Commit graph

35597 commits

Author SHA1 Message Date
John Wu
c8d2d1d258 Merge "Remove key migration related changes" 2022-05-25 17:53:17 +00:00
Mohamad Mahmoud
e7d1f32250 Merge "Allow system_server to read io and cpu pressure data Test: tested on device Bug: b/233036368" 2022-05-25 15:49:20 +00:00
Rubin Xu
ab73c8f1c8 Merge "Allow Bluetooth stack to read security log sysprop" 2022-05-25 11:43:49 +00:00
Treehugger Robot
a98ea3d8cf Merge "Allow zoned device support in f2fs" 2022-05-25 01:40:24 +00:00
Treehugger Robot
f2b91a0199 Merge "Add xfrm netlink permissions for system server" 2022-05-25 01:14:25 +00:00
Jaegeuk Kim
b0f5998f1d Allow zoned device support in f2fs
This patch allows ioctls() to support zoned device.

Bug: 172377740
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change-Id: I69b322ceffd45c7e191d3a37e67ac7324c5b7ee2
2022-05-25 00:33:57 +00:00
Benedict Wong
b25b4bf53f Add xfrm netlink permissions for system server
This change enables xfrm netlink socket use for the system server,
and the network_stack process. This will be used by IpSecService
to configure SAs, and network stack to monitor counters & replay
bitmaps for monitoring of IPsec tunnels.

Bug: 233392908
Test: Compiled
Change-Id: I25539dc579f21d6288fa962d1fad9b51573f017d
2022-05-25 00:02:33 +00:00
Treehugger Robot
c53f08e3b3 Merge "Allow sysfs_dm in fsck.f2fs" 2022-05-24 20:03:57 +00:00
Mohamad Mahmoud
c49d582df6 Allow system_server to read io and cpu pressure data
Test: tested on device
Bug: b/233036368

Change-Id: Ied90327f97abb771f10ec2efb659bb9090ffa88a
2022-05-24 17:24:54 +00:00
Jaegeuk Kim
74a884b23f Allow sysfs_dm in fsck.f2fs
Commit ea9921f4f5b9 ("f2fs-tools: support zoned device in Android") in
f2fs-tools supports zoned device in Android. When detecting the disk
supports zoned device with proper types, we need to access its sysfs
entry. Note that, we need to check sysfs entries by default for
non-zoned disks in general as well.

If a product doesn't use metadata encryption which sets a device mapper, vendor
selinux needs to allow sysfs entries for raw disks such as sysfs_scsi_devices or
sysfs_devices_block.

avc: denied { search } for comm="fsck.f2fs" name="dm-44" dev="sysfs" ino=82102 scontext=u:r:fsck:s0 tcontext=u:object_r:sysfs_dm:s0 tclass=dir permissive=0
avc: denied { read } for comm="fsck.f2fs" name="zoned" dev="sysfs" ino=82333 scontext=u:r:fsck:s0 tcontext=u:object_r:sysfs_dm:s0 tclass=file permissive=0

Bug: 172377740
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change-Id: Iaa4dc9826b614b71b928c33ebc207afab96e586a
2022-05-23 15:05:12 -07:00
Jason Macnak
b947c73850 Merge "Add gpu_device access to hal_neuralnetworks" 2022-05-23 19:20:42 +00:00
Sanjana Sunil
26750b9a0c Merge "Allow zygote to relabel sdk_sandbox_system_data_file" 2022-05-20 21:59:25 +00:00
Treehugger Robot
488da4d9f2 Merge "Remove "@1.0-" from android.system.suspend service's name" 2022-05-20 18:49:39 +00:00
Sanjana Sunil
563016314c Allow zygote to relabel sdk_sandbox_system_data_file
To perform sdk sandbox data isolation, the zygote gets the selinux label
of SDK sandbox storage (e.g. /data/misc_{ce,de}/<user-id>/sdksandbox)
before tmpfs is mounted onto /data/misc_{ce,de} (or other volumes). It
relabels it back once bind mounting of required sandbox data is done.
This change allows for the zygote to perform these operations.

