Commit graph

33816 commits

Author SHA1 Message Date
Robert Shih
bf4d7522d7 Allow dumpstate to call dump() on drm hals
Bug: 220996660
Test: adb bugreport
Change-Id: I222c5e845d481dd9f3dcf796d50ca91c6174a023
2022-02-25 06:07:53 +00:00
Daniele Di Proietto
6872b1db69 Silence error when traced_probes invokes atrace with pipes
perfetto traced_probes executes atrace with a pipe for stdout/stderr.
That aleady works because atrace can `write` onto traced_probes's pipes.

Now traced_probes needs to invoke atrace at boot time. This revealed a
problem (I'm pretty sure it was an existing problem and it was
completely harmless):

```
02-23 22:00:41.951   605   605 I auditd  : type=1400 audit(0.0:94): avc:
denied { getattr } for comm="atrace" path="pipe:[17964]" dev="pipefs"
ino=17964 scontext=u:r:atrace:s0 tcontext=u:r:traced_probes:s0
tclass=fifo_file permissive=0
```

atrace doesn't just need `write` permissions on its
stdout/stderr pipes, it also needs `getattr` permissions (probably
because of [this][1]?)

[1]: https://cs.android.com/android/platform/superproject/+/master:bionic/libc/bionic/libc_init_common.cpp;l=156;drc=7a2386bf89f9bfd4e53eba9304e4239b3fdf0d06)
Bug: 219393750
Change-Id: I53b0f60cdd763863c834a883fbb77664e528dd15
2022-02-24 13:14:04 +00:00
Alan Stokes
23161e51cc Allow piping console output to clients
Any virtualization service client should be able to use a pipe for the
VM log fds.

We previously had some support for this in crosvm (but appdomain is
the wrong label), but not for virtualizationservice. Instead I've
centralised it in the virtualizationservice_use macro so it applies to
exactly those things that can start a VM.

I've removed read permission from crosvm; it doesn't seem to be
needed, and logically it shouldn't be.

Test: Patch in https://r.android.com/1997004, see no denials
Change-Id: Ia9cff469c552dd297ed02932e9e91a5a8cc2c13f
2022-02-23 17:28:49 +00:00
Treehugger Robot
275836a9af Merge "Dontaudit property access by odrefresh in the VM" 2022-02-23 12:07:45 +00:00
Treehugger Robot
383b946787 Merge "Remove now-unused permissions" 2022-02-23 11:23:25 +00:00
Victor Hsieh
e2156d071e Dontaudit property access by odrefresh in the VM
Bug: 210030607
Test: composd_cmd test-compile, no more denials in vm.log
Change-Id: I728398f812680354b813d03e0d23eecca330c47e
2022-02-22 23:10:04 +00:00
Treehugger Robot
5beaf4adfb Merge "Allow hal_graphics_composer to write to a pipe We would like SurfaceFlinger to be able to create a pipe and provide the write-end to the graphics composer to dump debug info for dumpsys. Bug: 220171623 Test: atest VtsHalGraphicsComposer3_TargetTest Test: adb shell dumpsys SurfaceFlinger Test: adb shell dumpsys android.hardware.graphics.composer3.IComposer/default" 2022-02-22 18:05:24 +00:00
Alan Stokes
0c5449b193 Remove now-unused permissions
CompOS no longer talks directly to DICE (compos_key_helper does). odsign
no longer promotes or deletes instance CompOS files, and the key files
don't exist any more.

Bug: 218494522
Test: Manual; trigger compilation, reboot & watch odsign
Change-Id: Ibc251180122e6e4789b4be5669da3da67517b49c
2022-02-22 17:40:05 +00:00
Treehugger Robot
ffad0ee0e1 Merge "Add ro.lmk.stall_limit_critical property policies" 2022-02-22 09:41:27 +00:00
Anton Kulakov
dc4332b32b Add file contexts for AdServices APEX
Test: Build
Bug: 220336612
Change-Id: Iab64d228a5edcd3a9f71b59c5adf3a9460cd1947
2022-02-21 09:55:07 +00:00
Ady Abraham
3f045e296e Allow hal_graphics_composer to write to a pipe
We would like SurfaceFlinger to be able to create a pipe and provide
the write-end to the graphics composer to dump debug info for dumpsys.
    
 Bug: 220171623
 Test: atest VtsHalGraphicsComposer3_TargetTest
 Test: adb shell dumpsys SurfaceFlinger
 Test: adb shell dumpsys android.hardware.graphics.composer3.IComposer/default

Change-Id: Ie2cbe76fb0d224235a8ea99f68a20e2139e1cc56
2022-02-19 01:09:41 +00:00
Suren Baghdasaryan
e121dc5ae2 Add ro.lmk.stall_limit_critical property policies
Add policies to control ro.lmk.stall_limit_critical lmkd property.

