tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
42574 commits 1 branch 0 tags 50 MiB
Commit graph

42574 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jooyung Han
1cc8e33941 Remove unused def am: 49bd2148a4 am: 77eeabfc46 am: 3946eb0a08 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2519756

Change-Id: Ibc53dd7293e4ac6bdd570016e27c4f35553d4d35
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-03 10:22:43 +00:00
Jooyung Han
3946eb0a08 Remove unused def am: 49bd2148a4 am: 77eeabfc46 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2519756

Change-Id: I8f7a8aec2910975822461410c23d2c9d526ff2b8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-03 09:52:20 +00:00
Jooyung Han
77eeabfc46 Remove unused def am: 49bd2148a4 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2519756

Change-Id: I14dba01f3f34a43f9369aa92c0a0fd9d8c4e32fb
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-03 09:23:07 +00:00
Jooyung Han
49bd2148a4 Remove unused def 
Bug: n/a
Test: m
Change-Id: I7d35c6395b4e956e2d6e34e38749a3bf21af81e1
 2023-04-03 15:21:32 +09:00
Treehugger Robot
3280726c25 Merge "Use kernel sys/fs/fuse/features/fuse_bpf flag to enable fuse_bpf" am: f784149627 am: 26860bbe17 am: a1388cb703 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2464374

Change-Id: Id7c96227804fb226f961f644bdd24198d44f24e4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-31 23:57:41 +00:00
Treehugger Robot
a1388cb703 Merge "Use kernel sys/fs/fuse/features/fuse_bpf flag to enable fuse_bpf" am: f784149627 am: 26860bbe17 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2464374

Change-Id: I85826d363554317743a4b71b93c164e28d659a7d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-31 23:24:33 +00:00
Treehugger Robot
26860bbe17 Merge "Use kernel sys/fs/fuse/features/fuse_bpf flag to enable fuse_bpf" am: f784149627 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2464374

Change-Id: I09e4ac9478650a4c3b33395b9703514d11dd6590
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-31 22:55:14 +00:00
Treehugger Robot
f784149627 Merge "Use kernel sys/fs/fuse/features/fuse_bpf flag to enable fuse_bpf" 2023-03-31 22:29:31 +00:00
Jiakai Zhang
2d0d80ae7f Merge "Allow system server to set dynamic ART properties." am: 326d35c04b am: 1502d1e604 am: afd4aee92d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2513825

Change-Id: Ibe28079aa1641ee7503d2de375eb41b1c4b81e45
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-31 15:37:27 +00:00
Jiakai Zhang
afd4aee92d Merge "Allow system server to set dynamic ART properties." am: 326d35c04b am: 1502d1e604 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2513825

Change-Id: I0c458ea55437e5f92ebf4abde13cc143099d36ff
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-31 15:07:06 +00:00
Jiakai Zhang
1502d1e604 Merge "Allow system server to set dynamic ART properties." am: 326d35c04b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2513825

Change-Id: Ie73dabdb8090bfe7a72e1f8c59d91c3f00d62a43
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-31 14:36:30 +00:00
Jiakai Zhang
326d35c04b Merge "Allow system server to set dynamic ART properties." 2023-03-31 14:02:56 +00:00
Jiakai Zhang
22fb5c7d24 Allow system server to set dynamic ART properties. 
This change gives a new type (dalvik_dynamic_config_prop) to some ART
properties such as dalvik.vm.dex2oat-cpu-set and adds a new rule to
allow system server to set them.

Bug: 274530433
Test: Locally added some code to set those properties and saw it being
  successfull.
Change-Id: Ie28602e9039b7647656594ce5c184d29778fa089
 2023-03-31 11:46:05 +01:00
Steven Moreland
f03a315d26 Merge "Introduce vm_manager_device_type for crosvm" am: ccbe862858 am: 5c9967917f am: 18e43c6efa 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2506662

Change-Id: I6de6c83be7f2a138b219da4e77b9b830064139a1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-30 17:42:04 +00:00
Treehugger Robot
32ab1929d4 Merge "Allow EVS HAL to access graphics related properties" am: c5da4fc2b9 am: 55319b0e16 am: 9f2f78f2b0 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2500383

Change-Id: I29738e62c4fbef9852aad57ffe10cd3a11bc92a7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-30 17:40:47 +00:00
Primiano Tucci
31a96f152b Merge "Allow perfetto to write into perfetto_traces_bugreport_data_file" am: 252956dc37 am: 6542540b06 am: 1c59415ec2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2327644

Change-Id: I720e9c50fe56a41764403a006e773ff70e7b89bd
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-30 17:36:00 +00:00
Steven Moreland
18e43c6efa Merge "Introduce vm_manager_device_type for crosvm" am: ccbe862858 am: 5c9967917f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2506662

