Commit graph

67 commits

Author SHA1 Message Date
Inseob Kim
094e8e81a2 Flag-guard vfio_handler policies
vfio_handler will be active only if device assignment feature is turned
on.

Bug: 306563735
Test: microdroid tests with and without the flag
Change-Id: I5559dfca1a29852b65481c95f37edc9977ee9d7d
2023-11-22 05:28:20 +00:00
Thiébaud Weksteen
e396c3c486 Remove com.android.sepolicy policy am: cc85f22c4d
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2755965

Change-Id: I44486d4b0a9d90b5b4b91d38840bc42902f34242
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-09-20 02:30:34 +00:00
Thiébaud Weksteen
cc85f22c4d Remove com.android.sepolicy policy
Bug: 297794885
Test: presubmit
Change-Id: I91b1584fe2e13322cd3a0add92887097e190246e
2023-09-19 12:41:52 +10:00
Kangping Dong
044116c3e4 Merge "[Thread] move ot-daemon to the tethering module" into main am: e32751f748
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2736996

Change-Id: I15539e9663e50ba4d77f311d1e6a9b5fc12d9970
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-09-11 18:58:45 +00:00
Kangping Dong
0c9f48d6ef [Thread] move ot-daemon to the tethering module
The com.android.threadnetwork module is merged into
the com.android.tethering module now.

Bug: 296211911
Change-Id: I9fec91fff4e2ae4be26da4b0f52e739c4a251cd2
2023-09-06 14:07:14 +08:00
Xin Li
e07dbe0a63 Merge Android U (ab/10368041)
Bug: 291102124
Merged-In: Id2cc5dbbafffb4633706e5cc728cb44abd417340
Change-Id: I77e68f17a1273958bcdc32b5a4b6a0ff3ffdfd2a
2023-08-23 17:20:59 -07:00
Harshit Mahajan
cd4f71a8b5 Add sepolicy rules for crashrecovery APEX.
Bug: b/289203818
Test: NA

Change-Id: I6d25d413fb512a48e765088bc8dde59c89aec257
2023-08-16 12:00:48 +00:00
Treehugger Robot
8743379791 Merge "Remove flatten_apex: property" am: 7f7e8d79a9 am: d947550b6f am: a7627cf627
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2628996

Change-Id: I928001ab7426a6a247315293d0b6a86e176f8bf1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-06-21 06:29:40 +00:00
Jooyung Han
804e234ced Remove flatten_apex: property
We no longer have targets using flattened apexes. Flattened apexes will
be removed from the build system.

Bug: 278826656
Test: m
Change-Id: I657e01dbfd2525b07c29a234277062d5ac2fab9f
2023-06-20 15:41:05 +09:00
Kangping Dong
f946b06074 Merge "add sepolicy rules for Thread network" am: aa83af5c3b am: ff6ae919c2 am: 498a752dd7
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2612795

Change-Id: Iaf8e6d654eb9fbb7d2b2b17ef16468b0eb7f6ce1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-06-08 14:50:57 +00:00
Yakun Xu
07429e39ee add sepolicy rules for Thread network
bug: 257371610
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:0fd52fd521b8167b0ec8836dac3765a16fd6863b)
Merged-In: I2c90639f4baecb010230b3aa60f2f09c0ddd9e4f
Change-Id: I2c90639f4baecb010230b3aa60f2f09c0ddd9e4f
2023-06-07 07:04:19 +00:00
Maciej Żenczykowski
0f0c1ab9ce Merge "remove inprocess tethering" am: c56709f9af am: 2960719ac6 am: 8d0ab95eb8
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2567011

Change-Id: Ib2931d6591e6175fff493401517e0f6507e8a271
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-05-05 22:46:21 +00:00
Maciej Żenczykowski
e52d2349dd remove inprocess tethering
Test: TreeHugger
Bug: 279942846
Change-Id: I0fd3a7dfe9b554d18de435e5df47de048e453d00
2023-04-27 19:26:06 +00:00
Satoshi Niwa
6c32aa519c sepolicy: Add apex/com.android.tethering.inprocess-file_contexts am: 80cd0acd64 am: 6fa337fef5 am: dcbde45b66
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2504898

Change-Id: I3cddfbef5290c5898ebd218a258f4571370bb4ea
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-03-23 08:42:12 +00:00
Satoshi Niwa
80cd0acd64 sepolicy: Add apex/com.android.tethering.inprocess-file_contexts
Needed when using com.android.tethering.inprocess with
flattened APEX.

Bug: 273821347
Test: trybot
Change-Id: Iae6d9547922575398c634433dc07b2e46fbffd8e
2023-03-23 12:43:48 +09:00
ronish
f406edf440 [CP] Rename healthconnect to healthfitness
Change-Id: Icb20784bfe3d07aff5b198b5c8dd2302bb7c854d
2023-02-14 17:34:26 +00:00
Ronish Kalia
edf140f2f4 Merge "Rename healthconnect to healthfitness" 2023-02-14 12:08:47 +00:00
Patrick Rohr
3c0d2675f4 Merge "cronet: remove com.android.cronet sepolicy" am: 8f0388f32e am: 37f2fa0da7 am: b59779e3cb
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2431473

Change-Id: Ic67b24d98613402fa41ba6fdc40df9a060150a5d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-02-11 01:02:14 +00:00
Patrick Rohr
c8f4e19a74 cronet: remove com.android.cronet sepolicy
com.android.cronet has never been released and has since been deleted as
Cronet was added to the tethering module.

