tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
41317 commits 1 branch 0 tags 50 MiB
Commit graph

9488 commits

Author SHA1 Message Date
Treehugger Robot
a2cb810593 Merge "Add selinux permissions for ro.usb.uvc.enabled" am: 11eb002e83 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2410787

Change-Id: Ie38aa8c6a5be43b53cd72214cd6f4fe16f872407
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-01 07:43:58 +00:00
Treehugger Robot
11eb002e83 Merge "Add selinux permissions for ro.usb.uvc.enabled" 2023-02-01 07:17:11 +00:00
Treehugger Robot
1c9645177c Merge "Modify canhalconfigurator file context" am: 35820e6910 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2399853

Change-Id: I88dba0b0233a554e1ed2ea336df753fd335fc64c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-01 02:10:31 +00:00
Treehugger Robot
35820e6910 Merge "Modify canhalconfigurator file context" 2023-02-01 00:34:33 +00:00
Florian Mayer
94926f51df [MTE] Add memory_safety_native_boot namespace 
Bug: 267234468
Change-Id: I248fdf58a744f0c70a26d6a8f7d4caa0a6ce8edb
 2023-01-31 15:48:40 -08:00
Hongwei Wang
7476ab79ff Merge "Allow platform_app:systemui to write protolog file" am: f4979adab7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2397593

Change-Id: Id077867308be1b610fd4b12ed50e87908bd5e8d2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-31 20:58:01 +00:00
Hongwei Wang
f4979adab7 Merge "Allow platform_app:systemui to write protolog file" 2023-01-31 19:38:16 +00:00
Avichal Rakesh
a12d3103be Add selinux permissions for ro.usb.uvc.enabled 
This CL the selinux rules for the property ro.usb.uvc.enabled which will
be used to toggle UVC Gadget functionality on the Android Device.

Bug: 242344221
Bug: 242344229
Test: Manually tested that the property can only be read at runtime,
      not written to.
Change-Id: I0fd6051666d9554037acc68fa81226503f514a45
 2023-01-31 11:17:50 -08:00
Charles Chen
3d4a6b7474 Add isolated_compute_app domain 
Provides a new domain to enable secure sensitive data processing. This
allows processing of sensitive data, while enforcing necessary privacy
restrictions to prevent the egress of data via network, IPC or file
system.

Bug: 255597123
Test: m &&  manual - sample app with IsolatedProcess=True can use camera
service

Change-Id: I401667dbcf492a1cf8c020a79f8820d61990e72d
 2023-01-31 15:24:55 +00:00
Charles Chen
ccf8014492 Share isolated properties across islolated apps 
Introduce isolated_app_all typeattribute to share policies between
isolated_app and future similar apps that wish to be enforced with
isolation properties.

Bug: 255597123
Test: m && presubmit
Change-Id: I0d53816f71e7d7a91cc379bcba796ba65a197c89
 2023-01-31 12:59:57 +00:00
Inseob Kim
1dba2f058a Merge "Add comments on compat files" am: beee8849a6 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2405373

Change-Id: I09be668bc0fe182d1a87c046c1002a865f7b9342
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-31 07:32:10 +00:00
Inseob Kim
beee8849a6 Merge "Add comments on compat files" 2023-01-31 06:34:19 +00:00
Jiakai Zhang
57d7bd317d Merge "dontaudit dexoptanalyzer's DM file check on secondary dex files." am: 07cec2bd5e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2407092

Change-Id: I61c2ef978c55536fcb60432f20d82b311f8e1608
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-31 02:41:13 +00:00
Jiakai Zhang
07cec2bd5e Merge "dontaudit dexoptanalyzer's DM file check on secondary dex files." 2023-01-31 02:01:15 +00:00
Inseob Kim
338f81baac Add comments on compat files 
To prevent further confusion.

Bug: 258029505
Test: manual
Change-Id: Iaa145e4480833a224b1a07fc68adb7d3e8a36e4b
 2023-01-31 09:57:26 +09:00
Abhishek Pandit-Subedi
4aa7129dae Merge "Add sysprop for LeGetVendorCapabilities" am: 107af48013 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2405121

Change-Id: Ib0dab2f71e84c42cd34fb3147ff065704a8ab5e8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-30 18:41:15 +00:00
Abhishek Pandit-Subedi
107af48013 Merge "Add sysprop for LeGetVendorCapabilities" 2023-01-30 17:41:16 +00:00
Gil Cukierman
bc0f54877a Merge "Add SELinux Policy For io_uring" am: fab49d0a64 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2302679

Change-Id: I65aad86e82542723e96a7e24e16a597e91d7aa6c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-30 15:14:42 +00:00
Gil Cukierman
fab49d0a64 Merge "Add SELinux Policy For io_uring" 2023-01-30 14:38:43 +00:00
Jiakai Zhang
13909cdb3f Allow installd to kill profman. am: a7774c2cba 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2406753

Change-Id: I836e0c01d4356af7d125ba2ac754689239e57838
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-30 13:04:58 +00:00
Jiakai Zhang
a7774c2cba Allow installd to kill profman. 
installd needs to kill profman if profman times out.

Bug: 242352919
Test: -
  1. Add an infinate loop to profman.
  2. Run `adb shell pm compile -m speed-profile com.android.chrome`
  3. See profman being killed after 1 minute.

Change-Id: I71761eaab027698de0339d855b9a436b56580ed8
 2023-01-30 11:09:08 +00:00
Jiakai Zhang
dbfa7d58b7 dontaudit dexoptanalyzer's DM file check on secondary dex files. 
Bug: 259758044
Change-Id: I5cf88e2f2217c03cff071f17aadd71153f170c61
Test: Presubmit
 2023-01-30 07:56:10 +00:00
Gil Cukierman
214294ce75 Add SELinux Policy For io_uring 
Brings in the io_uring class and associated restrictions and adds a new
macro, `io_uring_use`, to sepolicy.

In more detail, this change:

* Adds a new macro expands to ensure the domain it is passed can undergo a
type transition to a new type, `<domain>_iouring`, when the anon_inode
being accessed is labeled `[io_uring]`. It also allows the domain to
create, read, write, and map the io_uring anon_inode.

* Adds the ability for a domain to use the `IORING_SETUP_SQPOLL` flag
during `io_uring_setup` so that a syscall to `io_uring_enter` is not
required by the caller each time it wishes to submit IO. This can be
enabled securely as long as we don't enable sharing of io_uring file
descriptors across domains. The kernel polling thread created by `SQPOLL`
will inherit the credentials of the thread that created the io_uring [1].

* Removes the selinux policy that restricted all domains that make use of
the `userfault_fd` macro from any `anon_inode` created by another domain.
This is overly restrictive, as it prohibits the use of two different
`anon_inode` use cases in a single domain e.g. userfaultfd and io_uring.

This change also replaces existing sepolicy in fastbootd and snapuserd
that enabled the use of io_uring.

[1] https://patchwork.kernel.org/project/linux-security-module/patch/163159041500.470089.11310853524829799938.stgit@olly/

Bug: 253385258
Test: m selinux_policy
Test: cd external/liburing; mm; atest liburing_test; # requires WIP CL ag/20291423
Test: Manually deliver OTAs (built with m dist) to a recent Pixel device
and ensure snapuserd functions correctly (no io_uring failures)

Change-Id: I96f38760b3df64a1d33dcd6e5905445ccb125d3f
 2023-01-27 11:44:59 -05:00
Charles Chen
307049222a Update seapp_contexts with isIsolatedComputeApp selector 
Provide isIsolatedComputeApp selector for apps reusing _isolated user to run in domains other than isolated_app. Processes match the selector will have a default domain isolated_compute_app assigned. Also updated _isolated neverallow statements.

Bug: 265540209
Bug: 265746493
Test: m && atest --host libselinux_test with change on android_unittest.cpp
Change-Id: Ia05954aa6a9a9a07d6a8d1e3235a89e7b37dead9
 2023-01-27 14:36:40 +00:00
Jakub Rotkiewicz
1784feae44 Bluetooth: Added sepolicy for Snoop Logger filtering 
Bug: 247859568
Tag: #feature
Test: atest BluetoothInstrumentationTests
Test: atest bluetooth_test_gd_unit

Change-Id: Ic5036cc03e638e38ff87e44d61ed241f6168f335
 2023-01-27 14:13:52 +00:00
Abhishek Pandit-Subedi
859037f2ec Add sysprop for LeGetVendorCapabilities 
Added new sysprop to configure getting vendor capabilities.

Bug: 257423916
Tag: #floss
Test: Manual
Change-Id: I35ba5883505bdd671276dd0863b129ab531890f3
 2023-01-26 16:12:52 -08:00
Tri Vo
2ebc3fe590 credstore: Switch to new RKPD build flag. am: 59a30a8c17 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2402874

Change-Id: Ifa40640c027410530a71002808e10133ba464c36
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-26 18:26:41 +00:00
Cody Northrop
13fcd7357f Add EGL blobcache multifile properties 
Test: adb shell getprop
Test: /data/nativetest64/EGL_test/EGL_test
Bug: b/266725576
Change-Id: I847fe151340747322f9c35d93160bddc8f1c1d99
 2023-01-25 14:45:36 -07:00
Tri Vo
59a30a8c17 credstore: Switch to new RKPD build flag. 
Test: CtsIdentityTestCases
Change-Id: I6c0a533a890e4fa51c475452cf50ebe3706a90c8
 2023-01-25 20:42:34 +00:00
Hongwei Wang
9372026ad2 Allow platform_app:systemui to write protolog file 
This is enabled on debuggable builds only, includes
- Grant mlstrustedsubject typeattribute to wm_trace_data_file
- Grant platform_app (like systemui) the write access to
  wm_trace_data_file

Bug: 251513116
Test: adb shell dumpsys activity service SystemUIService \
      WMShell protolog [start | stop]
Change-Id: I9f77f8995e4bf671616ce6c49eeb93720e31430e
 2023-01-24 16:30:57 -08:00
Seth Moore
96b8a026fd Add build flag indicating that rkpd is enabled. am: 0afe97a38f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2399548

Change-Id: I07efb44a1165beaf98b76aa58f934084d3449d08
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-24 19:49:31 +00:00
Seth Moore
0afe97a38f Add build flag indicating that rkpd is enabled. 
Platforms, such as cuttlefish, are RKP only, and are using a new
version of keymint that is not compatible with the old
RemoteProvisioner. Therefore, we must ensure that the configuration
is fixed and cannot be turned off.

Bug: 266482839
Test: RemoteProvisionerUnitTests
Test: keystore2_client_tests
Test: RkpdAppUnitTests
Change-Id: Ib7b3128b27c4a26fdd2dbdc064b491f7a3d3cd92
 2023-01-24 08:54:22 -08:00
Philip Chen
870af1fc0a Modify canhalconfigurator file context 
We plan to move canhalconfigurator from system to system_ext partition.
So let's update its sepolicy file context first.

Bug: 263516803
Test: build selinux policy for aosp_cf_x86_64_auto target
Change-Id: Ic4bd69489fa2f94ba33665a2cf1359e9fa487ea6
 2023-01-23 21:47:19 +00:00
Jeffrey Vander Stoep
94a4d4758f Merge "runas_app: allow sigkill of untrusted_app" am: eff7d756e1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2393300

Change-Id: Ibaa3a3da9953b75f98da86494e946d7386ba2747
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-20 16:53:58 +00:00
Jeffrey Vander Stoep
eff7d756e1 Merge "runas_app: allow sigkill of untrusted_app" 2023-01-20 16:20:15 +00:00
Yuyang Huang
32788d6842 Blocks untrusted apps to access /dev/socket/mdnsd from U am: cfdea5f4f3 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2388478

Change-Id: I9cee4d4b5d13612b02f63b377d32efae99d3ca67
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-20 10:09:07 +00:00
Jeff Vander Stoep
5a6c0a755d runas_app: allow sigkill of untrusted_app 
It is safe to grant this permission because:
 * UID restrictions will prevent killing arbitrary apps.
 * Runas enforces restrictions preventing transitioning to UIDs of apps
   that are not debuggable.

