Commit graph

746 commits

Author SHA1 Message Date
Orion Hodson
86477d7933 odrefresh: add permission to sigkill child processes
(cherry picked from commit 522bcbe9e6)
Ignore-AOSP-First: cherry-pick from aosp
Bug: 177432913
Bug: 196969404
Test: manually decrease odrefresh compilation timeout, no avc denied
Change-Id: I7dec0a3d82c82b5dea4b5f3f38d9170bb1f40840
2021-08-19 10:13:43 +00:00
Eric Biggers
0fc214e291 Restore permission for shell to list /sys/class/block
As a side effect, commit ec50aa5180 ("Allow the init and apexd
processes to read all block device properties") removed permission for
the shell context to list the /sys/class/block directory.  There is a
CTS test that relies on this (CtsNativeEncryptionTestCases), so grant
permission to do this again.

Bug: 196521739
Bug: 194450129
Test: Before this change, 'adb shell ls /sys/class/block' fails.
      After this change, 'adb shell ls /sys/class/block' succeeds.
Change-Id: I87cb90880f927db1385887b35c84f4dd7f95021b
Merged-In: I87cb90880f927db1385887b35c84f4dd7f95021b
(cherry picked from commit ff53c4d16e)
2021-08-19 03:22:01 +00:00
Eric Biggers
ff53c4d16e Restore permission for shell to list /sys/class/block
As a side effect, commit ec50aa5180 ("Allow the init and apexd
processes to read all block device properties") removed permission for
the shell context to list the /sys/class/block directory.  There is a
CTS test that relies on this (CtsNativeEncryptionTestCases), so grant
permission to do this again.

Bug: 196521739
Bug: 194450129
Test: Before this change, 'adb shell ls /sys/class/block' fails.
      After this change, 'adb shell ls /sys/class/block' succeeds.
Change-Id: I87cb90880f927db1385887b35c84f4dd7f95021b
Merged-In: I87cb90880f927db1385887b35c84f4dd7f95021b
2021-08-17 13:38:41 -07:00
Eric Biggers
2b7e9943d9 Merge "Restore permission for shell to list /sys/class/block" am: cc0f64416f
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1797007

Change-Id: I60b12f2a7cb088b8e648149d9356f9b00f97adbe
2021-08-17 19:17:07 +00:00
Eric Biggers
8b2b951349 Restore permission for shell to list /sys/class/block
As a side effect, commit ec50aa5180 ("Allow the init and apexd
processes to read all block device properties") removed permission for
the shell context to list the /sys/class/block directory.  There is a
CTS test that relies on this (CtsNativeEncryptionTestCases), so grant
permission to do this again.

Bug: 196521739
Bug: 194450129
Test: Before this change, 'adb shell ls /sys/class/block' fails.
      After this change, 'adb shell ls /sys/class/block' succeeds.
Change-Id: I87cb90880f927db1385887b35c84f4dd7f95021b
2021-08-16 10:54:44 -07:00
Paul Crowley
f87e5bafb5 Merge "Revert^2 "Allow vold to deleteAllKeys in Keystore"" into sc-dev 2021-08-13 02:33:43 +00:00
Paul Crowley
449a6e1351 Revert^2 "Allow vold to deleteAllKeys in Keystore"
Revert submission 15536724-revert-15521094-vold-deleteAllKeys-GDJSMLXRVZ

Reason for revert: Underlying KM problem fixed
Reverted Changes:
I8e2621bef:Revert "Detect factory reset and deleteAllKeys"
I546b980bb:Revert "Add deleteAllKeys to IKeystoreMaintenance"...
I1ed68dd9e:Revert "Allow vold to deleteAllKeys in Keystore"

Bug: 187105270
Test: booted Cuttlefish twice
Change-Id: I6a9981ace72b133082d1d600f8e45b55bdb34b44
2021-08-13 01:44:22 +00:00
TreeHugger Robot
b7d0820dcf Merge "sepolicy: Add supporting for property name with phone id" into sc-dev 2021-08-12 07:24:24 +00:00
Shawn Willden
9de6c0e94c Merge "Revert "Allow vold to deleteAllKeys in Keystore"" into sc-dev 2021-08-12 01:17:13 +00:00
Shawn Willden
4b8112473d Revert "Allow vold to deleteAllKeys in Keystore"
Revert submission 15521094-vold-deleteAllKeys

Reason for revert: Causes infinite loop in Trusty KeyMint
Reverted Changes:
I9c5c54714:Detect factory reset and deleteAllKeys
I2fb0e94db:Allow vold to deleteAllKeys in Keystore
Id23f25c69:Add deleteAllKeys to IKeystoreMaintenance
Ife779307d:Enable deleteAllKeys from vold
I4312b9a11:Enable deleteAllKeys from vold

