tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
42720 commits 1 branch 0 tags 50 MiB
Commit graph

9619 commits

Author SHA1 Message Date
Jeff Vander Stoep
f9a774f1ae Disallow watch and watch_reads on apk_data_file for apps 
This can be used as a side channel to observe when an application
is launched.

Gate this restriction on the application's targetSdkVersion to
avoid breaking existing apps. Only apps targeting 34 and above will
see the new restriction.

Remove duplicate permissions from public/shell.te. Shell is
already appdomain, so these permissions are already granted to it.

Ignore-AOSP-First: Security fix
Bug: 231587164
Test: boot device, install/uninstall apps. Observe no new denials.
Test: Run researcher provided PoC. Observe audit messages.
Change-Id: Ic7577884e9d994618a38286a42a8047516548782
 2023-04-25 15:20:45 +02:00
Charles Chen
5eb2d8b0df Fix attribute plurals for isolated_compute_allowed am: 27a8f43fde am: 82c81a216a am: badbeec6ac 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2552770

Change-Id: Ie5d474cceaac9833f53194b17636147cdc6eb75e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-20 18:49:53 +00:00
Charles Chen
5eba5e62a3 Merge "Move isolated_compute_app to be public" am: 290d1876ff am: 48a0bcd865 am: d57f6bc6ae 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2544610

Change-Id: I997bf77614cf78e61f89925857a60bb8a9a907fa
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-20 18:48:55 +00:00
Eric Rahm
3c9b657e1d Merge changes from topic "cherrypicker-L58100000960054695:N31200001359782734" am: 66ef8f01ee am: 7e4c7b47a2 am: 051fd4658e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2549731

Change-Id: I3bc5e7644efdaf99291b2efa61de9740b3f8a7e3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-20 17:23:14 +00:00
Eric Rahm
be8a31739a Fix denial for ioctl FS Verity am: af6035c64f am: 4606eaa950 am: 1f2c6ef5e7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2549730

Change-Id: Id4297a235f5803ab4d8efafa2b2a632d29a2494c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-20 17:23:10 +00:00
Charles Chen
27a8f43fde Fix attribute plurals for isolated_compute_allowed 
Following the naming convention.

Bug: N/A
Test: m
Change-Id: Ie26d67423f9ee484ea91038143ba763ed8f97e2f
 2023-04-20 16:39:39 +00:00
Charles Chen
290d1876ff Merge "Move isolated_compute_app to be public" 2023-04-20 16:31:52 +00:00
Eric Rahm
4606eaa950 Fix denial for ioctl FS Verity am: af6035c64f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2549730

Change-Id: I59e5261f9a2fea9d855756e7bb255b683868b3a9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-20 15:50:40 +00:00
Alexander Roederer
5c9320232a Merge "Add persist.sysui.notification.builder_extras_ovrd" am: e46266d2ce am: 06ad0c13cc am: f5324ae425 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2538550

Change-Id: I7f3e24a17423eb7a29e4a8bb17e14e06ca27ec4e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-20 15:27:08 +00:00
Eric Rahm
66ef8f01ee Merge changes from topic "cherrypicker-L58100000960054695:N31200001359782734" 
* changes:
  Allow system_server to verify installed apps
  Fix denial for ioctl FS Verity
 2023-04-20 15:06:22 +00:00
Alexander Roederer
e46266d2ce Merge "Add persist.sysui.notification.builder_extras_ovrd" 2023-04-20 13:22:24 +00:00
Charles Chen
c8ab3593d0 Move isolated_compute_app to be public 
This will allow vendor customization of isolated_compute_app. New permissions added should be associated with isolated_compute_allowed.

