Commit graph

6501 commits

Author SHA1 Message Date
Yifan Hong
2576a2fc30 Add /boot files as ramdisk_boot_file.
/boot/etc/build.prop is a file available at first_stage_init to
be moved into /second_stage_resources.

The file is only read by first_stage_init before SELinux is
initialized. No other domains are allowed to read it.

Test: build aosp_hawk
Test: boot and getprop
Bug: 170364317
Change-Id: I0f8e3acc3cbe6d0bae639d2372e1423acfc683c7
2020-10-08 07:55:12 -07:00
Florian Mayer
752e48d4c2 Allow heapprofd to read shell_data_file.
This allows to profile binaries pushed by the user.

Test: run profile of out of tree perfetto on flame userdebug.
Bug: 170208766
Change-Id: I152d6d244cc5065ee2de24f839e4ad467bc22cdc
2020-10-08 12:49:06 +00:00
Adam Shih
b5f770a8b8 Merge "Suppress errors that are not needed" 2020-10-08 01:53:52 +00:00
Steven Moreland
52b0886903 Rem /vendor app neverallow to get vendor services
This CL changes a neverallow for /vendor apps accessing vendor_service.
Originally, /vendor apps ({appdomain -coredomain}) were disallowed from
accessing all AIDL services since they are platform implementation
details that may change over time, and these apps run in a system
context. However, now, vendor services can be stable. So, in order to
give the flexibility needed for vendor framework components installed to
the /vendor partition to access AIDL HALs, opening this up.

Bug: 163478173
Test: build (validates neverallows)
Change-Id: Ic2280021e875671ad99e3f1ba820c6e4408fd645
2020-10-07 22:38:46 +00:00
linpeter
d62ddfef9c sepolicy: remove hal_light_severice exception
Bug: 148154485
test: build pass, HBM switch
Change-Id: I775ee6015b03817ed1394f3b6c306f4b5153190e
Merged-In: I775ee6015b03817ed1394f3b6c306f4b5153190e
(cherry picked from commit 0c09c42f23)
2020-10-07 22:34:35 +00:00
Yifan Hong
6bb5a76d29 Add ro.bootimage.* property contexts
In addition, allow shell to read this property.

Test: getprop -Z
Test: cts-tradefed run cts -m CtsGestureTestCases
      and check /sdcard/device-info-files/PropertyDeviceInfo.deviceinfo.json

Bug: 169169031
Change-Id: Ib71b01bac326354696e159129f9dea4c2e918c51
2020-10-07 11:55:20 -07:00
Yo Chiang
e939cbdd37 Add F2FS_IOC_SEC_TRIM_FILE ioctl code
`secdiscard` calls ioctl(F2FS_IOC_SEC_TRIM_FILE). Add the ioctl
definition and allow rule.

Bug: 170275781
Bug: 140759142
Bug: 168571434
Test: Build pass
Change-Id: I967e0a3c1216f36174f08d5ace2f7a6bcd4103b6
2020-10-07 17:39:46 +00:00
Lais Andrade
ac2da76606 Add sepolicy for vibrator manager
This will allow SystemServer to add the new vibrator manager service.

Bug: 166586119
Test: manually build and install on test device
Change-Id: I496f46e2f5482aaa7bfba31d6c6b2967486941cc
2020-10-07 13:17:58 +00:00
Adam Shih
e712c3db12 Suppress errors that are not needed
The purpose of misc_writer is to write misc partition. However,
when it includes libfstab, it will probe files like kernal command
line (proc/cmdline) and metadata, which are permissions it does not
need.

Bug: 170189742
Test: Boot under permissive mode and find the errors gone.
Change-Id: Icda3200660a3bee5cadb6f5e0026fa71941ae5dc
2020-10-07 08:52:51 +00:00
Jakub Pawlowski
63ef2b68ae Merge "Revert "Add vendor_property_type to vendor_default_prop"" 2020-10-05 11:53:47 +00:00
Jakub Pawlowski
80d6227114 Revert "Add vendor_property_type to vendor_default_prop"
This reverts commit d68d0ca0fc.

Reason for revert: broke build

Change-Id: I52905a143a31829d3825a2aa07bbf09b957240f0
2020-10-05 11:52:47 +00:00
Treehugger Robot
0a38cd30f8 Merge "Add vendor_property_type to vendor_default_prop" 2020-10-05 11:27:21 +00:00
Neil Fuller
5d1e781b66 Merge "Expand timezonedetector_service API access" 2020-10-05 10:24:21 +00:00
Inseob Kim
d68d0ca0fc Add vendor_property_type to vendor_default_prop
Bug: 159097992
Test: m selinux_policy
Change-Id: Ic5fca5ff263584fe3e8b334003d671d706070cb8
2020-10-05 15:02:20 +09:00
Janis Danisevskis
7736979337 Merge "Move list permission from keystore2_key to keystore class." 2020-10-01 16:49:33 +00:00
Janis Danisevskis
ed96f5c518 Move list permission from keystore2_key to keystore class.
The list permission protects the ability to list arbitrary namespaces.
This is not a namespace specific permission but a Keystore specific
permission. Listing the entries of a given namsepace is covered by the
get_info permission already.

Test: N/A
Merged-In: If6e79fd863a79acf8d8ab10c6362a4eeaa88a5b8
Change-Id: If6e79fd863a79acf8d8ab10c6362a4eeaa88a5b8
2020-09-30 12:18:26 -07:00
Neil Fuller
804329881f Expand timezonedetector_service API access
TimeZoneDetectorService will be accessed as part of a new @SystemApi,
TimeManager.

For CTS testing, the TimeZoneDetectorService needs to be accessible by
the CTS test app, this means the sepolicy for the service needs to be
expanded to less trusted clients. During tests we can expand the Android
permissions to those of the Shell process, but it looks like selinux
still needs this change even though "real" clients will be privileged
apps.

It's probable that the time / time detector services will be used in
public SDK TimeManager APIs in the future.

Bug: 159891384
Test: build only (and CTS tests not yet submitted in AOSP)
Change-Id: Ieb4b40505aa990e572435c098a66c489746d4c45
2020-09-30 13:44:41 +01:00
Ilya Matyukhin
d2acfb0f9c Merge "Add sepolicy for IFace" 2020-09-29 20:20:00 +00:00
Ilya Matyukhin
9bd164241e Add sepolicy for IFace
Bug: 168730443
Test: run on cuttlefish
Change-Id: Ie3cf791e7aac090788c7213d23487ae9f50b0690
2020-09-28 15:57:59 -07:00
Mariia Sandrikova
44c7a7029e Add attribute for all vendor hwservice.
Bug: 159707777
Test: make
Change-Id: Ie3ab6d362b970ae8a9f0a8f1c0109bf03d521ce0
2020-09-25 22:15:33 +01:00
Treehugger Robot
e1cff8b763 Merge "Add GNSS AIDL interfaces (system/sepolicy)" 2020-09-24 20:49:07 +00:00
Yu-Han Yang
bbd0ecedbb Add GNSS AIDL interfaces (system/sepolicy)
Bug: 159467682
Test: built and run on cuttlefish
Change-Id: I071e8427ea0251139661aa8123376c56e0839390
2020-09-24 12:03:30 -07:00
Jack Yu
dd64813204 Add sepolicy to allow read/write nfc snoop log data
Bug: 153704838
Test: nfc snoop log could be accessed
Change-Id: I694426ddb776114e5028b9e33455dd98fb502f0a
2020-09-24 17:36:07 +08:00
Yifan Hong
0299faf7cd Merge "Add gki.prevent_downgrade_*" 2020-09-23 23:25:35 +00:00
Nick Moukhine
75568c5540 Merge "Add sepolicy for music recognition service." 2020-09-23 13:26:52 +00:00
Nick Moukhine
affe2399b5 Add sepolicy for music recognition service.
Denial when not listed in priv_app.te:
E SELinux : avc:  denied  { find } for pid=3213 uid=10170 name=music_recognition scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:music_recognition_service:s0 tclass=service_manager permissive=0


Bug: 158194857
Test: patched and tested on internal master
Change-Id: I30e9ea79a57d9c353b732b629bd5a829c89bbcb0
2020-09-23 10:57:19 +00:00
Yu-Han Yang
9f1836ce1a Merge "Revert "Add GNSS AIDL interfaces (system/sepolicy)"" 2020-09-22 23:31:14 +00:00
Yifan Hong
cb23ab4618 Add gki.prevent_downgrade_*
Add ro.build.ab_update.gki.prevent_downgrade_{version,spl} for
update_engine to determine whether downgrade in kernel version or SPL is
considered an error or not.

