tequilaOS/platform_system_sepolicy

Author	SHA1	Message	Date
Treehugger Robot	9515104698	Merge "Relax sdk sandbox sepolicy." into udc-dev am: `2079ab2f28` am: `c76e2b4b91` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23061000 Change-Id: I91e80cb857886bdb37604ae5b615736e70c9d2f0 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-10 11:28:04 +00:00
Treehugger Robot	c76e2b4b91	Merge "Relax sdk sandbox sepolicy." into udc-dev am: `2079ab2f28` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23061000 Change-Id: I4377e8617fd1e9d97a0b28f88536ace2b9a4b12b Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-10 10:47:16 +00:00
Treehugger Robot	2079ab2f28	Merge "Relax sdk sandbox sepolicy." into udc-dev	2023-05-10 09:51:25 +00:00
Gavin Corkery	5e22766f47	Merge "Allow mediaprovider and mediaserver to read sdk_sandbox_data_file" into udc-dev am: `fefe81b685` am: `868227b663` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/21931719 Change-Id: I14bb602b1de39f74034026ae190c6df84920af7b Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-09 16:57:39 +00:00
Gavin Corkery	868227b663	Merge "Allow mediaprovider and mediaserver to read sdk_sandbox_data_file" into udc-dev am: `fefe81b685` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/21931719 Change-Id: Ia024858f4192ebeccfe6b86b16aafa19cd31b6ad Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-09 16:18:25 +00:00
Gavin Corkery	28db930df3	Merge "Allow mediaprovider and mediaserver to read sdk_sandbox_data_file" into udc-dev am: `fefe81b685` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/21931719 Change-Id: I057951e491c883dfd3beb784d76a920246f349ae Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-09 16:13:54 +00:00
Gavin Corkery	fefe81b685	Merge "Allow mediaprovider and mediaserver to read sdk_sandbox_data_file" into udc-dev	2023-05-09 15:41:32 +00:00
Gavin Corkery	10417857ea	Allow mediaprovider and mediaserver to read sdk_sandbox_data_file Context: go/videoview-local-sandbox. This change is required to play local files in a VideoView in the SDK sandbox. Ignore-AOSP-First: Cherrypick Test: Manual steps described in doc Bug: 266592086 Change-Id: I940609d5dff4fc73d0376489646488c7b96eebb8	2023-05-09 13:10:01 +00:00
Peiyong Lin	3f1f851297	Allow graphics_config_writable_prop to be modified. vendor_init needs to set graphics_config_writable_prop, moving it to system_public_prop. Ignore-AOSP-First: Cherry-pick Bug: b/270994705 Test: atest CtsAngleIntegrationHostTestCases Test: m && boot Change-Id: I2f47c1048aad4565cb13d4289b9a018734d18c07 (cherry picked from commit `194abd16cb`)	2023-05-08 00:25:29 +00:00
Mugdha Lakhani	30cf7bbf28	Relax sdk sandbox sepolicy. auditallow block from sdk_sandbox has been removed as we haven't yet measured the system health impact of adding this. It'll be added to an audit domain later after we've ruled out negative system health impact. Bug: b/270148964 Test: atest PackageManagerLocalTest SdkSandboxDataIsolationHostTest SdkSandboxRestrictionsTest Change-Id: Ic4ce690e82b09ed176495f3b55be6069ffc074ac Merged-In: Ic4ce690e82b09ed176495f3b55be6069ffc074ac	2023-05-06 19:25:40 +00:00
Peiyong Lin	bceecf2bd0	Merge "Allow graphics_config_writable_prop to be modified." into udc-dev am: `82e2aa6c61` am: `747e54326e` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22993902 Change-Id: Ibf257e1ffbcbb0ae1df14ce7c2393138999a8145 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-05 17:07:17 +00:00
Peiyong Lin	747e54326e	Merge "Allow graphics_config_writable_prop to be modified." into udc-dev am: `82e2aa6c61` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22993902 Change-Id: I0546c4468dfbfb017c3c288c83883f99e5cb8c7b Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-05 16:54:26 +00:00
Peiyong Lin	82e2aa6c61	Merge "Allow graphics_config_writable_prop to be modified." into udc-dev	2023-05-05 16:24:26 +00:00
Treehugger Robot	568be11492	Merge "Add neverallow rules to protect SDK's private data" into udc-dev am: `b7146a9e58` am: `e114c652a0` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22907484 Change-Id: I3c16dfe139609be098ebc781aecc8dbe332bafdf Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-05 16:03:38 +00:00