Test: TH
Bug: 266673389
Change-Id: Ia288d4322c13ba986164a12f4999fea1cd60d529
2023-02-10 11:47:02 -08:00
ronish
dfa42f0ddd Rename healthconnect to healthfitness
Bug: 264516143
Change-Id: Icabd6f58ae615a2f3e718e54dbc1c1c955883d19
2023-02-07 18:16:24 +00:00
Manish Dungriyal
0cf6f300ee Add file_context for telephonymodules APEX
Test: Build
Bug: 255736341
Ignore-AOSP-First: Yet to merge for AOSP
Change-Id: I2e511c4096d117a4dda271bcf235ac7c277f2c33
2022-11-15 12:39:58 +00:00
Amos Bianchi
3189fafa2a Add sepolicy for new module.
Bug: b/241442337
Test: TH
Change-Id: Ia58e2d4b205638509545a0a2c356cd68862beb1f
2022-09-23 10:40:47 -07:00
Vikram Gaur
f4382c5391 Merge "Add SELinux policy changes for rkpd" 2022-09-23 09:33:45 +00:00
Vikram Gaur
d25c80a951 Add SELinux policy changes for rkpd
This is a part of changes to bring up Remote Key Provisioning Daemon
module. See packages/modules/RemoteKeyProvisioning for more info.

Change-Id: Iae4e98176491637acb03e2e09b9d8dbc269be616
Test: atest rkpd_client_test
2022-09-23 05:09:00 +00:00
qiaoli
9de81191c6 Add file contexts for FederatedCompute.
Test: TH
Change-Id: If302dc80a5be0b72e417698a60a92a05bedde8a1
2022-09-21 03:40:13 +00:00
Treehugger Robot
5a7f207a22 Merge "Add file contexts for HealthConnect APEX" am: 59c456eeb3
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2183548

Change-Id: I71c5c7248c9fa8a4916fadb0ab64993b2d2f790c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-08-15 13:46:13 +00:00
Anna Zhuravleva
406287da6c Add file contexts for HealthConnect APEX
Test: build
Bug: 242298335
Change-Id: I9ad9037590a40b29bdc00b11d0a9c352b50608fc
2022-08-12 19:03:11 +00:00
Oriol Prieto Gasco
57f48ae1d2 Include bluetooth cert in mac_permissions.xml
Also, rename the file_contexts file to match the new BT stack apex name
(com.android.bluetooth)

Test: TH
Bug: 236187653
Bug: 236192423
Ignore-AOSP-First: LSC

Change-Id: Ie610775d397d0a81f83e251ed3b5f73006bfd272
2022-06-21 22:00:01 +00:00
Ling Ma
444d77f603 Removed telephony apex
Will not need this in near future.

Fix: 230729916
Test: Build
Change-Id: Iec5049bb2cc16de1d947e07eec0f151182f5a22a
Merged-In: Iec5049bb2cc16de1d947e07eec0f151182f5a22a
Ignore-AOSP-First: cherry-picked from AOSP
2022-05-17 17:50:57 +00:00
Ling Ma
f2a540615b Removed telephony apex
Will not need this in near future.

Fix: 230729916
Test: Build
Change-Id: Iec5049bb2cc16de1d947e07eec0f151182f5a22a
2022-05-05 14:18:14 -07:00
Frank
711fee7dd0 Add file contexts for OnDevicePersonalization.
Test: build
Change-Id: I7fc206f06ca1dad52772211abef50407437a79dc
2022-03-11 08:31:41 +00:00
Frank Wang
a5eb97af4b Remove Auxiliary module file context config.
Ignore-AOSP-First: this feature is developed in an internal branch
Test: TH
Bug: 210728915
Change-Id: I92db5c20db20a39af554cbeb8347e7bfb0c823ca
2022-03-05 07:20:59 +00:00
Nikita Ioffe
db8478cc37 Remove supplementalprocess APEX
Ignore-AOSP-First: this code is not available in AOSP
Bug: 220320098
Test: m
Change-Id: I131bb9ed3ea7014a6010977117e6c4e9a83ec277
2022-03-02 18:33:18 +00:00
Anton Kulakov
27e5834677 Add file contexts for AdServices APEX am: dc4332b32b am: 995d44896b am: d4d005f6fd
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1992910