Bug: 274535894
Test: m
Change-Id: I4239228b80544e6f5ca1dd68ae1f44c0176d1bce
 2023-04-20 05:39:29 +00:00
Eric Rahm
588d537f0b Allow system_server to verify installed apps 
This commit allows system_server to call FS_IOC_SETFLAGS ioctl

Bug: 259756715
Fixes: 272527416
Test: Flash and pair watch, verify denial logs after apps are updated.
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:8d15734fb52ce08461fd4259ddfd22e889cf9061)
Merged-In: I7a99d3bb7deb3683b342795cb1bbef7abbbcbe38

Change-Id: I7a99d3bb7deb3683b342795cb1bbef7abbbcbe38
 2023-04-20 03:05:01 +00:00
Treehugger Robot
258cb0d2f9 Merge "Allow remote_provisioning to query IRPC" am: 81d607c686 am: 2cc28f0d55 am: 91595e7470 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2538191

Change-Id: Iee1c820b11cf7a6a75d40d9def31c5faed1c197a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-20 00:11:16 +00:00
Eric Rahm
af6035c64f Fix denial for ioctl FS Verity 
For unknown reason, denial still happens with system app after applying
ag/20712480. This commit adds a work around to fix this.

Bug: 258093107
Fixes: 272530397

Test: flash build, pair watch with phone, check SE denials log
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:0ade3b2183d850fd508569782e35a59ef2bd4dce)
Merged-In: I16932c793c5ca144746d0903ed1826c1847d2add

Change-Id: I16932c793c5ca144746d0903ed1826c1847d2add
 2023-04-20 00:02:07 +00:00
Treehugger Robot
81d607c686 Merge "Allow remote_provisioning to query IRPC" 2023-04-19 22:17:55 +00:00
Andrew Scull
0977919ac4 Allow remote_provisioning to query IRPC 
Enable remote_provisioning diagnostic reporting from dumpsys and adb
shell by allowing the service, which is hosted in system_server, to call
KeyMint's IRPC HAL implementation.

Test: adb shell dumpsys remote_provisioning
Test: adb shell cmd remote_provisioning
Bug: 265747549
Change-Id: Ica9eadd6019b577990ec3493a2b08e25f851f465
 2023-04-19 20:55:37 +00:00
Alexander Roederer
2b05965492 Add persist.sysui.notification.builder_extras_ovrd 
Adds persist.sysui.notification.builder_extras_override property
associated permissions, which will be used to flag guard
a change in core/...Notification.java.

Original change I3f7e2220798d22c90f4326570732a52b0deeb54d didn't
cover zygote, which are needed for preloaded classes

Test: manual flash+adb setprop/getprop
Bug: 169435530
Change-Id: Ifad9e7c010554aa6a1e1822d5885016058c801c9
 2023-04-19 18:29:04 +00:00
Treehugger Robot
68e237aa8c Merge changes from topic "b268128589" am: d073bd4209 am: cf5963c6a8 am: cfe9c14ada 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2529324

Change-Id: I149c1a56de8f4bd11738832cc18d19aca41c4b6f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-18 23:43:59 +00:00
Treehugger Robot
d073bd4209 Merge changes from topic "b268128589" 
* changes:
  Revert "Modify the automotive display service file context"
  Revert "Move cardisplayproxyd to system_ext"
 2023-04-18 21:44:44 +00:00
Yuxin Hu
c8fa8026a5 Merge "Allow gpuservice to query permission" am: aff0f53398 am: ea1a7a71a0 am: 4b4448f2cd 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2539770

Change-Id: I9e4237ce3795e1897a60b7ef98657ed53d0d6fb6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-17 18:30:25 +00:00
Yuxin Hu
aff0f53398 Merge "Allow gpuservice to query permission" 2023-04-17 16:56:53 +00:00
Treehugger Robot
6be0665e82 Merge "Allow virtualizationmanager to open test artifacts in shell_data_file" am: 6e5f8d5150 am: d94b48bcef am: 87a23ae361 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2519757

Change-Id: Ia910ef23f94402407862160fe33bd747078a2e35
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-17 05:28:27 +00:00
Yuxin Hu
fce99d90c7 Allow gpuservice to query permission 
Bug: b/270994705
Test: Flash, verify Pixel 7 can boot.
Change-Id: I11e61034a8b4404aa998af2b9a04e08af9095fec
 2023-04-17 04:12:43 +00:00
Treehugger Robot
6e5f8d5150 Merge "Allow virtualizationmanager to open test artifacts in shell_data_file" 2023-04-17 04:00:16 +00:00
Yuxin Hu
81deebacc3 Merge "Add a new system property persist.graphics.egl" am: b011ba5ffb am: 2ec8d6d9f6 am: e20f4369dc 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2529329

Change-Id: I34e98b75cb34610474303349e8a9eff337440044
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-13 21:16:14 +00:00
Yuxin Hu
b011ba5ffb Merge "Add a new system property persist.graphics.egl" 2023-04-13 18:49:26 +00:00
Yuxin Hu
889dd078e9 Add a new system property persist.graphics.egl 
This new system property will be read and written
by a new developer option switch, through gpuservice.

