tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
22578 commits 1 branch 0 tags 50 MiB
Commit graph

22578 commits

This branch
This branch
All branches
Author SHA1 Message Date
Shuo Qian
584234e8b1 Merge "Setting up SELinux policy for Emergency number database" 2019-11-27 19:14:50 +00:00
Jeff Vander Stoep
ae3667d6ae Whitelist app->storage denials 
am: 99d5970dcf

Change-Id: I93dae16d115d35d2eebb35d8cc98cbf941b11873
 2019-11-27 10:49:17 -08:00
evitayan
780185f503 Make ipsec file_contexts as "android:path" property 
It follows examples of other APEX to make file_contexts of ipsec
module as "android:path" property

Bug: 143192273
Test: atest ipsec_e2e_tests
Change-Id: Idbba1f964aad7e54077ac77250f9cfd6a6b5049e
 2019-11-27 07:00:14 -08:00
Jeff Vander Stoep
99d5970dcf Whitelist app->storage denials 
Make presubmit less flaky.

Bug: 145267097
Test: build
Change-Id: Id3e8c636f9ebda0dd07a0dcf5211f4a73bd3e3c2
 2019-11-27 15:01:05 +01:00
Harpreet \"Eli\" Sangha
ae8ad79141 Merge "Fix File Context Entry for Bluetooth Services." 
am: d6a91453d8

Change-Id: I437f849121d5aa8fdc6f312c92880558af157a74
 2019-11-26 20:04:55 -08:00
Treehugger Robot
d6a91453d8 Merge "Fix File Context Entry for Bluetooth Services." 2019-11-27 03:56:40 +00:00
Terry Wang
038b7b664f Merge "Add apex structure to appsearch module." 
am: 4a51f6d55d

Change-Id: I4fd1bb01d20d9c684a2437378737b74af0f51fa2
 2019-11-26 18:09:34 -08:00
Treehugger Robot
4a51f6d55d Merge "Add apex structure to appsearch module." 2019-11-27 02:04:39 +00:00
Harpreet \"Eli\" Sangha
078689ae03 Fix File Context Entry for Bluetooth Services. 
Test: Boot on HiKey960 and check dmesg errors.
Change-Id: I9ac0968753c7cd9a23c63eac98b20a7778277716
Signed-off-by: Harpreet \"Eli\" Sangha <eliptus@google.com>
 2019-11-27 10:11:12 +09:00
Roshan Pius
34c69ae8eb Merge changes Ifa33dae9,I69ccc6af,Ibb4db9d9 
am: d16a3968f3

Change-Id: Ib57570877f9195b2d54337552e4ee868f7dbc29f
 2019-11-26 16:48:07 -08:00
Treehugger Robot
d16a3968f3 Merge changes Ifa33dae9,I69ccc6af,Ibb4db9d9 
* changes:
  Revert "sepolicy: Permission changes for new wifi mainline module"
  Revert "wifi_stack: Move to network_stack process"
  Revert "sepolicy(wifi): Allow audio service access from wifi"
 2019-11-27 00:41:35 +00:00
Ashwini Oruganti
3d23d9ab9e Merge "Audit GMS core related allow rules in priv_app.te" 
am: 63fb238052

Change-Id: I6f3c1e455ade4deb13cde882bcf864ca6ea4f7c5
 2019-11-26 15:04:38 -08:00
Treehugger Robot
63fb238052 Merge "Audit GMS core related allow rules in priv_app.te" 2019-11-26 23:00:25 +00:00
David Sehr
b08791945a Merge "Revert^2 "SELinux policy for system server JVMTI"" 
am: 453ed17a61

Change-Id: Ia488cd027e46fa6f20ebbce91ea6ada63ab5e6da
 2019-11-26 14:26:00 -08:00
David Sehr
453ed17a61 Merge "Revert^2 "SELinux policy for system server JVMTI"" 2019-11-26 22:19:11 +00:00
Ashwini Oruganti
e6ed127dcb Audit GMS core related allow rules in priv_app.te 
We've moved GMS core to its own domain, and these permissions should be
removed from the priv_app domain. This change adds auditallow to these
permissions so we know if it's safe to check if any other privapps are
relying on these.

