- Jun 23, 2017
-
-
Jeff Vander Stoep authored
avc: denied { find } for interface=android.hardware.configstore::ISurfaceFlingerConfigs scontext=u:r:system_server:s0 tcontext=u:object_r:hal_configstore_ISurfaceFlingerConfigs:s0 tclass=hwservice_manager permissive=0 Bug: 35197529 Test: Device boots without this denial Change-Id: Ia43bc5879e03a1f2056e373b17cc6533636f98b1
-
- Jun 19, 2017
-
-
Tom Cherry authored
In libprocessgroup, we want to only send signals once to processes, particularly for SIGTERM. We must send the signal both to all processes within a POSIX process group and a cgroup. To ensure that we do not duplicate the signals being sent, we check the processes in the cgroup to see if they're in the POSIX process groups that we're killing. If they are, we skip sending a second signal. This requires getpgid permissions, hence this SELinux change. avc: denied { getpgid } for pid=797 comm="ActivityManager" scontext=u:r:system_server:s0 tcontext=u:r:untrusted_app_25:s0:c512,c768 tclass=process permissive=1 avc: denied { getpgid } for pid=797 comm="ActivityManager" scontext=u:r:system_server:s0 tcontext=u:r:untrusted_app_25:s0:c512,c768 tclass=process permissive=1 avc: denied { getpgid } for pid=797 comm="ActivityManager" scontext=u:r:system_server:s0 tcontext=u:r:system_app:s0 tclass=process permissive=1 avc: denied { getpgid } for pid=797 comm="ActivityManager" scontext=u:r:system_server:s0 tcontext=u:r:system_app:s0 tclass=process permissive=1 avc: denied { getpgid } for pid=1 comm="init" scontext=u:r:init:s0 tcontext=u:r:zygote:s0 tclass=process permissive=1 avc: denied { getpgid } for pid=1 comm="init" scontext=u:r:init:s0 tcontext=u:r:zygote:s0 tclass=process permissive=1 avc: denied { getpgid } for pid=1 comm="init" scontext=u:r:init:s0 tcontext=u:r:system_server:s0 tclass=process permissive=1 avc: denied { getpgid } for pid=1 comm="init" scontext=u:r:init:s0 tcontext=u:r:system_server:s0 tclass=process permissive=1 Bug: 37853905 Bug: 62418791 Test: Boot, kill zygote, reboot Change-Id: Ib6c265dbaac8833c47145ae28fb6594ca8545570 (cherry picked from commit c59eb4d8)
-
- May 31, 2017
-
-
Narayan Kamath authored
tombstoned allows dumpstate to install "intercepts" to java trace requests for a given process. When an "intercept" is installed, all trace output is redirected to a pipe provided by dumpstate instead of the default location (usually in /data/anr or /data/tombstone). Note that these processes are already granted "write" and "getattr" on dumpstate:fifo_file in order to communicate with dumpstate; this change adds "append" to the existing set of permissions. Bug: 32064548 Test: manual Change-Id: Iccbd78c59071252fef318589f3e55ece51a3c64c
-
Narayan Kamath authored
Applications connect to tombstoned via a unix domain socket and request an open FD to which they can write their traces. This socket has a new label (tombstoned_java_trace_socket) and appdomain and system_server are given permissions to connect and write to it. Apps no longer need permissions to open files under /data/anr/ and these permissions will be withdrawn in a future change. Bug: 32064548 Test: Manual (cherry picked from commit a8832dabc7f3b7b2381760d2b95f81abf78db709) (cherry picked from commit 11bfcc1e) Change-Id: Icc60d227331c8eee70a9389ff1e7e78772f37e6f
-
Narayan Kamath authored
Applications connect to tombstoned via a unix domain socket and request an open FD to which they can write their traces. This socket has a new label (tombstoned_java_trace_socket) and appdomain and system_server are given permissions to connect and write to it. Apps no longer need permissions to open files under /data/anr/ and these permissions will be withdrawn in a future change. Bug: 32064548 Test: Manual Merged-In: I70a3e6e230268d12b454e849fa88418082269c4f Change-Id: Ib4b73fc130f4993c44d96c8d68f61b6d9bb2c7d5
