tequilaOS/platform_system_sepolicy

Author	SHA1	Message	Date
Treehugger Robot	f9d45fc447	Merge "Allow zygote to bind mount /data/misc/profiles/cur"	2020-01-15 05:18:44 +00:00
David Zeuthen	b8b5da4305	Add SELinux policy for Identity Credential HAL Bug: 111446262 Test: VtsHalIdentityCredentialTargetTest Change-Id: Icb5a0d8b24d463a2f1533f8dd3bfa84bf90acc6f	2020-01-14 20:13:39 -05:00
Stephen Smalley	cd62a4a56a	access_vectors: re-organize common file perms The open, audit_access, execmod, and watch* permissions are all defined in the COMMON_FILE_PERMS in the kernel classmap and inherited by all the file-related classes; we can do the same in the policy by putting them into the common file declaration. refpolicy recently similarly reorganized its definitions and added the watch* permissions to common file, see: `e5dbe75276` `c656b97a28` `3952ecb4dd` Adding new permissions to the end of the existing classes was only required for kernels that predate the dynamic class/perm mapping support (< v2.6.33). Test: policy still builds Change-Id: I44a2c3a94c21ed23410b6f807af7f1179e2c1747 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>	2020-01-14 14:59:08 -05:00
Nikita Ioffe	32e7ea0096	Allow apps to read ro.init.userspace_reboot.is_supported This property essentially implements PowerManager.isRebootingUserspaceSupported[0] public API, hence apps should be able to read it. [0]: `73cab34d9f`:core/java/android/os/PowerManager.java;l=1397 Test: m checkbuild Test: atest CtsUserspaceRebootHostSideTestCases Test: adb shell getprop ro.init.userspace_reboot.is_supported Bug: 135984674 Change-Id: I09cab09735760529de81eb6d5306f052ee408a6e	2020-01-14 12:39:23 +00:00
Ricky Wai	ca6e01aa53	Allow zygote to bind mount /data/misc/profiles/cur Bug: 143937733 Test: No denials at boot Test: No denials seen when creating moun Change-Id: Ia6b196dde6ed511ebff53b03891122b1120fec07	2020-01-14 11:34:15 +00:00
Automerger Merge Worker	45382b2057	Merge "perf_event: define security class and access vectors" am: `184fe45549` am: `a12c55ee73` am: `365f90f938` Change-Id: I56636ffc56d6ed3868b61b2c7f14be818895a879	2020-01-13 23:37:45 +00:00
Treehugger Robot	184fe45549	Merge "perf_event: define security class and access vectors"	2020-01-13 23:10:54 +00:00
Automerger Merge Worker	7e632d902a	SELinux changes for the hasSystemFeature() binder cache property. am: `bafd0c762a` am: `97ad022d1d` am: `dbd487c2e7` Change-Id: Ia80e3a2333b8609aed370602900027fea4d83259	2020-01-13 22:30:37 +00:00
Lee Shombert	bafd0c762a	SELinux changes for the hasSystemFeature() binder cache property. The binder_cache_system_server_prop context allows any user to read the property but only the system_server to write it. The only property with this context is currently binder.cache_key.has_system_feature but users will be added. Bug: 140788621 Test: this was tested on an image with a binder cache implementation. No permission issues were found. The implementation is not part of the current commit. Change-Id: I4c7c3ddf809ed947944408ffbbfc469d761a6043	2020-01-13 10:21:54 -08:00
Ryan Savitski	80640c536c	perf_event: define security class and access vectors This patch allows us to write SELinux policies for the perf_event_open() syscall LSM hooks added to the kernel in the following commit: `da97e18458` Bug: 137092007 Change-Id: I0005759eb7a487faebe94a4653e3865343eb441e	2020-01-13 14:56:54 +00:00
Automerger Merge Worker	0bb6f0b83c	Merge "priv_app: Remove rules for system_update_service" am: `65d6fd48c8` am: `0b23084b9b` am: `2cb6affdaf` Change-Id: I0c3c8970102b937db6c24447fff78dd6830e10c7	2020-01-11 01:34:50 +00:00
Ashwini Oruganti	65d6fd48c8	Merge "priv_app: Remove rules for system_update_service"	2020-01-11 00:49:14 +00:00
Alec Mouri	f5df7b4467	[SfStats] sepolicy for SfStats' global puller Bug: 119885568 Bug: 136597024 Test: adb shell cmd stats pull-source 10062 Test: statsd_testdrive 10062 Change-Id: Ide8ecd2683b3ea29a3207f89d35d7067490dabb1	2020-01-10 16:34:48 -08:00
Automerger Merge Worker	66b4d8761c	Merge "Revert "Allow MediaProvider to host FUSE devices."" am: `34a19b76ce` am: `ff8203a23d` am: `26debce3b1` Change-Id: If0c1e4f9118dbc376621185022ab53d83d197c3d	2020-01-10 22:25:28 +00:00
Zimuzo Ezeozue	34a19b76ce	Merge "Revert "Allow MediaProvider to host FUSE devices.""	2020-01-10 21:17:15 +00:00
Automerger Merge Worker	542441962e	Merge "priv_app: Remove rules allowing a priv-app to ptrace itself" am: `623fb38952` am: `5fc5ebb667` am: `6137fabe74` Change-Id: Id70b8d29a9956015241859b1765477d2e9229601	2020-01-10 20:53:43 +00:00
Treehugger Robot	623fb38952	Merge "priv_app: Remove rules allowing a priv-app to ptrace itself"	2020-01-10 20:23:06 +00:00
