tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
47852 commits 1 branch 0 tags 50 MiB
Commit graph

47852 commits

This branch
This branch
All branches
Author SHA1 Message Date
Inseob Kim
421612b0f8 Fix bpfmt am: ff2018fa84 am: 3d27e55c5b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3045893

Change-Id: Idb354ab157b475c7287ec80a4379696bdfb3c793
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-04-17 01:33:43 +00:00
Inseob Kim
3d27e55c5b Fix bpfmt am: ff2018fa84 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3045893

Change-Id: I4152850f5b0924048b72e0513922b155eaec337c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-04-17 01:13:44 +00:00
Inseob Kim
035fc8023a [automerger skipped] Merge "Finalize prebuilt CTS artifacts" into main am: d0188d8bca am: b8fd220047 -s ours 
am skip reason: Merged-In I763c9a1e647d614b84c0f7fe3d69affbe64f6153 with SHA-1 6f18a17ff8 is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3043633

Change-Id: I3e3a478a629f43c998dc9ffae7298943e9e5be99
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-04-17 00:59:27 +00:00
Inseob Kim
ff2018fa84 Fix bpfmt 
Bug: N/A
Test: N/A
Flag: NONE trivial format change
Change-Id: I8f6293dcc47a4ead347c4861ba929d4b3042c311
 2024-04-17 09:55:49 +09:00
Inseob Kim
b8fd220047 Merge "Finalize prebuilt CTS artifacts" into main am: d0188d8bca 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3043633

Change-Id: I2548ff05dc28539ef1a9a0787457a49944309ede
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-04-17 00:41:13 +00:00
Inseob Kim
d0188d8bca Merge "Finalize prebuilt CTS artifacts" into main 2024-04-17 00:26:55 +00:00
Treehugger Robot
183a9534f4 Merge "Fix selinux denial when running adb shell cmd virtual_camera commands" into main am: 4b94b1f5d0 am: 33c9c08fba 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3041274

Change-Id: Ib6d7828ed7c481f1f40b454b88bcd408ab5b1e85
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-04-16 13:18:10 +00:00
Treehugger Robot
33c9c08fba Merge "Fix selinux denial when running adb shell cmd virtual_camera commands" into main am: 4b94b1f5d0 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3041274

Change-Id: I8cb91331ca7566a5189840188cebf48fe2ff6236
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-04-16 12:54:49 +00:00
Treehugger Robot
4b94b1f5d0 Merge "Fix selinux denial when running adb shell cmd virtual_camera commands" into main 2024-04-16 12:18:35 +00:00
Inseob Kim
4b9929e2fc Finalize prebuilt CTS artifacts 
These three files, general_sepolicy.conf / mapping.cil /
plat_sepolicy.cil will be used to test vendor sepolicy's neverallow
rules.

Bug: 330671085
Test: build
Change-Id: I763c9a1e647d614b84c0f7fe3d69affbe64f6153
Merged-In: I763c9a1e647d614b84c0f7fe3d69affbe64f6153
(cherry picked from commit 6f18a17ff8)
 2024-04-16 16:18:01 +09:00
Inseob Kim
07125c34fb Merge "Finalize prebuilt CTS artifacts" into main 2024-04-16 07:06:37 +00:00
Inseob Kim
4b79af1c63 Add debugfs permission to 29.0 and 30.0 compat cil am: edf58243dd am: 9857fa36a4 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3039438

Change-Id: Ie1e456b6cde6c1aed5ffe44b5daf82fedbec1d8e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-04-16 04:34:22 +00:00
Inseob Kim
9857fa36a4 Add debugfs permission to 29.0 and 30.0 compat cil am: edf58243dd 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3039438

Change-Id: I563cd88b8fc7fcccf11b8ba9f8facad879ac93fe
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-04-16 04:17:03 +00:00
Inseob Kim
edf58243dd Add debugfs permission to 29.0 and 30.0 compat cil 
Since Android S, we started to enforce the debugfs restrictions. However,
GSI had it turned off (PRODUCT_SET_DEBUGFS_RESTRICTIONS := false) in order
to support pre-S vendor images.

This has an undesirable side effect that the restriction is turned off even
for S+ vendors.

This CL fixes it by

1) re-enabling the restriction for GSI and

2) manually adding the debugfs permissions only to the compat cil for the
pre-S (29 and 30) vendors, effectively turning the restriction off for
them.

Bug: 330671086
Test: build
Test: run neverallow CTS
Change-Id: I5cd554b1b9f729a540e6b0f2aa0662091b691f0c
 2024-04-16 01:24:41 +00:00
Jan Sebechlebsky
7f271ce061 Fix selinux denial when running adb shell cmd virtual_camera commands 
Bug: 333889277
Test: forrest
Change-Id: I195125b907f56e9a50d13e3ca4c28a1cfcc257b1
 2024-04-15 08:30:53 +00:00
Inseob Kim
6f18a17ff8 Finalize prebuilt CTS artifacts 
These three files, general_sepolicy.conf / mapping.cil /
plat_sepolicy.cil will be used to test vendor sepolicy's neverallow
rules.

