tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
40263 commits 1 branch 0 tags 50 MiB
Commit graph

40263 commits

This branch
This branch
All branches
Author SHA1 Message Date
Steven Moreland
2b49b55037 Merge "Use EXCEPTION_NO_FUZZER as default in fuzzer bindings" am: f12e949b6c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2285495

Change-Id: I7a5a8ecf90bd186ab4327f7f21c1d9ae157c701e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-11-03 23:43:25 +00:00
Treehugger Robot
21a0f28f53 Merge "sepolicy: Allow fd propagation from camera to display" am: 63f8d969a9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2241509

Change-Id: I3826c2852ba42e2b41143bc62bfb81f0fc678563
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-11-03 23:42:51 +00:00
Steven Moreland
f12e949b6c Merge "Use EXCEPTION_NO_FUZZER as default in fuzzer bindings" 2022-11-03 23:29:47 +00:00
Treehugger Robot
63f8d969a9 Merge "sepolicy: Allow fd propagation from camera to display" 2022-11-03 23:12:43 +00:00
Pawan Wagh
704df9c0e5 Use EXCEPTION_NO_FUZZER as default in fuzzer bindings 
Bug: 257294037
Test: m
Change-Id: Iadc5cb3dde2a2b990e028e63a0cac8c5bdf6a0e4
 2022-11-03 20:54:33 +00:00
Seth Moore
eeeebd2ebe Merge "Limit special file permissions to the keymint server domain" am: 2a7198811a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2283654

Change-Id: I13b875ddf03403e353ed6839ddcececa2eb8150a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-11-03 19:12:39 +00:00
Seth Moore
2a7198811a Merge "Limit special file permissions to the keymint server domain" 2022-11-03 18:39:50 +00:00
Alfred Piccioni
3e1dc57bf4 Add NTFS support in sepolicy. 
This CR, when paired with a functional NTFS implementation and the
corresponding vold updates, will allow NTFS USB drives to be mounted
on Android.

Bug: 254407246

Test: Extensive testing with NTFS USB drives.
Change-Id: I259882854ac40783f6d1cf511e8313b1d5a04eef
 2022-11-03 16:02:51 +01:00
Seth Moore
970cfa5674 Limit special file permissions to the keymint server domain 
There are still some paths (potentially obsolete) on non-treble devices
where hal_keymint_client domains have the hal_keymint typeattribute
applied. In these cases, those domains also pick up the file access
permissions currently granted to hal_keymint.

Clean this up by limiting the permissions to hal_keymint_server only.

Test: VtsAidlKeyMintTargetTest
Change-Id: If1a437636824df254da245e7587df825b6963ed9
 2022-11-03 05:30:01 +00:00
John Reck
5e20f62f8e Add IAllocator-V2 
Test: build & boot

Change-Id: I970585e4ba593f7d72d5ff14423920b38c9d57af
 2022-11-01 15:19:03 -04:00
Steven Moreland
40b773826a Merge "Adding trusty-confirmationui service fuzzer binding." am: e5ff93de78 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2260343

Change-Id: I1cd4456f144d6360a9c4b920958f86854e4b3849
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-11-01 17:35:05 +00:00
Steven Moreland
e5ff93de78 Merge "Adding trusty-confirmationui service fuzzer binding." 2022-11-01 17:04:48 +00:00
Andrew Scull
54c71bab9c Merge "Revert "Allow vendors to set remote_prov_prop properties"" am: 2c818d9b32 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2279188

Change-Id: Iee78fae49a39e410b6336f6b0a8cd441b40d171d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-11-01 13:34:05 +00:00
Andrew Scull
2c818d9b32 Merge "Revert "Allow vendors to set remote_prov_prop properties"" 2022-11-01 13:11:03 +00:00
Treehugger Robot
35f66f735d Merge "Allow system_server to measure fs-verity" am: 7b988006d1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2280987

Change-Id: I635d2d50e77b44e17c659c07910b09d41ee8e2cc
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-11-01 09:35:20 +00:00
Treehugger Robot
7b988006d1 Merge "Allow system_server to measure fs-verity" 2022-11-01 08:58:34 +00:00
Yi-Yo Chiang
686d77913d remount: Allow 'shell' to run 'remount_exec' domain 
The domain of 'remount' used to be 'system_file', which is
read-executable by 'shell'. However when I submitted aosp/1878144, the
domain of 'remount' became 'remount_exec', and I forgot to allow
'shell' to read-execute the new 'remount_exec' domain.
This makes `adb remount` w/o root to produce sub-par error message:
  $ adb remount [-h]
  /system/bin/sh: remount: inaccessible or not found

Allow 'shell' to read-execute 'remount_exec', so that the user can get a
proper error message when not running as root, and help (-h) message can
be displayed:
  $ adb remount
  Not running as root. Try "adb root" first.
  $ adb remount -h
  Usage: remount ...

