tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
47509 commits 1 branch 0 tags 50 MiB
Commit graph

1156 commits

Author SHA1 Message Date
Inseob Kim
c35639d615 Sync 202404 prebuilts 
Unfortunately 202404 sepolicy changed a little after vendor API freeze.

Bug: 279809333
Test: build
Change-Id: Ib690abbe0cf04cd3bd55b7a82124a284782ed335
 2024-03-13 13:18:05 +09:00
Devin Moore
1f93d9bca5 Vendor API level 202404 is now frozen 
Bug: 279809333
Test: build
Change-Id: If6ef4c3b02d06212923e757fb68aa74e38c68db3
(cherry picked from commit 39dd515546)
 2024-03-11 14:30:35 +09:00
Jooyung Han
c6d23b47d8 Merge "Relax neverallows for vendor to use /system/bin/sh" into android14-tests-dev am: a1260cfa21 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2988072

Change-Id: If21747c23ef463345f1f2e19e0c389e084b2fd90
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-03-06 06:58:55 +00:00
Jooyung Han
a1260cfa21 Merge "Relax neverallows for vendor to use /system/bin/sh" into android14-tests-dev 2024-03-06 06:18:53 +00:00
Treehugger Robot
9dba1b8892 Merge "Grant lockdown integrity to all processes" into android14-tests-dev 2024-03-06 06:18:07 +00:00
Jooyung Han
6ece857f4f Relax neverallows for vendor to use /system/bin/sh 
Since 202404, vendor components will use /system/bin/sh for system(3),
popen(3), etc.

Bug: 324142245
Test: system("readlink /proc/$$/exe") in vendor HALs
Change-Id: I521499678e87a7d0216a276e014888867f495803
(cherry picked from commit f0ba322926)
 2024-03-05 19:09:05 +09:00
Thiébaud Weksteen
c1b65e5d53 Grant lockdown integrity to all processes 
The default policy for the "lockdown" access vector on Android was
introduced in commit bcfca1a6. While the "confidentiality" permission
was granted to all processes, the "integrity" was marked as
neverallowed.

Upstream, the support for that access vector was removed from kernel
5.16 onwards.

It was found that the "integrity" permission either does not apply to
Android or duplicates other access control (e.g., capabilities
sys_admin).

Instead of simply removing the neverallow rule, the access is granted to
all processes. This will prevent the proliferation of references to this
access vector in vendors' policies and ultimately facilitate its
removal.

Test: presubmit
Bug: 285443587
Bug: 269377822
Bug: 319390252
Change-Id: If2ad34fbbf2c0d29ac54ab5d1be430623f86f1f7
(cherry picked from commit 99a4cbcee7)
Merged-In: If2ad34fbbf2c0d29ac54ab5d1be430623f86f1f7
 2024-02-28 18:10:29 -08:00
Carmen Jackson
77b2e52f74 Add rules for Perfetto to be used from system_server 
This includes rules for starting Perfetto as well as rules for
communicating over stdio between Perfetto and system_server.

This is a cherrypick of aosp/2958867 with prebuilts updated.

Bug: 325709490
Test: Presubmit
Change-Id: I7e4c044a6a2afb48c33d65cc421e797d77aacc12
Merged-In: I7e4c044a6a2afb48c33d65cc421e797d77aacc12
 2024-02-27 04:22:31 +00:00
Seungjae Yoo
c3052c9ab0 Introduce vendor_microdroid_file for microdroid vendor image 
In AVF, virtualizationmanager checks the selinux label of given disk
image for proving whether the given image is edited maliciously.
Existing one(vendor_configs_file, /vendor/etc/*) was too wide to
use for this purpose.

Bug: 325709490
Bug: 285854379
Test: m
Merged-In: I6c966c92b238a2262d2eb7f41041ed4c359e9e0a
Change-Id: I6c966c92b238a2262d2eb7f41041ed4c359e9e0a
(cherry picked from commit d2a0892121)
 2024-02-23 11:36:29 +09:00
Changyeon Jo
d16bdc461f [RESTRICT AUTOMERGE] Allow dumpstate to make binder IPC to automotive display service 
Bug: 280837170
Bug: 313360015
Test: atest android.security.cts.SELinuxHostTest#testNoBugreportDenials
Change-Id: I8239ba23bb60b95e7dd07a4c8a99167f1e08192b
(cherry picked from commit 152a2f1755)
 2024-02-13 05:16:32 +00:00
Peter Lee
d3db89de5b Modify SELinux rules to allow vold to use the keymaster HAL directly. am: b1c857c824 am: 769bbce026 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2929772