Ignore-AOSP-First: vFRC

Bug: 330671085
Test: build
Change-Id: I763c9a1e647d614b84c0f7fe3d69affbe64f6153
 2024-04-15 17:19:54 +09:00
Inseob Kim
4349295e7f Run neverallow tests on build time am: 021596b37f am: 6445dae965 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3039437

Change-Id: I6fc8494465e651a515eaad2fcd51a59aeeebd4ff
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-04-15 05:26:25 +00:00
Inseob Kim
6445dae965 Run neverallow tests on build time am: 021596b37f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3039437

Change-Id: I1f1dd68eff85b5e14fd8dc96cce60410b295358c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-04-15 05:10:21 +00:00
Inseob Kim
021596b37f Run neverallow tests on build time 
sepolicy_neverallows hasn't been running on `m droid` because of
LOCAL_UNINSTALLED_MODULE := true.

Test: m selinux_policy
Change-Id: Ia7a79723a0f92e659171f50a0829baf83f311661
 2024-04-15 11:08:17 +09:00
Shrinidhi Hegde
bce53ecf38 Merge "Adding a new property" into main am: 1f24c3788d am: ee8372873a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3033999

Change-Id: Icb798f6561d4f2aa21327cc35f95ae75083d6dbc
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-04-12 14:59:42 +00:00
Shrinidhi Hegde
ee8372873a Merge "Adding a new property" into main am: 1f24c3788d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3033999

Change-Id: Ic0c933fc67a6176d4c2a27ce8bd23799f1f73c79
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-04-12 14:41:39 +00:00
Shrinidhi Hegde
1f24c3788d Merge "Adding a new property" into main 2024-04-12 14:30:23 +00:00
Shrinidhi Hegde
24aba1e127 Adding a new property 
Adding a property to store time at which reboot was triggered from
native watchdog.

Test: manual
Bug: 291137901
Change-Id: Ied48c3690d0481fd8b08c9789cbfcb205759876c
 2024-04-11 15:27:52 +00:00
Martin Liu
66673a818c [automerger skipped] add compaction_proactiveness type am: 3cad759ebe -s ours 
am skip reason: Merged-In I41c0da22ed5ad738c75fb00e2ac8a22c35dff2d3 with SHA-1 f7396914b0 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/26907616

Change-Id: If2ad21ae7a8077da822416550f408b6a6e83c164
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-04-11 13:58:42 +00:00
Treehugger Robot
22594ac4e2 Merge "Revert^2 "Add pm.archiving.enabled system property"" into main am: 949b5d7e4e am: 9554cc2f10 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3038852

Change-Id: I508a47862cc851afff9e94a10b106b08e2e13fc2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-04-11 03:49:03 +00:00
Treehugger Robot
9554cc2f10 Merge "Revert^2 "Add pm.archiving.enabled system property"" into main am: 949b5d7e4e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3038852

Change-Id: I44c34780694ecf171c7611fb486b214674c93d99
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-04-11 03:43:49 +00:00
Treehugger Robot
949b5d7e4e Merge "Revert^2 "Add pm.archiving.enabled system property"" into main 2024-04-11 03:34:52 +00:00
Martin Liu
3cad759ebe add compaction_proactiveness type 
Bug: 332916849
Test: boot
Change-Id: I41c0da22ed5ad738c75fb00e2ac8a22c35dff2d3
Merged-In: I41c0da22ed5ad738c75fb00e2ac8a22c35dff2d3
Signed-off-by: Martin Liu <liumartin@google.com>
 2024-04-11 01:53:35 +00:00
Inseob Kim
e972e936da Revert^2 "Add pm.archiving.enabled system property" 
This reverts commit 840041d5d2.

Reason for revert: 202404 prebuilts must not be changed since freeze.

