Commit graph

47467 commits

Author SHA1 Message Date
David Drysdale
3242c6a271 Allow virtualizationserver->ISecretkeeper
Test: build and run in CF, see connection
Change-Id: I2d6f0c3836c4de061a456039ded899b4d3a3e7f5
2024-02-19 15:29:33 +00:00
Treehugger Robot
8dae0dd2db Merge "Support multiple se_flags modules" into main am: f9f826fb30
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2963582

Change-Id: Ie6758c95131388b40c8731151529672e271dc430
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-19 05:01:22 +00:00
Treehugger Robot
f9f826fb30 Merge "Support multiple se_flags modules" into main 2024-02-19 04:30:04 +00:00
Jooyung Han
454fadc9bf Merge "Revert^2 "Relax neverallows for vendor to use /system/bin/sh"" into main am: 77b2a438fc
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2967262

Change-Id: Ifc691316b223ba8bf5ddb3f2a4fad43afb580fdb
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-19 02:12:48 +00:00
Jooyung Han
77b2a438fc Merge "Revert^2 "Relax neverallows for vendor to use /system/bin/sh"" into main 2024-02-19 02:03:06 +00:00
Inseob Kim
b42fd4cb3d Merge "label boot animations on oem with bootanim_oem_file" into main am: d1fada7e61
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2964524

Change-Id: I281fea83a7dc0144e7dc4383a61d7485688808f8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-19 01:51:41 +00:00
Inseob Kim
d1fada7e61 Merge "label boot animations on oem with bootanim_oem_file" into main 2024-02-19 01:21:00 +00:00
Jooyung Han
9a123be434 Revert^2 "Relax neverallows for vendor to use /system/bin/sh"
This reverts commit f77cf6780c.

Reason for revert: sepolicy change is still necessary. (won't break things)

Change-Id: If47218b39ac34c21f3e09d29a5e713b240c4f0a6
2024-02-16 11:06:40 +00:00
Jernej Virag
dd1b00fa71 Merge "Revert "Relax neverallows for vendor to use /system/bin/sh"" into main am: bbff9f5ea1
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2967124

Change-Id: I41a1e6a99a393eaada22f0df0ce0a86b90200d11
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-16 10:49:56 +00:00
Jernej Virag
bbff9f5ea1 Merge "Revert "Relax neverallows for vendor to use /system/bin/sh"" into main 2024-02-16 10:13:22 +00:00
Håkan Kvist
1f915b4b13 label boot animations on oem with bootanim_oem_file
Bootanimation only access boot animation files on oem. Label
these files with bootanim_oem_file and remove oemfs file allow rule.

Also allow mediaserver and app to read this new label as they can access
/oem/media folder.

Bug: 324437684
Test: Confirm that boot animation on oem is shown without violations
Change-Id: I940ccde9391a5daa920f31926d32e68b1de5b7eb
2024-02-16 11:08:30 +01:00
Joonhun Shin
f77cf6780c Revert "Relax neverallows for vendor to use /system/bin/sh"
Revert submission 2964802-sh_path

Reason for revert: <b/325569171>

Reverted changes: /q/submissionid:2964802-sh_path

Change-Id: I89e635e742d8f4f8a79afa1bb2646c7621705994
2024-02-16 09:22:42 +00:00
Jooyung Han
7f41c9d97c Merge "Relax neverallows for vendor to use /system/bin/sh" into main am: 0ae95839d3
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2964802

Change-Id: If2cb6ee085b393d62a4884b2c3959fbb2a0bb078
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-16 07:58:34 +00:00
Inseob Kim
bf7f4a4401 Support multiple se_flags modules
Instead of centralized one se_flags module under system/sepolicy,
additional se_flags modules can be defined anywhere to support defining
downstream branches' own flagging.

