tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
41317 commits 1 branch 0 tags 50 MiB
Commit graph

9488 commits

Author SHA1 Message Date
Henri Chataing
1f26ebadf8 Merge "Define the permissions for Nfc sysprops" am: ff275229d1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2424852

Change-Id: Ief06daa97a1ff07a8ebdc2cc1f0a77e769d2f76a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-09 17:01:39 +00:00
Henri Chataing
ff275229d1 Merge "Define the permissions for Nfc sysprops" 2023-02-09 16:08:40 +00:00
Jack He
259ea80e91 Merge "Add sysprop for LeAudio inband ringtone support" am: 796621872b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2422865

Change-Id: Ie3311c5fa54dad74f20578faba36fbd4981f1625
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-09 02:09:07 +00:00
Jack He
796621872b Merge "Add sysprop for LeAudio inband ringtone support" 2023-02-09 01:36:31 +00:00
Max Bires
89bbb2581b Allow GMSCore to read RKP properties. 
GMSCore requires access to read RKP properties in order for test suites
to validate the hostname is properly set.

Test: N/A
Change-Id: If537e58d4df74516435bec8955c83bb5494a80f0
 2023-02-08 17:14:47 -08:00
Charles Chen
3e9f05faa3 Extension of isolated_compute_app for media services. 
Support media use cases in isolated_compute_app such as decoding with MediaCodecs.

Bug:266943251
Test: m &&  manual - sample app with IsolatedProcess=True can use MediaCodec.

Change-Id: I864dcfb16494efada2fbd2a7d34b5d7f6b8128cb
 2023-02-08 15:48:25 -08:00
Brian Julian
e346f2fe80 Merge "Backports sepolicy for AltitudeService to T." am: f388934ffe 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2406792

Change-Id: I8cd9387e7b27e032e38b23a531a710a8801c6a5b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-08 18:51:22 +00:00
Brian Julian
f388934ffe Merge "Backports sepolicy for AltitudeService to T." 2023-02-08 18:28:25 +00:00
Ryan Savitski
de2aa42a42 Merge "sepolicy: rework perfetto producer/profiler rules for "user" builds" am: b9a365a35f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2419280

Change-Id: Ie9d2cdac2900cdadda71e69dff5402a50536b187
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-08 18:16:07 +00:00
Ryan Savitski
b9a365a35f Merge "sepolicy: rework perfetto producer/profiler rules for "user" builds" 2023-02-08 17:23:44 +00:00
Patty Huang
a2ef6f9584 Add system property for leaudio_allow_list 
Bug: 239768625
Test: Manual
Tag: #feature
Change-Id: I95e9672e452b3cfbec6ea57052444fcf833fdeab
 2023-02-08 13:39:02 +08:00
Łukasz Rymanowski
88193e8aa1 Add sysprop for LeAudio inband ringtone support 
Bug: 242685105
Test: manual
Change-Id: I9e884c0c2765285110cde943e5eb419139167a50
 2023-02-07 22:31:12 +00:00
Henri Chataing
60eaabc953 Define the permissions for Nfc sysprops 
Bug: 268219397
Test: m
Change-Id: Ic945e56ce947c3ddae4847f007e6870e3188c065
 2023-02-07 21:57:13 +00:00
Brian Julian
32b0a39d27 Backports sepolicy for AltitudeService to T. 
Test: VtsHalAltitudeServiceTargetTest
Bug: 265013616
Change-Id: I8eb6af8b9350e0d021ef781eb9f3776b4adf3b7f
Merged-In: I8eb6af8b9350e0d021ef781eb9f3776b4adf3b7f
 2023-02-07 19:38:17 +00:00
Jakub Rotkiewicz
2d1023f256 Merge "Bluetooth: Added sepolicy for Snoop Logger filtering" am: db85fd141e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2302410

Change-Id: I01ef5cc083efda96bd1083949a39e4177ca45a73
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-07 12:48:24 +00:00
Jaewan Kim
a6f591b123 Allow virtualizationmanager to read AVF debug policy am: 93f5788ec5 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2423325

Change-Id: Iddb3d51769a1a2f0d39d6612698ec411b891f958
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-07 12:47:48 +00:00
Jakub Rotkiewicz
db85fd141e Merge "Bluetooth: Added sepolicy for Snoop Logger filtering" 2023-02-07 11:51:56 +00:00
Jeffrey Huang
fcf5a91e00 Restrict system server from reading statsd data 
Bug: 267367423
Test: m -j
Change-Id: I0628142c2380cf568643f864ae211fbf5380550c
 2023-02-06 18:29:21 -08:00
Jaewan Kim
93f5788ec5 Allow virtualizationmanager to read AVF debug policy 
virtualizationmanager may handle some AVF debug policies for unproteted VM.

Bug: 243630590
Test: Run unprotected VM with/without ramdump
Change-Id: I2941761efe230a9925d1146f8ac55b50e984a4e9
 2023-02-07 02:04:02 +09:00
Avichal Rakesh
b95f1e539a Merge "Prevent non-system apps from read ro.usb.uvc.enabled" am: 36c4d512be 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2415830

Change-Id: Ie3acb6f962e05a3f9ddc6036590e3ec67ed650d3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-03 20:31:11 +00:00
Avichal Rakesh
36c4d512be Merge "Prevent non-system apps from read ro.usb.uvc.enabled" 2023-02-03 20:00:44 +00:00
Ryan Savitski
941ba723ba sepolicy: rework perfetto producer/profiler rules for "user" builds 
This patch:
* allows for heap and perf profiling of all processes on the system
  (minus undumpable and otherwise incompatible domains). For apps, the
  rest of the platform will still perform checks based on
  profileable/debuggable manifest flags. For native processes, the
  profilers will check that the process runs as an allowlisted UID.
* allows for all apps (=appdomain) to act as perfetto tracing data
  writers (=perfetto_producer) for the ART java heap graph plugin
  (perfetto_hprof).
* allows for system_server to act a perfetto_producer for java heap
  graphs.

Bug: 247858731
Change-Id: I792ec1812d94b4fa9a8688ed74f2f62f6a7f33a6
 2023-02-03 15:05:14 +00:00
Treehugger Robot
d1c26af880 Merge "Add selinux permissions for DeviceAsWebcam Service" am: 870b368ec5 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2410788

Change-Id: I4f2f7feac7862ff525e1ebf15c7ee1f036ca9fb3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-03 02:00:29 +00:00
Treehugger Robot
870b368ec5 Merge "Add selinux permissions for DeviceAsWebcam Service" 2023-02-03 01:40:58 +00:00
Cody Northrop
2008915bf8 Merge "Add EGL blobcache multifile properties" am: 1f1705917e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2402875

Change-Id: I73b5c4786e2cff76b395914857ed6630850ebb9e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-02 21:15:51 +00:00
Cody Northrop
1f1705917e Merge "Add EGL blobcache multifile properties" 2023-02-02 20:55:50 +00:00
Avichal Rakesh
e2cb0f2813 Prevent non-system apps from read ro.usb.uvc.enabled 
ro.us.uvc.enabled should not be readable from apps that can't or
shouldn't act on UVC support. This means all non-system apps. This CL
adds an explicit neverallow rule to prevent all appdomains (except
system_app and device_as_webcam).

Bug: 242344221
Bug: 242344229
Test: Build passes, manually confirmed that non-system apps cannot
      access the property
Change-Id: I1a40c3c3cb10cebfc9ddb791a06f26fcc9342ed9
 2023-02-02 12:26:33 -08:00
Avichal Rakesh
e0929241a1 Add selinux permissions for DeviceAsWebcam Service 
DeviceAsWebcam is a new service that turns an android device into a
webcam. It requires access to all services that a
regular app needs access to, and it requires read/write permission to
/dev/video* nodes which is how the linux kernel mounts the UVC gadget.

Bug: 242344221
Bug: 242344229
Test: Manually tested that the service can access all the nodes it
      needs, and no selinux exceptions are reported for the service
      when running.
Change-Id: I45c5df105f5b0c31dd6a733f50eb764479d18e9f
 2023-02-02 12:26:33 -08:00
Sumit Bhagwani
3241672e80 Non app processes shouldn't be able to peek checkin data am: 7602d0f348 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2417613

Change-Id: Iab7cebd106f5b6b7217ad81449705ed6f92e89c7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-02 20:12:29 +00:00
Sumit Bhagwani
7602d0f348 Non app processes shouldn't be able to peek checkin data 
Change-Id: I1df0ce47ae9d08f66689f82e21656cbdd70d7f25
Test: Manually built the change and flashed the device.
Bug: 197636740
 2023-02-02 17:51:51 +00:00
Alfred Piccioni
30ae427ed0 Adds support for fuseblk binaries. 
This is a rather large, single change to the SEPolicies, as fuseblk
required multiple new domains. The goal is to allow any fuseblk
drivers to also use the same sepolicy.

Note the compartmentalized domain for sys_admin and mount/unmount
permissions.

Bug: 254407246

Test: Extensive testing with an ADT-4 and NTFS USB drives.
Change-Id: I6619ac77ce44ba60edd6ab10e8436a8712459b48
 2023-02-02 15:32:39 +01:00
Alex Hong
41d99a9951 Merge changes from topic "fix_missing_set_denials" am: e79c506fe4 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2410790

Change-Id: I24358b23b958974800af032577f7b6758e0f05c8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-02 14:23:14 +00:00
Alex Hong
255a5ae441 Allow vendor_init to set properties for recovery/fastbootd USB IDs am: 1abf80e5c1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2388472

Change-Id: I01ea3a4ebb6d5111941e61f8a7e41bbff2d83a3c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-02 14:23:10 +00:00
Alex Hong
e79c506fe4 Merge changes from topic "fix_missing_set_denials" 
* changes:
  Add build properties for attestation feature
  Allow vendor_init to set properties for recovery/fastbootd USB IDs
 2023-02-02 14:04:36 +00:00
Alex Hong
4c23abb282 Add build properties for attestation feature 
The properties for attestation are congifured in build.prop files and
used by frameworks Build.java.
Allow vendor_init to set these properties and allow Zygote to access
them.

