Remove references in sepolicy. Leave a few of the types defined since
they're public and may be used in device-specific policy.
Bug: 211461392
Test: build/boot cuttlefish
Change-Id: I615137b92b82b744628ab9b7959ae5ff28001169
This CL partially cherry-picks ag/18350151 to
update prebuilts. Other parts are already included by
aosp/2083463.
Bug: 226456604
Bug: 223685902
Test: Build
Change-Id: I1ddb1db855a13671e7b76b48d84e4f1ab5a63374
Creating a per-user encrypted directory such as /data/system_ce/0 and
the subdirectories in it too early has been a recurring bug. Typically,
individual services in system_server are to blame; system_server has
permission to create these directories, and it's easy to write
"mkdirs()" instead of "mkdir()". Such bugs are very bad, as they
prevent these directories from being encrypted, as encryption policies
can only be set on empty directories. Due to recent changes, a factory
reset is now forced in such cases, which helps detect these bugs;
however, it would be much better to prevent them in the first place.
This CL locks down the ability to create these directories to just vold
and init, or to just vold when possible. This is done by assigning new
types to the directories that contain these directories, and then only
allowing the needed domains to write to these parent directories. This
is similar to what https://r.android.com/1117297 did for /data itself.
Three new types are used instead of just one, since these directories
had three different types already (system_data_file, media_rw_data_file,
vendor_data_file), and this allows the policy to be a bit more precise.
A significant limitation is that /data/user/0 is currently being created
by init during early boot. Therefore, this CL doesn't help much for
/data/user/0, though it helps a lot for the other directories. As the
next step, I'll try to eliminate the /data/user/0 quirk. Anyway, this
CL is needed regardless of whether we're able to do that.
Test: Booted cuttlefish. Ran 'sm partition disk:253,32 private', then
created and deleted a user. Used 'ls -lZ' to check the relevant
SELinux labels on both internal and adoptable storage. Also did
similar tests on raven, with the addition of going through the
setup wizard and using an app that creates media files. No
relevant SELinux denials seen during any of this.
Bug: 156305599
Change-Id: I1fbdd180f56dd2fe4703763936f5850cef8ab0ba
Steps taken to produce the mapping files:
0. Add 33.0 prebuilts to prebuilts/api/33.0/.
1. Add the following Android.bp modules.
33.0.board.compat.map
33.0.board.compat.cil
33.0.board.ignore.map
plat_33.0.cil
system_ext_33.0.cil
product_33.0.cil
33.0.ignore.cil
system_ext_33.0.ignore.cil
product_33.0.ignore.cil
33.0.compat.cil
system_ext_33.0.compat.cil
2. Touch the following three files.
private/compat/33.0/33.0.cil
private/compat/33.0/33.0.compat.cil
private/compat/33.0/33.0.ignore.cil
3. Add 33.0 to PLATFORM_SEPOLICY_COMPAT_VERSIONS on
build/make/core/config.mk. Note that we don't update
sepolicy_major_vers to 33, but just update compat versions.
4. Run the following command.
$ source build/make/rbesetup.sh && lunch aosp_arm64-userdebug
$ m sepolicy_generate_compat
$ sepolicy_generate_compat --branch=tm-dev \
--build latest --target-version 33.0 \
--latest-version 32.0
This change also enables treble_sepolicy_tests_33.0 and installs
33.0.cil mapping file onto the device.
Test: m treble_sepolicy_tests_33.0
Test: m 33.0_compat_test
Test: m slinux_policy
Change-Id: Ie969ff0372ff1268776165cee5cb5b07d303453c
... such as Cuttlefish (Cloud Android virtual device) which has a
DRM virtio-gpu based gralloc and (sometimes) DRM virtio-gpu based
rendering (when forwarding rendering commands to the host machine
with Mesa3D in the guest and virglrenderer on the host).
After this change is submitted, changes such as aosp/1997572 can
be submitted to removed sepolicy that is currently duplicated
across device/google/cuttlefish and device/linaro/dragonboard as
well.
Adds a sysfs_gpu type (existing replicated sysfs_gpu definitions
across several devices are removed in the attached topic). The
uses of `sysfs_gpu:file` comes from Mesa using libdrm's
`drmGetDevices2()` which calls into `drmParsePciDeviceInfo()` to
get vendor id, device id, version etc.
Bug: b/161819018
Test: launch_cvd
Test: launch_cvd --gpu_mode=gfxstream
Change-Id: I4f7d4b0fb90bfeef72f94396ff0c5fe44d53510c
Merged-In: I4f7d4b0fb90bfeef72f94396ff0c5fe44d53510c
The binder driver now advertises the features it supports through
individual files under /dev/binderfs/features/*. Let all domains have
access to these files to determine how to interact with the driver.
Bug: 191910201
Tested: clients are able to read feature files via libbinder
Signed-off-by: Carlos Llamas <cmllamas@google.com>
Change-Id: Ice5de9efee74e571ef0a23ce093af162fc3b276e
This is intended for wm properties related to wmshell/sysui.
Using this context allows sysui to manipulate these properties
in debug builds.
Bug: 219067621
Test: manual
Change-Id: I5808bf92dbba37e9e6da5559f8e0a5fdac016bf3
Sepolicy files for new ConnectivityNative service.
This is a new service implemented in java accessible from
native code. Stable aidl is used to avoid having to manually write
the unparcling code in two different languages. A new service is
required because there is no connectivity service in the system
server that exposes a stable aidl interface.
Bug: 179733303
Change-Id: If2372712a4a8ac7b0631a2195aabc910d1a829cc
This CL updates hal_evs_default to be sufficient for the defautl EVS HAL
implementation and modifies other services' policies to be able to
communicate with EVS HAL implementations
Bug: 217271351
Test: m -j selinux_policy and Treehugger
Change-Id: I2df8e10f574d62f8b84e0ff0381656ab1b18b52f
Who needs all those context switches?
bpfloader controls which types of vendor programs can be used.
Bug: 140330870
Bug: 162057235
Test: successfully load bpf programs from vendor
Change-Id: I36e4f6550da33fea5bad509470dfd39f301f13c8
Keystore now hosts a native binder for the remotely provisioned key
pool, which is used to services such as credstore to lookup remotely
provisioned keys.
Add a new service context and include it in the keystore services.
Add a dependency on this new service for credstore. Also include a
credstore dependency on IRemotelyProvisionedComponent, as it's needed
to make use of the key pool.
Bug: 194696876
Test: CtsIdentityTestCases
Change-Id: I0fa71c5be79922a279eb1056305bbd3e8078116e
Because mtectrl is a system internal domain, and we don't need to expose
the type to vendor.
Test: build and boot
Change-Id: Idb5c4a4c6f175e338722971944bf08ba99835476
As we need to create new sysprops for Bluetooth mainline
configs, we need to have a property context available to
vendors and be able to access configs from other packages.
Tag: #feature
Bug: 211570675
Test: Added overlays and logs
Change-Id: If9c61f251578b61c070619069519e0aa563a9573
mdns service is a subset of netd-provided services, so it gets
the same treatment as netd_service or dnsresolver_service
Bug: 209894875
Test: built, flashed, booted
Change-Id: I33de769c4fff41e816792a34015a70f89e4b8a8c
