tequilaOS/platform_system_sepolicy

Author	SHA1	Message	Date
Treehugger Robot	cc90a2a0c6	Merge "sepolicy: grant network_stack CAP_WAKE_ALARM" into main	2023-12-13 20:55:37 +00:00
David Anderson	17fbd9c607	Allow remount to update the super partition. "adb remount" runs the remount command, which needs to be able to update bits in the super partition metadata. This change only affects userdebug_or_eng policy. Bug: 297923468 Test: adb-remount-test.sh Change-Id: Ia78d4b0ea942a139c8a4070dc63a0eed218e3e18	2023-12-13 12:09:30 -08:00
Franklin Abreu Bueno	a3bfb1485e	Bluetooth LMP Events: Add Lmp Events Hal Bug: 281503650 Change-Id: Ie9fa616d4142c554c30e5b45b625203387edb9a7	2023-12-13 12:02:33 -08:00
Maciej Żenczykowski	fd0efeb043	sepolicy: grant network_stack CAP_WAKE_ALARM It is effectively an oversight that bluetooth has this but network stack does not. This prevents the network stack process from (for example) using timerfd_create with CLOCK_{REAL,BOOT}TIME_ALARM, without trampolining through parts of the mainline module which are shipped as part of the system server. See: https://man7.org/linux/man-pages/man2/timerfd_create.2.html Bug: 316171727 Test: TreeHugger Signed-off-by: Maciej Żenczykowski <maze@google.com> Change-Id: Iba95c80f830784a587fa4df6867a99bcb96ace79	2023-12-13 18:52:51 +00:00
Brian Lindahl	89312a1bfc	Revert "bugmap selinux failure" This reverts commit `c6132a2ae7`. Reason for revert: Fixed via aosp/2869455 Bug: 308043377 Change-Id: Iaa42e34bc08e2ce056b0c624fe5665ff026bc654	2023-12-13 16:13:47 +00:00
Brian Lindahl	623646c3b6	[automerger skipped] Merge "Allow for server-side configuration of libstagefright" into android14-tests-dev am: `46668eaca7` -s ours am skip reason: Merged-In I95aa6772a40599636d109d6960c2898e44648c9b with SHA-1 `ffeb680417` is already in history Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2869455 Change-Id: Ic3f9aa6bb7aa559e391448fa5198b8f73df9af28 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-12-13 06:23:26 +00:00
Brian Lindahl	8b33232c76	[automerger skipped] Allow for server-side configuration of libstagefright am: `660e460e8c` -s ours am skip reason: Merged-In I95aa6772a40599636d109d6960c2898e44648c9b with SHA-1 `ffeb680417` is already in history Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2869455 Change-Id: Ia9cdc30aacb17db751fd42a957c8787270d1ae2f Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-12-13 06:23:22 +00:00
Brian Lindahl	46668eaca7	Merge "Allow for server-side configuration of libstagefright" into android14-tests-dev	2023-12-13 06:00:07 +00:00
Andrea Zilio	65af65df10	Allow pm.archiving.enabled to be read by priv apps. Test: Presubmit Bug: 314160630 Change-Id: Ibf844ce8a44244d0791490ae6c5df91039f4e9a7	2023-12-12 23:55:49 +00:00
Avichal Rakesh	728e475da0	Allow more AIDL Camera Provider versions The current sepolicy only allows V1 of AIDL CameraProvider services. This CL updates the regex to allow for future versions as well. Bug: 314912354 Test: Verified by vendor Change-Id: I80351a8bb7c2538c4ad1e0d418ea7a718d60be05	2023-12-12 09:37:28 -08:00
Harish Mahendrakar	57a351c136	mediaswcodec: Allow getprop for aac drc params Bug: 280783314 Test: adb shell setprop <drc properties> Test: stagefright -a /sdcard/aac.mp4 and check drc params Change-Id: I6ae0b09ecbaa7c52d30e9dcb46cfe36e849bf877	2023-12-12 15:39:55 +00:00
Jiakai Zhang	ac3d139e24	Allow watchdog to dump artd. Bug: 314171605 Change-Id: Iabb2da390dfe68e9993e0dc7023297afd51a8b3c Test: Presubmit	2023-12-12 13:22:16 +00:00
Thiébaud Weksteen	405e221ae3	Merge "Revert "Remove implicit access for isolated_app"" into main	2023-12-12 01:04:50 +00:00
Treehugger Robot	4e2c7e05d8	[automerger skipped] Merge "Introduce vendor_apex_metadata_file" into android14-tests-dev am: `5732cf8282` -s ours am skip reason: Merged-In Icc234bf604e3cafe6da81d21db744abfaa524dcf with SHA-1 `b6211b88cf` is already in history Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2858826 Change-Id: I558dab015373373ce5abbb6f6297fdffba0e3736 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-12-12 00:16:27 +00:00
Jooyung Han	061d75cad3	[automerger skipped] Introduce vendor_apex_metadata_file am: `157848354e` -s ours am skip reason: Merged-In Icc234bf604e3cafe6da81d21db744abfaa524dcf with SHA-1 `b6211b88cf` is already in history Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2858826 Change-Id: I2d1181c0f222583cf1b347386259d1290e87aa20 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-12-12 00:16:22 +00:00