Bug: 211547922
Test: SELinuxUncheckedDenialBootTest
Change-Id: I5666524a9708c6fefe113ad4109b8a344405ad57
 2023-02-02 18:52:35 +08:00
Karthik Mahesh
4fc055b5cd Merge "Add sepolicy for ODP system server service." am: 4fd76147c4 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2402876

Change-Id: I0aea8a5cc639ad2bd70b59148dfc2c463827497a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-02 10:39:26 +00:00
Charles Chen
42564316e9 Merge "Creates mapping from isolated apps to isolated_compute_app" am: 3d629cdb5d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2406772

Change-Id: I81a41abc9d44515edda23215935338d0d3d49599
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-02 10:39:13 +00:00
Girish
82eb62f34d Allow communication between mediaserver & statsd am: f9ef01a285 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2411339

Change-Id: I412e1f68e38c7b4b5f2133ce5164128d72944bb5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-02 10:38:38 +00:00
Karthik Mahesh
4fd76147c4 Merge "Add sepolicy for ODP system server service." 2023-02-02 08:21:46 +00:00
Karthik Mahesh
52e5914ca4 Add sepolicy for ODP system server service. 
Bug: 236174677
Test: build
Change-Id: Ief208b795dd05ddaa406f50a5fa91f46fe52fd71
 2023-02-01 22:27:36 -08:00
Charles Chen
3d629cdb5d Merge "Creates mapping from isolated apps to isolated_compute_app" 2023-02-02 05:41:22 +00:00
Girish
f9ef01a285 Allow communication between mediaserver & statsd 
Bug: 265488359
Test: atest cts/tests/media/misc/src/android/media/misc/cts/ResourceManagerTest.java
Change-Id: I34bcdc3c403093af90a0e09b18842d7b872c0392
 2023-02-01 22:33:28 +00:00
Florian Mayer
e17c5905a6 Merge "[MTE] Add memory_safety_native_boot namespace" am: cbeec8f821 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2411338

Change-Id: I68c6e7830b622bcbd6d9f10527378183a53044ae
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-01 22:21:23 +00:00
Florian Mayer
cbeec8f821 Merge "[MTE] Add memory_safety_native_boot namespace" 2023-02-01 21:41:45 +00:00
Charles Chen
bc965c900a Creates mapping from isolated apps to isolated_compute_app 
Provides mapping using the isIsolatedComputeApp to enable certain
isolated process running in such domain with more hardware
acceleratation.

Bug: 267494028
Test: m && atest --host libselinux_test with change on android_unittest.cpp
Change-Id: I9ff341de69e0ad15cb7764276e0c726d54261b84
 2023-02-01 18:41:09 +00:00
Charles Chen
cbd5aa73ff Merge "Update seapp_contexts with isIsolatedComputeApp selector" am: eb1290f511 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2390135

Change-Id: I1145c5ed3b4fd9736c7636ad921a6235045a4f93
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-01 18:29:29 +00:00
Charles Chen
5317542847 Merge changes from topic "iso_compute" am: b36ecf6caa 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2390967

Change-Id: Ib84377f876f96dfcbac94bcee9a4a9c7cf408eed
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-01 18:29:18 +00:00
Charles Chen
eb1290f511 Merge "Update seapp_contexts with isIsolatedComputeApp selector" 2023-02-01 17:34:48 +00:00
Charles Chen
b36ecf6caa Merge changes from topic "iso_compute" 
* changes:
  Add isolated_compute_app domain
  Share isolated properties across islolated apps
 2023-02-01 17:33:59 +00:00
Alex Hong
1abf80e5c1 Allow vendor_init to set properties for recovery/fastbootd USB IDs 
Bug: 211547922
Test: SELinuxUncheckedDenialBootTest
Test: Enter recovery/fastbootd mode
      $ lsusb -d 18d1:
Change-Id: Ibee1210c1a70a3165e70f9b3b57e11949e412c97
 2023-02-01 17:49:32 +08:00
Treehugger Robot
a2cb810593 Merge "Add selinux permissions for ro.usb.uvc.enabled" am: 11eb002e83 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2410787

Change-Id: Ie38aa8c6a5be43b53cd72214cd6f4fe16f872407
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-01 07:43:58 +00:00
Treehugger Robot
11eb002e83 Merge "Add selinux permissions for ro.usb.uvc.enabled" 2023-02-01 07:17:11 +00:00
Treehugger Robot
1c9645177c Merge "Modify canhalconfigurator file context" am: 35820e6910 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2399853

Change-Id: I88dba0b0233a554e1ed2ea336df753fd335fc64c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-01 02:10:31 +00:00
Treehugger Robot
35820e6910 Merge "Modify canhalconfigurator file context" 2023-02-01 00:34:33 +00:00
Florian Mayer
94926f51df [MTE] Add memory_safety_native_boot namespace 
Bug: 267234468
Change-Id: I248fdf58a744f0c70a26d6a8f7d4caa0a6ce8edb
 2023-01-31 15:48:40 -08:00
Hongwei Wang
7476ab79ff Merge "Allow platform_app:systemui to write protolog file" am: f4979adab7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2397593

Change-Id: Id077867308be1b610fd4b12ed50e87908bd5e8d2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-31 20:58:01 +00:00
Hongwei Wang
f4979adab7 Merge "Allow platform_app:systemui to write protolog file" 2023-01-31 19:38:16 +00:00
Avichal Rakesh
a12d3103be Add selinux permissions for ro.usb.uvc.enabled 
This CL the selinux rules for the property ro.usb.uvc.enabled which will
be used to toggle UVC Gadget functionality on the Android Device.

Bug: 242344221
Bug: 242344229
Test: Manually tested that the property can only be read at runtime,
      not written to.
Change-Id: I0fd6051666d9554037acc68fa81226503f514a45
 2023-01-31 11:17:50 -08:00
Charles Chen
3d4a6b7474 Add isolated_compute_app domain 
Provides a new domain to enable secure sensitive data processing. This
allows processing of sensitive data, while enforcing necessary privacy
restrictions to prevent the egress of data via network, IPC or file
system.

Bug: 255597123
Test: m &&  manual - sample app with IsolatedProcess=True can use camera
service

Change-Id: I401667dbcf492a1cf8c020a79f8820d61990e72d
 2023-01-31 15:24:55 +00:00
Charles Chen
ccf8014492 Share isolated properties across islolated apps 
Introduce isolated_app_all typeattribute to share policies between
isolated_app and future similar apps that wish to be enforced with
isolation properties.

Bug: 255597123
Test: m && presubmit
Change-Id: I0d53816f71e7d7a91cc379bcba796ba65a197c89
 2023-01-31 12:59:57 +00:00
Inseob Kim
1dba2f058a Merge "Add comments on compat files" am: beee8849a6 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2405373

Change-Id: I09be668bc0fe182d1a87c046c1002a865f7b9342
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-31 07:32:10 +00:00
Inseob Kim
beee8849a6 Merge "Add comments on compat files" 2023-01-31 06:34:19 +00:00
Jiakai Zhang
57d7bd317d Merge "dontaudit dexoptanalyzer's DM file check on secondary dex files." am: 07cec2bd5e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2407092

Change-Id: I61c2ef978c55536fcb60432f20d82b311f8e1608
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-31 02:41:13 +00:00
Jiakai Zhang
07cec2bd5e Merge "dontaudit dexoptanalyzer's DM file check on secondary dex files." 2023-01-31 02:01:15 +00:00
Inseob Kim
338f81baac Add comments on compat files 
To prevent further confusion.

Bug: 258029505
Test: manual
Change-Id: Iaa145e4480833a224b1a07fc68adb7d3e8a36e4b
 2023-01-31 09:57:26 +09:00
Abhishek Pandit-Subedi
4aa7129dae Merge "Add sysprop for LeGetVendorCapabilities" am: 107af48013 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2405121

Change-Id: Ib0dab2f71e84c42cd34fb3147ff065704a8ab5e8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-30 18:41:15 +00:00
Abhishek Pandit-Subedi
107af48013 Merge "Add sysprop for LeGetVendorCapabilities" 2023-01-30 17:41:16 +00:00
Gil Cukierman
bc0f54877a Merge "Add SELinux Policy For io_uring" am: fab49d0a64 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2302679

Change-Id: I65aad86e82542723e96a7e24e16a597e91d7aa6c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-30 15:14:42 +00:00
Gil Cukierman
fab49d0a64 Merge "Add SELinux Policy For io_uring" 2023-01-30 14:38:43 +00:00
Jiakai Zhang
13909cdb3f Allow installd to kill profman. am: a7774c2cba 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2406753

Change-Id: I836e0c01d4356af7d125ba2ac754689239e57838
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-30 13:04:58 +00:00
Jiakai Zhang
a7774c2cba Allow installd to kill profman. 
installd needs to kill profman if profman times out.

Bug: 242352919
Test: -
  1. Add an infinate loop to profman.
  2. Run `adb shell pm compile -m speed-profile com.android.chrome`
  3. See profman being killed after 1 minute.

