tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
40154 commits 1 branch 0 tags 50 MiB
Commit graph

40154 commits

This branch
This branch
All branches
Author SHA1 Message Date
Alan Stokes
d014aa2ca1 Modify authfs related permissions 
Allow microdroid_manager to start authfs when needed.

Migrate the authfs-related permissions from compos to
microdroid_payload, so it can be used by any payload.

Move a neverallow to the correct file.

Bug: 245262525
Test: atest MicrodroidTests MicrodroidHostTestCases
Test: atest ComposHostTestCases
Change-Id: I0f5eb9c11bdb427b1f78c9fc721c40de76add484
 2022-09-23 15:55:47 +01:00
Vikram Gaur
a12e830e0b Merge "Add SELinux policy changes for rkpd" am: f4382c5391 am: 861480e5d3 am: c54e1421bc am: 6e4ee9f49c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2202346

Change-Id: Ifae14faafccb5c2f3b7392df7def669ab49381c7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-23 12:01:18 +00:00
Vikram Gaur
6e4ee9f49c Merge "Add SELinux policy changes for rkpd" am: f4382c5391 am: 861480e5d3 am: c54e1421bc 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2202346

Change-Id: Ieae25e9a30733bbab2a3f69027a0b444d7b03586
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-23 11:18:40 +00:00
Vikram Gaur
c54e1421bc Merge "Add SELinux policy changes for rkpd" am: f4382c5391 am: 861480e5d3 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2202346

Change-Id: Ib2ce58051f13e90ebbb2ce7a7364f11ff7d25fd9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-23 10:36:37 +00:00
Vikram Gaur
861480e5d3 Merge "Add SELinux policy changes for rkpd" am: f4382c5391 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2202346

Change-Id: I06da003ed136b921b7a5dfcc3202968ed87d5cff
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-23 10:05:53 +00:00
Vikram Gaur
f4382c5391 Merge "Add SELinux policy changes for rkpd" 2022-09-23 09:33:45 +00:00
Vikram Gaur
d25c80a951 Add SELinux policy changes for rkpd 
This is a part of changes to bring up Remote Key Provisioning Daemon
module. See packages/modules/RemoteKeyProvisioning for more info.

Change-Id: Iae4e98176491637acb03e2e09b9d8dbc269be616
Test: atest rkpd_client_test
 2022-09-23 05:09:00 +00:00
Pete Bentley
2f1f57fe4d Add SEPolicy for PRNG seeder daemon. am: e6da3b80d1 am: 2f846f4484 am: 6404936ce1 am: f0781af3bd 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2215051

Change-Id: Ifff42824871514bb879ae316ed2cd6e05fc5082b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-22 19:46:37 +00:00
Pete Bentley
f0781af3bd Add SEPolicy for PRNG seeder daemon. am: e6da3b80d1 am: 2f846f4484 am: 6404936ce1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2215051

Change-Id: Ib30773131203126955ca124b36ae33dfe358587c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-22 19:07:09 +00:00
Pete Bentley
6404936ce1 Add SEPolicy for PRNG seeder daemon. am: e6da3b80d1 am: 2f846f4484 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2215051

Change-Id: I523b9a34d723fe9f7c57aceea69423af3c5752f3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-22 18:13:42 +00:00
Pete Bentley
2f846f4484 Add SEPolicy for PRNG seeder daemon. am: e6da3b80d1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2215051

Change-Id: Iad1aa2f67b9e3a6d84cfaf5488be076aa7b04dc0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-22 17:23:25 +00:00
Pete Bentley
e6da3b80d1 Add SEPolicy for PRNG seeder daemon. 
Manual testing protocol:
* Verify prng_seeder daemon is running and has the
  correct label (via ps -Z)
* Verify prng_seeder socket present and has correct
  label (via ls -Z)
* Verify no SELinux denials
* strace a libcrypto process and verify it reads seeding
  data from prng_seeder (e.g. strace bssl rand -hex 1024)
* strace seeder daemon to observe incoming connections
  (e.g. strace -f -p `pgrep prng_seeder`)
* Kill daemon, observe that init restarts it
* strace again and observe clients now seed from new instance

Bug: 243933553
Test: Manual - see above
Change-Id: I0a7e339115a2cf6b819730dcf5f8b189a339c57d
 2022-09-22 15:13:20 +00:00
Qiao Li
aaa415d44b Merge "Add file contexts for FederatedCompute." am: 397e5765e3 am: 588f2c95ad am: 988a8d9655 am: fecffafdb3 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2222482

Change-Id: I9f70ba00f3a3071ce9276ff2e534a1aa7012d714
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-22 04:55:11 +00:00
Qiao Li
fecffafdb3 Merge "Add file contexts for FederatedCompute." am: 397e5765e3 am: 588f2c95ad am: 988a8d9655 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2222482

