tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
38299 commits 1 branch 0 tags 50 MiB
Commit graph

38299 commits

This branch
This branch
All branches
Author SHA1 Message Date
Richard Chang
f7030330ca [automerger skipped] Allow vendor services to access vendor_system_native_prop am: ee5fc96178 -s ours 
am skip reason: Merged-In Icc11b9bf06fd0fb8069388ca5a32e8aedf1743a8 with SHA-1 af8fac1c56 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/18350151

Change-Id: Idc24dd8aa0ba727c3da8dd92c0527438b5eaa740
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-13 21:56:19 +00:00
Richard Chang
ee5fc96178 Allow vendor services to access vendor_system_native_prop 
Bug: 226456604
Bug: 223685902
Test: Build
Ignore-AOSP-First: Already merged in aosp/2083463
Merged-In: Icc11b9bf06fd0fb8069388ca5a32e8aedf1743a8
Change-Id: Ie95ca796656d7727540db67feef31e28e2c602b0
 2022-05-13 17:57:18 +00:00
Treehugger Robot
b90d916440 [MS82.4] Update sepolicy prebuilts am: 6cbd833218 am: 5d2ae41212 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2096697

Change-Id: I01649a4eacdff06413942c699914e4be2095635d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-13 11:08:55 +00:00
Treehugger Robot
5d2ae41212 [MS82.4] Update sepolicy prebuilts am: 6cbd833218 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2096697

Change-Id: I553abe9d02b016f382e885803c8efdf999d85775
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-13 10:48:02 +00:00
Treehugger Robot
6cbd833218 [MS82.4] Update sepolicy prebuilts 
This CL partially cherry-picks ag/18156623 to
update prebuilts. Other parts are already included by
aosp/2069127.

Test: m
Bug: 230289468
Change-Id: If52dea348c01113fe1504eb7e51f6780f0ed4a11
 2022-05-13 14:36:07 +08:00
Jooyung Han
c316187ef9 Merge "Allow init to read apex-info-list.xml" am: 945c072d12 am: ae70159c94 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2093007

Change-Id: I6b9c6169c5510713ce92bf83f1f9df5bd6d32bb7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-13 03:55:36 +00:00
Jooyung Han
ae70159c94 Merge "Allow init to read apex-info-list.xml" am: 945c072d12 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2093007

Change-Id: I2792bd8e3ecc80b81ad8e7c75cb04160ab322ee9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-13 03:13:08 +00:00
Jooyung Han
945c072d12 Merge "Allow init to read apex-info-list.xml" 2022-05-13 01:47:40 +00:00
Jason Macnak
21021194c4 Add gpu_device access to hal_neuralnetworks 
... as this is needed for the hal to access and map
gralloc buffers on devices such as Cuttlefish. Previously,
this sepolicy is added in device specific directories but
the Cuttlefish team is looking at centralizing the sepolicy.

Bug: b/161819018
Test: `atest CtsNNAPITestCases`
Test: `atest VtsHalNeuralnetworksV1_0TargetTest`
Change-Id: Ia5b2704e2cdeedfa19d160e546d811b7d1c21aa9
 2022-05-12 21:01:45 +00:00
Treehugger Robot
05de04b3df Merge "sepolicy: allow new BINDER_GET_EXTENDED_ERROR ioctl" am: 4bcc5afecb am: c5741402c1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1998994

Change-Id: I4ca17ef309d2f3ae1d7deaea4e19f457a50ba572
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-12 19:58:07 +00:00
Eric Biggers
5d94ce21db Merge "Remove init's write access to /data/user and /data/media" am: 7fdc84a4df am: 534c5b7fc7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2095485

Change-Id: I1fce5e0a72107cb9e84c5b0a02d7ccd9d876cdab
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-12 19:57:48 +00:00
Treehugger Robot
c5741402c1 Merge "sepolicy: allow new BINDER_GET_EXTENDED_ERROR ioctl" am: 4bcc5afecb 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1998994

Change-Id: I653dc9b5bae80a8f6dae30d53f980a200651d0b9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-12 19:39:20 +00:00
Eric Biggers
534c5b7fc7 Merge "Remove init's write access to /data/user and /data/media" am: 7fdc84a4df 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2095485