Addresses:
avc: denied { sigkill } for scontext=u:r:runas_app:s0:c87,c257,c512,c768
tcontext=u:r:untrusted_app:s0:c87,c257,c512,c768 tclass=process
permissive=0 app=com.example.myapplication

Bug: 263379256
Test: Build and deploy any Android app in debug mode
   adb shell
   run-as com.example.myapplication
   kill -SIGKILL <pid>
Change-Id: I1e4588a9a1c7ee71e0396fbd1ea5e1b24720bd62
 2023-01-20 09:02:19 +01:00
Yuyang Huang
cfdea5f4f3 Blocks untrusted apps to access /dev/socket/mdnsd from U 
The untrusted apps should not directly access /dev/socket/mdnsd since
API level 34 (U). Only adbd and netd should remain to have access to
/dev/socket/mdnsd. For untrusted apps running with API level 33-, they
still have access to /dev/socket/mdnsd for backward compatibility.

Bug: 265364111
Test: Manual test
Change-Id: Id37998fcb9379fda6917782b0eaee29cd3c51525
 2023-01-20 15:25:46 +09:00
Seth Moore
323be38e4e Merge "Add remote_provisioning.hostname property" am: e6945d0046 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2394292

Change-Id: Icb0a8d5e15996466b1f96a2376486d537d778c4c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-19 23:29:02 +00:00
Seth Moore
e6945d0046 Merge "Add remote_provisioning.hostname property" 2023-01-19 22:56:21 +00:00
Tri Vo
0b5e91271d Merge "credstore: Add missing permissions" am: 7fc3a5f4a5 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2390960

Change-Id: I241539cef54e4a69759755734207550f2c7a4f78
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-19 18:27:03 +00:00
Seth Moore
6b8cd0035e Merge "Allow remote provisioner to read rkpd enablement property" am: 4836d9c6ee 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2394294

Change-Id: I6deb775e95ab0febe6b319bdb8a557b3df2d3906
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-19 18:26:42 +00:00
Tri Vo
7fc3a5f4a5 Merge "credstore: Add missing permissions" 2023-01-19 18:18:33 +00:00
Seth Moore
4836d9c6ee Merge "Allow remote provisioner to read rkpd enablement property" 2023-01-19 17:43:17 +00:00
Jörg Wagner
6b3fc5f686 Merge "Grant surfaceflinger and graphics allocator access to the secure heap" am: 9a3d794113 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2393292

Change-Id: I5de60e710b28ceae3b304310b1958438c5dd26d7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-19 13:36:05 +00:00
Jörg Wagner
9a3d794113 Merge "Grant surfaceflinger and graphics allocator access to the secure heap" 2023-01-19 13:03:06 +00:00
Jörg Wagner
213e1d8ea0 Grant surfaceflinger and graphics allocator access to the secure heap 
Transfers access permissions into the system policy which
would otherwise be setup on a per-device basis in exactly
the same recurring way.

For surfacefliner it avoids errors when it
(via its dependent graphics libraries) tries to allocate
memory from the protected heap, e.g. when operating on a
Vulkan device with protected memory support.

Bug: 235618476
Change-Id: I7f9a176c067ead2f3bd38b8c34fc55fa39d87655
 2023-01-19 09:02:56 +00:00
Jiakai Zhang
1373154885 Explicitly list "pm.dexopt." sysprops. am: 9bbc1c0e72 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2388479

Change-Id: Ia273f78fc603757969b4678767c2ea3b08f30520
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-19 06:27:43 +00:00
Jiakai Zhang
9bbc1c0e72 Explicitly list "pm.dexopt." sysprops. 
Bug: 256639711
Test: m
Change-Id: I5e6bd4fd8ec516a23f4e3a5658a651f04d40412c
 2023-01-19 12:07:25 +08:00
Seth Moore
02ff4b02cc Allow remote provisioner to read rkpd enablement property 
This way, remote provisioner can decide to noop when rkpd is
enabled.

Test: RemoteProvisionerUnitTests
Change-Id: I9c300360dc08c6d70431b83e1db714941d8caca1
 2023-01-19 03:13:23 +00:00
Treehugger Robot
12ee7a4b50 Merge "Modify the automotive display service file context" am: 347a7d5c3c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2390133

Change-Id: I7184a7a8119714bd952af82b4fc109862aac70c3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-19 01:56:13 +00:00
Treehugger Robot
347a7d5c3c Merge "Modify the automotive display service file context" 2023-01-19 00:35:18 +00:00
Alistair Delva
4b3d6db075 Merge "Add missing permissions for default bluetooth hal" am: e7fc603518 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2376448

Change-Id: Ib3ddc8e777f012d839e7881b9a383dddc99d67d7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-18 22:26:05 +00:00
Alistair Delva
e7fc603518 Merge "Add missing permissions for default bluetooth hal" 2023-01-18 22:16:06 +00:00
Seth Moore
7ed4c00496 Add remote_provisioning.hostname property 
This property contains the server name for the remote provisioning
service, if any, used by the device.

Test: RkpdAppUnitTests
Change-Id: Iad7805fe6da1ce89a9311d5caf7c9c651af2d16d
 2023-01-18 13:44:47 -08:00
Treehugger Robot
e6b7e8aebf Merge "Allow mkfs/fsck for zoned block device" am: 9b69f0de58 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2390134

Change-Id: Ib7a44a32ce2ec9cc66c74b48e1c5566a6f35e349
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-18 16:12:04 +00:00
Treehugger Robot
9b69f0de58 Merge "Allow mkfs/fsck for zoned block device" 2023-01-18 15:45:02 +00:00
Orion Hodson
a23a503026 Merge "Additional sepolicy rules for dex2oat" am: 2ff660e134 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2389548

Change-Id: I5a27225905b293151414d6f836c3483d0a2ec5eb
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-18 12:36:57 +00:00
Orion Hodson
2ff660e134 Merge "Additional sepolicy rules for dex2oat" 2023-01-18 11:35:39 +00:00
Jaegeuk Kim
b5f16b2392 Allow mkfs/fsck for zoned block device 
Zoned block device will be used along with userdata_block_device
for /data partition.

Bug: 197782466
Change-Id: I777a8b22b99614727086e72520a48dbd8306885b
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
 2023-01-17 17:59:28 -08:00
Lorenzo Colitti
d842a85d44 Merge "Update SEPolicy for Tetheroffload AIDL" am: b8194ca7fb 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2355402

Change-Id: Ie4aad80ff32164a962fa5f140db97be9c51776fe
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-18 00:13:12 +00:00
Tri Vo
99f88846ff credstore: Add missing permissions 
Bug: 261214100
Test: CtsIdentityTestCases
Change-Id: I6a70ed279f65d1cb4bfa0d53fa0e0f25d00d44b5
 2023-01-17 16:07:19 -08:00
Lorenzo Colitti
b8194ca7fb Merge "Update SEPolicy for Tetheroffload AIDL" 2023-01-18 00:04:51 +00:00
Jiakai Zhang
5a6771ccb7 Allow artd to create dirs and files for artifacts before restorecon. am: 7789460457 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2388476

Change-Id: I721371609f28e093b6bf082feb8a64adc0fe2779
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-17 19:26:42 +00:00
Jiakai Zhang
7789460457 Allow artd to create dirs and files for artifacts before restorecon. 
Bug: 262230400
Test: -
  1. Remove the "oat" directory of an app.
  2. Dexopt the app using ART Service.
  3. See no SELinux denials.
Change-Id: I717073b0172083d73a1b84e5c2bea59076663b2f
 2023-01-18 01:07:49 +08:00
Orion Hodson
c09e7e4674 Additional sepolicy rules for dex2oat 
Enable reading vendor overlay files and /proc.

Fix: 187016929
Test: m
Change-Id: I7df17b4fcc8a449abe2af4bc8394d0224243799c
 2023-01-17 15:43:58 +00:00
Treehugger Robot
6ec18d5439 Merge "Allow all system properties with the "pm.dexopt." prefix." am: cc39bf74f1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2388475

Change-Id: Id90a1a0caa594483611374cb187c6b32e887ef53
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-17 02:08:06 +00:00
Treehugger Robot
cc39bf74f1 Merge "Allow all system properties with the "pm.dexopt." prefix." 2023-01-17 01:24:34 +00:00
Jiakai Zhang
cda13660d7 Allow all system properties with the "pm.dexopt." prefix. 
We use this as a namespace of all system properties used by ART Service.
As ART Service is in the updatable ART module, we need to be able to add
new properties.

Bug: 256639711
Test: Presubmit
Change-Id: Idcee583abccef9c0807699122074eb26927ca57b
 2023-01-16 21:24:07 +08:00
Changyeon Jo
edf5420830 Modify the automotive display service file context 
The automotive display service is moved to /system_ext partition.

Bug: 246656948
Test: Build selinux policy for aosp_cf_x86_64_only_auto target.
      > lunch aosp_cf_x86_64_only_auto-userdebug
      > m -j selinux_policy
Change-Id: If822e54aa99053c1aaee9f41d067860ea965c2f2
 2023-01-15 01:31:09 +00:00
Treehugger Robot
f18c34bfdf Merge "dontaudit crosvm reading VM's pipe" am: fa767b0e4a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2385815

Change-Id: I4eb2bc22ab9b122bae111003af66e5fc008d0d75
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-14 00:38:22 +00:00
Treehugger Robot
fa767b0e4a Merge "dontaudit crosvm reading VM's pipe" 2023-01-14 00:14:23 +00:00
Tri Vo
58a2792951 Merge "Add rkpdapp access to remote_prov_prop" am: 9a63dcb2ee 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2386552

Change-Id: Iecc85a4f3ab6a3cf97cd603097f961b3f4d13dba
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-13 18:53:18 +00:00
Tri Vo
9a63dcb2ee Merge "Add rkpdapp access to remote_prov_prop" 2023-01-13 18:16:19 +00:00
David Brazdil
8cfd50806d Merge "virtualizationservice: Allow checking permissions" am: 28e9b97993 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2384139

Change-Id: Ic1f358083895f4ed26cc6ce4f51cd17106b86dea
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-13 13:46:47 +00:00
David Brazdil
28e9b97993 Merge "virtualizationservice: Allow checking permissions" 2023-01-13 13:00:48 +00:00
Treehugger Robot
7cf7012262 Merge "refactor: get_prop(bpfdomain, bpf_progs_loaded_prop)" am: c8882d3e23 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2378568

Change-Id: I688bc3d34cf4a4f5c2a28a9cec276ea2ecb8eba5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-13 11:55:44 +00:00
Treehugger Robot
c8882d3e23 Merge "refactor: get_prop(bpfdomain, bpf_progs_loaded_prop)" 2023-01-13 11:27:11 +00:00
Xin Li
decaa94957 Merge "Merge tm-qpr-dev-plus-aosp-without-vendor@9467136" into stage-aosp-master 2023-01-13 07:32:38 +00:00
Akilesh Kailash
bae423e9c5 Merge "Allow files to be created /metadata/ota" 2023-01-13 06:35:33 +00:00
Inseob Kim
42798af0cb dontaudit crosvm reading VM's pipe 
Bug: 238593451
Test: boot microdroid and see console
Change-Id: I46712759240a9f091936c6a81bb02679c267b8b8
 2023-01-13 14:08:16 +09:00
David Brazdil
ccf9164abc virtualizationservice: Allow checking permissions 
Bug: 245727626
Test: atest -p packages/modules/Virtualization:avf-presubmit
Change-Id: Ia49d7db3edeb465fd8b851aed8646964ee6f5af2
 2023-01-12 21:10:33 +00:00
Henri Chataing
9ff3423527 Add missing permissions for default bluetooth hal 
Test: launch_cvd
Bug: 205758693
Change-Id: Ie55352bbe48c5eef281a293bedc5aa057f5dcdad
Merged-In: Ie55352bbe48c5eef281a293bedc5aa057f5dcdad
 2023-01-12 19:02:57 +00:00
Tri Vo
7b9b6a04ed Add rkpdapp access to remote_prov_prop 
Test: presubmit
Change-Id: I7f4593e580f9d762a38b6e1b3e9db7c74e3eb984
 2023-01-12 09:50:28 -08:00
Xin Li
0ba8f8934a Merge tm-qpr-dev-plus-aosp-without-vendor@9467136 
Bug: 264720040
Merged-In: Id5f052116834034a9e4fd5c3adf17d3d7ef6610a
Change-Id: I84e152300ba7ece94e47e270eba1d7280a72343a
 2023-01-11 22:47:37 -08:00
Thomas Nguyen
3445819d5a Add IRadioSatellite context 
Bug: 260644201
Test: atest VtsHalRadioTargetTes

Change-Id: I43555e1f076cdf96fb0b7805cd664d7ba6798aec
 2023-01-10 18:27:41 +00:00
Nathalie Le Clair
98e20da831 Merge "HDMI: Refactor HDMI packages" 2023-01-10 17:05:17 +00:00
Kalesh Singh
460c2ac995 Merge "suspend: Allow access to /sys/power/wake_[un]lock" 2023-01-09 17:55:09 +00:00
Alan Stokes
c5b914670f Suppress harmless denial 
Commit 2d736569e716b5c143f296ae124bcfed9630a4d2 improved the logging
in virtualization service by attempting to get the real path from
/proc/self/fd/N for various files.

