Merge "Add adbd_prop, system_adbd_prop property types."

commit: b8c108e15f2523c6bb936b7e434a80efac6a9234 [log] [tgz]
author: Joshua Duong <joshuaduong@google.com> Fri Feb 21 00:28:48 2020 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Fri Feb 21 00:28:48 2020 +0000
tree: 5c4d3351d08500bb018e8f2db7d8d50ea46a808b
parent: 65edd48fe431302ccd1984de4fdf8e1c9e489202 [diff]
parent: 18988fcce30737b4e126b3f5e4562b0a52450536 [diff]
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 73fb877..b395855 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil

@@ -147,6 +147,7 @@
     simpleperf_app_runner
     simpleperf_app_runner_exec
     slice_service
+    socket_hook_prop
     staging_data_file
     stats
     stats_data_file
@@ -200,6 +201,7 @@
     vendor_apex_file
     vendor_init
     vendor_shell
+    vendor_socket_hook_prop
     vndk_prop
     vold_metadata_file
     vold_prepare_subdirs

diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 8dd367a..cb500c9 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil

@@ -134,6 +134,7 @@
     simpleperf_app_runner
     simpleperf_app_runner_exec
     slice_service
+    socket_hook_prop
     stats
     stats_data_file
     stats_exec
@@ -178,6 +179,7 @@
     vendor_init
     vendor_security_patch_level_prop
     vendor_shell
+    vendor_socket_hook_prop
     vndk_prop
     vold_metadata_file
     vold_prepare_subdirs

diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index 16637f3..d24d12d 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil

@@ -124,6 +124,7 @@
     server_configurable_flags_data_file
     simpleperf_app_runner
     simpleperf_app_runner_exec
+    socket_hook_prop
     su_tmpfs
     super_block_device
     sysfs_fs_f2fs
@@ -151,6 +152,7 @@
     vendor_keylayout_file
     vendor_misc_writer
     vendor_misc_writer_exec
+    vendor_socket_hook_prop
     vendor_task_profiles_file
     vndk_prop
     vrflinger_vsync_service

diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index 58477a0..bc8508c 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil

@@ -28,6 +28,10 @@
     bq_config_prop
     charger_prop
     cold_boot_done_prop
+    credstore
+    credstore_data_file
+    credstore_exec
+    credstore_service
     platform_compat_service
     ctl_apexd_prop
     dataloader_manager_service
@@ -40,7 +44,7 @@
     gmscore_app
     hal_can_bus_hwservice
     hal_can_controller_hwservice
-    hal_identity_hwservice
+    hal_identity_service
     hal_light_service
     hal_power_service
     hal_rebootescrow_service
@@ -73,6 +77,7 @@
     service_manager_service
     simpleperf
     snapshotctl_log_data_file
+    socket_hook_prop
     soundtrigger_middleware_service
     sysfs_dm_verity
     system_adbd_prop
@@ -96,4 +101,5 @@
     vendor_incremental_module
     vendor_install_recovery
     vendor_install_recovery_exec
+    vendor_socket_hook_prop
     virtual_ab_prop))

diff --git a/private/credstore.te b/private/credstore.te
new file mode 100644
index 0000000..8d87e2f
--- /dev/null
+++ b/private/credstore.te

@@ -0,0 +1,6 @@
+typeattribute credstore coredomain;
+
+init_daemon_domain(credstore)
+
+# talk to Identity Credential
+hal_client_domain(credstore, hal_identity)

diff --git a/private/file_contexts b/private/file_contexts
index d459cf2..4e89ca0 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -252,6 +252,7 @@
 /system/bin/otapreopt_chroot   u:object_r:otapreopt_chroot_exec:s0
 /system/bin/otapreopt_slot   u:object_r:otapreopt_slot_exec:s0
 /system/bin/art_apex_boot_integrity   u:object_r:art_apex_boot_integrity_exec:s0
+/system/bin/credstore	u:object_r:credstore_exec:s0
 /system/bin/keystore	u:object_r:keystore_exec:s0
 /system/bin/fingerprintd u:object_r:fingerprintd_exec:s0
 /system/bin/gatekeeperd u:object_r:gatekeeperd_exec:s0
@@ -535,6 +536,7 @@
 /data/misc/incidents(/.*)?	    u:object_r:incident_data_file:s0
 /data/misc/installd(/.*)?		u:object_r:install_data_file:s0
 /data/misc/keychain(/.*)?       u:object_r:keychain_data_file:s0
+/data/misc/credstore(/.*)?       u:object_r:credstore_data_file:s0
 /data/misc/keystore(/.*)?       u:object_r:keystore_data_file:s0
 /data/misc/logd(/.*)?           u:object_r:misc_logd_file:s0
 /data/misc/media(/.*)?          u:object_r:media_data_file:s0

