Steps taken to produce the mapping files:
1. Add prebuilts/api/30.0/plat_pub_versioned.cil from the
/vendor/etc/selinux/plat_pub_versioned.cil file built on rvc-dev with
lunch target aosp_arm64-eng. Add prebuilts/api/30.0/vendor_sepolicy.cil
as an empty file.
2. Add new file private/compat/30.0/30.0.cil by doing the following:
- copy /system/etc/selinux/mapping/30.0.cil from rvc-dev aosp_arm64-eng
device to private/compat/30.0/30.0.cil
- remove all attribute declaration statement (typeattribute ...) and
sort lines alphabetically
- some selinux types were added/renamed/deleted w.r.t 30 sepolicy.
Find all such types using treble_sepolicy_tests_30.0 test.
- for all these types figure out where to map them by looking at
29.0.[ignore.]cil files and add approprite entries to 30.0.[ignore.]cil.
This change also enables treble_sepolicy_tests_30.0 and installs
30.0.cil mapping file onto the device.
Bug: 153661471
Test: m treble_sepolicy_tests_30.0
Test: m 30.0_compat_test
Test: m selinux_policy
Change-Id: I6dfae41fbd5f245119ede540d2c321688d6e7929
This prebuilt is based on the AOSP policy, but slightly manipulated so
that the set of types and attributes are identical with R policy.
Following types are removed.
boot_status_prop
dalvik_config_prop
gnss_device
surfaceflinger_color_prop
surfaceflinger_prop
systemsound_config_prop
vold_config_prop
vold_status_prop
Following type is renamed.
wificond_service -> wifinl80211_service
Bug: 153661471
Test: N/A
Change-Id: I018d5e43f53c2bf721db1d13f5f4be42b9782b29
This is unused currently & there are no concrete plans to use it
in the future.
Bug: 130080335
Test: Device boots up & connects to networks.
Test: Will send for regression tests
Change-Id: I785389bc2c934c8792c8f631362d6aa0298007af
Merged-In: I785389bc2c934c8792c8f631362d6aa0298007af
(cherry picked from commit 56dfc06397)
Lmkd should implement reinit functionality and to do so it needs to
communicate with its running instance using socket.
Bug: 155149944
Test: lmkd --reinit
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I81455fe187830081d88f001b4588f7607b1bd1d0
This is on the system partition and thus must be system_file_type:
neverallow check failed at out/target/product/vsoc_x86/obj_asan/ETC/userdebug_plat_sepolicy.cil_intermediates/userdebug_plat_sepolicy.cil.tmp:7703 from system/sepolicy/public/domain.te:950
(neverallow coredomain base_typeattr_272 (file (entrypoint)))
<root>
allow at out/target/product/vsoc_x86/obj_asan/ETC/userdebug_plat_sepolicy.cil_intermediates/userdebug_plat_sepolicy.cil.tmp:16250
(allow asan_extract asan_extract_exec (file (read getattr map execute open entrypoint)))
Bug: 155905226
Test: build without above neverallow error
Change-Id: I6987582fcc013c95efe7e6758d96ec089168ea9d
Enforce for priv-apps with targetSdkVersion>=31.
This is the same restriction enforced on third party apps with
targetSdkVersion>=28 in Android 9.0. See:
https://developer.android.com/about/versions/pie/android-9.0-changes-28#per-app-selinux
This change allows selinux to better enforce the application sandbox
providing better defense-in-depth for priv-apps.
In particular it prevents apps running in the priv_app domain
from sharing their private data directory by granting
world-accessible unix permissions.
Bug: 142672293
Test: Build, boot, check for denials.
Change-Id: If2953eb990fdc24aaccf29be3394a9ee1f02185c
Apps signed with the media key share a UID (except
com.android.providers.media.module). However, some
run in the priv_app selinux context, and others run in
the mediaprovider context. That's a bug. Apps which share
a UID should always share an selinux domain. Assign all apps
with the seinfo=media to the mediaprovider selinux domain.
This moves the following packages from the priv_app to the
mediaprovider domain:
com.android.providers.downloads
com.android.providers.downloads.ui
com.android.mtp
com.android.soundpicker
Bug: 154614768
Test: atest CtsDownloadManagerApi28
Change-Id: I21bf68de525fff87c3a02aa59fba3a8d86be5324
This is needed for libmodprobe to pass module options on the kernel
commandline to kernel modules when they are loaded.
