tequilaOS/platform_system_sepolicy

Author	SHA1	Message	Date
Shiwangi Shah	44c5d09b45	Merge "Add access to hardware_properties and linker" am: `0a6c81f6ce` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2077565 Change-Id: Ib3caebc948fd194eba5a63268724ff2f0880aabd Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-05-03 20:06:59 +00:00
Shiwangi Shah	0a6c81f6ce	Merge "Add access to hardware_properties and linker"	2022-05-03 19:27:55 +00:00
Jean-Michel Trivi	c62ce77d7a	Spatial audio: add property for headtracking am: `ad4a63a5aa` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2085743 Change-Id: I363f6481afb14ad496e44428617c319f59091be0 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-05-03 17:26:58 +00:00
Jean-Michel Trivi	ad4a63a5aa	Spatial audio: add property for headtracking Add a property to be read by system_server's AudioService that indicates whether the spatializer effect can use head tracking. If true, head tracking functionality will be initialized and the corresponding APIs will be active. Bug: 226474336 Test: atest android.media.audio.cts.SpatializerTest Change-Id: Id8f574ecd2303034a29da58615018586b68bf55d	2022-05-03 15:16:52 +00:00
Treehugger Robot	fd3e4b1a32	Merge "Allow deleting old virtualization files" am: `25a665ded7` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2080182 Change-Id: I9df8a19c96d624be03bb2ff62fde0d71927f006c Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-05-03 13:22:40 +00:00
Treehugger Robot	25a665ded7	Merge "Allow deleting old virtualization files"	2022-05-03 09:28:57 +00:00
Treehugger Robot	470e54c22f	Merge "[MS82.3] Add sepolicy to access connectivity apex directory" am: `1d79fd5071` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2069127 Change-Id: Iabf13e810cb556e4e370f4b1e372bf5a6a042660 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-05-03 08:45:35 +00:00
Richard Chang	31260126a0	Merge "Allow vendor services to access vendor_system_native_prop" am: `0b25ca45cf` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2083463 Change-Id: Ia1b76616ece8b8a99d48c6fa10cea2aa1f240dc5 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-05-03 08:45:14 +00:00
Jiyong Park	1c2f9f14ab	Allow untrusted app to use virtualizationservice - even on user builds am: `8a5c1598ca` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2083946 Change-Id: I65c66a87f354425fa4f7ead44f2c2729e893bcef Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-05-03 08:44:50 +00:00
Treehugger Robot	1d79fd5071	Merge "[MS82.3] Add sepolicy to access connectivity apex directory"	2022-05-03 08:00:18 +00:00
Richard Chang	0b25ca45cf	Merge "Allow vendor services to access vendor_system_native_prop"	2022-05-03 07:48:51 +00:00
Jiyong Park	8a5c1598ca	Allow untrusted app to use virtualizationservice - even on user builds This only makes it difficult to run (test/demo) apps using AVF. They have to be pre-installed on the device which is infeasible on user-build devices. Removing the guard so that untrusted apps can use virtualizationservice even on user builds. Note that the use is still gated by the MANAGE_VIRTUAL_MACHINE permission, which can be granted only by pre-installing or explicitly via `adb shell pm grant`. So there's no risk of 3p apps downloaded from the net having its own VM. Bug: 231080171 Test: run MicrodroidDemoApp on a user build Merged-In: Ie0b1b9801dd7726633f97456a38bc0ea349013db Change-Id: Ie0b1b9801dd7726633f97456a38bc0ea349013db	2022-05-03 14:38:28 +09:00
Treehugger Robot	97569d867d	Merge "Allow microdroid_manager to set dev.bootcomplete" am: `0d66aff97f` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2084003 Change-Id: Ia5154c7c853f195507272f94ce54a6961343c85d Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-05-03 05:22:28 +00:00
