Commit graph

702 commits

Author SHA1 Message Date
Ricky Wai
2c2d73b5d8 Update sepolicy api 31 ART profile ref dir change am: 70b98482e5
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/15011710

Change-Id: I6a25f590043db0e3de57afe981edfd3ef63fa040
2021-06-22 16:39:43 +00:00
Ricky Wai
70b98482e5 Update sepolicy api 31 ART profile ref dir change
Align the chagnes in aosp/1729396

Bug: 189787375
Test: AppDataIsolationTests
Ignore-AOSP-First: aosp won't auto merge to sc-dev

Change-Id: Ibf915e23e7db9c333e87cad75604d8251404092e
2021-06-22 16:22:31 +00:00
Nicolas Geoffray
f899839000 Merge "Allow dexoptanalyzer to read /apex/apex-info-list.xml" into sc-dev am: b17a5ae970
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/15027828

Change-Id: I7f275c8af0901a02996c313072dc8cac13cafef2
2021-06-22 10:46:59 +00:00
Nicolas Geoffray
b17a5ae970 Merge "Allow dexoptanalyzer to read /apex/apex-info-list.xml" into sc-dev 2021-06-22 10:37:57 +00:00
Diego Wilson
11d810a7fb Add camera2 extension property policies
These properties allow to vendors to provide their
own camera2 extensions service. The properties
must be accesible to any android app that wishes
to use camera2 extensions.

Bug: 183533362
Change-Id: I94c7ac336b3103355124830320787472f0d2a8b6
Merged-In: I94c7ac336b3103355124830320787472f0d2a8b6
2021-06-21 22:34:29 +00:00
Nicolas Geoffray
112b58852f Allow dexoptanalyzer to read /apex/apex-info-list.xml
This is needed to know the state of a .oat file.

Test: m
Bug: 190817237
Change-Id: Ie33ce7930689fea84e3240c2e0509c00464e6385
2021-06-21 20:33:52 +01:00
Xin Li
003ffe2340 Merge "DO NOT MERGE - Merge RQ3A.210605.005" 2021-06-21 05:49:07 +00:00
TreeHugger Robot
de25e307c4 Merge "Allow shell to read /vendor/apex/*" into sc-dev 2021-06-19 01:28:52 +00:00
Nikita Ioffe
c96305f62b Allow apexd to call f2fs-compression related ioctls on staging_data_file
apexd needs to call the following two ioctls:

* FS_COMPR_FL - to check if fs supports compression.
* F2FS_IOC_RELEASE_COMPRESS_BLOCKS - to release compressed blocks.

Bug: 188859167
Test: m
Change-Id: Ia105d3dbcd64286cc33d1e996b2d2b85c09eae7a
Merged-In: Ia105d3dbcd64286cc33d1e996b2d2b85c09eae7a
(cherry picked from commit a12ba8a439)
2021-06-18 21:54:39 +01:00
Nikita Ioffe
349ba44490 Merge "Allow apexd to call f2fs-compression related ioctls on staging_data_file" into sc-dev am: ed10b9c977
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/14881547

Change-Id: I4b92fd133661b7bbf5662c8230133e4b6de19dfd
2021-06-18 20:18:00 +00:00
Nikita Ioffe
ed10b9c977 Merge "Allow apexd to call f2fs-compression related ioctls on staging_data_file" into sc-dev 2021-06-18 19:51:43 +00:00
Kelvin Zhang
2e7abeb570 Reland: Add ro.vendor.build.dont_use_vabc to property_contexts
Bug: 185400304
Test: mm

Change-Id: Iae58ef223073f7d4c3135f7387fc28d813291be6
Merged-In: I7d06d0c1d137471a0d7b78678a372b29158f1be7
(cherry picked from commit 407b21b3cd)
2021-06-18 12:15:43 -04:00
Treehugger Robot
b8c77e90c2 Merge changes from topic "31.0_compat_mapping" am: 111c57970f am: a3d254164c
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1736247

Change-Id: Ief404fece0f81b2b838bb069fc2eb61f6ff47a16
2021-06-18 11:41:46 +00:00
Treehugger Robot
a3d254164c Merge changes from topic "31.0_compat_mapping" am: 111c57970f
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1736247

Change-Id: I59edf3d07b3a12dd3c56b8e64ed86e25e2aa357a
2021-06-18 11:25:30 +00:00
Inseob Kim
5d82981173 Add fake 31.0 prebuilt am: 08d4c8fa6e
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1736246

Change-Id: I563089471424c37a63da2326349e21c8681bde41
2021-06-18 11:25:03 +00:00
Aaron Huang
e8c46a8ef1 Merge "Add app_api_service to pac_proxy_service" into sc-dev am: 0e2a32ee42
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/15005616

Change-Id: Ia790834ae1c7ede49aaf91a33f04e6155625e628
2021-06-18 06:56:24 +00:00
Aaron Huang
0e2a32ee42 Merge "Add app_api_service to pac_proxy_service" into sc-dev 2021-06-18 06:47:00 +00:00
Ray Chi
a2b5c91863 Merge "Add sys.usb.mtp.batchcancel to usb_config_prop" into sc-dev 2021-06-18 06:03:59 +00:00
Aaron Huang
aec8574ecf Add app_api_service to pac_proxy_service
Add app_api_service to pac_proxy_service so that
it can be reach by Cts tests.

Ignore-AOSP-First: this is cherry-pick and add a change in
    prebuilts/api/31.0 which is a path doesn't exist in AOSP
Bug: 181745786
Test: build, CtsNetTestCases:PacProxyManagetTest
Change-Id: I9bf4ff810635aa5b3cbf984b77b547aa96cdd543
2021-06-17 16:31:59 +08:00
Ray Chi
087c63461a Add sys.usb.mtp.batchcancel to usb_config_prop
Add sys.usb.mtp.batchcancel to usb_config_prop to allow
mediaprovider to read this property.

Bug: 181729410
Test: boot the device, and confirm the property could be read
Change-Id: I2964efde0cc831bb7e91fcafb7b35e57438ef306
Merged-In: I44b2d9c36bfa439cdbf8b8a874ead424381e3e50
(cherry picked from commit 07bb5d076a)
2021-06-17 06:47:03 +00:00
Adam Shih
6039a6c782 Merge "make system_app_data_file shareable over binder" into sc-dev 2021-06-17 00:34:23 +00:00
Nikita Ioffe
a12ba8a439 Allow apexd to call f2fs-compression related ioctls on staging_data_file
apexd needs to call the following two ioctls:

* FS_COMPR_FL - to check if fs supports compression.
* F2FS_IOC_RELEASE_COMPRESS_BLOCKS - to release compressed blocks.

Bug: 188859167
Test: m
Change-Id: Ia105d3dbcd64286cc33d1e996b2d2b85c09eae7a
2021-06-16 19:59:24 +01:00
Suren Baghdasaryan
88b6d77592 sepolicy: Allow lmkd to access bpf map to read GPU allocation statistics
Lmkd needs read access to /sys/fs/bpf/map_gpu_mem_gpu_mem_total_map BPF
map to obtain information on GPU memory allocations.

Bug: 189366037
Test: lmkd_unit_test
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I59ded4bc5ec97861e50b4fd1fdd6efb23990b79c
Merged-In: I59ded4bc5ec97861e50b4fd1fdd6efb23990b79c
2021-06-16 15:53:56 +00:00
Jiyong Park
023c5c37ea Allow shell to read /vendor/apex/*
It is used for future xTS tests to read the raw files.

Bug: 190858091
Test: m
Merged-In: If1c7fd92772ff84d92a95fbee74f6c1f8d1cd365
Change-Id: If1c7fd92772ff84d92a95fbee74f6c1f8d1cd365
(cherry picked from commit abdc9739fc)
2021-06-16 15:04:17 +09:00
Adam Shih
5603d9e8d1 make system_app_data_file shareable over binder
Apps should be able to share their private files over binder,
including system_app.

