tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
41748 commits 1 branch 0 tags 50 MiB
Commit graph

41748 commits

This branch
This branch
All branches
Author SHA1 Message Date
Treehugger Robot
30c25de59d Merge changes from topic "artsrv-experiment-flag" 
* changes:
  Give art_boot explicit access to experiment flags.
  Allow the ART boot oneshot service to configure ART config properties.
 2023-06-01 18:21:50 +00:00
Jooyung Han
a7e2e1a229 Merge "Fix apex_sepolicy_tests_test" am: 370d741453 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2606716

Change-Id: Ieeb02885d17d975d006f0ff8dbdbdf43880d3129
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-01 02:48:17 +00:00
Jooyung Han
370d741453 Merge "Fix apex_sepolicy_tests_test" 2023-06-01 02:05:55 +00:00
Pawan Wagh
0e74d4e69e Add media extractor service fuzzer to bindings am: 7f90d50ae0 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2600804

Change-Id: I93e6bd14348c61ac75adba21f9d9f92567837e16
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-31 09:48:31 +00:00
Jooyung Han
61b46b6159 Fix apex_sepolicy_tests_test 
In QueryTERule(), scontext argument works like OR-set while the test
rules should treat them as AND-set.

Bug: 285075529
Test: apex_sepolicy_tests_test
Change-Id: Ie33b8dd6bf62db67ad3762835c1500c81d975707
 2023-05-31 17:41:28 +09:00
Pawan Wagh
7f90d50ae0 Add media extractor service fuzzer to bindings 
Test: m
Bug: 232439428
Change-Id: I660c54df153993056668b6774d177072d8eadc3b
 2023-05-31 01:19:21 +00:00
Steven Moreland
5b0dad1c2a Merge "strengthen app_data_file neverallows" am: 46288c6b97 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2599511

Change-Id: I9588b6ca25d90b6faf2e7c6f994e1d0f13423011
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-26 16:59:47 +00:00
Steven Moreland
46288c6b97 Merge "strengthen app_data_file neverallows" 2023-05-26 15:32:15 +00:00
Brian Lindahl
7975447205 Allow media server configurable flags to be read from anywhere am: ffeb680417 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2605806

Change-Id: I11ebd0146487c21f95661756da8c780e96ec88dc
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-26 07:29:31 +00:00
Brian Lindahl
ffeb680417 Allow media server configurable flags to be read from anywhere 
The majority of code for media encoding and decoding occurs within the
context of client app processes via linking with libstagefright. This
code needs access to server-configurable flags to configure
codec-related features.

Bug: 234833109
Test: manual test with 'adb shell device_config' commands
Change-Id: I95aa6772a40599636d109d6960c2898e44648c9b
 2023-05-25 20:48:00 -06:00
Treehugger Robot
b7185cb58e Merge "Add sepolicy for ro.build.ab_update.ab_ota_partitions" am: cd69d35a5e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2597146

Change-Id: I62f9713ec4965b709d3ff38d20bad629538281f0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-25 11:38:08 +00:00
Treehugger Robot
cd69d35a5e Merge "Add sepolicy for ro.build.ab_update.ab_ota_partitions" 2023-05-25 11:14:40 +00:00
Treehugger Robot
4ee23573de Merge "Set up sepolicy for drmserver64" am: 8a676d0a4c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2588745

Change-Id: Ie4492ca6077731143c26f3431546503e9491850a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-25 02:46:47 +00:00
Treehugger Robot
8a676d0a4c Merge "Set up sepolicy for drmserver64" 2023-05-25 02:22:45 +00:00
Treehugger Robot
4774a44073 Merge "Allow ueventd to read apexd property" am: d16bf50b26 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1933081