Change-Id: Iabde4fd83b92cdee6356b111d1cda089456b58c0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-12 19:38:51 +00:00
Treehugger Robot
4bcc5afecb Merge "sepolicy: allow new BINDER_GET_EXTENDED_ERROR ioctl" 2022-05-12 19:22:55 +00:00
Eric Biggers
7fdc84a4df Merge "Remove init's write access to /data/user and /data/media" 2022-05-12 18:41:21 +00:00
Keith Mok
9e3cf3356c Merge "Revert "Revert "Allow vehicle_binding_util to access AIDL VHAL. am: d5af7b7cea am: 565699bc61 am: e4ddf119a1 am: 54e7d19e1d am: 3686a43f8f""" into tm-dev am: 53d07785f6 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/18282717

Change-Id: Ia6fa7deb76088d75e789af020b8d45da2a445d01
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-12 17:06:15 +00:00
Keith Mok
69ad6109e1 Merge "Update 33 api to fix build breaks" into tm-dev am: 3b04b25298 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/18282715

Change-Id: I19a96ac63e9f25bc8848074fe2bac88f25c9b603
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-12 17:06:13 +00:00
Keith Mok
53d07785f6 Merge "Revert "Revert "Allow vehicle_binding_util to access AIDL VHAL. am: d5af7b7cea am: 565699bc61 am: e4ddf119a1 am: 54e7d19e1d am: 3686a43f8f""" into tm-dev 2022-05-12 16:26:22 +00:00
Keith Mok
3b04b25298 Merge "Update 33 api to fix build breaks" into tm-dev 2022-05-12 16:26:22 +00:00
Victor Hsieh
84e8e31cd8 Allow composd to pass some system properties to CompOS am: 3423bc4bcb am: a50815b3cc 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2093956

Change-Id: I5f13efd1321482354a8d044de3c8f36275542e64
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-12 15:46:48 +00:00
Shiwangi Shah
b9a4ae29eb Allow app to write to sdk_sandbox am: ce2b6da673 am: 1cda41b83a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2088023

Change-Id: I74b7a8410d6e0672427eb1db1c4b5866e05ae1e3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-12 15:46:35 +00:00
Victor Hsieh
94966ac36b Merge "Allow composd to pass some system properties to CompOS" into tm-dev am: 05d625ef62 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/18298595

Change-Id: I90279cd56bca2d89adeb52f030cdb07e87ec168f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-12 15:46:08 +00:00
Victor Hsieh
05d625ef62 Merge "Allow composd to pass some system properties to CompOS" into tm-dev 2022-05-12 15:30:40 +00:00
Victor Hsieh
a50815b3cc Allow composd to pass some system properties to CompOS am: 3423bc4bcb 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2093956

Change-Id: I6ce182b8b1ba285ec5614919a8da659c8f99dc27
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-12 15:28:40 +00:00
Shiwangi Shah
1cda41b83a Allow app to write to sdk_sandbox am: ce2b6da673 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2088023

Change-Id: I5a6b8e1ef58cfd92dd42ce5d772e1539b31bd4c2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-12 15:28:20 +00:00
Rubin Xu
a274858e3b Allow Bluetooth stack to read security log sysprop 
Bluetooth stack needs to read persist.logd.security and
ro.organization_owned sysprop (via __android_log_security())
to control security logging for Bluetooth events.

Bug: 232283779
Test: manual
Change-Id: Ic8162cd4a4436981a15acea6ac75079081790525
 2022-05-12 15:44:57 +01:00
Shiwangi Shah
34acf98cfc [automerger skipped] Merge "Add services and allow app to write to sdk_sandbox" into tm-dev am: 796a25a034 -s ours 
am skip reason: Merged-In I8f425cc9f2759a29bdd2e6218ad0a1c40750e4f5 with SHA-1 13bdca21d5 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/18149723

Change-Id: I46392041556c41626a3f8b7457f9d7f09dc45bcb
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-12 12:32:49 +00:00
Shiwangi Shah
e18ed7a418 [automerger skipped] Add services and allow app to write to sdk_sandbox am: 4aad91d920 -s ours 
am skip reason: Merged-In I8f425cc9f2759a29bdd2e6218ad0a1c40750e4f5 with SHA-1 13bdca21d5 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/18149723

