Etienne Ruffieux
cdd0c11743
Bluetooth boot time start service
...
Added new sysprops to retrieve Bluetooth configs
Tag: #feature
Test: manual
Bug: 216497194
Change-Id: I94c771f87fdeb5497b81d2098193b4cd230654b6
2022-01-28 14:44:15 +00:00
Treehugger Robot
2c1fee1a67
Merge "Add Media metrics rule to API 32 prebuilts." am: d5bd56d11f
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1965040
Change-Id: Ic7899e82ec749bfe149f4af9bbb79a17ddb11b0f
2022-01-28 13:56:31 +00:00
Treehugger Robot
d5bd56d11f
Merge "Add Media metrics rule to API 32 prebuilts."
2022-01-28 13:39:54 +00:00
Andrew Scull
533b300516
Merge changes from topic "udroid-get-km-gone" am: 5abe95a6c4
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1964121
Change-Id: I2626fbced6306fb052f5431de7437077ad8ffc94
2022-01-28 13:28:55 +00:00
Andrew Scull
afe5463d2d
Remove keymint from microdroid sepolicy am: af2c894f2c
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1964120
Change-Id: Ie768cbb75eae116f482cbd453c4701eb1998d28a
2022-01-28 13:28:53 +00:00
Andrew Scull
9201c5228b
Remove keystore from microdroid sepolicy am: f75d5cde48
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1964119
Change-Id: I36f1a90ae0c82476a6bce62e7ede4daeca42448c
2022-01-28 13:28:52 +00:00
Andrew Scull
5abe95a6c4
Merge changes from topic "udroid-get-km-gone"
...
* changes:
Remove hwservicemanager from microdroid sepolicy
Remove keymint from microdroid sepolicy
Remove keystore from microdroid sepolicy
2022-01-28 13:12:53 +00:00
Andrew Scull
6f2529c01b
Touch up microdroid sepolicy after removing keystore
...
Avoid divergence in the files that will eventually shared with the main
Android sepolicy and fix a style mistake.
Bug: 215747811
Test: atest MicrodroidTests
Change-Id: I40b0bebb432d73ab6ab847c117e72d8bc18fe873
2022-01-28 13:07:16 +00:00
Jeff Vander Stoep
fd5dd79984
Build precompiled_sepolicy.apex_sepolicy.sha256
...
This ensures that precompiled policy can be checked against updatable
sepolicy from com.android.sepolicy. This saves ~1s of boot time.
Bug: 199914227
Test: build, verify that precompiled_sepolicy.apex_sepolicy.sha256
exists.
Change-Id: I1ce6b3363d418c073f95f120908107604799fd26
2022-01-28 13:45:39 +01:00
Lalit Maganti
dc933135a0
Merge "sepolicy: add permissions for trace reporting" am: 34fb0d8933
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1918625
Change-Id: Ib271bebdc76a50f24d1d44cb70ea886252688250
2022-01-28 12:35:45 +00:00
Lalit Maganti
34fb0d8933
Merge "sepolicy: add permissions for trace reporting"
2022-01-28 12:15:57 +00:00
Dario Freni
75bc16cba8
Add Media metrics rule to API 32 prebuilts.
...
Bug: 190422448
Test: presubmit
Change-Id: I304278b9d15f89d0e04d5268af2ac82ac97acd84
2022-01-28 11:47:17 +00:00
Treehugger Robot
770fec0a15
Merge "Allow zygote to setattr cgroup" am: e2f870f099
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1859781
Change-Id: Ia3d97fc7039a3568c72dda55535b49866d5ca037
2022-01-28 10:52:33 +00:00
Treehugger Robot
e2f870f099
Merge "Allow zygote to setattr cgroup"
2022-01-28 10:33:32 +00:00
Thiébaud Weksteen
9ebf0c8ecf
Split sepolicy_neverallow rule
...
sepolicy_neverallow is based on a combination of calling checkpolicy
followed by sepolicy-analyze. If the first tool fails, the error message
associated with the second is returned, which is misleading.
Separate both part of the rule using a new build command.
Bug: 175911415
Test: Modify policy to trigger neverallow (checkpolicy); no misleading
messages from sepolicy-analyze
Change-Id: I5977ced23dee09a28c7df334e4790d212e0db0c1
2022-01-28 13:51:36 +11:00
Thiébaud Weksteen
6390b3f090
Grant getpgid to system_server on zygote
...
Should system_server kill zygote on crashes, it will attempt to kill any
process in the same process group. This ensures that no untracked
children are left.
