via opening/closing a PF_KEY socket (this mirrors netd's privs)
Bug: 173167302
Test: m
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ia2c2cb52c4ec9149db29dc86a7927e3432bd2b9b
debugfs_tracing can only be accessed by tracing tools provided by the
platform.
Bug: 172028429
Test: boot with no relevant log showing up
Change-Id: I412dd51a1b268061c5a972488b8bc4a0ee456601
The updatable and non-updatable permission manager cannot share one
AIDL, so we need to create a new system service for the non-updatable
legacy one, and add the SELinux policy for it.
Bug: 158736025
Test: presubmit
Change-Id: Ief8da6335e5bfb17d915d707cf48f4a43332f6ae
Bug: 169279846
Test: atest bpf-time-in-state-tests
Test: verified that the time-in-state BPF prog still loads into
the kernel with no errors and gets attached without errors
Change-Id: If74632ae6f72e0371fea844d4ba7bef9260d1bdb
Using the installed locations for the sepolicy contexts tests
causes checkbuilds to incorrectly install the files, and races
with the packaging rules to cause them to be non-deterministically
included in the final NOTICE files or images. Use the intermediates
location instead.
Fixes: 174692639
Test: mmma system/sepolicy
Change-Id: Iea6869583b634f6018915934a1576fc283c106b2
Add additional sepolicy so linkerconfig in Runtime APEX can be executed
from init.
Bug: 165769179
Test: Cuttlefish boot succeeded
Change-Id: Ic08157ce4c6a084db29f427cf9f5ad2cb12e50dd
To prevent the attribute from being optimized away.
Test: m selinux_policy
Test: investigate sys/fs/selinux/policy
Change-Id: I5340425f491afdf863d9b670492c0dcb24835932
18ccf9725e
Revert submission 1498525-revert-1499099-revert-1450615-mac-address-restrictions-MNRMVNXRJM-OSETMCLBXY
Reason for revert: b/173384499#comment21
Reverted Changes:
I320d3bcf8:Revert^2 "Enforce RTM_GETLINK restrictions on all ...
I51c83733c:Revert^2 "Return anonymized MAC for apps targeting...
I0e8280c74:Revert "Revert "Updates tests for untrusted app MA...
Ia9f61819f:Revert^2 "Soft-enables new MAC address restriction...
Change-Id: I35a00e187f1b39f6aaa777709fb948f840565a82
Pass pctx and ctx to NewRuleBuilder instead of RuleBuilder.Build,
and don't pass ctx to RuleBuilderCommand.BuiltTool. Follows the
changes in I63e6597e19167393876dc2259d6f521363b7dabc.
Test: m checkbuild
Change-Id: I372e8ecc3c4ea7ca8f66a8e1054eddd1a9af9dbd
the cgroups v2 uid/gid hierarchy will replace cgroup for all sepolicy
rules. For this reason, old rules have to be duplicated to cgroup_v2,
plus some rules must be added to allow the ownership change for cgroup
files created by init and zygote.
Test: booted device, verified correct access from init, system_server
and zygote to the uid/pid cgroup files
Change-Id: I80c2a069b0fb409b442e1160148ddc48e31d6809
tests/sepolicy_tests.py has been checking whether the property owner
attributes are mutually exclusive. This is because current policy
language can't express the following snippet:
neverallow domain {
system_property_type && vendor_property_type
}:file no_rw_file_perms;
neverallow domain {
system_property_type && vendor_property_type
}:property_service set;
This uses technical_debt.cil to workaround this.
Bug: 171437654
Test: Try to compile a type having both system_property_type and
vendor_property_type
Change-Id: Ic65f2d00aa0f2fb7f5d78331b0a26e733fcd128e
set_prop(hal_wifi, wifi_hal_prop) violates a neverallow rule
on PRODUCT_SHIPPING_API_LEVEL=28 b/173611344#comment20
Bug: 173611344
Test: m
Change-Id: I56ff953e196777ffdc7a8ca92bcf788e3431aaac
Define access rights to new per-API level task profiles and cgroup
description files under /etc/task_profiles/.
Bug: 172066799
Test: boot with per-API task profiles
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I04c9929fdffe33a9fc82d431a53f47630f9dcfc3
One day we won't need this mechanism any more & can remove all traces
of it.
Bug: 141677108
Test: builds
Change-Id: I95525a163ab4f19d8ca411c02a3c06498c6777ef
The new geotz module has files that need to be readable by the system
process.
Bug: 172546738
Test: build / boot
Change-Id: I4b9867fa1f738b0fabdf5b72e9e73282f1bd9cbc
Restrict access to controlling snapuserd via ctl properties. Allow
update_engine to control snapuserd, and connect/write to its socket.
update_engine needs this access so it can create the appropriate dm-user
device (which sends queries to snapuserd), which is then used to build
the update snapshot.
This also fixes a bug where /dev/dm-user was not properly labelled. As a
result, snapuserd and update_engine have been granted r_dir_perms to
dm_user_device.
Bug: 168554689
Test: full ota with VABC enabled
Change-Id: I1f65ba9f16a83fe3e8ed41a594421939a256aec0
VTS tests require access to cgroups.json system and vendor files. Enable
read access to these files from shell.
Bug: 172868075
Test: vts_processgroup_validate_test
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I16ad13729e10c4e033499351761b163cad7cef34
These are read by some apps, but don't have any corresponding property
contexts. This adds a new context as we're going to remove default_prop
access.
Bug: 173360450
Test: no sepolicy denials
Change-Id: I9be28d8e641eb6380d080150bee785a3cc304ef4