Bug: 187105270
Change-Id: I1ed68dd9ee9a6f14152307d610af0b16dd3219ac
2021-08-12 01:08:37 +00:00
Paul Crowley
c0cae7496e Merge "Allow vold to deleteAllKeys in Keystore" into sc-dev 2021-08-11 21:41:17 +00:00
Paul Crowley
cb00759831 Merge "Allow vold to deleteAllKeys in Keystore" am: d46569c261 am: 66b0b41923
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1789529

Change-Id: I03d240d980763f3a84971f185f207204bac2602d
2021-08-11 18:13:25 +00:00
Paul Crowley
4a664e8d5d Allow vold to deleteAllKeys in Keystore
Add deleteAllKeys to IKeystoreMaintenance and allow vold to call it.
Allow vold to read the property
`ro.crypto.metadata_init_delete_all_keys.enabled`

Bug: 187105270
Test: booted twice on Cuttlefish
Ignore-AOSP-First: no merge path to this branch from AOSP.
Merged-In: I2fb0e94db9d35c1f19ca7acb2f541cfb13c23524
Change-Id: I2fb0e94db9d35c1f19ca7acb2f541cfb13c23524
2021-08-11 10:16:28 -07:00
EdenSu
ee495b312c sepolicy: Add supporting for property name with phone id
Add debug property name with phone id.

Bug: 194281028
Test: Build and verified there is no avc denied in the log
Change-Id: Ia7ca93a3390b2f59e894ca7ebce4cae9c0f83d28
Merged-In: Ia7ca93a3390b2f59e894ca7ebce4cae9c0f83d28
2021-08-11 16:37:03 +00:00
Paul Crowley
bf29c3a2dc Allow vold to deleteAllKeys in Keystore
Add deleteAllKeys to IKeystoreMaintenance and allow vold to call it.
Allow vold to read the property
`ro.crypto.metadata_init_delete_all_keys.enabled`

Bug: 187105270
Test: booted twice on Cuttlefish
Change-Id: I2fb0e94db9d35c1f19ca7acb2f541cfb13c23524
2021-08-10 21:51:09 -07:00
Bart Van Assche
db5e6c2424 Allow the init and apexd processes to read all block device properties
Addressing b/194450129 requires configuring the I/O scheduler and the
queue depth of loop devices. Doing this in a generic way requires
iterating over the block devices under /sys/class/block and also to
examine the properties of the boot device (/dev/sda). Hence this patch
that allows 'init' and 'apexd' to read the properties of all block
devices. The patch that configures the queue depth is available at
https://android-review.googlesource.com/c/platform/system/core/+/1783847.

Bug: 194450129
Test: Built Android images, installed these on an Android device and verified that modified init and apexd processes do not trigger any SELinux complaints.
Ignore-AOSP-First: This patch is already in AOSP.
Merged-In: Icb62449fe0d21b3790198768a2bb8e808c7b968e
Change-Id: Icb62449fe0d21b3790198768a2bb8e808c7b968e
Signed-off-by: Bart Van Assche <bvanassche@google.com>
2021-08-10 09:30:27 -07:00
Bart Van Assche
052995e65e init.te: Allow init to modify the properties of loop devices
The init process configures swapping over zram over a loop device. An
I/O scheduler is associated with the loop device. Tests have shown that
no I/O scheduler works better than the default, mq-deadline. Hence
allow the init process to configure the loop device I/O scheduler.

Without this patch, the following SELinux denials are reported during
boot:

1     1 I auditd  : type=1400 audit(0.0:4): avc: denied { read write } for comm="init" name="scheduler" dev="sysfs" ino=78312 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_loop:s0 tclass=file permissive=0
1     1 I auditd  : type=1400 audit(0.0:4): avc: denied { read write } for comm="init" name="scheduler" dev="sysfs" ino=78312 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_loop:s0 tclass=file permissive=0

Bug: 194450129
Test: Built Android images and installed these on an Android device.
Ignore-AOSP-First: This patch is already in AOSP.
Merged-In: I0af0a92c53bb1f68b57f6814c431a7f03d8ea967
Change-Id: I0af0a92c53bb1f68b57f6814c431a7f03d8ea967
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
2021-08-10 09:30:10 -07:00
Bart Van Assche
7efcbf568c Allow the init and apexd processes to read all block device properties am: ec50aa5180 am: b00618fb9f
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1783947

Change-Id: Iac344ff86cae6870c6f29fc2b4fb5529482a4219
2021-08-10 01:54:52 +00:00
Bart Van Assche
ec50aa5180 Allow the init and apexd processes to read all block device properties
Addressing b/194450129 requires configuring the I/O scheduler and the
queue depth of loop devices. Doing this in a generic way requires
iterating over the block devices under /sys/class/block and also to
examine the properties of the boot device (/dev/sda). Hence this patch
that allows 'init' and 'apexd' to read the properties of all block
devices. The patch that configures the queue depth is available at
https://android-review.googlesource.com/c/platform/system/core/+/1783847.

