tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
47502 commits 1 branch 0 tags 50 MiB
Commit graph

47502 commits

This branch
This branch
All branches
Author SHA1 Message Date
Inseob Kim
f5394252fe Merge changes from topic "vfrc_as_tot_sepolicy" into main am: 569241f82f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2912752

Change-Id: I42a8d4ca624df3b6d93dfc95d64712cbb80d728e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-08 01:22:42 +00:00
Inseob Kim
34a3196557 Fix freeze test condition to board api am: 7a235a4d9d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2912751

Change-Id: Iaab712286501ca99607f7543dd891c246c293cbb
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-08 01:22:38 +00:00
Inseob Kim
569241f82f Merge changes from topic "vfrc_as_tot_sepolicy" into main 
* changes:
  Add 1000000.0 mapping file temporarily
  Fix freeze test condition to board api
 2024-02-08 01:12:47 +00:00
Robert Shih
0f486059b0 Allow dumpsys on user builds 
Bug: 320403913
Test: adb shell dumpsys android.hardware.drm.IDrmFactory/clearkey
Change-Id: Ibc8214dac63558b5bbf886b25607f36e293d3e8d
 2024-02-07 18:35:51 +00:00
Nikhil Bhanu
c7b99fbf76 Merge "Add property for enabling stereo spatialization" into main am: 67c12aa98d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2951223

Change-Id: Iedb7747a9d0fd1818abc161b2e6d545434c56450
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-07 17:09:10 +00:00
Nikhil Bhanu
67c12aa98d Merge "Add property for enabling stereo spatialization" into main 2024-02-07 16:41:01 +00:00
Jooyung Han
c945a104c0 Check if ./bin entries are not vendor_file 
This can detect a common mistake of not labeling binaries in APEX.

Note - we can't simply check if the lable has exec_type attribute
because there're many exceptions.

Bug: 324005965
Test: atest apex_sepolicy_tests_test
Change-Id: Ib643e8b73fac1a3b8851804e58e69b19d32b997d
 2024-02-07 16:26:25 +09:00
Treehugger Robot
ef4bd550ee Merge "Changes in SELinux Policy for CSS API" into main am: 49a519234b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2819838

Change-Id: I4cfa495bdeae5c048a6f5bf6b308de21c2e40ca7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-06 21:05:13 +00:00
Treehugger Robot
49a519234b Merge "Changes in SELinux Policy for CSS API" into main 2024-02-06 20:28:45 +00:00
Nikhil Bhanu
977260767a Add property for enabling stereo spatialization 
Bug: 323223919
Test: manual
Change-Id: I49d12bfc878ec63d8fe036880033e1c309961430
 2024-02-06 08:52:42 -08:00
Justin Yun
d6a43bcb89 Set ro.llndk.api_level as a system prop am: 385d5099cf 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2952405

Change-Id: I29fca56cdb6fe33c2b302be5859dbe86713aef18
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-06 07:24:46 +00:00
Justin Yun
385d5099cf Set ro.llndk.api_level as a system prop 
ro.llndk.api_level is included in system/build.prop.
It must have the system build_prop context instead of the vendor prop.

Bug: 312098788
Test: TH
Change-Id: I223ae2cd56490a2cfd6f6454ad685d23d90d9329
 2024-02-06 13:55:52 +09:00
David Dai
ef608892b8 Merge "Allow CAP_SYS_NICE for crosvm" into main am: 8a216be443 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2945565

Change-Id: I5bf6d0890878da75a9ae77566b1f9d1ff6a3fcdb
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-05 23:10:10 +00:00
David Dai
8a216be443 Merge "Allow CAP_SYS_NICE for crosvm" into main 2024-02-05 22:20:13 +00:00
Jooyung Han
786f91880a Merge "Add hal_graphics_mapper_service type" into main am: d4ae4c1165 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2928071

Change-Id: I5de03cbe4546badfabadce7861ef9b757999153f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-05 21:44:48 +00:00
Jooyung Han
d4ae4c1165 Merge "Add hal_graphics_mapper_service type" into main 2024-02-05 21:02:15 +00:00
David Dai
7066a961bd Allow CAP_SYS_NICE for crosvm 
Open up CAP_SYS_NICE policies so that crosvm can adjust uclamp on its
vCPU threads to provide a boost in performance.

Bug: 322197421
Test: Booted device and processes that checked that the correct
capabilites are given with no sepolicy denials.

