tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
17998 commits 1 branch 0 tags 50 MiB
Commit graph

17998 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jeff Vander Stoep
504a654983 crash_dump: dontaudit gpu_device access 
And add neverallow so that it's removed from partner policy if
it was added there due to denials.

Fixes: 124476401
Test: build
Change-Id: I16903ba43f34011a0753b5267c35425dc7145f05
 2019-02-18 21:06:42 +00:00
Remi NGUYEN VAN
286bce8bfb Merge "sepolicy change for NetworkStack signature" 
am: ec651944a0

Change-Id: I8588994f31e531ccc022b41d3a805b5da7aef24a
 2019-02-15 17:56:38 -08:00
Remi NGUYEN VAN
ec651944a0 Merge "sepolicy change for NetworkStack signature" 2019-02-16 01:48:49 +00:00
Hridya Valsaraju
e6c36ef12f Add permissions required for flashing 
These are required to handle the following denials:

audit: type=1400 audit(96805.060:7): avc:  denied  { sys_admin } for
pid=517 comm="fastbootd" capability=21  scontext=u:r:fastbootd:s0 tcontext=u:r:fastbootd:s0
tclass=capability permissive=0␍␊

[14:14:36:606] [   11.196190] audit: type=1400 audit(103042.976:10): avc:  denied  { read } for
pid=520 comm="fastbootd" name="by-name" dev="tmpfs" ino=18500 scontext=u:r:fastbootd:s0
tcontext=u:object_r:block_device:s0 tclass=dir permissive=1

Test: fastboot flashall
Bug: 124410201
Change-Id: I80041a78a5b6df09c6526be6a4066eb771887265
 2019-02-15 14:45:18 -08:00
Sudheer Shanka
b8df6eda98 Merge "Track untrusted_app_27 SELinux denial" 
am: 161601cbf6

Change-Id: Ic859ec704972e2f2195e72f053687bb3cf657f0e
 2019-02-15 14:37:23 -08:00
Sudheer Shanka
161601cbf6 Merge "Track untrusted_app_27 SELinux denial" 2019-02-15 22:26:09 +00:00
Mark Salyzyn
2340f1017a fs_mgr: overlayfs support legacy devices (marlin) Part Deux 
am: bd80e63e03

Change-Id: I62e00a260f7367222f9aed1cfd71777f0bdeef46
 2019-02-15 13:47:22 -08:00
Mark Salyzyn
bd80e63e03 fs_mgr: overlayfs support legacy devices (marlin) Part Deux 
On legacy devices system_<other> partition is blocked from
becoming the backing store under certain circumstances.

Test: system/core/fs_mgr/tests/adb-remount-test.sh
Bug: 120448575
Bug: 123079041
Change-Id: I1803f072ca21bc116554eee1d01a1dbd2c9ed0c9
 2019-02-15 15:56:16 +00:00
Sudheer Shanka
9c96649b27 Track untrusted_app_27 SELinux denial 
vrcore is trying to access external storage before
it is available.

Bug: 118185801
Test: n/a
Change-Id: Ieb38a1bfb977d9f6f642fecdd1000a195b2c8259
 2019-02-15 00:42:47 -08:00
Sudheer Shanka
a82094795e Merge "Update a comment to match the latest rules." 
am: 6c773be030

Change-Id: Ib720c5fc1a0a0287d6e29105b4a518272e2b6a3d
 2019-02-14 22:41:30 -08:00
Treehugger Robot
6c773be030 Merge "Update a comment to match the latest rules." 2019-02-15 06:38:25 +00:00
Alan Stokes
b7d23bc285 Merge "Fix typo in file name." 
am: 2379bb7603

Change-Id: I967eb883a468a6d3b9fb29c885254fc3f525b077
 2019-02-14 20:21:44 -08:00
Treehugger Robot
2379bb7603 Merge "Fix typo in file name." 2019-02-15 04:16:44 +00:00
Jeffrey Vander Stoep
0782f93463 Merge "Track SELinux denial." 
am: 567a8063a9

Change-Id: Ide783838773021f04e4a77c475bb3a9aa285347e
 2019-02-14 20:08:59 -08:00
Jeffrey Vander Stoep
567a8063a9 Merge "Track SELinux denial." 2019-02-15 03:59:41 +00:00
Jeff Vander Stoep
f05de2ee39 Track SELinux denial. 
This should help fix presubmit tests.