Richard Chang	af8fac1c56	Allow vendor services to access vendor_system_native_prop Bug: 226456604 Test: Build Change-Id: Icc11b9bf06fd0fb8069388ca5a32e8aedf1743a8	2022-05-03 04:19:07 +00:00
Treehugger Robot	0d66aff97f	Merge "Allow microdroid_manager to set dev.bootcomplete"	2022-05-03 02:43:35 +00:00
Treehugger Robot	9c142ddafc	Merge changes from topic "33.0_sepolicy_mapping_file" am: `4410dab4de` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2083164 Change-Id: Ib87df883bca1c7a81cf9270609f888769418d971 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-05-03 02:21:52 +00:00
Yurii Zubrytskyi	ac14146a95	platform/system/sepolicy - SEPolicy Prebuilts for Tiramisu am: `9d9c730f1c` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2083163 Change-Id: I82afd93fc40e78a7ea4026c591e8bbaff320ec9b Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-05-03 02:21:49 +00:00
Treehugger Robot	4410dab4de	Merge changes from topic "33.0_sepolicy_mapping_file" * changes: Add 33.0 mapping files platform/system/sepolicy - SEPolicy Prebuilts for Tiramisu	2022-05-03 00:32:17 +00:00
Treehugger Robot	4a0b80879a	Merge "Add "ro.hardware.egl_legacy" for ANGLE system driver" am: `fe1ad47b3b` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2078298 Change-Id: Ie03cf3b98f9f295f57fcd012dcc94c8abb0e1108 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-05-02 18:59:27 +00:00
Yu Shan	565699bc61	Allow vehicle_binding_util to access AIDL VHAL. am: `d5af7b7cea` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2082539 Change-Id: If60eb04fc41df3ce30212bb0763590f2b69f4edd Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-05-02 18:58:42 +00:00
Eric Biggers	cf064c32a1	Merge "zygote.te: clean up and tighten app data isolation rules" am: `a77c2963e9` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2078007 Change-Id: Ia6806138f6c09c885a61f98799828e4fd3477690 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-05-02 18:57:58 +00:00
Treehugger Robot	fe1ad47b3b	Merge "Add "ro.hardware.egl_legacy" for ANGLE system driver"	2022-05-02 18:41:39 +00:00
Victor Hsieh	a62b3ff58a	Allow microdroid_manager to set dev.bootcomplete ... and shell to get the same property for testing. Bug: 230774156 Test: atest MicrodroidTestCase Change-Id: Iaf04072c2b394d44ef1253fd048d5ccf757a8b89	2022-05-02 10:33:49 -07:00
Inseob Kim	4ae05118c1	Add 33.0 mapping files Steps taken to produce the mapping files: 0. Add 33.0 prebuilts to prebuilts/api/33.0/. 1. Add the following Android.bp modules. 33.0.board.compat.map 33.0.board.compat.cil 33.0.board.ignore.map plat_33.0.cil system_ext_33.0.cil product_33.0.cil 33.0.ignore.cil system_ext_33.0.ignore.cil product_33.0.ignore.cil 33.0.compat.cil system_ext_33.0.compat.cil 2. Touch the following three files. private/compat/33.0/33.0.cil private/compat/33.0/33.0.compat.cil private/compat/33.0/33.0.ignore.cil 3. Add 33.0 to PLATFORM_SEPOLICY_COMPAT_VERSIONS on build/make/core/config.mk. Note that we don't update sepolicy_major_vers to 33, but just update compat versions. 4. Run the following command. $ source build/make/rbesetup.sh && lunch aosp_arm64-userdebug $ m sepolicy_generate_compat $ sepolicy_generate_compat --branch=tm-dev \ --build latest --target-version 33.0 \ --latest-version 32.0 This change also enables treble_sepolicy_tests_33.0 and installs 33.0.cil mapping file onto the device. Test: m treble_sepolicy_tests_33.0 Test: m 33.0_compat_test Test: m slinux_policy Change-Id: Ie969ff0372ff1268776165cee5cb5b07d303453c	2022-05-02 14:12:28 +09:00
