Commit graph

17992 commits

Author SHA1 Message Date
Treehugger Robot
945f6bd1c6 Merge "recovery: Address the ioctl denials during wiping." 2019-01-17 22:50:56 +00:00
Roland Levillain
0a6c2d013a Allow otapreopt_chroot to mount APEX packages using apexd logic.
Allow `otapreopt_chroot` to:
- read SELinux policy files;
- open and read the contents of `/postinstall/system/apex`;
- read the `persist.apexd.verity_on_system` system property;
- create loop devices with `/dev/loop-control`;
- access loop devices;
- configure read-ahead of loop devices;
- mount a tmpfs filesystem in `/postinstall/apex`;
- manipulate the tmpfs filesystem mounted in `/postinstall/apex`;
- mount APEX packages in `/postinstall/apex`.

Allow the kernel to:
- read `otapreopt_chroot`'s file descriptors;
- read files under `/postinstall`.

Allow `otapreopt` (running as "postinstall_dexopt") to:
- read data from `/postinstall/apex`.

Allow `dex2oat` to:
- access `/postinstall/apex`.

Test: A/B OTA update test (asit/dexoptota/self_full).
Bug: 113373927
Bug: 120796514
Change-Id: I204df92611dc710fdc97b22cd67d088ffd991210
2019-01-17 21:42:46 +00:00
Primiano Tucci
94f138b521 Merge "Add filemap events for iorapd"
am: 43f0fcf753

Change-Id: I5dec415c8c5806c5790b675cca29e8e258b0662c
2019-01-17 13:18:05 -08:00
Jaegeuk Kim
69c3e053c1 Merge "zram: allow zram writeback"
am: b9114af8aa

Change-Id: I31c679e514d7744dddad46cc9f1bef2feee5261b
2019-01-17 13:16:46 -08:00
William Hester
5f486c74bf Add the testharness service to sepolicy rules
The testharness service will manage Test Harness Mode and provide a
command-line interface for users to enable Test Harness Mode; however it
does not directly provide a public API.

Bug: 80137798
Test: make
Test: flash crosshatch
Change-Id: Ie396e40fcea8914b4dd2247f2314e029b66ad84e
2019-01-17 13:10:37 -08:00
Treehugger Robot
43f0fcf753 Merge "Add filemap events for iorapd" 2019-01-17 21:06:33 +00:00
Jaegeuk Kim
b9114af8aa Merge "zram: allow zram writeback" 2019-01-17 21:03:15 +00:00
Nandana Dutt
b3b807b758 Merge "Add sepolicy for BugreportManagerService"
am: 5a974a0eae

Change-Id: I72abcbff8d3762561fec9f9102255e3ed4299ba9
2019-01-17 12:43:20 -08:00
Nandana Dutt
5a974a0eae Merge "Add sepolicy for BugreportManagerService" 2019-01-17 20:30:19 +00:00
Marissa Wall
97f5383895 gralloc3: add sepolicy for allocator/mapper 3.0
IAllocator and IMappaer are being rev'd to 3.0. Update sepolicy to
allow them to be used.

Test: compile with allocator/mapper patches add boot the device
Bug: 120493579
Change-Id: Id241c6bd79c02ec93d8dd415539f90a18f733d03
2019-01-17 11:56:08 -08:00
Primiano Tucci
82f99dbed7 Add filemap events for iorapd
iorapd needs to access these events on-device
through perfetto.

Bug: 122606712
Bug: 72170747
Change-Id: I819dc9b79e85c3e261859d125c680a50737351da
2019-01-17 18:38:32 +00:00
Annie Meng
5d03112e4c Add rules for multi-user backup/restore
am: 4c3d11c018

Change-Id: I4ed168245cfec0a2c00057cf15a8a2958286c6af
2019-01-17 09:10:48 -08:00
Narayan Kamath
802cfe0f3d Allow installd sufficient permissions to rollback_data_file.
Used to capture and restore app data snapshots as implemented in change
I3e4d36c11e52fb885b585b1946e215cf986206fd.

