Commit graph

45616 commits

Author SHA1 Message Date
Alessandra Loro
587d6a2846 Merge "Revert "bug_map selinux test failure"" into main 2023-12-19 14:47:37 +00:00
David Drysdale
7e09f9ceef Add the fuzzer for ISecretkeeper/nonsecure
Test: N/A
Bug: 291228655
Change-Id: Ie67905f0703762198339ff80e9ae8d10b06eba3f
2023-12-19 09:49:26 +00:00
Inseob Kim
3e34b72f9c Change sepolicy version format for vFRC
sepolicy versioning is for system <-> vendor compatibility. This changes
sepolicy version format from sdk version (e.g. 34.0) to vendor api
version (e.g. 202404.0).

Bug: 314010177
Test: build and boot
Change-Id: I2422c416b7fb85af64c8c835497bbecd2e10e2ab
2023-12-19 13:35:38 +09:00
Hang Shi
cb24b4facf Merge "Bluetooth LMP Events: Add Lmp Events Hal" into main 2023-12-19 02:34:53 +00:00
Marie Matheson
289c8c0bb7 [automerger skipped] Allow isolated to read staged apks am: 7b73ec2605 -s ours
am skip reason: Merged-In I7226bae79344c3b2a5a0f59940dde6d64a8a7ea1 with SHA-1 cf2694bf86 is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2879648

Change-Id: I266f1286f87d37d3d48429e36bbab6fb174050ed
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-12-18 23:32:46 +00:00
Tom Chan
4409ea458f Update wearable_sensing_service to app_api_service
Being a system_api_service prevents non-privileged apps from getting a reference to WearableSensingManager via Context#getSystemService (it returns null). CTS tests are run as non-privileged apps, so we need this change to properly test the API.

The API methods are protected by a signature|privileged permission. CTS tests can gain this permission by adopting the Shell's permission identity, but it can't get around the SELinux policy.

wearable_sensing_service is mostly modelled after ambient_context_service, which is an app_api_service, so we believe this change is fine from a security's perspective.

Test: A CTS test can get a WearableSensingManager via Context#getSystemService after this change.

Change-Id: I9d854353f48ff7b3fa5a07527bee0bcc83cb6236
2023-12-18 22:02:06 +00:00
Peter Collingbourne
fe69f400db Merge "Mount /tmp as tmpfs." into main 2023-12-18 21:39:38 +00:00
Treehugger Robot
cbfdcc450e Merge "Revert "bugmap selinux failure"" into main 2023-12-18 16:01:25 +00:00
Alessandra Loro
b7d3e34182 Revert "bug_map selinux test failure"
This reverts commit 7a8028bbb4.

Reason for revert: Fixed via aosp/2869455

Bug: 308043377
Change-Id: I2b9a4094c1e19455ac135d204efe0811cb922ffa
2023-12-18 15:29:44 +00:00
Alessandra Loro
0a9f5d4c1f Revert "bugmap selinux failure"
This reverts commit 6aa75739d5.

Reason for revert: Fixed via aosp/2869455

Bug: 308043377
Change-Id: Id9d6e1abaa4b60b775123c0b7ba2f19368234848
2023-12-18 14:59:51 +00:00
Brian Lindahl
0027546b06 Merge "Revert "bugmap selinux failure"" into main 2023-12-18 14:29:22 +00:00
Marie Matheson
7b73ec2605 Allow isolated to read staged apks
type=1400 audit(0.0:835): avc: denied { read }
for path="/data/app/vmdl1923101285.tmp/base.apk"
dev="dm-37" ino=29684
scontext=u:r:isolated_app:s0:c512,c768
tcontext=u:object_r:apk_tmp_file:s0 tclass=file
permissive=0

Bug: 308775782
Bug: 316442990
Test: Flashed to device with and without this change, confirmed that this
change allows an isolated process to read already opened staged apk file
(cherry picked from https://android-review.googlesource.com/q/commit:cf2694bf863fc31ac5862b92bb9258136de57932)
Merged-In: I7226bae79344c3b2a5a0f59940dde6d64a8a7ea1
Change-Id: I7226bae79344c3b2a5a0f59940dde6d64a8a7ea1
2023-12-17 23:46:04 +00:00
Peter Collingbourne
4912d266e1 Mount /tmp as tmpfs.
/tmp is a volatile temporary storage location for the shell user.
As with /data/local/tmp, it is owned by shell:shell and is chmod 771.

