tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
24246 commits 1 branch 0 tags 50 MiB
Commit graph

24246 commits

This branch
This branch
All branches
Author SHA1 Message Date
Joel Galenson
5e175476f2 Allow init to set the encryption policy on unlabeled directories. 
This fixes a bug where a directory's label was removed, causing it to
be unlabeled, and we crashed on trying to set its encryption policy.

Fixes: 148923156
Test: Successfully update from build with the deleted label.
Change-Id: I69c3707e3e66d9e44a22b0783d3016c8ddab6b8f
 2020-02-05 15:03:29 -08:00
Jeffrey Huang
225850bd0c Surfaceflinger binder call StatsManagerService 
This binder call is needed because we want to migrate
libstatspull to use StatsManagerService instead of Statsd

The binder call to statsd can be removed after the migration.

Test: m -j
Bug: 148641240
Change-Id: If6cf7eb77aa229751c44e5291d49f05177dbb8dd
 2020-02-05 14:40:40 -08:00
Jeffrey Huang
4f23084a67 Allow system server to add StatsHal 
Bug: 148794952
Test: m -j
Change-Id: I14cc282bb262f1ec62ab3473d9229763c1a02e21
 2020-02-05 14:00:10 -08:00
Treehugger Robot
231b89410f Merge "GpuStats: sepolicy change for using new statsd puller api" 2020-02-05 21:58:42 +00:00
Automerger Merge Worker
6882ef2e47 Merge "Only write snapshotctl_log when debug" am: df701f3e45 am: e9f40bc112 
Change-Id: Ife5817e33a0c6654550169ef315f1912f1253478
 2020-02-05 21:49:30 +00:00
Automerger Merge Worker
e9f40bc112 Merge "Only write snapshotctl_log when debug" am: df701f3e45 
Change-Id: I8aa0da7a0ae63be6787cef145f188052da42cc77
 2020-02-05 21:32:29 +00:00
Yifan Hong
df701f3e45 Merge "Only write snapshotctl_log when debug" 2020-02-05 21:23:11 +00:00
Automerger Merge Worker
763192f951 Merge "Allow update_engine to write snapshotctl log data" am: f58e6777b2 am: deda3c9203 am: 94e7163843 
Change-Id: I11f2e5667f06816a47655d70c226b6cef7f71e84
 2020-02-05 18:28:57 +00:00
Automerger Merge Worker
064a946498 Merge "Move virtual_ab_prop to vendor partition." am: 54411b5e3c am: d2e13c7ffb am: d15ac358bf 
Change-Id: I03859f154e1194f3d88b098eeb0b3589a7db67d9
 2020-02-05 18:28:42 +00:00
Automerger Merge Worker
94e7163843 Merge "Allow update_engine to write snapshotctl log data" am: f58e6777b2 am: deda3c9203 
Change-Id: I8c5b8d607d9922e0a4840eae200d6dea9fdf7e5f
 2020-02-05 18:14:44 +00:00
Automerger Merge Worker
d15ac358bf Merge "Move virtual_ab_prop to vendor partition." am: 54411b5e3c am: d2e13c7ffb 
Change-Id: Ie9a73163fd8da32f32fb79e09879e38ead917da4
 2020-02-05 18:14:28 +00:00
Automerger Merge Worker
deda3c9203 Merge "Allow update_engine to write snapshotctl log data" am: f58e6777b2 
Change-Id: I8f67eca8af03b625b71ecee017c5e795cab08f90
 2020-02-05 18:04:30 +00:00
Automerger Merge Worker
d2e13c7ffb Merge "Move virtual_ab_prop to vendor partition." am: 54411b5e3c 
Change-Id: Ib2b961a021eec26e9eb3c96d1e32ad350421c76c
 2020-02-05 18:04:18 +00:00
Yifan Hong
f58e6777b2 Merge "Allow update_engine to write snapshotctl log data" 2020-02-05 17:57:46 +00:00
Yifan Hong
54411b5e3c Merge "Move virtual_ab_prop to vendor partition." 2020-02-05 17:57:08 +00:00
lpeter
93de13e535 Add filegroup for extservices file context 
Add a filegroup for extservices so that it can be shared between the main
extservices apex and the one used for testing.

Bug: 138589409
Test: Manually
Change-Id: I2cca8a583b2aa72c8c29a32dd839fe599300b40f
 2020-02-05 18:43:13 +08:00
Jeff Vander Stoep
5afd6d788c net_dns_prop: neverallow most access 
Prepare for these properties to be completely removed.

