Mohammed Rashidy
4d67e0d02b
Revert "Updates sepolicy for EVS HAL" am: 418f41ad13
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1979386
Change-Id: If3080898b802cf7551c01c9425499591b815da6b
2022-02-10 11:55:30 +00:00
Mohammed Rashidy
418f41ad13
Revert "Updates sepolicy for EVS HAL"
...
Revert submission 1967140-EVS_sepolicy_updates_T
Reason for revert: triggered revert due to breakage https://android-build.googleplex.com/builds/quarterdeck?branch=git_master&target=cf_x86_64_auto-userdebug&lkgb=8168894&lkbb=8168958&fkbb=8168947 , bug b/218802298
Reverted Changes:
I730d56ab1:Allows hal_evs_default to read directories
I2df8e10f5:Updates sepolicy for EVS HAL
Ie6cb3e269:Adds a sepolicy for EVS manager service
Change-Id: I1cc37b0e56646db61bdb34cb209aefe7376c5a50
2022-02-10 10:07:44 +00:00
Sandro Montanari
d20a77319a
Merge "Allow apexd to write to /metadata/sepolicy" am: 306fca99db
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1965103
Change-Id: I1aecfb46a194d837c62ac3ad14f84f03f5920a9b
2022-02-10 10:01:30 +00:00
Sandro Montanari
306fca99db
Merge "Allow apexd to write to /metadata/sepolicy"
2022-02-10 09:41:34 +00:00
Treehugger Robot
177cf20196
Merge changes from topic "EVS_sepolicy_updates_T" am: 2cedd28cf9
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1967009
Change-Id: I6e25a9c2f0030539b1bbf5892c4fd51f931053b7
2022-02-10 08:12:58 +00:00
Treehugger Robot
2cedd28cf9
Merge changes from topic "EVS_sepolicy_updates_T"
...
* changes:
Updates sepolicy for EVS HAL
Adds a sepolicy for EVS manager service
2022-02-10 08:02:04 +00:00
Maciej Żenczykowski
960f03e7e6
Merge "bpfdomain: attribute for domain which can use BPF" am: 337e6b1e1c
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1978573
Change-Id: I4dfb42eedfec394488dea73910f11b23f08cfb92
2022-02-10 07:25:40 +00:00
Maciej Żenczykowski
337e6b1e1c
Merge "bpfdomain: attribute for domain which can use BPF"
2022-02-10 07:08:22 +00:00
Treehugger Robot
2379b4582c
Merge "Fix se_policy_conf file output stem" am: 099b15ea2e
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1978386
Change-Id: I7ad40cc5750a49f77ff015d979e140d357c1892d
2022-02-10 03:24:26 +00:00
Treehugger Robot
099b15ea2e
Merge "Fix se_policy_conf file output stem"
2022-02-10 03:08:30 +00:00
Changyeon Jo
a083d7a8d8
Updates sepolicy for EVS HAL
...
This CL updates hal_evs_default to be sufficient for the defautl EVS HAL
implementation and modifies other services' policies to be able to
communicate with EVS HAL implementations
Bug: 217271351
Test: m -j selinux_policy and Treehugger
Change-Id: I2df8e10f574d62f8b84e0ff0381656ab1b18b52f
2022-02-10 01:42:59 +00:00
Changyeon Jo
5c3bc58163
Adds a sepolicy for EVS manager service
...
Bug: 170401743
Bug: 216727303
Test: m -j selinux_policy and TreeHugger
Change-Id: Ie6cb3e269fc46a61b56ca93efd69fbc447da0e3d
2022-02-10 01:42:21 +00:00
Steven Moreland
6598175e06
bpfdomain: attribute for domain which can use BPF
...
Require all domains which can be used for BPF to be marked as
bpfdomain, and add a restriction for these domains to not
be able to use net_raw or net_admin. We want to make sure the
network stack has exclusive access to certain BPF attach
points.
Bug: 140330870
Bug: 162057235
Test: build (compile-time neverallows)
Change-Id: I29100e48a757fdcf600931d5eb42988101275325
2022-02-10 00:34:50 +00:00
Yabin Cui
4906441dc5
Merge "profcollectd: allow to call callbacks registered by system_server." am: c30b45e242
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1973763
Change-Id: Id7138581429d7a7a4d03e8df35cd6d5e6f669490
2022-02-09 18:21:42 +00:00
Yabin Cui
c30b45e242
Merge "profcollectd: allow to call callbacks registered by system_server."
