Merge "Refactor treble_sepolicy_tests.py"
diff --git a/build/soong/build_files.go b/build/soong/build_files.go
index 383a282..ed92f1a 100644
--- a/build/soong/build_files.go
+++ b/build/soong/build_files.go
@@ -80,7 +80,7 @@
return paths, nil
}
- return nil, fmt.Errorf("unknown tag %q. Supported tags are: %q", tag, strings.Join(android.SortedStringKeys(b.srcs), " "))
+ return nil, fmt.Errorf("unknown tag %q. Supported tags are: %q", tag, strings.Join(android.SortedKeys(b.srcs), " "))
}
var _ android.OutputFileProducer = (*buildFiles)(nil)
diff --git a/microdroid/system/private/access_vectors b/microdroid/system/private/access_vectors
index 477f78f..22f2ffa 100644
--- a/microdroid/system/private/access_vectors
+++ b/microdroid/system/private/access_vectors
@@ -746,16 +746,6 @@
use_dev_id
}
-class diced
-{
- demote
- demote_self
- derive
- get_attestation_chain
- use_seal
- use_sign
-}
-
class drmservice {
consumeRights
setPlaybackStatus
diff --git a/microdroid/system/private/domain.te b/microdroid/system/private/domain.te
index 4251a9e..5482b01 100644
--- a/microdroid/system/private/domain.te
+++ b/microdroid/system/private/domain.te
@@ -208,6 +208,7 @@
get_prop(domain, arm64_memtag_prop)
get_prop(domain, bootloader_prop)
get_prop(domain, build_prop)
+get_prop(domain, debuggable_prop)
get_prop(domain, debug_prop)
get_prop(domain, fingerprint_prop)
get_prop(domain, init_service_status_prop)
@@ -391,6 +392,7 @@
neverallow { domain -init -vendor_init } vendor_default_prop:property_service set;
neverallow { domain -init } build_prop:property_service set;
+neverallow { domain -init -init_debug_policy } debuggable_prop:property_service set;
# Never allow anyone to connect or write to
# the tombstoned intercept socket.
diff --git a/microdroid/system/private/file_contexts b/microdroid/system/private/file_contexts
index 8d9ad85..63221ce 100644
--- a/microdroid/system/private/file_contexts
+++ b/microdroid/system/private/file_contexts
@@ -106,6 +106,7 @@
/system/bin/bootstrap/linker(64)? u:object_r:system_linker_exec:s0
/system/bin/bootstrap/linkerconfig u:object_r:linkerconfig_exec:s0
/system/bin/init u:object_r:init_exec:s0
+/system/bin/init_debug_policy u:object_r:init_debug_policy_exec:s0
/system/bin/logcat -- u:object_r:logcat_exec:s0
/system/bin/logd u:object_r:logd_exec:s0
/system/bin/sh -- u:object_r:shell_exec:s0
diff --git a/microdroid/system/private/genfs_contexts b/microdroid/system/private/genfs_contexts
index ce28471..f55711e 100644
--- a/microdroid/system/private/genfs_contexts
+++ b/microdroid/system/private/genfs_contexts
@@ -137,6 +137,7 @@
genfscon sysfs /devices/virtual/net u:object_r:sysfs_net:s0
genfscon sysfs /devices/virtual/switch u:object_r:sysfs_switch:s0
genfscon sysfs /devices/virtual/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /firmware/devicetree/base/avf u:object_r:sysfs_dt_avf:s0
genfscon sysfs /firmware/devicetree/base/chosen/avf,new-instance u:object_r:sysfs_dt_avf:s0
genfscon sysfs /firmware/devicetree/base/chosen/avf,strict-boot u:object_r:sysfs_dt_avf:s0
genfscon sysfs /firmware/devicetree/base/firmware/android u:object_r:sysfs_dt_firmware_android:s0
diff --git a/microdroid/system/private/init_debug_policy.te b/microdroid/system/private/init_debug_policy.te
new file mode 100644
index 0000000..33b8917
--- /dev/null
+++ b/microdroid/system/private/init_debug_policy.te
@@ -0,0 +1,32 @@
+# init_debug_policy is its own domain.