Based on the value stored in persis.graphics.egl,
we will load different GLES driver.

e.g.
persist.graphics.egl == $ro.hardware.egl: load native GLES driver
persist.graphics.egl == angle: load angle as GLES driver

Bug: b/270994705
Test: m; flash and check Pixel 7 boots fine
Change-Id: Idec4b947d0c69c52cd798df4f834053bd306cf5f
 2023-04-13 04:38:46 +00:00
Yu Shan
36370a80be Merge "Define sepolicy for ivn HAL." am: 9861e84085 am: 506e69012d am: 78ca38f285 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2530161

Change-Id: I5802fb2e124cfab86869d0c123f5b6d670e5c8d0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-12 02:44:59 +00:00
Jiabin Huang
03c79e7a4c Merge "Usb: Add property for multi usb mode." am: 67f6c7df8a am: e81e8f28e3 am: 6e4125008d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2528499

Change-Id: Icd99dfccf70a4d289a2ed87fa199114b445e673b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-12 02:44:34 +00:00
Yu Shan
9861e84085 Merge "Define sepolicy for ivn HAL." 2023-04-11 23:35:07 +00:00
Jiabin Huang
67f6c7df8a Merge "Usb: Add property for multi usb mode." 2023-04-11 23:08:33 +00:00
Yu Shan
9eb72464b5 Define sepolicy for ivn HAL. 
Test: manually verify ivn HAL on gcar_emu.
Bug: 274139217
Change-Id: Ie12dccb723078d83b561c152cc4458e52c0f8090
 2023-04-10 17:42:51 -07:00
Treehugger Robot
05ee76118b Merge "Allow linkerconfig to use pseudo tty" am: afb616d349 am: 8865604b6c am: e8db10f29b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2529639

Change-Id: I0f21f15ed350852b7c7593e7dd29366ec1e85a96
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-10 04:37:49 +00:00
Treehugger Robot
afb616d349 Merge "Allow linkerconfig to use pseudo tty" 2023-04-10 03:16:02 +00:00
Jooyung Han
3aaead5256 Allow linkerconfig to use pseudo tty 
I just found it's reported in some bugreports when logging errors from
linkerconfig.

avc:  denied  { ioctl } for  pid=314 comm="linkerconfig"
path="/dev/pts/0" dev="devpts" ino=3 ioctlcmd=0x5401
scontext=u:r:linkerconfig:s0 tcontext=u:object_r:devpts:s0
tclass=chr_file permissive=1

Bug: 276386338
Test: m && boot
Change-Id: I57c9cc655e610dc81a95bc8578a6649c52798c93
 2023-04-10 11:07:11 +09:00
Changyeon Jo
63c301ac62 Revert "Modify the automotive display service file context" 
This reverts commit edf5420830.

Bug: 268128589
Test: Treehugger
Change-Id: I3961148239831f41423b03d65de0b9b1b4a47724
 2023-04-08 00:14:14 +00:00
Changyeon Jo
916ad0da24 Revert "Move cardisplayproxyd to system_ext" 
This reverts commit fc0b3da21f.

Bug: 268128589
Test: Treehugger
Change-Id: I562b78d2f7550ee9e15be049f9db3fd1eeb491d8
 2023-04-08 00:13:59 +00:00
jiabin
e0641bfac9 Usb: Add property for multi usb mode. 
Property for multi usb mode is used by UsbAlsaManager to decide if only
one or multiple USB devices can be connected to audio system at a
certain time.

