Export the new bugreport entry which was added in b/111441001, similarly
to previously exported properties.
Bug: 161999587
Test: m selinux_policy
Change-Id: I139567ba028e90d3e07df94f57ccf7d5d5225209
This cleans up remaining exported2_default_prop. Three properties are
changed.
- ro.arch
It becomes build_prop.
- hal.instrumentation.enable
It becomes hal_instrumentation_prop.
- ro.property_service.version
It becomes property_service_version_prop.
Bug: 155844385
Test: selinux denial test on Pixel devices
Change-Id: I7ee0bd8c522cc09ee82ef89e6a13bbbf65291291
These 5 properties are all set by property_service, and their values are
same as ro.boot.X.
Bug: 155844385
Test: m selinux_policy
Change-Id: I98fdee73684dc670f61ecef83d6a749b4f24ff54
Merged-In: I98fdee73684dc670f61ecef83d6a749b4f24ff54
Most of the users already added dependencies when it was used, but a
couple didn't. These broken when I converted $(M4) into a built
artifact, as the artifact wasn't created before use.
Test: treehugger
Change-Id: Ic5c18131de84747e8b96413f61993fa777cb9d2c
ro.boot. properties assigned as "exported2_default_prop" are now
"bootloader_prop", to remove bad context name "exported2_default_prop".
Two things to clarify:
1) We have both the prefix entry and the exact entries. Although the
exact entries may be redundant, we may want to keep them. Vendors are
still allowed to have properties starting with "ro.boot." on
vendor_property_contexts file. The exact entries can prevent vendors
from modifying them to random contexts.
2) ro.boot. is special as it is originally for kernel command line
"androidboot.". But some ro.boot. properties are being used as if they
were normal. To avoid regression, ro.boot. properties having contexts
other than "exported2_default_prop" are not changed here. They will be
tracked later.
Bug: 155844385
Test: m selinux_policy
Change-Id: Ic0f4117ae68a828787304187457b5e1e105a52c7
Merged-In: Ic0f4117ae68a828787304187457b5e1e105a52c7
Instead of having hacky entry "init.svc." in vendor's sepolicy, this
adds init.svc.statsd explicitly which should be readable by CTS.
Bug: 161922998
Test: m selinux_policy
Change-Id: I3fd3bab40d2ccf2581bd7ab55894a693cdf446b2
Merged-In: I3fd3bab40d2ccf2581bd7ab55894a693cdf446b2
(cherry picked from commit 116190b004)
We have various apps which inherently work across all users,
configured in seapp_contexts with levelFrom=None (usually implicitly).
This change marks those apps, where they have private data files, as
mlstrustedsubject, to allow us to increase restrictions on cross-user
access without breaking them.
Currently these apps are granted full access to [priv_]app__data_file
via TE rules, but are blocked from calling open (etc) by mls rules
(they don't have a matching level).
This CL changes things round so they are granted access by mls, but
blocked from calling open by TE rules; the overall effect is thus the
same - they do not have access.
A neverallow rule is added to ensure this remains true.
Note that there are various vendor apps which are appdomain,
levelFrom=None; they will also need modified policy.
Test: builds, boots, no new denials.
Bug: 141677108
Change-Id: Ic14f24ec6e8cbfda7a775adf0c350b406d3a197e
This is to remove exported3_default_prop. Contexts of these properties
are changed.
- ro.boot.wificountrycode
This becomes wifi_config_prop
- ro.opengles.version
This becomes graphics_config_prop. Also it's read by various domains, so
graphics_config_prop is now readable from coredomain.
- persist.config.calibration_fac
This becomes camera_calibration_prop. It's only readable by appdomain.
Bug: 155844385
Test: no denials on Pixel devices
Test: connect wifi
Change-Id: If2b6c10fa124e29d1612a8f94ae18b223849e2a9
This removes bad context names "exported*_prop". Property contexts of
following properties are changed. All properties are settable only by
vendor-init.
- ro.config.per_app_memcg
This becomes lmkd_config_prop.
- ro.zygote
This becomes dalvik_config_prop.
