Yisroel Forta
f86fab0d6d
Merge "SELinux permissions for ProfilingService" into main am: e510cb8696
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2955343
Change-Id: Id393a7cdbcbb82d767b2457c33daf2c96c5bead7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-12 14:51:42 +00:00
Yisroel Forta
e510cb8696
Merge "SELinux permissions for ProfilingService" into main
2024-02-12 14:22:31 +00:00
Håkan Kvist
a0787ed434
remount: allow bootanimation to run animation from oem am: e38af22c5e
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2953101
Change-Id: Iba084fd08b2d1312d39a21970cccc2894a6e9a1c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-12 12:23:27 +00:00
Yisroel Forta
aa9d0bf24c
SELinux permissions for ProfilingService
...
Test: Presubmit, manually confirm service accessible
Bug: 293957254
Change-Id: I7103be95ff49eb87b4c7164a38a481034d72a9aa
2024-02-09 19:25:32 +00:00
Håkan Kvist
e38af22c5e
remount: allow bootanimation to run animation from oem
...
Grant bootanimation all read permissions on oem using
r_dir_file macro instead of specifying individual permissions.
This prevents failure to read the bootanimation on oem if
partition has been remounted.
After remount, bootanimation will log violation for the
/oem/media directory when reading an existing file (boot animation can
is still played).
avc: denied { read } for pid=2820 comm="bootanimation" name="media"
dev="sda75" ino=152 scontext=u:r:bootanim:s0
tcontext=u:object_r:oemfs:s0 tclass=dir permissive=0
After remount, if modifying/adding file in /oem/media directory,
bootanimation will fail to read the bootanimation zip, now with
violation:
avc: denied { read } for pid=2838 comm="bootanimation" name="media"
dev="dm-8" ino=70 scontext=u:r:bootanim:s0 tcontext=u:object_r:oemfs:s0
tclass=dir permissive=0
Bug: 324437684
Test: adb remount
replace /oem/media/bootanimation.zip with custom animation
adb reboot
confirm that expected bootanimation is played
confirm no selinux violations are seen in logcat
Change-Id: Iaafdeeacaf88d8f5c1214700edc8eec2824b0159
2024-02-09 16:09:05 +01:00
Jiakai Zhang
59bb9008fd
Merge "Update sepolicy for service dexopt_chroot_setup and artd_pre_reboot." into main am: 95d371bcfd
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2939419
Change-Id: I75166873b4baa3d781ebb0b7055f9f42b8a5dd1e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-09 03:29:50 +00:00
Jiakai Zhang
95d371bcfd
Merge "Update sepolicy for service dexopt_chroot_setup and artd_pre_reboot." into main
2024-02-09 02:52:58 +00:00
mrulhania
faaec9dd3a
Add SELinux policy for ContentProtectionManagerService am: 9a7700cd46
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2952703
Change-Id: Ib8beac88752e6c4576bc177553c33c82df5b1026
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-09 00:41:43 +00:00
mrulhania
9a7700cd46
Add SELinux policy for ContentProtectionManagerService
...
Bug: 324348549
Test: build
Change-Id: Ieb319ed033d2fdb18cf76107c44cd6357221ecc4
2024-02-08 19:56:49 +00:00
Ikjoon Jang
b1019e8d42
Merge changes from topic "revert-2952245-vfrc_as_tot_sepolicy-AMFGMLDWQF" into main am: 1c9aa0cb18
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2954993
Change-Id: I881e04fb8c0b6195846f35c37b62ae4b5be0e123
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-08 04:50:50 +00:00
Ikjoon Jang
f0f530be1f
Revert "Add 1000000.0 mapping file temporarily" am: 82126e9d77
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2954992
Change-Id: I0b34dc883d9a87e38f6a9932b52cbbd5cf39a7b6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-08 04:50:47 +00:00
Ikjoon Jang
1c9aa0cb18
Merge changes from topic "revert-2952245-vfrc_as_tot_sepolicy-AMFGMLDWQF" into main
...
* changes:
Revert "Fix freeze test condition to board api"
Revert "Add 1000000.0 mapping file temporarily"
2024-02-08 04:47:21 +00:00
Ikjoon Jang
f3fad1a66b
Revert "Fix freeze test condition to board api"
...
Revert submission 2952245-vfrc_as_tot_sepolicy
Reason for revert: DroidMonitor-triggered revert due to breakage https://android-build.corp.google.com/builds/quarterdeck?branch=git_main&target=mainline_modules_arm64-mainline-userdebug&lkgb=11421838&lkbb=11421957&fkbb=11421841 , b/324335916
Reverted changes: /q/submissionid:2952245-vfrc_as_tot_sepolicy
Bug: 324335916
Change-Id: Iada55b1298872ae2f2ff4112726dcbcd089597f1
2024-02-08 04:45:26 +00:00
Ikjoon Jang
82126e9d77
Revert "Add 1000000.0 mapping file temporarily"
...
