tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
47502 commits 1 branch 0 tags 50 MiB
Commit graph

47502 commits

This branch
This branch
All branches
Author SHA1 Message Date
Trevor David Black
db14b179d2 Add fifo_file read access to enable gpuservice within device cts am: 4105da26f9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2966382

Change-Id: I71db3ebeccff51145f667a2315cc536df058d345
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-16 05:32:10 +00:00
Trevor David Black
4105da26f9 Add fifo_file read access to enable gpuservice within device cts 
Bug: 299537644
Test: atest -c CtsGraphicsTestCases:VulkanFeaturesTest#testAndroidBaselineProfile2021Support
Change-Id: Iab5c4255f01317c197488158ef8cc63fcf0ebb3b
 2024-02-15 22:21:30 +00:00
Mikhail Naganov
f5b07ca2a3 Merge "Add ro.audio.ihaladaptervendorextension_enabled property" into main am: ead55ce93a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2964162

Change-Id: I623ddbc287c48ec0c7fad5b8f566ee1fc951f9f3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-15 17:47:17 +00:00
Mikhail Naganov
ead55ce93a Merge "Add ro.audio.ihaladaptervendorextension_enabled property" into main 2024-02-15 17:08:10 +00:00
Dennis Shen
7254b104f6 Merge "selinux setup for files under /metadata/aconfig dir" into main am: 537a704088 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2960462

Change-Id: I9e170a4fa7293aed2bf9d0818f6ba0c8d558b151
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-15 13:53:00 +00:00
Dennis Shen
537a704088 Merge "selinux setup for files under /metadata/aconfig dir" into main 2024-02-15 13:20:02 +00:00
Tej Singh
4ed39a7a6e Merge "stats_service: only disallow untrusted access" into main am: aebd92592a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2962926

Change-Id: I8aa5df2f2472046ebc59a76df5bfc3c49a491476
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-15 09:20:12 +00:00
Tej Singh
aebd92592a Merge "stats_service: only disallow untrusted access" into main 2024-02-15 08:30:19 +00:00
Jooyung Han
f0ba322926 Relax neverallows for vendor to use /system/bin/sh 
Since 202404, vendor components will use /system/bin/sh for system(3),
popen(3), etc.

Bug: 324142245
Test: system("readlink /proc/$$/exe") in vendor HALs
Change-Id: I521499678e87a7d0216a276e014888867f495803
 2024-02-15 13:18:40 +09:00
Tej Singh
000b251c7d stats_service: only disallow untrusted access 
Allow device-specific domains to access stats_service. All access must
be done over proper APIs (StatsManager, AStatsManager) instead of
accessing the AIDL interfaces directly.

Test: build
Bug: 318788254
Change-Id: I98ddc1900350daf755372be7249f25a462e3242d
 2024-02-14 15:07:21 -08:00
Brandon Liu
dbf77ceff6 Merge "Revert "[res] Allow accessing idmap files in all zygotes"" into main am: 37c4c7c500 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2962104

Change-Id: I65b5d1e3048828d13cb63653c965ca54b5af0d3b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-14 21:37:09 +00:00
Brandon Liu
37c4c7c500 Merge "Revert "[res] Allow accessing idmap files in all zygotes"" into main 2024-02-14 20:49:22 +00:00
Mikhail Naganov
8b69e5fd48 Add ro.audio.ihaladaptervendorextension_enabled property 
This property is used by libaudiohal@aidl to detect whether
the system_ext partition provides an instance of
IHalAdapterVendorExtension. This is a "system internal"
property because it belongs to `system_ext`.

Bug: 323989070
Test: atest audiorouting_test
Ignore-AOSP-First: coupled with Pixel change, will upstream
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:17406cd0a723cb89a03705709ec78d37b3d66042)
Merged-In: I81267da070958a70f2f3c4882718cac4600e3476
Change-Id: I81267da070958a70f2f3c4882718cac4600e3476
 2024-02-14 18:53:37 +00:00
Dennis Shen
6c8210da20 selinux setup for files under /metadata/aconfig dir 
1, /metadata/aconfig is the directory that stores aconfig storage
related protobuf files and flag value files boot copy. Grant read
access to everybody. But limit the write access only to init and
aconfig storage service process (to be created later)

2, /metadata/aconfig/flags is the sub directory that stores persistent
aconfig value files.Initially set it up to be accessible by
system_server process only . When aconfig storage service process is
created, will add another permission to storage service process.

