tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
41679 commits 1 branch 0 tags 50 MiB
Commit graph

9152 commits

Author SHA1 Message Date
David Brazdil
01debdb66f Merge "Create virtmgr domain and initial policy" am: 3e61a33df5 am: b5a4f52de7 am: 8d65921dfb 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2317789

Change-Id: Idb4430043747da236edbbb48715c80948bbad032
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-20 10:25:00 +00:00
David Brazdil
8d65921dfb Merge "Create virtmgr domain and initial policy" am: 3e61a33df5 am: b5a4f52de7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2317789

Change-Id: I317e53312d97c7a03f5e2709dfa6fcdb9dc29488
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-20 09:37:28 +00:00
David Brazdil
3e61a33df5 Merge "Create virtmgr domain and initial policy" 2022-12-20 08:17:05 +00:00
Treehugger Robot
4ddb01576e Merge "Add SELinux policy for sound dose HAL" am: 62894399c3 am: f6872e0ea8 am: 9db7dccfe4 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2361860

Change-Id: I5e51556a15e00da894b8f7660954717d3fcaaeda
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-19 21:19:24 +00:00
Treehugger Robot
9db7dccfe4 Merge "Add SELinux policy for sound dose HAL" am: 62894399c3 am: f6872e0ea8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2361860

Change-Id: Ia25d2e86827d872d33553753d3dba34bdc801324
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-19 20:35:14 +00:00
Treehugger Robot
62894399c3 Merge "Add SELinux policy for sound dose HAL" 2022-12-19 19:07:32 +00:00
Andy Hung
ce1104b515 Merge "audio HAL: SELinux changes for Spatial Audio optimization" into tm-qpr-dev am: 5190b9b589 am: 7a0d4f0c6c 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/20612611

Change-Id: I4bed951972bcaf8ea0fb7b6936d4cce7930165d7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-17 04:06:36 +00:00
Andy Hung
7a0d4f0c6c Merge "audio HAL: SELinux changes for Spatial Audio optimization" into tm-qpr-dev am: 5190b9b589 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/20612611

Change-Id: If12fd121484ec20231e7f32636610832cd2f6db1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-17 04:05:42 +00:00
Vlad Popa
48dd5f7ac4 Add SELinux policy for sound dose HAL 
Note that this HAL is meant only as a workaround until the OEMs will
switch to the AIDL audio HAL.

Test: bluejay-userdebug
Bug: 257937004
Change-Id: Id01da9606f73354a01a94aace8a8966a09038fda
 2022-12-16 21:42:06 +01:00
Andy Hung
2461bf39bd audio HAL: SELinux changes for Spatial Audio optimization 
Add CAP_SYS_NICE.
Reduce glitches caused by core migration.
Reduce power consumption as Spatializer Effect is DSP compute bound.

Test: instrumented
Test: adb shell 'uclampset -a -p $(pgrep -of android.hardware.audio.service)'
Test: adb shell cat "/proc/$(adb shell pgrep -of android.hardware.audio.service)/status"
Test: adb shell 'ps -Tl -p $(pgrep -of android.hardware.audio.service)'
Bug: 181148259
Bug: 260918856
Bug: 261228892
Bug: 261686532
Bug: 262803152
Ignore-AOSP-First: tm-qpr-dev fix, will move to AOSP afterwards.
Change-Id: Id5f052116834034a9e4fd5c3adf17d3d7ef6610a
 2022-12-16 12:08:17 -08:00
Treehugger Robot
201902591c Merge "Remove dalvik.vm.usejitprofiles system property." am: a0f59cffe2 am: f1aa72efbd 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2327464

Change-Id: I550b860284b115bf6174eb10b462bf2b84f85c98
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-16 19:56:11 +00:00
Treehugger Robot
a0f59cffe2 Merge "Remove dalvik.vm.usejitprofiles system property." 2022-12-16 18:51:08 +00:00
Vikram Gaur
6257a733d0 Merge "Fix permission issue for widevine mediaservices." am: ebe25efd66 am: 24a4882a1d am: 2a37a21c50 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2357882

