Keystore2 atoms need to be rounted to statsd via a proxy.
The proxy needs to have this permission in order to pull metrics from
keystore.
Ignore-AOSP-First: No mergepath to AOSP.
Bug: 188590587
Test: Statsd Testdrive script
Change-Id: Ic94f4bb19a08b6300cfd2d3ed09b31d5b7081bfd
Merged-In: Ic94f4bb19a08b6300cfd2d3ed09b31d5b7081bfd
(cherry picked from commit 61d07e7ce0)
These denials were found in the logs of a test failure that entered
recovery mode.
Recovery uses libfs_mgr which reads /proc/bootconfig.
Test: Boot device into recovery and check for "avd: denied" logs
Bug: 191904998
Bug: 191737840
Ignore-AOSP-First: Merged-In not used to allow the change in prebuilts to merge
Change-Id: I96ae514cfd68856717e143d295f2838a7d0eff14
Bug: 187386527
Test: Boot and confirm HAL is up
Signed-off-by: Michael Ayoubi <mayoubi@google.com>
Change-Id: I2abf108f2504997b06c0269f905608d8063cb3b4
Merged-In: I2abf108f2504997b06c0269f905608d8063cb3b4
Bug: 187386527
Test: Boot and confirm HAL is up
Signed-off-by: Michael Ayoubi <mayoubi@google.com>
Change-Id: I2abf108f2504997b06c0269f905608d8063cb3b4
Merged-In: I2abf108f2504997b06c0269f905608d8063cb3b4
This change adds a neverallow rule in traced.te to limit the processes
that can find tracingproxy_service, the context for TracingServiceProxy.
I wanted to avoid moving the tracingproxy_service definition to public,
so there were a few services that are exempted from this neverallow
rule.
Bug: 191391382
Test: Manually verified that with this change, along with the other
change in this topic, I see no errors when taking a bugreport while a
Traceur trace is running and the expected trace is included in the
generated bugreport.
Change-Id: I28d0b1b08baac43a53fe5a1ff0f67b788d51dc74
Merged-In: I8658df0db92ae9cf4fefe2eebb4d6d9a5349ea89
Fixes: 191919967
Test: triggered bug on cf by running
m dist && python3 system/update_engine/scripts/update_device.py out/dist/cf_x86_64_phone-ota-eng.dariofreni.zip
Change-Id: I7a3abfdecd2d2276a291ab6c1ffe9a7d3f5fd60a
Merged-In: I7a3abfdecd2d2276a291ab6c1ffe9a7d3f5fd60a
Ignore-AOSP-first: this branch is not merging aosp changes anymore.
The primary goal is to have an ashmem region shared between the main app
process in Chrome (=Browser Process) and the app zygote. It can only be
passed from the App Zygote, since there is no communication in the other
direction. Passing of the file descriptor should happen by:
(A) inheriting via fork(2)
(B) using binder IPC
Currently ashmem FDs are sufficiently allowed to be mmap(2)-ed in all
Chrome processes. The mode of mapping (read-only, read-write etc.) is
controlled by the settings of the region itself, not by sepolicy.
This change additionally allows an FD created in the app zygote to be
passed to the 'untrusted_app' domain.
Note: This change allows *any* FD, not just an ashmem one to be passed.
This is on purpose: in the future we will likely want to return to the
memfd story. Other usecases (pipes, sockets) might appear.
The app zygote preload takes the responsibility not to share
capabilities in the form of FDs unintentionally with other app
processes.
Historical note: we tried to enable this for memfd (using additional
rules), but it required a 'write' permission when sending an FD. Reasons
for that are still puzzling, and there seems to be no easy workaround
for it. Decision: use ashmem.
Bug: 184808875
Test: Manual: Build and install Chrome (trichrome_chrome_google_bundle)
from [1]. Make sure FileDescriptorAllowlist allows the FD, like
[2]. Reach a NewTabPage, click on a suggested page, observe no
errors related to binder transactions and selinux violations.
[1] A change in Chrome to create an ashmem region during app zygote
preload and pass it to the browser process:
https://crrev.com/c/2752872/29
[2] Allowlist change in review:
https://android-review.googlesource.com/c/platform/frameworks/base/+/1739393
(Alternatively: Remove gOpenFdTable checks in ForkCommon() in
com_android_internal_os_Zygote.cpp)
Change-Id: Ide085f472c8fb6ae76ab0b094319d6924552fc02
Ignore-AOSP-First: in addition to changes in AOSP, copied to prebuilts
This change adds a neverallow rule in traced.te to limit the processes
that can find tracingproxy_service, the context for TracingServiceProxy.
I wanted to avoid moving the tracingproxy_service definition to public,
so there were a few services that are exempted from this neverallow
rule.
Bug: 191391382
Test: Manually verified that with this change, along with the other
change in this topic, I see no errors when taking a bugreport while a
Traceur trace is running.
Change-Id: I8658df0db92ae9cf4fefe2eebb4d6d9a5349ea89
Bug: 187386527
Test: Boot and confirm HAL is up
Signed-off-by: Michael Ayoubi <mayoubi@google.com>
Change-Id: Ia866a9a72b6f2ea5b31de25baefd13c2fd0b9c22
Merged-In: Ia866a9a72b6f2ea5b31de25baefd13c2fd0b9c22
Add a permission to use the graphics allocator.
Bug: 191094033
Test: Build a target and run the service after enforcing selinux
Ignore-AOSP-First: aosp won't auto merge to sc-dev
Change-Id: I52b6851bb95565c92fc4774a2de1f0791e6fdd23
Align the chagnes in aosp/1729396
Bug: 189787375
Test: AppDataIsolationTests
Ignore-AOSP-First: aosp won't auto merge to sc-dev
Change-Id: Ibf915e23e7db9c333e87cad75604d8251404092e
These properties allow to vendors to provide their
own camera2 extensions service. The properties
must be accesible to any android app that wishes
to use camera2 extensions.