2022-02-09 18:09:59 +00:00
Steven Moreland
4e83d24871
Merge "Allow BPF programs from vendor." am: 2536bf9dac
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1189663
Change-Id: I71bbd8460727eff793dd59d5c5b1d8dcc963fdde
2022-02-09 17:45:41 +00:00
Steven Moreland
2536bf9dac
Merge "Allow BPF programs from vendor."
2022-02-09 17:28:16 +00:00
sandrom
e9a5e7ca6c
Allow apexd to write to /metadata/sepolicy
...
Test: manual tests
Bug: 218672709
Change-Id: I91e173cc41bca0f8fd62d5a783e514f6bbb0e214
2022-02-09 15:11:06 +00:00
Inseob Kim
6c5fa54a8b
Fix se_policy_conf file output stem
...
OutputFileProducer interface has been returning "conf", not the
designated stem.
Test: try including se_policy_conf module as other module's srcs
Change-Id: I17de5e10ed9bd1d45dc9a8b1be11ea6f5290c179
2022-02-09 23:35:43 +09:00
Jayant Chowdhary
4c51fa993e
Merge "System wide sepolicy changes for aidl camera hals." am: b00bf9d282
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1975831
Change-Id: Ie9b95c5b231a014d0123271b5cfd63f20b9519db
2022-02-09 03:23:54 +00:00
Jayant Chowdhary
b00bf9d282
Merge "System wide sepolicy changes for aidl camera hals."
2022-02-09 03:08:37 +00:00
Steven Moreland
c27d24c37c
Allow BPF programs from vendor.
...
Who needs all those context switches?
bpfloader controls which types of vendor programs can be used.
Bug: 140330870
Bug: 162057235
Test: successfully load bpf programs from vendor
Change-Id: I36e4f6550da33fea5bad509470dfd39f301f13c8
2022-02-08 22:46:54 +00:00
Thiébaud Weksteen
d41e2add90
Merge "Allow policy tests to support space in file names" am: c3ae0ceaee
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1968402
Change-Id: I0b73db62b9b83efd02f65e0bada75695a47a7447
2022-02-08 22:00:19 +00:00
Thiébaud Weksteen
c3ae0ceaee
Merge "Allow policy tests to support space in file names"
2022-02-08 21:48:17 +00:00
Treehugger Robot
5d45c0bc91
Merge "Add rule to allow servicemanager to call the hostapd service." am: 14db21eafa
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1975506
Change-Id: Ic364766d3356c3d0936215f06ab119fd30412ea7
2022-02-08 20:33:59 +00:00
Treehugger Robot
14db21eafa
Merge "Add rule to allow servicemanager to call the hostapd service."
2022-02-08 20:17:15 +00:00
Christine Franks
bdb8275788
Merge "Add uhid_device to system_server" am: c98bde94c4
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1972819
Change-Id: I7faf091b6ac4d6dddafaaf30e035d097ba8dd444
2022-02-08 18:48:19 +00:00
Treehugger Robot
c6530c9486
Merge "Rename property for default MTE mode." am: 0fc6fae857
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1975306
Change-Id: I55a2c07b0d45df1a7ed3d3f03308a123a8812910
2022-02-08 18:41:06 +00:00
Gabriel Biren
d59d96c476
Add rule to allow servicemanager to call
...
the hostapd service.
Needed in order to allow hostapd to
receive a callback from servicemanager
when the active service count changes.
Bug: 213475388
Test: atest VtsHalHostapdTargetTest
Change-Id: I3a5ec8219d23227fab85325f90d8b4aee6c76973
2022-02-08 18:00:15 +00:00
Christine Franks
c98bde94c4
Merge "Add uhid_device to system_server"
2022-02-08 17:13:32 +00:00
Treehugger Robot
0fc6fae857
Merge "Rename property for default MTE mode."
2022-02-08 16:47:32 +00:00
Treehugger Robot
0b2fe7bba9
Merge "Allow reading hypervisor capabilities" am: e335de9aeb
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1974460
Change-Id: I0fd8a7a9f35ed63f78bea52028935705750c0a7a
2022-02-08 11:54:28 +00:00
Treehugger Robot
e335de9aeb
Merge "Allow reading hypervisor capabilities"
2022-02-08 11:49:33 +00:00
Treehugger Robot
46f9d2ebc4
Merge "bpfloader: use kernel logs" am: 2e468b48c5
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1975407
Change-Id: Ica35494fc1df34ebb9ccfd82c2aa1d5e658e4463
2022-02-08 11:48:26 +00:00
Treehugger Robot
2e468b48c5
Merge "bpfloader: use kernel logs"
2022-02-08 10:51:39 +00:00
Jayant Chowdhary
e3019be3db
System wide sepolicy changes for aidl camera hals.