Change-Id: I7dd6a8c5c3f7362ad873b8f567e556a861adacae
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-15 21:21:57 +00:00
Vikram Gaur
2a37a21c50 Merge "Fix permission issue for widevine mediaservices." am: ebe25efd66 am: 24a4882a1d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2357882

Change-Id: Ibe46267a8099f20e6259f3ead411c3812a5085ed
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-15 20:41:51 +00:00
Vikram Gaur
ebe25efd66 Merge "Fix permission issue for widevine mediaservices." 2022-12-15 19:13:12 +00:00
Sandro
1cf9ddb4cf Allow sdk_sandbox to read files/directory in /data/local/tmp am: f7894fc62e am: 50b3258e72 am: e310a33fb2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2346004

Change-Id: I8a227a6fb6e526f913221c144f0de0a8adc97842
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-15 17:27:09 +00:00
Vikram Gaur
91f5c53adf Fix permission issue for widevine mediaservices. 
Widevine provisioning was causing SELinux policy issues since we need to
provision Widevine through MediaDrm framework.

Test: presubmits
Change-Id: Ia9d070309e84599ed614bbf5ba35eed558f4d463
 2022-12-15 17:14:04 +00:00
Sandro
e310a33fb2 Allow sdk_sandbox to read files/directory in /data/local/tmp am: f7894fc62e am: 50b3258e72 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2346004

Change-Id: I9b9921069667a972b6c233d4eae0d08a9e0473ef
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-15 16:47:39 +00:00
Sandro
f7894fc62e Allow sdk_sandbox to read files/directory in /data/local/tmp 
The /data/local/tmp directory is used by the CTS tests infrastructure to
store various data, like the list of tests to include/exclude after
failures
http://cs/android-internal/tools/tradefederation/core/test_framework/com/android/tradefed/testtype/AndroidJUnitTest.java;l=333-347;rcl=bbd3902197b7de1a99aef4c22db8e14e4dbf1157

Without this CL, CTS modules that attempt to re-execute failures will
get a '[INSTRUMENTATION_CRASH|SYSTEM_UNDER_TEST_CRASHED]' error.

Test results before/after this CL:
Before: http://ab/I04600010115474754
After: http://ab/I65000010115426482
Note the absence of "Module error" in the second case
https://screenshot.googleplex.com/C6Ui3GdfgQBt8bp
https://screenshot.googleplex.com/BDHKFfKJjnqVYpj

Bug: 261864298
Test: atest CtsBluetoothTestCases --retry-any-failure -- --enable-optional-parameterization --enable-parameterized-modules --module-parameter run_on_sdk_sandbox
Change-Id: Ibbb196f8c0ef1df320885ed8c56f20172f83d583
 2022-12-15 10:29:36 +00:00
Calvin Pan
8aae52f1bc Merge "Add grammatical_inflection service" am: f56dfeb2d4 am: ecdc4715bc am: 2a53d04c95 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2352743

Change-Id: I1bb81cf69f539049cee1e7afd2b61247f79af6a7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-15 10:15:27 +00:00
Calvin Pan
2a53d04c95 Merge "Add grammatical_inflection service" am: f56dfeb2d4 am: ecdc4715bc 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2352743

Change-Id: I8a2a4412d17d6a044e9925ed35a287eb75f04a03
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-15 09:04:12 +00:00
Calvin Pan
f56dfeb2d4 Merge "Add grammatical_inflection service" 2022-12-15 07:38:01 +00:00
Avichal Rakesh
72ea9c9983 Merge "cameraservice: Add selinux policy for vndk cameraservice." am: 95ecfc2f33 am: 5e5c23595e am: 062567b1b3 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2346843

Change-Id: I706d6ce19cba7633e998b1287250b6927bf795ae
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-15 00:47:46 +00:00
Avichal Rakesh
062567b1b3 Merge "cameraservice: Add selinux policy for vndk cameraservice." am: 95ecfc2f33 am: 5e5c23595e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2346843

Change-Id: Ifa44e738457c8e8f3d4365804a87e690cca94da4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-15 00:01:04 +00:00
Avichal Rakesh
95ecfc2f33 Merge "cameraservice: Add selinux policy for vndk cameraservice." 2022-12-14 22:49:47 +00:00
Avichal Rakesh
0febfbd952 cameraservice: Add selinux policy for vndk cameraservice. 
This CL adds a new cameraservice type to allow vendor clients of
cameraservice to query and find the stable cameraservice
implementation.