Bug: 162623577
Test: update_engine_unittest
Test: apply OTA

Change-Id: If602924d50a2d5cfb3c256b82491c413a9d39f9d
2020-09-22 14:09:49 -07:00
Aleks Rozman
a1ba5a9f5a Revert "Add GNSS AIDL interfaces (system/sepolicy)"
This reverts commit d5f59b1b77.

Reason for revert: b/169150373

Change-Id: I3d5e20400ea8ee0e9ae439497245c09a13aaa716
2020-09-22 18:25:48 +00:00
John Stultz
83ae7e71f9 sepolicy: mediaserver.te: Add read permission to dmabuf_system_heap_device
Following Hridya's patches, I found one more place where
dmabuf system heap access is needed in order to play back video
without ION

Audit error:
09-22 05:34:36.545   478   478 W NPDecoder-CL: type=1400 audit(0.0:65): avc: denied { read } for name="system" dev="tmpfs" ino=631 scontext=u:r:mediaserver:
s0 tcontext=u:object_r:dmabuf_system_heap_device:s0 tclass=chr_file permissive=0

Signed-off-by: John Stultz <john.stultz@linaro.org>
Change-Id: I016a260b936a343a29f0e3bbb565b52bbcb0133a
2020-09-22 05:35:37 +00:00
Steven Moreland
ab6d3eb06c Merge "Clarify comments on 3rd party app attributes." 2020-09-21 22:28:50 +00:00
Yu-Han Yang
7c7b41715e Merge "Add GNSS AIDL interfaces (system/sepolicy)" 2020-09-21 20:24:37 +00:00
Treehugger Robot
714e134b25 Merge changes If936c556,Ief48165c
* changes:
  Add permissions required for new DMA-BUF heap allocator
  Define a new selinux label for DMABUF system heap
2020-09-21 17:59:16 +00:00
Jooyung Han
68c1986c21 Allow ueventd to read apex mount directories.
ueventd now scans /apex/*/firmware/ directories to find firmwares.

Bug: 167942098
Test: loading firmware from vibrator apex (sunfish)
Change-Id: I76e32e3c290fa07307377bc6fbea41c1783e40a6
2020-09-18 15:21:37 +09:00
Yu-Han Yang
d5f59b1b77 Add GNSS AIDL interfaces (system/sepolicy)
Bug: 159467682
Test: on cuttlefish
Change-Id: Iae7ceefe985096bcf9140e2a3592aade7ad70407
2020-09-17 13:31:29 -07:00
Steven Moreland
826b92fe34 Clarify comments on 3rd party app attributes.
Certain classes of 3rd party apps aren't untrusted_app_domain, but
some comments surrounding this are either outdated or wrong.

Bug: 168753404
Test: N/A
Change-Id: I019c16e26a3778536132f22c37fbea5ae7781af4
2020-09-17 17:15:26 +00:00
Marco Ballesio
7be9e9e372 Merge "sepolicy: allow system server for BINDER_GET_FROZEN_INFO" 2020-09-17 15:54:46 +00:00
Steven Moreland
9a4c8d3043 Merge "Remove thermalcallback_hwservice." 2020-09-17 00:37:28 +00:00
Yifan Hong
b8e0f11986 Merge "Revert "Add modules partition"" 2020-09-16 22:45:55 +00:00
Steven Moreland
19deb1f856 Remove thermalcallback_hwservice.
There is no need for this type to be declared because it is never
registered with hwservicemanager.

This has been removed in the past but it seems it didn't automerge.

Bug: 109802374
Test: N/A
Change-Id: Id9bbc5762b6dcc8066c8543cb93db937cc4fc858
2020-09-16 21:57:05 +00:00
Steven Moreland
3c0939f08e Merge "Make AIDL HAL client attribute an exclusive client." 2020-09-16 20:32:47 +00:00
Hridya Valsaraju
a0e1be0fd3 Add permissions required for new DMA-BUF heap allocator
avc: denied { read } for comm=4E444B204D65646961436F6465635F name="system" dev="tmpfs" ino=379
scontext=u:r:system_server:s0 tcontext=u:object_r:dmabuf_system_heap_device:s0 tclass=chr_file
permissive=1 avc: denied { open } for comm=4E444B204D65646961436F6465635F
path="/dev/dma_heap/system" dev="tmpfs" ino=379 scontext=u:r:system_server:s0
tcontext=u:object_r:dmabuf_system_heap_device:s0 tclass=chr_file permissive=1 avc: denied { read }
for comm="HwBinder:413_3" name="system" dev="tmpfs" ino=379 scontext=u:r:mediaswcodec:s0
tcontext=u:object_r:dmabuf_system_heap_device:s0 tclass=chr_file permissive=0 avc: denied { ioctl }
for comm=4E444B204D65646961436F6465635F path="/dev/dma_heap/system" dev="tmpfs" ino=379
ioctlcmd=0x4800 scontext=u:r:system_server:s0 tcontext=u:object_r:dmabuf_system_heap_device:s0
tclass=chr_file permissive=1 avc: denied { read } for comm=4E444B204D65646961436F6465635F
name="system" dev="tmpfs" ino=379 scontext=u:r:platform_app:s0:c512,c768
tcontext=u:object_r:dmabuf_system_heap_device:s0 tclass=chr_file permissive=0
app=com.android.systemui it(0.0:83): avc: denied { read } for comm=4E444B204D65646961436F6465635F
name="system" dev="tmpfs" ino=379 scontext=u:r:platform_app:s0:c512,c768
tcontext=u:object_r:dmabuf_system_heap_device:s0 tclass=chr_file permissive=0
app=com.android.systemui

Test: video playback without denials with DMA-BUF heaps enabled
Bug: 168333162
Change-Id: If936c5561ebf891e4b687a2c18760d16e0d31275
2020-09-16 13:21:50 -07:00
Treehugger Robot
c5bb4e5744 Merge "Set expandattribute false for property attributes" 2020-09-16 02:03:52 +00:00
Yifan Hong
38a901df56 Revert "Add modules partition"
Revert submission 1413808-modules_partition

Reason for revert: modules partition no longer needed
Reverted Changes:
Iceafebd85:Add modules partition
I2fa96199a:rootdir: Add modules directory
Ie397b9ec6:Add modules partition.
I4200d0cf5:fastboot: add modules partition

Bug: 163543381

Change-Id: I613d4efa346b217e0131b14424bc340ad643e1d6
2020-09-15 19:08:24 +00:00
Benjamin Schwartz
dc505c51ea Merge "Create Power Stats AIDL interface" 2020-09-15 16:39:36 +00:00
Inseob Kim
2eb0396cb4 Set expandattribute false for property attributes
To prevent these from being optimized away.

Bug: 161083890
Test: m selinux_policy
Change-Id: Ic587df21390f6ca553bf6be9ba77685f8c048ebf
2020-09-15 12:22:44 +09:00
Neil Fuller
dbc1ccac14 Add location_time_zone_manager_service
The LocationTimeZoneManagerService is being added as a "true" service so
that it can be invoked by a shell command (i.e. adb shell cmd). This
also means it will be dumped as part of dumpsys.

Test: Build only
Bug: 149014708
Change-Id: Ie60c4bea3af27a89b88ed753f9cf6e74aab04cd3
2020-09-14 15:19:02 +01:00
Marco Ballesio
9e7e3fd55f sepolicy: allow system server for BINDER_GET_FROZEN_INFO
the new ioctl allows system server to verfiry the state of a frozen
binder inderface before unfreezing a process.