-
- May 30, 2017
-
-
Narayan Kamath authored
Applications connect to tombstoned via a unix domain socket and request an open FD to which they can write their traces. This socket has a new label (tombstoned_java_trace_socket) and appdomain and system_server are given permissions to connect and write to it. Apps no longer need permissions to open files under /data/anr/ and these permissions will be withdrawn in a future change. Bug: 32064548 Test: Manual (cherry picked from commit a8832dabc7f3b7b2381760d2b95f81abf78db709) Change-Id: I70a3e6e230268d12b454e849fa88418082269c4f
-
- May 23, 2017
-
-
pkanwar authored
Update SE Policy to allow calls to and callbacks for the Tether Offload HAL HIDL binderized service. Bug: 38417260 Test: New functionality. So we don't have any tests. Change-Id: I2c95b290523c55c081afa1bca091f368559c9125
- May 22, 2017
-
-
Michael Schwartz authored
Test: Boot sailfish with shared system image Bug: 36814984 Change-Id: I2937c20c3b6ca7bf4edab66a74742c48e76c7687
-
- May 18, 2017
-
-
Sohani Rao authored
Update SE Policy to allow calls to and callbacks from Wifi Offload HAL HIDL binderized service. Combined cherry pick from d56aa1982d15acfc2408271138dac43f1e5dc987 and 66e27bf5 Bug: 32842314 Test: Unit tests, Mannual test to ensure Wifi can be brought up and connected to an AP, ensure that Offload HAL service is running and that that wificond can get the service handle by calling hwservicemanager. Change-Id: I0fc51a4152f1891c8d88967e75d45ded115e766e
-
- May 12, 2017
-
-
Andrew Scull authored
Bug: 35628284 Change-Id: I08877ac117212325b1259f7d90a4c0cb1dac2d9f Fix: 38233550 Test: Build and boot Merged-In: I4cdacb601e0eea1f5f0e721c568c7ee04298704f
-
Andrew Scull authored
Bug: 34766843 Change-Id: I5be615d818ecf999fec6514ce9b89ff6a7f13cd6 Fix: 38232801 Test: Build and boot Merged-In: Ice78aedfdbe82477a84252499a76dad37887fe6b
-
- May 04, 2017
-
-
Nick Kralevich authored
With build/core eaa9d88cf, system_server should not be loading code from /data. https://bugs.chromium.org/p/project-zero/issues/detail?id=955 Bug: 37214733 Bug: 31780877 Test: Device boots and no obvious problems. Test: No collected SELinux denials for build-server generated builds. Change-Id: I37b1e9e6c4555c937730ab491b6c38801b38ad38
-
Andreas Gampe authored
Under ASAN, allow system-server to execute app_process. This is required for wrap-property execution. Bug: 36138508 Test: m && SANITIZE_TARGET m Change-Id: Ic637e5205ea86e0edcd66ab387e89b27afef6b99
-
- Apr 27, 2017
-
-
Abodunrinwa Toki authored
Test: bit FrameworksCoreTests:android.view.textclassifier.TextClassificationManagerTest Bug: 34780396 Change-Id: I8b98fef913df571e55474ea2529f71750874941c
-
- Apr 26, 2017
-
-
Philip Cuadra authored
Bluetooth needs the capability to set audio-related threads to be RT scheduled. Grant it sys_nice. system_server needs to set priority for the Bluetooth HAL. Allow it. Bug 37518404 Test: Play Bluetooth audio, confirm RT scheduling with systrace Merged-In: Iaf7b85a11a51883744d72a50addfd320b6fbbc2f Change-Id: Iaf7b85a11a51883744d72a50addfd320b6fbbc2f (cherry picked from commit 6eee6eb2)
-
- Apr 25, 2017
-
-
Philip Cuadra authored
Bluetooth needs the capability to set audio-related threads to be RT scheduled. Grant it sys_nice. system_server needs to set priority for the Bluetooth HAL. Allow it. Bug 37518404 Test: Play Bluetooth audio, confirm RT scheduling with systrace Change-Id: Iaf7b85a11a51883744d72a50addfd320b6fbbc2f
-
- Apr 21, 2017
-
-
Daniel Nicoara authored
vr_wm functionality is moved in VrCore, so remove this service. Bug: 37542947, 36506799 Test: Ran on device and verified there are no permission errors while in VR Change-Id: I37fd34e96babec2a990600907f61da8c358ecc89