Change-Id: I71761eaab027698de0339d855b9a436b56580ed8
 2023-01-30 11:09:08 +00:00
Jiakai Zhang
dbfa7d58b7 dontaudit dexoptanalyzer's DM file check on secondary dex files. 
Bug: 259758044
Change-Id: I5cf88e2f2217c03cff071f17aadd71153f170c61
Test: Presubmit
 2023-01-30 07:56:10 +00:00
Gil Cukierman
214294ce75 Add SELinux Policy For io_uring 
Brings in the io_uring class and associated restrictions and adds a new
macro, `io_uring_use`, to sepolicy.

In more detail, this change:

* Adds a new macro expands to ensure the domain it is passed can undergo a
type transition to a new type, `<domain>_iouring`, when the anon_inode
being accessed is labeled `[io_uring]`. It also allows the domain to
create, read, write, and map the io_uring anon_inode.

* Adds the ability for a domain to use the `IORING_SETUP_SQPOLL` flag
during `io_uring_setup` so that a syscall to `io_uring_enter` is not
required by the caller each time it wishes to submit IO. This can be
enabled securely as long as we don't enable sharing of io_uring file
descriptors across domains. The kernel polling thread created by `SQPOLL`
will inherit the credentials of the thread that created the io_uring [1].

* Removes the selinux policy that restricted all domains that make use of
the `userfault_fd` macro from any `anon_inode` created by another domain.
This is overly restrictive, as it prohibits the use of two different
`anon_inode` use cases in a single domain e.g. userfaultfd and io_uring.

This change also replaces existing sepolicy in fastbootd and snapuserd
that enabled the use of io_uring.

[1] https://patchwork.kernel.org/project/linux-security-module/patch/163159041500.470089.11310853524829799938.stgit@olly/

Bug: 253385258
Test: m selinux_policy
Test: cd external/liburing; mm; atest liburing_test; # requires WIP CL ag/20291423
Test: Manually deliver OTAs (built with m dist) to a recent Pixel device
and ensure snapuserd functions correctly (no io_uring failures)

Change-Id: I96f38760b3df64a1d33dcd6e5905445ccb125d3f
 2023-01-27 11:44:59 -05:00
Charles Chen
307049222a Update seapp_contexts with isIsolatedComputeApp selector 
Provide isIsolatedComputeApp selector for apps reusing _isolated user to run in domains other than isolated_app. Processes match the selector will have a default domain isolated_compute_app assigned. Also updated _isolated neverallow statements.

Bug: 265540209
Bug: 265746493
Test: m && atest --host libselinux_test with change on android_unittest.cpp
Change-Id: Ia05954aa6a9a9a07d6a8d1e3235a89e7b37dead9
 2023-01-27 14:36:40 +00:00
Jakub Rotkiewicz
1784feae44 Bluetooth: Added sepolicy for Snoop Logger filtering 
Bug: 247859568
Tag: #feature
Test: atest BluetoothInstrumentationTests
Test: atest bluetooth_test_gd_unit

Change-Id: Ic5036cc03e638e38ff87e44d61ed241f6168f335
 2023-01-27 14:13:52 +00:00
Abhishek Pandit-Subedi
859037f2ec Add sysprop for LeGetVendorCapabilities 
Added new sysprop to configure getting vendor capabilities.

Bug: 257423916
Tag: #floss
Test: Manual
Change-Id: I35ba5883505bdd671276dd0863b129ab531890f3
 2023-01-26 16:12:52 -08:00
Tri Vo
2ebc3fe590 credstore: Switch to new RKPD build flag. am: 59a30a8c17 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2402874

Change-Id: Ifa40640c027410530a71002808e10133ba464c36
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-26 18:26:41 +00:00
Cody Northrop
13fcd7357f Add EGL blobcache multifile properties 
Test: adb shell getprop
Test: /data/nativetest64/EGL_test/EGL_test
Bug: b/266725576
Change-Id: I847fe151340747322f9c35d93160bddc8f1c1d99
 2023-01-25 14:45:36 -07:00
Tri Vo
59a30a8c17 credstore: Switch to new RKPD build flag. 
Test: CtsIdentityTestCases
Change-Id: I6c0a533a890e4fa51c475452cf50ebe3706a90c8
 2023-01-25 20:42:34 +00:00
Hongwei Wang
9372026ad2 Allow platform_app:systemui to write protolog file 
This is enabled on debuggable builds only, includes
- Grant mlstrustedsubject typeattribute to wm_trace_data_file
- Grant platform_app (like systemui) the write access to
  wm_trace_data_file

Bug: 251513116
Test: adb shell dumpsys activity service SystemUIService \
      WMShell protolog [start | stop]
Change-Id: I9f77f8995e4bf671616ce6c49eeb93720e31430e
 2023-01-24 16:30:57 -08:00
Seth Moore
96b8a026fd Add build flag indicating that rkpd is enabled. am: 0afe97a38f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2399548

Change-Id: I07efb44a1165beaf98b76aa58f934084d3449d08
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-24 19:49:31 +00:00
Seth Moore
0afe97a38f Add build flag indicating that rkpd is enabled. 
Platforms, such as cuttlefish, are RKP only, and are using a new
version of keymint that is not compatible with the old
RemoteProvisioner. Therefore, we must ensure that the configuration
is fixed and cannot be turned off.

Bug: 266482839
Test: RemoteProvisionerUnitTests
Test: keystore2_client_tests
Test: RkpdAppUnitTests
Change-Id: Ib7b3128b27c4a26fdd2dbdc064b491f7a3d3cd92
 2023-01-24 08:54:22 -08:00
Philip Chen
870af1fc0a Modify canhalconfigurator file context 
We plan to move canhalconfigurator from system to system_ext partition.
So let's update its sepolicy file context first.

Bug: 263516803
Test: build selinux policy for aosp_cf_x86_64_auto target
Change-Id: Ic4bd69489fa2f94ba33665a2cf1359e9fa487ea6
 2023-01-23 21:47:19 +00:00
Jeffrey Vander Stoep
94a4d4758f Merge "runas_app: allow sigkill of untrusted_app" am: eff7d756e1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2393300

Change-Id: Ibaa3a3da9953b75f98da86494e946d7386ba2747
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-20 16:53:58 +00:00
Jeffrey Vander Stoep
eff7d756e1 Merge "runas_app: allow sigkill of untrusted_app" 2023-01-20 16:20:15 +00:00
Yuyang Huang
32788d6842 Blocks untrusted apps to access /dev/socket/mdnsd from U am: cfdea5f4f3 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2388478

Change-Id: I9cee4d4b5d13612b02f63b377d32efae99d3ca67
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-20 10:09:07 +00:00
Jeff Vander Stoep
5a6c0a755d runas_app: allow sigkill of untrusted_app 
It is safe to grant this permission because:
 * UID restrictions will prevent killing arbitrary apps.
 * Runas enforces restrictions preventing transitioning to UIDs of apps
   that are not debuggable.

Addresses:
avc: denied { sigkill } for scontext=u:r:runas_app:s0:c87,c257,c512,c768
tcontext=u:r:untrusted_app:s0:c87,c257,c512,c768 tclass=process
permissive=0 app=com.example.myapplication

Bug: 263379256
Test: Build and deploy any Android app in debug mode
   adb shell
   run-as com.example.myapplication
   kill -SIGKILL <pid>
Change-Id: I1e4588a9a1c7ee71e0396fbd1ea5e1b24720bd62
 2023-01-20 09:02:19 +01:00
Yuyang Huang
cfdea5f4f3 Blocks untrusted apps to access /dev/socket/mdnsd from U 
The untrusted apps should not directly access /dev/socket/mdnsd since
API level 34 (U). Only adbd and netd should remain to have access to
/dev/socket/mdnsd. For untrusted apps running with API level 33-, they
still have access to /dev/socket/mdnsd for backward compatibility.

Bug: 265364111
Test: Manual test
Change-Id: Id37998fcb9379fda6917782b0eaee29cd3c51525
 2023-01-20 15:25:46 +09:00
Seth Moore
323be38e4e Merge "Add remote_provisioning.hostname property" am: e6945d0046 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2394292

Change-Id: Icb0a8d5e15996466b1f96a2376486d537d778c4c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-19 23:29:02 +00:00
Seth Moore
e6945d0046 Merge "Add remote_provisioning.hostname property" 2023-01-19 22:56:21 +00:00
Tri Vo
0b5e91271d Merge "credstore: Add missing permissions" am: 7fc3a5f4a5 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2390960

Change-Id: I241539cef54e4a69759755734207550f2c7a4f78
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-19 18:27:03 +00:00
Seth Moore
6b8cd0035e Merge "Allow remote provisioner to read rkpd enablement property" am: 4836d9c6ee 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2394294

Change-Id: I6deb775e95ab0febe6b319bdb8a557b3df2d3906
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-19 18:26:42 +00:00
Tri Vo
7fc3a5f4a5 Merge "credstore: Add missing permissions" 2023-01-19 18:18:33 +00:00
Seth Moore
4836d9c6ee Merge "Allow remote provisioner to read rkpd enablement property" 2023-01-19 17:43:17 +00:00
Jörg Wagner
6b3fc5f686 Merge "Grant surfaceflinger and graphics allocator access to the secure heap" am: 9a3d794113 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2393292

Change-Id: I5de60e710b28ceae3b304310b1958438c5dd26d7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-19 13:36:05 +00:00
Jörg Wagner
9a3d794113 Merge "Grant surfaceflinger and graphics allocator access to the secure heap" 2023-01-19 13:03:06 +00:00
Jörg Wagner
213e1d8ea0 Grant surfaceflinger and graphics allocator access to the secure heap 
Transfers access permissions into the system policy which
would otherwise be setup on a per-device basis in exactly
the same recurring way.