Test: make, manual
Bug: 112431924

Change-Id: I1cd1ec3f9c93c4af65b662a5ada582299b595a8f
2019-01-17 16:56:42 +00:00
Primiano Tucci
33e81a9e42 Revoke ftrace selinux access from dumpstate
Getting rid of the feature in aosp/874979.
See other CL and bug for context.

Bug: 122987614
Bug: 122987614
Test: run dumpstate before and after patch,
      file sizes are comparable,
      observed no tracing-related errors.
Change-Id: Ifcde8dcbb99ce53d226b50ddd3178adaaa4322bd
2019-01-17 16:09:01 +00:00
Annie Meng
4c3d11c018 Add rules for multi-user backup/restore
The backup system service will move its storage location to per-user CE
directories to support multiple users. Add additional iterations on the
existing rules to support the new location.

/data/backup -> /data/system_ce/[user id]/backup
Previously covered by rule backup_data_file

/cache/backup -> /data/system_ce/[user id]/backup_stage
Previously covered by rule cache_backup_file

Also add support for vold to create and perform restorecon on the new
locations.

Example denials and detailed proposal in the doc on the linked bug.

Bug: 121197420
Test: 1) Boot device; check dirs created with correct label; run backup
successfully on system user
2) Create secondary user; check dirs created with correct label; run
backup successfully

Change-Id: I47faa69cd2a6ac55fb762edbf366a86d3b06ca77
2019-01-17 12:53:08 +00:00
Nandana Dutt
5cdd2f5ef8 Add sepolicy for BugreportManagerService
BUG:111441001
Test: boots
Change-Id: I71a54e8335c5ce7f9d97af3dbbd62e663bb66d33
2019-01-17 12:23:31 +00:00
Annie Meng
169013e771 Merge "Add initial sepolicy for app data snapshots."
am: 9e332a59b2

Change-Id: I0bd296b54f29346646780e3ba243cbef00c0e19b
2019-01-17 03:09:13 -08:00
Annie Meng
9e332a59b2 Merge "Add initial sepolicy for app data snapshots." 2019-01-17 11:01:00 +00:00
Jaegeuk Kim
579271906a zram: allow zram writeback
This allows fs_mgr in init to build loopback device and its control.

Bug: 74582279
Change-Id: I039cd57d4638870a59dd38c952d3ab9b671be545
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
2019-01-17 04:28:00 +00:00
Frank Li
8db889f5f5 Merge "Allow netd to write to statsd"
am: 2d86b6502d

Change-Id: I1cbadac37cf83eee62d082e56e5bb7266e6c8b88
2019-01-16 20:23:57 -08:00
Frank Li
2d86b6502d Merge "Allow netd to write to statsd" 2019-01-17 04:15:00 +00:00
Martijn Coenen
0fc85c1535 Merge "Allow the kernel to read staging_data_file."
am: 938d0c2bf6

Change-Id: I66fbc471ad5e508de0b8fde2d1ab3cb6fe1646a8
2019-01-16 17:36:25 -08:00
Treehugger Robot
938d0c2bf6 Merge "Allow the kernel to read staging_data_file." 2019-01-17 01:18:47 +00:00
Nick Kralevich
4786c5d1aa rs.te: Remove dontaudit statements
am: 80eec389e2

Change-Id: I7b2dcadf15ccc06dfc39f614f6fe4459812e53c3
2019-01-16 14:41:24 -08:00
Martijn Coenen
b85acbb889 Allow the kernel to read staging_data_file.
These are APEX files in /data/staging, and will be accessed by the loop
driver in the kernel.

Bug: 118865310
Test: no denials on emulator
Change-Id: I5c849b6677566cb00d28011352b9dc6b787a0bc4
2019-01-16 21:05:26 +01:00
Nick Kralevich
80eec389e2 rs.te: Remove dontaudit statements
These dontaudit rules were in place to suppress SELinux denials due to
file descriptor leakage. The file descriptor leakage has been fixed, so
these rules are no longer necessary. Delete.

