Commit graph

435 commits

Author SHA1 Message Date
Jeff Vander Stoep
f098071ac7 Remove references to nonplat sepolicy
"nonplat" was renamed to "vendor" in Android Pie, but was retained
here for Treble compatibility.

We're now outside of the compatbility window for these devices so
it can safely be removed.

Test: atest treble_sepolicy_tests
Change-Id: Iaa22af41a07b13adb7290f570db7a9d43b6e85cc
2021-11-05 15:07:57 +01:00
Alistair Delva
6092d633b0 Allow init to write to /proc/cpu/alignment
The root init.rc does "write /proc/cpu/alignment 4", but we don't
actually allow this write in core sepolicy. This seems to be a 32-bit
ARM only proc file.

Noticed when booting 32-bit ARM Cuttlefish.

Bug: 145371497
Change-Id: Ic099395708f7236bcc2fc5c561809a7e129786de
2021-11-01 10:17:26 -07:00
Bart Van Assche
4374a1fd83 Stop using the bdev_type and sysfs_block_type SELinux attributes
Stop using these SELinux attributes since the apexd and init SELinux
policies no longer rely on these attributes.

The difference between the previous versions of this patch and the
current patch is that the current patch does not remove any SELinux
attributes. See also
https://android-review.googlesource.com/c/platform/system/sepolicy/+/1850656.
See also
https://android-review.googlesource.com/c/platform/system/sepolicy/+/1862919.

This patch includes a revert of commit 8b2b951349 ("Restore permission
for shell to list /sys/class/block").  That commit is no longer necessary
since it was a bug fix for the introduction of the sysfs_block type.

Bug: 202520796
Test: source build/envsetup.sh && lunch aosp_x86_64 && m && launch_cvd
Change-Id: I73e1133af8146c154af95d4b96132e49dbec730c
Signed-off-by: Bart Van Assche <bvanassche@google.com>
2021-10-29 15:22:09 -07:00
Bart Van Assche
e3cfa9e1d3 Revert "Remove the bdev_type and sysfs_block_type SELinux attributes"
This reverts commit 63930d3850.

Reason for revert: Broken build (https://android-build.googleplex.com/builds/submitted/7863094/aosp_raven-userdebug/latest/view/logs/error.log)

Change-Id: I1742d69d471e9b00359a2e7e654aa752513990df
2021-10-28 18:03:49 +00:00
Bart Van Assche
63930d3850 Remove the bdev_type and sysfs_block_type SELinux attributes
Remove these SELinux attributes since the apexd and init SELinux policies
no longer rely on these attributes.

The only difference between a previous version of this patch and the
current patch is that the current patch moves these attributes to the
'compat' policy. See also
https://android-review.googlesource.com/c/platform/system/sepolicy/+/1850656.

This patch includes a revert of commit 8b2b951349 ("Restore permission
for shell to list /sys/class/block"). That commit is no longer necessary
since it was a bug fix for the introduction of the sysfs_block type.

Bug: 202520796
Test: source build/envsetup.sh && lunch aosp_x86_64 && m && launch_cvd && adb -e shell dmesg | grep avc
Change-Id: Id7d32a914e48bc74da63d87ce6a09f11e323c186
Signed-off-by: Bart Van Assche <bvanassche@google.com>
2021-10-25 16:26:07 -07:00
Michał Brzeziński
e8739ba23a Revert "Remove the bdev_type and sysfs_block_type SELinux attributes"
Revert "Remove the bdev_type and sysfs_block_type SELinux attributes"

Revert "Remove the bdev_type and sysfs_block_type SELinux attributes"

Revert submission 1850578-remove-selinux-bdev-type

Reason for revert: DroidMonitor-triggered revert due to breakage, bug b/203480787

BUG: 203480787

Reverted Changes:
I263bce9c4:Remove the bdev_type and sysfs_block_type SELinux ...
Ibc9039f96:Revert "Add the 'bdev_type' attribute to all block...
Ic6ae83576:Remove the bdev_type and sysfs_block_type SELinux ...
Ie493022a8:Remove the bdev_type and sysfs_block_type SELinux ...
I1f1ca439b:Revert "Add the 'bdev_type' attribute to all block...
I283f8676b:Revert "Add the 'bdev_type' attribute to all block...
I7c5c242c5:Revert "Add the 'bdev_type' attribute to all block...
Id78d8f7dc:Remove the bdev_type and sysfs_block_type SELinux ...
I9c4b2c48b:Remove the bdev_type and sysfs_block_type SELinux ...
I51e9d384a:Remove the bdev_type and sysfs_block_type SELinux ...
I2c414de3b:Remove the sysfs_block_type SELinux attribute

Change-Id: I55609803d530772d507d9dca8ba202a96daf24b7
2021-10-19 10:57:42 +00:00
Bart Van Assche
c50f66900f Remove the bdev_type and sysfs_block_type SELinux attributes
Remove these SELinux attributes since adding these attributes introduces
a depencency from vendor SELinux policies on the generic SELinux policy,
something that is not allowed. This patch includes a revert of commit
8b2b951349 ("Restore permission for shell to list /sys/class/block").
That commit is no longer necessary since it was a bug fix for the
introduction of the sysfs_block type.

Bug: 202520796
Test: source build/envsetup.sh && lunch aosp_x86_64 && m && launch_cvd
Change-Id: Ic6ae835768212648ca09fd5c83c39180103c3b1b
Signed-off-by: Bart Van Assche <bvanassche@google.com>
2021-10-18 11:37:09 -07:00
Bart Van Assche
27f77dc9b0 Grant apexd access the SELinux type sysfs_devices_block
Commit ec50aa5180 ("Allow the init and apexd processes to read all
block device properties") did not include the SELinux type
sysfs_devices_block although it should have included that SELinux
type. Fix this.

Bug: 194726804
Change-Id: Ia299a0a8b28160c634863e15ae66fae8f18a5efb
Signed-off-by: Bart Van Assche <bvanassche@google.com>
2021-09-23 09:52:11 -07:00
Suren Baghdasaryan
6988677f22 Allow init to execute extra_free_kbytes.sh script
extra_free_kbytes.sh is used by init to set /sys/vm/watermark_scale_factor
value. Allow init to execute extra_free_kbytes.sh and the script to access
/proc/sys/vm/watermark_scale_factor and /proc/sys/vm/extra_free_kbytes
files.

