tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
43988 commits 1 branch 0 tags 50 MiB
Commit graph

646 commits

Author SHA1 Message Date
Alice Wang
0407c993d8 Revert^2 "[avf][rkp] Allow virtualizationservice to register RKP HAL" 
Revert submission 2812435-revert-2778549-expose-avf-rkp-hal-GTFGLMUUKQ

Reason for revert: This change relands the topic
https://r.android.com/q/topic:%22expose-avf-rkp-hal%22
The SELinux denial has been fixed in system/sepolicy

Reverted changes: /q/submissionid:2812435-revert-2778549-expose-avf-rkp-hal-GTFGLMUUKQ

Bug: 308596709
Bug: 274881098
Change-Id: Ib23ac4680b0f37b760bff043e1f42ce61a58c3e2
 2023-10-31 20:06:23 +00:00
Alice Wang
072d8fc0db Merge "Revert "[avf][rkp] Allow virtualizationservice to register RKP H..."" into main 2023-10-31 15:13:01 +00:00
Alice Wang
ece557dc7a Revert "[avf][rkp] Allow virtualizationservice to register RKP H..." 
Revert submission 2778549-expose-avf-rkp-hal

Reason for revert: SELinux denial
avc:  denied  { find } for pid=3400 uid=10085 name=android.hardware.security.keymint.IRemotelyProvisionedComponent/avf scontext=u:r:rkpdapp:s0:c85,c256,c512,c768 tcontext=u:object_r:avf_remotelyprovisionedcomponent_service:s0 tclass=service_manager permissive=0


Reverted changes: /q/submissionid:2778549-expose-avf-rkp-hal

Bug: 308596709
Change-Id: If8e448e745f2701cf00e7757d0a079d8700d43c0
 2023-10-31 15:01:18 +00:00
Alice Wang
7109a31496 Merge "[avf][rkp] Allow virtualizationservice to register RKP HAL service" into main 2023-10-31 12:21:41 +00:00
Alice Wang
104626ca99 [avf][rkp] Allow virtualizationservice to register RKP HAL service 
Bug: 274881098
Test: atest MicrodroidHostTests
Change-Id: Ib0953fa49f27719be63bb244071b132bc385dca3
 2023-10-27 09:26:42 +00:00
Alex Xu
902a010aaa Add sepolicy for security_state service. 
security_state service manages security state (e.g. SPL) information across partitions, modules, etc.

Bug: 307819014
Test: Manual
Change-Id: I4ebcd8431c11b41f7e210947b32cf64c2adf3901
 2023-10-26 06:11:58 +00:00
Vladimir Komsiyski
6e07de8088 Merge "Policy for virtualdevice_native service." into main 2023-10-06 14:20:09 +00:00
Vladimir Komsiyski
31facf0677 Policy for virtualdevice_native service. 
A parallel implementation of certain VDM APIs that need to
be exposed to native framework code.

Similar to package_native_service.

Not meant to be used directly by apps but should still be
available in the client process via the corresponding native
manager (e.g. SensorManager).

Starting the service: ag/24955732
Testing the service: ag/24955733

Bug: 303535376
Change-Id: I90bb4837438de5cb964d0b560585b085cc8eabef
Test: manual
 2023-10-06 12:52:42 +00:00
Treehugger Robot
d065d025ed Merge "C2 AIDL sepolicy update" into main am: 8342def00a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2721424

Change-Id: I096e99c403f513a203040cf97e199392dc794177
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-07 19:52:25 +00:00
Wonsik Kim
a981983e70 C2 AIDL sepolicy update 
Bug: 251850069
Test: presubmit
Change-Id: Ica39920472de154aa01b8e270297553aedda6782
 2023-09-06 14:30:26 -07:00
Xin Li
80690d5086 Merge "Merge Android U (ab/10368041)" into aosp-main-future 2023-08-28 22:13:48 +00:00
Xin Li
e07dbe0a63 Merge Android U (ab/10368041) 
Bug: 291102124
Merged-In: Id2cc5dbbafffb4633706e5cc728cb44abd417340
Change-Id: I77e68f17a1273958bcdc32b5a4b6a0ff3ffdfd2a
 2023-08-23 17:20:59 -07:00
Kangping Dong
45efca84e5 [Thread] add sepolicy rules for Thread system service 
Add SEPolicy for the ThreadNetworkService
Add Fuzzer exception, thread_network service is java only