Change-Id: I333177abe529bbaa8b8f0609074903830938b2e0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-22 04:53:30 +00:00
Yu Shan
fa6bb84000 Merge "Create selinux policy for remoteaccess HAL." am: e799e9284c am: aaa10f9b1a am: 6954fecc92 am: 3d82cc9031 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2214911

Change-Id: I80c8b7a40e76f481298f9712294fbe6c6dc7e678
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-22 04:53:15 +00:00
Weilin Xu
916f5aa41a Applying new IBroadcastRadio AIDL am: 52546635b2 am: d2ca50b5e0 am: 2712a25ac0 am: c6af593485 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2211952

Change-Id: I1da68b42f6ac0b51f87f65630c25df5c311456c9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-22 04:26:37 +00:00
Qiao Li
988a8d9655 Merge "Add file contexts for FederatedCompute." am: 397e5765e3 am: 588f2c95ad 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2222482

Change-Id: I3e1f26490dcec9655d76c21b69f86a54be5bac3d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-22 04:00:27 +00:00
Yu Shan
3d82cc9031 Merge "Create selinux policy for remoteaccess HAL." am: e799e9284c am: aaa10f9b1a am: 6954fecc92 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2214911

Change-Id: I768be84242e3596ab0bdd0aa03e375ac52661c7a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-22 03:41:07 +00:00
Weilin Xu
c6af593485 Applying new IBroadcastRadio AIDL am: 52546635b2 am: d2ca50b5e0 am: 2712a25ac0 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2211952

Change-Id: I61cc00ba4e7a05991f784458637d74b45bfb1eb3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-22 03:40:42 +00:00
Qiao Li
588f2c95ad Merge "Add file contexts for FederatedCompute." am: 397e5765e3 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2222482

Change-Id: I8e19ca1ed57cbf00b44b8f79677d8f16f5cf25b0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-22 03:10:50 +00:00
Yu Shan
6954fecc92 Merge "Create selinux policy for remoteaccess HAL." am: e799e9284c am: aaa10f9b1a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2214911

Change-Id: I449c7a94e631d2ca645f843df704e876883364db
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-22 02:46:13 +00:00
Weilin Xu
2712a25ac0 Applying new IBroadcastRadio AIDL am: 52546635b2 am: d2ca50b5e0 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2211952

Change-Id: I115b435916909e32856e9077bfd103ec273afb82
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-22 02:46:04 +00:00
Qiao Li
397e5765e3 Merge "Add file contexts for FederatedCompute." 2022-09-22 02:36:39 +00:00
Steven Moreland
8a0dee9c18 Merge "hidl2aidl: conversion of gatekeeper hidl to aidl" am: 5043c02262 am: 139979d256 am: cd99e6dbdf am: 7d0e61da82 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2161816

Change-Id: I73ec52e77cbf25aadb93e7efb8925044d329b9d5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-22 02:00:18 +00:00
Yu Shan
aaa10f9b1a Merge "Create selinux policy for remoteaccess HAL." am: e799e9284c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2214911

Change-Id: Ib805d14841e1462e6adca2384b2ba1e1d1dbdf51
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-22 01:54:29 +00:00
Weilin Xu
d2ca50b5e0 Applying new IBroadcastRadio AIDL am: 52546635b2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2211952

Change-Id: I41c95a0025e068e974a7636c047673e68549542c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-22 01:54:18 +00:00
Reema Bajwa
7483cbe67c Merge "Add SELinux changes for Credential Manager Service in system server Test: Built & Deployed on device locally." am: 396d34b7c8 am: 802306e5b0 am: 34c5b002a2 am: dd34c7b7a9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2221761

Change-Id: I7928a7fa27ce0c27feec088d405ef935e14fe2e7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-22 01:29:51 +00:00
Yu Shan
e799e9284c Merge "Create selinux policy for remoteaccess HAL." 2022-09-22 01:17:00 +00:00
Anna Zhuravleva
69b0a9819a Add sepolicy for Health Connect system service. am: 2864a66331 am: 5d315d84fd am: b167a34acb am: 579dde4f55 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2218681

Change-Id: I4ea524dfdcd71e2cdaaaf2351585f57251aa254c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-22 01:02:59 +00:00
Steven Moreland
7d0e61da82 Merge "hidl2aidl: conversion of gatekeeper hidl to aidl" am: 5043c02262 am: 139979d256 am: cd99e6dbdf 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2161816

Change-Id: I3b6ef2f2a16c6fb7cfa655c48241575249b9edf6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-22 00:19:28 +00:00
Reema Bajwa
dd34c7b7a9 Merge "Add SELinux changes for Credential Manager Service in system server Test: Built & Deployed on device locally." am: 396d34b7c8 am: 802306e5b0 am: 34c5b002a2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2221761

Change-Id: Idedad52bbffd1981144e417b5ad32b2a2919feb0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-21 23:52:51 +00:00
Anna Zhuravleva
579dde4f55 Add sepolicy for Health Connect system service. am: 2864a66331 am: 5d315d84fd am: b167a34acb 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2218681

Change-Id: I02f46b0b4b85f8c10a2077243cd4c279f8e384ab
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-21 23:45:51 +00:00
Steven Moreland
cd99e6dbdf Merge "hidl2aidl: conversion of gatekeeper hidl to aidl" am: 5043c02262 am: 139979d256 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2161816

Change-Id: I9906abf6c5498a2bb2fb701d06122422a123dd6b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-21 23:22:20 +00:00
Weilin Xu
52546635b2 Applying new IBroadcastRadio AIDL 
Update Sepolicy for AIDL broadcast radio HAL. Ignore
fuzzer default AIDL implementation for now.

