Commit graph

939 commits

Author SHA1 Message Date
Gregory Montoir
90aa30a199 Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} am: f7727ace66 am: 84f6646c7c am: 8bac0a5547 am: 796f6637e4 am: 8881759651 am: ee34c61f9d
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16602719

Change-Id: If2d0ed11ebe759aa3b8170afb672451d5d997a2f
2022-01-13 00:15:38 +00:00
Gregory Montoir
2f2d4e9e9c Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} am: 1a6b37d838 am: ff22c64cbb am: 87d5e2ef90 am: 8554dcd97a
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16615268

Change-Id: Iea2cf75a2e875514756de5fd7ac2fce2dce531ec
2022-01-12 23:46:42 +00:00
Gregory Montoir
8f9228f6ac Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} am: 1a6b37d838 am: ff22c64cbb am: 87d5e2ef90 am: 8554dcd97a
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16615268

Change-Id: I705facaa4da4dfca50a7e50afd2db4bec6e6ee12
2022-01-12 23:46:36 +00:00
Gregory Montoir
8881759651 Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} am: f7727ace66 am: 84f6646c7c am: 8bac0a5547 am: 796f6637e4
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16602719

Change-Id: I76bdaca952b528a9fea775e3a0276f3be592bf33
2022-01-12 23:44:25 +00:00
Gregory Montoir
796f6637e4 Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} am: f7727ace66 am: 84f6646c7c am: 8bac0a5547
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16602719

Change-Id: Ic3688f33d8cab5a1a951780349602b6aed6b0e12
2022-01-12 23:27:00 +00:00
Gregory Montoir
ee426c1678 Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} am: fe0705ba42 am: a73406d0a4
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16616068

Change-Id: I95d6b842b10a98d87ab8e411bbf49c9cdbdb9f48
2022-01-12 23:16:16 +00:00
Gregory Montoir
860cc6f1d5 Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} am: fe0705ba42 am: a73406d0a4
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16616068

Change-Id: I0dc859d02da3dfc8ab7421a06aae2ee9aa65542e
2022-01-12 23:15:55 +00:00
Gregory Montoir
87d5e2ef90 Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} am: 1a6b37d838 am: ff22c64cbb
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16615268

Change-Id: Ied839549c500bfba3b46b2fc26e00baea7d2b11d
2022-01-12 23:15:02 +00:00
Gregory Montoir
8bac0a5547 Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} am: f7727ace66 am: 84f6646c7c
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16602719

Change-Id: I11fc36fbc3d65609a3215e9cecf5ce22fb06b97e
2022-01-12 23:14:44 +00:00
Gregory Montoir
84f6646c7c Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} am: f7727ace66
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16602719

Change-Id: I0f2729fc6ef1737965de0e38495a4908b76890d0
2022-01-12 23:02:17 +00:00
Gregory Montoir
ff22c64cbb Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} am: 1a6b37d838
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16615268

Change-Id: Ic7d459763baeaac4466ea599ff43176289d08203
2022-01-12 23:02:09 +00:00
Gregory Montoir
fe0705ba42 Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6}
File accesses go through com.android.ddmlib.SyncService for CTS
ListeningPortsTest.

Bug: 201645790
Test: atest ListeningPortsTest
Ignore-AOSP-First: Fix already in AOSP
Change-Id: I0c66fb5e35cda3b1799cf003402e454d7a951e96
2022-01-12 14:35:12 +00:00
Gregory Montoir
f7727ace66 Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6}
File accesses go through com.android.ddmlib.SyncService for CTS
ListeningPortsTest.

Bug: 201645790
Test: atest ListeningPortsTest
Ignore-AOSP-First: Fix already in AOSP
Change-Id: I0c66fb5e35cda3b1799cf003402e454d7a951e96
2022-01-12 14:34:33 +00:00
Gregory Montoir
1a6b37d838 Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6}
File accesses go through com.android.ddmlib.SyncService for CTS
ListeningPortsTest.

Bug: 201645790
Test: atest ListeningPortsTest
Ignore-AOSP-First: Fix already in AOSP
Change-Id: I0c66fb5e35cda3b1799cf003402e454d7a951e96
2022-01-12 14:33:22 +00:00
Thierry Strudel
195149fcf8 Allow app to get dck_prop
Bug: 208742539
Test: gts-tradefed run gts -m GtsDckTestCases --log-level-display DEBUG
Merged-In: Ie3f7c54805b9947fd43fe5118fd4808b4744664d
Signed-off-by: Thierry Strudel <tstrudel@google.com>
Change-Id: Ie3f7c54805b9947fd43fe5118fd4808b4744664d
2021-12-24 06:50:53 +00:00
Thierry Strudel
f4e3b06683 Allow app to get dck_prop
Ignore-AOSP-First: Touches prebuilts/api/32.0/private/app.te
Bug: 208742539
Test: gts-tradefed run gts -m GtsDckTestCases --log-level-display DEBUG
Signed-off-by: Thierry Strudel <tstrudel@google.com>
Change-Id: Ie3f7c54805b9947fd43fe5118fd4808b4744664d
2021-12-24 06:22:31 +00:00
TreeHugger Robot
bbf0802210 Merge "sepolicy updates for adding native flag namespace for lmkd" into sc-dev 2021-12-22 09:24:54 +00:00
Greg Kaiser
2b95a08c99 zygote: Add setattr permission to cgroup
Credit to Himanshu Agrawal <quic_hagraw@quicinc.com> for this fix.

Like we do with cgroup_v2, we set attribute permission to cgroup
as well.

This is the same fix as
https://android-review.googlesource.com/c/platform/system/sepolicy/+/1927857/
but it applies it to the prebuilts for api 32.0.

Test: On a Go device, which uses cgroup instead of cgroup_v2
Bug: 211037424, 211514318
Change-Id: Ib57c94d72d50317619aa513e9f784582e0c45862
2021-12-20 15:21:26 -08:00
Greg Kaiser
ed71842c6d zygote: Add setattr permission to cgroup
Credit to Himanshu Agrawal <quic_hagraw@quicinc.com> for this fix.

Like we do with cgroup_v2, we set attribute permission to cgroup
as well.

Test: On a Go device, which uses cgroup instead of cgroup_v2
Bug: 211037424
Change-Id: I5d58c9f549d205f1a8bdce6c5fba1cc833f2b492
Merged-In: I5d58c9f549d205f1a8bdce6c5fba1cc833f2b492
2021-12-16 22:55:34 +00:00
Yi-yo Chiang
a01429ce0b Merge "Add system_ext_userdebug_plat_sepolicy.cil for GSI" into sc-v2-dev 2021-12-10 04:05:11 +00:00
Inseob Kim
9dc6d70044 Remove 26.0 and 27.0 compat support
Treble doesn't support T system + O vendor, so removing 26.0 (N) and
27.0 (O) prebuilts and compat files.

Bug: 207815515
Test: build
Change-Id: I98d5972221a8e77f3c45fc48ff50bb2b8eb94275
2021-12-02 10:22:10 +09:00
Inseob Kim
bee558e4bb Add 32.0 mapping files
Steps taken to produce the mapping files:

1. Add prebuilts/api/32.0/plat_pub_versioned.cil from the
/vendor/etc/selinux/plat_pub_versioned.cil file built on sc-v2-dev with
lunch target aosp_arm64-eng. Add prebuilts/api/32.0/vendor_sepolicy.cil
as an empty file.

When adding plat_pub_versioned.cil, leave only type and typeattribute
statements, removing the other statements: allow, neverallow, role, etc.

2. Add new file private/compat/32.0/32.0.cil by doing the following:
- copy /system/etc/selinux/mapping/32.0.cil from sc-v2-dev
aosp_arm64-eng device to private/compat/32.0/32.0.cil
- remove all attribute declaration statement (typeattribute ...) and
sort lines alphabetically
- some selinux types were added/renamed/deleted w.r.t 32 sepolicy.
Find all such types using treble_sepolicy_tests_32.0 test.
- for all these types figure out where to map them by looking at
31.0.[ignore.]cil files and add approprite entries to 32.0.[ignore.]cil.

This change also enables treble_sepolicy_tests_32.0 and installs
32.0.cil mapping file onto the device.

Bug: 206330997
Test: m treble_sepolicy_tests_32.0
Test: m 32.0_compat_test
Test: m selinux_policy
Change-Id: I8b2991e64e2f531ce12db7aaacad955e4e8ed687
2021-12-01 10:58:25 +09:00
Inseob Kim
43b6a317bc Add SEPolicy prebuilts for Sv2 (API 32)
Bug: 206330997
Test: Build
Change-Id: I26082be343b15c9d6c7cabf0acd44711fbcc8113
2021-11-30 12:04:43 +09:00
Inseob Kim
212e65cbe8 Make 31.0 compat files up to date
Bug: 208126864
Test: m selinux_policy 31.0_compat_test treble_sepolicy_tests_31.0
Merged-In: Ic97d17b39f7307ed5af200c97c8c09ca0511c216
Change-Id: I75d139412686ae13dddf5b99c505becc8638558a
2021-11-30 10:13:34 +09:00
Inseob Kim
5a8afdcfa6 Make 31.0 prebuilts and compat files up to date
Bug: 208126864
Test: m selinux_policy 31.0_compat_test treble_sepolicy_tests_31.0
Change-Id: Ic97d17b39f7307ed5af200c97c8c09ca0511c216
2021-11-29 19:40:59 +09:00
Navinprashath
e7fae4b66b sepolicy: Add badge for gsm properties
Add badge for gsm.operator.iso-country and gsm.sim.operator.iso-country.

Test: Manual test
Bug: 205807505
Ignore-AOSP-First: already merged in AOSP; this is a reland
Change-Id: If4f399cd97b2297094ef9431450f29e0a91e5300
Merged-In: If4f399cd97b2297094ef9431450f29e0a91e5300
2021-11-25 14:04:56 +08:00
Yi-Yo Chiang
0b240d0270 Add system_ext_userdebug_plat_sepolicy.cil for GSI
system_ext_userdebug_plat_sepolicy.cil is a copy of
userdebug_plat_sepolicy.cil (debug_ramdisk) that's installed in the
system_ext partition.
The build rule is gated by a BoardConfig variable, so products other
than GSI cannot accidentally install this module.

*Unclean cherry-pick* prebuilts/api/32.0/private/file_contexts is
updated in this change, which is not in the original change.

Bug: 188067818
Test: Flash RQ2A.201207.001 bramble-user with debug ramdisk & flash
  gsi_arm64-user from master, device can boot and `adb root` works
Change-Id: I43adc6adad5e08dcc8e106d18fdacef962310883
Merged-In: I43adc6adad5e08dcc8e106d18fdacef962310883
(cherry picked from commit 814f3deb94)
2021-11-24 14:43:03 +08:00
Inseob Kim
451eeed439 Add 31.0 mapping files
Steps taken to produce the mapping files:

1. Add prebuilts/api/31.0/plat_pub_versioned.cil from the
/vendor/etc/selinux/plat_pub_versioned.cil file built on sc-dev with
lunch target aosp_arm64-eng. Add prebuilts/api/31.0/vendor_sepolicy.cil
as an empty file.

2. Add new file private/compat/31.0/31.0.cil by doing the following:
- copy /system/etc/selinux/mapping/31.0.cil from sc-dev aosp_arm64-eng
device to private/compat/31.0/31.0.cil
- remove all attribute declaration statement (typeattribute ...) and
sort lines alphabetically
- some selinux types were added/renamed/deleted w.r.t 31 sepolicy.
Find all such types using treble_sepolicy_tests_31.0 test.
- for all these types figure out where to map them by looking at
30.0.[ignore.]cil files and add approprite entries to 31.0.[ignore.]cil.

This change also enables treble_sepolicy_tests_31.0 and installs
31.0.cil mapping file onto the device.

Bug: 189161483
Bug: 207344718
Test: m treble_sepolicy_tests_31.0
Test: m 31.0_compat_test
Test: m selinux_policy
Change-Id: I6264b9cf77b80543dfea93157b45b864157e2b14
Merged-In: I6264b9cf77b80543dfea93157b45b864157e2b14
(cherry picked from commit 4f20ff73ee)
2021-11-22 12:11:07 +00:00
Ji Luo
d338d0ef55 Fix bootchart on android12
Access denial of Apexd would cause runtime abort and the
bootchart is not working on Android 12:
  ...
  F nativeloader: Error finding namespace of apex: no namespace called com_android_art
  F zygote64: runtime.cc:669] Runtime aborting...
  F zygote64: runtime.cc:669] Dumping all threads without mutator lock held
  F zygote64: runtime.cc:669] All threads:
  F zygote64: runtime.cc:669] DALVIK THREADS (1):
  F zygote64: runtime.cc:669] "main" prio=10 tid=1 Runnable (still starting up)
  F zygote64: runtime.cc:669]   | group="" sCount=0 ucsCount=0 flags=0 obj=0x0 self=0xb4000072de0f4010
  ...