Change-Id: I320fde8de611ad4ae1546f4ce754871a0646dcc4
 2024-04-11 00:56:13 +00:00
Treehugger Robot
e21e76b120 Merge "Revert "Add pm.archiving.enabled system property"" into main am: 808a734c09 am: a041bd290c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3037514

Change-Id: I8855d5532c5f90a6379808deb4ff6720b3313666
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-04-11 00:25:52 +00:00
Treehugger Robot
a041bd290c Merge "Revert "Add pm.archiving.enabled system property"" into main am: 808a734c09 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3037514

Change-Id: I9938444a391015e30e6f9ca526c6d8c83814df10
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-04-11 00:18:12 +00:00
Treehugger Robot
808a734c09 Merge "Revert "Add pm.archiving.enabled system property"" into main 2024-04-11 00:12:11 +00:00
Treehugger Robot
f3f41cf631 Merge "add compaction_proactiveness type" into main am: 64a23c81f3 am: 85a7d47f88 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3037152

Change-Id: I8baa17f95d8846fd85d92758aedb165c7c8065b5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-04-10 23:33:46 +00:00
Treehugger Robot
85a7d47f88 Merge "add compaction_proactiveness type" into main am: 64a23c81f3 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3037152

Change-Id: I45f3bea366b3c10c20fd4767a0fb3f7cbebf662f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-04-10 23:28:23 +00:00
Treehugger Robot
64a23c81f3 Merge "add compaction_proactiveness type" into main 2024-04-10 23:24:33 +00:00
Ted Bauer
be98940778 Merge "Let system server set permissions on marker file" into main am: ba5998d7a2 am: 6dc4160bc5 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3025525

Change-Id: Ied4933ee2476c036f38dfc8880166ae4172e4358
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-04-10 21:30:30 +00:00
Ted Bauer
6dc4160bc5 Merge "Let system server set permissions on marker file" into main am: ba5998d7a2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3025525

Change-Id: I53485c292d2118b625bf73ea3affd06ab3467d64
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-04-10 21:24:12 +00:00
Ted Bauer
ba5998d7a2 Merge "Let system server set permissions on marker file" into main 2024-04-10 21:16:43 +00:00
Song Chun Fan
840041d5d2 Revert "Add pm.archiving.enabled system property" 
This reverts commit 32ab868eac.

Reason for revert: no longer needed

Change-Id: I2ce46773503d39f843038fca3bb8527eb5bb53eb
BUG: 331165939
 2024-04-10 17:39:43 +00:00
Ted Bauer
86405531d5 Let system server set permissions on marker file 
System server needs to create a file in /metadata/aconfig, and set its
permissions.

Bug: 328444881
Test: m
Change-Id: I30aa576e46d8963e78ff21ad328160a99bd5d523
 2024-04-10 15:26:01 +00:00
Martin Liu
f7396914b0 add compaction_proactiveness type 
Bug: 332916849
Test: boot
Change-Id: I41c0da22ed5ad738c75fb00e2ac8a22c35dff2d3
Signed-off-by: Martin Liu <liumartin@google.com>
 2024-04-10 13:48:15 +00:00
Vikram Gaur
8292672d54 Merge "Add remote_provisioning.connect_timeout_millis as sysprop" into main am: d51e54db82 am: 283a790759 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3020727

Change-Id: Ic834c6a7ea9e121cc04daf6d26eeae3d2bc0da0f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-04-10 00:22:16 +00:00
Vikram Gaur
283a790759 Merge "Add remote_provisioning.connect_timeout_millis as sysprop" into main am: d51e54db82 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3020727

Change-Id: I57e6db3ea5c1d066fab1bf83fd77ca07eb9e40cf
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-04-10 00:12:48 +00:00
Vikram Gaur
d51e54db82 Merge "Add remote_provisioning.connect_timeout_millis as sysprop" into main 2024-04-09 23:55:00 +00:00
Vikram Gaur
3999879dde Add remote_provisioning.connect_timeout_millis as sysprop 
Allow some services to control connection_timeout for testing purposes.

Test: atest RkpdAppUnitTests
Change-Id: Id70ed60c4f67e8f7910870a0b28a2b409fe97f62
 2024-04-09 22:20:48 +00:00
Treehugger Robot
c49f1176ed Merge "Introduce vmlauncher_app domain" into main am: 5752116370 am: adda6cf543 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3031325

Change-Id: Ice404993a8f52067a87effcefb5110c41765c408
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-04-09 15:13:06 +00:00
Treehugger Robot
adda6cf543 Merge "Introduce vmlauncher_app domain" into main am: 5752116370 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3031325

Change-Id: I04c698bb0f40546c00e50222b41e0fef75d3f2a9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-04-09 14:23:49 +00:00
Treehugger Robot
5752116370 Merge "Introduce vmlauncher_app domain" into main 2024-04-09 14:04:38 +00:00
Jeongik Cha
77a3ca6b4c Introduce vmlauncher_app domain 
Bug: 333485208
Test: check display
Change-Id: I64c09f09615e89cf24398c01b8f87b0136be0a7f
 2024-04-09 22:01:06 +09:00
Treehugger Robot
0ea8444330 Merge "Fix docs in seapp_contexts to point to right file" into main am: 015384b110 am: 1ad6056584 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3031726

Change-Id: I301abc18da633c4b2c81f877199ecb366fed6ad4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-04-09 08:42:18 +00:00