+type init_debug_policy, domain, coredomain;
+type init_debug_policy_exec, system_file_type, exec_type, file_type;
+
+# Transition from init -> init_debug_policy_exec
+init_daemon_domain(init_debug_policy);
+
+# init_debug_policy is using bootstrap bionic
+use_bootstrap_libs(init_debug_policy)
+
+# Allow init_debug_policy to write /dev/kmsg (specified by stdio_to_kmsg)
+allow init_debug_policy kmsg_debug_device:chr_file w_file_perms;
+
+# Allow init_debug_policy to use xxd and set/getprop
+allow init_debug_policy toolbox_exec:file rx_file_perms;
+
+# Allow init_debug_policy to set ro.debuggable to enable/disable adb root
+set_prop(init_debug_policy, debuggable_prop)
+
+# Allow init_debug_policy to set ro.log.file_logger.path to enable/disable console log
+set_prop(init_debug_policy, log_prop)
+
+# Allow init_debug_policy to get ro.boot.microdroid.debuggable and ro.boot.adb.enabled
+get_prop(init_debug_policy, bootloader_prop)
+
+# Allow init_debug_policy to set init_debug_policy.adbd.enabled
+set_prop(init_debug_policy, init_debug_policy_prop)
+
+# Allow init_debug_policy to read AVF debug policy
+allow init_debug_policy sysfs_dt_avf:dir search;
+allow init_debug_policy sysfs_dt_avf:file { open read };
+
diff --git a/microdroid/system/private/property_contexts b/microdroid/system/private/property_contexts
index 235ab14..bb43d58 100644
--- a/microdroid/system/private/property_contexts
+++ b/microdroid/system/private/property_contexts
@@ -108,10 +108,11 @@
ro.build.version.sdk u:object_r:build_prop:s0 exact int
ro.build.version.security_patch u:object_r:build_prop:s0 exact string
ro.build.version.known_codenames u:object_r:build_prop:s0 exact string
-ro.debuggable u:object_r:build_prop:s0 exact bool
ro.product.cpu.abilist u:object_r:build_prop:s0 exact string
ro.adb.secure u:object_r:build_prop:s0 exact bool
+ro.debuggable u:object_r:debuggable_prop:s0 exact bool
+
ro.property_service.version u:object_r:property_service_version_prop:s0 exact int
apex_config.done u:object_r:apex_config_prop:s0 exact bool
@@ -125,6 +126,8 @@
microdroid_manager.config_done u:object_r:microdroid_lifecycle_prop:s0 exact bool
microdroid_manager.init_done u:object_r:microdroid_lifecycle_prop:s0 exact bool
+init_debug_policy.adbd.enabled u:object_r:init_debug_policy_prop:s0 exact bool
+
dev.mnt.blk.root u:object_r:dev_mnt_prop:s0 exact string
dev.mnt.blk.vendor u:object_r:dev_mnt_prop:s0 exact string
dev.mnt.dev.root u:object_r:dev_mnt_prop:s0 exact string
diff --git a/microdroid/system/private/security_classes b/microdroid/system/private/security_classes
index 0d3cc80..200b030 100644
--- a/microdroid/system/private/security_classes
+++ b/microdroid/system/private/security_classes
@@ -163,8 +163,5 @@
# Keystore 2.0 key permissions
class keystore2_key # userspace
-# Diced permissions
-class diced # userspace
-
class drmservice # userspace
# FLASK
diff --git a/microdroid/system/public/attributes b/microdroid/system/public/attributes
index 61bf8fb..cfefc67 100644
--- a/microdroid/system/public/attributes
+++ b/microdroid/system/public/attributes
@@ -139,9 +139,6 @@
attribute halclientdomain;
expandattribute halclientdomain true;
-# HALs
-hal_attribute(dice);
-
# All types used for DMA-BUF heaps
attribute dmabuf_heap_device_type;
expandattribute dmabuf_heap_device_type false;
diff --git a/microdroid/system/public/property.te b/microdroid/system/public/property.te
index a2c3b77..158d741 100644
--- a/microdroid/system/public/property.te
+++ b/microdroid/system/public/property.te
@@ -6,6 +6,7 @@
type bootloader_prop, property_type;
type boottime_prop, property_type;
type build_prop, property_type;
+type debuggable_prop, property_type;
type cold_boot_done_prop, property_type;
type ctl_adbd_prop, property_type;
type ctl_apexd_prop, property_type;
@@ -35,6 +36,7 @@
type init_service_status_private_prop, property_type;
type init_service_status_prop, property_type;
type init_svc_debug_prop, property_type;
+type init_debug_policy_prop, property_type;
type libc_debug_prop, property_type;
type log_prop, property_type;
type log_tag_prop, property_type;
diff --git a/private/compat/33.0/33.0.cil b/private/compat/33.0/33.0.cil
index 56da496..5737284 100644
--- a/private/compat/33.0/33.0.cil
+++ b/private/compat/33.0/33.0.cil
@@ -1,4 +1,9 @@
;; types removed from current policy
+(type dice_maintenance_service)
+(type dice_node_service)
+(type diced)
+(type diced_exec)
+(type hal_dice_service)
(type iorap_inode2filename)
(type iorap_inode2filename_exec)
(type iorap_inode2filename_tmpfs)
diff --git a/private/crash_dump.te b/private/crash_dump.te
index 5d5965e..60962cb 100644
--- a/private/crash_dump.te
+++ b/private/crash_dump.te
@@ -8,7 +8,6 @@
-apexd
-bpfloader
-crash_dump
- -diced
-init
-kernel
-keystore
@@ -43,7 +42,6 @@
apexd
userdebug_or_eng(`-apexd')
bpfloader
- diced
init
kernel
keystore
diff --git a/private/diced.te b/private/diced.te
deleted file mode 100644
index b37809c..0000000
--- a/private/diced.te
+++ /dev/null
@@ -1,6 +0,0 @@
-typeattribute diced coredomain;
-
-init_daemon_domain(diced)
-
-# Talk to dice HAL.