Change-Id: I7816e16fd02e55a5b7cadc26232beab1d093cc25
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-30 17:34:53 +00:00
Treehugger Robot
9f2f78f2b0 Merge "Allow EVS HAL to access graphics related properties" am: c5da4fc2b9 am: 55319b0e16 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2500383

Change-Id: Ie711614e467c44705f92ce31000dc400c1da8712
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-30 17:17:42 +00:00
Steven Moreland
5c9967917f Merge "Introduce vm_manager_device_type for crosvm" am: ccbe862858 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2506662

Change-Id: I2372a6ab50e8e1563e5794460562d0e38acdb63c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-30 17:11:02 +00:00
Primiano Tucci
1c59415ec2 Merge "Allow perfetto to write into perfetto_traces_bugreport_data_file" am: 252956dc37 am: 6542540b06 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2327644

Change-Id: If6801d4be265445034aa9b0b298b7724b37671cf
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-30 17:02:08 +00:00
Treehugger Robot
55319b0e16 Merge "Allow EVS HAL to access graphics related properties" am: c5da4fc2b9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2500383

Change-Id: Ie7095f27114f70a9b49a9b49aa25df09aebdfa62
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-30 16:38:48 +00:00
Primiano Tucci
6542540b06 Merge "Allow perfetto to write into perfetto_traces_bugreport_data_file" am: 252956dc37 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2327644

Change-Id: I4c521518fbdd67862310ab54cc8c83d47b049940
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-30 16:35:37 +00:00
Steven Moreland
ccbe862858 Merge "Introduce vm_manager_device_type for crosvm" 2023-03-30 15:57:43 +00:00
Treehugger Robot
c5da4fc2b9 Merge "Allow EVS HAL to access graphics related properties" 2023-03-30 02:26:28 +00:00
Primiano Tucci
252956dc37 Merge "Allow perfetto to write into perfetto_traces_bugreport_data_file" 2023-03-29 17:25:59 +00:00
Elliot Berman
ae5869abf4 Introduce vm_manager_device_type for crosvm 
Introduce hypervisor-generic type for VM managers:
vm_manager_device_type.

Bug: 274758531
Change-Id: I0937e2c717ff973eeb61543bd05a7dcc2e5dc19c
Suggested-by: Steven Moreland <smoreland@google.com>
Signed-off-by: Elliot Berman <quic_eberman@quicinc.com>
 2023-03-29 10:19:06 -07:00
Nikita Ioffe
8c6c971b75 Merge "Add domain level neverallow to restrict access to ptrace" am: 1b4e9393d3 am: 41d6edd0e7 am: e63a597a47 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2505897

Change-Id: I9a6eb11e53ee60de60db6e6fc7fd9349c03f9540
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-29 13:05:22 +00:00
Nikita Ioffe
e63a597a47 Merge "Add domain level neverallow to restrict access to ptrace" am: 1b4e9393d3 am: 41d6edd0e7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2505897

Change-Id: I9a4cfaafff462a2fe8a0b77e6cfed13e147f68e7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-29 12:35:52 +00:00
Nikita Ioffe
41d6edd0e7 Merge "Add domain level neverallow to restrict access to ptrace" am: 1b4e9393d3 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2505897

Change-Id: I89b2a8b69e9884ac1bf0e3e3c375219aa8905fd5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-29 12:05:37 +00:00
Nikita Ioffe
1b4e9393d3 Merge "Add domain level neverallow to restrict access to ptrace" 2023-03-29 11:46:26 +00:00
Treehugger Robot
1b51c1f8e1 Merge "Add sepolicy rules for CpuMonitorService." am: 1ab1f7cd01 am: dac8bace6d am: c202f26753 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2497975

Change-Id: I5dbbd3d496afc934e1f3c4fb3253f857b3df1aac
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-28 22:13:51 +00:00
Maciej Żenczykowski
096286d041 Merge "netd/netutils_wrapper/network_stack/system_server - allow getattr on bpf progs/maps" am: 8cd6e1569e am: 3ef679de95 am: 6ceb6ad71d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2509787

Change-Id: I9ceabad3e7842c5d090c01aeaf643aac6bc8a9c7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-28 22:13:33 +00:00
Treehugger Robot
c202f26753 Merge "Add sepolicy rules for CpuMonitorService." am: 1ab1f7cd01 am: dac8bace6d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2497975

Change-Id: I567cc5450201ff7336b74a0bfb377df43d02e9a8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-28 21:34:49 +00:00
Maciej Żenczykowski
6ceb6ad71d Merge "netd/netutils_wrapper/network_stack/system_server - allow getattr on bpf progs/maps" am: 8cd6e1569e am: 3ef679de95 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2509787

Change-Id: I62ad7b3be28ec04bca16e264749fdd0dbdf08978
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-28 21:34:33 +00:00
Treehugger Robot
dac8bace6d Merge "Add sepolicy rules for CpuMonitorService." am: 1ab1f7cd01 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2497975