Ricky Wai	288a72166e	Merge "Allow zygote to relabel CE and DE dirs from tmpfs to system_data_file" am: `1f9ecdc894` am: `c927bcffd2` am: `27f0fe8a25` Change-Id: Ic6cfb68dacd352dae08fb3946c1b0cb7ad788d8d	2020-01-10 11:50:12 -08:00
Ashwini Oruganti	a40840daa8	priv_app: Remove rules for system_update_service We added an auditallow for these permissions on 11/26/2019, and have not seen any recent logs for this in go/sedenials. No other priv-app should rely on this now that gmscore is running in its own domain. Bug: 142672293 Test: TH Change-Id: Ic2f68b3af861e0c00e2dea731c4d6b3255ab5175	2020-01-10 11:17:00 -08:00
Treehugger Robot	1f9ecdc894	Merge "Allow zygote to relabel CE and DE dirs from tmpfs to system_data_file"	2020-01-10 19:11:33 +00:00
Automerger Merge Worker	b55eb31cd2	Merge "priv_app: Remove rules for storaged" am: `6df27928dd` am: `dfa114baa8` am: `800101ae81` Change-Id: Iae2eacb79ed37eacb7aad16fd64e143c95f8fad9	2020-01-10 15:33:34 +00:00
Treehugger Robot	6df27928dd	Merge "priv_app: Remove rules for storaged"	2020-01-10 14:49:32 +00:00
Ricky Wai	b2b7c02e7d	Allow zygote to relabel CE and DE dirs from tmpfs to system_data_file Also, allow zygote to scan dirs in /mnt/expand and relabel. Test: No denials at boot Test: No denials seen when creating mounts Bug: 143937733 Change-Id: I86e77d27f5e9fb2f5852f787c7e5d9179c7404aa	2020-01-10 14:26:40 +00:00
Automerger Merge Worker	756c4ee8e3	priv_app: Remove rules for keystore am: `75ccb46de7` am: `fc9b3ae921` am: `c66271a92a` Change-Id: I807af115d4d7349ec93d09b1d7b57a1858f02f93	2020-01-10 09:39:08 +00:00
Automerger Merge Worker	fb03248028	Revert "Revert "Allow dumpstate to dumpsys gpu"" am: `b5c47df035` am: `ffbc6ab3ad` Change-Id: I552720df9e613b6fa50d8cafc90c840db46875a5	2020-01-10 08:34:18 +00:00
Automerger Merge Worker	ffbc6ab3ad	Revert "Revert "Allow dumpstate to dumpsys gpu"" am: `b5c47df035` Change-Id: Ic486302dbcf93e2987fe250ef87bc23b4e9d5897	2020-01-10 08:15:48 +00:00
Yiwei Zhang	b5c47df035	Revert "Revert "Allow dumpstate to dumpsys gpu"" This reverts commit `6daec46264`. Reason for revert: b/147458874 Bug: 132402890 Test: build passes on coral-userdebug Change-Id: Ibcbc06e99561be424aa953e62985abb5b5864c56	2020-01-09 18:51:24 -08:00
Automerger Merge Worker	a3b5c68304	Revert "Allow dumpstate to dumpsys gpu" am: `6daec46264` am: `046164f327` Change-Id: Ib51aaf7da1aab72cb5a4c11dd6ce3e68e885fa47	2020-01-10 02:41:21 +00:00
Automerger Merge Worker	046164f327	Revert "Allow dumpstate to dumpsys gpu" am: `6daec46264` Change-Id: Ie5ad8ca29bbb6df531945b7ca622d60b29400dba	2020-01-10 02:22:46 +00:00
Yiwei Zhang	6daec46264	Revert "Allow dumpstate to dumpsys gpu" This reverts commit `979f5a44bf`. Reason for revert: b/147458874 Change-Id: Id8a9d7e50dbd3f293e01ab6277e9e54a8ed7619d	2020-01-10 02:05:58 +00:00
Yiwei Zhang	979f5a44bf	Allow dumpstate to dumpsys gpu Bug: 132402890 Test: adb bugreport and verify dumpsys gpu is included. Change-Id: Ib145937889f9616a0dcdabb7b58839fb715bf6c3	2020-01-09 15:31:59 -08:00
Ashwini Oruganti	2ba18e99d8	priv_app: Remove rules allowing a priv-app to ptrace itself We added an auditallow for these permissions on 12/11/2019, and have not seen any recent logs for this in go/sedenials. No other priv-app should rely on this now that gmscore is running in its own domain. Bug: 142672293 Test: TH Change-Id: Iaeaef560883b61644625b21e5c7095d4d9c68da9	2020-01-09 13:37:30 -08:00
Ashwini Oruganti	75ccb46de7	priv_app: Remove rules for keystore We added an auditallow for these permissions on 11/26/2019, and have not seen any recent logs for this in go/sedenials. No other priv-app should rely on this now that gmscore is running in its own domain. Bug: 142672293 Test: TH Change-Id: I18f99f54385b7c4e7c2ae923eff4c76800323a73	2020-01-09 13:23:40 -08:00
Ashwini Oruganti	d1a8f0dcb4	priv_app: Remove rules for storaged We added an auditallow for these permissions on 11/26/2019, and have not seen any recent logs for this in go/sedenials. No other priv-app should rely on this now that gmscore is running in its own domain. Bug: 142672293 Test: TH Change-Id: I2a59cac8041646b548ba1a73fcd5fddabb4d1429	2020-01-09 13:02:38 -08:00
Automerger Merge Worker	f6a32a265d	Merge "Add userspace_reboot_config_prop property type" am: `0b099c801d` am: `e1811f9499` am: `414328b512` Change-Id: I4ebe3ec270fffc8d8609c2650393f6963e17b0c5	2020-01-09 10:32:08 +00:00
Nikita Ioffe	0b099c801d	Merge "Add userspace_reboot_config_prop property type"	2020-01-09 10:05:18 +00:00
Anton Hansson	7130e677ed	Merge "Rename sdkext sepolicy to sdkextensions"	2020-01-09 08:46:08 +00:00
Automerger Merge Worker	79bd62501d	Merge "priv_app: Remove rules for update_engine" am: `4f362b1c68` am: `89c21c3d6c` am: `152ae6c951` Change-Id: Ibff5ba0a1ba391dae2af8bc07e5b95c1108ea961	2020-01-08 23:55:48 +00:00