Bug: 311263616
Change-Id: Ice0229d937989b097971d9db434d5589ac2da99a
2023-12-15 16:46:46 -08:00
Treehugger Robot
f336eec750 Merge "traced_probes: allow perfetto to read /proc/pressure entries" into main 2023-12-15 23:06:32 +00:00
Jared Duke
8db0b2be1e traced_probes: allow perfetto to read /proc/pressure entries
Allow perfetto to read /proc/pressure/* entries for cpu/io/memory.

Test: Capture perfetto psi traces manually
Bug: 315152880
Change-Id: I08c3d3eca39ee65eb3f93d609a8ef7cf9c25f6a0
2023-12-15 19:15:57 +00:00
Yu-Ting Tseng
4de7a537b0 Merge "Revert^2 "Update uprobestats SELinux policy"" into main 2023-12-15 18:02:57 +00:00
Jiakai Zhang
32c47c94be Merge "Allow watchdog to dump artd." into main 2023-12-15 15:27:26 +00:00
Treehugger Robot
c45d9f8263 Merge "Revert^2 "virtualizationmanager is a client of secretkeeper"" into main 2023-12-15 12:37:43 +00:00
Shikha Panwar
c9b992126c Revert^2 "virtualizationmanager is a client of secretkeeper"
It ferries SecretManagement messages to/from Sk. Reflect this is
sepolicies.

Test: With topic, check selinux denials
Bug: 291213394
Change-Id: Ia0d25e46232d56c59fb18f8642767bfa2d5ffab1
2023-12-15 11:23:54 +00:00
Treehugger Robot
d5f372ff3c Merge "Add lmk pressure_after_kill_min_score prop" into main 2023-12-15 06:27:08 +00:00
Treehugger Robot
28b5f9afd4 Merge "Allow remount to update the super partition." into main 2023-12-15 01:43:49 +00:00
Yu-Ting Tseng
43cae4ea24 Revert^2 "Update uprobestats SELinux policy"
This reverts commit 5e1d7f1c85.

Reason for revert: retry with a fix to the failed tests

Test: atest art_standalone_oatdump_tests
Change-Id: I28872c643ba4ec07ef41b1f9be86036c592a6e4e
2023-12-14 17:17:18 -08:00
Matt Stephenson
531cdc930f Add lmk pressure_after_kill_min_score prop
Add ro.lmk.pressure_after_kill_min_score property to config.

Test: pressure_after_kill_min_score applies if SELinux is enabled
Bug: 316242513
Change-Id: Ie974fb3eddc0c1bc5c28b2c11d516b152c390396
2023-12-14 23:36:56 +00:00
Inseob Kim
8a0d6d1f17 [automerger skipped] Remove vfio_handler entry am: 4a14ebeb3e -s ours
am skip reason: Merged-In I5559dfca1a29852b65481c95f37edc9977ee9d7d with SHA-1 094e8e81a2 is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2875635

Change-Id: I48daef2abbfaff2790f13f759b9d2402a2e6ba68
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-12-14 23:10:08 +00:00
Shikha Panwar
322d4efbcf Merge "Revert "virtualizationmanager is a client of secretkeeper"" into main 2023-12-14 22:04:24 +00:00
Yu-Ting Tseng
675247f370 Merge "Revert "Update uprobestats SELinux policy"" into main 2023-12-14 21:00:06 +00:00
Trevor Black
dcef23db69 Revert "virtualizationmanager is a client of secretkeeper"
Revert submission 2705357-sk_vm

Reason for revert: DroidMonitor-triggered revert due to breakage https://android-build.corp.google.com/builds/quarterdeck?branch=git_aosp-main-with-phones&target=aosp_oriole-trunk_staging-userdebug&lkgb=11221468&lkbb=11221626&fkbb=11221480

Reverted changes: /q/submissionid:2705357-sk_vm

Bug: 316391577
Change-Id: Ibc92e4b2c578cdf210e873d82af0f413d6a37dc0
2023-12-14 20:29:33 +00:00
Yu-Ting Tseng
5e1d7f1c85 Revert "Update uprobestats SELinux policy"
This reverts commit a87a13f16c.