Bug: 205880718
Test: bootchart test.

Signed-off-by: Ji Luo <ji.luo@nxp.com>
Change-Id: Ia7d166605cd0b58849cb44d9a16dc3c73e1d4353
2021-11-11 16:53:24 +08:00
Michael Wright
189f7f2eea Add SEPolicy prebuilts for Sv2 (API 32)
Bug: 204295952
Test: Build
Change-Id: Id5c21d8de931fb6be01c7d1f9f6fe19dc6977de7
Merged-In: Id5c21d8de931fb6be01c7d1f9f6fe19dc6977de7
2021-11-09 19:45:38 +00:00
Bart Van Assche
e3cfa9e1d3 Revert "Remove the bdev_type and sysfs_block_type SELinux attributes"
This reverts commit 63930d3850.

Reason for revert: Broken build (https://android-build.googleplex.com/builds/submitted/7863094/aosp_raven-userdebug/latest/view/logs/error.log)

Change-Id: I1742d69d471e9b00359a2e7e654aa752513990df
2021-10-28 18:03:49 +00:00
Bart Van Assche
63930d3850 Remove the bdev_type and sysfs_block_type SELinux attributes
Remove these SELinux attributes since the apexd and init SELinux policies
no longer rely on these attributes.

The only difference between a previous version of this patch and the
current patch is that the current patch moves these attributes to the
'compat' policy. See also
https://android-review.googlesource.com/c/platform/system/sepolicy/+/1850656.

This patch includes a revert of commit 8b2b951349 ("Restore permission
for shell to list /sys/class/block"). That commit is no longer necessary
since it was a bug fix for the introduction of the sysfs_block type.

Bug: 202520796
Test: source build/envsetup.sh && lunch aosp_x86_64 && m && launch_cvd && adb -e shell dmesg | grep avc
Change-Id: Id7d32a914e48bc74da63d87ce6a09f11e323c186
Signed-off-by: Bart Van Assche <bvanassche@google.com>
2021-10-25 16:26:07 -07:00
liyaoli
de5d6b4a7c Allow zygote to setattr cgroup
Bug: 203385941
Test: config ro.config.per_app_memcg=true && turn on the screen && leave it for 11 minutes

Change-Id: I7eac9c39f2ed0d9761852dbe2a26d54c27b72237
2021-10-18 20:33:48 +08:00
Kelvin Zhang
72a49cc20e Reland: Add ro.vendor.build.dont_use_vabc to property_contexts am: 6a70197dae
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16006752

Change-Id: Iadfcd16537ad92f90fcf1c920c1437d6c68edd46
2021-10-08 22:07:58 +00:00
Satoshi Niwa
ae167c2105 Set expandattribute false for property attributes in prebuilts am: fa3b250ad1
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1435472

Change-Id: I09d504f312e95a63434c68211f5dd830b6b22f1a
2021-10-08 17:12:46 +00:00
Kelvin Zhang
6a70197dae Reland: Add ro.vendor.build.dont_use_vabc to property_contexts
Bug: 185400304
Buh: 201957239

Test: mm

This CL was merged to sc-dev, but reverted due to wrong Merged-In tag.
It resulted in mismatch between sc-dev and other branches like aosp,
internal main, etc. This change needs to reland on sc-dev.

Ignore-AOSP-First: already merged in AOSP; this is a reland

(cherry picked from commit 407b21b3cd)
Change-Id: I66703249de472bc6da16b147a69803ff141c54d3
2021-10-08 00:58:09 +00:00
Xin Li
e69c4ae635 Merge SP1A.210812.016
Merged-In: I7dec0a3d82c82b5dea4b5f3f38d9170bb1f40840
Change-Id: Idf4f6bebc2c849811bac8f6df34d1cd997978bb8
2021-09-28 19:55:59 +00:00
Suren Baghdasaryan
0e0d0ad652 sepolicy updates for adding native flag namespace for lmkd
sepolicy updates for running lmkd experiments.

Bug: 194316048
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I21df3b76cce925639385111bd23adf419f026a65
Merged-In: I21df3b76cce925639385111bd23adf419f026a65
2021-09-08 21:12:09 +00:00
Suren Baghdasaryan
3f95dc1e5b sepolicy updates for adding native flag namespace for lmkd
sepolicy updates for running lmkd experiments.

Bug: 194316048
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I21df3b76cce925639385111bd23adf419f026a65
Merged-In: I21df3b76cce925639385111bd23adf419f026a65
2021-09-02 08:03:21 -07:00
TreeHugger Robot
842d75a7e6 Merge "Revert "Reland: Add ro.vendor.build.dont_use_vabc to property_contexts"" into sc-dev 2021-08-31 17:22:23 +00:00
Kelvin Zhang
e52b7716cb Revert "Reland: Add ro.vendor.build.dont_use_vabc to property_contexts"
This reverts commit 2e7abeb570.

Reason for revert: b/197917451

Bug: 197917451

Change-Id: I570fe494976b3676074a9b8794859db75b827120
2021-08-30 16:26:48 +00:00
Orion Hodson
51bd92505b odrefresh: add permission to sigkill child processes
(cherry picked from commit 522bcbe9e6)
Ignore-AOSP-First: cherry-pick from aosp
Bug: 177432913
Bug: 196969404
Test: manually decrease odrefresh compilation timeout, no avc denied
Change-Id: I7dec0a3d82c82b5dea4b5f3f38d9170bb1f40840
(cherry picked from commit 86477d7933)
2021-08-20 00:34:06 +00:00
Orion Hodson
86477d7933 odrefresh: add permission to sigkill child processes
(cherry picked from commit 522bcbe9e6)
Ignore-AOSP-First: cherry-pick from aosp
Bug: 177432913
Bug: 196969404
Test: manually decrease odrefresh compilation timeout, no avc denied
Change-Id: I7dec0a3d82c82b5dea4b5f3f38d9170bb1f40840
2021-08-19 10:13:43 +00:00
Eric Biggers
0fc214e291 Restore permission for shell to list /sys/class/block
As a side effect, commit ec50aa5180 ("Allow the init and apexd
processes to read all block device properties") removed permission for
the shell context to list the /sys/class/block directory.  There is a
CTS test that relies on this (CtsNativeEncryptionTestCases), so grant
permission to do this again.

Bug: 196521739
Bug: 194450129
Test: Before this change, 'adb shell ls /sys/class/block' fails.
      After this change, 'adb shell ls /sys/class/block' succeeds.
Change-Id: I87cb90880f927db1385887b35c84f4dd7f95021b
Merged-In: I87cb90880f927db1385887b35c84f4dd7f95021b
(cherry picked from commit ff53c4d16e)
2021-08-19 03:22:01 +00:00
Eric Biggers
ff53c4d16e Restore permission for shell to list /sys/class/block
As a side effect, commit ec50aa5180 ("Allow the init and apexd
processes to read all block device properties") removed permission for
the shell context to list the /sys/class/block directory.  There is a
CTS test that relies on this (CtsNativeEncryptionTestCases), so grant
permission to do this again.

Bug: 196521739
Bug: 194450129
Test: Before this change, 'adb shell ls /sys/class/block' fails.
      After this change, 'adb shell ls /sys/class/block' succeeds.
Change-Id: I87cb90880f927db1385887b35c84f4dd7f95021b
Merged-In: I87cb90880f927db1385887b35c84f4dd7f95021b
2021-08-17 13:38:41 -07:00
Eric Biggers
2b7e9943d9 Merge "Restore permission for shell to list /sys/class/block" am: cc0f64416f
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1797007

Change-Id: I60b12f2a7cb088b8e648149d9356f9b00f97adbe
2021-08-17 19:17:07 +00:00
Eric Biggers
8b2b951349 Restore permission for shell to list /sys/class/block
As a side effect, commit ec50aa5180 ("Allow the init and apexd
processes to read all block device properties") removed permission for
the shell context to list the /sys/class/block directory.  There is a
CTS test that relies on this (CtsNativeEncryptionTestCases), so grant
permission to do this again.

Bug: 196521739
Bug: 194450129
Test: Before this change, 'adb shell ls /sys/class/block' fails.
      After this change, 'adb shell ls /sys/class/block' succeeds.
Change-Id: I87cb90880f927db1385887b35c84f4dd7f95021b
2021-08-16 10:54:44 -07:00
Paul Crowley
f87e5bafb5 Merge "Revert^2 "Allow vold to deleteAllKeys in Keystore"" into sc-dev 2021-08-13 02:33:43 +00:00
Paul Crowley
449a6e1351 Revert^2 "Allow vold to deleteAllKeys in Keystore"
Revert submission 15536724-revert-15521094-vold-deleteAllKeys-GDJSMLXRVZ

Reason for revert: Underlying KM problem fixed
Reverted Changes:
I8e2621bef:Revert "Detect factory reset and deleteAllKeys"
I546b980bb:Revert "Add deleteAllKeys to IKeystoreMaintenance"...
I1ed68dd9e:Revert "Allow vold to deleteAllKeys in Keystore"

Bug: 187105270
Test: booted Cuttlefish twice
Change-Id: I6a9981ace72b133082d1d600f8e45b55bdb34b44
2021-08-13 01:44:22 +00:00
TreeHugger Robot
b7d0820dcf Merge "sepolicy: Add supporting for property name with phone id" into sc-dev 2021-08-12 07:24:24 +00:00
Shawn Willden
9de6c0e94c Merge "Revert "Allow vold to deleteAllKeys in Keystore"" into sc-dev 2021-08-12 01:17:13 +00:00
Shawn Willden
4b8112473d Revert "Allow vold to deleteAllKeys in Keystore"
Revert submission 15521094-vold-deleteAllKeys

Reason for revert: Causes infinite loop in Trusty KeyMint
Reverted Changes:
I9c5c54714:Detect factory reset and deleteAllKeys
I2fb0e94db:Allow vold to deleteAllKeys in Keystore
Id23f25c69:Add deleteAllKeys to IKeystoreMaintenance
Ife779307d:Enable deleteAllKeys from vold
I4312b9a11:Enable deleteAllKeys from vold

Bug: 187105270
Change-Id: I1ed68dd9ee9a6f14152307d610af0b16dd3219ac
2021-08-12 01:08:37 +00:00
Paul Crowley
c0cae7496e Merge "Allow vold to deleteAllKeys in Keystore" into sc-dev 2021-08-11 21:41:17 +00:00
Paul Crowley
cb00759831 Merge "Allow vold to deleteAllKeys in Keystore" am: d46569c261 am: 66b0b41923
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1789529

Change-Id: I03d240d980763f3a84971f185f207204bac2602d
2021-08-11 18:13:25 +00:00
Paul Crowley
4a664e8d5d Allow vold to deleteAllKeys in Keystore
Add deleteAllKeys to IKeystoreMaintenance and allow vold to call it.
Allow vold to read the property
`ro.crypto.metadata_init_delete_all_keys.enabled`

Bug: 187105270
Test: booted twice on Cuttlefish
Ignore-AOSP-First: no merge path to this branch from AOSP.
Merged-In: I2fb0e94db9d35c1f19ca7acb2f541cfb13c23524
Change-Id: I2fb0e94db9d35c1f19ca7acb2f541cfb13c23524
2021-08-11 10:16:28 -07:00
EdenSu
ee495b312c sepolicy: Add supporting for property name with phone id
Add debug property name with phone id.

Bug: 194281028
Test: Build and verified there is no avc denied in the log
Change-Id: Ia7ca93a3390b2f59e894ca7ebce4cae9c0f83d28
Merged-In: Ia7ca93a3390b2f59e894ca7ebce4cae9c0f83d28
2021-08-11 16:37:03 +00:00
Paul Crowley
bf29c3a2dc Allow vold to deleteAllKeys in Keystore
Add deleteAllKeys to IKeystoreMaintenance and allow vold to call it.
Allow vold to read the property
`ro.crypto.metadata_init_delete_all_keys.enabled`

Bug: 187105270
Test: booted twice on Cuttlefish
Change-Id: I2fb0e94db9d35c1f19ca7acb2f541cfb13c23524
2021-08-10 21:51:09 -07:00
Bart Van Assche
db5e6c2424 Allow the init and apexd processes to read all block device properties
Addressing b/194450129 requires configuring the I/O scheduler and the
queue depth of loop devices. Doing this in a generic way requires
iterating over the block devices under /sys/class/block and also to
examine the properties of the boot device (/dev/sda). Hence this patch
that allows 'init' and 'apexd' to read the properties of all block
devices. The patch that configures the queue depth is available at
https://android-review.googlesource.com/c/platform/system/core/+/1783847.

