microdroid_manager and microdroid_payload have been accessing /dev/vsock
to get the local cid. But it's labeled as device, so microdroid_manager
and microdroid_payload have had too permissive access. This adds
vsock_device to relax the access.
Test: run demo app
Test: atest MicrodroidHostTestCases ComposHostTestCases
Change-Id: I1a5955ad28817124f250f206b90c8d4e344ea865
Commit ec50aa5180 ("Allow the init and apexd processes to read all
block device properties") did not include the SELinux type
sysfs_devices_block although it should have included that SELinux
type. Fix this.
Bug: 194726804
Change-Id: Ia299a0a8b28160c634863e15ae66fae8f18a5efb
Signed-off-by: Bart Van Assche <bvanassche@google.com>
system_ext_userdebug_plat_sepolicy.cil is a copy of
userdebug_plat_sepolicy.cil (debug_ramdisk) that's installed in the
system_ext partition.
The build rule is gated by a BoardConfig variable, so products other
than GSI cannot accidentally install this module.
Bug: 188067818
Test: Flash RQ2A.201207.001 bramble-user with debug ramdisk & flash
gsi_arm64-user from master, device can boot and `adb root` works
Change-Id: I75183e2dfdb434aee0b015b1627c9e23b4f3437f
Revert submission 1824717-gsi_debug_policy
Reason for revert: Breaks the build (see b/200933187).
Reverted Changes:
I37ef02628:Add a copy of debug policy to GSI system image
I9c3dad8bb:Add PRODUCT_INSTALL_DEBUG_POLICY_TO_SYSTEM_EXT
I43adc6ada:Add system_ext_userdebug_plat_sepolicy.cil for GSI...
I4d6235c73:Add /system_ext/etc/selinux/ to the debug policy s...
Change-Id: I22da171e7b6628cb4c5f28f316ee317fe28761c2
composd spawns odrefresh in its usual domain. odrefresh then spawns
fd_server in a different domain, and makes binder calls back to
composd to perform individual compilation steps.
fd_server is fairly generic, and part of the virt APEX, but this
instance is specific to composd (e.g. it has access to ART files), so
I named the domain composd_fd_server.
Bug: 186126194
Test: Run composd_cmd, artifacts generated
Change-Id: I5a431dd00b5b396a67021c618fc6edcfb25aa21b
microdroid's domains have been able to read/write any properties. That's
just for convenience while bringing up microdroid. This cleans up such
global permission and grants minimal access.
Bug: 194447534
Test: atest MicrodroidHostTestCases ComposHostTestCases
Test: run microdroid demo app
Change-Id: I09ce1174d4af9c228b788a522a6ab845cafd4505
This reverts commit 7ed2456b45.
Reason for revert: /dev/userspace-panic is discarded (b/188777408#comment13)
Bug: 188777408
Change-Id: I98b0159890ee755ffaefc5533f9c40d54f8f26d2
The pre/post-install hook functionality has been deprecated and removed.
Bug: 172606645
Test: atest ApexTestCases
Test: atest CtsStagedInstallHostTestCases
Change-Id: I8a5f726a0c8f005654d0430b5a4598e416ff9c28
system_ext_userdebug_plat_sepolicy.cil is a copy of
userdebug_plat_sepolicy.cil (debug_ramdisk) that's installed in the
system_ext partition.
The build rule is gated by a BoardConfig variable, so products other
than GSI cannot accidentally install this module.
Bug: 188067818
Test: Flash RQ2A.201207.001 bramble-user with debug ramdisk & flash
gsi_arm64-user from master, device can boot and `adb root` works
Change-Id: I43adc6adad5e08dcc8e106d18fdacef962310883
It is a system property that keeps the last CID used by the
virtualizationservice. Although the information is local to the
process, a new system property is justified because the information has
to be kept across multiple runs of the process. A file however is not
desirable because the information shouldn't be persisted.
Bug: 196015427
Test: atest MicrodroidHostTestCases
Change-Id: If8ca4b6ad8d9c8cb3bb33dc9ef45de0ae6481d15
Also allow odrefresh to run pvm_exec to talk to the CompOS VM.
And I moved the dontaudit & neverallow rules to the bottom while I was here.
Bug: 186126194
Test: adb shell apex/com.android.compos/bin/composd_cmd
Change-Id: I6f06dd6467a8eb59123d06c7179a86d9287e7f2f
Currently, the vold detects the factory reset by checking the
metadata encryption key. This logic is only valid when the
device is not in DSU mode. This CL allows vold to get the DSU
status.
Test: run DSU installation on a Pixel device
Bug: 199222795
Change-Id: Ia6ca3b27afd52347b132d7e2d8be244fb9f15e7d
Instead it gets it from virtualization_service, so this TODO is now
done.
Test: Manually run comps_verify_key
Test: Trigger odsign to run compos_verify_key at boot
Bug: 186126194
Change-Id: I705e7fd43b853a19c928ab76209ec321f10ec2d7
This adds properties necessary to run microdroid to property_contexts,
and then removes default_prop access to all domains except for init, as
init should be able to write all properties.
Bug: 194447534
Test: atest MicrodroidHostTestCases ComposHostTestCases
Change-Id: I2f80c71ce257613b3c3b019a3e988a5a0653d879
fs_mgr::ReadDefaultFstab calls fs_mgr:ReadFstabFromDt() which eventually
calls fs_mgr_get_boot_config_from_bootconfig_source to read boot config.
Therefore bundle permission to read proc_bootconfig. This resolves some
selinux denials for update_engine
Test: th
Change-Id: Ia8bd94eb33a38ccd939577b54910645fec4ccda8
Add what we need to allow composd to run and expose an AIDL service.
Also delete the policy for compsvc; we never access it in the host
now, and the real policy is in microdroid. Retain the compos_exec
type, since it is referenced in the APEX sepolicy.
Bug: 186126194
Test: adb shell cmd -w android.system.composd; no denials.
Change-Id: I5f06b2b01852cdebd2d67009b363ec08b17ce33a
Microdroid_manager needs to pass APEX pubkeys to APEXd. Since the data
is too big for a system property, it creates a file
/apex/vm-payload-metadata so that APEXd reads/uses it.
Bug: 199371341
Test: MicrodroidHostTestCases
Change-Id: Iaf2b4fc08b36610032d9c339f787e5e34994448b