Treehugger Robot	4f362b1c68	Merge "priv_app: Remove rules for update_engine"	2020-01-08 23:21:27 +00:00
Automerger Merge Worker	86e7386ce4	Merge "priv_app.te: Remove auditallows for shell_data_file" am: `c66a329a48` am: `1efb514376` am: `f55d148ad7` Change-Id: I8229e00fb6a4a182d71d9cd0039917759222362e	2020-01-08 23:03:07 +00:00
Automerger Merge Worker	ceaaa6b050	Merge "Add aidl_lazy_test_server" am: `c8c6c0060e` am: `e5010bdc89` am: `99ed31997b` Change-Id: Id956e28b010dd1fdcbe10bc0d8d5f5d18d0d62a9	2020-01-08 23:02:57 +00:00
Nikita Ioffe	f596cc859b	Add userspace_reboot_config_prop property type This property type will be used for read-only userspace reboot related properties that are used to configure userspace reboot behaviour, e.g.: * timeout for userspace reboot watchdog; * timeout for services to terminate; * timeout for services to shutdown; * etc. Since all this configuration is device specific, vendor_init should be able to set these properties. Test: build/soong/soong_ui.bash \ --make-mode \ TARGET_PRODUCT=full \ TARGET_BUILD_VARIANT=eng \ droid \ dist DIST_DIR=/tmp/buildbot/dist_dirs/aosp-master-linux-full-eng/funwithprops \ checkbuild Bug: 135984674 Bug: 147374477 Change-Id: I1f69980aea6020e788d5d2acaf24c0231939907c	2020-01-08 22:43:57 +00:00
Treehugger Robot	c66a329a48	Merge "priv_app.te: Remove auditallows for shell_data_file"	2020-01-08 22:26:38 +00:00
Jon Spivack	c8c6c0060e	Merge "Add aidl_lazy_test_server"	2020-01-08 22:26:31 +00:00
Ashwini Oruganti	5d395b253c	priv_app: Remove rules for update_engine We added an auditallow for these permissions on 11/26/2019, and have not seen any recent logs for this in go/sedenials. No other priv-app should rely on this now that gmscore is running in its own domain. Bug: 142672293 Test: TH Change-Id: I554ace42852023521e94017b1e782b6a09129fdf	2020-01-08 13:54:38 -08:00
Ashwini Oruganti	977fdd98fe	priv_app.te: Remove auditallows for shell_data_file Looking at go/sedenials, we have learnt that other priv-apps rely on this permission. The auditallow has served its purpose and can now be removed. Bug: 142672293 Test: TH Change-Id: I9ba1cbfa9ae90ae64e78276e5c1a699aa2a7f864	2020-01-08 13:29:59 -08:00
Zimuzo Ezeozue	74a6730767	Revert "Allow MediaProvider to host FUSE devices." This reverts commit `b56cc6fb1f`. Reason for revert: Not necessary Change-Id: I99d7df2435294e78b753149e20377e78c1c60d36	2020-01-08 20:54:28 +00:00
Automerger Merge Worker	ecd25aed90	Merge "Make platform_compat accessible on release builds." am: `5e4a45f403` am: `9f11b15f3e` am: `438a638af9` Change-Id: I263ab42e3525fc67811e0b4df0def37a9bb0a476	2020-01-08 18:55:09 +00:00
Andrei-Valentin Onea	5e4a45f403	Merge "Make platform_compat accessible on release builds."	2020-01-08 18:42:44 +00:00
Anton Hansson	b84133555a	Rename sdkext sepolicy to sdkextensions The module is getting renamed, so rename all the policy relating to it at the same time. Bug: 137191822 Test: presubmit Change-Id: Ia9d966ca9884ce068bd96cf5734e4a459158c85b Merged-In: Ia9d966ca9884ce068bd96cf5734e4a459158c85b (cherry picked from commit `6505573c36`)	2020-01-08 11:41:18 +00:00
Anton Hansson	6505573c36	Rename sdkext sepolicy to sdkextensions The module is getting renamed, so rename all the policy relating to it at the same time. Bug: 137191822 Test: presubmit Change-Id: Ia9d966ca9884ce068bd96cf5734e4a459158c85b	2020-01-08 10:05:16 +00:00
Automerger Merge Worker	ad6c38fa87	Merge "vendor_init can set config.disable_cameraservice" am: `3e93ffb62f` am: `a5474245a7` am: `7caaf1084e` Change-Id: Ib72332da73e71507e381e0455248d055998c37ef	2020-01-08 07:45:47 +00:00
Treehugger Robot	3e93ffb62f	Merge "vendor_init can set config.disable_cameraservice"	2020-01-08 06:59:48 +00:00
Automerger Merge Worker	09f5bf43c6	gmscore_app: Enforce all rules for the domain am: `86e110e688` am: `a32a7fbfd8` am: `b6db531afa` Change-Id: I16e73c538eb4aa3354cf0ffb578cb6aa3189c327	2020-01-07 23:34:09 +00:00
Jon Spivack	ae2df6b5de	Add aidl_lazy_test_server This is a test service for testing dynamic start/stop of AIDL services. In order to test realistic use cases with SELinux enabled, it requires the same permissions as a regular service. Bug: 147153962 Test: aidl_lazy_test aidl_lazy_test_1 aidl_lazy_test_2 Change-Id: Ifc3b2eaefba9c06c94f9cf24b4474107d4e26563	2020-01-07 15:11:03 -08:00
Ashwini Oruganti	86e110e688	gmscore_app: Enforce all rules for the domain This change flips the switch and stops running gmscore_app in permissive mode. Looking at the data in go/sedenials, we don't see any untracked denial that isn't occurring for the priv_app domain as well. gmscore should have all the necessary permissions it had was running in the priv_app domain. Bug: 142672293 Test: Build, flash, boot. Change-Id: I0db56671cdfccbd79cd303bc2a819260ef7677fe	2020-01-07 10:53:49 -08:00