Change-Id: Iae3fd6e31e04ec1ef1efe5994c953852a7ad11bc
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-12 12:32:48 +00:00
Shiwangi Shah
796a25a034 Merge "Add services and allow app to write to sdk_sandbox" into tm-dev 2022-05-12 11:04:02 +00:00
Junyu Lai
1eb976f9c8 [automerger skipped] Merge "[MS82.3] Add sepolicy to access connectivity apex directory" into tm-dev am: 656d19a08b -s ours 
am skip reason: Merged-In I7e43c09f929a418c6c7b6bcfc3696a242c19f2d8 with SHA-1 c43dbf8dec is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/18156623

Change-Id: I303090a3078670e4a08c17954afc5efe3f1bbaf0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-12 06:46:47 +00:00
Treehugger Robot
97d387994d [automerger skipped] [MS82.3] Add sepolicy to access connectivity apex directory am: bad95e0764 -s ours 
am skip reason: Merged-In I7e43c09f929a418c6c7b6bcfc3696a242c19f2d8 with SHA-1 c43dbf8dec is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/18156623

Change-Id: I05d8d849e51545bd4d5c7def3be75b09676ccbd2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-12 06:46:46 +00:00
Tyler Gunn
37e38c892c Merge "Revert "Allow vehicle_binding_util to access AIDL VHAL. am: d5af7b7cea am: 565699bc61 am: e4ddf119a1 am: 54e7d19e1d am: 3686a43f8f"" into tm-dev am: b0ed1cb974 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/18310154

Change-Id: I42887b18e52a8d25ed6ca4fa45999bc95219bb42
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-12 06:46:33 +00:00
Keith Mok
2e26f64ea6 Merge "Allow vehicle_binding_util to access AIDL VHAL. am: d5af7b7cea am: 565699bc61 am: e4ddf119a1 am: 54e7d19e1d am: 3686a43f8f" into tm-dev am: 384c5e2862 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/18151564

Change-Id: Id501e33ae1ae77248fc62cd9c6a0cd2b9b9a37af
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-12 06:46:02 +00:00
Junyu Lai
656d19a08b Merge "[MS82.3] Add sepolicy to access connectivity apex directory" into tm-dev 2022-05-12 05:55:12 +00:00
Thiébaud Weksteen
d6e0b0b371 DO NOT MERGE: Move bind permission on netlink to private 
Bug: 227803340
Test: forrest for T GSI
Ignore-AOSP-First: Already fixed in R+
Change-Id: If00dfacbaa31f95c9af5f675ed92f988b1a1b5d3
 2022-05-12 12:29:46 +10:00
Eric Biggers
17369bef4a Remove init's write access to /data/user and /data/media 
As a follow-up to https://r.android.com/2078213, remove init's write
access to directories with type system_userdir_file or
media_userdir_file.  This has been made possible by moving the creation
of /data/user/0 and /data/media/obb to vold.

Bug: 156305599
Change-Id: Ib9f43f2b111518833efe08e8cacd727c75b80266
 2022-05-12 00:19:29 +00:00
Keith Mok
f906da515c Revert "Revert "Allow vehicle_binding_util to access AIDL VHAL. am: d5af7b7cea am: 565699bc61 am: e4ddf119a1 am: 54e7d19e1d am: 3686a43f8f"" 
This reverts commit 2140c74523.

Reason for revert: Added a fix for that (to update the 33.0 sepolicy api)

Change-Id: I2e738618026df6475de7baf1551a031b86c28590
 2022-05-11 18:14:06 +00:00
Keith Mok
597b5dfd55 Update 33 api to fix build breaks 
Ignore-AOSP-First: Need to change together with T branch
Bug: 204367810
Test: build
Change-Id: I1124640a6cd96a12ff1cd2a41c207cf35dd2df89
 2022-05-11 18:10:35 +00:00
Tyler Gunn
b0ed1cb974 Merge "Revert "Allow vehicle_binding_util to access AIDL VHAL. am: d5af7b7cea am: 565699bc61 am: e4ddf119a1 am: 54e7d19e1d am: 3686a43f8f"" into tm-dev 2022-05-11 18:07:47 +00:00
Tyler Gunn
2140c74523 Revert "Allow vehicle_binding_util to access AIDL VHAL. am: d5af7b7cea am: 565699bc61 am: e4ddf119a1 am: 54e7d19e1d am: 3686a43f8f" 
This reverts commit c8b6c1fb79.

