Commit graph

37751 commits

Author SHA1 Message Date
TreeHugger Robot
0e7ba3367d Merge "Add ephemeral service access to sdk sandbox" into tm-dev 2022-05-03 18:33:15 +00:00
TreeHugger Robot
c93b72d11c Merge "Allow crosvm to write shell_data_file" into tm-dev 2022-05-03 14:09:07 +00:00
Jiyong Park
8608c7798f Allow crosvm to write shell_data_file
The compliance tests rely on this.

Ignore-AOSP-First: will cherry-pick to AOSP

Bug: 230660133
Test: run MicrodroidHostTests on a user build
Change-Id: Ic061632d80285182ec2ae7d31f3527948702cf32
2022-05-03 14:35:15 +09:00
Jiyong Park
0dda188cad Allow untrusted app to use virtualizationservice - even on user builds
This only makes it difficult to run (test/demo) apps using AVF. They
have to be pre-installed on the device which is infeasible on
user-build devices.

Removing the guard so that untrusted apps can use virtualizationservice
even on user builds. Note that the use is still gated by the
MANAGE_VIRTUAL_MACHINE permission, which can be granted only by
pre-installing or explicitly via `adb shell pm grant`. So there's no
risk of 3p apps downloaded from the net having its own VM.

Ignore-AOSP-First: will cherry-pick to AOSP

Bug: 231080171
Test: run MicrodroidDemoApp on a user build
Change-Id: Ie0b1b9801dd7726633f97456a38bc0ea349013db
2022-05-02 13:00:06 +09:00
TreeHugger Robot
e8d8d4cb89 Merge "Allow deleting old virtualization files" into tm-dev 2022-04-29 08:09:25 +00:00
Alan Stokes
8e06fb4109 Allow deleting old virtualization files
Allow init to use toolbox to rm -rf stale files under /data/misc/virtualizationservice.

Bug: 230056726
Test: Create fake stale dir+file, see them deleted
Ignore-AOSP-First: Needed in T, will CP to aosp
Change-Id: I4a31e437344974597fc5280d898f23780a820f16
2022-04-28 10:58:43 +01:00
Shiwangi Shah
09e3838d9b Add ephemeral service access to sdk sandbox
Add some services ephemeral service has access to.
We will steadily restrict this list further based on
testing and requirements for rubidium.

Test: Manual
Bug: b/227745962
Bug: b/227581095
Ignore-AOSP-First: Already merged via aosp/2051365
Change-Id: If7bcb8b8de62d408bd4af848b43abca853c93758
Merged-In: If7bcb8b8de62d408bd4af848b43abca853c93758
(cherry picked from commit 48b2b33844)
2022-04-27 14:55:52 +00:00
Rick Chen
09198a0056 Add sensor multi-HAL AIDL sepolicy
Bug: 228525902
Test: Device can boot to home.
Merged-In: I9d27967213df83b20cb49014317dcfb7afac1880
Change-Id: I9d27967213df83b20cb49014317dcfb7afac1880
2022-04-26 14:34:25 +00:00
Sal Savage
5ed8b65061 Merge "Update LE Audio profile names to be in line with spec and implementation" into tm-dev 2022-04-22 22:06:46 +00:00
TreeHugger Robot
7155b1dd49 Merge "Add vibrator and power HALs to Watchdog dumps" into tm-dev 2022-04-22 19:54:00 +00:00
Michael Wright
c296764ae4 Add vibrator and power HALs to Watchdog dumps
Test: adb shell am hang --allow-restart, check Last ANR for stacks
Fixes: 211998169
Ignore-AOSP-First: Cherry-pick to T
Change-Id: I7cad1e57caed5eb8a5c0092548362fd0a6b1d98d
2022-04-22 15:26:58 +01:00
Mitch Phillips
a4e951b3bf Merge "[GWP-ASan] Add sysprop, allow shell and system apps to set it." am: 800e948e61 am: e3256e3d21 am: 41949ce19f
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2040964

Change-Id: I93cc3b9a1ff2fe74bea47ed0e7898daf7fef4a4e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-21 19:18:20 +00:00
Mitch Phillips
41949ce19f Merge "[GWP-ASan] Add sysprop, allow shell and system apps to set it." am: 800e948e61 am: e3256e3d21
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2040964

Change-Id: Id6e87365d0876a07b50cffa9d29e30af6db1f75f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-21 18:58:06 +00:00
Mitch Phillips
e3256e3d21 Merge "[GWP-ASan] Add sysprop, allow shell and system apps to set it." am: 800e948e61
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2040964

Change-Id: I1e2b9edd633ef294e1a3b017f8ff0e1f685331ea
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-21 18:32:15 +00:00
Seth Moore
17f6ea42a0 Merge "Allow the remote provisioner app to set rkp_only properties" am: 222e99e26f am: 6252da2cd1 am: 9905fc4a41
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2069269

