tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
42695 commits 1 branch 0 tags 50 MiB
Commit graph

9604 commits

Author SHA1 Message Date
Treehugger Robot
258cb0d2f9 Merge "Allow remote_provisioning to query IRPC" am: 81d607c686 am: 2cc28f0d55 am: 91595e7470 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2538191

Change-Id: Iee1c820b11cf7a6a75d40d9def31c5faed1c197a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-20 00:11:16 +00:00
Treehugger Robot
81d607c686 Merge "Allow remote_provisioning to query IRPC" 2023-04-19 22:17:55 +00:00
Andrew Scull
0977919ac4 Allow remote_provisioning to query IRPC 
Enable remote_provisioning diagnostic reporting from dumpsys and adb
shell by allowing the service, which is hosted in system_server, to call
KeyMint's IRPC HAL implementation.

Test: adb shell dumpsys remote_provisioning
Test: adb shell cmd remote_provisioning
Bug: 265747549
Change-Id: Ica9eadd6019b577990ec3493a2b08e25f851f465
 2023-04-19 20:55:37 +00:00
Treehugger Robot
68e237aa8c Merge changes from topic "b268128589" am: d073bd4209 am: cf5963c6a8 am: cfe9c14ada 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2529324

Change-Id: I149c1a56de8f4bd11738832cc18d19aca41c4b6f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-18 23:43:59 +00:00
Treehugger Robot
d073bd4209 Merge changes from topic "b268128589" 
* changes:
  Revert "Modify the automotive display service file context"
  Revert "Move cardisplayproxyd to system_ext"
 2023-04-18 21:44:44 +00:00
Yuxin Hu
c8fa8026a5 Merge "Allow gpuservice to query permission" am: aff0f53398 am: ea1a7a71a0 am: 4b4448f2cd 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2539770

Change-Id: I9e4237ce3795e1897a60b7ef98657ed53d0d6fb6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-17 18:30:25 +00:00
Yuxin Hu
aff0f53398 Merge "Allow gpuservice to query permission" 2023-04-17 16:56:53 +00:00
Treehugger Robot
6be0665e82 Merge "Allow virtualizationmanager to open test artifacts in shell_data_file" am: 6e5f8d5150 am: d94b48bcef am: 87a23ae361 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2519757

Change-Id: Ia910ef23f94402407862160fe33bd747078a2e35
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-17 05:28:27 +00:00
Yuxin Hu
fce99d90c7 Allow gpuservice to query permission 
Bug: b/270994705
Test: Flash, verify Pixel 7 can boot.
Change-Id: I11e61034a8b4404aa998af2b9a04e08af9095fec
 2023-04-17 04:12:43 +00:00
Treehugger Robot
6e5f8d5150 Merge "Allow virtualizationmanager to open test artifacts in shell_data_file" 2023-04-17 04:00:16 +00:00
Yuxin Hu
81deebacc3 Merge "Add a new system property persist.graphics.egl" am: b011ba5ffb am: 2ec8d6d9f6 am: e20f4369dc 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2529329

Change-Id: I34e98b75cb34610474303349e8a9eff337440044
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-13 21:16:14 +00:00
Yuxin Hu
b011ba5ffb Merge "Add a new system property persist.graphics.egl" 2023-04-13 18:49:26 +00:00
Yuxin Hu
889dd078e9 Add a new system property persist.graphics.egl 
This new system property will be read and written
by a new developer option switch, through gpuservice.

Based on the value stored in persis.graphics.egl,
we will load different GLES driver.

e.g.
persist.graphics.egl == $ro.hardware.egl: load native GLES driver
persist.graphics.egl == angle: load angle as GLES driver

Bug: b/270994705
Test: m; flash and check Pixel 7 boots fine
Change-Id: Idec4b947d0c69c52cd798df4f834053bd306cf5f
 2023-04-13 04:38:46 +00:00
Yu Shan
36370a80be Merge "Define sepolicy for ivn HAL." am: 9861e84085 am: 506e69012d am: 78ca38f285 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2530161

Change-Id: I5802fb2e124cfab86869d0c123f5b6d670e5c8d0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-12 02:44:59 +00:00
Jiabin Huang
03c79e7a4c Merge "Usb: Add property for multi usb mode." am: 67f6c7df8a am: e81e8f28e3 am: 6e4125008d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2528499

Change-Id: Icd99dfccf70a4d289a2ed87fa199114b445e673b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-12 02:44:34 +00:00
Yu Shan
9861e84085 Merge "Define sepolicy for ivn HAL." 2023-04-11 23:35:07 +00:00
Jiabin Huang
67f6c7df8a Merge "Usb: Add property for multi usb mode." 2023-04-11 23:08:33 +00:00
Yu Shan
9eb72464b5 Define sepolicy for ivn HAL. 
Test: manually verify ivn HAL on gcar_emu.
Bug: 274139217
Change-Id: Ie12dccb723078d83b561c152cc4458e52c0f8090
 2023-04-10 17:42:51 -07:00
Treehugger Robot
05ee76118b Merge "Allow linkerconfig to use pseudo tty" am: afb616d349 am: 8865604b6c am: e8db10f29b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2529639