For surfacefliner it avoids errors when it
(via its dependent graphics libraries) tries to allocate
memory from the protected heap, e.g. when operating on a
Vulkan device with protected memory support.

Bug: 235618476
Change-Id: I7f9a176c067ead2f3bd38b8c34fc55fa39d87655
 2023-01-19 09:02:56 +00:00
Jiakai Zhang
1373154885 Explicitly list "pm.dexopt." sysprops. am: 9bbc1c0e72 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2388479

Change-Id: Ia273f78fc603757969b4678767c2ea3b08f30520
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-19 06:27:43 +00:00
Jiakai Zhang
9bbc1c0e72 Explicitly list "pm.dexopt." sysprops. 
Bug: 256639711
Test: m
Change-Id: I5e6bd4fd8ec516a23f4e3a5658a651f04d40412c
 2023-01-19 12:07:25 +08:00
Seth Moore
02ff4b02cc Allow remote provisioner to read rkpd enablement property 
This way, remote provisioner can decide to noop when rkpd is
enabled.

Test: RemoteProvisionerUnitTests
Change-Id: I9c300360dc08c6d70431b83e1db714941d8caca1
 2023-01-19 03:13:23 +00:00
Treehugger Robot
12ee7a4b50 Merge "Modify the automotive display service file context" am: 347a7d5c3c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2390133

Change-Id: I7184a7a8119714bd952af82b4fc109862aac70c3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-19 01:56:13 +00:00
Treehugger Robot
347a7d5c3c Merge "Modify the automotive display service file context" 2023-01-19 00:35:18 +00:00
Alistair Delva
4b3d6db075 Merge "Add missing permissions for default bluetooth hal" am: e7fc603518 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2376448

Change-Id: Ib3ddc8e777f012d839e7881b9a383dddc99d67d7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-18 22:26:05 +00:00
Alistair Delva
e7fc603518 Merge "Add missing permissions for default bluetooth hal" 2023-01-18 22:16:06 +00:00
Seth Moore
7ed4c00496 Add remote_provisioning.hostname property 
This property contains the server name for the remote provisioning
service, if any, used by the device.

Test: RkpdAppUnitTests
Change-Id: Iad7805fe6da1ce89a9311d5caf7c9c651af2d16d
 2023-01-18 13:44:47 -08:00
Treehugger Robot
e6b7e8aebf Merge "Allow mkfs/fsck for zoned block device" am: 9b69f0de58 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2390134

Change-Id: Ib7a44a32ce2ec9cc66c74b48e1c5566a6f35e349
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-18 16:12:04 +00:00
Treehugger Robot
9b69f0de58 Merge "Allow mkfs/fsck for zoned block device" 2023-01-18 15:45:02 +00:00
Orion Hodson
a23a503026 Merge "Additional sepolicy rules for dex2oat" am: 2ff660e134 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2389548

Change-Id: I5a27225905b293151414d6f836c3483d0a2ec5eb
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-18 12:36:57 +00:00
Orion Hodson
2ff660e134 Merge "Additional sepolicy rules for dex2oat" 2023-01-18 11:35:39 +00:00
Jaegeuk Kim
b5f16b2392 Allow mkfs/fsck for zoned block device 
Zoned block device will be used along with userdata_block_device
for /data partition.

Bug: 197782466
Change-Id: I777a8b22b99614727086e72520a48dbd8306885b
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
 2023-01-17 17:59:28 -08:00
Lorenzo Colitti
d842a85d44 Merge "Update SEPolicy for Tetheroffload AIDL" am: b8194ca7fb 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2355402

Change-Id: Ie4aad80ff32164a962fa5f140db97be9c51776fe
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-18 00:13:12 +00:00
Tri Vo
99f88846ff credstore: Add missing permissions 
Bug: 261214100
Test: CtsIdentityTestCases
Change-Id: I6a70ed279f65d1cb4bfa0d53fa0e0f25d00d44b5
 2023-01-17 16:07:19 -08:00
Lorenzo Colitti
b8194ca7fb Merge "Update SEPolicy for Tetheroffload AIDL" 2023-01-18 00:04:51 +00:00
Jiakai Zhang
5a6771ccb7 Allow artd to create dirs and files for artifacts before restorecon. am: 7789460457 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2388476

Change-Id: I721371609f28e093b6bf082feb8a64adc0fe2779
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-17 19:26:42 +00:00
Jiakai Zhang
7789460457 Allow artd to create dirs and files for artifacts before restorecon. 
Bug: 262230400
Test: -
  1. Remove the "oat" directory of an app.
  2. Dexopt the app using ART Service.
  3. See no SELinux denials.
Change-Id: I717073b0172083d73a1b84e5c2bea59076663b2f
 2023-01-18 01:07:49 +08:00
Orion Hodson
c09e7e4674 Additional sepolicy rules for dex2oat 
Enable reading vendor overlay files and /proc.

Fix: 187016929
Test: m
Change-Id: I7df17b4fcc8a449abe2af4bc8394d0224243799c
 2023-01-17 15:43:58 +00:00
Treehugger Robot
6ec18d5439 Merge "Allow all system properties with the "pm.dexopt." prefix." am: cc39bf74f1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2388475

Change-Id: Id90a1a0caa594483611374cb187c6b32e887ef53
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-17 02:08:06 +00:00
Treehugger Robot
cc39bf74f1 Merge "Allow all system properties with the "pm.dexopt." prefix." 2023-01-17 01:24:34 +00:00
Jiakai Zhang
cda13660d7 Allow all system properties with the "pm.dexopt." prefix. 
We use this as a namespace of all system properties used by ART Service.
As ART Service is in the updatable ART module, we need to be able to add
new properties.

Bug: 256639711
Test: Presubmit
Change-Id: Idcee583abccef9c0807699122074eb26927ca57b
 2023-01-16 21:24:07 +08:00
Changyeon Jo
edf5420830 Modify the automotive display service file context 
The automotive display service is moved to /system_ext partition.

Bug: 246656948
Test: Build selinux policy for aosp_cf_x86_64_only_auto target.
      > lunch aosp_cf_x86_64_only_auto-userdebug
      > m -j selinux_policy
Change-Id: If822e54aa99053c1aaee9f41d067860ea965c2f2
 2023-01-15 01:31:09 +00:00
Treehugger Robot
f18c34bfdf Merge "dontaudit crosvm reading VM's pipe" am: fa767b0e4a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2385815

Change-Id: I4eb2bc22ab9b122bae111003af66e5fc008d0d75
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-14 00:38:22 +00:00
Treehugger Robot
fa767b0e4a Merge "dontaudit crosvm reading VM's pipe" 2023-01-14 00:14:23 +00:00
Tri Vo
58a2792951 Merge "Add rkpdapp access to remote_prov_prop" am: 9a63dcb2ee 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2386552

Change-Id: Iecc85a4f3ab6a3cf97cd603097f961b3f4d13dba
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-13 18:53:18 +00:00
Tri Vo
9a63dcb2ee Merge "Add rkpdapp access to remote_prov_prop" 2023-01-13 18:16:19 +00:00
David Brazdil
8cfd50806d Merge "virtualizationservice: Allow checking permissions" am: 28e9b97993 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2384139

Change-Id: Ic1f358083895f4ed26cc6ce4f51cd17106b86dea
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-13 13:46:47 +00:00
David Brazdil
28e9b97993 Merge "virtualizationservice: Allow checking permissions" 2023-01-13 13:00:48 +00:00
Treehugger Robot
7cf7012262 Merge "refactor: get_prop(bpfdomain, bpf_progs_loaded_prop)" am: c8882d3e23 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2378568

Change-Id: I688bc3d34cf4a4f5c2a28a9cec276ea2ecb8eba5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-13 11:55:44 +00:00
Treehugger Robot
c8882d3e23 Merge "refactor: get_prop(bpfdomain, bpf_progs_loaded_prop)" 2023-01-13 11:27:11 +00:00
Xin Li
decaa94957 Merge "Merge tm-qpr-dev-plus-aosp-without-vendor@9467136" into stage-aosp-master 2023-01-13 07:32:38 +00:00
Akilesh Kailash
bae423e9c5 Merge "Allow files to be created /metadata/ota" 2023-01-13 06:35:33 +00:00
Inseob Kim
42798af0cb dontaudit crosvm reading VM's pipe 
Bug: 238593451
Test: boot microdroid and see console
Change-Id: I46712759240a9f091936c6a81bb02679c267b8b8
 2023-01-13 14:08:16 +09:00
David Brazdil
ccf9164abc virtualizationservice: Allow checking permissions 
Bug: 245727626
Test: atest -p packages/modules/Virtualization:avf-presubmit
Change-Id: Ia49d7db3edeb465fd8b851aed8646964ee6f5af2
 2023-01-12 21:10:33 +00:00
Henri Chataing
9ff3423527 Add missing permissions for default bluetooth hal 
Test: launch_cvd
Bug: 205758693
Change-Id: Ie55352bbe48c5eef281a293bedc5aa057f5dcdad
Merged-In: Ie55352bbe48c5eef281a293bedc5aa057f5dcdad
 2023-01-12 19:02:57 +00:00
Tri Vo
7b9b6a04ed Add rkpdapp access to remote_prov_prop 
Test: presubmit
Change-Id: I7f4593e580f9d762a38b6e1b3e9db7c74e3eb984
 2023-01-12 09:50:28 -08:00
Xin Li
0ba8f8934a Merge tm-qpr-dev-plus-aosp-without-vendor@9467136 
Bug: 264720040
Merged-In: Id5f052116834034a9e4fd5c3adf17d3d7ef6610a
Change-Id: I84e152300ba7ece94e47e270eba1d7280a72343a
 2023-01-11 22:47:37 -08:00
Thomas Nguyen
3445819d5a Add IRadioSatellite context 
Bug: 260644201
Test: atest VtsHalRadioTargetTes

Change-Id: I43555e1f076cdf96fb0b7805cd664d7ba6798aec
 2023-01-10 18:27:41 +00:00
Nathalie Le Clair
98e20da831 Merge "HDMI: Refactor HDMI packages" 2023-01-10 17:05:17 +00:00
Kalesh Singh
460c2ac995 Merge "suspend: Allow access to /sys/power/wake_[un]lock" 2023-01-09 17:55:09 +00:00
Alan Stokes
c5b914670f Suppress harmless denial 
Commit 2d736569e716b5c143f296ae124bcfed9630a4d2 improved the logging
in virtualization service by attempting to get the real path from
/proc/self/fd/N for various files.