Change-Id: I93de9d208a9e74011e53230e76d0837008d4264c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-21 18:25:10 +00:00
Mitch Phillips
800e948e61 Merge "[GWP-ASan] Add sysprop, allow shell and system apps to set it." 2022-04-21 18:12:43 +00:00
Seth Moore
9905fc4a41 Merge "Allow the remote provisioner app to set rkp_only properties" am: 222e99e26f am: 6252da2cd1
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2069269

Change-Id: Ica01921f6394ea615e4a0968f20595d1d01bbdb2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-21 17:53:04 +00:00
Seth Moore
6252da2cd1 Merge "Allow the remote provisioner app to set rkp_only properties" am: 222e99e26f
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2069269

Change-Id: Ie15a61b54416f9b0b38b7a108e1b76a724dcc505
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-21 17:29:29 +00:00
Seth Moore
222e99e26f Merge "Allow the remote provisioner app to set rkp_only properties" 2022-04-21 17:23:11 +00:00
Maciej Żenczykowski
58613fdcbc Merge "Grants clatd privs since forked by system server" am: 1ebfb867a8 am: 25192167a1 am: 90917bdb88
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1951036

Change-Id: I23d75e84037faaaebf5db34d92556c1adcf9951f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-21 14:34:12 +00:00
Maciej Żenczykowski
90917bdb88 Merge "Grants clatd privs since forked by system server" am: 1ebfb867a8 am: 25192167a1
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1951036

Change-Id: Ibecb56c53508308b24e640d7980f799fe0ae986a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-21 14:27:28 +00:00
Maciej Żenczykowski
25192167a1 Merge "Grants clatd privs since forked by system server" am: 1ebfb867a8
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1951036

Change-Id: Id5a3158b63aa2d0a5e5e0776e0d35e5cd606d077
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-21 14:04:05 +00:00
Maciej Żenczykowski
1ebfb867a8 Merge "Grants clatd privs since forked by system server" 2022-04-21 14:00:23 +00:00
Treehugger Robot
967b1bf766 Merge "Track sys_module permission for system_server" am: bd3e8d9520 am: 0bd269a7c8 am: be5064c7e3
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2063148

Change-Id: I039d90d8d087bd40fdc3dd4bb9f53475ad8905a0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-21 09:15:36 +00:00
Treehugger Robot
be5064c7e3 Merge "Track sys_module permission for system_server" am: bd3e8d9520 am: 0bd269a7c8
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2063148

Change-Id: Ided0fcda523b8fba24638983598e195b5abe39a6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-21 08:03:13 +00:00
Treehugger Robot
0bd269a7c8 Merge "Track sys_module permission for system_server" am: bd3e8d9520
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2063148

Change-Id: I20f877611275635eff7de29353b09eb82dd1d6ae
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-21 07:38:31 +00:00
Treehugger Robot
bd3e8d9520 Merge "Track sys_module permission for system_server" 2022-04-21 07:20:26 +00:00
Alistair Delva
7fed0b0323 [automerger skipped] Merge "Adds GPU sepolicy to support devices with DRM gralloc/rendering" am: ce19c41b8f am: f54bcca352 am: 5fffa5cc55 -s ours
am skip reason: Merged-In I4f7d4b0fb90bfeef72f94396ff0c5fe44d53510c with SHA-1 365024e53f is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1999610

Change-Id: I82f2087830376e6412c8bab9e5110ac2870ab92f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-21 05:13:13 +00:00
Alistair Delva
5fffa5cc55 Merge "Adds GPU sepolicy to support devices with DRM gralloc/rendering" am: ce19c41b8f am: f54bcca352
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1999610

Change-Id: I8e4acb5727ff75a164899cd809151d15ddd71925
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-21 04:58:50 +00:00
Alistair Delva
f54bcca352 Merge "Adds GPU sepolicy to support devices with DRM gralloc/rendering" am: ce19c41b8f
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1999610

Change-Id: I7e7ed07eaaededa0e42c48884be50d5c09a334fc
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-21 04:43:58 +00:00
Alistair Delva
ce19c41b8f Merge "Adds GPU sepolicy to support devices with DRM gralloc/rendering" 2022-04-21 04:21:45 +00:00
Seth Moore
8bfdd82123 Allow the remote provisioner app to set rkp_only properties
The properties for rkp_only are no longer read only.

This allows remote provisioner unit tests to enable/disable the remote
provisioning only mode, which is required to fully verify functionality.

