Commit graph

7711 commits

Author SHA1 Message Date
Steven Moreland
ca5f06cdb9 Merge "Give serial number access to drm hal server not client" 2023-06-21 21:27:09 +00:00
Eric Biggers
8b703551d8 Merge "Allow vold to rename system_data_file directories" 2023-06-13 22:11:39 +00:00
Eric Biggers
95930cf6a7 Allow vold to rename system_data_file directories
To fully close a race condition where processes can access per-user
directories before an encryption policy has been assigned, vold is going
to start creating these directories under temporary names and moving
them into place once fully prepared.  To make this possible, give vold
permission to rename directories with type system_data_file.

Bug: 156305599
Bug: 285239971
Change-Id: Iae2c8f7d2dc343e7d177e6fb2e893ecca1796f7f
2023-06-13 16:22:03 +00:00
Jooyung Han
7c4f8a87d3 Allow vendor_overlay_file from vendor apex
Path to vendor overlays should be accessible to those processes with
access to vendor_overlay_file. This is okay when overlays are under
/vendor/overlay because vendor_file:dir is accessible from all domains.
However, when a vendor overlay file is served from a vendor apex, then
the mount point of the apex should be allowed explicitly for 'getattr'
and 'search'.

Bug: 285075529
Test: presubmit tests
Change-Id: I393abc76ab7169b65fdee5aefd6da5ed1c6b8586
2023-06-09 13:43:11 +09:00
Thiébaud Weksteen
4ba0198325 Merge "Grant signal permission for dumpstate on app_zygote" 2023-06-08 23:22:42 +00:00
Robert Shih
1bd70df43b Give serial number access to drm hal server not client
Bug: 284812208
Change-Id: I489feba47f9eb0d9a4ea483cd55aa3a8bbfd389e
2023-06-06 08:33:19 +00:00
Thiébaud Weksteen
ae39ba7068 Grant signal permission for dumpstate on app_zygote
Bug: 282614147
Bug: 238263438
Bug: 238263561
Bug: 238263942
Bug: 264483390
Bug: 279680264
Test: TreeHugger
Change-Id: I8b74fec0ea855e244e218fdeb43a57407fe77388
2023-06-06 10:29:57 +10:00
Jooyung Han
b6211b88cf Introduce vendor_apex_metadata_file
A new label for ./apex_manifest.pb and ./ entries in vendor apexes. This
is read-allowed by a few system components which need to read "apex" in
general. For example, linkerconfig needs to read apex_manifest.pb from
all apexes including vendor apexes.

Previously, these entries were labelled as system_file even for vendor
apexes.

Bug: 285075529
Test: m && launch_cvd
Test: atest VendorApexHostTestsCases
Change-Id: Icc234bf604e3cafe6da81d21db744abfaa524dcf
2023-06-05 17:17:51 +09:00
Brian Lindahl
abbd8aeefd Move allow rule out of the neverallow section
Resovles comment from aosp/2605806

Bug: 234833109
Test: build
Change-Id: I248613ed2d9a7f26d404df8552c2dfc74694754a
2023-06-01 12:36:55 -06:00
Treehugger Robot
30c25de59d Merge changes from topic "artsrv-experiment-flag"
* changes:
  Give art_boot explicit access to experiment flags.
  Allow the ART boot oneshot service to configure ART config properties.
2023-06-01 18:21:50 +00:00
Steven Moreland
46288c6b97 Merge "strengthen app_data_file neverallows" 2023-05-26 15:32:15 +00:00
Brian Lindahl
ffeb680417 Allow media server configurable flags to be read from anywhere
The majority of code for media encoding and decoding occurs within the
context of client app processes via linking with libstagefright. This
code needs access to server-configurable flags to configure
codec-related features.

