tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
33887 commits 1 branch 0 tags 50 MiB
Commit graph

33887 commits

This branch
This branch
All branches
Author SHA1 Message Date
Gregory Montoir
4791f7c0e4 Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} am: f7727ace66 am: 84f6646c7c am: 8bac0a5547 am: 796f6637e4 am: 8881759651 am: ee34c61f9d 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16602719

Change-Id: I92fa75428bc9e61ec3eb66c72a9745448a76adb2
 2022-01-13 00:15:39 +00:00
Gregory Montoir
ee34c61f9d Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} am: f7727ace66 am: 84f6646c7c am: 8bac0a5547 am: 796f6637e4 am: 8881759651 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16602719

Change-Id: I7adb2cf814af741cd89ca74b16ba5c0aa7d54279
 2022-01-12 23:57:47 +00:00
Gregory Montoir
7a8345b052 Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} am: 1a6b37d838 am: c3578b68ec am: 92de4b90f0 am: dcdb0fe207 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16615268

Change-Id: Ie005d95dc34523f12db9540175a150a7ee7084df
 2022-01-12 23:47:21 +00:00
Gregory Montoir
2f2d4e9e9c Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} am: 1a6b37d838 am: ff22c64cbb am: 87d5e2ef90 am: 8554dcd97a 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16615268

Change-Id: Iea2cf75a2e875514756de5fd7ac2fce2dce531ec
 2022-01-12 23:46:42 +00:00
Gregory Montoir
8881759651 Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} am: f7727ace66 am: 84f6646c7c am: 8bac0a5547 am: 796f6637e4 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16602719

Change-Id: I76bdaca952b528a9fea775e3a0276f3be592bf33
 2022-01-12 23:44:25 +00:00
Gregory Montoir
dcdb0fe207 Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} am: 1a6b37d838 am: c3578b68ec am: 92de4b90f0 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16615268

Change-Id: I0f63ada474ef21d9cb39ab363850681ce2f6cef0
 2022-01-12 23:28:11 +00:00
Gregory Montoir
8554dcd97a Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} am: 1a6b37d838 am: ff22c64cbb am: 87d5e2ef90 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16615268

Change-Id: I91dc7e4fd396dbb9c8676be923adff0d1e4fe052
 2022-01-12 23:28:04 +00:00
Gregory Montoir
796f6637e4 Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} am: f7727ace66 am: 84f6646c7c am: 8bac0a5547 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16602719

Change-Id: Ic3688f33d8cab5a1a951780349602b6aed6b0e12
 2022-01-12 23:27:00 +00:00
Gregory Montoir
92de4b90f0 Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} am: 1a6b37d838 am: c3578b68ec 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16615268

Change-Id: I5ad5a823f55cb49d900945ef809ffbe37c7dc685
 2022-01-12 23:16:09 +00:00
Gregory Montoir
860cc6f1d5 Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} am: fe0705ba42 am: a73406d0a4 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16616068

Change-Id: I0dc859d02da3dfc8ab7421a06aae2ee9aa65542e
 2022-01-12 23:15:55 +00:00
Gregory Montoir
87d5e2ef90 Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} am: 1a6b37d838 am: ff22c64cbb 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16615268

Change-Id: Ied839549c500bfba3b46b2fc26e00baea7d2b11d
 2022-01-12 23:15:02 +00:00
Gregory Montoir
8bac0a5547 Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} am: f7727ace66 am: 84f6646c7c 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16602719

Change-Id: I11fc36fbc3d65609a3215e9cecf5ce22fb06b97e
 2022-01-12 23:14:44 +00:00
Gregory Montoir
c3578b68ec Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} am: 1a6b37d838 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16615268

Change-Id: I93f6aa869c2b018d15cf4bdc60d70cc0152223a7
 2022-01-12 23:03:16 +00:00
Gregory Montoir
a73406d0a4 Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} am: fe0705ba42 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16616068

Change-Id: I8976cb6c6a2546a36355e509c41b90bd516f1154
 2022-01-12 23:03:14 +00:00
Gregory Montoir
84f6646c7c Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} am: f7727ace66 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16602719

Change-Id: I0f2729fc6ef1737965de0e38495a4908b76890d0
 2022-01-12 23:02:17 +00:00
Gregory Montoir
ff22c64cbb Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} am: 1a6b37d838 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16615268

Change-Id: Ic7d459763baeaac4466ea599ff43176289d08203
 2022-01-12 23:02:09 +00:00
Jeremy Meyer
4833a09ba8 Merge "Add resources_manager_service" am: 0f72360b2f am: bebb429e43 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1944288

