Since this rule does read the networkstack key.
Bug: 130111713
Test: treehugger
Test: run this on RBE, which only exposes the source files depended upon
Change-Id: Ib4c7e0680158e7892c062f00fe64c2da4195da2b
Track the removal of time zone data files from the runtime mainline module.
Bug: 132168458
Test: build / boot only
Change-Id: I67e596e4da2b23726c36866ff1648a833d2853c7
Although this may appear very permissive, it ok since the current allow
rule already gives every domain access to /dev/ashmem.
Change-Id: I1f121a3c6a911819b2c3e0605a0544a039cb5503
Bug: 134161662
Test: Check logcat for Sepolicy denials (logcat -d | grep shmem)
This is needed now that libfiemap_writer reads from dm/name to find
device-mapper names.
Bug: 134536978
Test: gsi_tool install
Change-Id: I10e1234f2ea39c92b43ace97fa76878358dfc476
This set of patches adds a way for the perfetto command line client to
save a trace to a hardcoded location,
/data/misc/perfetto-traces/incident-trace, and call into incidentd to
start a report, which will include said trace in a new section.
This is not a long-term solution, and is structured to minimize changes
to perfetto and incidentd. The latter is currently architected in a way
where it can only pull pre-defined information out of the system, so
we're resorting to persisting the intermediate results in a hardcoded
location.
This will introduce at most two more linked files at the same time.
Bug: 130543265
Bug: 134706389
Tested: manually on crosshatch-userdebug
Merged-In: I2aa27e25f0209b3a5cdf5d550d0312693932b808
Change-Id: I2aa27e25f0209b3a5cdf5d550d0312693932b808
(cherry picked from commit ce3a33ff18)
BOARD_SEPOLICY_DIRS is deprecated and references should be updated.
Signed-off-by: Felix <google@ix5.org>
Change-Id: I063940a63256a881206740e8a7ecae215f3a5ca8
bug_map is not picked up correctly when BOARD_VENDOR_SEPOLICY_DIRS is
used. And BOARD_SEPOLICY_DIRS is deprecated.
Test: m selinux_policy
Change-Id: I1dcc6ac6f7b6d0f41f29d5894bef81f3fbf841e6
This set of patches adds a way for the perfetto command line client to
save a trace to a hardcoded location,
/data/misc/perfetto-traces/incident-trace, and call into incidentd to
start a report, which will include said trace in a new section.
This is not a long-term solution, and is structured to minimize changes
to perfetto and incidentd. The latter is currently architected in a way
where it can only pull pre-defined information out of the system, so
we're resorting to persisting the intermediate results in a hardcoded
location.
This will introduce at most two more linked files at the same time.
Bug: 130543265
Bug: 134706389
Tested: manually on blueline-userdebug
Change-Id: I2aa27e25f0209b3a5cdf5d550d0312693932b808
We want "vendor domain" which is referred to as { domain -coredomain
-appdomain }, to behave the same on user vs userdebug builds.
Bug: 134161662
Test: m selinux_policy / Check logcat for denials
Change-Id: If6757c820ed657ba2b70263bb546a456adcc7cff
am: 74c4220074 -s ours
am skip reason: change_id I3e091652fa8d1757b1f71f7559186d5b32f000d5 with SHA1 94b7372534 is in history
Change-Id: I88136b522be57d54dd3b198f30efde621efb6822
Steps taken to produce the mapping files:
1. Add prebuilts/api/29.0/[plat_pub_versioned.cil|vendor_sepolicy.cil]
plat_pub_versioned.cil contains all public attributes and types from Q
Leave vendor_sepolicy.cil is empty.
2. Add new file private/compat/29.0/29.0.cil by doing the following:
- copy /system/etc/selinux/mapping/29.0.cil from pi-dev aosp_arm64-eng
device to private/compat/29.0/29.0.cil
- remove all attribute declaration statement (typeattribute ...) and
sort lines alphabetically
- some selinux types were added/renamed/deleted w.r.t 29 sepolicy.
Find all such types using treble_sepolicy_tests_29.0 test.
- for all these types figure out where to map them by looking at
28.0.[ignore.]cil files and add approprite entries to 29.0.[ignore.]cil.
This change also enables treble_sepolicy_tests_29.0 and installs
29.0.cil mapping file onto the device.
Bug: 133155528
Bug: 133196056
Test: m treble_sepolicy_tests_29.0
Test: m 29.0_compat_test
Test: m selinux_policy
Change-Id: I9e83e9bf118c8b8f8fcf84d5c0dcb6eb588e0d55
I took current AOSP policy as base, then removed sepolicy so that the
set of type and attributes was a subset of types and attributes in Q
sepolicy, with exception of those that have not yet been cleand up in
current AOSP:
mediaswcodec_server
netd_socket
mediaextractor_update_service
thermalserviced
thermalserviced_exec
Bug: 133196056
Test: n/a
Change-Id: I863429d61d3fad0272c1d3f1e429cd997513a74a
Merged-In: I3e091652fa8d1757b1f71f7559186d5b32f000d5