Robin Lee	cbfe879fe6	vendor_init can set config.disable_cameraservice This had been settable by vendors up to and including Q release by making config_prop avendor_init writeable. We don't allow this any more. This should be a real vendor settable property now. Bug: 143755062 Test: adb logcat -b all \| grep cameraservice Test: atest CtsCameraTestCases Change-Id: Id583e899a906da8a8e8d71391ff2159a9510a630	2020-01-07 06:57:42 +00:00
Howard Chen	a44b9cb8cc	Allow gsid to create subdirectories under /metadata/gsi/dsu Bug: 144247097 Test: adb shell gsi_tool install --gsi-size $(du -b system.raw\|cut -f1) < system.raw Change-Id: I37a2cd78fcdca32413958a306e687afe309c3bbc	2020-01-07 02:52:49 +00:00
Automerger Merge Worker	9301d838f3	Merge "Don't run permissioncontroller_app in permissive mode" am: `4c37de9b44` am: `13d115dc56` am: `cdfdf80c4e` Change-Id: Ifa42e360307e50f76983b6a0428d7e74c81d4164	2020-01-06 20:52:13 +00:00
Treehugger Robot	4c37de9b44	Merge "Don't run permissioncontroller_app in permissive mode"	2020-01-06 19:12:46 +00:00
Ashwini Oruganti	7d54f0367f	Don't run permissioncontroller_app in permissive mode Looking at go/sedenials, we're fairly confident that this domain has all the necessary permissions. This change enforces all the defined rules for the permissioncontroller_app domain and unsets the permissive mode. Bug: 142672293 Test: Green builds, no new selinux denials. Change-Id: Idaaf2f7aa88b2981f9fab2f74350a934fe415d71	2020-01-06 09:41:22 -08:00
Automerger Merge Worker	20ca3d2315	Merge "Add sepolicy for binderfs" am: `50c5d731e0` am: `14b07efeab` am: `25b59b848d` Change-Id: I067f265be8cc50f75a65ef8c87746a833d3ca808	2020-01-06 17:15:03 +00:00
Treehugger Robot	50c5d731e0	Merge "Add sepolicy for binderfs"	2020-01-06 16:09:45 +00:00
Automerger Merge Worker	be761f3681	Temporarily whitelist system_server->storage denials am: `5357e7672a` am: `99be6c24e3` am: `a61c6e21d1` Change-Id: Ib158733c7fdf527a8f2fceb0a09ec3a11fbb5a2b	2020-01-06 15:32:49 +00:00
Jeff Vander Stoep	5357e7672a	Temporarily whitelist system_server->storage denials Make presubmit less flaky. Bug: 145267097 Test: build Change-Id: I45dd2f03a5db98fa70c950378538d32eb97a44df	2020-01-06 14:28:31 +01:00
Martijn Coenen	d38fa3fdf1	Allow init to configure dm_verity kernel driver. To disable hash-tree prefetching. Bug: 136247322 Test: atest google/perf/boottime/boottime-test Change-Id: Ibdcb88d1014f58918119867c6d701dc58af0c049	2020-01-06 09:40:50 +01:00
Automerger Merge Worker	041cbfd39c	Revert "Revert "Define sepolicy for ro.product.vndk.version"" am: `ed0a8ebe50` am: `176dc81e69` am: `93a8b34cf2` Change-Id: If56c38e51d4f07fe4a8a1069d0f7d9cc25150446	2020-01-06 08:25:37 +00:00
Justin Yun	ed0a8ebe50	Revert "Revert "Define sepolicy for ro.product.vndk.version"" This reverts commit `f536a60407`. Reason for revert: Resubmit the CL with the fix in vendor_init.te Bug: 144534640 Test: lunch sdk-userdebug; m sepolicy_tests Change-Id: I47c589c071324d8f031a0f7ebdfa8188869681e9	2020-01-06 15:12:14 +09:00
Automerger Merge Worker	4d6b8cc6d8	Revert "Define sepolicy for ro.product.vndk.version" am: `f536a60407` am: `f71a38667e` am: `5ce7c8cb01` Change-Id: I34649f637a64611cc634e78a472bbf33b0973d50	2020-01-06 06:05:13 +00:00
Justin Yun	f536a60407	Revert "Define sepolicy for ro.product.vndk.version" This reverts commit `59e3983d1f`. Reason for revert: postsubmit fails in aosp/master Change-Id: Icb10402ccdb6cff942a91adef341fe8f867f308a	2020-01-06 05:28:37 +00:00
Automerger Merge Worker	de275dfccd	Define sepolicy for ro.product.vndk.version am: `59e3983d1f` am: `8018944364` am: `1791ec6e5d` Change-Id: I4a756a32bea0a5f97fee24432bc88bd18b4a2007	2020-01-06 05:24:46 +00:00
Justin Yun	59e3983d1f	Define sepolicy for ro.product.vndk.version Define a new property_context vndk_prop for ro.product.vndk.version. It is set by init process but public to all modules. Bug: 144534640 Test: check if ro.product.vndk.version is set correctly. Change-Id: If739d4e25de93d9ed2ee2520408e07a8c87d46fe	2020-01-06 11:08:23 +09:00
Automerger Merge Worker	d253285ad6	permissioncontroller_app: add a rule for IProxyService_service am: `6570d6d3c7` am: `aaffa3b9e7` am: `970774040b` Change-Id: I33f53ac74a122e478ceebd6b15b8df4da28d0f49	2019-12-27 01:27:49 +00:00
Ashwini Oruganti	6570d6d3c7	permissioncontroller_app: add a rule for IProxyService_service Noticed denials in go/sedenials. This permission is currently granted to priv_app via app_api_service. Bug: 142672293 Test: TH Change-Id: I9834044b2ba13b12694e88ae5cec8eb5c38c658c	2019-12-26 15:34:00 -08:00
Automerger Merge Worker	a874279e20	Revert "Reland: "Add userspace_reboot_config_prop property type"" am: `2848fa4d8b` am: `9a3f2533af` am: `e725262f7f` Change-Id: I75590718a0c0c54ec4e70a8998f1cb0093d63485	2019-12-26 16:25:28 +00:00