Bug: 205182133
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: Ie5e68dc358c1657501cb59afaba0385697210ccf
2022-02-18 13:39:28 -08:00
Yabin Cui
2f2ff42a24 Merge "profcollectd: allow to request wakelock from system_suspend." 2022-02-18 16:16:01 +00:00
Treehugger Robot
c9ab4a420c Merge "SELinux issues:" 2022-02-18 09:42:04 +00:00
Treehugger Robot
5273f3a486 Merge "Modify sepolicy for compos key changes" 2022-02-18 09:03:30 +00:00
Shashwat Razdan
d581bd244d SELinux issues:
```
02-18 01:02:35.599     1     1 I auditd  : type=1107 audit(0.0:149): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=vendor.wlan.firmware.version pid=478 uid=1010 gid=1010 scontext=u:r:hal_wifi_default:s0 tcontext=u:object_r:vendor_default_prop:s0 tclass=property_service permissive=0'
02-18 01:02:35.599     1     1 I auditd  : type=1107 audit(0.0:150): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=vendor.wlan.driver.version pid=478 uid=1010 gid=1010 scontext=u:r:hal_wifi_default:s0 tcontext=u:object_r:vendor_default_prop:s0 tclass=property_service permissive=0'
```


Bug: 220258444
Change-Id: I5a99d1895d5ef9c5e784cf9e92c0c8847da21b58
Test: Presubmits
2022-02-18 07:38:19 +00:00
Yabin Cui
409d019f9b profcollectd: allow to request wakelock from system_suspend.
Bug: 219934028
Test: run profcollectd and
Test: dumpsys suspend_control_internal --wakelocks
Change-Id: I3cefb0139781a6d5cf32507871f0f7f2b8306614
2022-02-17 10:20:08 -08:00
Treehugger Robot
92ec679578 Merge "Remove needless bootloader_prop rule" 2022-02-17 15:51:31 +00:00
Treehugger Robot
bbb21324b1 Merge "Let the DICE HAL getattr the device node" 2022-02-17 14:15:43 +00:00
Andrew Scull
9738638c03 Let the DICE HAL getattr the device node
Make sure all the permissions are granted to let the HAL do its work
properly.

Bug: 214231981
Test: atest MicrodroidTestApp
Change-Id: I54c633b8163ea313c87856fb0513074a76ac86a1
2022-02-17 12:35:22 +00:00
Alan Stokes
766caba5de Modify sepolicy for compos key changes
Add the compos_key_helper domain for the process which has access to
the signing key, make sure it can't be crashdumped. Also extend that
protection to diced & its HAL.

Rename compos_verify_key to compos_verify, because it doesn't verify
keys any more.

Move exec types used by Microdroid to file.te in the host rather than
their own dedicated files.

Bug: 218494522
Test: atest CompOsSigningHostTest CompOsDenialHostTest
Change-Id: I942667355d8ce29b3a9eb093e0b9c4f6ee0df6c1
2022-02-17 12:14:40 +00:00
Treehugger Robot
c1e11bbea5 Merge "dontaudit denial on the odex file of location provider." 2022-02-17 10:25:22 +00:00
Thiébaud Weksteen
b18abcdd51 Merge "Associate hal_service_type with all HAL services" 2022-02-17 04:28:09 +00:00
Treehugger Robot
8e6b55a13d Merge "Remove compat test from treble sepolicy tests" 2022-02-17 01:26:04 +00:00
Jiakai Zhang
bf58100685 dontaudit denial on the odex file of location provider.
Bug: 194054685
Test: Presubmits
Change-Id: Ia636f7b32251c3b8cb018fee9216e5968d4e95ff
2022-02-16 14:12:49 +00:00
Treehugger Robot
cb1e4682c8 Merge "Add ro.boot.microdroid.app_debuggable" 2022-02-16 11:56:04 +00:00
Andrew Scull
12bd3d9d2e Remove needless bootloader_prop rule
Bootloader properties are available to all domains so don't need special
policy rules for microdroid_manager.

Test: atest MicrodroidTests
Change-Id: I0ccf6b28467a47c0f3cf7715b9ff34d01e8ac970
2022-02-16 09:40:29 +00:00
Andrew Scull
b13117f3ba Add ro.boot.microdroid.app_debuggable
This property is set in the bootconfig to reflect the debuggability of
the payload app. It is consumed microdroid_manager as a DICE input and
by compos to make choices based on the debuggability, e.g. not doing
test builds in non-debug states.