Bug: 170336130
Test: m -j
Change-Id: Ie55c08c6a721de1f8dc40acc81de68565f99f7d7
 2022-09-21 23:17:20 +00:00
Reema Bajwa
34c5b002a2 Merge "Add SELinux changes for Credential Manager Service in system server Test: Built & Deployed on device locally." am: 396d34b7c8 am: 802306e5b0 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2221761

Change-Id: If69cac510d4247a2980486e36c983d904b94d631
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-21 23:06:04 +00:00
Anna Zhuravleva
b167a34acb Add sepolicy for Health Connect system service. am: 2864a66331 am: 5d315d84fd 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2218681

Change-Id: I539a568dc879c63bf3a5c30b40395c44a896923f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-21 22:58:13 +00:00
Steven Moreland
139979d256 Merge "hidl2aidl: conversion of gatekeeper hidl to aidl" am: 5043c02262 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2161816

Change-Id: If3585fe2d32bb20a242b2d377b6849ec1d455ca0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-21 22:32:32 +00:00
Reema Bajwa
802306e5b0 Merge "Add SELinux changes for Credential Manager Service in system server Test: Built & Deployed on device locally." am: 396d34b7c8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2221761

Change-Id: Iee3a333a5dff68f0a078c6b9e0bb04df06ad661a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-21 22:26:56 +00:00
Anna Zhuravleva
5d315d84fd Add sepolicy for Health Connect system service. am: 2864a66331 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2218681

Change-Id: I5fc37573d998fee7a0cb995a84ab37075b4bed37
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-21 22:02:20 +00:00
Steven Moreland
5043c02262 Merge "hidl2aidl: conversion of gatekeeper hidl to aidl" 2022-09-21 21:26:01 +00:00
Reema Bajwa
396d34b7c8 Merge "Add SELinux changes for Credential Manager Service in system server Test: Built & Deployed on device locally." 2022-09-21 17:34:09 +00:00
qiaoli
9de81191c6 Add file contexts for FederatedCompute. 
Test: TH
Change-Id: If302dc80a5be0b72e417698a60a92a05bedde8a1
 2022-09-21 03:40:13 +00:00
Yu Shan
05a7389aa9 Create selinux policy for remoteaccess HAL. 
Will add fuzzer once the service is implemented.

Test: Run remoteaccess HAL on gcar_emu. Verify the service is running.
Bug: 241483300
Change-Id: I01b31a88414536ddd90f9098f422ae43a48cf726
 2022-09-20 18:09:49 -07:00
Anna Zhuravleva
2864a66331 Add sepolicy for Health Connect system service. 
Add selinux policy so the healthconnect system service
can be accessed by other processes.

Bug: 246961138
Test: build
Change-Id: I37e0e7f1a2b4696b18f8876a107c509d2906e850
 2022-09-20 17:14:35 +00:00
Pawan Wagh
228d0c669e Merge "sepolicy : Updating error message with doc link" am: f73797f50d am: 87aec4602e am: 00c39eadc9 am: d3f90789bf 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2215709

Change-Id: I01e7c1f30b3ea34bcec188bdda8b9312b81866bc
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-20 04:30:37 +00:00
Pawan Wagh
d3f90789bf Merge "sepolicy : Updating error message with doc link" am: f73797f50d am: 87aec4602e am: 00c39eadc9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2215709

Change-Id: I60b146e0d09743e568c80957d81d47bfc8e563d6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-20 03:37:07 +00:00
Pawan Wagh
00c39eadc9 Merge "sepolicy : Updating error message with doc link" am: f73797f50d am: 87aec4602e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2215709

Change-Id: I233e3050db0f628cb62a24695bd653081a9e53de
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-20 03:10:14 +00:00
Pawan Wagh
87aec4602e Merge "sepolicy : Updating error message with doc link" am: f73797f50d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2215709

Change-Id: Ia4ce2b0536aaf95735d52fa77ae8f671257ce50b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-09-20 02:39:36 +00:00
Pawan Wagh
f73797f50d Merge "sepolicy : Updating error message with doc link" 2022-09-20 02:06:40 +00:00
Reema Bajwa
5b57bfaf7e Add SELinux changes for Credential Manager Service in system server 
Test: Built & Deployed on device locally.

Change-Id: I892107ed528e0ca7435aa29a0fa1e6dbf4f225c5
 2022-09-19 17:51:06 +00:00