Commit graph

186 commits

Author SHA1 Message Date
Treehugger Robot
d547a5a7a2 Merge "microdroid: Allow microdroid_manager to get local CID" 2022-11-23 21:00:07 +00:00
Alice Wang
334640c993 Merge "[cleanup] Remove permissions about binderfs inside microdroid" 2022-11-23 11:34:29 +00:00
Alice Wang
79629bdd60 [cleanup] Remove permissions about binderfs inside microdroid
The binderfs in microdroid has been removed in aosp/2310572.

Bug: 222479468
Test: atest MicrodroidTests MicrodroidHostTests
Change-Id: I757ae39ebc841e8bb23300c4f65a3646ad8031fb
2022-11-22 21:22:38 +00:00
Alice Wang
0065888fe7 [cleanup] Remove unneeded apex_service permissions in microdroid
As microdroid doesn't use apex_service.

Bug: 222479468
Test: atest MicrodroidTests MicrodroidHostTests
Change-Id: Ie79473322905bda56c57d91f3c524ad715c99aff
2022-11-22 21:21:30 +00:00
Alice Wang
160ad719fb Merge "[cleanup] Remove permissions about servicemanager_prop inside microdroid" 2022-11-22 21:06:51 +00:00
Treehugger Robot
4c240dcaab Merge "Encryptedstore/Selinux: Format the crypt device" 2022-11-22 19:33:09 +00:00
Shikha Panwar
c6ff74a210 Encryptedstore/Selinux: Format the crypt device
Add selinux policies required for formatting the crypt device.
1. Allow encryptedstore to execute mk2fs.
2. The execution will happen without domain transition - so add
   permissions related to formatting the device.
3. Allow encryptedstore to write on /dev/vd device - required to zero
   starting bits initially

Test: Run vm with --storage & --storage-size option
Bug: 241541860
Change-Id: I9766e3c67e47a58707beee8b3a156944e3b0a9ce
2022-11-22 17:42:01 +00:00
Alice Wang
7358947455 Merge "[cleanup] Remove permissions about servicemanager inside microdroid" 2022-11-22 15:57:36 +00:00
Alice Wang
165148e62c [cleanup] Remove permissions about servicemanager_prop inside microdroid
As servicemanager is removed from microdroid.

Bug: 222479468
Test: atest MicrodroidTests MicrodroidHostTests
Change-Id: Ie39e4b214f297258f3dceecc11fa3d8289af3be4
2022-11-22 14:55:47 +00:00
Alice Wang
574be921af [cleanup] Remove permissions about servicemanager inside microdroid
Bug: 222479468
Test: atest MicrodroidTests MicrodroidHostTests
Change-Id: I562d0d018f0dbd7d4b93c39b2bde4d2a8b50de13
2022-11-22 14:36:09 +00:00
Treehugger Robot
ea83f4f046 Merge "Revert "Add listen/accept permission to MM's vsock"" 2022-11-22 13:52:20 +00:00
Alice Wang
05bd25482d Merge "[microdroid] Remove microdroid.servicemanager related permissions" 2022-11-22 12:34:04 +00:00
David Brazdil
909e3b9cf9 Revert "Add listen/accept permission to MM's vsock"
Unused since Ib7d1491e264539ffcc40442fdf419ce50d8cecf5.
This reverts commit 5df428bea8.

Bug: 253221932
Test: TH
Change-Id: Icc2aa0bbd05591a53458b1f5fbd2c442dfce7208
2022-11-22 11:52:29 +00:00
Shikha Panwar
f447a0bf07 Merge "encryptedstore - Create Selinux context & grant permissions" 2022-11-22 11:07:50 +00:00
Alice Wang
4925b34400 [microdroid] Remove microdroid.servicemanager related permissions
Since the microdroid.servicemanager has been removed.