Bug: 241688845
Test: adb unroot && adb remount [-h]
Change-Id: I5c105eaffa7abddaf14a9d0120fd6b71749c7977
 2022-11-01 15:39:49 +08:00
Seigo Nonaka
2b4bcf73e0 Allow system_server to measure fs-verity 
Bug: 242892591
Test: atest GtsFontHostTestCases
Test: Manually verified the font files can be updated
Change-Id: Ic72fcca734dc7bd20352d760ec43002707e4c47d
 2022-11-01 16:21:20 +09:00
Katherine Lai
1784cebe21 Add bluetooth disable enhanced SCO connection am: 803f4e86c4 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2279187

Change-Id: Ic95ce3fcae7469be3389538ba6f09af10b859a63
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-11-01 02:25:20 +00:00
Syed Haq
ed5ecbbda2 sepolicy: Allow fd propagation from camera to display 
This is required to pass release fence FDs from camera to display

Test: Camera CTS
CRs-Fixed: 3184666
Bug: 234636443
Change-Id: I77884b37e254a9d56b8ec7b2e6dd71718f52d573
 2022-10-31 15:48:54 -07:00
Andrew Scull
edba76d514 Revert "Allow vendors to set remote_prov_prop properties" 
This reverts commit a87c7be419.

Reason for revert: I was mistaken and this isn't a property that the vendor should set, but the OEM should override from the product partition. That doesn't require sepolicy changes.

Bug: 256109167
Change-Id: Idebfb623dce960b2b595386ade1e4c4b92a6e402
 2022-10-31 18:27:29 +00:00
Katherine Lai
803f4e86c4 Add bluetooth disable enhanced SCO connection 
Bug: 255202220
Tag: #floss
Test: Manual
Change-Id: I79d8168e39e0e72335389ef5ba93e6c5ddf5a0af
 2022-10-31 17:52:52 +00:00
Andrew Scull
8d49c4a63e Merge "Allow vendors to set remote_prov_prop properties" am: c347dc28fa 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2276066

Change-Id: Ia3ac381302a58525f7d941109c9431b15b37c49c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-10-28 12:13:59 +00:00
Andrew Scull
c347dc28fa Merge "Allow vendors to set remote_prov_prop properties" 2022-10-28 11:35:49 +00:00
Andrew Scull
a87c7be419 Allow vendors to set remote_prov_prop properties 
Vendors should be able to set the `remote_provisioning.tee.rkp_only` and
`remote_provisioning.strongbox.rkp_only` properties via
PRODUCT_VENDOR_PROPERTIES so grant `vendor_init` the permission to set
them.

The property wasn't able to use `system_vendor_config_prop()` as
`remote_prov_app` has tests which override the properties.

Bug: 256109167
Test: manual test setting the property from device.mk for cuttlefish
Change-Id: I174315b9c0b53929f6a11849efd20bf846f8ca29
 2022-10-28 10:07:54 +00:00
Treehugger Robot
513aef79f4 Merge "Don't allow payload to connect to host" am: 7bff1e56bb 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2269868

Change-Id: I87c6e1c2631eae2ac226fae36878bdcb7db70292
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-10-28 08:29:52 +00:00
Treehugger Robot
1e67e77978 Merge "Grant dumpstate access to update engine prefs" am: 8718b20689 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2276128

Change-Id: I608da7475baa7e214fdf097f1375839428da4db1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-10-28 08:29:43 +00:00
Treehugger Robot
7bff1e56bb Merge "Don't allow payload to connect to host" 2022-10-28 08:13:13 +00:00
Treehugger Robot
8718b20689 Merge "Grant dumpstate access to update engine prefs" 2022-10-28 07:54:29 +00:00
Thiébaud Weksteen
0596a47aae Grant dumpstate access to update engine prefs 
aosp/2215361 added the collection of update_engine preferences by
dumpstate. Add the corresponding policy. The /data/misc/update_engine
directory only contains the prefs/ subdirectory (see
DaemonStateAndroid::Initialize in update_engine).

Bug: 255917707
Test: m selinux_policy
Change-Id: I8c80f319d97f22f29158dd67352c3429d3222a35
 2022-10-28 14:36:31 +11:00
Treehugger Robot
d393b8f128 Merge "Add selinux rules for android.hardware.usb.gadget.IUsbGadget AIDL migration" am: e6a43ec4c9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2268670

Change-Id: I95bed7b2d5e798671959298876ecb2efaf2ecc88
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-10-27 14:42:29 +00:00
Treehugger Robot
e6a43ec4c9 Merge "Add selinux rules for android.hardware.usb.gadget.IUsbGadget AIDL migration" 2022-10-27 14:03:48 +00:00
Ricky Niu
fc1463c164 Add selinux rules for android.hardware.usb.gadget.IUsbGadget AIDL migration 
Covers the rules needed for the default AIDL implementation.

10-26 10:22:42.408   448   448 I auditd  : type=1400 audit(0.0:95): avc: denied { read } for comm="android.hardwar" name="interrupts" dev="proc" ino=4026531995 scontext=u:r:hal_usb_gadget_default:s0 tcontext=u:object_r:proc_interrupts:s0 tclass=file permissive=0

Bug: 218791946
Test: reboot and check if AIDL service is running.

