tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
40557 commits 1 branch 0 tags 50 MiB
Commit graph

40557 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jiakai Zhang
5e531051b6 Allow artd to access primary dex'es in external and vendor partitions. 
Otherwise, we will get SELinux denials like:
W binder:6098_5: type=1400 audit(0.0:138): avc: denied { search } for name="framework" dev="dm-6" ino=478 scontext=u:r:artd:s0 tcontext=u:object_r:vendor_framework_file:s0 tclass=dir permissive=0

Bug: 262230400
Test: No longer see such SELinux denials.
Change-Id: Ic31fdabb16341c51466531c88ca040698331b248
 2022-12-12 14:28:40 +00:00
Seungjae Yoo
2ca7ebd8a2 Merge "Cleanup ro.boot.microdroid.app_debuggable" 2022-12-12 00:16:58 +00:00
Akilesh Kailash
5fa04f20f5 Virtual_ab: Add property to control batch writes 
Bug: 254188450
Test: OTA
Change-Id: I43c35859e98e449a45164b4d55db43b63ddbaba8
Signed-off-by: Akilesh Kailash <akailash@google.com>
 2022-12-11 16:14:47 +00:00
Vikram Gaur
d7a1aaf108 Add Google specific module for RKPD for sepolicy. 
Google is added to the package names to differentiate the Google
specific modules from AOSP modules. This causes RKPD Google module to
not get proper permissions since we permit only AOSP module currently.

Test: Tested on Pixel 7 device
Change-Id: Ia7c39ef85cedf20f705c27a5944b6f87f786cc1b
 2022-12-11 09:49:08 +00:00
Treehugger Robot
d838f6443e Merge "Remove netdomain from Microdroid" 2022-12-10 06:57:54 +00:00
Jaewan Kim
7b843d4ebf Allow crosvm to open test artifacts in shell_data_file 
Test: Try open /data/local/tmp/a from crovm
Bug: 260802656, Bug: 243672257
Change-Id: I90e2fe892f1028ea5add91a41389e2f7e812f988
 2022-12-10 11:34:42 +09:00
Pomai Ahlo
5f4421fae5 [ISap hidl2aidl] Update ISap in sepolicy 
Change instances of android.hardware.radio.sim.ISap to android.hardware.radio.sap.ISap

ISap is no longer going to be with IRadioSim in the sim
directory.  It will be in its own sap directory.

Test: m
Bug: 241969533
Change-Id: I362a0dc6e4b81d709b24b2fa2d879814ab232ad4
 2022-12-10 01:13:13 +00:00
Chris Weir
caf905ff3c Merge "SEPolicy for AIDL CAN HAL" 2022-12-09 22:09:12 +00:00
Xin Li
bfd51973aa Merge "Merge Android 13 QPR1" 2022-12-09 21:51:16 +00:00
Treehugger Robot
39617aca42 Merge "sepolicy - move proc bpf writes from bpfloader.rc to bpfloader binary" 2022-12-09 20:25:48 +00:00
Shikha Panwar
1aeaaedbc9 Selinux label for /mnt/encryptedstore 
Create a label for the encrypted storage. encryptedstore_file & _fs
corresponding to the file & fs type.

encryptedstore process mounts the device on /mnt/encryptedstore with
fscontext & context.

microdroid_payload will have rw & related permissions on it. Also, add a
neverallow rule to deny execute permission on all domains.

encryptedstore needs relabel permission from tmpfs to
encryptedstore_file, along with mount like permissions on the later.

Bug: 261477008
Test: atest MicrodroidTests#encryptedStorageAvailable

Change-Id: Iffa1eb400f90874169d26fc2becb1dda9a1269a9
 2022-12-09 19:26:34 +00:00
Chris Weir
eee59458c2 SEPolicy for AIDL CAN HAL 
CAN HAL moving to AIDL, SEPolicy will need to be adjusted.

