Commit graph

315 commits

Author SHA1 Message Date
Martijn Coenen
1bbda7e662 Initial sepolicy for app_zygote.
The application zygote is a new sort of zygote process that is a
child of the regular zygote. Each application zygote is tied to the
application for which it's launched. Once it's started, it will
pre-load some of the code for that specific application, much like
the regular zygote does for framework code.

Once the application zygote is up and running, it can spawn
isolated service processes that run in the isolated_app domain. These
services can then benefit from already having the relevant
application code and data pre-loaded.

The policy is largely the same as the webview_zygote domain,
however there are a few crucial points where the policy is different.

1) The app_zygote runs under the UID of the application that spawned
   it.
2) During app_zygote launch, it will call a callback that is
   controlled by the application, that allows the application to
   pre-load code and data that it thinks is relevant.

Especially point 2 is imporant: it means that untrusted code can run
in the app_zygote context. This context is severely limited, and the
main concern is around the setgid/setuid capabilities. Those conerns
are mitigated by installing a seccomp filter that only allows
setgid/setuid to be called in a safe range.

Bug: 111434506
Test: app_zygote can start and fork children without denials.
Change-Id: I1cc49ee0042d41e5ac6eb81d8f8a10ba448d4832
2019-01-21 08:24:41 +00:00
William Hester
2367e8790b Merge "Add the testharness service to sepolicy rules" am: 1fefa6c0e8 am: a587f0d4d3
am: d10adc6f50

Change-Id: I9af82b1f2583945eb8c0ba5563cf2d548e552619
2019-01-17 17:52:59 -08:00
William Hester
5f486c74bf Add the testharness service to sepolicy rules
The testharness service will manage Test Harness Mode and provide a
command-line interface for users to enable Test Harness Mode; however it
does not directly provide a public API.

Bug: 80137798
Test: make
Test: flash crosshatch
Change-Id: Ie396e40fcea8914b4dd2247f2314e029b66ad84e
2019-01-17 13:10:37 -08:00
Nandana Dutt
2d4b0694d4 Merge "Add sepolicy for BugreportManagerService" am: 5a974a0eae am: b3b807b758
am: 28bcda8e78

Change-Id: I81244c1a7c851fee1b21ef3f4c59e5c47bc61911
2019-01-17 13:09:07 -08:00
Nandana Dutt
5cdd2f5ef8 Add sepolicy for BugreportManagerService
BUG:111441001
Test: boots
Change-Id: I71a54e8335c5ce7f9d97af3dbbd62e663bb66d33
2019-01-17 12:23:31 +00:00
David Anderson
f3fd8fff2a sepolicy for gsid am: 6d53efcf46 am: 34d1f38571
am: fe2533bc60

Change-Id: I9ca3f620dafc3d2bdc143f6a50a710745b89531c
2019-01-15 22:55:23 -08:00
David Anderson
6d53efcf46 sepolicy for gsid
Bug: 122556707
Test: gsid starts
Change-Id: Ib05ddb79051436f51cd236de04027a3b12ee87a9
Signed-off-by: Sandeep Patil <sspatil@google.com>
2019-01-15 20:43:33 -08:00
chenbruce
4e5057af68 SEPolicy updates for adding native flag namespace(netd). am: e3d625b72e am: fa0e90a368
am: 51ae024208

Change-Id: Iffb914913a3062836fe0fc857dc992d53d8cd336
2019-01-14 19:53:05 -08:00
chenbruce
e3d625b72e SEPolicy updates for adding native flag namespace(netd).
For experiment flag testing, we add a flag netd and have
SEPolicy updates.

Test:  add sepolicy, m -j, check GetServerConfigurableFlag function in netd
Bug:122050512
Change-Id: I21c844c277afc358085d80447f16e4c0d4eba5b3
2019-01-15 02:47:57 +00:00
Jeff Vander Stoep
5f53a116c4 resolve merge conflicts of 9678d0d6da to master
Test: build
Change-Id: Iecb7fae299d5714c98bdcb9da245b44819cf04be
2019-01-14 16:10:40 -08:00
Joel Fernandes
b76a639956 Add permissions for bpf.progs_loaded property
Change-Id: If4e550e4186415c5a1088bb53b0755b69f92560a
Signed-off-by: Joel Fernandes <joelaf@google.com>
2019-01-14 10:59:10 -05:00
Steven Moreland
d8994c81fb system/etc/event-log-tags available to all am: b7246ac0b6 am: 78bcb0e237
am: 7805582beb

Change-Id: Ie8dcfd66d647842bf84826249c9127e3cc5ddcfc
2019-01-11 11:55:38 -08:00
Siarhei Vishniakou
434dd2d6c7 Merge "Permissions for InputClassifier HAL" am: 1531e72e76 am: f01aeef78c
am: 26670ab73f

Change-Id: I45ee39fb63dab2ec91a5a909e59c990bacc7c48a
2019-01-11 11:54:26 -08:00
Steven Moreland
78bcb0e237 system/etc/event-log-tags available to all
am: b7246ac0b6

Change-Id: I724850c1ecb440d15baca4e9cdda9d19f4a65fa8
2019-01-11 11:02:21 -08:00
Siarhei Vishniakou
f01aeef78c Merge "Permissions for InputClassifier HAL"
am: 1531e72e76

Change-Id: Ic1f5e2815740222e35011738a6f391b5d2222019
2019-01-11 10:54:31 -08:00
Steven Moreland
b7246ac0b6 system/etc/event-log-tags available to all
This was a regression in Q, and the file is an implementation of
liblog.

Bug: 113083310
Test: use tags from vendor and see no denials

Change-Id: I726cc1fcfad39afc197b21e431a687a3e4c8ee4a
2019-01-11 18:42:02 +00:00
Chalard Jean
4f2b179cc3 Add sepolicy for IpMemoryStoreService am: fb15c9f12f am: bb05d23d63
am: 2f3ccbbe8b

Change-Id: I0dced9f1d9f741689e6243f8288f18b8067521e7
2019-01-11 01:26:10 -08:00
Chalard Jean
bb05d23d63 Add sepolicy for IpMemoryStoreService
am: fb15c9f12f

Change-Id: I43acccc8658c9fade28fe3513f48627d765450d3
2019-01-11 01:13:59 -08:00
Felipe Leme
26f04ff7f2 DO NOT MERGE - Renamed "intelligence" to "content_capture"
This cherry-pick exists to update stage-aosp-master sepolicy
files to look like the ones in master and aosp. It looks like
it was an overlook this patch was merged with DO NOT MERGE
instead of only Merged-In.

Bug: 111276913
Test: manual verification

Merged-In: If76dc7bfdad87789a58fc94e0fd280deae1a41ab
Change-Id: If76dc7bfdad87789a58fc94e0fd280deae1a41ab
(cherry picked from commit 73e7fa884b)
2019-01-11 17:45:42 +09:00
Siarhei Vishniakou
41a871ba84 Permissions for InputClassifier HAL
Add the required permissions for the InputClassifier HAL.

