tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
41006 commits 1 branch 0 tags 50 MiB
Commit graph

41006 commits

This branch
This branch
All branches
Author SHA1 Message Date
Treehugger Robot
1c9645177c Merge "Modify canhalconfigurator file context" am: 35820e6910 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2399853

Change-Id: I88dba0b0233a554e1ed2ea336df753fd335fc64c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-01 02:10:31 +00:00
Treehugger Robot
35820e6910 Merge "Modify canhalconfigurator file context" 2023-02-01 00:34:33 +00:00
Florian Mayer
94926f51df [MTE] Add memory_safety_native_boot namespace 
Bug: 267234468
Change-Id: I248fdf58a744f0c70a26d6a8f7d4caa0a6ce8edb
 2023-01-31 15:48:40 -08:00
Hongwei Wang
7476ab79ff Merge "Allow platform_app:systemui to write protolog file" am: f4979adab7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2397593

Change-Id: Id077867308be1b610fd4b12ed50e87908bd5e8d2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-31 20:58:01 +00:00
Hongwei Wang
f4979adab7 Merge "Allow platform_app:systemui to write protolog file" 2023-01-31 19:38:16 +00:00
Avichal Rakesh
a12d3103be Add selinux permissions for ro.usb.uvc.enabled 
This CL the selinux rules for the property ro.usb.uvc.enabled which will
be used to toggle UVC Gadget functionality on the Android Device.

Bug: 242344221
Bug: 242344229
Test: Manually tested that the property can only be read at runtime,
      not written to.
Change-Id: I0fd6051666d9554037acc68fa81226503f514a45
 2023-01-31 11:17:50 -08:00
Charles Chen
3d4a6b7474 Add isolated_compute_app domain 
Provides a new domain to enable secure sensitive data processing. This
allows processing of sensitive data, while enforcing necessary privacy
restrictions to prevent the egress of data via network, IPC or file
system.

Bug: 255597123
Test: m &&  manual - sample app with IsolatedProcess=True can use camera
service

Change-Id: I401667dbcf492a1cf8c020a79f8820d61990e72d
 2023-01-31 15:24:55 +00:00
Charles Chen
ccf8014492 Share isolated properties across islolated apps 
Introduce isolated_app_all typeattribute to share policies between
isolated_app and future similar apps that wish to be enforced with
isolation properties.

Bug: 255597123
Test: m && presubmit
Change-Id: I0d53816f71e7d7a91cc379bcba796ba65a197c89
 2023-01-31 12:59:57 +00:00
Inseob Kim
1dba2f058a Merge "Add comments on compat files" am: beee8849a6 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2405373

Change-Id: I09be668bc0fe182d1a87c046c1002a865f7b9342
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-31 07:32:10 +00:00
Inseob Kim
beee8849a6 Merge "Add comments on compat files" 2023-01-31 06:34:19 +00:00
Jiakai Zhang
57d7bd317d Merge "dontaudit dexoptanalyzer's DM file check on secondary dex files." am: 07cec2bd5e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2407092

Change-Id: I61c2ef978c55536fcb60432f20d82b311f8e1608
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-31 02:41:13 +00:00
Jiakai Zhang
07cec2bd5e Merge "dontaudit dexoptanalyzer's DM file check on secondary dex files." 2023-01-31 02:01:15 +00:00
Inseob Kim
338f81baac Add comments on compat files 
To prevent further confusion.

Bug: 258029505
Test: manual
Change-Id: Iaa145e4480833a224b1a07fc68adb7d3e8a36e4b
 2023-01-31 09:57:26 +09:00
Abhishek Pandit-Subedi
4aa7129dae Merge "Add sysprop for LeGetVendorCapabilities" am: 107af48013 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2405121

Change-Id: Ib0dab2f71e84c42cd34fb3147ff065704a8ab5e8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-30 18:41:15 +00:00
Abhishek Pandit-Subedi
107af48013 Merge "Add sysprop for LeGetVendorCapabilities" 2023-01-30 17:41:16 +00:00
Gil Cukierman
bc0f54877a Merge "Add SELinux Policy For io_uring" am: fab49d0a64 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2302679

Change-Id: I65aad86e82542723e96a7e24e16a597e91d7aa6c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-30 15:14:42 +00:00
Gil Cukierman
fab49d0a64 Merge "Add SELinux Policy For io_uring" 2023-01-30 14:38:43 +00:00
Jiakai Zhang
13909cdb3f Allow installd to kill profman. am: a7774c2cba 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2406753

Change-Id: I836e0c01d4356af7d125ba2ac754689239e57838
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-30 13:04:58 +00:00
Jiakai Zhang
a7774c2cba Allow installd to kill profman. 
installd needs to kill profman if profman times out.