Bug: 109664768
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I55ec07e12a1cc5322cfdd4a48d0bdc607f45d832
2021-08-17 17:02:38 +00:00
Jiyong Park
11d2b1c5c9 Merge "Don't prevent crosvm from accessing vendor-owned VM disk images" 2021-08-10 01:34:08 +00:00
Bart Van Assche
ec50aa5180 Allow the init and apexd processes to read all block device properties
Addressing b/194450129 requires configuring the I/O scheduler and the
queue depth of loop devices. Doing this in a generic way requires
iterating over the block devices under /sys/class/block and also to
examine the properties of the boot device (/dev/sda). Hence this patch
that allows 'init' and 'apexd' to read the properties of all block
devices. The patch that configures the queue depth is available at
https://android-review.googlesource.com/c/platform/system/core/+/1783847.

Test: Built Android images, installed these on an Android device and verified that modified init and apexd processes do not trigger any SELinux complaints.
Change-Id: Icb62449fe0d21b3790198768a2bb8e808c7b968e
Signed-off-by: Bart Van Assche <bvanassche@google.com>
2021-08-09 13:46:41 -07:00
Jiyong Park
3fee5a43c1 Don't prevent crosvm from accessing vendor-owned VM disk images
There can be VM disk images that are specific to the underlying SoC.
e.g. in case where SoC-specific hardware is dedicated to a VM and the VM
needs drivers (or HALs) for the hardware.

Don't prevent crosvm from reading such a SoC-specific VM disk images.

Note that this doesn't actually allow crosvm to do that in AOSP. Such an
allow rule could be added in downstreams where such use cases exist.

Bug: 193605879
Test: m
Change-Id: If19c0b6adae4c91676b142324c2903879548a135
2021-08-09 11:13:54 +09:00
Rick Yiu
b31ec34eef Move vendor_sched to common sepolicy
Previously vendor_sched is put under product area which will be replaced
by GSI. To solve it, move it to system/sepolicy.

Bug: 194656257
Test: build pass
Change-Id: Ia0b855e3a876a58b58f79b4fba09293419797b47
2021-07-30 03:01:32 +00:00
David Anderson
bf5b6ce422 Add new snapuserd socket and property rules.
This adds a new property prefix owned by snapuserd, for communicating
when the service is ready to accept connections (snapuserd.ready and
snapuserd.proxy_ready).

This also adds a new socket context. This is a seqpacket socket used to
communicate with a special instance of snapuserd that bridges to the
first-stage daemon.

Bug: 193833730
Test: no denials after OTA applies and boots
Change-Id: Ibad03659eba5c25e205ba00f27d0b4f98585a84b
2021-07-27 10:50:59 -07:00
Alan Stokes
fa10a14fac Refactor apex data file types.
We ended up with 4 labels for specific APEX files that were all
identical; I've replaced them with a single one
(apex_system_server_data_file).

Additionally I created an attribute to be applied to a "standard" APEX
module data file type that establishes the basics (it can be managed
by vold_prepare_subdirs and apexd), to make it easier to add new such
types - which I'm about to do.

Fix: 189415223
Test: Presubmits
Change-Id: I4406f6680aa8aa0e38afddb2f3ba75f8bfbb8c3c
2021-07-12 14:41:04 +01:00
Martin Liu
4db56b0b52 allow init to access watermark_boost_factor
Bug: 189938926
Test: boot
Signed-off-by: Martin Liu <liumartin@google.com>
Change-Id: I07c8490c94c837952921e95f12efa6213edbf056
2021-07-01 12:24:52 +08:00
Thiébaud Weksteen
9ec532752d Add fusefs_type for FUSE filesystems
Any FUSE filesystem will receive the 'fuse' type when mounted. It is
possible to change this behaviour by specifying the "context=" or
"fscontext=" option in mount().

Because 'fuse' has historically been used only for the emulated storage,
it also received the 'sdcard_type' attribute. Replace the 'sdcard_type'
attribute from 'fuse' with the new 'fusefs_type'. This attribute can be
attached on derived types (such as app_fusefs).

This change:
- Remove the neverallow restriction on this new type. This means any
  custom FUSE implementation can be mounted/unmounted (if the correct
  allow rule is added). See domain.te.
- Change the attribute of 'fuse' from 'sdcard_type' to 'fusefs_type'.
  See file.te.
- Modify all references to 'sdcard_type' to explicitly include 'fuse'
  for compatibility reason.

Bug: 177481425
Bug: 190804537
Test: Build and boot aosp_cf_x86_64_phone-userdebug
Change-Id: Id4e410a049f72647accd4c3cf43eaa55e94c318f
2021-06-28 13:18:46 +02:00
Alexander Dorokhine
0b2553a32b Allow the appsearch apex access to the apexdata misc_ce dir.
Bug: 177685938
Test: AppSearchSessionCtsTest
Change-Id: I727860a02cb9e612ce6c322662d418cddc2ff358
2021-05-26 09:47:19 -07:00
Hridya Valsaraju
f35c70b0dd Merge changes If26ba23d,Ibea38822
* changes:
  Revert "Revert "Exclude vendor_modprobe from debugfs neverallow restrictions""
  Revert "Revert "Add neverallows for debugfs access""
2021-05-05 17:31:35 +00:00
Songchun Fan
633f7ca868 [sepolicy] allow system server to read incfs metrics from sysfs
Address denial messages like:

05-05 05:02:21.480  1597  1597 W Binder:1597_12: type=1400 audit(0.0:140): avc: denied { read } for name="reads_delayed_min" dev="sysfs" ino=107358 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

BUG: 184844615
Test: atest android.cts.statsdatom.incremental.AppErrorAtomTests#testAppCrashOnIncremental
Change-Id: I201e27e48a08f99f41a030e06c6f22518294e056
2021-05-04 22:56:41 -07:00
Hridya Valsaraju
23f9f51fcd Revert "Revert "Add neverallows for debugfs access""
This reverts commit e95e0ec0a5.

Now that b/186727553 is fixed, it should be safe to revert this revert.