Bug: 143717177
Test: verified ActivityManager could access the ioctl
Change-Id: Id9d90d072ce997ed20faa918ec68f1110e2bac8f
2020-09-11 15:41:31 -07:00
Hridya Valsaraju
a7cd26e664 Define a new selinux label for DMABUF system heap
Define the label dmabuf_system_heap_device for /dev/dma_heap/system.
This the default DMA-BUF heap that Codec2 will use one ION is
deprecated.
Test: video playback without denials with DMA-BUF heaps enabled
Bug: 168333162

Change-Id: Ief48165cd804bde00e1881a693b5eb44a45b633b
2020-09-11 14:27:41 -07:00
Benjamin Schwartz
af8b21a6d2 Create Power Stats AIDL interface
Bug: 162472196
Test: m
Merged-In: I948ef2959b25d776d3b01985fea5eb695fd4fc1e
Change-Id: I12dc33ce055c7275559cce33142cfb2aacc5471f
2020-09-10 22:34:49 -07:00
Dmitri Plotnikov
b08351fa4f Define power.battery_input.suspended property
Bug: 167636754

Test: on a device that has triggers configured for this property
Test: adb shell setprop power.battery_input.suspended true to disable charging
Test: adb shell setprop power.battery_input.suspended false to reenable charging

Merged-In: I79209530d5355a59a1cb7a61c629339cd62f8eb1
Merged-In: I4692d84d5c137d11c6f648d15083614e707fdd07
Change-Id: I7a20c0d561a21fa958cf71c499604d70efdbe979
2020-09-10 22:33:24 -07:00
Dmitri Plotnikov
8cad90e5f9 Define power.battery_input.suspended property
Bug: 167636754

Test: on a device that has triggers configured for this property
Test: adb shell setprop power.battery_input.suspended true to disable charging
Test: adb shell setprop power.battery_input.suspended false to reenable charging

Merged-In: I79209530d5355a59a1cb7a61c629339cd62f8eb1
Merged-In: I4692d84d5c137d11c6f648d15083614e707fdd07
Change-Id: I4692d84d5c137d11c6f648d15083614e707fdd07
2020-09-10 18:52:30 -07:00
Treehugger Robot
fd735237e4 Merge "Add sepolicy for IFingerprint" 2020-09-11 01:11:03 +00:00
Yifan Hong
bf40692c20 Merge "Add modules partition" 2020-09-11 00:25:24 +00:00
Steven Moreland
82f7900341 Make AIDL HAL client attribute an exclusive client.
Like HIDL HALs, if we have a service which is allowed to access
hal_<foo>_service, we want that service to have the attribute
hal_<foo>_client.

Unlike HIDL HALs, some AIDL services are allowed to get ahold of all
HALs, so these have to be exempted from this check.

Fixes: 168152053
Test: neverallows pass
Change-Id: I4bce6d9441c2921c3ea40f2b01fef4030c02a28a
2020-09-11 00:02:00 +00:00
Ilya Matyukhin
c71c2993e9 Add sepolicy for IFingerprint
Bug: 152416783
Test: run on cuttlefish
Change-Id: I58d7c3bc9c81612b03bab3b9da938c091c02e3c1
2020-09-10 16:50:19 -07:00
Yifan Hong
648d956cc0 Add modules partition
Add updateable_module_file that describes all files under /modules. If
more directories (e.g. /modules/apex etc.) are added in the future,
separate labels should be applied to them.

Bug: 163543381
Test: on CF check /proc/mounts

Change-Id: Iceafebd85a2ffa47a73dce70d268d8a6fb5a5103
2020-09-08 16:35:51 -07:00
Marco Ballesio
8e0ea3114f Merge "sepolicy: restrict BINDER_FREEZE to system_server" am: a16308f09a
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1419071

Change-Id: Iada71ad80a4e8b59feb5bf8b07cf278c5b5753b0
2020-09-08 16:22:22 +00:00
Marco Ballesio
5fe69e082a sepolicy: restrict BINDER_FREEZE to system_server
BINDER_FREEZE is used to block ipc transactions to frozen processes, so
only system_server must be allowed to use it.

Bug: 143717177
Test: manually verified that attempts to use BINDER_FREEZE by processes
other
than system_server receive a sepolicy denial
Test: verified that system_server can enable/disable the freezer in
binder

Change-Id: I0fae3585c6ec409809e8085c1cc9862be4755889
2020-09-03 14:12:17 -07:00
Treehugger Robot
61d4da7602 Merge "Add shell_test_data_file for /data/local/tests" am: d482ae77d1
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1416433

Change-Id: I71009bfcae1753f0cf46042a41e567e543f02322
2020-09-03 03:07:05 +00:00
Xin Li
bcbd2f8916 Merge "Merge Android R (rvc-dev-plus-aosp-without-vendor@6692709)" into stage-aosp-master 2020-09-01 20:03:58 +00:00
Colin Cross
da4e51b71f Add shell_test_data_file for /data/local/tests
Add a domain for /data/local/tests which will be used by atest
to execute tests on devices as shell or root.

Bug: 138450837
Test: atest binderVendorDoubleLoadTest memunreachable_unit_test memunreachable_binder_test
Change-Id: Ia34314bd9430e21c8b3304ac079e3d9b5705e19c
2020-09-01 11:17:19 -07:00
Yi Kong
1be8dfacfd Move a couple of treble policies to private
We need to add an exception for a private type, it can only be
recognised if these are private policies.

Bug: 79161490
Test: TreeHugger
Change-Id: Icc902389e545f1ff4c92d2ab81c0617a3439f466
2020-08-31 13:55:41 +00:00
Yi Kong
cdacc620b7 Add file context type for /sys/devices/cs_etm
This is the cs_etm (Coresight ETM) sysfs directory.

Bug: 79161490
Test: build
Change-Id: I9a66bb4b2684ef8637106a36f7d490d8f805cabf
2020-08-31 08:28:12 +00:00
Xin Li
11da9e6792 Merge Android R (rvc-dev-plus-aosp-without-vendor@6692709)
Bug: 166295507
Merged-In: I6d0b1be1a46288fff42c3689dbef2f7443efebcc
Change-Id: I133180d20457b9f805f3da0915e2cf6e48229132
2020-08-29 01:45:24 -07:00
Steven Moreland
6ced6ff339 Merge "Remove binder_in_vendor_violators." 2020-08-28 17:04:07 +00:00
Steven Moreland
5c0a0a8190 Remove binder_in_vendor_violators.
It's release blocking if devices specify it. Since none are used
in-tree anymore, no reason to every use this again.

Bug: 131617943
Test: grepping source/build (which validates this isn't used)
Change-Id: I6f98ab9baed93e11403a10f3a0497c855d3a8695
2020-08-27 00:00:35 +00:00
Gavin Corkery
df9d784e6d Merge "Selinux policy for new userspace reboot logging dir" 2020-08-26 21:47:19 +00:00
Gavin Corkery
ed62b31812 Selinux policy for new userspace reboot logging dir
Add userspace_reboot_metadata_file, which is written to by init,
and read by system server. System server will also handle the
deletion policy and organization of files within this directory,
so it needs additional permissions.

Test: Builds
Bug: 151820675
Change-Id: Ifbd70a6564e2705e3edf7da6b05486517413b211
2020-08-26 21:00:09 +01:00
Hiroki Sato
09882d209c Replace hal_dumpstate with hal_dumpstate_server
After change Ia7437b8297794502d496e9bd9998dddfdcb747ef, some build
targets are broken. This change fixes it.

Bug: 166334688
Test: build
Change-Id: Iaf6ca1ae5c461bd3c5059b27a148c7858679f795
2020-08-26 10:23:05 +00:00
Inseob Kim
c9610def68 Fix product property type macros
Bug: N/A
Test: build with product_*_prop(...)
Change-Id: Iac906b41ec69023abd41881462f09e268944816b
2020-08-25 16:38:13 +09:00
Songchun Fan
1d4f2221cd Merge "[selinux] allow system_server to call INCFS_IOC_GET_FILLED_BLOCKS ioctl" 2020-08-20 17:07:40 +00:00
Songchun Fan
4be0afbfb7 [selinux] allow system_server to call INCFS_IOC_GET_FILLED_BLOCKS ioctl
This allows Incremental Service (part of system_server) to query the
filled blocks of files on Incremental File System.

Test: atest service.incremental_test
BUG: 165799231
Change-Id: Id63f8f325d92fef978a1ad75bd6eaa8aa5e9e68b
2020-08-20 16:00:00 +00:00
Inseob Kim
46dd4be366 Reland "Add persist.dumpstate.verbose_logging.enabled to system/..."
This reverts commit 409c038d3c.