Change-Id: I2b3e9c366ea16d7f7b2f2bdc5b1a6fe0a523b849
2022-02-21 14:33:38 +00:00
Anton Kulakov
dc4332b32b Add file contexts for AdServices APEX
Test: Build
Bug: 220336612
Change-Id: Iab64d228a5edcd3a9f71b59c5adf3a9460cd1947
2022-02-21 09:55:07 +00:00
Frank Wang
41d3e030ed Add file contexts for OnDevicePersonalization module.
Test: Build
Bug: b/218749359
Ignore-AOSP-First: this feature is still under development.
Change-Id: Ib69e8e7098913e14b9973c65b37c88daa98b4e06
2022-02-10 17:02:21 +00:00
Inseob Kim
696d2d250c Merge "Fix contexts modules to use android:"path"" am: 514d49a3b7 am: 3b059bf014 am: d4e088aefc am: 8824d87d77
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1925691

Change-Id: I487a2848221409e9651b3284c2ad657a8f988818
2021-12-24 08:29:35 +00:00
Inseob Kim
6d3d5a6daf Fix contexts modules to use android:"path"
For now, contexts modules have been using se_filegroup modules, which
makes the build system logic unnecessarily complex. This change
refactors it to se_build_files modules and normal `android:"path"`
logic.

Test: build and boot
Change-Id: I52e557e2dc8300186869a97fddfd3a74183473f7
2021-12-23 21:36:27 +09:00
Frank Wang
e46363f4e2 Add Auxiliary module file context config in sepolicy.
Test: loaded to an AVD
Bug: b/210728915
Ignore-AOSP-First: this feature is developed in an internal branch
Change-Id: I8a3d1ec25938c84cfe35a36e706e891ce2b9659e
2021-12-17 06:43:41 +00:00
Treehugger Robot
1b8168a7dc Merge "Add file_contexts for sepolicy mainline module" am: 8797f5841c am: 2b9f0a62cb am: 6ea8b3b3b3 am: 8fc3c1734f
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1890636

Change-Id: Iaffdba595460e0a1d61d49a102bce913c66c227d
2021-11-12 16:31:43 +00:00
Jeff Vander Stoep
07246483ad Add file_contexts for sepolicy mainline module
Test: m com.android.sepolicy
Bug: 202394777
Change-Id: I6d11c693463206632237de1c4042845153fd6415
2021-11-12 14:55:54 +01:00
Nikita Ioffe
3efbc25e2c Add file contexts for SumplementalProcess APEX
Test: flash
Ignore-AOSP-First: feature is developed in internal branch
Change-Id: I586e668a6a77be498965c22af41af63558463a7e
2021-10-16 00:28:34 +01:00
Keun young Park
44025b07eb Add sepolicy for com.android.car.framework module
Bug: 192665266
Test: build
Change-Id: I69036c20a3bae10e34a3c076eb8e1c7c2f1d2517
2021-10-07 00:45:19 +00:00
Roshan Pius
3b7716c98c sepolicy: Add entry for uwb apex
Bug: 188911079
Test: Compiles
Change-Id: Icc4886d608e75e348ad9de0f249b23602d84694a
2021-07-29 18:44:50 -07:00
Victor Hsieh
7b68126421 Add sepolicy for com.android.compos
This is to unblock the apex setup.

There is only a system_file in the context, but we might need more
specific ones later.

Bug: 186126404
Test: m

Change-Id: Icf713c9bb92e7f7402c0b45bd0f1b06e9cb35d2b
2021-05-11 14:07:57 -07:00
Bob Badour
601ebb43a3 [LSC] Add LOCAL_LICENSE_KINDS to system/sepolicy
Added SPDX-license-identifier-Apache-2.0 to:
  build/Android.bp
  build/soong/Android.bp
  tests/Android.bp
  tools/Android.bp

Added SPDX-license-identifier-Apache-2.0 legacy_unencumbered to:
  Android.bp
  Android.mk
  compat.mk
  contexts_tests.mk
  mac_permissions.mk
  seapp_contexts.mk
  treble_sepolicy_tests_for_release.mk

Added legacy_unencumbered to:
  apex/Android.bp
  tools/sepolicy-analyze/Android.bp

Bug: 68860345
Bug: 151177513
Bug: 151953481

Test: m all

Exempt-From-Owner-Approval: janitorial work
Change-Id: I1ab286543ef1bdcb494cf74f2b35e35a08225d28
2021-02-05 01:28:24 -08:00
Treehugger Robot
ba862cdeb6 Merge "Add com.android.virt" 2020-12-13 23:42:59 +00:00
Jiyong Park
c99eb585c9 Add com.android.virt
com.android.virt is an APEX for virtual machine monitors like crosvm.
The APEX currently empty and isn't updatable.

Bug: 174633082
Test: m com.android.virt

Change-Id: I8acc8e147aadb1701dc65f6950b61701131f89d2
2020-12-11 16:22:25 +09:00
Gavin Corkery
a1bd4fc620 Add file contexts for com.android.scheduling
Test: Build and flash
Bug: 161353402
Change-Id: I0e897dae34650022dc36cd95bc8519339d615bf8
2020-12-10 14:55:22 +00:00
Neil Fuller
8f033bd1b5 Changes associated with the new geotz module
The new geotz module has files that need to be readable by the system
process.

Bug: 172546738
Test: build / boot
Change-Id: I4b9867fa1f738b0fabdf5b72e9e73282f1bd9cbc
2020-11-20 22:15:48 +00:00