Bug: 188869889
Test: go to setting ==> system ==> multi-users ==> tap icon to change
profile photo with camera

Change-Id: I3dc732f727b9b697c9a73f6089392690109ae035
Merged-In: I3dc732f727b9b697c9a73f6089392690109ae035
2021-06-16 14:00:50 +08:00
Hasini Gunasinghe
61d07e7ce0 Add keystore permission for metrics re-routing.
Keystore2 atoms need to be rounted to statsd via a proxy.
The proxy needs to have this permission in order to pull metrics from
keystore.

Ignore-AOSP-First: No mergepath to AOSP.
Bug: 188590587
Test: Statsd Testdrive script
Change-Id: Ic94f4bb19a08b6300cfd2d3ed09b31d5b7081bfd
2021-06-15 22:19:39 +00:00
Hongguang
51c1aabf6c Allow priv_app to run the renderscript compiler. am: 737b098a71 am: afa541d30f
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/14982001

Change-Id: Ic66c1641ff17d6b9c9f90659ecdf88fc88732754
2021-06-15 21:35:38 +00:00
Hongguang
afa541d30f Allow priv_app to run the renderscript compiler. am: 737b098a71
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1732952

Bug: 157478854
Test: Manual
Change-Id: I926aa35dcae148ab38629077a9725a6e9263a4be
(cherry picked from commit b264eae769)
2021-06-15 19:15:27 +00:00
Ioannis Ilkos
02fcaf2c02 Allow system_server to read /proc/vmstat
/proc/vmstat oom_kill counts the number of times __oom_kill_process
was actioned
(https://lore.kernel.org/lkml/149570810989.203600.9492483715840752937.stgit@buzz/)

We want to record this in the context of system_server for tracking
purposes.

Bug: 154233512
Change-Id: I27bcbcd5d839e59a1dca0e87e2f4ae107201654c
Merged-In: I27bcbcd5d839e59a1dca0e87e2f4ae107201654c
Test: build, verify vmstat can be read
2021-06-15 14:50:07 +01:00
Inseob Kim
4f20ff73ee Add 31.0 mapping files
Steps taken to produce the mapping files:

1. Add prebuilts/api/31.0/plat_pub_versioned.cil from the
/vendor/etc/selinux/plat_pub_versioned.cil file built on sc-dev with
lunch target aosp_arm64-eng. Add prebuilts/api/31.0/vendor_sepolicy.cil
as an empty file.

2. Add new file private/compat/31.0/31.0.cil by doing the following:
- copy /system/etc/selinux/mapping/31.0.cil from sc-dev aosp_arm64-eng
device to private/compat/31.0/31.0.cil
- remove all attribute declaration statement (typeattribute ...) and
sort lines alphabetically
- some selinux types were added/renamed/deleted w.r.t 31 sepolicy.
Find all such types using treble_sepolicy_tests_31.0 test.
- for all these types figure out where to map them by looking at
30.0.[ignore.]cil files and add approprite entries to 31.0.[ignore.]cil.

This change also enables treble_sepolicy_tests_31.0 and installs
31.0.cil mapping file onto the device.

Bug: 189161483
Test: m treble_sepolicy_tests_31.0
Test: m 31.0_compat_test
Test: m selinux_policy
Change-Id: I6264b9cf77b80543dfea93157b45b864157e2b14
2021-06-15 12:08:22 +00:00
Inseob Kim
08d4c8fa6e Add fake 31.0 prebuilt
This commit adds fake 31.0 prebuilt. The prebuilt is based on AOSP
policy, but slightly modified so the set of types and attributes is a
subset of real 31.0 prebuilt (sc-dev policy).

Steps taken to make the fake prebuilt:

1) build plat_sepolicy.cil both on AOSP and sc-dev, with lunch target
aosp_arm64-eng.
2) diff both outputs to find out which types and attributes don't exist.
3) remove all relevant files and statements.

As a result, the following types are removed.

artd
artd_exec
artd_service
power_stats_service
transformer_service
virtualizationservice
virtualizationservice_data_file
virtualizationservice_exec

Bug: 189161483
Test: N/A, will do after adding 31.0 mapping files.
Change-Id: Ia957fc32b1838dae730d9dd7bd917d684d4a24cf
Merged-In: Ia4ea2999f4bc8ae80f13e51d99fba3e98e293447
2021-06-15 12:08:00 +00:00
Jeff Sharkey
c784fc7ef9 platform/system/sepolicy - SEPolicy Prebuilts for S
Bug: 171506470
Test: Build
Change-Id: Ia4ea2999f4bc8ae80f13e51d99fba3e98e293447
2021-06-14 12:55:31 -06:00
Tej Singh
93c52f14b5 Update S sepolicy prebuilt for apex-info-list
Add shell permission to read apex-info-list.xml to S prebuilt

Ignore-AOSP-First:prebuilt for S
Test: TH
Bug: 186767843
Change-Id: I2bb14d4bce661f1b4daf1c486004271837f0d3c2
2021-06-09 09:38:21 +00:00
Jeff Vander Stoep
16b7d5d829 system_app: remove adb data loader permissions
Per schfan@ these are no longer needed.

Test: build
Bug: 188554048
Change-Id: Idda1d9775fdd38cbd53c3652b567ddfc5beca0a6
(cherry picked from commit 07aee66679)
Ignore-AOSP-First: It was submitted in aosp first.
2021-06-08 18:48:36 +00:00
Jeff Sharkey
6a5fd26e7a platform/system/sepolicy - SEPolicy Prebuilts for S
Bug: 171506470
Test: Build
Change-Id: I8bf6c8833ecc65ca241fb9bc8be1b7b919825414
2021-06-01 06:49:23 -06:00
Martin Liu
03ebaec971 Add lmkd. ro.lmk.thrashing_limit_critical property policies
Add policies to control ro.lmk.thrashing_limit_critical lmkd property.

Bug: 181778155
Signed-off-by: Martin Liu <liumartin@google.com>
Merged-In: I25eeb84e6e073510e2f516fd38b80c67afe26917
Change-Id: I25eeb84e6e073510e2f516fd38b80c67afe26917
2021-04-07 14:09:44 +08:00
Elliott Hughes
a9bbfd600d Allow priv_app system_linker_exec:file execute_no_trans am: 970a8fcd2b
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/14066480

Change-Id: I96dfd23c1581fda7a59d331929a46a62b16fd6b5
2021-04-06 16:49:18 +00:00
Elliott Hughes
970a8fcd2b Allow priv_app system_linker_exec:file execute_no_trans
Chrome Crashpad uses the the dynamic linker to load native executables
from an APK (b/112050209, crbug.com/928422)

We made the equivalent change to untrusted_app_all in
9ea8c0701d but webview also runs in
priv_app contexts.

(Cherry-pick of 25cb9046ef, with manual
update to the prebuilts.)

Bug: http://b/112050209
Test: treehugger
Change-Id: I19bbadc7f9c9e668e2c6d932c7da24f18e7731bd
2021-04-06 15:57:58 +00:00
Josh Gao
e12aec6388 Let adbd set service.adb.tcp.port.
Commit 67c36884 changed the label of service.adb.tcp.port to allow
vendor init to set it, but accidentally prevented adbd from setting it,
which broke `adb tcpip`.

Bug: 171280882
Bug: 183177056
Test: `adb tcpip`
Change-Id: Ifeeda5c4f06451158fc7e43ca23f580092008fe7
Merged-In: Ifeeda5c4f06451158fc7e43ca23f580092008fe7
Merged-In: I154e2f43a4d3b72b27508ce02d66298673939738
(cherry picked from commit 0cac6fd17a)
(cherry picked from commit f08778d513b69bd9966d04dd1c874b1bede93289)
2021-03-24 21:03:17 +08:00
Hongguang Chen
04fb7a6d67 Allow vendor_init to set service.adb.tcp.port
adbd and apps (SystemUI and CTS test apps) need to read it.

