tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
38019 commits 1 branch 0 tags 50 MiB
Commit graph

38019 commits

This branch
This branch
All branches
Author SHA1 Message Date
Joe Bolinger
197b314b4b Add virtual fingerprint instance to policy. 
Bug: 228638448
Change-Id: Id9cd3565d731ba98f18e91c50fc19b6820bf3172
Test: N/A
 2022-04-21 22:57:01 +00:00
Mitch Phillips
a4e951b3bf Merge "[GWP-ASan] Add sysprop, allow shell and system apps to set it." am: 800e948e61 am: e3256e3d21 am: 41949ce19f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2040964

Change-Id: I93cc3b9a1ff2fe74bea47ed0e7898daf7fef4a4e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-21 19:18:20 +00:00
Mitch Phillips
41949ce19f Merge "[GWP-ASan] Add sysprop, allow shell and system apps to set it." am: 800e948e61 am: e3256e3d21 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2040964

Change-Id: Id6e87365d0876a07b50cffa9d29e30af6db1f75f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-21 18:58:06 +00:00
Mitch Phillips
e3256e3d21 Merge "[GWP-ASan] Add sysprop, allow shell and system apps to set it." am: 800e948e61 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2040964

Change-Id: I1e2b9edd633ef294e1a3b017f8ff0e1f685331ea
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-21 18:32:15 +00:00
Seth Moore
17f6ea42a0 Merge "Allow the remote provisioner app to set rkp_only properties" am: 222e99e26f am: 6252da2cd1 am: 9905fc4a41 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2069269

Change-Id: I93de9d208a9e74011e53230e76d0837008d4264c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-21 18:25:10 +00:00
Mitch Phillips
800e948e61 Merge "[GWP-ASan] Add sysprop, allow shell and system apps to set it." 2022-04-21 18:12:43 +00:00
Seth Moore
9905fc4a41 Merge "Allow the remote provisioner app to set rkp_only properties" am: 222e99e26f am: 6252da2cd1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2069269

Change-Id: Ica01921f6394ea615e4a0968f20595d1d01bbdb2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-21 17:53:04 +00:00
Seth Moore
6252da2cd1 Merge "Allow the remote provisioner app to set rkp_only properties" am: 222e99e26f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2069269

Change-Id: Ie15a61b54416f9b0b38b7a108e1b76a724dcc505
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-21 17:29:29 +00:00
Seth Moore
222e99e26f Merge "Allow the remote provisioner app to set rkp_only properties" 2022-04-21 17:23:11 +00:00
Maciej Żenczykowski
58613fdcbc Merge "Grants clatd privs since forked by system server" am: 1ebfb867a8 am: 25192167a1 am: 90917bdb88 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1951036

Change-Id: I23d75e84037faaaebf5db34d92556c1adcf9951f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-21 14:34:12 +00:00
Maciej Żenczykowski
90917bdb88 Merge "Grants clatd privs since forked by system server" am: 1ebfb867a8 am: 25192167a1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1951036

Change-Id: Ibecb56c53508308b24e640d7980f799fe0ae986a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-21 14:27:28 +00:00
Maciej Żenczykowski
25192167a1 Merge "Grants clatd privs since forked by system server" am: 1ebfb867a8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1951036

Change-Id: Id5a3158b63aa2d0a5e5e0776e0d35e5cd606d077
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-21 14:04:05 +00:00
Maciej Żenczykowski
1ebfb867a8 Merge "Grants clatd privs since forked by system server" 2022-04-21 14:00:23 +00:00
Treehugger Robot
967b1bf766 Merge "Track sys_module permission for system_server" am: bd3e8d9520 am: 0bd269a7c8 am: be5064c7e3 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2063148

Change-Id: I039d90d8d087bd40fdc3dd4bb9f53475ad8905a0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-21 09:15:36 +00:00
Treehugger Robot
be5064c7e3 Merge "Track sys_module permission for system_server" am: bd3e8d9520 am: 0bd269a7c8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2063148

Change-Id: Ided0fcda523b8fba24638983598e195b5abe39a6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-21 08:03:13 +00:00
Treehugger Robot
0bd269a7c8 Merge "Track sys_module permission for system_server" am: bd3e8d9520 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2063148

Change-Id: I20f877611275635eff7de29353b09eb82dd1d6ae
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-21 07:38:31 +00:00
Treehugger Robot
bd3e8d9520 Merge "Track sys_module permission for system_server" 2022-04-21 07:20:26 +00:00
Alistair Delva
7fed0b0323 [automerger skipped] Merge "Adds GPU sepolicy to support devices with DRM gralloc/rendering" am: ce19c41b8f am: f54bcca352 am: 5fffa5cc55 -s ours 
am skip reason: Merged-In I4f7d4b0fb90bfeef72f94396ff0c5fe44d53510c with SHA-1 365024e53f is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1999610