Revert submission 2952245-vfrc_as_tot_sepolicy
Reason for revert: DroidMonitor-triggered revert due to breakage https://android-build.corp.google.com/builds/quarterdeck?branch=git_main&target=mainline_modules_arm64-mainline-userdebug&lkgb=11421838&lkbb=11421957&fkbb=11421841 , b/324335916
Reverted changes: /q/submissionid:2952245-vfrc_as_tot_sepolicy
Bug: 324335916
Change-Id: I9375f4d467596bc961527216b3f68c0f21016ca3
2024-02-08 02:54:29 +00:00
Jiakai Zhang
817c49f74c
Update sepolicy for service dexopt_chroot_setup and artd_pre_reboot.
...
Bug: 311377497
Test: manual - Call
getDexoptChrootSetupServiceRegisterer().waitForService()
Test: manual - Set up a chroot environment and call
getArtdPreRebootServiceRegisterer().waitForService()
Change-Id: I50b5f7f858dab37f05174cb9787f64303d50d083
2024-02-08 10:13:27 +08:00
Jooyung Han
92e41b06dc
Merge "Check if ./bin entries are not vendor_file" into main am: 41e786ae48
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2953009
Change-Id: I5fa1c0c34ab2b39e220415ca607d0cc6e87a24d2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-08 01:59:00 +00:00
Jooyung Han
41e786ae48
Merge "Check if ./bin entries are not vendor_file" into main
2024-02-08 01:33:07 +00:00
Inseob Kim
f5394252fe
Merge changes from topic "vfrc_as_tot_sepolicy" into main am: 569241f82f
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2912752
Change-Id: I42a8d4ca624df3b6d93dfc95d64712cbb80d728e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-08 01:22:42 +00:00
Inseob Kim
34a3196557
Fix freeze test condition to board api am: 7a235a4d9d
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2912751
Change-Id: Iaab712286501ca99607f7543dd891c246c293cbb
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-08 01:22:38 +00:00
Inseob Kim
569241f82f
Merge changes from topic "vfrc_as_tot_sepolicy" into main
...
* changes:
Add 1000000.0 mapping file temporarily
Fix freeze test condition to board api
2024-02-08 01:12:47 +00:00
Robert Shih
0f486059b0
Allow dumpsys on user builds
...
Bug: 320403913
Test: adb shell dumpsys android.hardware.drm.IDrmFactory/clearkey
Change-Id: Ibc8214dac63558b5bbf886b25607f36e293d3e8d
2024-02-07 18:35:51 +00:00
Nikhil Bhanu
c7b99fbf76
Merge "Add property for enabling stereo spatialization" into main am: 67c12aa98d
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2951223
Change-Id: Iedb7747a9d0fd1818abc161b2e6d545434c56450
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-07 17:09:10 +00:00
Nikhil Bhanu
67c12aa98d
Merge "Add property for enabling stereo spatialization" into main
2024-02-07 16:41:01 +00:00
Jooyung Han
c945a104c0
Check if ./bin entries are not vendor_file
...
This can detect a common mistake of not labeling binaries in APEX.
Note - we can't simply check if the lable has exec_type attribute
because there're many exceptions.
Bug: 324005965
Test: atest apex_sepolicy_tests_test
Change-Id: Ib643e8b73fac1a3b8851804e58e69b19d32b997d
2024-02-07 16:26:25 +09:00
Treehugger Robot
ef4bd550ee
Merge "Changes in SELinux Policy for CSS API" into main am: 49a519234b
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2819838
Change-Id: I4cfa495bdeae5c048a6f5bf6b308de21c2e40ca7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-06 21:05:13 +00:00
Treehugger Robot
49a519234b
Merge "Changes in SELinux Policy for CSS API" into main
2024-02-06 20:28:45 +00:00
Nikhil Bhanu
977260767a
Add property for enabling stereo spatialization
...
Bug: 323223919
Test: manual
Change-Id: I49d12bfc878ec63d8fe036880033e1c309961430
2024-02-06 08:52:42 -08:00
Justin Yun
d6a43bcb89
Set ro.llndk.api_level as a system prop am: 385d5099cf
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2952405
Change-Id: I29fca56cdb6fe33c2b302be5859dbe86713aef18
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-06 07:24:46 +00:00
Justin Yun
385d5099cf
Set ro.llndk.api_level as a system prop
...
ro.llndk.api_level is included in system/build.prop.
It must have the system build_prop context instead of the vendor prop.
Bug: 312098788
Test: TH
Change-Id: I223ae2cd56490a2cfd6f6454ad685d23d90d9329
2024-02-06 13:55:52 +09:00
David Dai
ef608892b8
Merge "Allow CAP_SYS_NICE for crosvm" into main am: 8a216be443
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2945565
Change-Id: I5bf6d0890878da75a9ae77566b1f9d1ff6a3fcdb
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-05 23:10:10 +00:00
David Dai
8a216be443
Merge "Allow CAP_SYS_NICE for crosvm" into main
2024-02-05 22:20:13 +00:00
Jooyung Han
786f91880a
Merge "Add hal_graphics_mapper_service type" into main am: d4ae4c1165
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2928071
Change-Id: I5de03cbe4546badfabadce7861ef9b757999153f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-05 21:44:48 +00:00
Jooyung Han
d4ae4c1165
Merge "Add hal_graphics_mapper_service type" into main
2024-02-05 21:02:15 +00:00
David Dai
7066a961bd
Allow CAP_SYS_NICE for crosvm
...