Context to why we are hosting flag data on /metadata partition:

Android is adopting trunk stable workflow, flagging and A/B testing is
essential to every platform component. We need some place to host the
flag that are accessible to system processes that starts before /data
partition becomes available.

In addition, there has been a long discussion regarding utilizing
/metadata partition for some process data, another example is mainline
modules, we are trying to make them to be able to be mounted earlier,
but cannot due to /data availability.

Bug: 312444587
Test: m
Change-Id: I7e7dae5cf8c4268d71229c770af31b5e9f071428
 2024-02-14 17:56:29 +00:00
Patrick Baumann
7ee66a0391 Revert "[res] Allow accessing idmap files in all zygotes" 
This reverts commit 1195b5eb14.

Reason for revert: b/325161357

Change-Id: I7e6846791020938fb732311105e0f692c648a0f1
 2024-02-14 16:24:59 +00:00
Changyeon Jo
31a94f218a [automerger skipped] [RESTRICT AUTOMERGE] Allow dumpstate to make binder IPC to automotive display service am: d16bdc461f -s ours am: 41f83574eb -s ours 
am skip reason: skipped by inseob

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2960075

Change-Id: Icc415475c4be9d6024dfdfa02eb70e99760fd6ba
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-14 06:27:24 +00:00
Changyeon Jo
41f83574eb [automerger skipped] [RESTRICT AUTOMERGE] Allow dumpstate to make binder IPC to automotive display service am: d16bdc461f -s ours 
am skip reason: skipped by inseob

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2960075

Change-Id: I44f8d2b6ad20f33521b363781a843a5aa1d5cfed
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-14 05:03:04 +00:00
Yurii Zubrytskyi
940443d4df [res] Allow accessing idmap files in all zygotes am: 1195b5eb14 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2962670

Change-Id: I7eb51708ceca8b3dafdaf9dd65c0595cf801f432
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-14 04:20:01 +00:00
Yurii Zubrytskyi
1195b5eb14 [res] Allow accessing idmap files in all zygotes 
Resources now cache open idmap fds to speed up the up-to-date
checks, and this requires zygote processes to be able to access
them

Bug: 282215580
Test: atest android.text.cts.EmojiTest
Change-Id: I808be8a5d321a01193e7f76e316f5f64d4235753
 2024-02-14 02:04:55 +00:00
Seungjae Yoo
ec2735ac6a Allow appdomain to read dir and files under vendor_microdroid_file am: 01c4f57431 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2960542

Change-Id: Idd6fae593bbe92fd7b15500aa0ce3c3ff1bb0013
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-14 01:31:41 +00:00
Inseob Kim
ee509ccd48 Merge changes from topic "revert-2954994-revert-2952245-vfrc_as_tot_sepolicy-AMFGMLDWQF-IIRWTIICIK" into main am: d88d8959a8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2960346

Change-Id: Ifcee813c4dcbbe3ec133737e8532586e71a41f8e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-13 13:55:31 +00:00
Inseob Kim
ed15451e78 Revert^2 "Fix freeze test condition to board api" am: e28eb52f4e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2960345

Change-Id: Ifbc4f013eea02d908efdce8666057391fc3fcf30
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-13 13:55:25 +00:00
Seungjae Yoo
01c4f57431 Allow appdomain to read dir and files under vendor_microdroid_file 
For testing purpose, now we need to use microdroid vendor image for the
production due to vendor hashtree digest value comes from the
bootloader. In the past, we've used distinguished image file for testing
purpose, but we can't now.

Bug: 323768068
Test: atest MicrodroidTests#bootsWithVendorPartition
Test: atest MicrodroidBenchmarks#testMicrodroidDebugBootTime_withVendorPartition
Change-Id: Ic58e51466da0273cf27219d9228f33000e0ecb88
 2024-02-13 05:44:15 +00:00
Changyeon Jo
d16bdc461f [RESTRICT AUTOMERGE] Allow dumpstate to make binder IPC to automotive display service 
Bug: 280837170
Bug: 313360015
Test: atest android.security.cts.SELinuxHostTest#testNoBugreportDenials
Change-Id: I8239ba23bb60b95e7dd07a4c8a99167f1e08192b
(cherry picked from commit 152a2f1755)
 2024-02-13 05:16:32 +00:00
Inseob Kim
d88d8959a8 Merge changes from topic "revert-2954994-revert-2952245-vfrc_as_tot_sepolicy-AMFGMLDWQF-IIRWTIICIK" into main 
* changes:
  Revert^2 "Add 1000000.0 mapping file temporarily"
  Revert^2 "Fix freeze test condition to board api"
 2024-02-13 04:02:36 +00:00
Inseob Kim
e28eb52f4e Revert^2 "Fix freeze test condition to board api" 
f3fad1a66b