Bug: 214241165
Test: atest SdkSandboxStorageHostTest
Change-Id: I28d1709ab4601f0fb1788435453ed19d023dc80b
2022-05-20 11:24:32 +00:00
Samiul Islam
61bd67072c Merge "Create a separate label for sandbox root directory" 2022-05-20 07:21:19 +00:00
Thiébaud Weksteen
9b12638488 Merge "Ignore access from system_app to sysfs_zram" 2022-05-19 23:35:21 +00:00
Nicolas Geoffray
36c1ef6672 sysfs_fs_f2fs for zygote.
Test: boot
Bug: 223366272

(cherry picked from commit d68b089d59)

Merged-In: I163c343d8af9c578c840d7c710854fce15c29903
Change-Id: Ia67bbe89d61e8badb128d4c13570d8049f91d7a2
2022-05-19 16:53:41 +01:00
Mohammad Samiul Islam
d2ffd35cc0 Create a separate label for sandbox root directory
Currently, app process can freely execute path at
`/data/misc_ce/0/sdksandbox/<package-name>` since it's labeled as system
file. They can't read or write, but use 403/404
error to figure out if an app is installed or not.

By changing the selinux label of the parent directory:
`/data/misc_ce/0/sdksandbox`, we can restrict app process from executing
inside the directory and avoid the privacy leak.

Sandbox process should only have "search" permission on the new label so
that it can pass through it to its data directory located in
`/data/misc_ce/0/sdksandbox/<package-name>/<per-sdk-dir>`.

Bug: 214241165
Test: atest SdkSandboxStorageHostTest
Test: `adb shell cd /data/misc_ce/0/sdksandbox` gives error
Test: manual test to verify webview still works
Change-Id: Id8771b322d4eb5532eaf719f203ca94035e2a8ed
Merged-In: Id8771b322d4eb5532eaf719f203ca94035e2a8ed
2022-05-19 16:01:15 +01:00
Treehugger Robot
f6fefa9d61 Merge "Iorapd and friends have been removed" 2022-05-19 08:58:37 +00:00
Treehugger Robot
1fa1ef4e0d Merge "Allow vendor_init to read device config vendor_system_native properties" 2022-05-19 08:05:16 +00:00
Thiébaud Weksteen
bcc7cc1606 Ignore access from system_app to sysfs_zram
avc: denied { search } for name="zram0" dev="sysfs" ino=59188 scontext=u:r:system_app:s0 tcontext=u:object_r:sysfs_zram:s0 tclass=dir permissive=0

Bug: 227231787
Test: build policy
Change-Id: I3c53784ef5ea85a95e1e517007df2814803b3271
2022-05-19 14:38:50 +10:00
John Wu
cabed18a47 Remove key migration related changes
Migrating keys across UIDs is no longer required

Test: m
Bug: 228999189
Change-Id: Ic58a77285e105328a1f56ad9a8ca5d80bb559d83
2022-05-18 21:49:28 +00:00
Bram Bonné
6b2fefbf46 Merge "Enforce MAC address restrictions for priv apps." 2022-05-18 12:33:53 +00:00
Jeff Vander Stoep
b07c12c39d Iorapd and friends have been removed
Remove references in sepolicy. Leave a few of the types defined since
they're public and may be used in device-specific policy.

Bug: 211461392
Test: build/boot cuttlefish
Change-Id: I615137b92b82b744628ab9b7959ae5ff28001169
2022-05-18 12:07:39 +02:00
Richard Chang
6c29066f65 Allow vendor_init to read device config vendor_system_native properties
Let vendor_init can react Vendor System Native Experiment
changes via persist.device_config.vendor_system_native.* properties.

