Dennis Shen
2601a373fb
Merge "SELinux allow listing core_experiements_team_internal namespace" into main am: d0042c6e99
am: 5d837ee749
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2675539
Change-Id: I7597c71c700dd6e3c1785a8d0afd6bbc70e1e515
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-07-26 12:52:58 +00:00
Inseob Kim
73702452b9
Merge "Update seapp_contexts precedence documentation" into main am: 60b8c39abc
am: 66ea241db2
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2671176
Change-Id: I6b9963e0b4409b3586c5ab82755539dbcadbadd1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-07-26 12:52:39 +00:00
Dennis Shen
5d837ee749
Merge "SELinux allow listing core_experiements_team_internal namespace" into main am: d0042c6e99
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2675539
Change-Id: I234aa003d11f42376a6a836c0716165e8e6e0e31
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-07-26 12:32:42 +00:00
Dennis Shen
d0042c6e99
Merge "SELinux allow listing core_experiements_team_internal namespace" into main
2023-07-26 12:16:44 +00:00
Inseob Kim
66ea241db2
Merge "Update seapp_contexts precedence documentation" into main am: 60b8c39abc
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2671176
Change-Id: I4c6d4a5f904fbf8121f3ff982fa44108a3ce792c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-07-26 12:09:32 +00:00
Inseob Kim
60b8c39abc
Merge "Update seapp_contexts precedence documentation" into main
2023-07-26 11:39:08 +00:00
Inseob Kim
7bb1b5d170
Update seapp_contexts precedence documentation
...
Bug: 280547417
Test: TH
Change-Id: I914ef7a7f87b0646411a67e4eec128b61d3ff321
2023-07-26 11:28:55 +00:00
Eric Biggers
9f946680ba
Merge "Remove fsverity_init SELinux rules" into main am: 3a575356fa
am: ca7e36f44e
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2662775
Change-Id: If8c09076709334da183a555bdf9c83b81a964107
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-07-26 00:35:03 +00:00
Eric Biggers
ca7e36f44e
Merge "Remove fsverity_init SELinux rules" into main am: 3a575356fa
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2662775
Change-Id: I784acd4f47202d90e5ff81aa97bc49d8b9dd7846
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-07-25 23:46:13 +00:00
Eric Biggers
3a575356fa
Merge "Remove fsverity_init SELinux rules" into main
2023-07-25 22:49:09 +00:00
Dennis Shen
3b8c57fb93
SELinux allow listing core_experiements_team_internal namespace
...
Bug: b/291771863
Change-Id: I788e4d5241d824dee249aa8c6d7cb5405c0fac37
2023-07-25 20:15:02 +00:00
Treehugger Robot
2239b4e016
Merge "Allow dex2oat access to symlinks in APEXes to find DCLA libs." into main am: 9f8e315bc8
am: 22af70c4b9
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2673696
Change-Id: If23fa3faa5106bbae40814e7f719ae7359610fc5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-07-25 17:05:42 +00:00
Treehugger Robot
22af70c4b9
Merge "Allow dex2oat access to symlinks in APEXes to find DCLA libs." into main am: 9f8e315bc8
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2673696
Change-Id: Id11bb798566aa6227dd50406a6d11ddc3750133b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-07-25 16:23:59 +00:00
Treehugger Robot
9f8e315bc8
Merge "Allow dex2oat access to symlinks in APEXes to find DCLA libs." into main
2023-07-25 15:25:57 +00:00
Martin Stjernholm
502a036436
Allow dex2oat access to symlinks in APEXes to find DCLA libs.
...
With the introduction of DCLA (/apex/sharedlibs APEX), .so files can be
symlinked into that APEX, so we need to allow reading symlinks to be
able to link the dex2oat binary successfully.
This fixes "CANNOT LINK EXECUTABLE" errors for dex2oat during OTA
preopting.
Test: Apply an OTA manually and check logs for errors
Bug: 291974157
Change-Id: I9eca91c94e8d33fe618783cea262ea3881957620
2023-07-25 00:07:27 +01:00
Pontus Lidman
41d8a94daa
Merge "Add SELinux config for new SensorFusion property" into main am: 1d68b1b2da
am: 9e71d05a76
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2667563
Change-Id: Id42f2abb4dc0d913366c6d7ff394c3e3e1f5562b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-07-21 22:13:16 +00:00
Pontus Lidman
9e71d05a76
Merge "Add SELinux config for new SensorFusion property" into main am: 1d68b1b2da
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2667563
Change-Id: I0d3ff020cdeb06b15ed196f8436c1a5aaa7d956e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-07-21 21:33:07 +00:00
Pontus Lidman
1d68b1b2da
Merge "Add SELinux config for new SensorFusion property" into main
2023-07-21 20:52:40 +00:00
Pontus Lidman
0af0e71062
Add SELinux config for new SensorFusion property
...
