The interaface now provided by IKeystoreAuthorization AIDL interface was
previously provided by Keystore AIDL interface.
This CL adds policy to allow Keystore2 to register
IKeystoreAuthorization aidl service and to allow service manager to
look up and connect to the service.
Bug: 159475191
Test: Needs to be tested in runtime
Change-Id: I56829a8764e0efe55efdc92b75d7a3d918a20dae
Allow non-system apps to get an instance through
Context#getSystemService, and then dumpstate also needs permissions to
append to public apps' files.
Most carrier apps are not pre-installed, but we still want to allow them
to request connectivity bug reports, which are well-scoped to contain
limited PII and all info should directly relate to connectivity
(cellular/wifi/networking) debugging.
BugreportManager underneath validates that the calling app has carrier
privileges before actually starting the bug report routine. User consent
is requested for every bugreport requested by carrier apps.
Without the dumpstate.te change, the following error will occur:
01-14 20:08:52.394 1755 1755 I auditd : type=1400 audit(0.0:10): avc: denied { append } for comm="Binder:1755_16" path="/data/user/0/com.carrier.bugreportapp.public/files/bugreports/bugreport-2021-01-14-20-08-51.zip" dev="dm-8" ino=25218 scontext=u:r:dumpstate:s0 tcontext=u:object_r:app_data_file:s0:c7,c257,c512,c768 tclass=file permissive=0
[ 1167.128552] type=1400 audit(1610654932.394:10): avc: denied { append } for comm="Binder:1755_16" path="/data/user/0/com.carrier.bugreportapp.public/files/bugreports/bugreport-2021-01-14-20-08-51.zip" dev="dm-8" ino=25218 scontext=u:r:dumpstate:s0 tcontext=u:object_r:app_data_file:s0:c7,c257,c512,c768 tclass=file permissive=0
Bug: 161393541
Test: atest CtsCarrierApiTestCases:BugreportManagerTest
Change-Id: I443b1f6cd96223ed600c4006bc344c2a8663fdc7
Access to /proc/locks is necessary to activity manager to determine
wheter a process holds a lock or not prior freezing it.
Test: verified access of /proc/locks while testing other CLs in the same
topic.
Bug: 176928302
Change-Id: I14a65da126ff26c6528edae137d3ee85d3611509
- Update policy for new system service, used for AiAi/Apps to
present data in their UI.
Bug: 173243538
Bug: 176208267
Test: manual. Can boot to home and get manager successfully.
Change-Id: Ie88c6fa7ed80c0d695daaa7a9c92e11ce0fed229
This simplifies operation by removing a special case for user builds.
Test: atest CtsPerfettoTestCases on user
Test: atest CtsPerfettoTestCases on userdebug
Test: atest perfetto_integrationtests on userdebug
Bug: 153139002
Change-Id: Ibbf3dd5e4f75c2a02d931f73b96fabb8157e0ebf
These flags should be writeable to the shell for both root and non-root
users. They should be readable everywhere, as they're read in libc
during initialization (and there's nothing secret to hide). We just
don't want to allow apps to set these properties.
These properties are non-persistent, are for local developer debugging
only.
Bug: 135772972
Bug: 172365548
Test: `adb shell setprop memtag.123 0` in non-root shell succeeds.
Change-Id: If9ad7123829b0be27c29050f10081d2aecdef670
This change will help debug builds with keeping debugfs
disabled during run time. Instead, debugfs will be mounted by init
to enable boot time initializations to set up debug data collection
and unmounted after boot. It will be also be mounted by dumpstate
for bug report generation and unmounted after.
It resolves the following avc denial:
avc: denied { mounton } for comm="init" path="/sys/kernel/debug" dev="debugfs"
ino=1 scontext=u:r:init:s0 tcontext=u:object_r:debugfs:s0 tclass=dir permissive=0
Bug: 176936478
Test: make && boot
Change-Id: I5bc819eb0cc36bdc32565c17a16da8838baf946a
See go/rescue-party-reboot for more context.
One integer will be stored in a file in this
directory, which will be read and then deleted at the
next boot. No userdata is stored.
Test: Write and read from file from PackageWatchdog
Bug: 171951174
Change-Id: I18f59bd9ad324a0513b1184b2f4fe78c592640db
Nothing should be depending on the details.
I haven't removed public/shared_relro.te entirely - there's a reference to shared_relro in public/app.te, and at least one reference to the domain outside of system policy.
Fix: 175867372
Test: Presubmits
Change-Id: I5fd4090f4b445520c4fa767c1835a5bb4e9cb146
ConnectivityService is going to become mainline and can not
access hidden APIs. Telephony and Settings were both accessing
the hidden API ConnectivityManager#getMobileProvisioningUrl.
Moving #getMobileProvisioningUrl method into telephony means
that there is one less access to a hidden API within the overall
framework since the Connectivity stack never needed this value.
Thus, move getMobileProvisioningUrl parsing to telephony surface
and provide the corresponding sepolicy permission for its access.
The exsting radio_data_file is an app data type and may allow
more permission than necessary. Thus create a new type and give
the necessary read access only.
Bug: 175177794
Test: verify that the radio process could read
/data/misc/radio/provisioning_urls.xml successfully
Change-Id: I191261a57667dc7936c22786d75da971f94710ef
This macro creates the necessary neverallow to assert the
hal_power_stats_{client,server} attribute has exclusive ownership of
the service.
Bug: 176180039
Test: build/TH
Change-Id: I710eadc4c4f4642937aa16a25fe559e1cd3c9224
This macro creates the necessary neverallow to assert the
hal_can_*_{client,server} attribute has exclusive ownership of
the service.
Bug: 176180039
Test: build/TH
Change-Id: I876b50e4184ef787117d5ca67c7fbd522d82687c
This macro creates the necessary neverallow to assert the
hal_audiocontrol_{client,server} attribute has exclusive ownership of
the service.
Bug: 176180039
Test: build/TH
Change-Id: I2046e31f5cf04b560b842a03eafbec597443f15f