Reason for revert: Breaking TM-DEV build targets.

Change-Id: Ibc0f119110178b5b1aefc2ea9269fa4b644be2ba
 2022-05-11 17:40:58 +00:00
Keith Mok
384c5e2862 Merge "Allow vehicle_binding_util to access AIDL VHAL. am: d5af7b7cea am: 565699bc61 am: e4ddf119a1 am: 54e7d19e1d am: 3686a43f8f" into tm-dev 2022-05-11 17:16:13 +00:00
Victor Hsieh
9561e19573 Allow composd to pass some system properties to CompOS 
Bug: 231579544
Test: see allowlisted system properties in the VM
Ignore-AOSP-First: Cherry-pick from AOSP
Change-Id: Idb263087639e4677e437ac2fcd2726ee71547f48
Merged-In: Idb263087639e4677e437ac2fcd2726ee71547f48
 2022-05-11 09:05:12 -07:00
Shiwangi Shah
4aad91d920 Add services and allow app to write to sdk_sandbox 
We might want to change this in later android versions.

Ignore-AOSP-First: Already merged via aosp/2051365
Bug: b/228159127
Bug: b/227745962
Bug: b/229251344
Test: Manual
Change-Id: I8f425cc9f2759a29bdd2e6218ad0a1c40750e4f5
Merged-In: I8f425cc9f2759a29bdd2e6218ad0a1c40750e4f5
Merged-In: I2e308ca9ce58e71ac9d7d9b0fa515bdf2f5dfa1f
(cherry picked from commit 13bdca21d5)
(cherry picked from commit ce2b6da673)
 2022-05-11 15:52:51 +00:00
Treehugger Robot
bad95e0764 [MS82.3] Add sepolicy to access connectivity apex directory 
Test: m
Bug: 230289468
Change-Id: I7e43c09f929a418c6c7b6bcfc3696a242c19f2d8
Merged-In: I7e43c09f929a418c6c7b6bcfc3696a242c19f2d8
(cherry picked from commit 441c149894)
 2022-05-11 15:26:55 +08:00
Victor Hsieh
3423bc4bcb Allow composd to pass some system properties to CompOS 
Bug: 231579544
Test: see allowlisted system properties in the VM
Change-Id: Idb263087639e4677e437ac2fcd2726ee71547f48
 2022-05-10 16:19:19 -07:00
Shiwangi Shah
ce2b6da673 Allow app to write to sdk_sandbox 
Change-Id: I2e308ca9ce58e71ac9d7d9b0fa515bdf2f5dfa1f
Bug: b/229251344
Test: Manual
 2022-05-10 12:31:42 +00:00
Carlos Llamas
630f915345 sepolicy: allow new BINDER_GET_EXTENDED_ERROR ioctl 
All domains using libbinder need access to this new ioctl in order to
pull precise information upon failed binder operations.

Bug: 28321379
Tested: clients can now use the ioctl through libbinder
Signed-off-by: Carlos Llamas <cmllamas@google.com>
Change-Id: I8d6e5ca6b133b934855a7545cc1a9786e2c4ad65
 2022-05-10 04:20:09 +00:00
Jooyung Han
61079e06f2 Allow init to read apex-info-list.xml 
init should use subcontext (vendor_init) for actions/services from
/{vendor, odm} partitions. However, when configs are from vendor APEXes,
init can't tell whether the APEXes are from /{vendor, odm} just by
looking at the config file paths.

Instead, init can look up /apex/apex-info-list.xml for APEXes
preinstalled paths to tell APEXes' original partition.

Bug: 232021354
Test: atest CtsBluetoothTestCases
  (Cuttlefish has BT HAL APEX in /vendor)
Change-Id: I8cb5d9eb3970790499ef1eb1ee00851591a42e98
 2022-05-10 10:35:56 +09:00
Eric Biggers
971a048ec1 Merge "Restrict creating per-user encrypted directories" am: b10cffe768 am: d028b65ea0 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2078213

Change-Id: Ic4c288418c6744827f29121a02e81900674c7695
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-09 15:47:53 +00:00
Eric Biggers
d028b65ea0 Merge "Restrict creating per-user encrypted directories" am: b10cffe768 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2078213

Change-Id: I6157eb3c85e80e52325a5389b978ccdd472ac90e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-09 15:18:59 +00:00