Change-Id: I089bf26caf862c32e85440575800bb095bb9087b
Signed-off-by: David Dai <davidai@google.com>
 2024-02-05 11:14:53 -08:00
Alan Stokes
dc589e9e66 Merge "Suppress spurious ipc_lock denials" into main am: e01e8d5595 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2944165

Change-Id: I43a7872c74237b3d7a734a26b4cab2c705ddc3aa
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-05 10:19:30 +00:00
Alan Stokes
e01e8d5595 Merge "Suppress spurious ipc_lock denials" into main 2024-02-05 09:37:52 +00:00
Jooyung Han
952673da5b Add hal_graphics_mapper_service type 
This is used for mapper sphal library which is defined in VINTF and
queried via servicemanager.

Bug: 317178925
Test: cuttlefish loads mapper.minigbm
Change-Id: Ibddc0239e52065a89c656f885f34835406665009
 2024-02-05 18:14:53 +09:00
Nate Myren
ef856207af Remove mounton from app and web zygote 
These aren't necessary for app compat overrides

Change-Id: Ie210a6487a80ef4fa618beedef0d957d79c7d38a
Fixes: 319616964
Test: presubmit
 2024-02-02 22:29:55 +00:00
Harshit Mahajan
48c1888db7 Merge "Revert^2 "Adding sepolicy rules for CrashRecoveryProperties"" into main am: d02643a3ed 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2943945

Change-Id: I34af98e454e3f87b553c96dd7920d79df6a62853
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-02 17:01:02 +00:00
Harshit Mahajan
d02643a3ed Merge "Revert^2 "Adding sepolicy rules for CrashRecoveryProperties"" into main 2024-02-02 16:24:56 +00:00
Hansen Kurli
00ceacf706 Merge "Remove all sepolicy relating to ppp/mtp." into main am: 34ee0b5da3 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2849358

Change-Id: Ib1e0f836c448abfc872e4e6d93ea5333ff744bcb
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-02 05:34:56 +00:00
Hansen Kurli
34ee0b5da3 Merge "Remove all sepolicy relating to ppp/mtp." into main 2024-02-02 05:16:37 +00:00
Carlos Galo
e7c0b7d7fa Merge "system_server: remove access to proc/memhealth/*" into main am: 878f7f1795 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2945507

Change-Id: Ice66b2aa79d2095a4061ed8455a179b43b633e46
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-02 05:14:08 +00:00
Carlos Galo
878f7f1795 Merge "system_server: remove access to proc/memhealth/*" into main 2024-02-02 04:26:54 +00:00
Peter Lee
038885a77c Modify SELinux rules to allow vold to use the keymaster HAL directly. am: b1c857c824 am: 769bbce026 am: d3db89de5b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2929772

Change-Id: Ib0af68b1877fd3e4a49fa5ce71b8d57ce1f3645c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-01 23:48:34 +00:00
Carlos Galo
4a9f07fe21 system_server: remove access to proc/memhealth/* 
Memhealth driver has been removed from all android kernels.

Test: m
Bug: 315560026
Change-Id: Ia4f91bde3a999a490b42b57abcd521ff9cc94633
Signed-off-by: Carlos Galo <carlosgalo@google.com>
 2024-02-01 23:40:25 +00:00
Peter Lee
d3db89de5b Modify SELinux rules to allow vold to use the keymaster HAL directly. am: b1c857c824 am: 769bbce026 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2929772

Change-Id: I6d9e77b0889fad22a6006972a1ba90ecd87fba8f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-01 23:08:23 +00:00
Dan Shi
f6477f4f03 Merge "Revert "audio: Provide a default implementation of IHalAdapterVe..."" into main am: b230f4f10c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2944648

Change-Id: I0ebc9160853d628eb184c53ffff580717fca2137
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-01 22:25:09 +00:00
Peter Lee
769bbce026 Modify SELinux rules to allow vold to use the keymaster HAL directly. am: b1c857c824 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2929772

Change-Id: I89c192fc02b8bb215cc52b8a4091930896595b21
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-01 22:24:27 +00:00
Dan Shi
b230f4f10c Merge "Revert "audio: Provide a default implementation of IHalAdapterVe..."" into main 2024-02-01 21:57:51 +00:00
Yuyang Huang
05001e214b Merge "Add system property bluetooth.sco.managed_by_audio" into main am: ec4196e1b7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2929416

Change-Id: If0d4c79a9e81856eee0233d573fe08a02daa283f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-01 21:50:00 +00:00
Inseob Kim
9a9f6fe7a0 [automerger skipped] Remove hal_face_service virtual entry am: f447f4a624 -s ours am: ff3e91727c -s ours 
am skip reason: Merged-In I1f61b687be4abe53c62c21769fb57dc9cf9daf45 with SHA-1 fb5d221b27 is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2935110

