Commit graph

224 commits

Author SHA1 Message Date
Shikha Panwar
992245d1b2 Allow MM to open/syncfs/close encryptedstore dir
Microdroid Manager needs these permissions to sync the encryptedstore
filesystem.

Test: Builds
Test: Check selinux denials in logs
Change-Id: Iee020ae653f5d42af086ca91068e3df52c992305
2023-01-06 08:57:02 +00:00
Jiyong Park
bce697f3c5 Merge "prng_seeder is a bootstrap process in microdroid" 2022-12-23 03:31:18 +00:00
Jiyong Park
c4cf20a146 prng_seeder is a bootstrap process in microdroid
It is started very early before linker namespaces are configured, thus
making it a bootstrap process.

Bug: 263398430
Test: watch boottime benchmark
Change-Id: I60411601a6be78f8401e43d136b567615002797c
2022-12-22 10:24:26 +09:00
Jiyong Park
f59f5d2eba Merge "Add rules for prng_seeder" 2022-12-21 12:15:32 +00:00
Jiyong Park
02df74af6d Add rules for prng_seeder
The process has the exclusive access to /dev/hw_random. It instead opens
provides a socket (/dev/prng_seeder/socket) which any process can
connect to to get random numbers.

This CL is basically a Microdroid version of aosp/2215051

Bug: 247781653
Test: same as aosp/I0a7e339115a2cf6b819730dcf5f8b189a339c57d
    * Verify prng_seeder daemon is running and has the
      correct label (via ps -Z)
    * Verify prng_seeder socket present and has correct
      label (via ls -Z)
    * Verify no SELinux denials
    * strace a libcrypto process and verify it reads seeding
      data from prng_seeder (e.g. strace bssl rand -hex 1024)
    * strace seeder daemon to observe incoming connections
      (e.g. strace -f -p `pgrep prng_seeder`)

Change-Id: I3483132ead0f5d101b5b3365f78cc36d89528f0e
2022-12-20 22:01:57 +09:00
Nikita Ioffe
f8ece0f19e Allow microdroid_manager to drop capabilities from it's bounding set
In the other change in the same topic microdroid_manager starts to drop
the capabilities before execve'ing the payload binary.

Test: m
Bug: 243633980
Change-Id: Ia70d15db413c822b174a708dedfa5557c8abde65
2022-12-17 02:36:49 +00:00
Treehugger Robot
3997a8fff0 Merge "Add more zipfuse mount done props" 2022-12-14 10:51:40 +00:00
Treehugger Robot
f1e8772660 Merge "Selinux label for /mnt/encryptedstore" 2022-12-13 20:16:12 +00:00
Seungjae Yoo
2ca7ebd8a2 Merge "Cleanup ro.boot.microdroid.app_debuggable" 2022-12-12 00:16:58 +00:00
Treehugger Robot
d838f6443e Merge "Remove netdomain from Microdroid" 2022-12-10 06:57:54 +00:00
Shikha Panwar
1aeaaedbc9 Selinux label for /mnt/encryptedstore
Create a label for the encrypted storage. encryptedstore_file & _fs
corresponding to the file & fs type.

encryptedstore process mounts the device on /mnt/encryptedstore with
fscontext & context.

microdroid_payload will have rw & related permissions on it. Also, add a
neverallow rule to deny execute permission on all domains.

encryptedstore needs relabel permission from tmpfs to
encryptedstore_file, along with mount like permissions on the later.

Bug: 261477008
Test: atest MicrodroidTests#encryptedStorageAvailable

Change-Id: Iffa1eb400f90874169d26fc2becb1dda9a1269a9
2022-12-09 19:26:34 +00:00
Jiyong Park
2660633d34 Remove netdomain from Microdroid
Nothing in Microdroid uses tcp/udp/rawip sockets. Removing netdomain
attribute for the capability. Note that some processes can use
networking via vsock.