Change-Id: I82f2087830376e6412c8bab9e5110ac2870ab92f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-21 05:13:13 +00:00
Alistair Delva
5fffa5cc55 Merge "Adds GPU sepolicy to support devices with DRM gralloc/rendering" am: ce19c41b8f am: f54bcca352 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1999610

Change-Id: I8e4acb5727ff75a164899cd809151d15ddd71925
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-21 04:58:50 +00:00
Alistair Delva
f54bcca352 Merge "Adds GPU sepolicy to support devices with DRM gralloc/rendering" am: ce19c41b8f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1999610

Change-Id: I7e7ed07eaaededa0e42c48884be50d5c09a334fc
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-21 04:43:58 +00:00
Alistair Delva
ce19c41b8f Merge "Adds GPU sepolicy to support devices with DRM gralloc/rendering" 2022-04-21 04:21:45 +00:00
Seth Moore
8bfdd82123 Allow the remote provisioner app to set rkp_only properties 
The properties for rkp_only are no longer read only.

This allows remote provisioner unit tests to enable/disable the remote
provisioning only mode, which is required to fully verify functionality.

Test: RemoteProvisionerUnitTests
Bug: 227306369
Change-Id: I8006712a49c4d0605f6268068414b49714bbd939
 2022-04-20 17:15:20 -07:00
Treehugger Robot
b4e33383f4 Merge "Adds system_user_mode_emulation_prop property." am: 7c9e7bbb11 am: a8176be752 am: 1745cf4d37 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2069890

Change-Id: I076fcc5ad4d166d3272ca01df9ee25b2b997cce2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-20 23:56:42 +00:00
Treehugger Robot
1745cf4d37 Merge "Adds system_user_mode_emulation_prop property." am: 7c9e7bbb11 am: a8176be752 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2069890

Change-Id: I50ab30c555fc082fc0e018244c83eef8b349f0ae
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-20 23:39:02 +00:00
Treehugger Robot
a8176be752 Merge "Adds system_user_mode_emulation_prop property." am: 7c9e7bbb11 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2069890

Change-Id: Id0d7a9d11f99b49d8ff68d7e70d4fbbbc972dbb4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-20 23:12:35 +00:00
Treehugger Robot
7c9e7bbb11 Merge "Adds system_user_mode_emulation_prop property." 2022-04-20 22:51:45 +00:00
Felipe Leme
9a385b2112 Adds system_user_mode_emulation_prop property. 
It will be used by system_server only (i.e., not even Shell) to let
developers change the system user mode (to be headless or full).

Test: sesearch --allow -t system_user_mode_emulation_prop $ANDROID_PRODUCT_OUT/vendor/etc/selinux/precompiled_sepolicy

Bug: 226643927

Change-Id: Iaba42fd56dce0d8d794ef129634df78f9599260f
 2022-04-20 13:28:01 -07:00
Eric Biggers
02fbbfda85 Merge "vold.te: stop allowing use of keymaster HAL directly" am: 39b27b87ba am: 60ac375f3a am: bbbe7065ff 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2065468

Change-Id: I9608f3e7740358e5bc276596f6f2c793c40aa3b7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-20 19:33:12 +00:00
Eric Biggers
bbbe7065ff Merge "vold.te: stop allowing use of keymaster HAL directly" am: 39b27b87ba am: 60ac375f3a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2065468

Change-Id: I87b844aca5e2e4947316337d23698e0b8ce38d49
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-20 18:56:21 +00:00
Eric Biggers
60ac375f3a Merge "vold.te: stop allowing use of keymaster HAL directly" am: 39b27b87ba 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2065468

Change-Id: Ifc25cc95d76b9bc8cb05cb2a5ce14b39a402f21a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-20 18:21:47 +00:00
Eric Biggers
39b27b87ba Merge "vold.te: stop allowing use of keymaster HAL directly" 2022-04-20 17:42:28 +00:00
Shikha Panwar
21e6b08c1f Merge "Allow microdroid to start tombstone_transmit service" am: 8feef80fab am: be9fea3b8b am: 8385d8d30f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2063853

Change-Id: I2635b1b3b91de463cc52443346641ad101f4fd05
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-20 12:04:21 +00:00
Shikha Panwar
8385d8d30f Merge "Allow microdroid to start tombstone_transmit service" am: 8feef80fab am: be9fea3b8b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2063853

Change-Id: I281881cdbc8dce386615b8909fe1ce036bab7f6b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-20 11:37:33 +00:00
Shikha Panwar
be9fea3b8b Merge "Allow microdroid to start tombstone_transmit service" am: 8feef80fab 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2063853

Change-Id: Iea79abd91d9f3ca7dd30755f4a415fb916246ce9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-20 11:17:30 +00:00
Shikha Panwar
8feef80fab Merge "Allow microdroid to start tombstone_transmit service" 2022-04-20 11:08:23 +00:00
Treehugger Robot
f222a5573d Merge "crosvm can access data_shell_file on user builds" am: d222ea676b am: af42eee34c am: 178a031dce 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2064912

