Commit 9a5992336e changed the label of
/data/vendor_de. Unfortunately some devices with very old tz applets
store fingerprint configuration directly in /data/vendor_de.
Since we do not have source code access and we cannot modify/hex patch
the tz applet because it is signed, use the existing
data_between_core_and_vendor_violators attribute to make fingerprint
work again on these devices.
Test: m
Change-Id: Ibb78f837ff808fc5e15c4b790105c07f4501a08b
* ATV can't use the newer mobile method for ADB over Wi-Fi
as ethernet is a massive usecase for us, and that implementation
refuses to play nicely with any interface but Wi-Fi.
* Therefore, to avoid having to carry the crappy intermediate prop
solutions in device/lineage/atv, relax this, as it's still a
system namespace and still a limited context that is allowed to
set the property.
Change-Id: Id87ebae6d0552bb8b9faac3114dca42128eaf5b0
sys.boot.reason.last needs to be readable by SysUI to correctly display the reason why authentication is required to unlock the phone.
Bug: 299327097
Test: presubmit
Change-Id: I9f83ade92858056609bc665ecb6ce9b93eb051e4
* Since we can't use contextmount_type for sdcard_posix
due to contextmount_type being read only by design we
need to declare our own attribute to bypass relabelto
neverallow. That way we can mount external ext4/f2fs
SD with sdcard_posix context and write permissions.
Test: m -j selinux_policy
Change-Id: I0dfe49cc0b34dfcce2840198843bde1272cbc61c
These three files, general_sepolicy.conf / mapping.cil /
plat_sepolicy.cil will be used to test vendor sepolicy's neverallow
rules.
Bug: 330671085
Test: build
Change-Id: I763c9a1e647d614b84c0f7fe3d69affbe64f6153
Merged-In: I763c9a1e647d614b84c0f7fe3d69affbe64f6153
(cherry picked from commit 6f18a17ff8)
This reverts commit 840041d5d2.
Reason for revert: 202404 prebuilts must not be changed since freeze.
Change-Id: I320fde8de611ad4ae1546f4ce754871a0646dcc4
Unfortunately 202404 sepolicy changed a little after vendor API freeze.
Bug: 279809333
Test: build
Change-Id: Ib690abbe0cf04cd3bd55b7a82124a284782ed335
Since 202404, vendor components will use /system/bin/sh for system(3),
popen(3), etc.
Bug: 324142245
Test: system("readlink /proc/$$/exe") in vendor HALs
Change-Id: I521499678e87a7d0216a276e014888867f495803
(cherry picked from commit f0ba322926)
The default policy for the "lockdown" access vector on Android was
introduced in commit bcfca1a6. While the "confidentiality" permission
was granted to all processes, the "integrity" was marked as
neverallowed.
Upstream, the support for that access vector was removed from kernel
5.16 onwards.
It was found that the "integrity" permission either does not apply to
Android or duplicates other access control (e.g., capabilities
sys_admin).
Instead of simply removing the neverallow rule, the access is granted to
all processes. This will prevent the proliferation of references to this
access vector in vendors' policies and ultimately facilitate its
removal.
Test: presubmit
Bug: 285443587
Bug: 269377822
Bug: 319390252
Change-Id: If2ad34fbbf2c0d29ac54ab5d1be430623f86f1f7
(cherry picked from commit 99a4cbcee7)
Merged-In: If2ad34fbbf2c0d29ac54ab5d1be430623f86f1f7
This includes rules for starting Perfetto as well as rules for
communicating over stdio between Perfetto and system_server.
This is a cherrypick of aosp/2958867 with prebuilts updated.
Bug: 325709490
Test: Presubmit
Change-Id: I7e4c044a6a2afb48c33d65cc421e797d77aacc12
Merged-In: I7e4c044a6a2afb48c33d65cc421e797d77aacc12
In AVF, virtualizationmanager checks the selinux label of given disk
image for proving whether the given image is edited maliciously.
Existing one(vendor_configs_file, /vendor/etc/*) was too wide to
use for this purpose.
Bug: 325709490
Bug: 285854379
Test: m
Merged-In: I6c966c92b238a2262d2eb7f41041ed4c359e9e0a
Change-Id: I6c966c92b238a2262d2eb7f41041ed4c359e9e0a
(cherry picked from commit d2a0892121)
Description:
Since the Android N project uses Keymaster 1.5 and added full disk encryption support in vold when upgrading to Android T, the SELinux rules need to allow vold to use the keymaster HAL directly.
Bug: 319506037
Change-Id: Ib21c59156a6de0c2b148e33de2fe8efb3606e697
Relaxation of SELinux policies to allow users of libstagefright and
MediaCodec to be able to query server-side configurable flags.
Bug: 301372559
Bug: 301250938
Bug: 308043377
Fixes: 308043377
Test: run cts -m CtsSecurityHostTestCases
Change-Id: I72670ee42c268dd5747c2411d25959d366dd972c
Merged-In: I95aa6772a40599636d109d6960c2898e44648c9b
(cherry picked from commit 1b32bccc1a)
A new label for ./apex_manifest.pb and ./ entries in vendor apexes. This
is read-allowed by a few system components which need to read "apex" in
general. For example, linkerconfig needs to read apex_manifest.pb from
all apexes including vendor apexes.
Previously, these entries were labelled as system_file even for vendor
apexes.
Bug: 285075529
Bug: 308058980
Test: m && launch_cvd
Test: atest VendorApexHostTestsCases
Change-Id: Icc234bf604e3cafe6da81d21db744abfaa524dcf
Merged-In: Icc234bf604e3cafe6da81d21db744abfaa524dcf
sys.boot.reason.last needs to be readable by SysUI to correctly display the reason why authentication is required to unlock the phone.
Bug: 299327097
Bug: 308058980
Test: presubmit
Change-Id: I9f83ade92858056609bc665ecb6ce9b93eb051e4
Merged-In: I9f83ade92858056609bc665ecb6ce9b93eb051e4
Bug: 228638448
Bug:313817413
Test: Manually following face virtual hal provisioning procedure
Change-Id: I1f61b687be4abe53c62c21769fb57dc9cf9daf45
Merged-In: I1f61b687be4abe53c62c21769fb57dc9cf9daf45
This reverts commit e2bd44d48d.
Reason for revert: 2nd attempt to add the policy change
Bug: 308058980
Test: m selinux_policy
Change-Id: I5b9a102879a65917d496ba2194187ddd2b4545d1
Merged-In: I5b9a102879a65917d496ba2194187ddd2b4545d1
This reverts commit c6227550f7.
Reason for revert: Faulty merging paths have been removed
Change-Id: Icf56c2e977c5517af63e206a0090159e43dd71eb
Merged-In: Ie947adff00d138426d4703cbb8e7a8cd429c2272