Change-Id: I40793e89b0902bd93a65dc7a2d7a2fbbd722ecc6
 2022-01-12 21:18:58 +00:00
Jeremy Meyer
bebb429e43 Merge "Add resources_manager_service" am: 0f72360b2f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1944288

Change-Id: I240261561b71f71c74d728c8e4a4ed7f6133fbe4
 2022-01-12 21:01:31 +00:00
Jeremy Meyer
0f72360b2f Merge "Add resources_manager_service" 2022-01-12 20:41:28 +00:00
Treehugger Robot
80675f15e2 Merge "Make virtual_device_service accessible from CTS" am: b4cc3b36f4 am: 5af1fc8bef 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1912337

Change-Id: I03d1a7f71f71f32c8f50a3992b15b1a37a8c6f28
 2022-01-12 18:39:29 +00:00
Yabin Cui
f8a7b98ff6 Restrict write access to etm sysfs interface. am: 927d7a752b am: f288523c0c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1945414

Change-Id: I7ca14acf15cf5eee452bf9d299099238db218c42
 2022-01-12 18:39:20 +00:00
Treehugger Robot
5af1fc8bef Merge "Make virtual_device_service accessible from CTS" am: b4cc3b36f4 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1912337

Change-Id: Ida8d75500acfe02e8bff86793c8776a28ee7411e
 2022-01-12 18:34:43 +00:00
Treehugger Robot
b4cc3b36f4 Merge "Make virtual_device_service accessible from CTS" 2022-01-12 18:28:15 +00:00
Yabin Cui
f288523c0c Restrict write access to etm sysfs interface. am: 927d7a752b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1945414

Change-Id: I9512f82d34bb747bdc3d042a63df655fe6741799
 2022-01-12 18:26:45 +00:00
Gregory Montoir
fe0705ba42 Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} 
File accesses go through com.android.ddmlib.SyncService for CTS
ListeningPortsTest.

Bug: 201645790
Test: atest ListeningPortsTest
Ignore-AOSP-First: Fix already in AOSP
Change-Id: I0c66fb5e35cda3b1799cf003402e454d7a951e96
 2022-01-12 14:35:12 +00:00
Gregory Montoir
f7727ace66 Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} 
File accesses go through com.android.ddmlib.SyncService for CTS
ListeningPortsTest.

Bug: 201645790
Test: atest ListeningPortsTest
Ignore-AOSP-First: Fix already in AOSP
Change-Id: I0c66fb5e35cda3b1799cf003402e454d7a951e96
 2022-01-12 14:34:33 +00:00
Gregory Montoir
1a6b37d838 Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} 
File accesses go through com.android.ddmlib.SyncService for CTS
ListeningPortsTest.

Bug: 201645790
Test: atest ListeningPortsTest
Ignore-AOSP-First: Fix already in AOSP
Change-Id: I0c66fb5e35cda3b1799cf003402e454d7a951e96
 2022-01-12 14:33:22 +00:00
Yabin Cui
927d7a752b Restrict write access to etm sysfs interface. 
Bug: 213519191
Test: boot device
Change-Id: I40d110baea5593a597efa3c14fd0adecee23fc0f
 2022-01-11 14:12:52 -08:00
Maurice Lam
2e38cfa2f7 Make virtual_device_service accessible from CTS 
This is safe because methods in VirtualDeviceManager are guarded by
the internal|role permission CREATE_VIRTUAL_DEVICE, and all subseuqent
methods can only be called on the returned binder.

Fixes: 209527778
Test: Manual
Change-Id: I60a5cf76eec1e45803cf09ab4924331f7c12ced4
 2022-01-11 13:21:14 -08:00
Treehugger Robot
036739098b Merge "Support for APEX updatable sepolicy" am: 175f50137e am: 97e23e0f40 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1922440

Change-Id: I6e4f8fc54cb301062b235534de6daa5ab7e8ae65
 2022-01-11 14:23:25 +00:00
Treehugger Robot
97e23e0f40 Merge "Support for APEX updatable sepolicy" am: 175f50137e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1922440

Change-Id: I27c61f26a7aa167d8003387c902f4396768bc1d5
 2022-01-11 14:06:52 +00:00
Treehugger Robot
175f50137e Merge "Support for APEX updatable sepolicy" 2022-01-11 13:49:24 +00:00
Jeff Vander Stoep
f9348b5509 Support for APEX updatable sepolicy 
Builds:
 - sepolicy_test - file that init mounts in /dev/selinux to demonstrate
   that updatable sepolicy is loaded.
 - apex_sepolicy.cil - Initially includes a rule allowing shell
   to read sepolicy_test.
 - apex_file_contexts - Initially includes mapping of
    /dev/selinux/sepolicy_test.
 - apex_sepolicy.sha256. Used by init to determine of
    precompiled_sepolicy can be used.
 - apex_service_contexts - Currently empty.
 - apex_property_contexts - Currently empty.
 - apex_seapp_contexts - Currently empty.