Treehugger Robot	5732cf8282	Merge "Introduce vendor_apex_metadata_file" into android14-tests-dev	2023-12-11 23:48:39 +00:00
Brian Lindahl	660e460e8c	Allow for server-side configuration of libstagefright Relaxation of SELinux policies to allow users of libstagefright and MediaCodec to be able to query server-side configurable flags. Bug: 301372559 Bug: 301250938 Bug: 308043377 Fixes: 308043377 Test: run cts -m CtsSecurityHostTestCases Change-Id: I72670ee42c268dd5747c2411d25959d366dd972c Merged-In: I95aa6772a40599636d109d6960c2898e44648c9b (cherry picked from commit `1b32bccc1a`)	2023-12-11 23:02:32 +00:00
Chienyuan Huang	6217aedfdb	Merge "Add bluetooth ranging hal" into main	2023-12-11 03:43:57 +00:00
Xin Li	aaacfe9a2d	Merge Android 14 QPR1 Merged-In: If116a0f8b55113aff404eebb11d93bc378a0a5e2 Bug: 315507370 Change-Id: I55a1ee9d97d29e67df8f95cfe67c4f71a99e5d58	2023-12-08 13:14:39 -08:00
Chienyuan Huang	2e19c7632e	Add bluetooth ranging hal Bug: 310941161 Test: make Change-Id: I9b2bc9d945b016361f44a5600c61ed2795c00622	2023-12-08 09:37:17 +00:00
Andy Yu	41a77fd0be	Merge "SEPolicy: Add game sysprop read access for system_app" into main am: `34820408dd` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2862783 Change-Id: If116a0f8b55113aff404eebb11d93bc378a0a5e2 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-12-08 02:31:02 +00:00
Andy Yu	34820408dd	Merge "SEPolicy: Add game sysprop read access for system_app" into main	2023-12-08 02:00:41 +00:00
Andy Yu	43c7ab0688	SEPolicy: Add game sysprop read access for system_app To allow Settings application to read game default frame rate system properties, adding access to system_app game_manager_config_prop includes "persist.graphics.game_default_frame_rate.enabled" for toggling the system UI toggle, which is updated in GameManagerService. This will only be read in Settings to determine if the toggle is on or off. Bug: 286084594 Test: m; boot; Change-Id: I3d5795a8a462c25eeae90aade6eaf08c06f540c3	2023-12-07 16:59:30 -08:00
Treehugger Robot	aa35fe3f97	Merge "Allow hal_codec2_server to read fifo_file from untrusted_app_all" into main am: `b52c0719d0` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2862780 Change-Id: I74a4ed4b44ac0d26482a33b329ea94337691daa5 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-12-07 23:44:58 +00:00
Treehugger Robot	b52c0719d0	Merge "Allow hal_codec2_server to read fifo_file from untrusted_app_all" into main	2023-12-07 23:10:50 +00:00
Sungtak Lee	cc2a7ddd66	Allow hal_codec2_server to read fifo_file from untrusted_app_all Test: m Bug: 254050314 Change-Id: I6f7968dd63258e3f5496205f70af180d71fd9517	2023-12-07 21:23:12 +00:00
Steven Moreland	bd2c72b393	Merge "allow watchdog to dump servicemanager" into main am: `073b71671c` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2858185 Change-Id: I3c209624087bbe691554c97cd0e48fcebabe3b58 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-12-07 18:33:19 +00:00
Steven Moreland	073b71671c	Merge "allow watchdog to dump servicemanager" into main	2023-12-07 18:08:08 +00:00
Jeffrey Vander Stoep	b6c262c238	Revert "Remove implicit access for isolated_app" This reverts commit `7ba4801b6e`. Reason for revert: b/315295188 Change-Id: Ib4a4d68763f68bc1cebe6528ce4b81188f35ba49 Test: build and run on Cuttlefish. Verify that isolated_app denials go away.	2023-12-07 16:52:28 +01:00
Tom Huang	76ab19469f	Merge "Add bluetooth finder service sepolicy" into main am: `226f837c4d` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2863825 Change-Id: Icf1fbce87dc07904e825e75a6243398c4f4b7305 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-12-07 05:16:45 +00:00
Tom Huang	226f837c4d	Merge "Add bluetooth finder service sepolicy" into main	2023-12-07 04:15:37 +00:00
kuanyuhuang	8826540b4b	Add bluetooth finder service sepolicy Bug: 314360499 Test: atest vts_treble_vintf_vendor_test Change-Id: Ie15b2bfcd488b215d197be685a4a7571aff639e5	2023-12-07 00:51:43 +00:00
Treehugger Robot	bd0d48b998	[automerger skipped] Merge "Making sys.boot.reason.last restricted" into android14-tests-dev am: `8deb864534` -s ours am: `aa06f39414` -s ours am skip reason: Merged-In I9f83ade92858056609bc665ecb6ce9b93eb051e4 with SHA-1 `957e8f37a1` is already in history Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2858607 Change-Id: Ie4f58aba326901c4da620477bab0732d6d1bd22b Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-12-06 14:10:52 +00:00