Fixes: 120983106
Test: cts-tradefed run cts-dev -m CtsRenderscriptTestCases
Change-Id: I5cad79c3526583bd2b65bd089fee9c490f6beb5e
2019-01-16 10:54:16 -08:00
Jeff Vander Stoep
ec56d3024c Merge "app: remove redundant neverallow rule"
am: 2b80559518

Change-Id: I6eaaaa6b622f2cb4135d697f870b9618216ba0c0
2019-01-16 07:45:52 -08:00
Treehugger Robot
2b80559518 Merge "app: remove redundant neverallow rule" 2019-01-16 15:28:28 +00:00
Narayan Kamath
2ad229c788 Add initial sepolicy for app data snapshots.
Define a rollback_data_file label and apply it to the snapshots
directory. This change contains just enough detail to allow
vold_prepare_subdirs to prepare these directories correctly.

A follow up change will flesh out the access policy on these
directories in more detail.

Test: make, manual
Bug: 112431924

Change-Id: I4fa7187d9558697016af4918df6e34aac1957176
2019-01-16 15:22:51 +00:00
lifr
980c08c999 Allow netd to write to statsd
config sepolicy to allow netd to write to statsd.

Test: run runtests.sh, make sure no missing test and get all pass
      run /out/host/linux-x86/bin/statsd_testdrive 82
      Got following metric data dump:pass for local test
Bug: 119862317

Change-Id: Ieff5ca55de46715d54ef57c4a6d144fd7d03e4b7
2019-01-16 13:33:18 +00:00
David Anderson
34d1f38571 sepolicy for gsid
am: 6d53efcf46

Change-Id: I8b95bb61ea7fbed3c2a2e7ce7f0895713295c340
2019-01-15 22:45:13 -08:00
David Anderson
6d53efcf46 sepolicy for gsid
Bug: 122556707
Test: gsid starts
Change-Id: Ib05ddb79051436f51cd236de04027a3b12ee87a9
Signed-off-by: Sandeep Patil <sspatil@google.com>
2019-01-15 20:43:33 -08:00
Jeff Vander Stoep
d8bec4ac72 app: remove redundant neverallow rule
Access to zygote_socket is already neverallowed to
{ domain -system_server }.

Test: build
Change-Id: I6353ef09f769c8d64c97b1bdef93f0ab4d5dae6a
2019-01-15 20:31:01 -08:00
Wei Wang
6acbe4626b Merge "Allow lmkd to renice process before killing"
am: f0dd63dbe0

Change-Id: I0b58e4ed5ca49b0171068a321b0b009a1b39d44d
2019-01-15 19:13:37 -08:00
Wei Wang
f0dd63dbe0 Merge "Allow lmkd to renice process before killing" 2019-01-16 03:06:21 +00:00
Remi NGUYEN VAN
0d94b3b154 Merge "Allow NetworkStack to find the telephony service"
am: a2e024f890

Change-Id: I19dc91b227b83c617921a6c6f11c412b3f3107e1
2019-01-15 17:46:44 -08:00
Remi NGUYEN VAN
a2e024f890 Merge "Allow NetworkStack to find the telephony service" 2019-01-16 01:29:10 +00:00
Tao Bao
832f8af08b recovery: Address the ioctl denials during wiping.
avc:  denied  { ioctl } for  pid=599 comm="mke2fs" path="/dev/block/sda13" dev="tmpfs" ino=18975 ioctlcmd=127b scontext=u:r:recovery:s0 tcontext=u:object_r:userdata_block_device:s0 tclass=blk_file
avc:  denied  { ioctl } for  pid=587 comm="mke2fs" path="/dev/block/sda20" dev="tmpfs" ino=17931 ioctlcmd=0x127b scontext=u:r:recovery:s0 tcontext=u:object_r:metadata_block_device:s0 tclass=blk_file

0x127b (BLKPBSZGET) is called by mke2fs that queries physical sector
size. Although the denial is currently non-fatal, as mke2fs falls back
to use logical sector size, it might lead to undesired result in future.

