tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
44310 commits 1 branch 0 tags 50 MiB
Commit graph

44310 commits

This branch
This branch
All branches
Author SHA1 Message Date
Treehugger Robot
332e63bee5 Merge changes Ia2c07331,I93f0d222 into main am: f476f5c8f1 am: 31406c242e am: 0f0286303f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2742356

Change-Id: If45b9540924a95c8d91255920f565f51fa99dc9e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-07 10:05:57 +00:00
Kangping Dong
4cea19c9b9 Merge "[Thread] move ot-ctl to vendor" into main am: 1348776bed am: 07bc7d3243 am: f92304df83 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2737114

Change-Id: I3675caeb0d3e44d816a32b310416971d15474404
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-07 10:05:17 +00:00
Treehugger Robot
0f0286303f Merge changes Ia2c07331,I93f0d222 into main am: f476f5c8f1 am: 31406c242e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2742356

Change-Id: I822a44bc8887b27693524494e1f3b22ea0017aa1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-07 09:18:01 +00:00
Kangping Dong
f92304df83 Merge "[Thread] move ot-ctl to vendor" into main am: 1348776bed am: 07bc7d3243 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2737114

Change-Id: I2291a1cbbc3fdab250103246554b6e4aef625c82
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-07 09:17:03 +00:00
Treehugger Robot
31406c242e Merge changes Ia2c07331,I93f0d222 into main am: f476f5c8f1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2742356

Change-Id: If3a6af8553b6d645653ae38e898c3770b7dab868
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-07 09:14:47 +00:00
Treehugger Robot
f476f5c8f1 Merge changes Ia2c07331,I93f0d222 into main 
* changes:
  Use only public cil files for Treble compat test
  Build prebuilt policy with Soong
 2023-09-07 08:52:45 +00:00
Kangping Dong
07bc7d3243 Merge "[Thread] move ot-ctl to vendor" into main am: 1348776bed 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2737114

Change-Id: I133f6f04d542130cbbd80a3a941991d560eb3ca5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-07 08:25:53 +00:00
Kangping Dong
1348776bed Merge "[Thread] move ot-ctl to vendor" into main 2023-09-07 07:58:17 +00:00
Inseob Kim
0d49b9bc28 Use only public cil files for Treble compat test 
Rationale for this change:

1) Vendors use only public files, so we should be able to use only
   public cil files for compatibility test.
2) treble_sepolicy_tests_for_release.mk is too complex, because it
   requires compiled sepolicy. Reducing the complexity will help migrate
   into REL build.
3) This fixes a tiny bug of treble_sepolicy_tests that it can't catch
   public types being moved to private types, and then removed. 29.0.cil
   and 30.0.cil change contains such missing public types.

Bug: 296875906
Test: m selinux_policy (with/without intentional breakage)
Change-Id: Ia2c0733176df898f268b5680195da25b588b09c7
 2023-09-07 16:35:08 +09:00
Inseob Kim
5d7423ff3d Build prebuilt policy with Soong 
... and remove redundant Makefile codes. This also updates commit hook
as we now only use Soong to build sepolicy.

Bug: 296875906
Test: m selinux_policy
Change-Id: I93f0d222a0c10e31c51c9380780a8927c47d62b1
 2023-09-07 16:32:30 +09:00
Inseob Kim
8da193b87d Move tests from treble_sepolicy_tests am: eb0d40aa85 am: 2753f2f6df am: a8ec56578d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2736197

Change-Id: I1673c73e3f74274b8c18eb7502ad2009367a8bc8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-06 10:26:35 +00:00
Inseob Kim
a8ec56578d Move tests from treble_sepolicy_tests am: eb0d40aa85 am: 2753f2f6df 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2736197

Change-Id: I5a8a0b48e7263cbac71a715174d684bee20787ce
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-06 09:39:57 +00:00
Inseob Kim
2753f2f6df Move tests from treble_sepolicy_tests am: eb0d40aa85 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2736197

Change-Id: Ia2a601c7ed8378d18909a83f6689e67ef1586089
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-06 08:49:51 +00:00
Kangping Dong
fd10f344dc [Thread] move ot-ctl to vendor 
"ot-ctl" is a command line tool which is useful for debugging or
testing with "ot-daemon". It's not required to be part of the
system image. It was previously added to the com.android.threadnetwork
apex package, and this commits removes it from the apex.