Bug: N/A
Test: watch TH

Change-Id: Id10861d0520770578503dd93b0c72c3d6be993e8
2022-12-09 14:31:40 +09:00
Seungjae Yoo
8fbe216555 Cleanup ro.boot.microdroid.app_debuggable
Bug: 260147409
Test: N/A
Change-Id: I3d3e5dc7d26733b7faeeafb854f768d74831a648
2022-12-09 13:46:26 +09:00
Alan Stokes
26aa754f36 Add more zipfuse mount done props
Allow one property per APK for zipfuse to signal readiness to
microdroid manager.

Bug: 252811466
Test: atest MicrodroidTests
Test: composd_cmd test-compile
Change-Id: Ibe5d0756cda807e677de68335258b96364e91880
2022-12-08 14:26:19 +00:00
Treehugger Robot
e596e1f243 Merge "Remove proc_fs_verity as it's not used in microdroid" 2022-12-07 18:25:49 +00:00
Jiyong Park
c99fde9178 Adb root is supported in Microdroid on user builds
In Android, adb root is disabled at build-time by not compiling
sepolicies which allows adbd to run in the `su` domain.

However in Microdroid, adb root should be supported even on user builds
because fully-debuggable VMs can be started and adb root is expected
there. Note that adb root is still not supported in non-debuggable VMs
by not starting it at all.

This change removes `userdebug_or_end` conditions from the policies for
adb root. In addition, the `su` domain where adbd runs when rooted is
explicitly marked as a permissive domain allowed.

Bug: 259729287
Test: build a user variant, run fully debuggable microdroid VM. adb root
works there.
Test: run non-debuggable microdroid VM. adb shell (not even adb root)
doesn't work.

Change-Id: I8bb40b7472dcda6619a587e832e22d3cb290c6b9
2022-12-06 22:30:36 +09:00
Jiyong Park
f970df2f44 Remove su_exec from Microdroid
Microdroid doesn't have the executable `su`. Removing su_exec and any
reference to it.

Bug: N/A
Test: run Microdroid instance and adb root works.
Change-Id: If6c356acbf85ba20a1face3e29e4cb38d002ea06
2022-12-05 11:54:16 +09:00
Shikha Panwar
f9089686e9 Move microdroid_*.config_done part to diff context
We introduced selinux context: microdroid_lifecycle_prop to group the
properties set by microdroid_manager related to its boot lifecycle.
microdroid_manager.config_done is more suitable to be grouped in this
context.

Test: MicrodroidHostTests#testMicrodroidBoots which also checks selinux
denials

Bug: 260005615
Change-Id: I81729146c2fc98479b9a71053e4cf8ba5d89de5e
2022-12-01 15:13:05 +00:00
Shikha Panwar
e1578a50fb Sepolicy for microdroid_manager.init_done
Add a new selinux context: microdroid_lifecycle_prop for properties like
microdroid_manager.init_done. Also adding neverallow rule to not let
anyone other than init & microdroid_manager set it.

Bug: 260713790
Test: Builds
Change-Id: I81470ce596cfe5870b6777b6ae6fde3a0dc486d1
2022-12-01 14:59:06 +00:00
Nikita Ioffe
1cf4d77af8 Add sepolicy for microdroid_config_prop sysprops
Bug: 260361248
Bug: 260005615
Test: m
Change-Id: I50f7c0040ce6d315a3dc910c4f0b412d244a7449
2022-11-28 13:43:42 +00:00
Alice Wang
9a444d0499 [cleanup] Remove attribute service_manager_type in microdroid
Bug: 257260848
Test: atest MicrodroidTests MicrodroidHostTests
Change-Id: Ic91fe1673d0648ac596eb67189d237175eb2976e
2022-11-24 12:00:48 +00:00
Alice Wang
08ae0e46de Merge "[cleanup] Remove permissions about binder_device inside microdroid" 2022-11-24 11:59:28 +00:00
Treehugger Robot
ca7bbf0681 Merge "[cleanup] Remove microdroid_service_context and its usages" 2022-11-24 10:35:58 +00:00
Treehugger Robot
d547a5a7a2 Merge "microdroid: Allow microdroid_manager to get local CID" 2022-11-23 21:00:07 +00:00
Alice Wang
8cac66dc34 [cleanup] Remove permissions about binder_device inside microdroid
The binder_device in microdroid has been removed in aosp/2310572.