BUG: 162205386
BUG: 183177056
Test: Connect to device which sets service.adb.tcp.port in vendor
      partition through TCP adb.

Change-Id: Ia37dd0dd3239381feb2a4484179a0c7847166b29
Merged-In: Ia37dd0dd3239381feb2a4484179a0c7847166b29
(cherry picked from commit 67c3688497)
(cherry picked from commit 9271a3ee8aa4174a78c681e79883627bce918b4a)
2021-03-24 19:15:06 +08:00
Karthik Ramakrishnan
e9b2199b15 Fix sepolicy to netd.
Allow netd to get adb port from property service.adb.tcp.port

Bug: b/161861298
Bug: b/183177056
Test: atest android.net.cts.Ikev2VpnTest#testStartStopVpnProfileV4

Change-Id: I05ce21683b01cf05a16b9fb30030cf4fc879fb20
Merged-In: I05ce21683b01cf05a16b9fb30030cf4fc879fb20
(cherry picked from commit d3e8f6fc84)
(cherry picked from commit 540474bbe4525cb8d44c8e47548f42b5a5daa613)
2021-03-24 19:04:33 +08:00
Marco Ballesio
99a51b23b1 sepolicy: allow system_server to read /proc/locks
Access to /proc/locks is necessary to activity manager to determine
wheter a process holds a lock or not prior freezing it.

Test: verified access of /proc/locks while testing other CLs in the same
topic.
Bug: 176928302

Change-Id: I14a65da126ff26c6528edae137d3ee85d3611509
Merged-In: I14a65da126ff26c6528edae137d3ee85d3611509
2021-01-21 00:10:56 +00:00
Yurii Zubrytskyi
80dfa06984 IncFS: update SE policies for the new API
IncFS in S adds a bunch of new ioctls, and requires the users
to read its features in sysfs directory. This change adds
all the features, maps them into the processes that need to
call into them, and allows any incfs user to query the features

Bug: 170231230
Test: incremental unit tests
Change-Id: Ieea6dca38ae9829230bc17d0c73f50c93c407d35
2021-01-19 12:57:15 -08:00
Shafik Nassar
ffea11d09b Allow MediaProvider to binder call into statsd
Adds sepolicy rules to allow MediaProvider to make binder calls into
statsd. That's to allow MediaProvider to register a StatsCallbackPuller
for metrics.

Bug: 149669087

Merged-In: I9a13fc04c12557a0435724cfae04f752f856a06e

Change-Id: Ifcf06b58596c3e8a8738f758506d003ca3878437
(cherry picked from commit 736566db66)
2021-01-13 12:11:51 +00:00
Treehugger Robot
66ed360b5e Merge "Update 30.0 prebuilts to latest rvc-dev policy" am: 34d974838e
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1521437

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I49504f4d757ff4449cf7940f743687d2b2a86e84
2020-12-09 16:45:03 +00:00
Inseob Kim
3b8b4251b7 Update 30.0 prebuilts to latest rvc-dev policy
For whatever reason, system/sepolicy/prebuilts/api/30.0 and rvc-dev's
system/sepolicy differ a little. This makes 30.0 prebuilts up-to-date
and also updates plat_pub_versioned.cil, built from aosp_arm64-eng
target on rvc-dev branch.

Bug: 168159977
Test: m selinux_policy
Change-Id: I03e8a40bf021966c32f0926972cc2a483458ce5b
2020-12-09 20:44:38 +09:00
Xin Li
8d50c1aec5 Merge rvc-qpr-dev-plus-aosp-without-vendor@6881855
Bug: 172690556
Merged-In: Idbcb6bf897fd6aa54b3ba9cafa63f35c9369de3b
Change-Id: Iece36c90c316dab58687e54bb93d6810454d9822
2020-12-02 00:11:27 -08:00
martinwu
c366ba73c6 Fix TH build error because of file.te
Add proc_net rules into prebuilts/api/30.0/public/file.te to fix build
errors

After applying AOSP/1468206, TH complains a build error:
Files system/sepolicy/prebuilts/api/30.0/public/file.te and
system/sepolicy/public/file.te differ

Bug: 145579144
Bug: 170265025
Test: build pass and reboot to check avc message in bugreport
Change-Id: I2085366b345c044e1b69f726809100fa43336c34
2020-10-26 11:09:23 +08:00
Primiano Tucci
5d026b3152 Keep AOSP sepolicy up to date with internal master
This re-alignes aosp and internal master to avoid
conflicts when uploading CLs upstream.

Bug: 170126760
Change-Id: I9c087e70998cd529b71dec7428641c4bfef10d31
2020-10-13 18:52:25 +00:00
Adam Shih
e712c3db12 Suppress errors that are not needed
The purpose of misc_writer is to write misc partition. However,
when it includes libfstab, it will probe files like kernal command
line (proc/cmdline) and metadata, which are permissions it does not
need.

Bug: 170189742
Test: Boot under permissive mode and find the errors gone.
Change-Id: Icda3200660a3bee5cadb6f5e0026fa71941ae5dc
2020-10-07 08:52:51 +00:00
Marco Ballesio
63322ae7e6 sepolicy: allow system server for BINDER_GET_FROZEN_INFO
the new ioctl allows system server to verfiry the state of a frozen
binder inderface before unfreezing a process.

Bug: 143717177
Test: verified ActivityManager could access the ioctl
Change-Id: Id9d90d072ce997ed20faa918ec68f1110e2bac8f
Merged-In: Id9d90d072ce997ed20faa918ec68f1110e2bac8f
2020-09-11 15:35:06 -07:00
Marco Ballesio
6ee8dcd172 Merge "sepolicy: restrict BINDER_FREEZE to system_server" into rvc-qpr-dev 2020-09-09 18:48:58 +00:00
Alex Hong
a59853f652 Merge "Add the missing labels for dalvik properties" into rvc-qpr-dev 2020-09-07 03:14:39 +00:00
Marco Ballesio
b88423d591 sepolicy: restrict BINDER_FREEZE to system_server
BINDER_FREEZE is used to block ipc transactions to frozen processes, so
only system_server must be allowed to use it.

Bug: 143717177
Test: manually verified that attempts to use BINDER_FREEZE by processes other
than system_server receive a sepolicy denial
Test: verified that system_server can enable/disable the freezer in
binder

Change-Id: I0fae3585c6ec409809e8085c1cc9862be4755889
Merged-In: I0fae3585c6ec409809e8085c1cc9862be4755889
2020-09-03 14:00:37 -07:00
Calin Juravle
623f3f5cef Fix sepolicy for secondary dex files
dexoptanalyzer need read access on the secondary
dex files and of the main apk files in order to successfully evaluate
and optimize them.

Example of denial:
audit(0.0:30): avc: denied { read } for
path="/data/app/~~Zux_isdY0NBkRWPp01oAVg==/com.example.secondaryrepro-wH9zezMSCzIjcKdIMtrw7A==/base.apk"
dev="vdc" ino=40966 scontext=u:r:dexoptanalyzer:s0
tcontext=u:object_r:apk_data_file:s0 tclass=file permissive=0
app=com.example.secondaryrepro

Test: adb shell cmd package compile -r bg-dexopt --secondary-dex app
Bug: 160471235
Bug: 160351055
Merged-In: Id0bda5237d3ce1620d4f6ee89595836b4e1f3abf
Change-Id: Id0bda5237d3ce1620d4f6ee89595836b4e1f3abf
(cherry picked from commit 0bee120900)
2020-09-03 17:55:59 +00:00
Xin Li
11da9e6792 Merge Android R (rvc-dev-plus-aosp-without-vendor@6692709)
Bug: 166295507
Merged-In: I6d0b1be1a46288fff42c3689dbef2f7443efebcc
Change-Id: I133180d20457b9f805f3da0915e2cf6e48229132
2020-08-29 01:45:24 -07:00
Marco Ballesio
e756e983bb sepolicy: rename cgroup_v2 back to cgroup_bpf
The type name change from cgroup_bpf into cgroup_v2 caused
http://b/166064067. Rename back to cgroup_bpf.