Automerger Merge Worker	c9643bd0a1	Reland: "Add userspace_reboot_config_prop property type" am: `7b53803b53` am: `3ede7f3af7` am: `8c506f34cd` Change-Id: If4254d4cefef1b2d64a2fd816784eb063699a680	2019-12-26 16:25:14 +00:00
Nikita Ioffe	2848fa4d8b	Revert "Reland: "Add userspace_reboot_config_prop property type"" This reverts commit `7b53803b53`. Reason for revert: breaks build Exempt-From-Owner-Approval: revert to fix broken build Change-Id: Ic26ee0a8b0a54b86034970e2b18edf0b5f4ec46f	2019-12-26 16:14:45 +00:00
Nikita Ioffe	7b53803b53	Reland: "Add userspace_reboot_config_prop property type" Only difference with https://android-review.googlesource.com/c/platform/system/sepolicy/+/1198254 is userspace_reboot_config_prop is now system_restricted_prop. Marking it as system_internal_prop breaks build: neverallow check failed at out/target/product/generic/obj/ETC/built_plat_sepolicy_intermediates/built_plat_sepolicy:11968 from system/sepolicy/public/property.te:230 (neverallow base_typeattr_210 base_typeattr_467 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads))) <root> allow at out/target/product/generic/obj/ETC/built_plat_sepolicy_intermediates/built_plat_sepolicy:13021 (allow vendor_init base_typeattr_502 (file (read getattr map open))) Test: flash && adb shell getprop ro.init.userspace_reboot.is_supported Test: m checkbuild Bug: 135984674 Change-Id: I6f54dcff8d9b62224f315452e9c320648422b5db	2019-12-24 12:44:36 +00:00
Automerger Merge Worker	9ce7870f3d	Merge "binder_use: Allow servicemanager callbacks" am: `a2f0fdfddd` am: `7f2d67e039` am: `8c9b9e4fff` Change-Id: Id822ed49e77e8bfdc5bcd0c1869b31940f95c992	2019-12-23 20:42:58 +00:00
Jon Spivack	a2f0fdfddd	Merge "binder_use: Allow servicemanager callbacks"	2019-12-23 20:04:33 +00:00
Automerger Merge Worker	65b476cb8c	Revert "Add userspace_reboot_config_prop property type" am: `3bd8767540` am: `5dfce326a1` am: `c25e123729` Change-Id: Iad607d7e707f558e8af7fd6535537024dfb9528f	2019-12-23 19:45:48 +00:00
Jayachandran Chinnakkannu	3bd8767540	Revert "Add userspace_reboot_config_prop property type" This reverts commit `8b570f0c60`. Reason for revert: b/146792618 multiple build breaks Change-Id: Ieab05ce56826d2fc84d46940935705abd2e1a55f	2019-12-23 19:01:13 +00:00
Automerger Merge Worker	65984efed6	Add userspace_reboot_config_prop property type am: `8b570f0c60` am: `6801474288` am: `6f63d45d61` Change-Id: Ic53493cda3dede8b975071efa4e639d8b36f6531	2019-12-23 17:12:56 +00:00
Nikita Ioffe	8b570f0c60	Add userspace_reboot_config_prop property type This type will be used for read-only properties used to configure userspace reboot behaviour (e.g. whenever device supports it, watchdog timeout, etc.). Test: adb shell getprop ro.init.userspace_reboot.is_supported Bug: 135984674 Change-Id: I387b2f2f6e3ca96c66c8fa3e6719d013d71f76c7	2019-12-23 15:10:40 +00:00
Automerger Merge Worker	fbfc64bcb0	Merge "sepolicy: new file_integrity_service" am: `8a40d6e70d` am: `95daf42ef3` am: `bd78650137` Change-Id: Ic8b3111b2e7c20405ff79260293f221d99bcbae1	2019-12-20 23:01:10 +00:00
Treehugger Robot	8a40d6e70d	Merge "sepolicy: new file_integrity_service"	2019-12-20 22:36:21 +00:00
Automerger Merge Worker	46a2099be4	Merge "Allow linkerconfig to be executed with logwrap" am: `6ee440bd0f` am: `0658613b86` am: `77732f54db` Change-Id: Id6f7df1f4fb4975db1cea1745d011bf92dc28c52	2019-12-20 04:01:55 +00:00
Kiyoung Kim	6ee440bd0f	Merge "Allow linkerconfig to be executed with logwrap"	2019-12-20 03:30:33 +00:00
Jon Spivack	4b9114a0b5	binder_use: Allow servicemanager callbacks In order for services registered with LazyServiceRegistrar to dynamically stop, servicemanager needs to be able to call into client processes (to notify them and trigger shutdown). Bug: 143108344 Test: aidl_lazy_test Change-Id: I402d0bcc5e668bf022162c7ce7393d5b77256479	2019-12-19 23:07:14 +00:00
Victor Hsieh	48a7b5a580	sepolicy: new file_integrity_service Test: didn't see denials in dmesg during boot or API calls. Bug: 142573505 Change-Id: Ifa271956bc51bf47d781cd9c9f95afb99c5f940f	2019-12-19 09:25:35 -08:00
Automerger Merge Worker	3a2bcd2e92	Merge "gmscore_app: anr_data_file permissions" am: `4bcc37904c` am: `dd63f771e8` am: `a8dc6b7da8` Change-Id: I640565a70d08c1bef6000c414a177b33c13ab1ab	2019-12-19 10:38:02 +00:00
Treehugger Robot	4bcc37904c	Merge "gmscore_app: anr_data_file permissions"	2019-12-19 09:55:36 +00:00
Automerger Merge Worker	543878c0b0	Merge "[incremental] labels for incfs and directory root" am: `753ff93ac9` am: `5447ebdee1` am: `597849a405` Change-Id: I4f22ebdce589d0a4f2092245d6ff53aa01dffcb5	2019-12-19 06:39:21 +00:00