Bug: 124468495
Bug: 124476401
Test: Build.
Change-Id: I7d8befaef2a90d6dc824f99e3088a922c8d1fdc4
 2019-02-14 19:52:03 -08:00
Tianjie Xu
79d234f469 Merge "Allow update engine to write to statsd socket" 
am: 4dd5976170

Change-Id: I5a702f2c548678ad576c6ec63c7c88468a07dd09
 2019-02-14 14:13:40 -08:00
Xin Li
176f17cbff Merge "DO NOT MERGE - Merge pi-platform-release (PPRL.190205.001) into stage-aosp-master" into stage-aosp-master 2019-02-14 22:11:31 +00:00
Tianjie Xu
4dd5976170 Merge "Allow update engine to write to statsd socket" 2019-02-14 22:07:11 +00:00
Sudheer Shanka
a3423bb74b Update a comment to match the latest rules. 
Test: n/a
Change-Id: Ib45a25b3c9b987f56c350b91d72caca8a16fb52e
 2019-02-14 11:48:49 -08:00
Sudheer Shanka
4cb485a603 Merge "Allow zygote to create files under sdcardfs." 
am: be3748da12

Change-Id: I8e06267015a06b1b51a1940451950d63d2e11b6f
 2019-02-14 11:06:44 -08:00
Sudheer Shanka
be3748da12 Merge "Allow zygote to create files under sdcardfs." 2019-02-14 18:51:07 +00:00
Sudheer Shanka
868c075e0e Allow zygote to create files under sdcardfs. 
sdcardfs will automatically try to create .nomedia file
under Android/{data,obb} and this is being attributed
to whoever is trying to create Android/{data,obb} dirs.
Earlier this is used to done from app context but now
zygote handles the creation of these dirs.

Bug: 124345887
Test: manual
Change-Id: I96feada2f5edff2ece2586a532b069a58a36dd3b
 2019-02-14 18:49:57 +00:00
Alan Stokes
9b8b422938 Fix typo in file name. 
Test: Builds
Change-Id: I411f0c0f323565d951d4ba8031404171e3c9b364
 2019-02-14 16:09:44 +00:00
Pierre Lee
58d87035dc Merge "add hal_bootctl to white-list of sys_rawio" 
am: 8292117703

Change-Id: Iea654aedc4f858f025511fa4f6374e5726e6605d
 2019-02-13 23:30:47 -08:00
Treehugger Robot
8292117703 Merge "add hal_bootctl to white-list of sys_rawio" 2019-02-14 07:21:00 +00:00
Chenjie Yu
d098364298 Merge "train info persist to disk sepolicy" 
am: a0f56f1d63

Change-Id: I2aeef7e584bba6311e955ee63b952976adaa0456
 2019-02-13 15:56:50 -08:00
Remi NGUYEN VAN
3b006d9bd4 sepolicy change for NetworkStack signature 
Update the seinfo to the new network_stack seinfo, as the network stack
is now using its own certificate.
Remove the hard-coded package name, which may differ depending on
devices, and specify (uid, signature, priv-app) instead.

Bug: 124033493
Test: m
Change-Id: If3bbc21cf83f5d17406e9615833ee43011c9c9bc
 2019-02-14 07:58:13 +09:00
Treehugger Robot
a0f56f1d63 Merge "train info persist to disk sepolicy" 2019-02-13 22:45:18 +00:00
Pierre Lee
30c77c1695 add hal_bootctl to white-list of sys_rawio 
VtsHalBootV1_0Target test cases fail on a platform when executing boot control operation.
The cases fail because of hal_bootctl has no sys_rawio permission to do storage IOCTL to
switch boot slot.

Bug: 118011561
Test: VtsHalBootV1_0Target can pass
Change-Id: Idbbb9ea8b76fe62b2d4b71356cef7a07ad4de890
 2019-02-13 12:38:22 +00:00
Jeff Vander Stoep
65108cec40 Merge "Radio: allow to read kernel command line." 
am: d41721bc41

Change-Id: I3ae9ed53acacffa9db3433dee1b8cfb4e1d85435
 2019-02-13 00:22:03 -08:00
Treehugger Robot
d41721bc41 Merge "Radio: allow to read kernel command line." 2019-02-13 08:15:33 +00:00
Paul Lawrence
2d682cf0c7 Merge "Allow restorecon to work on vold_data_files" 
am: 07365ec1b4

