tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
40994 commits 1 branch 0 tags 50 MiB
Commit graph

40994 commits

This branch
This branch
All branches
Author SHA1 Message Date
Pedro Loureiro
14060332c7 Merge "Add SEPolicy for device config service" am: 43b0b8a65c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2430374

Change-Id: I16624fc06f8cd15de32734e31a47acc504a5dea1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-14 12:16:51 +00:00
Pedro Loureiro
43b0b8a65c Merge "Add SEPolicy for device config service" 2023-02-14 11:18:41 +00:00
Akilesh Kailash
12e344b7de Merge "Set sepolicy for ublk control device and block device" am: a3c0ca4e67 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2433673

Change-Id: Ia1104a335a2932a48bc2f9eecb547c65e13fe334
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-14 04:41:42 +00:00
Akilesh Kailash
a3c0ca4e67 Merge "Set sepolicy for ublk control device and block device" 2023-02-14 03:59:06 +00:00
Akilesh Kailash
63a21044f2 Set sepolicy for ublk control device and block device 
ublk-control device: /dev/ublk-control
ublk-block device: /dev/block/ublkbN where N is 0,1,2..

Bug: 269144965
Test: Verify sepolicy changes through kernel logs when user-space daemon
communicates with ublk driver

Change-Id: I10de557566e3c0628ea72fbbda4cff21e7cda68f
Signed-off-by: Akilesh Kailash <akailash@google.com>
 2023-02-13 16:30:40 -08:00
Jeffrey Huang
e53a5b25b6 Merge "Restrict system server from reading statsd data" am: 01fd5eb907 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2410783

Change-Id: I18a4d57758865141a9e0b6f479ff5aabf8db0ece
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-13 23:07:21 +00:00
Jeffrey Huang
01fd5eb907 Merge "Restrict system server from reading statsd data" 2023-02-13 22:37:09 +00:00
Pedro Loureiro
58847ab171 Add SEPolicy for device config service 
A new mainline module that will have the device config logic requires a new service (device_config_updatable).

Bug: 252703257

Test: manual because logic that launches service is behind flag

Change-Id: I4ffba0c7d2afc44af8438b7d84d836e42388bd7d
 2023-02-13 09:37:12 +00:00
Cody Northrop
02792c7f6f Merge "Allow camera HAL to read EGL vendor properties" am: b9a2339bf8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2428196

Change-Id: Ie0a21c33232b520f714471e627ed52e4ffaa611c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-11 01:58:49 +00:00
Cody Northrop
b9a2339bf8 Merge "Allow camera HAL to read EGL vendor properties" 2023-02-11 00:44:10 +00:00
Patrick Rohr
37f2fa0da7 Merge "cronet: remove com.android.cronet sepolicy" am: 8f0388f32e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2431473

Change-Id: Iffaac193e3e7787d86c950ef866a8cefab903dc8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-10 23:21:54 +00:00
Patrick Rohr
8f0388f32e Merge "cronet: remove com.android.cronet sepolicy" 2023-02-10 22:53:40 +00:00
Jeff Sharkey
89f51e46f2 Merge "Add dropbox entries as files to dumpstate ZIP." am: 3926d95720 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2422870

Change-Id: I4481603e241edea765e7a745ed69bf31f0735b21
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-10 21:31:36 +00:00
Jeff Sharkey
3926d95720 Merge "Add dropbox entries as files to dumpstate ZIP." 2023-02-10 20:41:51 +00:00
Patrick Rohr
c8f4e19a74 cronet: remove com.android.cronet sepolicy 
com.android.cronet has never been released and has since been deleted as
Cronet was added to the tethering module.

Test: TH
Bug: 266673389
Change-Id: Ia288d4322c13ba986164a12f4999fea1cd60d529
 2023-02-10 11:47:02 -08:00
Jeff Sharkey
ef5e5c82d4 Add dropbox entries as files to dumpstate ZIP. 
Since each dropbox entry is already stored as a file on disk, include
them as-is into the dumpstate ZIP file.

The dumpsys output has already included truncated versions of all
dropbox entries for many years, and adding them as separate files
inside the dumpstate ZIP will speed up debugging and issue triage.