However, CompOS stores its log files in a directory
(/data/misc/apexdata/...) which VS has no access to, triggering an
SELinux denial:

avc: denied { search } for name="apexdata"
scontext=u:r:virtualizationmanager:s0
tcontext=u:object_r:apex_module_data_file:s0 tclass=dir

Suppress this denial, since it causes no harm (we just don't log the
real path).

Bug: 264496291
Bug: 251751405
Test: composd_cmd test-compile;
 see no denials
Change-Id: Ia55e593c0c0735b8f3085a964f0c789c177375f2
 2023-01-09 11:34:52 +00:00
Thiébaud Weksteen
d03656b281 Merge "Grant SIGTERM and SIGKILL to dumpstate on incident" 2023-01-09 02:02:48 +00:00
Bill Yi
8c544a4c73 Merge "Merge TQ1A.230105.002 to aosp-master - DO NOT MERGE" 2023-01-06 19:33:52 +00:00
David Brazdil
3f1b27afa6 Merge "Start using virtmgr for running VMs" am: 2cfd7d5e4b am: 2de678977a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2367809

Change-Id: I8e3305438b002a4a4963c71dbbacfe56728d4a04
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-06 17:15:56 +00:00
David Brazdil
2de678977a Merge "Start using virtmgr for running VMs" am: 2cfd7d5e4b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2367809

Change-Id: Id29260cd0d23e3908833b0d903957402210ca224
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-06 16:44:06 +00:00
Bill Yi
15ee6d11bc Merge TQ1A.230105.002 to aosp-master - DO NOT MERGE 
Merged-In: I9acac60411da6eee86246a9e375b35dfb61691d1
Merged-In: If343dba5dae2821fa345135abafb891e85be5574
Change-Id: Ia868a5a11f13d47bf11fbb21b3d5cee12d7c8c99
 2023-01-06 07:13:50 -08:00
Maciej Żenczykowski
60f4a34544 refactor: get_prop(bpfdomain, bpf_progs_loaded_prop) 
Based on:
  cs/p:aosp-master -file:prebuilts/ get_prop.*bpf_progs_loaded_prop

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: If07026b1ea5753a82401a62349c494b4cbf699b6
 2023-01-06 10:09:33 +00:00
David Brazdil
55d808c28c Start using virtmgr for running VMs 
Split virtualizationservice policy into rules that should remain with
the global service and rules that now apply to virtmgr - a child process
of the client that runs the VM on its behalf.

The virtualizationservice domain remains responsible for:
 * allocating CIDs (access to props)
 * creating temporary VM directories (virtualization_data_file, chown)
 * receiving tombstones from VMs
 * pushing atoms to statsd
 * removing memlock rlimit from virtmgr

The new virtualizationmanager domain becomes responsible for:
 * executing crosvm
 * creating vsock connections, handling callbacks
 * preparing APEXes
 * pushing ramdumps to tombstoned
 * collecting stats for telemetry atoms

The `virtualizationservice_use` macro is changed to allow client domains
to transition to the virtmgr domain upon executing it as their child,
and to allow communication over UDS.

Clients are not allowed to communicate with virtualizationservice via
Binder, only virtmgr is now allowed to do that.

Bug: 250685929
Test: atest -p packages/modules/Virtualization:avf-presubmit
Change-Id: Iefdccd908fc28e5d8c6f4566290e79ed88ade70b
 2023-01-05 17:39:39 +00:00
Bill Yi
537945aaec Merge TQ1A.230105.002 to stage-aosp-master - DO NOT MERGE 
Merged-In: I5d03241b079692da856025a33b24013728fa0e57
Change-Id: Ic1d5da8b8192ff04d58c86a748066d21dc976999
 2023-01-04 12:52:29 -08:00
Jiakai Zhang
923a805f7c Merge changes from topic "artd-sepolicy-b254013425" am: d09a14baee am: 33426b1423 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2369929

Change-Id: I5d03241b079692da856025a33b24013728fa0e57
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-04 19:00:52 +00:00
Jiakai Zhang
edeaa6ea16 Allow system_server to read /data/misc/profman. am: 10aa6465d9 am: 4eda7b5335 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2350182

Change-Id: If36138e202e0c8a7a1c8d0ffab641ef097dd6e4f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-04 19:00:49 +00:00
Jiakai Zhang
4eda7b5335 Allow system_server to read /data/misc/profman. am: 10aa6465d9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2350182

Change-Id: I5792df13d00fa4480aeacfa7af304edc93201616
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-04 18:26:19 +00:00
Jiakai Zhang
d09a14baee Merge changes from topic "artd-sepolicy-b254013425" 
* changes:
  Allow artd to scan directories for cleaning up obsolete managed files.
  Allow system_server to read /data/misc/profman.
 2023-01-04 17:43:24 +00:00
Treehugger Robot
5efaa62b95 Merge "EARC: Add Policy for EArc Service" am: 6baccc1d8e am: 1791ca2220 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2320410

Change-Id: I7945e5044d54ba6a5f00524512c9153f0229242b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-04 04:27:27 +00:00
Treehugger Robot
6baccc1d8e Merge "EARC: Add Policy for EArc Service" 2023-01-04 03:30:47 +00:00
KH Shi
8ae99b5e5f Update SEPolicy for Tetheroffload AIDL 
Bug: b/205762647
Test: m
Change-Id: Iaf87e8a64a4a1af20f54e3c09c31d051acf549a1
 2023-01-04 11:28:47 +08:00
Thiébaud Weksteen
3b1c843976 Grant SIGTERM and SIGKILL to dumpstate on incident 
Bug: 238705597
Test: reduce timeout on incident; trigger bugreport; no denials
Change-Id: If70f9969165f4b8e4f1849d9dd6035503de87eb2
 2023-01-04 12:57:11 +11:00
Jiakai Zhang
440ae7883e Allow artd to scan directories for cleaning up obsolete managed files. 
Bug: 254013425
Test: -
  1. adb shell pm art cleanup
  2. See no SELinux denials.
Change-Id: Idf4c0863810e1500a7e324811f128400bdfcb98c
 2023-01-03 16:48:41 +00:00
Jiakai Zhang
10aa6465d9 Allow system_server to read /data/misc/profman. 
Before this change, system_server only has write access. We want read
access the directory so that we can check if it has the right
permissions before we write to it.

Bug: 262230400
Test: No longer see SELinux denials on that directory.
Change-Id: Ic26b2a170031c4f14423b8b1f1a8564d64f532ae
 2023-01-03 16:48:11 +00:00
Akilesh Kailash
f10e232277 Allow files to be created /metadata/ota 
This is required during OTA. File will be removed
once OTA update is completed.

Bug: 262407519
Test: OTA on Pixel
Change-Id: I8922ebaaa89f9075fe47d2b74f61071b657850f0
Signed-off-by: Akilesh Kailash <akailash@google.com>
 2023-01-02 21:13:43 -08:00
Andy Hung
a8b6900a49 audio HAL: SELinux changes for Spatial Audio optimization 
Add CAP_SYS_NICE.
Reduce glitches caused by core migration.
Reduce power consumption as Spatializer Effect is DSP compute bound.

Test: instrumented
Test: adb shell 'uclampset -a -p $(pgrep -of android.hardware.audio.service)'
Test: adb shell cat "/proc/$(adb shell pgrep -of android.hardware.audio.service)/status"
Test: adb shell 'ps -Tl -p $(pgrep -of android.hardware.audio.service)'
Bug: 181148259
Bug: 260918856
Bug: 261228892
Bug: 261686532
Bug: 262803152
Ignore-AOSP-First: tm-qpr-dev fix, will move to AOSP afterwards.
Merged-In: Id5f052116834034a9e4fd5c3adf17d3d7ef6610a
Change-Id: Id5f052116834034a9e4fd5c3adf17d3d7ef6610a
 2022-12-28 16:55:07 -08:00
Venkatarama Avadhani
5a86d5f3f3 HDMI: Refactor HDMI packages 
Organize the HDMI packages into CEC, EArc and connection under a common
hdmi package.

Bug: 261729059
Test: atest vts_treble_vintf_framework_test
      atest vts_treble_vintf_vendor_test
Change-Id: Ief5bff996028775ea355b392a4028a091fb83b99
 2022-12-27 18:15:26 +05:30
Venkatarama Avadhani
0f0861af8f EARC: Add Policy for EArc Service 
Test: atest vts_treble_vintf_framework_test
      atest vts_treble_vintf_vendor_test
Bug: 240388105
Change-Id: I561f647a68553fa0134f2e1bd65b0f18dd1785f1
 2022-12-27 18:11:36 +05:30
Treehugger Robot
df00a04e22 Merge "Allow system_server to enable fs-verity." am: 3ca356b7df am: b839e55d39 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2364635

Change-Id: I9f93dc926fcc975ab6a107bb65d7dd0f5af3f9c4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-21 02:42:25 +00:00
Treehugger Robot
3ca356b7df Merge "Allow system_server to enable fs-verity." 2022-12-21 01:24:43 +00:00
Alex Buynytskyy
ff577a00b8 Allow system_server to enable fs-verity. 
Bug: 253568736
Test: atest PackageManagerSettingsTests
Change-Id: I2fc59d6441eca95b349aebaa633a15584c7ef744
 2022-12-20 15:36:26 -08:00
Florian Mayer
ba9816f6fe Merge "Allow system_server to set arm64 memtag property" am: c7c6d49939 am: 05cb03323a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2361257

Change-Id: I0ea750c9e2950eb17941f69912ad5e7892b70c65
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-20 20:12:04 +00:00
Florian Mayer
c7c6d49939 Merge "Allow system_server to set arm64 memtag property" 2022-12-20 19:04:03 +00:00
David Brazdil
8d65921dfb Merge "Create virtmgr domain and initial policy" am: 3e61a33df5 am: b5a4f52de7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2317789

Change-Id: I317e53312d97c7a03f5e2709dfa6fcdb9dc29488
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-20 09:37:28 +00:00
David Brazdil
3e61a33df5 Merge "Create virtmgr domain and initial policy" 2022-12-20 08:17:05 +00:00
Treehugger Robot
9db7dccfe4 Merge "Add SELinux policy for sound dose HAL" am: 62894399c3 am: f6872e0ea8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2361860

Change-Id: Ia25d2e86827d872d33553753d3dba34bdc801324
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-19 20:35:14 +00:00
Treehugger Robot
62894399c3 Merge "Add SELinux policy for sound dose HAL" 2022-12-19 19:07:32 +00:00
Andy Hung
7a0d4f0c6c Merge "audio HAL: SELinux changes for Spatial Audio optimization" into tm-qpr-dev am: 5190b9b589 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/20612611

Change-Id: If12fd121484ec20231e7f32636610832cd2f6db1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-17 04:05:42 +00:00
Florian Mayer
152f832904 Allow system_server to set arm64 memtag property 
Bug: 262763327
Bug: 244290023
Test: atest MtePolicyTest on user build
Test: manually with TestDPC
Change-Id: If1ed257fede6fa424604eed9775eb3a3b8365afe
 2022-12-16 16:58:36 -08:00
Vlad Popa
48dd5f7ac4 Add SELinux policy for sound dose HAL 
Note that this HAL is meant only as a workaround until the OEMs will
switch to the AIDL audio HAL.