Bug: 321875465
Test: TH
Test: soong test
Change-Id: I6e45c859b7f09e27ba1d60033b0db1424472cb63
2024-02-16 16:14:40 +09:00
Jooyung Han
0ae95839d3 Merge "Relax neverallows for vendor to use /system/bin/sh" into main 2024-02-16 06:56:45 +00:00
Trevor David Black
db14b179d2 Add fifo_file read access to enable gpuservice within device cts am: 4105da26f9
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2966382

Change-Id: I71db3ebeccff51145f667a2315cc536df058d345
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-16 05:32:10 +00:00
Trevor David Black
4105da26f9 Add fifo_file read access to enable gpuservice within device cts
Bug: 299537644
Test: atest -c CtsGraphicsTestCases:VulkanFeaturesTest#testAndroidBaselineProfile2021Support
Change-Id: Iab5c4255f01317c197488158ef8cc63fcf0ebb3b
2024-02-15 22:21:30 +00:00
Mikhail Naganov
f5b07ca2a3 Merge "Add ro.audio.ihaladaptervendorextension_enabled property" into main am: ead55ce93a
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2964162

Change-Id: I623ddbc287c48ec0c7fad5b8f566ee1fc951f9f3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-15 17:47:17 +00:00
Mikhail Naganov
ead55ce93a Merge "Add ro.audio.ihaladaptervendorextension_enabled property" into main 2024-02-15 17:08:10 +00:00
Dennis Shen
7254b104f6 Merge "selinux setup for files under /metadata/aconfig dir" into main am: 537a704088
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2960462

Change-Id: I9e170a4fa7293aed2bf9d0818f6ba0c8d558b151
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-15 13:53:00 +00:00
Dennis Shen
537a704088 Merge "selinux setup for files under /metadata/aconfig dir" into main 2024-02-15 13:20:02 +00:00
Tej Singh
4ed39a7a6e Merge "stats_service: only disallow untrusted access" into main am: aebd92592a
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2962926

Change-Id: I8aa5df2f2472046ebc59a76df5bfc3c49a491476
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-15 09:20:12 +00:00
Tej Singh
aebd92592a Merge "stats_service: only disallow untrusted access" into main 2024-02-15 08:30:19 +00:00
Jooyung Han
f0ba322926 Relax neverallows for vendor to use /system/bin/sh
Since 202404, vendor components will use /system/bin/sh for system(3),
popen(3), etc.

Bug: 324142245
Test: system("readlink /proc/$$/exe") in vendor HALs
Change-Id: I521499678e87a7d0216a276e014888867f495803
2024-02-15 13:18:40 +09:00
Tej Singh
000b251c7d stats_service: only disallow untrusted access
Allow device-specific domains to access stats_service. All access must
be done over proper APIs (StatsManager, AStatsManager) instead of
accessing the AIDL interfaces directly.

Test: build
Bug: 318788254
Change-Id: I98ddc1900350daf755372be7249f25a462e3242d
2024-02-14 15:07:21 -08:00
Brandon Liu
dbf77ceff6 Merge "Revert "[res] Allow accessing idmap files in all zygotes"" into main am: 37c4c7c500
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2962104

Change-Id: I65b5d1e3048828d13cb63653c965ca54b5af0d3b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-14 21:37:09 +00:00
Brandon Liu
37c4c7c500 Merge "Revert "[res] Allow accessing idmap files in all zygotes"" into main 2024-02-14 20:49:22 +00:00
Mikhail Naganov
8b69e5fd48 Add ro.audio.ihaladaptervendorextension_enabled property
This property is used by libaudiohal@aidl to detect whether
the system_ext partition provides an instance of
IHalAdapterVendorExtension. This is a "system internal"
property because it belongs to `system_ext`.

