Commit graph

13635 commits

Author SHA1 Message Date
Jeff Sharkey
ba89007178 Merge "Add exFAT support; unify behind "sdcard_type"." 2018-04-13 23:47:54 +00:00
Treehugger Robot
6b1ce73e1f Merge "tombstoned: allow unlinking anr files" 2018-04-13 23:31:27 +00:00
Treehugger Robot
9935689982 Merge "whitelist test failure that bypassed presubmit" 2018-04-13 23:06:19 +00:00
Jeff Vander Stoep
4c402df7e3 whitelist test failure that bypassed presubmit
avc: denied { read } for comm="batterystats-wo" name="show_stat" dev="sysfs"
scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs:s0 tclass=file

Bug: 77816522
Test: build
Change-Id: I50a9bfe1a9e4df9c84cf4b2b4aedbb8f82ac94cd
(cherry picked from commit 2ccd99a53a)
2018-04-13 14:36:11 -07:00
Suren Baghdasaryan
76384b3ee0 Selinux: Give lmkd read access to /proc/meminfo
Allow lmkd read access to /proc/meminfo for retrieving information
on memory state.

Change-Id: I7cf685813a5a49893c8f9a6ac4b5f6619f3c18aa
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
2018-04-13 21:35:52 +00:00
Jeff Vander Stoep
eb8f938fd4 tombstoned: allow unlinking anr files
Tombstoned unlinks "trace_XX" files if there are too many of them.

avc: denied { unlink } for comm="tombstoned" name="trace_12"
scontext=u:r:tombstoned:s0 tcontext=u:object_r:anr_data_file:s0
tclass=file

Bug: 77970585
Test: Build/boot taimen. adb root; sigquit an app.
Change-Id: I2c7cf81a837d82c4960c4c666b38cd910885d78d
2018-04-13 14:33:32 -07:00
Treehugger Robot
bf41ff48cf Merge "Allow some vold_prepare_subdirs denials." 2018-04-13 20:44:44 +00:00
Jeff Sharkey
000cafc701 Add exFAT support; unify behind "sdcard_type".
We're adding support for OEMs to ship exFAT, which behaves identical
to vfat.  Some rules have been manually enumerating labels related
to these "public" volumes, so unify them all behind "sdcard_type".

Test: atest
Bug: 67822822
Change-Id: I09157fd1fc666ec5d98082c6e2cefce7c8d3ae56
2018-04-13 14:08:10 -06:00
Chia-I Wu
9047a4de89 Make persist.sys.sf.native_mode an integer
This allows for more native modes.

Bug: 73824924
Test: adb shell setprop persist.sys.sf.native_mode 2
Change-Id: Iffdeadc8dc260de4b0c7f2b46aab08d64d25e3b1
2018-04-13 10:55:00 -07:00
Joel Galenson
fc870ce954 Allow some vold_prepare_subdirs denials.
This addresses the following denials:

avc: denied { fowner } for comm="rm" scontext=u:r:vold_prepare_subdirs:s0 tcontext=u:r:vold_prepare_subdirs:s0 tclass=capability
avc: denied { getattr } for comm="rm" scontext=u:r:vold_prepare_subdirs:s0 tcontext=u:object_r:storaged_data_file:s0 tclass=file
avc: denied { relabelfrom } for comm="vold_prepare_su" name="storaged" scontext=u:r:vold_prepare_subdirs:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir
avc: denied { getattr } for comm="rm" scontext=u:r:vold_prepare_subdirs:s0 tcontext=u:object_r:system_data_file:s0 tclass=file

Bug: 77875245
Test: Boot device.
Test: Mislabel directories used by vold_prepare_subdirs, reboot, and
ensure it can relabel them without denials.
Test: Add user, reboot, delete user, reboot, observe no denials.

(cherry picked from commit 855dd5a856)

Merged-In: Id67bc99f151a6ccb9619bbfb7080452956405121
Change-Id: I2f6b5abfaf81570d03a30f2edf7296b5afd10c9b
2018-04-13 09:47:58 -07:00
Tom Cherry
db465285cf Allow vendor_init to write to misc_block_device
Vendors may use this to write custom messages to their bootloader, and
as the bootloader is under vendor control, this makes sense to allow.

Bug: 77881566
Test: build
Change-Id: I78f80400e5f386cad1327a9209ee1afc8e334e56
2018-04-13 16:39:48 +00:00
Jaekyun Seok
224921d18a Whitelist vendor-init-settable bluetooth_prop and wifi_prop
Values of the following properties are set by SoC vendors on some
devices including Pixels.
- persist.bluetooth.a2dp_offload.cap
- persist.bluetooth.a2dp_offload.enable
- persist.vendor.bluetooth.a2dp_offload.enable
- ro.bt.bdaddr_path
- wlan.driver.status

So they should be whitelisted for compatibility.