Bug: 194450129
Test: Built Android images, installed these on an Android device and verified that modified init and apexd processes do not trigger any SELinux complaints.
Ignore-AOSP-First: This patch is already in AOSP.
Merged-In: Icb62449fe0d21b3790198768a2bb8e808c7b968e
Change-Id: Icb62449fe0d21b3790198768a2bb8e808c7b968e
Signed-off-by: Bart Van Assche <bvanassche@google.com>
2021-08-10 09:30:27 -07:00
Bart Van Assche
052995e65e init.te: Allow init to modify the properties of loop devices
The init process configures swapping over zram over a loop device. An
I/O scheduler is associated with the loop device. Tests have shown that
no I/O scheduler works better than the default, mq-deadline. Hence
allow the init process to configure the loop device I/O scheduler.

Without this patch, the following SELinux denials are reported during
boot:

1     1 I auditd  : type=1400 audit(0.0:4): avc: denied { read write } for comm="init" name="scheduler" dev="sysfs" ino=78312 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_loop:s0 tclass=file permissive=0
1     1 I auditd  : type=1400 audit(0.0:4): avc: denied { read write } for comm="init" name="scheduler" dev="sysfs" ino=78312 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_loop:s0 tclass=file permissive=0

Bug: 194450129
Test: Built Android images and installed these on an Android device.
Ignore-AOSP-First: This patch is already in AOSP.
Merged-In: I0af0a92c53bb1f68b57f6814c431a7f03d8ea967
Change-Id: I0af0a92c53bb1f68b57f6814c431a7f03d8ea967
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
2021-08-10 09:30:10 -07:00
Bart Van Assche
7efcbf568c Allow the init and apexd processes to read all block device properties am: ec50aa5180 am: b00618fb9f
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1783947

Change-Id: Iac344ff86cae6870c6f29fc2b4fb5529482a4219
2021-08-10 01:54:52 +00:00
Bart Van Assche
ec50aa5180 Allow the init and apexd processes to read all block device properties
Addressing b/194450129 requires configuring the I/O scheduler and the
queue depth of loop devices. Doing this in a generic way requires
iterating over the block devices under /sys/class/block and also to
examine the properties of the boot device (/dev/sda). Hence this patch
that allows 'init' and 'apexd' to read the properties of all block
devices. The patch that configures the queue depth is available at
https://android-review.googlesource.com/c/platform/system/core/+/1783847.

Test: Built Android images, installed these on an Android device and verified that modified init and apexd processes do not trigger any SELinux complaints.
Change-Id: Icb62449fe0d21b3790198768a2bb8e808c7b968e
Signed-off-by: Bart Van Assche <bvanassche@google.com>
2021-08-09 13:46:41 -07:00
Martijn Coenen
025423495e Merge "Allow shell to read odsign properties." am: a194f2737e am: ee5b30b948
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1787990

Change-Id: I293034ab8a42c7b79f0db2b1004094ea9594fcbf
2021-08-09 07:19:16 +00:00
Martijn Coenen
a194f2737e Merge "Allow shell to read odsign properties." 2021-08-09 06:45:56 +00:00
Martijn Coenen
fd6d708cc1 Allow shell to read odsign properties.
The shell context can invoke app_process (ART runtime), which in turn
reads odsign_prop to determine whether we determined that the generated
artifacts are valid. Since this was denied until now, app processes
invoked through shell would fall back to JIT Zygote. This is probably
fine, but since fixing the denial is really simple (and not risky), this
option might be preferred over adding it to the bug map.

Bug: 194630189
Test: `adb shell sm` no longer generates a denial
Change-Id: Ia7c10aec53731e5fabd05f036b12e10d63878a30
2021-08-06 08:40:40 +02:00
Bart Van Assche
920fb6cb48 Merge "init.te: Allow init to modify the properties of loop devices" am: cb779773b7 am: a953822b61
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1782387

Change-Id: I783a810622dc05fc2eb667268596d50c4b21430e
2021-08-05 17:10:39 +00:00
Bart Van Assche
9059e215dc init.te: Allow init to modify the properties of loop devices
The init process configures swapping over zram over a loop device. An
I/O scheduler is associated with the loop device. Tests have shown that
no I/O scheduler works better than the default, mq-deadline. Hence
allow the init process to configure the loop device I/O scheduler.

Without this patch, the following SELinux denials are reported during
boot:

1     1 I auditd  : type=1400 audit(0.0:4): avc: denied { read write } for comm="init" name="scheduler" dev="sysfs" ino=78312 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_loop:s0 tclass=file permissive=0
1     1 I auditd  : type=1400 audit(0.0:4): avc: denied { read write } for comm="init" name="scheduler" dev="sysfs" ino=78312 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_loop:s0 tclass=file permissive=0

Bug: 194450129
Test: Built Android images and installed these on an Android device.
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Change-Id: I0af0a92c53bb1f68b57f6814c431a7f03d8ea967
2021-08-04 11:48:14 -07:00
Rick Yiu
7c14f44109 Move vendor_sched to common sepolicy
Previously vendor_sched is put under product area which will be replaced
by GSI. To solve it, move it to system/sepolicy.

Bug: 194656257
Test: build pass
Change-Id: I15801c0db0a8643cac2a2fc1f004db6fb21050dc
Merged-In: Ia0b855e3a876a58b58f79b4fba09293419797b47
2021-07-30 03:03:42 +00:00
Martijn Coenen
3f1c5d5c14 Merge "Allow odsign to stop itself." into sc-dev 2021-07-28 15:06:47 +00:00
Martijn Coenen
3ca856a1a9 Merge "Allow odsign to stop itself." am: 359aea7d49 am: 632c8e428f
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1779988

Change-Id: I863a95342f0a37f14107827df145a49f2a911c19
2021-07-28 12:20:34 +00:00
Martijn Coenen
28377a8a17 Allow odsign to stop itself.
Carve out a label for the property, and allow odsign to set it.

Bug: 194334176
Test: no denials
Change-Id: I9dafefabc27c679ed9f36e617e824f44f3b16bbd
Merged-In: I9dafefabc27c679ed9f36e617e824f44f3b16bbd
2021-07-28 11:52:48 +00:00
Martijn Coenen
359aea7d49 Merge "Allow odsign to stop itself." 2021-07-28 11:50:22 +00:00
Martijn Coenen
5f21a0fa92 Allow odsign to stop itself.
Carve out a label for the property, and allow odsign to set it.

Bug: 194334176
Test: no denials
Change-Id: I9dafefabc27c679ed9f36e617e824f44f3b16bbd
2021-07-28 10:50:35 +02:00
Jiakai Zhang
7f60ff9cda Track system_server->apex_art_data_file denial. am: 329cbf4d4e am: 82a576c1a4
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1771168

Change-Id: Ic90844a9811fcd55283acd10db3d930707d3af9c
2021-07-24 10:06:37 +00:00
Jiakai Zhang
329cbf4d4e Track system_server->apex_art_data_file denial.
The denial occurs when system_server dynamically loads AOT artifacts at
runtime.

Sample message:
type=1400 audit(0.0:4): avc: denied { execute } for comm="system_server" path="/data/misc/apexdata/com.android.art/dalvik-cache/arm64/system@framework@com.android.location.provider.jar@classes.odex" dev="dm-37" ino=296 scontext=u:r:system_server:s0 tcontext=u:object_r:apex_art_data_file:s0 tclass=file permissive=0

Currently, system_server is only allowed to load AOT artifacts at startup. odrefresh compiles jars in SYSTEMSERVERCLASSPATH, which are supposed to be loaded by system_server at startup. However, com.android.location.provider is a special case that is not only loaded at startup, but also loaded dynamically as a shared library, causing the denial.

Therefore, this denial is currently expected. We need to compile com.android.location.provider so that its AOT artifacts can be picked up at system_server startup, but we cannot allow the artifacts to be loaded dynamically for now because further discussion about its security implications is needed. We will find a long term solution to this, tracked by b/194054685.

Test: Presubmits
Bug: 194054685

Change-Id: I3850ae022840bfe18633ed43fb666f5d88e383f6
2021-07-24 09:42:03 +08:00
TreeHugger Robot
8797257e3f Merge "property_contexts: Add ro.lmk.filecache_min_kb property context" into sc-dev 2021-07-21 07:34:31 +00:00
Orion Hodson
5194040519 Merge "postinstall_dexopt: allow reading odsign.verification.status" am: ae132647b1 am: 14b66293ba
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1771328

Change-Id: I1b7b3d5f34c4fff9ba4282afa2cdec97895bfd6e
2021-07-20 11:21:34 +00:00
Orion Hodson
ae132647b1 Merge "postinstall_dexopt: allow reading odsign.verification.status" 2021-07-20 10:58:57 +00:00
Daniel Norman
072de7b4b2 Merge "Rename vpnprofilestore to legacykeystore in 31.0 mapping files." am: f541acd250 am: ffb2010a0a
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1771593

Change-Id: I7699781df4dccce679a8baccdb5e47074e0fb3db
2021-07-20 00:44:25 +00:00
Orion Hodson
07cafca82a postinstall_dexopt: allow reading odsign.verification.status
Allows dexopt to read odsign verification status and use on-device
generated artifacts when dexopting after an OTA.

(cherry pick from change 5fcce9ded3)
Bug: 194069492
Ignore-AOSP-First: cherry pick of https://r.android.com/1771328
Test: manually apply ota, see no denials for reading property
Merged-In: I97acfc17ffd9291d1a81906c75039f01624dff0f
Change-Id: I05453570add7365e1c094d3ea316d53d7c52023a
2021-07-19 19:47:33 +00:00
Orion Hodson
5fcce9ded3 postinstall_dexopt: allow reading odsign.verification.status
Allows dexopt to read odsign verification status and use on-device
generated artifacts when dexopting after an OTA.

Bug: 194069492
Test: manually apply ota, see no denials for reading property
Change-Id: I97acfc17ffd9291d1a81906c75039f01624dff0f
2021-07-19 20:37:20 +01:00
Daniel Norman
31aaac3f18 Rename vpnprofilestore to legacykeystore in 31.0 mapping files.
This service was renamed in
commit 8aaf796f980f21a8acda73180a876095b960fc28
after the mapping files were originally created in
commit 4f20ff73ee.

Bug: 191304621
Test: Merge redfin_vf_s T-based system with S-based vendor.
Change-Id: I3430f13a3438c06c6cb469a35a80390f83b1c0b4
2021-07-19 11:51:14 -07:00
Suren Baghdasaryan
ff51a7bf96 property_contexts: Add ro.lmk.filecache_min_kb property context
ro.lmk.filecache_min_kb property allows vendors to specify min filecache
size in KB that should be reached after thrashing is detected.

Bug: 193293513
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I927f4a1c81db3f284353fe4ab93bf454acff69b7
Merged-In: I927f4a1c81db3f284353fe4ab93bf454acff69b7
2021-07-19 09:48:54 +00:00
Orion Hodson
638ee80658 Add get_prop(odsign_prop) to incidentd.te am: 6f9b65aac7
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/15235557

Change-Id: Ia3383c71d0d855db09c197db8c311d38afc59625
2021-07-12 20:31:38 +00:00
Hasini Gunasinghe
806c7eb133 Allow keystore to read and write keystore.crash_count system property.
Additionally, remove the obsolete permission which allows keystore to
register callbacks with statsd. There's no direct communication between
keystore and statsd now.

Ignore-AOSP-First: Resolving merge conflicts.
Bug: 188590587
Test: statsd TestDrive script.
Merged-In: I31d202751ba78bb547822020260a7e366cb8826e

Change-Id: I31d202751ba78bb547822020260a7e366cb8826e
2021-07-09 16:20:07 +00:00
Orion Hodson
6f9b65aac7 Add get_prop(odsign_prop) to incidentd.te
Prevents SELinux denial when capturing a bugreport.

Bug: 192895524
Bug: 193084909
Bug: 193096842
Bug: 193097008
Bug: 193097511
Bug: 193097845
Bug: 193097886
Ignore-AOSP-First: cherry pick of https://r.android.com/1761447
Test: adb bugreport and check no denial in logcat.
Change-Id: Ide5d95782929836cffc5b3921bffae3295773532
2021-07-09 16:03:35 +01:00
Hasini Gunasinghe
2a5ab82215 Merge "Allow keystore to read and write keystore.crash_count system property." into sc-dev 2021-07-09 00:08:41 +00:00
Hasini Gunasinghe
4fa6b1a037 Allow keystore to read and write keystore.crash_count system property.
Additionally, remove the obsolete permission which allows keystore to
register callbacks with statsd. There's no direct communication between
keystore and statsd now.

Ignore-AOSP-First: No mergepath to AOSP.
Bug: 188590587
Test: statsd TestDrive script.
Merged-In: I31d202751ba78bb547822020260a7e366cb8826e

Change-Id: I31d202751ba78bb547822020260a7e366cb8826e
2021-07-08 17:54:58 +00:00
Hasini Gunasinghe
9fe1532ade Allow keystore to read and write keystore.crash_count system property.
Additionally, remove the obsolete permission which allows keystore to
register callbacks with statsd. There's no direct communication between
keystore and statsd now.

