Commit graph

169 commits

Author SHA1 Message Date
Xin Li
27205a2847 DO NOT MERGE - Merge pi-platform-release (PPRL.190205.001) into stage-aosp-master
Bug: 124234733
Change-Id: Ic9a486e029115f3c42c1c0f139890bc744eb14bf
2019-02-12 09:53:58 -08:00
Wei Wang
c63f4c2579 Fix prebuilt policy from pi-dev
Bug: 118468011
Bug: 121439388
Test: Build
Change-Id: I208f9f5450ba72f5ed62e9d944c07e25d77ec259
2019-01-23 09:53:09 -08:00
Tim Van Patten
3293abb67f Create System Property to Indicate ANGLE Support
Create the system property ro.gfx.angle.supported that indicates if the
device supports ANGLE.   The current planned use of this property is to
allow CTS to validate ANGLE functionality if the device indicates ANGLE
is supported.

Bug: 80239516
Test: Flash the build and verify the property is 'false' for marlin.
Test: Flash the build and verify the property is 'true' for walleye.
Change-Id: I00387db9ade34152f79d75453ea17d5ea7b063cd
2019-01-10 11:35:58 -07:00
Hector Dearman
63d07d7586 Make system_server atrace category work with traced_probes
Historically most uses of atrace happen via the shell domain.

There are two exceptions:
- boot tracing
- traced_probes

We need to get feature parity, so atrace has the same behavior
when is invoked either via shell or from its own domain (e.g.
via traced_probes that has an auto_trans rule into atrace on exec).
Atrace works by setting system properties to enable tracing from userspace
then poking all the binder services to read the system properties (see [1]) so
enabling the system_server category requires the ability to call binder
methods on the system_server.

For more use cases see b/113127224

[1]: 9ead54bed6/cmds/atrace/atrace.cpp (545)

Bug: 113127224
Test: Add an atrace category to the Perfetto config and confirm the data
shows up.

Cherry-picked from aosp/747608

Change-Id: Id077eff960ffb1cdd7b0ce84b21ac9ef70444a4a
Merged-In: Id077eff960ffb1cdd7b0ce84b21ac9ef70444a4a
2018-09-26 18:04:51 +00:00
Tri Vo
6c32e0624f Merge "Add mapping files for 28.0.[ignore.]cil"
am: 13e60ed1fa

Change-Id: I5b19874975830ddcb2765851544eebc9848d3df4
2018-07-19 18:03:05 -07:00
Jae Shin
1fa9634896 Add mapping files for 28.0.[ignore.]cil
Steps taken to produce the mapping files:

1. Add prebuilts/api/28.0/[plat_pub_versioned.cil|vendor_sepolicy.cil]
from the /vendor/etc/selinux/[plat_pub_versioned.cil|vendor_sepolicy.cil]
files built on pi-dev with lunch target aosp_arm64-eng

2. Add new file private/compat/28.0/28.0.cil by doing the following:
- copy /system/etc/selinux/mapping/28.0.cil from pi-dev aosp_arm64-eng
device to private/compat/28.0/28.0.cil
- remove all attribute declaration statement (typeattribute ...) and
sort lines alphabetically
- some selinux types were added/renamed/deleted w.r.t 28 sepolicy.
Find all such types using treble_sepolicy_tests_28.0 test.
- for all these types figure out where to map them by looking at
27.0.[ignore.]cil files and add approprite entries to 28.0.[ignore.]cil.

This change also enables treble_sepolicy_tests_28.0 and install 28.0.cil
mapping onto the device.

Bug: 72458734
Test: m selinux_policy
Change-Id: I90e17c0b43af436da4b62c16179c198b5c74002c
2018-07-18 20:08:38 -07:00
Tri Vo
690de22d48 resolve merge conflicts of d07ab2fe93 to stage-aosp-master
BUG: None
Test: I solemnly swear I tested this conflict resolution.
Change-Id: I58fff9dc7826eb60520b087d08ecd931cba63bf0
2018-07-18 13:08:55 -07:00
Tri Vo
afdfeeb506 Add 28.0 prebuilts
Bug: n/a
Test: n/a
Change-Id: I11e6baaa45bcb01603fc06e8a16002727f4e5a00
2018-07-17 15:31:47 -07:00
Jeff Vander Stoep
573d333589 crash_dump: disallow ptrace of TCB components
Remove permissions.