Bug: 222479468
Test: atest MicrodroidTests MicrodroidHostTests
Change-Id: I90228ca2d1bc3c66a6967412942e1c3372ed09ca
2022-11-22 08:30:25 +00:00
Treehugger Robot
5a28628dbe Merge "Allow apkdmverity/zipfuse to write to kmsg_debug" 2022-11-22 03:00:37 +00:00
Inseob Kim
e987dcff74 Allow apkdmverity/zipfuse to write to kmsg_debug
..which is inherited from microdroid_manager.

Bug: 258760809
Test: atest MicrodroidHostTestCases MicrodroidTestApp
Change-Id: I839a0e6b4702e811db58b0cc44dd3b599c10a0b8
2022-11-22 10:13:48 +09:00
Alice Wang
3a7809a818 Merge "Cleanup authfs_service / servicemanager communication permissions" 2022-11-21 12:13:27 +00:00
Alice Wang
33fba3f1eb [rpc_binder] Remove permissions about virual_machine_payload_service
This cl removes the SELinux permissions about
virual_machine_payload_service / servicemanager communication.

Bug: 257260848
Test: atest MicrodroidTests
Change-Id: I2aeac92bdba7db1256ca48cdfca2265441882abf
2022-11-21 09:42:06 +00:00
Alice Wang
1a0c3f88e0 Cleanup authfs_service / servicemanager communication permissions
This cl removes SELinux policies related to
authfs_service / servicemanager communication as authfs_service
now uses rpc binder instead of servicemanager.

Bug: 257260848
Test: atest ComposHostTestCases
Change-Id: I3e3de94a837c95e8f486438cc6a76fea39ffc6f3
2022-11-21 09:29:41 +00:00
Inseob Kim
29fb4ae40b Merge changes from topic "microdroid_selinux_denial_fix"
* changes:
  Add listen/accept permission to MM's vsock
  Grant kmsg_debug permission to kexec
2022-11-18 12:04:34 +00:00
Alice Wang
b1c2e19a71 [rpc_binder] Enable connection for authfs_service socket
Bug: 222479468
Test: atest ComposHostTestCases
Change-Id: I2e60010beebf05391c7df6d38ef7be976ad8d06f
2022-11-18 09:22:20 +00:00
Inseob Kim
5df428bea8 Add listen/accept permission to MM's vsock
Bug: 259241719
Test: atest MicrodroidHostTestCases MicrodroidTestApp
Change-Id: I7403b2ae777fd72bb056b5cb260e693ef0793cff
2022-11-17 14:57:41 +00:00
Inseob Kim
cb2c533d83 Grant kmsg_debug permission to kexec
microdroid_manager has stdio_to_kmsg, so it's good to have the same
permission to microdroid_manager's children for better debuggability.

Bug: 259241719
Test: atest MicrodroidHostTestCases MicrodroidTestApp
Change-Id: Ibaaed365e970e6b9f2d458ccae4d128fd3b84f38
2022-11-17 14:57:17 +00:00
Shikha Panwar
81bf90de4d encryptedstore - Create Selinux context & grant permissions
encryptedstore is Microdroid's dm-crypt based encryption solution. It
requires access to block device, mapper devices etc.

Test: Run a VM & look for sepolicy denials.
Bug: 241541860
Change-Id: I556f56a184fc7a1ea71d67c3e591cc567dab2431
2022-11-16 18:18:34 +00:00
Treehugger Robot
069b9502b1 Merge "Allow microdroid_manager to do stdio_to_kmsg" 2022-11-14 13:48:17 +00:00
Inseob Kim
22c1bff56b Allow microdroid_manager to do stdio_to_kmsg
To track any possible bugs on microdroid_manager.

Bug: 258760809
Test: intentionally crash microdroid_manager and see console
Change-Id: I6cd24f3129d153159d76115c833a80353aeee42a
2022-11-14 17:59:08 +09:00
David Brazdil
9d8002113a microdroid: Allow microdroid_manager to get local CID
This is needed to determine the host VirtualMachineService port number.

