tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
23749 commits 1 branch 0 tags 50 MiB
Commit graph

23749 commits

This branch
This branch
All branches
Author SHA1 Message Date
Automerger Merge Worker
26debce3b1 Merge "Revert "Allow MediaProvider to host FUSE devices."" am: 34a19b76ce am: ff8203a23d 
Change-Id: I48d778bb3bf1280b3a754e21128bc1b801fd87bc
 2020-01-10 22:12:54 +00:00
Zimuzo Ezeozue
ff8203a23d Merge "Revert "Allow MediaProvider to host FUSE devices."" 
am: 34a19b76ce

Change-Id: I1479f5277026410ac294973170f587db79e0dba9
 2020-01-10 14:01:21 -08:00
Zimuzo Ezeozue
34a19b76ce Merge "Revert "Allow MediaProvider to host FUSE devices."" 2020-01-10 21:17:15 +00:00
Automerger Merge Worker
542441962e Merge "priv_app: Remove rules allowing a priv-app to ptrace itself" am: 623fb38952 am: 5fc5ebb667 am: 6137fabe74 
Change-Id: Id70b8d29a9956015241859b1765477d2e9229601
 2020-01-10 20:53:43 +00:00
Automerger Merge Worker
6137fabe74 Merge "priv_app: Remove rules allowing a priv-app to ptrace itself" am: 623fb38952 am: 5fc5ebb667 
Change-Id: I1143161f6bb4c737320532a5310bf6308149df30
 2020-01-10 20:42:00 +00:00
Ashwini Oruganti
5fc5ebb667 Merge "priv_app: Remove rules allowing a priv-app to ptrace itself" 
am: 623fb38952

Change-Id: I88482ff21c826bfa0bc995fa2fd6ad7647315b0d
 2020-01-10 12:29:00 -08:00
Treehugger Robot
623fb38952 Merge "priv_app: Remove rules allowing a priv-app to ptrace itself" 2020-01-10 20:23:06 +00:00
Ricky Wai
288a72166e Merge "Allow zygote to relabel CE and DE dirs from tmpfs to system_data_file" am: 1f9ecdc894 am: c927bcffd2 
am: 27f0fe8a25

Change-Id: Ic6cfb68dacd352dae08fb3946c1b0cb7ad788d8d
 2020-01-10 11:50:12 -08:00
Automerger Merge Worker
27f0fe8a25 Merge "Allow zygote to relabel CE and DE dirs from tmpfs to system_data_file" am: 1f9ecdc894 am: c927bcffd2 
Change-Id: I200e837e4bc91308159d75ef75f6a27231042637
 2020-01-10 19:32:06 +00:00
Ashwini Oruganti
a40840daa8 priv_app: Remove rules for system_update_service 
We added an auditallow for these permissions on 11/26/2019, and have not
seen any recent logs for this in go/sedenials. No other priv-app should
rely on this now that gmscore is running in its own domain.

Bug: 142672293
Test: TH
Change-Id: Ic2f68b3af861e0c00e2dea731c4d6b3255ab5175
 2020-01-10 11:17:00 -08:00
Ricky Wai
c927bcffd2 Merge "Allow zygote to relabel CE and DE dirs from tmpfs to system_data_file" 
am: 1f9ecdc894

Change-Id: I7e34db5b2c08f9a26edfe3605a1756f52c260219
 2020-01-10 11:16:19 -08:00
Treehugger Robot
1f9ecdc894 Merge "Allow zygote to relabel CE and DE dirs from tmpfs to system_data_file" 2020-01-10 19:11:33 +00:00
Hector Dearman
c0bad7b98f Allow adb forward to traced consumer socket 
Currently shell can connect to the traced_consumer_socket allowing it to
configure/start/stop and collect traces. This allows a host tool (e.g. Android Studio or
https://ui.perfetto.dev) to connect to the device via adb and collect traces. It would
be better if rather than executing shell commands the host tool could directly communicate
with the consumer socket. This is possible using adb forward:

adb forward tcp:9903 localfilesystem:/dev/socket/traced_consumer

However in this case adbd is connecting to the socket - not shell.