Bug: 166064067
Test: compiled and booted on a sunfish. Manually tested network and app
freezer

Change-Id: Ib39eb104e73d6dca3b1f61b108a3deeea31ff880
Merged-In: Idfb3f6e77b60dad032d1e306d2f9b58cd5775960
2020-08-27 11:24:36 -07:00
Alex Hong
062ea395c3 Add the missing labels for dalvik properties
Conflicts:
        public/property_contexts

Bug: 162791243
Bug: 159833646
Test: Flash SELinux modules and the device can boot to home
      $ adb shell getprop -Z | grep dalvik
      [dalvik.vm.restore-dex2oat-cpu-set]: [u:object_r:exported_dalvik_prop:s0]
      [dalvik.vm.restore-dex2oat-threads]: [u:object_r:exported_dalvik_prop:s0]
Change-Id: Ie73dc57c714a37b778cebc4d41bee27a8e925396
2020-08-27 11:25:56 +08:00
Alex Hong
a33ac30dd3 Add the missing labels for dalvik properties
Bug: 162791243
Bug: 159833646
Test: Flash SELinux modules and the device can boot to home
      $ adb shell getprop -Z | grep dalvik
      [dalvik.vm.restore-dex2oat-cpu-set]: [u:object_r:exported_dalvik_prop:s0]
      [dalvik.vm.restore-dex2oat-threads]: [u:object_r:exported_dalvik_prop:s0]
Change-Id: Ie73dc57c714a37b778cebc4d41bee27a8e925396
Merged-In: Ie73dc57c714a37b778cebc4d41bee27a8e925396
2020-08-27 11:15:52 +08:00
Marco Ballesio
de065facd8 sepolicy: allow system_server to write to cgroup_v2
During boot, system_server will need to write to files under
/sys/fs/cgroup/freezer. Change the cgroup_v2 policy to allow this
operation.

Test: booted device with change, verified that files are properly
accessed.
Bug: 154548692

Change-Id: I2ccc112c8870129cb1b8312023b54268312efcca
Merged-In: I2ccc112c8870129cb1b8312023b54268312efcca
2020-08-26 01:14:35 +00:00
Songchun Fan
b82924d490 Merge "[selinux] allow system_server to call INCFS_IOC_GET_FILLED_BLOCKS ioctl" am: 1d4f2221cd am: 8af2dcd05c am: 1a87c9862a am: 51b516a6f6
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1404978

Change-Id: Icc14c9e72dd276696363795c93405260f4389342
2020-08-20 18:16:24 +00:00
Songchun Fan
1a87c9862a Merge "[selinux] allow system_server to call INCFS_IOC_GET_FILLED_BLOCKS ioctl" am: 1d4f2221cd am: 8af2dcd05c
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1404978

Change-Id: Ibbdff0c532a6c9da88005059e87e75e467cf03f7
2020-08-20 17:41:07 +00:00
Songchun Fan
1d4f2221cd Merge "[selinux] allow system_server to call INCFS_IOC_GET_FILLED_BLOCKS ioctl" 2020-08-20 17:07:40 +00:00
Songchun Fan
4be0afbfb7 [selinux] allow system_server to call INCFS_IOC_GET_FILLED_BLOCKS ioctl
This allows Incremental Service (part of system_server) to query the
filled blocks of files on Incremental File System.

Test: atest service.incremental_test
BUG: 165799231
Change-Id: Id63f8f325d92fef978a1ad75bd6eaa8aa5e9e68b
2020-08-20 16:00:00 +00:00
JaeMan
f1ecf7a9e5 Add ro.vendor.build.version.sdk to property_contexts am: 15f64fc5f8 am: 38e0d2c778 am: a93831de1c
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/12326247

Change-Id: I063a96c8571acc051e3e66e8c6851fa4a186e7e0
2020-08-20 00:45:38 +00:00
JaeMan
a93831de1c Add ro.vendor.build.version.sdk to property_contexts am: 15f64fc5f8 am: 38e0d2c778
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/12326247

Change-Id: I38608caefe05f7b58589d4efe62db49743337905
2020-08-20 00:33:23 +00:00
Marco Ballesio
8f6b03cae7 sepolicy support for cgroup v2
cgroup v2 is going to be used for freezer v2 support. The cgroup v2 hiearchy
will be mounted by init under /sys/fs/cgroup hence proper access rights
are necessary for sysfs. After mounting, the cgroup v2 kernfs will use
the label cgroup_v2 and system_manager will handle the freezer

Bug: 154548692
Test: verified that the freezer works as expected after applying this patch

Change-Id: Idfb3f6e77b60dad032d1e306d2f9b58cd5775960
Merged-In: Idfb3f6e77b60dad032d1e306d2f9b58cd5775960
2020-08-17 12:10:57 -07:00
Yiming Jing
202b3463c0 Merge "Merge "Allow dumpstate to dump auto hal servers" am: 142d16a964 am: ce2c6fd783 am: 828a7bad6e am: a71f8aec29" into rvc-qpr-dev 2020-08-12 23:53:55 +00:00
Martijn Coenen
bdcfad55c8 Merge "Add policy for LOOP_CONFIGURE ioctl." am: cdecd3ca4c am: df9dc40e9b
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1396648

Change-Id: I7f47e60c627b4638fab773eb2f838dc6c3531298
2020-08-12 07:16:40 +00:00
Martijn Coenen
cdecd3ca4c Merge "Add policy for LOOP_CONFIGURE ioctl." 2020-08-12 06:38:37 +00:00
Martijn Coenen
ab83d96028 Merge "Add policy for LOOP_CONFIGURE ioctl." into rvc-qpr-dev am: 112a122b49
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/12286299

Change-Id: I2239bcc920a3590f3da1fc676a65a475eaa1e5c0
2020-08-11 17:17:57 +00:00
Martijn Coenen
47f61db25e Add policy for LOOP_CONFIGURE ioctl.
This is a new ioctl for configuring loop devices, and is used by apexd.

Bug: 148607611
Bug: 161575393
Test: boot on device with/without LOOP_CONFIGURE
Change-Id: I9ef940c7c9f91eb32a01e68b858169c140d15d0f
Merged-In: I9ef940c7c9f91eb32a01e68b858169c140d15d0f
2020-08-11 13:22:09 +00:00
Martijn Coenen
112a122b49 Merge "Add policy for LOOP_CONFIGURE ioctl." into rvc-qpr-dev 2020-08-11 13:07:29 +00:00
Treehugger Robot
8422c45434 Merge "Allow dumpstate to dump auto hal servers" am: 142d16a964 am: ce2c6fd783 am: 828a7bad6e am: a71f8aec29
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1381029

Allow dumpstate to dump auto hal servers

audiocontrol_hal, vehicle_hal and evs_hal were added to dump_util.cpp in
b/148098383. But the coresponding dumpstate.te is not updated to relfect
the changes, causing denials when dumpstate attempts to dump auto hal servers.

This CL updates dumpstate.te to allow dumpstate to access auto hal servers.

Bug: 162537916
Bug: 162771359
Test: sesearch -A -s dumpstate -t hal_audiocontrol_server -p signal sepolicy
Test: sesearch -A -s dumpstate -t hal_vehicle_server -p signal sepolicy
Test: sesearch -A -s dumpstate -t hal_evs_server -p signal sepolicy

Change-Id: I43c27c8dcd55a0e9cb1684e2f765fe70f9e4c2fd
(cherry picked from commit 215cc95c3e)
2020-08-10 23:51:32 +00:00
Hasini Gunasinghe
83e1f14f93 Allow keystore to write to statsd.
Keystore logging is migrated to use statsd. Therefore,
	keystore needs permission to write to statsd.

