Commit graph

171 commits

Author SHA1 Message Date
Yu-Ting Tseng
43cae4ea24 Revert^2 "Update uprobestats SELinux policy"
This reverts commit 5e1d7f1c85.

Reason for revert: retry with a fix to the failed tests

Test: atest art_standalone_oatdump_tests
Change-Id: I28872c643ba4ec07ef41b1f9be86036c592a6e4e
2023-12-14 17:17:18 -08:00
Yu-Ting Tseng
5e1d7f1c85 Revert "Update uprobestats SELinux policy"
This reverts commit a87a13f16c.

Reason for revert: b/316386186

Change-Id: Ia39371ee9d96c1b1fdf71d67abc7765019c4f185
2023-12-14 19:50:49 +00:00
Yu-Ting Tseng
a87a13f16c Update uprobestats SELinux policy
The changes include
- allow binder calls to ActivityManager and NativePackageManager
- allow binder calls from system server
- allow writes of statsd atoms
- allow init to start uprobestats
- permission for uprobestats config files and propery
- allow execution of oatdump so it can look up code offsets
- allow scanning /proc.

Test: m selinux_policy
Change-Id: Id1864b7dac3a2c5dcd8736c4932778e36b658ce3
2023-12-13 16:49:23 -08:00
Andrea Zilio
32ab868eac Add pm.archiving.enabled system property
Test: Builds and starts up fine on acloud
Bug: 314160630
Change-Id: I1d90876979bcdb9416bb711f59678a0e640a3e89
2023-11-30 21:14:21 +00:00
Treehugger Robot
40552f0902 Merge "Allow shell to set persist.logd.audit.rate" into main 2023-11-21 08:56:43 +00:00
Jeongik Cha
6cb91a086e declare setupwizard_mode_prop as system_vendor_config_prop
1. declare setupwizard_mode_prop for ro.setupwizard.mode
2. that prop could be set during vendor_init, so changed prop type

Bug: 310208141
Test: boot and check if there is no sepolicy issue
Change-Id: I89246ab2c686db139cad48550b860d69a41106ff
2023-11-17 01:22:37 +09:00
Snild Dolkow
ef0f3692d7 Allow shell to set persist.logd.audit.rate
This can be useful, for both platform and app developers, when there
are lots of SELinux violations.

The property is only read by init, so no get_prop macros are needed.

Bug: 304313777
Test: set, `for x in $(seq 100); do ls /cache; done`, observe logs
Reference: Ib5352dcf3a85836ae5544c9feeb5222c97c50ecd
Change-Id: Ib23c008ed89e078a20ae136ba97e853f699e2050
2023-11-13 10:42:23 +01:00
Andy Yu
e2fb30d461 Add a new sysprops for toggling game default frame rate
Create a new system property for game default frame
rate. A toggle system setting UI will set
`persist.graphics.game_default_frame_rate.enabled`
via GameMangerService in system_server.

`persist.graphics.game_default_frame_rate.enabled` == 1:
    default frame rate enabled
`persist.graphics.game_default_frame_rate.enabled` == 0:
    default frame rate disabled

Bug: 286084594
Test: m, flash and boots properly on Raven
Change-Id: Iae7ebf39aad6c81475ef3d289d750a818fd4ef79
2023-10-23 15:05:24 -07:00
Dennis Shen
bb028e3e9a add next_boot_prop SELinux context to store staged sys prop
Bug: b/300111812
Change-Id: I02f1ba586fb6dfec90ae1ff6d4bb6518f294c5d7
Merged-In: I02f1ba586fb6dfec90ae1ff6d4bb6518f294c5d7
2023-10-12 16:12:30 +00:00
Dennis Shen
71f389016f Merge "Update SELinux to allow vendor process access" into main am: b7052688e3
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2746856