Reason for revert: fixed breakage

Bug: 163759751
Test: lunch sdk; m selinux_policy
Change-Id: I59d170cd3a764209d353d77372387fdc8719ea7f
2020-08-18 11:31:42 +09:00
Bonian Chen
e4d26aef3e Merge "Revert "Add persist.dumpstate.verbose_logging.enabled to system/..."" 2020-08-18 02:21:32 +00:00
Roman Kiryanov
409c038d3c Revert "Add persist.dumpstate.verbose_logging.enabled to system/..."
Revert submission 1401269-dumpstate-prop

Reason for revert: build break, "Failed to build policydb".
Reverted Changes:
I058100eac:Add persist.dumpstate.verbose_logging.enabled to s...
Ia0656a3cb:Move hal_dumpstate's property from goldfish

Change-Id: I3a49545d3ee69fdae54ad66e44ec28b6cbfb4b87
2020-08-18 01:41:13 +00:00
Treehugger Robot
1a25123361 Merge "Add persist.dumpstate.verbose_logging.enabled to system/sepolicy" 2020-08-18 01:00:14 +00:00
Roman Kiryanov
dc2f9a86f0 Add persist.dumpstate.verbose_logging.enabled to system/sepolicy
hardware/interfaces/dumpstate/1.1 refers to this property,
so it must be defined in system/sepolicy.

Bug: 163759751
Test: atest VtsHalDumpstateV1_1TargetTest
Signed-off-by: Roman Kiryanov <rkir@google.com>
Change-Id: I058100eacd05e32de56e0ff9de465625a2e71e9c
2020-08-17 16:45:47 -07:00
Marco Ballesio
8f280b0847 sepolicy support for cgroup v2
cgroup v2 is going to be used for freezer v2 support. The cgroup v2 hiearchy
will be mounted by init under /sys/fs/cgroup hence proper access rights
are necessary for sysfs. After mounting, the cgroup v2 kernfs will use
the label cgroup_v2 and system_manager will handle the freezer

Bug: 154548692
Test: verified that files undes sysfs and cgroup v2 kernfs are accessed
as required to allow proper functioning for the freezer.

Change-Id: Idfb3f6e77b60dad032d1e306d2f9b58cd5775960
2020-08-17 09:49:10 -07:00
Martijn Coenen
cdecd3ca4c Merge "Add policy for LOOP_CONFIGURE ioctl." 2020-08-12 06:38:37 +00:00
Martijn Coenen
47f61db25e Add policy for LOOP_CONFIGURE ioctl.
This is a new ioctl for configuring loop devices, and is used by apexd.

Bug: 148607611
Bug: 161575393
Test: boot on device with/without LOOP_CONFIGURE
Change-Id: I9ef940c7c9f91eb32a01e68b858169c140d15d0f
Merged-In: I9ef940c7c9f91eb32a01e68b858169c140d15d0f
2020-08-11 13:22:09 +00:00
Nelson Li
ea973db671 Revert "sepolicy: remove hal_light_severice exception"
This reverts commit e83da12576.

Reason for revert: It cause build break

Bug: 163434807
Change-Id: I756d313c52d243f37294aa57d31c43b0a14bc05f
2020-08-11 05:46:20 +00:00
linpeter
e83da12576 sepolicy: remove hal_light_severice exception
Bug: 148154485
Test: build pass, HBM switch
Change-Id: I65e7d8d4783af9427c05f6082fd487b79f70397f
2020-08-10 09:59:15 +08:00
Inseob Kim
96b9d86a0e Remove exported2_system_prop
It's not used anymore.

Bug: 161659925
Test: boot
Change-Id: I5b08bdace28a509d464759a66025c951178225c6
Merged-In: I5b08bdace28a509d464759a66025c951178225c6
(cherry picked from commit 7d96ddbfb0)
2020-08-06 12:52:32 +09:00
Janis Danisevskis
abb93f24c0 Make Keystore equivalent policy for Keystore2
Bug: 158500146
Bug: 159466840
Test: keystore2_test tests part of this policy
Change-Id: Id3dcb2ba4423d93170b9ba7ecf8aed0580ce83bc
Merged-In: Id3dcb2ba4423d93170b9ba7ecf8aed0580ce83bc
2020-08-05 16:11:48 +00:00
Janis Danisevskis
c40681f1b5 Add libselinux keystore_key backend.
We add a new back end for SELinux based keystore2_key namespaces.
This patch adds the rump policy and build system infrastructure
for installing keystore2_key context files on the target devices.

Bug: 158500146
Bug: 159466840
Test: None
Change-Id: I423c9e68ad259926e4a315d052dfda97fa502106
Merged-In: I423c9e68ad259926e4a315d052dfda97fa502106
2020-08-05 16:11:48 +00:00
Yifan Hong
537ec551c8 Merge "Add update_engine_stable_service" 2020-08-04 19:06:08 +00:00
Treehugger Robot
142d16a964 Merge "Allow dumpstate to dump auto hal servers" 2020-08-04 17:28:41 +00:00
Danning Chen
3ecbc38868 Merge "Add sepolicy for people service" 2020-08-03 18:54:31 +00:00
Inseob Kim
4ae7ec1915 Remove exported3_radio_prop
It's renamed to radio_control_prop

Bug: 162214733
Test: boot
Change-Id: Idede1a1ab471a354a6f5df12b6889abc7c1ad869
2020-08-03 09:23:39 +00:00
Inseob Kim
acd02fc5e4 Rename exported3_radio_prop to radio_control_prop
The context name exported3_radio_prop is ambiguous and does not reflect
the usage and role of the properties. This changes its name to
radio_control_prop.

Some downstream branches are still using exported3_radio_prop, so
get_prop(domain, radio_control_prop) is added to avoid regression. It's
just a workaround and to be removed soon, after all exported3_radio_prop
are cleaned up.

Bug: 162214733
Test: boot a device with a sim and see basic functions work
Change-Id: If5fe3be7c64b36435c4ad0dc9a8089077295d502
Merged-In: If5fe3be7c64b36435c4ad0dc9a8089077295d502
2020-08-03 09:23:02 +00:00
Yifan Hong
42351f9aab Add update_engine_stable_service
This is the stable AIDL binder interface that update_engine exposes in
addition to update_engine_service.

Test: run update_engine
Bug: 160996544

Change-Id: I28ba11810844373d48c8c203f79e98150f932942
2020-07-31 15:49:10 -07:00
Treehugger Robot
2da4fe7673 Merge "Allow dumpstate to getattr apex_info_file:file" 2020-07-31 21:46:01 +00:00
Treehugger Robot
9892a59ca6 Merge "Allow dumpstate to dump hal_light" 2020-07-31 21:44:39 +00:00
Danning Chen
134ac19776 Add sepolicy for people service
This is to allow people service to publish a binder service that expose
system private APIs to retrive and manage the recent cached
conversations.

Test: build and run on a test device
Bug: 162593584
Change-Id: I31b5d8bc851ea7225e215b3f86ed6d47b32b1ba4
2020-07-31 14:37:47 -07:00
Roman Kiryanov
b76d0b3060 Allow dumpstate to getattr apex_info_file:file
required by the CTS test.

Bug: 162594434
Test: atest android.security.cts.SELinuxHostTest#testNoBugreportDenials
Signed-off-by: Roman Kiryanov <rkir@google.com>
Change-Id: Ic9962415d740e300ceb418b3265c24433a9e4f4c
2020-07-31 13:39:11 -07:00
Roman Kiryanov
83b88d5d61 Allow dumpstate to dump hal_light
Bug: 162594434
Test: atest android.security.cts.SELinuxHostTest#testNoBugreportDenials
Signed-off-by: Roman Kiryanov <rkir@google.com>
Change-Id: I440b5627abe0127324679fcb54bc52a68c44bea4
2020-07-31 13:37:59 -07:00
Jeff Sharkey
a0e7a6da28 Update language to comply with Android's inclusive language guidance
See https://source.android.com/setup/contribute/respectful-code for reference

Bug: 161896447
Change-Id: I0caf39b349c48e44123775d98c52a773b0b504ff
2020-07-31 12:28:11 -06:00
Yiming Jing
2fd322f630 Allow dumpstate to dump auto hal servers
audiocontrol_hal, vehicle_hal and evs_hal were added to dump_util.cpp in
b/148098383. But the coresponding dumpstate.te is not updated to relfect
the changes, causing denials when dumpstate attempts to dump auto hal servers.

This CL updates dumpstate.te to allow dumpstate to access auto hal servers.

Bug: 162537916
Test: sesearch -A -s dumpstate -t hal_audiocontrol_server -p signal sepolicy
Test: sesearch -A -s dumpstate -t hal_vehicle_server -p signal sepolicy
Test: sesearch -A -s dumpstate -t hal_evs_server -p signal sepolicy
Change-Id: If6d6e4d9c547da17817f2668dc4f2a093bddd632
2020-07-31 10:19:22 -07:00
Treehugger Robot
a9e195943c Merge "Allow vendor_init to set service.adb.tcp.port" 2020-07-31 04:54:38 +00:00
Tom Cherry
9949bba70a Allow logd to set logd_prop
Test: logd sets ro.logd.kernel successfully
Change-Id: Ia0afd81627f344f525ac1e26028181f41084485d
2020-07-28 11:26:01 -07:00
Hongguang Chen
67c3688497 Allow vendor_init to set service.adb.tcp.port
adbd and apps (SystemUI and CTS test apps) need to read it.