Test: Treehugger passes.
Bug: 157664923
Change-Id: If15ee3eb2ae7036dbaccd31525feadb8f54c6162
Merged-In: I2fb61fd7e9732191e6991f199d04b5425b637830
2020-08-07 16:35:18 +00:00
JaeMan
15f64fc5f8 Add ro.vendor.build.version.sdk to property_contexts
At b/160209547, it is needed to read
ro.vendor.build.version.sdk prop to determine
whether skipping test or not based on vendor
image's release version. But
ro.vendor.build.version.sdk is not added to
property_contexts and failed to read that prop in
tests. So, added ro.vendor.build.version.sdk to
property_contexts for checking vendor image's
release version in test.

Bug: 160209547
Test: m selinux_policy
Change-Id: I4a7b91029c0ea6bb3c4cf2b12469f392f3a77559
Merged-In: I86bcfa632de61c5805e42aea3a1f232ae4ad080e
(cherry picked from 65cecec142)
2020-08-07 04:41:29 +00:00
Treehugger Robot
215cc95c3e Merge "Allow dumpstate to dump auto hal servers" am: 142d16a964 am: ce2c6fd783 am: 828a7bad6e am: a71f8aec29
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1381029

Change-Id: I43c27c8dcd55a0e9cb1684e2f765fe70f9e4c2fd
2020-08-04 18:46:35 +00:00
Treehugger Robot
828a7bad6e Merge "Allow dumpstate to dump auto hal servers" am: 142d16a964 am: ce2c6fd783
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1381029

Change-Id: I8d028927481af550212ba44623d335039db6c30c
2020-08-04 18:09:51 +00:00
Treehugger Robot
142d16a964 Merge "Allow dumpstate to dump auto hal servers" 2020-08-04 17:28:41 +00:00
Martijn Coenen
6a8d1bee1c Add policy for LOOP_CONFIGURE ioctl.
This is a new ioctl for configuring loop devices, and is used by apexd.

Bug: 148607611
Bug: 161575393
Test: boot on device with/without LOOP_CONFIGURE
Change-Id: I9ef940c7c9f91eb32a01e68b858169c140d15d0f
2020-08-04 12:12:55 +02:00
Alan Stokes
cc147df972 Merge "Constrain getattr for app data directories." into rvc-qpr-dev am: df3b4ea3c9
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/12248443

Change-Id: I0d60f4d0db79cfe1aa25a51585488d09b3bac8f1
2020-08-04 08:21:34 +00:00
Alan Stokes
df3b4ea3c9 Merge "Constrain getattr for app data directories." into rvc-qpr-dev 2020-08-04 07:56:43 +00:00
Jeff Sharkey
5001f53eeb Update language to comply with Android's inclusive language guidance am: a0e7a6da28 am: bf4ffe38ca
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1382607

Change-Id: Ie620bda6a353f992c6901ba4399e403827005826
2020-07-31 21:13:55 +00:00
Jeff Sharkey
a0e7a6da28 Update language to comply with Android's inclusive language guidance
See https://source.android.com/setup/contribute/respectful-code for reference

Bug: 161896447
Change-Id: I0caf39b349c48e44123775d98c52a773b0b504ff
2020-07-31 12:28:11 -06:00
Yiming Jing
2fd322f630 Allow dumpstate to dump auto hal servers
audiocontrol_hal, vehicle_hal and evs_hal were added to dump_util.cpp in
b/148098383. But the coresponding dumpstate.te is not updated to relfect
the changes, causing denials when dumpstate attempts to dump auto hal servers.

This CL updates dumpstate.te to allow dumpstate to access auto hal servers.

Bug: 162537916
Test: sesearch -A -s dumpstate -t hal_audiocontrol_server -p signal sepolicy
Test: sesearch -A -s dumpstate -t hal_vehicle_server -p signal sepolicy
Test: sesearch -A -s dumpstate -t hal_evs_server -p signal sepolicy
Change-Id: If6d6e4d9c547da17817f2668dc4f2a093bddd632
2020-07-31 10:19:22 -07:00
Wei Wang
88b86a77ac Allow init.svc.bugreportd to be vendor readable am: 4d6856836a
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/12238425

Change-Id: Ib7af24331976dfe5ec18af0fa2de2bc2f6307f53
2020-07-29 08:59:30 +00:00
Alan Stokes
9443b2eee0 Constrain getattr for app data directories.
This seems to have been omitted inadvertently.

Bug: 161356067
Test: Verified test app can no longer call stat()

Change-Id: I6bffa9d2932a221823648ab01b58437d5bf6e194
2020-07-28 17:56:08 +01:00
Wei Wang
4d6856836a Allow init.svc.bugreportd to be vendor readable
Export the new bugreport entry which was added in b/111441001, similarly
to previously exported properties.

Bug: 161999587
Bug: 161955028
Bug: 162297751
Test: m selinux_policy
Change-Id: I139567ba028e90d3e07df94f57ccf7d5d5225209
Merged-In: I139567ba028e90d3e07df94f57ccf7d5d5225209
2020-07-28 09:14:07 +00:00
Calin Juravle
0bee120900 Fix sepolicy for secondary dex files
dexoptanalyzer need read access on the secondary
dex files and of the main apk files in order to successfully evaluate
and optimize them.

Example of denial:
audit(0.0:30): avc: denied { read } for
path="/data/app/~~Zux_isdY0NBkRWPp01oAVg==/com.example.secondaryrepro-wH9zezMSCzIjcKdIMtrw7A==/base.apk"
dev="vdc" ino=40966 scontext=u:r:dexoptanalyzer:s0
tcontext=u:object_r:apk_data_file:s0 tclass=file permissive=0
app=com.example.secondaryrepro

Test: adb shell cmd package compile -r bg-dexopt --secondary-dex app
Bug: 160471235
Bug: 160351055
Merged-In: Id0bda5237d3ce1620d4f6ee89595836b4e1f3abf
Change-Id: Id0bda5237d3ce1620d4f6ee89595836b4e1f3abf
2020-07-22 14:10:06 -07:00
Alex Hong
e30b4b613c Merge "[rvc] Define vendor-specific property ro.incremental.enable" into rvc-qpr-dev 2020-07-17 08:48:10 +00:00
Calin Juravle
6b1ac2e7c3 Fix sepolicy for secondary dex files am: de7244cf23 am: 150e00dd75
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1360752

Change-Id: Ib02dd445b7f15f4131323b02794b6a41aa93a625
2020-07-15 19:00:55 +00:00
Calin Juravle
de7244cf23 Fix sepolicy for secondary dex files
dexoptanalyzer need read access on the secondary
dex files and of the main apk files in order to successfully evaluate
and optimize them.

Example of denial:
audit(0.0:30): avc: denied { read } for
path="/data/app/~~Zux_isdY0NBkRWPp01oAVg==/com.example.secondaryrepro-wH9zezMSCzIjcKdIMtrw7A==/base.apk"
dev="vdc" ino=40966 scontext=u:r:dexoptanalyzer:s0
tcontext=u:object_r:apk_data_file:s0 tclass=file permissive=0
app=com.example.secondaryrepro

Test: adb shell cmd package compile -r bg-dexopt --secondary-dex app
Bug: 160471235
Bug: 160351055
Change-Id: Id0bda5237d3ce1620d4f6ee89595836b4e1f3abf
2020-07-15 16:43:40 +00:00
P.Adarsh Reddy
6f5797aa20 Uncrypt: Allow uncrypt to write on ota_package_file. am: 5491d7e26c am: ce380f77bd
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/12133466

Change-Id: I2ea03595c621a09b0924ef2b9d2d48bfde5ef45e
2020-07-13 22:22:09 +00:00
P.Adarsh Reddy
5491d7e26c Uncrypt: Allow uncrypt to write on ota_package_file.
This adds sepolicy rule to allow uncrypt module to write
on OTA zip (for f2fs_pin_file functionality).

