Dexoptanalyzer is getting a new mode to instruct installd on which dex
files it needs to open for itself and dex2oat from class loader context.
The file list is communicated by a pipe from a forked dexoptanalyzer
process to the installd parent. Give dexoptanalyzer permission to write
to installd's pipes.
Bug; 126674985
Test: atest installd_dexopt_test
Change-Id: Ic415e2dc543099d26681103c9d368c941d21b49a
This change allows those daemons of the audio and Bluetooth which
include HALs to access the bluetooth_audio_hal_prop. This property is
used to force disable the new BluetoothAudio HAL.
- persist.bluetooth.bluetooth_audio_hal.disabled
Bug: 128825244
Test: audio HAL can access the property
Change-Id: I87a8ba57cfbcd7d3e4548aa96bc915d0cc6b2b74
This CL fixes leaks of the policy that we're building up. The analyzer
only caught the leaks on the error path, but I assume that
`check_assertions` does nothing to free the object that it's handed.
Analyzer warnings:
system/sepolicy/tools/sepolicy-analyze/neverallow.c:439:9: warning:
Potential leak of memory pointed to by 'avrule'
[clang-analyzer-unix.Malloc]
system/sepolicy/tools/sepolicy-analyze/neverallow.c:439:9: warning:
Potential leak of memory pointed to by 'neverallows'
[clang-analyzer-unix.Malloc]
Bug: None
Test: Treehugger; reran the analyzer
Change-Id: I79a0c34e8b53d33a1f01497337590eab660ad3ec
Allow the zygote to pick up integrity-checked boot classpath
artifacts from the dalvik cache.
Bug: 125474642
Test: m
Test: manual
Merged-In: I45d760c981c55a52bd0b22c79a9cba4868a09528
Change-Id: I45d760c981c55a52bd0b22c79a9cba4868a09528
Allow the startup domain to pick up integrity-checked artifacts
from the dalvik-cache. The corresponding framework code will
only load the system server classpath.
Bug: 128688902
Test: m
Test: manual
Merged-In: Ib37f8d7c39431e2792eeb4dac1cd732307519827
Change-Id: Ib37f8d7c39431e2792eeb4dac1cd732307519827
This is required for accessing package_native_service
in libneuralnetworks.so for NNAPI Vendor Extension checks.
package_service is (ephemeral_)?app_api_service, native
one is a subset of it.
Bug: 120483623
Test: NeuralNetworksTest_FibonacciExtension
Change-Id: I9fa2c9aa263724d2256bbf26de19d6b357c82f9b
- Allow (again) `otapreopt` (running as `postinstall_dexopt`) to
execute `dex2oat` from `/postinstall` -- this is for the case where
it is located in a flattened Runtime APEX in
`/postinstall/system/apex`.
- Allow `dex2oat` to read directories under `/postinstall`.
- Allow `otapreopt_chroot` to unmount flattened APEX packages under
`/postinstall/system/apex` (which are bind-mounted in
`/postinstall/apex`).
Test: A/B OTA update test (asit/dexoptota/self_full).
Bug: 127543974
Bug: 123684826
Bug: 113373927
Change-Id: Ie023ee5c64989ea071e1683f31073a70c93cac18
The following denial caused a presubmit failure:
06-15 15:16:24.176 956 956 I auditd : type=1400 audit(0.0:4): avc:
denied { read write } for comm="crash_dump64" path="/dev/pts/3"
dev="devpts" ino=6 scontext=u:r:crash_dump:s0
tcontext=u:object_r:devpts:s0 tclass=chr_file permissive=0
Suppress these denials. They are not needed by crash_dump and are only
caused by the default behavior of sharing FDs across exec.
Test: build
Change-Id: I183f7a54e6b807fdf46b04d67dd4b819d4f0e507
After moving IpMemoryStore service to network stack module(aosp/906907),
the following untracked SELinux denials are observed on boot.
W id.networkstack: type=1400 audit(0.0:63): avc: denied { write } for
name="com.android.networkstack" dev="sda13" ino=704810
scontext=u:r:network_stack:s0:c49,c260,c512,c768
tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0
Add radio_data_file type for network stack user configuration and
relevant permission to allow access to its data, as the network stack
is a privileged app.
Test: m -j passed
Change-Id: I6eab528714df6a17aae0cb546dcc3ad4bb21deea
The linker is behind a symlink. Allow to read and follow.