However, CompOS stores its log files in a directory
(/data/misc/apexdata/...) which VS has no access to, triggering an
SELinux denial:

avc: denied { search } for name="apexdata"
scontext=u:r:virtualizationmanager:s0
tcontext=u:object_r:apex_module_data_file:s0 tclass=dir

Suppress this denial, since it causes no harm (we just don't log the
real path).

Bug: 264496291
Bug: 251751405
Test: composd_cmd test-compile;
 see no denials
Change-Id: Ia55e593c0c0735b8f3085a964f0c789c177375f2
 2023-01-09 11:34:52 +00:00
Thiébaud Weksteen
d03656b281 Merge "Grant SIGTERM and SIGKILL to dumpstate on incident" 2023-01-09 02:02:48 +00:00
Bill Yi
8c544a4c73 Merge "Merge TQ1A.230105.002 to aosp-master - DO NOT MERGE" 2023-01-06 19:33:52 +00:00
David Brazdil
3f1b27afa6 Merge "Start using virtmgr for running VMs" am: 2cfd7d5e4b am: 2de678977a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2367809

Change-Id: I8e3305438b002a4a4963c71dbbacfe56728d4a04
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-06 17:15:56 +00:00
David Brazdil
2de678977a Merge "Start using virtmgr for running VMs" am: 2cfd7d5e4b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2367809

Change-Id: Id29260cd0d23e3908833b0d903957402210ca224
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-06 16:44:06 +00:00
Bill Yi
15ee6d11bc Merge TQ1A.230105.002 to aosp-master - DO NOT MERGE 
Merged-In: I9acac60411da6eee86246a9e375b35dfb61691d1
Merged-In: If343dba5dae2821fa345135abafb891e85be5574
Change-Id: Ia868a5a11f13d47bf11fbb21b3d5cee12d7c8c99
 2023-01-06 07:13:50 -08:00
Maciej Żenczykowski
60f4a34544 refactor: get_prop(bpfdomain, bpf_progs_loaded_prop) 
Based on:
  cs/p:aosp-master -file:prebuilts/ get_prop.*bpf_progs_loaded_prop

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: If07026b1ea5753a82401a62349c494b4cbf699b6
 2023-01-06 10:09:33 +00:00
David Brazdil
55d808c28c Start using virtmgr for running VMs 
Split virtualizationservice policy into rules that should remain with
the global service and rules that now apply to virtmgr - a child process
of the client that runs the VM on its behalf.

The virtualizationservice domain remains responsible for:
 * allocating CIDs (access to props)
 * creating temporary VM directories (virtualization_data_file, chown)
 * receiving tombstones from VMs
 * pushing atoms to statsd
 * removing memlock rlimit from virtmgr

The new virtualizationmanager domain becomes responsible for:
 * executing crosvm
 * creating vsock connections, handling callbacks
 * preparing APEXes
 * pushing ramdumps to tombstoned
 * collecting stats for telemetry atoms

The `virtualizationservice_use` macro is changed to allow client domains
to transition to the virtmgr domain upon executing it as their child,
and to allow communication over UDS.

Clients are not allowed to communicate with virtualizationservice via
Binder, only virtmgr is now allowed to do that.

Bug: 250685929
Test: atest -p packages/modules/Virtualization:avf-presubmit
Change-Id: Iefdccd908fc28e5d8c6f4566290e79ed88ade70b
 2023-01-05 17:39:39 +00:00
Bill Yi
537945aaec Merge TQ1A.230105.002 to stage-aosp-master - DO NOT MERGE 
Merged-In: I5d03241b079692da856025a33b24013728fa0e57
Change-Id: Ic1d5da8b8192ff04d58c86a748066d21dc976999
 2023-01-04 12:52:29 -08:00
Jiakai Zhang
923a805f7c Merge changes from topic "artd-sepolicy-b254013425" am: d09a14baee am: 33426b1423 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2369929

Change-Id: I5d03241b079692da856025a33b24013728fa0e57
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-04 19:00:52 +00:00
Jiakai Zhang
edeaa6ea16 Allow system_server to read /data/misc/profman. am: 10aa6465d9 am: 4eda7b5335 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2350182

Change-Id: If36138e202e0c8a7a1c8d0ffab641ef097dd6e4f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-04 19:00:49 +00:00
Jiakai Zhang
4eda7b5335 Allow system_server to read /data/misc/profman. am: 10aa6465d9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2350182

Change-Id: I5792df13d00fa4480aeacfa7af304edc93201616
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-04 18:26:19 +00:00
Jiakai Zhang
d09a14baee Merge changes from topic "artd-sepolicy-b254013425" 
* changes:
  Allow artd to scan directories for cleaning up obsolete managed files.
  Allow system_server to read /data/misc/profman.
 2023-01-04 17:43:24 +00:00
Treehugger Robot
5efaa62b95 Merge "EARC: Add Policy for EArc Service" am: 6baccc1d8e am: 1791ca2220 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2320410

Change-Id: I7945e5044d54ba6a5f00524512c9153f0229242b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-04 04:27:27 +00:00
Treehugger Robot
6baccc1d8e Merge "EARC: Add Policy for EArc Service" 2023-01-04 03:30:47 +00:00
KH Shi
8ae99b5e5f Update SEPolicy for Tetheroffload AIDL 
Bug: b/205762647
Test: m
Change-Id: Iaf87e8a64a4a1af20f54e3c09c31d051acf549a1
 2023-01-04 11:28:47 +08:00
Thiébaud Weksteen
3b1c843976 Grant SIGTERM and SIGKILL to dumpstate on incident 
Bug: 238705597
Test: reduce timeout on incident; trigger bugreport; no denials
Change-Id: If70f9969165f4b8e4f1849d9dd6035503de87eb2
 2023-01-04 12:57:11 +11:00
Jiakai Zhang
440ae7883e Allow artd to scan directories for cleaning up obsolete managed files. 
Bug: 254013425
Test: -
  1. adb shell pm art cleanup
  2. See no SELinux denials.
Change-Id: Idf4c0863810e1500a7e324811f128400bdfcb98c
 2023-01-03 16:48:41 +00:00
Jiakai Zhang
10aa6465d9 Allow system_server to read /data/misc/profman. 
Before this change, system_server only has write access. We want read
access the directory so that we can check if it has the right
permissions before we write to it.

Bug: 262230400
Test: No longer see SELinux denials on that directory.
Change-Id: Ic26b2a170031c4f14423b8b1f1a8564d64f532ae
 2023-01-03 16:48:11 +00:00
Akilesh Kailash
f10e232277 Allow files to be created /metadata/ota 
This is required during OTA. File will be removed
once OTA update is completed.

Bug: 262407519
Test: OTA on Pixel
Change-Id: I8922ebaaa89f9075fe47d2b74f61071b657850f0
Signed-off-by: Akilesh Kailash <akailash@google.com>
 2023-01-02 21:13:43 -08:00
Andy Hung
a8b6900a49 audio HAL: SELinux changes for Spatial Audio optimization 
Add CAP_SYS_NICE.
Reduce glitches caused by core migration.
Reduce power consumption as Spatializer Effect is DSP compute bound.

Test: instrumented
Test: adb shell 'uclampset -a -p $(pgrep -of android.hardware.audio.service)'
Test: adb shell cat "/proc/$(adb shell pgrep -of android.hardware.audio.service)/status"
Test: adb shell 'ps -Tl -p $(pgrep -of android.hardware.audio.service)'
Bug: 181148259
Bug: 260918856
Bug: 261228892
Bug: 261686532
Bug: 262803152
Ignore-AOSP-First: tm-qpr-dev fix, will move to AOSP afterwards.
Merged-In: Id5f052116834034a9e4fd5c3adf17d3d7ef6610a
Change-Id: Id5f052116834034a9e4fd5c3adf17d3d7ef6610a
 2022-12-28 16:55:07 -08:00
Venkatarama Avadhani
5a86d5f3f3 HDMI: Refactor HDMI packages 
Organize the HDMI packages into CEC, EArc and connection under a common
hdmi package.