Add required SELinux configuration to support the sensor
configuration property:
sensors.aosp_low_power_sensor_fusion.maximum_rate
Test: use getprop to verify presence and readability
of the new property. dumpsys sensorservice to verify
sensor service is picking up the property value.
Change-Id: I96b8fd6ce72d7a5bf69b028802b329b03f261585
2023-07-21 00:42:24 +00:00
Devika Krishnadas
7bf74f801f
Merge "Add label for allocator 2 service" into main am: d4908949ef
am: 5d227a112e
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2634246
Change-Id: I751d9e53a03ee11e7ad50a126278fcb2880c080b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-07-20 19:57:33 +00:00
Devika Krishnadas
5d227a112e
Merge "Add label for allocator 2 service" into main am: d4908949ef
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2634246
Change-Id: I0f5e52e4798478876eb707939feab9936f1182d0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-07-20 19:14:22 +00:00
Devika Krishnadas
d4908949ef
Merge "Add label for allocator 2 service" into main
2023-07-20 18:36:23 +00:00
Eric Biggers
306f510611
Remove fsverity_init SELinux rules
...
Since the fsverity_init binary is being removed, remove the
corresponding SELinux rules too.
For now, keep the rule "allow domain kernel:key search", which existed
to allow the fsverity keyring to be searched. It turns out to actually
be needed for a bit more than that. We should be able to replace it
with something more precise, but we need to be careful.
Bug: 290064770
Test: Verified no SELinux denials when booting Cuttlefish
Change-Id: I992b75808284cb8a3c26a84be548390193113668
2023-07-20 17:57:23 +00:00
Kiyoung Kim
2f4fcc4b77
Merge "Label former VNDK-SP libraries in vendor as sphal" into main am: 4b6eabed21
am: ecbdd19801
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2664335
Change-Id: Ifd3e3b8500015649ab5ff5263cc699e373e02689
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-07-20 03:00:56 +00:00
Kiyoung Kim
ecbdd19801
Merge "Label former VNDK-SP libraries in vendor as sphal" into main am: 4b6eabed21
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2664335
Change-Id: I52e0b26b3337ed5efd6e456ddb0ed6caa6269eb1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-07-20 02:17:46 +00:00
Kiyoung Kim
4b6eabed21
Merge "Label former VNDK-SP libraries in vendor as sphal" into main
2023-07-20 01:46:44 +00:00
Lee George Thomas
78eb197d5d
[automerger skipped] Merge "Add SELinux context for a new lmk system property" into main am: ae8d169405
am: f3be3b67dc
-s ours
...
am skip reason: Merged-In I7ba35f0ee5aad8f917e01c7586f04d11ed078633 with SHA-1 5d03e8cf33
is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2650043
Change-Id: If60f45e850eff556f3f3ec976558f42bbd5d65f4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-07-19 23:36:47 +00:00
Lee George Thomas
f3be3b67dc
Merge "Add SELinux context for a new lmk system property" into main am: ae8d169405
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2650043
Change-Id: I7ef15ca041271832d665d03af6cc379167418caf
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-07-19 22:57:50 +00:00
Lee George Thomas
ae8d169405
Merge "Add SELinux context for a new lmk system property" into main
2023-07-19 22:28:24 +00:00
Devika Krishnadas
c850a596b9
Add label for allocator 2 service
...
Bug: 287353739
Change-Id: Ia78237361acac4b668d87ec94746e43945f58bbf
Signed-off-by: Devika Krishnadas <kdevika@google.com>
2023-07-19 20:20:52 +00:00
Kiyoung Kim
0c3a3fd799
Label former VNDK-SP libraries in vendor as sphal
...
When VNDK is being deprecated, former VNDK-SP libraries should be loaded
from vendor when system process uses SP-HAL, but this currently fails
because all former VNDK-SP libraries will be marked as vendor library.
This change labels former VNDK-SP libraries installed in the vendor
partition as same labels with SP-HAL libraries so it can be loaded from
system processes.
Bug: 291673098
Test: aosp_cf boot succeded with KEEP_VNDK=false build flag.
Change-Id: I2601ae8e7acd5bbd16fdbe6cee078dfcaa1a5aa2
2023-07-19 14:13:06 +09:00
Lee George Thomas
5d03e8cf33
Add SELinux context for a new lmk system property
...
Add SELinux context for a new lmk system property to add configurability
for delaying psi monitoring until boot completed.
Bug: 288566858
Test: Build, boot and verified logs for avc denial logs.
Ignore-AOSP-First: This is CPed from an AOSP CL to avoid downstream merge conflict
Change-Id: I7ba35f0ee5aad8f917e01c7586f04d11ed078633
2023-07-17 22:40:48 +00:00
Lee George Thomas
d3f8efa843
Add SELinux context for a new lmk system property
...
Add SELinux context for a new lmk system property to add configurability
for delaying psi monitoring until boot completed.
Bug: 288566858
Test: Build, boot and verified logs for avc denial logs.