Alexei Nicoara	72725c14ac	[automerger skipped] Making sys.boot.reason.last restricted am: `c2af2e2ec4` -s ours am: `0b12bbe8c3` -s ours am skip reason: Merged-In I9f83ade92858056609bc665ecb6ce9b93eb051e4 with SHA-1 `957e8f37a1` is already in history Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2858607 Change-Id: Iccf5393227c0410bb1456866ddc7923cf5a03b08 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-12-06 14:10:49 +00:00
Treehugger Robot	aa06f39414	[automerger skipped] Merge "Making sys.boot.reason.last restricted" into android14-tests-dev am: `8deb864534` -s ours am skip reason: Merged-In I9f83ade92858056609bc665ecb6ce9b93eb051e4 with SHA-1 `957e8f37a1` is already in history Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2858607 Change-Id: I112b54b27a59cf7beac38efe0b5f20180621c4fb Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-12-06 13:21:25 +00:00
Alexei Nicoara	0b12bbe8c3	[automerger skipped] Making sys.boot.reason.last restricted am: `c2af2e2ec4` -s ours am skip reason: Merged-In I9f83ade92858056609bc665ecb6ce9b93eb051e4 with SHA-1 `957e8f37a1` is already in history Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2858607 Change-Id: I0e41e434d77733d3418727f896459e3276a0730b Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-12-06 13:21:20 +00:00
Treehugger Robot	8deb864534	Merge "Making sys.boot.reason.last restricted" into android14-tests-dev	2023-12-06 12:53:05 +00:00
David Drysdale	98c169553f	Merge "Allow for ISecretkeeper/default" into main am: `3f63eead74` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2829790 Change-Id: Ieb11eab2afcf05d9cde00938b9afe3350b53f769 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-12-06 11:21:07 +00:00
Ján Sebechlebský	ebc72434c8	Merge "Allow virtual camera to do binder calls to apps and vice versa." into main am: `7b6c59ad81` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2862025 Change-Id: Ibc038ea37f260e50b9b7137f466144460d9fe462 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-12-06 11:20:35 +00:00
David Drysdale	3f63eead74	Merge "Allow for ISecretkeeper/default" into main	2023-12-06 11:12:33 +00:00
Ján Sebechlebský	ba86b72848	Merge " Allow virtual camera service to find permission_service" into main am: `6a362c7fa8` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2859665 Change-Id: Iadb1ad2a5fa96401e7ea25645f447dff304f8ab5 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-12-06 11:08:17 +00:00
Ján Sebechlebský	7b6c59ad81	Merge "Allow virtual camera to do binder calls to apps and vice versa." into main	2023-12-06 10:23:15 +00:00
Ján Sebechlebský	6a362c7fa8	Merge " Allow virtual camera service to find permission_service" into main	2023-12-06 10:22:58 +00:00
Jan Sebechlebsky	6e1795cad0	Allow virtual camera to do binder calls to apps and vice versa. Virtual camera passes Surface to the app which internally uses binder to communicate with the other side of buffer queue. Bug: 301023410 Test: atest VirtualCameraTest Change-Id: I3ea23532a5077c0b57a6f74c7814b9fdf69829ea	2023-12-06 09:31:17 +01:00
Treehugger Robot	91b6feed24	Merge "crash_dump: read bootstrap libs" into main am: `116f36fdf8` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2860733 Change-Id: Ie88318906d183fc271b321b3f8a550739aa4bf1e Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-12-06 07:45:44 +00:00
Treehugger Robot	116f36fdf8	Merge "crash_dump: read bootstrap libs" into main	2023-12-06 06:20:14 +00:00
Steven Moreland	91497cc9db	crash_dump: read bootstrap libs Required for nicer stacks for crashes and ANRs, etc.. Bug: N/A Test: adb shell am hang, check servicemanager section no longer displays warnings now that that it is dumped by watchdog Change-Id: I49a93c1fec9c3219c11dc1a82440c7c2a1944010	2023-12-06 01:43:46 +00:00
Marie Matheson	c3c9ebe781	Merge "Allow isolated to read staged apks" into main am: `bce6591af7` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2854133 Change-Id: Ia140bce50b51b9218b6ba7dd2dac669cdc7b76f3 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-12-05 19:38:40 +00:00
Marie Matheson	bce6591af7	Merge "Allow isolated to read staged apks" into main	2023-12-05 17:57:17 +00:00
Marie Matheson	cf2694bf86	Allow isolated to read staged apks type=1400 audit(0.0:835): avc: denied { read } for path="/data/app/vmdl1923101285.tmp/base.apk" dev="dm-37" ino=29684 scontext=u:r:isolated_app:s0:c512,c768 tcontext=u:object_r:apk_tmp_file:s0 tclass=file permissive=0 Bug: 308775782 Test: Flashed to device with and without this change, confirmed that this change allows an isolated process to read already opened staged apk file Change-Id: I7226bae79344c3b2a5a0f59940dde6d64a8a7ea1	2023-12-05 15:17:19 +00:00

1 2 3 4 5 ...

45532 commits