Test: build
Bug: 184381659
Change-Id: Ibea3882296db880f5cafe4f9efa36d79a183c8a1
2021-05-04 22:06:46 -07:00
Hridya Valsaraju
7362f58895 Merge changes from topic "revert-1668411-MWQWEZISXF"
* changes:
  Revert "Add a neverallow for debugfs mounting"
  Revert "Add neverallows for debugfs access"
  Revert "Exclude vendor_modprobe from debugfs neverallow restrictions"
  Revert "Check that tracefs files are labelled as tracefs_type"
2021-04-23 22:06:31 +00:00
Hridya Valsaraju
e95e0ec0a5 Revert "Add neverallows for debugfs access"
Revert submission 1668411

Reason for revert: Suspect for b/186173384
Reverted Changes:
Iaa4fce9f0:Check that tracefs files are labelled as tracefs_t...
I743a81489:Exclude vendor_modprobe from debugfs neverallow re...
I63a22402c:Add neverallows for debugfs access
I289f2d256:Add a neverallow for debugfs mounting

Change-Id: I9b7d43ac7e2ead2d175b265e97c749570c95e075
2021-04-23 16:38:20 +00:00
Treehugger Robot
005ae599cd Merge changes from topic "debugfs_neverallow"
* changes:
  Check that tracefs files are labelled as tracefs_type
  Exclude vendor_modprobe from debugfs neverallow restrictions
  Add neverallows for debugfs access
  Add a neverallow for debugfs mounting
2021-04-22 16:41:06 +00:00
Hridya Valsaraju
a0b504a484 Add neverallows for debugfs access
Android R launching devices and newer must not ship with debugfs
mounted. For Android S launching devices and newer, debugfs must only be
mounted in userdebug/eng builds by init(for boot time initializations)
and dumpstate(for grabbing debug information from debugfs using the
dumpstate HAL).

This patch adds neverallow statements to prevent othe processes
being provided access to debugfs when the flag PRODUCT_SET_DEBUGFS_RESTRICTIONS
is set to true.

Test: make with/without PRODUCT_SET_DEBUGFS_RESTRICTIONS
Bug: 184381659
Change-Id: I63a22402cf6b1f57af7ace50000acff3f06a49be
2021-04-21 14:13:22 -07:00
David Massoud
c50fecd8ef Allow traced_probes to read devfreq
- Add dir read access to /sys/class/devfreq/
- Add file read access to /sys/class/devfreq/$DEVICE/cur_freq

Resolves the following denials:
W traced_probes: type=1400 audit(0.0:8):
avc: denied { read } for name="devfreq" dev="sysfs"
ino=28076 scontext=u:r:traced_probes:s0
tcontext=u:object_r:sysfs:s0 tclass=dir permissive=0

W traced_probes: type=1400 audit(0.0:226):
avc: denied { read } for name="cur_freq" dev="sysfs"
ino=54729 scontext=u:r:traced_probes:s0
tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

See ag/14187061 for device specific sysfs_devfreq_cur labels

Bug: 181850306
Test: ls -Z, record perfetto trace
Change-Id: I23cebb16505313160e14b49e82e24da9b81cad70
2021-04-16 20:02:06 +08:00
Yabin Cui
49806a1067 Merge "Add vendor_kernel_modules type to public." 2021-04-08 17:49:16 +00:00
Yabin Cui
2e2df6b3a7 Add vendor_kernel_modules type to public.
Bug: 166559473
Bug: 183135316
Test: build and boot
Change-Id: Idc9f6235a1b69236ce274d9b3173f6d39ee04c82
Merged-In: Idc9f6235a1b69236ce274d9b3173f6d39ee04c82
(cherry picked from commit 3b23f17eae)
2021-04-06 14:28:36 -07:00
Yi-Yo Chiang
806898db48 Split gsi_metadata_file and add gsi_metadata_file_type attribute
Split gsi_metadata_file into gsi_metadata_file plus
gsi_public_metadata_file, and add gsi_metadata_file_type attribute.
Files that are okay to be publicly readable are labeled with
gsi_public_metadata_file. Right now only files needed to infer the
device fstab belong to this label.
The difference between gsi_metadata_file and gsi_public_metadata_file is
that gsi_public_metadata_file has relaxed neverallow rules, so processes
who wish to read the fstab can add the respective allow rules to their
policy files.
Allow gsid to restorecon on gsi_metadata_file to fix the file context of
gsi_public_metadata_file.

Bug: 181110285
Test: Build pass
Test: Issue a DSU installation then verify no DSU related denials and
  files under /metadata/gsi/ are labeled correctly.
Change-Id: I54a5fe734dd345e28fd8c0874d5fceaf80ab8c11
2021-03-29 03:09:35 +00:00
Alexander Potapenko
3d52817da4 Selinux policy for bootreceiver tracing instance
Create contexts for /sys/kernel/tracing/instances/bootreceiver
Allow read access to files in this dir for system_server.

Bug: 172316664
Bug: 181778620
Test: manual runs with KFENCE enabled
Signed-off-by: Alexander Potapenko <glider@google.com>
Change-Id: I7021a9f32b1392b9afb77294a1fd0a1be232b1f2
2021-03-05 08:53:39 +01:00
Wonsik Kim
08a25e6709 Revert "Selinux policy for bootreceiver tracing instance"
Revert submission 1572240-kernel_bootreceiver

Reason for revert: DroidMonitor: Potential culprit for Bug 181778620 - verifying through Forrest before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted.
Reverted Changes:
Ic1c49a695:init.rc: set up a tracing instance for BootReceive...
I828666ec3:Selinux policy for bootreceiver tracing instance

Change-Id: I9a8da7ae501a4b7c3d6cb5bf365458cfd1bef906
2021-03-03 22:47:02 +00:00
Alexander Potapenko
31251aa6ec Selinux policy for bootreceiver tracing instance
Create contexts for /sys/kernel/tracing/instances/bootreceiver
Allow read access to files in this dir for system_server.

Bug: 172316664
Test: manual runs with KFENCE enabled
Signed-off-by: Alexander Potapenko <glider@google.com>
Change-Id: I828666ec3154aadf138cfa552832a66ad8f4a201
2021-03-02 16:53:12 +01:00
Devin Moore
840d4f3bf3 Add sepolicy for /proc/bootconfig
Vendor boot hal, init, and vold processes all require permission.