Change-Id: I2e20f23460e111cee6c9333480cc5b1644cef32a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-09-12 12:56:06 +00:00
Dennis Shen
584852eaa7 Update SELinux to allow vendor process access
Bug: b/298934058, b/295379636
Change-Id: I2521ae27a88d471263ba4bff69947b2ce28b4b4e
2023-09-11 14:30:29 +00:00
Jaewan Kim
2c1062e71d Label hypervisor test properties am: 4183cbb63c
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2733375

Change-Id: I7492da460a14a676a6fcb5c91d134791f94bb66e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-09-01 06:32:17 +00:00
Jaewan Kim
4183cbb63c Label hypervisor test properties
Bug: 298306391
Change-Id: I160101325989f58ef3403ec5be20895468c2ccbb
Test: TH, atest CustomPvmfwHostTestCases
2023-09-01 02:43:38 +00:00
Pawan Wagh
012b718b48 Merge "Adding ro.product.build.16k_page.enabled to property contexts" into main am: 2eb2d1c80b
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2729879

Change-Id: I555aa4008021ad69c0cda31090a1e90a0db2f417
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-09-01 01:32:55 +00:00
Pawan Wagh
60cc0b3a39 Adding ro.product.build.16k_page.enabled to property contexts
This property will be used to set 16k dev options on device.
This will be product specific property and will be added on
specific devices.

Test: m, booted device with PRODUCT_16K_DEVELOPER_OPTION ON/OFF and
verified option visibility.
Bug: 297922563

Change-Id: I2be5e7236eb8259ef6d5893e70712a5c89aaad52
2023-08-31 20:30:04 +00:00
Xin Li
e07dbe0a63 Merge Android U (ab/10368041)
Bug: 291102124
Merged-In: Id2cc5dbbafffb4633706e5cc728cb44abd417340
Change-Id: I77e68f17a1273958bcdc32b5a4b6a0ff3ffdfd2a
2023-08-23 17:20:59 -07:00
Dennis Shen
df3a1680d2 Update name from trunk_stable_flags to aconfig flags
the name "trunk stable" is not recommended to appear in android code
base as it is an internal concept. therefore the name change.

Bug: b/295379636
Change-Id: Ice045ac00e2d4987221cc6516baa0d013e6e0943
2023-08-16 19:10:13 +00:00
Dennis Shen
d32299780f Setup a common channel to trunk stable flags in system properties
This is a common root node for native trunk stable flags in system properties. Each flag in a namespace will appear in the sys prop as

persist.device_config.trunk_stable_flags.<namespace>.<flag>

Bug: b/295379636
Change-Id: I42e4a799781a9ced442cbdcbdb6b905446d72d73
2023-08-14 14:23:59 +00:00
Dennis Shen
3b8c57fb93 SELinux allow listing core_experiements_team_internal namespace
Bug: b/291771863
Change-Id: I788e4d5241d824dee249aa8c6d7cb5405c0fac37
2023-07-25 20:15:02 +00:00
Pontus Lidman
0af0e71062 Add SELinux config for new SensorFusion property
Add required SELinux configuration to support the sensor
configuration property:
sensors.aosp_low_power_sensor_fusion.maximum_rate

Test: use getprop to verify presence and readability
of the new property. dumpsys sensorservice to verify
sensor service is picking up the property value.

Change-Id: I96b8fd6ce72d7a5bf69b028802b329b03f261585
2023-07-21 00:42:24 +00:00
Alexander Roederer
e274770fa5 Merge "persist.sysui.notification.ranking_update_ashmem" am: 49b818497f am: b475d75b4d am: 1ebe668661
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2606135

Change-Id: Iea54b4c7fdab68226daa7851cd534b38fd4df75d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-06-08 03:01:00 +00:00
Alexander Roederer
584a862df6 persist.sysui.notification.ranking_update_ashmem
Adds persist.syui.notification.ranking_update_ashmem property and
associated permissions, which will be used to flag guard a change in
core/...NotificationRankingUpdate.java.