Bug: 223685902
Test: Build and check no avc denied messages in dmesg
Change-Id: If69d1dab02d6c36cdb1f6e668887f8afe03e5b0e
Merged-In: If69d1dab02d6c36cdb1f6e668887f8afe03e5b0e
2022-05-18 05:16:12 +00:00
Treehugger Robot
fd4b4f8c8e Merge "Selinux permissions for tombstone_transmit inside VM" 2022-05-17 17:51:44 +00:00
Steven Moreland
4e2817251d Merge "Revert "crosvm: netlink perms for acpi"" 2022-05-17 17:43:25 +00:00
Ling Ma
f65e847198 Merge "Removed telephony apex" 2022-05-17 17:14:55 +00:00
Bram Bonne
af609b2f3c Enforce MAC address restrictions for priv apps.
Bug: 230733237
Test: atest NetlinkSocketTest NetworkInterfaceTest
  bionic-unit-tests-static CtsSelinuxTargetSdkCurrentTestCases
  CtsSelinuxTargetSdk29TestCases CtsSelinuxTargetSdk27TestCases
Change-Id: I1d66ae7849e950612f3b6693216ec8c84e942640
2022-05-17 14:36:15 +02:00
Shikha Panwar
2df14574fa Selinux permissions for tombstone_transmit inside VM
r.android.com/2060021 made it possible for tombstone_transmit to remove
the tombstone file from guest after reading it. This is the required
Selinux policy for that.

Bug: 232403725
Test: atest MicrodroidHostTestCases & check vm logs for avc:
denials

Change-Id: Ic071c0bd5ecb85f4ceae84e435afdec155fbba0b
2022-05-17 11:10:42 +00:00
Richard Chang
e14ad82c98 Merge "Update sepolicy prebuilts to sync vendor_system_native prop changes" 2022-05-17 10:56:44 +00:00
Treehugger Robot
9ec40d4b20 Merge "Allow odrefresh to access dalvik system properties" 2022-05-17 08:47:01 +00:00
Steven Moreland
0e15d77240 Revert "crosvm: netlink perms for acpi"
This reverts commit c1e8eb5226.

Reason for revert: b/228077254

Change-Id: I49f6f3c93b02d6e92d1bc7eace8994834e56ec2c
2022-05-17 00:56:17 +00:00
Treehugger Robot
df834a299d [automerger skipped] Merge changes from topic "revert-1959735-NUPGEQOUCB" into android12-tests-dev am: 0f66cdd448 am: bdbbcc07fb -s ours
am skip reason: Merged-In I2e84193668dcdf24bde1c7e12b3cfd8a03954a16 with SHA-1 23173455ab is already in history. Merged-In was found from reverted change.

Reverted change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1956657

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2014656

Change-Id: I2004728523452ba0f5554c6cc585d93f398c76f9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-05-16 23:20:31 +00:00
Florian Mayer
916ab9173f [automerger skipped] RESTRICT AUTOMERGE Revert "Add policy for command line tool to control MTE boot state." am: edef6c2e58 -s ours am: d5d4b8583a -s ours
am skip reason: subject contains skip directive

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2014656

Change-Id: Ia7aa5813169dc69aa16b8ed18d5455b4fd207fb3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-05-16 23:20:30 +00:00
Treehugger Robot
e39f583a14 Merge "Grant permission for mediatranscoding hal_allocator for OMX platforms" into android12-tests-dev am: d4a7420e0c am: 8183cf27b5
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1966599

Change-Id: I24f4a6b12d0a65a06a2341227baa6cbb16db93d8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-05-16 23:19:53 +00:00
Inseob Kim
e71c9c3788 [automerger skipped] Move mtectrl to private am: feae699152 am: f86de5bc55 -s ours
am skip reason: Merged-In Idb5c4a4c6f175e338722971944bf08ba99835476 with SHA-1 3bd63cc206 is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1959735

Change-Id: I585e61bf161a3696393ae3b2ea51927625ef7e6c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-05-16 23:14:59 +00:00
Florian Mayer
d20e71bd56 [automerger skipped] Add policy for command line tool to control MTE boot state. am: 949e1d0a76 am: 069435505e -s ours
am skip reason: Merged-In I2e84193668dcdf24bde1c7e12b3cfd8a03954a16 with SHA-1 23173455ab is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1956657

Change-Id: I293aafe8554d6221caeabae5ad23a331906423c7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-05-16 23:14:57 +00:00
Florian Mayer
0f9cec9baf [automerger skipped] [MTE] Allow system_app to write memtag property. am: 4042fa5dec am: 8f9e370c73 -s ours
am skip reason: Merged-In I6463965c094b9b3c4f3f70929a09e109ee9c84b9 with SHA-1 39f29f758e is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1956656