Test: build and boot aosp_cf_x86_64_phone
Bug: 173815685
Change-Id: I15692dcd39dfc9c3a3b7d8c12d03eff0a7c96f72
2021-02-23 07:42:06 -08:00
Kelvin Zhang
a1e58814a8 Add necessary sepolicy for update_engine to reserve space on data
Test: serve an OTA, make sure /data/apex/reserved is present
Bug: 172911822

Change-Id: I9f7967c9047ae834eb55a48d56ffc34a7b37f5db
2021-02-19 11:30:50 +00:00
Gavin Corkery
3bb3559e2e Merge "Add sepolicy for scheduling module data directories" 2021-02-18 20:51:51 +00:00
Gavin Corkery
cd3bb575ab Add sepolicy for scheduling module data directories
Test: Manually test writing and reading files
Bug: 161353402
Change-Id: Ifbc0e4db0ec51f6565a0f52df06b1d148577b788
2021-02-15 22:31:27 +00:00
Maciej Żenczykowski
d68cb48e90 apply 'fs_bpf_tethering' label to /sys/fs/bpf/tethering
We want to label /sys/fs/bpf/tethering/... with a new label distinct
from /sys/fs/bpf, as this will allow locking down the programs/maps
tighter then is currently possible with the existing system.

These programs and maps are provided via the tethering mainline module,
and as such their number, names, key/value types, etc. are all prone to
be changed by a tethering mainline module update.

Test: atest, TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ifc4108d76a1106a936b941a3dda1abc5a65c05b0
2021-02-11 17:45:06 -08:00
Hridya Valsaraju
2c3ef29ed5 Allow dumpsys to read total DMA-BUF heap pool size
These permissions are added to allow dumpsys to read
/sys/kernel/dma_heap/total_pools_kb.

Fixes the following sepolicy denials:
avc: denied { read } for name="total_pools_kb" dev="sysfs" ino=3252
scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
avc: denied { open } for path="/sys/kernel/dma_heap/total_pools_kb"
dev="sysfs" ino=3252 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs:s0
tclass=file permissive=1
avc: denied { getattr } for path="/sys/kernel/dma_heap/total_pools_kb"
dev="sysfs" ino=3252 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs:s0
tclass=file permissive=1

Bug: 167709539
Test: dumpsys meminfo
Change-Id: I1c15b41b067da84a7b629cafe27972f30c86ae27
2021-02-03 21:42:09 -08:00
Hridya Valsaraju
6217b6657d Allow dumpstate to read DMA-BUF sysfs stats
These permissions are required for dumpstate to read the DMA-BUF sysfs
stats present at /sys/kernel/dmabuf/buffers

Bug: 167709539
Test: adb shell am bug-report
Change-Id: I1c00843775452b7a7aa39b059e1d77d77aed1e9c
2021-02-02 13:28:18 -08:00
Treehugger Robot
883de3cd2e Merge "Add vendor_public_framework_file type to SEPolicy" 2021-01-28 11:41:00 +00:00
Andrei Onea
850842f77c Add data directory for appcompat
This directory is used to store override config, so that they can
persist across reboot.

Test: atest CompatConfigTest
Bug: 145509340
Change-Id: I5e8f2b3093daeccd6c95dff24a8c6c0ff31235ca
2021-01-27 15:04:31 +00:00
Dorin Drimus
84cd7087d5 Add vendor_public_framework_file type to SEPolicy
And allow access from system apps to vendor libs public only for system.
These files should be marked individually by OEMs. Maintainance
ownership for these libraries is also OEM's responsability.
Similar with vendor_public_libs_file type, this allows for an explicit
labeling of OEM system apps that can access libs from vendor.

Bug: 172526961
Test: build-only change, policy builds
Change-Id: I7d4c8232e0b52e73f373d3347170c87ab2dcce52
2021-01-26 15:59:37 +01:00
Kalesh Singh
d37f2e9d65 Merge "Sepolicy for mm events trace instance" 2021-01-26 14:33:39 +00:00
Kalesh Singh
aab7a73868 Sepolicy for mm events trace instance
Allow traced_probes read write access to configure
mm_events trace instance and poll trace_pipe_raw

Bug: 155928119
Test: No denials in logcat
Change-Id: Ib65ab2e7be8daa6b8c412ffea909072583db7002
2021-01-25 12:01:27 -05:00
Linzhao Ye
bab989d315 Merge "Add SePolicy for system_server accessing sysfs uhid." 2021-01-23 17:08:47 +00:00
Chris Ye
c0e7206c73 Add SePolicy for system_server accessing sysfs uhid.
Add SePolicy to allow Android input manager accessing sysfs uhid folder.

Bug: 161633432
Test: dumpsys input and watch for input device battery status.
Change-Id: I6ed1ab45f1cff409982c36627e12e62667819f37
2021-01-22 17:56:45 +00:00
Yurii Zubrytskyi
80dfa06984 IncFS: update SE policies for the new API
IncFS in S adds a bunch of new ioctls, and requires the users
to read its features in sysfs directory. This change adds
all the features, maps them into the processes that need to
call into them, and allows any incfs user to query the features

Bug: 170231230
Test: incremental unit tests
Change-Id: Ieea6dca38ae9829230bc17d0c73f50c93c407d35
2021-01-19 12:57:15 -08:00
Marco Ballesio
3eabc1d541 sepolicy: allow system_server to read /proc/locks
Access to /proc/locks is necessary to activity manager to determine
wheter a process holds a lock or not prior freezing it.

Test: verified access of /proc/locks while testing other CLs in the same
topic.
Bug: 176928302

Change-Id: I14a65da126ff26c6528edae137d3ee85d3611509
2021-01-12 10:47:58 -08:00
Gavin Corkery
b46e956d97 Merge "Add sepolicy for /metadata/watchdog" 2021-01-08 08:20:45 +00:00
Gavin Corkery
b0aae28b41 Add sepolicy for /metadata/watchdog
See go/rescue-party-reboot for more context.

One integer will be stored in a file in this
directory, which will be read and then deleted at the
next boot. No userdata is stored.

Test: Write and read from file from PackageWatchdog
Bug: 171951174

Change-Id: I18f59bd9ad324a0513b1184b2f4fe78c592640db
2021-01-07 19:42:56 +00:00
Chiachang Wang
813c25fc91 Add new selinux type for radio process
ConnectivityService is going to become mainline and can not
access hidden APIs. Telephony and Settings were both accessing
the hidden API ConnectivityManager#getMobileProvisioningUrl.
Moving #getMobileProvisioningUrl method into telephony means
that there is one less access to a hidden API within the overall
framework since the Connectivity stack never needed this value.
Thus, move getMobileProvisioningUrl parsing to telephony surface
and provide the corresponding sepolicy permission for its access.