Bug: 234833109
Test: manual test with 'adb shell device_config' commands
Change-Id: I95aa6772a40599636d109d6960c2898e44648c9b
2023-05-25 20:48:00 -06:00
Treehugger Robot
cd69d35a5e Merge "Add sepolicy for ro.build.ab_update.ab_ota_partitions" 2023-05-25 11:14:40 +00:00
Treehugger Robot
d16bf50b26 Merge "Allow ueventd to read apexd property" 2023-05-25 01:40:11 +00:00
Kelvin Zhang
60456bd47e Add sepolicy for ro.build.ab_update.ab_ota_partitions
Bug: 283042235
Test: th
Change-Id: Ie2296b75c91fbeb83cb0f3e61d5013b106fb78d0
2023-05-24 18:26:12 -07:00
Steven Moreland
fd92d967ee Merge "strengthen proc_type neverallows" 2023-05-24 18:01:14 +00:00
Jin Jeong
d7558db004 Merge "Revert "Add setupwizard_esim_prop to access ro.setupwizard.esim_cid_ignore"" 2023-05-24 08:21:54 +00:00
Suchang Woo
6b4c45393b Allow ueventd to read apexd property
To run external firmware handler, ueventd should wait for apexd activation
by reading 'apexd.status' property.

Test: loading firmware from vendor apex using external firmware handler
Signed-off-by: Suchang Woo <suchang.woo@samsung.com>
Change-Id: Ic2057ab2d014540ce5eeb26bcac35d39294b5dc9
2023-05-23 14:12:40 +09:00
Steven Moreland
f3722d5a71 strengthen app_data_file neverallows
There are more types of apps now.

Bug: 281877578
Test: boot
Change-Id: I1918de8610070f6fac0e933d75c656e4ee0cfbdd
2023-05-23 00:01:27 +00:00
Steven Moreland
8634a88595 strengthen proc_type neverallows
These were unnecessarily lax. Some additional places
additionally exclude only the generic proc type, but
we don't care about those places.

Bug: 281877578
Test: boot
Change-Id: I9ebf410c12a41888ab1f5ecc21c95c34fc36c0d0
2023-05-22 22:59:08 +00:00
Steven Moreland
9a184232d7 Merge "strengthen system_file neverallows" 2023-05-19 21:37:26 +00:00
David Anderson
73d18c2bfe Merge "Allow ueventd to access device-mapper." 2023-05-19 19:43:21 +00:00
Suren Baghdasaryan
9c23982a48 allow modprobe to load modules from /system/lib/modules/
This is needed to load GKI leaf modules like zram.ko.

Bug: 279227085
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I8a8205e50aa00686f478aba5336299e03490bbb5
2023-05-18 22:33:26 +00:00
Steven Moreland
9c2a5cf0c9 strengthen system_file neverallows
no writing to system_file_type is the intention
here, but they only restricted system_file.

this does not touch the untrusted_app lock
neverallow, because it's specific to a single
system_file, and r_file_perms includes 'lock'.

Bug: 281877578
Test: build (neverallow only change)

Change-Id: I6c6078bc27c49e5a88862eaa330638f442dba9ee
2023-05-18 00:07:25 +00:00
David Anderson
e09c0eee36 Allow ueventd to access device-mapper.
ueventd needs access to device-mapper to fix a race condition in symlink
creation. When device-mapper uevents are received, we historically read
the uuid and name from sysfs. However it turns out sysfs may not be
fully populated at that time. It is more reliable to read this
information directly from device-mapper.

Bug: 270183812
Test: libdm_test, treehugger
Change-Id: I36b9b460a0fa76a37950d3672bd21b1c885a5069
2023-05-17 11:07:19 -07:00
Martin Stjernholm
e1ac267ddd Allow the ART boot oneshot service to configure ART config properties.
Test: See commit 2691baf9d4f8086902d46b2e340a6e5464857b90 in art/
      (ag/23125728)
Bug: 281850017
Change-Id: I14baf55d07ad559294bd3b7d9562230e78201d25
(cherry picked from commit 3d7093fd7b)
Merged-In: I14baf55d07ad559294bd3b7d9562230e78201d25
2023-05-16 16:13:42 +01:00
Ken Chen
099da6da31 Allow netd to perform SIGKILL on process dnsmasq
In tetherStop(), netd will send SIGKILL to dnsmasq if SIGTERM is failed.
But there is no corresponding sepolicy in netd.te.