BUG: 162205386
Test: Connect to device which sets service.adb.tcp.port in vendor
      partition through TCP adb.

Change-Id: Ia37dd0dd3239381feb2a4484179a0c7847166b29
2020-07-28 02:13:03 +00:00
Joel Galenson
b0d74a1f5b Update sepolicy to use inclusive language
See https://source.android.com/setup/contribute/respectful-code for reference

#inclusivefixit

Bug: 161896447
Test: Build
Change-Id: If612f2270c8ba1d7fc2cbda3b2e8ca3818c0a1be
2020-07-27 16:52:04 +00:00
Inseob Kim
40c67b20f6 Remove exported2_default_prop
This cleans up remaining exported2_default_prop. Three properties are
changed.

- ro.arch
It becomes build_prop.

- hal.instrumentation.enable
It becomes hal_instrumentation_prop.

- ro.property_service.version
It becomes property_service_version_prop.

Bug: 155844385
Test: selinux denial test on Pixel devices
Change-Id: I7ee0bd8c522cc09ee82ef89e6a13bbbf65291291
2020-07-25 01:06:13 +09:00
Inseob Kim
8c34247c7f Add bootloader_prop for ro.boot. properties
ro.boot. properties assigned as "exported2_default_prop" are now
"bootloader_prop", to remove bad context name "exported2_default_prop".

Two things to clarify:

1) We have both the prefix entry and the exact entries. Although the
exact entries may be redundant, we may want to keep them. Vendors are
still allowed to have properties starting with "ro.boot." on
vendor_property_contexts file. The exact entries can prevent vendors
from modifying them to random contexts.

2) ro.boot. is special as it is originally for kernel command line
"androidboot.". But some ro.boot. properties are being used as if they
were normal. To avoid regression, ro.boot. properties having contexts
other than "exported2_default_prop" are not changed here. They will be
tracked later.

Bug: 155844385
Test: m selinux_policy
Change-Id: Ic0f4117ae68a828787304187457b5e1e105a52c7
Merged-In: Ic0f4117ae68a828787304187457b5e1e105a52c7
2020-07-24 00:15:23 +00:00
Alan Stokes
bd397a14b4 Merge "Make cross-user apps mlstrustedsubject." 2020-07-23 08:35:43 +00:00
Alan Stokes
81e4e877f3 Make cross-user apps mlstrustedsubject.
We have various apps which inherently work across all users,
configured in seapp_contexts with levelFrom=None (usually implicitly).

This change marks those apps, where they have private data files, as
mlstrustedsubject, to allow us to increase restrictions on cross-user
access without breaking them.

Currently these apps are granted full access to [priv_]app__data_file
via TE rules, but are blocked from calling open (etc) by mls rules
(they don't have a matching level).

This CL changes things round so they are granted access by mls, but
blocked from calling open by TE rules; the overall effect is thus the
same - they do not have access.

A neverallow rule is added to ensure this remains true.

Note that there are various vendor apps which are appdomain,
levelFrom=None; they will also need modified policy.

Test: builds, boots, no new denials.
Bug: 141677108

Change-Id: Ic14f24ec6e8cbfda7a775adf0c350b406d3a197e
2020-07-22 14:41:31 +01:00
Inseob Kim
162b259fed Remove exported3_default_prop
Bug: 155844385
Test: m selinux_policy
Change-Id: Ib0dc95ca2a90545286583c157d3570225ae35602
2020-07-21 04:16:04 +00:00
Inseob Kim
c97a97cd3f Move more properties out of exported3_default_prop
This is to remove exported3_default_prop. Contexts of these properties
are changed.

- ro.boot.wificountrycode
This becomes wifi_config_prop

- ro.opengles.version
This becomes graphics_config_prop. Also it's read by various domains, so
graphics_config_prop is now readable from coredomain.

- persist.config.calibration_fac
This becomes camera_calibration_prop. It's only readable by appdomain.

Bug: 155844385
Test: no denials on Pixel devices
Test: connect wifi
Change-Id: If2b6c10fa124e29d1612a8f94ae18b223849e2a9
2020-07-21 13:11:57 +09:00
Inseob Kim
c80b024241 Relabel various exported3_default_prop
This removes bad context names "exported*_prop". Property contexts of
following properties are changed. All properties are settable only by
vendor-init.

- ro.config.per_app_memcg
This becomes lmkd_config_prop.

- ro.zygote
This becomes dalvik_config_prop.

- ro.oem_unlock_supported
This becomes oem_unlock_prop. It's readable by system_app which includes
Settings apps.

- ro.storage_manager.enabled
This becomes storagemanagr_config_prop. It's readable by coredomain.
Various domains in coredomain seem to read it.

- sendbug.preferred.domain
This bcomes sendbug_config_prop. It's readable by appdomain.

There are still 3 more exported3_default_prop, which are going to be
tracked individually.

Bug: 155844385
Test: selinux denial check on Pixel devices
Change-Id: I340c903ca7bda98a92d0f157c65f6833ed00df05
2020-07-20 16:11:58 +09:00
Inseob Kim
3dbf3d8ac8 Add wifi_hal_prop and remove exported_wifi_prop
To remove bad context names "exported*_prop"

Bug: 155844385
Test: boot and see no denials
Change-Id: Icd30be64355699618735d4012461835eca8cd651
Merged-In: Icd30be64355699618735d4012461835eca8cd651
(cherry picked from commit 37c2d4d0c9)
(cherry picked from commit 3b66e9b9f8)
2020-07-17 17:38:13 +09:00
Inseob Kim
3b66e9b9f8 Add wifi_hal_prop and remove exported_wifi_prop
To remove bad context names "exported*_prop"

Bug: 155844385
Test: boot and see no denials
Change-Id: Icd30be64355699618735d4012461835eca8cd651
Merged-In: Icd30be64355699618735d4012461835eca8cd651
(cherry picked from commit 37c2d4d0c9)
2020-07-17 14:01:17 +09:00
Inseob Kim
012f68a1e1 Merge "Add property contexts for vts props" am: 98fe6847bd am: 93d1139bdc
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1361757

Change-Id: I46f056fe3fb74d247e8bfb380bef486ebb5dde01
2020-07-16 12:04:22 +00:00
Inseob Kim
212e2b621a Add property contexts for vts props
vts_config_prop and vts_status_prop are added to remove exported*_prop.
ro.vts.coverage becomes vts_config_prop, and vts.native_server.on
becomes vts_status_prop.

Bug: 155844385
Test: Run some vts and then getprop, e.g. atest \
      VtsHalAudioEffectV4_0TargetTest && adb shell getprop
Test: ro.vts.coverage is read without denials
Change-Id: Ic3532ef0ae7083db8d619d80e2b73249f87981ce
2020-07-16 16:26:17 +09:00
Ken Chen
6afd83159d Merge "Add dontaudit statement to suppress denials" am: 62f0a4d306 am: 0dbb6abf7d
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1361756

Change-Id: Ifd7886de7b665df356d7a5317de6d3942136d45c
2020-07-15 08:59:31 +00:00
Ken Chen
62f0a4d306 Merge "Add dontaudit statement to suppress denials" 2020-07-15 08:42:48 +00:00
Inseob Kim
d4be095328 Merge "Add charger related property contexts" am: 1ef68a4852 am: 6755a00ac2
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1360138

Change-Id: I3bd5bc09f07e053d061a47367d6e1dcad5ec28f6
2020-07-14 07:38:39 +00:00
Inseob Kim
1ef68a4852 Merge "Add charger related property contexts" 2020-07-14 07:07:38 +00:00
Ken Chen
e49acfa33b Add dontaudit statement to suppress denials
A few netd avc denials are observed. Supress audit messages since they
don't cause a problem.