Treehugger Robot	e114c652a0	Merge "Add neverallow rules to protect SDK's private data" into udc-dev am: `b7146a9e58` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22907484 Change-Id: I245c4c12dff2028abfe1c7a3002c3a3b5e7b4e47 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-05 15:22:00 +00:00
Treehugger Robot	b7146a9e58	Merge "Add neverallow rules to protect SDK's private data" into udc-dev	2023-05-05 14:38:12 +00:00
Howard Chen	f0de156722	Merge "Allow gsid to create alternative installation directory" into udc-qpr-dev	2023-05-05 03:08:06 +00:00
Jay Civelli	ec3e029174	Merge "Add 2 new system properties for Quick Start" into udc-dev am: `5fd77a4e68` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22872879 Change-Id: I4da2eaa71f26a8a632e6749290bf94facb1237c5 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-04 17:13:08 +00:00
Jay Civelli	8212b528ce	Merge "Add 2 new system properties for Quick Start" into udc-dev am: `5fd77a4e68` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22872879 Change-Id: I4ed8cb09feae9b4f3b8990b82296332d2039d8da Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-04 17:08:35 +00:00
Mugdha Lakhani	2d9b9f2b31	Add neverallow rules to protect SDK's private data SDK's data should not be accessible directly by other domains, including system server. Added neverallow to ensure that. Bug: b/279885689 Test: make and boot device Change-Id: If6a6b4d43f297ec2aa27434dd26f6c88d0d8bcf2 Merged-In: If6a6b4d43f297ec2aa27434dd26f6c88d0d8bcf2	2023-05-04 16:38:40 +00:00
Jay Civelli	5fd77a4e68	Merge "Add 2 new system properties for Quick Start" into udc-dev	2023-05-04 16:35:59 +00:00
Peiyong Lin	194abd16cb	Allow graphics_config_writable_prop to be modified. vendor_init needs to set graphics_config_writable_prop, moving it to system_public_prop. Ignore-AOSP-First: Cherry-pick Bug: b/270994705 Test: atest CtsAngleIntegrationHostTestCases Test: m && boot Change-Id: I2f47c1048aad4565cb13d4289b9a018734d18c07 Merged-In: I2f47c1048aad4565cb13d4289b9a018734d18c07	2023-05-04 16:04:44 +00:00
Howard Chen	de62e955e3	Allow gsid to create alternative installation directory Bug: 275484855 Test: adb shell gsi_tool install -n -w \ --gsi-size $(du -b system.raw\|cut -f1) \ --install-dir /data/gsi/oem --userdata-size 8589934592 < system.raw Change-Id: I46aa48fafec2f3845fa1a5139afb8c03db6b0d4e	2023-05-04 13:52:44 +08:00
Jay Civelli	c97b3a244f	Add 2 new system properties for Quick Start Test: Manually validated that GmsCore can access the properties, but not a test app. Ignore-AOSP-First: Change is targeted at Google devices. Change-Id: I2fa520dc31b328738f9a5fd1bcfc6632b61ad912 Bug: 280330984	2023-05-03 04:04:15 +00:00
Kalesh Singh	f11e0af5c6	Merge "16k: Add sepolicy for max page size prop" into udc-dev am: `ad3183676c` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22935830 Change-Id: Ie0232a428d0ecbea5c10de26206bb4f7bc64d3af Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-02 16:45:55 +00:00
Kalesh Singh	ad3183676c	Merge "16k: Add sepolicy for max page size prop" into udc-dev	2023-05-02 16:11:59 +00:00
Jinyoung Jeong	8eaded4bc4	Fix selinux denial for setupwizard_esim_prop am: `e52a8f2a47` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22955599 Change-Id: I5a52a063ffaba2f4063ff2865172e6bc85bafd1f Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-02 14:57:35 +00:00
Jinyoung Jeong	e52a8f2a47	Fix selinux denial for setupwizard_esim_prop Bug: 280336861 Test: no denial logs found Ignore-AOSP-First: will merge in AOSP aosp/2573840 Change-Id: Ieedf8343f55f047b3fd33cc1cd2c759400dce2b4	2023-05-02 10:40:07 +00:00
Weilin Xu	c3a887cee6	Merge "Make broadcastradio_service accessible from CTS" into udc-dev am: `07767709c9` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22634562 Change-Id: I43c6be19b771098bda3c9b84d96b72b754c4c7aa Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-02 10:26:08 +00:00
Weilin Xu	07767709c9	Merge "Make broadcastradio_service accessible from CTS" into udc-dev	2023-05-02 05:05:55 +00:00
Treehugger Robot	f46c87d2d1	Merge "Allow fastbootd set boottime property" into udc-d1-dev	2023-05-02 04:54:37 +00:00
