Commit graph

32 commits

Author SHA1 Message Date
Pawin Vongmasa
4be2889477 Put in sepolicies for Codec2.0 services
Test: Builds

Bug: 64121714
Bug: 31973802
Change-Id: Id37be8726a8bb297e35bca494964fdbcc48c6a73
2018-03-29 04:42:25 -07:00
Ruchi Kandoi
1c57b81c1e Merge "SE Policy for Secure Element app and Secure Element HAL" am: 6a60cb3e69 am: f285f2db4b
am: 4757882300

Change-Id: I36147d7f0359cef7f80ee36086150936bed2e672
2018-01-30 01:26:15 +00:00
Ruchi Kandoi
8a2b4a783e SE Policy for Secure Element app and Secure Element HAL
Test: App startup on boot
Change-Id: I7740aafc088aadf676328e3f1bb8db5175d97102
2018-01-29 21:31:42 +00:00
Janis Danisevskis
f5ea7ab181 Added default policy for Confirmation UI HAL am: 97c56bdd78 am: 5029fe7236
am: a2f243dc35

Change-Id: I670465743596b35c37a4ca591e5a8f4848222bb9
2018-01-24 20:09:47 +00:00
Janis Danisevskis
97c56bdd78 Added default policy for Confirmation UI HAL
Bug: 63928580
Test: Manually tested.

Change-Id: If6bb10cb7c009883d853e46dcdeb92cd33877d53
2018-01-24 10:22:40 -08:00
Andrew Scull
8d11ef5a37 Merge "authsecret HAL policies." 2018-01-23 17:43:59 +00:00
Badhri Jagan Sridharan
7bee33e665 hal_usb_gadget sepolicy
Bug: 63669128
Test: Checked for avc denail messages.
Change-Id: I057b3cf9ccc945cb943b9cf60fc9cd6c023eddda
Merged-In: I057b3cf9ccc945cb943b9cf60fc9cd6c023eddda
2018-01-19 18:56:16 +00:00
Badhri Jagan Sridharan
9b07889452 hal_usb_gadget sepolicy
Bug: 63669128
Test: Checked for avc denail messages.
Change-Id: I057b3cf9ccc945cb943b9cf60fc9cd6c023eddda
2018-01-19 07:59:11 -08:00
Roshan Pius
5bca3e860d sepolicy(hostapd): Add a HIDL interface for hostapd
Change sepolicy permissions to now classify hostapd as a HAL exposing
HIDL interface.

Sepolicy denial for accessing /data/vendor/misc/wifi/hostapd:
12-27 23:40:55.913  4952  4952 W hostapd : type=1400 audit(0.0:19): avc:
denied { write } for name="hostapd" dev="sda13" ino=4587601
scontext=u:r:hal_wifi_hostapd_default:s0
tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0

01-02 19:07:16.938  5791  5791 W hostapd : type=1400 audit(0.0:31): avc:
denied { search } for name="net" dev="sysfs" ino=30521
scontext=u:r:hal_wifi_hostapd_default:s0
tcontext=u:object_r:sysfs_net:s0 tclass=dir permissive=0

