Treehugger Robot
c71412f25d
Merge "Add /dev/vsock permissions to microdroid" am: 037a21ba15
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1803958
Change-Id: Ifaa515ed48f079c80469b19ec94d43fd4dacfc1f
2021-08-24 23:50:22 +00:00
Treehugger Robot
037a21ba15
Merge "Add /dev/vsock permissions to microdroid"
2021-08-24 23:35:34 +00:00
Treehugger Robot
8f2d97beef
Merge "Remove unnecessary privileges from dex2oat in VM" am: 56c495fca8
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1803110
Change-Id: I81244f58870f6eafedd5be3bfa10ed020854cd66
2021-08-24 20:40:01 +00:00
Treehugger Robot
56c495fca8
Merge "Remove unnecessary privileges from dex2oat in VM"
2021-08-24 20:23:09 +00:00
Inseob Kim
2e0fb00f22
Add /dev/vsock permissions to microdroid
...
microdroid_manager needs to know its own CID until the full RPC binder
support is landed.
Bug: 191845268
Test: run MicrodroidDemoApp
Test: atest MicrodroidHostTestCases
Change-Id: I8f6c667f0827d1089baa21417c2b0ba382d94d26
2021-08-24 14:23:18 +09:00
Keith Mok
e3ace79b18
Merge "Revert "crash_dump: supress denials for files in /proc"" am: 97935f4898
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1789807
Change-Id: Ic2f8920b0c49fb19e70184395da7afb7e55d1f8e
2021-08-23 16:27:48 +00:00
Keith Mok
97935f4898
Merge "Revert "crash_dump: supress denials for files in /proc""
2021-08-23 16:15:20 +00:00
Android Build Coastguard Worker
c444292203
Merge cherrypicks of [15633344, 15633345, 15633457, 15633423, 15633424, 15633425, 15633095, 15633401, 15632569, 15633426, 15633427, 15633402, 15633346, 15633347, 15633403, 15633458] into sc-release
...
Change-Id: Ifba61ca3ac9c60d426b3e24d096b8064102bf954
2021-08-20 00:34:44 +00:00
Orion Hodson
51bd92505b
odrefresh: add permission to sigkill child processes
...
(cherry picked from commit 522bcbe9e686477d7933
2021-08-20 00:34:06 +00:00
Victor Hsieh
dedb4909c3
Remove unnecessary privileges from dex2oat in VM
...
With a change in dex2oat to avoid opening /proc/self/fd, this change
removes open and a few other privileges from dex2oat.
Bug: 196404749
Test: ComposHostTestCases
Change-Id: I822c7ef3886a1cde8601e71afa2eb79973cd573c
2021-08-19 14:01:59 -07:00
Android Build Coastguard Worker
5e88614793
Merge cherrypicks of [15617994, 15618969, 15618970, 15617995, 15618032, 15618033, 15618190, 15620097, 15618565, 15620098, 15617967, 15619902, 15620257, 15619392] into sc-release
...
Change-Id: I93eb084990631cfbc74aab8c513af84c3de0ef9d
2021-08-19 03:22:21 +00:00
Eric Biggers
0fc214e291
Restore permission for shell to list /sys/class/block
...
As a side effect, commit ec50aa5180ff53c4d16e
2021-08-19 03:22:01 +00:00
Orion Hodson
716a987065
Merge "odrefresh: add permission to sigkill child processes" am: 26d95ebaab
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1798214
Change-Id: Id1cc74aa030b6e1a3543b75dd474e666f4a55042
2021-08-18 10:38:44 +00:00
Orion Hodson
26d95ebaab
Merge "odrefresh: add permission to sigkill child processes"
2021-08-18 10:24:37 +00:00
Suren Baghdasaryan
a3152de04d
Merge "Allow init to execute extra_free_kbytes.sh script" am: ce8e066761
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1782248
Change-Id: I53559bd04d3e65dec4ee2187636677e91ededc27
2021-08-17 19:24:23 +00:00
Suren Baghdasaryan
ce8e066761
Merge "Allow init to execute extra_free_kbytes.sh script"
2021-08-17 19:17:59 +00:00
Eric Biggers
2b7e9943d9
Merge "Restore permission for shell to list /sys/class/block" am: cc0f64416f
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1797007
Change-Id: I60b12f2a7cb088b8e648149d9356f9b00f97adbe
2021-08-17 19:17:07 +00:00
Eric Biggers
cc0f64416f
Merge "Restore permission for shell to list /sys/class/block"
2021-08-17 18:22:55 +00:00
Xin Li
92b6511572
Merge "Merge sc-dev-plus-aosp-without-vendor@7634622" into stage-aosp-master
2021-08-17 18:14:48 +00:00
Orion Hodson
522bcbe9e6
odrefresh: add permission to sigkill child processes
...
