Need use 'nonplat_service_contexts_file' as the file context for
/vendor_service_context on non full-treble device.
Otherwise, servicemanager can't read the file.
Bug: 72787689
Test: build
Change-Id: Ib54e4f2501c7bbf8b397eacf4afadfae344ddd03
Instead of getting these permissions, it is better to add the process
to a group or change the permissions of the files it tries to access.
Test: Built the policy for many devices.
Change-Id: If023d98bcc479bebbedeedf525965ffb17a0e331
Current sepolicy CIL files are built by several command-line tools
in Android.mk. This change extracts some of the build logic into a
python script to relief the effort in Android.mk.
The first command is `build_sepolicy build_cil`. It's possible to add
more sub-commands under the build_sepolicy script in the future.
Bug: 64240127
Test: build and boot a device
Test: checks the content of $OUT/vendor/etc/selinux/vendor_sepolicy.cil
is the same as before
Change-Id: I0b64f1088f413172e97b579b4f7799fa392762df
This change renames the non-platform sepolicy files on a DUT from
nonplat_* to vendor_*.
It also splits the versioned platform sepolicy from vendor_sepolicy.cil
to a new file /vendor/etc/selinux/plat_pub_versioned.cil. And only keeps
vendor customizations in vendor_sepolicy.cil.
Build variable BOARD_SEPOLICY_DIRS is also renamed to
BOARD_VENDOR_SEPOLICY_DIRS.
Bug: 64240127
Test: boot an existing device
Change-Id: Iea87a502bc6191cfaf8a2201f29e4a2add4ba7bf
This CL will allow only specific components to read radio_prop.
Bug: 72459527
Test: tested with walleye
Change-Id: I6b6c90870987de976187ff675005c5d964b48cda
Remove bugs that have been fixed, re-map duped bugs, and alphabetize
the list.
Test: Booted Walleye and Sailfish, tested wifi and camera, and
observed no new denials.
Change-Id: I94627d532ea13f623fe29cf259dd404bfd850c13
Remove the untrusted apps and priviledged apps from the group that can
directly access xt_qtaguid module related file. All apps that need to
access app network usage data need to use the public API provided in
framework.
Test: Flashed with master branch on marlin, verified phone boot, can
browse web, watch youtube video, make phone call and use google
map for navigation with either wifi is on or off.
run cts -m CtsNetTestCases -t android.net.cts.TrafficStatsTest
run cts -m CtsNativeNetTestCases
Bug: 68774956 30950746
Change-Id: I9b3db819d6622611d5b512ef821abb4c28d6c9eb
Data outside /data/vendor must have the core_data_file_type
attribute.
Test: build (this is a build time test)
Bug: 34980020
Change-Id: Ia727fcad813d5fcfbe8f714246364bae0bda43bd
Merged-In: Ibacfcc938deab40096b54b8d0e608d53ca91b947
Data outside of /data/vendor should have the core_data_file_type.
Exempt data_between_core_and_vendor for some types.
Ensure core_data_file_type and coredomain_socket do not get expanded
to their underlying types.
Test: build sepolicy for all targets in master (this is a build time
test)
Bug: 34980020
Change-Id: I59387a87875f4603a001fb03f22fa31cae84bf5a
(cherry picked from commit bdd454792d)
This script will build the SELinux policy for multiple targets in parallel.
To use it, run:
./build_policies.sh <Android root directory> <output directory> [specific targets to build]
If you do not pass any individual targets, it will build all targets it can find.
It will print out the list of failing targets. You can open up the corresponding log file in the output directory to see the exact errors.
This script is still a work in progress. It currently cannot discover all build targets (it misses ones "lunch" does not list).
Bug: 33463570
Test: Ran script to build multiple targets with and without failures.
Change-Id: Iee8ccf4da38e5eb7ce2034431613fe10c65696ab
vendor_init exists on the system partition, but it is meant to be an
extention of init that runs with vendor permissions for executing
vendor scripts, therefore it is not meant to be in coredomain.
Bug: 62875318
Test: boot walleye
Merged-In: I01af5c9f8b198674b15b90620d02725a6e7c1da6
Change-Id: I01af5c9f8b198674b15b90620d02725a6e7c1da6
Instead of having statsd linking the perfetto client library
and talk directly to its socket, we let just statsd exec()
the /system/bin/perfetto cmdline client.
There are two reasons for this:
1) Simplify the interaction between statsd and perfetto, reduce
dependencies, binary size bloat and isolate faults.
2) The cmdline client also takes care of handing the trace to
Dropbox. This allows to expose the binder interaction surface
to the short-lived cmdline client and avoid to grant binder
access to the perfetto traced daemon.
This cmdline client will be used by:
- statsd
- the shell user (for our UI and Studio)
Bug: 70942310
Change-Id: I8cdde181481ad0a1a5cae5937ac446cedac54a1f
The exception for vendor_init in this neverallow was never needed.
Bug: 62875318
Test: Build walleye, bullhead
Change-Id: Iac2b57df30b376492851d7520994e0400a87f1e1
The current neverallow rules for compatible properties restrict
domains from write file permissions to the various property files.
This however is the wrong restriction, since only init actually writes
to these property files. The correct restriction is to restrict 'set'
for 'property_service' as this change does.
Note there is already a restriction preventing {domain -init} from
writing to these files in domain.te.
Test: build
Change-Id: I19e13b0d084a240185d0f3f5195e54065dc20e09
We are occasionally seeing the following SELinux denial:
avc: denied { read } for comm="idmap" path="/proc/947/mounts" scontext=u:r:idmap:s0 tcontext=u:r:installd:s0 tclass=file
This commit suppresses that exact denial.
We believe this is occurring when idmap is forked from installd, which is reading its mounts file in another thread.
Bug: 72444813
Test: Boot Walleye and test wifi and camera.
Change-Id: I3440e4b00c7e5a708b562a93b304aa726b6a3ab9