Bug: 110107376
Test: kill -6 <components excluded from ptrace>
Change-Id: If8b9c932af03a551e40e786d591544ecdd4e5c98
Merged-In: If8b9c932af03a551e40e786d591544ecdd4e5c98
(cherry picked from commit f1554f1588)
2018-07-12 11:33:30 -07:00
Eino-Ville Talvala
fef2be8130 Merge "Make system property audio.camerasound.force a vendor-writable property," into pi-dev 2018-06-25 17:39:17 +00:00
Peiyong Lin
a0b52c6fa5 Allow SurfaceFlinger to use Power HAL.
When we have wide color gamut content, SurfaceFlinger might want to send a
PowerHint through Power Hal to boost GPU to higher frequency, to make sure GPU
composition can finish in time.

BUG: 110112323
Test: adb shell cat /sys/class/kgsl/kgsl-3d0/devfreq/cur_freq
Change-Id: If60c13aedc4ff84eaefd3430794dc15a478c5a73
(cherry picked from commit 02be5975d6)
2018-06-22 13:31:56 -07:00
Eino-Ville Talvala
d375e733fe Make system property audio.camerasound.force a vendor-writable property,
This property is read by the audio service in system server to toggle camera shutter sound
enforcement on a device-specific basis.

Test: Camera shutter sound enforcement works when audio.camerasound.force is set
Bug: 110126976
Change-Id: I2720d3c699c4712d1a328f59dde0b16bbf1016f3
2018-06-21 13:12:48 -07:00
Joel Galenson
f41d85ca64 Merge "Allow ephemeral_app to execute system_file." into pi-dev
am: 398f72e3fd

Change-Id: Ib41908cbbf800bc1f3c2c4f639ab11c4b900d638
2018-06-05 21:07:16 -07:00
TreeHugger Robot
398f72e3fd Merge "Allow ephemeral_app to execute system_file." into pi-dev 2018-06-06 03:31:50 +00:00
Tri Vo
986f9ef5f3 Merge "Revert "Remove neverallow coredomain to set vendor prop."" into pi-dev
am: c75bef086f

Change-Id: If12976c0cd028c2e4cb35323019d953221998f30
2018-06-05 19:48:45 -07:00
Tri Vo
c75bef086f Merge "Revert "Remove neverallow coredomain to set vendor prop."" into pi-dev 2018-06-06 02:07:50 +00:00
Joel Galenson
f2afca7cf0 Allow ephemeral_app to execute system_file.
Bug: 109653662
Test: Build policy.
Change-Id: I6c71a8bc24d7a144b801d16f1bcad31fb8f2aba5
2018-06-05 17:56:30 -07:00
TreeHugger Robot
c0ee12ea82 Merge "ephemeral_app: disallow access to qtaguid files" into pi-dev 2018-06-05 21:14:18 +00:00
Jeff Vander Stoep
069f3cff50 ephemeral_app: disallow access to qtaguid files
Apps targeting API version 28+ are not allowed to access:
/proc/xt_qtaguid/*
/dev/xt_qtaguid

Instant apps should also be excluded from access.

Fixes: 92796393
Test: make -j cts_instant
    cts-instant-tradefed run commandAndExit cts-instant-dev \
    -m CtsPermissionTestCases \
    --test android.permission.cts.FileSystemPermissionTest

Change-Id: Ifa27f6a3fad9227d4df1bf50a5120a4c36422ff7
Merged-In: I7e49f796a25cf68bc698c6c9206e24af3ae11457
2018-06-04 21:56:55 -07:00
Steven Moreland
1c6d0b2eb1 Merge "Add context for ro.boot.product.hardware.sku." into pi-dev
am: ce944f0294

Change-Id: I0ae38bc922a057ae0a49d4b228cb280961c0b956
2018-06-04 11:04:27 -07:00
TreeHugger Robot
ce944f0294 Merge "Add context for ro.boot.product.hardware.sku." into pi-dev 2018-06-04 17:26:58 +00:00
huans
3265c6efb2 emulator: Whitelist ro.kernel.qemu. parameters
am: 66b55782b8

Change-Id: I1315d4150230ef4e2b513c582f824bca97600d30
2018-06-04 10:14:50 -07:00
Steven Moreland
5516acc6ab Add context for ro.boot.product.hardware.sku.
This was defined, but it had no users in the Android tree.
Because of this, ODM manifests required extra sepolicy to be applied
in vendor. Before this, there was no policy split, so that was okay,
but now it is impossible.