Songchun Fan	753ff93ac9	Merge "[incremental] labels for incfs and directory root"	2019-12-19 05:47:42 +00:00
Songchun Fan	743f9eddf6	[incremental] labels for incfs and directory root Adding two labels: "incfs" for the incremental filesystem and "incremental_root_file" for file paths /data/incremental/*. Doc: go/incremental-selinux Test: manual Change-Id: I7d45ed1677e3422119b2861dfc7b541945fcb7a2	2019-12-18 16:59:31 -08:00
Ashwini Oruganti	c9de5b531f	gmscore_app: anr_data_file permissions More historical context in http://b/18504118 This also adds an auditallow to the same rule for priv_app, so we can delete it once no logs show up in go/sedenials for this rule triggering. Bug: 142672293 Test: TH Change-Id: I5729b89af83090e6e31c012c8acb0f0114c87d3d	2019-12-18 22:15:08 +00:00
Automerger Merge Worker	5065042dbc	Merge "Allow gmscore to write to /cache" am: `4c78a608f9` am: `c1420961e8` am: `9f84b480dc` Change-Id: I0c6df25d77ef5ee4e9c58615871b2c3841c56130	2019-12-18 18:23:22 +00:00
Treehugger Robot	4c78a608f9	Merge "Allow gmscore to write to /cache"	2019-12-18 17:56:34 +00:00
Andrei Onea	85dd43db87	Make platform_compat accessible on release builds. This is required for the Debug UI within the Settings app. The Platform Compat API prevents callers from overriding the compat config for non-debuggable apps on user builds, among other restrictions (see https://r.android.com/1178263 for the full list). Test: use Setting's debug UI on a user build Bug: 144552011 Bug: 138280620 Change-Id: Ia11a6523feab5cfac2dd6a04d269c59f28f667b7	2019-12-18 14:47:29 +00:00
Kiyoung Kim	6f73396d4c	Allow linkerconfig to be executed with logwrap As part of extending linkerconfig execution based on mount namespace and APEX status, linkerconfig will be executed from init with logwrap. To support this there should be an extra sepolicy to allow linkerconfig to be executed with logwrap. Bug: 144664390 Test: m -j passed & cuttlefish booted Change-Id: Ia8b970a1c396a769eff4b102afbf4d33802923cf	2019-12-18 13:30:28 +09:00
Automerger Merge Worker	46c1585530	Merge "gmscore_app: shell_data_file permissions" am: `cc5cf1c125` am: `ab401c4ecd` am: `d7ab5f7e7e` Change-Id: I110c1778931ff774cf20f3ed8e1d0a9adfa63dd7	2019-12-18 03:27:46 +00:00
Ashwini Oruganti	cc5cf1c125	Merge "gmscore_app: shell_data_file permissions"	2019-12-18 02:04:02 +00:00
Automerger Merge Worker	3b97a0beda	Merge "system_server: create StatsManagerService" am: `cfe10227fc` am: `1759d39fc0` am: `3e612de589` Change-Id: I85cd73460c109fac61ca523cac842403f517e08a	2019-12-17 23:53:38 +00:00
Automerger Merge Worker	3df97da160	Merge "allow system_server to access files under /sys/kernel/ion/" am: `a8ca12d1c0` am: `6a306acedd` am: `5c515f5d03` Change-Id: I737d197f8ef6efb236008ccd52e9b83b919f8e44	2019-12-17 23:26:29 +00:00
Jeffrey Huang	cfe10227fc	Merge "system_server: create StatsManagerService"	2019-12-17 23:22:25 +00:00
Ashwini Oruganti	f31e862cac	gmscore_app: shell_data_file permissions This also adds an auditallow to the same rule for priv_app, so we can delete it once no logs show up in go/sedenials for this rule triggerring. Bug: 142672293 Test: TH Change-Id: I554e0cb00a53fd254c450c20e6c632e58472c3c8	2019-12-17 15:09:30 -08:00
Ashwini Oruganti	fe746ae453	Allow gmscore to write to /cache Bug: 142672293 Test: TH Change-Id: If3c2a5c91ffb497330531ad8a57ac5840d602d34	2019-12-17 14:55:01 -08:00
Suren Baghdasaryan	a8ca12d1c0	Merge "allow system_server to access files under /sys/kernel/ion/"	2019-12-17 22:21:17 +00:00
Automerger Merge Worker	9bc0c741a8	[incremental] allow system server to read /proc/filesystems am: `024bc59798` am: `c60705d77e` am: `05347ee32c` Change-Id: Ic13f5cab40c65fa20549536cfe13f531b0580576	2019-12-17 20:53:49 +00:00
Suren Baghdasaryan	4da970f372	allow system_server to access files under /sys/kernel/ion/ In order for system_server to report ION allocations in dumpsys meminfo report it needs access to ION sysfs nodes. Bug: 138148041 Test: dumpsys meminfo Change-Id: I8b1efebe8f4b06a3975e96ddd6a8cbcacdb52fb2 Signed-off-by: Suren Baghdasaryan <surenb@google.com>	2019-12-17 18:36:25 +00:00
Songchun Fan	024bc59798	[incremental] allow system server to read /proc/filesystems Also allow binder service "incremental_service" to be found by service manager. Test: boots BUG: 136132412 Change-Id: I3584a9b69a7e1909f096e3c4579c1834bdfba22e	2019-12-17 09:57:42 -08:00
Automerger Merge Worker	520231fbfd	Merge "Allow application to find tethering service" am: `f1f79242f3` am: `94e42255ed` am: `7362d26aa0` Change-Id: Ie29ecd34d00bdafe62062c9da4d3e703f5b3c059	2019-12-17 11:19:02 +00:00
Treehugger Robot	f1f79242f3	Merge "Allow application to find tethering service"	2019-12-17 10:45:45 +00:00