The exsting radio_data_file is an app data type and may allow
more permission than necessary. Thus create a new type and give
the necessary read access only.

Bug: 175177794
Test: verify that the radio process could read
      /data/misc/radio/provisioning_urls.xml successfully
Change-Id: I191261a57667dc7936c22786d75da971f94710ef
2020-12-24 15:11:15 +08:00
Alan Stokes
7aa40413ae Split user_profile_data_file label.
user_profile_data_file is mlstrustedobject. And it needs to be,
because we want untrusted apps to be able to write to their profile
files, but they do not have levels.

But now we want to apply levels in the parent directories that have
the same label, and we want them to work so they need to not be
MLS-exempt. To resolve that we introduce a new label,
user_profile_root_file, which is applied to those directories (but no
files). We grant mostly the same access to the new label as
directories with the existing label.

Apart from appdomain, almost every domain which accesses
user_profile_data_file, and now user_profile_root_file, is already
mlstrustedsubject and so can't be affected by this change. The
exception is postinstall_dexopt which we now make mlstrustedobject.

Bug: 141677108
Bug: 175311045
Test: Manual: flash with wipe
Test: Manual: flash on top of older version
Test: Manual: install & uninstall apps
Test: Manual: create & remove user
Test: Presubmits.
Change-Id: I4e0def3d513b129d6c292f7edb076db341b4a2b3
2020-12-11 17:35:06 +00:00
Suren Baghdasaryan
37f1a137b6 Add rules for per-API level task profiles and cgroup description files
Define access rights to new per-API level task profiles and cgroup
description files under /etc/task_profiles/.

Bug: 172066799
Test: boot with per-API task profiles
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I04c9929fdffe33a9fc82d431a53f47630f9dcfc3
2020-11-23 09:30:26 -08:00
Alan Stokes
f8ad33985d Introduce app_data_file_type attribute.
This gives us an easy way for the policy to refer to all existing or
future types used for app private data files in type= assignments in
seapp_contexts.

Apply the label to all the existing types, then refactor rules to use
the new attribute.

This is intended as a pure refactoring, except that:
- Some neverallow rules are extended to cover types they previous
omitted;
- We allow iorap_inode2filename limited access to shell_data_file and
  nfc_data_file;
- We allow zygote limited access to system_app_data_file.

This mostly reverts the revert in commit
b01e1d97bf, restoring commit
27e0c740f1. Changes to check_seapp to
enforce use of app_data_file_type is omitted, to be included in a
following CL.

Test: Presubmits
Bug: 171795911
Change-Id: I02b31e7b3d5634c94763387284b5a154fe5b71b4
2020-11-11 14:43:36 +00:00
Alan Stokes
b01e1d97bf Revert "Introduce app_data_file_type attribute."
This reverts commit 27e0c740f1.

Reason for revert: b/172926597

Change-Id: Id2443446cbdf51dc05b303028377895b9cf2a09e
2020-11-10 18:02:14 +00:00
Alan Stokes
27e0c740f1 Introduce app_data_file_type attribute.
This gives us an easy way for the policy to refer to all existing or
future types used for app private data files in type= assignments in
seapp_contexts.

Apply the label to all the existing types, then refactor rules to use
the new attribute.

This is intended as a pure refactoring, except that:
- Some neverallow rules are extended to cover types they previous
omitted;
- We allow iorap_inode2filename limited access to shell_data_file and
  nfc_data_file;
- We allow zygote limited access to system_app_data_file.

Also extend check_seapp to check that all types specified in
seapp_contexts files have the attribute, to ensure that the neverallow
rules apply to them. As a small bonus, also verify that domain and
type values are actually types not attributes.

Test: Presubmits
Test: Manual: specify an invalid type, build breaks.
Bug: 171795911
Change-Id: Iab6018af449dab3b407824e635dc62e3d81e07c9
2020-11-09 11:04:02 +00:00
Florian Mayer
12376168b4 New type for printk_formats, allow traced_probes.
Test: ls -lZ /sys/kernel/tracing/printk_formats
      [...] u:object_r:debugfs_tracing_printk_formats:s0 [...]

Test: setenforce 0;
      runcon u:r:system_server:s0 cat /sys/kernel/tracing/printk_formats
      logcat complains about /sys/kernel/tracing/printk_formats

Test: setenforce 0;
      runcon u:r:traced_probes:s0 cat /sys/kernel/tracing/printk_formats
      logcat does not complain about /sys/kernel/tracing/printk_formats

(need to setenforce 0, because otherwise the exec of ls is denied).

Bug: 70292203
Change-Id: I15ddef686f979c59daaba5263fa99aca3cd139e5
2020-11-05 12:55:50 +00:00
David Anderson
45ac6e8400 Merge "Add sepolicy for dm-user devices and the snapuserd daemon." 2020-10-27 16:39:14 +00:00
David Anderson
fe30369efb Add sepolicy for dm-user devices and the snapuserd daemon.
dm-user is a new device-mapper module, providing a FUSE-like service for
block devices. It creates control nodes as misc devices under
/dev/dm-user/. Make sure these nodes get a unique selabel.

snapuserd is a daemon for servicing requests from dm-user. It is a
low-level component of Virtual A/B updates, and provides the bridge
betewen dm-snapshot and the new COW format. For this reason it needs
read/write access to device-mapper devices.

Bug: 168259959
Test: ctl.start snapuserd, no denials
      vts_libsnapshot_test, no denials
Change-Id: I36858a23941767f6127d6fbb9e6755c68b91ad31
2020-10-26 23:23:01 -07:00
Primiano Tucci
cd452300a7 Allow tracing service to access kallsyms on userdebug
This CL allows the traced_probes service to temporarily
lower kptr_restrict and read /proc/kallsyms.
This is allowed only on userdebug/eng builds.
The lowering of kptr_restrict is done via an init
property because the kernel checks that the kptr_restrict
writer is CAP_SYS_ADMIN, regardless of the /proc file ACLs [1].