Signed-off-by: Ricky Niu <rickyniu@google.com>
Change-Id: I8bdab3a682398f3c7e825a8894f45af2a9b6c199
 2022-10-27 15:42:56 +08:00
Thiébaud Weksteen
0a89b9be7a Merge "Ignore access to /proc/zoneinfo for apps" am: 685cc43e62 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2270686

Change-Id: I80efb33035607d2e117f5cf977b28c125800e58a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-10-26 23:29:21 +00:00
Thiébaud Weksteen
685cc43e62 Merge "Ignore access to /proc/zoneinfo for apps" 2022-10-26 22:52:22 +00:00
Alan Stokes
8ebcd0f6b7 Fix VS denials on fifo_file am: c69ad27186 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2269869

Change-Id: I8dac75ead2bd4a0b423282a2a410aabfad2370b7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-10-26 12:41:51 +00:00
Alan Stokes
c69ad27186 Fix VS denials on fifo_file 
While running the MicrodroidTests I noticed denials like these:
 avc: denied { getattr } for comm="virtualizations" path="pipe:[86794]"
 dev="pipefs" ino=86794 scontext=u:r:virtualizationservice:s0
 tcontext=u:r:untrusted_app:s0:c122,c256,c512,c768 tclass=fifo_file
 permissive=0

These are harmless, so we could dontaudit them, but it is also fine
to simply allow getattr.

Test: atest MicrodroidTests, no denials seen
Change-Id: I53a2967eb6e396979a86715b3d5a7681f48dcb63
 2022-10-26 11:26:58 +01:00
Alan Stokes
960e186823 Don't allow payload to connect to host 
The payload can listen for inbound connections from the host (routed
via Virtualization Service), but should not be connecting out to the
host - by doing so a VM could connect to an unrelated host process.

(authfs still connects outbound, but has its own domain.)

Bug: 243647186
Test: atest MicrodroidTests ComposHostTestCases
Change-Id: I16d225975d6bcbe647c5fbff21b10465eacd9cb6
 2022-10-26 11:23:07 +01:00
Thiébaud Weksteen
d601699002 Ignore access to /proc/zoneinfo for apps 
Similarly to /proc/vmstat, apps are not allowed to access this file.
Ignore the audit message, as this is the most reported denial in our
droidfood population.

Test: m selinux_policy
Change-Id: I88ed1aa1bfad33b462d971e739ca65791cb0227b
 2022-10-26 19:44:27 +11:00
Treehugger Robot
27a49f2a2a Merge "Add odm_service_contexts module" am: b65de6ed0a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2267643

Change-Id: Ibdc2c12e125778f36dfe570ca3a52e6aba175e3d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-10-26 03:11:46 +00:00
Treehugger Robot
b65de6ed0a Merge "Add odm_service_contexts module" 2022-10-26 02:46:45 +00:00
Rajesh Nyamagoud
f9fed0102e Adding trusty-confirmationui service fuzzer binding. 
Bug: b/205760172
Test: m
Change-Id: I448fcaf2c9440689312e273c608b44f415ccf1f4
 2022-10-25 17:11:05 +00:00
Gabriel Biren
ae4b3b939f Merge "Add SeLinux policy for WiFi Vendor HAL AIDL service." am: b7e21bcfe7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2154515

Change-Id: Ib101c7348a93c6b4c2be9f344d0a7d59cd964ab8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-10-25 17:07:57 +00:00
Henry Fang
8c7a122464 Merge "Allow CAS AIDL sample HAL" am: 0c3f615602 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2223584

Change-Id: Id1be26b10dbee96ac46b82e620a02d6267027e91
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-10-25 17:07:16 +00:00
Gabriel Biren
b7e21bcfe7 Merge "Add SeLinux policy for WiFi Vendor HAL AIDL service." 2022-10-25 17:03:10 +00:00
Henry Fang
0c3f615602 Merge "Allow CAS AIDL sample HAL" 2022-10-25 16:38:20 +00:00
Jiakai Zhang
0696bd8c95 Merge "Update SELinux policy to allow artd to perform secondary dex compilation" am: 1b89f6370a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2265158

Change-Id: Ia22fa260c8ef8f2e8a7f47fdb3857ef756790d8a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-10-25 13:41:35 +00:00
Jiakai Zhang
1b89f6370a Merge "Update SELinux policy to allow artd to perform secondary dex compilation" 2022-10-25 13:12:16 +00:00
Treehugger Robot
0a67513a63 Merge "Allow priv apps to use virtualizationservice" am: 6a80e5c6fd 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2267863

Change-Id: I684e9fda234e2699d8b5f6086b52beb729b5a7a8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-10-25 10:00:02 +00:00
Treehugger Robot
6a80e5c6fd Merge "Allow priv apps to use virtualizationservice" 2022-10-25 09:04:08 +00:00