tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
35377 commits 1 branch 0 tags 50 MiB
Commit graph

35377 commits

This branch
This branch
All branches
Author SHA1 Message Date
Treehugger Robot
e2f870f099 Merge "Allow zygote to setattr cgroup" 2022-01-28 10:33:32 +00:00
Thiébaud Weksteen
9ebf0c8ecf Split sepolicy_neverallow rule 
sepolicy_neverallow is based on a combination of calling checkpolicy
followed by sepolicy-analyze. If the first tool fails, the error message
associated with the second is returned, which is misleading.

Separate both part of the rule using a new build command.

Bug: 175911415
Test: Modify policy to trigger neverallow (checkpolicy); no misleading
    messages from sepolicy-analyze
Change-Id: I5977ced23dee09a28c7df334e4790d212e0db0c1
 2022-01-28 13:51:36 +11:00
Thiébaud Weksteen
6390b3f090 Grant getpgid to system_server on zygote 
Should system_server kill zygote on crashes, it will attempt to kill any
process in the same process group. This ensures that no untracked
children are left.

Bug: 216097542
Test: m selinux_policy
Change-Id: Ie16074f76e351d80d9f17be930a731f923f99835
 2022-01-28 13:47:20 +11:00
Treehugger Robot
45a466e098 Merge "Changes in SELinux Policy for cloudsearch API naming" am: 27416257f3 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1963460

Change-Id: I52583715a25d36d0fefbe337d66e94116d40c135
 2022-01-28 02:01:35 +00:00
Treehugger Robot
27416257f3 Merge "Changes in SELinux Policy for cloudsearch API naming" 2022-01-28 01:45:02 +00:00
Andrew Scull
af2c894f2c Remove keymint from microdroid sepolicy 
The keymint HAL has been removed from microdroid to remove the
corresponding sepolicy.

Bug: 215747811
Test: atest MicrodroidTests
Change-Id: I08aae50dd9a4575954db40ec974625e43bff2335
 2022-01-27 21:48:37 +00:00
Andrew Scull
f75d5cde48 Remove keystore from microdroid sepolicy 
The keystore service has been removed from microdroid to remove the
corresponding sepolicy.

Bug: 215747811
Test: atest MicrodroidTests
Change-Id: I6600b47f8b8c6bba05b1f59b4d87713283805817
 2022-01-27 21:48:37 +00:00
Andrew Scull
6c288a2676 Remove hwservicemanager from microdroid sepolicy 
With the keymint HAL removed from microdroid, there are no more legacy
HALs meaning no further need for hwservicemanager.

Bug: 215747811
Test: atest MicrodroidTests
Change-Id: I111f3456399ef91e51d1cfead67659601c23db9e
 2022-01-27 21:48:37 +00:00
Hui Wu
42d24fd59d Changes in SELinux Policy for cloudsearch API naming 
Bug: 216507592
Test: Presubmit Tests
Change-Id: I5aa647d146cfea0b44efb4c247d9856e0666ea86
 2022-01-27 13:42:17 -08:00
Treehugger Robot
21a37767ab Merge "Add sepolicy for new bluetooth device/profile sysprops" am: 98a4bc34a7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1954976

Change-Id: I8f510f48e3104efb0530cf1c0e3c01ea5245568e
 2022-01-27 19:30:11 +00:00
Treehugger Robot
98a4bc34a7 Merge "Add sepolicy for new bluetooth device/profile sysprops" 2022-01-27 19:17:02 +00:00
Seth Moore
3ac43c6044 Merge "Revert^2 "Allow default identity service to call keymint"" am: 9e2ff8d975 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1960027

Change-Id: Ic9825cb50b8f825b4c37b38063df72dd05590d73
 2022-01-27 18:34:32 +00:00
Seth Moore
9e2ff8d975 Merge "Revert^2 "Allow default identity service to call keymint"" 2022-01-27 18:18:12 +00:00
Robert Shih
4968374205 Add sepolicy for DRM AIDL HAL 
Bug: 208486736
Test: atest VtsAidlHalDrmTargetTest
Change-Id: Ia2b1488a564d94384d183d30291fbf5a6d2df4ab
 2022-01-27 01:51:05 -08:00
Sal Savage
568662f953 Add sepolicy for new bluetooth device/profile sysprops 
Bug: 215225542
Test: make -j; atest BluetoothInstrumentationTests
Change-Id: Ia532eca413a778b46ea392586d7affc2fd43b90b
 2022-01-26 13:09:17 -08:00
Treehugger Robot
d0a3b18e55 Merge "Move mtectrl to private" am: 6003019fa8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1958841