Bug: 77633703
Test: succeeded building and tested with Pixels
Change-Id: Ib2b81bcc1fd70ddd571dc7fb2b923b576d62b7d5
2018-04-13 09:25:06 +09:00
Treehugger Robot
362f7d6bda Merge "Allow vendor-init-readable for sys.boot_completed and dev.bootcomplete" 2018-04-12 22:34:40 +00:00
Treehugger Robot
45c72ddfcf Merge "priv_app: remove more logspam" 2018-04-12 16:23:20 +00:00
Jaekyun Seok
c1384ba0d0 Allow vendor-init-readable for sys.boot_completed and dev.bootcomplete
Bug: 75987246
Test: succeeded builing and tested with taimen
Change-Id: I2d8bc91c305e665ed9c69459e51204117afb3eee
Merged-In: I2d8bc91c305e665ed9c69459e51204117afb3eee
(cherry picked from commit ac2e4cce71)
2018-04-12 05:28:09 +00:00
Treehugger Robot
e0163411f8 Merge "hal_tetheroffload: move hwservice mapping to core policy" 2018-04-12 00:34:22 +00:00
Jeff Vander Stoep
c41f5b8465 hal_tetheroffload: move hwservice mapping to core policy
Addresses:
avc: denied { find } for
interface=android.hardware.tetheroffload.config::IOffloadConfig
scontext=u:r:system_server:s0
tcontext=u:object_r:default_android_hwservice:s0
tclass=hwservice_manager

Bug: 77855688
Test: build/boot Sailfish, turn on tethering, no selinux denial
Change-Id: I97cae0928b5311a4da41d19cbd5c863c3137a49f
(cherry picked from commit 3a346ea732)
2018-04-11 15:03:13 -07:00
Treehugger Robot
45b4704e01 Merge changes If2413c30,Ic5d7c961
* changes:
  Suppress spurious denial
  Suppress spurious denial
2018-04-11 21:51:37 +00:00
Jeff Vander Stoep
7e5ec2bc3d Suppress spurious denial
Addresses:
avc: denied { sys_resource } scontext=u:r:zygote:s0
tcontext=u:r:zygote:s0 tclass=capability

Bug: 77905989
Test: build and flash taimen-userdebug
Change-Id: If2413c3005df02a70661464d695211acbcda4094
(cherry picked from commit 816e744d998cb327fbd20f3124b22398bea2b8e4)
2018-04-11 12:20:32 -07:00
Jeff Vander Stoep
f7a7f7d138 Suppress spurious denial
Addresses:
avc: denied { sys_resource } for comm="ip6tables" capability=24
scontext=u:r:netutils_wrapper:s0 tcontext=u:r:netutils_wrapper:s0
tclass=capability

Bug: 77905989
Test: build and flash taimen-userdebug
Change-Id: Ic5d7c96152b96b55255eeec00b19948f38c1923c
(cherry picked from commit 443a43c981)
2018-04-11 12:19:46 -07:00
Treehugger Robot
be79c7b223 Merge "Add internal types to 27.0[.ignore].cil." 2018-04-11 00:44:44 +00:00
Treehugger Robot
6cdc9a820d Merge "Hide sys_rawio SELinux denials." 2018-04-10 23:41:21 +00:00
Jeff Vander Stoep
9dc1d5381f priv_app: remove more logspam
avc: denied { read } for name="ext4" dev="sysfs" ino=32709
scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:sysfs:s0
tclass=dir permissive=0 b/72749888
avc: denied { read } for name="state" dev="sysfs" ino=51318
scontext=u:r:priv_app:s0:c512,c768
tcontext=u:object_r:sysfs_android_usb:s0 tclass=file permissive=0
b/72749888

Bug: 72749888
Test: build/boot taimen-userdebug. No more logspam
Change-Id: Ic43d1c8b71e1e5e0e6f9af1e03816c4084120e7e
Merged-In: Ic43d1c8b71e1e5e0e6f9af1e03816c4084120e7e
(cherry picked from commit 558cdf1e99)
2018-04-11 08:20:36 +09:00
Treehugger Robot
354a253077 Merge "Widen crash_dump dontaudit." 2018-04-10 23:14:42 +00:00
Tri Vo
fad493bff9 Add internal types to 27.0[.ignore].cil.
Bug: 69390067
Test: manual run of treble_sepolicy_tests
Change-Id: I1b772a3f7c96875765c75bfc1031f249411c3338
Merged-In: I1b772a3f7c96875765c75bfc1031f249411c3338
(cherry picked from commit 9fbd65200d)
2018-04-11 08:02:06 +09:00
Joel Galenson
bf4afae140 Hide sys_rawio SELinux denials.
We often see the following denials:

avc: denied { sys_rawio } for comm="update_engine" capability=17 scontext=u:r:update_engine:s0 tcontext=u:r:update_engine:s0 tclass=capability permissive=0
avc: denied { sys_rawio } for comm="boot@1.0-servic" capability=17 scontext=u:r:hal_bootctl_default:s0 tcontext=u:r:hal_bootctl_default:s0 tclass=capability permissive=0

These are benign, so we are hiding them.