Test: bluejay-userdebug
Bug: 257937004
Change-Id: Id01da9606f73354a01a94aace8a8966a09038fda
 2022-12-16 21:42:06 +01:00
Andy Hung
2461bf39bd audio HAL: SELinux changes for Spatial Audio optimization 
Add CAP_SYS_NICE.
Reduce glitches caused by core migration.
Reduce power consumption as Spatializer Effect is DSP compute bound.

Test: instrumented
Test: adb shell 'uclampset -a -p $(pgrep -of android.hardware.audio.service)'
Test: adb shell cat "/proc/$(adb shell pgrep -of android.hardware.audio.service)/status"
Test: adb shell 'ps -Tl -p $(pgrep -of android.hardware.audio.service)'
Bug: 181148259
Bug: 260918856
Bug: 261228892
Bug: 261686532
Bug: 262803152
Ignore-AOSP-First: tm-qpr-dev fix, will move to AOSP afterwards.
Change-Id: Id5f052116834034a9e4fd5c3adf17d3d7ef6610a
 2022-12-16 12:08:17 -08:00
Treehugger Robot
201902591c Merge "Remove dalvik.vm.usejitprofiles system property." am: a0f59cffe2 am: f1aa72efbd 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2327464

Change-Id: I550b860284b115bf6174eb10b462bf2b84f85c98
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-16 19:56:11 +00:00
Treehugger Robot
a0f59cffe2 Merge "Remove dalvik.vm.usejitprofiles system property." 2022-12-16 18:51:08 +00:00
Vikram Gaur
2a37a21c50 Merge "Fix permission issue for widevine mediaservices." am: ebe25efd66 am: 24a4882a1d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2357882

Change-Id: Ibe46267a8099f20e6259f3ead411c3812a5085ed
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-15 20:41:51 +00:00
Vikram Gaur
ebe25efd66 Merge "Fix permission issue for widevine mediaservices." 2022-12-15 19:13:12 +00:00
Vikram Gaur
91f5c53adf Fix permission issue for widevine mediaservices. 
Widevine provisioning was causing SELinux policy issues since we need to
provision Widevine through MediaDrm framework.

Test: presubmits
Change-Id: Ia9d070309e84599ed614bbf5ba35eed558f4d463
 2022-12-15 17:14:04 +00:00
Sandro
e310a33fb2 Allow sdk_sandbox to read files/directory in /data/local/tmp am: f7894fc62e am: 50b3258e72 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2346004

Change-Id: I9b9921069667a972b6c233d4eae0d08a9e0473ef
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-15 16:47:39 +00:00
Sandro
f7894fc62e Allow sdk_sandbox to read files/directory in /data/local/tmp 
The /data/local/tmp directory is used by the CTS tests infrastructure to
store various data, like the list of tests to include/exclude after
failures
http://cs/android-internal/tools/tradefederation/core/test_framework/com/android/tradefed/testtype/AndroidJUnitTest.java;l=333-347;rcl=bbd3902197b7de1a99aef4c22db8e14e4dbf1157

Without this CL, CTS modules that attempt to re-execute failures will
get a '[INSTRUMENTATION_CRASH|SYSTEM_UNDER_TEST_CRASHED]' error.

Test results before/after this CL:
Before: http://ab/I04600010115474754
After: http://ab/I65000010115426482
Note the absence of "Module error" in the second case
https://screenshot.googleplex.com/C6Ui3GdfgQBt8bp
https://screenshot.googleplex.com/BDHKFfKJjnqVYpj

Bug: 261864298
Test: atest CtsBluetoothTestCases --retry-any-failure -- --enable-optional-parameterization --enable-parameterized-modules --module-parameter run_on_sdk_sandbox
Change-Id: Ibbb196f8c0ef1df320885ed8c56f20172f83d583
 2022-12-15 10:29:36 +00:00
Calvin Pan
2a53d04c95 Merge "Add grammatical_inflection service" am: f56dfeb2d4 am: ecdc4715bc 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2352743

Change-Id: I8a2a4412d17d6a044e9925ed35a287eb75f04a03
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-15 09:04:12 +00:00
Calvin Pan
f56dfeb2d4 Merge "Add grammatical_inflection service" 2022-12-15 07:38:01 +00:00
Avichal Rakesh
062567b1b3 Merge "cameraservice: Add selinux policy for vndk cameraservice." am: 95ecfc2f33 am: 5e5c23595e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2346843

Change-Id: Ifa44e738457c8e8f3d4365804a87e690cca94da4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-15 00:01:04 +00:00
Avichal Rakesh
95ecfc2f33 Merge "cameraservice: Add selinux policy for vndk cameraservice." 2022-12-14 22:49:47 +00:00
Kalesh Singh
a0a55e0e23 suspend: Allow access to /sys/power/wake_[un]lock 
This is needed to prevent autosuspend when the framework is restarting
See: go/no-suspend-deadlocks

Bug: 255898234
Test: Check logcat for avc denials
Change-Id: I6313e28d0f2e4bc553881fcc3742dc74ca319b44
 2022-12-14 14:18:55 -08:00
Avichal Rakesh
0febfbd952 cameraservice: Add selinux policy for vndk cameraservice. 
This CL adds a new cameraservice type to allow vendor clients of
cameraservice to query and find the stable cameraservice
implementation.

Bug: 243593375
Test: Manually tested that cameraservice can register a vendor facing
      instance.
Change-Id: I61499406d4811c898719abcb89c51b4b8a29f4a7
 2022-12-14 20:46:43 +00:00
Calvin Pan
a9b1c2299c Add grammatical_inflection service 
This new service is exposed by system_server and available to all apps.

Bug: 259175720
Test: atest and check the log
Change-Id: I522a3baab1631589bc86fdf706af745bb6cf9f03
 2022-12-14 05:22:53 +00:00
Treehugger Robot
fc06df931a Merge "Add a sysprop for initiating PHYs in LE create ext connection" am: 92018d4150 am: 16d0242532 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2335542

Change-Id: I956b3a0f460207f0dadb340a7378df91a9ee639a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-14 04:58:30 +00:00
Treehugger Robot
92018d4150 Merge "Add a sysprop for initiating PHYs in LE create ext connection" 2022-12-14 04:07:33 +00:00
Pomai Ahlo
f2be496223 Merge "[ISap hidl2aidl] Update ISap in sepolicy" am: ab3a546000 am: 0824aff623 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2339122

Change-Id: Id13f7690aa4c3ae0d68e3af9810e283772be80e9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-13 21:30:04 +00:00
Mohi Montazer
da142c0d8b Merge "SEPolicy updates for camera HAL" am: 3bbdd15ece am: c7eba19ef9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2338242

Change-Id: I6179821368e204896226970fab356577ca3f0699
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-13 21:29:50 +00:00
Pomai Ahlo
ab3a546000 Merge "[ISap hidl2aidl] Update ISap in sepolicy" 2022-12-13 20:57:24 +00:00
Mohi Montazer
3bbdd15ece Merge "SEPolicy updates for camera HAL" 2022-12-13 20:37:59 +00:00
Treehugger Robot
13fe16936e Merge "Add all supported instance names for audio IModule" am: ffae136437 am: 7ea2e57cb2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2336911

Change-Id: I1854c9f8287f2165f80c2c24ae484e1d42ce1093
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-13 20:12:48 +00:00
Jiakai Zhang
cc9d0ff6f8 Merge changes Iec586c55,Iccb97b19 am: 9acfabbe12 am: 1afdbf5357 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2345246

Change-Id: I79428ac28bbafaa55be4dd6d12b84b52e2fe0d89
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-13 20:11:16 +00:00
Treehugger Robot
f97fd45474 Merge "sepolicy: Add Bluetooth AIDL" am: 8cce74d7e0 am: 920af49203 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2238140

Change-Id: Iccc5ae27c6e9c7320ac168e28e239ca6f250847c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-13 19:31:30 +00:00
Treehugger Robot
ffae136437 Merge "Add all supported instance names for audio IModule" 2022-12-13 19:30:00 +00:00
Jiakai Zhang
9acfabbe12 Merge changes Iec586c55,Iccb97b19 
* changes:
  Allow artd to access files for restorecon.
  Allow artd to read symlinks for secondary dex files.
 2022-12-13 19:06:18 +00:00
David Brazdil
5fcfbe49da Create virtmgr domain and initial policy 
Start a new security domain for virtmgr - a child proces of an app that
manages its virtual machines.

Add permissions to auto-transition to the virtmgr domain when the client
fork/execs virtmgr and to communicate over UDS and pipe.

Bug: 250685929
Test: atest -p packages/modules/Virtualization:avf-presubmit
Change-Id: I7624700b263f49264812e9bca6b83a003cc929be
 2022-12-13 18:40:05 +00:00
Treehugger Robot
8cce74d7e0 Merge "sepolicy: Add Bluetooth AIDL" 2022-12-13 18:26:03 +00:00
Mohi Montazer
ad059403ad SEPolicy updates for camera HAL 
Updates SEPolicy files to give camera HAL permission to access
Android Core Experiment flags.

Example denials:
11-30 13:08:33.172  1027  1027 W binder:1027_3: type=1400 audit(0.0:7): avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs" ino=152 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0
11-30 13:08:33.172  1027  1027 W binder:1027_3: type=1400 audit(0.0:8): avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs" ino=152 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0
11-30 13:08:33.244  1027  1027 W 3AThreadPool:  type=1400 audit(0.0:9): avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs" ino=152 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0

Bug: 259433722
Test: m
Change-Id: I11165b56d7b7e38130698cf86d9739f878580a14
 2022-12-13 09:52:04 -08:00
Treehugger Robot
6770706ac1 Merge "Add ro.fuse.bpf.is_running" am: 71ed34c341 am: b7ca038df4 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2346802

Change-Id: I04b00625696e97dc517e5f206c09617df9577a74
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-13 16:26:07 +00:00
Jiakai Zhang
d7f811913b Allow artd to access files for restorecon. 
Otherwise, we will get SELinux denials like:
W binder:5750_1: type=1400 audit(0.0:133): avc: denied { read } for name="plat_file_contexts" dev="dm-1" ino=979 scontext=u:r:artd:s0 tcontext=u:object_r:file_contexts_file:s0 tclass=file permissive=0
W binder:5750_1: type=1400 audit(0.0:134): avc: denied { read } for name="system_ext_file_contexts" dev="dm-3" ino=92 scontext=u:r:artd:s0 tcontext=u:object_r:file_contexts_file:s0 tclass=file permissive=0

Bug: 262230400
Test: No longer see such SELinux denials.
Change-Id: Iec586c554fa2dc33f0a428321bada484add620ed
 2022-12-13 16:03:22 +00:00
Treehugger Robot
71ed34c341 Merge "Add ro.fuse.bpf.is_running" 2022-12-13 15:22:48 +00:00
Jiakai Zhang
6834597a41 Allow artd to read symlinks for secondary dex files. 
Otherwise, we will encounter SELinux denials like:
W binder:6200_7: type=1400 audit(0.0:327): avc: denied { read } for name="PrebuiltGmsCoreNext_DynamiteLoader.apk" dev="dm-51" ino=2576 scontext=u:r:artd:s0 tcontext=u:object_r:privapp_data_file:s0:c512,c768 tclass=lnk_file permissive=0

Bug: 262230400
Test: No longer see such SELinux denials.
Change-Id: Iccb97b1973f8efbe859b59e729f7a0194d05ba5e
 2022-12-13 14:49:20 +00:00
Treehugger Robot
8a123e4f63 Merge "Don't crash_dump crosvm" am: bc9ce78119 am: e5c6d9bae8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2338047

Change-Id: I4648e1fe947aa16341540c4c5a5d95640e4a0987
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-13 13:54:21 +00:00
Treehugger Robot
bc9ce78119 Merge "Don't crash_dump crosvm" 2022-12-13 12:48:11 +00:00
Alan Stokes
6ed1bd9dee Don't crash_dump crosvm 
Parts of its memory map are donated to guest VMs, which crashes the
kernel when it tries to touch them.