Yurii Zubrytskyi	9d9c730f1c	platform/system/sepolicy - SEPolicy Prebuilts for Tiramisu Bug: 225745567 Test: Build Change-Id: I49fb91c7a60fb1e871bdf3553d978bb16c476fd7 Merged-In: I49fb91c7a60fb1e871bdf3553d978bb16c476fd7 (cherry picked from commit `f9a00364c8`)	2022-05-02 13:24:45 +09:00
Ian Elliott	92251f5d15	Add "ro.hardware.egl_legacy" for ANGLE system driver This supports the ability to switch between ANGLE and a legacy GLES driver in cases when transitioning from a legacy GLES driver to ANGLE as the system driver. With ANGLE as the GLES system driver, the platform needs a way to identify the legacy GLES driver, so that it can be used for particular applications. Test: CtsAngleDeveloperOptionHostTest Bug: 224558229 Change-Id: I359b37daa96eb6f8424bde530bb1ac79affd1b04	2022-04-29 18:35:16 -06:00
Yu Shan	d5af7b7cea	Allow vehicle_binding_util to access AIDL VHAL. AIDL service requires binder_use not hwbinder_use. Test: None Bug: None Change-Id: Ic2245c4b1961cc3a5bbd61a1cb6134d92b8752c1	2022-04-29 16:39:03 -07:00
Alan Stokes	c88f0efe3e	Allow deleting old virtualization files Allow init to use toolbox to rm -rf stale files under /data/misc/virtualizationservice. Bug: 230056726 Test: Create fake stale dir+file, see them deleted Change-Id: I4a31e437344974597fc5280d898f23780a820f16 (cherry picked from commit `8e06fb4109`)	2022-04-29 10:56:34 +00:00
Eric Biggers	a77c2963e9	Merge "zygote.te: clean up and tighten app data isolation rules"	2022-04-28 17:51:53 +00:00
Treehugger Robot	57cd703d00	Merge "Revert "Fix bootchart on android12"" am: `4fe6bd16f3` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2075861 Change-Id: I33318773873ec9c65c411f8ca17c09317d266538 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-04-28 16:38:35 +00:00
Treehugger Robot	4fe6bd16f3	Merge "Revert "Fix bootchart on android12""	2022-04-28 15:52:46 +00:00
Treehugger Robot	1e4a761436	Merge "Prevent sandbox executing from sdk_sandbox_data_file" am: `8594b156af` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2074904 Change-Id: I48719514d3666d4177aa18643b0e4af7f1f34a41 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-04-28 07:33:07 +00:00
Treehugger Robot	8594b156af	Merge "Prevent sandbox executing from sdk_sandbox_data_file"	2022-04-28 06:28:08 +00:00
Eric Biggers	9f07ea5442	zygote.te: clean up and tighten app data isolation rules Group together the rules for setting up app data isolation and get all the comments up-to-date. Also remove some parts that aren't needed: - 'allow zygote mnt_expand_file:dir mounton;' -- not needed. It might have been thought that this was needed for mounting tmpfs on /mnt/expand/$volume/user{,_de}, but those have type system_data_file. - 'allow zygote mnt_expand_file:dir relabelto;' -- not needed, as nothing is ever relabeled to this type. - 'allow zygote media_rw_data_file:dir getattr;' -- not needed to create bind mounts. The similar rules for user_profile_* don't include this. - 'allow zygote mirror_data_file:dir r_dir_perms;' -- tighten to just the required search permission. - 'allow zygote system_data_file:dir getattr;' -- redundant with 'allow zygote system_data_file:dir r_dir_perms;', and not needed for the stated reason of "Get inode of directories for app data isolation". Test: booted Cuttlefish, no denials seen. Change-Id: Id77b8c81625fd785a5d0d88c37d7c85b8fff7244	2022-04-27 21:59:27 +00:00
Eric Biggers	4cc45b3537	Merge "toolbox.te: remove unneeded FS_IOC_FS[GS]ETXATTR permission" am: `74e65cb878` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2077301 Change-Id: Ia5b75b1be2a09d5872b12eb3f0208382c436cb8a Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-04-27 19:59:43 +00:00
Eric Biggers	74e65cb878	Merge "toolbox.te: remove unneeded FS_IOC_FS[GS]ETXATTR permission"	2022-04-27 19:24:57 +00:00