Change-Id: Idee2c25fb6671222b6a76e300cf7f1e4aabbfb87
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-01 21:44:33 +00:00
Mikhail Naganov
1460db3c7c Merge "audio: Provide a default implementation of IHalAdapterVendorExtension" into main am: c301f8ef3d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2930452

Change-Id: I78f36755805b4cfc220a92b4b779aa7e8c3a7f44
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-01 21:44:09 +00:00
Yuyang Huang
ec4196e1b7 Merge "Add system property bluetooth.sco.managed_by_audio" into main 2024-02-01 21:32:46 +00:00
Jeffrey Vander Stoep
a8a8cf9bac Merge "sepolicy: Grant hal_bluetooth_server to access tcp sockets" into main am: b3eeec1ac9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2899112

Change-Id: I813d09047c6cc81e273b556e42fe6f35efbdc098
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-01 21:30:49 +00:00
Jeffrey Vander Stoep
cbc0d73a19 Merge "sepolicy: Grant hal_bluetooth_server to access udp_socket" into main am: d3f08120bc 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2876771

Change-Id: Iee5bd4dd2adc6567b7f2e951e8556fcd8cbaf728
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-01 21:30:36 +00:00
Bubble Fang
484e50f68b Merge "Revert "Adding sepolicy rules for CrashRecoveryProperties"" into main am: e12fc98b59 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2943267

Change-Id: Iee5d52063db352425c217e3dc809ad9af017037c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-01 21:29:51 +00:00
Treehugger Robot
f610ab2296 Merge "Use /proc/device-tree for reading AVF DT" into main am: bb1c62ca16 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2938000

Change-Id: If0b9b806b163a26fcde5e2a2925d5421b25aad0f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-01 21:27:01 +00:00
Harshit Mahajan
af573353d3 Merge "Adding sepolicy rules for CrashRecoveryProperties" into main am: fedcb415a7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2931990

Change-Id: I79bfa1189aaa4406021d86101e4ac1ec4605c1fd
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-01 21:26:19 +00:00
Dan Shi
0ad6f6bdd6 Revert "audio: Provide a default implementation of IHalAdapterVe..." 
Revert submission 2929484-fix-b-321651892-ihaladapter

Reason for revert: possible cause of b/323385784

Reverted changes: /q/submissionid:2929484-fix-b-321651892-ihaladapter

Change-Id: I9664f8f9dd6eec159be7fbf3b148a12d44cef582
 2024-02-01 19:32:34 +00:00
Inseob Kim
ff3e91727c [automerger skipped] Remove hal_face_service virtual entry am: f447f4a624 -s ours 
am skip reason: Merged-In I1f61b687be4abe53c62c21769fb57dc9cf9daf45 with SHA-1 fb5d221b27 is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2935110

Change-Id: Ia809efc5132a240185d8f954215aaaa5ff40cf2f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-01 17:26:12 +00:00
Alan Stokes
aeab04ffcd Suppress spurious ipc_lock denials 
When running a VM from a root shell (e.g. via vm_shell), we see
frequent ipc_lock denials:

avc: denied { ipc_lock } for comm="crosvm" capability=14
scontext=u:r:crosvm:s0 tcontext=u:r:crosvm:s0 tclass=capability
permissive=0

These don't appear for non-root crosvm, and don't prevent the VM from
working. Suppress them to reduce log spam.

Test: Run vm_shell
Change-Id: I3b68ca9e3f15709a1f0fce285ba8916419ee82e8
 2024-02-01 17:01:20 +00:00
Mikhail Naganov
c301f8ef3d Merge "audio: Provide a default implementation of IHalAdapterVendorExtension" into main 2024-02-01 16:48:06 +00:00
Harshit Mahajan
7740a47b34 Revert^2 "Adding sepolicy rules for CrashRecoveryProperties" 
This reverts commit f76b3cf07a.

Reason for revert: This part is not causing failures

Change-Id: I3c01877f7473f35552e43433c069664276a99067
 2024-02-01 13:00:46 +00:00
Jeffrey Vander Stoep
b3eeec1ac9 Merge "sepolicy: Grant hal_bluetooth_server to access tcp sockets" into main 2024-02-01 10:07:34 +00:00
Jeffrey Vander Stoep
d3f08120bc Merge "sepolicy: Grant hal_bluetooth_server to access udp_socket" into main 2024-02-01 10:07:20 +00:00
Bubble Fang
e12fc98b59 Merge "Revert "Adding sepolicy rules for CrashRecoveryProperties"" into main 2024-02-01 08:44:38 +00:00