Ignore-AOSP-First: No mergepath to AOSP.
Bug: 188590587
Test: statsd TestDrive script.
Merged-In: I31d202751ba78bb547822020260a7e366cb8826e

Change-Id: I31d202751ba78bb547822020260a7e366cb8826e
2021-07-08 14:29:44 +00:00
Orion Hodson
2e7eebe266 Merge "Allow app_zygote to read zygote_tmpfs." into sc-dev am: b03c657b2b
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/15179050

Change-Id: Id46091314cb8d3f3c8e36c4c3bbabb6401920110
2021-07-05 15:41:51 +00:00
Orion Hodson
b03c657b2b Merge "Allow app_zygote to read zygote_tmpfs." into sc-dev 2021-07-05 15:31:17 +00:00
Martijn Coenen
67db7e2d88 Allow app_zygote to read zygote_tmpfs.
app_zygote inherits tmpfs files from zygote, and needs to be able to
stat them after fork.

Bug: 192634726
Bug: 192572973
Bug: 119800099
Test: forrest
Ignore-AOSP-First: cherry pick of https://r.android.com/1753279
Change-Id: I6ddf433dbbf4a894fcb6d35c0cb723444d360e47
2021-07-05 13:54:28 +00:00
Jayant Chowdhary
487df8589b Merge "Define property ro.camera.enableCamera1MaxZsl" into sc-dev am: cf2b1eff87
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/14683766

Change-Id: I21a6b1cc1e6311c256110d2764300617fe583173
2021-07-02 23:18:27 +00:00
Jayant Chowdhary
cf2b1eff87 Merge "Define property ro.camera.enableCamera1MaxZsl" into sc-dev 2021-07-02 23:05:50 +00:00
Orion Hodson
e0641bba4d Allow zygotes and installd to read odsign properties am: be6873bd15
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/15175855

Change-Id: Ib72bda2605e614e4e1224d2ffe2e2693c842adfe
2021-07-02 17:48:39 +00:00
Orion Hodson
be6873bd15 Allow zygotes and installd to read odsign properties
(cherry picked from commit f135ce393c)
Bug: 192049377
Test: manual
Ignore-AOSP-First: cherry pick of https://r.android.com/1753264
Change-Id: I3e8ee380fe38e1bd6cc90a568b10b97f877e68fa
2021-07-02 11:57:24 +01:00
Jayant Chowdhary
8394a04840 Define property ro.camera.enableCamera1MaxZsl
Bug: 184617195

Test: atest CameraGLTest.java (basic validity)

Change-Id: I30f8fb647cb8f67ff75d41718e3cc475d206a29a
Signed-off-by: Jayant Chowdhary <jchowdhary@google.com>
2021-07-01 08:15:39 -07:00
Nicolas Geoffray
08395f47ea Merge "Fix braino in dexoptanalyzer policy and add dex2oat postinstall rule." into sc-dev am: b3b0d4da94
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/15130061

Change-Id: Ic7a53f2139871dbf457f70ebb6d7db4d9ef9aa4c
2021-07-01 09:44:28 +00:00
Nicolas Geoffray
b3b0d4da94 Merge "Fix braino in dexoptanalyzer policy and add dex2oat postinstall rule." into sc-dev 2021-07-01 09:31:02 +00:00
Hasini Gunasinghe
4334d35f01 Add keystore permission for metrics re-routing.
Keystore2 atoms need to be rounted to statsd via a proxy.
The proxy needs to have this permission in order to pull metrics from
keystore.

Ignore-AOSP-First: No mergepath to AOSP.
Bug: 188590587
Test: Statsd Testdrive script
Change-Id: Ic94f4bb19a08b6300cfd2d3ed09b31d5b7081bfd
Merged-In: Ic94f4bb19a08b6300cfd2d3ed09b31d5b7081bfd
(cherry picked from commit 61d07e7ce0)
2021-06-30 17:02:14 -07:00
Janis Danisevskis
e1a289b66f Merge "Rename vpnprofilestore to legacykeystore." into sc-dev am: adb49d3df6
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/14981212

Change-Id: Ie341418b9491cd93e2af1ebe354f943e8ff85499
2021-06-30 19:57:20 +00:00
Janis Danisevskis
adb49d3df6 Merge "Rename vpnprofilestore to legacykeystore." into sc-dev 2021-06-30 19:42:27 +00:00
Janis Danisevskis
4678660d83 Rename vpnprofilestore to legacykeystore.
Bug: 191373871
Test: N/A
Merged-In: I3f11827909bd37a2127069de82670776a8e192b3
Change-Id: I3f11827909bd37a2127069de82670776a8e192b3
2021-06-30 12:40:39 -07:00
Jeff Vander Stoep
97dee733c4 system_app: remove adb data loader permissions am: 16b7d5d829 am: d775d04e7e am: c493691bac
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/14881537

Change-Id: Icd3b3313c18c866e71e84668d44f79116e3566b4
2021-06-30 17:32:46 +00:00
Jeff Vander Stoep
c493691bac system_app: remove adb data loader permissions am: 16b7d5d829 am: d775d04e7e
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/14881537

Change-Id: I32ce439f2aac808a2510673c56c034828ee52f90
2021-06-30 17:24:00 +00:00
Jeff Vander Stoep
d775d04e7e system_app: remove adb data loader permissions am: 16b7d5d829
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/14881537

Change-Id: I9899465b81011dbbec2a468111ad6ab8b357f081
2021-06-30 17:12:51 +00:00
Janis Danisevskis
ab433c765b Rename vpnprofilestore to legacykeystore.
Ignore-AOSP-First: No mergepath from AOSP.
Bug: 191373871
Test: N/A
Change-Id: I3f11827909bd37a2127069de82670776a8e192b3
2021-06-30 09:36:30 -07:00
Hasini Gunasinghe
7611870f49 Merge "Add keystore permission for metrics re-routing." into sc-dev am: 898fc5b39b
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/14937250

Change-Id: I881b239515d17f81099ed16d519e1071e80c68ea
2021-06-30 13:32:33 +00:00
Hasini Gunasinghe
898fc5b39b Merge "Add keystore permission for metrics re-routing." into sc-dev 2021-06-30 13:07:22 +00:00
Orion Hodson
702ff51093 Merge "Allow system_server_startup to load system server odex files" into sc-dev am: ae1b59975a
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/15108690

Change-Id: I38627ced50e40958caa3decba8068cb9a9de76fb
2021-06-29 16:09:39 +00:00
Orion Hodson
ae1b59975a Merge "Allow system_server_startup to load system server odex files" into sc-dev 2021-06-29 16:05:36 +00:00
Nicolas Geoffray
92b18f575d Fix braino in dexoptanalyzer policy and add dex2oat postinstall rule.
Test: m
Bug: 190817237
Change-Id: I4f73d7a137f2e2ee9497ca5e4c8ef28b3f86c35c
(cherry picked from commit f82451e0a4)
2021-06-29 14:15:48 +01:00
Devin Moore
61d3d06c64 Merge "Fix recovery denials when reading /proc/bootconfig" into sc-dev am: b03b9eb7e7
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/15094918

Change-Id: I02257da14d0cc380e2a960679959d52b2245ebf8
2021-06-28 22:38:25 +00:00
Devin Moore
b03b9eb7e7 Merge "Fix recovery denials when reading /proc/bootconfig" into sc-dev 2021-06-28 22:26:29 +00:00
Devin Moore
53c90152ea Fix recovery denials when reading /proc/bootconfig
These denials were found in the logs of a test failure that entered
recovery mode.
Recovery uses libfs_mgr which reads /proc/bootconfig.

Test: Boot device into recovery and check for "avd: denied" logs
Bug: 191904998
Bug: 191737840
Ignore-AOSP-First: Merged-In not used to allow the change in prebuilts to merge
Change-Id: I96ae514cfd68856717e143d295f2838a7d0eff14
2021-06-28 20:29:21 +00:00
Orion Hodson
4d6e34c3f8 Allow system_server_startup to load system server odex files
(cherry picked from commit 7778e8cdb3)

Bug: 180949581
Test: atest odsign_e2e_tests
Ignore-AOSP-First: cherry-pick from aosp
Change-Id: Ia49118ffb771abb425e3d7ee2f50ada7524f735f
2021-06-28 17:00:55 +00:00
Michael Ayoubi
07aa892503 Extend hal_uwb_server neverallow
Bug: 187386527
Test: Boot and confirm HAL is up

Signed-off-by: Michael Ayoubi <mayoubi@google.com>
Change-Id: I2abf108f2504997b06c0269f905608d8063cb3b4
Merged-In: I2abf108f2504997b06c0269f905608d8063cb3b4
2021-06-28 03:10:49 +00:00
Michael Ayoubi
c3af66222b Extend hal_uwb_server neverallow
Bug: 187386527
Test: Boot and confirm HAL is up
Signed-off-by: Michael Ayoubi <mayoubi@google.com>
Change-Id: I2abf108f2504997b06c0269f905608d8063cb3b4
Merged-In: I2abf108f2504997b06c0269f905608d8063cb3b4
2021-06-25 17:31:09 +09:00
TreeHugger Robot
98f9af8bc1 Merge "Ensure that only desired processes can access TracingServiceProxy" into sc-dev 2021-06-24 22:02:23 +00:00
Treehugger Robot
b79a4d034e Merge "Ensure that only desired processes can access TracingServiceProxy" am: 230a6c5e96 am: d00d851483
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1744762

Change-Id: I2d81ae35699f54bf7961f9b42c5cd95e60e4b438
2021-06-24 21:17:56 +00:00
Treehugger Robot
230a6c5e96 Merge "Ensure that only desired processes can access TracingServiceProxy" 2021-06-24 20:45:29 +00:00
Carmen Jackson
2d6fb3971b Ensure that only desired processes can access TracingServiceProxy
This change adds a neverallow rule in traced.te to limit the processes
that can find tracingproxy_service, the context for TracingServiceProxy.

I wanted to avoid moving the tracingproxy_service definition to public,
so there were a few services that are exempted from this neverallow
rule.

Bug: 191391382
Test: Manually verified that with this change, along with the other
change in this topic, I see no errors when taking a bugreport while a
Traceur trace is running and the expected trace is included in the
generated bugreport.

Change-Id: I28d0b1b08baac43a53fe5a1ff0f67b788d51dc74
Merged-In: I8658df0db92ae9cf4fefe2eebb4d6d9a5349ea89
2021-06-24 18:42:57 +00:00
TreeHugger Robot
9254f98eb9 Merge "sepolicy: Allow to receive FDs from app_zygote" into sc-dev am: bf5c56e796
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/15079793

Change-Id: Ie5237910b09c36d1bf6861522ebdf1642f367706
2021-06-24 17:58:20 +00:00
TreeHugger Robot
bf5c56e796 Merge "sepolicy: Allow to receive FDs from app_zygote" into sc-dev 2021-06-24 17:48:21 +00:00
Dario Freni
95ecdc6a28 Allow apexd to create links in otapreopt_chroot. am: 25d2099d44
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/15090526

Change-Id: I84f73d431a39b062d912e6696790c708e081a8a3
2021-06-24 15:49:25 +00:00
Dario Freni
25d2099d44 Allow apexd to create links in otapreopt_chroot.
Fixes: 191919967
Test: triggered bug on cf by running
m dist && python3 system/update_engine/scripts/update_device.py out/dist/cf_x86_64_phone-ota-eng.dariofreni.zip

Change-Id: I7a3abfdecd2d2276a291ab6c1ffe9a7d3f5fd60a
Merged-In: I7a3abfdecd2d2276a291ab6c1ffe9a7d3f5fd60a
Ignore-AOSP-first: this branch is not merging aosp changes anymore.
2021-06-24 14:11:00 +00:00
Dario Freni
01fcc28368 Allow apexd to create links in otapreopt_chroot.
Bug: 191919967
Test: triggered bug on cf by running
m dist && python3 system/update_engine/scripts/update_device.py out/dist/cf_x86_64_phone-ota-eng.dariofreni.zip

Change-Id: I7a3abfdecd2d2276a291ab6c1ffe9a7d3f5fd60a
2021-06-24 14:09:09 +00:00
Egor Pasko
271e63bbd0 sepolicy: Allow to receive FDs from app_zygote
The primary goal is to have an ashmem region shared between the main app
process in Chrome (=Browser Process) and the app zygote. It can only be
passed from the App Zygote, since there is no communication in the other
direction. Passing of the file descriptor should happen by:
(A) inheriting via fork(2)
(B) using binder IPC

Currently ashmem FDs are sufficiently allowed to be mmap(2)-ed in all
Chrome processes. The mode of mapping (read-only, read-write etc.) is
controlled by the settings of the region itself, not by sepolicy.

This change additionally allows an FD created in the app zygote to be
passed to the 'untrusted_app' domain.