Bug: 216097542
Test: m selinux_policy
Change-Id: Ie16074f76e351d80d9f17be930a731f923f99835
2022-01-28 13:47:20 +11:00
Treehugger Robot
45a466e098
Merge "Changes in SELinux Policy for cloudsearch API naming" am: 27416257f3
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1963460
Change-Id: I52583715a25d36d0fefbe337d66e94116d40c135
2022-01-28 02:01:35 +00:00
Treehugger Robot
27416257f3
Merge "Changes in SELinux Policy for cloudsearch API naming"
2022-01-28 01:45:02 +00:00
Andrew Scull
af2c894f2c
Remove keymint from microdroid sepolicy
...
The keymint HAL has been removed from microdroid to remove the
corresponding sepolicy.
Bug: 215747811
Test: atest MicrodroidTests
Change-Id: I08aae50dd9a4575954db40ec974625e43bff2335
2022-01-27 21:48:37 +00:00
Andrew Scull
f75d5cde48
Remove keystore from microdroid sepolicy
...
The keystore service has been removed from microdroid to remove the
corresponding sepolicy.
Bug: 215747811
Test: atest MicrodroidTests
Change-Id: I6600b47f8b8c6bba05b1f59b4d87713283805817
2022-01-27 21:48:37 +00:00
Andrew Scull
6c288a2676
Remove hwservicemanager from microdroid sepolicy
...
With the keymint HAL removed from microdroid, there are no more legacy
HALs meaning no further need for hwservicemanager.
Bug: 215747811
Test: atest MicrodroidTests
Change-Id: I111f3456399ef91e51d1cfead67659601c23db9e
2022-01-27 21:48:37 +00:00
Hui Wu
42d24fd59d
Changes in SELinux Policy for cloudsearch API naming
...
Bug: 216507592
Test: Presubmit Tests
Change-Id: I5aa647d146cfea0b44efb4c247d9856e0666ea86
2022-01-27 13:42:17 -08:00
Treehugger Robot
21a37767ab
Merge "Add sepolicy for new bluetooth device/profile sysprops" am: 98a4bc34a7
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1954976
Change-Id: I8f510f48e3104efb0530cf1c0e3c01ea5245568e
2022-01-27 19:30:11 +00:00
Treehugger Robot
98a4bc34a7
Merge "Add sepolicy for new bluetooth device/profile sysprops"
2022-01-27 19:17:02 +00:00
Seth Moore
3ac43c6044
Merge "Revert^2 "Allow default identity service to call keymint"" am: 9e2ff8d975
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1960027
Change-Id: Ic9825cb50b8f825b4c37b38063df72dd05590d73
2022-01-27 18:34:32 +00:00
Seth Moore
9e2ff8d975
Merge "Revert^2 "Allow default identity service to call keymint""
2022-01-27 18:18:12 +00:00
Robert Shih
4968374205
Add sepolicy for DRM AIDL HAL
...
Bug: 208486736
Test: atest VtsAidlHalDrmTargetTest
Change-Id: Ia2b1488a564d94384d183d30291fbf5a6d2df4ab
2022-01-27 01:51:05 -08:00
Sal Savage
568662f953
Add sepolicy for new bluetooth device/profile sysprops
...
Bug: 215225542
Test: make -j; atest BluetoothInstrumentationTests
Change-Id: Ia532eca413a778b46ea392586d7affc2fd43b90b
2022-01-26 13:09:17 -08:00
Treehugger Robot
d0a3b18e55
Merge "Move mtectrl to private" am: 6003019fa8
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1958841
Change-Id: I9666cac77b262fd86581cd5e6b9c8d5f4970e692
2022-01-26 09:43:44 +00:00
Treehugger Robot
6003019fa8
Merge "Move mtectrl to private"
2022-01-26 09:30:59 +00:00
Florian Mayer
b54919630f
Merge "[mte] add property to globally enable mte." am: 0f30f3d8ff
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1959654
Change-Id: I71548ab12c26cacd10d0d40079a4b2d7cf01990e
2022-01-26 00:10:26 +00:00
Inseob Kim
3bd63cc206
Move mtectrl to private
...
Because mtectrl is a system internal domain, and we don't need to expose
the type to vendor.
Test: build and boot
Change-Id: Idb5c4a4c6f175e338722971944bf08ba99835476
2022-01-26 08:59:55 +09:00
Florian Mayer
0f30f3d8ff
Merge "[mte] add property to globally enable mte."