Bug: 77870037
Test: build, flash, boot
Change-Id: I019c5af62630fcd0a35e22c560b9043bba58f6f1
2020-07-14 09:49:06 +08:00
Inseob Kim
09147311a8 Merge "Add tombstone_config_prop and move related prop" am: 00a87e48d1 am: ea1296c80e
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1355673

Change-Id: Ifa17a49ce3a3ad5a1227f62cd83258b8507ebdf4
2020-07-10 12:15:13 +00:00
Inseob Kim
00a87e48d1 Merge "Add tombstone_config_prop and move related prop" 2020-07-10 11:48:05 +00:00
Jeffrey Vander Stoep
da0c99b3d3 Merge "netd: suppress dir write to /system" am: 771376b7e2 am: f21156625c
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1360317

Change-Id: Ia44af72bf6ed9cf82d9a3a84ed413b1c838aa511
2020-07-10 10:13:20 +00:00
Jeffrey Vander Stoep
771376b7e2 Merge "netd: suppress dir write to /system" 2020-07-10 09:47:12 +00:00
Jeff Vander Stoep
f8155a0c34 netd: suppress dir write to /system
avc:  denied  { write } for  pid=661
comm="iptables-restor" name="etc" dev="overlay" ino=55668
scontext=u:r:netd:s0 tcontext=u:object_r:system_file:s0 tclass=dir
permissive=0

Occurs after an adb remount and running netd unit tests.

Bug: 160562747
Test: build tests
Change-Id: I4c8ea7ef8d00e214bf0dab1496a6b8dcc449f59e
2020-07-10 09:12:00 +02:00
Inseob Kim
8ef4792f01 Add charger related property contexts
ro.enable_boot_charger_mode and sys.boot_from_charger_mode are moved to
new property contexts for charger props to remove exported*_prop.

Bug: 155844385
Test: boot device with ro.enable_boot_charger_mode
Change-Id: I17d195d3c9c002a42125d46a5efcdb890f1c2a5c
2020-07-10 14:15:15 +09:00
Inseob Kim
9a11060432 Merge "Add keyguard_config_prop for keyguard property" am: d702d3fae1 am: 703c99cfae
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1355669

Change-Id: I5c374c8f128e48cbdc1c9446332b901582c826d1
2020-07-08 03:47:53 +00:00
Inseob Kim
d702d3fae1 Merge "Add keyguard_config_prop for keyguard property" 2020-07-08 03:22:12 +00:00
Paul Crowley
93aad35cb1 Merge "Uncrypt: Allow uncrypt to write on ota_package_file." am: 42f9a5337a am: a05c24d464
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1344636

Change-Id: Ie99b25fdab079ef68d7e102c0f7592d6cbb28c95
2020-07-07 15:49:50 +00:00
Paul Crowley
42f9a5337a Merge "Uncrypt: Allow uncrypt to write on ota_package_file." 2020-07-07 15:27:29 +00:00
Inseob Kim
14a71fb162 Add tombstone_config_prop and move related prop
tombstoned.max_tombstone_coun becomes tombstone_config_prop to remove
exported*_default_prop

Bug: 155844385
Test: tombstoned is running and logcat shows no denials
Change-Id: I57bebb5766d790dc52d40a6d106f480e0e34fa4e
2020-07-07 14:17:40 +09:00
Inseob Kim
04f435ca52 Add keyguard_config_prop for keyguard property
keyguard.no_require_sim becomes keyguard_config_prop to remove
exported*_default_prop

Bug: 155844385
Test: boot and see no denials
Change-Id: Icffa88b650a1d35d8c1cd29f89daf0644a79ddd3
2020-07-07 12:46:24 +09:00
P.Adarsh Reddy
916bd874d6 Uncrypt: Allow uncrypt to write on ota_package_file.
This adds sepolicy rule to allow uncrypt module to write
on OTA zip (for f2fs_pin_file functionality).

Also, add a few dontaudit rules to suppress harmless denials.

Denials:
I uncrypt : type=1400 audit(0.0:177): avc: denied { write } for name="update.zip" dev="dm-10" ino=7727 scontext=u:r:uncrypt:s0 tcontext=u:object_r:ota_package_file:s0 tclass=file permissive=0

I uncrypt : type=1400 audit(0.0:175): avc: denied { search } for name="/" dev="sda9" ino=2 scontext=u:r:uncrypt:s0 tcontext=u:object_r:metadata_file:s0 tclass=dir permissive=0

I uncrypt : type=1400 audit(0.0:176): avc: denied { search } for name="gsi" dev="sda9" ino=19 scontext=u:r:uncrypt:s0 tcontext=u:object_r:gsi_metadata_file:s0 tclass=dir permissive=0

Bug: 158070965
Change-Id: I473c5ee218c32b481040ef85caca907a48aadee6
2020-07-07 00:03:11 +00:00
Treehugger Robot
efbfcfc28e Merge "Move ro.audio.* props to audio_config_prop" am: eed690476b am: 825454e9ce
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1347407

Change-Id: I8696e04f9951167f10c5d65ad492dfcc532e8380
2020-06-29 01:53:50 +00:00
Treehugger Robot
eed690476b Merge "Move ro.audio.* props to audio_config_prop" 2020-06-29 01:18:43 +00:00
Inseob Kim
917c8489a5 Merge "Add aaudio_config_prop and move aaudio properties" am: a24f99f5bd am: 7def208449
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1347406

Change-Id: I54e08a0322c8f89307a2fe15b2995a9ec974e410
2020-06-26 02:11:21 +00:00
Inseob Kim
a24f99f5bd Merge "Add aaudio_config_prop and move aaudio properties" 2020-06-26 01:47:57 +00:00
Adam Shih
1929084080 Let dumpstate access hal_identity am: 8cc3f8d9ee am: c14114d1d3
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1347408

Change-Id: Icdcc679560ff8a835e8873997e342d24889b3973
2020-06-24 14:03:48 +00:00
Adam Shih
8cc3f8d9ee Let dumpstate access hal_identity
Bug: 158614313
Test: CtsSecurityHostTestCases:android.security.cts.SELinuxHostTest#testNoBugreportDenials
Change-Id: Ic07e64b0bb18f948764e7bde5985eab91747b882
2020-06-24 10:40:44 +08:00
Inseob Kim
ebde47c63f Move ro.audio.* props to audio_config_prop
Bug: 155844385
Test: boot, play sound and see no denials
Change-Id: If457a6a1fe083d77a3387051edcf40fb12a0624c
2020-06-23 23:52:55 +09:00
Inseob Kim
ac791a4621 Add aaudio_config_prop and move aaudio properties
To remove ambiguous context name exported_default_prop

Bug: 71814576
Test: boot and see no denials
Change-Id: I40eb92653fabc509419e07bb4bfa7301a8762352
2020-06-23 22:08:26 +09:00
Treehugger Robot
603c4f1659 Merge "move mediatranscoding type from public to private" am: 72fe73c484 am: e9f803c216
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1343997

Change-Id: If0adaf74a394867488d1eb8952f7dd8908656e1b
2020-06-19 18:07:41 +00:00
Treehugger Robot
72fe73c484 Merge "move mediatranscoding type from public to private" 2020-06-19 17:42:59 +00:00
Inseob Kim
6ffdf1b001 Add new context packagemanager_config_prop
To remove bad context names exported[23]_default_prop

Bug: 155844385
Test: m selinux_policy
Change-Id: Ic4bbc8e45d810368a96f6985c2234798e73be82d
Merged-In: Ic4bbc8e45d810368a96f6985c2234798e73be82d
(cherry picked from commit 072b01438e)
2020-06-19 17:47:19 +09:00
Inseob Kim
d3006f21ba resolve merge conflicts of 20adc18af7 to rvc-dev-plus-aosp
Change-Id: Iabb1560f32dad0281c31d577e5a39b55f96f1d33
2020-06-19 08:44:18 +00:00
Inseob Kim
072b01438e Add new context packagemanager_config_prop
To remove bad context names exported[23]_default_prop

Bug: 155844385
Test: m selinux_policy
Change-Id: Ic4bbc8e45d810368a96f6985c2234798e73be82d
2020-06-19 12:12:35 +09:00
Inseob Kim
24364492c6 Merge "Relabel minui properties as recovery_config_prop" am: 01e277bd5c am: 1cbf0eb11b
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1335762

Change-Id: I286c7a200f6b1d2414850b268057741aa80a994d
2020-06-19 01:54:11 +00:00
Inseob Kim
832e17b695 Relabel drm related props from exported*_prop
To clean up bad context name exported[23]_default_prop