Test: ot-ctl is removed from /apex/com/android/threadnetwork/bin
Bug: 299224389
Change-Id: I607a02c9efb26f404ea9da2e5b7109094d3232b6
 2023-09-06 14:07:02 +08:00
Inseob Kim
eb0d40aa85 Move tests from treble_sepolicy_tests 
Contrast to its name, sepolicy_tests also contains tests related to
Treble. Also tests other than the compat mapping test in
treble_sepoliy_tests don't need to be run several times.

Moving tests except for compat mapping test to sepolicy_tests to
simplify treble_sepolicy_tests and to reduce build time.

Bug: 288807412
Test: m selinux_policy
Test: atest SELinuxHostTest
Change-Id: I102fa48faf49b7028dc1bb5f21de65fa99babe6f
 2023-09-06 14:26:25 +09:00
Treehugger Robot
6c9a390c0a [automerger skipped] Merge "Skip UP1A.230905.019" into aosp-main-future am: a1ea121d5c -s ours am: 57529d836e -s ours 
am skip reason: Merged-In Ida8363294bd4fca8b7d93deb3b90ba2c02fd53bc with SHA-1 15a1292b2b is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/24624120

Change-Id: If0488b29f1c53f48e68daf1888c27b7fdaf1f637
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-05 20:44:35 +00:00
Xin Li
a13261c57e [automerger skipped] Skip UP1A.230905.019 am: 932aba1fa5 -s ours am: 67104403a1 -s ours 
am skip reason: Merged-In Ida8363294bd4fca8b7d93deb3b90ba2c02fd53bc with SHA-1 15a1292b2b is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/24624120

Change-Id: I070f7d95b211ec423ec7ac994816d64db66259bb
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-05 20:44:22 +00:00
Treehugger Robot
57529d836e [automerger skipped] Merge "Skip UP1A.230905.019" into aosp-main-future am: a1ea121d5c -s ours 
am skip reason: Merged-In Ida8363294bd4fca8b7d93deb3b90ba2c02fd53bc with SHA-1 15a1292b2b is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/24624120

Change-Id: Id7899887c68a7a8a84fde4f4fafd95899dc7776e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-05 20:31:49 +00:00
Xin Li
67104403a1 [automerger skipped] Skip UP1A.230905.019 am: 932aba1fa5 -s ours 
am skip reason: Merged-In Ida8363294bd4fca8b7d93deb3b90ba2c02fd53bc with SHA-1 15a1292b2b is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/24624120

Change-Id: Ie7cf4518299b14b6435a2ad1aa6e522ca67354b6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-05 20:31:37 +00:00
Treehugger Robot
a1ea121d5c Merge "Skip UP1A.230905.019" into aosp-main-future 2023-09-05 19:54:47 +00:00
Treehugger Robot
0ba259f490 Merge "Allow crash_dump to read vendor apex dir." into main am: 0acb54ce2c am: b8fc41e802 am: 3a5d33eaec 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2739077

Change-Id: If9b520e5510fa8f75cc2fb7698492c6ac8734af6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-05 14:43:45 +00:00
Treehugger Robot
3a5d33eaec Merge "Allow crash_dump to read vendor apex dir." into main am: 0acb54ce2c am: b8fc41e802 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2739077

Change-Id: I218a98f1b68bef143ccb9ee349cf649549037e73
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-05 13:59:29 +00:00
Treehugger Robot
b8fc41e802 Merge "Allow crash_dump to read vendor apex dir." into main am: 0acb54ce2c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2739077