-hal_client_domain(diced, hal_dice)
diff --git a/private/domain.te b/private/domain.te
index 9a0efb1..1e5e0f5 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -18,7 +18,6 @@
-bpfloader
-crash_dump
-crosvm # TODO(b/236672526): Remove exception for crosvm
- -diced
-init
-kernel
-keystore
diff --git a/private/file_contexts b/private/file_contexts
index 2b98801..57fcdfb 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -290,7 +290,6 @@
/system/bin/credstore u:object_r:credstore_exec:s0
/system/bin/keystore u:object_r:keystore_exec:s0
/system/bin/keystore2 u:object_r:keystore_exec:s0
-/system/bin/diced u:object_r:diced_exec:s0
/system/bin/fingerprintd u:object_r:fingerprintd_exec:s0
/system/bin/gatekeeperd u:object_r:gatekeeperd_exec:s0
/system/bin/tombstoned u:object_r:tombstoned_exec:s0
diff --git a/private/heapprofd.te b/private/heapprofd.te
index 718ce81..91418b5 100644
--- a/private/heapprofd.te
+++ b/private/heapprofd.te
@@ -52,7 +52,6 @@
apexd
app_zygote
bpfloader
- diced
hal_configstore_server
init
kernel
diff --git a/private/llkd.te b/private/llkd.te
index 8512e85..9c96dfb 100644
--- a/private/llkd.te
+++ b/private/llkd.te
@@ -23,7 +23,6 @@
allow llkd {
domain
-apexd
- -diced
-kernel
-keystore
-init
diff --git a/private/property.te b/private/property.te
index 4f806d4..4fd9bc3 100644
--- a/private/property.te
+++ b/private/property.te
@@ -632,6 +632,7 @@
domain
-init
-remote_prov_app
+ -shell
} remote_prov_prop:property_service set;
neverallow {
diff --git a/private/property_contexts b/private/property_contexts
index 2db9da6..4ce654c 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -872,6 +872,7 @@
# Populated on Android Studio Emulator (for emulator specific workarounds)
ro.boot.qemu u:object_r:bootloader_prop:s0 exact bool
ro.boot.revision u:object_r:bootloader_prop:s0 exact string
+ro.boot.serialconsole u:object_r:bootloader_prop:s0 exact bool
ro.boot.vbmeta.avb_version u:object_r:bootloader_prop:s0 exact string
ro.boot.verifiedbootstate u:object_r:bootloader_prop:s0 exact string
ro.boot.veritymode u:object_r:bootloader_prop:s0 exact string
diff --git a/private/service_contexts b/private/service_contexts
index db48f62..6543e3f 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -84,7 +84,6 @@
android.hardware.radio.voice.IRadioVoice/slot2 u:object_r:hal_radio_service:s0
android.hardware.radio.voice.IRadioVoice/slot3 u:object_r:hal_radio_service:s0
android.hardware.rebootescrow.IRebootEscrow/default u:object_r:hal_rebootescrow_service:s0
-android.hardware.security.dice.IDiceDevice/default u:object_r:hal_dice_service:s0
android.hardware.security.keymint.IKeyMintDevice/default u:object_r:hal_keymint_service:s0
android.hardware.security.keymint.IRemotelyProvisionedComponent/default u:object_r:hal_remotelyprovisionedcomponent_service:s0
android.hardware.gatekeeper.IGatekeeper/default u:object_r:hal_gatekeeper_service:s0
@@ -136,8 +135,6 @@
android.security.apc u:object_r:apc_service:s0
android.security.authorization u:object_r:authorization_service:s0
android.security.compat u:object_r:keystore_compat_hal_service:s0
-android.security.dice.IDiceMaintenance u:object_r:dice_maintenance_service:s0
-android.security.dice.IDiceNode u:object_r:dice_node_service:s0
android.security.identity u:object_r:credstore_service:s0
android.security.keystore u:object_r:keystore_service:s0
android.security.legacykeystore u:object_r:legacykeystore_service:s0
diff --git a/private/shell.te b/private/shell.te
index 02105a9..cdbf7c2 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -101,6 +101,9 @@
# Allow shell to set this property used for rollback tests
set_prop(shell, rollback_test_prop)
+# Allow shell to set RKP properties for testing purposes
+set_prop(shell, remote_prov_prop)
+
# Allow shell to get encryption policy of /data/local/tmp/, for CTS
allowxperm shell shell_data_file:dir ioctl {
FS_IOC_GET_ENCRYPTION_POLICY
diff --git a/private/system_server.te b/private/system_server.te
index b3c7528..27e5594 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -102,10 +102,12 @@
allow system_server zygote:fd use;
allow system_server zygote:process sigchld;
-# May kill zygote on crashes.