Bug: 33308258
Test: build
Change-Id: Ie22918247db1d6e85a36e0df958916b6752629d0
 2020-02-05 09:55:30 +01:00
Automerger Merge Worker
a306e61a58 Merge "Create new mediaprovider_app domain." am: 164359b952 am: c4f463d17e am: 8d8af4cb20 
Change-Id: I92d3f612d7c8b7c75de6d6aebf2d54f26aa36689
 2020-02-05 08:34:58 +00:00
Automerger Merge Worker
9fc9275ac4 Merge "Allow dumpstate to open and read linkerconfig directory" am: 7be9b32fdb am: 3ea40693f7 am: db7ba39bee 
Change-Id: I22247eb97edbf75e8b1011e8b8870e5937108650
 2020-02-05 08:34:27 +00:00
Automerger Merge Worker
8d8af4cb20 Merge "Create new mediaprovider_app domain." am: 164359b952 am: c4f463d17e 
Change-Id: I878eccd3e3a7e0999f82cd0d48841b7d75b531b4
 2020-02-05 08:22:25 +00:00
Automerger Merge Worker
db7ba39bee Merge "Allow dumpstate to open and read linkerconfig directory" am: 7be9b32fdb am: 3ea40693f7 
Change-Id: Ife775c07365f549f93cb813d46211396eb52203f
 2020-02-05 08:22:16 +00:00
Automerger Merge Worker
c4f463d17e Merge "Create new mediaprovider_app domain." am: 164359b952 
Change-Id: I55abcb58b73137ddadd6a370b2de4da1272f6a9d
 2020-02-05 08:09:36 +00:00
Automerger Merge Worker
3ea40693f7 Merge "Allow dumpstate to open and read linkerconfig directory" am: 7be9b32fdb 
Change-Id: I1213fa68632fbad3be7196762c3f986209bd5790
 2020-02-05 08:09:24 +00:00
Martijn Coenen
164359b952 Merge "Create new mediaprovider_app domain." 2020-02-05 07:58:54 +00:00
Kiyoung Kim
7be9b32fdb Merge "Allow dumpstate to open and read linkerconfig directory" 2020-02-05 07:58:12 +00:00
Yifan Hong
b6b35b7c46 Only write snapshotctl_log when debug 
Only write snapshotctl_log_data_file for userdebug_or_eng.

Test: boot, still see log
Bug: 148818798
Change-Id: I03e979efd65e3992bd8ef30e6408768a14aa1de2
 2020-02-04 17:15:06 -08:00
Yifan Hong
47ee18d67a Allow update_engine to write snapshotctl log data 
recovery is excluded because it is not an interesting code
path.

Test: apply OTA, cancel, delete OTA states, then apply again
      to trigger CancelUpdate() code path, see logs