Jayden Kim	5462a6501b	Merge "Add sepolicy for new bluetooth le radio path loss compensation sysprops" into udc-dev	2023-05-02 01:01:14 +00:00
Kalesh Singh	58cefa04ab	16k: Add sepolicy for max page size prop Devices can select their max supported with PRODUCT_MAX_PAGE_SIZE_SUPPORTED. This is exposed as ro.product.cpu.pagesize.max to VTS tests. Add the required sepolicy labels for the new property. Bug: 277360995 Test: atest -c vendor_elf_alignment_test -s <serial> Signed-off-by: Kalesh Singh <kaleshsingh@google.com> (cherry picked from https://android-review.googlesource.com/q/commit:0a66ea359f6751741f8100a9d934ae8d2e53d120) Merged-In: Ibe01e301dbcc3392201dffd3bba845700ee2a5e8 Change-Id: Ibe01e301dbcc3392201dffd3bba845700ee2a5e8	2023-05-01 09:13:39 -07:00
Evgenii Stepanov	f666700fa9	Merge "Relax sepolicy for device_config_runtime_native_*." into udc-dev	2023-04-30 18:29:18 +00:00
Evgenii Stepanov	11ce6894e8	Relax sepolicy for device_config_runtime_native_*. This change allows vendor init scripts to react to the MTE bootloader override device_config. It extends the domain for runtime_native and runtime_native_boot configs from "all apps", which is already very permissive, to "everything". Ignore-AOSP-First: UpsideDownCake/34 does not exist in AOSP Bug: 239832365 Test: none Change-Id: I66aa1492f929f43f937b4ab0780f7753c1f4b92e	2023-04-28 14:37:18 -07:00
Jayden Kim	0e228763e1	Add sepolicy for new bluetooth le radio path loss compensation sysprops Bug: 277676657 Test: make -j; atest BluetoothInstrumentationTests Change-Id: I94f8d9d18b9c4659703edb773dd29870430e40b7 Ignore-AOSP-First: This is a cherry-pick from AOSP	2023-04-28 16:31:09 +00:00
Jinyoung Jeong	fa95e8c591	Add setupwizard_esim_prop to access ro.setupwizard.esim_cid_ignore bug: 279548423 Test: http://fusion2/b7c803be-2dca-4195-b91f-6c4939746b5b, http://fusion2/bb76429b-7d84-4e14-b127-8458abb3e2ed Ignore-AOSP-First: will merge in AOSP aosp/2571810 Change-Id: I4b190fca2f3825a09d27cfc74e8a528831f4f15b	2023-04-28 16:25:26 +00:00
Wilson Sung	97af7582a1	Allow fastbootd set boottime property Bug: 264489957 Test: flash and no related avc error Change-Id: Ia9a6d4918aa78e6b3e7df39496d786921192c8af Ignore-AOSP-First: master need the prebuilt upadte Signed-off-by: Wilson Sung <wilsonsung@google.com>	2023-04-28 08:12:50 +00:00
Weilin Xu	85b94c7c49	Make broadcastradio_service accessible from CTS When CTS test app tries to get broadcastradio_service from context, it is considered as untrusted app by sepolicy since broadcastradio_service is not app_api_service. Made it as app_api_service so that CTS for broadcastradio can be ran on devices. Bug: 262191898 Test: atest CtsBroadcastRadioTestCase Ignore-AOSP-First: fix CTS issue Change-Id: I0583f549eb5b781ff23f81b2073baa0390009f9e	2023-04-27 23:40:33 +00:00
Parth Sane	f6f4205d50	Merge "Add SysProp to set the number of threads in Apexd bootstrap" into udc-dev	2023-04-26 12:31:14 +00:00
Parth Sane	daf8bbe7e4	Add SysProp to set the number of threads in Apexd bootstrap Test: Manual. Tested on device Bug: 265019048 Change-Id: I1d559b4398c2e91f50da48dc6d5ccbef63fb9d18 (cherry picked from commit `e8a2001086`) Ignore-AOSP-First: This is a cherry-pick from AOSP	2023-04-25 17:40:39 +00:00
Jeff Vander Stoep	f9a774f1ae	Disallow watch and watch_reads on apk_data_file for apps This can be used as a side channel to observe when an application is launched. Gate this restriction on the application's targetSdkVersion to avoid breaking existing apps. Only apps targeting 34 and above will see the new restriction. Remove duplicate permissions from public/shell.te. Shell is already appdomain, so these permissions are already granted to it. Ignore-AOSP-First: Security fix Bug: 231587164 Test: boot device, install/uninstall apps. Observe no new denials. Test: Run researcher provided PoC. Observe audit messages. Change-Id: Ic7577884e9d994618a38286a42a8047516548782	2023-04-25 15:20:45 +02:00
Alex Buynytskyy	9c6c988bad	UpsideDownCake/34 is now REL Ignore-AOSP-First: UpsideDownCake Finalization Bug: 275409981 Test: build Change-Id: I15bf3817a8a6867d52f7963a04a69e543a9801e9 Merged-In: I15bf3817a8a6867d52f7963a04a69e543a9801e9	2023-04-21 19:36:02 +00:00

1 2 3 4

193 commits