Bug: 261729059
Test: atest vts_treble_vintf_framework_test
      atest vts_treble_vintf_vendor_test
Change-Id: Ief5bff996028775ea355b392a4028a091fb83b99
 2022-12-27 18:15:26 +05:30
Venkatarama Avadhani
0f0861af8f EARC: Add Policy for EArc Service 
Test: atest vts_treble_vintf_framework_test
      atest vts_treble_vintf_vendor_test
Bug: 240388105
Change-Id: I561f647a68553fa0134f2e1bd65b0f18dd1785f1
 2022-12-27 18:11:36 +05:30
Treehugger Robot
df00a04e22 Merge "Allow system_server to enable fs-verity." am: 3ca356b7df am: b839e55d39 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2364635

Change-Id: I9f93dc926fcc975ab6a107bb65d7dd0f5af3f9c4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-21 02:42:25 +00:00
Treehugger Robot
3ca356b7df Merge "Allow system_server to enable fs-verity." 2022-12-21 01:24:43 +00:00
Alex Buynytskyy
ff577a00b8 Allow system_server to enable fs-verity. 
Bug: 253568736
Test: atest PackageManagerSettingsTests
Change-Id: I2fc59d6441eca95b349aebaa633a15584c7ef744
 2022-12-20 15:36:26 -08:00
Florian Mayer
ba9816f6fe Merge "Allow system_server to set arm64 memtag property" am: c7c6d49939 am: 05cb03323a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2361257

Change-Id: I0ea750c9e2950eb17941f69912ad5e7892b70c65
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-20 20:12:04 +00:00
Florian Mayer
c7c6d49939 Merge "Allow system_server to set arm64 memtag property" 2022-12-20 19:04:03 +00:00
David Brazdil
8d65921dfb Merge "Create virtmgr domain and initial policy" am: 3e61a33df5 am: b5a4f52de7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2317789

Change-Id: I317e53312d97c7a03f5e2709dfa6fcdb9dc29488
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-20 09:37:28 +00:00
David Brazdil
3e61a33df5 Merge "Create virtmgr domain and initial policy" 2022-12-20 08:17:05 +00:00
Treehugger Robot
9db7dccfe4 Merge "Add SELinux policy for sound dose HAL" am: 62894399c3 am: f6872e0ea8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2361860

Change-Id: Ia25d2e86827d872d33553753d3dba34bdc801324
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-19 20:35:14 +00:00
Treehugger Robot
62894399c3 Merge "Add SELinux policy for sound dose HAL" 2022-12-19 19:07:32 +00:00
Andy Hung
7a0d4f0c6c Merge "audio HAL: SELinux changes for Spatial Audio optimization" into tm-qpr-dev am: 5190b9b589 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/20612611

Change-Id: If12fd121484ec20231e7f32636610832cd2f6db1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-17 04:05:42 +00:00
Florian Mayer
152f832904 Allow system_server to set arm64 memtag property 
Bug: 262763327
Bug: 244290023
Test: atest MtePolicyTest on user build
Test: manually with TestDPC
Change-Id: If1ed257fede6fa424604eed9775eb3a3b8365afe
 2022-12-16 16:58:36 -08:00
Vlad Popa
48dd5f7ac4 Add SELinux policy for sound dose HAL 
Note that this HAL is meant only as a workaround until the OEMs will
switch to the AIDL audio HAL.

Test: bluejay-userdebug
Bug: 257937004
Change-Id: Id01da9606f73354a01a94aace8a8966a09038fda
 2022-12-16 21:42:06 +01:00
Andy Hung
2461bf39bd audio HAL: SELinux changes for Spatial Audio optimization 
Add CAP_SYS_NICE.
Reduce glitches caused by core migration.
Reduce power consumption as Spatializer Effect is DSP compute bound.

Test: instrumented
Test: adb shell 'uclampset -a -p $(pgrep -of android.hardware.audio.service)'
Test: adb shell cat "/proc/$(adb shell pgrep -of android.hardware.audio.service)/status"
Test: adb shell 'ps -Tl -p $(pgrep -of android.hardware.audio.service)'
Bug: 181148259
Bug: 260918856
Bug: 261228892
Bug: 261686532
Bug: 262803152
Ignore-AOSP-First: tm-qpr-dev fix, will move to AOSP afterwards.
Change-Id: Id5f052116834034a9e4fd5c3adf17d3d7ef6610a
 2022-12-16 12:08:17 -08:00
Treehugger Robot
201902591c Merge "Remove dalvik.vm.usejitprofiles system property." am: a0f59cffe2 am: f1aa72efbd 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2327464

Change-Id: I550b860284b115bf6174eb10b462bf2b84f85c98
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-16 19:56:11 +00:00
Treehugger Robot
a0f59cffe2 Merge "Remove dalvik.vm.usejitprofiles system property." 2022-12-16 18:51:08 +00:00
Vikram Gaur
2a37a21c50 Merge "Fix permission issue for widevine mediaservices." am: ebe25efd66 am: 24a4882a1d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2357882

Change-Id: Ibe46267a8099f20e6259f3ead411c3812a5085ed
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-15 20:41:51 +00:00
Vikram Gaur
ebe25efd66 Merge "Fix permission issue for widevine mediaservices." 2022-12-15 19:13:12 +00:00
Vikram Gaur
91f5c53adf Fix permission issue for widevine mediaservices. 
Widevine provisioning was causing SELinux policy issues since we need to
provision Widevine through MediaDrm framework.

Test: presubmits
Change-Id: Ia9d070309e84599ed614bbf5ba35eed558f4d463
 2022-12-15 17:14:04 +00:00
Sandro
e310a33fb2 Allow sdk_sandbox to read files/directory in /data/local/tmp am: f7894fc62e am: 50b3258e72 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2346004

Change-Id: I9b9921069667a972b6c233d4eae0d08a9e0473ef
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-15 16:47:39 +00:00
Sandro
f7894fc62e Allow sdk_sandbox to read files/directory in /data/local/tmp 
The /data/local/tmp directory is used by the CTS tests infrastructure to
store various data, like the list of tests to include/exclude after
failures
http://cs/android-internal/tools/tradefederation/core/test_framework/com/android/tradefed/testtype/AndroidJUnitTest.java;l=333-347;rcl=bbd3902197b7de1a99aef4c22db8e14e4dbf1157

Without this CL, CTS modules that attempt to re-execute failures will
get a '[INSTRUMENTATION_CRASH|SYSTEM_UNDER_TEST_CRASHED]' error.

Test results before/after this CL:
Before: http://ab/I04600010115474754
After: http://ab/I65000010115426482
Note the absence of "Module error" in the second case
https://screenshot.googleplex.com/C6Ui3GdfgQBt8bp
https://screenshot.googleplex.com/BDHKFfKJjnqVYpj

Bug: 261864298
Test: atest CtsBluetoothTestCases --retry-any-failure -- --enable-optional-parameterization --enable-parameterized-modules --module-parameter run_on_sdk_sandbox
Change-Id: Ibbb196f8c0ef1df320885ed8c56f20172f83d583
 2022-12-15 10:29:36 +00:00
Calvin Pan
2a53d04c95 Merge "Add grammatical_inflection service" am: f56dfeb2d4 am: ecdc4715bc 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2352743

Change-Id: I8a2a4412d17d6a044e9925ed35a287eb75f04a03
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-15 09:04:12 +00:00
Calvin Pan
f56dfeb2d4 Merge "Add grammatical_inflection service" 2022-12-15 07:38:01 +00:00
Avichal Rakesh
062567b1b3 Merge "cameraservice: Add selinux policy for vndk cameraservice." am: 95ecfc2f33 am: 5e5c23595e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2346843

Change-Id: Ifa44e738457c8e8f3d4365804a87e690cca94da4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-15 00:01:04 +00:00
Avichal Rakesh
95ecfc2f33 Merge "cameraservice: Add selinux policy for vndk cameraservice." 2022-12-14 22:49:47 +00:00
Kalesh Singh
a0a55e0e23 suspend: Allow access to /sys/power/wake_[un]lock 
This is needed to prevent autosuspend when the framework is restarting
See: go/no-suspend-deadlocks

Bug: 255898234
Test: Check logcat for avc denials
Change-Id: I6313e28d0f2e4bc553881fcc3742dc74ca319b44
 2022-12-14 14:18:55 -08:00
Avichal Rakesh
0febfbd952 cameraservice: Add selinux policy for vndk cameraservice. 
This CL adds a new cameraservice type to allow vendor clients of
cameraservice to query and find the stable cameraservice
implementation.

Bug: 243593375
Test: Manually tested that cameraservice can register a vendor facing
      instance.
Change-Id: I61499406d4811c898719abcb89c51b4b8a29f4a7
 2022-12-14 20:46:43 +00:00
Calvin Pan
a9b1c2299c Add grammatical_inflection service 
This new service is exposed by system_server and available to all apps.