Automerger Merge Worker	c2703a73bf	Merge "[incremental] allow service manager to find incremental_service" am: `6914e5d1fa` am: `a60dad9fe0` am: `e7429e105a` Change-Id: I464a206b4d89956b848bb615686900f4e1dfdd49	2019-12-17 00:46:08 +00:00
Songchun Fan	d2b6c685b7	[incremental] allow service manager to find incremental_service Test: boots BUG: 136132412 Change-Id: I8728be360d4b37c6bc846a60bfef33af495ba289	2019-12-16 20:55:21 +00:00
Jeffrey Huang	215dd2aa9b	system_server: create StatsManagerService Refactor to split the logic within statscompanion_service The goal of the refactor is to simplify the binder calls to statsd This service will talk to statsd. At the end of the refactor, this service should be the only service that talks to statsd. Bug: 146074223 Test: Manual by creating the service with empty implementation Change-Id: Ib9c2e10ec195d41062f1001e5a82b374696de939	2019-12-16 11:50:16 -08:00
Automerger Merge Worker	00d6df1be7	Allow gmscore_app to write to /data/ota_package for OTA packages am: `384858e0ec` am: `8dbb8f841b` am: `67cd81ec3a` Change-Id: I0312287a1b7b980b822ca77a8b67d2d7171fbbda	2019-12-16 19:43:47 +00:00
Ashwini Oruganti	384858e0ec	Allow gmscore_app to write to /data/ota_package for OTA packages This also adds an auditallow to the same rule for priv_app, so we can delete it once no logs show up in go/sedenials for this rule triggerring. Bug: 142672293 Test: TH Change-Id: I57f887e96d721ca69a7228df0a75515596776778	2019-12-16 10:00:07 -08:00
Automerger Merge Worker	7cf19dc560	Prevent apps from causing presubmit failures am: `607bc67cc9` am: `0cc9c77efe` am: `1baec27a32` Change-Id: I0fdb2681674f72084bd2359d0ec02d4f1cdf671a	2019-12-16 14:54:38 +00:00
markchien	9cc39d9acf	Allow application to find tethering service Mark tethering_service as app_api_service to allow applications to find tethering service. Apps should able to use tethering service to know tethering state if they have ACCESS_NETWORK_STATE permission, but they may need privileged permission if they want to change tethering. Bug: 144320246 Test: -build, flash, boot -ON/OFF hotspot Change-Id: Ie414618766144c4a4ad89c5cf03398a472638e71	2019-12-16 21:32:04 +08:00
Jeff Vander Stoep	607bc67cc9	Prevent apps from causing presubmit failures Apps can cause selinux denials by accessing CE storage and/or external storage. In either case, the selinux denial is not the cause of the failure, but just a symptom that storage isn't ready. Many apps handle the failure appropriately. These denials are not helpful, are not the cause of a problem, spam the logs, and cause presubmit flakes. Suppress them. Bug: 145267097 Test: build Change-Id: If87b9683e5694fced96a81747b1baf85ef6b2124	2019-12-16 11:19:05 +01:00
Automerger Merge Worker	e98f78a0ab	Merge "Create new system property type for Factory OTA could write system property" am: `a75fa8058c` am: `150bdab002` am: `c188e2deca` Change-Id: Ic3b959a1bae773101eb8c6ee072d88457e162772	2019-12-15 19:49:31 +00:00
Treehugger Robot	a75fa8058c	Merge "Create new system property type for Factory OTA could write system property"	2019-12-15 19:26:39 +00:00
Automerger Merge Worker	5d4e340568	Merge "priv_app.te: Remove auditallow for privapp_data_file" am: `9b624df22c` am: `2e8216ddc0` am: `2c3ce54e0b` Change-Id: I197b2d538e4a1d77ae6140ee670a6fe0f908c520	2019-12-14 01:16:59 +00:00
Treehugger Robot	9b624df22c	Merge "priv_app.te: Remove auditallow for privapp_data_file"	2019-12-14 00:44:36 +00:00
Automerger Merge Worker	344da01a8e	priv_app.te: Remove auditallow for statsd am: `60c6d4e0a3` am: `531832336c` am: `96e9b8dafd` Change-Id: I3c47695e3e4e1441e8ec58b54b2075c34e46a2f3	2019-12-14 00:33:19 +00:00
Ashwini Oruganti	b975142b1a	priv_app.te: Remove auditallow for privapp_data_file Looking at go/sedenials, we have learnt a lot of other priv-apps rely on this permission. The auditallow has served its purpose and can now be removed. Bug: 142672293 Test: Treehugger Change-Id: Iba81773b223d2bddbd32a0594c5aa01829252847	2019-12-13 13:57:10 -08:00
Ashwini Oruganti	60c6d4e0a3	priv_app.te: Remove auditallow for statsd From go/sedenials, we see that com.android.vending needs this permission. The auditallow was in place to see if any priv-apps other than GMS core need this, and now we know. Bug: 142672293 Test: Treehugger Change-Id: Iad6caeb648bc23e85571b758a35649924cdeec69	2019-12-13 13:33:02 -08:00
Automerger Merge Worker	a8d174a243	Merge "selinux config for Incremental service" am: `a48a2f185e` am: `c6cef62f6a` am: `9ff094643f` Change-Id: Iba44e8db5251de7fec85b811ab00b2019b122b6f	2019-12-13 20:14:10 +00:00
Treehugger Robot	a48a2f185e	Merge "selinux config for Incremental service"	2019-12-13 19:41:39 +00:00
Automerger Merge Worker	b55c0ace1a	Allow Zygote and Installd to remount directories in /data/data am: `5b1b423039` am: `252678549c` am: `e7ab24953c` Change-Id: I628c8502e96572ed612ddd6213f2c080ce857090	2019-12-13 14:57:35 +00:00