Bug: 36646171
Test: Device boots up and able to turn on SoftAp.
Change-Id: Ibacfcc938deab40096b54b8d0e608d53ca91b947
2018-01-12 14:05:38 -08:00
Andrew Scull
1aedf4b5f8 authsecret HAL policies.
Bug: 71527305
Test: compile and boot
Change-Id: I91097bd62d99b8dd9eb6f53060badbaf0f4b8b4a
2018-01-10 16:26:44 +00:00
Dan Cashman
91d398d802 Sync internal master and AOSP sepolicy.
Bug: 37916906
Test: Builds 'n' boots.
Change-Id: Ia1d86264446ebecc1ca79f32f11354921bc77668
Merged-In: I208ec6a864127a059fb389417a9c6b259d7474cb
2017-09-26 14:38:47 -07:00
Robert Quattlebaum
acfd25cac2 lowpan: Added support for LoWPAN Service and android.hardware.lowpan
Bug: b/64090883
Bug: b/33073713
Test: Manual
Change-Id: I7aa23c31b1fccae56c1a0e0bd4cfe370aeb911dd
2017-09-20 20:32:16 +00:00
Tomasz Wasilczyk
26ff5eb6b9 Move Broadcast Radio HAL to a separate binary.
Bug: 63600413
Test: VTS, instrumentation, audit2allow
Test: after cherry-pick - it builds
Change-Id: I57c0150a52c13f1ce21f9ae2147e3814aad0fb7e
(cherry picked from commit 567b947d85)
2017-09-15 10:16:48 -07:00
Tomasz Wasilczyk
567b947d85 Move Broadcast Radio HAL to a separate binary.
Bug: 63600413
Test: VTS, instrumentation, audit2allow
Change-Id: I57c0150a52c13f1ce21f9ae2147e3814aad0fb7e
2017-08-28 09:44:50 -07:00
Todd Poynor
e9b2def796 thermal: sepolicy for thermalservice and Thermal HAL revision 1.1
Add sepolicy for thermalserviced daemon, IThermalService binder
service, IThermalCallback hwservice, and Thermal HAL revision 1.1.

Test: manual: marlin with modified thermal-engine.conf
Bug: 30982366
Change-Id: I207fa0f922a4e658338af91dea28c497781e8fe9
(cherry picked from commit ec3b6b7e25)
2017-08-04 16:24:05 +00:00
Niranjan Pendharkar
a3a9d4c0b4 Merge "Add system_net_netd_hwservice." into oc-dr1-dev
am: 23b986ce2f

Change-Id: I1bc8e3375fce75763efb8ba369715146a33f106b
2017-07-31 18:56:36 +00:00
Niranjan Pendharkar
5aef6a9469 Add system_net_netd_hwservice.
This hidl service provides functionality for oem networking
configuration to vendor services which is required by
at least some vendor radio modules.

Test: VtsHalNetNetdV1_0TargetTest, netd_integration_test, netd_unit_test
Test: no denials
Bug: 36682246
Change-Id: I86ac9082166b406b2fc814972375ba737460ad7b
2017-07-28 15:53:28 +00:00
Michael Butler
e9d07b9e5f Default sepolicy rules for initial upload of Neural Network API.
Bug: 63905942
Test: mm -j40
Change-Id: I354ee863475aedd2dc9d2b436a00bcd82931456f
(cherry picked from commit 4fc5fb5e521347d65dc921f8c1fb751c66f9a92c)
2017-07-25 20:42:26 +00:00
Jeff Vander Stoep
0f697a7e88 Merge "hal_tetheroffload: Grant permissions" into oc-dr1-dev am: 243c46cc46
am: 6907f57417

Change-Id: I2b073252ccdcd30fce523a83ba43dea14eeaad3b
2017-06-29 04:36:30 +00:00
Jeff Vander Stoep
e58a8de5e7 hal_tetheroffload: Grant permissions
avc: denied { read write } scontext=u:r:ipacm:s0
tcontext=u:r:system_server:s0 tclass=netlink_netfilter_socket
avc: denied { setopt } scontext=u:r:ipacm:s0
tcontext=u:r:system_server:s0 tclass=netlink_netfilter_socket
avc: denied { getattr } scontext=u:r:ipacm:s0
tcontext=u:r:system_server:s0 tclass=netlink_netfilter_socket
avc: denied { create } for scontext=u:r:system_server:s0
tcontext=u:r:system_server:s0 tclass=netlink_netfilter_socket