Bug: 155422904
Change-Id: I9df7e211765268815bfb9269365264f5ca468712
The change was reverted due to a cause unrelated to sepolicy change.
It was submitted in https://r.android.com/1283724.
Now, submit this independent of the topic.
Bug: 138994281
Test: device boots
Change-Id: I9943abb814a8043f66545e7db5225adbd62d19d2
Revert "Make com_android_i18n namespace visible"
Revert submission 1299494-i18nApex
Reason for revert: Breaking aosp_x86-eng on aosp-master
Reverted Changes:
I30fc3735b:Move ICU from ART APEX to i18n APEX
Icb7e98b5c:Calling @IntraCoreApi from core-icu4j should not c...
Ic7de63fe3:Move core-icu4j into I18n APEX
I65b97bdba:Make com_android_i18n namespace visible
Ia4c83bc15:Move v8 and libpac into i18n APEX
I10e6d4948:Move core-icu4j into i18n APEX
I8d989cad7:Move ICU from ART APEX into i18n APEX
I72216ca12:Move ICU into i18n APEX
Ief9dace85:Add shared library into i18n APEX and add the requ...
I7d97a10ba:Move libpac into i18n APEX
I90fff9c55:Move ICU from ART APEX into i18n APEX
Change-Id: I863878038af1290611b441f7f9190494cf0851b8
Allow the update_engine to use the gsid property and to avoid the VAB
merge when running a DSU.
Bug:147071959
Test: ota_e2etest.py
Change-Id: I40220877625453198b217e788e6b3bfab8437f24
This is intended to be temporary workaround until the Gboard
developers fix their app.
Addresses
avc: denied { bind } for comm="ThreadPoolForeg"
scontext=u:r:untrusted_app:s0:c166,c256,c512,c768
tcontext=u:r:untrusted_app:s0:c166,c256,c512,c768
tclass=netlink_route_socket permissive=
app=com.google.android.inputmethod.latin
Bug: 155595000
Test: build
Change-Id: I432ac1462329efb4bc118c3967a099833e6eb813
[cherry-picking]
Make ro.incremental.enable a vendor-specific property. Allow
system_server and vold to read this property.
Test: manual
BUG: 155212902
Change-Id: I8ff8837af635fa8e7b5bb02e5f6de5ac15b5023b
Merged-In: I8ff8837af635fa8e7b5bb02e5f6de5ac15b5023b
Add a neverallow to prevent coredomain from accessing entrypoint for
files other than system_file_type and postinstall_file. Add the
complementary neverallow to prevent domains other than coredomain from
accessing entrypoint for files other than vendor_file_type and
init_exec (for vendor_init).
Bug: 155124994
Test: build
Change-Id: I6e0cb7fb445b96b82e434e949b59c299aee1ad8b
Allow media transcoding service to get uid states from
activity manager for scheduling transcoding jobs.
bug: 145233472
bug: 154734285
test: mediatranscodingservice_tests (unit tests)
Change-Id: I96cfa52b323e9ae3841eca5519e9182347a5672b
MediaPlayer cannot load a video from RRO packages.
So, add allow rules which is necessary to play the video.
Bug: b/154795779
Test: check if MediaPlayer can load a video in RRO
Change-Id: I06eed146b6e70a548b6b4f4faf56ba2bccd68140
Cleaning up exported*_system_prop and moving surfaceflinger properties
to new property contexts.
Bug: 152468529
Bug: 154885206
Test: boot cf_x86 and crosshatch
Change-Id: I7f8a684e9cbabce2f55a5292d7b2283ac0716cd9
These comments were added when public/property_contexts was introduced.
The main purpose was to categorize exported properties by accessibility
from vendor. Removing the comments as these are now obsolete and makes
confusion.
Bug: 71814576
Test: N/A
Change-Id: Ibc1c8eefcd68c79b90df82d227fe03f2c09da3a3
Assigning a new context boot_status_prop for following two properties:
- sys.boot_completed
- dev.bootcomplete
Bug: 154885206
Test: boot cf_x86 and crosshatch, see no denials
Change-Id: Ieadabf90a9a1b54b52a1283bd648c11c95d558dd
Merged-In: Ieadabf90a9a1b54b52a1283bd648c11c95d558dd
(cherry picked from commit 2973c96055)