Bug: 222479468
Test: atest MicrodroidTests MicrodroidHostTests
Change-Id: Ie87e3b5ca1afc4046d5b35cba5fc2f99bbc09f43
2022-11-23 11:57:54 +00:00
Alice Wang
334640c993 Merge "[cleanup] Remove permissions about binderfs inside microdroid" 2022-11-23 11:34:29 +00:00
Alice Wang
4a608c1960 [cleanup] Remove microdroid_service_context and its usages
As service_manager has been removed in microdroid.

Bug: 257260848
Test: atest MicrodroidTests MicrodroidHostTests

Change-Id: I05b3366a14ecd8d6aabfff5eca9b6fbf804dc97a
2022-11-23 10:03:53 +00:00
Alice Wang
79629bdd60 [cleanup] Remove permissions about binderfs inside microdroid
The binderfs in microdroid has been removed in aosp/2310572.

Bug: 222479468
Test: atest MicrodroidTests MicrodroidHostTests
Change-Id: I757ae39ebc841e8bb23300c4f65a3646ad8031fb
2022-11-22 21:22:38 +00:00
Alice Wang
0065888fe7 [cleanup] Remove unneeded apex_service permissions in microdroid
As microdroid doesn't use apex_service.

Bug: 222479468
Test: atest MicrodroidTests MicrodroidHostTests
Change-Id: Ie79473322905bda56c57d91f3c524ad715c99aff
2022-11-22 21:21:30 +00:00
Alice Wang
160ad719fb Merge "[cleanup] Remove permissions about servicemanager_prop inside microdroid" 2022-11-22 21:06:51 +00:00
Treehugger Robot
4c240dcaab Merge "Encryptedstore/Selinux: Format the crypt device" 2022-11-22 19:33:09 +00:00
Shikha Panwar
c6ff74a210 Encryptedstore/Selinux: Format the crypt device
Add selinux policies required for formatting the crypt device.
1. Allow encryptedstore to execute mk2fs.
2. The execution will happen without domain transition - so add
   permissions related to formatting the device.
3. Allow encryptedstore to write on /dev/vd device - required to zero
   starting bits initially

Test: Run vm with --storage & --storage-size option
Bug: 241541860
Change-Id: I9766e3c67e47a58707beee8b3a156944e3b0a9ce
2022-11-22 17:42:01 +00:00
Alice Wang
7358947455 Merge "[cleanup] Remove permissions about servicemanager inside microdroid" 2022-11-22 15:57:36 +00:00
Alice Wang
165148e62c [cleanup] Remove permissions about servicemanager_prop inside microdroid
As servicemanager is removed from microdroid.

Bug: 222479468
Test: atest MicrodroidTests MicrodroidHostTests
Change-Id: Ie39e4b214f297258f3dceecc11fa3d8289af3be4
2022-11-22 14:55:47 +00:00
Alice Wang
574be921af [cleanup] Remove permissions about servicemanager inside microdroid
Bug: 222479468
Test: atest MicrodroidTests MicrodroidHostTests
Change-Id: I562d0d018f0dbd7d4b93c39b2bde4d2a8b50de13
2022-11-22 14:36:09 +00:00
Treehugger Robot
ea83f4f046 Merge "Revert "Add listen/accept permission to MM's vsock"" 2022-11-22 13:52:20 +00:00
Alice Wang
05bd25482d Merge "[microdroid] Remove microdroid.servicemanager related permissions" 2022-11-22 12:34:04 +00:00
David Brazdil
909e3b9cf9 Revert "Add listen/accept permission to MM's vsock"
Unused since Ib7d1491e264539ffcc40442fdf419ce50d8cecf5.
This reverts commit 5df428bea8.

