tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
48054 commits 1 branch 0 tags 50 MiB
Commit graph

48054 commits

This branch
This branch
All branches
Author SHA1 Message Date
Daniel Zheng
41c63c394f Merge "add sepolicy for low mem device configurations" into main am: 2f4324ac5d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3096261

Change-Id: Ie2500bdc8247253f539df4e1a312bb0842af3d0a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-06-03 19:26:53 +00:00
Daniel Zheng
2f4324ac5d Merge "add sepolicy for low mem device configurations" into main 2024-06-03 19:17:52 +00:00
Treehugger Robot
22770877f7 Merge "Improve CIL parsing" into main am: da362e9fa9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3110097

Change-Id: I0db46b765111b07de99052a7deb36350764b7f1b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-06-03 09:15:10 +00:00
Treehugger Robot
da362e9fa9 Merge "Improve CIL parsing" into main 2024-06-03 09:09:21 +00:00
Treehugger Robot
e70d1b832a Merge "Allow system_server to kill artd and its subprocesses." into main am: d7f526fd05 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3110061

Change-Id: I4bc46d4c1e4b253db29e8ff2be87aea1086e52a3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-06-03 08:32:41 +00:00
Treehugger Robot
d7f526fd05 Merge "Allow system_server to kill artd and its subprocesses." into main 2024-06-03 08:27:59 +00:00
Jooyung Han
cb51acc9dc installd renames dirs in /data/app-staging 
before removing a session directory. Hence, it needs more permissions on
staging_data_file.

Bug: 343165326
Test: atest CtsStagedInstallHostTestCases:com.android.tests.stagedinstall.host.StagedInstallTest#testRebootlessUpdate_unsignedPayload_fails
Change-Id: Ic94c74d4ef896129491cee39098f43f33793851f
 2024-06-03 14:24:46 +09:00
Mu-Le Lee
397d1c59bc Merge "Sepolicy for crosvm to play audio with aaudio" into main am: 12d84e2484 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3046213

Change-Id: I367c968a615df84904a36d17b26ebc193d133318
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-06-01 01:35:12 +00:00
Mu-Le Lee
12d84e2484 Merge "Sepolicy for crosvm to play audio with aaudio" into main 2024-06-01 01:28:10 +00:00
Treehugger Robot
d2f10fceac Merge "lmkd: Adding io_uring support" into main am: 5bad7a2683 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3038159

Change-Id: Id2753b2043ef7a92c57be1c6a1b74d0259f39ac4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-06-01 00:18:59 +00:00
Treehugger Robot
5bad7a2683 Merge "lmkd: Adding io_uring support" into main 2024-06-01 00:14:11 +00:00
Jiakai Zhang
03f9866873 Allow system_server to kill artd and its subprocesses. 
This is to make sure that no process is accessing files in chroot when
we teardown chroot.

Bug: 311377497
Test: Set a very short timeout for `ensureNoProcessInDir` and run
  Pre-reboot Dexopt.
Change-Id: I5c60497c73a9d56068e47840ffd4a0f0a550c250
 2024-05-31 19:06:12 +01:00
Jiakai Zhang
c61adf777c Merge "Allow system_server to read from postinstall scripts through STDIN." into main am: ca2f3851af 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3110098

Change-Id: I9a04c0d7dead2b17e905c73b4a3939eb848fd423
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-05-31 14:47:35 +00:00
Jiakai Zhang
ca2f3851af Merge "Allow system_server to read from postinstall scripts through STDIN." into main 2024-05-31 14:43:51 +00:00
Alan Stokes
13b4208c6d Compatibility for vendor_hidraw_device am: e65ff877d2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3108097

Change-Id: I39c65cd16fe202a60d4283439e5dd786096ffe38
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-05-31 13:17:39 +00:00
Jiakai Zhang
92768f7a41 Allow system_server to read from postinstall scripts through STDIN. 
Bug: 311377497
Test: -
  1. system/update_engine/scripts/update_device.py out/dist/aosp_cf_x86_64_phone-ota-*.zip
  2. Wait for update_engine to enter the postinstall stage.
  3. adb shell update_engine_client --cancel
Change-Id: Ib0cbfc7b97d5ec24700ca71099e3a47af579fc8a
 2024-05-31 12:26:43 +01:00
Alan Stokes
39507ae44e Improve CIL parsing 
treble_sepolicy_tests gets very confused by parentheses in comments.

Fix the search for the opening parenthesis of a statement to skip
comments.

And then update a comment that was intended to use parentheses to
actually do so. (Without the parser change, this fails horribly.)

Test: Build
Change-Id: I1e36136e97dd9b8190add29b7f2155a08ea87d80
 2024-05-31 12:24:38 +01:00
Alan Stokes
e65ff877d2 Compatibility for vendor_hidraw_device 
Older vendor policy may apply the label vendor_hidraw_device to the
HID device.