Change-Id: I9666cac77b262fd86581cd5e6b9c8d5f4970e692
 2022-01-26 09:43:44 +00:00
Treehugger Robot
6003019fa8 Merge "Move mtectrl to private" 2022-01-26 09:30:59 +00:00
Florian Mayer
b54919630f Merge "[mte] add property to globally enable mte." am: 0f30f3d8ff 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1959654

Change-Id: I71548ab12c26cacd10d0d40079a4b2d7cf01990e
 2022-01-26 00:10:26 +00:00
Inseob Kim
3bd63cc206 Move mtectrl to private 
Because mtectrl is a system internal domain, and we don't need to expose
the type to vendor.

Test: build and boot
Change-Id: Idb5c4a4c6f175e338722971944bf08ba99835476
 2022-01-26 08:59:55 +09:00
Florian Mayer
0f30f3d8ff Merge "[mte] add property to globally enable mte." 2022-01-25 23:59:01 +00:00
Seth Moore
9c8fbe47ec Merge "Revert "Allow default identity service to call keymint"" am: c725aaf974 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1959803

Change-Id: I98529c868fda5e1c76a25cb14c77be4e7a7d31be
 2022-01-25 23:18:25 +00:00
Seth Moore
ea3b7e8938 Revert^2 "Allow default identity service to call keymint" 
5a1e60c090

Change-Id: Ia04a96e6b5ce89b8ef5f34c33279e58c4de6430c
 2022-01-25 23:04:37 +00:00
Seth Moore
c725aaf974 Merge "Revert "Allow default identity service to call keymint"" 2022-01-25 23:03:24 +00:00
Seth Moore
5a1e60c090 Revert "Allow default identity service to call keymint" 
Revert submission 1956689-add rkp to identity-default

Reason for revert: Broke git-master. Will resubmit later.
Reverted Changes:
I96dcf3027:Add remote key provisioning to the IC HAL
Id686ac33a:Add dependency on keymint cpp lib
Ib368a2a00:Log to logd in the default identity service
I7d2906de0:Refactor IC support for RKP
Iae0f14f1c:Fix formatting of identity credential aidl
I01d086a4b:Allow default identity service to call keymint

Change-Id: I22a9e9bf8b7edc3d6b635b3e4a07a2efc4ff087a
 2022-01-25 22:44:24 +00:00
Treehugger Robot
6d0eabd67b Merge "Delete more unused policies by CompOS" am: fabaac131a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1959643

Change-Id: I5f85e8f63a09bc65900daf0490004ef4bbf2b258
 2022-01-25 21:02:33 +00:00
Treehugger Robot
fabaac131a Merge "Delete more unused policies by CompOS" 2022-01-25 20:54:41 +00:00
Treehugger Robot
66d98a7bbe Merge "Add context for ro.boot.microdroid.debuggable property" am: c8ff1677ed 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1958826

Change-Id: I0ee83d33a3642a6bf10bff80a4f82a5852ab88be
 2022-01-25 20:54:29 +00:00
Seth Moore
618c2d04cc Merge "Allow default identity service to call keymint" am: 63fa21b46a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1954396

Change-Id: I519466daae1613657463a2d589182a864e094a4d
 2022-01-25 20:53:30 +00:00
Treehugger Robot
c8ff1677ed Merge "Add context for ro.boot.microdroid.debuggable property" 2022-01-25 20:41:07 +00:00
Seth Moore
63fa21b46a Merge "Allow default identity service to call keymint" 2022-01-25 20:33:01 +00:00
Andrew Scull
20558224de Give DICE HAL access to driver am: f451a1407f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1959022

Change-Id: I1898ab6807ecdb18fa4b3dff236867bc0424b074
 2022-01-25 17:59:46 +00:00
Florian Mayer
be3197c996 [mte] add property to globally enable mte. 
Bug: 216305376

Change-Id: I25d0b3c9d0e7e6bba14eedf9b833c5e07786ec71
 2022-01-25 17:21:58 +00:00
Victor Hsieh
ea38d6925d Delete more unused policies by CompOS 
Bug: 205750213
Test: TH
Change-Id: Ie08465e8801a74d61f85715e85a856293c4232d5
 2022-01-25 08:40:46 -08:00
Andrew Scull
30373f3015 Add context for ro.boot.microdroid.debuggable property 
This property is read by microdroid_manager to check whether the VM is
in debug mode. Give it a context to satisfy the sepolicy.