Bug: 242352919
Test: -
  1. Add an infinate loop to profman.
  2. Run `adb shell pm compile -m speed-profile com.android.chrome`
  3. See profman being killed after 1 minute.

Change-Id: I71761eaab027698de0339d855b9a436b56580ed8
 2023-01-30 11:09:08 +00:00
Jiakai Zhang
dbfa7d58b7 dontaudit dexoptanalyzer's DM file check on secondary dex files. 
Bug: 259758044
Change-Id: I5cf88e2f2217c03cff071f17aadd71153f170c61
Test: Presubmit
 2023-01-30 07:56:10 +00:00
Alessandra Loro
3111caa958 [automerger skipped] Hide ro.debuggable and ro.secure from ephemeral and isolated applications am: 09effc0d78 -s ours am: 44785c2623 -s ours 
am skip reason: Merged-In I916c9795d96e4a4a453f9aed5e380f11981804e9 with SHA-1 24d90e792e is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2402006

Change-Id: I387d1a606d2f104e6cd85345966e3e88631c3be9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-27 19:43:33 +00:00
Alessandra Loro
44785c2623 [automerger skipped] Hide ro.debuggable and ro.secure from ephemeral and isolated applications am: 09effc0d78 -s ours 
am skip reason: Merged-In I916c9795d96e4a4a453f9aed5e380f11981804e9 with SHA-1 24d90e792e is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2402006

Change-Id: I270b951dd87754c9477b3d52f00b6dc21c9bc501
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-27 19:03:34 +00:00
Gil Cukierman
214294ce75 Add SELinux Policy For io_uring 
Brings in the io_uring class and associated restrictions and adds a new
macro, `io_uring_use`, to sepolicy.

In more detail, this change:

* Adds a new macro expands to ensure the domain it is passed can undergo a
type transition to a new type, `<domain>_iouring`, when the anon_inode
being accessed is labeled `[io_uring]`. It also allows the domain to
create, read, write, and map the io_uring anon_inode.

* Adds the ability for a domain to use the `IORING_SETUP_SQPOLL` flag
during `io_uring_setup` so that a syscall to `io_uring_enter` is not
required by the caller each time it wishes to submit IO. This can be
enabled securely as long as we don't enable sharing of io_uring file
descriptors across domains. The kernel polling thread created by `SQPOLL`
will inherit the credentials of the thread that created the io_uring [1].

* Removes the selinux policy that restricted all domains that make use of
the `userfault_fd` macro from any `anon_inode` created by another domain.
This is overly restrictive, as it prohibits the use of two different
`anon_inode` use cases in a single domain e.g. userfaultfd and io_uring.

This change also replaces existing sepolicy in fastbootd and snapuserd
that enabled the use of io_uring.

[1] https://patchwork.kernel.org/project/linux-security-module/patch/163159041500.470089.11310853524829799938.stgit@olly/

Bug: 253385258
Test: m selinux_policy
Test: cd external/liburing; mm; atest liburing_test; # requires WIP CL ag/20291423
Test: Manually deliver OTAs (built with m dist) to a recent Pixel device
and ensure snapuserd functions correctly (no io_uring failures)

Change-Id: I96f38760b3df64a1d33dcd6e5905445ccb125d3f
 2023-01-27 11:44:59 -05:00
Charles Chen
307049222a Update seapp_contexts with isIsolatedComputeApp selector 
Provide isIsolatedComputeApp selector for apps reusing _isolated user to run in domains other than isolated_app. Processes match the selector will have a default domain isolated_compute_app assigned. Also updated _isolated neverallow statements.

Bug: 265540209
Bug: 265746493
Test: m && atest --host libselinux_test with change on android_unittest.cpp
Change-Id: Ia05954aa6a9a9a07d6a8d1e3235a89e7b37dead9
 2023-01-27 14:36:40 +00:00
Jakub Rotkiewicz
1784feae44 Bluetooth: Added sepolicy for Snoop Logger filtering 
Bug: 247859568
Tag: #feature
Test: atest BluetoothInstrumentationTests
Test: atest bluetooth_test_gd_unit

Change-Id: Ic5036cc03e638e38ff87e44d61ed241f6168f335
 2023-01-27 14:13:52 +00:00
Alan Stokes
1a56803c4f Remove references to asan_extract am: 7e754a1c56 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2402007

Change-Id: I3c2a454078585032d4af19537590705805beea8c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-27 12:55:02 +00:00
Alan Stokes
7e754a1c56 Remove references to asan_extract 
This type doesn't exist in Microdroid.