Reason for revert: b/316386186

Change-Id: Ia39371ee9d96c1b1fdf71d67abc7765019c4f185
2023-12-14 19:50:49 +00:00
Shikha Panwar
751837e26e Merge "virtualizationmanager is a client of secretkeeper" into main 2023-12-14 19:44:12 +00:00
Shikha Panwar
e6c5f205e0 virtualizationmanager is a client of secretkeeper
It ferries SecretManagement messages to/from Sk. Reflect this is
sepolicies.

Test: With topic, check selinux denials
Bug: 291213394
Change-Id: I0acc06424eb834d66a85f9d4f6b8b632d95c4190
2023-12-14 17:05:16 +00:00
Yu-Ting Tseng
ef639990c7 Merge "Update uprobestats SELinux policy" into main 2023-12-14 17:03:35 +00:00
Inseob Kim
4a14ebeb3e Remove vfio_handler entry
Bug: 313817413
Test: TH
Change-Id: I2f68b85f3b91e687eb1f885023d374869d0a7ce5
Merged-In: I5559dfca1a29852b65481c95f37edc9977ee9d7d
2023-12-14 18:06:19 +09:00
Yu-Ting Tseng
a87a13f16c Update uprobestats SELinux policy
The changes include
- allow binder calls to ActivityManager and NativePackageManager
- allow binder calls from system server
- allow writes of statsd atoms
- allow init to start uprobestats
- permission for uprobestats config files and propery
- allow execution of oatdump so it can look up code offsets
- allow scanning /proc.

Test: m selinux_policy
Change-Id: Id1864b7dac3a2c5dcd8736c4932778e36b658ce3
2023-12-13 16:49:23 -08:00
Treehugger Robot
cc90a2a0c6 Merge "sepolicy: grant network_stack CAP_WAKE_ALARM" into main 2023-12-13 20:55:37 +00:00
David Anderson
17fbd9c607 Allow remount to update the super partition.
"adb remount" runs the remount command, which needs to be able to update
bits in the super partition metadata. This change only affects
userdebug_or_eng policy.

Bug: 297923468
Test: adb-remount-test.sh
Change-Id: Ia78d4b0ea942a139c8a4070dc63a0eed218e3e18
2023-12-13 12:09:30 -08:00
Franklin Abreu Bueno
a3bfb1485e Bluetooth LMP Events: Add Lmp Events Hal
Bug: 281503650
Change-Id: Ie9fa616d4142c554c30e5b45b625203387edb9a7
2023-12-13 12:02:33 -08:00
Maciej Żenczykowski
fd0efeb043 sepolicy: grant network_stack CAP_WAKE_ALARM
It is effectively an oversight that bluetooth has this
but network stack does not.

This prevents the network stack process from (for example)
using timerfd_create with CLOCK_{REAL,BOOT}TIME_ALARM,
without trampolining through parts of the mainline module
which are shipped as part of the system server.

See:
  https://man7.org/linux/man-pages/man2/timerfd_create.2.html

Bug: 316171727
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Iba95c80f830784a587fa4df6867a99bcb96ace79
2023-12-13 18:52:51 +00:00
Brian Lindahl
89312a1bfc Revert "bugmap selinux failure"
This reverts commit c6132a2ae7.