Bug: 177432913
Bug: 196969404
Test: manually decrease odrefresh compilation timeout, no avc denied
Change-Id: Ic89dcdb64974ac00c83504d876a94d8b5c6b2a29
2021-08-17 19:08:08 +01:00
Suren Baghdasaryan
6988677f22
Allow init to execute extra_free_kbytes.sh script
...
extra_free_kbytes.sh is used by init to set /sys/vm/watermark_scale_factor
value. Allow init to execute extra_free_kbytes.sh and the script to access
/proc/sys/vm/watermark_scale_factor and /proc/sys/vm/extra_free_kbytes
files.
Bug: 109664768
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I55ec07e12a1cc5322cfdd4a48d0bdc607f45d832
2021-08-17 17:02:38 +00:00
Keun young Park
d577958598
allow installd to kill dex2oat and dexoptanalyzer
...
Bug: 179094324
Bug: 156537504
Test: confirm that installd killing those processes are not brininging
selinux violation
Change-Id: Icac3f5acc3d4d398bbe1431bb02140f3fe9cdc45
2021-08-17 09:48:47 -07:00
Rick Yiu
6ea5f2d083
Merge "Move mediaprovider_app to common code" am: 16c9c6a557
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1794168
Change-Id: I5f2b05279f469a609f851cd288b8d088f227f7b0
2021-08-17 08:08:17 +00:00
Rick Yiu
16c9c6a557
Merge "Move mediaprovider_app to common code"
2021-08-17 07:55:03 +00:00
Treehugger Robot
356c5bca06
Merge "Remove obsolete file contexts" am: 49b13bc0f3
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1793090
Change-Id: I3c984521d1ee12d08ff36c8cafccb4b15a680e36
2021-08-17 01:27:29 +00:00
Treehugger Robot
49b13bc0f3
Merge "Remove obsolete file contexts"
2021-08-17 01:15:29 +00:00
Eric Biggers
8b2b951349
Restore permission for shell to list /sys/class/block
...
As a side effect, commit ec50aa5180
2021-08-16 10:54:44 -07:00
Bart Van Assche
fdb7f7d542
Merge "Add the 'bdev_type' attribute to all block devices" am: 4dcefe8898
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1795967
Change-Id: Iecc21a8a310f7abdcb18c1f2292cf22ab703dd8c
2021-08-16 16:51:20 +00:00
Bart Van Assche
4dcefe8898
Merge "Add the 'bdev_type' attribute to all block devices"
2021-08-16 16:39:24 +00:00
Victor Hsieh
d229485710
Allow compos to getattr on authfs am: 5f6e4324b3
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1795971
Change-Id: I0aa12633add712e15acf9b3de0cf8b1fb0248653
2021-08-16 16:14:41 +00:00
Xin Li
c62d3d8e87
Merge sc-dev-plus-aosp-without-vendor@7634622
...
Merged-In: Iecfff03962c7c06c87fe4ec630fedb881dfa007f
Change-Id: Ic495f086991eeee833c10d90be0b2b2a9b2da7c0
2021-08-14 06:31:08 +00:00
Victor Hsieh
5f6e4324b3
Allow compos to getattr on authfs
...
Bug: 161471326
Bug: 196635431
Test: ComposTestCase
Change-Id: I3a4073726d31686c8eb945ba9417cb2afe238d79
2021-08-13 15:48:21 -07:00
Bart Van Assche
27ecd60a79
Add the 'bdev_type' attribute to all block devices
...
The following patch iterates over all block devices:
https://android-review.googlesource.com/c/platform/system/core/+/1783847/9
The following patch grants 'init' and 'apexd' permission to iterate over
all block devices:
https://android-review.googlesource.com/c/platform/system/sepolicy/+/1783947
The above SELinux policy change requires to add the 'bdev_type'
attribute to all block devices. Hence this patch.
Bug: 194450129
Test: Untested.
Change-Id: I959bae6f9590b1867905d46e194c45b0ea4248df
Signed-off-by: Bart Van Assche <bvanassche@google.com>
2021-08-13 13:54:02 -07:00
Victor Hsieh
9ef8696796
Remove obsolete file contexts
...