Bug: 155844385
Test: m selinux_policy
Change-Id: I9f9ddb0d44c4cea9bd1724df730bb7be9a6fb2d2
2020-06-19 10:52:10 +09:00
Inseob Kim
01e277bd5c Merge "Relabel minui properties as recovery_config_prop" 2020-06-19 01:25:10 +00:00
Chong Zhang
63655462bb move mediatranscoding type from public to private
bug: 154734285
test: builds
Change-Id: I1057b0abf98771162dfe77b04a15c4b5d2529198
2020-06-18 15:23:36 -07:00
Midas Chien
0d0391f931 sepolicy: allow surfaceflinger to set surfaceflinger_display_prop
W//system/bin/init: type=1107 audit(0.0:51): uid=0 auid=4294967295
ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set }
for property=graphics.display.kernel_idle_timer.enabled pid=643
uid=1000 gid=1003 scontext=u:r:surfaceflinger:s0
tcontext=u:object_r:surfaceflinger_display_prop:s0
tclass=property_service permissive=0

Bug: 157513573
Test: surfaceflinger can set graphics.display.kernel_idle_timer.enabled
Test: vendor_init can get graphics.display.kernel_idle_timer.enabled
Change-Id: I78023a7857c8aa81a8863010b875bcb885bae614
2020-06-19 01:45:34 +08:00
Chong Zhang
eed03861f2 Merge "transcoding: allow transcoding service to use media services" am: c4c5d06f9e am: a3460d7bba
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1328427

Change-Id: I294a31377407cafbfcd1c43bd37202cdbbbc6001
2020-06-17 22:04:34 +00:00
Chong Zhang
c4c5d06f9e Merge "transcoding: allow transcoding service to use media services" 2020-06-17 21:35:12 +00:00
Amy Zhang
2ff7d07dfb Merge "Add app_api_service in TunerResourceManager system service sepolicy" into rvc-dev am: 9212c417f1
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/11852496

Change-Id: Ib724b264d6f15f88a583a8f3db9858db40bc7a42
2020-06-17 17:55:15 +00:00
Amy Zhang
9212c417f1 Merge "Add app_api_service in TunerResourceManager system service sepolicy" into rvc-dev 2020-06-17 17:45:14 +00:00
Chong Zhang
351dd88e86 transcoding: allow transcoding service to use media services
Also allow it to use fd from shell for unit tests.

bug: 154734285
Change-Id: I2c5f3feca11f7ee4ee3ad927050b31f425370a84
2020-06-16 15:45:13 -07:00
Inseob Kim
b85a74f3f0 Relabel minui properties as recovery_config_prop
To clean up bad context name exported[23]_default_prop

Bug: 155844385
Test: m selinux_policy
Test: enter recovery mode
Change-Id: I312b6fa911a90dfc069a973c7916c67d92b7baa5
2020-06-16 19:18:24 +09:00
Treehugger Robot
6167a003a6 Merge "sepolicy: label vendor_service_contexts as vendor_service_contexts_file" am: bc8ed95f69 am: 23068f2625
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1331415

Change-Id: Ic9d269dedcc061b95ca5942ae4a9f6bad8edd981
2020-06-16 09:37:41 +00:00
Treehugger Robot
bc8ed95f69 Merge "sepolicy: label vendor_service_contexts as vendor_service_contexts_file" 2020-06-16 09:19:27 +00:00
Treehugger Robot
92e708522b Merge "allow init to access /proc/pagetypeinfo" am: 2c90bb8661 am: 83ba791805
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1335515

Change-Id: If790f40540aae7ccf2516acaf9c5a0884574b412
2020-06-16 08:50:38 +00:00
Martin Liu
1f64fbe04f allow init to access /proc/pagetypeinfo
Test: check avc for init
Bug: 158928824
Change-Id: Iae3e3f1ff2bf9a1534995f32ee3d4b4115f7a114
2020-06-15 15:24:17 +00:00
linpeter
87c7261f0a sepolicy: label vendor_service_contexts as vendor_service_contexts_file
Due to AIDL HAL introduction, vendors can publish services
with servicemanager. vendor_service_contexts is labeled as
vendor_service_contexts_file, not nonplat_service_contexts_file.
And pack it to vendor partition.

Bug: 154066722

Test: check file label
Change-Id: Ic74b12e4c8e60079c0872b6c27ab2f018fb43969
2020-06-15 17:09:46 +08:00
Amy Hsu
0f352fbd98 resolve merge conflicts of 98412ab604 to rvc-dev-plus-aosp
Test: I solemnly swear I tested this conflict resolution.
Bug: None
Change-Id: I831c2feb3b86bfa2008ef6e5b74e81399d8145d8
2020-06-15 17:04:12 +08:00
Amy Hsu
98412ab604 sepolicy: change vendor property to system property
1. Add surfaceflinger_display_prop property context
2. Set context for graphics.display.kernel_idle_timer.enabled
3. Context for system property that is get by surfaceflinger
and set by vendor_init and system_app.

W /system/bin/init: type=1107 audit(0.0:5): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=vendor.display.enable_kernel_idle_timer pid=2396 uid=1000 gid=1000 scontext=u:r:system_app:s0 tcontext=u:object_r:vendor_display_prop:s0 tclass=property_service permissive=0'

Bug:137064289
Test: $ make selinux_policy. Check kernel idle timer works correct.

Change-Id: I77a82b5abfe5a771418dab5d40b404a1cdca4deb
2020-06-15 13:56:38 +08:00
Amy Zhang
0379e48ecf Add app_api_service in TunerResourceManager system service sepolicy
Make TunerResourceManager accessible through CTS
Test: atest android.media.tv.tuner.cts
Bug: 158868205

Change-Id: Ica202eacd674ae8f05000b31b76b31c50d8f761c
2020-06-12 15:37:05 -07:00
Jeffrey Vander Stoep
3a180d2ef5 Merge "Label kprobes and restrict access" am: b45b42a3d3 am: 74216533c7
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1328978

Change-Id: I6e7d33e841f0c4689103de5ae8ff65bad9c76229
2020-06-11 12:00:45 +00:00
Jeffrey Vander Stoep
b45b42a3d3 Merge "Label kprobes and restrict access" 2020-06-11 11:36:51 +00:00
Jeff Vander Stoep
bd3fd0eebe Label kprobes and restrict access
Bug: 149659981
Test: build
Change-Id: I6abcd1bb9af15e7ba0f1f5e711ea9ac661bffc25
2020-06-11 07:43:30 +02:00
TreeHugger Robot
d0e2d47162 Merge "selinux: Allow system_server to access files in iorapd dir." into rvc-dev am: 50f13cfc82
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/11796673

Change-Id: Ie2d5522c31371541c35601b6138727569553dec0
2020-06-10 22:06:53 +00:00
Treehugger Robot
f08f743702 Merge "Update sepolicy for GPU profiling properties." 2020-06-09 05:05:33 +00:00
Treehugger Robot
63ff32ddb0 Merge "Add sepolicy for FUSE control filesystem." 2020-06-09 00:23:51 +00:00
Yan Wang
a9df37fff2 selinux: Allow system_server to access files in iorapd dir.
Bug: 158007508
Test: make and see if system server could access iorapd dir.
Change-Id: I4cff9b4154d7e633d8437de84c51ac1ca334cbcf
2020-06-09 00:19:41 +00:00
Martijn Coenen
aa2cb5129e Add sepolicy for FUSE control filesystem.
To allow vold to abort it.

Bug: 153411204
Test: vold can access it
Merged-In: I334eaf3459905c27d614db8eda18c27e62bea5fa
Change-Id: I334eaf3459905c27d614db8eda18c27e62bea5fa
2020-06-08 20:40:01 +02:00
Treehugger Robot
3b2ffc291e Merge "Prevent isolated_app from searching system_data_file." am: 572fb4b487 am: 102e43b30d
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1324511

Change-Id: Iea8102df6f739fc0709e1a41bd75d52decaebe94
2020-06-08 16:18:26 +00:00
Treehugger Robot
572fb4b487 Merge "Prevent isolated_app from searching system_data_file." 2020-06-08 09:34:45 +00:00
Peiyong Lin
37dea070ce Update sepolicy for GPU profiling properties.
A device must indicate whether GPU profiling is supported or not through
setting these two properties properly. CTS needs to read these two
properties in order to run corresponding compliance tests. Hence need to
update sepolicy for these two properties.

Bug: b/157832445
Test: Test on Pixel 4
Change-Id: I6f400ecbbd5e78b645bb620fa24747e9367c2ff3
Merged-In: I6f400ecbbd5e78b645bb620fa24747e9367c2ff3
2020-06-05 12:03:29 -07:00
Peiyong Lin
374424fc60 Update sepolicy for GPU profiling properties.
A device must indicate whether GPU profiling is supported or not through
setting these two properties properly. CTS needs to read these two
properties in order to run corresponding compliance tests. Hence need to
update sepolicy for these two properties.