2022-01-25 23:59:01 +00:00
Seth Moore
9c8fbe47ec
Merge "Revert "Allow default identity service to call keymint"" am: c725aaf974
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1959803
Change-Id: I98529c868fda5e1c76a25cb14c77be4e7a7d31be
2022-01-25 23:18:25 +00:00
Seth Moore
ea3b7e8938
Revert^2 "Allow default identity service to call keymint"
...
5a1e60c090
Change-Id: Ia04a96e6b5ce89b8ef5f34c33279e58c4de6430c
2022-01-25 23:04:37 +00:00
Seth Moore
c725aaf974
Merge "Revert "Allow default identity service to call keymint""
2022-01-25 23:03:24 +00:00
Seth Moore
5a1e60c090
Revert "Allow default identity service to call keymint"
...
Revert submission 1956689-add rkp to identity-default
Reason for revert: Broke git-master. Will resubmit later.
Reverted Changes:
I96dcf3027:Add remote key provisioning to the IC HAL
Id686ac33a:Add dependency on keymint cpp lib
Ib368a2a00:Log to logd in the default identity service
I7d2906de0:Refactor IC support for RKP
Iae0f14f1c:Fix formatting of identity credential aidl
I01d086a4b:Allow default identity service to call keymint
Change-Id: I22a9e9bf8b7edc3d6b635b3e4a07a2efc4ff087a
2022-01-25 22:44:24 +00:00
Treehugger Robot
6d0eabd67b
Merge "Delete more unused policies by CompOS" am: fabaac131a
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1959643
Change-Id: I5f85e8f63a09bc65900daf0490004ef4bbf2b258
2022-01-25 21:02:33 +00:00
Treehugger Robot
fabaac131a
Merge "Delete more unused policies by CompOS"
2022-01-25 20:54:41 +00:00
Treehugger Robot
66d98a7bbe
Merge "Add context for ro.boot.microdroid.debuggable property" am: c8ff1677ed
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1958826
Change-Id: I0ee83d33a3642a6bf10bff80a4f82a5852ab88be
2022-01-25 20:54:29 +00:00
Seth Moore
618c2d04cc
Merge "Allow default identity service to call keymint" am: 63fa21b46a
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1954396
Change-Id: I519466daae1613657463a2d589182a864e094a4d
2022-01-25 20:53:30 +00:00
Treehugger Robot
c8ff1677ed
Merge "Add context for ro.boot.microdroid.debuggable property"
2022-01-25 20:41:07 +00:00
Seth Moore
63fa21b46a
Merge "Allow default identity service to call keymint"
2022-01-25 20:33:01 +00:00
Andrew Scull
20558224de
Give DICE HAL access to driver am: f451a1407f
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1959022
Change-Id: I1898ab6807ecdb18fa4b3dff236867bc0424b074
2022-01-25 17:59:46 +00:00
Florian Mayer
be3197c996
[mte] add property to globally enable mte.
...
Bug: 216305376
Change-Id: I25d0b3c9d0e7e6bba14eedf9b833c5e07786ec71
2022-01-25 17:21:58 +00:00
Victor Hsieh
ea38d6925d
Delete more unused policies by CompOS
...
Bug: 205750213
Test: TH
Change-Id: Ie08465e8801a74d61f85715e85a856293c4232d5
2022-01-25 08:40:46 -08:00
Andrew Scull
30373f3015
Add context for ro.boot.microdroid.debuggable property
...
This property is read by microdroid_manager to check whether the VM is
in debug mode. Give it a context to satisfy the sepolicy.
Bug: 214231981
Test: atest MicrodroidTestApp
Change-Id: I9d4bda5e487324c95229c7978e8fe0a53fa9f616
2022-01-25 16:07:21 +00:00
Andrew Scull
f451a1407f
Give DICE HAL access to driver
...
The driver facilitates the handover of values from the bootloader so
needs to be accessible by the HAL.
Bug: 214231981
Test: run microdroid with a "google,open-dice" DT node
Change-Id: Ib5317e6a42befe22d8f1dbefeb9803f5ec92b061
2022-01-25 15:22:42 +00:00
Etienne Ruffieux
e1da066e3d
Merge "Added new context declaration for Bluetooth configs" am: 0a19dbdcd3
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1944887
Change-Id: Ide7ccb4aa9f82d0f2f795c1bf62dbac5c2ad2ae5
2022-01-25 14:22:27 +00:00
Etienne Ruffieux
0a19dbdcd3
Merge "Added new context declaration for Bluetooth configs"
2022-01-25 14:00:08 +00:00