This CL allows adbd to connect to the socket which allows host tools to collect
traces without having to do everything though shell commands.

Note that this patch also has additional change on prebuilts in order to
backport.

Denial:
08-30 11:28:05.809 10254 10254 W adbd    : type=1400 audit(0.0:1129): avc: denied { write } for name="traced_consumer" dev="tmpfs" ino=6719 scontext=u:r:adbd:s0 tcontext=u:object_r:traced_consumer_socket:s0 tclass=sock_file permissive=0

Test: Cherry pick CL to master, make, flash
adb logcat | grep denied
adb forward tcp:9903 localfilesystem:/dev/socket/traced_consumer

Bug: b/139536756
Change-Id: Ie08e687c0b06d0e1121009e8cd70319a8f907ae2
(cherry-picked from commit b56a49d979)
 2020-01-10 09:17:27 -08:00
Automerger Merge Worker
b55eb31cd2 Merge "priv_app: Remove rules for storaged" am: 6df27928dd am: dfa114baa8 am: 800101ae81 
Change-Id: Iae2eacb79ed37eacb7aad16fd64e143c95f8fad9
 2020-01-10 15:33:34 +00:00
Automerger Merge Worker
800101ae81 Merge "priv_app: Remove rules for storaged" am: 6df27928dd am: dfa114baa8 
Change-Id: Ib3cee8b1ee6086660ad17565eec0f4555d6bd18c
 2020-01-10 15:20:40 +00:00
Ashwini Oruganti
dfa114baa8 Merge "priv_app: Remove rules for storaged" 
am: 6df27928dd

Change-Id: I429d311045b9731da248ea4fa301ab99679f2563
 2020-01-10 07:10:58 -08:00
Treehugger Robot
6df27928dd Merge "priv_app: Remove rules for storaged" 2020-01-10 14:49:32 +00:00
Automerger Merge Worker
6d6c20b5d4 [automerger skipped] Merge "Make cronet file_contexts as "android:path" property" am: ddbfce2080 am: 9e2bdab71a am: e8b064e2d8 -s ours 
am skip reason: Change-Id I0608eb4bb43cee50f49217f19fb53f297fbf5ead with SHA-1 a9ea7fa135 is in history

Change-Id: I54c067daa9c355ab11bdb5c5d5b39d302d06a508
 2020-01-10 14:27:56 +00:00
Ricky Wai
b2b7c02e7d Allow zygote to relabel CE and DE dirs from tmpfs to system_data_file 
Also, allow zygote to scan dirs in /mnt/expand and relabel.

Test: No denials at boot
Test: No denials seen when creating mounts
Bug: 143937733
Change-Id: I86e77d27f5e9fb2f5852f787c7e5d9179c7404aa
 2020-01-10 14:26:40 +00:00
Automerger Merge Worker
e8b064e2d8 Merge "Make cronet file_contexts as "android:path" property" am: ddbfce2080 am: 9e2bdab71a 
Change-Id: If7ed7c43f31ce793844311a11d13c6e63d89e998
 2020-01-10 14:16:29 +00:00
Luke Huang
9e2bdab71a Merge "Make cronet file_contexts as "android:path" property" 
am: ddbfce2080

Change-Id: I8d7836965ed6a9af2fb9c2e33390b66b953bf578
 2020-01-10 06:03:22 -08:00
Luke Huang
ddbfce2080 Merge "Make cronet file_contexts as "android:path" property" 2020-01-10 13:43:57 +00:00
Luke Huang
a63ba2a0a1 Make cronet file_contexts as "android:path" property 
It follows examples of other APEX to make file_contexts of cronet
module as "android:path" property