Change-Id: Id718a1c924686618b2154f158b7ab8134fd03b11
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-25 02:22:10 +00:00
Treehugger Robot
d16bf50b26 Merge "Allow ueventd to read apexd property" 2023-05-25 01:40:11 +00:00
Kelvin Zhang
60456bd47e Add sepolicy for ro.build.ab_update.ab_ota_partitions 
Bug: 283042235
Test: th
Change-Id: Ie2296b75c91fbeb83cb0f3e61d5013b106fb78d0
 2023-05-24 18:26:12 -07:00
Pawan Wagh
cf26f9e29b Merge "Add media metrics aidl fuzzer to bindings" am: 144cad1b19 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2601825

Change-Id: Ibe6ec501030cd0999d307a0c3709c46325c6ca9f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-24 23:39:51 +00:00
Pawan Wagh
144cad1b19 Merge "Add media metrics aidl fuzzer to bindings" 2023-05-24 23:01:42 +00:00
Treehugger Robot
863fea7e62 Merge "strengthen debugfs neverallows" am: 4f36bd15ac 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2599510

Change-Id: Iebd1d30d6fd58a68f369d2d25c55038bab32acdc
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-24 21:22:44 +00:00
Treehugger Robot
4f36bd15ac Merge "strengthen debugfs neverallows" 2023-05-24 20:30:34 +00:00
Steven Moreland
12523b02c3 Merge "strengthen proc_type neverallows" am: fd92d967ee 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2599509

Change-Id: Id85e2319971b1be4924dc68b6becfb1c6ceac901
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-24 18:41:12 +00:00
Steven Moreland
fd92d967ee Merge "strengthen proc_type neverallows" 2023-05-24 18:01:14 +00:00
Jin Jeong
8da5ffe780 Merge "Revert "Fix selinux denial for setupwizard_esim_prop"" am: f21abea1b7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2602191

Change-Id: I5e659ea7ac65f4680cd7702e24236aabcd01bc3a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-24 09:12:46 +00:00
Jin Jeong
ce817552f5 Merge "Revert "Add setupwizard_esim_prop to access ro.setupwizard.esim_cid_ignore"" am: d7558db004 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2588746

Change-Id: Ic4796f40dfb4e24a726aba37377d2bd6e9e95809
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-24 09:12:43 +00:00
Jin Jeong
f21abea1b7 Merge "Revert "Fix selinux denial for setupwizard_esim_prop"" 2023-05-24 08:21:54 +00:00
Jin Jeong
d7558db004 Merge "Revert "Add setupwizard_esim_prop to access ro.setupwizard.esim_cid_ignore"" 2023-05-24 08:21:54 +00:00
Jin Jeong
0a9cd6f0e7 Revert "Fix selinux denial for setupwizard_esim_prop" 
This reverts commit 3bb2411564.

Reason for revert:  b/279988311 we rename the vendor.modem property so we don't need to add the new rules

Change-Id: I4a3ed3c4f00e9bee88608e7d393ded204d922ee2
Merged-In: I00cac36ac2f2a23d02c99b9ad9df57061d1ae61c
 2023-05-24 07:08:05 +00:00
Pawan Wagh
d25d64796d Add media metrics aidl fuzzer to bindings 
Test: m
Bug: 232439428
Change-Id: I6c645bf89fdded1dffdba8d40889eeb20b0734e1
 2023-05-23 22:55:15 +00:00
Suchang Woo
6b4c45393b Allow ueventd to read apexd property 
To run external firmware handler, ueventd should wait for apexd activation
by reading 'apexd.status' property.

Test: loading firmware from vendor apex using external firmware handler
Signed-off-by: Suchang Woo <suchang.woo@samsung.com>
Change-Id: Ic2057ab2d014540ce5eeb26bcac35d39294b5dc9
 2023-05-23 14:12:40 +09:00
Steven Moreland
0109e51f62 Merge "strengthen vendor_file neverallows" am: e1b3e925c6 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2594975

Change-Id: I364f7f30f34e4dd28085e8ce53b37c1ea282a126
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-23 00:38:11 +00:00
Steven Moreland
f3722d5a71 strengthen app_data_file neverallows 
There are more types of apps now.