Ideally we would fix crash_dump to skip over such memory, but in
the meantime this would avoid the kernel crash.

Bug: 236672526
Bug: 238324526
Bug: 260707149
Test: Builds
Change-Id: I6c1eb2d49263ccc391101c588e2a3e87c3f17301
 2022-12-13 09:27:52 +00:00
Vikram Gaur
97603c8d7b Merge "Add Google specific module for RKPD for sepolicy." am: aa4667290b am: c25e37bf4d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2341511

Change-Id: I5420886e52075a0be1821fbe78b0e8f319102598
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-13 07:38:05 +00:00
Vikram Gaur
aa4667290b Merge "Add Google specific module for RKPD for sepolicy." 2022-12-13 06:45:32 +00:00
Jaewan Kim
2e8e45c346 Merge "Allow crosvm to open test artifacts in shell_data_file" am: 730c1cdd59 am: a4bb5477a2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2331903

Change-Id: Idf3b7be85d0d2b0bd9ec73eef03b267d2554a793
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-13 03:18:35 +00:00
Treehugger Robot
f2183a72f4 Merge "Deprecate proc_fs_verity from API 33" am: 63b666d403 am: 2e61576bb0 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2334064

Change-Id: Ib2cf6c73645c285f8b07f4e18c25d2d562cb465b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-13 03:18:10 +00:00
Jaewan Kim
730c1cdd59 Merge "Allow crosvm to open test artifacts in shell_data_file" 2022-12-13 02:17:02 +00:00
Treehugger Robot
63b666d403 Merge "Deprecate proc_fs_verity from API 33" 2022-12-13 02:01:30 +00:00
Ying Hsu
4a7cc656ff Add a sysprop for initiating PHYs in LE create ext connection 
This patch adds a sysprop to configure whether LE 1M PHY is the
only one used as initiating PHY in a LE Extended Create Connection
request.

Bug: 260677740
Tag: #floss
Test: Manual test - pairing with BLE mouse
Change-Id: I33dbf4093390015a17bffb25eed841d2cc2ad20a
 2022-12-13 01:54:41 +00:00
Mikhail Naganov
2293f5eb0b Add all supported instance names for audio IModule 
In AIDL, there is no 'factory' interface for retrieving
modules, instead each module is registered individually
with the ServiceManager.

Bug: 205884982
Test: atest VtsHalAudioCoreTargetTest
Change-Id: I55cdae0640171379cda33de1534a8dc887583197
 2022-12-13 01:17:46 +00:00
Paul Lawrence
b39cbc0856 Add ro.fuse.bpf.is_running 
is_running flag signals to tests whether fuse-bpf is running

Test: Builds, runs, ro.fuse.bpf.is_running is correct, fuse-bpf works
Bug: 202785178
Change-Id: I0b02e20ab8eb340733de1138889c8f618f7a17fa
 2022-12-12 17:08:13 -08:00
Akilesh Kailash
983879a2e8 Merge "Virtual_ab: Add property to control batch writes" am: 64711e9de5 am: 25f93bebf8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2319231

Change-Id: I109f90c78b43b481d8b2efa173436193eaa655ea
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-12 17:36:59 +00:00
Jiakai Zhang
f03b695f87 Merge "Allow artd to access primary dex'es in external and vendor partitions." am: 7269c1bfe9 am: 36dc423a33 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2345244

Change-Id: I1d74c55fd32a662e5d9bcf1e10fb985f3340a9f3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-12 17:36:34 +00:00
Akilesh Kailash
64711e9de5 Merge "Virtual_ab: Add property to control batch writes" 2022-12-12 16:39:00 +00:00
Jiakai Zhang
7269c1bfe9 Merge "Allow artd to access primary dex'es in external and vendor partitions." 2022-12-12 16:32:37 +00:00
Jiakai Zhang
5e531051b6 Allow artd to access primary dex'es in external and vendor partitions. 
Otherwise, we will get SELinux denials like:
W binder:6098_5: type=1400 audit(0.0:138): avc: denied { search } for name="framework" dev="dm-6" ino=478 scontext=u:r:artd:s0 tcontext=u:object_r:vendor_framework_file:s0 tclass=dir permissive=0

Bug: 262230400
Test: No longer see such SELinux denials.
Change-Id: Ic31fdabb16341c51466531c88ca040698331b248
 2022-12-12 14:28:40 +00:00
Akilesh Kailash
5fa04f20f5 Virtual_ab: Add property to control batch writes 
Bug: 254188450
Test: OTA
Change-Id: I43c35859e98e449a45164b4d55db43b63ddbaba8
Signed-off-by: Akilesh Kailash <akailash@google.com>
 2022-12-11 16:14:47 +00:00
Vikram Gaur
d7a1aaf108 Add Google specific module for RKPD for sepolicy. 
Google is added to the package names to differentiate the Google
specific modules from AOSP modules. This causes RKPD Google module to
not get proper permissions since we permit only AOSP module currently.

Test: Tested on Pixel 7 device
Change-Id: Ia7c39ef85cedf20f705c27a5944b6f87f786cc1b
 2022-12-11 09:49:08 +00:00
Jaewan Kim
7b843d4ebf Allow crosvm to open test artifacts in shell_data_file 
Test: Try open /data/local/tmp/a from crovm
Bug: 260802656, Bug: 243672257
Change-Id: I90e2fe892f1028ea5add91a41389e2f7e812f988
 2022-12-10 11:34:42 +09:00
Chris Weir
448cfc4fb0 Merge "SEPolicy for AIDL CAN HAL" am: caf905ff3c am: e640405f81 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2291528

Change-Id: I183f80e365e87aff1b5b5b21b59137b99984a8bd
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-10 01:17:51 +00:00
Pomai Ahlo
5f4421fae5 [ISap hidl2aidl] Update ISap in sepolicy 
Change instances of android.hardware.radio.sim.ISap to android.hardware.radio.sap.ISap

ISap is no longer going to be with IRadioSim in the sim
directory.  It will be in its own sap directory.

Test: m
Bug: 241969533
Change-Id: I362a0dc6e4b81d709b24b2fa2d879814ab232ad4
 2022-12-10 01:13:13 +00:00
Chris Weir
caf905ff3c Merge "SEPolicy for AIDL CAN HAL" 2022-12-09 22:09:12 +00:00
Treehugger Robot
406c364d44 Merge "sepolicy - move proc bpf writes from bpfloader.rc to bpfloader binary" am: 39617aca42 am: 91f1f2edc8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2323635

Change-Id: I87733e62854796f97b825f6c9ab6f7c281648fd9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-09 21:14:18 +00:00
Treehugger Robot
39617aca42 Merge "sepolicy - move proc bpf writes from bpfloader.rc to bpfloader binary" 2022-12-09 20:25:48 +00:00
Chris Weir
eee59458c2 SEPolicy for AIDL CAN HAL 
CAN HAL moving to AIDL, SEPolicy will need to be adjusted.

Bug: 170405615
Test: AIDL CAN HAL VTS
Change-Id: I0d238d38aebb5895ae27fcb52cf43cd481327421
 2022-12-09 11:00:10 -08:00
Austin Borger
20017dd6fd Create a new system property for the landscape to portrait override. am: 3299216872 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/20580418

Change-Id: Ie5845cb9a9a7a2c0d79a4c76b9179de272b7770f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-09 00:29:13 +00:00
Austin Borger
71708e3a1d Merge "Create a new system property for the landscape to portrait override." 2022-12-09 00:05:15 +00:00
Victor Hsieh
90fa43e395 Deprecate proc_fs_verity from API 33 
Bug: 249158715
Test: lunch aosp_cf_x86_64_phone-eng; m
Test: TH
Change-Id: I29e4e0a4beb44b0ba66a4dd14266d04dae588df2
 2022-12-08 13:15:27 -08:00
Pomai Ahlo
be4f240892 Merge "[ISap hidl2aidl] Add ISap to sepolicy" am: 90d117d661 am: 992b8aa2f3 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2329593

Change-Id: Ie53758c8e845ba4c6e1172fcf52f6b22ac88f683
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-08 18:16:30 +00:00
Pomai Ahlo
90d117d661 Merge "[ISap hidl2aidl] Add ISap to sepolicy" 2022-12-08 17:32:38 +00:00
Maciej Żenczykowski
8213c5033e Merge "bpf - neverallow improvements/cleanups" am: e8a09e2480 am: eb4770d68a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2325355

Change-Id: Ibb1dcfeeeae92865056e335c9605291786eede3a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-08 13:24:57 +00:00
Maciej Żenczykowski
e8a09e2480 Merge "bpf - neverallow improvements/cleanups" 2022-12-08 12:39:41 +00:00
Treehugger Robot
e3df03bc24 Merge "Add permissions for remote_provisioning service" am: 61d823f9c7 am: aeaf422fe5 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2263548

Change-Id: I3f9a414795d52f29fb436d80b9beb2911fda34a0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-07 18:36:16 +00:00
Treehugger Robot
61d823f9c7 Merge "Add permissions for remote_provisioning service" 2022-12-07 18:06:41 +00:00
Treehugger Robot
93010df706 Merge "Clean up proc_fs_verity which is no longer used" am: bb689eae58 am: 4767fc3207 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2285498

Change-Id: I1a0a61e28d8656c70e3158363ccaeec9079c1885
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-07 17:53:08 +00:00
Martin Stjernholm
c8d686c9fb Remove dalvik.vm.usejitprofiles system property. 
Disabling profiles is no longer supported. Most of the profile support
has been active even when this property was false, and it won't be
supported in the ART Service.

(cherry-picked from commit 58314ecc31)

Test: atest -a CtsCompilationTestCases \
               CtsDexMetadataHostTestCases \
               propertyinfoserializer_tests
  with dalvik.vm.usejitprofiles undefined
Bug: 254434433
Merged-In: I4ca4ce5da49434552c76154f91e09d7ab0129e04
Change-Id: I4ca4ce5da49434552c76154f91e09d7ab0129e04
 2022-12-06 17:38:42 +00:00
Victor Hsieh
9999e20eed Clean up proc_fs_verity which is no longer used 
The reference was deleted in aosp/2281348.

Bug: 249158715
Test: TH
Change-Id: I07f63724e876e1db99acab73836bb52a8aa867d8
 2022-12-06 09:10:41 -08:00
Seth Moore
3accea479a Add permissions for remote_provisioning service 
Bug: 254112668
Test: manual + presubmit
Change-Id: I54d56c34ad4a8199b8aa005742faf9e1e12583c3
 2022-12-06 08:46:20 -08:00
Austin Borger
3299216872 Create a new system property for the landscape to portrait override. 
Apps commonly do not handle landscape orientation cameras correctly. In
order to prevent stretching and rotation issues in these apps, this
patch adds a flag to override the behavior of these landscape cameras
to produce a portrait image instead by changing the SENSOR_ORIENTATION
reported by CameraCharacteristics and applying a 90 degree rotate and
crop.