FR: b/235016403

Test: build and start thread_network service
bug: 262683651
Change-Id: Ifa2e9500dd535b0b4f2ad9af006b8dddaea900db
 2023-08-23 17:08:58 +08:00
Jeff Pu
fb5d221b27 Add biometric face virtual hal service 
Bug: 228638448
Test: Manually following face virtual hal provisioning procedure
Change-Id: I1f61b687be4abe53c62c21769fb57dc9cf9daf45
 2023-08-16 17:00:08 -04:00
igorzas
7489e93613 Add RemoteAuthService 
Add SEPolicy for the RemoteAuth Manager/Service
Add Fuzzer exception, remote_auth service is going to be in Java and
Rust only

Design doc: go/remote-auth-manager-fishfood-design

Test: loaded on device.
Bug: 290092977
Change-Id: I4decb29b863170aed5e7c85da9c4b50c0675d3bd
 2023-08-04 17:55:14 +00:00
Jakob Schneider
09916a69c9 Merge "Add SEPolicy for the ArchiveManager/Service." into main 2023-08-04 16:10:01 +00:00
Jakob Schneider
5c5a6af643 Add SEPolicy for the ArchiveManager/Service. 
Test: boots - CTS coming in a future change
Change-Id: Ia42bc21e1523c7b225b7c84c3a3f18dd3ed1a54f
 2023-08-04 14:13:03 +01:00
Kangping Dong
9d965761ca Merge "add sepolicy rules for OT daemon binder service" into main 2023-08-03 14:13:21 +00:00
Kangping Dong
0b3e8c62ee add sepolicy rules for OT daemon binder service 
Bug: 262681784
Change-Id: I3b4d3603709a761ad1410b81c0e5b4e4fc51c43c
 2023-08-03 13:31:53 +08:00
Inseob Kim
825056de9a Add permission for VFIO device binding 
vfio_handler will bind platform devices to VFIO driver, and then
return a file descriptor containing DTBO. This change adds
permissions needed for that.

Bug: 278008182
Test: adb shell /apex/com.android.virt/bin/vm run-microdroid \
      --devices /sys/bus/platform/devices/16d00000.eh --protected
Change-Id: Ie947adff00d138426d4703cbb8e7a8cd429c2272
 2023-08-02 15:06:51 +09:00
Vadim Caen
d64cf75c48 Policy for virtual_camera 
Adds a policy to run the virtual_camera process which:
 - registers a service implementing the camera HAL
 - registers a service to reveive communicate with virtual cameras via
   system_server

Bug: 253991421
Test: CTS test
android.virtualdevice.cts.VirtualDeviceManagerBasicTest#createDevice_createCamera

Change-Id: I772d176919b8dcd3b73946935ed439207c948f2b
 2023-07-25 19:27:48 +00:00
Zhanglong Xia
b2d1fbb7b2 Add sepolicy rules for Thread Network HAL 
Bug: b/283905423
Test: Build and run the Thread Network stack in Cuttlefish.
Change-Id: I783022c66b80274069f8f3c292d84918f41f8221
 2023-06-30 10:56:38 +08:00
Dave Mankoff
665cad0d2c SE Linux perimissions for Feature Flags Service 
Bug: 279054964
Test: build && flash
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:a1f8ca3cd3c4861a06c5042148aab6623a563651)
Merged-In: I5fffaccba61e218496ac82ccf9ba308cf9892868
Change-Id: I5fffaccba61e218496ac82ccf9ba308cf9892868
 2023-06-26 13:42:45 +00:00
Mugdha Lakhani
d02b20b53d Create sdk_sandbox_all. am: 2ae45c5766 am: ca1191437b am: 0f6e7f8943 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2583492

Change-Id: I7980a501e8a7ffb837e7864a0d2ae4b9b00caabd
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-09 18:45:42 +00:00
Mugdha Lakhani
2ae45c5766 Create sdk_sandbox_all. 
Rename sdk_sandbox to sdk_sandbox_34.
Additionally, Extract out parts of sdk_sandbox_34 to
sdk_sandbox_all.te that will be shared with all sdk_sandbox domains.