Bug: 256784822
Test: atest netd_integration_test:NetdBinderTest#TetherStartStopStatus
      with aosp/2591245 => fail

      atest netd_integration_test:NetdBinderTest#TetherStartStopStatus
      with aosp/2591245 + this commit => pass

Change-Id: I16a19a95c3c8ffb35dcc394b4dc329b20ecb26a3
2023-05-16 16:36:24 +08:00
Jin Jeong
9bd3eedbef Revert "Add setupwizard_esim_prop to access ro.setupwizard.esim_cid_ignore"
This reverts commit 489abecf67.

Reason for revert: b/279988311 we rename the vendor.modem property so we don't need to add the new rules

Change-Id: I19d1da02baf8cc4b5182a3410111a0e78831d7f8
Merged-In: I0c2bfe55987949ad52f62e468c84df954f39a4ad
2023-05-15 10:43:05 +00:00
Peiyong Lin
10c06cea0d Merge "Allow graphics_config_writable_prop to be modified." 2023-05-04 17:06:26 +00:00
Peiyong Lin
54229d8157 Allow graphics_config_writable_prop to be modified.
vendor_init needs to set graphics_config_writable_prop, moving it to
system_public_prop.

Bug: b/270994705
Test: atest CtsAngleIntegrationHostTestCases
Test: m && boot
Change-Id: I2f47c1048aad4565cb13d4289b9a018734d18c07
2023-05-04 15:56:33 +00:00
Jin Jeong
27d3cc7483 Merge "Add setupwizard_esim_prop to access ro.setupwizard.esim_cid_ignore" 2023-05-02 08:33:33 +00:00
Treehugger Robot
5ab4239bfb Merge "Allow snapuserd to write log files to /data/misc" 2023-05-02 02:52:58 +00:00
Jinyoung Jeong
489abecf67 Add setupwizard_esim_prop to access ro.setupwizard.esim_cid_ignore
bug: 279548423
Test:  http://fusion2/b7c803be-2dca-4195-b91f-6c4939746b5b, http://fusion2/bb76429b-7d84-4e14-b127-8458abb3e2ed
Change-Id: I4b190fca2f3825a09d27cfc74e8a528831f4f15b
Merged-In: I4b190fca2f3825a09d27cfc74e8a528831f4f15b
2023-05-02 01:24:23 +00:00
Kelvin Zhang
dbe230a193 Allow snapuserd to write log files to /data/misc
snapuserd logs are important when OTA failures happen. To make debugging
easier, allow snapuserd to persist logs in /data/misc/snapuserd_logs ,
and capture these logs in bugreport.

Bug: 280127810
Change-Id: I49e30fd97ea143e7b9c799b0c746150217d5cbe0
2023-05-01 17:15:17 -07:00
Roman Kiryanov
1f4b85c9f8 Allow servicemanager to make binder calls to gnss
not device specific

Bug: 274041413
Test: boot emulator
Change-Id: I5a70562865f64a258feefd19042949365197b990
2023-05-01 14:38:21 -07:00
Martin Stjernholm
87143bd904 Revert "Introduce a new sdk_sandbox domain"
This reverts commit 304962477a.

Reason for revert: b/279565840

Change-Id: I6fc3a102994157ea3da751364f80730f4d0e87f0
2023-04-25 12:40:37 +00:00
Mugdha Lakhani
304962477a Introduce a new sdk_sandbox domain
Define the selinux domain to apply to SDK runtime for
targetSdkVersion=34.
The existing sdk_sandbox domain has been renamed to sdk_sandbox_next.
Future CLs will add logic to apply one of these to the SDK runtime
processes on the device, based on a flag.

auditallow block from sdk_sandbox has been removed as we haven't yet
measured the system health impact of adding this. It'll be added to an
audit domain later after we've ruled out negative system health impact.