Bug: 37778617
Test: Boot device.
Change-Id: Iac196653933d79aa9cdeef7670076f0efc97b44a
2018-04-10 14:23:25 -07:00
Florian Mayer
589226dff9 Merge "Expose filesystem read events in SELinux policy." 2018-04-10 21:04:50 +00:00
Florian Mayer
7ad383f181 Expose filesystem read events in SELinux policy.
Without this, we only have visibility into writes.

Looking at traces, we realised for many of the files we care about (.dex, .apk)
most filesystem events are actually reads.

See aosp/661782 for matching filesystem permission change.

Bug: 73625480

Change-Id: I6ec71d82fad8f4679c7b7d38e3cb90aff0b9e298
2018-04-10 18:44:20 +01:00
Joel Galenson
a3b3bdbb2f Widen crash_dump dontaudit.
We have seen crash_dump denials for radio_data_file,
shared_relro_file, shell_data_file, and vendor_app_file.  This commit
widens an existing dontaudit to include them as well as others that we
might see.

Test: Boot device.
Change-Id: I9ad2a2dafa8e73b13c08d0cc6886274a7c0e3bac
2018-04-10 09:55:11 -07:00
Max Bires
5cac1aa99c Adding labeling for vendor security patch prop
This will allow adb shell getprop ro.vendor.build.security_patch to
properly return the correct build property, whereas previously it was
offlimits due to lack of label.

Test: adb shell getprop ro.vendor.build.security_patch successfully
returns whatever VENDOR_SECURITY_PATCH is defined to be in the Android
.mk files

Change-Id: Ie8427738125fc7f909ad8d51e4b76558f5544d49
2018-04-09 15:34:42 -07:00
Treehugger Robot
d4dd2f5710 Merge "hal_health: allow to write kernel logs." 2018-04-09 20:33:12 +00:00
Alan Stokes
12e73685b7 Revert "Add /sys/kernel/memory_state_time to sysfs_power."
This reverts commit db83323a03.

Reason for revert: breaks some builds due to duplicate genfs entries

Change-Id: I47813bd84ff10074a32cf483501a9337f556e92a
2018-04-09 18:02:53 +00:00
Treehugger Robot
dceea5023c Merge "Add shell:fifo_file permission for audioserver" 2018-04-09 17:54:42 +00:00
Alan Stokes
cd61bc19ec Merge "Add /sys/kernel/memory_state_time to sysfs_power." 2018-04-09 16:29:30 +00:00
Alan Stokes
06bac37f51 Installd doesn't need to create cgroup files.
cgroupfs doesn't allow files to be created, so this can't be needed.

Also remove redundant neverallow and dontaudit rules. These are now
more broadly handled by domain.te.

Bug: 74182216

Test: Denials remain silenced.

Change-Id: If7eb0e59f567695d987272a2fd36dbc251516e9f

(cherry picked from commit 8e8c109350)
2018-04-09 13:49:13 +01:00
Alan Stokes
db83323a03 Add /sys/kernel/memory_state_time to sysfs_power.
This allows system_server to access it for determining battery stats
(see KernelMemoryBandwidthStats.java).

batterystats-wo: type=1400 audit(0.0:429): avc: denied { read } for name="show_stat" dev="sysfs" ino=48071 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

Bug: 72643420
Bug: 73947096

Test: Denial is no longer present.
Change-Id: Ibe46aee48eb3f78fa5a9d1f36602c082c33036f7

(cherry picked from commit a8b3634d3e)
2018-04-09 10:28:56 +01:00
Mikhail Naganov
05e12dba34 Add shell:fifo_file permission for audioserver
Bug: 73405145
Test: cts-tradefed run cts -m CtsMediaTestCases -t android.media.cts.AudioRecordTest#testRecordNoDataForIdleUids
Change-Id: I09bdb74c9ecc317ea090643635ca26165efa423a
(cherry picked from commit c5815891f8)
Merged-In: I09bdb74c9ecc317ea090643635ca26165efa423a
2018-04-06 15:18:22 -07:00
Yifan Hong
5ef48cf831 hal_health: allow to write kernel logs.
This is originally allowed in healthd but the permission
was not transfered to health HAL. A typical health HAL
implementation is likely to write battery info to kernel
logs.

