Commit graph

47574 commits

Author SHA1 Message Date
Treehugger Robot
ab0272ccb4 Merge "Allow system_server to reopen its own memfd." into main 2024-05-23 13:45:23 +00:00
Yakun Xu
1838718317 Merge "Thread: allow ot-rcp on user build" into main 2024-05-23 07:44:27 +00:00
Yakun Xu
66947c66d6 Thread: allow ot-rcp on user build
This commit adds sepolicy on user build so that Thread HAL simulation
can run on cuttlefish user builds.

Bug: 342154029
Test: presubmit
Change-Id: I576f52a1bdf5b0966e73ee93e4b68bed613b0796
2024-05-23 11:22:36 +08:00
Treehugger Robot
6f388111e0 Merge "Update transaction log permissions." into main 2024-05-22 19:21:00 +00:00
Ellen Arteca
19208cb0e3 Merge "Fix installd not having permission to delete storage area keys" into main 2024-05-22 17:03:15 +00:00
Jiakai Zhang
7a257541e9 Allow system_server to reopen its own memfd.
Bug: 311377497
Test: Run Pre-reboot Dexopt.
Change-Id: Ic6e273732a042f0906fad7ffa73a3e45af2adde5
2024-05-22 17:09:06 +01:00
Dennis Shen
08da1322db selinux: added a new dir /metadata/aconfig/maps, it assumes existing
aconfig_storage_metadata_file file type by default

Bug: b/312444587
Test: atest aconfigd_test
Change-Id: Ic0b8974dc33d4ecc3e46f0f595a6b068a78539ff
2024-05-21 18:47:04 +00:00
Ellen Arteca
1c7e529242 Fix installd not having permission to delete storage area keys
Bug: 325129836
Test: atest StorageAreaTest
Change-Id: I6dd1678fe1b184372221b479aaeba17c1ab4788c
2024-05-21 17:58:05 +00:00
Dennis Shen
2f5774f756 Merge "selinux: allow aconfig to read /aepx" into main 2024-05-21 14:39:44 +00:00
Thiébaud Weksteen
e138fe460b Merge changes I9b32916e,I7c4771de into main
* changes:
  Define new kernel security classes
  Symlink microdroid access_vectors and security_classes
2024-05-21 10:26:46 +00:00
Seungjae Yoo
e5df7418a4 Merge "Set sepolicy for vmnic in AVF" into main 2024-05-21 04:40:55 +00:00
Treehugger Robot
4fa0ed2bc1 Merge "statsd: allow misctl property" into main 2024-05-21 01:25:32 +00:00
Seungjae Yoo
f60a1e0b90 Set sepolicy for vmnic in AVF
Bug: 340376951
Test: Presubmit
Change-Id: I5f48ff4a459805de2f74d160c1b61473c6de0466
2024-05-20 14:15:22 +09:00
Inseob Kim
23c543c0ed Remove 1000000.0 mapping files
It's a workaround for -with-phones branch and redundant now.

Test: TH
Change-Id: I0ec9e00a8ee1e3c929f33cbba3b8339c7e42b885
2024-05-20 10:23:55 +09:00
Dennis Shen
f6106361f1 selinux: allow aconfig to read /aepx
Bug: b/312444587
Test: m and avd
Change-Id: I6ac81dd211ad7669952f97f9541c44e14680bec6
2024-05-20 00:44:56 +00:00
Steven Moreland
248f0e069a Update transaction log permissions.
I locked down binderfs in Android V (this release still), but
part of it was opened up too much, so transactions restricted
to userdebug.

transaction_log and failed_transaction_log are not used in AOSP,
but they are requested by partners.

Bug: 316970771 for transactions
Bug: 336711420 for request to open up transaction history logs
Test: boot, bugreport, also:

:) adb shell ls -Z /dev/binderfs/binder_logs
u:object_r:binderfs_logs_transaction_history:s0 failed_transaction_log
u:object_r:binderfs_logs_proc:s0                proc
u:object_r:binderfs_logs:s0                     state
u:object_r:binderfs_logs_stats:s0               stats
u:object_r:binderfs_logs_transaction_history:s0 transaction_log
u:object_r:binderfs_logs_transactions:s0        transactions
:) adb shell cat /dev/binderfs/binder_logs/transaction_log
10058502: reply from 6450:8668 to 6766:6766 context binder node 0 handle -1 size 36:0 ret 0/0 l=0
10058503: call  from 6766:6766 to 6450:0 context binder node 199747 handle 23 size 116:0 ret 0/0 l=0
10058504: reply from 6450:8668 to 6766:6766 context binder node 0 handle -1 size 12:0 ret 0/0 l=0
10058505: call  from 6766:6766 to 6450:0 context binder node 199747 handle 23 size 84:0 ret 0/0 l=0
...
:) adb shell cat /dev/binderfs/binder_logs/failed_transaction_log
26418: reply from 584:1568 to 0:0 context binder node 0 handle -1 size 20:0 ret 29189/0 l=3194
57265: async from 2978:4304 to 3039:0 context binder node 40111 handle 6 size 96:0 ret 29189/-3 l=3465
57269: call  from 4437:4613 to 670:0 context binder node 57183 handle 44 size 116:0 ret 29189/-3 l=3465
57288: async from 4252:4450 to 3039:0 context binder node 34895 handle 1 size 92:0 ret 29189/-3 l=3465
...

Change-Id: I73e570dee8e59e76acaf0def615701e0e85e207f
2024-05-17 22:35:55 +00:00
Yakun Xu
60f55289f8 Merge "Thread: allow ot-rcp to bind a specific netif" into main 2024-05-17 03:52:14 +00:00
Thiébaud Weksteen
1b85ead322 Merge "Grant dumpstate append to app_data_file_type" into main 2024-05-16 23:29:39 +00:00
Treehugger Robot
ca83352d1b Merge "Adjust policy that allows virtualizationservice to access RKPD" into main 2024-05-15 16:05:38 +00:00
Alice Wang
f7fc9f921a Adjust policy that allows virtualizationservice to access RKPD
Test: atest AvfRkpdAppIntegrationTests
Change-Id: I4f946326af3ce96466bb2c7de1762fbed056ec09
2024-05-15 14:33:36 +00:00
Jiakai Zhang
1a3775bbb8 Add a system property namespace for Pre-reboot Dexopt.
We need to maintain the Pre-reboot Dexopt state across system server
crashes and restarts, but not across reboots. System properties are
suitable for this use case. The state includes whether the job has run
and the OTA slot.

Bug: 311377497
Change-Id: I527d4ba6064c1600d97ce2efc8be211b9460a8f0
Test: Presubmit
2024-05-15 14:20:22 +00:00
Maciej Żenczykowski
6e95ee78e3 Merge "allow non bpfloader creation of bpf maps" into main 2024-05-15 07:37:07 +00:00
Thiébaud Weksteen
6772c50574 Define new kernel security classes
Define new classes and access vectors recognised by the kernel.

Bug: 340491179
Test: boot and check logs for undefined class or permission
Change-Id: I9b32916ea231cf396aa326ed7e08cb14e4eb2c9b
2024-05-15 04:45:20 +00:00
Thiébaud Weksteen
4b79c66714 Symlink microdroid access_vectors and security_classes
Symlink the access vectors and classes definitions of microdroid
reqd_mask to microdroid platform.

These definitions are not yet linked to the generic platform policy.

Bug: 340491179
Bug: 215093641
Test: build & TH
Change-Id: I7c4771dedfd2f35a7dda7d78bf863cbc0c288e67
2024-05-15 13:47:25 +10:00
Thiébaud Weksteen
76f7261d14 Grant dumpstate append to app_data_file_type
dumpstate may be executed by apps in different domains. Notably, a
system_app needs to be able to save the output in its own directory.

  avc:  denied  { append } for comm="binder:575_1" dev="dm-50"
  ino=10712 scontext=u:r:dumpstate:s0
  tcontext=u:object_r:system_app_data_file:s0 tclass=file

Using the app_data_file_type attribute to capture all the potential app
data types. For info, the current Cuttlefish policy has:

  $ seinfo -x -a app_data_file_type cf_policy
    attribute app_data_file_type;
        app_data_file
        bluetooth_data_file
        nfc_data_file
        privapp_data_file
        radio_data_file
        sdk_sandbox_data_file
        shell_data_file
        storage_area_app_dir
        storage_area_content_file
        storage_area_dir
        system_app_data_file

Test: bugreport
Change-Id: I7685c1fcdb3896c44fe44008b1b262c3f1e90a01
2024-05-15 10:55:37 +10:00
Steven Moreland
0ae9148a35 statsd: allow misctl property
For detecting 16 KB issues.