Bug: 270148964
Test: make and boot the test device, load SDK using test app
Change-Id: I7438fb16c1c5e85e30683e421ce463f9e0b1470d
2023-04-21 17:26:26 +00:00
Charles Chen
27a8f43fde Fix attribute plurals for isolated_compute_allowed
Following the naming convention.

Bug: N/A
Test: m
Change-Id: Ie26d67423f9ee484ea91038143ba763ed8f97e2f
2023-04-20 16:39:39 +00:00
Charles Chen
c8ab3593d0 Move isolated_compute_app to be public
This will allow vendor customization of isolated_compute_app. New permissions added should be associated with isolated_compute_allowed.

Bug: 274535894
Test: m
Change-Id: I4239228b80544e6f5ca1dd68ae1f44c0176d1bce
2023-04-20 05:39:29 +00:00
Yuxin Hu
b011ba5ffb Merge "Add a new system property persist.graphics.egl" 2023-04-13 18:49:26 +00:00
Yuxin Hu
889dd078e9 Add a new system property persist.graphics.egl
This new system property will be read and written
by a new developer option switch, through gpuservice.

Based on the value stored in persis.graphics.egl,
we will load different GLES driver.

e.g.
persist.graphics.egl == $ro.hardware.egl: load native GLES driver
persist.graphics.egl == angle: load angle as GLES driver

Bug: b/270994705
Test: m; flash and check Pixel 7 boots fine
Change-Id: Idec4b947d0c69c52cd798df4f834053bd306cf5f
2023-04-13 04:38:46 +00:00
Yu Shan
9eb72464b5 Define sepolicy for ivn HAL.
Test: manually verify ivn HAL on gcar_emu.
Bug: 274139217
Change-Id: Ie12dccb723078d83b561c152cc4458e52c0f8090
2023-04-10 17:42:51 -07:00
Treehugger Robot
f784149627 Merge "Use kernel sys/fs/fuse/features/fuse_bpf flag to enable fuse_bpf" 2023-03-31 22:29:31 +00:00
Jiakai Zhang
326d35c04b Merge "Allow system server to set dynamic ART properties." 2023-03-31 14:02:56 +00:00
Jiakai Zhang
22fb5c7d24 Allow system server to set dynamic ART properties.
This change gives a new type (dalvik_dynamic_config_prop) to some ART
properties such as dalvik.vm.dex2oat-cpu-set and adds a new rule to
allow system server to set them.

Bug: 274530433
Test: Locally added some code to set those properties and saw it being
  successfull.
Change-Id: Ie28602e9039b7647656594ce5c184d29778fa089
2023-03-31 11:46:05 +01:00
Steven Moreland
ccbe862858 Merge "Introduce vm_manager_device_type for crosvm" 2023-03-30 15:57:43 +00:00
Elliot Berman
ae5869abf4 Introduce vm_manager_device_type for crosvm
Introduce hypervisor-generic type for VM managers:
vm_manager_device_type.

Bug: 274758531
Change-Id: I0937e2c717ff973eeb61543bd05a7dcc2e5dc19c
Suggested-by: Steven Moreland <smoreland@google.com>
Signed-off-by: Elliot Berman <quic_eberman@quicinc.com>
2023-03-29 10:19:06 -07:00
Treehugger Robot
1ab1f7cd01 Merge "Add sepolicy rules for CpuMonitorService." 2023-03-28 21:02:14 +00:00
Steven Moreland
f7fa8ead83 Merge "remove iorapd from sepolicy" 2023-03-28 19:32:32 +00:00
Steven Moreland
c0ce089045 remove iorapd from sepolicy
It's already marked as removed in:
   ./private/compat/33.0/33.0.cil

Bug: N/A
Test: builds
Change-Id: I1b31f83fb5b210be047edb2896c7b66b58353784
2023-03-27 20:55:55 +00:00