Bug: 267673062
Test: manual
Change-Id: I6e83dd01221f43bb2e2efc1a12368db30a545c71
 2023-02-10 14:02:35 +00:00
Krishang Garodia
98cc4fec56 Merge "Update SE policy for all media provider processes" am: 6e51f51b5f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2429034

Change-Id: Ia3bcaf702b2ccadce5186f869baebd8c6afad56d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-10 13:59:33 +00:00
Jeff Pu
80a18e9a7e Merge "Allow servicemanager to make binder call to hal_fingerprint" am: 22adabc37e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2424930

Change-Id: I8f0d95737a0d718703d1e0b650e1fc5465f8d79a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-10 13:59:21 +00:00
Krishang Garodia
6e51f51b5f Merge "Update SE policy for all media provider processes" 2023-02-10 13:57:52 +00:00
Jeff Pu
22adabc37e Merge "Allow servicemanager to make binder call to hal_fingerprint" 2023-02-10 13:35:32 +00:00
Krishang Garodia
caf7984a2e Update SE policy for all media provider processes 
Bug: 230394838
Bug: 195009152
Test: manual
Change-Id: Ic8e1d45c910e1455dd28bfb748d134c066a33591
 2023-02-10 11:06:53 +00:00
Thiébaud Weksteen
cdf98439cf Merge "Ignore fusefs_type access for su" am: f0e86adfc3 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2428452

Change-Id: Icc808be7f95789e703f52ae6e3c2e7a25f821284
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-09 23:13:17 +00:00
Thiébaud Weksteen
f0e86adfc3 Merge "Ignore fusefs_type access for su" 2023-02-09 22:46:54 +00:00
Jeff Pu
0e6dce0ae9 Allow servicemanager to make binder call to hal_fingerprint 
Bug: 263519851
Test: boot Cuttlefish with lazy virtual fingerprint HAL
Change-Id: I8cef9d1c55065561786718aad589cf4dd327ff66
 2023-02-09 22:02:29 +00:00
Charlie Wang
55886d20d9 Merge "Extension of isolated_compute_app for media services." am: bc778658ab 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2411335

Change-Id: I1133741d332cd7cdf075db8330baf1db61f58105
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-09 18:29:54 +00:00
Max Bires
5516282b8b Merge "Allow GMSCore to read RKP properties." am: db8a6b31ca 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2428194

Change-Id: I5b0aa3092d77a1e3c8917cd36d8a076b7d783f88
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-09 18:29:40 +00:00
Charlie Wang
bc778658ab Merge "Extension of isolated_compute_app for media services." 2023-02-09 18:13:57 +00:00
Cody Northrop
e4e43ebad8 Allow camera HAL to read EGL vendor properties 
Test: TreeHugger
Bug: b/267752967
Change-Id: I174420a3ef1f0059007616b4bee3091a888b1999
 2023-02-09 17:55:03 +00:00
Max Bires
db8a6b31ca Merge "Allow GMSCore to read RKP properties." 2023-02-09 17:51:57 +00:00
Henri Chataing
1f26ebadf8 Merge "Define the permissions for Nfc sysprops" am: ff275229d1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2424852

Change-Id: Ief06daa97a1ff07a8ebdc2cc1f0a77e769d2f76a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-09 17:01:39 +00:00
Henri Chataing
ff275229d1 Merge "Define the permissions for Nfc sysprops" 2023-02-09 16:08:40 +00:00
Jack He
259ea80e91 Merge "Add sysprop for LeAudio inband ringtone support" am: 796621872b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2422865

Change-Id: Ie3311c5fa54dad74f20578faba36fbd4981f1625
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-09 02:09:07 +00:00
Thiébaud Weksteen
3714d72a64 Ignore fusefs_type access for su 
Similarly to fs_type, fusefs_type accesses are ignored. It may be
triggered by tradefed when listing mounted points.

Bug: 177481425
Bug: 240632971
Bug: 239090033
Bug: 238971088
Bug: 238932200
Bug: 239085619
Test: presubmit boot tests
Change-Id: Ic96140d6bf2673d0de6c934581b3766f911780b6
 2023-02-09 12:45:14 +11:00
Jack He
796621872b Merge "Add sysprop for LeAudio inband ringtone support" 2023-02-09 01:36:31 +00:00
Max Bires
89bbb2581b Allow GMSCore to read RKP properties. 
GMSCore requires access to read RKP properties in order for test suites
to validate the hostname is properly set.