Bug: 142672293
Test: Green builds
Change-Id: I35402f1166a0edf8e001d894413f470c090c7b57
 2019-11-26 13:16:21 -08:00
Shuo Qian
9322cb088a Setting up SELinux policy for Emergency number database 
Test: Manual; https://paste.googleplex.com/6222197494382592
Bug: 136027884
Change-Id: I29214de6b5b5a62bff246c1256567844f4ce55c7
 2019-11-26 12:51:02 -08:00
Colin Cross
bb82c57996 Merge "bug_map: track bluetooth storage_stub_file denial" 
am: e84bef4647

Change-Id: I2151dbd566bd46a20a375a9519c6d6e8817dc567
 2019-11-26 12:07:41 -08:00
Colin Cross
e84bef4647 Merge "bug_map: track bluetooth storage_stub_file denial" 2019-11-26 18:33:37 +00:00
Colin Cross
b24b629ed3 bug_map: track bluetooth storage_stub_file denial 
Bug: 145212474
Test: none
Change-Id: I64e7e73907637e100d59b735c57cc40996044607
 2019-11-26 10:31:46 -08:00
markchien
b4eb08da19 Merge "[Tether12] Give network stack permission for tetheroffload" 
am: e91bdc73d8

Change-Id: I703bffef2c8cf333fcd01532311cecdbebd8c800
 2019-11-26 05:41:52 -08:00
Treehugger Robot
e91bdc73d8 Merge "[Tether12] Give network stack permission for tetheroffload" 2019-11-26 13:34:38 +00:00
Robert Shih
caefd4cdc3 Merge "allow mediaserver to access drm hidl" 
am: 487411abab

Change-Id: Ie12aa1b3fe9fa2e38e1c56399b78a7723325fb5a
 2019-11-25 17:46:02 -08:00
Robert Shih
487411abab Merge "allow mediaserver to access drm hidl" 2019-11-26 01:36:00 +00:00
Zach Johnson
f2c87aaf79 Add sepolicy for bluetooth apex 
Bug: 142747680
Test: compile, verify APEX mounts correctly
Change-Id: I3d1bd964343584b3f344d82b58019acad6de353c
 2019-11-25 17:07:31 -08:00
Roshan Pius
43af57f547 sepolicy: Add entry for wifi apex mainline module 
am: 3fbdcd4380

Change-Id: I385293784511012d8c543e00b67581f78668dee6
 2019-11-25 16:24:38 -08:00
David Sehr
fa67ec4126 Revert^2 "SELinux policy for system server JVMTI" 
This reverts commit baa06ee2cd.

Reason for revert: Added missing property name in vendor_init.te.

Bug: none
Test: none (other than neverallow checking)
Change-Id: I9e93bf4ea6ca3a4634f8f4cbce2f13c5f410883b
 2019-11-25 15:53:52 -08:00
Roshan Pius
3fbdcd4380 sepolicy: Add entry for wifi apex mainline module 
Bug: 144722612
Test: Device boots up & connects to wifi networks
Change-Id: If9207075b87dc938926c1fc1432d3b8fe481bc02
 2019-11-25 20:51:50 +00:00
Terry Wang
fe5e7f7000 Add apex structure to appsearch module. 
This change adds file_contexts for appsearch.

Bug: 144874026
Test: manual
Change-Id: Id8cba2eab3dbaab252eb42095e2ed265446b93c8
 2019-11-25 11:30:38 -08:00
Robert Shih
cc8a4d3bf2 allow mediaserver to access drm hidl 
Previously mediaserver could only access hidl via mediadrmserver.
Required because mediadrmserver will be removed in R.

Bug: 134787536
Bug: 144731879
Test: MediaPlayerDrmTest
Change-Id: If0ae1453251e88775a43750e24f7dac198294780
 2019-11-25 11:24:44 -08:00
Ashwini Oruganti
f1c2a3821e Merge "Create a separate SELinux domain for gmscore" 
am: 8f079fb0e2

Change-Id: I0311937da013fd703208f89f784cbf3c037f3740
 2019-11-25 09:09:30 -08:00
Ashwini Oruganti
8f079fb0e2 Merge "Create a separate SELinux domain for gmscore" 2019-11-25 16:59:10 +00:00
Dan Willemsen
ebc6276b23 Fix sepolicy_tests on Mac 10.15 
am: 1f944107a3

Change-Id: I5eec01713699814ee76f98db6c00e0711a5b2425
 2019-11-25 05:45:47 -08:00
Dan Willemsen
1f944107a3 Fix sepolicy_tests on Mac 10.15 
This is dlopened by sepolicy_tests, which uses embeds the python
interpreter built from our tree. That python interpreter links against
the shared version of libc++, so mixing it with this static copy was
causing segfaults on Mac 10.15 (but apparently not elsewhere).