Shiwangi Shah	870354d709	Merge "Add ephemeral service access to sdk sandbox" am: `bb270f64c9` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2051365 Change-Id: I4898068b7d1f19d9aeb7bb10390846b25e652217 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-04-27 17:26:30 +00:00
Shiwangi Shah	13bdca21d5	Add access to hardware_properties and linker We might want to change this in later android versions. Bug: b/228159127 Bug: b/227745962 Test: Manual Change-Id: I8f425cc9f2759a29bdd2e6218ad0a1c40750e4f5	2022-04-27 15:13:27 +00:00
Shiwangi Shah	bb270f64c9	Merge "Add ephemeral service access to sdk sandbox"	2022-04-27 14:35:54 +00:00
Shiwangi Shah	48b2b33844	Add ephemeral service access to sdk sandbox Add some services ephemeral service has access to. We will steadily restrict this list further based on testing and requirements for rubidium. Test: Manual Bug: b/227745962 Bug: b/227581095 Change-Id: If7bcb8b8de62d408bd4af848b43abca853c93758	2022-04-27 09:21:02 +00:00
Eric Biggers	52238a1e0c	toolbox.te: remove unneeded FS_IOC_FS[GS]ETXATTR permission These ioctls don't need to be allowed, as they'd only be needed to set project quota IDs. But this is only done by other domains (installd, vold, and mediaprovider_app). Probably it was originally planned for an init script to run 'chattr -p ID', but this didn't end up happening. This is a basically revert of commit `4de3228c46` ("Allow toolbox to set project quota IDs.") (https://r.android.com/1224007). Also remove an outdated comment at the top of the file. Test: booted Cuttlefish, no denials seen. Change-Id: If61179a35f419c6cbfcf1432a86b2c1375db71ed	2022-04-27 03:45:36 +00:00
Sal Savage	ee5923964b	Merge "Update LE Audio profile names to be in line with spec and implementation" am: `9f3d766633` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2073972 Change-Id: I0873e311ca5377eff013b8c05187cf585375875c Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-04-26 21:48:34 +00:00
Sal Savage	9f3d766633	Merge "Update LE Audio profile names to be in line with spec and implementation"	2022-04-26 21:21:52 +00:00
Jooyung Han	613519f7c8	Revert "Fix bootchart on android12" This reverts commit `d338d0ef55`. Reason for revert: The original problem was due to failing to switch mount namespace when bootchart is on (see b/229983560) but this doesn't fix it but only suppresses the symptom. aosp/2073287 fixes the original problem. Change-Id: I6538de37872e718291e78b591a1ae43e83f7a3e3	2022-04-26 03:40:23 +00:00
Junyu Lai	c43dbf8dec	[MS82.3] Add sepolicy to access connectivity apex directory Test: m Bug: 230289468 Change-Id: I7e43c09f929a418c6c7b6bcfc3696a242c19f2d8	2022-04-26 02:20:30 +00:00
Jaegeuk Kim	41e521a784	Merge "Allow shutdown /data" am: `9ca36ec91b` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2072141 Change-Id: I4f5a8ca615e6fa4bcf0f6411a33402ffb1a6ba77 Ignore-AOSP-First: this is an automerge Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-04-25 17:13:48 +00:00
Jaegeuk Kim	9ca36ec91b	Merge "Allow shutdown /data"	2022-04-25 16:42:48 +00:00
Bram Bonne	078b43cd40	Prevent sandbox executing from sdk_sandbox_data_file Bug: 215105355 Test: make Change-Id: I73c6a0d5034f194bf7149336fdac1db51a2b151d	2022-04-25 13:28:52 +02:00
Treehugger Robot	660c8307ab	Merge "Replace se_filegroup to se_build_files" am: `34423ff138` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2072787 Change-Id: Ifce832f18e35ea4319744b7ea86f7e994a275aa9 Ignore-AOSP-First: this is an automerge Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-04-23 01:01:24 +00:00
Treehugger Robot	34423ff138	Merge "Replace se_filegroup to se_build_files"	2022-04-23 00:34:08 +00:00

1 2 3 4 5 ...

35893 commits