Bug: 62940136
Test: no selinux denials in logcat when HAL is used inside input flinger.
Change-Id: Ibc9b115a83719421d56ecb4bca2fd196ec71fd76
2019-01-11 02:08:19 +00:00
Chalard Jean
fb15c9f12f Add sepolicy for IpMemoryStoreService
Bug: 116512211
Test: Builds, boots, including upcoming changes needing this
Change-Id: I6f119368c5a4f7ac6c0325915dff60124c5a6399
2019-01-10 18:06:56 +09:00
Yabin Cui
819fb2fe1e Merge "Add permissions in runas_app domain to debug/profile debuggable apps." am: cd1c24f323 am: 0dd15e788a
am: b60f982707

Change-Id: I102ae116e38ee87d291c15a814976c750c180c6e
2019-01-09 12:17:01 -08:00
Yabin Cui
0dd15e788a Merge "Add permissions in runas_app domain to debug/profile debuggable apps."
am: cd1c24f323

Change-Id: I11c6f1d25977837b5388de34a3796b7cadcf5ea8
2019-01-09 12:06:09 -08:00
Yabin Cui
770a4f6539 Add permissions in runas_app domain to debug/profile debuggable apps.
runas_app domain is used by lldb/ndk-gdb/simpleperf to debug/profile
debuggable apps. But it misses permissions to ptrace app processes and
read /proc/<app_pid> directory.

Bug: none
Test: build and boot marlin.
Test: run lldb and simpleperf on apps with target sdk version 24-29.
Change-Id: I9e6f940ec81a8285eae8db3b77fb1251a25dedd0
2019-01-09 17:24:31 +00:00
Dario Freni
9a8cac3238 Merge "SEPolicy for Staged Installs." am: 4d399f606f am: 757484f199
am: 783eee99dd

Change-Id: Id6b404c391e130cf0f74db6613ee7ca6426498c0
2019-01-08 02:19:28 -08:00
Dario Freni
757484f199 Merge "SEPolicy for Staged Installs."
am: 4d399f606f

Change-Id: Idbec6c32736accd630831d7de420d4bdc66b9d14
2019-01-08 02:03:00 -08:00
Dario Freni
274c1ded4d SEPolicy for Staged Installs.
Test: basic workflow between apexd and PackageManager tested with
changes being developed.
Bug: 118865310
Change-Id: I1ae866f33e9b22493585e108c4fd45400493c7ac
2019-01-07 22:36:28 +00:00
Richard Uhler
f40636dc09 Merge "Add sepolicy for RollbackManagerService." 2019-01-04 17:52:25 +00:00
Zachary Iqbal
4c7469ad38 Added placeholder SELinux policy for the biometric face HAL. am: 893272d883 am: f8be9cf1c0
am: ab1e43cdad

Change-Id: If9c63acee76a9574c2e2fdbd7a2796bf89d194cc
2018-12-28 13:00:42 -08:00
Zachary Iqbal
f8be9cf1c0 Added placeholder SELinux policy for the biometric face HAL.
am: 893272d883

Change-Id: I6888b5d3527c396e59b3798d18595e47a3002fde
2018-12-28 12:32:26 -08:00
Zachary Iqbal
893272d883 Added placeholder SELinux policy for the biometric face HAL.
Notes:
- Added face hal domain, context and file types for the default
  SELinux policy.
- Please see aosp/q/topic:"Face+Authentication"

Bug: 80155388
Test: Built successfully.
Change-Id: I2e02cf6df009c5ca476dfd842b493c6b76b7712a
2018-12-28 12:23:56 -08:00
Dario Freni
5ed3e5e6c9 Revert "Add StagingManager service." am: ca86169422 am: 86acf690de
am: d4b1901c83

Change-Id: I506af3ac76f51d63e6ef5c967a610e648f6aa467
2018-12-28 10:55:22 -08:00
Dario Freni
86acf690de Revert "Add StagingManager service."
am: ca86169422

Change-Id: I114102451c0463d0ccb1db688e60f0baea9ebfb7
2018-12-28 10:25:44 -08:00
Dario Freni
ca86169422 Revert "Add StagingManager service."
This reverts commit 9eb3b8ffdf.

Reason for revert: We are deciding for now not to make StagingManager a fully-fledged binder service, as it will only be accessed by PackageInstaller. We might re-evaluate this decision later if needed.

Bug: 122072686
Change-Id: Ic2a53fc92ddd7d7eeccc6a4a0117f28724346ec7
2018-12-28 12:50:49 +00:00
Dario Freni
010299eb55 Add StagingManager service. am: 9eb3b8ffdf am: 35e5027124
am: 193713107c

Change-Id: I3518d2cd17be96270ad75ba9fa66208887871045
2018-12-27 10:12:11 -08:00
Dario Freni
35e5027124 Add StagingManager service.
am: 9eb3b8ffdf

Change-Id: I26f5722d645dab805634fcaefa9a0c3ad94a2c93
2018-12-27 10:03:57 -08:00
Richard Uhler
25529f6217 Add sepolicy for RollbackManagerService.
Bug: 112431924
Test: atest RollbackTest
Change-Id: I30453a8d5352a31e3e6af6c37a20b5473904d356
2018-12-27 17:21:37 +00:00
Dario Freni
9eb3b8ffdf Add StagingManager service.
Adding a new high-level service which will handle staged installs, i.e.
installs that require a reboot.

Bug: 118865310
Test: An initial implementation of StagingManager can be reached
successfully by PackageManagerService and PackageInstallerService.
Change-Id: I8859b463575f8ee85caae43570958347b82f967e
2018-12-27 16:13:24 +00:00
Michael Groover
390270e0fb Merge "Add selinux policy for new SensorPrivacyService"
am: 09c86730b5

Change-Id: I274d9e0bbbc006fdbb5a544ea649eceb3172840f
2018-12-27 08:06:12 -08:00
Michael Groover
09c86730b5 Merge "Add selinux policy for new SensorPrivacyService"
Test: manually verified SensorPrivacyService is accessible
Bug: 110842805
Merged-In: Idd215f338f2da0dab4898ea06fa08d9b4a1bcb5f
Change-Id: Idd215f338f2da0dab4898ea06fa08d9b4a1bcb5f
(cherry picked from commit 0ac3dea71b)
2018-12-27 08:53:15 +00:00
Emilian Peev
992f6099ab Merge "sepolicy: Add "rs" and "rs_exec" to public policy" am: 9c9eb2dfca am: 67fbfdf793
am: 8f1e4e52f3

Change-Id: I72500b06122cb5b5f527d196deff9bc50a5442cb
2018-12-21 17:05:49 -08:00
Emilian Peev
67fbfdf793 Merge "sepolicy: Add "rs" and "rs_exec" to public policy"
am: 9c9eb2dfca

Change-Id: I4cc8e1179f65f2f3a881f1bd79d457daf3c299c7
2018-12-21 16:46:22 -08:00
Emilian Peev
a34cfe7b56 sepolicy: Add "rs" and "rs_exec" to public policy
Add "rs" and "rs_exec" types to public policy. Access
to these types might be needed for device specific
customization.