Bug: 183533362
Change-Id: I94c7ac336b3103355124830320787472f0d2a8b6
Merged-In: I94c7ac336b3103355124830320787472f0d2a8b6
apexd needs to call the following two ioctls:
* FS_COMPR_FL - to check if fs supports compression.
* F2FS_IOC_RELEASE_COMPRESS_BLOCKS - to release compressed blocks.
Bug: 188859167
Test: m
Change-Id: Ia105d3dbcd64286cc33d1e996b2d2b85c09eae7a
Merged-In: Ia105d3dbcd64286cc33d1e996b2d2b85c09eae7a
(cherry picked from commit a12ba8a439)
Add app_api_service to pac_proxy_service so that
it can be reach by Cts tests.
Ignore-AOSP-First: this is cherry-pick and add a change in
prebuilts/api/31.0 which is a path doesn't exist in AOSP
Bug: 181745786
Test: build, CtsNetTestCases:PacProxyManagetTest
Change-Id: I9bf4ff810635aa5b3cbf984b77b547aa96cdd543
Add sys.usb.mtp.batchcancel to usb_config_prop to allow
mediaprovider to read this property.
Bug: 181729410
Test: boot the device, and confirm the property could be read
Change-Id: I2964efde0cc831bb7e91fcafb7b35e57438ef306
Merged-In: I44b2d9c36bfa439cdbf8b8a874ead424381e3e50
(cherry picked from commit 07bb5d076a)
apexd needs to call the following two ioctls:
* FS_COMPR_FL - to check if fs supports compression.
* F2FS_IOC_RELEASE_COMPRESS_BLOCKS - to release compressed blocks.
Bug: 188859167
Test: m
Change-Id: Ia105d3dbcd64286cc33d1e996b2d2b85c09eae7a
It is used for future xTS tests to read the raw files.
Bug: 190858091
Test: m
Merged-In: If1c7fd92772ff84d92a95fbee74f6c1f8d1cd365
Change-Id: If1c7fd92772ff84d92a95fbee74f6c1f8d1cd365
(cherry picked from commit abdc9739fc)
Apps should be able to share their private files over binder,
including system_app.
Bug: 188869889
Test: go to setting ==> system ==> multi-users ==> tap icon to change
profile photo with camera
Change-Id: I3dc732f727b9b697c9a73f6089392690109ae035
Merged-In: I3dc732f727b9b697c9a73f6089392690109ae035
Keystore2 atoms need to be rounted to statsd via a proxy.
The proxy needs to have this permission in order to pull metrics from
keystore.
Ignore-AOSP-First: No mergepath to AOSP.
Bug: 188590587
Test: Statsd Testdrive script
Change-Id: Ic94f4bb19a08b6300cfd2d3ed09b31d5b7081bfd
/proc/vmstat oom_kill counts the number of times __oom_kill_process
was actioned
(https://lore.kernel.org/lkml/149570810989.203600.9492483715840752937.stgit@buzz/)
We want to record this in the context of system_server for tracking
purposes.
Bug: 154233512
Change-Id: I27bcbcd5d839e59a1dca0e87e2f4ae107201654c
Merged-In: I27bcbcd5d839e59a1dca0e87e2f4ae107201654c
Test: build, verify vmstat can be read
Steps taken to produce the mapping files:
1. Add prebuilts/api/31.0/plat_pub_versioned.cil from the
/vendor/etc/selinux/plat_pub_versioned.cil file built on sc-dev with
lunch target aosp_arm64-eng. Add prebuilts/api/31.0/vendor_sepolicy.cil
as an empty file.
2. Add new file private/compat/31.0/31.0.cil by doing the following:
- copy /system/etc/selinux/mapping/31.0.cil from sc-dev aosp_arm64-eng
device to private/compat/31.0/31.0.cil
- remove all attribute declaration statement (typeattribute ...) and
sort lines alphabetically
- some selinux types were added/renamed/deleted w.r.t 31 sepolicy.
Find all such types using treble_sepolicy_tests_31.0 test.
- for all these types figure out where to map them by looking at
30.0.[ignore.]cil files and add approprite entries to 31.0.[ignore.]cil.
This change also enables treble_sepolicy_tests_31.0 and installs
31.0.cil mapping file onto the device.
Bug: 189161483
Test: m treble_sepolicy_tests_31.0
Test: m 31.0_compat_test
Test: m selinux_policy
Change-Id: I6264b9cf77b80543dfea93157b45b864157e2b14
This commit adds fake 31.0 prebuilt. The prebuilt is based on AOSP
policy, but slightly modified so the set of types and attributes is a
subset of real 31.0 prebuilt (sc-dev policy).
Steps taken to make the fake prebuilt:
1) build plat_sepolicy.cil both on AOSP and sc-dev, with lunch target
aosp_arm64-eng.
2) diff both outputs to find out which types and attributes don't exist.
3) remove all relevant files and statements.
As a result, the following types are removed.
artd
artd_exec
artd_service
power_stats_service
transformer_service
virtualizationservice
virtualizationservice_data_file
virtualizationservice_exec
Bug: 189161483
Test: N/A, will do after adding 31.0 mapping files.
Change-Id: Ia957fc32b1838dae730d9dd7bd917d684d4a24cf
Merged-In: Ia4ea2999f4bc8ae80f13e51d99fba3e98e293447
Add shell permission to read apex-info-list.xml to S prebuilt
Ignore-AOSP-First:prebuilt for S
Test: TH
Bug: 186767843
Change-Id: I2bb14d4bce661f1b4daf1c486004271837f0d3c2