Change-Id: I19b36342de003a32a2c76fb513382f1b34cf5a7e
 2024-02-13 02:19:48 +00:00
Inseob Kim
e41e95e0ea Revert^2 "Add 1000000.0 mapping file temporarily" 
82126e9d77

Change-Id: Ia2ef237d9918532f24cd00688ae2bc15196123e9
 2024-02-13 02:19:24 +00:00
Treehugger Robot
5ce39158f3 Merge "Add rules for Perfetto to be used from system_server" into main am: f80a830b32 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2958867

Change-Id: Ie3a299620a9aa99c92bde99bd27ea72fdade9a69
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-12 20:59:08 +00:00
Nate Myren
0980c27aef Merge "Remove mounton from app and web zygote" into main am: a8f2bbf7c2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2947925

Change-Id: I4143393154c2850cd4891420d0dc0eddcca0e3ab
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-12 20:58:29 +00:00
Treehugger Robot
f80a830b32 Merge "Add rules for Perfetto to be used from system_server" into main 2024-02-12 20:51:16 +00:00
Nate Myren
a8f2bbf7c2 Merge "Remove mounton from app and web zygote" into main 2024-02-12 20:13:33 +00:00
Carmen Jackson
28b811df1c Add rules for Perfetto to be used from system_server 
This includes rules for starting Perfetto as well as rules for
communicating over stdio between Perfetto and system_server.

Bug: 293957254
Test: Presubmit & tested in conjunction with internal change
Change-Id: I7e4c044a6a2afb48c33d65cc421e797d77aacc12
 2024-02-12 18:33:32 +00:00
Carlos Galo
34b93f22b7 lmkd: Add ro.lmkd.direct_reclaim_threshold_ms property policies 
Add policies to control ro.lmkd.direct_reclaim_threshold_ms lmkd property.

Test: m
Bug: 244232958
Change-Id: Ic2438a17569ef12925c45ee2f15a05449c77f205
Signed-off-by: Carlos Galo <carlosgalo@google.com>
 2024-02-12 09:37:00 -08:00
Yisroel Forta
f86fab0d6d Merge "SELinux permissions for ProfilingService" into main am: e510cb8696 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2955343

Change-Id: Id393a7cdbcbb82d767b2457c33daf2c96c5bead7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-12 14:51:42 +00:00
Yisroel Forta
e510cb8696 Merge "SELinux permissions for ProfilingService" into main 2024-02-12 14:22:31 +00:00
Håkan Kvist
a0787ed434 remount: allow bootanimation to run animation from oem am: e38af22c5e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2953101

Change-Id: Iba084fd08b2d1312d39a21970cccc2894a6e9a1c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-12 12:23:27 +00:00
Yisroel Forta
aa9d0bf24c SELinux permissions for ProfilingService 
Test: Presubmit, manually confirm service accessible
Bug: 293957254
Change-Id: I7103be95ff49eb87b4c7164a38a481034d72a9aa
 2024-02-09 19:25:32 +00:00
Håkan Kvist
e38af22c5e remount: allow bootanimation to run animation from oem 
Grant bootanimation all read permissions on oem using
r_dir_file macro instead of specifying individual permissions.

This prevents failure to read the bootanimation on oem if
partition has been remounted.

After remount, bootanimation will log violation for the
/oem/media directory when reading an existing file (boot animation can
is still played).
avc:  denied  { read } for  pid=2820 comm="bootanimation" name="media"
   dev="sda75" ino=152 scontext=u:r:bootanim:s0
   tcontext=u:object_r:oemfs:s0 tclass=dir permissive=0

After remount, if modifying/adding file in /oem/media directory,
bootanimation will fail to read the bootanimation zip, now with
violation:
avc:  denied  { read } for  pid=2838 comm="bootanimation" name="media"
   dev="dm-8" ino=70 scontext=u:r:bootanim:s0 tcontext=u:object_r:oemfs:s0
   tclass=dir permissive=0