- ro.oem_unlock_supported
This becomes oem_unlock_prop. It's readable by system_app which includes
Settings apps.
- ro.storage_manager.enabled
This becomes storagemanagr_config_prop. It's readable by coredomain.
Various domains in coredomain seem to read it.
- sendbug.preferred.domain
This bcomes sendbug_config_prop. It's readable by appdomain.
There are still 3 more exported3_default_prop, which are going to be
tracked individually.
Bug: 155844385
Test: selinux denial check on Pixel devices
Change-Id: I340c903ca7bda98a92d0f157c65f6833ed00df05
To remove bad context names "exported*_prop"
Bug: 155844385
Test: boot and see no denials
Change-Id: Icd30be64355699618735d4012461835eca8cd651
Merged-In: Icd30be64355699618735d4012461835eca8cd651
(cherry picked from commit 37c2d4d0c9)
(cherry picked from commit 3b66e9b9f8)
The rule "get_prop(coredomain, vts_status_prop)" is duplicated by
mistake. It's already in coredomain.te, and it should be deleted from
app.te
Bug: N/A
Test: m selinux_policy
Change-Id: I816c8da74940fc6ccdd50fe377aa54eae36237b4
vts_config_prop and vts_status_prop are added to remove exported*_prop.
ro.vts.coverage becomes vts_config_prop, and vts.native_server.on
becomes vts_status_prop.
Bug: 155844385
Test: Run some vts and then getprop, e.g. atest \
VtsHalAudioEffectV4_0TargetTest && adb shell getprop
Test: ro.vts.coverage is read without denials
Change-Id: Ic3532ef0ae7083db8d619d80e2b73249f87981ce
All files under odm_dlkm are tagged vendor_file.
All build props for odm_dlkm are mapped as build_vendor_prop.
Test: build and
`ls /odm_dlkm -lZ`
`adb shell getprop -Z | grep odm_dlkm`
Bug: 154633114
Change-Id: Ifca69d0b7a8da945910a9cb0fa907735cd866f12
dexoptanalyzer need read access on the secondary
dex files and of the main apk files in order to successfully evaluate
and optimize them.
Example of denial:
audit(0.0:30): avc: denied { read } for
path="/data/app/~~Zux_isdY0NBkRWPp01oAVg==/com.example.secondaryrepro-wH9zezMSCzIjcKdIMtrw7A==/base.apk"
dev="vdc" ino=40966 scontext=u:r:dexoptanalyzer:s0
tcontext=u:object_r:apk_data_file:s0 tclass=file permissive=0
app=com.example.secondaryrepro
Test: adb shell cmd package compile -r bg-dexopt --secondary-dex app
Bug: 160471235
Bug: 160351055
Change-Id: Id0bda5237d3ce1620d4f6ee89595836b4e1f3abf
We already have ro.logd. and persist.logd. as logd_prop, but not
logd. so this change adds it. New properties should be read-write by
default so logd. should be preferred to ro.logd.
Test: set logd.buffer_type appropriately.
Change-Id: I51ed19f0093a0302709116944153f37067814d08
A few netd avc denials are observed. Supress audit messages since they
don't cause a problem.
Bug: 77870037
Test: build, flash, boot
Change-Id: I019c5af62630fcd0a35e22c560b9043bba58f6f1
This is not allowed for apps with targetSdkVersion>=Q.
Allow this failure until gmscore fixes.
Bug: 160984921
Test: build
Change-Id: I1e9f2af091b22eef2bc05ae1e571fb45dec05cfe
ro.enable_boot_charger_mode and sys.boot_from_charger_mode are moved to
new property contexts for charger props to remove exported*_prop.
Bug: 155844385
Test: boot device with ro.enable_boot_charger_mode
Change-Id: I17d195d3c9c002a42125d46a5efcdb890f1c2a5c
All files under vendor_dlkm are tagged vendor_file.
All build props for vendor_dlkm are mapped as build_vendor_prop.
Test: build and
`ls /vendor_dlkm -lZ`
`adb shell getprop -Z | grep vendor_dlkm`
Bug: 154633114
Change-Id: Ie9dc26d948357767fec09aca645606310ad3425c