Change-Id: I6d9e77b0889fad22a6006972a1ba90ecd87fba8f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-01 23:08:23 +00:00
Peter Lee
769bbce026 Modify SELinux rules to allow vold to use the keymaster HAL directly. am: b1c857c824 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2929772

Change-Id: I89c192fc02b8bb215cc52b8a4091930896595b21
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-01 22:24:27 +00:00
Peter Lee
b1c857c824 Modify SELinux rules to allow vold to use the keymaster HAL directly. 
Description:
Since the Android N project uses Keymaster 1.5 and added full disk encryption support in vold when upgrading to Android T, the SELinux rules need to allow vold to use the keymaster HAL directly.

Bug: 319506037

Change-Id: Ib21c59156a6de0c2b148e33de2fe8efb3606e697
 2024-02-01 06:32:23 +00:00
Inseob Kim
f447f4a624 Remove hal_face_service virtual entry 
Bug: 317187030
Test: TH
Change-Id: I309eb8091532a88ecd0af354399437fec3bcfa25
Merged-In: I1f61b687be4abe53c62c21769fb57dc9cf9daf45
 2024-01-30 10:08:04 +09:00
Inseob Kim
4a14ebeb3e Remove vfio_handler entry 
Bug: 313817413
Test: TH
Change-Id: I2f68b85f3b91e687eb1f885023d374869d0a7ce5
Merged-In: I5559dfca1a29852b65481c95f37edc9977ee9d7d
 2023-12-14 18:06:19 +09:00
Brian Lindahl
46668eaca7 Merge "Allow for server-side configuration of libstagefright" into android14-tests-dev 2023-12-13 06:00:07 +00:00
Treehugger Robot
5732cf8282 Merge "Introduce vendor_apex_metadata_file" into android14-tests-dev 2023-12-11 23:48:39 +00:00
Brian Lindahl
660e460e8c Allow for server-side configuration of libstagefright 
Relaxation of SELinux policies to allow users of libstagefright and
MediaCodec to be able to query server-side configurable flags.

Bug: 301372559
Bug: 301250938
Bug: 308043377
Fixes: 308043377
Test: run cts -m CtsSecurityHostTestCases
Change-Id: I72670ee42c268dd5747c2411d25959d366dd972c
Merged-In: I95aa6772a40599636d109d6960c2898e44648c9b
(cherry picked from commit 1b32bccc1a)
 2023-12-11 23:02:32 +00:00
Treehugger Robot
8deb864534 Merge "Making sys.boot.reason.last restricted" into android14-tests-dev 2023-12-06 12:53:05 +00:00
Jooyung Han
157848354e Introduce vendor_apex_metadata_file 
A new label for ./apex_manifest.pb and ./ entries in vendor apexes. This
is read-allowed by a few system components which need to read "apex" in
general. For example, linkerconfig needs to read apex_manifest.pb from
all apexes including vendor apexes.

Previously, these entries were labelled as system_file even for vendor
apexes.

Bug: 285075529
Bug: 308058980
Test: m && launch_cvd
Test: atest VendorApexHostTestsCases
Change-Id: Icc234bf604e3cafe6da81d21db744abfaa524dcf
Merged-In: Icc234bf604e3cafe6da81d21db744abfaa524dcf
 2023-12-05 15:42:14 +11:00
Alexei Nicoara
c2af2e2ec4 Making sys.boot.reason.last restricted 
sys.boot.reason.last needs to be readable by SysUI to correctly display the reason why authentication is required to unlock the phone.

Bug: 299327097
Bug: 308058980
Test: presubmit
Change-Id: I9f83ade92858056609bc665ecb6ce9b93eb051e4
Merged-In: I9f83ade92858056609bc665ecb6ce9b93eb051e4
 2023-12-05 14:56:03 +11:00
Jeff Pu
e0755e0d68 Add biometric face virtual hal service 
Bug: 228638448
Bug:313817413
Test: Manually following face virtual hal provisioning procedure
Change-Id: I1f61b687be4abe53c62c21769fb57dc9cf9daf45
Merged-In: I1f61b687be4abe53c62c21769fb57dc9cf9daf45
 2023-12-01 03:16:38 +00:00
Thiébaud Weksteen
efa4cf8469 Prebuilt updates am: 448968a6d1 am: 084b293596 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2848878

Change-Id: If8cc1dbc910cb2fec2d4996c1a2f8fef602472cc
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-29 06:56:58 +00:00
Thiébaud Weksteen
084b293596 Prebuilt updates am: 448968a6d1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2848878

Change-Id: I991e63e36e9e680edfd21e4a20293ae779caffcb
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-29 06:25:40 +00:00
Yu-Ting Tseng
086e1f0eaa Revert "Revert "SELinux policy changes for uprobe."" 
This reverts commit e2bd44d48d.