Bug: 253221932
Test: TH
Change-Id: Icc2aa0bbd05591a53458b1f5fbd2c442dfce7208
2022-11-22 11:52:29 +00:00
Shikha Panwar
f447a0bf07 Merge "encryptedstore - Create Selinux context & grant permissions" 2022-11-22 11:07:50 +00:00
Alice Wang
4925b34400 [microdroid] Remove microdroid.servicemanager related permissions
Since the microdroid.servicemanager has been removed.

Bug: 222479468
Test: atest MicrodroidTests MicrodroidHostTests
Change-Id: I90228ca2d1bc3c66a6967412942e1c3372ed09ca
2022-11-22 08:30:25 +00:00
Treehugger Robot
5a28628dbe Merge "Allow apkdmverity/zipfuse to write to kmsg_debug" 2022-11-22 03:00:37 +00:00
Inseob Kim
e987dcff74 Allow apkdmverity/zipfuse to write to kmsg_debug
..which is inherited from microdroid_manager.

Bug: 258760809
Test: atest MicrodroidHostTestCases MicrodroidTestApp
Change-Id: I839a0e6b4702e811db58b0cc44dd3b599c10a0b8
2022-11-22 10:13:48 +09:00
Alice Wang
3a7809a818 Merge "Cleanup authfs_service / servicemanager communication permissions" 2022-11-21 12:13:27 +00:00
Alice Wang
33fba3f1eb [rpc_binder] Remove permissions about virual_machine_payload_service
This cl removes the SELinux permissions about
virual_machine_payload_service / servicemanager communication.

Bug: 257260848
Test: atest MicrodroidTests
Change-Id: I2aeac92bdba7db1256ca48cdfca2265441882abf
2022-11-21 09:42:06 +00:00
Alice Wang
1a0c3f88e0 Cleanup authfs_service / servicemanager communication permissions
This cl removes SELinux policies related to
authfs_service / servicemanager communication as authfs_service
now uses rpc binder instead of servicemanager.

Bug: 257260848
Test: atest ComposHostTestCases
Change-Id: I3e3de94a837c95e8f486438cc6a76fea39ffc6f3
2022-11-21 09:29:41 +00:00
Inseob Kim
29fb4ae40b Merge changes from topic "microdroid_selinux_denial_fix"
* changes:
  Add listen/accept permission to MM's vsock
  Grant kmsg_debug permission to kexec
2022-11-18 12:04:34 +00:00
Alice Wang
b1c2e19a71 [rpc_binder] Enable connection for authfs_service socket
Bug: 222479468
Test: atest ComposHostTestCases
Change-Id: I2e60010beebf05391c7df6d38ef7be976ad8d06f
2022-11-18 09:22:20 +00:00
Inseob Kim
5df428bea8 Add listen/accept permission to MM's vsock
Bug: 259241719
Test: atest MicrodroidHostTestCases MicrodroidTestApp
Change-Id: I7403b2ae777fd72bb056b5cb260e693ef0793cff
2022-11-17 14:57:41 +00:00
Inseob Kim
cb2c533d83 Grant kmsg_debug permission to kexec
microdroid_manager has stdio_to_kmsg, so it's good to have the same
permission to microdroid_manager's children for better debuggability.

Bug: 259241719
Test: atest MicrodroidHostTestCases MicrodroidTestApp
Change-Id: Ibaaed365e970e6b9f2d458ccae4d128fd3b84f38
2022-11-17 14:57:17 +00:00
Shikha Panwar
81bf90de4d encryptedstore - Create Selinux context & grant permissions
encryptedstore is Microdroid's dm-crypt based encryption solution. It
requires access to block device, mapper devices etc.

Test: Run a VM & look for sepolicy denials.
Bug: 241541860
Change-Id: I556f56a184fc7a1ea71d67c3e591cc567dab2431
2022-11-16 18:18:34 +00:00