Bug: 259175720
Test: atest and check the log
Change-Id: I522a3baab1631589bc86fdf706af745bb6cf9f03
 2022-12-14 05:22:53 +00:00
Treehugger Robot
fc06df931a Merge "Add a sysprop for initiating PHYs in LE create ext connection" am: 92018d4150 am: 16d0242532 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2335542

Change-Id: I956b3a0f460207f0dadb340a7378df91a9ee639a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-14 04:58:30 +00:00
Treehugger Robot
92018d4150 Merge "Add a sysprop for initiating PHYs in LE create ext connection" 2022-12-14 04:07:33 +00:00
Pomai Ahlo
f2be496223 Merge "[ISap hidl2aidl] Update ISap in sepolicy" am: ab3a546000 am: 0824aff623 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2339122

Change-Id: Id13f7690aa4c3ae0d68e3af9810e283772be80e9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-13 21:30:04 +00:00
Mohi Montazer
da142c0d8b Merge "SEPolicy updates for camera HAL" am: 3bbdd15ece am: c7eba19ef9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2338242

Change-Id: I6179821368e204896226970fab356577ca3f0699
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-13 21:29:50 +00:00
Pomai Ahlo
ab3a546000 Merge "[ISap hidl2aidl] Update ISap in sepolicy" 2022-12-13 20:57:24 +00:00
Mohi Montazer
3bbdd15ece Merge "SEPolicy updates for camera HAL" 2022-12-13 20:37:59 +00:00
Treehugger Robot
13fe16936e Merge "Add all supported instance names for audio IModule" am: ffae136437 am: 7ea2e57cb2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2336911

Change-Id: I1854c9f8287f2165f80c2c24ae484e1d42ce1093
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-13 20:12:48 +00:00
Jiakai Zhang
cc9d0ff6f8 Merge changes Iec586c55,Iccb97b19 am: 9acfabbe12 am: 1afdbf5357 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2345246

Change-Id: I79428ac28bbafaa55be4dd6d12b84b52e2fe0d89
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-13 20:11:16 +00:00
Treehugger Robot
f97fd45474 Merge "sepolicy: Add Bluetooth AIDL" am: 8cce74d7e0 am: 920af49203 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2238140

Change-Id: Iccc5ae27c6e9c7320ac168e28e239ca6f250847c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-13 19:31:30 +00:00
Treehugger Robot
ffae136437 Merge "Add all supported instance names for audio IModule" 2022-12-13 19:30:00 +00:00
Jiakai Zhang
9acfabbe12 Merge changes Iec586c55,Iccb97b19 
* changes:
  Allow artd to access files for restorecon.
  Allow artd to read symlinks for secondary dex files.
 2022-12-13 19:06:18 +00:00
David Brazdil
5fcfbe49da Create virtmgr domain and initial policy 
Start a new security domain for virtmgr - a child proces of an app that
manages its virtual machines.

Add permissions to auto-transition to the virtmgr domain when the client
fork/execs virtmgr and to communicate over UDS and pipe.

Bug: 250685929
Test: atest -p packages/modules/Virtualization:avf-presubmit
Change-Id: I7624700b263f49264812e9bca6b83a003cc929be
 2022-12-13 18:40:05 +00:00
Treehugger Robot
8cce74d7e0 Merge "sepolicy: Add Bluetooth AIDL" 2022-12-13 18:26:03 +00:00
Mohi Montazer
ad059403ad SEPolicy updates for camera HAL 
Updates SEPolicy files to give camera HAL permission to access
Android Core Experiment flags.

Example denials:
11-30 13:08:33.172  1027  1027 W binder:1027_3: type=1400 audit(0.0:7): avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs" ino=152 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0
11-30 13:08:33.172  1027  1027 W binder:1027_3: type=1400 audit(0.0:8): avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs" ino=152 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0
11-30 13:08:33.244  1027  1027 W 3AThreadPool:  type=1400 audit(0.0:9): avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs" ino=152 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0

Bug: 259433722
Test: m
Change-Id: I11165b56d7b7e38130698cf86d9739f878580a14
 2022-12-13 09:52:04 -08:00
Treehugger Robot
6770706ac1 Merge "Add ro.fuse.bpf.is_running" am: 71ed34c341 am: b7ca038df4 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2346802

Change-Id: I04b00625696e97dc517e5f206c09617df9577a74
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-13 16:26:07 +00:00
Jiakai Zhang
d7f811913b Allow artd to access files for restorecon. 
Otherwise, we will get SELinux denials like:
W binder:5750_1: type=1400 audit(0.0:133): avc: denied { read } for name="plat_file_contexts" dev="dm-1" ino=979 scontext=u:r:artd:s0 tcontext=u:object_r:file_contexts_file:s0 tclass=file permissive=0
W binder:5750_1: type=1400 audit(0.0:134): avc: denied { read } for name="system_ext_file_contexts" dev="dm-3" ino=92 scontext=u:r:artd:s0 tcontext=u:object_r:file_contexts_file:s0 tclass=file permissive=0

Bug: 262230400
Test: No longer see such SELinux denials.
Change-Id: Iec586c554fa2dc33f0a428321bada484add620ed
 2022-12-13 16:03:22 +00:00
Treehugger Robot
71ed34c341 Merge "Add ro.fuse.bpf.is_running" 2022-12-13 15:22:48 +00:00
Jiakai Zhang
6834597a41 Allow artd to read symlinks for secondary dex files. 
Otherwise, we will encounter SELinux denials like:
W binder:6200_7: type=1400 audit(0.0:327): avc: denied { read } for name="PrebuiltGmsCoreNext_DynamiteLoader.apk" dev="dm-51" ino=2576 scontext=u:r:artd:s0 tcontext=u:object_r:privapp_data_file:s0:c512,c768 tclass=lnk_file permissive=0

Bug: 262230400
Test: No longer see such SELinux denials.
Change-Id: Iccb97b1973f8efbe859b59e729f7a0194d05ba5e
 2022-12-13 14:49:20 +00:00
Treehugger Robot
8a123e4f63 Merge "Don't crash_dump crosvm" am: bc9ce78119 am: e5c6d9bae8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2338047

Change-Id: I4648e1fe947aa16341540c4c5a5d95640e4a0987
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-13 13:54:21 +00:00
Treehugger Robot
bc9ce78119 Merge "Don't crash_dump crosvm" 2022-12-13 12:48:11 +00:00
Alan Stokes
6ed1bd9dee Don't crash_dump crosvm 
Parts of its memory map are donated to guest VMs, which crashes the
kernel when it tries to touch them.

Ideally we would fix crash_dump to skip over such memory, but in
the meantime this would avoid the kernel crash.

Bug: 236672526
Bug: 238324526
Bug: 260707149
Test: Builds
Change-Id: I6c1eb2d49263ccc391101c588e2a3e87c3f17301
 2022-12-13 09:27:52 +00:00
Vikram Gaur
97603c8d7b Merge "Add Google specific module for RKPD for sepolicy." am: aa4667290b am: c25e37bf4d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2341511

Change-Id: I5420886e52075a0be1821fbe78b0e8f319102598
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-13 07:38:05 +00:00
Vikram Gaur
aa4667290b Merge "Add Google specific module for RKPD for sepolicy." 2022-12-13 06:45:32 +00:00
Jaewan Kim
2e8e45c346 Merge "Allow crosvm to open test artifacts in shell_data_file" am: 730c1cdd59 am: a4bb5477a2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2331903

Change-Id: Idf3b7be85d0d2b0bd9ec73eef03b267d2554a793
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-13 03:18:35 +00:00
Treehugger Robot
f2183a72f4 Merge "Deprecate proc_fs_verity from API 33" am: 63b666d403 am: 2e61576bb0 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2334064

Change-Id: Ib2cf6c73645c285f8b07f4e18c25d2d562cb465b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-13 03:18:10 +00:00
Jaewan Kim
730c1cdd59 Merge "Allow crosvm to open test artifacts in shell_data_file" 2022-12-13 02:17:02 +00:00
Treehugger Robot
63b666d403 Merge "Deprecate proc_fs_verity from API 33" 2022-12-13 02:01:30 +00:00
Ying Hsu
4a7cc656ff Add a sysprop for initiating PHYs in LE create ext connection 
This patch adds a sysprop to configure whether LE 1M PHY is the
only one used as initiating PHY in a LE Extended Create Connection
request.

Bug: 260677740
Tag: #floss
Test: Manual test - pairing with BLE mouse
Change-Id: I33dbf4093390015a17bffb25eed841d2cc2ad20a
 2022-12-13 01:54:41 +00:00
Mikhail Naganov
2293f5eb0b Add all supported instance names for audio IModule 
In AIDL, there is no 'factory' interface for retrieving
modules, instead each module is registered individually
with the ServiceManager.

Bug: 205884982
Test: atest VtsHalAudioCoreTargetTest
Change-Id: I55cdae0640171379cda33de1534a8dc887583197
 2022-12-13 01:17:46 +00:00
Paul Lawrence
b39cbc0856 Add ro.fuse.bpf.is_running 
is_running flag signals to tests whether fuse-bpf is running

Test: Builds, runs, ro.fuse.bpf.is_running is correct, fuse-bpf works
Bug: 202785178
Change-Id: I0b02e20ab8eb340733de1138889c8f618f7a17fa
 2022-12-12 17:08:13 -08:00
Akilesh Kailash
983879a2e8 Merge "Virtual_ab: Add property to control batch writes" am: 64711e9de5 am: 25f93bebf8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2319231

Change-Id: I109f90c78b43b481d8b2efa173436193eaa655ea
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-12 17:36:59 +00:00
Jiakai Zhang
f03b695f87 Merge "Allow artd to access primary dex'es in external and vendor partitions." am: 7269c1bfe9 am: 36dc423a33 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2345244

Change-Id: I1d74c55fd32a662e5d9bcf1e10fb985f3340a9f3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-12 17:36:34 +00:00
Akilesh Kailash
64711e9de5 Merge "Virtual_ab: Add property to control batch writes" 2022-12-12 16:39:00 +00:00
Jiakai Zhang
7269c1bfe9 Merge "Allow artd to access primary dex'es in external and vendor partitions." 2022-12-12 16:32:37 +00:00
Jiakai Zhang
5e531051b6 Allow artd to access primary dex'es in external and vendor partitions. 
Otherwise, we will get SELinux denials like:
W binder:6098_5: type=1400 audit(0.0:138): avc: denied { search } for name="framework" dev="dm-6" ino=478 scontext=u:r:artd:s0 tcontext=u:object_r:vendor_framework_file:s0 tclass=dir permissive=0

Bug: 262230400
Test: No longer see such SELinux denials.
Change-Id: Ic31fdabb16341c51466531c88ca040698331b248
 2022-12-12 14:28:40 +00:00
Akilesh Kailash
5fa04f20f5 Virtual_ab: Add property to control batch writes 
Bug: 254188450
Test: OTA
Change-Id: I43c35859e98e449a45164b4d55db43b63ddbaba8
Signed-off-by: Akilesh Kailash <akailash@google.com>
 2022-12-11 16:14:47 +00:00
Vikram Gaur
d7a1aaf108 Add Google specific module for RKPD for sepolicy. 
Google is added to the package names to differentiate the Google
specific modules from AOSP modules. This causes RKPD Google module to
not get proper permissions since we permit only AOSP module currently.