Test: Built Android images, installed these on an Android device and verified that modified init and apexd processes do not trigger any SELinux complaints.
Change-Id: Icb62449fe0d21b3790198768a2bb8e808c7b968e
Signed-off-by: Bart Van Assche <bvanassche@google.com>
2021-08-09 13:46:41 -07:00
Martijn Coenen
025423495e Merge "Allow shell to read odsign properties." am: a194f2737e am: ee5b30b948
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1787990

Change-Id: I293034ab8a42c7b79f0db2b1004094ea9594fcbf
2021-08-09 07:19:16 +00:00
Martijn Coenen
a194f2737e Merge "Allow shell to read odsign properties." 2021-08-09 06:45:56 +00:00
Martijn Coenen
fd6d708cc1 Allow shell to read odsign properties.
The shell context can invoke app_process (ART runtime), which in turn
reads odsign_prop to determine whether we determined that the generated
artifacts are valid. Since this was denied until now, app processes
invoked through shell would fall back to JIT Zygote. This is probably
fine, but since fixing the denial is really simple (and not risky), this
option might be preferred over adding it to the bug map.

Bug: 194630189
Test: `adb shell sm` no longer generates a denial
Change-Id: Ia7c10aec53731e5fabd05f036b12e10d63878a30
2021-08-06 08:40:40 +02:00
Bart Van Assche
920fb6cb48 Merge "init.te: Allow init to modify the properties of loop devices" am: cb779773b7 am: a953822b61
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1782387

Change-Id: I783a810622dc05fc2eb667268596d50c4b21430e
2021-08-05 17:10:39 +00:00
Bart Van Assche
9059e215dc init.te: Allow init to modify the properties of loop devices
The init process configures swapping over zram over a loop device. An
I/O scheduler is associated with the loop device. Tests have shown that
no I/O scheduler works better than the default, mq-deadline. Hence
allow the init process to configure the loop device I/O scheduler.

Without this patch, the following SELinux denials are reported during
boot:

1     1 I auditd  : type=1400 audit(0.0:4): avc: denied { read write } for comm="init" name="scheduler" dev="sysfs" ino=78312 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_loop:s0 tclass=file permissive=0
1     1 I auditd  : type=1400 audit(0.0:4): avc: denied { read write } for comm="init" name="scheduler" dev="sysfs" ino=78312 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_loop:s0 tclass=file permissive=0

Bug: 194450129
Test: Built Android images and installed these on an Android device.
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Change-Id: I0af0a92c53bb1f68b57f6814c431a7f03d8ea967
2021-08-04 11:48:14 -07:00
Rick Yiu
7c14f44109 Move vendor_sched to common sepolicy
Previously vendor_sched is put under product area which will be replaced
by GSI. To solve it, move it to system/sepolicy.

Bug: 194656257
Test: build pass
Change-Id: I15801c0db0a8643cac2a2fc1f004db6fb21050dc
Merged-In: Ia0b855e3a876a58b58f79b4fba09293419797b47
2021-07-30 03:03:42 +00:00
Martijn Coenen
3f1c5d5c14 Merge "Allow odsign to stop itself." into sc-dev 2021-07-28 15:06:47 +00:00
Martijn Coenen
3ca856a1a9 Merge "Allow odsign to stop itself." am: 359aea7d49 am: 632c8e428f
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1779988

Change-Id: I863a95342f0a37f14107827df145a49f2a911c19
2021-07-28 12:20:34 +00:00
Martijn Coenen
28377a8a17 Allow odsign to stop itself.
Carve out a label for the property, and allow odsign to set it.

Bug: 194334176
Test: no denials
Change-Id: I9dafefabc27c679ed9f36e617e824f44f3b16bbd
Merged-In: I9dafefabc27c679ed9f36e617e824f44f3b16bbd
2021-07-28 11:52:48 +00:00
Martijn Coenen
359aea7d49 Merge "Allow odsign to stop itself." 2021-07-28 11:50:22 +00:00
Martijn Coenen
5f21a0fa92 Allow odsign to stop itself.
Carve out a label for the property, and allow odsign to set it.

Bug: 194334176
Test: no denials
Change-Id: I9dafefabc27c679ed9f36e617e824f44f3b16bbd
2021-07-28 10:50:35 +02:00
Jiakai Zhang
7f60ff9cda Track system_server->apex_art_data_file denial. am: 329cbf4d4e am: 82a576c1a4
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1771168

Change-Id: Ic90844a9811fcd55283acd10db3d930707d3af9c
2021-07-24 10:06:37 +00:00
Jiakai Zhang
329cbf4d4e Track system_server->apex_art_data_file denial.
The denial occurs when system_server dynamically loads AOT artifacts at
runtime.

Sample message:
type=1400 audit(0.0:4): avc: denied { execute } for comm="system_server" path="/data/misc/apexdata/com.android.art/dalvik-cache/arm64/system@framework@com.android.location.provider.jar@classes.odex" dev="dm-37" ino=296 scontext=u:r:system_server:s0 tcontext=u:object_r:apex_art_data_file:s0 tclass=file permissive=0

Currently, system_server is only allowed to load AOT artifacts at startup. odrefresh compiles jars in SYSTEMSERVERCLASSPATH, which are supposed to be loaded by system_server at startup. However, com.android.location.provider is a special case that is not only loaded at startup, but also loaded dynamically as a shared library, causing the denial.

