Commit graph

8 commits

Author SHA1 Message Date
Daniel Mentz
bbdb25f680 Allow hal_usb to call getsockopt on uevent socket
We are making a change to uevent_open_socket() in libcutils related to
setting the receive buffer size of netlink uevent sockets.

After setting SO_RCVBUF, we immediately read it back using getsockopt()
to verify that the setsockopt() call was effective. Only if it was not
effective, we call setsockopt() with SO_RCVBUFFORCE.

getsockopt() previously caused SELinux denials like the following:

 avc: denied { getopt } for comm="usb@1.1-service" scontext=u:r:hal_usb_default:s0 tcontext=u:r:hal_usb_default:s0 tclass=netlink_kobject_uevent_socket permissive=0

Bug: 119933843
Change-Id: I7bbb1eb1fa7ade2c94afc52ab1e28762f86a7d1f
2018-12-03 18:37:25 +00:00
Steven Moreland
9234e00daf hal_attribute_hwservice_client drop '_client'
Since this attribute just associates a hal_attribute
with a given hwservice in the standard way.

Bug: 80319537
Test: boot + sanity + test for denials
Change-Id: I545de165515387317e6920ce8f5e8c491f9ab24e
2018-06-06 09:30:18 -07:00
Steven Moreland
343e24a1be hal_attribute_hwservice_client += add_hwservice
For sanity, this makes 'hal_attribute_hwservice_client'
be associated with a specific hwservice thus making things
consistent.

After this change, only configstore, hal_allocator, and the
fwk_* services are inconsistent with all other HALs.

Bug: 80319537
Test: boot device, sanity tests, check for denials
Change-Id: Ibffc65c9567a429e07a3dc4dd41117738459dc2a
2018-06-06 09:25:52 -07:00
Steven Moreland
8fc7981885 Find hal_foo_hwservice -> you are hal_foo_client.
Before, it was possible to access a hwservice without declaring
that you were a client.

This introduces the following macro:
hal_attribute_hwservice_client(hal_foo, hal_foo_hwservice)

which makes sure the above implication holds using a neverallow rule.

Bug: 80319537
Test: boot + sanity
Change-Id: Iededae68f14f0f3bd412c1205aa3b650a54d55c6
2018-05-30 16:46:57 -07:00
Luis Hector Chavez
7ae939e84b Revert "Allow callers of uevent_kernel_*() access to /proc/sys/kernel/overflowuid"
This reverts commit 640e595a68. The
corresponding code in libcutils was removed, so this is now unneeded.

Bug: 71632076
Test: aosp_sailfish still works

Change-Id: I615bab83e9a83bc14439b8ab90c00d3156b0a7c4
2018-01-08 13:09:34 -08:00
Luis Hector Chavez
640e595a68 Allow callers of uevent_kernel_*() access to /proc/sys/kernel/overflowuid
Bug: 62378620
Test: Android in Chrome OS can call uevent_kernel_recv() and not fail
      with EIO.
Test: bullhead networking still works

Change-Id: I4dd5d2148ee1704c4fa23d7fd82d1ade19b58cbd
2017-11-08 01:39:28 +00:00
Alex Klyubin
53656c1742 Restrict access to hwservicemanager
This adds fine-grained policy about who can register and find which
HwBinder services in hwservicemanager.

Test: Play movie in Netflix and Google Play Movies
Test: Play video in YouTube app and YouTube web page
Test: In Google Camera app, take photo (HDR+ and conventional),
      record video (slow motion and normal), and check that photos
      look fine and videos play back with sound.
Test: Cast screen to a Google Cast device
Test: Get location fix in Google Maps
Test: Make and receive a phone call, check that sound works both ways
      and that disconnecting the call frome either end works fine.
Test: Run RsHelloCompute RenderScript demo app
Test: Run fast subset of media CTS tests:
      make and install CtsMediaTestCases.apk
      adb shell am instrument -e size small \
          -w 'android.media.cts/android.support.test.runner.AndroidJUnitRunner'
Test: Play music using Google Play music
Test: Adjust screen brightness via the slider in Quick Settings
Test: adb bugreport
Test: Enroll in fingerprint screen unlock, unlock screen using
      fingerprint
Test: Apply OTA update:
      Make some visible change, e.g., rename Settings app.
      make otatools && \
      make dist
      Ensure device has network connectivity
      ota_call.py -s <serial here> --file out/dist/sailfish-ota-*.zip
      Confirm the change is now live on the device
Bug: 34454312
(cherry picked from commit 632bc494f1)
Merged-In: Iecf74000e6c68f01299667486f3c767912c076d3
Change-Id: I7a9a487beaf6f30c52ce08e04d415624da49dd31
2017-04-21 09:54:53 -07:00
Badhri Jagan Sridharan
b6e4d4bdf1 sepolicy for usb hal
Bug: 31015010

Test: checked for selinux denial msgs in the dmesg logs.
Change-Id: I8285ea05162ea0d75459e873e5c2bad2dbc7e5ba
2017-01-23 14:11:18 -08:00