Permissions are limited in scope to avoid unnecessary access.
Apps may need to read the flag (because NotificationRankingUpdate.java
is a core library), but setting should only be possible internally (and
via debug shell).

Test: manual flash+adb setprop/getprop
Bug: 249848655
Change-Id: I661644893714661d8c8b5553c943fa17d08c000c
2023-06-07 22:31:00 +00:00
Motomu Utsumi
682b2421d1 Merge "Add sepolicy config for tethering_u_or_later_native namespace" into udc-dev 2023-06-02 10:22:00 +00:00
Motomu Utsumi
2473262434 Add sepolicy config for tethering_u_or_later_native namespace
Setup tethering_u_or_later_native namespace

Test: adb shell device_config put tethering_u_or_later_native test 1
Test: Read persist.device_config.tethering_u_or_later_native.test property
Test: from system server and Tethering.apk
Ignore-AOSP-First: topic has CL that updates DeviceConfig
Bug: 281944942
Change-Id: I2862974dc1a15f6768a34763bb9e2bad93eaf4ca
2023-06-01 00:34:59 +09:00
Jin Jeong
9bd3eedbef Revert "Add setupwizard_esim_prop to access ro.setupwizard.esim_cid_ignore"
This reverts commit 489abecf67.

Reason for revert: b/279988311 we rename the vendor.modem property so we don't need to add the new rules

Change-Id: I19d1da02baf8cc4b5182a3410111a0e78831d7f8
Merged-In: I0c2bfe55987949ad52f62e468c84df954f39a4ad
2023-05-15 10:43:05 +00:00
Jin Jeong
ec4fe33a6a Revert "Add setupwizard_esim_prop to access ro.setupwizard.esim_..."
Revert submission 22899490-euicc_selinux_fix

Reason for revert: b/279988311 we rename the vendor.modem property so we don't need to add the new rules

Reverted changes: /q/submissionid:22899490-euicc_selinux_fix

Change-Id: I0c2bfe55987949ad52f62e468c84df954f39a4ad
2023-05-12 04:17:35 +00:00
Jinyoung Jeong
489abecf67 Add setupwizard_esim_prop to access ro.setupwizard.esim_cid_ignore
bug: 279548423
Test:  http://fusion2/b7c803be-2dca-4195-b91f-6c4939746b5b, http://fusion2/bb76429b-7d84-4e14-b127-8458abb3e2ed
Change-Id: I4b190fca2f3825a09d27cfc74e8a528831f4f15b
Merged-In: I4b190fca2f3825a09d27cfc74e8a528831f4f15b
2023-05-02 01:24:23 +00:00
Jinyoung Jeong
fa95e8c591 Add setupwizard_esim_prop to access ro.setupwizard.esim_cid_ignore
bug: 279548423
Test:  http://fusion2/b7c803be-2dca-4195-b91f-6c4939746b5b, http://fusion2/bb76429b-7d84-4e14-b127-8458abb3e2ed
Ignore-AOSP-First: will merge in AOSP aosp/2571810
Change-Id: I4b190fca2f3825a09d27cfc74e8a528831f4f15b
2023-04-28 16:25:26 +00:00
Alexander Roederer
cf1ac9a714 Merge "Add persist.sysui.notification.builder_extras_ovrd" 2023-04-03 13:47:09 +00:00
Jiakai Zhang
22fb5c7d24 Allow system server to set dynamic ART properties.
This change gives a new type (dalvik_dynamic_config_prop) to some ART
properties such as dalvik.vm.dex2oat-cpu-set and adds a new rule to
allow system server to set them.

Bug: 274530433
Test: Locally added some code to set those properties and saw it being
  successfull.
Change-Id: Ie28602e9039b7647656594ce5c184d29778fa089
2023-03-31 11:46:05 +01:00
Alexander Roederer
829d974505 Add persist.sysui.notification.builder_extras_ovrd
Adds persist.sysui.notification.builder_extras_override property
and associated permissions, which will be used to flag guard
a change in core/...Notification.java.