Bug: 332406754
Test: build
Change-Id: I27f7044133dad54b91bbab5911b05a6cc254be36
2024-05-14 20:31:11 +00:00
Alan Stokes
8b80dacadc Suppress denials for odsign console
When odsign spawns compos_verify it has our stdin/out connected to its
console. But none of the VM processes use stdin/out at all; they log
to logcat instead.

So instead of allowing the access (which immediately leads to the same
denials in virtualizationmanager), just suppress the audit logs.

Bug: 293259827
Test: Exercise isolated compilation successfully with no denials seen.
Change-Id: I454bb2fe106b656a9695511cbf09350402b30bdd
2024-05-14 17:07:35 +01:00
Thiébaud Weksteen
70cf2cd6e3 Collect test names in sepolicy_tests.py
Some entries in Tests were not matching their actual function (e.g.,
TestSystemTypeViolators instead of TestSystemTypeViolations).
Automatically generate the list of tests, based on the 'Test' prefix in
their name.

Test: sepolicy_tests -h
Change-Id: I1865e24c6cc1bfe15f633263897ea7530140c41d
2024-05-14 13:42:13 +10:00
Yakun Xu
c5f8e959d3 Thread: allow ot-rcp to bind a specific netif
This commit adds necessary permissions for ot-rcp to bind
to a network interface specified by its address or name.

Test: presubmit
Bug: 329188649
Change-Id: I6731df79c04eeeb2c39017b99b9c2acf315256e2
2024-05-09 17:05:04 +08:00
Treehugger Robot
fff886e374 Merge "Allow mounting and unmounting functionfs." into main 2024-05-09 08:46:08 +00:00
Jiakai Zhang
be2e719598 Allow mounting and unmounting functionfs.
Pixel has /dev/usb-ffs/adb, /dev/usb-ffs/mtp, and /dev/usb-ffs/ptp in
type functionfs.

Bug: 311377497
Change-Id: Id9388a0d420c712962804f6441c86cfb3c4e9e62
Test: adb shell cmd jobscheduler run android 27873781
2024-05-09 04:03:18 +00:00
Nate Jiang
229807f032 Change WifiScanner from system_api_service to app_api_service
This will allow the CTS get the WifiScanner to test. Also WifiScanner is
a system API and all APIs are protected by the priviliged permissions.

Bug: 339527374
Test: CtsWifiTestCases

Change-Id: Ic06a5804fa81a952e9e8792e93df489a9d47d521
2024-05-09 00:13:26 +00:00
Devin Moore
ba99b14c5c Merge "Allow crash_dump to read misctrl properties" into main 2024-05-07 19:55:51 +00:00
Eric Laurent
df665c694b Allow native audio server to access the virtual device manager service
This is needed when accessing SensorManager since commit 71db5f82

Bug: 336860810
Test: make
Ignore-AOSP-First: needed on internal branch first
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:caad49e71d927e021575c3051d7d10ff7917e09c)
Merged-In: I303c6e3418ca5179c615c2c643fdf9783d323c78
Change-Id: I303c6e3418ca5179c615c2c643fdf9783d323c78
2024-05-07 00:21:30 +00:00
Devin Moore
49a4a06264 Allow crash_dump to read misctrl properties
This is used to determine if the device has been in 16k page size mode
to help debug issues with that.

Test: debuggerd_test with ro.misctl.16kb_before="1"
Bug: 335247092
Change-Id: I7b5fcd39cc5b3247d866814fbcf53299d68846c2
2024-05-06 15:40:12 +00:00
Maciej Żenczykowski
28960d319a allow non bpfloader creation of bpf maps
In practice only bpf programs are critical to device security...

Normally there is basically no use for creating bpf maps outside
of the bpfloader, since they have to be tied directly into the bpf
programs (which is only ever done by the bpfloader during the boot
process) to be of any use.

This means that bpf maps created after the bpfloader is done,
can't actually be used by any bpf code...

Hence we had this restriction.

However, map-in-map support changes this:

It becomes possible to define a boot-time (bpfloader loaded)
bpf program which accesses an (initially empty) outer map
(created by the bpfloader).

This outer map can be populated with inner maps at run time by various
bpf using userspace code.  While it can be populated with bpfloader
created 'static' maps, it also makes sense to be able to create/destroy
these inner maps on demand 'dynamically'.

This allows bpf map memory utilization to be driven by actual runtime
device needs.  For example scaling with the number of users, apps,
or connected networks.