The camera2 framework needs to be able to turn this on only for certain
devices. Hence, this patch adds a system property for it.

Test: Ran on foldable device with several camera apps to verify behavior.
Bug: 250678880
Change-Id: I13783d81f5fada71805865a840e4135580f1d876
Merged-In: I13783d81f5fada71805865a840e4135580f1d876
 2022-12-05 21:07:50 -08:00
Austin Borger
f393df9d2b Create a new system property for the landscape to portrait override. 
Apps commonly do not handle landscape orientation cameras correctly. In
order to prevent stretching and rotation issues in these apps, this
patch adds a flag to override the behavior of these landscape cameras
to produce a portrait image instead by changing the SENSOR_ORIENTATION
reported by CameraCharacteristics and applying a 90 degree rotate and
crop.

The camera2 framework needs to be able to turn this on only for certain
devices. Hence, this patch adds a system property for it.

Test: Snow (successful), XRecorder (successful)
Test: Snapchat (successful), Instagram (successful)
Test: Telegram (Zoomed)
Bug: 250678880
Change-Id: I13783d81f5fada71805865a840e4135580f1d876
Merged-In: I13783d81f5fada71805865a840e4135580f1d876
 2022-12-05 19:38:57 -08:00
Pomai Ahlo
ff82b77ae8 [ISap hidl2aidl] Add ISap to sepolicy 
Test: m
Bug: 241969533
Change-Id: If9b67605481132d2908adae9fa1f9b1501c37ea0
 2022-12-05 16:23:25 -08:00
Maciej Żenczykowski
4a960869e0 sepolicy - move proc bpf writes from bpfloader.rc to bpfloader binary 
As a reminder, per:
  https://source.corp.google.com/search?q=p:aosp-master%20file:sepolicy%20-file:prebuilts%20proc_bpf%20file:genfs

we currently have:
  aosp-master system/sepolicy/private/genfs_contexts

genfscon proc /sys/kernel/bpf_ u:object_r:proc_bpf:s0
genfscon proc /sys/kernel/unprivileged_bpf_ u:object_r:proc_bpf:s0
genfscon proc /sys/net/core/bpf_ u:object_r:proc_bpf:s0

So the above are the files which will no longer be writable by init.

A cs/ search for p:android$ (/sys/kernel/bpf_|/sys/kernel/unprivileged_bpf_|/sys/net/core/bpf_) file:[.]rc

only finds bpfloader.rc init script as actually doing these writes.

Those writes are removed in:
  https://android-review.git.corp.google.com/c/platform/system/bpf/+/2325617
  'bpfloader - move sysctl setting from rc to binary'

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I19ccdf293966dd982e1d36836b0b962d99ed7275
 2022-12-03 15:22:29 +00:00
Maciej Żenczykowski
9a76805ac3 bpf - neverallow improvements/cleanups 
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I569d88bcfa0089d13d23dfeda111bf3584cad2c0
 2022-12-03 12:33:33 +00:00
Maciej Żenczykowski
5993a3d79e add fs_bpf_loader selinux type am: e14e69a947 am: 3ce95393bc 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2323334

Change-Id: I84623b3283cbbf156d52f98143853ac653d6ffcf
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-03 10:16:15 +00:00
Myles Watson
671a0c3bda sepolicy: Add Bluetooth AIDL 
Bug: 205758693
Test: manual - boot local image with Cuttlefish
Change-Id: Ic0c5408d83f8c352b72f79e9024212c7ff0c84c1
 2022-12-02 13:08:26 -08:00
Maciej Żenczykowski
60105260e7 remove init/vendor_init access to bpffs_type am: ebb45f9dea am: e000271a3c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2323317

Change-Id: Ibf8f9deb3695361398adcb3e5ff0e94423a318ea
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-02 15:19:13 +00:00
Maciej Żenczykowski
e14e69a947 add fs_bpf_loader selinux type 
To be used for things that only the bpfloader should be access.

Expected use case is for programs that the bpfloader should load,
pin into the filesystem, *and* attach.

[ie. no need for anything else to attach the programs]

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I035d3fcbf6cee523e41cdde23b8edc13311a45e8
 2022-12-02 12:26:49 +00:00
Maciej Żenczykowski
ebb45f9dea remove init/vendor_init access to bpffs_type 
There should be no need for this and it fixes a long outstanding TODO.

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Id1764cbc713addbbda6827fe6c6689e45e8f584c
 2022-12-02 12:26:03 +00:00
Treehugger Robot
2e04039b01 Merge "Provide network permissions to RKPD app." am: 89248159da am: cbe84dcb4d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2324014

Change-Id: Id777e36429984aef86b96674cc1fe6063de4cbc5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-01 22:32:02 +00:00
Vikram Gaur
592b345626 Provide network permissions to RKPD app. 
Test: TH
Change-Id: I5f721f5b3066ea95780487286a03b7028f11a3d5
 2022-12-01 18:54:08 +00:00
Steven Moreland
48b2b2e79b Merge "sepolicy for SE HAL" am: c3802445d0 am: ab6bb503e9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2285333

Change-Id: I2f259455750223b84731cd14b37671e5759373db
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-11-29 23:33:05 +00:00
Steven Moreland
c3802445d0 Merge "sepolicy for SE HAL" 2022-11-29 22:30:40 +00:00
Keir Fraser
901a778340 Merge "Adjust policy for hypervisor system properties" am: 255de93341 am: 6aea0833a1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2314862

Change-Id: I3510f7513fe450c21099fa9cdac6606f5726fb34
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-11-24 13:40:18 +00:00
Keir Fraser
84bb5eeccb Adjust policy for hypervisor system properties 
1. Allow them to be configured by vendor_init.
2. Introduce a new system property
   hypervisor.memory_reclaim.supported, which is configured by
   vendor_init and accessed only by virtualizationservice, and is not
   as widely accessible as the existing hypervisor sysprops.

Bug: 235579465
Test: atest MicrodroidTests
Change-Id: I952432568a6ab351b5cc155ff5eb0cb0dcddf433
 2022-11-24 10:23:58 +00:00
Alessandra Loro
c14a52f3b4 Merge "Hide ro.debuggable and ro.secure from ephemeral and isolated applications" am: 790d6b99ee am: 37db54ead6 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2308440

Change-Id: I3d5320e7ff5d79c6f9741d3be72176b5cc63b214
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-11-21 15:39:02 +00:00
Alessandra Loro
790d6b99ee Merge "Hide ro.debuggable and ro.secure from ephemeral and isolated applications" 2022-11-21 14:34:40 +00:00
Treehugger Robot
61cd5fa9b3 Merge "allow com.android.vending to access vendor_apex_file" am: 25ccbc7d90 am: cd2ca82f6d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2237570

Change-Id: I8b044c81808b8fc05a34d81f7b5aedacdad05b8b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-11-21 08:20:54 +00:00
Treehugger Robot
25ccbc7d90 Merge "allow com.android.vending to access vendor_apex_file" 2022-11-21 07:18:37 +00:00
Etienne Ruffieux
e701db71ea Merge "Add bluetooth_prop to system_server sepolicy." am: fb4ca780fe am: 65c71b2657 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2299497

Change-Id: I1b1bdafe7992d498a2d48793ed32e01d1ae5a331
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-11-18 23:12:32 +00:00
Etienne Ruffieux
fb4ca780fe Merge "Add bluetooth_prop to system_server sepolicy." 2022-11-18 22:08:11 +00:00
Devin Moore
34ef290b1e Merge "Add sepolicy for new AIDL sensorservice" am: 45d8baf70d am: dce4fb0d63 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2292579

Change-Id: I8ecdfc673b39f53f2d21990c18066cf1016ad92c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-11-18 20:04:23 +00:00
Devin Moore
45d8baf70d Merge "Add sepolicy for new AIDL sensorservice" 2022-11-18 19:21:47 +00:00
Alessandra Loro
24d90e792e Hide ro.debuggable and ro.secure from ephemeral and isolated applications 
Bug: 193912100
Test: N/A

Change-Id: I916c9795d96e4a4a453f9aed5e380f11981804e9
 2022-11-18 14:13:36 +00:00
Alessandra Loro
8e9a03e4a3 Drop back-compatibility for hiding ro.debuggable and ro.secure 
Ignore-AOSP-First: cherry-pick for tm-qpr-dev
Bug: 193912100
Test: N/A for cherry-pick
Change-Id: I47f2ddc4fa87bf6c8f872d2679348b2eecddcaad
Merged-In: I47f2ddc4fa87bf6c8f872d2679348b2eecddcaad
 2022-11-17 19:24:09 +00:00
Seth Moore
2cface3262 Merge "Add new appdomain for RKPD mainline app" am: dcef71f890 am: 121ad0534e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2276971

Change-Id: I2f63a743771dd01b732a4bfe53e2de4ef856271c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-11-17 16:23:09 +00:00
Alessandra Loro
9fd568871e Disallow untrusted apps to read ro.debuggable and ro.secure 
ro.secure and ro.debuggable system properties are not intended
to be visible via Android SDK. This change blocks untrusted
apps from reading these properties.

Test: n/a  for cherry-pick
Ignore-AOSP-First: cherry-pick for tm-qpr-dev
Bug: 193912100
Change-Id: I40ac5d43da5778b5fa863b559c28e8d72961f831
Merged-In: I40ac5d43da5778b5fa863b559c28e8d72961f831
 2022-11-17 15:52:13 +00:00
Seth Moore
dcef71f890 Merge "Add new appdomain for RKPD mainline app" 2022-11-17 15:45:18 +00:00
Seth Moore
71fa94edae Add new appdomain for RKPD mainline app 
This app talks to the remote provisioning HALs, and therefore requires
access to the tee_device domain.

Bug: 254112668
Test: Manually verify rkpd can run and find remote provisioning hals
Change-Id: I876b0890f3d4e8956406d73e956084b99488ce56
 2022-11-16 12:55:31 -08:00
Chris Paulo
d22ef9a1ae system/sepolicy: Update prebuilts for adaptive haptics system prop am: 272f84ebb5 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/20469962

Change-Id: I45394ed8306e8654034bbcb201bde437bab2744d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-11-16 20:52:17 +00:00
Chris Paulo
272f84ebb5 system/sepolicy: Update prebuilts for adaptive haptics system prop 
Update prebuilts and api compat for the adaptive haptics restricted
system property.

Bug: 198239103
Test: Verified functionality
Ignore-AOSP-First: Prebuilts on top of aosp/2300027
Change-Id: I2e299053cc2ebdb5d69aa8d3551e602609daaeaf
Signed-off-by: Chris Paulo <chrispaulo@google.com>
 2022-11-16 17:12:30 +00:00
Chris Paulo
2a3c5cbca3 system/sepolicy: Add adaptive haptics system prop 
Add system prop for adaptive haptics feature

Bug: 198239103
Test: Verified functionality
Ignore-AOSP-First: Cherry pick of aosp/2300027
Change-Id: I67a8047d015e007d22cbd54bc4f9a2fea0527b49
Merged-In: I67a8047d015e007d22cbd54bc4f9a2fea0527b49
Merged-In: I5dd21700c9f64d08785855436c4c5eeb2e88a616
Signed-off-by: Chris Paulo <chrispaulo@google.com>
 2022-11-16 17:09:36 +00:00
Steven Moreland
4c6586817a sepolicy for SE HAL 
Bug: 205762050
Test: N/A
Change-Id: I76cd5ebc4d0e456a3e4f1aa22f5a932fb21f6a23
 2022-11-15 22:41:09 +00:00
Sandro
bcc04e69fc Move get_prop rules from public/domain.te to private/domain.te 
This way we can prevent private types (e.g., sdk_sandbox) from accessing
those properties.