Permissions are limited in scope to avoid unnecessary access.
Apps may need to read the flag (because Notification.java
is a core library), but setting should only be possible
internally (and via debug shell).

Test: manual flash+adb setprop/getprop
Bug: 169435530
Change-Id: I3f7e2220798d22c90f4326570732a52b0deeb54d
2023-03-29 16:35:39 +00:00
Tri Vo
0099ba37f3 Merge "Remove RemoteProvisioner and remoteprovisioning services" 2023-03-17 17:18:01 +00:00
Vikram Gaur
01390087b1 Add set property permissions to RKPD application.
Test: atest RkpdAppGoogleIntegrationTests
Change-Id: Ib1680319f7299b27aab2cc36cc917a8da35ec216
2023-03-16 18:05:10 +00:00
Tri Vo
4bb2d30701 Remove RemoteProvisioner and remoteprovisioning services
Bug: 273325840
Test: keystore2_test
Change-Id: I295ccdda5a3d87b568098fdf97b0ca5923e378bf
2023-03-14 15:45:35 -07:00
Seth Moore
d3bd68607e Allow shell to change RKP properties
This way, we can change things like the RKP hostname or enablement
from the shell for tests.

Bug: 265196434
Test: manual (adb shell setprop ...)
Change-Id: Ib853eaf29b395705eba57d241df064152220457e
2023-02-24 13:33:36 -08:00
Avichal Rakesh
e2cb0f2813 Prevent non-system apps from read ro.usb.uvc.enabled
ro.us.uvc.enabled should not be readable from apps that can't or
shouldn't act on UVC support. This means all non-system apps. This CL
adds an explicit neverallow rule to prevent all appdomains (except
system_app and device_as_webcam).

Bug: 242344221
Bug: 242344229
Test: Build passes, manually confirmed that non-system apps cannot
      access the property
Change-Id: I1a40c3c3cb10cebfc9ddb791a06f26fcc9342ed9
2023-02-02 12:26:33 -08:00
Avichal Rakesh
a12d3103be Add selinux permissions for ro.usb.uvc.enabled
This CL the selinux rules for the property ro.usb.uvc.enabled which will
be used to toggle UVC Gadget functionality on the Android Device.

Bug: 242344221
Bug: 242344229
Test: Manually tested that the property can only be read at runtime,
      not written to.
Change-Id: I0fd6051666d9554037acc68fa81226503f514a45
2023-01-31 11:17:50 -08:00
Seth Moore
7ed4c00496 Add remote_provisioning.hostname property
This property contains the server name for the remote provisioning
service, if any, used by the device.

Test: RkpdAppUnitTests
Change-Id: Iad7805fe6da1ce89a9311d5caf7c9c651af2d16d
2023-01-18 13:44:47 -08:00
Florian Mayer
152f832904 Allow system_server to set arm64 memtag property
Bug: 262763327
Bug: 244290023
Test: atest MtePolicyTest on user build
Test: manually with TestDPC
Change-Id: If1ed257fede6fa424604eed9775eb3a3b8365afe
2022-12-16 16:58:36 -08:00
Andrew Scull
edba76d514 Revert "Allow vendors to set remote_prov_prop properties"
This reverts commit a87c7be419.

Reason for revert: I was mistaken and this isn't a property that the vendor should set, but the OEM should override from the product partition. That doesn't require sepolicy changes.

Bug: 256109167
Change-Id: Idebfb623dce960b2b595386ade1e4c4b92a6e402
2022-10-31 18:27:29 +00:00
Andrew Scull
a87c7be419 Allow vendors to set remote_prov_prop properties
Vendors should be able to set the `remote_provisioning.tee.rkp_only` and
`remote_provisioning.strongbox.rkp_only` properties via
PRODUCT_VENDOR_PROPERTIES so grant `vendor_init` the permission to set
them.

The property wasn't able to use `system_vendor_config_prop()` as
`remote_prov_app` has tests which override the properties.