Bug: 128840749
Test: m
Test: manual a/b ota
Test: DexoptOtaTests
Change-Id: I15bd76e517ab3cebf13ebd42ff6e5dae42364c83
Move complete domain to private/. Move referencing parts in domain
and kernel to private.
Bug: 128840749
Test: m
Change-Id: I5572c3b04e41141c8f4db62b1361e2b392a5e2da
Suppress noise associated with test mounting scratch partition.
Add internal fs_mgr_is_ext4 and fs_mgr_is_f2fs to get heads up on
mount failures and thus bypass trying. Resolve all the avc
complaints associated with overlay handling including these new
operations.
Test: adb-remount-test.sh
Bug: 109821005
Change-Id: Ieb1f8c19ced930b6fe2d1791ef710ce528da7e37
The file descriptors for /dev/zero are no longer open. However,
a descriptor to the shell is still inherited. Update the comment.
Bug: 126787589
Test: m
Test: manual
Change-Id: I0d4518d2ba771622ea969bbf02827db45788bc09
This is a partial revert of https://android-review.googlesource.com/c/platform/system/sepolicy/+/891474
The mount points at /bionic are gone. Therefore, init and
otapreopt_chroot do not need to bionic-mount bionic libraries.
Corresponding policies are removed.
Bug: 125549215
Bug: 113373927
Bug: 120266448
Test: m; device boots
Change-Id: I9d9d7ec204315fb5b66beec4e6a3c529bd827590
Set the apex_key context for files in
/product/etc/security/apex/ and
/system/product/etc/security/apex/.
The apexd code is already looking for public keys in these locations,
but the apex_key context needs to be set to make them accessible from
apexd.
Bug: 127690808
Test: manual - verified that key files had proper SE-Linux label
Change-Id: Ib15728fa97eb438ea97a9743a06fa46e4d54f1cd
Bug: 128037879
Test: Camera HAL is able to read ro.serialno
Change-Id: I904c852a7100bc65456ee63ffb31d70681293d7d
Signed-off-by: Jayant Chowdhary <jchowdhary@google.com>
Allow everyone to look for keys in the fsverity keyring. This is
required to access fsverity-protected files, at all.
This set of permissions is analogous to allowances for the fscrypt
keyring and keys.
Bug: 125474642
Test: m
Test: manual
Change-Id: I6e8c13272cdd76d9940d950e9dabecdb210691b1
This CL add new label for files created by fsverity.
Bug: 112038861
Test: ls -Z /proc/sys/fs/verity/require_signatures.
Change-Id: I8e49ad9a43282bc608449eb0db4ea78617c4ee9a
Init needs to be aware of the policy version defined in sepolicy
for on-device compilation.
Bug: 124499219
Test: build and boot a device. Try both precompiled and on-device
compiled policy.
Change-Id: Iba861aeb4566405aedcbe3c2bad48e1e50126370
With the CLs in the same topic, it's being built as a dynamically linked
executable. And this applies to normal boot (including charger mode) and
recovery mode both.
/system/bin/charger under normal boot will be labeled as charger_exec,
which has the attribute of system_file_type.
The file in recovery image will still be labeled as rootfs. So we keep
the domain_trans rule for rootfs file, but allowing for recovery mode
only.
Bug: 73660730
Test: Boot into charger mode on taimen. Check that charger UI works.
Test: Boot into recovery mode. Check that charger process works.
Change-Id: I062d81c346578cdfce1cc2dce18c829387a1fdbc
If kernel is built with CONFIG_TRANSPARENT_HUGEPAGE optimization,
libjemalloc5 will attempt to read
/sys/kernel/mm/transparent_hugepage/enabled and hit an SELinux denial.
Various denials similiar to the following are seen on cuttlefish:
avc: denied { open } for comm="surfaceflinger"
path="/sys/kernel/mm/transparent_hugepage/enabled" dev="sysfs" ino=776
scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:sysfs:s0 tclass=file
permissive=1
Bug: 28053261
Test: boot cuttlefish without above denials.
Change-Id: Ic33f12d31aacc42d662a8c5c297fbb5f84d4deea
Remove unnecessary rules which will be added from 28.0.cil automatically
by the build process.
Bug: 111308141
Test: builds
Change-Id: I02064785cac1ed6d8b4e462604a1b8db10c1a25a
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Update copy-paste comment header. Fix file access to the right
type.
Follow-up to commit 1845b406fc.
Bug 125474642
Test: m
Test: boot
Change-Id: I33bfef51c78ca581063c0f950e1837546d013050