-
Chia-I Wu authored
Bug: 37152880 Bug: 37554633 Test: adb shell am hang --allow-restart Test: adb shell dumpstate Change-Id: Ie68607f3e3245a40056bdde7dd810ddf212b4295
-
Alex Klyubin authored
This adds fine-grained policy about who can register and find which HwBinder services in hwservicemanager. Test: Play movie in Netflix and Google Play Movies Test: Play video in YouTube app and YouTube web page Test: In Google Camera app, take photo (HDR+ and conventional), record video (slow motion and normal), and check that photos look fine and videos play back with sound. Test: Cast screen to a Google Cast device Test: Get location fix in Google Maps Test: Make and receive a phone call, check that sound works both ways and that disconnecting the call frome either end works fine. Test: Run RsHelloCompute RenderScript demo app Test: Run fast subset of media CTS tests: make and install CtsMediaTestCases.apk adb shell am instrument -e size small \ -w 'android.media.cts/android.support.test.runner.AndroidJUnitRunner' Test: Play music using Google Play music Test: Adjust screen brightness via the slider in Quick Settings Test: adb bugreport Test: Enroll in fingerprint screen unlock, unlock screen using fingerprint Test: Apply OTA update: Make some visible change, e.g., rename Settings app. make otatools && \ make dist Ensure device has network connectivity ota_call.py -s <serial here> --file out/dist/sailfish-ota-*.zip Confirm the change is now live on the device Bug: 34454312 (cherry picked from commit 632bc494) Merged-In: Iecf74000e6c68f01299667486f3c767912c076d3 Change-Id: I7a9a487beaf6f30c52ce08e04d415624da49dd31
-
- Apr 20, 2017
-
-
Alex Klyubin authored
This adds fine-grained policy about who can register and find which HwBinder services in hwservicemanager. Test: Play movie in Netflix and Google Play Movies Test: Play video in YouTube app and YouTube web page Test: In Google Camera app, take photo (HDR+ and conventional), record video (slow motion and normal), and check that photos look fine and videos play back with sound. Test: Cast screen to a Google Cast device Test: Get location fix in Google Maps Test: Make and receive a phone call, check that sound works both ways and that disconnecting the call frome either end works fine. Test: Run RsHelloCompute RenderScript demo app Test: Run fast subset of media CTS tests: make and install CtsMediaTestCases.apk adb shell am instrument -e size small \ -w 'android.media.cts/android.support.test.runner.AndroidJUnitRunner' Test: Play music using Google Play music Test: Adjust screen brightness via the slider in Quick Settings Test: adb bugreport Test: Enroll in fingerprint screen unlock, unlock screen using fingerprint Test: Apply OTA update: Make some visible change, e.g., rename Settings app. make otatools && \ make dist Ensure device has network connectivity ota_call.py -s <serial here> --file out/dist/sailfish-ota-*.zip Confirm the change is now live on the device Bug: 34454312 Change-Id: Iecf74000e6c68f01299667486f3c767912c076d3
-
- Apr 19, 2017
-
-
Andreas Gampe authored
Add asanwrapper support for system server under sanitization. Bug: 36138508 Test: m && m SANITIZE_TARGET=address SANITIZE_LITE=true Test: adb root && adb shell setprop wrap.system_server asanwrapper Change-Id: Id930690d2cfd8334c933e0ec5ac62f88850331d0
-
Salvador Martinez authored
system_server needs to be able to read the file last_reboot_reason to see if we need to show a thermal notification to the user. This change allows system_server to read, delete, and rename the file. Test: Manual Bug: 30994946 Change-Id: Id73e18768f910c8de0bfc02f1b464e689f4b3955
-
- Apr 17, 2017
-
-
Alex Klyubin authored