Bug: b/270148964
Test: atest PackageManagerLocalTest SdkSandboxDataIsolationHostTest
SdkSandboxRestrictionsTest

Change-Id: I36e0c8795148de83c81dfe12559452812aa2b25e
 2023-05-09 15:11:39 +00:00
Steven Moreland
dc10d40add Merge "aidl_lazy_test: additional service context" am: d8b05e70bf am: b5a4c528f7 am: 7537e74b96 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2564270

Change-Id: I049e98038884725e7c31150f12ebe4520be1080e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-26 21:46:23 +00:00
Steven Moreland
295e68f238 aidl_lazy_test: additional service context 
A lazy service shouldn't quit when it has clients, but
sometimes it needs to, such as when the device is
shutting down, so we test that it works.

In Android U, I broke this behavior, and it was caught
by other tests. However, now we have test support
for this directly in aidl_lazy_test.

No fuzzer, because this is a test service only, so it's
low-value.

Bug: 279301793
Bug: 278337172
Bug: 277886514
Bug: 276536663
Bug: 278117892
Test: aidl_lazy_test
Change-Id: I36b2602bb87b56ba1eb72420c7fdd60ff1fa14e2
 2023-04-26 00:41:05 +00:00
Martin Stjernholm
29eb48e427 Merge "Revert "Introduce a new sdk_sandbox domain"" am: 3fac381180 am: ec5e24de11 am: b90c8d8ff5 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2561870

Change-Id: I7a73e5563e07379bdc798e92f52a71569c941cbb
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-25 15:21:07 +00:00
Martin Stjernholm
87143bd904 Revert "Introduce a new sdk_sandbox domain" 
This reverts commit 304962477a.

Reason for revert: b/279565840

Change-Id: I6fc3a102994157ea3da751364f80730f4d0e87f0
 2023-04-25 12:40:37 +00:00
Mugdha Lakhani
764f7345ee Merge "Introduce a new sdk_sandbox domain" am: 9ee52f56bb am: ff1c4e035c am: cf72055b15 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2527286

Change-Id: I2c47e03450147e8a950cd4db4c4f6d00f229fb46
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-25 11:11:03 +00:00
Mugdha Lakhani
304962477a Introduce a new sdk_sandbox domain 
Define the selinux domain to apply to SDK runtime for
targetSdkVersion=34.
The existing sdk_sandbox domain has been renamed to sdk_sandbox_next.
Future CLs will add logic to apply one of these to the SDK runtime
processes on the device, based on a flag.

auditallow block from sdk_sandbox has been removed as we haven't yet
measured the system health impact of adding this. It'll be added to an
audit domain later after we've ruled out negative system health impact.

Bug: 270148964
Test: make and boot the test device, load SDK using test app
Change-Id: I7438fb16c1c5e85e30683e421ce463f9e0b1470d
 2023-04-21 17:26:26 +00:00
Yu Shan
36370a80be Merge "Define sepolicy for ivn HAL." am: 9861e84085 am: 506e69012d am: 78ca38f285 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2530161

Change-Id: I5802fb2e124cfab86869d0c123f5b6d670e5c8d0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-12 02:44:59 +00:00
Yu Shan
9eb72464b5 Define sepolicy for ivn HAL. 
Test: manually verify ivn HAL on gcar_emu.
Bug: 274139217
Change-Id: Ie12dccb723078d83b561c152cc4458e52c0f8090
 2023-04-10 17:42:51 -07:00
Lakshman Annadorai
52d8a1e5d8 Merge "Add cpu_monitor service context." am: d970b34331 am: 605db074db am: 76809597e6 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2517975

Change-Id: I2fae64b89c92f9c8d8a360e943e13a6144b6d7b1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-04 19:08:46 +00:00
Lakshman Annadorai
99467b5e4e Add cpu_monitor service context. 
Change-Id: Idefa3e55521477742f53681058575f11242e5b88
Test: m
Bug: 242722241
 2023-03-31 20:55:42 +00:00
Tri Vo
26c4ed9d40 Merge "Remove RemoteProvisioner and remoteprovisioning services" am: 0099ba37f3 am: 45734ff4a7 am: ddc3df3035 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2488295