Bug: 324437684
Test: adb remount
      replace /oem/media/bootanimation.zip with custom animation
      adb reboot
      confirm that expected bootanimation is played
      confirm no selinux violations are seen in logcat
Change-Id: Iaafdeeacaf88d8f5c1214700edc8eec2824b0159
 2024-02-09 16:09:05 +01:00
Jiakai Zhang
59bb9008fd Merge "Update sepolicy for service dexopt_chroot_setup and artd_pre_reboot." into main am: 95d371bcfd 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2939419

Change-Id: I75166873b4baa3d781ebb0b7055f9f42b8a5dd1e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-09 03:29:50 +00:00
Jiakai Zhang
95d371bcfd Merge "Update sepolicy for service dexopt_chroot_setup and artd_pre_reboot." into main 2024-02-09 02:52:58 +00:00
mrulhania
faaec9dd3a Add SELinux policy for ContentProtectionManagerService am: 9a7700cd46 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2952703

Change-Id: Ib8beac88752e6c4576bc177553c33c82df5b1026
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-09 00:41:43 +00:00
mrulhania
9a7700cd46 Add SELinux policy for ContentProtectionManagerService 
Bug: 324348549
Test: build
Change-Id: Ieb319ed033d2fdb18cf76107c44cd6357221ecc4
 2024-02-08 19:56:49 +00:00
Ikjoon Jang
b1019e8d42 Merge changes from topic "revert-2952245-vfrc_as_tot_sepolicy-AMFGMLDWQF" into main am: 1c9aa0cb18 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2954993

Change-Id: I881e04fb8c0b6195846f35c37b62ae4b5be0e123
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-08 04:50:50 +00:00
Ikjoon Jang
f0f530be1f Revert "Add 1000000.0 mapping file temporarily" am: 82126e9d77 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2954992

Change-Id: I0b34dc883d9a87e38f6a9932b52cbbd5cf39a7b6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-08 04:50:47 +00:00
Ikjoon Jang
1c9aa0cb18 Merge changes from topic "revert-2952245-vfrc_as_tot_sepolicy-AMFGMLDWQF" into main 
* changes:
  Revert "Fix freeze test condition to board api"
  Revert "Add 1000000.0 mapping file temporarily"
 2024-02-08 04:47:21 +00:00
Ikjoon Jang
f3fad1a66b Revert "Fix freeze test condition to board api" 
Revert submission 2952245-vfrc_as_tot_sepolicy

Reason for revert: DroidMonitor-triggered revert due to breakage https://android-build.corp.google.com/builds/quarterdeck?branch=git_main&target=mainline_modules_arm64-mainline-userdebug&lkgb=11421838&lkbb=11421957&fkbb=11421841, b/324335916

Reverted changes: /q/submissionid:2952245-vfrc_as_tot_sepolicy

Bug: 324335916
Change-Id: Iada55b1298872ae2f2ff4112726dcbcd089597f1
 2024-02-08 04:45:26 +00:00
Ikjoon Jang
82126e9d77 Revert "Add 1000000.0 mapping file temporarily" 
Revert submission 2952245-vfrc_as_tot_sepolicy

Reason for revert: DroidMonitor-triggered revert due to breakage https://android-build.corp.google.com/builds/quarterdeck?branch=git_main&target=mainline_modules_arm64-mainline-userdebug&lkgb=11421838&lkbb=11421957&fkbb=11421841, b/324335916

Reverted changes: /q/submissionid:2952245-vfrc_as_tot_sepolicy

Bug: 324335916
Change-Id: I9375f4d467596bc961527216b3f68c0f21016ca3
 2024-02-08 02:54:29 +00:00
Jiakai Zhang
817c49f74c Update sepolicy for service dexopt_chroot_setup and artd_pre_reboot. 
Bug: 311377497
Test: manual - Call
  getDexoptChrootSetupServiceRegisterer().waitForService()
Test: manual - Set up a chroot environment and call
  getArtdPreRebootServiceRegisterer().waitForService()
Change-Id: I50b5f7f858dab37f05174cb9787f64303d50d083
 2024-02-08 10:13:27 +08:00
Jooyung Han
92e41b06dc Merge "Check if ./bin entries are not vendor_file" into main am: 41e786ae48 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2953009

Change-Id: I5fa1c0c34ab2b39e220415ca607d0cc6e87a24d2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-08 01:59:00 +00:00
Jooyung Han
41e786ae48 Merge "Check if ./bin entries are not vendor_file" into main 2024-02-08 01:33:07 +00:00