Bug: 266871002
Test: m SANITIZE_TARGET=address com.android.virt
Change-Id: I2ca6db9669eafc4037bbf87bdcff60935893d93f
 2023-01-27 10:42:45 +00:00
Inseob Kim
a434b22ec8 Merge "microdroid: Add prop to wait for /data/tombstones" am: f9c5ae3360 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2402833

Change-Id: I351a7c574cc938adb02b31cf64c17cb52ad4279f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-27 01:38:04 +00:00
Inseob Kim
f9c5ae3360 Merge "microdroid: Add prop to wait for /data/tombstones" 2023-01-27 01:05:54 +00:00
Abhishek Pandit-Subedi
859037f2ec Add sysprop for LeGetVendorCapabilities 
Added new sysprop to configure getting vendor capabilities.

Bug: 257423916
Tag: #floss
Test: Manual
Change-Id: I35ba5883505bdd671276dd0863b129ab531890f3
 2023-01-26 16:12:52 -08:00
Tri Vo
2ebc3fe590 credstore: Switch to new RKPD build flag. am: 59a30a8c17 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2402874

Change-Id: Ifa40640c027410530a71002808e10133ba464c36
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-26 18:26:41 +00:00
Alessandra Loro
09effc0d78 Hide ro.debuggable and ro.secure from ephemeral and isolated applications 
Bug: 193912100
Bug: 265874811
Test: N/A

Ignore-AOSP-First: cherry-pick for tm-qpr
Change-Id: I916c9795d96e4a4a453f9aed5e380f11981804e9
Merged-In: I916c9795d96e4a4a453f9aed5e380f11981804e9
 2023-01-26 16:56:40 +00:00
Inseob Kim
ebc4742480 microdroid: Add prop to wait for /data/tombstones 
Bug: 266470759
Test: atest MicrodroidHostTestCases MicrodroidTestApp
Change-Id: Ie9992e105e57f1088a6016f0179c7dc3d285a7ed
 2023-01-26 22:16:28 +09:00
Cody Northrop
13fcd7357f Add EGL blobcache multifile properties 
Test: adb shell getprop
Test: /data/nativetest64/EGL_test/EGL_test
Bug: b/266725576
Change-Id: I847fe151340747322f9c35d93160bddc8f1c1d99
 2023-01-25 14:45:36 -07:00
Tri Vo
59a30a8c17 credstore: Switch to new RKPD build flag. 
Test: CtsIdentityTestCases
Change-Id: I6c0a533a890e4fa51c475452cf50ebe3706a90c8
 2023-01-25 20:42:34 +00:00
Alessandra Loro
2f9aaa01ed [automerger skipped] Drop back-compatibility for hiding ro.debuggable and ro.secure am: c6aec92b7c -s ours am: 80ea9f1219 -s ours 
am skip reason: Merged-In I47f2ddc4fa87bf6c8f872d2679348b2eecddcaad with SHA-1 8a7dcb5e1e is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2399373

Change-Id: I38396e29a51f0f30a3f89cc62b6f00df14f7c9a2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-25 12:16:52 +00:00
Alessandra Loro
1b647f2b12 [automerger skipped] Disallow untrusted apps to read ro.debuggable and ro.secure am: 0d68fc3525 -s ours am: 3d8ae78b71 -s ours 
am skip reason: Merged-In I40ac5d43da5778b5fa863b559c28e8d72961f831 with SHA-1 d0e108fbbe is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2399372

Change-Id: I52b6b3a65630710e4c11a3a3f0d0b18a7a6837af
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-25 12:16:49 +00:00
Alessandra Loro
80ea9f1219 [automerger skipped] Drop back-compatibility for hiding ro.debuggable and ro.secure am: c6aec92b7c -s ours 
am skip reason: Merged-In I47f2ddc4fa87bf6c8f872d2679348b2eecddcaad with SHA-1 8a7dcb5e1e is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2399373

