Add the compos_key_helper domain for the process which has access to
the signing key, make sure it can't be crashdumped. Also extend that
protection to diced & its HAL.
Rename compos_verify_key to compos_verify, because it doesn't verify
keys any more.
Move exec types used by Microdroid to file.te in the host rather than
their own dedicated files.
Bug: 218494522
Test: atest CompOsSigningHostTest CompOsDenialHostTest
Change-Id: I942667355d8ce29b3a9eb093e0b9c4f6ee0df6c1
clatd binary is starting to be shipped by apex since T+ release
and the shipped clatd is belong to u:object_r:clatd_exec:s0.
Test: manual test
1. Connect to ipv6-only wifi.
2. Make IPv4 traffic.
$ ping 8.8.8.8
Change-Id: I4f6f0944e94e165983a19a5d3c3a117274f6bbac
For now, contexts modules have been using se_filegroup modules, which
makes the build system logic unnecessarily complex. This change
refactors it to se_build_files modules and normal `android:"path"`
logic.
Test: build and boot
Change-Id: I52e557e2dc8300186869a97fddfd3a74183473f7
composd spawns odrefresh in its usual domain. odrefresh then spawns
fd_server in a different domain, and makes binder calls back to
composd to perform individual compilation steps.
fd_server is fairly generic, and part of the virt APEX, but this
instance is specific to composd (e.g. it has access to ART files), so
I named the domain composd_fd_server.
Bug: 186126194
Test: Run composd_cmd, artifacts generated
Change-Id: I5a431dd00b5b396a67021c618fc6edcfb25aa21b
The pre/post-install hook functionality has been deprecated and removed.
Bug: 172606645
Test: atest ApexTestCases
Test: atest CtsStagedInstallHostTestCases
Change-Id: I8a5f726a0c8f005654d0430b5a4598e416ff9c28
Add what we need to allow composd to run and expose an AIDL service.
Also delete the policy for compsvc; we never access it in the host
now, and the real policy is in microdroid. Retain the compos_exec
type, since it is referenced in the APEX sepolicy.
Bug: 186126194
Test: adb shell cmd -w android.system.composd; no denials.
Change-Id: I5f06b2b01852cdebd2d67009b363ec08b17ce33a
Remove some allow rules for odsign, since it no longer directly
modifies CompOs files. Instead allow it to run compos_verify_key in
its own domain.
Grant compos_verify_key what it needs to access the CompOs files and
start up the VM.
Currently we directly connect to the CompOs VM; that will change once
some in-flight CLs have landed.
As part of this I moved the virtualizationservice_use macro to
te_macros so I can use it here. I also expanded it to include
additional grants needed by any VM client that were previously done
for individual domains (and then deleted those rules as now
redundant).
I also removed the grant of VM access to all apps; instead we allow it
for untrusted apps, on userdebug or eng builds only. (Temporarily at
least.)
Bug: 193603140
Test: Manual - odsign successfully runs the VM at boot when needed.
Change-Id: I62f9ad8c7ea2fb9ef2d468331e26822d08e3c828
It's a test tool which is generally run as root, and will be deleted
eventually. It doesn't need its own label; system_file works fine.
We never actually allowed it anything, nor defined a transition into
the domain.
Bug: 194474784
Test: Device boots, no denials
Test: compos_key_cmd run from root works
Change-Id: If118798086dae2faadeda658bc02b6eb6e6bf606
This is to unblock the apex setup.
There is only a system_file in the context, but we might need more
specific ones later.
Bug: 186126404
Test: m
Change-Id: Icf713c9bb92e7f7402c0b45bd0f1b06e9cb35d2b
Address any denials in the log - currently just adding
the virtualization service.
Bug: 183583115
Test: ps -AZ | grep virtmanager
u: r:virtmanager:s0 virtmanager 2453 1 10930880 4544 0 0 S virtmanager
Change-Id: Ie034dcc3b1dbee610c591220358065b8508d81cf
Revert submission 1602413-derive_classpath
Bug: 180105615
Fix: 183079517
Reason for revert: SELinux failure leading to *CLASSPATH variables not being set in all builds
Reverted Changes:
I6e3c64e7a:Introduce derive_classpath service.
I60c539a8f:Exec_start derive_classpath on post-fs-data.
I4150de69f:Introduce derive_classpath.