[1] 4cbffc461e/kernel/sysctl.c (L2254)

Bug: 136133013
Design doc: go/perfetto-kallsyms
Test: perfetto_integrationtests --gtest_filter=PerfettoTest.KernelAddressSymbolization in r.android.com/1454882

Change-Id: Ic06e7a9a74c0f3e42fa63f7f41decc385c9fea2c
2020-10-23 14:03:08 +01:00
Maciej Żenczykowski
159c6e13dc public/file.te: add 'allow proc_net proc:filesystem associate'
Per http://cs/aosp-master/system/sepolicy/private/genfs_contexts?l=21

  genfscon proc /net u:object_r:proc_net:s0

/proc/net/... portion of proc should be 'proc_net' not the default of 'proc'

For example on a bonito:
  $ adbb shell ls -alZd /proc /proc/net/xt_quota
  dr-xr-xr-x 757 root root u:object_r:proc:s0      0 1969-12-31 16:00 /proc
  dr-xr-xr-x   2 root root u:object_r:proc_net:s0  0 2020-10-20 11:02 /proc/net/xt_quota

This already mostly works, but occasionally on 4.19 devices we see
(apparently spurious) denials (my gut feeling is kernel behaviour
changed and/or is racy):

[   37.434457] type=1400 audit(1574821413.359:2102): avc: denied { associate } for comm="Binder:762_1" name="globalAlert" scontext=u:object_r:proc_net:s0 tcontext=u:object_r:proc:s0 tclass=filesystem permissive=1

Presumably caused by a binder rpc into netd:
  http://cs/aosp-master/system/netd/server/BandwidthController.cpp?l=635&rcl=cdd79f13c670605819333de2d7b67d7f8a42210c

Things seem to work anyway, presumably because eventually it does somehow
get set to 'proc_net' anyway...

This patch will allow the removal of:
    allow proc_net proc:filesystem { associate };
and
    dontaudit proc_net proc:filesystem associate;
from device specific configs.

Bug: 145579144
Bug: 170265025
Test: treehugger will
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I46294d8b1526e846a5eddb350adf51c76634b8f1
2020-10-20 18:25:39 +00:00
Jack Yu
dd5c5d7960 Merge "Add sepolicy to allow read/write nfc snoop log data" 2020-10-16 07:56:10 +00:00
Alan Stokes
c7229c760f Make shared_relro levelFrom=all.
Also make shared_relro_file mlstrustedobject to ensure these files can
still be read by any app in any user.

Bug: 170622707
Test: Manual: delete the files, check they are re-created and accessible.
Test: Manual: no denials seen
Test: Presubmits
Change-Id: Icce4ee858219e3fd0e307f3edfb3c66005872a45
2020-10-12 14:43:01 +01:00
Yifan Hong
f5f4c1207a Revert "Add /boot files as ramdisk_boot_file."
This reverts commit 2576a2fc30.

Reason for revert: conflict with device-specific sepolicy

Bug: 170411692
Change-Id: Ie5fde9dd91b603f155cee7a9d7ef432a05dc6827
Test: pass
2020-10-08 22:13:44 +00:00
Yifan Hong
2576a2fc30 Add /boot files as ramdisk_boot_file.
/boot/etc/build.prop is a file available at first_stage_init to
be moved into /second_stage_resources.

The file is only read by first_stage_init before SELinux is
initialized. No other domains are allowed to read it.

Test: build aosp_hawk
Test: boot and getprop
Bug: 170364317
Change-Id: I0f8e3acc3cbe6d0bae639d2372e1423acfc683c7
2020-10-08 07:55:12 -07:00
Jack Yu
dd64813204 Add sepolicy to allow read/write nfc snoop log data
Bug: 153704838
Test: nfc snoop log could be accessed
Change-Id: I694426ddb776114e5028b9e33455dd98fb502f0a
2020-09-24 17:36:07 +08:00
Yifan Hong
38a901df56 Revert "Add modules partition"
Revert submission 1413808-modules_partition

Reason for revert: modules partition no longer needed
Reverted Changes:
Iceafebd85:Add modules partition
I2fa96199a:rootdir: Add modules directory
Ie397b9ec6:Add modules partition.
I4200d0cf5:fastboot: add modules partition

Bug: 163543381

Change-Id: I613d4efa346b217e0131b14424bc340ad643e1d6
2020-09-15 19:08:24 +00:00
Yifan Hong
648d956cc0 Add modules partition
Add updateable_module_file that describes all files under /modules. If
more directories (e.g. /modules/apex etc.) are added in the future,
separate labels should be applied to them.

Bug: 163543381
Test: on CF check /proc/mounts

Change-Id: Iceafebd85a2ffa47a73dce70d268d8a6fb5a5103
2020-09-08 16:35:51 -07:00
Colin Cross
da4e51b71f Add shell_test_data_file for /data/local/tests
Add a domain for /data/local/tests which will be used by atest
to execute tests on devices as shell or root.

Bug: 138450837
Test: atest binderVendorDoubleLoadTest memunreachable_unit_test memunreachable_binder_test
Change-Id: Ia34314bd9430e21c8b3304ac079e3d9b5705e19c
2020-09-01 11:17:19 -07:00
Yi Kong
cdacc620b7 Add file context type for /sys/devices/cs_etm
This is the cs_etm (Coresight ETM) sysfs directory.

Bug: 79161490
Test: build
Change-Id: I9a66bb4b2684ef8637106a36f7d490d8f805cabf
2020-08-31 08:28:12 +00:00
Gavin Corkery
ed62b31812 Selinux policy for new userspace reboot logging dir
Add userspace_reboot_metadata_file, which is written to by init,
and read by system server. System server will also handle the
deletion policy and organization of files within this directory,
so it needs additional permissions.

Test: Builds
Bug: 151820675
Change-Id: Ifbd70a6564e2705e3edf7da6b05486517413b211
2020-08-26 21:00:09 +01:00
Marco Ballesio
8f280b0847 sepolicy support for cgroup v2
cgroup v2 is going to be used for freezer v2 support. The cgroup v2 hiearchy
will be mounted by init under /sys/fs/cgroup hence proper access rights
are necessary for sysfs. After mounting, the cgroup v2 kernfs will use
the label cgroup_v2 and system_manager will handle the freezer

Bug: 154548692
Test: verified that files undes sysfs and cgroup v2 kernfs are accessed
as required to allow proper functioning for the freezer.

Change-Id: Idfb3f6e77b60dad032d1e306d2f9b58cd5775960
2020-08-17 09:49:10 -07:00
Janis Danisevskis
c40681f1b5 Add libselinux keystore_key backend.
We add a new back end for SELinux based keystore2_key namespaces.
This patch adds the rump policy and build system infrastructure
for installing keystore2_key context files on the target devices.

