tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
47331 commits 1 branch 0 tags 50 MiB
Commit graph

10350 commits

Author SHA1 Message Date
Treehugger Robot
fbd5ca646f Merge "tracefs: remove debugfs/tracing rules on release devices" into main am: a3a3559743 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2973489

Change-Id: Ib81b790347f8cbba93e08df9dee3ae5d52ea49c2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-03-05 14:15:27 +00:00
Treehugger Robot
a3a3559743 Merge "tracefs: remove debugfs/tracing rules on release devices" into main 2024-03-05 13:33:02 +00:00
Ryan Savitski
5ee2595e8b Merge "tracefs: allow using "/sys/kernel/tracing/buffer_percent" on release devices" into main am: d7a3de50a3 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2976491

Change-Id: I2ca80ec6e19eb00b753b5104995d1ed7f47e7980
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-03-05 12:05:30 +00:00
Kangping Dong
29c440880d Merge "[Thread] limit ot-daemon socket to ot-ctl" into main am: 564f1296b8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2984172

Change-Id: I310acdc5860501c6725b91ca33165fb2778af7f7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-03-05 12:05:18 +00:00
Ryan Savitski
d7a3de50a3 Merge "tracefs: allow using "/sys/kernel/tracing/buffer_percent" on release devices" into main 2024-03-05 12:04:12 +00:00
Kangping Dong
564f1296b8 Merge "[Thread] limit ot-daemon socket to ot-ctl" into main 2024-03-05 11:18:56 +00:00
Matt Buckley
ee100057e0 Merge "Allow apps to access PowerHAL for FMQ" into main am: 19cb4c541f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2978555

Change-Id: I27a9a5a1012270c305a2727951c3561c2eb56634
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-03-04 22:55:48 +00:00
Matt Buckley
19cb4c541f Merge "Allow apps to access PowerHAL for FMQ" into main 2024-03-04 22:22:41 +00:00
Stefan Andonian
efd8723a4e Merge "Enable platform_app to use perfetto/trace_data_file permissions in debug/eng builds." into main am: 79d1388d86 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2924820

Change-Id: I984a94aa4b6267aafc49adaf5ae45c99869080a8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-03-04 21:26:12 +00:00
Stefan Andonian
79d1388d86 Merge "Enable platform_app to use perfetto/trace_data_file permissions in debug/eng builds." into main 2024-03-04 20:23:11 +00:00
Ján Sebechlebský
449b8ccd88 Merge "Allow virtual camera to use fd's from graphic composer" into main am: f8ab94fa08 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2977091

Change-Id: I4a49700af6b9798045cf026c06d3cb68913cb596
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-03-04 15:49:46 +00:00
Ján Sebechlebský
f8ab94fa08 Merge "Allow virtual camera to use fd's from graphic composer" into main 2024-03-04 15:20:49 +00:00
Dennis Shen
1bfa2552ad Merge "aconfig_storage: setup RO partitions aconfig storage files SELinux policy" into main am: 3041c33c91 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2982791

Change-Id: I3c601bb71699e80fb052b9d5c087fe792ec87f52
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-29 19:32:49 +00:00
Dennis Shen
3041c33c91 Merge "aconfig_storage: setup RO partitions aconfig storage files SELinux policy" into main 2024-02-29 19:03:00 +00:00
Kangping Dong
90495cc79f [Thread] limit ot-daemon socket to ot-ctl 
It's better to explicitly disallow access to ot-daemon from other than
ot-ctl.

Bug: 323502847
Change-Id: Ic46ad4e8f3a1d21bbfc9f4f01e6a692aafcdb815
 2024-02-29 23:43:34 +08:00
Dennis Shen
f008c29e47 aconfig_storage: setup RO partitions aconfig storage files SELinux 
policy

system, system_ext, product and vendor partitions have aconfig storage
files under /<partition>/etc/aconfig dir. need to grant access to
aconfigd.

Bug: b/312459182
Test: m and tested with AVD
Change-Id: I9750c24ffa26994e4f5deadd9d772e31211a446a
 2024-02-29 15:28:48 +00:00
Stefan Andonian
ff413fd7d0 Enable platform_app to use perfetto/trace_data_file permissions in 
debug/eng builds.