Also, add a few dontaudit rules to suppress harmless denials.

Denials:
I uncrypt : type=1400 audit(0.0:177): avc: denied { write } for name="update.zip" dev="dm-10" ino=7727 scontext=u:r:uncrypt:s0 tcontext=u:object_r:ota_package_file:s0 tclass=file permissive=0

I uncrypt : type=1400 audit(0.0:175): avc: denied { search } for name="/" dev="sda9" ino=2 scontext=u:r:uncrypt:s0 tcontext=u:object_r:metadata_file:s0 tclass=dir permissive=0

I uncrypt : type=1400 audit(0.0:176): avc: denied { search } for name="gsi" dev="sda9" ino=19 scontext=u:r:uncrypt:s0 tcontext=u:object_r:gsi_metadata_file:s0 tclass=dir permissive=0

Bug: 158070965
Cherry-Pick-Of: 916bd874d6
Merged-In: I473c5ee218c32b481040ef85caca907a48aadee6
Change-Id: I473c5ee218c32b481040ef85caca907a48aadee6
2020-07-10 19:38:20 -07:00
Tianjie Xu
6ec36ff76d Merge "Allow kernel to write to update_engine_data_file" into rvc-dev am: 6bdafed310 am: 1018882ef5
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/11897443

Change-Id: I2a930697b73498557d4d4dede1e356d3e5716793
2020-07-10 21:17:31 +00:00
Tianjie Xu
f609a8007e Merge "Allow kernel to write to update_engine_data_file" into rvc-dev am: 6bdafed310
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/11897443

Change-Id: I3b0892db1dcce1590d8b5903a964653a4e146d7f
2020-07-10 21:03:23 +00:00
Tianjie Xu
6bdafed310 Merge "Allow kernel to write to update_engine_data_file" into rvc-dev 2020-07-10 20:46:41 +00:00
Treehugger Robot
cee6cecaad Merge "Update prebuilt/seapp_contexts" am: 7b4027a826 am: 2312be1814
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1356843

Change-Id: I75dc920b9e0509c860c20b4fcff7fc5ba87c0358
2020-07-07 20:43:04 +00:00
Treehugger Robot
7b4027a826 Merge "Update prebuilt/seapp_contexts" 2020-07-07 20:09:18 +00:00
Ashwini Oruganti
a9ab9362d4 Update prebuilt/seapp_contexts
The seinfo=platform bit seems to have been missed in a previous update.

Test: builds
Change-Id: I0d8faeb8ca1ed326ab958e5da329288b91719206
2020-07-07 11:48:26 -07:00
Paul Crowley
93aad35cb1 Merge "Uncrypt: Allow uncrypt to write on ota_package_file." am: 42f9a5337a am: a05c24d464
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1344636

Change-Id: Ie99b25fdab079ef68d7e102c0f7592d6cbb28c95
2020-07-07 15:49:50 +00:00
Paul Crowley
42f9a5337a Merge "Uncrypt: Allow uncrypt to write on ota_package_file." 2020-07-07 15:27:29 +00:00
P.Adarsh Reddy
916bd874d6 Uncrypt: Allow uncrypt to write on ota_package_file.
This adds sepolicy rule to allow uncrypt module to write
on OTA zip (for f2fs_pin_file functionality).

Also, add a few dontaudit rules to suppress harmless denials.

Denials:
I uncrypt : type=1400 audit(0.0:177): avc: denied { write } for name="update.zip" dev="dm-10" ino=7727 scontext=u:r:uncrypt:s0 tcontext=u:object_r:ota_package_file:s0 tclass=file permissive=0

I uncrypt : type=1400 audit(0.0:175): avc: denied { search } for name="/" dev="sda9" ino=2 scontext=u:r:uncrypt:s0 tcontext=u:object_r:metadata_file:s0 tclass=dir permissive=0

I uncrypt : type=1400 audit(0.0:176): avc: denied { search } for name="gsi" dev="sda9" ino=19 scontext=u:r:uncrypt:s0 tcontext=u:object_r:gsi_metadata_file:s0 tclass=dir permissive=0

Bug: 158070965
Change-Id: I473c5ee218c32b481040ef85caca907a48aadee6
2020-07-07 00:03:11 +00:00
Treehugger Robot
da5d688917 Merge changes Ieee1d7de,Ie7780128
* changes:
  perfetto: don't audit isatty() check on shell pipes
  update 30.0 prebuilts for commit 2b2cde7592
2020-07-02 16:24:33 +00:00
TreeHugger Robot
dbe4f732a3 Merge "resolve merge conflicts of f885ab33e4 to rvc-dev-plus-aosp" into rvc-dev-plus-aosp 2020-07-02 16:15:17 +00:00
Justin Yun
9b70a2c04e Label /system_ext/lib(64)/* as system_lib_file am: 112c4135db am: df977df1fe
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/12065561

Change-Id: I13984a23bcc95367997e3db39281ab02497ec7f7
2020-07-02 08:07:07 +00:00
Justin Yun
aedba668b4 Label /system_ext/lib(64)/* as system_lib_file am: 088587886c am: 9730e23c22
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1354282

Change-Id: Id922f0821796f2c126c6be5904d2c50cc9bd447c
2020-07-02 05:09:41 +00:00
Justin Yun
112c4135db Label /system_ext/lib(64)/* as system_lib_file
This needs to be updated to api 30.0 which introduced the system_ext.

Bug: 160314910
Test: build and boot
Change-Id: I08c4aed640467d11482df08613039726e7395be0
Merged-In: I08c4aed640467d11482df08613039726e7395be0
(cherry picked from commit 85a92849c73ae2b28e8a33a2e01bac47cc9f1684)
2020-07-02 04:07:44 +00:00
Justin Yun
088587886c Label /system_ext/lib(64)/* as system_lib_file
This needs to be updated to api 30.0 which introduced the system_ext.

Bug: 160314910
Test: build and boot
Change-Id: I08c4aed640467d11482df08613039726e7395be0
2020-07-02 04:07:12 +00:00
Jeff Vander Stoep
234da0e568 Label kprobes and restrict access am: 1f9e45ee4b am: d065fea74f
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/11939764

Change-Id: I8d26ca15e4cb3f7743ea1484c5f4e55d024e2009
2020-07-02 01:53:34 +00:00
Jeff Vander Stoep
1f9e45ee4b Label kprobes and restrict access
Bug: 149659981
Test: build & boot Pixel

Change-Id: I6abcd1bb9af15e7ba0f1f5e711ea9ac661bffc25
Merged-In: I6abcd1bb9af15e7ba0f1f5e711ea9ac661bffc25
2020-06-30 17:22:08 -07:00
Ryan Savitski
58c8751cf7 perfetto: don't audit isatty() check on shell pipes
CTS runs are being polluted by denial logs from the best-effort isatty (
-> TCGETS ioctl) check done by the perfetto's log formatter.

This patch suppresses the denial.

I believe that what's actually being denied is the ioctl itself, NOT the
TCGETS aspect of it (there is a domain-wide fifo_file TCGETS allowxperms
rule in domain.te:303). But the "dontauditxerms" suppresses the denial
anyway.

Bug: 159988048
Merged-In: Ieee1d7de8b023dd632d0e37afa3a2434cfd1a3a1
Change-Id: Ieee1d7de8b023dd632d0e37afa3a2434cfd1a3a1
(cherry picked from commit 8519c6d316)
2020-06-29 23:10:40 +01:00
Ryan Savitski
952990da87 resolve merge conflicts of f885ab33e4 to rvc-dev-plus-aosp
This is resolving the combination of ag/11956179 + ag/11956180,
as submitted in rvc-dev. The first change is a CP of a change already in
aosp/master, the second change is new.

The merge therefore contains just the second change as far as the
non-prebuilts are concerned, as well as an update of 30.0 prebuilts
for the combined changes.