Bug: 158500146
Bug: 159466840
Test: None
Change-Id: I423c9e68ad259926e4a315d052dfda97fa502106
Merged-In: I423c9e68ad259926e4a315d052dfda97fa502106
2020-08-05 16:11:48 +00:00
linpeter
87c7261f0a sepolicy: label vendor_service_contexts as vendor_service_contexts_file
Due to AIDL HAL introduction, vendors can publish services
with servicemanager. vendor_service_contexts is labeled as
vendor_service_contexts_file, not nonplat_service_contexts_file.
And pack it to vendor partition.

Bug: 154066722

Test: check file label
Change-Id: Ic74b12e4c8e60079c0872b6c27ab2f018fb43969
2020-06-15 17:09:46 +08:00
Jeffrey Vander Stoep
b45b42a3d3 Merge "Label kprobes and restrict access" 2020-06-11 11:36:51 +00:00
Jeff Vander Stoep
bd3fd0eebe Label kprobes and restrict access
Bug: 149659981
Test: build
Change-Id: I6abcd1bb9af15e7ba0f1f5e711ea9ac661bffc25
2020-06-11 07:43:30 +02:00
Treehugger Robot
63ff32ddb0 Merge "Add sepolicy for FUSE control filesystem." 2020-06-09 00:23:51 +00:00
Martijn Coenen
aa2cb5129e Add sepolicy for FUSE control filesystem.
To allow vold to abort it.

Bug: 153411204
Test: vold can access it
Merged-In: I334eaf3459905c27d614db8eda18c27e62bea5fa
Change-Id: I334eaf3459905c27d614db8eda18c27e62bea5fa
2020-06-08 20:40:01 +02:00
Mohammad Samiul Islam
476d616e43 Create sepolicy for allowing system_server rw in /metadata/staged-install
Bug: 146343545
Test: presubmit
Change-Id: I4a7a74ec4c5046d167741389a40da7f330d4c63d
Merged-In: I4a7a74ec4c5046d167741389a40da7f330d4c63d
(cherry picked from commit be5c4de29f)
2020-06-03 10:59:02 +01:00
Jiyong Park
93a99cf8fc Introduce apex_info_file type
/apex/apex-info-file.xml is labeled as apex_info_file. It is
created/written by apexd once by apexd, and can be read by zygote and
system_server. The content of the file is essentially the same as the
return value of getAllPackages() call to apexd.

Bug: 154823184
Test: m
Merged-In: Ic6af79ddebf465b389d9dcb5fd569d3a786423b2
(cherry picked from commit f1de4c02cc)
Change-Id: Ic6af79ddebf465b389d9dcb5fd569d3a786423b2
2020-05-27 09:35:11 +09:00
Songchun Fan
19a5cc2bab [sepolicy] remove vendor_incremental_module from global sepolicy rules
(Cherry-picking)

Moving to coral-sepolicy

BUG: 150882666
Test: atest PackageManagerShellCommandIncrementalTest
Merged-Id: I55f5d53ee32d0557e06c070961526631e1bb1fc5
Change-Id: Ia9c4d8240787b0d2b349764cac9d61b9d8731fa2
2020-03-19 16:31:44 -07:00
A. Cody Schuffelen
71b0b85a94 Add sepolicy for the securityfs mount type.
See discussion in aosp/1233645. There was a concern about this
filesystem automounting when enabled, so this change adds sepolicy to
preemptively lock it down.

I'm not confident it actually automounts. If it does, it'll land in
/sys/kernel/security, which is also protected with the sysfs policy.

Test: Builds
Bug: 148102533
Change-Id: I78a246a5c18953f2471f84367ab383afb2742908
2020-03-11 12:24:24 -07:00
Roshan Pius
0f6852b342 Merge "sepolicy(wifi): Allow wifi service access to wifi apex directories" 2020-02-22 03:56:55 +00:00
Roshan Pius
8f84cc32a8 sepolicy(wifi): Allow wifi service access to wifi apex directories
Bug: 148660313
Test: Compiles
Change-Id: I4a973c4516fda5f96f17f82cd3a424b0ca89004b
2020-02-21 10:40:32 -08:00
David Zeuthen
1948c11d13 Merge "Add SELinux policy for credstore and update for IC HAL port from HIDL to AIDL." 2020-02-19 21:14:40 +00:00
David Zeuthen
02bf814aa2 Add SELinux policy for credstore and update for IC HAL port from HIDL to AIDL.
The credstore service is a system service which backs the
android.security.identity.* Framework APIs. It essentially calls into
the Identity Credential HAL while providing persistent storage for
credentials.

Bug: 111446262
Test: atest android.security.identity.cts
Test: VtsHalIdentityTargetTest
Test: android.hardware.identity-support-lib-test
Change-Id: I5cd9a6ae810e764326355c0842e88c490f214c60
2020-02-19 13:46:45 -05:00
Mark Salyzyn
79f9ca6789 bootstat: enhance last reboot reason property with file backing
Helps with support of recovery and rollback boot reason history, by
also using /metadata/bootstat/persist.sys.boot.reason to file the
reboot reason.  For now, label this file metadata_bootstat_file.

Test: manual
Bug: 129007837
Change-Id: Id1d21c404067414847bef14a0c43f70cafe1a3e2
2020-02-14 13:30:21 -08:00
Songchun Fan
b1512f3ab7 new label for incremental control files
Test: manual with incremental installation
Test: coral:/data/incremental/MT_data_incremental_tmp_1658593565/mount # ls -lZ .pending_reads
Test: -rw-rw-rw- 1 root root u:object_r:incremental_control_file:s0  0 1969-12-31 19:00 .pending_reads
BUG: 133435829
Change-Id: Ie090e085d94c5121bf61237974effecef2dcb180
2020-02-13 12:52:51 -08:00
Songchun Fan
d9b78b4c84 remove incfs genfscon label
Test: manual with incremental installation
BUG: 133435829
Change-Id: I8b38db18851a5b3baf925be621de3eb0e83efbb4
2020-02-13 08:44:48 -08:00
Jerry Chang
e8b7cecad3 Merge "sepolicy: new prereboot_data_file type" 2020-02-11 02:49:29 +00:00
Songchun Fan
99d9374760 selinux rules for loading incremental module
Defining incremental file system driver module, allowing vold to load
and read it.