Bug: 121306110
Test: Manual using application
Change-Id: Ief35d3353625adfbf468447de74aa80651dd9451
2018-12-21 17:47:54 +00:00
Remi NGUYEN VAN
0c1d5701d7 Add selinux policies for network stack service am: 47c2dee5c2 am: 4d75750f98
am: 515455f473

Change-Id: I891eac74bd61982b2192ab0e80340b7273834176
2018-12-20 17:44:29 -08:00
Remi NGUYEN VAN
5c8f87e1c9 Merge "sepolicy changes for network stack app" am: 41b6263007 am: 5b586461ca
am: ec91e1f31d

Change-Id: Ie496a81612cfdd0ff7af26533209d40fce564a35
2018-12-20 17:36:10 -08:00
Remi NGUYEN VAN
4d75750f98 Add selinux policies for network stack service
am: 47c2dee5c2

Change-Id: I01235f3e048c7149ff741bbb7563da999e98e415
2018-12-20 16:46:47 -08:00
Remi NGUYEN VAN
5b586461ca Merge "sepolicy changes for network stack app"
am: 41b6263007

Change-Id: I1fb6a0729528895a500af70b83144c966b1037ee
2018-12-20 16:41:37 -08:00
Remi NGUYEN VAN
47c2dee5c2 Add selinux policies for network stack service
The policies allow the system server to register a network_stack_service
used to communicate with the network stack process.

Test: atest FrameworksNetTests
Bug: b/112869080
Change-Id: Ib9b7d9150fe4afcce03c8b3dbb36b81c67e39366
2018-12-21 00:09:50 +00:00
Remi NGUYEN VAN
41b6263007 Merge "sepolicy changes for network stack app" 2018-12-21 00:06:39 +00:00
Martijn Coenen
80dec04363 Merge "Allow apexd to write to sysfs loop device parameters." am: 36f93d0339 am: 11ac1ed2dd
am: 537a20706d

Change-Id: I0887f37b30e62f06784d89a4fe768c488a6ee2fd
2018-12-20 00:26:41 -08:00
Martijn Coenen
11ac1ed2dd Merge "Allow apexd to write to sysfs loop device parameters."
am: 36f93d0339

Change-Id: I2301afff86aa59e600641a5e7f2af863f1e0730d
2018-12-20 00:07:16 -08:00
Remi NGUYEN VAN
5f3ba92c61 sepolicy changes for network stack app
The networking stack app hosts services that used to be in the system
server (IpClient, NetworkMonitor for now), but in a different process to
be packaged as a mainline module.

Test: booted, verified networking stack working when in app
Change-Id: I300a556f51b35c17378af961cea1ec937444e597
2018-12-20 12:05:31 +09:00
Martijn Coenen
d7bf9218a0 Allow apexd to write to sysfs loop device parameters.
To configure read-ahead on loop devices, eg.
/sys/devices/virtual/block/loop0/queue/read_ahead_kb

Bug: 120776455
Test: configuring read-ahead on loop devices works from apexd
Change-Id: Ib25372358e8ca62fa634daf286e4b64e635fac58
2018-12-20 03:05:50 +01:00
Winson Chung
f933d4545c Adding policy for content suggestions.
Cherry-picked from aosp/852612 (commit Ic0b3f85fad24ccedc0a8e9935c198bc8503bb415),
and is a manual merge for ag/5836696 (commit I360ce12f33e333766f6f30614c87811d05e663a4)

Bug: 120865921
Test: Manual verification
Change-Id: Ic0b3f85fad24ccedc0a8e9935c198bc8503bb415
2018-12-18 17:57:41 +00:00
Winson Chung
2a7cd0d1ea resolve merge conflicts of ac1a0a7bf5 to stage-aosp-master
Bug: None
Test: I solemnly swear I tested this conflict resolution.

Change-Id: I360ce12f33e333766f6f30614c87811d05e663a4
Merged-In: Ic0b3f85fad24ccedc0a8e9935c198bc8503bb415
2018-12-18 17:47:03 +00:00
Winson Chung
ac1a0a7bf5 Adding policy for content suggestions.
Bug: 120865921
Test: Manual verification
Change-Id: Ic0b3f85fad24ccedc0a8e9935c198bc8503bb415
2018-12-18 00:30:34 +00:00
Todd Kennedy
bdcbd3b7e2 Create new permissionmgr_service am: 784c2b8d32 am: aa79e34850
am: b9e8dd8a60

Change-Id: I1a4cab532d9f6cccdc07776fdbbcb32c2a616b65
2018-12-17 13:19:04 -08:00
Todd Kennedy
aa79e34850 Create new permissionmgr_service
am: 784c2b8d32

Change-Id: I840e2291d05ec8643ae3d08b494e4f4396f00511
2018-12-17 12:54:46 -08:00
Todd Kennedy
784c2b8d32 Create new permissionmgr_service
We're creating a new PermissionManagerService that will handle
all of the permission related APIs. These are currently being
routed through PackageManagerService.

Test: Device boots
Change-Id: I7d08561dd33b692209c30d413cdca0ff567358f1
2018-12-17 14:49:01 +00:00
Rafal Slawik
3e45997d95 Merge "SELinux policy for rss_hwm_reset" am: 98c6b33088 am: 6ad9f07660
am: 0f05f12beb

Change-Id: I90e3dbd79aba47f50b7a938b1759ed68a44a4b2b
2018-12-17 04:52:18 -08:00
Rafal Slawik
6ad9f07660 Merge "SELinux policy for rss_hwm_reset"
am: 98c6b33088

Change-Id: I4ceb35dd14a08a21cb6a1b13f743f89599871377
2018-12-17 04:43:20 -08:00
Rafal Slawik
4e1c5764b5 SELinux policy for rss_hwm_reset
rss_hwm_reset is binary that reset RSS high-water mark counters for all
currently running processes. It runs in a separate process because it
needs dac_override capability.

Bug: 119603799
Test: no errors in logcat
Change-Id: I6221a5eca3427bf532830575d8fba98eb3e65c29
2018-12-15 10:13:03 +00:00
Felipe Leme
0f45683fb3 DO NOT MERGE - Renamed "intelligence" to "content_capture"
Bug: 111276913
Test: manual verification

Merged-In: If76dc7bfdad87789a58fc94e0fd280deae1a41ab
Change-Id: If76dc7bfdad87789a58fc94e0fd280deae1a41ab
(cherry picked from commit 73e7fa884b)
2018-12-14 08:34:32 -08:00
Michael Groover
0ac3dea71b Add selinux policy for new SensorPrivacyService
Test: manually verified SensorPrivacyService is accessible
Bug: 110842805
Change-Id: Idd215f338f2da0dab4898ea06fa08d9b4a1bcb5f
2018-12-14 03:19:22 -08:00
Florian Mayer
5c6dcb727c Add persist.heapprofd.enable property. am: c32ca90181 am: 4935f90876
am: 0f094e304a

Change-Id: Ibb7cf3bae4e92e618d16d292c848dd257d6f68a2
2018-12-12 08:08:49 -08:00
Florian Mayer
c32ca90181 Add persist.heapprofd.enable property.
This is analoguous to what Perfetto does with persist.traced.enable.