This commit marks system_server and app domains (except isolated_app) as clients of Graphics Allocator HAL. This makes the policy cleaner and prepares ground for restricting access to HwBinder services. Test: Play video in YouTube app and in Google Chrome YouTube web page Test: Using Google Camera app, take an HDR+ photo, a conventional photo, record a video with sound and a slow motion video with sound, then check that photos look good and videos play back fine, including sound. Bug: 34454312 Change-Id: Iea04d38fa5520432f06af94570fa6ce16ed7979a
-
- Apr 16, 2017
-
-
Martijn Coenen authored
The new binder_call() lines had to be added because this change removes mediacodec from binderservicedomain (on full-treble), hence domains that could previously reach mediacodec with binder_call(domain, binderservicedomain) now need explicit calls instead. Test: Youtube, Netflix, Maps, Chrome, Music Change-Id: I3325ce20d9304bc07659fd435554cbcbacbc9829
-
- Apr 14, 2017
-
-
Martijn Coenen authored
Since hal_graphics_composer_default is now no longer a member of binderservicedomain, these domains would no longer be able to use filedescriptors from it. Bug: 36569525 Bug: 35706331 Test: marlin boots, YouTube, Maps, Camera, video Change-Id: I4c110cf7530983470ae079e4fbc8cf11aa0fab7f
-
- Apr 12, 2017
-
-
Alex Klyubin authored
All HALs which are represented by hal_* attributes in SELinux policy are required to run in binderized mode on Treble devices. This commit thus makes the SELinux policy for Treble devices no longer associate domains in hal_x_client with hal_x attribute, which is what was granting domains hosting clients of hal_x the rules needed to run this HAL in-process. The result is that core components have now less access. This commit has no effect on non-Treble devices. Test: Device boots -- no new denials Test: Play movie using Google Play Movies and Netflix Test: Play YouTube clip in YouTube app and in Chrome Test: Unlock lock screen using fingerprint Test: Using Google Camera, take a photo, an HDR+ photo, record a video with sound, a slow motion video with sound. Photos and videos display/play back fine (incl. sound). Test: adb screencap Test: $ monitor take screenshot Test: In all tests, no deials to do with hal_*, except pre-existing denials to do with hal_gnss. Bug: 37160141 Bug: 34274385 Bug: 34170079 Change-Id: I1ca91d43592b466114af13898f5909f41e59b521
-
Jorge Lucangeli Obes authored
With build/core eaa9d88cf, system_server should not be loading code from /data. Add an auditallow rule to report violations. Bug: 37214733 Test: Boot marlin, no SELinux audit lines for system_server. Change-Id: I2e25eb144503274025bd4fc9bb519555851f6521 (cherry picked from commit 665128fa)
-
- Apr 11, 2017
-
-
Jorge Lucangeli Obes authored
With build/core eaa9d88cf, system_server should not be loading code from /data. Add an auditallow rule to report violations. Bug: 37214733 Test: Boot marlin, no SELinux audit lines for system_server. Change-Id: I2e25eb144503274025bd4fc9bb519555851f6521
-
- Apr 10, 2017
-
-
Andrew Scull authored
Bug: 35628284 Test: Boot and call HAL from system_server Change-Id: I4cdacb601e0eea1f5f0e721c568c7ee04298704f
-
Andrew Scull authored
Bug: 34766843 Test: Boot and call HAL from system_server Change-Id: Ice78aedfdbe82477a84252499a76dad37887fe6b
-
- Apr 07, 2017
-
-
Donghyun Cho authored
Bug: 36562029 Test: m -j40 and CEC functionality works well Change-Id: I5a693e65abdd5139a848d939149a475056cc41e8
-
- Apr 06, 2017
-
-
Sandeep Patil authored
The change makes 'vendor_overlay_file' accessible only to few platform domains like idmap, system_server, zygote and appdomain. The overlay files contains RROs (runtime resource overlays) Bug: 36681210 Test: Boot sailfish (treble device) from wiped flashall Test: Connect to wifi and launch chrome to load few websites. Test: Launch camera and record + playback video Change-Id: I3596ca89ad51d0e7d78c75121f22ea71209ee332 Signed-off-by:
Sandeep Patil <sspatil@google.com>
-
- Apr 05, 2017
-
-
Sandeep Patil authored
The CL splits /vendor labeling from /system. Which was allowing all processes read, execute access to /vendor. Following directories will remain world readable /vendor/etc /vendor/lib(64)/hw/ Following are currently world readable but their scope will be minimized to platform processes that require access /vendor/app /vendor/framework/ /vendor/overlay Files labelled with 'same_process_hal_file' are allowed to be read + executed from by the world. This is for Same process HALs and their dependencies. Bug: 36527360 Bug: 36832490 Bug: 36681210 Bug: 36680116 Bug: 36690845 Bug: 36697328 Bug: 36696623 Bug: 36806861 Bug: 36656392 Bug: 36696623 Bug: 36792803 All of the tests were done on sailfish, angler, bullhead, dragon Test: Boot and connect to wifi Test: Run chrome and load websites, play video in youtube, load maps w/ current location, take pictures and record video in camera, playback recorded video. Test: Connect to BT headset and ensure BT audio playback works. Test: OTA sideload using recovery Test: CTS SELinuxHostTest pass Change-Id: I278435b72f7551a28f3c229f720ca608b77a7029 Signed-off-by:
Sandeep Patil <sspatil@google.com>
-
- Apr 04, 2017
-
-
Sohani Rao authored
Update SE Policy to allow calls to and callbacks from Wifi Offload HAL HIDL binderized service. Cherry pick from d56aa1982d15acfc2408271138dac43f1e5dc987 Bug: 32842314 Test: Unit tests, Mannual test to ensure Wifi can be brought up and connected to an AP, ensure that Offload HAL service is running and that that wificond can get the service handle by calling hwservicemanager. Change-Id: I0fc51a4152f1891c8d88967e75d45ded115e766e
-
Amit Mahajan authored
Test: manual (verified no denials in basic telephony operations) Bug: 36613472 Change-Id: I31274adee2cb6293102446cd2d6d547c50616836
-
- Mar 31, 2017
-
-
Shubang authored
Test: build, flash; adb shell lshal Bug: 36562029 Change-Id: If8f6d8dbd99d31e6627fa4b7c1fd4faea3b75cf2
-
Alex Klyubin authored
This futher restricts neverallows for sockets which may be exposed as filesystem nodes. This is achieved by labelling all such sockets created by core/non-vendor domains using the new coredomain_socket attribute, and then adding neverallow rules targeting that attribute. This has now effect on what domains are permitted to do. This only changes neverallow rules. Test: mmm system/sepolicy Bug: 36577153 (cherry picked from commit cf2ffdf0) Change-Id: Iffeee571a2ff61fb9515fa6849d060649636524e
-
Alex Klyubin authored
This futher restricts neverallows for sockets which may be exposed as filesystem nodes. This is achieved by labelling all such sockets created by core/non-vendor domains using the new coredomain_socket attribute, and then adding neverallow rules targeting that attribute. This has now effect on what domains are permitted to do. This only changes neverallow rules. Test: mmm system/sepolicy Bug: 36577153 Change-Id: I633163cf67d60677c4725b754e01097dd5790aed
-
- Mar 29, 2017
-
-
Sandeep Patil authored
*mac_permissions.xml files need to be explicitly labeled as they are now split cross system and vendor and won't have the generic world readable 'system_file' or 'rootfs' label. Bug: 36003167 Test: no new 'mac_perms_file' denials at boot complete on sailfish Test: successfully booted into recovery without denials and sideloaded OTA update. Test: Launch 'chrome' and succesfully load a website. Test: Launch Camera and take a picture. Test: Launch Camera and record a video, succesfully playback recorded video Change-Id: I1c882872bb78d1242ba273756ef0dc27487f58fc Signed-off-by:
Sandeep Patil <sspatil@google.com>
-