Change-Id: I46b1309c166d253a0c132c4c70fea547f2fe2619
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-17 19:05:42 +00:00
Tri Vo
4bb2d30701 Remove RemoteProvisioner and remoteprovisioning services 
Bug: 273325840
Test: keystore2_test
Change-Id: I295ccdda5a3d87b568098fdf97b0ca5923e378bf
 2023-03-14 15:45:35 -07:00
Alice Wang
4a8ab250c8 [dice] Remove all the sepolicy relating the hal service dice am: 5e94b1698c am: 13e58cf7b1 am: a9a8c0cb93 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2426073

Change-Id: Ia58829024a4eec19239f71fb93aa01649f08b192
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-24 21:23:06 +00:00
Alice Wang
5e94b1698c [dice] Remove all the sepolicy relating the hal service dice 
As the service is not used anywhere for now and in the near future.

Bug: 268322533
Test: m
Change-Id: I0350f5e7e0d025de8069a9116662fee5ce1d5150
 2023-02-24 08:34:26 +00:00
Pedro Loureiro
efd12cc5bf Merge "Add SEPolicy for device config service" am: 43b0b8a65c am: 14060332c7 am: fe0ce26f53 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2430374

Change-Id: Ic9b09bf6e69fcec9e8f35de48be914f332bd45b3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-14 14:03:59 +00:00
Pedro Loureiro
58847ab171 Add SEPolicy for device config service 
A new mainline module that will have the device config logic requires a new service (device_config_updatable).

Bug: 252703257

Test: manual because logic that launches service is behind flag

Change-Id: I4ffba0c7d2afc44af8438b7d84d836e42388bd7d
 2023-02-13 09:37:12 +00:00
Brian Julian
3e91bef971 Merge "Backports sepolicy for AltitudeService to T." am: f388934ffe am: e346f2fe80 am: 0966a7e8a3 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2406792

Change-Id: I942be729355e8a833f3fdca7023f2eba4d09ac6a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-08 19:38:08 +00:00
Brian Julian
32b0a39d27 Backports sepolicy for AltitudeService to T. 
Test: VtsHalAltitudeServiceTargetTest
Bug: 265013616
Change-Id: I8eb6af8b9350e0d021ef781eb9f3776b4adf3b7f
Merged-In: I8eb6af8b9350e0d021ef781eb9f3776b4adf3b7f
 2023-02-07 19:38:17 +00:00
Karthik Mahesh
4ccdb766a4 Merge "Add sepolicy for ODP system server service." am: 4fd76147c4 am: 4fc055b5cd am: 5fe0aaca94 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2402876

Change-Id: I8af698adfffd3b336217f9ae4f9d3fa8b87f3e22
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-02 21:47:26 +00:00
Karthik Mahesh
52e5914ca4 Add sepolicy for ODP system server service. 
Bug: 236174677
Test: build
Change-Id: Ief208b795dd05ddaa406f50a5fa91f46fe52fd71
 2023-02-01 22:27:36 -08:00
Lorenzo Colitti
0aa28bc420 Merge "Update SEPolicy for Tetheroffload AIDL" am: b8194ca7fb am: d842a85d44 am: 96c4f6591c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2355402

Change-Id: Iee354556ed20f847f84672d0032cb45f2326f3b9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-18 01:21:56 +00:00
Lorenzo Colitti
b8194ca7fb Merge "Update SEPolicy for Tetheroffload AIDL" 2023-01-18 00:04:51 +00:00
Thomas Nguyen
32e98f7b65 Add IRadioSatellite context am: 3445819d5a am: 8e04681736 am: 79a56bccb8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2380860

Change-Id: Id173536288cc8c643154091b07798bc326867a74
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-12 05:41:14 +00:00
Thomas Nguyen
3445819d5a Add IRadioSatellite context 
Bug: 260644201
Test: atest VtsHalRadioTargetTes

Change-Id: I43555e1f076cdf96fb0b7805cd664d7ba6798aec
 2023-01-10 18:27:41 +00:00
Nathalie Le Clair
6ab4000288 Merge "HDMI: Refactor HDMI packages" am: 98e20da831 am: b1b7c91270 am: 410ee2e7b1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2353483

Change-Id: Iebc38ccef625de72fdb585b27ffec979c5c6596f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-10 17:50:39 +00:00