Note: This change allows *any* FD, not just an ashmem one to be passed.
This is on purpose: in the future we will likely want to return to the
memfd story.  Other usecases (pipes, sockets) might appear.

The app zygote preload takes the responsibility not to share
capabilities in the form of FDs unintentionally with other app
processes.

Historical note: we tried to enable this for memfd (using additional
rules), but it required a 'write' permission when sending an FD. Reasons
for that are still puzzling, and there seems to be no easy workaround
for it. Decision: use ashmem.

Bug: 184808875
Test: Manual: Build and install Chrome (trichrome_chrome_google_bundle)
      from [1]. Make sure FileDescriptorAllowlist allows the FD, like
      [2]. Reach a NewTabPage, click on a suggested page, observe no
      errors related to binder transactions and selinux violations.

[1] A change in Chrome to create an ashmem region during app zygote
    preload and pass it to the browser process:
    https://crrev.com/c/2752872/29

[2] Allowlist change in review:
     https://android-review.googlesource.com/c/platform/frameworks/base/+/1739393
    (Alternatively: Remove gOpenFdTable checks in ForkCommon() in
    com_android_internal_os_Zygote.cpp)

Change-Id: Ide085f472c8fb6ae76ab0b094319d6924552fc02
Ignore-AOSP-First: in addition to changes in AOSP, copied to prebuilts
2021-06-24 13:06:43 +00:00
Carmen Jackson
a60d7f28f2 Ensure that only desired processes can access TracingServiceProxy
This change adds a neverallow rule in traced.te to limit the processes
that can find tracingproxy_service, the context for TracingServiceProxy.

I wanted to avoid moving the tracingproxy_service definition to public,
so there were a few services that are exempted from this neverallow
rule.

Bug: 191391382
Test: Manually verified that with this change, along with the other
change in this topic, I see no errors when taking a bugreport while a
Traceur trace is running.

Change-Id: I8658df0db92ae9cf4fefe2eebb4d6d9a5349ea89
2021-06-24 08:24:20 +00:00
Thierry Strudel
b65cd0a1d6 Merge "Add support for hal_uwb" into sc-dev 2021-06-24 00:45:50 +00:00
Michael Ayoubi
142f375055 Add support for hal_uwb
Bug: 187386527
Test: Boot and confirm HAL is up
Signed-off-by: Michael Ayoubi <mayoubi@google.com>
Change-Id: Ia866a9a72b6f2ea5b31de25baefd13c2fd0b9c22
Merged-In: Ia866a9a72b6f2ea5b31de25baefd13c2fd0b9c22
2021-06-23 01:25:09 +00:00
TreeHugger Robot
7286b02211 Merge "Update automotive_display_service selinux policy" into sc-dev am: 22a1482add
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/15032816

Change-Id: I62e79e94e1152cf23d990aa442f5d51f4acddab8
2021-06-23 00:09:49 +00:00
TreeHugger Robot
22a1482add Merge "Update automotive_display_service selinux policy" into sc-dev 2021-06-22 23:58:47 +00:00
TreeHugger Robot
254cf3a1a5 Merge "Reland: Add ro.vendor.build.dont_use_vabc to property_contexts" into sc-dev 2021-06-22 19:25:01 +00:00
Changyeon Jo
6357834dab Update automotive_display_service selinux policy
Add a permission to use the graphics allocator.

Bug: 191094033
Test: Build a target and run the service after enforcing selinux
Ignore-AOSP-First: aosp won't auto merge to sc-dev
Change-Id: I52b6851bb95565c92fc4774a2de1f0791e6fdd23
2021-06-22 19:11:57 +00:00
Ricky Wai
2c2d73b5d8 Update sepolicy api 31 ART profile ref dir change am: 70b98482e5
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/15011710

Change-Id: I6a25f590043db0e3de57afe981edfd3ef63fa040
2021-06-22 16:39:43 +00:00
Ricky Wai
70b98482e5 Update sepolicy api 31 ART profile ref dir change
Align the chagnes in aosp/1729396

Bug: 189787375
Test: AppDataIsolationTests
Ignore-AOSP-First: aosp won't auto merge to sc-dev

Change-Id: Ibf915e23e7db9c333e87cad75604d8251404092e
2021-06-22 16:22:31 +00:00
Nicolas Geoffray
f899839000 Merge "Allow dexoptanalyzer to read /apex/apex-info-list.xml" into sc-dev am: b17a5ae970
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/15027828

Change-Id: I7f275c8af0901a02996c313072dc8cac13cafef2
2021-06-22 10:46:59 +00:00
Nicolas Geoffray
b17a5ae970 Merge "Allow dexoptanalyzer to read /apex/apex-info-list.xml" into sc-dev 2021-06-22 10:37:57 +00:00
Diego Wilson
11d810a7fb Add camera2 extension property policies
These properties allow to vendors to provide their
own camera2 extensions service. The properties
must be accesible to any android app that wishes
to use camera2 extensions.

Bug: 183533362
Change-Id: I94c7ac336b3103355124830320787472f0d2a8b6
Merged-In: I94c7ac336b3103355124830320787472f0d2a8b6
2021-06-21 22:34:29 +00:00
Nicolas Geoffray
112b58852f Allow dexoptanalyzer to read /apex/apex-info-list.xml
This is needed to know the state of a .oat file.

Test: m
Bug: 190817237
Change-Id: Ie33ce7930689fea84e3240c2e0509c00464e6385
2021-06-21 20:33:52 +01:00
Xin Li
003ffe2340 Merge "DO NOT MERGE - Merge RQ3A.210605.005" 2021-06-21 05:49:07 +00:00
TreeHugger Robot
de25e307c4 Merge "Allow shell to read /vendor/apex/*" into sc-dev 2021-06-19 01:28:52 +00:00
Nikita Ioffe
c96305f62b Allow apexd to call f2fs-compression related ioctls on staging_data_file
apexd needs to call the following two ioctls:

* FS_COMPR_FL - to check if fs supports compression.
* F2FS_IOC_RELEASE_COMPRESS_BLOCKS - to release compressed blocks.

Bug: 188859167
Test: m
Change-Id: Ia105d3dbcd64286cc33d1e996b2d2b85c09eae7a
Merged-In: Ia105d3dbcd64286cc33d1e996b2d2b85c09eae7a
(cherry picked from commit a12ba8a439)
2021-06-18 21:54:39 +01:00
Nikita Ioffe
349ba44490 Merge "Allow apexd to call f2fs-compression related ioctls on staging_data_file" into sc-dev am: ed10b9c977
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/14881547

Change-Id: I4b92fd133661b7bbf5662c8230133e4b6de19dfd
2021-06-18 20:18:00 +00:00
Nikita Ioffe
ed10b9c977 Merge "Allow apexd to call f2fs-compression related ioctls on staging_data_file" into sc-dev 2021-06-18 19:51:43 +00:00
Kelvin Zhang
2e7abeb570 Reland: Add ro.vendor.build.dont_use_vabc to property_contexts
Bug: 185400304
Test: mm

Change-Id: Iae58ef223073f7d4c3135f7387fc28d813291be6
Merged-In: I7d06d0c1d137471a0d7b78678a372b29158f1be7
(cherry picked from commit 407b21b3cd)
2021-06-18 12:15:43 -04:00
Treehugger Robot
b8c77e90c2 Merge changes from topic "31.0_compat_mapping" am: 111c57970f am: a3d254164c
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1736247

Change-Id: Ief404fece0f81b2b838bb069fc2eb61f6ff47a16
2021-06-18 11:41:46 +00:00
Treehugger Robot
a3d254164c Merge changes from topic "31.0_compat_mapping" am: 111c57970f
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1736247

Change-Id: I59edf3d07b3a12dd3c56b8e64ed86e25e2aa357a
2021-06-18 11:25:30 +00:00
Inseob Kim
5d82981173 Add fake 31.0 prebuilt am: 08d4c8fa6e
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1736246

Change-Id: I563089471424c37a63da2326349e21c8681bde41
2021-06-18 11:25:03 +00:00
Aaron Huang
e8c46a8ef1 Merge "Add app_api_service to pac_proxy_service" into sc-dev am: 0e2a32ee42
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/15005616

Change-Id: Ia790834ae1c7ede49aaf91a33f04e6155625e628
2021-06-18 06:56:24 +00:00
Aaron Huang
0e2a32ee42 Merge "Add app_api_service to pac_proxy_service" into sc-dev 2021-06-18 06:47:00 +00:00
Ray Chi
a2b5c91863 Merge "Add sys.usb.mtp.batchcancel to usb_config_prop" into sc-dev 2021-06-18 06:03:59 +00:00
Aaron Huang
aec8574ecf Add app_api_service to pac_proxy_service
Add app_api_service to pac_proxy_service so that
it can be reach by Cts tests.

Ignore-AOSP-First: this is cherry-pick and add a change in
    prebuilts/api/31.0 which is a path doesn't exist in AOSP
Bug: 181745786
Test: build, CtsNetTestCases:PacProxyManagetTest
Change-Id: I9bf4ff810635aa5b3cbf984b77b547aa96cdd543
2021-06-17 16:31:59 +08:00
Ray Chi
087c63461a Add sys.usb.mtp.batchcancel to usb_config_prop
Add sys.usb.mtp.batchcancel to usb_config_prop to allow
mediaprovider to read this property.

Bug: 181729410
Test: boot the device, and confirm the property could be read
Change-Id: I2964efde0cc831bb7e91fcafb7b35e57438ef306
Merged-In: I44b2d9c36bfa439cdbf8b8a874ead424381e3e50
(cherry picked from commit 07bb5d076a)
2021-06-17 06:47:03 +00:00
Adam Shih
6039a6c782 Merge "make system_app_data_file shareable over binder" into sc-dev 2021-06-17 00:34:23 +00:00
Nikita Ioffe
a12ba8a439 Allow apexd to call f2fs-compression related ioctls on staging_data_file
apexd needs to call the following two ioctls:

* FS_COMPR_FL - to check if fs supports compression.
* F2FS_IOC_RELEASE_COMPRESS_BLOCKS - to release compressed blocks.

Bug: 188859167
Test: m
Change-Id: Ia105d3dbcd64286cc33d1e996b2d2b85c09eae7a
2021-06-16 19:59:24 +01:00
Suren Baghdasaryan
88b6d77592 sepolicy: Allow lmkd to access bpf map to read GPU allocation statistics
Lmkd needs read access to /sys/fs/bpf/map_gpu_mem_gpu_mem_total_map BPF
map to obtain information on GPU memory allocations.

Bug: 189366037
Test: lmkd_unit_test
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I59ded4bc5ec97861e50b4fd1fdd6efb23990b79c
Merged-In: I59ded4bc5ec97861e50b4fd1fdd6efb23990b79c
2021-06-16 15:53:56 +00:00
Jiyong Park
023c5c37ea Allow shell to read /vendor/apex/*
It is used for future xTS tests to read the raw files.

Bug: 190858091
Test: m
Merged-In: If1c7fd92772ff84d92a95fbee74f6c1f8d1cd365
Change-Id: If1c7fd92772ff84d92a95fbee74f6c1f8d1cd365
(cherry picked from commit abdc9739fc)
2021-06-16 15:04:17 +09:00
Adam Shih
5603d9e8d1 make system_app_data_file shareable over binder
Apps should be able to share their private files over binder,
including system_app.

Bug: 188869889
Test: go to setting ==> system ==> multi-users ==> tap icon to change
profile photo with camera

Change-Id: I3dc732f727b9b697c9a73f6089392690109ae035
Merged-In: I3dc732f727b9b697c9a73f6089392690109ae035
2021-06-16 14:00:50 +08:00
Hasini Gunasinghe
61d07e7ce0 Add keystore permission for metrics re-routing.
Keystore2 atoms need to be rounted to statsd via a proxy.
The proxy needs to have this permission in order to pull metrics from
keystore.

Ignore-AOSP-First: No mergepath to AOSP.
Bug: 188590587
Test: Statsd Testdrive script
Change-Id: Ic94f4bb19a08b6300cfd2d3ed09b31d5b7081bfd
2021-06-15 22:19:39 +00:00
Hongguang
51c1aabf6c Allow priv_app to run the renderscript compiler. am: 737b098a71 am: afa541d30f
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/14982001

Change-Id: Ic66c1641ff17d6b9c9f90659ecdf88fc88732754
2021-06-15 21:35:38 +00:00
Hongguang
afa541d30f Allow priv_app to run the renderscript compiler. am: 737b098a71
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1732952

Bug: 157478854
Test: Manual
Change-Id: I926aa35dcae148ab38629077a9725a6e9263a4be
(cherry picked from commit b264eae769)
2021-06-15 19:15:27 +00:00
Ioannis Ilkos
02fcaf2c02 Allow system_server to read /proc/vmstat
/proc/vmstat oom_kill counts the number of times __oom_kill_process
was actioned
(https://lore.kernel.org/lkml/149570810989.203600.9492483715840752937.stgit@buzz/)

We want to record this in the context of system_server for tracking
purposes.