Bug: 170405615
Test: AIDL CAN HAL VTS
Change-Id: I0d238d38aebb5895ae27fcb52cf43cd481327421
 2022-12-09 11:00:10 -08:00
Xin Li
31e494e804 Merge Android 13 QPR1 
Bug: 261731544
Merged-In: I07f63724e876e1db99acab73836bb52a8aa867d8
Change-Id: I2b3e98b6dfb05e1b787db4f14f3084f3c11f716e
 2022-12-09 10:31:11 -08:00
Jiyong Park
2660633d34 Remove netdomain from Microdroid 
Nothing in Microdroid uses tcp/udp/rawip sockets. Removing netdomain
attribute for the capability. Note that some processes can use
networking via vsock.

Bug: N/A
Test: watch TH

Change-Id: Id10861d0520770578503dd93b0c72c3d6be993e8
 2022-12-09 14:31:40 +09:00
Seungjae Yoo
8fbe216555 Cleanup ro.boot.microdroid.app_debuggable 
Bug: 260147409
Test: N/A
Change-Id: I3d3e5dc7d26733b7faeeafb854f768d74831a648
 2022-12-09 13:46:26 +09:00
Austin Borger
7694071279 Merge "Create a new system property for the landscape to portrait override." am: 71708e3a1d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2320987

Change-Id: Ib516f4e7d953a946d7a43e6418af12ecec9497d9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-09 00:28:42 +00:00
Austin Borger
71708e3a1d Merge "Create a new system property for the landscape to portrait override." 2022-12-09 00:05:15 +00:00
Victor Hsieh
90fa43e395 Deprecate proc_fs_verity from API 33 
Bug: 249158715
Test: lunch aosp_cf_x86_64_phone-eng; m
Test: TH
Change-Id: I29e4e0a4beb44b0ba66a4dd14266d04dae588df2
 2022-12-08 13:15:27 -08:00
Pomai Ahlo
992b8aa2f3 Merge "[ISap hidl2aidl] Add ISap to sepolicy" am: 90d117d661 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2329593

Change-Id: Iad5a8ed9452c660f6986f76208cd82b257c16ddc
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-08 17:54:18 +00:00
Pomai Ahlo
90d117d661 Merge "[ISap hidl2aidl] Add ISap to sepolicy" 2022-12-08 17:32:38 +00:00
Alan Stokes
26aa754f36 Add more zipfuse mount done props 
Allow one property per APK for zipfuse to signal readiness to
microdroid manager.

Bug: 252811466
Test: atest MicrodroidTests
Test: composd_cmd test-compile
Change-Id: Ibe5d0756cda807e677de68335258b96364e91880
 2022-12-08 14:26:19 +00:00
Maciej Żenczykowski
eb4770d68a Merge "bpf - neverallow improvements/cleanups" am: e8a09e2480 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2325355

Change-Id: Ic914741959e1dd2c138fc93068353d2dd8a54f2d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-08 13:03:24 +00:00
Maciej Żenczykowski
e8a09e2480 Merge "bpf - neverallow improvements/cleanups" 2022-12-08 12:39:41 +00:00
Treehugger Robot
c04df680d6 Merge "Remove proc_fs_verity as it's not used in microdroid" am: e596e1f243 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2285497

Change-Id: I14357354f309bc99bb17f1e6c04de2b46e96d997
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-07 18:40:53 +00:00
Treehugger Robot
e596e1f243 Merge "Remove proc_fs_verity as it's not used in microdroid" 2022-12-07 18:25:49 +00:00
Treehugger Robot
aeaf422fe5 Merge "Add permissions for remote_provisioning service" am: 61d823f9c7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2263548

Change-Id: I44fca2b112625e1fd8369788b91f46a1c9e6f40b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-07 18:15:15 +00:00
Treehugger Robot
61d823f9c7 Merge "Add permissions for remote_provisioning service" 2022-12-07 18:06:41 +00:00
Treehugger Robot
4767fc3207 Merge "Clean up proc_fs_verity which is no longer used" am: bb689eae58 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2285498

Change-Id: I1f27f39b89f42fbd679bf2ce08f6a55f7727134e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-07 17:32:08 +00:00
Treehugger Robot
bb689eae58 Merge "Clean up proc_fs_verity which is no longer used" 2022-12-07 17:17:52 +00:00
Gabriel Biren
bb8bb41278 Merge "Update file_contexts for WiFi Vendor HAL AIDL service." am: 41acafb1d6 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2328178