Change-Id: Ie9ea65da57de2ed0ecbe144428f9a3f98c97c58b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-05 13:04:46 +00:00
Treehugger Robot
0acb54ce2c Merge "Allow crash_dump to read vendor apex dir." into main 2023-09-05 12:04:20 +00:00
Jooyung Han
18a42afb49 Allow crash_dump to read vendor apex dir. 
Bug: 298699169
Test: crash dumps from a binary in vendor apex
Change-Id: I4eb2c4162ae2e78ef126987e7de0f838b6db205c
 2023-09-05 17:51:38 +09:00
Treehugger Robot
f64415ac50 Merge "Relax freeze_test to check only compatibility" into main am: b316f8bf95 am: d1710c749b am: a05b914242 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2737118

Change-Id: I5bed312ebf4fb1dbf4a582e8db42528e0a300da7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-05 08:02:22 +00:00
Thiébaud Weksteen
4d9b614468 Merge "Remove SeamendcHostTest from TEST_MAPPING" into main am: 70dc0bb5dc am: 1d899a3fa9 am: 8be8efdd31 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2733316

Change-Id: I5217604d058f785c3b25f60289d12aa81b8d9317
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-05 08:01:18 +00:00
Treehugger Robot
a05b914242 Merge "Relax freeze_test to check only compatibility" into main am: b316f8bf95 am: d1710c749b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2737118

Change-Id: I87ccc9966191f3e6854f39d021ec4ba75ce87106
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-05 07:10:57 +00:00
Thiébaud Weksteen
8be8efdd31 Merge "Remove SeamendcHostTest from TEST_MAPPING" into main am: 70dc0bb5dc am: 1d899a3fa9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2733316

Change-Id: I2d5afa3d01954f94b4992fe18eb9fe58aafdc3d8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-05 07:10:38 +00:00
Treehugger Robot
d1710c749b Merge "Relax freeze_test to check only compatibility" into main am: b316f8bf95 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2737118

Change-Id: I575c28928e4c5690fc1b87ee09938cf0ed451476
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-05 07:06:46 +00:00
Treehugger Robot
b316f8bf95 Merge "Relax freeze_test to check only compatibility" into main 2023-09-05 06:29:39 +00:00
Thiébaud Weksteen
1d899a3fa9 Merge "Remove SeamendcHostTest from TEST_MAPPING" into main am: 70dc0bb5dc 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2733316

Change-Id: I2a20cf7a978640fa6622232439f85c3932fb1c72
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-05 06:15:32 +00:00
Thiébaud Weksteen
70dc0bb5dc Merge "Remove SeamendcHostTest from TEST_MAPPING" into main 2023-09-05 05:10:01 +00:00
Inseob Kim
36d9d39e6e Relax freeze_test to check only compatibility 
For now, freeze_test compares prebuilts against sources with diff, to
ensure that sources are identical to prebuilts. However, it could be the
case that the branch should be able to build both REL and ToT. In that
case, changes to the sources are inevitable and the freeze test will
fail.

To fix the issue, freeze_test will now only check compatibility. To be
specific, it will check if any public types or attributes are removed.
Contexts files and neverallow rules are not checked, but they may be
added later. Also to support the new freeze_test

- build_files module is changed to use glob (because REL version won't
  be in compat versions list)
- plat_pub_policy modules are added under prebuilts/api (because
  freeze_test needs that)

Bug: 296875906
Test: m selinux_policy
Change-Id: I39c40992965b98664facea3b760d9d6be1f6b87e
 2023-09-05 03:37:18 +00:00
Treehugger Robot
432630956e Merge "[service-vm] Adjust sepolicy for running service VM" into main am: 3e4b7bf2ce am: bf807744ad am: 58471064c2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2735894

Change-Id: I4d5b314726275dd1649f5e92550e9e7e84c2c0a1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-04 19:16:43 +00:00
Treehugger Robot
58471064c2 Merge "[service-vm] Adjust sepolicy for running service VM" into main am: 3e4b7bf2ce am: bf807744ad 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2735894