Bug: 154233512
Change-Id: I27bcbcd5d839e59a1dca0e87e2f4ae107201654c
Merged-In: I27bcbcd5d839e59a1dca0e87e2f4ae107201654c
Test: build, verify vmstat can be read
2021-06-15 14:50:07 +01:00
Inseob Kim
4f20ff73ee Add 31.0 mapping files
Steps taken to produce the mapping files:

1. Add prebuilts/api/31.0/plat_pub_versioned.cil from the
/vendor/etc/selinux/plat_pub_versioned.cil file built on sc-dev with
lunch target aosp_arm64-eng. Add prebuilts/api/31.0/vendor_sepolicy.cil
as an empty file.

2. Add new file private/compat/31.0/31.0.cil by doing the following:
- copy /system/etc/selinux/mapping/31.0.cil from sc-dev aosp_arm64-eng
device to private/compat/31.0/31.0.cil
- remove all attribute declaration statement (typeattribute ...) and
sort lines alphabetically
- some selinux types were added/renamed/deleted w.r.t 31 sepolicy.
Find all such types using treble_sepolicy_tests_31.0 test.
- for all these types figure out where to map them by looking at
30.0.[ignore.]cil files and add approprite entries to 31.0.[ignore.]cil.

This change also enables treble_sepolicy_tests_31.0 and installs
31.0.cil mapping file onto the device.

Bug: 189161483
Test: m treble_sepolicy_tests_31.0
Test: m 31.0_compat_test
Test: m selinux_policy
Change-Id: I6264b9cf77b80543dfea93157b45b864157e2b14
2021-06-15 12:08:22 +00:00
Inseob Kim
08d4c8fa6e Add fake 31.0 prebuilt
This commit adds fake 31.0 prebuilt. The prebuilt is based on AOSP
policy, but slightly modified so the set of types and attributes is a
subset of real 31.0 prebuilt (sc-dev policy).

Steps taken to make the fake prebuilt:

1) build plat_sepolicy.cil both on AOSP and sc-dev, with lunch target
aosp_arm64-eng.
2) diff both outputs to find out which types and attributes don't exist.
3) remove all relevant files and statements.

As a result, the following types are removed.

artd
artd_exec
artd_service
power_stats_service
transformer_service
virtualizationservice
virtualizationservice_data_file
virtualizationservice_exec

Bug: 189161483
Test: N/A, will do after adding 31.0 mapping files.
Change-Id: Ia957fc32b1838dae730d9dd7bd917d684d4a24cf
Merged-In: Ia4ea2999f4bc8ae80f13e51d99fba3e98e293447
2021-06-15 12:08:00 +00:00
Jeff Sharkey
c784fc7ef9 platform/system/sepolicy - SEPolicy Prebuilts for S
Bug: 171506470
Test: Build
Change-Id: Ia4ea2999f4bc8ae80f13e51d99fba3e98e293447
2021-06-14 12:55:31 -06:00
Tej Singh
93c52f14b5 Update S sepolicy prebuilt for apex-info-list
Add shell permission to read apex-info-list.xml to S prebuilt

Ignore-AOSP-First:prebuilt for S
Test: TH
Bug: 186767843
Change-Id: I2bb14d4bce661f1b4daf1c486004271837f0d3c2
2021-06-09 09:38:21 +00:00
Jeff Vander Stoep
16b7d5d829 system_app: remove adb data loader permissions
Per schfan@ these are no longer needed.

Test: build
Bug: 188554048
Change-Id: Idda1d9775fdd38cbd53c3652b567ddfc5beca0a6
(cherry picked from commit 07aee66679)
Ignore-AOSP-First: It was submitted in aosp first.
2021-06-08 18:48:36 +00:00
Jeff Sharkey
6a5fd26e7a platform/system/sepolicy - SEPolicy Prebuilts for S
Bug: 171506470
Test: Build
Change-Id: I8bf6c8833ecc65ca241fb9bc8be1b7b919825414
2021-06-01 06:49:23 -06:00
Martin Liu
03ebaec971 Add lmkd. ro.lmk.thrashing_limit_critical property policies
Add policies to control ro.lmk.thrashing_limit_critical lmkd property.

Bug: 181778155
Signed-off-by: Martin Liu <liumartin@google.com>
Merged-In: I25eeb84e6e073510e2f516fd38b80c67afe26917
Change-Id: I25eeb84e6e073510e2f516fd38b80c67afe26917
2021-04-07 14:09:44 +08:00
Elliott Hughes
a9bbfd600d Allow priv_app system_linker_exec:file execute_no_trans am: 970a8fcd2b
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/14066480

Change-Id: I96dfd23c1581fda7a59d331929a46a62b16fd6b5
2021-04-06 16:49:18 +00:00
Elliott Hughes
970a8fcd2b Allow priv_app system_linker_exec:file execute_no_trans
Chrome Crashpad uses the the dynamic linker to load native executables
from an APK (b/112050209, crbug.com/928422)

We made the equivalent change to untrusted_app_all in
9ea8c0701d but webview also runs in
priv_app contexts.

(Cherry-pick of 25cb9046ef, with manual
update to the prebuilts.)

Bug: http://b/112050209
Test: treehugger
Change-Id: I19bbadc7f9c9e668e2c6d932c7da24f18e7731bd
2021-04-06 15:57:58 +00:00
Josh Gao
e12aec6388 Let adbd set service.adb.tcp.port.
Commit 67c36884 changed the label of service.adb.tcp.port to allow
vendor init to set it, but accidentally prevented adbd from setting it,
which broke `adb tcpip`.

Bug: 171280882
Bug: 183177056
Test: `adb tcpip`
Change-Id: Ifeeda5c4f06451158fc7e43ca23f580092008fe7
Merged-In: Ifeeda5c4f06451158fc7e43ca23f580092008fe7
Merged-In: I154e2f43a4d3b72b27508ce02d66298673939738
(cherry picked from commit 0cac6fd17a)
(cherry picked from commit f08778d513b69bd9966d04dd1c874b1bede93289)
2021-03-24 21:03:17 +08:00
Hongguang Chen
04fb7a6d67 Allow vendor_init to set service.adb.tcp.port
adbd and apps (SystemUI and CTS test apps) need to read it.

BUG: 162205386
BUG: 183177056
Test: Connect to device which sets service.adb.tcp.port in vendor
      partition through TCP adb.

Change-Id: Ia37dd0dd3239381feb2a4484179a0c7847166b29
Merged-In: Ia37dd0dd3239381feb2a4484179a0c7847166b29
(cherry picked from commit 67c3688497)
(cherry picked from commit 9271a3ee8aa4174a78c681e79883627bce918b4a)
2021-03-24 19:15:06 +08:00
Karthik Ramakrishnan
e9b2199b15 Fix sepolicy to netd.
Allow netd to get adb port from property service.adb.tcp.port

Bug: b/161861298
Bug: b/183177056
Test: atest android.net.cts.Ikev2VpnTest#testStartStopVpnProfileV4

Change-Id: I05ce21683b01cf05a16b9fb30030cf4fc879fb20
Merged-In: I05ce21683b01cf05a16b9fb30030cf4fc879fb20
(cherry picked from commit d3e8f6fc84)
(cherry picked from commit 540474bbe4525cb8d44c8e47548f42b5a5daa613)
2021-03-24 19:04:33 +08:00
Marco Ballesio
99a51b23b1 sepolicy: allow system_server to read /proc/locks
Access to /proc/locks is necessary to activity manager to determine
wheter a process holds a lock or not prior freezing it.

Test: verified access of /proc/locks while testing other CLs in the same
topic.
Bug: 176928302

Change-Id: I14a65da126ff26c6528edae137d3ee85d3611509
Merged-In: I14a65da126ff26c6528edae137d3ee85d3611509
2021-01-21 00:10:56 +00:00
Yurii Zubrytskyi
80dfa06984 IncFS: update SE policies for the new API
IncFS in S adds a bunch of new ioctls, and requires the users
to read its features in sysfs directory. This change adds
all the features, maps them into the processes that need to
call into them, and allows any incfs user to query the features

Bug: 170231230
Test: incremental unit tests
Change-Id: Ieea6dca38ae9829230bc17d0c73f50c93c407d35
2021-01-19 12:57:15 -08:00
Shafik Nassar
ffea11d09b Allow MediaProvider to binder call into statsd
Adds sepolicy rules to allow MediaProvider to make binder calls into
statsd. That's to allow MediaProvider to register a StatsCallbackPuller
for metrics.

Bug: 149669087

Merged-In: I9a13fc04c12557a0435724cfae04f752f856a06e

Change-Id: Ifcf06b58596c3e8a8738f758506d003ca3878437
(cherry picked from commit 736566db66)
2021-01-13 12:11:51 +00:00
Treehugger Robot
66ed360b5e Merge "Update 30.0 prebuilts to latest rvc-dev policy" am: 34d974838e
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1521437

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I49504f4d757ff4449cf7940f743687d2b2a86e84
2020-12-09 16:45:03 +00:00
Inseob Kim
3b8b4251b7 Update 30.0 prebuilts to latest rvc-dev policy
For whatever reason, system/sepolicy/prebuilts/api/30.0 and rvc-dev's
system/sepolicy differ a little. This makes 30.0 prebuilts up-to-date
and also updates plat_pub_versioned.cil, built from aosp_arm64-eng
target on rvc-dev branch.

Bug: 168159977
Test: m selinux_policy
Change-Id: I03e8a40bf021966c32f0926972cc2a483458ce5b
2020-12-09 20:44:38 +09:00
Xin Li
8d50c1aec5 Merge rvc-qpr-dev-plus-aosp-without-vendor@6881855
Bug: 172690556
Merged-In: Idbcb6bf897fd6aa54b3ba9cafa63f35c9369de3b
Change-Id: Iece36c90c316dab58687e54bb93d6810454d9822
2020-12-02 00:11:27 -08:00
martinwu
c366ba73c6 Fix TH build error because of file.te
Add proc_net rules into prebuilts/api/30.0/public/file.te to fix build
errors

After applying AOSP/1468206, TH complains a build error:
Files system/sepolicy/prebuilts/api/30.0/public/file.te and
system/sepolicy/public/file.te differ

Bug: 145579144
Bug: 170265025
Test: build pass and reboot to check avc message in bugreport
Change-Id: I2085366b345c044e1b69f726809100fa43336c34
2020-10-26 11:09:23 +08:00
Primiano Tucci
5d026b3152 Keep AOSP sepolicy up to date with internal master
This re-alignes aosp and internal master to avoid
conflicts when uploading CLs upstream.

Bug: 170126760
Change-Id: I9c087e70998cd529b71dec7428641c4bfef10d31
2020-10-13 18:52:25 +00:00
Adam Shih
e712c3db12 Suppress errors that are not needed
The purpose of misc_writer is to write misc partition. However,
when it includes libfstab, it will probe files like kernal command
line (proc/cmdline) and metadata, which are permissions it does not
need.

Bug: 170189742
Test: Boot under permissive mode and find the errors gone.
Change-Id: Icda3200660a3bee5cadb6f5e0026fa71941ae5dc
2020-10-07 08:52:51 +00:00
Satoshi Niwa
fa3b250ad1 Set expandattribute false for property attributes in prebuilts
To prevent these from being optimized away.

(Follow-up CL for aosp/1427751 )

Bug: 161083890
Test: atest CtsSecurityHostTestCases
Change-Id: I11669b1643671f386c53136de0b7adea2b43bc28
2020-09-24 10:43:09 +09:00
Marco Ballesio
63322ae7e6 sepolicy: allow system server for BINDER_GET_FROZEN_INFO
the new ioctl allows system server to verfiry the state of a frozen
binder inderface before unfreezing a process.

Bug: 143717177
Test: verified ActivityManager could access the ioctl
Change-Id: Id9d90d072ce997ed20faa918ec68f1110e2bac8f
Merged-In: Id9d90d072ce997ed20faa918ec68f1110e2bac8f
2020-09-11 15:35:06 -07:00
Marco Ballesio
6ee8dcd172 Merge "sepolicy: restrict BINDER_FREEZE to system_server" into rvc-qpr-dev 2020-09-09 18:48:58 +00:00
Alex Hong
a59853f652 Merge "Add the missing labels for dalvik properties" into rvc-qpr-dev 2020-09-07 03:14:39 +00:00
Marco Ballesio
b88423d591 sepolicy: restrict BINDER_FREEZE to system_server
BINDER_FREEZE is used to block ipc transactions to frozen processes, so
only system_server must be allowed to use it.