Bug: 243593375
Test: Manually tested that cameraservice can register a vendor facing
      instance.
Change-Id: I61499406d4811c898719abcb89c51b4b8a29f4a7
 2022-12-14 20:46:43 +00:00
Treehugger Robot
f29a30705d Merge "Add a sysprop for initiating PHYs in LE create ext connection" am: 92018d4150 am: 16d0242532 am: fc06df931a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2335542

Change-Id: I5333103ecc9afbdf45a62e2c3959b279f1dc1c29
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-14 05:38:02 +00:00
Calvin Pan
a9b1c2299c Add grammatical_inflection service 
This new service is exposed by system_server and available to all apps.

Bug: 259175720
Test: atest and check the log
Change-Id: I522a3baab1631589bc86fdf706af745bb6cf9f03
 2022-12-14 05:22:53 +00:00
Treehugger Robot
fc06df931a Merge "Add a sysprop for initiating PHYs in LE create ext connection" am: 92018d4150 am: 16d0242532 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2335542

Change-Id: I956b3a0f460207f0dadb340a7378df91a9ee639a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-14 04:58:30 +00:00
Treehugger Robot
92018d4150 Merge "Add a sysprop for initiating PHYs in LE create ext connection" 2022-12-14 04:07:33 +00:00
Pomai Ahlo
df3dd86f94 Merge "[ISap hidl2aidl] Update ISap in sepolicy" am: ab3a546000 am: 0824aff623 am: f2be496223 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2339122

Change-Id: Ia7b450f3a130465e63c1771114e27abd0acc5b14
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-13 22:19:59 +00:00
Mohi Montazer
254a6bf69b Merge "SEPolicy updates for camera HAL" am: 3bbdd15ece am: c7eba19ef9 am: da142c0d8b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2338242

Change-Id: I823f3d390f3c04329f9ea3e76c9b799268fb4082
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-13 22:17:49 +00:00
Pomai Ahlo
f2be496223 Merge "[ISap hidl2aidl] Update ISap in sepolicy" am: ab3a546000 am: 0824aff623 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2339122

Change-Id: Id13f7690aa4c3ae0d68e3af9810e283772be80e9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-13 21:30:04 +00:00
Mohi Montazer
da142c0d8b Merge "SEPolicy updates for camera HAL" am: 3bbdd15ece am: c7eba19ef9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2338242

Change-Id: I6179821368e204896226970fab356577ca3f0699
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-13 21:29:50 +00:00
Pomai Ahlo
ab3a546000 Merge "[ISap hidl2aidl] Update ISap in sepolicy" 2022-12-13 20:57:24 +00:00
Mohi Montazer
3bbdd15ece Merge "SEPolicy updates for camera HAL" 2022-12-13 20:37:59 +00:00
Treehugger Robot
7eaa454dca Merge "Add all supported instance names for audio IModule" am: ffae136437 am: 7ea2e57cb2 am: 13fe16936e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2336911

Change-Id: I9cce4e6a310eefabd0e46a7b05460ee6c2d4c803
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-13 20:15:04 +00:00
Jiakai Zhang
375ec666e2 Merge changes Iec586c55,Iccb97b19 am: 9acfabbe12 am: 1afdbf5357 am: cc9d0ff6f8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2345246

Change-Id: I67280c597807fb0bfc96f4968be733dc54377be9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-13 20:14:50 +00:00
Treehugger Robot
1043456d8c Merge "sepolicy: Add Bluetooth AIDL" am: 8cce74d7e0 am: 920af49203 am: f97fd45474 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2238140