Bug: 281877578
Test: boot
Change-Id: I1918de8610070f6fac0e933d75c656e4ee0cfbdd
 2023-05-23 00:01:27 +00:00
Steven Moreland
e1b3e925c6 Merge "strengthen vendor_file neverallows" 2023-05-22 23:56:11 +00:00
Steven Moreland
b56bf68763 strengthen debugfs neverallows 
The comments here suggest they intended to put stronger
rules in place.

Bug: 281877578
Test: boot
Change-Id: I4c837c2e0f86f648c212fa7915275cd75319e663
 2023-05-22 23:02:24 +00:00
Steven Moreland
8634a88595 strengthen proc_type neverallows 
These were unnecessarily lax. Some additional places
additionally exclude only the generic proc type, but
we don't care about those places.

Bug: 281877578
Test: boot
Change-Id: I9ebf410c12a41888ab1f5ecc21c95c34fc36c0d0
 2023-05-22 22:59:08 +00:00
Treehugger Robot
ff97fdff7e Merge "Parallelize singleton execution." am: bcb0e13831 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2593085

Change-Id: I18a98d9c720e8a5c4b98a8dccd878e3dd55158bd
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-22 17:11:27 +00:00
Treehugger Robot
bcb0e13831 Merge "Parallelize singleton execution." 2023-05-22 16:40:16 +00:00
Steven Moreland
3bf96325d7 Merge "strengthen system_file neverallows" am: 9a184232d7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2594974

Change-Id: Icdba587658c91e27f35f6862869c45d1f74ddec9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-19 21:57:55 +00:00
Steven Moreland
9a184232d7 Merge "strengthen system_file neverallows" 2023-05-19 21:37:26 +00:00
David Anderson
5f2482d0dd Merge "Allow ueventd to access device-mapper." am: 73d18c2bfe 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2591728

Change-Id: Id226615d89272ce3a09db194464f8bbd3d33cdd8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-19 20:29:14 +00:00
David Anderson
73d18c2bfe Merge "Allow ueventd to access device-mapper." 2023-05-19 19:43:21 +00:00
LaMont Jones
3ee898434c Parallelize singleton execution. 
Bug: 281536768
Test: manual, presubmits
Change-Id: I35fe5f4ce5732942399edf0d68e561039d7c253d
 2023-05-19 18:19:28 +00:00
Treehugger Robot
a310d36da8 Merge "Add installd service fuzzer to bindings" am: ae5be3dd8e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2595030

Change-Id: I5dfbf694dc4dce9833cdfda1de3b33ba132eca9f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-19 18:02:06 +00:00
Treehugger Robot
ae5be3dd8e Merge "Add installd service fuzzer to bindings" 2023-05-19 17:21:07 +00:00
Suren Baghdasaryan
7d0a569d8a Merge "allow modprobe to load modules from /system/lib/modules/" am: f707e8271d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2597157

Change-Id: Ic50a42af1d45541012eb0747fa0f7dcf68090f73
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-19 16:16:01 +00:00
Suren Baghdasaryan
f707e8271d Merge "allow modprobe to load modules from /system/lib/modules/" 2023-05-19 15:49:48 +00:00
Treehugger Robot
b9e32f324c Merge "Allow mediaserver access to media_native flag namespace" am: b9238b4a7e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2464912

Change-Id: I5ff1cca1aee4c01c8a63ada4b68c3ac54b68c26d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-19 06:46:48 +00:00
Treehugger Robot
b9238b4a7e Merge "Allow mediaserver access to media_native flag namespace" 2023-05-19 06:15:01 +00:00
Wonsik Kim
806c625192 Allow mediaserver access to media_native flag namespace 
Bug: 275527219
Test: add sepolicy, build, check GetServerConfigurableFlag function
Change-Id: I7db0fb2f97860782cca0cb2b0324fbb3f1f2d8b3
 2023-05-18 21:29:07 -07:00
Peiyong Lin
0c8462d1c8 Merge "Revert "Add "ro.hardware.egl_legacy" for ANGLE system driver"" am: 2ecabd44bb 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2596789

Change-Id: Ica9bf6d4fe1b4d1e7deaa39459d475bb72dbb198
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-19 00:21:39 +00:00