Test: Factory reset on taimen and blueline respectively.
Change-Id: I14fc6593aeae309c79f5eadcffc8158b0a2ab2f6
2019-01-15 16:08:09 -08:00
Tri Vo
93fb782149 Merge "sepolicy: unify *_contexts file install location"
am: 63f6b9eb6b

Change-Id: I00bc43e9c217fa9f595b02593c7d4229977097d3
2019-01-15 14:15:45 -08:00
Tri Vo
63f6b9eb6b Merge "sepolicy: unify *_contexts file install location" 2019-01-15 21:57:42 +00:00
Sandeep Patil
68dbdcf19c Merge "Allow init to relabel metadata block device."
am: fae37428f1

Change-Id: I0dceec8bb5f853a916a6d9870ed381e1b43f9dd0
2019-01-15 11:34:01 -08:00
Treehugger Robot
fae37428f1 Merge "Allow init to relabel metadata block device." 2019-01-15 19:20:32 +00:00
Remi NGUYEN VAN
fd758cbddb Allow NetworkStack to find the telephony service
The network stack needs access to TelephonyManager#getAllCellInfo to
send network conditions broadcasts.

Bug: 122843997
Test: Flashed, verified violation not shown and cell info obtained
properly.

Change-Id: I6ef2858c9a2d1fbbb993164a93bd985e0eee8887
2019-01-15 16:57:32 +09:00
Wei Wang
abeaa3bc92 Allow lmkd to renice process before killing
Bug: 118468011
Test: mem-pressure test
Change-Id: Icf387a02243af60a3bfffba912711f037669fa7f
2019-01-14 22:52:32 -08:00
chenbruce
fa0e90a368 SEPolicy updates for adding native flag namespace(netd).
am: e3d625b72e

Change-Id: I56ae62db0f0037460974a5632968af5b834515a3
2019-01-14 19:17:45 -08:00
chenbruce
e3d625b72e SEPolicy updates for adding native flag namespace(netd).
For experiment flag testing, we add a flag netd and have
SEPolicy updates.

Test:  add sepolicy, m -j, check GetServerConfigurableFlag function in netd
Bug:122050512
Change-Id: I21c844c277afc358085d80447f16e4c0d4eba5b3
2019-01-15 02:47:57 +00:00
Tri Vo
30207acce0 sepolicy: unify *_contexts file install location
This change installs *_contexts files to the same location on Treble and
non-Treble devices.

This was previously not possible because first stage mount was not
required on all platforms. It is now b/79758715.

Bug: 70851112
Test: m selinux_policy
Change-Id: I8124c59b129aef86d78d2ae4ebcfaecd896032fc
2019-01-14 15:43:45 -08:00
Sandeep Patil
e3ba85c330 Allow init to relabel metadata block device.
In order to boot into GSI, we need init's second-stage block-device
machinery to relable metadata. This will allow it to format / mount
the block device later

Bug: 121209697
Test: device boots

Change-Id: I4e63151767345976b5667df74530cd69fffcfa89
Signed-off-by: Sandeep Patil <sspatil@google.com>
2019-01-14 15:10:08 -08:00
Jiwen Cai
992999243e Merge "Allow app to conntect to BufferHub service"
am: 53f5375824

Change-Id: Icc852fa03100c67264e41c9543f7d64386d46c8f
2019-01-14 14:08:05 -08:00
Carmen Jackson
48f1936058 Merge "Add selinux rules for detachable perfetto process."
am: 146be01a0f

Change-Id: Idc98dfb1b1dbbb0b75bcba24f97c7f313d0442a8
2019-01-14 14:05:12 -08:00