Test: device has battery kernel logs with health HAL
      but without healthd

Bug: 77661605

Change-Id: Ib3b5d3fe6bdb3df2a240c85f9d27b863153805d2
2018-04-06 10:24:48 -07:00
Florian Mayer
ff146962b2 Grant traced_probes search on directories.
This is needed to be able to scan the labels we have
permission on.

Denial:

04-06 12:52:22.674   874   874 W traced_probes: type=1400 audit(0.0:10314): avc: denied { search } for name="backup" dev="sda45" ino=6422529 scontext=u:r:traced_probes:s0 tcontext=u:object_r:backup_data_file:s0 tclass=dir permissive=0

Bug: 73625480
2018-04-06 12:51:41 +00:00
Treehugger Robot
04529dc669 Merge "Track storaged SELinux denial." 2018-04-05 23:12:04 +00:00
Joel Galenson
c6b5a96bb6 Track storaged SELinux denial.
This should help fix presubmit tests.

Bug: 77634061
Test: Built policy.
Change-Id: Ib9f15c93b71c2b67f25d4c9f949a5e2b3ce93b9c
2018-04-05 10:39:03 -07:00
Jong Wook Kim
c9dd7149a2 Merge "Wifi HAL SIOCSIFHWADDR sepolicy" 2018-04-05 10:05:29 +00:00
Jeff Vander Stoep
f3220aa6b9 Remove direct qtaguid access from platform/system apps
System components should use the public tagSocket() API, not direct
file access to /proc/net/xt_qtaguid/* and /dev/xt_qtaguid.

Test: build/boot taimen-userdebug. Use youtube, browse chrome,
    navigate maps on both cellular and wifi.
Bug: 68774956

Change-Id: Id895395de100d8f9a09886aceb0d6061fef832ef
2018-04-04 20:26:56 +00:00
Jeff Vander Stoep
9d28625fc4 shell: move shell qtaguid perms to shell.te
Remove unecessary access to /proc/net/xt_qtaguid/ctrl and
/dev/xt_qtaguid.

Bug: 68774956
Test: atest CtsNativeNetTestCases
Test: adb root; atest tagSocket
Change-Id: If3a1e823be0e342faefff28ecd878189c68a8e92
2018-04-04 20:26:18 +00:00
Kweku Adams
985db6d8dd Allowing incidentd to get stack traces from processes.
Bug: 72177715
Test: flash device and check incident output
Change-Id: I16c172caec235d985a6767642134fbd5e5c23912
2018-04-04 16:00:23 +00:00
Treehugger Robot
38a84cf8da Merge "Rename qtaguid_proc to conform to name conventions" 2018-04-04 02:26:56 +00:00
Treehugger Robot
c69cbe5590 Merge "Block SDK 28 app from using proc/net/xt_qtaguid" 2018-04-03 23:46:24 +00:00
Nathan Harold
252b015365 Allow getsockopt and setsockopt for Encap Sockets
Because applications should be able to set the receive
timeout on UDP encapsulation sockets, we need to allow
setsockopt(). getsockopt() is an obvious allowance as
well.

Bug: 68689438
Test: compilation
Merged-In: I2eaf72bcce5695f1aee7a95ec03111eca577651c
Change-Id: I2eaf72bcce5695f1aee7a95ec03111eca577651c
2018-04-03 21:52:14 +00:00
Jeff Vander Stoep
bdf2a9c417 Rename qtaguid_proc to conform to name conventions
Test: build
Bug: 68774956
Change-Id: I0f9fd87eb41e67e14f35e49eba13e3d1de745250
2018-04-03 14:47:38 -07:00
Chenbo Feng
c411ff70d3 Block SDK 28 app from using proc/net/xt_qtaguid
The file under /proc/net/xt_qtaguid is going away in future release.
Apps should use the provided public api instead of directly reading the
proc file. This change will block apps that based on SDK 28 or above to
directly read that file and we will delete that file after apps move
away from it.

Test: Flashed with master branch on marlin, verified phone boot, can
      browse web, watch youtube video, make phone call and use google
      map for navigation with wifi on and off.
      run cts -m CtsNetTestCases -t android.net.cts.TrafficStatsTest
      run cts -m CtsAppSecurityHostTestCases -t \
      		android.appsecurity.cts.AppSecurityTests

Change-Id: I4c4d6c9ab28b426acef23db53f171de8f20be1dc
(cherry picked from commit 5ec8f8432b)
2018-04-03 14:41:41 -07:00