Test: m
Test: flash walleye
Test: setprop persist.heapprofd.enable 1
      setprop persist.heapprofd.enable 0

Change-Id: I997272ef8c6fe078aca2388ed0cf2ecc3de612a5
2018-12-12 10:26:33 +00:00
Sunny Goyal
32b4f50c7f New system service: app_prediction_service am: 2a2d638ef6 am: e5ff5023d3
am: e1b0d95689

Change-Id: Idec4f089242127af878c27ab100b99653270192a
2018-12-11 20:07:35 -08:00
Sunny Goyal
2a2d638ef6 New system service: app_prediction_service
- Update policy for new system service, used for SystemUI/Apps to
  present predicted apps in their UI.

Bug: 111701043
Test: manual verification
Change-Id: Ia3b5db987097d2d71bf774ca550041e03214471d
2018-12-12 03:33:56 +00:00
Benjamin Schwartz
e7040eada0 Add power.stats HAL 1.0 sepolicy
Also giving statsd permission to access it. This change copies the internal sepolicy to AOSP.

Bug: 111185513
Bug: 120551881
Test: make
Change-Id: I7e0386777e05580299caf9b97cb7804459f1a9d0
2018-12-11 00:11:08 +00:00
Matt Pape
0dd5cf439b Merge "SEPolicy updates for DeviceConfig Service." am: b1553b72a8 am: 4da093fe61
am: 5f12b6426b

Change-Id: Ic0a2419e140465a06c3911b6eed1f153d6df66c0
2018-12-07 12:46:31 -08:00
Matt Pape
b1553b72a8 Merge "SEPolicy updates for DeviceConfig Service." 2018-12-07 20:23:59 +00:00
Matt Pape
6aa44527b8 SEPolicy updates for DeviceConfig Service.
Add a DeviceConfig service in system_server to edit configuration flags.
This is intended to be a command line tool for local overrides and/or
tool for tests that adopt shell permissions.

Test: None
Bug:109919982
Bug:113101834
Change-Id: Ib7bed752849b1ed102747e3202dd7aed48d2c6d5
2018-12-07 08:27:29 -08:00
Felipe Leme
d2536c280b Merge "Renamed "intelligence" to "content_capture"" 2018-12-07 04:18:44 +00:00
Tri Vo
02c4c3fa7b Remove sepolicy for /dev/alarm.
After b/28357356 /dev/alarm is no longer used by android platform.
Also, Pixel devices don't have /dev/alarm.

Bug: 110962171
Test: boot aosp_walleye
Change-Id: Id9723996104a2548ddf366489890c098d1ea87be
2018-12-06 04:23:22 +00:00
Tri Vo
4feb259989 Remove sepolicy for /dev/alarm.
After b/28357356 /dev/alarm is no longer used by android platform.
Also, Pixel devices don't have /dev/alarm.

Bug: 110962171
Test: boot aosp_walleye
Change-Id: Id9723996104a2548ddf366489890c098d1ea87be
2018-12-05 17:12:25 -08:00
Felipe Leme
73e7fa884b Renamed "intelligence" to "content_capture"
Bug: 111276913
Test: manual verification

Change-Id: If76dc7bfdad87789a58fc94e0fd280deae1a41ab
2018-12-04 17:21:42 -08:00
Neil Fuller
a7110131ba Merge "Track add of RuntimeService in system server" am: 3350a79438 am: f660386952
am: 5ff6235136

Change-Id: I816f9253ed32d34650368b531fded7379bd24931
2018-12-04 00:57:44 -08:00
Neil Fuller
f58b555de3 Track add of RuntimeService in system server
Adds the necessary incantations for the new service.

Bug: 118242715
Bug: 119026403
Test: build / boot / adb shell dumpsys
Change-Id: Ibb1a356067863316d70586a61ede9f5973c1ae15
2018-12-03 15:45:46 +00:00
Kevin Chyn
fdf770d1dd Merge "Add placeholder iris and face policy for vold data directory" am: 5ea85b5f75 am: 7a89b6a1a5
am: 9404d49e02

Change-Id: If718a5dece1bf61b540bda46043b6310dd7f3aed
2018-11-30 17:20:23 -08:00
Kevin Chyn
91c2580bce Add placeholder iris and face policy for vold data directory
This is PS1 of aosp/828283 which was reverted. Using PS1 shouldn't cause
the same issue.

Test: vold is able to create directories, ag/5534962

Bug: 116528212
Change-Id: I84aca49a8dae0a087498120780dea0962aca04b3
2018-11-30 11:37:19 -08:00
Nick Kralevich
83f25e26f9 Revert "Add placeholder iris and face policy for vold data directory"
This reverts commit 92bde4b941.

Reason for revert: Rebooting after OTA fails due to the
filesystem still seeing the old label on the device.

Bug: 116528212
Bug: 119747564
Change-Id: Ib5f920f85c7e305e89c377369dca038d2c6c738c
Test: rollback change
2018-11-19 15:00:19 -08:00
Nick Kralevich
f823902620 Revert "Add placeholder iris and face policy for vold data directory"
This reverts commit 92bde4b941.

Reason for revert: Rebooting after OTA fails due to the
filesystem still seeing the old label on the device.

Bug: 116528212
Bug: 119747564
Change-Id: Ib5f920f85c7e305e89c377369dca038d2c6c738c
Test: rollback change
2018-11-19 14:57:58 -08:00
Florian Mayer
1f52505326 Property to enable heap profile from process startup. am: 0f3decf2f5 am: 479a46c233
am: 8f8345f854

Change-Id: I2c7d0144981728d492474bdca2ed9f8b0c13f3de
2018-11-19 14:24:31 -08:00
Haibo Huang
fdbcd20e00 Merge "Add new cpu variant related rules to SELinux" am: e80631ff53 am: ea04f8de6a
am: 3b82373489

Change-Id: Ife9d4001ddb99bb62eee719df994b85c78c43fa7
2018-11-19 14:04:03 -08:00
Florian Mayer
0f3decf2f5 Property to enable heap profile from process startup.
This is world-readable so it can be checked in libc's process init.

Test: m
Test: flash sailfish

Bug: 117821125

Change-Id: Iac7317ceb75b5ad9cfb9adabdf16929263fa8a9d
2018-11-19 21:52:43 +00:00
Haibo Huang
544a0d5480 Add new cpu variant related rules to SELinux
I added ro.bionic.(2nd_)?_(arch|cpu_variant) to vendor system
properties. And have init to write them to files under dev/.

This change set SELinux rules for these properties and files.

For the system properties: vendor/default.prop will set them. init will
read them.
For the files /dev/cpu_variant:.*: init will write them. bionic libc
will read them. (Basically world readable).

This is to allow libc select the right optimized routine at runtime.
Like memcpy / strcmp etc.

Test: getprop to make sure the properties are set.
Test: ls -laZ to make sure /dev/cpu_variant:.* are correctly labeled.