Bug: 256109167
Test: manual test setting the property from device.mk for cuttlefish
Change-Id: I174315b9c0b53929f6a11849efd20bf846f8ca29
2022-10-28 10:07:54 +00:00
Vikram Gaur
e1c49f5524 Add SELinux policies for remote_key_provisioning_native namespace.
We need to separate out the feature flags in use by remote key
provisioning daemon (RKPD). For this, I have set up a new namespace
remote_key_provisioning_native. This change adds the SELinux policies to
make sure appropriate permissions are present when accessing the feature
flag for read/write.

Change-Id: I9e73a623f847a058b6236dd0aa370a7f9a9e6da7
Test: TreeHugger
2022-09-29 21:32:58 +00:00
Neil Fuller
b9f8aad52c Merge changes I20b40cbe,Iac1bc330,I8d818342
* changes:
  Limit processes that can change settings sysprops
  Add new type for system settings metadata
  Reduce use of exported_system_prop
2022-09-27 23:01:26 +00:00
Neil Fuller
bbb00fa4cf Add new type for system settings metadata
Add a new selinux type for a system property used to hold metadata about
the time zone setting system property. Although system settings are
world readable, the associated metadata only needs to be readable by the
system server (currently).

Bug: 236612872
Test: treehugger
Change-Id: Iac1bc3301a049534ea5f69edf27cd85443e6a92e
2022-09-27 16:06:57 +00:00
Florian Mayer
51382a3af0 [MTE] allow mtectrl to sync state to property.
Bug: 245624194
Change-Id: If580f3e64a839ee409b58e80300b927f6898c894
2022-09-27 15:56:33 +00:00
Jiyong Park
c4f84bcb37 Don't let ro.log.file_logger.path to be set
ro.log.file_logger.path is a system property that liblog uses to
determine if file_logger should be used (instead of logd) and what file
the logs should be emitted to. It is primarily meant for non-Android
environment like Microdroid, and doesn't need to be set in Android. In
fact, setting it to a wrong value can break the system logging
functionality. This change prevents such a problem by assigning a
dedicated property context (log_file_logger_prop) to the property and
making it non-writable. (Note that it still has to be readable because
liblog reads it and liblog can be loaded in any process)

Bug: 222592894
Test: try to set ro.log.file_logger.path

Change-Id: Ic6b527327f5bd4ca70a58b6e45f7be382e093318
2022-09-18 23:39:41 +09:00
Suren Baghdasaryan
9fdb29826f Add policies for ro.kernel.watermark_scale_factor property
New ro.kernel.watermark_scale_factor property is used to store the
original value read from /proc/sys/vm/watermark_scale_factor before
extra_free_kbytes.sh changes it. The original value is necessary to
use the same reference point in case the script is invoked multiple
times. The property is set by init the first time script is invoked
and should never be changed afterwards.

Bug: 242837506
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I7760484854a41394a2efda9445cff8cb61587514
2022-09-08 19:35:34 +00:00
Jooyung Han
cae2368d2d Set apex. property as "system_restricted"
Since the property is supposed to be used by vendor-side .rc file as
read-only (especially by vendor apex), it should be "system_restricted".

Also allow vendor_init to read the property.

Bug: 232172382
Test: boot cuttlefish (with vendor apex using the property)
Change-Id: I502388e550e0a3c961a51af2e2cf11335a45b992
2022-09-02 18:11:33 +09:00
Jooyung Han
ba80cd59a7 Merge changes from topics "apex-ready-prop", "apex-update-prop"
* changes:
  Modifed sepolicy for new apex ready prop
  Remove init.apex.<apex-name>.load/unload property
2022-09-02 06:46:54 +00:00
Deyao Ren
7848d3a437 Modifed sepolicy for new apex ready prop
Bug: 232172382
Test: atest ApexTestCases
Change-Id: I2947b2c9b1d983bdbc410e67509508f73efff1f4
2022-09-01 22:20:10 +00:00