Bug: 143717177
Test: manually verified that attempts to use BINDER_FREEZE by processes other
than system_server receive a sepolicy denial
Test: verified that system_server can enable/disable the freezer in
binder

Change-Id: I0fae3585c6ec409809e8085c1cc9862be4755889
Merged-In: I0fae3585c6ec409809e8085c1cc9862be4755889
2020-09-03 14:00:37 -07:00
Calin Juravle
623f3f5cef Fix sepolicy for secondary dex files
dexoptanalyzer need read access on the secondary
dex files and of the main apk files in order to successfully evaluate
and optimize them.

Example of denial:
audit(0.0:30): avc: denied { read } for
path="/data/app/~~Zux_isdY0NBkRWPp01oAVg==/com.example.secondaryrepro-wH9zezMSCzIjcKdIMtrw7A==/base.apk"
dev="vdc" ino=40966 scontext=u:r:dexoptanalyzer:s0
tcontext=u:object_r:apk_data_file:s0 tclass=file permissive=0
app=com.example.secondaryrepro

Test: adb shell cmd package compile -r bg-dexopt --secondary-dex app
Bug: 160471235
Bug: 160351055
Merged-In: Id0bda5237d3ce1620d4f6ee89595836b4e1f3abf
Change-Id: Id0bda5237d3ce1620d4f6ee89595836b4e1f3abf
(cherry picked from commit 0bee120900)
2020-09-03 17:55:59 +00:00
Xin Li
11da9e6792 Merge Android R (rvc-dev-plus-aosp-without-vendor@6692709)
Bug: 166295507
Merged-In: I6d0b1be1a46288fff42c3689dbef2f7443efebcc
Change-Id: I133180d20457b9f805f3da0915e2cf6e48229132
2020-08-29 01:45:24 -07:00
Marco Ballesio
e756e983bb sepolicy: rename cgroup_v2 back to cgroup_bpf
The type name change from cgroup_bpf into cgroup_v2 caused
http://b/166064067. Rename back to cgroup_bpf.

Bug: 166064067
Test: compiled and booted on a sunfish. Manually tested network and app
freezer

Change-Id: Ib39eb104e73d6dca3b1f61b108a3deeea31ff880
Merged-In: Idfb3f6e77b60dad032d1e306d2f9b58cd5775960
2020-08-27 11:24:36 -07:00
Alex Hong
062ea395c3 Add the missing labels for dalvik properties
Conflicts:
        public/property_contexts

Bug: 162791243
Bug: 159833646
Test: Flash SELinux modules and the device can boot to home
      $ adb shell getprop -Z | grep dalvik
      [dalvik.vm.restore-dex2oat-cpu-set]: [u:object_r:exported_dalvik_prop:s0]
      [dalvik.vm.restore-dex2oat-threads]: [u:object_r:exported_dalvik_prop:s0]
Change-Id: Ie73dc57c714a37b778cebc4d41bee27a8e925396
2020-08-27 11:25:56 +08:00
Alex Hong
a33ac30dd3 Add the missing labels for dalvik properties
Bug: 162791243
Bug: 159833646
Test: Flash SELinux modules and the device can boot to home
      $ adb shell getprop -Z | grep dalvik
      [dalvik.vm.restore-dex2oat-cpu-set]: [u:object_r:exported_dalvik_prop:s0]
      [dalvik.vm.restore-dex2oat-threads]: [u:object_r:exported_dalvik_prop:s0]
Change-Id: Ie73dc57c714a37b778cebc4d41bee27a8e925396
Merged-In: Ie73dc57c714a37b778cebc4d41bee27a8e925396
2020-08-27 11:15:52 +08:00
Marco Ballesio
de065facd8 sepolicy: allow system_server to write to cgroup_v2
During boot, system_server will need to write to files under
/sys/fs/cgroup/freezer. Change the cgroup_v2 policy to allow this
operation.

Test: booted device with change, verified that files are properly
accessed.
Bug: 154548692

Change-Id: I2ccc112c8870129cb1b8312023b54268312efcca
Merged-In: I2ccc112c8870129cb1b8312023b54268312efcca
2020-08-26 01:14:35 +00:00
Songchun Fan
b82924d490 Merge "[selinux] allow system_server to call INCFS_IOC_GET_FILLED_BLOCKS ioctl" am: 1d4f2221cd am: 8af2dcd05c am: 1a87c9862a am: 51b516a6f6
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1404978

Change-Id: Icc14c9e72dd276696363795c93405260f4389342
2020-08-20 18:16:24 +00:00
Songchun Fan
1a87c9862a Merge "[selinux] allow system_server to call INCFS_IOC_GET_FILLED_BLOCKS ioctl" am: 1d4f2221cd am: 8af2dcd05c
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1404978

Change-Id: Ibbdff0c532a6c9da88005059e87e75e467cf03f7
2020-08-20 17:41:07 +00:00
Songchun Fan
1d4f2221cd Merge "[selinux] allow system_server to call INCFS_IOC_GET_FILLED_BLOCKS ioctl" 2020-08-20 17:07:40 +00:00
Songchun Fan
4be0afbfb7 [selinux] allow system_server to call INCFS_IOC_GET_FILLED_BLOCKS ioctl
This allows Incremental Service (part of system_server) to query the
filled blocks of files on Incremental File System.

Test: atest service.incremental_test
BUG: 165799231
Change-Id: Id63f8f325d92fef978a1ad75bd6eaa8aa5e9e68b
2020-08-20 16:00:00 +00:00
JaeMan
f1ecf7a9e5 Add ro.vendor.build.version.sdk to property_contexts am: 15f64fc5f8 am: 38e0d2c778 am: a93831de1c
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/12326247

Change-Id: I063a96c8571acc051e3e66e8c6851fa4a186e7e0
2020-08-20 00:45:38 +00:00
JaeMan
a93831de1c Add ro.vendor.build.version.sdk to property_contexts am: 15f64fc5f8 am: 38e0d2c778
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/12326247

Change-Id: I38608caefe05f7b58589d4efe62db49743337905
2020-08-20 00:33:23 +00:00
Marco Ballesio
8f6b03cae7 sepolicy support for cgroup v2
cgroup v2 is going to be used for freezer v2 support. The cgroup v2 hiearchy
will be mounted by init under /sys/fs/cgroup hence proper access rights
are necessary for sysfs. After mounting, the cgroup v2 kernfs will use
the label cgroup_v2 and system_manager will handle the freezer

Bug: 154548692
Test: verified that the freezer works as expected after applying this patch

Change-Id: Idfb3f6e77b60dad032d1e306d2f9b58cd5775960
Merged-In: Idfb3f6e77b60dad032d1e306d2f9b58cd5775960
2020-08-17 12:10:57 -07:00
Yiming Jing
202b3463c0 Merge "Merge "Allow dumpstate to dump auto hal servers" am: 142d16a964 am: ce2c6fd783 am: 828a7bad6e am: a71f8aec29" into rvc-qpr-dev 2020-08-12 23:53:55 +00:00
Martijn Coenen
bdcfad55c8 Merge "Add policy for LOOP_CONFIGURE ioctl." am: cdecd3ca4c am: df9dc40e9b
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1396648

Change-Id: I7f47e60c627b4638fab773eb2f838dc6c3531298
2020-08-12 07:16:40 +00:00
Martijn Coenen
cdecd3ca4c Merge "Add policy for LOOP_CONFIGURE ioctl." 2020-08-12 06:38:37 +00:00
Martijn Coenen
ab83d96028 Merge "Add policy for LOOP_CONFIGURE ioctl." into rvc-qpr-dev am: 112a122b49
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/12286299

Change-Id: I2239bcc920a3590f3da1fc676a65a475eaa1e5c0
2020-08-11 17:17:57 +00:00
Martijn Coenen
47f61db25e Add policy for LOOP_CONFIGURE ioctl.
This is a new ioctl for configuring loop devices, and is used by apexd.

Bug: 148607611
Bug: 161575393
Test: boot on device with/without LOOP_CONFIGURE
Change-Id: I9ef940c7c9f91eb32a01e68b858169c140d15d0f
Merged-In: I9ef940c7c9f91eb32a01e68b858169c140d15d0f
2020-08-11 13:22:09 +00:00
Martijn Coenen
112a122b49 Merge "Add policy for LOOP_CONFIGURE ioctl." into rvc-qpr-dev 2020-08-11 13:07:29 +00:00
Treehugger Robot
8422c45434 Merge "Allow dumpstate to dump auto hal servers" am: 142d16a964 am: ce2c6fd783 am: 828a7bad6e am: a71f8aec29
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1381029

Allow dumpstate to dump auto hal servers

audiocontrol_hal, vehicle_hal and evs_hal were added to dump_util.cpp in
b/148098383. But the coresponding dumpstate.te is not updated to relfect
the changes, causing denials when dumpstate attempts to dump auto hal servers.

This CL updates dumpstate.te to allow dumpstate to access auto hal servers.

Bug: 162537916
Bug: 162771359
Test: sesearch -A -s dumpstate -t hal_audiocontrol_server -p signal sepolicy
Test: sesearch -A -s dumpstate -t hal_vehicle_server -p signal sepolicy
Test: sesearch -A -s dumpstate -t hal_evs_server -p signal sepolicy

Change-Id: I43c27c8dcd55a0e9cb1684e2f765fe70f9e4c2fd
(cherry picked from commit 215cc95c3e)
2020-08-10 23:51:32 +00:00
Hasini Gunasinghe
83e1f14f93 Allow keystore to write to statsd.
Keystore logging is migrated to use statsd. Therefore,
	keystore needs permission to write to statsd.

Test: Treehugger passes.
Bug: 157664923
Change-Id: If15ee3eb2ae7036dbaccd31525feadb8f54c6162
Merged-In: I2fb61fd7e9732191e6991f199d04b5425b637830
2020-08-07 16:35:18 +00:00
JaeMan
15f64fc5f8 Add ro.vendor.build.version.sdk to property_contexts
At b/160209547, it is needed to read
ro.vendor.build.version.sdk prop to determine
whether skipping test or not based on vendor
image's release version. But
ro.vendor.build.version.sdk is not added to
property_contexts and failed to read that prop in
tests. So, added ro.vendor.build.version.sdk to
property_contexts for checking vendor image's
release version in test.

Bug: 160209547
Test: m selinux_policy
Change-Id: I4a7b91029c0ea6bb3c4cf2b12469f392f3a77559
Merged-In: I86bcfa632de61c5805e42aea3a1f232ae4ad080e
(cherry picked from 65cecec142)
2020-08-07 04:41:29 +00:00
Treehugger Robot
215cc95c3e Merge "Allow dumpstate to dump auto hal servers" am: 142d16a964 am: ce2c6fd783 am: 828a7bad6e am: a71f8aec29
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1381029

Change-Id: I43c27c8dcd55a0e9cb1684e2f765fe70f9e4c2fd
2020-08-04 18:46:35 +00:00
Treehugger Robot
828a7bad6e Merge "Allow dumpstate to dump auto hal servers" am: 142d16a964 am: ce2c6fd783
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1381029

Change-Id: I8d028927481af550212ba44623d335039db6c30c
2020-08-04 18:09:51 +00:00
Treehugger Robot
142d16a964 Merge "Allow dumpstate to dump auto hal servers" 2020-08-04 17:28:41 +00:00
Martijn Coenen
6a8d1bee1c Add policy for LOOP_CONFIGURE ioctl.
This is a new ioctl for configuring loop devices, and is used by apexd.

Bug: 148607611
Bug: 161575393
Test: boot on device with/without LOOP_CONFIGURE
Change-Id: I9ef940c7c9f91eb32a01e68b858169c140d15d0f
2020-08-04 12:12:55 +02:00
Alan Stokes
cc147df972 Merge "Constrain getattr for app data directories." into rvc-qpr-dev am: df3b4ea3c9
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/12248443

Change-Id: I0d60f4d0db79cfe1aa25a51585488d09b3bac8f1
2020-08-04 08:21:34 +00:00
Alan Stokes
df3b4ea3c9 Merge "Constrain getattr for app data directories." into rvc-qpr-dev 2020-08-04 07:56:43 +00:00
Jeff Sharkey
5001f53eeb Update language to comply with Android's inclusive language guidance am: a0e7a6da28 am: bf4ffe38ca
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1382607

Change-Id: Ie620bda6a353f992c6901ba4399e403827005826
2020-07-31 21:13:55 +00:00
Jeff Sharkey
a0e7a6da28 Update language to comply with Android's inclusive language guidance
See https://source.android.com/setup/contribute/respectful-code for reference

Bug: 161896447
Change-Id: I0caf39b349c48e44123775d98c52a773b0b504ff
2020-07-31 12:28:11 -06:00
Yiming Jing
2fd322f630 Allow dumpstate to dump auto hal servers
audiocontrol_hal, vehicle_hal and evs_hal were added to dump_util.cpp in
b/148098383. But the coresponding dumpstate.te is not updated to relfect
the changes, causing denials when dumpstate attempts to dump auto hal servers.

This CL updates dumpstate.te to allow dumpstate to access auto hal servers.