Ricky Wai	5b1b423039	Allow Zygote and Installd to remount directories in /data/data Zygote/Installd now can do the following operations in app data directory: - Mount on it - Create directories in it - Mount directory for each app data, and get/set attributes Bug: 143937733 Test: No denials at boot Test: No denials seen when creating mounts Change-Id: I6e852a5f5182f1abcb3136a3b23ccea69c3328db	2019-12-13 12:30:26 +00:00
Automerger Merge Worker	7873d1e1b3	Merge "gmscore_app: suppress denials for system_data_file" am: `e8419e5832` am: `aa9d7ceaf0` am: `f6f0501747` Change-Id: Id30a8ca0c38f9895344955ef10fe69059f5aa1e0	2019-12-13 10:40:04 +00:00
Henry Tung	6d57b494c0	Create new system property type for Factory OTA could write system property Due to Factory OTA client install in product partition but it also declare coredomian in its sepolicy setting. That will let Factory OTA unable to find a property type could write system property. But now Factory OTA have a restore NFC wake function need to write system property for communicate with bootloader. So we need to create a new property type in system framework which could allow Factory OTA client to write system property. Bug: 145178094 Test: Manual Change-Id: Ic549cc939893ec67a46bf28a23ebeb9f9b81bd0b	2019-12-13 09:39:19 +00:00
Treehugger Robot	e8419e5832	Merge "gmscore_app: suppress denials for system_data_file"	2019-12-13 08:17:26 +00:00
Automerger Merge Worker	26b7cfd925	Merge "Enable gsid to read /sys/fs/f2fs" am: `7c3a3d8182` am: `17f6c97034` am: `f605ff65b4` Change-Id: I7312971969e04ef99352bda9b285b49f4ea7cfda	2019-12-13 02:39:41 +00:00
Automerger Merge Worker	34638e1e20	Merge "Allow linkerconfig to be executed from recovery" am: `b8f4e9280c` am: `d1f2daa1b2` am: `25993c2c15` Change-Id: I2cc0480599d523c2d91046e86d0f846b771d025a	2019-12-13 02:38:25 +00:00
David Anderson	7c3a3d8182	Merge "Enable gsid to read /sys/fs/f2fs"	2019-12-13 01:26:18 +00:00
Kiyoung Kim	b8f4e9280c	Merge "Allow linkerconfig to be executed from recovery"	2019-12-13 01:09:58 +00:00
Ashwini Oruganti	e80d00ff34	gmscore_app: suppress denials for system_data_file This denial is generally a sign that apps are attempting to access encrypted storage before the ACTION_USER_UNLOCKED intent is delivered. Suppress this denial to prevent logspam. While gmscore_app is running in permissive mode, there might be other denials for related actions (that won't show up in enforcing mode after the first action is denied). This change adds a bug_map entry to track those denials and prevent presubmit flakes. Bug: 142672293 Test: Happy builds Change-Id: Id2f8f8ff5cde40e74be24daa0b1100b91a7a4dbb	2019-12-12 14:38:40 -08:00
Automerger Merge Worker	7d6f79e56d	Merge changes I7620902b,Ia7cb4f84,Iff95982d am: `8f7a81ef5d` am: `52abcfa525` am: `10e0622e6c` Change-Id: I4bc02272e809bd6028a7a3a0297275106c0bb418	2019-12-12 22:20:22 +00:00
Songchun Fan	f3380b151d	selinux config for Incremental service BUG: 136132412 Test: boots Change-Id: I0bff222af54d617b7c849bbed6fa52b96d945e32	2019-12-12 22:01:00 +00:00
Ytai Ben-tsvi	8f7a81ef5d	Merge changes I7620902b,Ia7cb4f84,Iff95982d * changes: Allow audio_server to access soundtrigger_middleware service Allow soundtrigger_middleware system service Allow system service to access audio HAL (for soundtrigger)	2019-12-12 21:42:23 +00:00
Automerger Merge Worker	3314310018	Merge "selinux config for data loader manager service" am: `7a9f01d159` am: `faeeb8de10` am: `0027dd8410` Change-Id: I04a93e841de4f7b2d63bb2538bd1c618bfa44477	2019-12-12 20:48:31 +00:00
Songchun Fan	7a9f01d159	Merge "selinux config for data loader manager service"	2019-12-12 19:50:40 +00:00
Ytai Ben-Tsvi	43a474271f	Allow audio_server to access soundtrigger_middleware service In order to update it when external capture is taking place. Change-Id: I7620902bfdd93b3f80f3ab2921b6adae2e77166f Bug: 142070343	2019-12-12 10:56:35 -08:00
Ytai Ben-Tsvi	29c819c015	Allow soundtrigger_middleware system service New system service, intended to replace all of the soundtrigger middleware. Change-Id: Ia7cb4f8436719ca3bf71ea4c2bc32995568ff01d Bug: 142070343	2019-12-12 10:56:35 -08:00
Ytai Ben-Tsvi	3b1a106957	Allow system service to access audio HAL (for soundtrigger) Change-Id: Iff95982db276d3622cbfaf7bf7d04e7e1427926c Bug: 142070343	2019-12-12 10:56:35 -08:00
Automerger Merge Worker	d9224c8b2d	Merge "Allow gmscore to ptrace itself" am: `a5328d2614` am: `a2aac5f57d` am: `3b642009af` Change-Id: Ia4fa3d1395d2a65448a78af656944b57acdce776	2019-12-12 16:23:29 +00:00
Treehugger Robot	a5328d2614	Merge "Allow gmscore to ptrace itself"	2019-12-12 15:40:37 +00:00

1 2 3 4 5 ...

5098 commits