We've got a SELinux warning in kernel-5.10 when "File Transfer" (MTP)
has been enabled by user.
Error log:
avc: denied { ioctl } for pid=5521 comm="MtpServer" path="/dev/usb-ffs/mtp/ep1" dev="functionfs" ino=102677 ioctlcmd=0x67e7 scontext=u:r:mediaprovider:s0:c512,c768 tcontext=u:object_r:functionfs:s0 tclass=file permissive=0
Repeat steps:
1. Connect the phone to PC with USB cable.
2. Select "File Transfer" (MTP) in "USB Preferences" Menu.
3. Selinux warning will arise after "File Transfer" has been enabled by user
due to an IOCTL access to /dev/usb-ffs/mtp/ep1.
Solution:
To solve this warning, add a sepolicy to allow this type of IOCTL is required.
Signed-off-by: Macpaul Lin <macpaul.lin@mediatek.com>
Change-Id: Id340fb98062b3cee239343f3800f6dfceadeb572
Bug: 193473440
Fixed SELinux denials when trying to render the camera preview
to a texture in an internal test app. See the bug for additional
information.
Bug: 183749637
Test: Ran the internal test app, doesn't crash anymore.
Change-Id: I8fb62be424cd91c46cada55bb23db1624707997d
Only allow apps targetting < Q and ephemeral apps to open /dev/ashmem.
Ephemeral apps are not distinguishable based on target API. So allow
ephemeral_app to open /dev/ashmem for compatibility reasons.
For sake of simplicity, allow all domains /dev/ashmem permissions other
than "open". Reason being that once we can remove "open" access
everywhere, we can remove the device altogether along with other
permission.
Bug: 134434505
Test: boot crosshatch; browse internet, take picture;
no ashmem_device denials
Change-Id: Ie2464c23d799550722580a21b4f6f344983b43ba
Only allow apps targetting < Q and ephemeral apps to open /dev/ashmem.
Ephemeral apps are not distinguishable based on target API. So allow
ephemeral_app to open /dev/ashmem for compatibility reasons.
For sake of simplicity, allow all domains /dev/ashmem permissions other
than "open". Reason being that once we can remove "open" access
everywhere, we can remove the device altogether along with other
permission.
Bug: 134434505
Test: boot crosshatch; browse internet, take picture;
no ashmem_device denials
Change-Id: Ib4dddc47fcafb2697795538cdf055f305fa77799
This change is part of enabling upcoming platform changes that are
described in the bug linked below.
Bug: 135341433
Test: m
Change-Id: I6ef499b0d5aa403f8eb6699649a201d8cc004bc5
We are only interested in removing "open" access from apps, so leave
apps with (rw_file_perms - open) permissions to /dev/ashmem
Bug: 126627315
Test: emulator boots without denials to /dev/ashmem
Change-Id: I7f03fad5e4e82aebd1b6272e4956b16f86043637
Apps are no longer allowed open access to /dev/ashmem, unless they
target API level < Q.
Bug: 113362644
Test: device boots, Chrome, instant apps work
Change-Id: I1cff08f26159fbf48a42afa7cfa08eafa1936f42
Mtp needs access to this path in order to
change files on an sdcard.
Fixes denial:
05-14 17:40:58.803 3004 3004 W MtpServer: type=1400 audit(0.0:46):
avc: denied { search } for name="media_rw" dev="tmpfs" ino=10113
scontext=u:r:mediaprovider:s0:c512,c768
tcontext=u:object_r:mnt_media_rw_file:s0 tclass=dir permissive=0
b/77925342 app=com.android.providers.media
Bug: 77849654
Test: no denials using mtp with emulated sdcard
Change-Id: I27b5294fa211bb1eff6d011638b5fdc90334bc80
When extraction exif info, certain file formats may requires
parsing the container. Allow mediaprovider to use extractor
to do the parsing.
bug: 73978990
Test: manually test the scenario in b/73978990 and verify
the Exif is extracted correctly.
Change-Id: I1cd46d793ebc9c38b816a3b63f361967e551d046
This CL lists all the exported platform properties in
private/exported_property_contexts.
Additionally accessing core_property_type from vendor components is
restricted.
Instead public_readable_property_type is used to allow vendor components
to read exported platform properties, and accessibility from
vendor_init is also specified explicitly.
Note that whitelisting would be applied only if
PRODUCT_COMPATIBLE_PROPERTY is set on.
Bug: 38146102
Test: tested on walleye with PRODUCT_COMPATIBLE_PROPERTY=true
Change-Id: I304ba428cc4ca82668fec2ddeb17c971e7ec065e
Vendor apps may only use servicemanager provided services
marked as app_api_service. surfaceflinger_service should be
available to vendor apps, so add this attribute and clean up
duplicate grants.
Addresses:
avc: denied { find } scontext=u:r:qtelephony:s0
tcontext=u:object_r:surfaceflinger_service:s0 tclass=service_manager
avc: denied { find } scontext=u:r:ssr_detector:s0
tcontext=u:object_r:surfaceflinger_service:s0 tclass=service_manager
avc: denied { find } scontext=u:r:qcneservice:s0
tcontext=u:object_r:surfaceflinger_service:s0 tclass=service_manager
Bug: 69064190
Test: build
Change-Id: I00fcf43b0a8bde232709aac1040a5d7f4792fa0f
These were missing when the sepolicy was migrated.
Addresses denials:
E SELinux : avc: denied { find } for service=drm.drmManager pid=11769
uid=10018 scontext=u:r:mediaprovider:s0:c512,c768
tcontext=u:object_r:drmserver_service:s0 tclass=service_manager
W kworker/u16:2: type=1400 audit(0.0:1667): avc: denied { use } for
path="/storage/emulated/0/DCIM/Camera/IMG_20170425_124723.jpg"
dev="sdcardfs" ino=1032250 scontext=u:r:kernel:s0
tcontext=u:r:mediaprovider:s0:c512,c768 tclass=fd permissive=0
Bug: 37685394
Bug: 37686255
Test: Sync files
Test: Open downloaded file
Change-Id: Ibb02d233720b8510c3eec0463b8909fcc5bbb73d
MediaProvider requires permissions that diverge from those
of a typical priv_app. This create a new domain and removes
Mtp related permissions from priv_app.
Bug: 33574909
Test: Connect with MTP, download apps and files, select ringtones
Test: DownloadProvider instrument tests, CtsProviderTestCases
Change-Id: I950dc11f21048c34af639cb3ab81873d2a6730a9
The new domain wasn't fully tested, and it caused many regressions
on the daily build. Revert back to using "priv_app" domain until we
can fully test and re-land the new domain.
Temporarily add the USB functionfs capabilities to priv_app domain
to keep remainder of MtpService changes working; 33574909 is tracking
removing that from the priv_app domain.
Test: builds, boots, verified UI and downloads
Bug: 33569176, 33568261, 33574909
Change-Id: I1bd0561d52870df0fe488e59ae8307b89978a9cb
Also move necessary priv_app permissions into MediaProvider domain and
remove MediaProvider specific permissions from priv_app.
The new MtpServer permissions fix the following denials:
avc: denied { write } for comm=6D747020666673206F70656E name="ep0" dev="functionfs" ino=12326 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:functionfs:s0 tclass=file permissive=1
denial from setting property sys.usb.ffs.mtp.ready, context priv_app
Bug: 30976142
Test: Manual, verify permissions are allowed
Change-Id: I4e66c5a8b36be21cdb726b5d00c1ec99c54a4aa4