diff --git a/private/hwservice_contexts b/private/hwservice_contexts
index 238fd53..b2cad3f 100644
--- a/private/hwservice_contexts
+++ b/private/hwservice_contexts

@@ -25,7 +25,6 @@
 android.hardware.camera.provider::ICameraProvider               u:object_r:hal_camera_hwservice:s0
 android.hardware.configstore::ISurfaceFlingerConfigs            u:object_r:hal_configstore_ISurfaceFlingerConfigs:s0
 android.hardware.confirmationui::IConfirmationUI                u:object_r:hal_confirmationui_hwservice:s0
-android.hardware.identity::IIdentityCredentialStore             u:object_r:hal_identity_hwservice:s0
 android.hardware.contexthub::IContexthub                        u:object_r:hal_contexthub_hwservice:s0
 android.hardware.cas::IMediaCasService                          u:object_r:hal_cas_hwservice:s0
 android.hardware.drm::ICryptoFactory                            u:object_r:hal_drm_hwservice:s0

diff --git a/private/incidentd.te b/private/incidentd.te
index 45499fc..8924d83 100644
--- a/private/incidentd.te
+++ b/private/incidentd.te

@@ -131,14 +131,21 @@
 # For running am, incident-helper-cmd and similar framework commands.
 # Run /system/bin/app_process.
 allow incidentd zygote_exec:file { rx_file_perms };
+# Access the runtime feature flag properties.
+get_prop(incidentd, device_config_runtime_native_prop)
+get_prop(incidentd, device_config_runtime_native_boot_prop)
+# ART locks profile files.
+allow incidentd system_file:file lock;
+# Incidentd should never exec from the memory (e.g. JIT cache). These denials are expected.
+dontaudit incidentd dalvikcache_data_file:dir r_dir_perms;
+dontaudit incidentd tmpfs:file rwx_file_perms;
 
 # logd access - work to be done is a PII safe log (possibly an event log?)
 userdebug_or_eng(`read_logd(incidentd)')
 # TODO control_logd(incidentd)
 
 # Access /data/misc/logd
-allow incidentd misc_logd_file:dir r_dir_perms;
-allow incidentd misc_logd_file:file r_file_perms;
+r_dir_file(incidentd, misc_logd_file)
 
 # Allow incidentd to find these standard groups of services.
 # Others can be whitelisted individually.

diff --git a/private/service_contexts b/private/service_contexts
index 19d3b0d..21067ec 100644
--- a/private/service_contexts
+++ b/private/service_contexts

@@ -1,3 +1,4 @@
+android.hardware.identity.IIdentityCredentialStore/default           u:object_r:hal_identity_service:s0
 android.hardware.light.ILights/default                               u:object_r:hal_light_service:s0
 android.hardware.power.IPower/default                                u:object_r:hal_power_service:s0
 android.hardware.rebootescrow.IRebootEscrow/default                  u:object_r:hal_rebootescrow_service:s0
@@ -12,6 +13,7 @@
 aidl_lazy_test_2                          u:object_r:aidl_lazy_test_service:s0
 alarm                                     u:object_r:alarm_service:s0
 android.os.UpdateEngineService            u:object_r:update_engine_service:s0
+android.security.identity                 u:object_r:credstore_service:s0
 android.security.keystore                 u:object_r:keystore_service:s0
 android.service.gatekeeper.IGateKeeperService    u:object_r:gatekeeper_service:s0
 app_binding                               u:object_r:app_binding_service:s0

diff --git a/private/system_app.te b/private/system_app.te
index 9789a52..e59e7ad 100644
--- a/private/system_app.te
+++ b/private/system_app.te

@@ -84,6 +84,9 @@
 # Allow system apps to interact with gpuservice
 binder_call(system_app, gpuservice)
 
