am skip reason: Merged-In I916c9795d96e4a4a453f9aed5e380f11981804e9 with SHA-1 24d90e792e is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2402006
Change-Id: I270b951dd87754c9477b3d52f00b6dc21c9bc501
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This type doesn't exist in Microdroid.
Bug: 266871002
Test: m SANITIZE_TARGET=address com.android.virt
Change-Id: I2ca6db9669eafc4037bbf87bdcff60935893d93f
am skip reason: Merged-In I47f2ddc4fa87bf6c8f872d2679348b2eecddcaad with SHA-1 8a7dcb5e1e is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2399373
Change-Id: I8513e2cf38a4c2e7bb1ba0202c22266803df5079
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
am skip reason: Merged-In I40ac5d43da5778b5fa863b559c28e8d72961f831 with SHA-1 d0e108fbbe is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2399372
Change-Id: Ia177a221b0d022f8db3af87df458f16788328080
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
Platforms, such as cuttlefish, are RKP only, and are using a new
version of keymint that is not compatible with the old
RemoteProvisioner. Therefore, we must ensure that the configuration
is fixed and cannot be turned off.
Bug: 266482839
Test: RemoteProvisionerUnitTests
Test: keystore2_client_tests
Test: RkpdAppUnitTests
Change-Id: Ib7b3128b27c4a26fdd2dbdc064b491f7a3d3cd92
ro.secure and ro.debuggable system properties are not intended
to be visible via Android SDK. This change blocks untrusted
apps from reading these properties.
Test: n/a for cherry-pick
Ignore-AOSP-First: cherry-pick for tm-qpr-dev
Bug: 193912100
Bug: 265874811
Change-Id: I40ac5d43da5778b5fa863b559c28e8d72961f831
Merged-In: I40ac5d43da5778b5fa863b559c28e8d72961f831
It is safe to grant this permission because:
* UID restrictions will prevent killing arbitrary apps.
* Runas enforces restrictions preventing transitioning to UIDs of apps
that are not debuggable.
Addresses:
avc: denied { sigkill } for scontext=u:r:runas_app:s0:c87,c257,c512,c768
tcontext=u:r:untrusted_app:s0:c87,c257,c512,c768 tclass=process
permissive=0 app=com.example.myapplication
Bug: 263379256
Test: Build and deploy any Android app in debug mode
adb shell
run-as com.example.myapplication
kill -SIGKILL <pid>
Change-Id: I1e4588a9a1c7ee71e0396fbd1ea5e1b24720bd62
The untrusted apps should not directly access /dev/socket/mdnsd since
API level 34 (U). Only adbd and netd should remain to have access to
/dev/socket/mdnsd. For untrusted apps running with API level 33-, they
still have access to /dev/socket/mdnsd for backward compatibility.
Bug: 265364111
Test: Manual test
Change-Id: Id37998fcb9379fda6917782b0eaee29cd3c51525
Transfers access permissions into the system policy which
would otherwise be setup on a per-device basis in exactly
the same recurring way.
For surfacefliner it avoids errors when it
(via its dependent graphics libraries) tries to allocate
memory from the protected heap, e.g. when operating on a
Vulkan device with protected memory support.
Bug: 235618476
Change-Id: I7f9a176c067ead2f3bd38b8c34fc55fa39d87655
This way, remote provisioner can decide to noop when rkpd is
enabled.
Test: RemoteProvisionerUnitTests
Change-Id: I9c300360dc08c6d70431b83e1db714941d8caca1
This property contains the server name for the remote provisioning
service, if any, used by the device.
Test: RkpdAppUnitTests
Change-Id: Iad7805fe6da1ce89a9311d5caf7c9c651af2d16d
Zoned block device will be used along with userdata_block_device
for /data partition.
Bug: 197782466
Change-Id: I777a8b22b99614727086e72520a48dbd8306885b
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Bug: 262230400
Test: -
1. Remove the "oat" directory of an app.
2. Dexopt the app using ART Service.
3. See no SELinux denials.
Change-Id: I717073b0172083d73a1b84e5c2bea59076663b2f
We use this as a namespace of all system properties used by ART Service.
As ART Service is in the updatable ART module, we need to be able to add
new properties.
Bug: 256639711
Test: Presubmit
Change-Id: Idcee583abccef9c0807699122074eb26927ca57b
The automotive display service is moved to /system_ext partition.
Bug: 246656948
Test: Build selinux policy for aosp_cf_x86_64_only_auto target.
> lunch aosp_cf_x86_64_only_auto-userdebug
> m -j selinux_policy
Change-Id: If822e54aa99053c1aaee9f41d067860ea965c2f2
Commit 2d736569e716b5c143f296ae124bcfed9630a4d2 improved the logging
in virtualization service by attempting to get the real path from
/proc/self/fd/N for various files.
However, CompOS stores its log files in a directory
(/data/misc/apexdata/...) which VS has no access to, triggering an
SELinux denial:
avc: denied { search } for name="apexdata"
scontext=u:r:virtualizationmanager:s0
tcontext=u:object_r:apex_module_data_file:s0 tclass=dir
Suppress this denial, since it causes no harm (we just don't log the
real path).
Bug: 264496291
Bug: 251751405
Test: composd_cmd test-compile;
see no denials
Change-Id: Ia55e593c0c0735b8f3085a964f0c789c177375f2