Bug: 210811873
Test: m -j, boot device
Change-Id: Idbcc4928c8d0d433f819d8b114e84a5f09466ad0
 2022-11-15 17:05:11 +00:00
Deyao Ren
dfb3182725 allow com.android.vending to access vendor_apex_file 
Widevine is now in an APEX. com.android.vending tries to access widevine
apex, which results in a sepolicy error. Modifying sepolicy to allow
com.android.vending to access apex directory.

Bug: 247100406
Test: https://android-build.googleplex.com/builds/abtd/run/L54600000956675013
Change-Id: Ie73411dbe1c35027cb498c2cfa6847515a41d08a
 2022-11-15 13:28:49 +09:00
Pete Bentley
1ce5ed5d46 Update sepolicy prebuilts for PRNG seeder changes. 
Cherry-pick note: This contains the original AOSP change plus
an addition to private/compat/32.0/32.0.ignore.cil which
does not _appear_ to be required on AOSP and future releases
but is required for tm-dev.  If needed we can add this to
AOSP later.

Bug: 243933553
Test: m sepolicy_freeze_test
Change-Id: Idc011c66dfe71aa6c8dfdbc0b0377d2957571b83
Merged-In: Idc011c66dfe71aa6c8dfdbc0b0377d2957571b83
(cherry picked from commit 96268c6622)
(cherry picked from commit ff0cf6f2a8)
Merged-In: Idc011c66dfe71aa6c8dfdbc0b0377d2957571b83
 2022-11-15 01:50:27 +00:00
Pete Bentley
cf61e257a3 Add SEPolicy for PRNG seeder daemon. 
Manual testing protocol:
* Verify prng_seeder daemon is running and has the
  correct label (via ps -Z)
* Verify prng_seeder socket present and has correct
  label (via ls -Z)
* Verify no SELinux denials
* strace a libcrypto process and verify it reads seeding
  data from prng_seeder (e.g. strace bssl rand -hex 1024)
* strace seeder daemon to observe incoming connections
  (e.g. strace -f -p `pgrep prng_seeder`)
* Kill daemon, observe that init restarts it
* strace again and observe clients now seed from new instance

Bug: 243933553
Test: Manual - see above
Change-Id: I0a7e339115a2cf6b819730dcf5f8b189a339c57d
Merged-In: I0a7e339115a2cf6b819730dcf5f8b189a339c57d
(cherry picked from commit e6da3b80d1)
(cherry picked from commit efa9e1111a)
Merged-In: I0a7e339115a2cf6b819730dcf5f8b189a339c57d
 2022-11-15 01:50:22 +00:00
Seungjae Yoo
b43e1b1c19 Merge "Allow reading proc file in crosvm process for reading cpu/mem stat in VM" 2022-11-15 01:47:50 +00:00
Devin Moore
e714ba95ed Add sepolicy for new AIDL sensorservice 
Test: boot cuttlefish and check for avc denials
Bug: 205764765
Change-Id: Ie9d02b43250ca3c5f642b2d87d2a5b532a9b5195
 2022-11-14 17:26:24 +00:00
Treehugger Robot
bc37c334e5 Merge "Add adaptive haptics restricted system property" 2022-11-14 10:52:56 +00:00
Chris Paulo
ad2f883271 Add adaptive haptics restricted system property 
Create adaptive haptics system property to store adaptive haptics enable
state.

Bug: 198239103
Test: Verified system property usage
Change-Id: I5d4f0a5c8ec4a5b0ce18bc03a6d30879dd76d58b
Signed-off-by: Chris Paulo <chrispaulo@google.com>
 2022-11-14 09:20:56 +00:00
Seungjae Yoo
9f240f2d68 Allow reading proc file in crosvm process for reading cpu/mem stat in VM 
Bug: 257159905
Test: N/A
Change-Id: Ica4da2f7f29be2c4f3f9446040247bee36e42f1a
 2022-11-14 15:24:27 +09:00
Max Bires
37992dce8d Merge "Allow shell to call IRemotelyProvisionedComponent" 2022-11-12 00:20:34 +00:00
Etienne Ruffieux
3b39e92bd9 Add bluetooth_prop to system_server sepolicy. 
We need to be able to access Bluetooth sysprops from
BluetoothManagerService.

Bug: 217292806
Test: atest CtsBluetoothTestCases
Tag: #feature
Change-Id: Ia4d5d286ccf94f61bbc87e9063d22b8822806e5c
 2022-11-10 18:00:55 -08:00
Jeff Pu
1c92a1262e Merge "Add properties for virtual fingerprint HAL" 2022-11-10 23:29:29 +00:00
Sandeep Dhavale
d64fb55474 Merge "Fastboot AIDL Sepolicy changes" 2022-11-10 18:29:00 +00:00
Treehugger Robot
c041485773 Merge "Use CAP_SYS_RESOURCE instead of CAP_IPC_LOCK for crosvm" 2022-11-10 18:24:04 +00:00
David Brazdil
88f98d96da Use CAP_SYS_RESOURCE instead of CAP_IPC_LOCK for crosvm 
Instead of giving CAP_IPC_LOCK to crosvm, give virtualizationservice
CAP_SYS_RESOURCE so it can modify the rlimit_memlock of itself and its
children. This is done in preparation for running crosvm as a child
process of the requestor, in which case it will not have the option to
use CAP_IPC_LOCK anymore, but it also allows us to set an upper bound on
the amount of pinnable memory if necessary.

Bug: 204298056
Bug: 245727626
Test: atest MicrodroidTestApp
Change-Id: Ic7f161fe4232440a0dd9924d971f22fc053d973b
 2022-11-10 16:18:35 +00:00
Jeff Pu
be8ede8c35 Add properties for virtual fingerprint HAL 
Bug: 228638448
Test: N/A
Change-Id: I58bfe2dd7f359b00203a1d10351ccdc5001bb166
 2022-11-10 09:50:16 -05:00
Sandeep Dhavale
f0ea953e60 Fastboot AIDL Sepolicy changes 
Bug: 205760652
Test: Build & flash
Change-Id: I2709c5cc2ca859481aac6fecbc99fe30a52a668b
Signed-off-by: Sandeep Dhavale <dhavale@google.com>
 2022-11-09 22:21:27 +00:00
Max Bires
4d3dcd64d3 Allow shell to call IRemotelyProvisionedComponent 
This change gives the shell process the needed permissions to call the
rkp_factory_extraction_tool without also granting the ability to access
the KeyMint HAL service.

To run the tool from a shell accessible folder, push
rkp_factory_extraction_tool to /data/local/tmp with:

adb push out/target/product/<path/to/tool>/rkp_factory_extraction_tool \
/data/local/tmp

Test: the tool can be executed in SELinux enforcing mode
Change-Id: Idebebffa9bb405d527ab37c17030db3999efe3d1
 2022-11-09 12:42:28 -08:00
Lakshman Annadorai
4d277b7baa Revert "Add sepolicies for CPU HAL." 
This reverts commit f4ab6c9f3c.

Reason for revert: CPU HAL is no longer required because the CPU frequency sysfs files are stable Linux Kernel interfaces and could be read directly from the framework.

Change-Id: I8e992a72e59832801fc0d8087e51efb379d0398f
 2022-11-09 16:47:07 +00:00
Lakshman Annadorai
f4ab6c9f3c Add sepolicies for CPU HAL. 
Change-Id: Ia091bf8f597a25351b5ee33b2c2afc982f175d51
Test: Ran `m; emulator; adb logcat -b all -d > logcat.txt;`
      and verified CPU HAL is running without any sepolicy violation.
Bug: 252883241
 2022-11-04 18:13:00 +00:00
Sandro
080c579d47 Move get_prop rules from public/app.te to private/app.te 
This way we can prevent private types (e.g., sdk_sandbox) from accessing
those properties.

Bug: 210811873
Test: m -j, boot device
Change-Id: I55e3a4b76cabb6f47cee0972e6bad30565f0db7a
 2022-11-04 09:34:22 +00:00
Alfred Piccioni
8a909eb966 Merge "Add NTFS support in sepolicy." 2022-11-04 09:22:51 +00:00
Yi-yo Chiang
b888a092b5 Merge "remount: Allow 'shell' to run 'remount_exec' domain" 2022-11-04 04:44:00 +00:00
Treehugger Robot
63f8d969a9 Merge "sepolicy: Allow fd propagation from camera to display" 2022-11-03 23:12:43 +00:00
Alfred Piccioni
3e1dc57bf4 Add NTFS support in sepolicy. 
This CR, when paired with a functional NTFS implementation and the
corresponding vold updates, will allow NTFS USB drives to be mounted
on Android.

Bug: 254407246

Test: Extensive testing with NTFS USB drives.
Change-Id: I259882854ac40783f6d1cf511e8313b1d5a04eef
 2022-11-03 16:02:51 +01:00
Andrew Scull
2c818d9b32 Merge "Revert "Allow vendors to set remote_prov_prop properties"" 2022-11-01 13:11:03 +00:00
Treehugger Robot
7b988006d1 Merge "Allow system_server to measure fs-verity" 2022-11-01 08:58:34 +00:00
Yi-Yo Chiang
686d77913d remount: Allow 'shell' to run 'remount_exec' domain 
The domain of 'remount' used to be 'system_file', which is
read-executable by 'shell'. However when I submitted aosp/1878144, the
domain of 'remount' became 'remount_exec', and I forgot to allow
'shell' to read-execute the new 'remount_exec' domain.
This makes `adb remount` w/o root to produce sub-par error message:
  $ adb remount [-h]
  /system/bin/sh: remount: inaccessible or not found

Allow 'shell' to read-execute 'remount_exec', so that the user can get a
proper error message when not running as root, and help (-h) message can
be displayed:
  $ adb remount
  Not running as root. Try "adb root" first.
  $ adb remount -h
  Usage: remount ...

Bug: 241688845
Test: adb unroot && adb remount [-h]
Change-Id: I5c105eaffa7abddaf14a9d0120fd6b71749c7977
 2022-11-01 15:39:49 +08:00
Seigo Nonaka
2b4bcf73e0 Allow system_server to measure fs-verity 
Bug: 242892591
Test: atest GtsFontHostTestCases
Test: Manually verified the font files can be updated
Change-Id: Ic72fcca734dc7bd20352d760ec43002707e4c47d
 2022-11-01 16:21:20 +09:00
Syed Haq
ed5ecbbda2 sepolicy: Allow fd propagation from camera to display 
This is required to pass release fence FDs from camera to display

Test: Camera CTS
CRs-Fixed: 3184666
Bug: 234636443
Change-Id: I77884b37e254a9d56b8ec7b2e6dd71718f52d573
 2022-10-31 15:48:54 -07:00
Andrew Scull
edba76d514 Revert "Allow vendors to set remote_prov_prop properties" 
This reverts commit a87c7be419.

Reason for revert: I was mistaken and this isn't a property that the vendor should set, but the OEM should override from the product partition. That doesn't require sepolicy changes.

Bug: 256109167
Change-Id: Idebfb623dce960b2b595386ade1e4c4b92a6e402
 2022-10-31 18:27:29 +00:00
Katherine Lai
803f4e86c4 Add bluetooth disable enhanced SCO connection 
Bug: 255202220
Tag: #floss
Test: Manual
Change-Id: I79d8168e39e0e72335389ef5ba93e6c5ddf5a0af
 2022-10-31 17:52:52 +00:00
Andrew Scull
c347dc28fa Merge "Allow vendors to set remote_prov_prop properties" 2022-10-28 11:35:49 +00:00
Andrew Scull
a87c7be419 Allow vendors to set remote_prov_prop properties 
Vendors should be able to set the `remote_provisioning.tee.rkp_only` and
`remote_provisioning.strongbox.rkp_only` properties via
PRODUCT_VENDOR_PROPERTIES so grant `vendor_init` the permission to set
them.

The property wasn't able to use `system_vendor_config_prop()` as
`remote_prov_app` has tests which override the properties.