Change-Id: I17a11d61834bd3da14e8a91589ff923914716d9c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-07 01:40:40 +00:00
Gabriel Biren
41acafb1d6 Merge "Update file_contexts for WiFi Vendor HAL AIDL service." 2022-12-07 01:30:05 +00:00
Jiyong Park
e9b4649515 Adb root is supported in Microdroid on user builds am: c99fde9178 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2324822

Change-Id: Ife6ddd35ba0718892bb8aeda44c1e9b07fa40961
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-07 01:23:27 +00:00
Martin Stjernholm
c8d686c9fb Remove dalvik.vm.usejitprofiles system property. 
Disabling profiles is no longer supported. Most of the profile support
has been active even when this property was false, and it won't be
supported in the ART Service.

(cherry-picked from commit 58314ecc31)

Test: atest -a CtsCompilationTestCases \
               CtsDexMetadataHostTestCases \
               propertyinfoserializer_tests
  with dalvik.vm.usejitprofiles undefined
Bug: 254434433
Merged-In: I4ca4ce5da49434552c76154f91e09d7ab0129e04
Change-Id: I4ca4ce5da49434552c76154f91e09d7ab0129e04
 2022-12-06 17:38:42 +00:00
Victor Hsieh
9999e20eed Clean up proc_fs_verity which is no longer used 
The reference was deleted in aosp/2281348.

Bug: 249158715
Test: TH
Change-Id: I07f63724e876e1db99acab73836bb52a8aa867d8
 2022-12-06 09:10:41 -08:00
Seth Moore
3accea479a Add permissions for remote_provisioning service 
Bug: 254112668
Test: manual + presubmit
Change-Id: I54d56c34ad4a8199b8aa005742faf9e1e12583c3
 2022-12-06 08:46:20 -08:00
Jiyong Park
c99fde9178 Adb root is supported in Microdroid on user builds 
In Android, adb root is disabled at build-time by not compiling
sepolicies which allows adbd to run in the `su` domain.

However in Microdroid, adb root should be supported even on user builds
because fully-debuggable VMs can be started and adb root is expected
there. Note that adb root is still not supported in non-debuggable VMs
by not starting it at all.

This change removes `userdebug_or_end` conditions from the policies for
adb root. In addition, the `su` domain where adbd runs when rooted is
explicitly marked as a permissive domain allowed.

Bug: 259729287
Test: build a user variant, run fully debuggable microdroid VM. adb root
works there.
Test: run non-debuggable microdroid VM. adb shell (not even adb root)
doesn't work.

Change-Id: I8bb40b7472dcda6619a587e832e22d3cb290c6b9
 2022-12-06 22:30:36 +09:00
Jiyong Park
7b123d4758 Add permissive_domains_on_user_builds to se_policy_binary am: ef56721555 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2324821

Change-Id: I17ea00ad53f395b3445bd682ebdf1c75b6dcb8a2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-06 04:01:04 +00:00
Jiyong Park
4ca8349cd5 Remove su_exec from Microdroid am: f970df2f44 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2324820

Change-Id: I51151982f3891737a5f5e32907702512597d836e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-06 04:01:02 +00:00
Austin Borger
f393df9d2b Create a new system property for the landscape to portrait override. 
Apps commonly do not handle landscape orientation cameras correctly. In
order to prevent stretching and rotation issues in these apps, this
patch adds a flag to override the behavior of these landscape cameras
to produce a portrait image instead by changing the SENSOR_ORIENTATION
reported by CameraCharacteristics and applying a 90 degree rotate and
crop.

The camera2 framework needs to be able to turn this on only for certain
devices. Hence, this patch adds a system property for it.

Test: Snow (successful), XRecorder (successful)
Test: Snapchat (successful), Instagram (successful)
Test: Telegram (Zoomed)
Bug: 250678880
Change-Id: I13783d81f5fada71805865a840e4135580f1d876
Merged-In: I13783d81f5fada71805865a840e4135580f1d876
 2022-12-05 19:38:57 -08:00
Jiyong Park
ef56721555 Add permissive_domains_on_user_builds to se_policy_binary 
In Android, we don't allow any domain to be permissive in user builds.
However, in Microdroid permissive domains should be allowed even in user
builds because fully debuggable VMs (where adb root is supported) can be
created there.