Bug: 29337859
Bug: 32163131
Test: adb shell getenforce
Enforcing
adb shell dumpsys connectivity tethering
Tethering:
  ...
  Log:
    ...
    06-28 11:46:58.841 - SET master tether settings: ON
    06-28 11:46:58.857 - [OffloadController] tethering offload started
And logs show some signs of happiness:
    06-28 11:46:58.853   816   947 I IPAHALService: IPACM was provided two FDs (18, 19)
    06-28 11:46:58.853  1200  1571 I zygote64: Looking for service android.hardware.tetheroffload.control@1.0::IOffloadControl/default
Change-Id: I0c63bd2de334b4ca40e54efb9df4ed4904667e21
2017-06-29 04:24:14 +00:00
Chong Zhang
78e595deab cas: add CAS hal and switch to use hwservice
bug: 22804304

Change-Id: I7162905d698943d127aa52804396e4765498d028
2017-06-16 13:28:36 -07:00
TreeHugger Robot
60e4fd9dfa Merge "Add missing sepolicies for OemLock HAL." into oc-dev 2017-06-01 22:05:18 +00:00
Andrew Scull
475954dad5 Add missing sepolicies for OemLock HAL.
Bug: 38232801
Test: Build

Change-Id: Iccc16430e7502bb317f95bb2a5e2f021d8239a00
2017-05-31 15:22:05 +01:00
Andrew Scull
a939c4324c Add missing sepolicies for the Weaver HAL.
Bug: 38233550
Test: Build
Change-Id: I7c2105d5f215a60a611110640afff25fc3403559
2017-05-31 15:17:11 +01:00
Steven Moreland
46a932c63b Merge "Add fwk_display_hwservice." into oc-dev am: ffb8fb1b94
am: c1ee74ffb4

Change-Id: I0fcc76515b3923c542d5d39cd14734dc333c010c
2017-05-17 20:59:05 +00:00
Steven Moreland
e8ab0020ba Add fwk_display_hwservice.
This hidl service provides information about vsync and hotplug
to vendor services which is required by at least some camera
hal implementations.

Test: VtsFwkDisplayServiceV1_0TargetTest
Test: no denials
Bug: 38311538
Change-Id: I64f0321e2832facf987057f0d48940e269d8e2d9
2017-05-17 11:00:28 -07:00
Alex Klyubin
18152ddc4f Assert apps can access only approved HwBinder services am: 2a7f4fb069
am: 7b021be44b

Change-Id: I0e93aecc3b40a3d00bfdea354fe9a4987b28fabb
2017-04-24 22:57:22 +00:00
Alex Klyubin
2a7f4fb069 Assert apps can access only approved HwBinder services
App domains which host arbitrary code must not have access to
arbitrary HwBinder services. Such access unnecessarily increases the
attack surface. The reason is twofold:
1. HwBinder servers do not perform client authentication because HIDL
   currently does not expose caller UID information and, even if it
   did, many HwBinder services either operate at a layer below that of
   apps (e.g., HALs) or must not rely on app identity for
   authorization. Thus, to be safe, the default assumption is that
   a HwBinder service treats all its clients as equally authorized to
   perform operations offered by the service.
2. HAL servers (a subset of HwBinder services) contain code with
   higher incidence rate of security issues than system/core
   components and have access to lower layes of the stack (all the way
   down to hardware) thus increasing opportunities for bypassing the
   Android security model.

HwBinder services offered by core components (as opposed to vendor
components) are considered safer because of point #2 above.

Always same-process aka always-passthrough HwBinder services are
considered safe for access by these apps. This is because these HALs
by definition do not offer any additional access beyond what its
client already as, because these services run in the process of the
client.

This commit thus introduces these two categories of HwBinder services
in neverallow rules.

Test: mmm system/sepolicy -- this does not change on-device policy
Bug: 34454312
Change-Id: I4f5f4dd10b3fc3bb9d262dda532d4a23dcdf061d
2017-04-24 10:15:31 -07:00
Alex Klyubin
53656c1742 Restrict access to hwservicemanager
This adds fine-grained policy about who can register and find which
HwBinder services in hwservicemanager.