Therefore, this denial is currently expected. We need to compile com.android.location.provider so that its AOT artifacts can be picked up at system_server startup, but we cannot allow the artifacts to be loaded dynamically for now because further discussion about its security implications is needed. We will find a long term solution to this, tracked by b/194054685.

Test: Presubmits
Bug: 194054685

Change-Id: I3850ae022840bfe18633ed43fb666f5d88e383f6
2021-07-24 09:42:03 +08:00
TreeHugger Robot
8797257e3f Merge "property_contexts: Add ro.lmk.filecache_min_kb property context" into sc-dev 2021-07-21 07:34:31 +00:00
Orion Hodson
5194040519 Merge "postinstall_dexopt: allow reading odsign.verification.status" am: ae132647b1 am: 14b66293ba
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1771328

Change-Id: I1b7b3d5f34c4fff9ba4282afa2cdec97895bfd6e
2021-07-20 11:21:34 +00:00
Orion Hodson
ae132647b1 Merge "postinstall_dexopt: allow reading odsign.verification.status" 2021-07-20 10:58:57 +00:00
Daniel Norman
072de7b4b2 Merge "Rename vpnprofilestore to legacykeystore in 31.0 mapping files." am: f541acd250 am: ffb2010a0a
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1771593

Change-Id: I7699781df4dccce679a8baccdb5e47074e0fb3db
2021-07-20 00:44:25 +00:00
Orion Hodson
07cafca82a postinstall_dexopt: allow reading odsign.verification.status
Allows dexopt to read odsign verification status and use on-device
generated artifacts when dexopting after an OTA.

(cherry pick from change 5fcce9ded3)
Bug: 194069492
Ignore-AOSP-First: cherry pick of https://r.android.com/1771328
Test: manually apply ota, see no denials for reading property
Merged-In: I97acfc17ffd9291d1a81906c75039f01624dff0f
Change-Id: I05453570add7365e1c094d3ea316d53d7c52023a
2021-07-19 19:47:33 +00:00
Orion Hodson
5fcce9ded3 postinstall_dexopt: allow reading odsign.verification.status
Allows dexopt to read odsign verification status and use on-device
generated artifacts when dexopting after an OTA.

Bug: 194069492
Test: manually apply ota, see no denials for reading property
Change-Id: I97acfc17ffd9291d1a81906c75039f01624dff0f
2021-07-19 20:37:20 +01:00
Daniel Norman
31aaac3f18 Rename vpnprofilestore to legacykeystore in 31.0 mapping files.
This service was renamed in
commit 8aaf796f980f21a8acda73180a876095b960fc28
after the mapping files were originally created in
commit 4f20ff73ee.

Bug: 191304621
Test: Merge redfin_vf_s T-based system with S-based vendor.
Change-Id: I3430f13a3438c06c6cb469a35a80390f83b1c0b4
2021-07-19 11:51:14 -07:00
Suren Baghdasaryan
ff51a7bf96 property_contexts: Add ro.lmk.filecache_min_kb property context
ro.lmk.filecache_min_kb property allows vendors to specify min filecache
size in KB that should be reached after thrashing is detected.

Bug: 193293513
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I927f4a1c81db3f284353fe4ab93bf454acff69b7
Merged-In: I927f4a1c81db3f284353fe4ab93bf454acff69b7
2021-07-19 09:48:54 +00:00
Orion Hodson
638ee80658 Add get_prop(odsign_prop) to incidentd.te am: 6f9b65aac7
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/15235557

Change-Id: Ia3383c71d0d855db09c197db8c311d38afc59625
2021-07-12 20:31:38 +00:00
Hasini Gunasinghe
806c7eb133 Allow keystore to read and write keystore.crash_count system property.
Additionally, remove the obsolete permission which allows keystore to
register callbacks with statsd. There's no direct communication between
keystore and statsd now.

Ignore-AOSP-First: Resolving merge conflicts.
Bug: 188590587
Test: statsd TestDrive script.
Merged-In: I31d202751ba78bb547822020260a7e366cb8826e

Change-Id: I31d202751ba78bb547822020260a7e366cb8826e
2021-07-09 16:20:07 +00:00
Orion Hodson
6f9b65aac7 Add get_prop(odsign_prop) to incidentd.te
Prevents SELinux denial when capturing a bugreport.