Test: SANITIZE_HOST=address m treble_sepolicy_tests
Test: `m` on Mac 10.15
Change-Id: I31744acd018ea4c980c46a9979bbad17ae1c4f68
 2019-11-23 17:45:01 -08:00
Martijn Coenen
6f6f3e04a8 Merge changes Ide8fc07c,Ia1f51db4 
am: d1460a1111

Change-Id: Iafec16db4abd3ceb6a2ab398c2c91c0f3c171c39
 2019-11-23 01:18:01 -08:00
Martijn Coenen
d1460a1111 Merge changes Ide8fc07c,Ia1f51db4 
* changes:
  Allow vold to mount on top of /data/media.
  Revert "Temporarily relax Zygote storage mounting rules."
 2019-11-23 09:10:34 +00:00
Benedict Wong
07b24a8c03 Merge "Add file_contexts for com.android.ipsec" 
am: bf76bf82e1

Change-Id: I0b1b01f32cb1c6089ca0319818dbfc559d09452b
 2019-11-22 20:10:58 -08:00
Benedict Wong
bf76bf82e1 Merge "Add file_contexts for com.android.ipsec" 2019-11-23 03:45:53 +00:00
Jooyung Han
d7e4075389 Merge "Make file_contexts as "android:path" property" 
am: c9e73b87e2

Change-Id: I67730ea8df6764e83ad481a5f473507dc44a7737
 2019-11-22 19:45:26 -08:00
Jooyung Han
c9e73b87e2 Merge "Make file_contexts as "android:path" property" 2019-11-23 03:37:33 +00:00
Mathieu Chartier
41337fa284 Merge "Revert "Remove ability to set profilebootimage and profilesystemserver"" 
am: c075ef38d4

Change-Id: I1f2f8935532715ba77e9a9f2bef11dd8965e5bfa
 2019-11-22 15:05:54 -08:00
Mathieu Chartier
c075ef38d4 Merge "Revert "Remove ability to set profilebootimage and profilesystemserver"" 2019-11-22 22:52:45 +00:00
Raman Tenneti
2159cbe2cd Merge "Revert submission" 
am: 9f793aff87

Change-Id: I54a74c3b4b6f1d344bd9ac2aef1f3457634f473a
 2019-11-22 13:51:53 -08:00
Raman Tenneti
9f793aff87 Merge "Revert submission" 2019-11-22 21:17:29 +00:00
Raman Tenneti
baa06ee2cd Revert submission 
Reason for revert: BUG: 145006573

Change-Id: I87f640383ab0fc4005ce31f938e81dcfa6572058
 2019-11-22 21:07:49 +00:00
Tomasz Wasilczyk
fadede5a4d Merge "Vehicle HAL: allow communication with CAN bus HAL and alternative service naming" 
am: eeb6279953

Change-Id: I7a8431161ed07bcce3d76b1f89b849238ebfa452
 2019-11-22 12:54:18 -08:00
Tomasz Wasilczyk
eeb6279953 Merge "Vehicle HAL: allow communication with CAN bus HAL and alternative service naming" 2019-11-22 20:27:23 +00:00
David Sehr
ddb207c7c0 Merge "SELinux policy for system server JVMTI property" 
am: c0bb680fee

Change-Id: I46d3fd825f918ac0150de81c18906e4fddbde620
 2019-11-22 10:43:56 -08:00
Ashwini Oruganti
c46a7bc759 Create a separate SELinux domain for gmscore 
This change creates a gmscore_app domain for gmscore. The domain is
currently in permissive mode (for userdebug and eng builds), while we
observe the SELinux denials generated and update the gmscore_app rules
accordingly.

Bug: 142672293
Test: Flashed a device with this build and verified
com.google.android.gms runs in the gmscore_app domain. Tested different
flows on the Play Store app, e.g., create a new account, log in, update
an app, etc. and verified no new denials were generated.
Change-Id: Ie5cb2026f1427a21f25fde7e5bd00d82e859f9f3
 2019-11-22 10:39:19 -08:00
David Sehr
c0bb680fee Merge "SELinux policy for system server JVMTI property" 2019-11-22 18:36:20 +00:00