Reason for revert: Fixed via aosp/2869455

Bug: 308043377
Change-Id: Iaa42e34bc08e2ce056b0c624fe5665ff026bc654
2023-12-13 16:13:47 +00:00
Brian Lindahl
623646c3b6 [automerger skipped] Merge "Allow for server-side configuration of libstagefright" into android14-tests-dev am: 46668eaca7 -s ours
am skip reason: Merged-In I95aa6772a40599636d109d6960c2898e44648c9b with SHA-1 ffeb680417 is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2869455

Change-Id: Ic3f9aa6bb7aa559e391448fa5198b8f73df9af28
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-12-13 06:23:26 +00:00
Brian Lindahl
8b33232c76 [automerger skipped] Allow for server-side configuration of libstagefright am: 660e460e8c -s ours
am skip reason: Merged-In I95aa6772a40599636d109d6960c2898e44648c9b with SHA-1 ffeb680417 is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2869455

Change-Id: Ia9cdc30aacb17db751fd42a957c8787270d1ae2f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-12-13 06:23:22 +00:00
Brian Lindahl
46668eaca7 Merge "Allow for server-side configuration of libstagefright" into android14-tests-dev 2023-12-13 06:00:07 +00:00
Andrea Zilio
65af65df10 Allow pm.archiving.enabled to be read by priv apps.
Test: Presubmit
Bug: 314160630
Change-Id: Ibf844ce8a44244d0791490ae6c5df91039f4e9a7
2023-12-12 23:55:49 +00:00
Avichal Rakesh
728e475da0 Allow more AIDL Camera Provider versions
The current sepolicy only allows V1 of AIDL CameraProvider
services. This CL updates the regex to allow for future
versions as well.

Bug: 314912354
Test: Verified by vendor
Change-Id: I80351a8bb7c2538c4ad1e0d418ea7a718d60be05
2023-12-12 09:37:28 -08:00
Harish Mahendrakar
57a351c136 mediaswcodec: Allow getprop for aac drc params
Bug: 280783314
Test: adb shell setprop <drc properties>
Test: stagefright -a /sdcard/aac.mp4 and check drc params
Change-Id: I6ae0b09ecbaa7c52d30e9dcb46cfe36e849bf877
2023-12-12 15:39:55 +00:00
Jiakai Zhang
ac3d139e24 Allow watchdog to dump artd.
Bug: 314171605
Change-Id: Iabb2da390dfe68e9993e0dc7023297afd51a8b3c
Test: Presubmit
2023-12-12 13:22:16 +00:00
Thiébaud Weksteen
405e221ae3 Merge "Revert "Remove implicit access for isolated_app"" into main 2023-12-12 01:04:50 +00:00
Treehugger Robot
4e2c7e05d8 [automerger skipped] Merge "Introduce vendor_apex_metadata_file" into android14-tests-dev am: 5732cf8282 -s ours
am skip reason: Merged-In Icc234bf604e3cafe6da81d21db744abfaa524dcf with SHA-1 b6211b88cf is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2858826

Change-Id: I558dab015373373ce5abbb6f6297fdffba0e3736
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-12-12 00:16:27 +00:00
Jooyung Han
061d75cad3 [automerger skipped] Introduce vendor_apex_metadata_file am: 157848354e -s ours
am skip reason: Merged-In Icc234bf604e3cafe6da81d21db744abfaa524dcf with SHA-1 b6211b88cf is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2858826

Change-Id: I2d1181c0f222583cf1b347386259d1290e87aa20
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-12-12 00:16:22 +00:00
Treehugger Robot
5732cf8282 Merge "Introduce vendor_apex_metadata_file" into android14-tests-dev 2023-12-11 23:48:39 +00:00
Brian Lindahl
660e460e8c Allow for server-side configuration of libstagefright
Relaxation of SELinux policies to allow users of libstagefright and
MediaCodec to be able to query server-side configurable flags.

Bug: 301372559
Bug: 301250938
Bug: 308043377
Fixes: 308043377
Test: run cts -m CtsSecurityHostTestCases
Change-Id: I72670ee42c268dd5747c2411d25959d366dd972c
Merged-In: I95aa6772a40599636d109d6960c2898e44648c9b
(cherry picked from commit 1b32bccc1a)
2023-12-11 23:02:32 +00:00