Bug: 214231981
Test: atest MicrodroidTestApp
Change-Id: I9d4bda5e487324c95229c7978e8fe0a53fa9f616
 2022-01-25 16:07:21 +00:00
Andrew Scull
f451a1407f Give DICE HAL access to driver 
The driver facilitates the handover of values from the bootloader so
needs to be accessible by the HAL.

Bug: 214231981
Test: run microdroid with a "google,open-dice" DT node
Change-Id: Ib5317e6a42befe22d8f1dbefeb9803f5ec92b061
 2022-01-25 15:22:42 +00:00
Etienne Ruffieux
e1da066e3d Merge "Added new context declaration for Bluetooth configs" am: 0a19dbdcd3 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1944887

Change-Id: Ide7ccb4aa9f82d0f2f795c1bf62dbac5c2ad2ae5
 2022-01-25 14:22:27 +00:00
Etienne Ruffieux
0a19dbdcd3 Merge "Added new context declaration for Bluetooth configs" 2022-01-25 14:00:08 +00:00
Seth Moore
9b47a0ab38 Merge "Add keystore2 permission to get attestation keys" am: 883c50c443 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1922579

Change-Id: I726ef9912127c1e83f1dfbb7b9f54316f42444c6
 2022-01-25 13:27:20 +00:00
Seth Moore
883c50c443 Merge "Add keystore2 permission to get attestation keys" 2022-01-25 13:11:34 +00:00
Treehugger Robot
138fc583dd Merge "Add use_bionic_libs macro" am: d9befdb685 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1956088

Change-Id: I99e9cf2aac70655d11ddb79d3be0f560038b3eca
 2022-01-25 04:51:41 +00:00
Treehugger Robot
d9befdb685 Merge "Add use_bionic_libs macro" 2022-01-25 04:37:07 +00:00
Paul Hu
1f935d64bf Merge "Add sepolicy for mdns service" am: 415a2f9b58 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1916037

Change-Id: Ic44c291a95dc2034fc82f47dbd30a097e59eac64
 2022-01-25 02:48:44 +00:00
Maciej Żenczykowski
554cbd7ddf Merge "Allow bpfloader to execute btfloader" am: fa7683c9ad 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1954078

Change-Id: I34aef36415d5b0f011e621cc6066053cef6ee456
 2022-01-25 02:48:27 +00:00
Paul Hu
415a2f9b58 Merge "Add sepolicy for mdns service" 2022-01-25 02:35:42 +00:00
Maciej Żenczykowski
fa7683c9ad Merge "Allow bpfloader to execute btfloader" 2022-01-25 02:31:59 +00:00
Etienne Ruffieux
bde2fc6c48 Added new context declaration for Bluetooth configs 
As we need to create new sysprops for Bluetooth mainline
configs, we need to have a property context available to
vendors and be able to access configs from other packages.

Tag: #feature
Bug: 211570675
Test: Added overlays and logs
Change-Id: If9c61f251578b61c070619069519e0aa563a9573
 2022-01-25 01:18:05 +00:00
Hunsuk Choi
f3e65b463f Merge "Combining hal_radio_*_service into hal_radio_service" am: 5c27113222 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1958840

Change-Id: I72abe47fa8038f9606187a9d7f9814c9ca2d399e
 2022-01-25 01:07:46 +00:00
Hunsuk Choi
5c27113222 Merge "Combining hal_radio_*_service into hal_radio_service" 2022-01-25 00:49:58 +00:00
Jiyong Park
16c1ae3a3d Add use_bionic_libs macro 
... to dedupe rules for allowing access to bootstrap bionic libraries.

Bug: N/A
Test: m
Change-Id: I575487416a356c22f5f06f1713032f11d979d7d4
 2022-01-25 09:47:56 +09:00
Yabin Cui
c70015e106 Merge "Add sepolicy for simpleperf_boot." am: 40d41f7639 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1950977

Change-Id: I2026fb57ae608eea576e3fa24b9ca1f9b94df4df
 2022-01-25 00:41:21 +00:00