Change-Id: I17e2cd062d8fddc40250d00f02e40237ad62bd6a
The service generates /data/system/environ/classpath with values for
BOOTCLASSPATH, SYSTEMSERVERCLASSPATH, and DEX2OATCLASSPATH to be
exported by init.
See go/updatable-classpath for more details.
Bug: 180105615
Test: manual
Change-Id: I4150de69f7d39f685a202eb4f86c27b661f808dc
odrefresh is the process responsible for checking and creating ART
compilation artifacts that live in the ART APEX data
directory (/data/misc/apexdata/com.android.art).
There are two types of change here:
1) enabling odrefresh to run dex2oat and write updated boot class path
and system server AOT artifacts into the ART APEX data directory.
2) enabling the zygote and assorted diagnostic tools to use the
updated AOT artifacts.
odrefresh uses two file contexts: apex_art_data_file and
apex_art_staging_data_file. When odrefresh invokes dex2oat, the
generated files have the apex_art_staging_data_file label (which allows
writing). odrefresh then moves these files from the staging area to
their installation area and gives them the apex_art_data_file label.
Bug: 160683548
Test: adb root && adb shell /apex/com.android.art/bin/odrefresh
Change-Id: I9fa290e0c9c1b7b82be4dacb9f2f8cb8c11e4895
com.android.virt is an APEX for virtual machine monitors like crosvm.
The APEX currently empty and isn't updatable.
Bug: 174633082
Test: m com.android.virt
Change-Id: I8acc8e147aadb1701dc65f6950b61701131f89d2
Add additional sepolicy so linkerconfig in Runtime APEX can be executed
from init.
Bug: 165769179
Test: Cuttlefish boot succeeded
Change-Id: Ic08157ce4c6a084db29f427cf9f5ad2cb12e50dd
The new geotz module has files that need to be readable by the system
process.
Bug: 172546738
Test: build / boot
Change-Id: I4b9867fa1f738b0fabdf5b72e9e73282f1bd9cbc
Earlier changes removed the scripts for ART APEX pre- and post-install
hooks (I39de908ebe52f06f19781dc024ede619802a3196) and the associated
boot integrity checks (I61b8f4b09a8f6695975ea1267e5f5c88f64a371f), but
did not cleanup the SELinux policy.
Bug: 7456955
Test: Successful build and boot
Test: adb install com.android.art.debug && adb reboot
Change-Id: I1580dbc1c083438bc251a09994c28107570c48c5
Adds proper file_contexts and domains for pre/postinstall hooks.
Allow the pre/postinstall hooks to communicate with update_engine stable
service.
Bug: 161563386
Test: apply a GKI update
Change-Id: I4437aab8e87ccbe55858150b95f67ec6e445ac1f
The change was reverted due to a cause unrelated to sepolicy change.
It was submitted in https://r.android.com/1283724.
Now, submit this independent of the topic.
Bug: 138994281
Test: device boots
Change-Id: I9943abb814a8043f66545e7db5225adbd62d19d2
Revert "Make com_android_i18n namespace visible"
Revert submission 1299494-i18nApex
Reason for revert: Breaking aosp_x86-eng on aosp-master
Reverted Changes:
I30fc3735b:Move ICU from ART APEX to i18n APEX
Icb7e98b5c:Calling @IntraCoreApi from core-icu4j should not c...
Ic7de63fe3:Move core-icu4j into I18n APEX
I65b97bdba:Make com_android_i18n namespace visible
Ia4c83bc15:Move v8 and libpac into i18n APEX
I10e6d4948:Move core-icu4j into i18n APEX
I8d989cad7:Move ICU from ART APEX into i18n APEX
I72216ca12:Move ICU into i18n APEX
Ief9dace85:Add shared library into i18n APEX and add the requ...
I7d97a10ba:Move libpac into i18n APEX
I90fff9c55:Move ICU from ART APEX into i18n APEX
Change-Id: I863878038af1290611b441f7f9190494cf0851b8
Add a filegroup for extservices so that it can be shared between the main
extservices apex and the one used for testing.
Bug: 138589409
Test: Manually
Change-Id: I2cca8a583b2aa72c8c29a32dd839fe599300b40f
It follows examples of other APEX to make file_contexts of cronet
module as "android:path" property
Bug: 146416755
Test: atest cronet_e2e_tests
Test: atest CronetApiTest
Change-Id: I0608eb4bb43cee50f49217f19fb53f297fbf5ead
Merged-In: I0608eb4bb43cee50f49217f19fb53f297fbf5ead