Change-Id: I41662493dce30eae6d41bf0985709045c44247d3
2018-11-19 18:29:36 +00:00
Hongyi Zhang
7add7d1ee9 Merge "sepolicies for sys prop enabling flag health check" am: 745d3839e4 am: cc75f78ca9
am: 616d8443d6

Change-Id: I862193ef6db690209209d0165297c718e88946a4
2018-11-19 10:12:28 -08:00
Hongyi Zhang
745d3839e4 Merge "sepolicies for sys prop enabling flag health check" 2018-11-19 17:48:55 +00:00
Tri Vo
c583b361d5 Remove redundant cgroup type/labelings. am: d918c8df78 am: 5b235aed58
am: 50e684668a

Change-Id: I38df86a670d76affb7311956e7995d559176d360
2018-11-16 17:58:27 -08:00
Tri Vo
d918c8df78 Remove redundant cgroup type/labelings.
cgroup is labeled from genfs_contexts. Also, cgroup filesystems can't be
context mounted, i.e. it's not possible to mount them with a label other
than "cgroup".

Bug: 110962171
Test: m selinux_policy
Test: boot aosp_walleye
Change-Id: I8319b10136c42a42d1edaee47b77ad1698e87f2c
2018-11-17 01:24:49 +00:00
Hongyi Zhang
da492f4fca sepolicies for sys prop enabling flag health check
device_config_flags_health_check_prop is used for enabling/disabling
program flags_health_check which is executed during device booting.
"1" means enabling health check actions in flags_health_check, other
values mean flags_health_check will not perform any action.

Test: build succeeded & manual test
Change-Id: I93739dc5d155e057d72d08fd13097eb63c1193b5
2018-11-17 00:09:36 +00:00
Kevin Chyn
d20aa7ebe1 Merge "Add placeholder iris and face policy for vold data directory" am: 118a106c63 am: 66cffb9633
am: 2d2c9a3461

Change-Id: I199cd433ff974e919e6e0b08beeca8dfa21bf8b4
2018-11-15 20:47:59 -08:00
Kevin Chyn
92bde4b941 Add placeholder iris and face policy for vold data directory
Test: vold is able to create directories, ag/5534962

Bug: 116528212

Change-Id: I61dd8802c13b1c42d334a80b678ca6a877848fc2
2018-11-15 17:32:03 -08:00
Tri Vo
6a871d3199 Remove kmem_device selinux type. am: c7f56cdc83 am: a63d9d5c9d
am: c035606d87

Change-Id: I2f4212136a9c12efd2a69228a6ea78eec896449f
2018-11-15 13:58:16 -08:00
Tri Vo
c7f56cdc83 Remove kmem_device selinux type.
kmem_device was used to label /dev/mem and /dev/kmem. We already have
multiple layers of protection against those /dev nodes being present on
devices.

CTS checks that /dev/mem and /dev/kmem don't exist:
https://android.googlesource.com/platform/cts/+/master/tests/tests/permission/src/android/permission/cts/FileSystemPermissionTest.java#233

VTS enforces our base kernel configs, which have CONFIG_DEVKMEM and
CONFIG_DEVMEM disabled:
https://android.googlesource.com/kernel/configs/+/master/android-4.9/android-base.config#2

Bug: 110962171
Test: m selinux_policy
Change-Id: I246740684218dee0cddf81dabf84d4763a753cde
2018-11-15 21:31:56 +00:00
Mrten Kongstad
efa6e132c4 Add idmap2 and idmap2d am: f62362da52 am: 5df802442e
am: 24097dacdb

Change-Id: I761d848ba6d31bbc2a502f1f8ab3c9a318184872
2018-11-15 08:28:12 -08:00
Mårten Kongstad
f62362da52 Add idmap2 and idmap2d
Bug: 78815803
Test: builds, boots
Test: manual: adb shell idmap2 create ...
Test: manual: adb shell ps | grep -e idmap2d
Change-Id: I60852e15d99329896ff9de6559d1e7cd1c67e33d
2018-11-15 14:42:10 +00:00
Jayant Chowdhary
a7289fe436 Merge "Add selinux rules for HIDL ICameraServer." 2018-11-13 18:31:36 +00:00
Tri Vo
dea30662e8 Remove mtd_device type. am: ced1751e45 am: 567e2d8661
am: 930158f3e5

Change-Id: I4f3ef8cf5c4c141ddbe184d3d21749f7dddfa6bd
2018-11-12 21:10:28 -08:00
Tri Vo
ced1751e45 Remove mtd_device type.
mtd_device does not label any /dev node present on walleye, and the only
permission to that type is:
allow hal_telephony_server mtd_device:dir search;
I suspect there is no need to keep mtd_device around.

Bug: 110962171
Test: boot aosp_walleye
Change-Id: If74b1258b21edeca38c8b7dc07a3a10b751a7e85
2018-11-12 23:11:03 +00:00
Tri Vo
4f22a98411 Merge "Remove dead *_device types from system sepolicy." am: ca5b01b0a6 am: 0140ae3b3d
am: 08494c2c58

Change-Id: Iec1458abdde327e444cbee2801a73a46d68c88b5
2018-11-12 14:56:45 -08:00
Treehugger Robot
ca5b01b0a6 Merge "Remove dead *_device types from system sepolicy." 2018-11-12 22:29:32 +00:00
Eugene Susla
d6768f140e Add SELinux service for RoleManagerService am: c496db327e am: 5d52675972
am: 9938def987

Change-Id: I5fe901dc6ba38272753f8cbb022b2fd63ecf8062
2018-11-12 11:20:51 -08:00
Jayant Chowdhary
039d4151da Add selinux rules for HIDL ICameraServer.
Bug: 110364143

Test: lshal->android.frameworks.cameraservice.service@2.0::ICameraService/default
      is registered.

Change-Id: I689ca5a570c169581b2bfb9d117fcdafced0a7e0
Signed-off-by: Jayant Chowdhary <jchowdhary@google.com>
2018-11-12 10:42:29 -08:00
TreeHugger Robot
d46a81a397 Merge "28.0.cil: restore alphabetical order in list" 2018-11-12 17:50:52 +00:00
Eugene Susla
c496db327e Add SELinux service for RoleManagerService
Test: ensure no build failures;
add RoleManagerService as a boot phase
ensure no SecurityException in logcat on boot
Change-Id: Ia0803c0fb084fe2b12f5c20f5e46354d0dd1aedf
2018-11-12 17:10:59 +00:00
Tri Vo
0d93cff248 28.0.cil: restore alphabetical order in list
This helps with merge conflicts from AOSP.

Test: m selinux_policy
Change-Id: Ifd464d841cdc710a1d893eec1d3bc9fb6ca69aa0
2018-11-10 14:58:50 -08:00
Suren Baghdasaryan
b12d5da665 sepolicy: Allow lmkd access to psi procfs nodes
Lmkd needs read access to /proc/pressure/memory, proc/pressure/cpu
and proc/pressure/io nodes to read current psi levels.
Lmkd needs write access to /proc/pressure/memory to set psi monitor
triggers.