This change adds a new property `permissive_domains_on_user_builds` to
the `se_policy_binary` module as a controlled way of adding exceptions
to the enforcement.

Bug: 259729287
Test: m. This CL doesn't add any exception.
Change-Id: I2ae240e92dfdeadd827f027534e3e11ce4534240
 2022-12-06 10:41:29 +09:00
Pomai Ahlo
ff82b77ae8 [ISap hidl2aidl] Add ISap to sepolicy 
Test: m
Bug: 241969533
Change-Id: If9b67605481132d2908adae9fa1f9b1501c37ea0
 2022-12-05 16:23:25 -08:00
Gabriel Biren
52b5ff67b9 Update file_contexts for WiFi Vendor HAL 
AIDL service.

Bug: 205044134
Test: Manual test - check that AIDL service
      starts successfully on Cuttlefish
Change-Id: If6dbb20ca982b998485257e212aa4aa82749d23d
 2022-12-05 23:53:30 +00:00
Jiyong Park
f970df2f44 Remove su_exec from Microdroid 
Microdroid doesn't have the executable `su`. Removing su_exec and any
reference to it.

Bug: N/A
Test: run Microdroid instance and adb root works.
Change-Id: If6c356acbf85ba20a1face3e29e4cb38d002ea06
 2022-12-05 11:54:16 +09:00
Maciej Żenczykowski
4a960869e0 sepolicy - move proc bpf writes from bpfloader.rc to bpfloader binary 
As a reminder, per:
  https://source.corp.google.com/search?q=p:aosp-master%20file:sepolicy%20-file:prebuilts%20proc_bpf%20file:genfs

we currently have:
  aosp-master system/sepolicy/private/genfs_contexts

genfscon proc /sys/kernel/bpf_ u:object_r:proc_bpf:s0
genfscon proc /sys/kernel/unprivileged_bpf_ u:object_r:proc_bpf:s0
genfscon proc /sys/net/core/bpf_ u:object_r:proc_bpf:s0

So the above are the files which will no longer be writable by init.

A cs/ search for p:android$ (/sys/kernel/bpf_|/sys/kernel/unprivileged_bpf_|/sys/net/core/bpf_) file:[.]rc

only finds bpfloader.rc init script as actually doing these writes.

Those writes are removed in:
  https://android-review.git.corp.google.com/c/platform/system/bpf/+/2325617
  'bpfloader - move sysctl setting from rc to binary'

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I19ccdf293966dd982e1d36836b0b962d99ed7275
 2022-12-03 15:22:29 +00:00
Maciej Żenczykowski
9a76805ac3 bpf - neverallow improvements/cleanups 
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I569d88bcfa0089d13d23dfeda111bf3584cad2c0
 2022-12-03 12:33:33 +00:00
Maciej Żenczykowski
3ce95393bc add fs_bpf_loader selinux type am: e14e69a947 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2323334

Change-Id: I2adb019e1ce289838b9aa6d6da6c9a973d97591c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-03 09:46:50 +00:00
Myles Watson
671a0c3bda sepolicy: Add Bluetooth AIDL 
Bug: 205758693
Test: manual - boot local image with Cuttlefish
Change-Id: Ic0c5408d83f8c352b72f79e9024212c7ff0c84c1
 2022-12-02 13:08:26 -08:00
Maciej Żenczykowski
e000271a3c remove init/vendor_init access to bpffs_type am: ebb45f9dea 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2323317

Change-Id: I6648a7a444f4b865d74345a03e2b3f6d0fb12922
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-02 14:49:23 +00:00
Maciej Żenczykowski
e14e69a947 add fs_bpf_loader selinux type 
To be used for things that only the bpfloader should be access.

Expected use case is for programs that the bpfloader should load,
pin into the filesystem, *and* attach.

[ie. no need for anything else to attach the programs]

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I035d3fcbf6cee523e41cdde23b8edc13311a45e8
 2022-12-02 12:26:49 +00:00
Maciej Żenczykowski
ebb45f9dea remove init/vendor_init access to bpffs_type 
There should be no need for this and it fixes a long outstanding TODO.

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Id1764cbc713addbbda6827fe6c6689e45e8f584c
 2022-12-02 12:26:03 +00:00