Vendor public libs are exposed to apps (not system), and their ABI
stability is guaranteed by vendor. Introducing new selinux type so that
we don't conflate concepts of same-process HAL and vendor public lib.
The former is exposed to all domains, while the latter should only be
acessible by apps.
Bug: 76413554
Test: build-only change, policy builds
Change-Id: I89dad351374f46c7fe2726991eb4c05064c37ed5
Create a new label for /data/system/dropbox, and neverallow direct
access to anything other than init and system_server.
While all apps may write to the dropbox service, only apps with
android.permission.READ_LOGS, a signature|privileged|development
permission, may read them. Grant access to priv_app, system_app,
and platform_app, and neverallow access to all untrusted_apps.
Bug: 31681871
Test: atest CtsStatsdHostTestCases
Test: atest DropBoxTest
Test: atest ErrorsTests
Change-Id: Ice302b74b13c4d66e07b069c1cdac55954d9f5df
We're adding support for OEMs to ship exFAT, which behaves identical
to vfat. Some rules have been manually enumerating labels related
to these "public" volumes, so unify them all behind "sdcard_type".
Test: atest
Bug: 67822822
Change-Id: I09157fd1fc666ec5d98082c6e2cefce7c8d3ae56
We're adding support for OEMs to ship exFAT, which behaves identical
to vfat. Some rules have been manually enumerating labels related
to these "public" volumes, so unify them all behind "sdcard_type".
Test: atest
Bug: 67822822
Change-Id: I09157fd1fc666ec5d98082c6e2cefce7c8d3ae56
With this attribute it will be easier to reference /proc files.
Bug: 74182216
Test: policy builds
Change-Id: I5b7da508d821e45f122832261a742a201e8fdf2c
(cherry picked from commit 41bf08e592)
The webview_zygote is now launched as a child-zygote process from the
main zygote process.
Bug: 63749735
Test: m
Test: Launch "Third-party licenses" activity from Settings, and it
renders correctly via the WebView.
Merged-In: I9c948b58a969d35d5a5add4b6ab62b8f990645d1
Change-Id: I153476642cf14883b0dfea0d9f5b3b5e30ac1c08
The previous selinux rules obtained via audit2allow didn't really
work with the case of apps connecting to the producer socket,
despite all the allow rules being correctly in place.
This was failing our CTS tests.
The reason for the failure (see denials pasted below) is due to
Multi Level Security (for multi-user), which was still preventing
apps form a different level to connect to the traced producer
socket and write to the shmem buffers they get passed back.
This CL tags the objects being accessed as mlstrusted.
CTS tests pass with this CL.
Denials:
avc: denied { write } for pid=8545 comm="traced_probes" name="traced_producer" dev="tmpfs" ino=23629 scontext=u:r:untrusted_app_25:s0:c512,c768 tcontext=u:object_r:traced_producer_socket:s0 tclass=sock_file permissive=1
avc: denied { write } for pid=8545 comm="traced_probes" name="traced_producer" dev="tmpfs" ino=23629 scontext=u:r:untrusted_app_25:s0:c512,c768 tcontext=u:object_r:traced_producer_socket:s0 tclass=sock_file permissive=1
avc: denied { connectto } for pid=8545 comm="traced_probes" path="/dev/socket/traced_producer" scontext=u:r:untrusted_app_25:s0:c512,c768 tcontext=u:r:traced:s0 tclass=unix_stream_socket permissive=1
avc: denied { connectto } for pid=8545 comm="traced_probes" path="/dev/socket/traced_producer" scontext=u:r:untrusted_app_25:s0:c512,c768 tcontext=u:r:traced:s0 tclass=unix_stream_socket permissive=1
avc: denied { write } for pid=8545 comm="traced_probes" path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429 dev="tmpfs" ino=104483 scontext=u:r:untrusted_app_25:s0:c512,c768 tcontext=u:object_r:traced_tmpfs:s0 tclass=file permissive=1
Change-Id: I1598bc0b07bf39b8d0420b66caf06a4ca884f383
Bug: 73340039
Test: CtsPerfettoTestCases
The webview_zygote is now launched as a child-zygote process from the
main zygote process.
Bug: 63749735
Test: m
Test: Launch "Third-party licenses" activity from Settings, and it
renders correctly via the WebView.
Change-Id: I9c948b58a969d35d5a5add4b6ab62b8f990645d1
Restrictions introduced in vendor init mean that new devices
may not no longer exempt vendor init from writing to system_data_file.
This means we must introduce a new label for /data/vendor which
vendor_init may write to.
Bug: 73087047
Test: build and boot Taimen and Marlin. Complete SUW, enroll fingerprint
No new denials.
Change-Id: I65f904bb28952d4776aab947515947e14befbe34
This changes tracefs files to be default-enabled in debug mode, but
default-disabled with specific files enabled in user mode.
Bug: 64762598
Test: Successfully took traces in user mode.
Change-Id: I572ea22253e0c1e42065fbd1d2fd7845de06fceb
Data outside of /data/vendor should have the core_data_file_type.
Exempt data_between_core_and_vendor for some types.
Ensure core_data_file_type and coredomain_socket do not get expanded
to their underlying types.
Test: build sepolicy for all targets in master (this is a build time
test)
Bug: 34980020
Change-Id: I59387a87875f4603a001fb03f22fa31cae84bf5a
(cherry picked from commit bdd454792d)
Do not let apps read /proc/uid_cpupower/time_in_state,
/proc/uid_cpupower/concurrent_active_time,
/proc/uid_cpupower/concurrent_policy_time.
b/71718257
Test: Check that they can't be read from the shell
without root permissions and system_server was able
to read them
Change-Id: I812694adfbb4630f7b56aa7096dc2e6dfb148b15
Data outside of /data/vendor should have the core_data_file_type.
Exempt data_between_core_and_vendor for some types.
Ensure core_data_file_type and coredomain_socket do not get expanded
to their underlying types.
Test: build sepolicy for all targets in master (this is a build time
test)
Bug: 34980020
Change-Id: I59387a87875f4603a001fb03f22fa31cae84bf5a
Init tries to write /proc/sys/vm/min_free_order_shift but fails due to
a SELinux denial. This gives the file a new label and gives init the
ability to write it.
Test: Build and booted Sailfish (a couple of days ago).
Change-Id: Ic93862b85c468afccff2019d84b927af9ed2a84d
shipping API version:
For devices shipped before Android P nothing changes, data is stored
under /data/system/users/<user-id>/fpdata/...
Devices shipped from now on will instead store fingerprint data under
/data/vendor_de/<user-id>/fpdata.
Support for /data/vendor_de and /data/vendor_ce has been added to vold.
Bug: 36997597
Change-Id: Ibc7cc33b756f64abe68a749c0ada0ca4f6d92514
Test: manually
And grant appropriate permissions to more granular types.
Bug: 29319732
Bug: 65643247
Test: adb bugreport; no new denials to /proc or /sys files.
Change-Id: Ied99546164e79bfa6148822858c165177d3720a5
Fixing denials that stopped traceur from being able to write to
debugfs_tracing. Also cleaning up general find denials for services that
traceur doesn't have permission to access.
Additionally, labeling /data/local/trace as a trace_data_file in order
to give traceur a UX friendly area to write its traces to now that it
will no longer be a shell user. It will be write/readable by traceur,
and deletable/readable by shell.
Test: Traceur functionality is not being blocked by selinux policy
Bug: 68126425
Change-Id: I201c82975a31094102e90bc81454d3c2a48fae36