Bug: 111308141
Test: modified lmkd to use PSI and tested using lmkd_unit_test

Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I9efd60c7fbb89cc08938fa5119b13d794813b52b
2018-11-10 00:22:49 +00:00
Tri Vo
b805adaa16 Remove dead *_device types from system sepolicy.
No coredomain domain has access to these types and corresponding /dev
nodes don't exist on the device:

audio_seq_device
audio_timer_device
full_device
i2c_device
vcs_device

Bug: 110962171
Test: m selinux_policy
Test: boot walleye
Change-Id: I89ad4755e6760aa166cb22e2655567e5905dc672
2018-11-09 15:45:59 -08:00
Hongyi Zhang
171cebaadc Sepolicies for server configural flags reset am: b965e3c5f9 am: 71a7aa8921
am: e37af7de5f

Change-Id: Ia9a0d072c3970a8073dc3a6392f079497717b437
2018-11-09 11:33:12 -08:00
Hongyi Zhang
b965e3c5f9 Sepolicies for server configural flags reset
Test: m -j succeeded and manual tested on device

Change-Id: I3415c58335361a9da4ef2368e61bc4e0250a91bb
2018-11-09 18:55:55 +00:00
TreeHugger Robot
be22cad21b Merge "Move thermal service into system_server" 2018-11-08 01:43:14 +00:00
Kevin Chyn
c4d7d27ec9 Add placeholder sepolicy for iris and face am: 52261e78c0 am: 72b902d0d1
am: 57c1fdb18e

Change-Id: Ia4fe5b7608bb56e70c43f4a34b038f5d2bccf5a4
2018-11-07 17:35:29 -08:00
Kevin Chyn
52261e78c0 Add placeholder sepolicy for iris and face
See aosp/660242 and aosp/608396

Fixes: 116530289

Test: builds
Change-Id: I220ece0d6751839fe764ff91fd7bd20c50104f8f
2018-11-07 14:11:56 -08:00
Fan Xu
9c10970c46 Merge "Remove buffer_hub_service compat mapping" am: 05668e4071 am: eb3269aa78
am: 94f5da598d

Change-Id: I5fe0ee3b73293591877a978f92ce015a5a962fa2
2018-11-07 11:24:32 -08:00
Fan Xu
2d74a45f76 Remove buffer_hub_service compat mapping
As b/116344577 is fixed, we no longer need the compatbility mapping any
more.

Test: build passed. Boot succeeded.
Change-Id: I0d7f02c59853d34bdabaad6841d87e9ca1ee25d7
2018-11-06 10:11:47 -08:00
Felipe Leme
47c9964059 Merge "New service: intelligence_service" am: 2b76694814 am: 52b57324dd
am: 994bfa88c1

Change-Id: I7873618776739e594c2a3092d37a1f4deecb5f9a
2018-11-06 09:45:37 -08:00
Felipe Leme
5bf0c6369b New service: intelligence_service
Bug: 111276913
Test: manual verification

Change-Id: Icb309bb07e4e4b39cdc912b1d3dc1ece9cb55f5f
2018-11-05 09:18:03 -08:00
Jiyong Park
908a44de86 apexd exports its status via sysprop am: b3b94614f7 am: 301dd93910
am: 35714ba6a8

Change-Id: I1f68e505ffe0cd28b8d066a5e65641c42a83f7e6
2018-11-02 03:59:02 -07:00
Wei Wang
75cc6bf2d5 Move thermal service into system_server
Bug: 118510237
Test: Boot and test callback on ThermalHAL 1.1 and ThermalHAL 2.0
Change-Id: I87e5563b9af605e6ea333dd5182131af6341fc86
2018-11-01 20:43:25 -07:00
Jiyong Park
b3b94614f7 apexd exports its status via sysprop
A sysprop apexd.status is set by apexd, to that other components (i.e.
init) can determine whether APEXs are all successfully mounted or no
(i.e., being mounted).

The sysprop is only writable by apexd.

Bug: 117403679
Test: adb shell getprop apexd.status returns 'ready'.
Change-Id: I81bcb96e6c5cb9d899f29ffa84f91eab3820be25
2018-11-02 12:23:42 +09:00
Hongyi Zhang
61deceb5f4 Merge "sepolicy for server configurable flags" am: 691ee93921 am: a6fae5b682
am: 44062c18d0

Change-Id: Icda0aacfb490af5208ad146a785bc8f99256b385
2018-11-01 12:10:08 -07:00
Hongyi Zhang
a6f989241b sepolicy for server configurable flags
Test: manual on device
Change-Id: Ibafe1b345489c88a49a7ed3e2e61e5cc5e1880a1
2018-11-01 03:28:56 +00:00
Jiwen 'Steve' Cai
f7e5c97853 Sepolicy for bufferhub hwservice am: d5c5ef900c am: eb5c4ed442
am: 034d4ed8b5

Change-Id: Ib7d67dbf594efa8c6d8a21ba27a0ee3e540d428c
2018-10-25 22:21:54 -07:00
Jiwen 'Steve' Cai
d5c5ef900c Sepolicy for bufferhub hwservice
Bug: 118124442
Test: device can boot with android.frameworks.bufferhub@1.0-service
      running
Change-Id: I1d186d5350671b0d2dd4e831429b8fba828316e0
2018-10-25 10:08:05 -07:00
Vinay Kalia
a4babcf2be Add power.stats HAL 1.0 sepolicy
BUG: 117424656
BUG: 111185513
Test: run vts -m VtsHalPowerStatsV1_0Target

Change-Id: Icb0790219df4189c0dabbe41221e69e56d000755
2018-10-23 18:12:10 +00:00
Florian Mayer
4fde9ec7b3 Add heapprofd selinux config.
This does not actually grant any permissions but just adds the
necessary boilerplate for a new service.

Bug: 117762471
Bug: 117761873

Change-Id: I7cdd2ae368616cfd54fc685c15f775604bfc80d4
2018-10-15 18:31:26 +01:00
Tri Vo
e8b33c3139 Add type for /system/bin/tcpdump.
We add this type with the intent to expose /system/bin/tcpdump to
vendor on userdebug devices only.

Bug: 111243627
Test: device boots /system/bin/tcpdump correctly labeled as
tcpdump_exec, can browse internet, turn wifi on/off
Change-Id: Icb35e84c87120d198fbb2b44edfa5edf6021d0f0
2018-10-12 21:51:46 +00:00
Siarhei Vishniakou
3639f57960 Allow system_server to read vendor_file
Input device configuration files .idc, .kl that are placed in /vendor
are currently not accessible.
Allow the read access here.

Bug: 112880217
Test: move .idc and .kl files from /system to /vendor, then observe
logcat. With this patch, avc denials disappear.

Change-Id: I72ad62b9adf415f787565adced73fd8aaff38832
2018-10-12 02:42:09 +00:00
Chong Zhang
bdbfff1b00 add mediaswcodec service
Set up a new service for sw media codec services.

Bug: 111407413

Test: cts-tradefed run cts-dev --module CtsMediaTestCases --compatibility:module-arg CtsMediaTestCases:include-annotation:android.platform.test.annotations.RequiresDevice
Change-Id: Ia1c6a9ef3f0c1d84b2be8756eb1853ffa0597f8e
2018-10-11 15:10:17 -07:00
Igor Murashkin
72a88b194c iorapd: Add new binder service iorapd.
This daemon is very locked down. Only system_server can access it.