Bug: 194474784
Test: can't find "compos_key_main" and "compsvc_worker" in code search
Change-Id: If0959f180f54f798ecd90a12ce71f0570cf14484
2021-08-13 15:03:23 +00:00
Treehugger Robot
79ceed2b7f
Merge "Add MicrodroidHostTestCases to TEST_MAPPING" am: 2cc457c4fb
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1795387
Change-Id: Iad11d57f83984e3d2b270d9cc1adfea1e0a890c2
2021-08-13 04:48:06 +00:00
Treehugger Robot
2cc457c4fb
Merge "Add MicrodroidHostTestCases to TEST_MAPPING"
2021-08-13 04:33:16 +00:00
Inseob Kim
5bc8cb0f5c
Add MicrodroidHostTestCases to TEST_MAPPING
...
Test: presubmit
Change-Id: I9cd6f575f0d7c9764103d09a44a128290bbaf973
2021-08-13 01:19:27 +00:00
Andrew Walbran
9c267b8a5c
Merge "crosvm now takes all files by FD." am: 21d1710c32
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1787994
Change-Id: I2e576cfb95f0fef252695e19d9d0e1140d450f27
2021-08-12 16:37:00 +00:00
Andrew Walbran
21d1710c32
Merge "crosvm now takes all files by FD."
2021-08-12 16:25:50 +00:00
Treehugger Robot
fbf76a07ba
Merge "Define sepolicy for compos and dex2oat" am: 1ca4b5c045
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1793089
Change-Id: Ic63d6b614770a9d28c2fc15cb6c3de8db34959d2
2021-08-12 14:42:55 +00:00
Treehugger Robot
5ba830752b
Merge "Grant authfs_service and authfs CAP_SYS_ADMIN" am: 92d6a4b271
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1793088
Change-Id: I92225e1afd05c5cca9610edc58160d265a8d95f7
2021-08-12 14:42:53 +00:00
Treehugger Robot
1ca4b5c045
Merge "Define sepolicy for compos and dex2oat"
2021-08-12 14:27:09 +00:00
Treehugger Robot
92d6a4b271
Merge "Grant authfs_service and authfs CAP_SYS_ADMIN"
2021-08-12 14:27:09 +00:00
Rick Yiu
bc2fe2d944
Move mediaprovider_app to common code
...
The policy under device folder will be removed for GSI, so move the
policy to common code.
Bug: 196326750
Test: build pass
Change-Id: I9544db1771ba7b94a98913bf892386f95cf919be
2021-08-12 17:04:30 +08:00
Shawn Willden
4b10dac4fc
[automerger skipped] Merge "Revert "Allow vold to deleteAllKeys in Keystore"" into sc-dev am: 9de6c0e94c -s ours
...
am skip reason: Merged-In I2fb0e94db9d35c1f19ca7acb2f541cfb13c23524 with SHA-1 bf29c3a2dchttps://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/15521094
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/15536475
Change-Id: Iecfff03962c7c06c87fe4ec630fedb881dfa007f
2021-08-12 01:31:31 +00:00
Shawn Willden
9de6c0e94c
Merge "Revert "Allow vold to deleteAllKeys in Keystore"" into sc-dev
2021-08-12 01:17:13 +00:00
Android Build Coastguard Worker
4fc2a76b7e
Snap for 7633965 from c0cae7496e to sc-release
...
Change-Id: I32d5f01284c3622f9528d49cbee88049cb9e2a7f
2021-08-12 01:10:17 +00:00
Shawn Willden
4b8112473d
Revert "Allow vold to deleteAllKeys in Keystore"
...
Revert submission 15521094-vold-deleteAllKeys
Reason for revert: Causes infinite loop in Trusty KeyMint
Reverted Changes:
I9c5c54714:Detect factory reset and deleteAllKeys
I2fb0e94db:Allow vold to deleteAllKeys in Keystore
Id23f25c69:Add deleteAllKeys to IKeystoreMaintenance
Ife779307d:Enable deleteAllKeys from vold
I4312b9a11:Enable deleteAllKeys from vold
Bug: 187105270
Change-Id: I1ed68dd9ee9a6f14152307d610af0b16dd3219ac
2021-08-12 01:08:37 +00:00
Paul Crowley
e051412aa2
[automerger skipped] Merge "Allow vold to deleteAllKeys in Keystore" into sc-dev am: c0cae7496e -s ours
...
am skip reason: Merged-In I2fb0e94db9d35c1f19ca7acb2f541cfb13c23524 with SHA-1 bf29c3a2dchttps://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/15521094
Change-Id: If49495f579284de0faa3db309cf5ee42201844d8
2021-08-11 22:00:38 +00:00
Paul Crowley
c0cae7496e
Merge "Allow vold to deleteAllKeys in Keystore" into sc-dev
2021-08-11 21:41:17 +00:00