Bug: 91735839
Test: add an odm manifest for SE conditional on
    a system property (ro.boot.product.hardware.sku)
    and make sure it is read into the manifest (using
    the vintf tool) and also that a client can get the
$ lshal | grep secure
Y android.hardware.secure_element@1.0::ISecureElement/SIM1                                  0/2        881    2262 567

Change-Id: I94a2928943be6a17416b8bbd78106809c0c21198
2018-06-01 18:23:55 -07:00
huans
66b55782b8 emulator: Whitelist ro.kernel.qemu. parameters
And ro.kernel.android.bootanim (used to en/disable boot-anim)

Bug: 79941736
Test: Manual
Change-Id: Ib486903dec92df88b4d33bad6262cbcfc2aa1c4c
2018-06-01 10:48:31 -07:00
Tri Vo
ba79e154e5 Revert "Remove neverallow coredomain to set vendor prop."
Bug: 80466516
Bug: 78598545
This reverts commit 6f6fbebcef.

Change-Id: I3c0f374b846241571b5db6f061503f0ea2d6396a
2018-06-01 16:37:38 +00:00
Tri Vo
b4fe8e1feb Remove neverallow coredomain to set vendor prop.
am: 6f6fbebcef

Change-Id: Ie793eff4736f8a9b351114c3fd9bd1bdcd22ab49
2018-05-31 17:56:37 -07:00
Jiyong Park
029f415d48 Merge "add extended_core_property_type" into pi-dev
am: d009682c2e

Change-Id: Ie821be484067f0ff5d06aac66a3b020d6e853d1a
2018-05-31 17:08:35 -07:00
Tri Vo
6f6fbebcef Remove neverallow coredomain to set vendor prop.
We are not forbidding system_writes_vendor_properties_violators in P,
i.e. this neverallow rule is not strictly enforced.

Bug: 80466516
Bug: 78598545
Test: build policy
Change-Id: Iaf0ebbd2b27adf8c48082caa874e53f32bf999fc
2018-05-31 23:46:02 +00:00
TreeHugger Robot
d009682c2e Merge "add extended_core_property_type" into pi-dev 2018-05-31 22:45:21 +00:00
Jiyong Park
c0f8f2f82a add extended_core_property_type
The attribute is used to capture system properties added from outside of
AOSP (e.g. by OEM), but are not device-specific and thus are used only
inside the system partition.

Access to the the system properties from outside of the system partition
is prevented by the neverallow rule.

Bug: 80382020
Bug: 78598545
Test: m -j selinux_policy
Change-Id: I22c083dc195dab84c9c21a79fbe3ad823a3bbb46
2018-05-30 17:38:09 +09:00
Jeff Vander Stoep
b16d0e1272 Merge "Use non-expanded types in prop neverallows" into pi-dev
am: b5e493d821

Change-Id: Ib877668feb90ab58b21e5d62735f1bb03fc5eb9a
2018-05-24 16:57:07 -07:00
Joel Galenson
24b6158118 Hide bpfloader sys_admin denials.
am: d65f26f1b0

Change-Id: I0435b600f5a163089650c02417646109a97e3e56
2018-05-23 14:28:48 -07:00
TreeHugger Robot
b5e493d821 Merge "Use non-expanded types in prop neverallows" into pi-dev 2018-05-23 19:08:01 +00:00
Jeff Vander Stoep
7745770bca Use non-expanded types in prop neverallows
Using hal_foo attributes in neverallow rules does not work because
they are auto-expanded to types. Use hal_foo_server types instead.

Fixes the following error:
unit.framework.AssertionFailedError: The following errors were
encountered when validating the SELinuxneverallow rule: neverallow
{ domain -coredomain -bluetooth -hal_bluetooth } { bluetooth_prop }:
property_service set; Warning! Type or attribute hal_bluetooth used
in neverallow undefined in policy being checked.

Test: CtsSecurityHostTestCases
Bug: 80153368
Change-Id: I2baf9f66d2ff110a4f181423790a1160a6e138da
2018-05-23 10:03:15 -07:00
Joel Galenson
d65f26f1b0 Hide bpfloader sys_admin denials.
Bug: 79524845
Test: Boot device and see no denials.
Change-Id: I9316bfd0e3718818a7613a421aedff7da8c87108
2018-05-23 08:36:40 -07:00
Jordan Liu
7af4a1f110 Merge "Setup policy for downloaded apns directory" into pi-dev 2018-05-22 21:12:31 +00:00
Tom Cherry
7b8be35ddf Finer grained permissions for ctl. properties
Currently, permissions for ctl. property apply to each action verb, so
if a domain has permissions for controlling service 'foo', then it can
start, stop, and restart foo.