=== Denial messages ===
02-04 16:48:29.193   595   595 I Binder:595_4: type=1400 audit(0.0:507): avc: denied { read } for name="incrementalfs.ko" dev="dm-2" ino=1684 scontext=u:r:vold:s0 tcontext=u:object_r:vendor_incremental_module:s0 tclass=file permissive=1
02-04 16:48:29.193   595   595 I Binder:595_4: type=1400 audit(0.0:508): avc: denied { open } for path="/vendor/lib/modules/incrementalfs.ko" dev="dm-2" ino=1684 scontext=u:r:vold:s0 tcontext=u:object_r:vendor_incremental_module:s0 tclass=file permissive=1
02-04 16:48:29.193   595   595 I Binder:595_4: type=1400 audit(0.0:509): avc: denied { sys_module } for capability=16 scontext=u:r:vold:s0 tcontext=u:r:vold:s0 tclass=capability permissive=1
02-04 16:48:29.193   595   595 I Binder:595_4: type=1400 audit(0.0:510): avc: denied { module_load } for path="/vendor/lib/modules/incrementalfs.ko" dev="dm-2" ino=1684 scontext=u:r:vold:s0 tcontext=u:object_r:vendor_incremental_module:s0 tclass=system permissive=1

Test: manual
BUG: 147371381
Change-Id: I5bf4e28c28736b4332e7a81c344ce97ac7278ffb
2020-02-07 09:52:34 -08:00
Jerry Chang
5594f307c8 sepolicy: new prereboot_data_file type
This adds the type and permissions for dumping and appending prereboot
information.

Bug: 145203410
Test: Didn't see denials while dumping and appending prereboot info.
Change-Id: Ic08408b9bebc3648a7668ed8475f96a5302635fa
2020-02-07 10:22:47 +08:00
Yifan Hong
28d5e87d39 Merge "snapshotctl better logging" 2020-02-04 22:18:33 +00:00
Yifan Hong
589bb6f369 snapshotctl better logging
Test: snapshotctl merge --log-to-file
Bug: 148818798
Change-Id: I0e9c8ebb6632a56670a566f7a541e52e0bd24b08
2020-02-04 10:09:24 -08:00
Songchun Fan
f09db16c56 [selinux] properly labeling dirs under /data/incremental
Setting files and dirs under /data/incremental as apk_data_file, so that
they will have the same permissions as the ones under /data/app.

Current layout of the dirs:
1. /data/incremental/[random]/mount -> holds data files (such as base.apk) and
control files (such as .cmd). Its subdirectory is first bind-mounted to
/data/incremental/tmp/[random], eventually bind-mounted to
/data/app/~~[randomA]/[packageName]-[randomB].

2. /data/incremental/[random]/backing_mount -> hold incfs backing image.

3. /data/incremental/tmp/[random] -> holds temporary mountpoints (bind-mount targets)
during app installation.

Test: manual
Change-Id: Ia5016db2fa2c7bad1e6611d59625731795eb9efc
2020-02-03 14:28:37 -08:00
Zimuzo Ezeozue
5119becf5d Merge "Grant vold, installd, zygote and apps access to /mnt/pass_through" 2020-01-28 22:26:58 +00:00
Zim
fcf599c89c Grant vold, installd, zygote and apps access to /mnt/pass_through
/mnt/pass_through was introduced to allow the FUSE daemon unrestricted
 access to the lower filesystem (or sdcardfs).

At zygote fork time, the FUSE daemon will have /mnt/pass_through/0
bind mounted to /storage instead of /mnt/user/0. To keep /sdcard
(symlink to /storage/self/primary) paths working, we create a
'self' directory  with an additional 'primary' symlink to
/mnt/pass_through/0/emulated/0 which is a FUSE mount point.

The following components need varying sepolicy privileges:

Vold: Creates the self/primary symlink and mounts the lower filesystem
on /mnt/pass_through/0/emulated. So needs create_dir and mount access
+ create_file access for the symlink

zygote: In case zygote starts an app before vold sets up the paths.
This is unlikely but can happen if the FUSE daemon (a zygote forked app)
is started before system_server completes vold mounts.
Same sepolicy requirements as vold

installd: Needs to clear/destroy app data using lower filesystem
mounted on /mnt/pass_through so needs read_dir access to walk
/mnt/pass_through

priv_app (FUSE daemon): Needs to server content from the lower
filesystem mounted on /mnt/pass_through so needs read_dir access to
walk /mnt/pass_through

Bug: 135341433
Test: adb shell ls /mnt/pass_through/0/self/primary
Change-Id: I16e35b9007c2143282600c56adbc9468a1b7f240
2020-01-28 20:56:36 +00:00
Ryan Savitski
67a82481f8 initial policy for traced_perf daemon (perf profiler)
The steps involved in setting up profiling and stack unwinding are
described in detail at go/perfetto-perf-android.

To summarize the interesting case: the daemon uses cpu-wide
perf_event_open, with userspace stack and register sampling on. For each
sample, it identifies whether the process is profileable, and obtains
the FDs for /proc/[pid]/{maps,mem} using a dedicated RT signal (with the
bionic signal handler handing over the FDs over a dedicated socket). It
then uses libunwindstack to unwind & symbolize the stacks, sending the
results to the central tracing daemon (traced).

This patch covers the app profiling use-cases. Splitting out the
"profile most things on debug builds" into a separate patch for easier
review.

Most of the exceptions in domain.te & coredomain.te come from the
"vendor_file_type" allow-rule. We want a subset of that (effectively all
libraries/executables), but I believe that in practice it's hard to use
just the specific subtypes, and we're better off allowing access to all
vendor_file_type files.

Bug: 137092007
Change-Id: I4aa482cfb3f9fb2fabf02e1dff92e2b5ce121a47
2020-01-22 22:04:01 +00:00
Treehugger Robot
4f0bf97b41 Merge "Add policies for permission APEX data directory." 2020-01-17 23:45:54 +00:00
Jing Ji
2b12440ff7 Add rules for an unix domain socket for system_server
System_server will listen on incoming packets from zygotes.

Bug: 136036078
Test: atest CtsAppExitTestCases:ActivityManagerAppExitInfoTest
Change-Id: I42feaa317615b90c5277cd82191e677548888a71
2020-01-16 16:09:48 -08:00