...
Bug: 196432585
Test: Camera CTS
Change-Id: I0ec0158c9cf82937d6c00841448e6e42f6ff4bb0
Signed-off-by: Jayant Chowdhary <jchowdhary@google.com>
2022-02-08 09:37:17 +00:00
Treehugger Robot
5b2f49942b
Merge "Allow priv-app to report off body events to keystore." am: d83aba62f6
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1973028
Change-Id: I9b990153f44fb93b4ee09b25e4efb6bd492d7fc0
2022-02-07 23:57:28 +00:00
Shubang Lu
04a33ef734
Merge "SE policy: rename iapp -> interactive_app" am: 3885ab88c5
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1956658
Change-Id: I6e469662688bb7d91af5c7070063763b49dc0900
2022-02-07 23:57:01 +00:00
Treehugger Robot
d83aba62f6
Merge "Allow priv-app to report off body events to keystore."
2022-02-07 23:46:05 +00:00
Shubang Lu
3885ab88c5
Merge "SE policy: rename iapp -> interactive_app"
2022-02-07 23:45:28 +00:00
Steven Moreland
233d4aabf6
bpfloader: use kernel logs
...
Boots early. logd no workie!
Bug: 210919187
Test: see bpfloader logs
Change-Id: I313f55b0a6e1164fdffeb2d07952988d5e560ae7
2022-02-07 23:16:55 +00:00
Josh Yang
8be76c8e5c
Allow priv-app to report off body events to keystore.
...
Bug: 183564407
Test: the selinux error is gone.
Change-Id: I6783528a0ca6c94781b6c12d96ffebbfe8b25594
Merged-In: If40c2883edd39bee8e49e8e958eb12e9b29a0fe0
2022-02-07 22:42:51 +00:00
Florian Mayer
6020c42f2b
Rename property for default MTE mode.
...
This was requested in aosp/1959650.
Change-Id: I96f8771a39606b0934e4455991a6a34aea40235b
2022-02-07 11:27:20 -08:00
Treehugger Robot
2f94a92cdc
Merge "Allow microdroid_manager to BLKFLSBUF on the instance disk" am: 03b3b18c70
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1974319
Change-Id: I3065a65bd2c5bb4f780dfac95c9e5143f0990883
2022-02-07 11:59:23 +00:00
Treehugger Robot
03b3b18c70
Merge "Allow microdroid_manager to BLKFLSBUF on the instance disk"
2022-02-07 11:44:54 +00:00
Alan Stokes
55803ca572
Allow reading hypervisor capabilities
...
System server needs to do this to know whether a suitable VM for
CompOS can be created. System server does not need the ability to
actually start a VM, so we don't grant that.
Bug: 218276733
Test: Presubmits
Change-Id: Ibb198ad55819aa924f1bfde68ce5b22c89dca088
2022-02-07 11:33:18 +00:00
shubang
a1b9f186fb
SE policy: rename iapp -> interactive_app
...
Bug: 205738783
Test: cuttlefish
Change-Id: I15fd60a2dba79dd5e2a3cf57ed542e5a930680f1
Merged-In: I15fd60a2dba79dd5e2a3cf57ed542e5a930680f1
2022-02-07 07:54:32 +00:00
Treehugger Robot
7defe78f93
Merge "Implement compat file generator" am: f7a825bc46
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1958842
Change-Id: I9f8cad39e2d14999c1afd1d4e2b1c88994c20a99
2022-02-07 06:29:06 +00:00
Treehugger Robot
f7a825bc46
Merge "Implement compat file generator"
2022-02-07 06:15:18 +00:00
Jiyong Park
30c416a4bd
Allow microdroid_manager to BLKFLSBUF on the instance disk
...
Microdroid_manager uses the ioctl to flush data to the block device.
Bug: 208639280
Test: atest MicrodroidTestApp
Change-Id: Icd708702618850e1f003b16bdc8a1698c45f6442
2022-02-07 15:13:22 +09:00