Sync up to v202
This commit is contained in:
Andy CrossGate Yan
parent
017c525e4f
commit
c621f4bcdc
@ -0,0 +1,84 @@
|
||||
From 477ef41ac3a639f4c34c8ecf323d25ed2d3e8e8e Mon Sep 17 00:00:00 2001
|
||||
From: Pierre-Hugues Husson <phh@phh.me>
|
||||
Date: Fri, 25 Oct 2019 13:29:20 +0200
|
||||
Subject: [PATCH 7/7] Fix boot on Moto devices using unknown class
|
||||
|
||||
vendor sepolicy never contains new class or classorder, and are not
|
||||
allowed to.
|
||||
Though this is not tested, and it turns out Moto did it anyway.
|
||||
This raises an issue, because class need to be ordered, and thus the cil
|
||||
contains the ordering. This ordering needs to be merged.
|
||||
Android 10 added new classes, so the ordering can no longer be merged,
|
||||
and secilc fails on those devices, preventing boot.
|
||||
|
||||
Considering vendor are not supposed to declare new class (and thus
|
||||
declare classorder), this fix ignores class-es/classorder in vendor
|
||||
SELinux policy.
|
||||
|
||||
Since the vendor selinux policy has allows rules based on this context,
|
||||
those allows will fail since the class doesn't exist.
|
||||
Workaround this by ignoring rules with the problematic class
|
||||
( keystore_moto_key )
|
||||
|
||||
Lucky us, this new class `keystore_moto_key` is used by Moto for
|
||||
framework to framework (more accurately priv app to keymaster), since
|
||||
our own framework doesn't use this class, simply ignoring it fixes the
|
||||
issue.
|
||||
|
||||
Change-Id: I66339857634ebfdba359f12a99dfd0bff709d80b
|
||||
---
|
||||
libsepol/cil/src/cil_build_ast.c | 24 ++++++++++++++++++++++++
|
||||
1 file changed, 24 insertions(+)
|
||||
|
||||
diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c
|
||||
index b90b0f60..6f391940 100644
|
||||
--- a/libsepol/cil/src/cil_build_ast.c
|
||||
+++ b/libsepol/cil/src/cil_build_ast.c
|
||||
@@ -386,6 +386,14 @@ int cil_gen_class(struct cil_db *db, struct cil_tree_node *parse_current, struct
|
||||
struct cil_tree_node *perms = NULL;
|
||||
int rc = SEPOL_ERR;
|
||||
|
||||
+ {
|
||||
+ const char* path = cil_tree_get_cil_path(parse_current);
|
||||
+ if(strstr(path, "vendor")) {
|
||||
+ cil_clear_node(ast_node);
|
||||
+ return SEPOL_OK;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
rc = __cil_verify_syntax(parse_current, syntax, syntax_len);
|
||||
if (rc != SEPOL_OK) {
|
||||
goto exit;
|
||||
@@ -452,6 +460,14 @@ int cil_gen_classorder(struct cil_db *db, struct cil_tree_node *parse_current, s
|
||||
struct cil_list_item *head = NULL;
|
||||
int rc = SEPOL_ERR;
|
||||
|
||||
+ {
|
||||
+ const char* path = cil_tree_get_cil_path(parse_current);
|
||||
+ if(strstr(path, "vendor")) {
|
||||
+ cil_clear_node(ast_node);
|
||||
+ return SEPOL_OK;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
if (db == NULL || parse_current == NULL || ast_node == NULL) {
|
||||
goto exit;
|
||||
}
|
||||
@@ -2050,6 +2066,14 @@ int cil_gen_avrule(struct cil_tree_node *parse_current, struct cil_tree_node *as
|
||||
rule->src_str = parse_current->next->data;
|
||||
rule->tgt_str = parse_current->next->next->data;
|
||||
|
||||
+ {
|
||||
+ const char *classname = parse_current->next->next->next->cl_head->data;
|
||||
+ if(strcmp(classname, "keystore_moto_key") == 0) {
|
||||
+ cil_clear_node(ast_node);
|
||||
+ return SEPOL_OK;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
rc = cil_fill_classperms_list(parse_current->next->next->next, &rule->perms.classperms);
|
||||
if (rc != SEPOL_OK) {
|
||||
goto exit;
|
||||
--
|
||||
2.17.1
|
||||
|
||||
@ -0,0 +1,35 @@
|
||||
From 1573fc903e5c874b7a4fa78284801aa67a9f1ff7 Mon Sep 17 00:00:00 2001
|
||||
From: Pierre-Hugues Husson <phh@phh.me>
|
||||
Date: Sun, 27 Oct 2019 16:27:55 +0100
|
||||
Subject: [PATCH 40/40] Fix crash on some devices by checking for null client
|
||||
|
||||
Some device get the following system_server crash:
|
||||
*** FATAL EXCEPTION IN SYSTEM PROCESS: main
|
||||
java.lang.NullPointerException: Attempt to invoke virtual method 'boolean com.android.server.biometrics.ClientMonitor.onEnumerationResult(android.hardware.biometrics.BiometricAuthenticator$Identifier, int)' on a null object reference
|
||||
at com.android.server.biometrics.BiometricServiceBase.handleEnumerate(BiometricServiceBase.java:777)
|
||||
at com.android.server.biometrics.fingerprint.FingerprintService.access$6901(FingerprintService.java:93)
|
||||
at com.android.server.biometrics.fingerprint.FingerprintService$1.lambda$onEnumerate$5$FingerprintService$1(FingerprintService.java:686)
|
||||
at com.android.server.biometrics.fingerprint.-$$Lambda$FingerprintService$1$3I9ge5BoesXZUovbayCOCR754fc.run(Unknown Source:10)
|
||||
|
||||
Fix it by checking for `null` client before acting on it
|
||||
|
||||
Change-Id: If39d8c1b26c8c0a44b3d9292b646cb71ff258a95
|
||||
---
|
||||
.../java/com/android/server/biometrics/BiometricServiceBase.java | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/services/core/java/com/android/server/biometrics/BiometricServiceBase.java b/services/core/java/com/android/server/biometrics/BiometricServiceBase.java
|
||||
index d3c62bed7b5..b6710992a6e 100644
|
||||
--- a/services/core/java/com/android/server/biometrics/BiometricServiceBase.java
|
||||
+++ b/services/core/java/com/android/server/biometrics/BiometricServiceBase.java
|
||||
@@ -774,6 +774,7 @@ public abstract class BiometricServiceBase extends SystemService
|
||||
protected void handleEnumerate(BiometricAuthenticator.Identifier identifier, int remaining) {
|
||||
ClientMonitor client = getCurrentClient();
|
||||
|
||||
+ if(client == null) return;
|
||||
client.onEnumerationResult(identifier, remaining);
|
||||
|
||||
// All templates in the HAL for this user were enumerated
|
||||
--
|
||||
2.17.1
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user