+# Allow system app to interact with Dumpstate HAL
+hal_client_domain(system_app, hal_dumpstate)
+
 allow system_app servicemanager:service_manager list;
 # TODO: scope this down? Too broad?
 allow system_app {

diff --git a/private/system_server.te b/private/system_server.te
index 97353b0..73b6161 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -615,6 +615,7 @@
 set_prop(system_server, exported_overlay_prop)
 set_prop(system_server, pm_prop)
 set_prop(system_server, exported_pm_prop)
+set_prop(system_server, socket_hook_prop)
 userdebug_or_eng(`set_prop(system_server, wifi_log_prop)')
 
 # ctl interface
@@ -1152,3 +1153,6 @@
 # system_server cannot use this access to read perf event data like process stacks.
 allow system_server self:perf_event { open write cpu kernel };
 neverallow system_server self:perf_event ~{ open write cpu kernel };
+
+# Do not allow any domain other than init or system server to set the property
+neverallow { domain -init -system_server } socket_hook_prop:property_service set;

diff --git a/public/app.te b/public/app.te
index a156183..4ceb4a6 100644
--- a/public/app.te
+++ b/public/app.te

@@ -293,6 +293,8 @@
 
 use_keystore({ appdomain -isolated_app -ephemeral_app })
 
+use_credstore({ appdomain -isolated_app -ephemeral_app })
+
 allow appdomain console_device:chr_file { read write };
 
 # only allow unprivileged socket ioctl commands
@@ -482,6 +484,7 @@
 neverallow { appdomain -bluetooth }
     bluetooth_data_file:dir_file_class_set
     { create write setattr relabelfrom relabelto append unlink link rename };
+neverallow { domain -credstore -init } credstore_data_file:dir_file_class_set *;
 neverallow appdomain
     keystore_data_file:dir_file_class_set
     { create write setattr relabelfrom relabelto append unlink link rename };

diff --git a/public/credstore.te b/public/credstore.te
new file mode 100644
index 0000000..db16a8d
--- /dev/null
+++ b/public/credstore.te

@@ -0,0 +1,16 @@
+type credstore, domain;
+type credstore_exec, system_file_type, exec_type, file_type;
+
+# credstore daemon
+binder_use(credstore)
+binder_service(credstore)
+binder_call(credstore, system_server)
+
+allow credstore credstore_data_file:dir create_dir_perms;
+allow credstore credstore_data_file:file create_file_perms;
+
+add_service(credstore, credstore_service)
+allow credstore sec_key_att_app_id_provider_service:service_manager find;
+allow credstore dropbox_service:service_manager find;
+
+r_dir_file(credstore, cgroup)

diff --git a/public/domain.te b/public/domain.te
index f2af7b1..809674e 100644
--- a/public/domain.te
+++ b/public/domain.te

@@ -105,6 +105,8 @@
 get_prop(domain, exported_vold_prop)
 get_prop(domain, exported2_default_prop)
 get_prop(domain, logd_prop)
+get_prop(domain, socket_hook_prop)
+get_prop(domain, vendor_socket_hook_prop)
 get_prop(domain, vndk_prop)
 
 # Binder cache properties are world-readable
@@ -654,6 +656,7 @@
     -cameraserver_service
     -drmserver_service
     -hal_light_service # TODO(b/148154485) remove once all violators are gone
+    -credstore_service
     -keystore_service
     -mediadrmserver_service
     -mediaextractor_service

diff --git a/public/file.te b/public/file.te
index 1f8dacc..5f7f5cd 100644
--- a/public/file.te
+++ b/public/file.te

@@ -359,6 +359,7 @@
 type bootstat_data_file, file_type, data_file_type, core_data_file_type;
 type boottrace_data_file, file_type, data_file_type, core_data_file_type;
 type camera_data_file, file_type, data_file_type, core_data_file_type;
+type credstore_data_file, file_type, data_file_type, core_data_file_type;
 type gatekeeper_data_file, file_type, data_file_type, core_data_file_type;
 type incident_data_file, file_type, data_file_type, core_data_file_type;
 type keychain_data_file, file_type, data_file_type, core_data_file_type;

diff --git a/public/hal_identity.te b/public/hal_identity.te
index a8df186..3a95743 100644
--- a/public/hal_identity.te
+++ b/public/hal_identity.te