Bug: 262415494
Test: TH
Change-Id: I9481883fa8977329d35b139713aad15e995306b1
 2023-04-07 15:35:27 +00:00
Inseob Kim
d5d358495a Merge "Remove 28.0 compat support" am: 1174fcf338 am: 9cf125cb34 am: d781909856 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2519755

Change-Id: I263017c40280358776cbb2282dd4c7932601459b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-07 02:28:35 +00:00
Inseob Kim
1174fcf338 Merge "Remove 28.0 compat support" 2023-04-07 00:52:30 +00:00
Treehugger Robot
d4e0311566 Merge "allow systemserver to sigkill clat" am: 9ba65f627b am: bab932dfbd am: f6e7b7ea59 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2522976

Change-Id: I11b294a1ca38c4fd605b019d77e41b98382e1132
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-06 20:29:59 +00:00
Treehugger Robot
9ba65f627b Merge "allow systemserver to sigkill clat" 2023-04-06 19:02:24 +00:00
Ioannis Ilkos
8b6c32c556 Merge "SEPolicy for trace event suspend_resume_minimal" am: 035a1a9dfc am: 39a3e27b5f am: 3293cf4246 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2524675

Change-Id: Id9f75873c5c6100aa3f9782a861734a9871957e4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-05 16:32:35 +00:00
Ioannis Ilkos
035a1a9dfc Merge "SEPolicy for trace event suspend_resume_minimal" 2023-04-05 14:57:39 +00:00
Slawomir Rosek
7e9dede866 Allow system server to read media config am: 608e4923d3 am: 115d5c232e am: 5c9aad0e2d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2524799

Change-Id: I7b0566d02b682babab4d9e5bbfffe8e4e889feec
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-05 11:01:21 +00:00
Ioannis Ilkos
262a10ff2b SEPolicy for trace event suspend_resume_minimal 
This is a more lightweight version of built-in power/suspend_resume

Bug: 277016923
Test: manual
Change-Id: I71cefcab43a8119cfded52e55ebfaaf809e9f205
 2023-04-05 07:55:43 +00:00
Slawomir Rosek
608e4923d3 Allow system server to read media config 
This patch allows system server to read media config properties.
On 32bit architectures the StorageManager service in system server
needs to access media config while checking if transcoding is supported.

Bug: 276498430
Bug: 276662056
Change-Id: Ifc008d98b893b099c31c1fc8b96de9ed18dd4fbe
Signed-off-by: Slawomir Rosek <srosek@google.com>
 2023-04-05 07:51:24 +00:00
Maciej Żenczykowski
9fe0c21672 allow systemserver to sigkill clat 
This appears to be an oversight in T sepolicy???

Based on observed logs (on a slightly hacked up setup):

04-04 20:38:38.205  1548  1935 I Nat464Xlat: Stopping clatd on wlan0
04-04 20:38:38.205  1548  1935 I ClatCoordinator: Stopping clatd pid=7300 on wlan0
04-04 20:38:43.408  1548  1548 W ConnectivitySer: type=1400 audit(0.0:8): avc: denied { sigkill } for scontext=u:r:system_server:s0 tcontext=u:r:clatd:s0 tclass=process permissive=0
04-04 20:38:43.412  1548  1935 E jniClatCoordinator: Failed to SIGTERM clatd pid=7300, try SIGKILL
04-04 20:39:27.817  7300  7300 I clatd   : Shutting down clat on wlan0
04-04 20:39:27.819  7300  7300 I clatd   : Clatd on wlan0 already received SIGTERM
04-04 20:39:27.830  2218  2894 D IpClient/wlan0: clatInterfaceRemoved: v4-wlan0
04-04 20:39:27.857  1548  1935 D jniClatCoordinator: clatd process 7300 terminated status=0

I think this means SIGTERM failed to work in time, and we tried SIGKILL and that was denied, and then the SIGTERM succeeded?

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ia55ebd812cb9e7062e3cb10d6cb6851638926868
 2023-04-05 07:49:26 +00:00
Lakshman Annadorai
52d8a1e5d8 Merge "Add cpu_monitor service context." am: d970b34331 am: 605db074db am: 76809597e6 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2517975

Change-Id: I2fae64b89c92f9c8d8a360e943e13a6144b6d7b1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-04 19:08:46 +00:00