Test: RemoteProvisionerUnitTests
Bug: 227306369
Change-Id: I8006712a49c4d0605f6268068414b49714bbd939
2022-04-20 17:15:20 -07:00
Treehugger Robot
b4e33383f4 Merge "Adds system_user_mode_emulation_prop property." am: 7c9e7bbb11 am: a8176be752 am: 1745cf4d37
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2069890

Change-Id: I076fcc5ad4d166d3272ca01df9ee25b2b997cce2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-20 23:56:42 +00:00
Treehugger Robot
1745cf4d37 Merge "Adds system_user_mode_emulation_prop property." am: 7c9e7bbb11 am: a8176be752
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2069890

Change-Id: I50ab30c555fc082fc0e018244c83eef8b349f0ae
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-20 23:39:02 +00:00
Treehugger Robot
a8176be752 Merge "Adds system_user_mode_emulation_prop property." am: 7c9e7bbb11
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2069890

Change-Id: Id0d7a9d11f99b49d8ff68d7e70d4fbbbc972dbb4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-20 23:12:35 +00:00
Treehugger Robot
7c9e7bbb11 Merge "Adds system_user_mode_emulation_prop property." 2022-04-20 22:51:45 +00:00
Felipe Leme
9a385b2112 Adds system_user_mode_emulation_prop property.
It will be used by system_server only (i.e., not even Shell) to let
developers change the system user mode (to be headless or full).

Test: sesearch --allow -t system_user_mode_emulation_prop $ANDROID_PRODUCT_OUT/vendor/etc/selinux/precompiled_sepolicy

Bug: 226643927

Change-Id: Iaba42fd56dce0d8d794ef129634df78f9599260f
2022-04-20 13:28:01 -07:00
Eric Biggers
02fbbfda85 Merge "vold.te: stop allowing use of keymaster HAL directly" am: 39b27b87ba am: 60ac375f3a am: bbbe7065ff
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2065468

Change-Id: I9608f3e7740358e5bc276596f6f2c793c40aa3b7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-20 19:33:12 +00:00
Eric Biggers
bbbe7065ff Merge "vold.te: stop allowing use of keymaster HAL directly" am: 39b27b87ba am: 60ac375f3a
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2065468

Change-Id: I87b844aca5e2e4947316337d23698e0b8ce38d49
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-20 18:56:21 +00:00
Eric Biggers
60ac375f3a Merge "vold.te: stop allowing use of keymaster HAL directly" am: 39b27b87ba
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2065468

Change-Id: Ifc25cc95d76b9bc8cb05cb2a5ce14b39a402f21a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-20 18:21:47 +00:00
Eric Biggers
39b27b87ba Merge "vold.te: stop allowing use of keymaster HAL directly" 2022-04-20 17:42:28 +00:00
Shikha Panwar
21e6b08c1f Merge "Allow microdroid to start tombstone_transmit service" am: 8feef80fab am: be9fea3b8b am: 8385d8d30f
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2063853

Change-Id: I2635b1b3b91de463cc52443346641ad101f4fd05
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-20 12:04:21 +00:00
Shikha Panwar
8385d8d30f Merge "Allow microdroid to start tombstone_transmit service" am: 8feef80fab am: be9fea3b8b
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2063853

Change-Id: I281881cdbc8dce386615b8909fe1ce036bab7f6b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-20 11:37:33 +00:00
Shikha Panwar
be9fea3b8b Merge "Allow microdroid to start tombstone_transmit service" am: 8feef80fab
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2063853

Change-Id: Iea79abd91d9f3ca7dd30755f4a415fb916246ce9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-20 11:17:30 +00:00
Shikha Panwar
8feef80fab Merge "Allow microdroid to start tombstone_transmit service" 2022-04-20 11:08:23 +00:00
Treehugger Robot
f222a5573d Merge "crosvm can access data_shell_file on user builds" am: d222ea676b am: af42eee34c am: 178a031dce
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2064912

Change-Id: I7ddc8fdcd1fbdcc62f684bc1d5f4c7724ee24138
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-20 06:24:26 +00:00
Treehugger Robot
d0c5796ee1 Merge "/apex/com.android.art/bin/dex2oat is a symlink, so allow reading it from the shell." am: b87591b7c6 am: e5defcf3d4 am: 28092b79f5
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2063854

Change-Id: Idf8ab3f470faab31ec46ead48191152b1361e570
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-20 06:22:55 +00:00
Treehugger Robot
ab3bbb8f39 Merge "Remove obsolete rule allowing installd to use fsverity ioctls" am: 12399e945e am: 7fd8710e46 am: 765d9cbd6e
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2065527

Change-Id: I8bb8dcc11ed364acf78ad34bc5e70e09b5f22d45
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-20 06:21:10 +00:00
Eric Biggers
20dcec9d16 Merge "Remove some FDE rules and update comments" am: b83a6d1168 am: fa1f9cb2b8 am: 1eacebf142
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2065887

Change-Id: I98e0e9f1c6131617119aa966bb88d7ec229b1d66
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-20 06:14:22 +00:00
Treehugger Robot
178a031dce Merge "crosvm can access data_shell_file on user builds" am: d222ea676b am: af42eee34c
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2064912

Change-Id: Ifcd1e801f0f591601eb054e0ea0b78c363afdc9f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-20 06:05:12 +00:00