This change is to allow SystemUI, a platform_app, to start, stop,
and share Perfetto/Winscope traces.

Bug: 305049544
Test: Verified everything works on my local device.
Change-Id: I8fc35a5a570c2199cfdd95418a6caf0c48111c46
 2024-02-28 20:31:44 +00:00
Dennis Shen
154a08ef7e Merge "aconfigd: create aconfig daemon selinux policy" into main am: 067f7db593 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2976451

Change-Id: Ib86e806430e8decea25e8de9b5f314891561e521
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-28 13:21:35 +00:00
Dennis Shen
067f7db593 Merge "aconfigd: create aconfig daemon selinux policy" into main 2024-02-28 12:31:26 +00:00
Matt Buckley
52c9b3b9a9 Allow apps to access PowerHAL for FMQ 
This patch allows apps to access PowerHAL FMQ memory to send ADPF
messages.

Test: n/a
Bug: 315894228
Change-Id: I2733955807c40e63b688fcb0624db8acc8f9a139
 2024-02-27 16:35:55 -08:00
Florian Mayer
9ceda37b18 Merge "Allow shell and adb to read tombstones" into main am: 9d7d3c4a0e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2974016

Change-Id: I2fdfb22d91512d081d1760952e23611a1d2e4917
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-26 22:02:00 +00:00
Florian Mayer
9d7d3c4a0e Merge "Allow shell and adb to read tombstones" into main 2024-02-26 21:12:25 +00:00
Dennis Shen
2659257c76 aconfigd: create aconfig daemon selinux policy 
Bug: b/312444587
Test: m and launch avd
Change-Id: I0156a9dee05139ec84541e0dff2f95285c97cfb9
 2024-02-26 19:58:48 +00:00
Jan Sebechlebsky
fd7e285504 Allow virtual camera to use fd's from graphic composer 
This is causing denials in case the fence fd comes from
graphic composer.

Bug: 301023410
Test: atest CtsCameraTestCases with test virtual camera enabled
Change-Id: I14cb26c058342470aa2dc214ab47cc61aa2f3255
 2024-02-26 11:55:16 +01:00
Thiébaud Weksteen
66bb617447 Merge "Grant lockdown integrity to all processes" into main am: 1fc3a6f955 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2971071

Change-Id: I21f3e67d0b697a532f65e4e21b8a193accca521a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-26 00:34:52 +00:00
Jooyung Han
a53593f6fa Merge "Add input_device.config_file.apex property" into main am: 615aaf5998 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2974852

Change-Id: I08eec3e2cd297b70d84ea92aa07159bd1b70d91e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-26 00:34:01 +00:00
Thiébaud Weksteen
1fc3a6f955 Merge "Grant lockdown integrity to all processes" into main 2024-02-26 00:11:52 +00:00
Ryan Savitski
ce8959c851 tracefs: remove debugfs/tracing rules on release devices 
The tracing filesystem used to be mounted on /sys/kernel/debug/tracing,
but is nowaways available at /sys/kernel/tracing.

Since debugfs itself is no longer mounted on release devices, there is
no need for rules that relax specific .../debug/tracing/... files to be
available on release devices. Leave them as debugfs_tracing_debug.

Not touching other labels such as debugfs_tracing_printk_formats in case
there are debug-only tools that grant themselves access to just that
label. Might revisit those in a different patch.

Bug: 303590268
Change-Id: Ic234c73ac7256117179c4b3eb35da0eac9a50eaa
 2024-02-25 19:16:56 +00:00
Ryan Savitski
bdf0a56bf3 tracefs: allow using "/sys/kernel/tracing/buffer_percent" on release devices 
This is a tracing control file that userspace can read/write an ascii
number (e.g. "50"). In turn, it controls the behaviour of blocking
read(), splice(), and poll() on the tracing kernel ring buffer fds.
A blocked syscall will only be woken up once the kernel fills the buffer
past the "buffer_percent" watermark (so 50% -> half-full).

We'll be using this file in perfetto's traced_probes, but it should also
be safe to expose to other users of the tracing file system (aka
debugfs_tracing in sepolicy) on release builds.