Bug: 323989070
Test: atest audiorouting_test
Ignore-AOSP-First: coupled with Pixel change, will upstream
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:17406cd0a723cb89a03705709ec78d37b3d66042)
Merged-In: I81267da070958a70f2f3c4882718cac4600e3476
Change-Id: I81267da070958a70f2f3c4882718cac4600e3476
2024-02-14 18:53:37 +00:00
Dennis Shen
6c8210da20 selinux setup for files under /metadata/aconfig dir
1, /metadata/aconfig is the directory that stores aconfig storage
related protobuf files and flag value files boot copy. Grant read
access to everybody. But limit the write access only to init and
aconfig storage service process (to be created later)

2, /metadata/aconfig/flags is the sub directory that stores persistent
aconfig value files.Initially set it up to be accessible by
system_server process only . When aconfig storage service process is
created, will add another permission to storage service process.

Context to why we are hosting flag data on /metadata partition:

Android is adopting trunk stable workflow, flagging and A/B testing is
essential to every platform component. We need some place to host the
flag that are accessible to system processes that starts before /data
partition becomes available.

In addition, there has been a long discussion regarding utilizing
/metadata partition for some process data, another example is mainline
modules, we are trying to make them to be able to be mounted earlier,
but cannot due to /data availability.

Bug: 312444587
Test: m
Change-Id: I7e7dae5cf8c4268d71229c770af31b5e9f071428
2024-02-14 17:56:29 +00:00
Patrick Baumann
7ee66a0391 Revert "[res] Allow accessing idmap files in all zygotes"
This reverts commit 1195b5eb14.

Reason for revert: b/325161357

Change-Id: I7e6846791020938fb732311105e0f692c648a0f1
2024-02-14 16:24:59 +00:00
Changyeon Jo
31a94f218a [automerger skipped] [RESTRICT AUTOMERGE] Allow dumpstate to make binder IPC to automotive display service am: d16bdc461f -s ours am: 41f83574eb -s ours
am skip reason: skipped by inseob

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2960075

Change-Id: Icc415475c4be9d6024dfdfa02eb70e99760fd6ba
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-14 06:27:24 +00:00
Changyeon Jo
41f83574eb [automerger skipped] [RESTRICT AUTOMERGE] Allow dumpstate to make binder IPC to automotive display service am: d16bdc461f -s ours
am skip reason: skipped by inseob

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2960075

Change-Id: I44f8d2b6ad20f33521b363781a843a5aa1d5cfed
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-14 05:03:04 +00:00
Yurii Zubrytskyi
940443d4df [res] Allow accessing idmap files in all zygotes am: 1195b5eb14
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2962670

Change-Id: I7eb51708ceca8b3dafdaf9dd65c0595cf801f432
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-14 04:20:01 +00:00
Yurii Zubrytskyi
1195b5eb14 [res] Allow accessing idmap files in all zygotes
Resources now cache open idmap fds to speed up the up-to-date
checks, and this requires zygote processes to be able to access
them

Bug: 282215580
Test: atest android.text.cts.EmojiTest
Change-Id: I808be8a5d321a01193e7f76e316f5f64d4235753
2024-02-14 02:04:55 +00:00
Seungjae Yoo
ec2735ac6a Allow appdomain to read dir and files under vendor_microdroid_file am: 01c4f57431
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2960542

Change-Id: Idd6fae593bbe92fd7b15500aa0ce3c3ff1bb0013
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-14 01:31:41 +00:00
Inseob Kim
ee509ccd48 Merge changes from topic "revert-2954994-revert-2952245-vfrc_as_tot_sepolicy-AMFGMLDWQF-IIRWTIICIK" into main am: d88d8959a8
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2960346

Change-Id: Ifcee813c4dcbbe3ec133737e8532586e71a41f8e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-13 13:55:31 +00:00
Inseob Kim
ed15451e78 Revert^2 "Fix freeze test condition to board api" am: e28eb52f4e
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2960345

Change-Id: Ifbc4f013eea02d908efdce8666057391fc3fcf30
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-13 13:55:25 +00:00
Seungjae Yoo
01c4f57431 Allow appdomain to read dir and files under vendor_microdroid_file
For testing purpose, now we need to use microdroid vendor image for the
production due to vendor hashtree digest value comes from the
bootloader. In the past, we've used distinguished image file for testing
purpose, but we can't now.