Bug: 192895524
Bug: 193084909
Bug: 193096842
Bug: 193097008
Bug: 193097511
Bug: 193097845
Bug: 193097886
Ignore-AOSP-First: cherry pick of https://r.android.com/1761447
Test: adb bugreport and check no denial in logcat.
Change-Id: Ide5d95782929836cffc5b3921bffae3295773532
2021-07-09 16:03:35 +01:00
Hasini Gunasinghe
2a5ab82215 Merge "Allow keystore to read and write keystore.crash_count system property." into sc-dev 2021-07-09 00:08:41 +00:00
Hasini Gunasinghe
4fa6b1a037 Allow keystore to read and write keystore.crash_count system property.
Additionally, remove the obsolete permission which allows keystore to
register callbacks with statsd. There's no direct communication between
keystore and statsd now.

Ignore-AOSP-First: No mergepath to AOSP.
Bug: 188590587
Test: statsd TestDrive script.
Merged-In: I31d202751ba78bb547822020260a7e366cb8826e

Change-Id: I31d202751ba78bb547822020260a7e366cb8826e
2021-07-08 17:54:58 +00:00
Hasini Gunasinghe
9fe1532ade Allow keystore to read and write keystore.crash_count system property.
Additionally, remove the obsolete permission which allows keystore to
register callbacks with statsd. There's no direct communication between
keystore and statsd now.

Ignore-AOSP-First: No mergepath to AOSP.
Bug: 188590587
Test: statsd TestDrive script.
Merged-In: I31d202751ba78bb547822020260a7e366cb8826e

Change-Id: I31d202751ba78bb547822020260a7e366cb8826e
2021-07-08 14:29:44 +00:00
Orion Hodson
2e7eebe266 Merge "Allow app_zygote to read zygote_tmpfs." into sc-dev am: b03c657b2b
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/15179050

Change-Id: Id46091314cb8d3f3c8e36c4c3bbabb6401920110
2021-07-05 15:41:51 +00:00
Orion Hodson
b03c657b2b Merge "Allow app_zygote to read zygote_tmpfs." into sc-dev 2021-07-05 15:31:17 +00:00
Martijn Coenen
67db7e2d88 Allow app_zygote to read zygote_tmpfs.
app_zygote inherits tmpfs files from zygote, and needs to be able to
stat them after fork.

Bug: 192634726
Bug: 192572973
Bug: 119800099
Test: forrest
Ignore-AOSP-First: cherry pick of https://r.android.com/1753279
Change-Id: I6ddf433dbbf4a894fcb6d35c0cb723444d360e47
2021-07-05 13:54:28 +00:00
Jayant Chowdhary
487df8589b Merge "Define property ro.camera.enableCamera1MaxZsl" into sc-dev am: cf2b1eff87
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/14683766

Change-Id: I21a6b1cc1e6311c256110d2764300617fe583173
2021-07-02 23:18:27 +00:00
Jayant Chowdhary
cf2b1eff87 Merge "Define property ro.camera.enableCamera1MaxZsl" into sc-dev 2021-07-02 23:05:50 +00:00
Orion Hodson
e0641bba4d Allow zygotes and installd to read odsign properties am: be6873bd15
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/15175855

Change-Id: Ib72bda2605e614e4e1224d2ffe2e2693c842adfe
2021-07-02 17:48:39 +00:00
Orion Hodson
be6873bd15 Allow zygotes and installd to read odsign properties
(cherry picked from commit f135ce393c)
Bug: 192049377
Test: manual
Ignore-AOSP-First: cherry pick of https://r.android.com/1753264
Change-Id: I3e8ee380fe38e1bd6cc90a568b10b97f877e68fa
2021-07-02 11:57:24 +01:00
Jayant Chowdhary
8394a04840 Define property ro.camera.enableCamera1MaxZsl
Bug: 184617195

Test: atest CameraGLTest.java (basic validity)

Change-Id: I30f8fb647cb8f67ff75d41718e3cc475d206a29a
Signed-off-by: Jayant Chowdhary <jchowdhary@google.com>
2021-07-01 08:15:39 -07:00
Nicolas Geoffray
08395f47ea Merge "Fix braino in dexoptanalyzer policy and add dex2oat postinstall rule." into sc-dev am: b3b0d4da94
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/15130061

Change-Id: Ic7a53f2139871dbf457f70ebb6d7db4d9ef9aa4c
2021-07-01 09:44:28 +00:00
Nicolas Geoffray
b3b0d4da94 Merge "Fix braino in dexoptanalyzer policy and add dex2oat postinstall rule." into sc-dev 2021-07-01 09:31:02 +00:00
Hasini Gunasinghe
4334d35f01 Add keystore permission for metrics re-routing.
Keystore2 atoms need to be rounted to statsd via a proxy.
The proxy needs to have this permission in order to pull metrics from
keystore.