Bug: 159988048
Change-Id: Ia35358419207dba7984f30da507f32902967ca62
2020-06-29 21:59:36 +00:00
Ryan Savitski
837e1f9bc7 update 30.0 prebuilts for commit 2b2cde7592
The non-prebuilt files are already up-to-date, as this change exists in
aosp/master as aosp/1267820.

Bug: 159988048
Merged-In: Ie7780128fcd80a051e809bfc98f21179cb3f0ecc
Change-Id: Ie7780128fcd80a051e809bfc98f21179cb3f0ecc
(cherry picked from commit 2b2cde7592)
2020-06-29 22:54:19 +01:00
Ryan Savitski
90c65f103b Merge changes Ieee1d7de,Ie7780128 into rvc-dev am: f885ab33e4 am: b393f6031d
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/11956180

Change-Id: I3193d54ecc40200b7cdda33ce9550cd13d989e1f
2020-06-29 18:38:03 +00:00
Ryan Savitski
f885ab33e4 Merge changes Ieee1d7de,Ie7780128 into rvc-dev
* changes:
  perfetto: don't audit isatty() check on shell pipes
  perfetto: minor quality of life tweaks
2020-06-29 18:16:41 +00:00
TreeHugger Robot
02887bf22d Merge "GPU Memory: allow tracing gpu_mem/gpu_mem_total on user build" into rvc-dev am: 051dffd04d am: 6be558aaea
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/11997043

Change-Id: I5355a84804329e73c130ef76e4771651e4b72b88
2020-06-26 20:44:46 +00:00
TreeHugger Robot
051dffd04d Merge "GPU Memory: allow tracing gpu_mem/gpu_mem_total on user build" into rvc-dev 2020-06-26 20:09:14 +00:00
Ryan Savitski
8519c6d316 perfetto: don't audit isatty() check on shell pipes
Per the bug rvc CTS runs are being polluted by denial logs from the
best-effort isatty ( -> TCGETS ioctl) check done by the perfetto's log
formatter.

This patch suppresses the denial, which is what's proposed for the scope
of rvc.

I believe that what's actually being denied is the ioctl itself, NOT the
TCGETS aspect of it (there is a domain-wide fifo_file TCGETS allowxperms
rule in domain.te:303). But the "dontauditxerms" suppresses the denial
anyway.

Bug: 159988048
Tested: flashed crosshatch-userdebug, verified that CTS is no longer
        causing audit logs reported in the bug.
Change-Id: Ieee1d7de8b023dd632d0e37afa3a2434cfd1a3a1
2020-06-26 15:19:07 +00:00
Ryan Savitski
2b2cde7592 perfetto: minor quality of life tweaks
Change 1: when running the "perfetto" binary via "adb shell
perfetto...", ctrl-Cing the host process doesn't propagate the teardown
to the on-device process (which normally should stop the tracing session
immediately). Allow signals adbd->perfetto to resolve.

Change 2: don't print audit logs for a harmless isatty() check on adb
sockets when they're the stderr of a "perfetto" process.

Example denials from the isatty() check (ioctl is TCGETS):

avc: denied { getattr } for path="socket:[244990]" dev="sockfs"
ino=244990 scontext=u:r:perfetto:s0 tcontext=u:r:adbd:s0
tclass=unix_stream_socket permissive=0
avc: denied { ioctl } for path="socket:[244992]" dev="sockfs" ino=244992
ioctlcmd=0x5401 scontext=u:r:perfetto:s0 tcontext=u:r:adbd:s0
tclass=unix_stream_socket permissive=0

Example denial from ctrl-c'ing "adb shell perfetto ...":

avc: denied { signal } for comm=7368656C6C20737663203134343537
scontext=u:r:adbd:s0 tcontext=u:r:perfetto:s0 tclass=process
permissive=0

===

This is a CP of commit 5f1f1b6a7a, with
updated 30.0 prebuilts. Using a new Change-Id since as far as I
understand, the prebuilts should still be merged downstream.

Bug: 159988048
Tested: patched onto an internal branch, then verified that denials are
        gone on a flashed crosshatch-userdebug.
Change-Id: Ie7780128fcd80a051e809bfc98f21179cb3f0ecc
2020-06-26 15:16:45 +00:00
Yiwei Zhang
c7507f1b9b GPU Memory: allow tracing gpu_mem/gpu_mem_total on user build
Bug: 158431662
Test: enable the tracepoint on user build
Change-Id: I61560003c5cc92f2563fb98bdaee9bfd4807f46a
Merged-In: I61560003c5cc92f2563fb98bdaee9bfd4807f46a
2020-06-26 04:23:09 -07:00
Adam Shih
a2220a97a9 Let dumpstate access hal_identity am: 11aaf9c6b5 am: 41e92ed113
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/11986297

Change-Id: I5b2188ee1126ecef4d17aa9cfaf0eeb547c1f0f0
2020-06-24 23:38:41 +00:00
Adam Shih
11aaf9c6b5 Let dumpstate access hal_identity
Bug: 158614313
Test: CtsSecurityHostTestCases:android.security.cts.SELinuxHostTest#testNoBugreportDenials
Merged-In: Ic07e64b0bb18f948764e7bde5985eab91747b882
Change-Id: I6f30510c391db03111a5bb2694049b32f742ff0c
2020-06-24 16:58:35 -04:00
Adam Shih
1929084080 Let dumpstate access hal_identity am: 8cc3f8d9ee am: c14114d1d3
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1347408

Change-Id: Icdcc679560ff8a835e8873997e342d24889b3973
2020-06-24 14:03:48 +00:00
Adam Shih
8cc3f8d9ee Let dumpstate access hal_identity
Bug: 158614313
Test: CtsSecurityHostTestCases:android.security.cts.SELinuxHostTest#testNoBugreportDenials
Change-Id: Ic07e64b0bb18f948764e7bde5985eab91747b882
2020-06-24 10:40:44 +08:00
TreeHugger Robot
f0c9ef6376 Merge "sepolicy: label vendor_service_contexts as vendor_service_contexts_file" into rvc-dev am: b992eb34e6 am: f87b1ccb70
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/11907832

Change-Id: Ib96daf9920b3e6b96620d3eaa58bae3e78aa06ab
2020-06-19 11:35:21 +00:00
TreeHugger Robot
b992eb34e6 Merge "sepolicy: label vendor_service_contexts as vendor_service_contexts_file" into rvc-dev 2020-06-19 11:15:23 +00:00
TreeHugger Robot
a3b7b2121d Merge "Allow system server to communicate with GPU service." into rvc-dev am: 863dfbb1d0 am: 60a535fb70
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/11900643

Change-Id: Iccc5e56ed02bcfde89601cd362ce371cd4bd2420
2020-06-19 03:22:04 +00:00
TreeHugger Robot
863dfbb1d0 Merge "Allow system server to communicate with GPU service." into rvc-dev 2020-06-19 03:00:17 +00:00
linpeter
e0fed1f9b8 sepolicy: label vendor_service_contexts as vendor_service_contexts_file
Due to AIDL HAL introduction, vendors can publish services
with servicemanager. vendor_service_contexts is labeled as
vendor_service_contexts_file, not nonplat_service_contexts_file.
And pack it to vendor partition.

Bug: 154066722

Test: check file label
Merged-In: Ic74b12e4c8e60079c0872b6c27ab2f018fb43969
Change-Id: Ic74b12e4c8e60079c0872b6c27ab2f018fb43969
2020-06-19 02:40:15 +00:00
Peiyong Lin
3e299e3a6f Allow system server to communicate with GPU service.
Currently system server also has a GPU service. We use that to observe
updatable driver package changes, in order to communciate that
information down to the GPU service, this patch allows system server to
make binder call.