+# May kill zygote (or its child processes) on crashes.
allow system_server {
app_zygote
crash_dump
+ crosvm
+ virtualizationmanager
webview_zygote
zygote
}:process { getpgid sigkill signull };
@@ -840,7 +842,7 @@
set_prop(system_server, tuner_server_ctl_prop)
# Allow the heap dump ART plugin to the count of sessions waiting for OOME
-get_prop(appdomain, traced_oome_heap_session_count_prop)
+get_prop(system_server, traced_oome_heap_session_count_prop)
# Create a socket for connections from debuggerd.
allow system_server system_ndebug_socket:sock_file create_file_perms;
diff --git a/private/technical_debt.cil b/private/technical_debt.cil
index 27ea187..485ce53 100644
--- a/private/technical_debt.cil
+++ b/private/technical_debt.cil
@@ -47,7 +47,7 @@
; Apps, except isolated apps, are clients of Neuralnetworks HAL
; Unfortunately, we can't currently express this in module policy language:
; typeattribute { appdomain -isolated_app_all } hal_neuralnetworks_client;
-(typeattributeset hal_neuralnetworks_client ((and (appdomain) ((not (isolated_app_all))))))
+(typeattributeset hal_neuralnetworks_client ((and (appdomain) ((not (isolated_app))))))
; TODO(b/112056006): move these to mapping files when/if we implement 'versioned' attributes.
; Rename untrusted_app_visible_* to untrusted_app_visible_*_violators.
diff --git a/private/traced_perf.te b/private/traced_perf.te
index 31fa620..640b054 100644
--- a/private/traced_perf.te
+++ b/private/traced_perf.te
@@ -66,7 +66,6 @@
apexd
app_zygote
bpfloader
- diced
hal_configstore_server
init
kernel
diff --git a/public/attributes b/public/attributes
index 4897be5..0b5f596 100644
--- a/public/attributes
+++ b/public/attributes
@@ -336,7 +336,6 @@
hal_attribute(configstore);
hal_attribute(confirmationui);
hal_attribute(contexthub);
-hal_attribute(dice);
hal_attribute(drm);
hal_attribute(dumpstate);
hal_attribute(evs);
diff --git a/public/diced.te b/public/diced.te
deleted file mode 100644
index 0908936..0000000
--- a/public/diced.te
+++ /dev/null
@@ -1,11 +0,0 @@
-type diced, domain;
-type diced_exec, system_file_type, exec_type, file_type;
-
-binder_use(diced)
-binder_service(diced)
-
-add_service(diced, dice_node_service)
-add_service(diced, dice_maintenance_service)
-
-# Check SELinux permissions.