Test: Play movie in Netflix and Google Play Movies
Test: Play video in YouTube app and YouTube web page
Test: In Google Camera app, take photo (HDR+ and conventional),
      record video (slow motion and normal), and check that photos
      look fine and videos play back with sound.
Test: Cast screen to a Google Cast device
Test: Get location fix in Google Maps
Test: Make and receive a phone call, check that sound works both ways
      and that disconnecting the call frome either end works fine.
Test: Run RsHelloCompute RenderScript demo app
Test: Run fast subset of media CTS tests:
      make and install CtsMediaTestCases.apk
      adb shell am instrument -e size small \
          -w 'android.media.cts/android.support.test.runner.AndroidJUnitRunner'
Test: Play music using Google Play music
Test: Adjust screen brightness via the slider in Quick Settings
Test: adb bugreport
Test: Enroll in fingerprint screen unlock, unlock screen using
      fingerprint
Test: Apply OTA update:
      Make some visible change, e.g., rename Settings app.
      make otatools && \
      make dist
      Ensure device has network connectivity
      ota_call.py -s <serial here> --file out/dist/sailfish-ota-*.zip
      Confirm the change is now live on the device
Bug: 34454312
(cherry picked from commit 632bc494f1)
Merged-In: Iecf74000e6c68f01299667486f3c767912c076d3
Change-Id: I7a9a487beaf6f30c52ce08e04d415624da49dd31
2017-04-21 09:54:53 -07:00
Alex Klyubin
632bc494f1 Restrict access to hwservicemanager
This adds fine-grained policy about who can register and find which
HwBinder services in hwservicemanager.

Test: Play movie in Netflix and Google Play Movies
Test: Play video in YouTube app and YouTube web page
Test: In Google Camera app, take photo (HDR+ and conventional),
      record video (slow motion and normal), and check that photos
      look fine and videos play back with sound.
Test: Cast screen to a Google Cast device
Test: Get location fix in Google Maps
Test: Make and receive a phone call, check that sound works both ways
      and that disconnecting the call frome either end works fine.
Test: Run RsHelloCompute RenderScript demo app
Test: Run fast subset of media CTS tests:
      make and install CtsMediaTestCases.apk
      adb shell am instrument -e size small \
          -w 'android.media.cts/android.support.test.runner.AndroidJUnitRunner'
Test: Play music using Google Play music
Test: Adjust screen brightness via the slider in Quick Settings
Test: adb bugreport
Test: Enroll in fingerprint screen unlock, unlock screen using
      fingerprint
Test: Apply OTA update:
      Make some visible change, e.g., rename Settings app.
      make otatools && \
      make dist
      Ensure device has network connectivity
      ota_call.py -s <serial here> --file out/dist/sailfish-ota-*.zip
      Confirm the change is now live on the device
Bug: 34454312
Change-Id: Iecf74000e6c68f01299667486f3c767912c076d3
2017-04-20 14:45:21 -07:00
Alex Klyubin
ab2c681fb1 Policy for Camera HAL HwBinder service
This adds restrictions on which domains can register this HwBinder
service with hwservicemanager and which domains can obtain tokens for
this service from hwservicemanager.

Test: Use Google Camera app to take HDR+ photo, conventional photo,
      record video with sound, record slow motion video with sound.
      Check that the photos display correctly and that videos play
      back fine and with sound. Check that there are no SELinux
      denials to do with camera.
Bug: 34454312
Change-Id: Icfaeed917423510d9f97d18b013775596883ff64
2017-04-13 10:31:04 -07:00
Martijn Coenen
3ea47b9249 Add hwservice_contexts and support for querying it.
hwservicemanager can check hwservice_contexts files
both from the framework and vendor partitions.

Initially, have a wildcard '*' in hwservice_contexts
that maps to a label that can be added/found from
domain. This needs to be removed when the proper policy
is in place.

Also, grant su/shell access to hwservicemanager list
operations, so tools like 'lshal' continue to work.

Bug: 34454312
Test: Marlin boots
Change-Id: I3a02d97a82458692b528d85c1b8e78b6f82ea1bc
2017-04-12 18:07:12 -07:00