Bug: b/157832445, b/159240322
Test: adb shell dumpsys gpu
Change-Id: I9c32c690707e24a5cfbdfdc62feeea9705321f5b
Merged-In: I9c32c690707e24a5cfbdfdc62feeea9705321f5b
2020-06-18 17:25:42 -07:00
Midas Chien
6bc1668d9d sepolicy: allow surfaceflinger to set surfaceflinger_display_prop am: 58fc40a8ba am: acd7e4727d
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/11894998

Change-Id: I0a0e4c36164ea34652b9940ba2def04ec384b325
2020-06-18 23:04:37 +00:00
Midas Chien
58fc40a8ba sepolicy: allow surfaceflinger to set surfaceflinger_display_prop
W//system/bin/init: type=1107 audit(0.0:51): uid=0 auid=4294967295
ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set }
for property=graphics.display.kernel_idle_timer.enabled pid=643
uid=1000 gid=1003 scontext=u:r:surfaceflinger:s0
tcontext=u:object_r:surfaceflinger_display_prop:s0
tclass=property_service permissive=0

Bug: 157513573
Test: surfaceflinger can set graphics.display.kernel_idle_timer.enabled
Test: vendor_init can get graphics.display.kernel_idle_timer.enabled
Change-Id: I78023a7857c8aa81a8863010b875bcb885bae614
Merged-In: I78023a7857c8aa81a8863010b875bcb885bae614
Merged-In: Ic26874a74b10b13539846de33b3a8aa745c9841a
2020-06-18 20:50:56 +00:00
Ana Krulec
a6bc4e5271 Merge "sepolicy: allow surfaceflinger to set surfaceflinger_display_prop" into rvc-dev-plus-aosp 2020-06-18 19:09:12 +00:00
Midas Chien
0d0391f931 sepolicy: allow surfaceflinger to set surfaceflinger_display_prop
W//system/bin/init: type=1107 audit(0.0:51): uid=0 auid=4294967295
ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set }
for property=graphics.display.kernel_idle_timer.enabled pid=643
uid=1000 gid=1003 scontext=u:r:surfaceflinger:s0
tcontext=u:object_r:surfaceflinger_display_prop:s0
tclass=property_service permissive=0

Bug: 157513573
Test: surfaceflinger can set graphics.display.kernel_idle_timer.enabled
Test: vendor_init can get graphics.display.kernel_idle_timer.enabled
Change-Id: I78023a7857c8aa81a8863010b875bcb885bae614
2020-06-19 01:45:34 +08:00
Treehugger Robot
bc9090fc6c Merge "Allow system server to communicate with GPU service." am: 9df1b49507 am: 1eb8d1b91a
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1341896

Change-Id: I874a8f46257f987cb0c2f56faddee9c2e1cfecf0
2020-06-18 17:18:20 +00:00
Maciej Żenczykowski
5d1f00f5eb grant bpfloader ability to fetch the fd of pinned bpf programs am: cd2996d1e1 am: ad8d997593
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/11897452

Change-Id: Ia4275438eedf58a718408b9436a1d8c4edf19abc
2020-06-18 15:12:35 +00:00
Hasini Gunasinghe
348996389c Merge "Allow keystore to write to statsd." into rvc-dev am: 893ce72bc3 am: eb279cb170
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/11824864

Change-Id: Ib9baae215805f2dd8e2ecd9b5d50cd7853c88cba
2020-06-18 14:41:19 +00:00
Peiyong Lin
d7b20d276f Allow system server to communicate with GPU service.
Currently system server also has a GPU service. We use that to observe
updatable driver package changes, in order to communciate that
information down to the GPU service, this patch allows system server to
make binder call.

Bug: b/157832445, b/159240322
Test: adb shell dumpsys gpu
Change-Id: I9c32c690707e24a5cfbdfdc62feeea9705321f5b
2020-06-17 17:21:23 -07:00
Tianjie Xu
c851deef79 Allow kernel to write to update_engine_data_file
This is needed to run update_engine unittests in cuttlefish. In the test,
the directory is mounted as R/W.

Denial:
avc: denied { write } for path="/data/misc/update_engine/tmp/a_img.NqUpaa" dev="dm-4" ino=3048 scontext=u:r:kernel:s0 tcontext=u:object_r:update_engine_data_file:s0 tclass=file permissive=0

strace:
mount("/dev/block/loop26", "/data/local/tmp/.org.chromium.Chromium.3s2KYE", "ext2", 0, "") = -1 EIO (I/O error)

Bug: 157594374
Test: unittests pass
Change-Id: I4658eb60240bd725bac2aef30305747ffe50aeb6
(cherry picked from commit 9f7947348f)
2020-06-17 14:55:45 -07:00
Maciej Żenczykowski
cd2996d1e1 grant bpfloader ability to fetch the fd of pinned bpf programs
Fixes:
  W bpfloader: type=1400 audit(0.0:13): avc: denied { read } for name="prog_offload_schedcls_ingress_tether_rawip" dev="bpf" ino=12551 scontext=u:r:bpfloader:s0 tcontext=u:object_r:fs_bpf:s0 tclass=file permissive=0

Test: builds, atest, treehugger
Bug: 150040815
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Merged-In: I3c7b116bc95d2534a3b72f2e3f19c4a2d8ee83f2
Change-Id: I3c7b116bc95d2534a3b72f2e3f19c4a2d8ee83f2
2020-06-17 21:21:53 +00:00
Hasini Gunasinghe
5034dcc68c Merge "Allow keystore to write to statsd." into rvc-dev am: 893ce72bc3
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/11824864

Change-Id: I6b17b7d8f1d2e53aa2361ab05da2d999af232e57
2020-06-17 18:23:28 +00:00
Amy Zhang
42c9d20ee9 Merge "Add app_api_service in TunerResourceManager system service sepolicy" into rvc-dev am: 9212c417f1 am: 685b769529
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/11852496

Change-Id: I5c1488d6e29abdde3c15412d7b774eb71eca4e12
2020-06-17 18:17:58 +00:00
Hasini Gunasinghe
893ce72bc3 Merge "Allow keystore to write to statsd." into rvc-dev 2020-06-17 18:03:05 +00:00
Amy Zhang
2ff7d07dfb Merge "Add app_api_service in TunerResourceManager system service sepolicy" into rvc-dev am: 9212c417f1
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/11852496

Change-Id: Ib724b264d6f15f88a583a8f3db9858db40bc7a42
2020-06-17 17:55:15 +00:00
Amy Zhang
9212c417f1 Merge "Add app_api_service in TunerResourceManager system service sepolicy" into rvc-dev 2020-06-17 17:45:14 +00:00
Maciej Żenczykowski
99b76153c8 grant bpfloader ability to fetch the fd of pinned bpf programs am: ef76c53719 am: 83bfe14cb0
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1339062

Change-Id: Ie184d9da5150d0a4f4522e8054cb5d82eea82e01
2020-06-17 17:21:07 +00:00
Maciej Żenczykowski
ef76c53719 grant bpfloader ability to fetch the fd of pinned bpf programs
Fixes:
  W bpfloader: type=1400 audit(0.0:13): avc: denied { read } for name="prog_offload_schedcls_ingress_tether_rawip" dev="bpf" ino=12551 scontext=u:r:bpfloader:s0 tcontext=u:object_r:fs_bpf:s0 tclass=file permissive=0

Test: builds, atest, treehugger
Bug: 150040815
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I3c7b116bc95d2534a3b72f2e3f19c4a2d8ee83f2
2020-06-16 21:55:57 -07:00
Ashwini Oruganti
e80736fcde Actually route PermissionController to the right domain am: 8b86f89a1d am: c25cb5f8e4
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/11873535

Change-Id: I040754b0d08daf5aca9fb4f48522477923e47604
2020-06-16 17:07:34 +00:00
Shafik Nassar
6b73e107cc Merge "Allow MediaProvider to binder call into statsd" am: 03c94a8cc3 am: c6684733b3
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1336935

Change-Id: Ie1cf27442cb7c0aab2d2d33b0e350136c1cfc498
2020-06-16 12:22:04 +00:00