Bug: b/157832445
Test: Test on Pixel 4
Change-Id: I6f400ecbbd5e78b645bb620fa24747e9367c2ff3
Merged-In: I6f400ecbbd5e78b645bb620fa24747e9367c2ff3
2020-06-04 22:24:22 -07:00
TreeHugger Robot
de934d6945 Merge "Update sepolicy for GPU profiling properties." into rvc-dev-plus-aosp 2020-06-05 05:05:58 +00:00
Inseob Kim
a36fcf52f0 Grant app and hal access to telephony_config_prop am: 641cffeb0e am: 77a1d8c797
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1323959

Change-Id: I2e28267677dcd867eef5ccae29b473d6c8559e00
2020-06-05 05:00:09 +00:00
Peiyong Lin
fbfa8ce0ae Update sepolicy for GPU profiling properties.
A device must indicate whether GPU profiling is supported or not through
setting these two properties properly. CTS needs to read these two
properties in order to run corresponding compliance tests. Hence need to
update sepolicy for these two properties.

Bug: b/157832445
Test: Test on Pixel 4
Change-Id: I6f400ecbbd5e78b645bb620fa24747e9367c2ff3
2020-06-04 20:27:01 -07:00
Inseob Kim
641cffeb0e Grant app and hal access to telephony_config_prop
To resolve regression.

Bug: 158254452
Test: m selinux_policy
Change-Id: If0db9b9a4af6c34a007d0549aa7a5dd465e4ed63
2020-06-05 10:40:16 +09:00
Alan Stokes
8dea731805 Prevent isolated_app from searching system_data_file.
There should be no need for this, and it allows probing for file existence.

Access to /data and more specifically labeled directories under it
(e.g. /data/app) is not affected.

Bug: 158088415
Test: Builds
Change-Id: Iac39629b1c7322dc2fd9a57c9f034cb2ba73793f
2020-06-04 14:51:15 +01:00
Inseob Kim
ad6317018c Add contexts for exported telephony props
To remove bad context names, two contexts are added.

- telephony_config_prop
- telephony_status_prop

exported_radio_prop, exported2_radio_prop are removed. Cleaning up
exported3_radio_prop will be a follow-up task.

Exempt-From-Owner-Approval: cherry-pick

Bug: 152471138
Bug: 155844385
Test: boot and see no denials
Test: usim works on blueline
Change-Id: Iff9a4635c709f3ebe266cd811df3a1b4d3a242c2
Merged-In: Iff9a4635c709f3ebe266cd811df3a1b4d3a242c2
(cherry picked from commit 4d36eae8af)
2020-06-04 16:10:44 +09:00
Inseob Kim
9d0a36b90c Merge "Add contexts for exported telephony props" into rvc-dev-plus-aosp 2020-06-04 07:03:58 +00:00
Mohammad Samiul Islam
16acba6536 Merge "Create sepolicy for allowing system_server rw in /metadata/staged-install" into rvc-dev am: b1ab605166
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/11408966

Change-Id: Ic8fcf68a36a565638badedbdbdc8f03366cf7fd8
2020-06-03 10:19:32 +00:00
Mohammad Samiul Islam
476d616e43 Create sepolicy for allowing system_server rw in /metadata/staged-install
Bug: 146343545
Test: presubmit
Change-Id: I4a7a74ec4c5046d167741389a40da7f330d4c63d
Merged-In: I4a7a74ec4c5046d167741389a40da7f330d4c63d
(cherry picked from commit be5c4de29f)
2020-06-03 10:59:02 +01:00
Mohammad Samiul Islam
b1ab605166 Merge "Create sepolicy for allowing system_server rw in /metadata/staged-install" into rvc-dev 2020-06-03 09:57:18 +00:00
Yan Wang
5f8faa8547 sepolicy: Allow iorapd process to send signal to prefetch and am: 9ef72aae58
Original change: undetermined

Change-Id: I4539a7361694dd4b41d58f94d65652ee3297ff24
2020-06-02 10:43:29 +00:00
Inseob Kim
4d36eae8af Add contexts for exported telephony props
To remove bad context names, two contexts are added.

- telephony_config_prop
- telephony_status_prop

exported_radio_prop, exported2_radio_prop are removed. Cleaning up
exported3_radio_prop will be a follow-up task.

Bug: 152471138
Bug: 155844385
Test: boot and see no denials
Test: usim works on blueline
Change-Id: Iff9a4635c709f3ebe266cd811df3a1b4d3a242c2
2020-06-02 12:42:44 +09:00
Yan Wang
9ef72aae58 sepolicy: Allow iorapd process to send signal to prefetch and
inode2filename process.

Bug: 157282668
Test: Check no avc: denied in logcat.
Change-Id: I298cea931c8d6f178bc0195bfced0e8efc51fcad
2020-06-01 20:05:30 +00:00
Mohammad Samiul Islam
be5c4de29f Create sepolicy for allowing system_server rw in /metadata/staged-install
Bug: 146343545
Test: presubmit
Change-Id: I4a7a74ec4c5046d167741389a40da7f330d4c63d
2020-06-01 12:35:27 +01:00
Martijn Coenen
f6af506e21 Merge "Add sepolicy for FUSE control filesystem." into rvc-dev am: 79d9949046
Change-Id: Ia17b054acfd730e226abf83321caf029129a4da1
2020-05-29 14:54:54 +00:00
Martijn Coenen
79d9949046 Merge "Add sepolicy for FUSE control filesystem." into rvc-dev 2020-05-29 14:41:20 +00:00
Martijn Coenen
bf6009da7e Add sepolicy for FUSE control filesystem.
To allow vold to abort it.

Bug: 153411204
Test: vold can access it
Change-Id: I334eaf3459905c27d614db8eda18c27e62bea5fa
2020-05-29 15:11:24 +02:00
TreeHugger Robot
3d4696513d Merge "Add sepolicy for ro.boot.fstab_suffix" into rvc-dev 2020-05-28 17:05:49 +00:00
Treehugger Robot
0e3946c716 Merge "Fix denial of reading init_service_status_prop" am: 47a7b78d43 am: 68358d2243
Change-Id: Id9244f1bb1ea16859979c315f1a6418d441e8d13
2020-05-28 01:53:55 +00:00
Alistair Delva
534c9412ab Add sepolicy for ro.boot.fstab_suffix
The fstab_suffix can be passed as 'androidboot.fstab_suffix=' on the
kernel command line, or as an Android DT node. It specifies an
override suffix for the fsmgr fstab search:

/odm/etc/fstab.${fstab_suffix}
/vendor/etc/fstab.${fstab_suffix}
/fstab.${fstab_suffix}

Bug: 142424832
Change-Id: I9c0acf7a5ae3cdba505460247decf2de9997cac1
Merged-In: I9c0acf7a5ae3cdba505460247decf2de9997cac1
2020-05-28 00:07:22 +00:00
Inseob Kim
26408bda38 Fix denial of reading init_service_status_prop
Exported properties init.svc.* were world-readable, so making them
world-readable again to fix selinux denials.

Bug: 157474281
Test: m selinux_policy
Change-Id: I6d5a28b68061896e9cd2584c47aa60f6d36ed53f
2020-05-28 09:04:36 +09:00
Marin Shalamanov
0fc93a21dd Allow the boot animation to receive display events
Test: manually make sure that boot animation is resizing
      when display is changed
Bug: 156448328

Merged-In: I9f754900a0b32551f656ce2097a3a41245b02218
Change-Id: I9f754900a0b32551f656ce2097a3a41245b02218
2020-05-27 12:57:51 +02:00
Jiyong Park
31331a6460 Merge "Introduce apex_info_file type" 2020-05-27 05:50:07 +00:00
Jiyong Park
93a99cf8fc Introduce apex_info_file type
/apex/apex-info-file.xml is labeled as apex_info_file. It is
created/written by apexd once by apexd, and can be read by zygote and
system_server. The content of the file is essentially the same as the
return value of getAllPackages() call to apexd.

Bug: 154823184
Test: m
Merged-In: Ic6af79ddebf465b389d9dcb5fd569d3a786423b2
(cherry picked from commit f1de4c02cc)
Change-Id: Ic6af79ddebf465b389d9dcb5fd569d3a786423b2
2020-05-27 09:35:11 +09:00