Bug: 148818798
Change-Id: I3baac977af54ac0a09c9b732fd172469c9f51627
 2020-02-04 16:56:59 -08:00
Yiwei Zhang
dbbe3bd7d8 GpuStats: sepolicy change for using new statsd puller api 
Bug: 148421389
Test: statsd_testdrive 10054
Change-Id: Icf1a4bf809b1413c0e413290bbeadd987faff710
 2020-02-04 15:55:59 -08:00
Automerger Merge Worker
c11f257cc0 Merge "Allow setattr for chattr" am: c98291c37c am: 57dd66eae1 am: b0d995aa76 
Change-Id: I2859ee827b41e860d7a41c4077881aa306c23710
 2020-02-04 23:32:23 +00:00
Automerger Merge Worker
b0d995aa76 Merge "Allow setattr for chattr" am: c98291c37c am: 57dd66eae1 
Change-Id: I699e3f227688afeeb6f9358c905f29b34ab1d86f
 2020-02-04 23:18:12 +00:00
Automerger Merge Worker
57dd66eae1 Merge "Allow setattr for chattr" am: c98291c37c 
Change-Id: Ib329a1c44723dcb7f34699f4829fa875cb887db5
 2020-02-04 23:13:11 +00:00
Daniel Rosenberg
c98291c37c Merge "Allow setattr for chattr" 2020-02-04 23:03:38 +00:00
Automerger Merge Worker
db98e40689 Merge "snapshotctl better logging" am: 28d5e87d39 am: 1c26630767 am: 3a51d8330c 
Change-Id: Ibed854e6236336395f562f06e67c6f20d00d412a
 2020-02-04 22:46:54 +00:00
Automerger Merge Worker
3a51d8330c Merge "snapshotctl better logging" am: 28d5e87d39 am: 1c26630767 
Change-Id: I4fb29ba89bf034819bf50c809f56d1103d4fa703
 2020-02-04 22:37:47 +00:00
Automerger Merge Worker
1c26630767 Merge "snapshotctl better logging" am: 28d5e87d39 
Change-Id: I4b2915f2e8768f986ac3e9db8d5487b41855e691
 2020-02-04 22:29:29 +00:00
Yifan Hong
28d5e87d39 Merge "snapshotctl better logging" 2020-02-04 22:18:33 +00:00
Automerger Merge Worker
a8339939c0 Merge "Allow system_server to attach bpf programs to tracepoints" am: d90d4aa2bb am: d7ffd9d1e0 am: fe191e802c 
Change-Id: I1f0bb9de8134019933733639fc06a6ec6a43cc4c
 2020-02-04 21:49:05 +00:00
Automerger Merge Worker
fe191e802c Merge "Allow system_server to attach bpf programs to tracepoints" am: d90d4aa2bb am: d7ffd9d1e0 
Change-Id: I349b6b9475b7ec28975607e3951dd232b28141be
 2020-02-04 21:37:03 +00:00
Automerger Merge Worker
d7ffd9d1e0 Merge "Allow system_server to attach bpf programs to tracepoints" am: d90d4aa2bb 
Change-Id: Ia18f4643a3f069cc69f0885c77bbb68b4a2f7ff3
 2020-02-04 21:23:43 +00:00
Connor O'Brien
d90d4aa2bb Merge "Allow system_server to attach bpf programs to tracepoints" 2020-02-04 21:11:47 +00:00
Yifan Hong
589bb6f369 snapshotctl better logging 
Test: snapshotctl merge --log-to-file
Bug: 148818798
Change-Id: I0e9c8ebb6632a56670a566f7a541e52e0bd24b08
 2020-02-04 10:09:24 -08:00
Automerger Merge Worker
7720b7cb7f Merge "[selinux] properly labeling dirs under /data/incremental" am: 37b87fc793 am: 01d09f9d1d am: 797924fab7 
Change-Id: Ic3ebd731276afbdbbdfd20e9f76be3375fc93a6c
 2020-02-04 17:53:45 +00:00
Automerger Merge Worker
797924fab7 Merge "[selinux] properly labeling dirs under /data/incremental" am: 37b87fc793 am: 01d09f9d1d 
Change-Id: I3d7cfe117e19fb34be80ccc45c54ba2a80ccf090
 2020-02-04 17:45:13 +00:00
Automerger Merge Worker
01d09f9d1d Merge "[selinux] properly labeling dirs under /data/incremental" am: 37b87fc793 
Change-Id: I75fe314463a07047d4eb69cbe78ef563010d72b2
 2020-02-04 17:37:00 +00:00
Songchun Fan
37b87fc793 Merge "[selinux] properly labeling dirs under /data/incremental" 2020-02-04 17:26:20 +00:00
Martijn Coenen
e3f1d5a314 Create new mediaprovider_app domain. 
This is a domain for the MediaProvider mainline module. The
MediaProvider process is responsible for managing external storage, and
as such should be able to have full read/write access to it. It also
hosts a FUSE filesystem that allows other apps to access said storage in
a safe way. Finally, it needs to call some ioctl's to set project quota
on the lower filesystem correctly.

Bug: 141595441
Test: builds, mediaprovider module gets the correct domain
Change-Id: I0d705148774a1bbb59c927e267a484cb5c44f548
 2020-02-04 16:53:18 +01:00
Ryan Savitski
21f6ae6a8a perfetto: allow producers to supply shared memory 
This concerns the data transfer between an untrusted producer process,
and the tracing service (traced daemon). They communicate over a
combination of a unix socket and shared memory.

Normally, the service creates the shared memory region, and hands it off
to the producer process (see perfetto_producer() macro). This patch
allows for an alternative scheme, where the producer process is allowed
to create the shared memory region, which will then be adopted by the
tracing service. The service already inherently doesn't trust the
producer, so it'll validate that the shared memory is appropriately
sealed before using it.

The immediate use-case is chrome's go/perfetto-startup-tracing-v2. But
this mode has advantages (e.g. being able to write to the shared memory
before connecting) for other producer domains as well.

Bug: 148841422
Change-Id: I90f864b900958792553f0208f4a0041dbf2892cc
 2020-02-04 13:47:42 +00:00
Automerger Merge Worker
03485ee724 Merge "Revert "Grant appdomain access to app_api_service"" am: 125b6f6b6a am: 40de618a00 am: 76bc6401b0 
Change-Id: Iae90cdbfab2edd32fced879066b3e803ce4a7b41
 2020-02-04 11:23:55 +00:00
Automerger Merge Worker
0b613a4b09 Merge "Don't audit linkerconfig in dumpstate" am: 47e18130fd am: b11e731c6b am: 18cad332f1 
Change-Id: I8248305cd2961ed988203619744c76f045a1b74d
 2020-02-04 11:23:44 +00:00
Automerger Merge Worker
76bc6401b0 Merge "Revert "Grant appdomain access to app_api_service"" am: 125b6f6b6a am: 40de618a00 
Change-Id: Iae260f6f2516f6a820d415e9af423658c738bad7
 2020-02-04 11:09:27 +00:00