Bug: 72170747
Change-Id: I7b72b9191cb192be96001d84d067c28292c9688f
2018-10-08 15:00:34 -07:00
Tri Vo
93318192a0 asan: global read access to /system/asan.options
Bug: 117178352
Test: no denials to /system/asan.options on asan walleye
Change-Id: I6042693afb926a22a3e2be79bd2a7ba062806143
2018-10-08 17:27:06 +00:00
Martijn Coenen
ac097ac4c7 Add policy for apexd.
apexd is a new daemon for managing APEX packages installed
on the device. It hosts a single binder service, "apexservice".

Bug: 112455435
Test: builds, binder service can be registered,
      apexes can be accessed, verified and mounted
Change-Id: I634ad100f10b2edcd9a9c0df0d33896fa5d4ed97
2018-10-04 07:06:45 +00:00
Tri Vo
438684b39f Only maintain maps between current and previous selinux versions.
New maintenance scheme for mapping files:
Say, V is the current SELinux platform version, then at any point in time we
only maintain (V->V-1) mapping. (V->V-n) map is constructed from top (V->V-n+1)
and bottom (V-n+1->V-n) without changes to previously maintained mapping files.

Caveats:
- 26.0.cil doesn't technically represent 27.0->26.0 map, but rather
current->26.0. We'll fully migrate to the scheme with future releases.

Bug: 67510052
Test: adding new public type only requires changing the latest compat map
Change-Id: Iab5564e887ef2c8004cb493505dd56c6220c61f8
2018-10-02 15:10:13 -07:00
Howard Ro
aabee5fe5f Merge "Update sepolicies for stats hal" 2018-10-02 20:17:18 +00:00
Tri Vo
4438339417 Address TODOs in 28.0.cil mapping.
Test: m selinux_policy
Change-Id: I6a8ff2200c82b6ecdc1404bc7cf186f439950a30
2018-10-01 14:32:05 -07:00
Jeff Vander Stoep
424517721c Remove access to /proc/net/{tcp,udp}
Remove these files from proc_net_type. Domains that need access must
have permission explicitly granted. Neverallow app access except the
shell domain.

Bug: 114475727
Test: atest CtsLibcoreOjTestCases
Test: netstat, lsof
Test: adb bugreport
Change-Id: I2304e3e98c0d637af78a361569466aa2fbe79fa0
2018-09-30 21:33:47 -07:00
Howard Ro
578a189178 Update sepolicies for stats hal
Bug: 116732452
Test: No sepolicy violations observed with this change
(cherry picked from commit I1958182dd8ecc496625da2a2a834f71f5d43e7bb)

Change-Id: Ib386767d8acfacf9fedafd9a79dd555ce233f41c
2018-09-28 13:34:37 -07:00
Wei Wang
bc71a6109e Add atrace HAL 1.0 sepolicy
Bug: 111098596
Test: atrace/systrace

(cherry picked from commit 9ed5cf6e43)

Change-Id: I97772ff21754d03a0aea0d53b39e8da5312a17c0
2018-09-27 23:18:29 +00:00
Nick Kralevich
ff1c765ff2 Label /system/usr/share/zoneinfo differently
/system/usr/share/zoneinfo is currently labeled zoneinfo_data_file,
a label shared with /data/misc/zoneinfo. However, each of these
directory locations has different security characteristics. In
particular, the files in /system/usr/share/zoneinfo must never be
writable, whereas /data/misc/zoneinfo may be written to by system_server.
Reusing the same label hides these different security characteristics.

Create a separate label for /system/usr/share/zoneinfo.

Test: Device boots and no obvious problems.
Change-Id: I8cf16ff038b06b38f77388e546d9b7a6865f7879
2018-09-27 10:18:40 -07:00
Fan Xu
26fa914cb2 Update SELinux Policy for bufferhubd
Create a new service type buffer_hub_binder_service for
BufferHubBinderService and allow bufferhubd to publish the service.

Add the service to 26.0, 27.0 and 28.0 compat ignore files since the
service is not available in past versions.

Fixes: 116022258
Test: build passed

Change-Id: I5a21f00329ed474433d96c8d1ce32377f20cada3
2018-09-24 12:29:43 -07:00
Kevin Chyn
7087bf1256 Merge "Rename biometric_prompt_service to biometric_service" 2018-09-22 03:47:00 +00:00
Tri Vo
6816044271 Merge "More granular vendor access to /system files." 2018-09-22 01:30:25 +00:00
Kevin Chyn
75ded482df Rename biometric_prompt_service to biometric_service
Bug: 111461540
Bug: 112570477

Test: builds
Change-Id: Icc68720ebe931c2d917703b2d34aa0f4eec3f549
Merged-In: Icc68720ebe931c2d917703b2d34aa0f4eec3f549
2018-09-20 23:09:54 -07:00
Yifan Hong
1cef6a94eb health.filesystem HAL renamed to health.storage
...to reflect that the HAL operates on storage devices,
not filesystem.

Bug: 111655771
Test: compiles
Change-Id: Ibb0572cb1878359e5944aa6711331f0c7993ba6e
Merged-In: Ibb0572cb1878359e5944aa6711331f0c7993ba6e
2018-09-20 04:12:45 +00:00
Tri Vo
5c1fe61eaa More granular vendor access to /system files.
This change limits global access to /system files down to:
/system/bin/linker*
/system/lib[64]/*
/system/etc/ld.config*
/system/etc/seccomp_policy/*
/system/etc/security/cacerts/*
/system/usr/share/zoneinfo/*

Bug: 111243627
Test: boot device, browse internet without denials to system_* types.
Test: VtsHalDrmV1_{1, 0}TargetTest without denials
Change-Id: I69894b29733979c2bc944ac80229e84de5d519f4
2018-09-20 03:07:50 +00:00
Marcin Oczeretko
56ab6be0d4 Add looper_stats_service to SE policy.
Test: Built and flashed an image.
Bug: 113651685
Change-Id: Ide239432ea8a5701d91c00edd06ad3e52560a3f7
2018-09-06 21:07:13 +00:00
Makoto Onuki
6af1181320 Add app_binding system service
Bug: 109809543
Test: Build and boot with the new service in the internal branch.

Change-Id: Iaee365771c3e8e5b8f5f3b6112bbf902c6bb02bd
2018-09-05 14:33:20 -07:00
Mark Salyzyn
275ea12d84 llkd: Add stack symbol checking
llkd needs the ptrace capabilities and dac override to monitor for
live lock conditions on the stack dumps.

Test: compile
Bug: 33808187
Change-Id: Ibc1e4cc10395fa9685c4ef0ca214daf212a5e126
2018-09-04 17:02:30 +00:00
Kevin Chyn
57887307df Add BiometricPromptService to sepolicy
Bug: 72825012

Test: manual
Change-Id: I850c869cdc0ad8735800130bb4a8d67822197ff9
2018-08-30 11:43:20 -07:00
Christine Franks
a11cdd2f93 Add color_service selinux policy
Bug: 111215474
Test: boots
Change-Id: I98955bcd02f643400c3eb97232467c09a2c5c1e5
2018-08-21 17:53:00 -07:00
Hridya Valsaraju
4ae8fe9b84 Define 'super_block_device' type
Bug: 78793464
Test: fastboot getvar partition-size:super

'super_block_device' corresponds to the super partition
required for flashing dynamic partitions.