Bug: 219740340
Test: atest ComposHostTestCases
Test: atest MicrodroidTests
Change-Id: If84710f1fdbab957f5d19ce6ba3daad7e3e65935
2022-02-16 09:40:27 +00:00
Treehugger Robot
8817edcbb4 Merge "Revert^2 "Migrate contexts tests to Android.bp"" 2022-02-16 04:23:47 +00:00
Inseob Kim
73f43ff847 Remove compat test from treble sepolicy tests
Treble sepolicy tests check whether previous versions are compatible to
ToT sepolicy or not. treble_sepolicy_tests_for_release.mk implements it,
but it also includes a compat test whether ToT sepolicy + {ver} mapping
+ {ver} plat_pub_versioned.cil can be built together or not. We
definitely need such tests, but we already have a test called "compat
test" which does exactly that, and testing it again with Treble sepolicy
tests is just redundant. The only difference between those two is that
Treble sepolicy tests can also test system_ext and product compat files,
which was contributed by a partner.

The ultimate goal here is to migrate *.mk to Soong, thus merging these
two tests (compat, Treble) into one. As we've already migrated the
compat test to Soong, this change removes the compat test part from
treble sepolicy tests. Instead, the compat test will be extended so it
can test system_ext and product compat files too.
prebuilts/api/{ver}/plat_pub_versioned.cil and
prebuilts/api/{ver}/vendor_sepolicy.cil are also removed as they aren't
used anymore: vendor_sepolicy.cil is an empty stub, and
plat_pub_versioned.cil can be built from the prebuilt source files.

Bug: 33691272
Test: m selinux_policy
Change-Id: I72f5ad0e8bbe6a7c0bbcc02f0f902b953df6ff1a
2022-02-16 04:09:29 +00:00
Inseob Kim
b5e235346e Revert^2 "Migrate contexts tests to Android.bp"
This reverts commit baa93cc651.

Reason for revert: amlogic build fixed

Change-Id: I8b046dc810d47a2d87012f02a668873889fce705
2022-02-16 02:26:11 +00:00
Thiébaud Weksteen
373cf3ba8e Associate hal_service_type with all HAL services
By default, HAL's services are not accessible by dumpstate. HIDL
implementations were silenced via a dontaudit on hwservice_manager. But
AIDL implementations will trigger a denial, unless authorized via
`dump_hal`. Mark all HAL services with a new attribute
`hal_service_type` so they can be ignored by dumpstate.

Test: m selinux_policy
Bug: 219172252
Change-Id: Ib484368fdeff814d4799792d57a238d6d6e965fd
2022-02-16 10:49:21 +11:00
Ramji Jiyani
ba8615a186 Merge "system_dlkm: sepolicy: add system_dlkm_file_type" 2022-02-11 18:36:04 +00:00
Daniel Norman
ea98866236 Merge "Expose the APEX multi-install props to non-root getprop." 2022-02-11 18:25:27 +00:00
Keith Mok
9984dcb28e Merge "Update SEPolicy apexd for API 32" 2022-02-11 05:03:20 +00:00
Ramji Jiyani
4a556890f9 system_dlkm: sepolicy: add system_dlkm_file_type
Add new attribute system_dlkm_file_type for
/system_dlkm partition files.

Bug: 218392646
Bug: 200082547
Test: TH
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
Change-Id: I193c3f1270f7a1b1259bc241def3fe51d77396f3
2022-02-11 04:19:33 +00:00
Treehugger Robot
47b3505fbf Merge "Add microdroid sepolicy test support" 2022-02-11 00:22:27 +00:00
Keith Mok
16c0a350c5 Update SEPolicy apexd for API 32
The bootchart problem need the selinux policy fix.
But it is missing API 32

Bug: 218729155
Test: Build
Change-Id: Ia011f8bcd52403980c2a6751bb612dd5b770e130
2022-02-11 00:20:17 +00:00
Florian Mayer
94782041d1 Merge "[MTE] Add property to specify default MTE mode for apps." 2022-02-10 23:38:23 +00:00
Treehugger Robot
f07e7c31a4 Merge "dmesgd: sepolicies" 2022-02-10 21:00:56 +00:00
Treehugger Robot
48f59f9ec2 Merge changes from topic "revert-1979386-revert-1967140-EVS_sepolicy_updates_T-MBLQTXKQEY-UVTCTRHQWF"
* changes:
  Revert^2 "Updates sepolicy for EVS HAL"
  Revert^2 "Adds a sepolicy for EVS manager service"
2022-02-10 20:50:42 +00:00
Kevin Jeon
25dfbfec14 Merge "Make Traceur seapp_context reflect platform status" 2022-02-10 19:09:45 +00:00
Kevin Jeon
9118e3a5ca Make Traceur seapp_context reflect platform status
Because Traceur is being signed with the platform key in aosp/1961100,
the platform seinfo identifier is being added to Traceur so that SELinux
will correctly identify it as a platform app.

