Commit graph

11 commits

Author SHA1 Message Date
Ashwini Oruganti
86e110e688 gmscore_app: Enforce all rules for the domain
This change flips the switch and stops running gmscore_app in permissive
mode. Looking at the data in go/sedenials, we don't see any untracked
denial that isn't occurring for the priv_app domain as well. gmscore
should have all the necessary permissions it had was running in the
priv_app domain.

Bug: 142672293
Test: Build, flash, boot.
Change-Id: I0db56671cdfccbd79cd303bc2a819260ef7677fe
2020-01-07 10:53:49 -08:00
Ashwini Oruganti
c9de5b531f gmscore_app: anr_data_file permissions
More historical context in http://b/18504118

This also adds an auditallow to the same rule for priv_app, so we can
delete it once no logs show up in go/sedenials for this rule
triggering.

Bug: 142672293
Test: TH
Change-Id: I5729b89af83090e6e31c012c8acb0f0114c87d3d
2019-12-18 22:15:08 +00:00
Treehugger Robot
4c78a608f9 Merge "Allow gmscore to write to /cache" 2019-12-18 17:56:34 +00:00
Ashwini Oruganti
f31e862cac gmscore_app: shell_data_file permissions
This also adds an auditallow to the same rule for priv_app, so we can
delete it once no logs show up in go/sedenials for this rule
triggerring.

Bug: 142672293
Test: TH
Change-Id: I554e0cb00a53fd254c450c20e6c632e58472c3c8
2019-12-17 15:09:30 -08:00
Ashwini Oruganti
fe746ae453 Allow gmscore to write to /cache
Bug: 142672293
Test: TH
Change-Id: If3c2a5c91ffb497330531ad8a57ac5840d602d34
2019-12-17 14:55:01 -08:00
Ashwini Oruganti
384858e0ec Allow gmscore_app to write to /data/ota_package for OTA packages
This also adds an auditallow to the same rule for priv_app, so we can
delete it once no logs show up in go/sedenials for this rule
triggerring.

Bug: 142672293
Test: TH
Change-Id: I57f887e96d721ca69a7228df0a75515596776778
2019-12-16 10:00:07 -08:00
Jeff Vander Stoep
607bc67cc9 Prevent apps from causing presubmit failures
Apps can cause selinux denials by accessing CE storage
and/or external storage. In either case, the selinux denial is
not the cause of the failure, but just a symptom that
storage isn't ready. Many apps handle the failure appropriately.

These denials are not helpful, are not the cause of a problem,
spam the logs, and cause presubmit flakes. Suppress them.

Bug: 145267097
Test: build
Change-Id: If87b9683e5694fced96a81747b1baf85ef6b2124
2019-12-16 11:19:05 +01:00
Ricky Wai
5b1b423039 Allow Zygote and Installd to remount directories in /data/data
Zygote/Installd now can do the following operations in app data directory:
- Mount on it
- Create directories in it
- Mount directory for each app data, and get/set attributes

Bug: 143937733
Test: No denials at boot
Test: No denials seen when creating mounts
Change-Id: I6e852a5f5182f1abcb3136a3b23ccea69c3328db
2019-12-13 12:30:26 +00:00
Ashwini Oruganti
e80d00ff34 gmscore_app: suppress denials for system_data_file
This denial is generally a sign that apps are attempting to access
encrypted storage before the ACTION_USER_UNLOCKED intent is delivered.
Suppress this denial to prevent logspam.

While gmscore_app is running in permissive mode, there might be other
denials for related actions (that won't show up in enforcing mode after
the first action is denied). This change adds a bug_map entry to track
those denials and prevent presubmit flakes.

Bug: 142672293
Test: Happy builds
Change-Id: Id2f8f8ff5cde40e74be24daa0b1100b91a7a4dbb
2019-12-12 14:38:40 -08:00
Ashwini Oruganti
9ba277df83 Allow gmscore to ptrace itself
This is needed to debug native crashes within the gmscore app.

Now that GMS core is running in gmscore_app and not in the priv_app
domain, we need this rule for the new domain. This also adds an
auditallow to the same rule for priv_app, so we can delete it once no
logs show up in go/sedenials for this rule triggerring.

Bug: 142672293
Test: TH
Change-Id: I7d28bb5df1a876d0092758aff321e62fa2979694
2019-12-11 17:09:05 -08:00
Ashwini Oruganti
c46a7bc759 Create a separate SELinux domain for gmscore
This change creates a gmscore_app domain for gmscore. The domain is
currently in permissive mode (for userdebug and eng builds), while we
observe the SELinux denials generated and update the gmscore_app rules
accordingly.

Bug: 142672293
Test: Flashed a device with this build and verified
com.google.android.gms runs in the gmscore_app domain. Tested different
flows on the Play Store app, e.g., create a new account, log in, update
an app, etc. and verified no new denials were generated.
Change-Id: Ie5cb2026f1427a21f25fde7e5bd00d82e859f9f3
2019-11-22 10:39:19 -08:00