Added to linux in:
  https://android.googlesource.com/kernel/common/+/03329f99

Change-Id: Ifcdc73cb0162e8cdadf2e7c16b0215410134ccae
 2024-02-25 19:00:07 +00:00
Florian Mayer
6c689e8438 Allow shell and adb to read tombstones 
tombstones are now openable by these domains:

allow adbd tombstone_data_file:dir { getattr ioctl lock open read search watch watch_reads };
allow adbd tombstone_data_file:file { getattr ioctl lock map open read watch watch_reads };
allow dumpstate tombstone_data_file:dir { getattr ioctl lock open read search watch watch_reads };
allow dumpstate tombstone_data_file:file { getattr ioctl lock map open read watch watch_reads };
allow init tombstone_data_file:dir { add_name create getattr ioctl open read relabelfrom relabelto remove_name rmdir search setattr write };
allow init tombstone_data_file:fifo_file { create getattr open read relabelfrom relabelto setattr unlink };
allow init tombstone_data_file:file { create getattr map open read relabelfrom relabelto setattr unlink write };
allow init tombstone_data_file:sock_file { create getattr open read relabelfrom relabelto setattr unlink };
allow shell tombstone_data_file:dir { getattr ioctl lock open read search watch watch_reads };
allow shell tombstone_data_file:file { getattr ioctl lock map open read watch watch_reads };
allow system_server tombstone_data_file:dir { add_name getattr ioctl lock open read remove_name search watch watch_reads write };
allow system_server tombstone_data_file:file { append create getattr ioctl lock map open read rename setattr unlink watch watch_reads write };
allow tombstoned tombstone_data_file:dir { add_name getattr ioctl lock open read remove_name search watch watch_reads write };
allow tombstoned tombstone_data_file:file { append create getattr ioctl link lock map open read rename setattr unlink watch watch_reads write };

Test: adb unroot, ls, cat, adb pull
Bug: 312740614
Change-Id: I4a1af4fbdc48c5c5f4b0b33f124cea31af74dd87
 2024-02-23 15:44:20 -08:00
Jooyung Han
c6d75293b9 Add input_device.config_file.apex property 
This new property is to set an apex name when input configuration files
are bundled in an apex.

libinput checks the new sysprop when loading input configuration.

This removes hard-coded apex name (com.android.input.config).

Bug: 315080500
Test: adb shell dumpsys input
  # set "touch.orientationAware = 0" in Touchscreen_0.idc
  # build/install the input config apex
  # Observe the Input configuration
  # "Touch Input Mapper" shows "OrientationAware: false"
Change-Id: Ie0bf30bff2ed7f983caa5b893994a5bd2759e192
 2024-02-23 14:31:58 +09:00
Steven Moreland
cfed32d4ff Merge changes from topic "misctrl" into main am: 9fca32695a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2966594

Change-Id: Id68b57052b905fd3aab14f17f1eb7e81913d7e05
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-22 19:16:50 +00:00
Steven Moreland
d7c3bf781e intro misctrl am: b4f42d449b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2966593

Change-Id: Ie652cf5516fe3c1042931bb07162f39996180e66
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-22 19:16:46 +00:00
Steven Moreland
9fca32695a Merge changes from topic "misctrl" into main 
* changes:
  misctrl: add a property
  intro misctrl
 2024-02-22 18:57:01 +00:00
Alan Stokes
d02b052624 Merge "Add virtualization_maintenance_service" into main am: d2bc72b7eb 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2967637

Change-Id: Ib5539a82cb00a141c3c4d9877acb7195f853107d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-22 10:33:00 +00:00
Alan Stokes
d2bc72b7eb Merge "Add virtualization_maintenance_service" into main 2024-02-22 09:45:13 +00:00
Treehugger Robot
444ca3ef45 Merge "Reland "[res] Allow accessing idmap files in all zygotes"" into main am: b4d6657a5c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2970351

Change-Id: I61de789991aeb6254b9d2f80bff9a65f06c4b533
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-22 09:07:53 +00:00
Treehugger Robot
b4d6657a5c Merge "Reland "[res] Allow accessing idmap files in all zygotes"" into main 2024-02-22 08:42:02 +00:00
Treehugger Robot
3fbbe8f2ab Merge "Allow shell/toolbox for all domains" into main am: b08b54e735 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2968882