Change-Id: Ie5597ee415918d1aa8449f1937ac5168bfabc26e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-13 20:14:36 +00:00
Treehugger Robot
13fe16936e Merge "Add all supported instance names for audio IModule" am: ffae136437 am: 7ea2e57cb2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2336911

Change-Id: I1854c9f8287f2165f80c2c24ae484e1d42ce1093
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-13 20:12:48 +00:00
Jiakai Zhang
cc9d0ff6f8 Merge changes Iec586c55,Iccb97b19 am: 9acfabbe12 am: 1afdbf5357 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2345246

Change-Id: I79428ac28bbafaa55be4dd6d12b84b52e2fe0d89
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-13 20:11:16 +00:00
Treehugger Robot
f97fd45474 Merge "sepolicy: Add Bluetooth AIDL" am: 8cce74d7e0 am: 920af49203 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2238140

Change-Id: Iccc5ae27c6e9c7320ac168e28e239ca6f250847c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-13 19:31:30 +00:00
Treehugger Robot
ffae136437 Merge "Add all supported instance names for audio IModule" 2022-12-13 19:30:00 +00:00
Jiakai Zhang
9acfabbe12 Merge changes Iec586c55,Iccb97b19 
* changes:
  Allow artd to access files for restorecon.
  Allow artd to read symlinks for secondary dex files.
 2022-12-13 19:06:18 +00:00
David Brazdil
5fcfbe49da Create virtmgr domain and initial policy 
Start a new security domain for virtmgr - a child proces of an app that
manages its virtual machines.

Add permissions to auto-transition to the virtmgr domain when the client
fork/execs virtmgr and to communicate over UDS and pipe.

Bug: 250685929
Test: atest -p packages/modules/Virtualization:avf-presubmit
Change-Id: I7624700b263f49264812e9bca6b83a003cc929be
 2022-12-13 18:40:05 +00:00
Treehugger Robot
8cce74d7e0 Merge "sepolicy: Add Bluetooth AIDL" 2022-12-13 18:26:03 +00:00
Mohi Montazer
ad059403ad SEPolicy updates for camera HAL 
Updates SEPolicy files to give camera HAL permission to access
Android Core Experiment flags.

Example denials:
11-30 13:08:33.172  1027  1027 W binder:1027_3: type=1400 audit(0.0:7): avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs" ino=152 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0
11-30 13:08:33.172  1027  1027 W binder:1027_3: type=1400 audit(0.0:8): avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs" ino=152 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0
11-30 13:08:33.244  1027  1027 W 3AThreadPool:  type=1400 audit(0.0:9): avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs" ino=152 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0

Bug: 259433722
Test: m
Change-Id: I11165b56d7b7e38130698cf86d9739f878580a14
 2022-12-13 09:52:04 -08:00
Treehugger Robot
5bbc5767cb Merge "Add ro.fuse.bpf.is_running" am: 71ed34c341 am: b7ca038df4 am: 6770706ac1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2346802

Change-Id: If207f7ec5b3c6c941f973fce7f58d4a780b98007
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-13 17:05:44 +00:00
Treehugger Robot
6770706ac1 Merge "Add ro.fuse.bpf.is_running" am: 71ed34c341 am: b7ca038df4 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2346802

Change-Id: I04b00625696e97dc517e5f206c09617df9577a74
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-13 16:26:07 +00:00
Jiakai Zhang
d7f811913b Allow artd to access files for restorecon. 
Otherwise, we will get SELinux denials like:
W binder:5750_1: type=1400 audit(0.0:133): avc: denied { read } for name="plat_file_contexts" dev="dm-1" ino=979 scontext=u:r:artd:s0 tcontext=u:object_r:file_contexts_file:s0 tclass=file permissive=0
W binder:5750_1: type=1400 audit(0.0:134): avc: denied { read } for name="system_ext_file_contexts" dev="dm-3" ino=92 scontext=u:r:artd:s0 tcontext=u:object_r:file_contexts_file:s0 tclass=file permissive=0

Bug: 262230400
Test: No longer see such SELinux denials.
Change-Id: Iec586c554fa2dc33f0a428321bada484add620ed
 2022-12-13 16:03:22 +00:00