Change-Id: I655e1680b593a3ef6eded0343d4bd2b5530a3847
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-05-16 23:08:11 +00:00
Kilyoung Shin
7234b9f124 Grant permission for mediatranscoding hal_allocator for GSI image am: 3cfbe22852 am: 35b1050e93
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1873978

Change-Id: Ie0a5684182bb2b35d94a20eec03d7b927aa80064
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-05-16 23:07:31 +00:00
Sergej Salnikov
3d4be5c638 [automerger skipped] [RESTRICT AUTOMERGE] Update prebuilt sepolicy am: 3807664293 -s ours am: f78629f7b4 -s ours am: 0b92991bd4 -s ours am: f250b12e9b -s ours
am skip reason: subject contains skip directive

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1561715

Change-Id: I5cd406805cbcbbf7b45bb72ef763ae4026d77513
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-05-16 23:06:49 +00:00
Jeongik Cha
2a7adf46aa [automerger skipped] [RESTRICT AUTOMERGE] mediaserver, mediaextractor, drmserver: allow vendor_overlay_file am: 621e3e3ace -s ours am: cf697a1d58 -s ours am: 240e4f0062 -s ours am: d4b7673163 -s ours
am skip reason: subject contains skip directive

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1561695

Change-Id: I844b17df4fe9098a62e71fa52ca60bc0fb9978f1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-05-16 23:06:48 +00:00
Yiming Jing
afaa8963f2 Remove duplicate neverallow for hal_audio_server am: 9dc17d30c7 am: 0ad3c7e140 am: 9e8ac2ff52 am: 432242a1cc
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1328121

Change-Id: I08b9f474746a9ea4d5baa81b3ff4909662ffbd1c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-05-16 23:06:18 +00:00
Treehugger Robot
bdbbcc07fb Merge changes from topic "revert-1959735-NUPGEQOUCB" into android12-tests-dev am: 0f66cdd448
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2014656

Change-Id: Iba6d913463411ea4ddc0b03b8c397f44fa716b7b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-05-16 23:05:46 +00:00
Florian Mayer
d5d4b8583a [automerger skipped] RESTRICT AUTOMERGE Revert "Add policy for command line tool to control MTE boot state." am: edef6c2e58 -s ours
am skip reason: subject contains skip directive

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2014656

Change-Id: Icdbdf937e9e09388ce2390b80d394a07f93eb6da
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-05-16 23:05:45 +00:00
David Anderson
db44fa0e4d Add fastbootd to the sys_rawio whitelist. am: 03b5fb7f46 am: 9335d1ecb1 am: fef809a2e6 am: 32ec05fc1c
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1168824

Change-Id: I9089e3f65e26496aa23eb915468b7ee714fb9329
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-05-16 23:05:43 +00:00
Treehugger Robot
8183cf27b5 Merge "Grant permission for mediatranscoding hal_allocator for OMX platforms" into android12-tests-dev am: d4a7420e0c
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1966599

Change-Id: Ia0141797ab1eeac4ebdc08a265e252120ae2ddd8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-05-16 23:05:01 +00:00
Paul Crowley
516acfdb3e [automerger skipped] Allow toolbox to rm -rf /data/per_boot am: 4561fcb76c -s ours am: 2fdc5978cc -s ours am: bd6d2711d3 -s ours am: 9e7bba6788 -s ours
am skip reason: Change-Id Idf0ba09cbe51cbff6a7b2a464c4651a1f7fcf343 with SHA-1 2367ba358f is in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1146877

Change-Id: Ic21917c6dfa1e578bd4bc2fcf963884954e37d5f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-05-16 23:04:41 +00:00
Inseob Kim
f86de5bc55 Move mtectrl to private am: feae699152
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1959735

Change-Id: I6ceee0595f2b253de16af45b513fca994604789a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-05-16 23:04:22 +00:00
Florian Mayer
069435505e Add policy for command line tool to control MTE boot state. am: 949e1d0a76
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1956657

Change-Id: Ifcbb6e9278bb357e2b691f60dfc4ce97f0f82220
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-05-16 23:04:21 +00:00