Ignore-AOSP-First: No mergepath to AOSP.
Bug: 188590587
Test: Statsd Testdrive script
Change-Id: Ic94f4bb19a08b6300cfd2d3ed09b31d5b7081bfd
Merged-In: Ic94f4bb19a08b6300cfd2d3ed09b31d5b7081bfd
(cherry picked from commit 61d07e7ce0)
2021-06-30 17:02:14 -07:00
Janis Danisevskis
e1a289b66f Merge "Rename vpnprofilestore to legacykeystore." into sc-dev am: adb49d3df6
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/14981212

Change-Id: Ie341418b9491cd93e2af1ebe354f943e8ff85499
2021-06-30 19:57:20 +00:00
Janis Danisevskis
adb49d3df6 Merge "Rename vpnprofilestore to legacykeystore." into sc-dev 2021-06-30 19:42:27 +00:00
Janis Danisevskis
4678660d83 Rename vpnprofilestore to legacykeystore.
Bug: 191373871
Test: N/A
Merged-In: I3f11827909bd37a2127069de82670776a8e192b3
Change-Id: I3f11827909bd37a2127069de82670776a8e192b3
2021-06-30 12:40:39 -07:00
Jeff Vander Stoep
97dee733c4 system_app: remove adb data loader permissions am: 16b7d5d829 am: d775d04e7e am: c493691bac
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/14881537

Change-Id: Icd3b3313c18c866e71e84668d44f79116e3566b4
2021-06-30 17:32:46 +00:00
Jeff Vander Stoep
c493691bac system_app: remove adb data loader permissions am: 16b7d5d829 am: d775d04e7e
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/14881537

Change-Id: I32ce439f2aac808a2510673c56c034828ee52f90
2021-06-30 17:24:00 +00:00
Jeff Vander Stoep
d775d04e7e system_app: remove adb data loader permissions am: 16b7d5d829
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/14881537

Change-Id: I9899465b81011dbbec2a468111ad6ab8b357f081
2021-06-30 17:12:51 +00:00
Janis Danisevskis
ab433c765b Rename vpnprofilestore to legacykeystore.
Ignore-AOSP-First: No mergepath from AOSP.
Bug: 191373871
Test: N/A
Change-Id: I3f11827909bd37a2127069de82670776a8e192b3
2021-06-30 09:36:30 -07:00
Hasini Gunasinghe
7611870f49 Merge "Add keystore permission for metrics re-routing." into sc-dev am: 898fc5b39b
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/14937250

Change-Id: I881b239515d17f81099ed16d519e1071e80c68ea
2021-06-30 13:32:33 +00:00
Hasini Gunasinghe
898fc5b39b Merge "Add keystore permission for metrics re-routing." into sc-dev 2021-06-30 13:07:22 +00:00
Orion Hodson
702ff51093 Merge "Allow system_server_startup to load system server odex files" into sc-dev am: ae1b59975a
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/15108690

Change-Id: I38627ced50e40958caa3decba8068cb9a9de76fb
2021-06-29 16:09:39 +00:00
Orion Hodson
ae1b59975a Merge "Allow system_server_startup to load system server odex files" into sc-dev 2021-06-29 16:05:36 +00:00
Nicolas Geoffray
92b18f575d Fix braino in dexoptanalyzer policy and add dex2oat postinstall rule.
Test: m
Bug: 190817237
Change-Id: I4f73d7a137f2e2ee9497ca5e4c8ef28b3f86c35c
(cherry picked from commit f82451e0a4)
2021-06-29 14:15:48 +01:00
Devin Moore
61d3d06c64 Merge "Fix recovery denials when reading /proc/bootconfig" into sc-dev am: b03b9eb7e7
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/15094918

Change-Id: I02257da14d0cc380e2a960679959d52b2245ebf8
2021-06-28 22:38:25 +00:00
Devin Moore
b03b9eb7e7 Merge "Fix recovery denials when reading /proc/bootconfig" into sc-dev 2021-06-28 22:26:29 +00:00
Devin Moore
53c90152ea Fix recovery denials when reading /proc/bootconfig
These denials were found in the logs of a test failure that entered
recovery mode.
Recovery uses libfs_mgr which reads /proc/bootconfig.

Test: Boot device into recovery and check for "avd: denied" logs
Bug: 191904998
Bug: 191737840
Ignore-AOSP-First: Merged-In not used to allow the change in prebuilts to merge
Change-Id: I96ae514cfd68856717e143d295f2838a7d0eff14
2021-06-28 20:29:21 +00:00
Orion Hodson
4d6e34c3f8 Allow system_server_startup to load system server odex files
(cherry picked from commit 7778e8cdb3)

Bug: 180949581
Test: atest odsign_e2e_tests
Ignore-AOSP-First: cherry-pick from aosp
Change-Id: Ia49118ffb771abb425e3d7ee2f50ada7524f735f
2021-06-28 17:00:55 +00:00
Michael Ayoubi
07aa892503 Extend hal_uwb_server neverallow
Bug: 187386527
Test: Boot and confirm HAL is up