-selinux_check_access(diced)
diff --git a/public/hal_dice.te b/public/hal_dice.te
deleted file mode 100644
index 92222c5..0000000
--- a/public/hal_dice.te
+++ /dev/null
@@ -1,4 +0,0 @@
-binder_call(hal_dice_client, hal_dice_server)
-
-hal_attribute_service(hal_dice, hal_dice_service)
-binder_call(hal_dice_server, servicemanager)
diff --git a/public/hal_wifi.te b/public/hal_wifi.te
index e4f1d21..a0826bb 100644
--- a/public/hal_wifi.te
+++ b/public/hal_wifi.te
@@ -5,7 +5,7 @@
hal_attribute_hwservice(hal_wifi, hal_wifi_hwservice)
hal_attribute_service(hal_wifi, hal_wifi_service)
-binder_call(hal_wifi_server, servicemanager)
+binder_use(hal_wifi_server)
r_dir_file(hal_wifi, proc_net_type)
r_dir_file(hal_wifi, sysfs_type)
diff --git a/public/ioctl_defines b/public/ioctl_defines
index 62d45ab..1dd2e3d 100644
--- a/public/ioctl_defines
+++ b/public/ioctl_defines
@@ -827,6 +827,7 @@
define(`FS_IOC_FIEMAP', `0xc020660b')
define(`FS_IOC_FSGETXATTR', `0x801c581f')
define(`FS_IOC_FSSETXATTR', `0x401c5820')
+define(`FS_IOC_GET_ENCRYPTION_KEY_STATUS', `0xc080661a')
define(`FS_IOC_GET_ENCRYPTION_POLICY', `0x400c6615')
define(`FS_IOC_GET_ENCRYPTION_POLICY_EX', `0xc0096616')
define(`FS_IOC_GET_ENCRYPTION_PWSALT', `0x40106614')
diff --git a/public/service.te b/public/service.te
index 68fd9e2..82a713a 100644
--- a/public/service.te
+++ b/public/service.te
@@ -10,8 +10,6 @@
type fwk_camera_service, service_manager_type;
type default_android_service, service_manager_type;
type device_config_updatable_service, system_api_service, system_server_service,service_manager_type;
-type dice_maintenance_service, service_manager_type;
-type dice_node_service, service_manager_type;
type dnsresolver_service, service_manager_type;
type drmserver_service, service_manager_type;
type dumpstate_service, service_manager_type;
@@ -236,7 +234,7 @@
type texttospeech_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type telecom_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type thermal_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
-type timedetector_service, app_api_service, system_server_service, service_manager_type;
+type timedetector_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type timezonedetector_service, app_api_service, system_server_service, service_manager_type;
type translation_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type trust_service, app_api_service, system_server_service, service_manager_type;
@@ -285,7 +283,6 @@
type hal_cas_service, hal_service_type, service_manager_type;
type hal_confirmationui_service, protected_service, hal_service_type, service_manager_type;
type hal_contexthub_service, protected_service, hal_service_type, service_manager_type;
-type hal_dice_service, protected_service, hal_service_type, service_manager_type;
type hal_drm_service, hal_service_type, service_manager_type;
type hal_dumpstate_service, protected_service, hal_service_type, service_manager_type;
type hal_evs_service, protected_service, hal_service_type, service_manager_type;
diff --git a/public/vold.te b/public/vold.te
index 209bf49..3d204e1 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -51,6 +51,7 @@
FS_IOC_SET_ENCRYPTION_POLICY
FS_IOC_ADD_ENCRYPTION_KEY
FS_IOC_REMOVE_ENCRYPTION_KEY
+ FS_IOC_GET_ENCRYPTION_KEY_STATUS
};
# Only vold and init should ever set file-based encryption policies.
@@ -65,7 +66,7 @@
neverallowxperm {
domain
-vold
-} data_file_type:dir ioctl { FS_IOC_ADD_ENCRYPTION_KEY FS_IOC_REMOVE_ENCRYPTION_KEY };
+} data_file_type:dir ioctl { FS_IOC_ADD_ENCRYPTION_KEY FS_IOC_REMOVE_ENCRYPTION_KEY FS_IOC_GET_ENCRYPTION_KEY_STATUS };
# Allow securely erasing crypto key files. F2FS_IOC_SEC_TRIM_FILE is
# tried first. Otherwise, FS_IOC_FIEMAP is needed to get the
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 7d9119e..ac23351 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -95,7 +95,6 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.sensors-service(\.multihal)? u:object_r:hal_sensors_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element@1\.0-service u:object_r:hal_secure_element_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element-service.example u:object_r:hal_secure_element_default_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.security\.dice-service\.non-secure-software u:object_r:hal_dice_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.security\.keymint-service u:object_r:hal_keymint_default_exec:s0
/(vendor|system/vendor)/bin/hw/rild u:object_r:rild_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.tetheroffload-service\.example u:object_r:hal_tetheroffload_default_exec:s0
diff --git a/vendor/hal_dice_default.te b/vendor/hal_dice_default.te
deleted file mode 100644
index 832e717..0000000
--- a/vendor/hal_dice_default.te
+++ /dev/null
@@ -1,5 +0,0 @@
-type hal_dice_default, domain;
-hal_server_domain(hal_dice_default, hal_dice)
-
-type hal_dice_default_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(hal_dice_default)