Change-Id: I27a83570324b203d1c2eb86adc82dcc5fec1db8e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-22 06:19:57 +00:00
Treehugger Robot
b08b54e735 Merge "Allow shell/toolbox for all domains" into main 2024-02-22 05:48:44 +00:00
Thiébaud Weksteen
99a4cbcee7 Grant lockdown integrity to all processes 
The default policy for the "lockdown" access vector on Android was
introduced in commit bcfca1a6. While the "confidentiality" permission
was granted to all processes, the "integrity" was marked as
neverallowed.

Upstream, the support for that access vector was removed from kernel
5.16 onwards.

It was found that the "integrity" permission either does not apply to
Android or duplicates other access control (e.g., capabilities
sys_admin).

Instead of simply removing the neverallow rule, the access is granted to
all processes. This will prevent the proliferation of references to this
access vector in vendors' policies and ultimately facilitate its
removal.

Test: presubmit
Bug: 285443587
Bug: 269377822
Bug: 319390252
Change-Id: If2ad34fbbf2c0d29ac54ab5d1be430623f86f1f7
 2024-02-22 12:20:38 +11:00
Yisroel Forta
dc79d84476 Add context that system server can access and perfetto can save traces to am: c5cb5a248d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2965922

Change-Id: I3e286eb5cfb4de9fc80eb8462fb183d67898db98
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-21 22:38:05 +00:00
Steven Moreland
9f41fc081f misctrl: add a property 
misctrl can set properties which can be injected into
bugreports.

Limit visibility of these properties so that no device
code can branch based off these properties.

Bug: 317262681
Test: bugreport
Change-Id: I74f6f240b08b2681540bca262dcc76bcdca9cdad
 2024-02-21 18:16:49 +00:00
Yisroel Forta
c5cb5a248d Add context that system server can access and perfetto can save traces to 
Give perfetto rw dir and create file permissions for new directory.
Give system server control to read, write, search, unlink files from new directory.

Test: locally ensure traces can be written by perfetto and accessed and deleted by system server
Bug: 293957254
Change-Id: Id015429b48ffffb73e7a71addddd48a22e4740bf
 2024-02-21 16:43:57 +00:00
David Drysdale
bd6d03f58b Allow virtualizationservice to check parent dir am: a9d70d7ba8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2967573

Change-Id: I915ec4bc0144cc9a1a9ac20525f48ad1b33af3d7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-21 11:39:06 +00:00
Jooyung Han
66c5beaecc Allow shell/toolbox for all domains 
Bug: 324142245
Test: m (presubmit)
Change-Id: If408294d31c66241eca938ee2a681e6a9cf37ee2
 2024-02-21 11:13:14 +09:00
Yurii Zubrytskyi
9128735f1f Reland "[res] Allow accessing idmap files in all zygotes" 
This reverts commit 7ee66a0391.

Reason for revert: The change is supposed to be a noop, trying it as a separate CL now

Change-Id: I0a1befb0015f39596423da7049040de6be18db65
 2024-02-20 20:49:37 +00:00
Steven Moreland
b4f42d449b intro misctrl 
Generic binary for managing the misc partition.

Bug: 317262681
Test: boot, check bugreport
Change-Id: Ib172d101d68409f2500b507df50b02953c392448
 2024-02-20 18:56:05 +00:00
Alan Stokes
38131e7ba8 Add virtualization_maintenance_service 
This is an AIDL service exposed by Virtualization Service to system
server (VirtualizationSystemService).

The implementation is Rust so no fuzzer is required.

I've put this behind the flag on general principle.

Bug: 294177871
Test: atest MicrodroidTests
Change-Id: Ia867fe27fb2e76d9688e4ba650ebf7b3f51ee597
 2024-02-20 17:08:28 +00:00
David Drysdale
a9d70d7ba8 Allow virtualizationservice to check parent dir 
Needed for SQLite database creation

Test: boot Cuttlefish, printf debugging
Bug: 294177871
Change-Id: I9ec2a8956c501ddea9514ea07a7c89d09b027dd3
 2024-02-20 12:04:39 +00:00