Bug: 256109167
Test: manual test setting the property from device.mk for cuttlefish
Change-Id: I174315b9c0b53929f6a11849efd20bf846f8ca29
 2022-10-28 10:07:54 +00:00
Treehugger Robot
e6a43ec4c9 Merge "Add selinux rules for android.hardware.usb.gadget.IUsbGadget AIDL migration" 2022-10-27 14:03:48 +00:00
Ricky Niu
fc1463c164 Add selinux rules for android.hardware.usb.gadget.IUsbGadget AIDL migration 
Covers the rules needed for the default AIDL implementation.

10-26 10:22:42.408   448   448 I auditd  : type=1400 audit(0.0:95): avc: denied { read } for comm="android.hardwar" name="interrupts" dev="proc" ino=4026531995 scontext=u:r:hal_usb_gadget_default:s0 tcontext=u:object_r:proc_interrupts:s0 tclass=file permissive=0

Bug: 218791946
Test: reboot and check if AIDL service is running.

Signed-off-by: Ricky Niu <rickyniu@google.com>
Change-Id: I8bdab3a682398f3c7e825a8894f45af2a9b6c199
 2022-10-27 15:42:56 +08:00
Thiébaud Weksteen
685cc43e62 Merge "Ignore access to /proc/zoneinfo for apps" 2022-10-26 22:52:22 +00:00
Thiébaud Weksteen
d601699002 Ignore access to /proc/zoneinfo for apps 
Similarly to /proc/vmstat, apps are not allowed to access this file.
Ignore the audit message, as this is the most reported denial in our
droidfood population.

Test: m selinux_policy
Change-Id: I88ed1aa1bfad33b462d971e739ca65791cb0227b
 2022-10-26 19:44:27 +11:00
Treehugger Robot
b65de6ed0a Merge "Add odm_service_contexts module" 2022-10-26 02:46:45 +00:00
Gabriel Biren
b7e21bcfe7 Merge "Add SeLinux policy for WiFi Vendor HAL AIDL service." 2022-10-25 17:03:10 +00:00
Henry Fang
0c3f615602 Merge "Allow CAS AIDL sample HAL" 2022-10-25 16:38:20 +00:00
Jiakai Zhang
1b89f6370a Merge "Update SELinux policy to allow artd to perform secondary dex compilation" 2022-10-25 13:12:16 +00:00
Treehugger Robot
6a80e5c6fd Merge "Allow priv apps to use virtualizationservice" 2022-10-25 09:04:08 +00:00
Wenhao Wang
e825ad2a62 Add sepolicy for background_install_control service 
The background_install_control service is going to detect
background installed apps and provide the list of such apps.

Bug: 244216300
Test: manual
Change-Id: I6500f29ee063da4a3bc18e109260de419dd39218
 2022-10-24 11:26:35 -07:00
Jiakai Zhang
2ffeca72a6 Update SELinux policy to allow artd to perform secondary dex compilation 
Secondary dex files are in app data directories. In order to perform
secondary dex compilation, artd needs permissions to:
- Read secondary dex files
- Create "oat" dir
- Create a reference profile in "oat" dir
- Rename the reference profile
- Delete the reference profile
- Read the current profile in "oat" dir
- Delete the current profile
- Create compilation artifacts in "oat" dir
- Rename compilation artifacts
- Delete compilation artifacts

Bug: 249984283
Test: -
  1. adb shell pm art optimize-package --secondary-dex -m speed-profile -f com.google.android.gms
  2. See no SELinux denial.
Change-Id: I19a0ea7895a54c67959b22085de27d1d0ccc1efc
 2022-10-24 16:07:01 +01:00
Alan Stokes
30608520bf Allow priv apps to use virtualizationservice 
And allow VS and crosvm access to privapp_data_file, to the same
extent as app_data_file.

Update some comments, move a neverallow to the bottom of the file with
the others.

Bug: 255286871
Test: Install demo app to system/priv-app, see it work without explicit grant.
Change-Id: Ic763c3fbfdfe9b7a7ee6f1fe76d2a74281b69f4f
 2022-10-24 15:33:02 +01:00
Inseob Kim
3bb2033eb1 Add odm_service_contexts module 
Bug: 240609481
Test: build and boot
Change-Id: I5412b4a190d30490cad1bf2b9de1afd16085eb26
 2022-10-24 20:41:45 +09:00
Gabriel Biren
e310ef8163 Add SeLinux policy for WiFi Vendor HAL AIDL service. 
Bug: 205044134
Test: Manual - reboot phone and check if AIDL
      service is running.
Change-Id: I242e6ef860d2defdb0ab0a3d649b2a4e3f0de5a6
 2022-10-19 16:34:56 +00:00
Treehugger Robot
4a5c2dee68 Merge "Add policies for new services HDMI and HDMICEC" 2022-10-19 02:58:03 +00:00
Hunsuk Choi
0c00096874 Merge "Add IRadioIms and IImsMedia context" 2022-10-17 06:13:01 +00:00
Rob Seymour
9833c60b35 Merge "Allow service managers access to apex data." 2022-10-14 18:04:46 +00:00
Hunsuk Choi
24abed20f5 Add IRadioIms and IImsMedia context 
Bug: 216387835
Test: build & flash
Change-Id: I7eb3a45e1b13ca702e6bab7e152c4b4722ceccdd
(cherry picked from commit 26a4cc08701586459e1042604a204f6485c27d08)
Merged-In: I7eb3a45e1b13ca702e6bab7e152c4b4722ceccdd
 2022-10-13 06:17:30 +00:00
Shraddha Basantwani
bacf949002 Allow CAS AIDL sample HAL 
Bug: 230377377, 227673974
Test: manual
Change-Id: Ied6822d8114404b85dbed56ae4806de1bfb43e54
 2022-10-12 19:42:20 +05:30
Sandro Montanari
9a8980aed5 Merge "Add auditallow for system properties access from the sdk sandbox" 2022-10-12 09:27:01 +00:00
Steven Moreland
dda67f95f0 Merge "crosvm: socket getopt" 2022-10-11 23:57:52 +00:00
Sandro
d0553529bb Add auditallow for system properties access from the sdk sandbox 
We want to more closely monitor the system properties that the
sdk_sandbox has access to.

Bug: 210811873
Test: adb logcat | grep "r:sdk_sandbox"
Change-Id: I0d590374e931ca41d5451cd7c2de5b02fee619e9
 2022-10-11 15:21:08 +00:00
Steven Moreland
34f6b26719 crosvm: socket getopt 
Required in latest merge.

Bug: 250998415
Test: atest MicrodroidTestApp
Change-Id: I2888636bc5ed69c7908862cdb2ff48da37231a51
 2022-10-11 01:13:29 +00:00
Akilesh Kailash
1044702704 Supress permissive audit messages post OTA reboot 
For post-OTA boot, we run a userspace block device daemon to mount /system.
However if we let the daemon run while loading sepolicy, it would spam permissive audits.
Since sepolicy is still not enforced yet, we can supress these
audit messages.

Bug: 240321741
Test: Full OTA on pixel
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: I0af484f95b6a1deb41498d67de82afd3c6bb29b6
 2022-10-10 21:58:41 +00:00
Venkatarama Avadhani
38ff3b4115 Add policies for new services HDMI and HDMICEC 
Test: atest vts_treble_vintf_framework_test
      atest vts_treble_vintf_vendor_test
Change-Id: Ic2c0525368218e207be236d073a3fe736151c43f
 2022-10-10 15:40:42 +05:30
Peiyong Lin
33e03e09b4 Merge "Update SEPolicy for Thermal AIDL" 2022-10-07 04:00:17 +00:00
Keir Fraser
ad58b8d38a Allow virtualizationservice to create and manage socket files in its data folder 
...and crosvm to access a listener socket when passed to it by file
descriptor from virtualizationservice.

Bug: 235579465
Test: Start a VM
Change-Id: I7e89cfb4fb8a1ce845eaea64a33dbaad6bff9969
 2022-10-05 08:36:15 +00:00
Peiyong Lin
4a5d0f13c4 Update SEPolicy for Thermal AIDL 
Bug: b/205762943
Test: build and boot
Change-Id: I301b85dafbf8fbb1c4be388aa0291e22f4717c99
 2022-10-05 00:55:20 +00:00
Vikram Gaur
7bc1648f4a Merge "Add SELinux policies for remote_key_provisioning_native namespace." 2022-10-05 00:47:30 +00:00
Pete Bentley
ff0cf6f2a8 Update sepolicy prebuilts for PRNG seeder changes. 
Cherry-pick note: This contains the original AOSP change plus
an addition to private/compat/32.0/32.0.ignore.cil which
does not _appear_ to be required on AOSP and future releases
but is required for tm-dev.  If needed we can add this to
AOSP later.

Bug: 243933553
Test: m sepolicy_freeze_test
Change-Id: Idc011c66dfe71aa6c8dfdbc0b0377d2957571b83
Merged-In: Idc011c66dfe71aa6c8dfdbc0b0377d2957571b83
(cherry picked from commit 96268c6622)
 2022-10-04 15:02:53 +01:00
Steven Moreland
07c5387324 Merge "hidl2aidl: sepolicy changes for confirmationui aidl" 2022-10-03 19:10:31 +00:00
Florian Mayer
565653a0c4 Merge "[MTE] ignore mtectrl selinux error for device tree." 2022-10-03 16:23:19 +00:00
Pete Bentley
efa9e1111a Add SEPolicy for PRNG seeder daemon. 
Manual testing protocol:
* Verify prng_seeder daemon is running and has the
  correct label (via ps -Z)
* Verify prng_seeder socket present and has correct
  label (via ls -Z)
* Verify no SELinux denials
* strace a libcrypto process and verify it reads seeding
  data from prng_seeder (e.g. strace bssl rand -hex 1024)
* strace seeder daemon to observe incoming connections
  (e.g. strace -f -p `pgrep prng_seeder`)
* Kill daemon, observe that init restarts it
* strace again and observe clients now seed from new instance

Bug: 243933553
Test: Manual - see above
Change-Id: I0a7e339115a2cf6b819730dcf5f8b189a339c57d
Merged-In: I0a7e339115a2cf6b819730dcf5f8b189a339c57d
(cherry picked from commit e6da3b80d1)
 2022-09-30 17:26:22 +01:00
Florian Mayer
09f14e9c12 [MTE] ignore mtectrl selinux error for device tree. 
Bug: 245624194
Test: adb logcat | grep sysfs_dt_firmware_android
Change-Id: Ia51def3dcc27b6d91cc10733b741186b3bd460c5
 2022-09-29 22:53:58 +00:00
Vikram Gaur
e1c49f5524 Add SELinux policies for remote_key_provisioning_native namespace. 
We need to separate out the feature flags in use by remote key
provisioning daemon (RKPD). For this, I have set up a new namespace
remote_key_provisioning_native. This change adds the SELinux policies to
make sure appropriate permissions are present when accessing the feature
flag for read/write.

Change-Id: I9e73a623f847a058b6236dd0aa370a7f9a9e6da7
Test: TreeHugger
 2022-09-29 21:32:58 +00:00
Treehugger Robot
b44cb478d4 Merge "Grant appdomain remove_name permission on user_profile_data_file." 2022-09-29 11:46:41 +00:00
Jiakai Zhang
3c614b2ee1 Grant appdomain remove_name permission on user_profile_data_file. 
To prevent race condition on a profile, the app holds a flock when writing the profile, and profman needs to hold a flock to read it. This
is not ideal because either side can get blocked by the flock.

We want to avoid using flock and do it in a move-based way: instead of
mutating the profile in place, the app creates a temp file next to it,
works on the temp file, and replaces the original file after it's done
(or deletes the temp file if it fails).

To achieve that, the app needs the remove_name permission.

Bug: 249522285
Change-Id: I16f27e6a9c5c3a7ab2ab8e24d3ad0a20119e16db
Test: Presubmit
 2022-09-29 09:56:30 +00:00