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I93223c660463596c9e50065be819e2fd865da923
2024-05-04 11:02:13 +00:00
Treehugger Robot
18eb855a0f Merge "Use no_full_install: true instead of installable: false" into main 2024-05-04 00:04:03 +00:00
Treehugger Robot
07dc4933ac Merge "Add policies for hal_codec2" into main 2024-05-03 17:20:45 +00:00
Treehugger Robot
c567076228 Merge "Add some new classes and access vectors" into main 2024-05-03 12:19:14 +00:00
Inseob Kim
93da5387e8 Merge "Move prebuilt_sepolicy_cts_data to system/sepolicy" into main 2024-05-03 01:47:42 +00:00
Dennis Shen
2ae5d42a79 Merge "selinux: allow system server access aconfigd socket" into main 2024-05-02 23:49:25 +00:00
Kalesh Singh
5f805d057e Merge "sepolicy: Add rules for /sys/kernel/mm/pgsize_migration/enabled" into main 2024-05-02 19:38:08 +00:00
Kalesh Singh
3a4c68dd83 sepolicy: Add rules for /sys/kernel/mm/pgsize_migration/enabled
The dynamic linker needs to read this node to determine how it should
load ELF files.

Allow the node to be enabled/disabled by init.

Bug: 330117029
Bug: 327600007
Bug: 330767927
Bug: 328266487
Bug: 329803029
Test: Free Fire Chaos App launches
Test: no avc deined in logcat
Change-Id: I2b35d6aebe39bf3e1e7489b47f23a817e477ef72
2024-05-02 19:34:36 +00:00
Pawan Wagh
c9b15f596b Merge "Allow system app and update_engine to read OTA from /vendor" into main 2024-05-02 19:28:44 +00:00
Dennis Shen
62f4363b39 selinux: allow system server access aconfigd socket
During storage migration, we need to route aconfig flag write requests
from settingsprovider to aconfig storage daemon via aconfigd unix domain
socket.

Bug: b/312444587
Test: m and avd
Change-Id: I051d1ed42bf51f2ebd90cbd590237cd9213f0bde
2024-05-02 18:20:25 +00:00
Alan Stokes
86a85c4e77 Add some new classes and access vectors
These have been added to the kernel and to Android sepolicy, but not
yet here. This doesn't make much difference, but it does avoid some
(harmless) warnings at policy load time.

While I'm here, remove some userspace classes which don't exist in
Microdroid and probably never will.

Bug: 215093641
Test: Policy still builds; TH
Change-Id: Id2f778919e492162c1a7d77822d74d7978522118
2024-05-02 14:03:29 +01:00
Inseob Kim
6faaf139a7 Move prebuilt_sepolicy_cts_data to system/sepolicy
This is a no-op now but it will make vintf finalization easier because
we'll only need system/sepolicy changes.

Bug: 337978860
Test: atest CtsSecurityHostTestCases
Change-Id: I242dcad7511e7c880b1e5434ba3de622f56bc1b3
2024-05-02 17:40:00 +09:00
Sungtak Lee
8eed41c1aa Add policies for hal_codec2
Allow hal_codec2_server to read fifo_file from hal_codec2_client
Allow hal_codec2_client to find surfaceflinger_service:service_manager.

Bug: 337356582
Test: atest CtsMediaTranscodingTestCases
Change-Id: I76b2ca7d3caf7909d9d6df424eb5f68b1a0a6f03
2024-05-02 08:22:57 +00:00
Pawan Wagh
b071882d76 Allow system app and update_engine to read OTA from /vendor
Introuducing vendor_boot_ota_file which will be used to allow
reading OTAs from /vendor/boot_otas when BOARD_16K_OTA_MOVE_VENDOR := true
is set. These OTAs will be read from settings app(system_app) and update
engine.

Test: m, m Settings && adb install -r $ANDROID_PRODUCT_OUT/system_ext/priv-app/Settings/Settings.apk
Bug: 335022191
Change-Id: Ie42e0de12694ed74f9a98cd115f72d207f67c834
2024-05-02 01:14:47 +00:00
Ellen Arteca
c1508ec794 Add read permission to storage_area_keys to installd
Installd needs the read permission on storage area
key directories. This only comes up in testing when the tests
are rerun on the same device.

Bug: 325129836
Test: atest StorageAreaTest
Change-Id: I74c776c52d66492552aaf8b61c7591fb19194f7a
2024-05-01 17:49:26 +00:00