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:6a80da52aa35a942e064c19fd31c01145d965688 )
Merged-In: I7ba35f0ee5aad8f917e01c7586f04d11ed078633
Change-Id: I7ba35f0ee5aad8f917e01c7586f04d11ed078633
2023-07-17 13:59:14 -07:00
David Anderson
383c3d4908
Merge "Allow lpdumpd to read Virtual A/B diagnostics." into main am: f08664825b
am: 9bb18711a9
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2656944
Change-Id: Ibcf4d3c147b00b41ec41b2d7ede2cdccd2f5e544
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-07-17 18:22:33 +00:00
David Anderson
9bb18711a9
Merge "Allow lpdumpd to read Virtual A/B diagnostics." into main am: f08664825b
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2656944
Change-Id: I272915312f296451bc067cce2a26ba1fe241b006
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-07-17 17:37:19 +00:00
David Anderson
f08664825b
Merge "Allow lpdumpd to read Virtual A/B diagnostics." into main
2023-07-17 16:55:14 +00:00
Inseob Kim
28b03d6b48
Fix seapp_contexts documentation am: 9d6ce199be
am: 12bb1745f1
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2658739
Change-Id: Ib10946404d6de017697bbadeafa8d14165a8b037
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-07-17 13:07:39 +00:00
Inseob Kim
12bb1745f1
Fix seapp_contexts documentation am: 9d6ce199be
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2658739
Change-Id: Idf753171db1d1f05134c74433960b9b78674f7df
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-07-17 12:19:57 +00:00
Inseob Kim
9d6ce199be
Fix seapp_contexts documentation
...
Bug: 291528964
Test: N/A; documentation change
Change-Id: I00986c5ace94ed3ee91f3c90300966b0a006bcd5
2023-07-17 19:53:25 +09:00
David Anderson
e6ad1f2e4c
Allow lpdumpd to read Virtual A/B diagnostics.
...
Give lpdump read (but not write) access to /metadata/ota so it can call
SnapshotManager::Dump for diagnostics.
Bug: 291083311
Test: lpdump
Change-Id: I732bcebcd809449c86254ea23785dc2c692bedd5
2023-07-14 09:08:56 -07:00
Kangping Dong
2119b057a2
rename otbr-agent to ot-daemon am: 49fa8f5fe6
am: 543be76e49
am: ed27cc3a56
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2648164
Change-Id: I6c4bd6c242568f12fc322299c451adc94119ca81
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-07-05 08:09:56 +00:00
Kangping Dong
ed27cc3a56
rename otbr-agent to ot-daemon am: 49fa8f5fe6
am: 543be76e49
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2648164
Change-Id: I618e58713be6a0554668d829cb96d190264151ec
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-07-05 07:23:38 +00:00
Kangping Dong
543be76e49
rename otbr-agent to ot-daemon am: 49fa8f5fe6
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2648164
Change-Id: I576ab4a5990cbfe746efa57473cdb9dd9e5ad737
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-07-05 06:46:41 +00:00
Kangping Dong
49fa8f5fe6
rename otbr-agent to ot-daemon
...
Rename to better align with our long-term vision on Android
Bug: 288202515
Change-Id: I1b7e39950d39ec781e46c6c0e1b38ad837b9ce4e
2023-07-04 18:56:37 +08:00
Treehugger Robot
2241a74282
Merge "webview: add cgroup dir create permission" am: 7788174e66
am: 5ab4b3331a
am: b56d3275df
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2636345
Change-Id: I69d8cdc4bd155ce5758f30fcb3ecb530f69d7492
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-07-03 12:03:32 +00:00
Treehugger Robot
b56d3275df
Merge "webview: add cgroup dir create permission" am: 7788174e66
am: 5ab4b3331a
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2636345
Change-Id: Idd1f665ef93bfc0efb67b1828cf77ca081353e19
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-07-03 11:18:00 +00:00
Treehugger Robot
5ab4b3331a
Merge "webview: add cgroup dir create permission" am: 7788174e66
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2636345
Change-Id: Ia44fa4b250d6dacd5f656b7a6083e916623cf784
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-07-03 10:40:46 +00:00
Treehugger Robot
7788174e66
Merge "webview: add cgroup dir create permission"
2023-07-03 09:52:58 +00:00
Zhanglong Xia
cc85dcfce1
Merge "Add sepolicy rules for Thread Network HAL" am: 87c6069fe1
am: a1c3cc2c1c
am: b883c879d0
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2646219
Change-Id: I034e65e721add0682536f9a3534aa91a466c9398
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-07-01 02:00:13 +00:00
Jiyong Park
a58a3f535c
Allow microdroid_payload to read /dev/console am: bd1be6c554
am: 1400794824
am: f39e78de99
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2640390
Change-Id: Ie5bb0e5fcd248c4a7c85bd8984c226a54d67f888
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-07-01 01:59:14 +00:00