Signed-off-by: Michael Ayoubi <mayoubi@google.com>
Change-Id: I2abf108f2504997b06c0269f905608d8063cb3b4
Merged-In: I2abf108f2504997b06c0269f905608d8063cb3b4
2021-06-28 03:10:49 +00:00
Michael Ayoubi
c3af66222b Extend hal_uwb_server neverallow
Bug: 187386527
Test: Boot and confirm HAL is up
Signed-off-by: Michael Ayoubi <mayoubi@google.com>
Change-Id: I2abf108f2504997b06c0269f905608d8063cb3b4
Merged-In: I2abf108f2504997b06c0269f905608d8063cb3b4
2021-06-25 17:31:09 +09:00
TreeHugger Robot
98f9af8bc1 Merge "Ensure that only desired processes can access TracingServiceProxy" into sc-dev 2021-06-24 22:02:23 +00:00
Treehugger Robot
b79a4d034e Merge "Ensure that only desired processes can access TracingServiceProxy" am: 230a6c5e96 am: d00d851483
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1744762

Change-Id: I2d81ae35699f54bf7961f9b42c5cd95e60e4b438
2021-06-24 21:17:56 +00:00
Treehugger Robot
230a6c5e96 Merge "Ensure that only desired processes can access TracingServiceProxy" 2021-06-24 20:45:29 +00:00
Carmen Jackson
2d6fb3971b Ensure that only desired processes can access TracingServiceProxy
This change adds a neverallow rule in traced.te to limit the processes
that can find tracingproxy_service, the context for TracingServiceProxy.

I wanted to avoid moving the tracingproxy_service definition to public,
so there were a few services that are exempted from this neverallow
rule.

Bug: 191391382
Test: Manually verified that with this change, along with the other
change in this topic, I see no errors when taking a bugreport while a
Traceur trace is running and the expected trace is included in the
generated bugreport.

Change-Id: I28d0b1b08baac43a53fe5a1ff0f67b788d51dc74
Merged-In: I8658df0db92ae9cf4fefe2eebb4d6d9a5349ea89
2021-06-24 18:42:57 +00:00
TreeHugger Robot
9254f98eb9 Merge "sepolicy: Allow to receive FDs from app_zygote" into sc-dev am: bf5c56e796
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/15079793

Change-Id: Ie5237910b09c36d1bf6861522ebdf1642f367706
2021-06-24 17:58:20 +00:00
TreeHugger Robot
bf5c56e796 Merge "sepolicy: Allow to receive FDs from app_zygote" into sc-dev 2021-06-24 17:48:21 +00:00
Dario Freni
95ecdc6a28 Allow apexd to create links in otapreopt_chroot. am: 25d2099d44
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/15090526

Change-Id: I84f73d431a39b062d912e6696790c708e081a8a3
2021-06-24 15:49:25 +00:00
Dario Freni
25d2099d44 Allow apexd to create links in otapreopt_chroot.
Fixes: 191919967
Test: triggered bug on cf by running
m dist && python3 system/update_engine/scripts/update_device.py out/dist/cf_x86_64_phone-ota-eng.dariofreni.zip

Change-Id: I7a3abfdecd2d2276a291ab6c1ffe9a7d3f5fd60a
Merged-In: I7a3abfdecd2d2276a291ab6c1ffe9a7d3f5fd60a
Ignore-AOSP-first: this branch is not merging aosp changes anymore.
2021-06-24 14:11:00 +00:00
Dario Freni
01fcc28368 Allow apexd to create links in otapreopt_chroot.
Bug: 191919967
Test: triggered bug on cf by running
m dist && python3 system/update_engine/scripts/update_device.py out/dist/cf_x86_64_phone-ota-eng.dariofreni.zip

Change-Id: I7a3abfdecd2d2276a291ab6c1ffe9a7d3f5fd60a
2021-06-24 14:09:09 +00:00
Egor Pasko
271e63bbd0 sepolicy: Allow to receive FDs from app_zygote
The primary goal is to have an ashmem region shared between the main app
process in Chrome (=Browser Process) and the app zygote. It can only be
passed from the App Zygote, since there is no communication in the other
direction. Passing of the file descriptor should happen by:
(A) inheriting via fork(2)
(B) using binder IPC

Currently ashmem FDs are sufficiently allowed to be mmap(2)-ed in all
Chrome processes. The mode of mapping (read-only, read-write etc.) is
controlled by the settings of the region itself, not by sepolicy.

This change additionally allows an FD created in the app zygote to be
passed to the 'untrusted_app' domain.

Note: This change allows *any* FD, not just an ashmem one to be passed.
This is on purpose: in the future we will likely want to return to the
memfd story.  Other usecases (pipes, sockets) might appear.

The app zygote preload takes the responsibility not to share
capabilities in the form of FDs unintentionally with other app
processes.

Historical note: we tried to enable this for memfd (using additional
rules), but it required a 'write' permission when sending an FD. Reasons
for that are still puzzling, and there seems to be no easy workaround
for it. Decision: use ashmem.

Bug: 184808875
Test: Manual: Build and install Chrome (trichrome_chrome_google_bundle)
      from [1]. Make sure FileDescriptorAllowlist allows the FD, like
      [2]. Reach a NewTabPage, click on a suggested page, observe no
      errors related to binder transactions and selinux violations.

