfa
2019-12-09 11:14:38 +00:00
Hridya Valsaraju
004539ef7c Add sepolicy for binderfs
/dev/binder, /dev/hwbinder and /dev/vndbinder are relocating
to /dev/binderfs/binder /dev/binderfs/hwbinder and
/dev/binderfs/vndbinder. This patch adds the sepolicy to
allow the switch.

The following are some of the denials that get taken care of by this
patch(there are too many to copy).

audit(1575835230.863:16): avc: denied { search } for comm="servicemanager" name="/" dev="binder" ino=1 scontext=u:r:servicemanager:s0 tcontext=u:object_r:unlabeled:s0 tclass=dir permissive=1
audit(1575835230.863:16): avc: denied { read } for comm="servicemanager" name="binder" dev="binder" ino=4 scontext=u:r:servicemanager:s0 tcontext=u:object_r:unlabeled:s0 tclass=chr_file permissive=1
audit(1575835230.863:17): avc: denied { write } for comm="servicemanager" name="binder" dev="binder" ino=4 scontext=u:r:servicemanager:s0 tcontext=u:object_r:unlabeled:s0 tclass=chr_file permissive=1
audit(1575835230.863:17): avc: denied { open } for comm="servicemanager" path="/dev/binderfs/binder" dev="binder" ino=4 scontext=u:r:servicemanager:s0 tcontext=u:object_r:unlabeled:s0 tclass=chr_file permissive=1
audit(1575835230.863:18): avc: denied { ioctl } for comm="servicemanager" path="/dev/binderfs/binder" dev="binder" ino=4 ioctlcmd=0x6209 scontext=u:r:servicemanager:s0 tcontext=u:object_r:unlabeled:s0 tclass=chr_file permissive=1
audit(1575835230.863:19): avc: denied { map } for comm="servicemanager" path="/dev/binderfs/binder" dev="binder" ino=4 scontext=u:r:servicemanager:s0 tcontext=u:object_r:unlabeled:s0 tclass=chr_file permissive=1
audit(1575835230.867:20): avc: denied { search } for comm="vndservicemanag" name="/" dev="binder" ino=1 scontext=u:r:vndservicemanager:s0 tcontext=u:object_r:unlabeled:s0 tclass=dir permissive=1
audit(1575835230.867:20): avc: denied { read } for comm="vndservicemanag" name="vndbinder" dev="binder" ino=6 scontext=u:r:vndservicemanager:s0 tcontext=u:object_r:unlabeled:s0 tclass=chr_file permissive=1
audit(1575835230.867:21): avc: denied { write } for comm="vndservicemanag" name="vndbinder" dev="binder" ino=6 scontext=u:r:vndservicemanager:s0 tcontext=u:object_r:unlabeled:s0 tclass=chr_file permissive=1
audit(1575835230.867:21): avc: denied { open } for comm="vndservicemanag" path="/dev/binderfs/vndbinder" dev="binder" ino=6 scontext=u:r:vndservicemanager:s0 tcontext=u:object_r:unlabeled:s0 tclass=chr_file permissive=1
audit(1575835230.867:22): avc: denied { ioctl } for comm="vndservicemanag" path="/dev/binderfs/vndbinder" dev="binder" ino=6 ioctlcmd=0x6209 scontext=u:r:vndservicemanager:s0 tcontext=u:object_r:unlabeled:s0 tclass=chr_file permissive=1
audit(1575835230.867:23): avc: denied { map } for comm="vndservicemanag" path="/dev/binderfs/vndbinder" dev="binder" ino=6 scontext=u:r:vndservicemanager:s0 tcontext=u:object_r:unlabeled:s0 tclass=chr_file permissive=1
audit(1575835230.871:25): avc: denied { search } for comm="hwservicemanage" name="/" dev="binder" ino=1 scontext=u:r:hwservicemanager:s0 tcontext=u:object_r:unlabeled:s0 tclass=dir permissive=1
audit(1575835238.351:72): avc: denied { search } for comm="android.hardwar" name="proc" dev="binder" ino=1048586 scontext=u:r:hal_configstore_default:s0 tcontext=u:object_r:unlabeled:s0 tclass=dir permissive=1

Test: boots without any issues when binderfs in enabled.
Bug: 136497735

Change-Id: Ib0f8f2156c960eb7b394dd7c79ae96c7da8bc213
2019-12-08 13:14:04 -08:00
Treehugger Robot
ecb84f87d8 Merge "Add property to skip idle for zram writeback" 2019-12-07 00:12:04 +00:00
Zach Johnson
759e45856b Merge "Add sepolicy for bluetooth apex" 2019-12-06 23:20:27 +00:00
Jaegeuk Kim
aec7c5fed4 Merge "block: allow init.rc to tune max discard size" 2019-12-06 21:59:19 +00:00
Jing Ji
dd1b53c143 Merge "Allow system_server to send signull to appdomain" 2019-12-06 21:25:35 +00:00
Hall Liu
d29fc6a99a Allow telephony access to platform_compat
Allow telephony to access platform_compat in order to log app failures
related to security fixes that we've made.

Bug: 144631034
Test: manual
Change-Id: Ibf783f0eb306061136fe0a57023d01344253eef0
2019-12-06 13:18:21 -08:00
Jing Ji
debb1d523f Allow system_server to send signull to appdomain
In order to check the process existence by using kill(pid, 0)

Bug: 141857656
Test: manual
Change-Id: I7b9f3e5294449a521ef92b2054b4409afbf4306b
2019-12-06 11:07:23 -08:00
Treehugger Robot
09ecf475e9 Merge "Add sepolicy for AppIntegrityService." 2019-12-06 18:37:02 +00:00
Tomasz Wasilczyk
e7f2a17b2e Merge "Allow vendor-init selecting Vehicle HAL instance to use." 2019-12-06 16:55:48 +00:00
Srinivas Paladugu
7e31e9e541 Add property to skip idle for zram writeback
Vendors should be able set this property

Bug: 141756630
Test: Device boots up and zram writeback works
Change-Id: I0618df43579b3b63510df84e88bbcfd5e00abb16
2019-12-06 08:34:04 -08:00
Anton Hansson
902f4fe2e6 Merge "Add sepolicy for sdkext module prop" 2019-12-06 11:13:03 +00:00
Amit Mahajan
f32216ae46 Merge "Create telephony apex." 2019-12-06 05:13:29 +00:00
Treehugger Robot
eac0c5a190 Merge "[incremental] checking in apex configs in selinux" 2019-12-06 04:17:51 +00:00
Treehugger Robot
3913d4ba56 Merge "Add file_contexts for apex com.android.cronet" 2019-12-06 03:57:35 +00:00