From Android V we use the new label hidraw_device for this.

Fix the compatibility rules to allow new system policy to work with
older vendor policy:
- Add vendor_hidraw_device for devices that don't have it (duplicate
  definitions are ignored when we compile CIL).
- Add compatibility mapping so that rules for hidraw_device also
  apply to vendor_hidraw_device on devices with older vendor.

Bug: 340923653
Test: Builds, boots, no new denials
Change-Id: I3ffc44be2c98be137303263f569515103c4996b8
 2024-05-31 12:22:57 +01:00
Kelvin Zhang
96b770c9e2 Revert^2 "Add ro.fstype.data to indicate fs type of /data" am: 7babcdb8d8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3109577

Change-Id: Ie7da6f4c8ed26d1c7584a650f9749856560cd14c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-05-30 21:27:28 +00:00
Kelvin Zhang
7babcdb8d8 Revert^2 "Add ro.fstype.data to indicate fs type of /data" 
d6c52fdbd0

Change-Id: I160dadeb63db41618f37c66114518b49befc9d1a
 2024-05-30 12:16:42 -07:00
Treehugger Robot
e6d64bc165 Merge "Define UWB snoop log in sepolicy" into main am: f1956206fc 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3088485

Change-Id: Ib05f56a88885b19256d3679dc628f338c6e9cae2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-05-30 18:03:58 +00:00
Treehugger Robot
f1956206fc Merge "Define UWB snoop log in sepolicy" into main 2024-05-30 17:58:47 +00:00
Treehugger Robot
b1b27fc0af Merge "Fix installation of keystore2_key_contexts files" into main am: 75c6fe25a1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3108877

Change-Id: I1c97f2d8a5379893e40796237e25e7c9dbc19269
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-05-30 09:05:36 +00:00
Treehugger Robot
75c6fe25a1 Merge "Fix installation of keystore2_key_contexts files" into main 2024-05-30 09:02:07 +00:00
Seungjae Yoo
c477b1b262 Merge "Let crosvm be able to use TAP interface created by vmnic" into main am: 7bd158dad2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3105198

Change-Id: Id7fde1f2923204ecd5c748c1c81f680c9831ba66
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-05-30 03:35:20 +00:00
Seungjae Yoo
7bd158dad2 Merge "Let crosvm be able to use TAP interface created by vmnic" into main 2024-05-30 03:26:10 +00:00
Inseob Kim
7904f2144e Fix installation of keystore2_key_contexts files 
system_ext, product, and vendor keystore2_key_contexts are not installed
correctly, due to missing REQUIRED dependencies and typo.

Bug: 338684892
Test: build and check each partition
Change-Id: Ic18bf05609d27c322375baf6b72f5e2c75c1bfa0
 2024-05-30 11:05:31 +09:00
Inseob Kim
18cb29294a Merge changes from topic "virtualizationmanager_fuzzer" into main am: 9e6d89bac4 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3102647

Change-Id: I58500b704b7d747f106b3d8408fce48b67b6c55e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-05-30 01:11:17 +00:00
Inseob Kim
9e6d89bac4 Merge changes from topic "virtualizationmanager_fuzzer" into main 
* changes:
  Add virtualizationmanager fuzzer
  gofmt service_fuzzer_bindings
 2024-05-30 01:03:32 +00:00
Priyanka Advani
5c5ace2e5f Merge "Revert "Add ro.fstype.data to indicate fs type of /data"" into main am: afb462c006 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3107407

Change-Id: I9efb881cd26239aa527cdfc9ec16ae01fe9f58f2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-05-30 00:01:30 +00:00
Priyanka Advani
afb462c006 Merge "Revert "Add ro.fstype.data to indicate fs type of /data"" into main 2024-05-29 23:58:59 +00:00
Kelvin Zhang
d6c52fdbd0 Revert "Add ro.fstype.data to indicate fs type of /data" 
Revert submission 3095293-fstype

Reason for revert: breaks build cf_x86_64_only_phone-next-userdebug

Reverted changes: /q/submissionid:3095293-fstype

Change-Id: I420ad91ba47d0ab0125a7f55a6b9533a8f1bc5a4
 2024-05-29 23:26:16 +00:00
Treehugger Robot
d9e6c66bd9 Merge "Add ro.fstype.data to indicate fs type of /data" into main am: 4d77ed4216 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3095861

Change-Id: I808e6074620734860b352f2512ba03bc6dbd1cef
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-05-29 17:55:00 +00:00
Treehugger Robot
4d77ed4216 Merge "Add ro.fstype.data to indicate fs type of /data" into main 2024-05-29 17:49:18 +00:00
Treehugger Robot
a41271a0bf Merge "Allow artd to kill subprocesses during Pre-reboot Dexopt." into main am: 0a3f94e01f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3106359