Open up CAP_SYS_NICE policies so that crosvm can adjust uclamp on its
vCPU threads to provide a boost in performance.
Bug: 322197421
Test: Booted device and processes that checked that the correct
capabilites are given with no sepolicy denials.
Change-Id: I089bf26caf862c32e85440575800bb095bb9087b
Signed-off-by: David Dai <davidai@google.com>
2024-02-05 11:14:53 -08:00
Alan Stokes
dc589e9e66
Merge "Suppress spurious ipc_lock denials" into main am: e01e8d5595
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2944165
Change-Id: I43a7872c74237b3d7a734a26b4cab2c705ddc3aa
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-05 10:19:30 +00:00
Alan Stokes
e01e8d5595
Merge "Suppress spurious ipc_lock denials" into main
2024-02-05 09:37:52 +00:00
Jooyung Han
952673da5b
Add hal_graphics_mapper_service type
...
This is used for mapper sphal library which is defined in VINTF and
queried via servicemanager.
Bug: 317178925
Test: cuttlefish loads mapper.minigbm
Change-Id: Ibddc0239e52065a89c656f885f34835406665009
2024-02-05 18:14:53 +09:00
Nate Myren
ef856207af
Remove mounton from app and web zygote
...
These aren't necessary for app compat overrides
Change-Id: Ie210a6487a80ef4fa618beedef0d957d79c7d38a
Fixes: 319616964
Test: presubmit
2024-02-02 22:29:55 +00:00
Harshit Mahajan
48c1888db7
Merge "Revert^2 "Adding sepolicy rules for CrashRecoveryProperties"" into main am: d02643a3ed
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2943945
Change-Id: I34af98e454e3f87b553c96dd7920d79df6a62853
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-02 17:01:02 +00:00
Harshit Mahajan
d02643a3ed
Merge "Revert^2 "Adding sepolicy rules for CrashRecoveryProperties"" into main
2024-02-02 16:24:56 +00:00
Hansen Kurli
00ceacf706
Merge "Remove all sepolicy relating to ppp/mtp." into main am: 34ee0b5da3
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2849358
Change-Id: Ib1e0f836c448abfc872e4e6d93ea5333ff744bcb
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-02 05:34:56 +00:00
Hansen Kurli
34ee0b5da3
Merge "Remove all sepolicy relating to ppp/mtp." into main
2024-02-02 05:16:37 +00:00
Carlos Galo
e7c0b7d7fa
Merge "system_server: remove access to proc/memhealth/*" into main am: 878f7f1795
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2945507
Change-Id: Ice66b2aa79d2095a4061ed8455a179b43b633e46
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-02 05:14:08 +00:00
Carlos Galo
878f7f1795
Merge "system_server: remove access to proc/memhealth/*" into main
2024-02-02 04:26:54 +00:00
Peter Lee
038885a77c
Modify SELinux rules to allow vold to use the keymaster HAL directly. am: b1c857c824
am: 769bbce026
am: d3db89de5b
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2929772
Change-Id: Ib0af68b1877fd3e4a49fa5ce71b8d57ce1f3645c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-01 23:48:34 +00:00
Carlos Galo
4a9f07fe21
system_server: remove access to proc/memhealth/*
...
Memhealth driver has been removed from all android kernels.
Test: m
Bug: 315560026
Change-Id: Ia4f91bde3a999a490b42b57abcd521ff9cc94633
Signed-off-by: Carlos Galo <carlosgalo@google.com>
2024-02-01 23:40:25 +00:00
Peter Lee
d3db89de5b
Modify SELinux rules to allow vold to use the keymaster HAL directly. am: b1c857c824
am: 769bbce026
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2929772
Change-Id: I6d9e77b0889fad22a6006972a1ba90ecd87fba8f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-01 23:08:23 +00:00
Dan Shi
f6477f4f03
Merge "Revert "audio: Provide a default implementation of IHalAdapterVe..."" into main am: b230f4f10c
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2944648
Change-Id: I0ebc9160853d628eb184c53ffff580717fca2137
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-01 22:25:09 +00:00
Peter Lee
769bbce026
Modify SELinux rules to allow vold to use the keymaster HAL directly. am: b1c857c824
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2929772
Change-Id: I89c192fc02b8bb215cc52b8a4091930896595b21
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-01 22:24:27 +00:00
Dan Shi
b230f4f10c
Merge "Revert "audio: Provide a default implementation of IHalAdapterVe..."" into main
2024-02-01 21:57:51 +00:00