Reason for revert: 2nd attempt to add the policy change

Bug: 308058980
Test: m selinux_policy
Change-Id: I5b9a102879a65917d496ba2194187ddd2b4545d1
Merged-In: I5b9a102879a65917d496ba2194187ddd2b4545d1
 2023-11-29 06:12:36 +00:00
Thiébaud Weksteen
448968a6d1 Prebuilt updates 
Bug: 308058980
Test: m selinux_policy
Change-Id: I23b2265340002b4b9f8d15ad0a8e8324aa0f94e1
 2023-11-29 06:01:56 +00:00
Thiébaud Weksteen
fa2999a627 Revert^2 "Add permission for VFIO device binding" 
This reverts commit c6227550f7.

Reason for revert: Faulty merging paths have been removed

Change-Id: Icf56c2e977c5517af63e206a0090159e43dd71eb
Merged-In: Ie947adff00d138426d4703cbb8e7a8cd429c2272
 2023-11-21 02:18:30 +00:00
Thiébaud Weksteen
90945326cd Revert "Prebuilt updates for aosp/2827450" am: b460885e50 am: c541c1eb80 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2830890

Change-Id: I6d5f197c9cb4a1728e0bd6bc9acf220f05ed05de
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-15 03:34:07 +00:00
Thiébaud Weksteen
c541c1eb80 Revert "Prebuilt updates for aosp/2827450" am: b460885e50 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2830890

Change-Id: Ief55d435dff2e58e463d4498fb3cf5740af8d21d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-15 03:02:23 +00:00
Thiébaud Weksteen
b460885e50 Revert "Prebuilt updates for aosp/2827450" 
This reverts commit 74ec7d8343.

Reason for revert: Tests are still failing

Change-Id: Ic7dcd5fb4703cfe476f74835782b99d5848ed738
 2023-11-14 23:37:47 +00:00
Sandro Montanari
8dab5407de Prebuilt updates for aosp/2827450 am: 74ec7d8343 am: 20d6a0ec30 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2828198

Change-Id: I7780eb835be7dafc39865ac6446b416c7d96ed77
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-14 18:51:08 +00:00
Sandro Montanari
20d6a0ec30 Prebuilt updates for aosp/2827450 am: 74ec7d8343 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2828198

Change-Id: Idce3a100d6c6db0d90f21142baf1158185bd97e1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-14 18:16:13 +00:00
Sandro Montanari
74ec7d8343 Prebuilt updates for aosp/2827450 
Bug: 295861450
Test: presubmits

Merged-In: I3d36a17697623f51618913d16ed4d3ea2ccf923b
Change-Id: I3f031449457a7cf8912b17c3eac4b7aa82710d58
 2023-11-14 15:07:54 +00:00
Inseob Kim
c6227550f7 Revert "Add permission for VFIO device binding" 
This reverts commit 901385f711.

Reason for revert: breaking build

Change-Id: Ib936ca7c347b657b94bb44692cd0e9ceee5db55a
Merged-In: Ie947adff00d138426d4703cbb8e7a8cd429c2272
 2023-11-14 08:41:48 +00:00
Inseob Kim
901385f711 Add permission for VFIO device binding 
vfio_handler will bind platform devices to VFIO driver, and then
return a file descriptor containing DTBO. This change adds
permissions needed for that.

Bug: 278008182
Bug: 308058980
Test: adb shell /apex/com.android.virt/bin/vm run-microdroid \
      --devices /sys/bus/platform/devices/16d00000.eh --protected
Change-Id: Ie947adff00d138426d4703cbb8e7a8cd429c2272
Merged-In: Ie947adff00d138426d4703cbb8e7a8cd429c2272
(cherry picked from commit 825056de9a)
 2023-11-14 01:56:24 +00:00
Rhed Jao
ebe1316695 Create sepolicy for allowing system_server rw in /metadata/repair-mode 
Bug: 277561275
Test: ls -all -Z /metadata/repair-mode
Change-Id: Ie27b6ef377bb3503e87fbc5bb2446bc0de396123
 2023-10-23 13:38:38 +11:00
Thiébaud Weksteen
642a37cf31 Update 34.0 prebuilts for gmscore_app am: 26b0676c04 am: f71e64f518 am: f23fbc9242 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/24965007