Change-Id: I0accb757017b64e30a60cc0dc769ab7364d16bea
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-04 18:25:35 +00:00
Alice Wang
89b284e58b Merge "[avf] Fix warning when runnning Microdroid" into main am: e1bb7d02e1 am: ec922caf4d am: 59487b5c9e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2738394

Change-Id: I97e423d9106541a3135efbc9364b9913bc3cb25b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-04 17:34:13 +00:00
Treehugger Robot
bf807744ad Merge "[service-vm] Adjust sepolicy for running service VM" into main am: 3e4b7bf2ce 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2735894

Change-Id: Ia0868d86d649329f40122b3d51d521bcdd4aa5c6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-04 17:30:47 +00:00
Treehugger Robot
3e4b7bf2ce Merge "[service-vm] Adjust sepolicy for running service VM" into main 2023-09-04 17:10:03 +00:00
Alice Wang
59487b5c9e Merge "[avf] Fix warning when runnning Microdroid" into main am: e1bb7d02e1 am: ec922caf4d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2738394

Change-Id: Id24855e18d3f2216d2b594501a584a8421d0e867
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-04 16:42:44 +00:00
Alice Wang
ec922caf4d Merge "[avf] Fix warning when runnning Microdroid" into main am: e1bb7d02e1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2738394

Change-Id: I8b53bce93064bb86996e25d7cb4437b50b656e7a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-04 15:47:27 +00:00
Alice Wang
e1bb7d02e1 Merge "[avf] Fix warning when runnning Microdroid" into main 2023-09-04 15:18:49 +00:00
Alice Wang
40519f79dc [service-vm] Adjust sepolicy for running service VM 
Bug: 278858244
Test: Runs the ServiceVmClientApp in VM
Test: atest MicrodroidHostTests
Change-Id: Ia59fe910edc0826aa5866468c27558e9d190b58d
 2023-09-04 13:01:53 +00:00
Alice Wang
ea51816b10 [avf] Fix warning when runnning Microdroid 
This cl fixes the following selinux denial:

09-04 10:15:34.544  3393  3393 W binder:3393_2: type=1400 audit(0.0:17): avc:  denied  { getattr } for  path="socket:[99352]" dev="sockfs" ino=99352 scontext=u:r:virtualizationmanager:s0 tcontext=u:r:adbd:s0 tclass=unix_stream_socket permissive=0

Test: Runs the ServiceVmClientApp
Change-Id: I5f69bc966f8e136dab19d1fdc0bc79190bef5ca5
 2023-09-04 12:26:03 +00:00
Jaewan Kim
4d543cc1dd Set neverallow for hypervisor test properties am: 796ec5f0cb am: 9a59df6765 am: b5aecd8a18 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2737173

Change-Id: I0283a3cd38766d405686e62d6e7ea6e8db04db74
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-01 12:24:34 +00:00
Jaewan Kim
b5aecd8a18 Set neverallow for hypervisor test properties am: 796ec5f0cb am: 9a59df6765 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2737173

Change-Id: Ifd443cff2c116dc756866c10021f4ff54a98f8de
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-01 11:35:28 +00:00
Jaewan Kim
9a59df6765 Set neverallow for hypervisor test properties am: 796ec5f0cb 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2737173

Change-Id: I15c99f0d82090676138794f83b279a5b6929d628
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-01 10:41:36 +00:00
Jaewan Kim
abb66887d1 Label hypervisor test properties am: 4183cbb63c am: 2c1062e71d am: 5be1c4cd4a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2733375

Change-Id: I0f74218c074562cb9e0305d0951f0d3855216fd2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-01 08:15:32 +00:00
Jaewan Kim
796ec5f0cb Set neverallow for hypervisor test properties 
Bug: 298306391
Change-Id: I754af47d063bb26549cd1793951b09262cadd95a
Test: TH
 2023-09-01 07:55:09 +00:00
Jaewan Kim
5be1c4cd4a Label hypervisor test properties am: 4183cbb63c am: 2c1062e71d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2733375

Change-Id: Ic51fc825671008757ba53258bbd7cc15565bd2d3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-01 07:26:00 +00:00