This change implements finer grainer permissions such that permission
can be given to strictly start a given service, but not stop or
restart it.  This new permission scheme is mandatory for the new
control functions, sigstop_on, sigstop_off, interface_start,
interface_stop, interface_restart.

Bug: 78511553
Test: see appropriate successes and failures based on permissions
Merged-In: Ibe0cc0d6028fb0ed7d6bcba626721e0d84cc20fa
Change-Id: Ibe0cc0d6028fb0ed7d6bcba626721e0d84cc20fa
(cherry picked from commit 2208f96e9e)
2018-05-22 13:47:16 -07:00
Tom Cherry
e21e9e6373 Merge "Finer grained permissions for ctl. properties" into pi-dev
am: 0e403c8242

Change-Id: I778a16ae2bcc5713ba3ca1c81fd90c97b0a5d64d
2018-05-22 13:26:42 -07:00
Tom Cherry
0e403c8242 Merge "Finer grained permissions for ctl. properties" into pi-dev 2018-05-22 20:15:07 +00:00
Alan Stokes
491a095435 Remove fixed bug from bug_map.
am: c8711592ad

Change-Id: Ib622f35e8adb682c5a2b0eef9ae02857d028597c
2018-05-22 10:52:15 -07:00
Tom Cherry
2208f96e9e Finer grained permissions for ctl. properties
Currently, permissions for ctl. property apply to each action verb, so
if a domain has permissions for controlling service 'foo', then it can
start, stop, and restart foo.

This change implements finer grainer permissions such that permission
can be given to strictly start a given service, but not stop or
restart it.  This new permission scheme is mandatory for the new
control functions, sigstop_on, sigstop_off, interface_start,
interface_stop, interface_restart.

Bug: 78511553
Test: see appropriate successes and failures based on permissions

Change-Id: Ibe0cc0d6028fb0ed7d6bcba626721e0d84cc20fa
2018-05-22 09:13:16 -07:00
Alan Stokes
c8711592ad Remove fixed bug from bug_map.
Bug: 77816522
Bug: 73947096

Test: Flashed device, no denial seen
Change-Id: Ib2f1fc670c9a76abbb9ff6747fec00fa5bcde5af
(cherry picked from commit 62913dbfd2)
2018-05-22 08:41:23 -07:00
Tom Cherry
bab2435a06 Merge "neverallow coredomain from writing vendor properties" into pi-dev
am: e5cc744d18

Change-Id: I66f2965200090a4ded857c6eb9ac6b79ee5b596c
2018-05-21 22:10:10 -07:00
TreeHugger Robot
e5cc744d18 Merge "neverallow coredomain from writing vendor properties" into pi-dev 2018-05-22 05:04:40 +00:00
Bowgo Tsai
eb2ff1cbdd Merge "ueventd: allow reading kernel cmdline" into pi-dev
am: fd00fd123d

Change-Id: I9421816a71b08b24f652f61dec994a153354e2df
2018-05-21 16:28:37 -07:00
TreeHugger Robot
fd00fd123d Merge "ueventd: allow reading kernel cmdline" into pi-dev 2018-05-21 23:14:38 +00:00
Niklas Lindgren
780cd6df4b Setup policy for downloaded apns directory
apns downloaded will enter a new directory that
TelephonyProvider can access.

Bug: 79948106
Test: Manual
Change-Id: I1e7660adf020dc7052da94dfa03fd58d0386ac55
Merged-In: I1e7660adf020dc7052da94dfa03fd58d0386ac55
2018-05-21 15:58:16 -07:00
Carmen Jackson
8640cffa1e Merge "Add sync and fence tracepoints to user-visible list of tracepoints." into pi-dev
am: 09648d9ae3

Change-Id: I1821400703aa5dc41a485d3430946345978045c0
2018-05-21 14:12:20 -07:00
TreeHugger Robot
09648d9ae3 Merge "Add sync and fence tracepoints to user-visible list of tracepoints." into pi-dev 2018-05-21 21:06:39 +00:00
Carmen Jackson
f47f0c3869 Add sync and fence tracepoints to user-visible list of tracepoints.
The 'sync' tracepoint was updated to be 'fence' in kernel 4.9, so this
change also adds that one to the list.

Bug: 79935503
Test: Took a trace using 'sync' in user mode and saw the tracepoints
being saved.

Change-Id: I793c6f54cd9364f33853983f8c5dfb28b98c2708
2018-05-21 12:18:18 -07:00