Change-Id: I0f21f15ed350852b7c7593e7dd29366ec1e85a96
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-10 04:37:49 +00:00
Treehugger Robot
afb616d349 Merge "Allow linkerconfig to use pseudo tty" 2023-04-10 03:16:02 +00:00
Jooyung Han
3aaead5256 Allow linkerconfig to use pseudo tty 
I just found it's reported in some bugreports when logging errors from
linkerconfig.

avc:  denied  { ioctl } for  pid=314 comm="linkerconfig"
path="/dev/pts/0" dev="devpts" ino=3 ioctlcmd=0x5401
scontext=u:r:linkerconfig:s0 tcontext=u:object_r:devpts:s0
tclass=chr_file permissive=1

Bug: 276386338
Test: m && boot
Change-Id: I57c9cc655e610dc81a95bc8578a6649c52798c93
 2023-04-10 11:07:11 +09:00
Changyeon Jo
63c301ac62 Revert "Modify the automotive display service file context" 
This reverts commit edf5420830.

Bug: 268128589
Test: Treehugger
Change-Id: I3961148239831f41423b03d65de0b9b1b4a47724
 2023-04-08 00:14:14 +00:00
Changyeon Jo
916ad0da24 Revert "Move cardisplayproxyd to system_ext" 
This reverts commit fc0b3da21f.

Bug: 268128589
Test: Treehugger
Change-Id: I562b78d2f7550ee9e15be049f9db3fd1eeb491d8
 2023-04-08 00:13:59 +00:00
jiabin
e0641bfac9 Usb: Add property for multi usb mode. 
Property for multi usb mode is used by UsbAlsaManager to decide if only
one or multiple USB devices can be connected to audio system at a
certain time.

Bug: 262415494
Test: TH
Change-Id: I9481883fa8977329d35b139713aad15e995306b1
 2023-04-07 15:35:27 +00:00
Inseob Kim
d5d358495a Merge "Remove 28.0 compat support" am: 1174fcf338 am: 9cf125cb34 am: d781909856 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2519755

Change-Id: I263017c40280358776cbb2282dd4c7932601459b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-07 02:28:35 +00:00
Inseob Kim
1174fcf338 Merge "Remove 28.0 compat support" 2023-04-07 00:52:30 +00:00
Treehugger Robot
d4e0311566 Merge "allow systemserver to sigkill clat" am: 9ba65f627b am: bab932dfbd am: f6e7b7ea59 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2522976

Change-Id: I11b294a1ca38c4fd605b019d77e41b98382e1132
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-06 20:29:59 +00:00
Treehugger Robot
9ba65f627b Merge "allow systemserver to sigkill clat" 2023-04-06 19:02:24 +00:00
Ioannis Ilkos
8b6c32c556 Merge "SEPolicy for trace event suspend_resume_minimal" am: 035a1a9dfc am: 39a3e27b5f am: 3293cf4246 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2524675

Change-Id: Id9f75873c5c6100aa3f9782a861734a9871957e4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-05 16:32:35 +00:00
Ioannis Ilkos
035a1a9dfc Merge "SEPolicy for trace event suspend_resume_minimal" 2023-04-05 14:57:39 +00:00
Slawomir Rosek
7e9dede866 Allow system server to read media config am: 608e4923d3 am: 115d5c232e am: 5c9aad0e2d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2524799

Change-Id: I7b0566d02b682babab4d9e5bbfffe8e4e889feec
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-05 11:01:21 +00:00
Ioannis Ilkos
262a10ff2b SEPolicy for trace event suspend_resume_minimal 
This is a more lightweight version of built-in power/suspend_resume

Bug: 277016923
Test: manual
Change-Id: I71cefcab43a8119cfded52e55ebfaaf809e9f205
 2023-04-05 07:55:43 +00:00
Slawomir Rosek
608e4923d3 Allow system server to read media config 
This patch allows system server to read media config properties.
On 32bit architectures the StorageManager service in system server
needs to access media config while checking if transcoding is supported.

Bug: 276498430
Bug: 276662056
Change-Id: Ifc008d98b893b099c31c1fc8b96de9ed18dd4fbe
Signed-off-by: Slawomir Rosek <srosek@google.com>
 2023-04-05 07:51:24 +00:00
Maciej Żenczykowski
9fe0c21672 allow systemserver to sigkill clat 
This appears to be an oversight in T sepolicy???