Change-Id: I8513e2cf38a4c2e7bb1ba0202c22266803df5079
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-25 11:18:10 +00:00
Alessandra Loro
3d8ae78b71 [automerger skipped] Disallow untrusted apps to read ro.debuggable and ro.secure am: 0d68fc3525 -s ours 
am skip reason: Merged-In I40ac5d43da5778b5fa863b559c28e8d72961f831 with SHA-1 d0e108fbbe is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2399372

Change-Id: Ia177a221b0d022f8db3af87df458f16788328080
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-25 11:18:08 +00:00
Hongwei Wang
9372026ad2 Allow platform_app:systemui to write protolog file 
This is enabled on debuggable builds only, includes
- Grant mlstrustedsubject typeattribute to wm_trace_data_file
- Grant platform_app (like systemui) the write access to
  wm_trace_data_file

Bug: 251513116
Test: adb shell dumpsys activity service SystemUIService \
      WMShell protolog [start | stop]
Change-Id: I9f77f8995e4bf671616ce6c49eeb93720e31430e
 2023-01-24 16:30:57 -08:00
Seth Moore
96b8a026fd Add build flag indicating that rkpd is enabled. am: 0afe97a38f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2399548

Change-Id: I07efb44a1165beaf98b76aa58f934084d3449d08
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-24 19:49:31 +00:00
Seth Moore
0afe97a38f Add build flag indicating that rkpd is enabled. 
Platforms, such as cuttlefish, are RKP only, and are using a new
version of keymint that is not compatible with the old
RemoteProvisioner. Therefore, we must ensure that the configuration
is fixed and cannot be turned off.

Bug: 266482839
Test: RemoteProvisionerUnitTests
Test: keystore2_client_tests
Test: RkpdAppUnitTests
Change-Id: Ib7b3128b27c4a26fdd2dbdc064b491f7a3d3cd92
 2023-01-24 08:54:22 -08:00
Philip Chen
870af1fc0a Modify canhalconfigurator file context 
We plan to move canhalconfigurator from system to system_ext partition.
So let's update its sepolicy file context first.

Bug: 263516803
Test: build selinux policy for aosp_cf_x86_64_auto target
Change-Id: Ic4bd69489fa2f94ba33665a2cf1359e9fa487ea6
 2023-01-23 21:47:19 +00:00
Alessandra Loro
c6aec92b7c Drop back-compatibility for hiding ro.debuggable and ro.secure 
Ignore-AOSP-First: cherry-pick for tm-qpr-dev
Bug: 193912100
Bug: 265874811
Test: N/A for cherry-pick
Change-Id: I47f2ddc4fa87bf6c8f872d2679348b2eecddcaad
Merged-In: I47f2ddc4fa87bf6c8f872d2679348b2eecddcaad
 2023-01-23 12:06:37 +00:00
Alessandra Loro
0d68fc3525 Disallow untrusted apps to read ro.debuggable and ro.secure 
ro.secure and ro.debuggable system properties are not intended
to be visible via Android SDK. This change blocks untrusted
apps from reading these properties.

Test: n/a  for cherry-pick
Ignore-AOSP-First: cherry-pick for tm-qpr-dev
Bug: 193912100
Bug: 265874811
Change-Id: I40ac5d43da5778b5fa863b559c28e8d72961f831
Merged-In: I40ac5d43da5778b5fa863b559c28e8d72961f831
 2023-01-23 12:06:14 +00:00
Jeffrey Vander Stoep
94a4d4758f Merge "runas_app: allow sigkill of untrusted_app" am: eff7d756e1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2393300

Change-Id: Ibaa3a3da9953b75f98da86494e946d7386ba2747
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-20 16:53:58 +00:00
Jeffrey Vander Stoep
eff7d756e1 Merge "runas_app: allow sigkill of untrusted_app" 2023-01-20 16:20:15 +00:00
Inseob Kim
893596e0e7 Merge "Add tombstone_transmit init property to microdroid" am: fa7661b454 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2395453

Change-Id: I69b92041d1c77a35210e4d309bb95614557447af
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-20 15:12:04 +00:00
Inseob Kim
fa7661b454 Merge "Add tombstone_transmit init property to microdroid" 2023-01-20 14:41:15 +00:00
Yuyang Huang
32788d6842 Blocks untrusted apps to access /dev/socket/mdnsd from U am: cfdea5f4f3 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2388478

Change-Id: I9cee4d4b5d13612b02f63b377d32efae99d3ca67
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-20 10:09:07 +00:00