Bug: 323768068
Test: atest MicrodroidTests#bootsWithVendorPartition
Test: atest MicrodroidBenchmarks#testMicrodroidDebugBootTime_withVendorPartition
Change-Id: Ic58e51466da0273cf27219d9228f33000e0ecb88
2024-02-13 05:44:15 +00:00
Changyeon Jo
d16bdc461f [RESTRICT AUTOMERGE] Allow dumpstate to make binder IPC to automotive display service
Bug: 280837170
Bug: 313360015
Test: atest android.security.cts.SELinuxHostTest#testNoBugreportDenials
Change-Id: I8239ba23bb60b95e7dd07a4c8a99167f1e08192b
(cherry picked from commit 152a2f1755)
2024-02-13 05:16:32 +00:00
Inseob Kim
d88d8959a8 Merge changes from topic "revert-2954994-revert-2952245-vfrc_as_tot_sepolicy-AMFGMLDWQF-IIRWTIICIK" into main
* changes:
  Revert^2 "Add 1000000.0 mapping file temporarily"
  Revert^2 "Fix freeze test condition to board api"
2024-02-13 04:02:36 +00:00
Inseob Kim
e28eb52f4e Revert^2 "Fix freeze test condition to board api"
f3fad1a66b

Change-Id: I19b36342de003a32a2c76fb513382f1b34cf5a7e
2024-02-13 02:19:48 +00:00
Inseob Kim
e41e95e0ea Revert^2 "Add 1000000.0 mapping file temporarily"
82126e9d77

Change-Id: Ia2ef237d9918532f24cd00688ae2bc15196123e9
2024-02-13 02:19:24 +00:00
Treehugger Robot
5ce39158f3 Merge "Add rules for Perfetto to be used from system_server" into main am: f80a830b32
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2958867

Change-Id: Ie3a299620a9aa99c92bde99bd27ea72fdade9a69
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-12 20:59:08 +00:00
Nate Myren
0980c27aef Merge "Remove mounton from app and web zygote" into main am: a8f2bbf7c2
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2947925

Change-Id: I4143393154c2850cd4891420d0dc0eddcca0e3ab
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-12 20:58:29 +00:00
Treehugger Robot
f80a830b32 Merge "Add rules for Perfetto to be used from system_server" into main 2024-02-12 20:51:16 +00:00
Nate Myren
a8f2bbf7c2 Merge "Remove mounton from app and web zygote" into main 2024-02-12 20:13:33 +00:00
Carmen Jackson
28b811df1c Add rules for Perfetto to be used from system_server
This includes rules for starting Perfetto as well as rules for
communicating over stdio between Perfetto and system_server.

Bug: 293957254
Test: Presubmit & tested in conjunction with internal change
Change-Id: I7e4c044a6a2afb48c33d65cc421e797d77aacc12
2024-02-12 18:33:32 +00:00
Carlos Galo
34b93f22b7 lmkd: Add ro.lmkd.direct_reclaim_threshold_ms property policies
Add policies to control ro.lmkd.direct_reclaim_threshold_ms lmkd property.

Test: m
Bug: 244232958
Change-Id: Ic2438a17569ef12925c45ee2f15a05449c77f205
Signed-off-by: Carlos Galo <carlosgalo@google.com>
2024-02-12 09:37:00 -08:00
Yisroel Forta
f86fab0d6d Merge "SELinux permissions for ProfilingService" into main am: e510cb8696
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2955343

Change-Id: Id393a7cdbcbb82d767b2457c33daf2c96c5bead7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-12 14:51:42 +00:00
Yisroel Forta
e510cb8696 Merge "SELinux permissions for ProfilingService" into main 2024-02-12 14:22:31 +00:00