Based on observed logs (on a slightly hacked up setup):

04-04 20:38:38.205  1548  1935 I Nat464Xlat: Stopping clatd on wlan0
04-04 20:38:38.205  1548  1935 I ClatCoordinator: Stopping clatd pid=7300 on wlan0
04-04 20:38:43.408  1548  1548 W ConnectivitySer: type=1400 audit(0.0:8): avc: denied { sigkill } for scontext=u:r:system_server:s0 tcontext=u:r:clatd:s0 tclass=process permissive=0
04-04 20:38:43.412  1548  1935 E jniClatCoordinator: Failed to SIGTERM clatd pid=7300, try SIGKILL
04-04 20:39:27.817  7300  7300 I clatd   : Shutting down clat on wlan0
04-04 20:39:27.819  7300  7300 I clatd   : Clatd on wlan0 already received SIGTERM
04-04 20:39:27.830  2218  2894 D IpClient/wlan0: clatInterfaceRemoved: v4-wlan0
04-04 20:39:27.857  1548  1935 D jniClatCoordinator: clatd process 7300 terminated status=0

I think this means SIGTERM failed to work in time, and we tried SIGKILL and that was denied, and then the SIGTERM succeeded?

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ia55ebd812cb9e7062e3cb10d6cb6851638926868
 2023-04-05 07:49:26 +00:00
Lakshman Annadorai
52d8a1e5d8 Merge "Add cpu_monitor service context." am: d970b34331 am: 605db074db am: 76809597e6 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2517975

Change-Id: I2fae64b89c92f9c8d8a360e943e13a6144b6d7b1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-04 19:08:46 +00:00
Lakshman Annadorai
d970b34331 Merge "Add cpu_monitor service context." 2023-04-04 17:20:12 +00:00
Daeho Jeong
00a1de7594 Merge "traced_probes: allow traced_probes to access diskstats info" am: 37eb6de3d0 am: 68d1558beb am: 734cb2c018 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2520359

Change-Id: Ife247aca9d05a87874aca85a9bc84e95627b638b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-04 02:56:13 +00:00
Daeho Jeong
37eb6de3d0 Merge "traced_probes: allow traced_probes to access diskstats info" 2023-04-04 01:25:18 +00:00
Daeho Jeong
bfa8213d8c traced_probes: allow traced_probes to access diskstats info 
Test: check selinux log while perfetto I/O profiling
Change-Id: I45247b72343c8bca219c7250c467c97e5dacab5c
Signed-off-by: Daeho Jeong <daehojeong@google.com>
 2023-04-03 13:02:34 -07:00
Alexander Roederer
4731a1e28d Merge "Add persist.sysui.notification.builder_extras_ovrd" am: cf1ac9a714 am: 939325600a am: 870aae8164 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2504995

Change-Id: I03ca086505113b91c427ed176e1d7b42b5cd60e4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-03 15:07:53 +00:00
Alexander Roederer
cf1ac9a714 Merge "Add persist.sysui.notification.builder_extras_ovrd" 2023-04-03 13:47:09 +00:00
Jaewan Kim
0783a9cd36 Allow virtualizationmanager to open test artifacts in shell_data_file 
Bug: 275047565
Test: atest
Change-Id: Iff9bdd4434a66af0e17fb74da4f173158dd66399
 2023-04-03 15:46:26 +09:00
Inseob Kim
d16612cd8a Remove 28.0 compat support 
Treble doesn't support U system + P vendor, so removing P (28.0)
prebuilts and compat files.

Bug: 267692547
Test: build
Change-Id: I3734a3d331ba8071d00cc196a2545773ae6a7a60
 2023-04-03 15:17:03 +09:00
Treehugger Robot
3280726c25 Merge "Use kernel sys/fs/fuse/features/fuse_bpf flag to enable fuse_bpf" am: f784149627 am: 26860bbe17 am: a1388cb703 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2464374

Change-Id: Id7c96227804fb226f961f644bdd24198d44f24e4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-31 23:57:41 +00:00
Treehugger Robot
f784149627 Merge "Use kernel sys/fs/fuse/features/fuse_bpf flag to enable fuse_bpf" 2023-03-31 22:29:31 +00:00
Lakshman Annadorai
99467b5e4e Add cpu_monitor service context. 
Change-Id: Idefa3e55521477742f53681058575f11242e5b88
Test: m
Bug: 242722241
 2023-03-31 20:55:42 +00:00
Jiakai Zhang
2d0d80ae7f Merge "Allow system server to set dynamic ART properties." am: 326d35c04b am: 1502d1e604 am: afd4aee92d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2513825

Change-Id: Ibe28079aa1641ee7503d2de375eb41b1c4b81e45
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-31 15:37:27 +00:00
Jiakai Zhang
326d35c04b Merge "Allow system server to set dynamic ART properties." 2023-03-31 14:02:56 +00:00
Jiakai Zhang
22fb5c7d24 Allow system server to set dynamic ART properties. 
This change gives a new type (dalvik_dynamic_config_prop) to some ART
properties such as dalvik.vm.dex2oat-cpu-set and adds a new rule to
allow system server to set them.

Bug: 274530433
Test: Locally added some code to set those properties and saw it being
  successfull.
Change-Id: Ie28602e9039b7647656594ce5c184d29778fa089
 2023-03-31 11:46:05 +01:00
Steven Moreland
f03a315d26 Merge "Introduce vm_manager_device_type for crosvm" am: ccbe862858 am: 5c9967917f am: 18e43c6efa 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2506662

Change-Id: I6de6c83be7f2a138b219da4e77b9b830064139a1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-30 17:42:04 +00:00