Bug: 199914227
Test: Build, boot, ls -laZ /dev/selinux/sepolicy_test
Change-Id: I6aa625dda5235c6e7a0cfff777a9e15606084c12
 2022-01-11 12:52:09 +01:00
Jeremy Meyer
d8a3c2b156 Add resources_manager_service 
Test: manual, calling the service with `adb shell cmd` works
Bug: 206615535
Change-Id: I8d3b945f6abff352991446e5d88e5a535a7f9ccf
 2022-01-10 23:03:42 +00:00
Michael Rosenfeld
dea57851db Merge "Allow the shell to disable charging." am: 30aace3ebe am: bd58116534 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1899603

Change-Id: I3be5e790e3b3f31b3b47bad336800e7ddaeff789
 2022-01-10 22:38:14 +00:00
Florian Mayer
b59cf00842 Merge "[MTE] Allow system_app to write memtag property." am: 11db93a15b am: 4cb849bc8f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1931217

Change-Id: Ifa7759266cfb6519185cccb54996b6f15640b237
 2022-01-10 22:37:58 +00:00
Michael Rosenfeld
bd58116534 Merge "Allow the shell to disable charging." am: 30aace3ebe 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1899603

Change-Id: I194c507539ba42eb5b44a2854f38ea9d838c2333
 2022-01-10 22:26:42 +00:00
Michael Rosenfeld
30aace3ebe Merge "Allow the shell to disable charging." 2022-01-10 22:18:49 +00:00
Florian Mayer
4cb849bc8f Merge "[MTE] Allow system_app to write memtag property." am: 11db93a15b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1931217

Change-Id: Ie281b46d759c655064ee62c0441e5c58d389ea55
 2022-01-10 22:17:27 +00:00
Florian Mayer
11db93a15b Merge "[MTE] Allow system_app to write memtag property." 2022-01-10 21:12:02 +00:00
Michael Rosenfeld
5425c870f9 Allow the shell to disable charging. 
Bug: 204184680
Test: manual and through instrumentation
Change-Id: I1fe9b35d51140eccba9c05c956875c512de447b1
 2022-01-10 10:36:01 -08:00
Treehugger Robot
c2e7aae15f Merge "Remove obsolete ioctl allow" am: a394cfca86 am: 495a9b3567 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1938479

Change-Id: I314dd90a2c88938a413084b671836a397f8e7cab
 2022-01-10 13:14:39 +00:00
Inseob Kim
4dd5654c65 Merge "Use "data: libsepolwrap" in python binaries" am: d93c2f7a45 am: 74fd5037d8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1934164

Change-Id: Iec3d1e69e113889148568c4af18aaf83a1e5c568
 2022-01-10 13:14:29 +00:00
Treehugger Robot
495a9b3567 Merge "Remove obsolete ioctl allow" am: a394cfca86 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1938479

Change-Id: Ie3933605a85d779bc40175a0e5113cfefe040754
 2022-01-10 13:01:27 +00:00
Inseob Kim
74fd5037d8 Merge "Use "data: libsepolwrap" in python binaries" am: d93c2f7a45 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1934164

Change-Id: I973abdc34d7d8e1938fa46ecb7dc906dd2d5c192
 2022-01-10 13:01:07 +00:00
Treehugger Robot
a394cfca86 Merge "Remove obsolete ioctl allow" 2022-01-10 12:45:01 +00:00
Inseob Kim
d93c2f7a45 Merge "Use "data: libsepolwrap" in python binaries" 2022-01-10 12:44:27 +00:00
Inseob Kim
b8b9a4f263 Merge "Migrate seapp_contexts to Android.bp" am: 483c0b3a7d am: 7de146d25d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1934165

Change-Id: I72ed83491a46ea94947a8883fdb9bb8ed3c3faa6
 2022-01-10 11:51:12 +00:00
Inseob Kim
7de146d25d Merge "Migrate seapp_contexts to Android.bp" am: 483c0b3a7d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1934165

Change-Id: I689882479c139822bf14eea51817e883d20dbcea
 2022-01-10 11:30:08 +00:00
Inseob Kim
483c0b3a7d Merge "Migrate seapp_contexts to Android.bp" 2022-01-10 11:15:28 +00:00