Bug: 245727626
Test: atest -p packages/modules/Virtualization:avf-presubmit
Change-Id: Iec58ce8adcac27f9ac5e6b07d53e6ef093c1193e
2022-11-11 15:13:12 +00:00
Alice Wang
a818fa2ee2 [rpc_binder] Enable connection with vm_payload_service
Bug: 222479468
Test: atest MicrodroidTests
Change-Id: I85d4d2e2272143b0a1b044c307792feffde4cdf6
2022-11-10 08:00:36 +00:00
Alan Stokes
960e186823 Don't allow payload to connect to host
The payload can listen for inbound connections from the host (routed
via Virtualization Service), but should not be connecting out to the
host - by doing so a VM could connect to an unrelated host process.

(authfs still connects outbound, but has its own domain.)

Bug: 243647186
Test: atest MicrodroidTests ComposHostTestCases
Change-Id: I16d225975d6bcbe647c5fbff21b10465eacd9cb6
2022-10-26 11:23:07 +01:00
Nikita Ioffe
d0fb527326 Switch to tombstoned.microdroid
Bug: 239367015
Test: microdroid presubmits
Change-Id: I01b4cc90425d79c5b33b8e17bf9fe942c3d6233b
2022-10-24 15:36:19 +01:00
Rob Seymour
9833c60b35 Merge "Allow service managers access to apex data." 2022-10-14 18:04:46 +00:00
Keir Fraser
5cbe30c386 Allow microdroid_manager to create a ZRAM swap device
Bug: 238284600
Test: Start a VM, confirm swap is available
Change-Id: I5b6050fabd652d9c15584afa0bfdc10b33401dd1
2022-10-13 14:22:15 +00:00
Treehugger Robot
c3b7489ee5 Merge "Fix too-broad allows granted to domain" 2022-10-13 05:37:13 +00:00
Inseob Kim
4e141f6241 Fix too-broad allows granted to domain
These are wrongly added to microdroid policy while bring up. The
permissions should be restricted to select domains.

Bug: 248478536
Test: atest MicrodroidTests MicrodroidHostTestCases
Change-Id: I9cd94728e84dfd4d69e1bc8e979d204d9d9afbd1
2022-10-13 13:14:29 +09:00
Seungjae Yoo
3ad46dcaa4 Allow reading some files in /proc by microdroid_manager
Bug: 236253808
Test: N/A
Change-Id: I5e5062335ace5c511aab2216c3745a2c8aa1204e
2022-10-11 10:30:03 +09:00
Treehugger Robot
24b66bcf11 Merge "Fix zipfuse race condition" 2022-10-10 15:51:12 +00:00
Andrew Scull
6892b3f212 Move DICE logic into microdroid_manager
The DICE service is deleted and microdroid_maanger takes over the DICE
logic.

Bug: 243133253
Test: atest MicrodroidTests
Test: atest ComposHostTestCases
Change-Id: Idc4cb53f46aa0bc1f197c6267b05f6c5678a34ae
2022-10-07 17:53:50 +00:00
Alan Stokes
fb9911a9bb Fix zipfuse race condition
Allow zipfuse to signal to microdroid_manager via property when it is
ready.

Bug: 243513572
Test: atest MicrodroidTests (locally & via acloud)
Change-Id: Ifcf3d0924faa61ce87124a5ac55bd6a2b193cd99
2022-10-07 16:37:37 +01:00
Alice Wang
34c9f94938 Allow the microdroid app to use vm payload service
Bug: 243512047
Test: atest MicrodroidTestApp
Change-Id: I651781a7cf87b3fa31828a1b46d33dc7f381614c
2022-10-07 08:57:58 +00:00
Andrew Scull
1c6cf7c74a Merge logic of DICE HAL and diced in to dice-service
The DICE HAL and diced are replaced with dice-service which implements
the diced services and also contains the HAL logic directly, without
exposing an implementation of the HAL service.