Bug: 162537916
Test: sesearch -A -s dumpstate -t hal_audiocontrol_server -p signal sepolicy
Test: sesearch -A -s dumpstate -t hal_vehicle_server -p signal sepolicy
Test: sesearch -A -s dumpstate -t hal_evs_server -p signal sepolicy
Change-Id: If6d6e4d9c547da17817f2668dc4f2a093bddd632
2020-07-31 10:19:22 -07:00
Wei Wang
88b86a77ac Allow init.svc.bugreportd to be vendor readable am: 4d6856836a
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/12238425

Change-Id: Ib7af24331976dfe5ec18af0fa2de2bc2f6307f53
2020-07-29 08:59:30 +00:00
Alan Stokes
9443b2eee0 Constrain getattr for app data directories.
This seems to have been omitted inadvertently.

Bug: 161356067
Test: Verified test app can no longer call stat()

Change-Id: I6bffa9d2932a221823648ab01b58437d5bf6e194
2020-07-28 17:56:08 +01:00
Wei Wang
4d6856836a Allow init.svc.bugreportd to be vendor readable
Export the new bugreport entry which was added in b/111441001, similarly
to previously exported properties.

Bug: 161999587
Bug: 161955028
Bug: 162297751
Test: m selinux_policy
Change-Id: I139567ba028e90d3e07df94f57ccf7d5d5225209
Merged-In: I139567ba028e90d3e07df94f57ccf7d5d5225209
2020-07-28 09:14:07 +00:00
Calin Juravle
0bee120900 Fix sepolicy for secondary dex files
dexoptanalyzer need read access on the secondary
dex files and of the main apk files in order to successfully evaluate
and optimize them.

Example of denial:
audit(0.0:30): avc: denied { read } for
path="/data/app/~~Zux_isdY0NBkRWPp01oAVg==/com.example.secondaryrepro-wH9zezMSCzIjcKdIMtrw7A==/base.apk"
dev="vdc" ino=40966 scontext=u:r:dexoptanalyzer:s0
tcontext=u:object_r:apk_data_file:s0 tclass=file permissive=0
app=com.example.secondaryrepro

Test: adb shell cmd package compile -r bg-dexopt --secondary-dex app
Bug: 160471235
Bug: 160351055
Merged-In: Id0bda5237d3ce1620d4f6ee89595836b4e1f3abf
Change-Id: Id0bda5237d3ce1620d4f6ee89595836b4e1f3abf
2020-07-22 14:10:06 -07:00
Alex Hong
e30b4b613c Merge "[rvc] Define vendor-specific property ro.incremental.enable" into rvc-qpr-dev 2020-07-17 08:48:10 +00:00
Calin Juravle
6b1ac2e7c3 Fix sepolicy for secondary dex files am: de7244cf23 am: 150e00dd75
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1360752

Change-Id: Ib02dd445b7f15f4131323b02794b6a41aa93a625
2020-07-15 19:00:55 +00:00
Calin Juravle
de7244cf23 Fix sepolicy for secondary dex files
dexoptanalyzer need read access on the secondary
dex files and of the main apk files in order to successfully evaluate
and optimize them.

Example of denial:
audit(0.0:30): avc: denied { read } for
path="/data/app/~~Zux_isdY0NBkRWPp01oAVg==/com.example.secondaryrepro-wH9zezMSCzIjcKdIMtrw7A==/base.apk"
dev="vdc" ino=40966 scontext=u:r:dexoptanalyzer:s0
tcontext=u:object_r:apk_data_file:s0 tclass=file permissive=0
app=com.example.secondaryrepro

Test: adb shell cmd package compile -r bg-dexopt --secondary-dex app
Bug: 160471235
Bug: 160351055
Change-Id: Id0bda5237d3ce1620d4f6ee89595836b4e1f3abf
2020-07-15 16:43:40 +00:00
P.Adarsh Reddy
6f5797aa20 Uncrypt: Allow uncrypt to write on ota_package_file. am: 5491d7e26c am: ce380f77bd
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/12133466

Change-Id: I2ea03595c621a09b0924ef2b9d2d48bfde5ef45e
2020-07-13 22:22:09 +00:00
P.Adarsh Reddy
5491d7e26c Uncrypt: Allow uncrypt to write on ota_package_file.
This adds sepolicy rule to allow uncrypt module to write
on OTA zip (for f2fs_pin_file functionality).

Also, add a few dontaudit rules to suppress harmless denials.

Denials:
I uncrypt : type=1400 audit(0.0:177): avc: denied { write } for name="update.zip" dev="dm-10" ino=7727 scontext=u:r:uncrypt:s0 tcontext=u:object_r:ota_package_file:s0 tclass=file permissive=0

I uncrypt : type=1400 audit(0.0:175): avc: denied { search } for name="/" dev="sda9" ino=2 scontext=u:r:uncrypt:s0 tcontext=u:object_r:metadata_file:s0 tclass=dir permissive=0

I uncrypt : type=1400 audit(0.0:176): avc: denied { search } for name="gsi" dev="sda9" ino=19 scontext=u:r:uncrypt:s0 tcontext=u:object_r:gsi_metadata_file:s0 tclass=dir permissive=0

Bug: 158070965
Cherry-Pick-Of: 916bd874d6
Merged-In: I473c5ee218c32b481040ef85caca907a48aadee6
Change-Id: I473c5ee218c32b481040ef85caca907a48aadee6
2020-07-10 19:38:20 -07:00
Tianjie Xu
6ec36ff76d Merge "Allow kernel to write to update_engine_data_file" into rvc-dev am: 6bdafed310 am: 1018882ef5
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/11897443

Change-Id: I2a930697b73498557d4d4dede1e356d3e5716793
2020-07-10 21:17:31 +00:00
Tianjie Xu
f609a8007e Merge "Allow kernel to write to update_engine_data_file" into rvc-dev am: 6bdafed310
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/11897443

Change-Id: I3b0892db1dcce1590d8b5903a964653a4e146d7f
2020-07-10 21:03:23 +00:00
Tianjie Xu
6bdafed310 Merge "Allow kernel to write to update_engine_data_file" into rvc-dev 2020-07-10 20:46:41 +00:00
Treehugger Robot
cee6cecaad Merge "Update prebuilt/seapp_contexts" am: 7b4027a826 am: 2312be1814
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1356843

Change-Id: I75dc920b9e0509c860c20b4fcff7fc5ba87c0358
2020-07-07 20:43:04 +00:00
Treehugger Robot
7b4027a826 Merge "Update prebuilt/seapp_contexts" 2020-07-07 20:09:18 +00:00
Ashwini Oruganti
a9ab9362d4 Update prebuilt/seapp_contexts
The seinfo=platform bit seems to have been missed in a previous update.

Test: builds
Change-Id: I0d8faeb8ca1ed326ab958e5da329288b91719206
2020-07-07 11:48:26 -07:00
Paul Crowley
93aad35cb1 Merge "Uncrypt: Allow uncrypt to write on ota_package_file." am: 42f9a5337a am: a05c24d464
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1344636

Change-Id: Ie99b25fdab079ef68d7e102c0f7592d6cbb28c95
2020-07-07 15:49:50 +00:00
Paul Crowley
42f9a5337a Merge "Uncrypt: Allow uncrypt to write on ota_package_file." 2020-07-07 15:27:29 +00:00
P.Adarsh Reddy
916bd874d6 Uncrypt: Allow uncrypt to write on ota_package_file.
This adds sepolicy rule to allow uncrypt module to write
on OTA zip (for f2fs_pin_file functionality).

Also, add a few dontaudit rules to suppress harmless denials.

Denials:
I uncrypt : type=1400 audit(0.0:177): avc: denied { write } for name="update.zip" dev="dm-10" ino=7727 scontext=u:r:uncrypt:s0 tcontext=u:object_r:ota_package_file:s0 tclass=file permissive=0

I uncrypt : type=1400 audit(0.0:175): avc: denied { search } for name="/" dev="sda9" ino=2 scontext=u:r:uncrypt:s0 tcontext=u:object_r:metadata_file:s0 tclass=dir permissive=0

I uncrypt : type=1400 audit(0.0:176): avc: denied { search } for name="gsi" dev="sda9" ino=19 scontext=u:r:uncrypt:s0 tcontext=u:object_r:gsi_metadata_file:s0 tclass=dir permissive=0

Bug: 158070965
Change-Id: I473c5ee218c32b481040ef85caca907a48aadee6
2020-07-07 00:03:11 +00:00
Treehugger Robot
da5d688917 Merge changes Ieee1d7de,Ie7780128
* changes:
  perfetto: don't audit isatty() check on shell pipes
  update 30.0 prebuilts for commit 2b2cde7592
2020-07-02 16:24:33 +00:00
TreeHugger Robot
dbe4f732a3 Merge "resolve merge conflicts of f885ab33e4 to rvc-dev-plus-aosp" into rvc-dev-plus-aosp 2020-07-02 16:15:17 +00:00
Justin Yun
9b70a2c04e Label /system_ext/lib(64)/* as system_lib_file am: 112c4135db am: df977df1fe
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/12065561

Change-Id: I13984a23bcc95367997e3db39281ab02497ec7f7
2020-07-02 08:07:07 +00:00
Justin Yun
aedba668b4 Label /system_ext/lib(64)/* as system_lib_file am: 088587886c am: 9730e23c22
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1354282

Change-Id: Id922f0821796f2c126c6be5904d2c50cc9bd447c
2020-07-02 05:09:41 +00:00
Justin Yun
112c4135db Label /system_ext/lib(64)/* as system_lib_file
This needs to be updated to api 30.0 which introduced the system_ext.

Bug: 160314910
Test: build and boot
Change-Id: I08c4aed640467d11482df08613039726e7395be0
Merged-In: I08c4aed640467d11482df08613039726e7395be0
(cherry picked from commit 85a92849c73ae2b28e8a33a2e01bac47cc9f1684)
2020-07-02 04:07:44 +00:00
Justin Yun
088587886c Label /system_ext/lib(64)/* as system_lib_file
This needs to be updated to api 30.0 which introduced the system_ext.

Bug: 160314910
Test: build and boot
Change-Id: I08c4aed640467d11482df08613039726e7395be0
2020-07-02 04:07:12 +00:00
Jeff Vander Stoep
234da0e568 Label kprobes and restrict access am: 1f9e45ee4b am: d065fea74f
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/11939764

Change-Id: I8d26ca15e4cb3f7743ea1484c5f4e55d024e2009
2020-07-02 01:53:34 +00:00
Jeff Vander Stoep
1f9e45ee4b Label kprobes and restrict access
Bug: 149659981
Test: build & boot Pixel

Change-Id: I6abcd1bb9af15e7ba0f1f5e711ea9ac661bffc25
Merged-In: I6abcd1bb9af15e7ba0f1f5e711ea9ac661bffc25
2020-06-30 17:22:08 -07:00
Ryan Savitski
58c8751cf7 perfetto: don't audit isatty() check on shell pipes
CTS runs are being polluted by denial logs from the best-effort isatty (
-> TCGETS ioctl) check done by the perfetto's log formatter.

This patch suppresses the denial.

I believe that what's actually being denied is the ioctl itself, NOT the
TCGETS aspect of it (there is a domain-wide fifo_file TCGETS allowxperms
rule in domain.te:303). But the "dontauditxerms" suppresses the denial
anyway.

Bug: 159988048
Merged-In: Ieee1d7de8b023dd632d0e37afa3a2434cfd1a3a1
Change-Id: Ieee1d7de8b023dd632d0e37afa3a2434cfd1a3a1
(cherry picked from commit 8519c6d316)
2020-06-29 23:10:40 +01:00
Ryan Savitski
952990da87 resolve merge conflicts of f885ab33e4 to rvc-dev-plus-aosp
This is resolving the combination of ag/11956179 + ag/11956180,
as submitted in rvc-dev. The first change is a CP of a change already in
aosp/master, the second change is new.

The merge therefore contains just the second change as far as the
non-prebuilts are concerned, as well as an update of 30.0 prebuilts
for the combined changes.

Bug: 159988048
Change-Id: Ia35358419207dba7984f30da507f32902967ca62
2020-06-29 21:59:36 +00:00
Ryan Savitski
837e1f9bc7 update 30.0 prebuilts for commit 2b2cde7592
The non-prebuilt files are already up-to-date, as this change exists in
aosp/master as aosp/1267820.

Bug: 159988048
Merged-In: Ie7780128fcd80a051e809bfc98f21179cb3f0ecc
Change-Id: Ie7780128fcd80a051e809bfc98f21179cb3f0ecc
(cherry picked from commit 2b2cde7592)
2020-06-29 22:54:19 +01:00
Ryan Savitski
90c65f103b Merge changes Ieee1d7de,Ie7780128 into rvc-dev am: f885ab33e4 am: b393f6031d
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/11956180

Change-Id: I3193d54ecc40200b7cdda33ce9550cd13d989e1f
2020-06-29 18:38:03 +00:00