Change-Id: I7ddc8fdcd1fbdcc62f684bc1d5f4c7724ee24138
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-20 06:24:26 +00:00
Treehugger Robot
d0c5796ee1 Merge "/apex/com.android.art/bin/dex2oat is a symlink, so allow reading it from the shell." am: b87591b7c6 am: e5defcf3d4 am: 28092b79f5 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2063854

Change-Id: Idf8ab3f470faab31ec46ead48191152b1361e570
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-20 06:22:55 +00:00
Treehugger Robot
ab3bbb8f39 Merge "Remove obsolete rule allowing installd to use fsverity ioctls" am: 12399e945e am: 7fd8710e46 am: 765d9cbd6e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2065527

Change-Id: I8bb8dcc11ed364acf78ad34bc5e70e09b5f22d45
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-20 06:21:10 +00:00
Eric Biggers
20dcec9d16 Merge "Remove some FDE rules and update comments" am: b83a6d1168 am: fa1f9cb2b8 am: 1eacebf142 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2065887

Change-Id: I98e0e9f1c6131617119aa966bb88d7ec229b1d66
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-20 06:14:22 +00:00
Treehugger Robot
178a031dce Merge "crosvm can access data_shell_file on user builds" am: d222ea676b am: af42eee34c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2064912

Change-Id: Ifcd1e801f0f591601eb054e0ea0b78c363afdc9f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-20 06:05:12 +00:00
Treehugger Robot
28092b79f5 Merge "/apex/com.android.art/bin/dex2oat is a symlink, so allow reading it from the shell." am: b87591b7c6 am: e5defcf3d4 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2063854

Change-Id: I86aa515b9d9150d7a955f057e34e282b356a41da
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-20 06:04:47 +00:00
Treehugger Robot
ef8b137ea7 Merge "apkdmverity: use LOOP_CONFIGURE" am: 10ea55472c am: 672b6a1776 am: 3949d85cc5 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2063894

Change-Id: Ifd651d2cfc11a934ecff636757394c3c2c541f8b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-20 06:04:25 +00:00
Xin Li
e7a70c0f03 [automerger skipped] Empty merge of sc-v2-dev-plus-aosp-without-vendor@8433047 am: 753b87fbc5 -s ours am: c1964cc4cd -s ours 
am skip reason: Merged-In Ic64ce88e137976149813888a0d6d2910fda359e7 with SHA-1 4d59166d11 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/17805282

Change-Id: I9386a1f2c7479b4d60fe5deb06c951f055a8e01f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-20 05:55:53 +00:00
Treehugger Robot
af42eee34c Merge "crosvm can access data_shell_file on user builds" am: d222ea676b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2064912

Change-Id: Icb55aca23bde8f9024a6790eb72440e2ed8c0878
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-20 05:47:51 +00:00
Treehugger Robot
e5defcf3d4 Merge "/apex/com.android.art/bin/dex2oat is a symlink, so allow reading it from the shell." am: b87591b7c6 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2063854

Change-Id: Iaee281b32e3100b8cfa1a94119580acbd897602a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-20 05:47:42 +00:00
Treehugger Robot
d222ea676b Merge "crosvm can access data_shell_file on user builds" 2022-04-20 05:32:32 +00:00
Treehugger Robot
b87591b7c6 Merge "/apex/com.android.art/bin/dex2oat is a symlink, so allow reading it from the shell." 2022-04-20 05:19:16 +00:00
Jiyong Park
cdd5e07956 crosvm can access data_shell_file on user builds 
Some of our CTS tests require that crosvm to have read/write access to
files on /data/local/tmp/virt which is labeled as data_shell_file.
Since CTS tests should pass on user builds, grant the access in user
builds as well.

Note that the open access is still disallowed in user builds.

Bug: 222013014
Test: run cts
Change-Id: I4f93ac64d72cfe63275f04f2c5ea6fb99e9b5874
 2022-04-20 08:35:19 +09:00
Eric Biggers
bf717e18f1 vold.te: stop allowing use of keymaster HAL directly 
Since Android 12, vold goes through the keystore daemon instead of using
the keymaster HAL directly.  Therefore, the SELinux rules that allow
vold to use the keymaster HAL directly are no longer needed.

Bug: 181910578
Change-Id: I8ecc47530cba82128c869ffd2fed9009dd7d5e05
 2022-04-19 21:57:18 +00:00
Treehugger Robot
765d9cbd6e Merge "Remove obsolete rule allowing installd to use fsverity ioctls" am: 12399e945e am: 7fd8710e46 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2065527

Change-Id: I28d6d8a3f89f01d888b1405aeba8a3316bfc4d62
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-19 21:50:11 +00:00