Test: Tested on Pixel 7 device
Change-Id: Ia7c39ef85cedf20f705c27a5944b6f87f786cc1b
 2022-12-11 09:49:08 +00:00
Jaewan Kim
7b843d4ebf Allow crosvm to open test artifacts in shell_data_file 
Test: Try open /data/local/tmp/a from crovm
Bug: 260802656, Bug: 243672257
Change-Id: I90e2fe892f1028ea5add91a41389e2f7e812f988
 2022-12-10 11:34:42 +09:00
Chris Weir
448cfc4fb0 Merge "SEPolicy for AIDL CAN HAL" am: caf905ff3c am: e640405f81 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2291528

Change-Id: I183f80e365e87aff1b5b5b21b59137b99984a8bd
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-10 01:17:51 +00:00
Pomai Ahlo
5f4421fae5 [ISap hidl2aidl] Update ISap in sepolicy 
Change instances of android.hardware.radio.sim.ISap to android.hardware.radio.sap.ISap

ISap is no longer going to be with IRadioSim in the sim
directory.  It will be in its own sap directory.

Test: m
Bug: 241969533
Change-Id: I362a0dc6e4b81d709b24b2fa2d879814ab232ad4
 2022-12-10 01:13:13 +00:00
Chris Weir
caf905ff3c Merge "SEPolicy for AIDL CAN HAL" 2022-12-09 22:09:12 +00:00
Treehugger Robot
406c364d44 Merge "sepolicy - move proc bpf writes from bpfloader.rc to bpfloader binary" am: 39617aca42 am: 91f1f2edc8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2323635

Change-Id: I87733e62854796f97b825f6c9ab6f7c281648fd9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-09 21:14:18 +00:00
Treehugger Robot
39617aca42 Merge "sepolicy - move proc bpf writes from bpfloader.rc to bpfloader binary" 2022-12-09 20:25:48 +00:00
Chris Weir
eee59458c2 SEPolicy for AIDL CAN HAL 
CAN HAL moving to AIDL, SEPolicy will need to be adjusted.

Bug: 170405615
Test: AIDL CAN HAL VTS
Change-Id: I0d238d38aebb5895ae27fcb52cf43cd481327421
 2022-12-09 11:00:10 -08:00
Austin Borger
20017dd6fd Create a new system property for the landscape to portrait override. am: 3299216872 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/20580418

Change-Id: Ie5845cb9a9a7a2c0d79a4c76b9179de272b7770f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-09 00:29:13 +00:00
Austin Borger
71708e3a1d Merge "Create a new system property for the landscape to portrait override." 2022-12-09 00:05:15 +00:00
Victor Hsieh
90fa43e395 Deprecate proc_fs_verity from API 33 
Bug: 249158715
Test: lunch aosp_cf_x86_64_phone-eng; m
Test: TH
Change-Id: I29e4e0a4beb44b0ba66a4dd14266d04dae588df2
 2022-12-08 13:15:27 -08:00
Pomai Ahlo
be4f240892 Merge "[ISap hidl2aidl] Add ISap to sepolicy" am: 90d117d661 am: 992b8aa2f3 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2329593

Change-Id: Ie53758c8e845ba4c6e1172fcf52f6b22ac88f683
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-08 18:16:30 +00:00
Pomai Ahlo
90d117d661 Merge "[ISap hidl2aidl] Add ISap to sepolicy" 2022-12-08 17:32:38 +00:00
Maciej Żenczykowski
8213c5033e Merge "bpf - neverallow improvements/cleanups" am: e8a09e2480 am: eb4770d68a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2325355

Change-Id: Ibb1dcfeeeae92865056e335c9605291786eede3a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-08 13:24:57 +00:00
Maciej Żenczykowski
e8a09e2480 Merge "bpf - neverallow improvements/cleanups" 2022-12-08 12:39:41 +00:00
Treehugger Robot
e3df03bc24 Merge "Add permissions for remote_provisioning service" am: 61d823f9c7 am: aeaf422fe5 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2263548

Change-Id: I3f9a414795d52f29fb436d80b9beb2911fda34a0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-07 18:36:16 +00:00
Treehugger Robot
61d823f9c7 Merge "Add permissions for remote_provisioning service" 2022-12-07 18:06:41 +00:00
Treehugger Robot
93010df706 Merge "Clean up proc_fs_verity which is no longer used" am: bb689eae58 am: 4767fc3207 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2285498

Change-Id: I1a0a61e28d8656c70e3158363ccaeec9079c1885
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-07 17:53:08 +00:00
Martin Stjernholm
c8d686c9fb Remove dalvik.vm.usejitprofiles system property. 
Disabling profiles is no longer supported. Most of the profile support
has been active even when this property was false, and it won't be
supported in the ART Service.

(cherry-picked from commit 58314ecc31)

Test: atest -a CtsCompilationTestCases \
               CtsDexMetadataHostTestCases \
               propertyinfoserializer_tests
  with dalvik.vm.usejitprofiles undefined
Bug: 254434433
Merged-In: I4ca4ce5da49434552c76154f91e09d7ab0129e04
Change-Id: I4ca4ce5da49434552c76154f91e09d7ab0129e04
 2022-12-06 17:38:42 +00:00
Victor Hsieh
9999e20eed Clean up proc_fs_verity which is no longer used 
The reference was deleted in aosp/2281348.

Bug: 249158715
Test: TH
Change-Id: I07f63724e876e1db99acab73836bb52a8aa867d8
 2022-12-06 09:10:41 -08:00
Seth Moore
3accea479a Add permissions for remote_provisioning service 
Bug: 254112668
Test: manual + presubmit
Change-Id: I54d56c34ad4a8199b8aa005742faf9e1e12583c3
 2022-12-06 08:46:20 -08:00
Austin Borger
3299216872 Create a new system property for the landscape to portrait override. 
Apps commonly do not handle landscape orientation cameras correctly. In
order to prevent stretching and rotation issues in these apps, this
patch adds a flag to override the behavior of these landscape cameras
to produce a portrait image instead by changing the SENSOR_ORIENTATION
reported by CameraCharacteristics and applying a 90 degree rotate and
crop.

The camera2 framework needs to be able to turn this on only for certain
devices. Hence, this patch adds a system property for it.

Test: Ran on foldable device with several camera apps to verify behavior.
Bug: 250678880
Change-Id: I13783d81f5fada71805865a840e4135580f1d876
Merged-In: I13783d81f5fada71805865a840e4135580f1d876
 2022-12-05 21:07:50 -08:00
Austin Borger
f393df9d2b Create a new system property for the landscape to portrait override. 
Apps commonly do not handle landscape orientation cameras correctly. In
order to prevent stretching and rotation issues in these apps, this
patch adds a flag to override the behavior of these landscape cameras
to produce a portrait image instead by changing the SENSOR_ORIENTATION
reported by CameraCharacteristics and applying a 90 degree rotate and
crop.

The camera2 framework needs to be able to turn this on only for certain
devices. Hence, this patch adds a system property for it.

Test: Snow (successful), XRecorder (successful)
Test: Snapchat (successful), Instagram (successful)
Test: Telegram (Zoomed)
Bug: 250678880
Change-Id: I13783d81f5fada71805865a840e4135580f1d876
Merged-In: I13783d81f5fada71805865a840e4135580f1d876
 2022-12-05 19:38:57 -08:00
Pomai Ahlo
ff82b77ae8 [ISap hidl2aidl] Add ISap to sepolicy 
Test: m
Bug: 241969533
Change-Id: If9b67605481132d2908adae9fa1f9b1501c37ea0
 2022-12-05 16:23:25 -08:00
Maciej Żenczykowski
4a960869e0 sepolicy - move proc bpf writes from bpfloader.rc to bpfloader binary 
As a reminder, per:
  https://source.corp.google.com/search?q=p:aosp-master%20file:sepolicy%20-file:prebuilts%20proc_bpf%20file:genfs

we currently have:
  aosp-master system/sepolicy/private/genfs_contexts

genfscon proc /sys/kernel/bpf_ u:object_r:proc_bpf:s0
genfscon proc /sys/kernel/unprivileged_bpf_ u:object_r:proc_bpf:s0
genfscon proc /sys/net/core/bpf_ u:object_r:proc_bpf:s0

So the above are the files which will no longer be writable by init.

A cs/ search for p:android$ (/sys/kernel/bpf_|/sys/kernel/unprivileged_bpf_|/sys/net/core/bpf_) file:[.]rc

only finds bpfloader.rc init script as actually doing these writes.

Those writes are removed in:
  https://android-review.git.corp.google.com/c/platform/system/bpf/+/2325617
  'bpfloader - move sysctl setting from rc to binary'

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I19ccdf293966dd982e1d36836b0b962d99ed7275
 2022-12-03 15:22:29 +00:00
Maciej Żenczykowski
9a76805ac3 bpf - neverallow improvements/cleanups 
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I569d88bcfa0089d13d23dfeda111bf3584cad2c0
 2022-12-03 12:33:33 +00:00