Bug: 146416755
Test: atest cronet_e2e_tests
Test: atest CronetApiTest
Change-Id: I0608eb4bb43cee50f49217f19fb53f297fbf5ead
Merged-In: I0608eb4bb43cee50f49217f19fb53f297fbf5ead
 2020-01-10 13:15:07 +00:00
Automerger Merge Worker
487ea0df5f Merge "Using macro "rx_file_perms" instead of "execute_no_trans"." am: 1fbac29eba am: 2696b11045 am: d1ee2d89f8 
Change-Id: Iae70b1b7d60be3e24b4aee95b2c4f9fd93fb02cf
 2020-01-10 09:42:10 +00:00
Automerger Merge Worker
59804075fc Merge "Add Selinux rule to allow iorapd to execute compiler." am: 88f2ed8186 am: 447fb2d958 am: 3a63ab10aa 
Change-Id: I2ee4a741e73677a580a32e763f56964d1875aad5
 2020-01-10 09:41:13 +00:00
Automerger Merge Worker
756c4ee8e3 priv_app: Remove rules for keystore am: 75ccb46de7 am: fc9b3ae921 am: c66271a92a 
Change-Id: I807af115d4d7349ec93d09b1d7b57a1858f02f93
 2020-01-10 09:39:08 +00:00
Automerger Merge Worker
d1ee2d89f8 Merge "Using macro "rx_file_perms" instead of "execute_no_trans"." am: 1fbac29eba am: 2696b11045 
Change-Id: Ia92c2fe3ca9474ed88ce2461b203014d48275548
 2020-01-10 09:32:28 +00:00
Yan Wang
2696b11045 Merge "Using macro "rx_file_perms" instead of "execute_no_trans"." 
am: 1fbac29eba

Change-Id: I7411d2dc1492659affbec1bfcd25c670870fe565
 2020-01-10 01:25:55 -08:00
Automerger Merge Worker
3a63ab10aa Merge "Add Selinux rule to allow iorapd to execute compiler." am: 88f2ed8186 am: 447fb2d958 
Change-Id: I85dacc88d5698c8378536467c843be0b228fd15c
 2020-01-10 09:23:34 +00:00
Treehugger Robot
1fbac29eba Merge "Using macro "rx_file_perms" instead of "execute_no_trans"." 2020-01-10 09:23:21 +00:00
Automerger Merge Worker
c66271a92a priv_app: Remove rules for keystore am: 75ccb46de7 am: fc9b3ae921 
Change-Id: Ia3daaee76a05f7b40e8394c29090eb8f888e7b18
 2020-01-10 09:22:36 +00:00
Yan Wang
447fb2d958 Merge "Add Selinux rule to allow iorapd to execute compiler." 
am: 88f2ed8186

Change-Id: I9251022a6cb6b0539557e0db849d425e4cdf1496
 2020-01-10 01:10:22 -08:00
Ashwini Oruganti
fc9b3ae921 priv_app: Remove rules for keystore 
am: 75ccb46de7

Change-Id: I8008be5dc05323fe5351aaa41d0c690997396fd3
 2020-01-10 01:08:54 -08:00
Automerger Merge Worker
fb03248028 Revert "Revert "Allow dumpstate to dumpsys gpu"" am: b5c47df035 am: ffbc6ab3ad 
Change-Id: I552720df9e613b6fa50d8cafc90c840db46875a5
 2020-01-10 08:34:18 +00:00
Treehugger Robot
88f2ed8186 Merge "Add Selinux rule to allow iorapd to execute compiler." 2020-01-10 08:27:26 +00:00
Automerger Merge Worker
ffbc6ab3ad Revert "Revert "Allow dumpstate to dumpsys gpu"" am: b5c47df035 
Change-Id: Ic486302dbcf93e2987fe250ef87bc23b4e9d5897
 2020-01-10 08:15:48 +00:00
Yiwei Zhang
b5c47df035 Revert "Revert "Allow dumpstate to dumpsys gpu"" 
This reverts commit 6daec46264.