Bug: 209476712
Test: - Checked that Traceur can still take normal and long traces on
        AOSP userdebug and internal user/userdebug.
      - Checked that the Traceur app is now located in /system/app/
	instead of /system/priv-app/.
Change-Id: Ibe7881d48798e3b71bb40e566fa8243cbb630b04
Merged-In: Ibe7881d48798e3b71bb40e566fa8243cbb630b04
2022-02-10 17:51:28 +00:00
Alexander Potapenko
0a64d100b8 dmesgd: sepolicies
dmesgd is a daemon that collects kernel memory error reports.

When system_server notices that a kernel error occured, it sets the
dmesgd.start system property to 1, which results in init starting
dmesgd.

Once that happens, dmesgd runs `dmesg` and parses its output to collect
the last error report. That report, together with the headers containing
device- and build-specific information is stored in Dropbox.

Empirically, dmesgd needs the following permissions:
- execute shell (for popen()) and toolbox (for dmesg),
  read system_log (for dmesg)
- read /proc/version (to generate headers)
- perform Binder calls to servicemanager and system_server,
  find dropbox_service (for dropbox)
- create files in /data/misc/dmesgd (to store persistent state)

Bug: 215095687
Test: run dmesgd on a user device with injected KFENCE bugs
Change-Id: Iff21a2ffd99fc31b89a58ac774299b5e922721ea
2022-02-10 17:42:52 +00:00
Changyeon Jo
eacb1095a8 Revert^2 "Updates sepolicy for EVS HAL"
418f41ad13

Bug: 216727303
Test: m -j selinux_policy on failed targets reported
      in b/218802298
Change-Id: Iec8fd2a1e9073bf3dc679e308407572a8fcf44d9
2022-02-10 17:21:54 +00:00
Changyeon Jo
8c12609bce Revert^2 "Adds a sepolicy for EVS manager service"
0137c98b90

Bug: 216727303
Test: m -j selinux_policy on failed targets reported
      in b/218802298
Change-Id: I2ae2fc85a4055f2cb7d19ff70b120e7b7ff0957d
2022-02-10 17:21:14 +00:00
Treehugger Robot
605715d665 Merge "Support legacy apexdata labels" 2022-02-10 11:44:11 +00:00
Mohammed Rashidy
7f1eaf1b45 Merge changes from topic "revert-1967140-EVS_sepolicy_updates_T-MBLQTXKQEY"
* changes:
  Revert "Adds a sepolicy for EVS manager service"
  Revert "Updates sepolicy for EVS HAL"
2022-02-10 11:38:40 +00:00
Mohammed Rashidy
0137c98b90 Revert "Adds a sepolicy for EVS manager service"
Revert submission 1967140-EVS_sepolicy_updates_T

Reason for revert: triggered revert due to breakage https://android-build.googleplex.com/builds/quarterdeck?branch=git_master&target=cf_x86_64_auto-userdebug&lkgb=8168894&lkbb=8168958&fkbb=8168947, bug b/218802298
Reverted Changes:
I730d56ab1:Allows hal_evs_default to read directories
I2df8e10f5:Updates sepolicy for EVS HAL
Ie6cb3e269:Adds a sepolicy for EVS manager service

Change-Id: I207c261bcf2c8498d937ab02c499bf709a5f1b15
2022-02-10 10:07:44 +00:00
Mohammed Rashidy
418f41ad13 Revert "Updates sepolicy for EVS HAL"
Revert submission 1967140-EVS_sepolicy_updates_T

Reason for revert: triggered revert due to breakage https://android-build.googleplex.com/builds/quarterdeck?branch=git_master&target=cf_x86_64_auto-userdebug&lkgb=8168894&lkbb=8168958&fkbb=8168947, bug b/218802298
Reverted Changes:
I730d56ab1:Allows hal_evs_default to read directories
I2df8e10f5:Updates sepolicy for EVS HAL
Ie6cb3e269:Adds a sepolicy for EVS manager service

Change-Id: I1cc37b0e56646db61bdb34cb209aefe7376c5a50
2022-02-10 10:07:44 +00:00