@@ -1,4 +1,7 @@
 # HwBinder IPC from client to server
 binder_call(hal_identity_client, hal_identity_server)
 
-hal_attribute_hwservice(hal_identity, hal_identity_hwservice)
+add_service(hal_identity_server, hal_identity_service)
+binder_call(hal_identity_server, servicemanager)
+
+allow hal_identity_client hal_identity_service:service_manager find;

diff --git a/public/hwservice.te b/public/hwservice.te
index 3619a63..3481385 100644
--- a/public/hwservice.te
+++ b/public/hwservice.te

@@ -28,7 +28,6 @@
 type hal_graphics_composer_hwservice, hwservice_manager_type, protected_hwservice;
 type hal_health_hwservice, hwservice_manager_type, protected_hwservice;
 type hal_health_storage_hwservice, hwservice_manager_type, protected_hwservice;
-type hal_identity_hwservice, hwservice_manager_type, protected_hwservice;
 type hal_input_classifier_hwservice, hwservice_manager_type, protected_hwservice;
 type hal_ir_hwservice, hwservice_manager_type, protected_hwservice;
 type hal_keymaster_hwservice, hwservice_manager_type, protected_hwservice;

diff --git a/public/init.te b/public/init.te
index bdcf057..403b4c5 100644
--- a/public/init.te
+++ b/public/init.te

@@ -189,6 +189,7 @@
   -app_data_file
   -exec_type
   -iorapd_data_file
+  -credstore_data_file
   -keystore_data_file
   -misc_logd_file
   -nativetest_data_file
@@ -206,6 +207,7 @@
   -exec_type
   -gsi_data_file
   -iorapd_data_file
+  -credstore_data_file
   -keystore_data_file
   -misc_logd_file
   -nativetest_data_file
@@ -224,6 +226,7 @@
   -exec_type
   -gsi_data_file
   -iorapd_data_file
+  -credstore_data_file
   -keystore_data_file
   -misc_logd_file
   -nativetest_data_file
@@ -242,6 +245,7 @@
   -exec_type
   -gsi_data_file
   -iorapd_data_file
+  -credstore_data_file
   -keystore_data_file
   -misc_logd_file
   -nativetest_data_file
@@ -441,6 +445,11 @@
 allow init self:global_capability_class_set kill;
 allow init domain:process { getpgid sigkill signal };
 
+# Init creates credstore's directory on boot, and walks through
+# the directory as part of a recursive restorecon.
+allow init credstore_data_file:dir { open create read getattr setattr search };
+allow init credstore_data_file:file { getattr };
+
 # Init creates keystore's directory on boot, and walks through
 # the directory as part of a recursive restorecon.
 allow init keystore_data_file:dir { open create read getattr setattr search };

diff --git a/public/installd.te b/public/installd.te
index a6307ef..c8cc89d 100644
--- a/public/installd.te
+++ b/public/installd.te

@@ -172,6 +172,9 @@
 allow installd preloads_media_file:file { r_file_perms unlink };
 allow installd preloads_media_file:dir { r_dir_perms write remove_name rmdir };
 
+# Allow installd to read /proc/filesystems
+allow installd proc_filesystems:file r_file_perms;
+
 ###
 ### Neverallow rules
 ###

diff --git a/public/property.te b/public/property.te
index ecd33d8..4696668 100644
--- a/public/property.te
+++ b/public/property.te

@@ -70,6 +70,7 @@
 system_restricted_prop(module_sdkextensions_prop)
 system_restricted_prop(nnapi_ext_deny_product_prop)
 system_restricted_prop(restorecon_prop)
+system_restricted_prop(socket_hook_prop)
 system_restricted_prop(system_boot_reason_prop)
 system_restricted_prop(system_jvmti_agent_prop)
 system_restricted_prop(userspace_reboot_exported_prop)
@@ -115,6 +116,7 @@
 system_vendor_config_prop(userspace_reboot_config_prop)
 system_vendor_config_prop(vehicle_hal_prop)
 system_vendor_config_prop(vendor_security_patch_level_prop)
+system_vendor_config_prop(vendor_socket_hook_prop)
 system_vendor_config_prop(vndk_prop)
 system_vendor_config_prop(virtual_ab_prop)
 

diff --git a/public/property_contexts b/public/property_contexts
index 3bf3ccd..3718e0f 100644
--- a/public/property_contexts
+++ b/public/property_contexts