[1] A change in Chrome to create an ashmem region during app zygote
    preload and pass it to the browser process:
    https://crrev.com/c/2752872/29

[2] Allowlist change in review:
     https://android-review.googlesource.com/c/platform/frameworks/base/+/1739393
    (Alternatively: Remove gOpenFdTable checks in ForkCommon() in
    com_android_internal_os_Zygote.cpp)

Change-Id: Ide085f472c8fb6ae76ab0b094319d6924552fc02
Ignore-AOSP-First: in addition to changes in AOSP, copied to prebuilts
2021-06-24 13:06:43 +00:00
Carmen Jackson
a60d7f28f2 Ensure that only desired processes can access TracingServiceProxy
This change adds a neverallow rule in traced.te to limit the processes
that can find tracingproxy_service, the context for TracingServiceProxy.

I wanted to avoid moving the tracingproxy_service definition to public,
so there were a few services that are exempted from this neverallow
rule.

Bug: 191391382
Test: Manually verified that with this change, along with the other
change in this topic, I see no errors when taking a bugreport while a
Traceur trace is running.

Change-Id: I8658df0db92ae9cf4fefe2eebb4d6d9a5349ea89
2021-06-24 08:24:20 +00:00
Thierry Strudel
b65cd0a1d6 Merge "Add support for hal_uwb" into sc-dev 2021-06-24 00:45:50 +00:00
Michael Ayoubi
142f375055 Add support for hal_uwb
Bug: 187386527
Test: Boot and confirm HAL is up
Signed-off-by: Michael Ayoubi <mayoubi@google.com>
Change-Id: Ia866a9a72b6f2ea5b31de25baefd13c2fd0b9c22
Merged-In: Ia866a9a72b6f2ea5b31de25baefd13c2fd0b9c22
2021-06-23 01:25:09 +00:00
TreeHugger Robot
7286b02211 Merge "Update automotive_display_service selinux policy" into sc-dev am: 22a1482add
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/15032816

Change-Id: I62e79e94e1152cf23d990aa442f5d51f4acddab8
2021-06-23 00:09:49 +00:00
TreeHugger Robot
22a1482add Merge "Update automotive_display_service selinux policy" into sc-dev 2021-06-22 23:58:47 +00:00
TreeHugger Robot
254cf3a1a5 Merge "Reland: Add ro.vendor.build.dont_use_vabc to property_contexts" into sc-dev 2021-06-22 19:25:01 +00:00
Changyeon Jo
6357834dab Update automotive_display_service selinux policy
Add a permission to use the graphics allocator.

Bug: 191094033
Test: Build a target and run the service after enforcing selinux
Ignore-AOSP-First: aosp won't auto merge to sc-dev
Change-Id: I52b6851bb95565c92fc4774a2de1f0791e6fdd23
2021-06-22 19:11:57 +00:00
Ricky Wai
2c2d73b5d8 Update sepolicy api 31 ART profile ref dir change am: 70b98482e5
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/15011710

Change-Id: I6a25f590043db0e3de57afe981edfd3ef63fa040
2021-06-22 16:39:43 +00:00
Ricky Wai
70b98482e5 Update sepolicy api 31 ART profile ref dir change
Align the chagnes in aosp/1729396

Bug: 189787375
Test: AppDataIsolationTests
Ignore-AOSP-First: aosp won't auto merge to sc-dev

Change-Id: Ibf915e23e7db9c333e87cad75604d8251404092e
2021-06-22 16:22:31 +00:00
Nicolas Geoffray
f899839000 Merge "Allow dexoptanalyzer to read /apex/apex-info-list.xml" into sc-dev am: b17a5ae970
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/15027828

Change-Id: I7f275c8af0901a02996c313072dc8cac13cafef2
2021-06-22 10:46:59 +00:00
Nicolas Geoffray
b17a5ae970 Merge "Allow dexoptanalyzer to read /apex/apex-info-list.xml" into sc-dev 2021-06-22 10:37:57 +00:00
Diego Wilson
11d810a7fb Add camera2 extension property policies
These properties allow to vendors to provide their
own camera2 extensions service. The properties
must be accesible to any android app that wishes
to use camera2 extensions.

Bug: 183533362
Change-Id: I94c7ac336b3103355124830320787472f0d2a8b6
Merged-In: I94c7ac336b3103355124830320787472f0d2a8b6
2021-06-21 22:34:29 +00:00
Nicolas Geoffray
112b58852f Allow dexoptanalyzer to read /apex/apex-info-list.xml
This is needed to know the state of a .oat file.

Test: m
Bug: 190817237
Change-Id: Ie33ce7930689fea84e3240c2e0509c00464e6385
2021-06-21 20:33:52 +01:00
Xin Li
003ffe2340 Merge "DO NOT MERGE - Merge RQ3A.210605.005" 2021-06-21 05:49:07 +00:00
TreeHugger Robot
de25e307c4 Merge "Allow shell to read /vendor/apex/*" into sc-dev 2021-06-19 01:28:52 +00:00