Change-Id: I40810d10ef0ae524b427cdb2480139fc80ef0dac
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-10-06 11:01:21 +00:00
Thiébaud Weksteen
f23fbc9242 Update 34.0 prebuilts for gmscore_app am: 26b0676c04 am: f71e64f518 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/24965007

Change-Id: I88db0dd48363b77710701f64e09befa802155de1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-10-06 10:27:06 +00:00
Thiébaud Weksteen
f71e64f518 Update 34.0 prebuilts for gmscore_app am: 26b0676c04 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/24965007

Change-Id: I902e0afc48e14b22f415451386948f3b9eb969d3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-10-06 09:50:55 +00:00
Thiébaud Weksteen
71a0fcaacc Ignore non-API access by gmscore_app am: 9712670bb3 am: 774179cea8 am: bb1c4586e4 am: d2ce0987b3 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/24947462

Change-Id: I085b8c0a5c1a67b23e20f413ac52cd6762e5008d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-10-06 07:19:53 +00:00
Thiébaud Weksteen
26b0676c04 Update 34.0 prebuilts for gmscore_app 
Bug: 303768123
Test: m selinux_policy
Ignore-AOSP-First: prebuilts update only
Change-Id: Iab041f3fa8d27f815c8fc1a21934216d1ad40917
 2023-10-06 17:53:08 +11:00
Thiébaud Weksteen
ef51878097 Ignore non-API access by gmscore_app am: 9712670bb3 am: 774179cea8 am: bb1c4586e4 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/24947462

Change-Id: Icab1741838c783506698a0a094770bb050ddacf7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-10-06 06:44:45 +00:00
Thiébaud Weksteen
d2ce0987b3 Ignore non-API access by gmscore_app am: 9712670bb3 am: 774179cea8 am: bb1c4586e4 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/24947462

Change-Id: I88efc3f4fc00a051a15d9b6b6bfaaa36a491d9da
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-10-06 06:43:18 +00:00
Thiébaud Weksteen
bb1c4586e4 Ignore non-API access by gmscore_app am: 9712670bb3 am: 774179cea8 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/24947462

Change-Id: Ief2f4832b81e0bb96c82c52efd28c262f58cb732
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-10-06 05:51:00 +00:00
Thiébaud Weksteen
774179cea8 Ignore non-API access by gmscore_app am: 9712670bb3 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/24947462

Change-Id: If6d7b4478bca2860da07fc541f5c9b53f66ff169
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-10-06 05:19:22 +00:00
Thiébaud Weksteen
9712670bb3 Ignore non-API access by gmscore_app 
Bug: 303319090
Bug: 303272800
Bug: 303374964
Test: m selinux_policy
Ignore-AOSP-First: merged in aosp already
Change-Id: I0999023b315bd31d70b1908353acebc87182747c
 2023-10-06 13:06:27 +11:00
Brian Lindahl
b6caa06fe9 Allow for server-side configuration of libstagefright am: 1b32bccc1a am: 3e8fbf6a4d am: 2a23f0d194 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2762467

Change-Id: I7570fe0cc0e87c0674524a5cf20c73dac257ff93
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-27 23:47:11 +00:00
Brian Lindahl
2a23f0d194 Allow for server-side configuration of libstagefright am: 1b32bccc1a am: 3e8fbf6a4d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2762467

Change-Id: I1685cfb8cac9cd8ffaca1ad78b272ae3db8240eb
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-27 22:37:46 +00:00
Brian Lindahl
3e8fbf6a4d Allow for server-side configuration of libstagefright am: 1b32bccc1a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2762467

Change-Id: I21356699f9d67eed69fcc9a43154d6d66cfe454e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-27 21:33:23 +00:00
Brian Lindahl
1b32bccc1a Allow for server-side configuration of libstagefright 
Relaxation of SELinux policies to allow users of libstagefright and
MediaCodec to be able to query server-side configurable flags.

Bug: 301372559
Bug: 301250938
Test: run cts -m CtsSecurityHostTestCases
Change-Id: I72670ee42c268dd5747c2411d25959d366dd972c
Merged-In: I95aa6772a40599636d109d6960c2898e44648c9b
 2023-09-27 16:15:23 +00:00