Change-Id: I6163e51a0d27281e76230a158502dcd891ae8224
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-05-29 11:25:24 +00:00
Treehugger Robot
0a3f94e01f Merge "Allow artd to kill subprocesses during Pre-reboot Dexopt." into main 2024-05-29 11:13:54 +00:00
Yi-Yo Chiang
8e2758970b Merge "Allow vmlauncher_app to create ptys to communicate with shell" into main am: d9c73d7aaf 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3093564

Change-Id: I5432221fa91f265e21c69f92e891078391c45c5e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-05-29 06:15:10 +00:00
Yi-Yo Chiang
d9c73d7aaf Merge "Allow vmlauncher_app to create ptys to communicate with shell" into main 2024-05-29 05:54:43 +00:00
Xin Li
5f0dccf559 Merge "Update SELinux error" into aosp-main-future 2024-05-29 01:51:16 +00:00
Inseob Kim
abe5ee1343 Merge "Grant dalvik_dynamic_prop access to power HAL" into main am: 9bd1809252 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3099138

Change-Id: I17343fd8813fd394679ccb5c9647914b35ab297c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-05-29 01:13:14 +00:00
Inseob Kim
9bd1809252 Merge "Grant dalvik_dynamic_prop access to power HAL" into main 2024-05-29 00:52:45 +00:00
Xin Li
fd30d1b3b9 Update SELinux error 
Test: SELinuxUncheckedDenialBootTest
Bug: 329380904

Ignore-AOSP-First: "AOSP Staging Branch"
Change-Id: I563bde489aa84a03e85e7cdffc8f1fa534cc9bcc
 2024-05-29 00:41:07 +00:00
Jiakai Zhang
c9b01d60cf Allow artd to kill subprocesses during Pre-reboot Dexopt. 
Bug: 311377497
Test: Run and cancel Pre-reboot Dexopt.
Change-Id: I6dd96a3644b66586a59064ed3cf9b3e5bb7ee0c5
 2024-05-28 19:05:26 +01:00
Xin Li
fcf2677e09 Mark 2024-06 Release (ab/AP2A.240605.024) as merged in aosp-main-future 
Bug: 343100748
Merged-In: I7dc2c6596e98491dbee6e7125c1736bf2002f2b3
Change-Id: I714b21d3e7a339e69113fc288408b429cbb3b6b7
 2024-05-27 22:54:48 -07:00
Seungjae Yoo
12fd482d55 Let crosvm be able to use TAP interface created by vmnic 
Bug: 340376951
Test: adb shell /apex/com.android.virt/bin/vm run-microdroid
--network-supported

Change-Id: Ic2828b8e6c82269d0180dbac9466ae2874435596
 2024-05-28 14:33:40 +09:00
Inseob Kim
95d0189141 Merge "microdroid: Add rules for /sys/kernel/mm/pgsize_migration/enabled" into main am: 0f6ddab01c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3102560

Change-Id: Ia1fb0b1fca2c3ac62e5953481d6a013541426ae8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-05-28 02:10:04 +00:00
Inseob Kim
0f6ddab01c Merge "microdroid: Add rules for /sys/kernel/mm/pgsize_migration/enabled" into main 2024-05-28 01:49:48 +00:00
Kalesh Singh
d60a38b02e microdroid: Add rules for /sys/kernel/mm/pgsize_migration/enabled 
The dynamic linker needs to read this node to determine how it should
load ELF files. See page_size_migration_supported() [1]

Allow the node to be enabled/disabled by init.

[1] 3d5e32517b:bionic/linker/linker_phdr.cpp;l=709-721

Bug: 342520142
Bug: 330117029
Bug: 327600007
Bug: 330767927
Bug: 328266487
Bug: 329803029
Test: no avc deined in logcat
Change-Id: I91381e36943ea0387ff245e924ddab53a4928a05
Signed-off-by: Kalesh Singh <kaleshsingh@google.com>
 2024-05-28 00:30:31 +00:00
Inseob Kim
9bb8e36856 Add virtualizationmanager fuzzer 
Bug: 294158658
Test: run fuzzer
Change-Id: I8cf93ae2e79e22d72cf3ea8e96d6e767f8b8f5b0
 2024-05-27 17:41:21 +09:00
Inseob Kim
a28d1ca7d4 gofmt service_fuzzer_bindings 
Bug: N/A
Test: commit hook
Change-Id: Ic0c400310591e71201cd7c401bdb4bf10cf8daa6
 2024-05-27 17:39:59 +09:00