@@ -220,6 +220,7 @@
 libc.debug.malloc.options u:object_r:exported2_default_prop:s0 exact string
 libc.debug.malloc.program u:object_r:exported2_default_prop:s0 exact string
 libc.debug.hooks.enable u:object_r:exported2_default_prop:s0 exact string
+net.redirect_socket_calls.hooked u:object_r:socket_hook_prop:s0 exact bool
 persist.sys.locale u:object_r:exported_system_prop:s0 exact string
 persist.sys.timezone u:object_r:exported_system_prop:s0 exact string
 persist.sys.test_harness u:object_r:test_harness_prop:s0 exact bool
@@ -277,6 +278,7 @@
 ro.property_service.version u:object_r:exported2_default_prop:s0 exact int
 ro.revision u:object_r:exported2_default_prop:s0 exact string
 ro.secure u:object_r:exported_secure_prop:s0 exact int
+ro.vendor.redirect_socket_calls u:object_r:vendor_socket_hook_prop:s0 exact bool
 service.bootanim.exit u:object_r:exported_system_prop:s0 exact int
 sys.boot_from_charger_mode u:object_r:exported_system_prop:s0 exact int
 sys.init.userspace_reboot.in_progress u:object_r:userspace_reboot_exported_prop:s0 exact bool

diff --git a/public/service.te b/public/service.te
index 79cce0e..0b08028 100644
--- a/public/service.te
+++ b/public/service.te

@@ -16,6 +16,7 @@
 type iorapd_service,            service_manager_type;
 type incident_service,          service_manager_type;
 type installd_service,          service_manager_type;
+type credstore_service,         app_api_service, service_manager_type;
 type keystore_service,          service_manager_type;
 type lpdump_service,            service_manager_type;
 type mediaserver_service,       service_manager_type;
@@ -206,6 +207,7 @@
 ### HAL Services
 ###
 
+type hal_identity_service, vendor_service, service_manager_type;
 type hal_light_service, vendor_service, service_manager_type;
 type hal_power_service, vendor_service, service_manager_type;
 type hal_rebootescrow_service, vendor_service, service_manager_type;

diff --git a/public/te_macros b/public/te_macros
index 89061a0..a9dea92 100644
--- a/public/te_macros
+++ b/public/te_macros

@@ -599,6 +599,18 @@
   binder_call(keystore, $1)
 ')
 
+#####################################
+# use_credstore(domain)
+# Ability to use credstore.
+define(`use_credstore', `
+  allow credstore $1:dir search;
+  allow credstore $1:file { read open };
+  allow credstore $1:process getattr;
+  allow $1 credstore_service:service_manager find;
+  binder_call($1, credstore)
+  binder_call(credstore, $1)
+')
+
 ###########################################
 # use_drmservice(domain)
 # Ability to use DrmService which requires

diff --git a/vendor/file_contexts b/vendor/file_contexts
index 446e920..94b8095 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts

@@ -36,7 +36,7 @@
 /(vendor|system/vendor)/bin/hw/android\.hardware\.health@2\.0-service         u:object_r:hal_health_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.health@2\.1-service         u:object_r:hal_health_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.health\.storage@1\.0-service       u:object_r:hal_health_storage_default_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.identity@1\.0-service.example u:object_r:hal_identity_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.identity-service.example u:object_r:hal_identity_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.input\.classifier@1\.0-service     u:object_r:hal_input_classifier_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.ir@1\.0-service             u:object_r:hal_ir_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@3\.0-service      u:object_r:hal_keymaster_default_exec:s0
commit	b8c108e15f2523c6bb936b7e434a80efac6a9234	[log] [tgz]
author	Joshua Duong <joshuaduong@google.com>	Fri Feb 21 00:28:48 2020 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Fri Feb 21 00:28:48 2020 +0000
tree	5c4d3351d08500bb018e8f2db7d8d50ea46a808b
parent	65edd48fe431302ccd1984de4fdf8e1c9e489202 [diff]
parent	18988fcce30737b4e126b3f5e4562b0a52450536 [diff]