Bug: 243133253
Test: atest MicrodroidTests
Change-Id: Ia0edeadb04a3fdd37ee1a69a875a7b29586702c5
2022-09-27 22:18:46 +00:00
Rob Seymour
ecbadbb141 Allow service managers access to apex data.
VintfObject will monitor for /apex directory for VINTF data.
Add permissions for service managers to read this data.

Bug: 239055387
Test: m && boot
Change-Id: I179e008dadfcb323cde58a8a460bcfa2825a7b4f
2022-09-23 21:33:58 +00:00
Alan Stokes
d014aa2ca1 Modify authfs related permissions
Allow microdroid_manager to start authfs when needed.

Migrate the authfs-related permissions from compos to
microdroid_payload, so it can be used by any payload.

Move a neverallow to the correct file.

Bug: 245262525
Test: atest MicrodroidTests MicrodroidHostTestCases
Test: atest ComposHostTestCases
Change-Id: I0f5eb9c11bdb427b1f78c9fc721c40de76add484
2022-09-23 15:55:47 +01:00
Jiyong Park
75e8c1f461 Microdroid: remove logd and logcat
Previously in Microdroid, processes send log messages to logd over
socket and then logcat ran to hand the message to the host side over the
serial console.

That has changed. Now, the liblog library which processes use to emit
logs directly sends the given message to the serial console. Liblog does
this by reading a new system property ro.log.file_logger.path. When this
is set, liblog doesn't use the logd logger, but opens the file that the
sysprop refers to and writes logs there.

This change implments sepolicy side of the story.

* logd and logcat types are removed since they no longer are needed.
* existing references to those types are removed as well.
* a new property type `log_prop` is introduced and the two system
  properties are labaled as log_prop
* all processes have read access to the system properties
* all processes have append access to /dev/hvc2

Bug: 222592894
Test: run microdroid, see log is still emitted.

Change-Id: I4c4f3f4fd0e7babeab28ddf39471e914445ef4da
2022-09-14 14:27:26 +00:00
Treehugger Robot
19a06c383a Merge "microdroid: Allow payload read /proc/meminfo" 2022-08-24 09:55:52 +00:00
Jiyong Park
bc0e0dce04 Allow microdroid_manager to run kexec
/system/bin/kexec in Microdroid is now properly labeled as kexec_exec.
The binary is responsible for loading the crashkernel into memory so
that when a kernel panic occurs the crashkernel is executed to dump the
RAM.

Microdroid_manager executes the kexec binary as part of the boot
process. It does this only when the kernel is booted with a memory
reserved for the crashkernel, which is determined by checking if
`crashkernel=` is included in the cmdline. For this, it is allowed to
read /proc/cmdline.

Bug: 238404545
Test: boot microdroid
Change-Id: Id08ba9610e3849ba811367917df8dfcc1774b561
2022-08-23 00:02:36 +09:00
David Brazdil
744ae7f798 microdroid: Allow payload read /proc/meminfo
/proc/meminfo contains useful information about the amount of memory
available to the VM and the payload. Let microdroid_payload domain read
the file.

Test: atest MicrodroidBenchmarks
Change-Id: I22d4888cf84e78ce8ed0803e7ebdeb7fca370e1f
2022-08-19 13:57:33 +01:00
Alan Stokes
07ce6daa44 De-dupe compos rules
compos has the microdroid_payload attribute, so we don't need to
duplicate rules that apply to that. This .te should only have things
that differentiate compos from other payloads.

Test: Presubmits
Change-Id: Ib5b8c52f9a068a583fc1471ac6cf0e4aef906857
2022-08-19 11:34:53 +01:00
Jiyong Park
6438f66960 Remove an obsolete rule for microdroid_manager
The fuse supports file contexts. Microdroid_manager no longer needs the
access to the fuse label.

Bug: 188400186
Test: run microdroid test
Change-Id: I9a17a96c6d07a466e1fa01d65279e467a874da3f
2022-08-16 14:40:55 +09:00
Steven Moreland
46138cca6a Merge "Fully prepare vendor_service removal." 2022-08-01 23:20:05 +00:00