Change-Id: Ibd769a20eb10241a5ceab05d1887b176f3312e8e
 2019-02-12 19:29:18 -08:00
Treehugger Robot
07365ec1b4 Merge "Allow restorecon to work on vold_data_files" 2019-02-13 02:13:31 +00:00
Chenjie Yu
9e625b0745 train info persist to disk sepolicy 
Test: will add gts
Bug: 122807604
Change-Id: I60d2b207d8cf652ff90111cc5bef996f14d93376
 2019-02-12 15:40:02 -08:00
Jeff Vander Stoep
8540c12bd9 Radio: allow to read kernel command line. 
Used in:
frameworks/base/telephony/java/android/telephony/TelephonyManager.java file

Fixes: 124210464
Test: sepolicy tests
Change-Id: I239cfa2eabbb14653175b4eb655a78caeea553e3
 2019-02-12 23:36:51 +00:00
Paul Lawrence
84e87b8753 Allow restorecon to work on vold_data_files 
Bug: 119769411
Test: Compiles with rule needed to fix Wahoo
Change-Id: Ifad4c285815682a107013479850f2a63c894c855
 2019-02-12 14:43:08 -08:00
Peiyong Lin
6cac784253 Merge "Add persistent property for SurfaceFlinger color mode." 
am: e72b2328ae

Change-Id: Ib5ce919c95b47bc172fc730b7ab5a3cd67a8e4c0
 2019-02-12 10:16:44 -08:00
Peiyong Lin
e72b2328ae Merge "Add persistent property for SurfaceFlinger color mode." 2019-02-12 17:58:45 +00:00
Xin Li
27205a2847 DO NOT MERGE - Merge pi-platform-release (PPRL.190205.001) into stage-aosp-master 
Bug: 124234733
Change-Id: Ic9a486e029115f3c42c1c0f139890bc744eb14bf
 2019-02-12 09:53:58 -08:00
joshmccloskey
ec74c35e2e Allowing sysui to access statsd. 
am: 6f5a7b85b2

Change-Id: I3c6b59cc7e7a3024efee3750521064232d80b229
 2019-02-11 21:21:53 -08:00
Peiyong Lin
4dfc59e5f4 Add persistent property for SurfaceFlinger color mode. 
To enable devices to stay in a color mode all the time, add a persistent
property as part of per device configuration.

BUG: 124129486
Test: Build, flash and boot. Verify with internal patch
Change-Id: I45ce25e4f1317911e70a4276df6adc39e7455fed
 2019-02-11 17:19:03 -08:00
joshmccloskey
6f5a7b85b2 Allowing sysui to access statsd. 
Test: Manual.
Change-Id: Iae63806bd5a8435e759694c0f84a3da8d463549d
 2019-02-11 14:09:42 -08:00
Yiwei Zhang
30287cfbf1 Merge "Game Driver: sepolicy update for plumbing GpuStats into GpuService" 
am: 64c8df4a54

Change-Id: I131d279b503c948d9d894ffcd99eedb0349d9f44
 2019-02-11 10:10:09 -08:00
Treehugger Robot
64c8df4a54 Merge "Game Driver: sepolicy update for plumbing GpuStats into GpuService" 2019-02-11 18:03:50 +00:00
Tri Vo
fa2c6ed718 Merge "Restore ephemeral app access to /dev/ashmem" 
am: 5358ac5eee

Change-Id: I1c22fedaee54bcc80a948aade564597a1526ded4
 2019-02-09 12:39:00 -08:00
Tri Vo
5358ac5eee Merge "Restore ephemeral app access to /dev/ashmem" 2019-02-09 20:28:16 +00:00
Andreas Gampe
9020d74f24 Merge "Sepolicy: Give apexd permission for mounton" 
am: c4bf8f26a0

Change-Id: I318484c452e9aa51e61114f4e59301e4eafe0708
 2019-02-09 01:52:02 -08:00
Treehugger Robot
c4bf8f26a0 Merge "Sepolicy: Give apexd permission for mounton" 2019-02-09 09:41:34 +00:00
Nick Kralevich
e049aec29c Merge "allow runas_app untrusted_app_all:unix_stream_socket connectto" 
am: cb2a226ada

Change-Id: I7553a5d4a6409afbfa15924b7779a92bd4cc4452
 2019-02-08 18:41:50 -08:00