Reason for revert: b/147458874

Bug: 132402890
Test: build passes on coral-userdebug

Change-Id: Ibcbc06e99561be424aa953e62985abb5b5864c56
 2020-01-09 18:51:24 -08:00
Automerger Merge Worker
a3b5c68304 Revert "Allow dumpstate to dumpsys gpu" am: 6daec46264 am: 046164f327 
Change-Id: Ib51aaf7da1aab72cb5a4c11dd6ce3e68e885fa47
 2020-01-10 02:41:21 +00:00
Automerger Merge Worker
046164f327 Revert "Allow dumpstate to dumpsys gpu" am: 6daec46264 
Change-Id: Ie5ad8ca29bbb6df531945b7ca622d60b29400dba
 2020-01-10 02:22:46 +00:00
Yiwei Zhang
6daec46264 Revert "Allow dumpstate to dumpsys gpu" 
This reverts commit 979f5a44bf.

Reason for revert: b/147458874

Change-Id: Id8a9d7e50dbd3f293e01ab6277e9e54a8ed7619d
 2020-01-10 02:05:58 +00:00
Automerger Merge Worker
abddd9d6fa Allow dumpstate to dumpsys gpu am: 979f5a44bf am: 05a61058ed 
Change-Id: Idc97616e3d273ad27524b65fecf2c9f9ed27825e
 2020-01-10 01:17:44 +00:00
Automerger Merge Worker
05a61058ed Allow dumpstate to dumpsys gpu am: 979f5a44bf 
Change-Id: I3b2428f02599635a6d19f9e0dda27583a3705e42
 2020-01-10 01:05:39 +00:00
Yiwei Zhang
979f5a44bf Allow dumpstate to dumpsys gpu 
Bug: 132402890
Test: adb bugreport and verify dumpsys gpu is included.
Change-Id: Ib145937889f9616a0dcdabb7b58839fb715bf6c3
 2020-01-09 15:31:59 -08:00
Ashwini Oruganti
2ba18e99d8 priv_app: Remove rules allowing a priv-app to ptrace itself 
We added an auditallow for these permissions on 12/11/2019, and have not
seen any recent logs for this in go/sedenials. No other priv-app should
rely on this now that gmscore is running in its own domain.

Bug: 142672293
Test: TH
Change-Id: Iaeaef560883b61644625b21e5c7095d4d9c68da9
 2020-01-09 13:37:30 -08:00
Ashwini Oruganti
75ccb46de7 priv_app: Remove rules for keystore 
We added an auditallow for these permissions on 11/26/2019, and have not
seen any recent logs for this in go/sedenials. No other priv-app should
rely on this now that gmscore is running in its own domain.

Bug: 142672293
Test: TH
Change-Id: I18f99f54385b7c4e7c2ae923eff4c76800323a73
 2020-01-09 13:23:40 -08:00
Yan Wang
67e8fcc902 Using macro "rx_file_perms" instead of "execute_no_trans". 
Bug: 147320338
Test: Run the maintenance and check if the compiled is executed.
 2020-01-09 13:23:01 -08:00
Ashwini Oruganti
d1a8f0dcb4 priv_app: Remove rules for storaged 
We added an auditallow for these permissions on 11/26/2019, and have not
seen any recent logs for this in go/sedenials. No other priv-app should
rely on this now that gmscore is running in its own domain.

Bug: 142672293
Test: TH
Change-Id: I2a59cac8041646b548ba1a73fcd5fddabb4d1429
 2020-01-09 13:02:38 -08:00
Yan Wang
7d844ee436 Add Selinux rule to allow iorapd to execute compiler. 
Bug: 147320338
Test: Run the maintenance and check if the compiled is executed.
Change-Id: Idbd193483a106969a8a421150101efa00aee460d
 2020-01-09 12:43:18 -08:00
Automerger Merge Worker
f6a32a265d Merge "Add userspace_reboot_config_prop property type" am: 0b099c801d am: e1811f9499 am: 414328b512 
Change-Id: I4ebe3ec270fffc8d8609c2650393f6963e17b0c5
 2020-01-09 10:32:08 +00:00
Automerger Merge Worker
414328b512 Merge "Add userspace_reboot_config_prop property type" am: 0b099c801d am: e1811f9499 
Change-Id: I4dfdbb96ba33ccb7083d701c8fcc2e9a4b15f0a0
 2020-01-09 10:18:56 +00:00