Change-Id: I91e88b5e3dbe4b056a3d140ad8b9186624318638
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-28 21:11:50 +00:00
Treehugger Robot
1ab1f7cd01 Merge "Add sepolicy rules for CpuMonitorService." 2023-03-28 21:02:14 +00:00
Maciej Żenczykowski
3ef679de95 Merge "netd/netutils_wrapper/network_stack/system_server - allow getattr on bpf progs/maps" am: 8cd6e1569e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2509787

Change-Id: I53af7ec1d6c9b6f4768b3c08b690f55613908831
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-28 20:54:20 +00:00
Steven Moreland
fba21cc3ba Merge "remove iorapd from sepolicy" am: f7fa8ead83 am: 459d8edaf0 am: 7b6d873852 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2493275

Change-Id: I2e88f178c07a7bd1124a809c1747786492884734
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-28 20:54:02 +00:00
Maciej Żenczykowski
8cd6e1569e Merge "netd/netutils_wrapper/network_stack/system_server - allow getattr on bpf progs/maps" 2023-03-28 20:26:57 +00:00
Steven Moreland
7b6d873852 Merge "remove iorapd from sepolicy" am: f7fa8ead83 am: 459d8edaf0 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2493275

Change-Id: Icae9969b6ebd9471fddbe1ebe540629aeb0f2210
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-28 20:25:12 +00:00
Steven Moreland
459d8edaf0 Merge "remove iorapd from sepolicy" am: f7fa8ead83 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2493275

Change-Id: I65d7f57cc405f062c367fa8729f59c4a3e4f42c1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-28 19:55:58 +00:00
Steven Moreland
f7fa8ead83 Merge "remove iorapd from sepolicy" 2023-03-28 19:32:32 +00:00
Primiano Tucci
4b8710389f Allow perfetto to write into perfetto_traces_bugreport_data_file 
We are changing the --save-for-bugreport feature and moving
the file opening/write from the traced service to the perfetto
cmdline client.
This is as part of a bigger refactor to simplify the API surface
in view of non-destructive snapshots of trace buffers.
Add matching sepolicies to perfetto.te

Bug: 260112703
Test: atest perfetto_integrationtests --test-filter '*PerfettoCmdlineTest*'
Change-Id: Ic1dd6b1bf3183f6b7fb551859e35cae950676ffb
 2023-03-28 11:34:58 +00:00
Maciej Żenczykowski
52c8a2ebd5 netd/netutils_wrapper/network_stack/system_server - allow getattr on bpf progs/maps 
This is so that we can potentially verify that things
are setup right.

Test: TreeHugger
Bug: 275209284
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I59a49cbece2710345fff0b2fb98e32f4e5f3af44
 2023-03-28 03:11:42 +00:00
Steven Moreland
c0ce089045 remove iorapd from sepolicy 
It's already marked as removed in:
   ./private/compat/33.0/33.0.cil

Bug: N/A
Test: builds
Change-Id: I1b31f83fb5b210be047edb2896c7b66b58353784
 2023-03-27 20:55:55 +00:00
Hector Dearman
f1cfe8af23 Merge "Allow traced_probes to subscribe to statsd atoms" am: c9ff8d010b am: 121da8e36f am: 47b65e7f6b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2501735

Change-Id: I3a4973a7c8e7431a7fa770b18865cd709b9943f6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-27 17:34:10 +00:00
Hector Dearman
47b65e7f6b Merge "Allow traced_probes to subscribe to statsd atoms" am: c9ff8d010b am: 121da8e36f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2501735

Change-Id: I2d352a3b135999d1c49622ca0bfea9ab59724262
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-27 17:02:15 +00:00
Hector Dearman
121da8e36f Merge "Allow traced_probes to subscribe to statsd atoms" am: c9ff8d010b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2501735

Change-Id: I4781ed0ec3bcdeee98c1301f8981e65e44b3e3ed
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-27 16:32:35 +00:00
Lakshman Annadorai
124be07e24 Add sepolicy rules for CpuMonitorService. 
Change-Id: Icda952c148150e4d7824e303d163996679a0f36b
Test: m
Bug: 242722241
 2023-03-27 16:29:09 +00:00
Andy Hung
ca7dacffa3 [automerger skipped] Merge "sepolicy: Add spatial audio tuning properties." am: bd89baaecf am: 5a3972f7bc -s ours am: 87c666527f -s ours 
am skip reason: Merged-In Ie7e656acbdd3fe101ecbd2cc9dfb6c8a440a6a8b with SHA-1 574369e474 is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2504836

Change-Id: Ie9e289fe3a74e917978c71b8f7f4cfc4b7ff0631
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-27 16:17:26 +00:00