Change-Id: I323634b6797ead7c5face117a7028bf9ab947aea
2018-08-20 10:55:03 -07:00
Jerry Zhang
1d85efa9f4 Add sepolicy for fastbootd
Also allow adb and fastboot to talk to recovery
through recovery_socket. This enables changing
between modes with usb commands.

Test: No selinux denials
Bug: 78793464
Change-Id: I80c54d4eaf3b94a1fe26d2280af4e57cb1593790
2018-08-15 08:45:22 -07:00
Florian Mayer
c2ab15b798 Revert "Add sepolicy for fastbootd"
This reverts commit 0fd3ed3b8b.

Reason for revert: Broke user builds.

Change-Id: If95f1a25d22425a5a2b68a02d1561352fb5a52f0
2018-08-15 09:38:40 +00:00
Jerry Zhang
0fd3ed3b8b Add sepolicy for fastbootd
Also allow adb and fastboot to talk to recovery
through recovery_socket. This enables changing
between modes with usb commands.

Test: No selinux denials
Bug: 78793464
Change-Id: I1f97659736429fe961319c642f458c80f199ffb4
2018-08-14 20:21:36 +00:00
Tri Vo
dac2a4a3a4 Sepolicy for system suspend HAL.
Bug: 78888165
Test: device can boot with HAL running.
Change-Id: I3bf7c8203e038b892176c97ec006152a2904c7be
2018-08-13 17:26:34 -07:00
Suren Baghdasaryan
c8ed855ede Selinux: Allow lmkd write access to sys.lmk. properties
Allow lmkd write access to sys.lmk. properties to be able to set
sys.lmk.minfree_levels.

Bug: 111521182
Test: getprop sys.lmk.minfree_levels returns value set by lmkd
Change-Id: I86ff11d75917966857d3a76876a56799bb92a5ad
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
2018-08-10 20:05:46 +00:00
Yifan Hong
0814795c79 Add sepolicy for health filesystem HAL
Test: builds
Test: vts
Bug: 111655771
Change-Id: Iabad3d124bf476cb624addf7d7898e0c2894d550
2018-08-10 11:02:21 -07:00
Mark Salyzyn
9b398f3fb7 fs_mgr: add overlayfs handling for squashfs system filesystems
/cache/overlay directory in support of overlayfs mounts on userdebug
and eng devices.  Overlayfs in turn can be capable of supporting
adb remount for read-only or restricted-storage filesystems like
squashfs or right-sized (zero free space) system partitions
respectively.

Test: compile
Bug: 109821005
Bug: 110985612
Change-Id: I3ece03886db7cc97f864497cf93ec6c6c39bccd1
2018-08-08 07:33:10 -07:00
Nick Kralevich
41b21ee96a Delete untrusted_v2_app
As of https://android-review.googlesource.com/c/platform/system/sepolicy/+/536356 ,
the untrusted_v2_app domain is no longer used.

Bug: 112233317
Test: policy compiles, device boots, and no problems
Change-Id: I5a47c8305bef374b7fea06cd789e06cd48b847e6
2018-08-06 12:52:37 -07:00
Tom Cherry
d840374e65 Move watchdogd out of init and into its own domain
Bug: 73660730
Test: watchdogd still runs
Change-Id: I31697c7c6fa2f7009731ff48c659af051838e42f
2018-08-03 19:28:05 +00:00
Nick Kralevich
23c9d91b46 Start partitioning off privapp_data_file from app_data_file
Currently, both untrusted apps and priv-apps use the SELinux file label
"app_data_file" for files in their /data/data directory. This is
problematic, as we really want different rules for such files. For
example, we may want to allow untrusted apps to load executable code
from priv-app directories, but disallow untrusted apps from loading
executable code from their own home directories.

This change adds a new file type "privapp_data_file". For compatibility,
we adjust the policy to support access privapp_data_files almost
everywhere we were previously granting access to app_data_files
(adbd and run-as being exceptions). Additional future tightening is
possible here by removing some of these newly added rules.

This label will start getting used in a followup change to
system/sepolicy/private/seapp_contexts, similar to:

  -user=_app isPrivApp=true domain=priv_app type=app_data_file levelFrom=user
  +user=_app isPrivApp=true domain=priv_app type=privapp_data_file levelFrom=user

For now, this newly introduced label has no usage, so this change
is essentially a no-op.

Test: Factory reset and boot - no problems on fresh install.
Test: Upgrade to new version and test. No compatibility problems on
      filesystem upgrade.

Change-Id: I9618b7d91d1c2bcb5837cdabc949f0cf741a2837
2018-08-02 16:29:02 -07:00
Wale Ogunwale
3280985971 Added sepolicy for uri_grants service
Bug: 80414790
Test: boots
Change-Id: I15233721fa138e0fdf1a30f66d52b64cbab18b81
2018-07-23 15:31:40 -07:00
Tri Vo
0cc68ea0b2 28 mapping workaround for devices upgrading to P.
Bug: 72458734
Test: Compile current system sepolicy with P vendor sepolicy
Test: Plug in a P device then do:
m selinux_policy
cp $OUT/system/etc/selinux/plat_sepolicy.cil  plat_sepolicy.cil
cp $ANDROID_BUILD_TOP/system/sepolicy/private/compat/28.0/28.0.cil 28.0.cil
adb pull /vendor/etc/selinux/plat_pub_versioned.cil
adb pull /vendor/etc/selinux/vendor_sepolicy.cil
secilc plat_sepolicy.cil -m -M true -G -N -c 30 28.0.cil \
plat_pub_versioned.cil vendor_sepolicy.cil
Change-Id: I399b3a204eb94bee0ba1b5024b1c3463219c678e
2018-07-20 15:19:36 -07:00
Jae Shin
1fa9634896 Add mapping files for 28.0.[ignore.]cil
Steps taken to produce the mapping files:

1. Add prebuilts/api/28.0/[plat_pub_versioned.cil|vendor_sepolicy.cil]
from the /vendor/etc/selinux/[plat_pub_versioned.cil|vendor_sepolicy.cil]
files built on pi-dev with lunch target aosp_arm64-eng

2. Add new file private/compat/28.0/28.0.cil by doing the following:
- copy /system/etc/selinux/mapping/28.0.cil from pi-dev aosp_arm64-eng
device to private/compat/28.0/28.0.cil
- remove all attribute declaration statement (typeattribute ...) and
sort lines alphabetically
- some selinux types were added/renamed/deleted w.r.t 28 sepolicy.
Find all such types using treble_sepolicy_tests_28.0 test.
- for all these types figure out where to map them by looking at
27.0.[ignore.]cil files and add approprite entries to 28.0.[ignore.]cil.

This change also enables treble_sepolicy_tests_28.0 and install 28.0.cil
mapping onto the device.

Bug: 72458734
Test: m selinux_policy
Change-Id: I90e17c0b43af436da4b62c16179c198b5c74002c
2018-07-18 20:08:38 -07:00