Test: N/A
Change-Id: If537e58d4df74516435bec8955c83bb5494a80f0
 2023-02-08 17:14:47 -08:00
Charles Chen
3e9f05faa3 Extension of isolated_compute_app for media services. 
Support media use cases in isolated_compute_app such as decoding with MediaCodecs.

Bug:266943251
Test: m &&  manual - sample app with IsolatedProcess=True can use MediaCodec.

Change-Id: I864dcfb16494efada2fbd2a7d34b5d7f6b8128cb
 2023-02-08 15:48:25 -08:00
Brian Julian
e346f2fe80 Merge "Backports sepolicy for AltitudeService to T." am: f388934ffe 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2406792

Change-Id: I8cd9387e7b27e032e38b23a531a710a8801c6a5b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-08 18:51:22 +00:00
Brian Julian
f388934ffe Merge "Backports sepolicy for AltitudeService to T." 2023-02-08 18:28:25 +00:00
Ryan Savitski
de2aa42a42 Merge "sepolicy: rework perfetto producer/profiler rules for "user" builds" am: b9a365a35f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2419280

Change-Id: Ie9d2cdac2900cdadda71e69dff5402a50536b187
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-08 18:16:07 +00:00
Ryan Savitski
b9a365a35f Merge "sepolicy: rework perfetto producer/profiler rules for "user" builds" 2023-02-08 17:23:44 +00:00
Łukasz Rymanowski
88193e8aa1 Add sysprop for LeAudio inband ringtone support 
Bug: 242685105
Test: manual
Change-Id: I9e884c0c2765285110cde943e5eb419139167a50
 2023-02-07 22:31:12 +00:00
Henri Chataing
60eaabc953 Define the permissions for Nfc sysprops 
Bug: 268219397
Test: m
Change-Id: Ic945e56ce947c3ddae4847f007e6870e3188c065
 2023-02-07 21:57:13 +00:00
Brian Julian
32b0a39d27 Backports sepolicy for AltitudeService to T. 
Test: VtsHalAltitudeServiceTargetTest
Bug: 265013616
Change-Id: I8eb6af8b9350e0d021ef781eb9f3776b4adf3b7f
Merged-In: I8eb6af8b9350e0d021ef781eb9f3776b4adf3b7f
 2023-02-07 19:38:17 +00:00
Jakub Rotkiewicz
2d1023f256 Merge "Bluetooth: Added sepolicy for Snoop Logger filtering" am: db85fd141e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2302410

Change-Id: I01ef5cc083efda96bd1083949a39e4177ca45a73
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-07 12:48:24 +00:00
Jaewan Kim
a6f591b123 Allow virtualizationmanager to read AVF debug policy am: 93f5788ec5 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2423325

Change-Id: Iddb3d51769a1a2f0d39d6612698ec411b891f958
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-07 12:47:48 +00:00
Jakub Rotkiewicz
db85fd141e Merge "Bluetooth: Added sepolicy for Snoop Logger filtering" 2023-02-07 11:51:56 +00:00
Jeffrey Huang
fcf5a91e00 Restrict system server from reading statsd data 
Bug: 267367423
Test: m -j
Change-Id: I0628142c2380cf568643f864ae211fbf5380550c
 2023-02-06 18:29:21 -08:00
Jaewan Kim
93f5788ec5 Allow virtualizationmanager to read AVF debug policy 
virtualizationmanager may handle some AVF debug policies for unproteted VM.

Bug: 243630590
Test: Run unprotected VM with/without ramdump
Change-Id: I2941761efe230a9925d1146f8ac55b50e984a4e9
 2023-02-07 02:04:02 +09:00
Charles Chen
c704d3bea2 Merge "One-click fix script for isolated_app_all replacement" am: 15d5e5f173 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2411336

Change-Id: I63a9b98a6114ce34e80265636b2b3ed2ef7202b4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-05 14:58:21 +00:00
Charles Chen
15d5e5f173 Merge "One-click fix script for isolated_app_all replacement" 2023-02-05 14:22:33 +00:00