tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
29036 commits 1 branch 0 tags 50 MiB
Commit graph

29036 commits

This branch
This branch
All branches
Author SHA1 Message Date
Treehugger Robot
6007da11b6 Merge "Allow third-party apps to access tuner hal fd" am: 01a9e4de24 am: cfbb43120d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1587542

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I3fa5bb3e1f225174e6a5e2200eca44375cf67462
 2021-02-16 23:14:04 +00:00
Treehugger Robot
cfbb43120d Merge "Allow third-party apps to access tuner hal fd" am: 01a9e4de24 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1587542

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I36900a4e59d8e7de6ce8f7cd79e1a7c6f4ca5a2b
 2021-02-16 22:56:39 +00:00
Treehugger Robot
01a9e4de24 Merge "Allow third-party apps to access tuner hal fd" 2021-02-16 22:25:18 +00:00
Elliott Hughes
77d6174b3c Merge "init/ueventd and system_server no longer need access to /dev/hw_random." am: adaf4fe7a9 am: dbcd3b6d9c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1580967

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: Ic89e82bd098ad997c50cc68b53f150b0bbcdedfb
 2021-02-16 21:00:57 +00:00
Elliott Hughes
dbcd3b6d9c Merge "init/ueventd and system_server no longer need access to /dev/hw_random." am: adaf4fe7a9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1580967

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I250e585dba494335017001e72fb33fbb399db8b6
 2021-02-16 20:40:17 +00:00
Elliott Hughes
adaf4fe7a9 Merge "init/ueventd and system_server no longer need access to /dev/hw_random." 2021-02-16 20:08:39 +00:00
Ram Muthiah
1bd5d71c18 Merge "Revert "Add qemu.hw.mainkeys to system property_contexts"" am: 523a649401 am: fa10ab3955 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1590671

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: Ide05bfa653b2ab873cd52a914b26f19f1567a308
 2021-02-16 20:05:41 +00:00
Ram Muthiah
fa10ab3955 Merge "Revert "Add qemu.hw.mainkeys to system property_contexts"" am: 523a649401 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1590671

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: Ibc3afb978c5f79942d6a10b5790172bceb920288
 2021-02-16 19:35:42 +00:00
Amy Zhang
db13ae741e Allow third-party apps to access tuner hal fd 
The fd shared here is the fast message queue descriptor of the Tuner
Filter MQ or DVR MQ, sent from the Tuner HAL HIDL interface to Tuner Service.

Tuner service would convert the hidl mq descriptor into an aidl one then
passed to the Tuner JNI. Tuner JNI would read/write data into fmq
through the shared fd when the third-party app calls corresponding APIs.
The fd won't be exposed through SDK APIs.

The same fd won't be shared among apps. Each app only has access to
their own Tuner java instance through Tuner SDK, and read/write their
own Filter/Dvr.

Test: atest TunerDvrTest#testDvrPlayback
Bug: 159067322
Bug: 174500129
Bug: 171378420
Bug: 158868205
Change-Id: I34c113a092673f8ea9bcb7428b5562101c4d35ec
 2021-02-16 11:17:49 -08:00
Ram Muthiah
523a649401 Merge "Revert "Add qemu.hw.mainkeys to system property_contexts"" 2021-02-16 19:05:10 +00:00
Ram Muthiah
509b35e5d9 Revert "Add qemu.hw.mainkeys to system property_contexts" 
Revert submission 1582845-qemu-prop

Reason for revert: aosp_hawk-userdebug is broken on an RVC branch
Reverted Changes:
Idfc2bffa5:Add qemu.hw.mainkeys to system property_contexts
If013ff33f:Remove qemu.hw.mainkeys from vendor_qemu_prop
Bug: 180412668
Change-Id: I335afb931eaeb019f66e3feedea80b0c8888f7a3
 2021-02-16 18:58:10 +00:00
Weilun Du
446906c8bf Merge "Add qemu.hw.mainkeys to system property_contexts" am: 23bb01756e am: baf97e40f9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1582845

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: Ia70f172338fc964700ef1ca6eee0434459b3eae4
 2021-02-16 17:56:08 +00:00
Weilun Du
baf97e40f9 Merge "Add qemu.hw.mainkeys to system property_contexts" am: 23bb01756e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1582845

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I7eb61f01903b343c1cf2a210ffe6f7bae3034922
 2021-02-16 17:22:58 +00:00
Weilun Du
23bb01756e Merge "Add qemu.hw.mainkeys to system property_contexts" 2021-02-16 16:44:00 +00:00
Maciej Żenczykowski
9f61b85eed Merge "apply 'fs_bpf_tethering' label to /sys/fs/bpf/tethering" am: c281113ea8 am: fd596bf799 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1566557

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: Ie6bf09d52d09a3cc7aa8995855ceba61f4a64cbe
 2021-02-15 13:20:12 +00:00
Galia Peycheva
a86569c24e Merge "Add blur sysprop to sepolicy" am: 7959b6eb1b am: efff2e4789 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1585067

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: Icc5f08e6a6f5cdf865e8d539323f56405b2a5ea0
 2021-02-15 13:19:57 +00:00
Maciej Żenczykowski
fd596bf799 Merge "apply 'fs_bpf_tethering' label to /sys/fs/bpf/tethering" am: c281113ea8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1566557

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: Iec1e9556373de5508097bf9a9264455238728353
 2021-02-15 12:52:33 +00:00
Galia Peycheva
efff2e4789 Merge "Add blur sysprop to sepolicy" am: 7959b6eb1b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1585067

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I5a046f94f8233ffdaf5cb6fef3a1952393448ad3
 2021-02-15 12:51:58 +00:00
Maciej Żenczykowski
c281113ea8 Merge "apply 'fs_bpf_tethering' label to /sys/fs/bpf/tethering" 2021-02-15 12:21:54 +00:00
Galia Peycheva
7959b6eb1b Merge "Add blur sysprop to sepolicy" 2021-02-15 12:20:29 +00:00
Treehugger Robot
187d0d4181 Merge changes from topic "uid_pid with recovery mode" am: cbf08f8cc7 am: cec7de1859 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1587544

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I11dc4bb7b86d3358c42a3bef66bfa3c711e16c8e
 2021-02-13 22:21:56 +00:00
Marco Ballesio
b41b4b459b sepolicy: rules for uid/pid cgroups v2 hierarchy am: aa4ce95c6f am: 9afaef844b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1585406

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I1e9d42b8f13f4c60e4f46119adc4dc69ecd1c7f0
 2021-02-13 22:21:54 +00:00
Treehugger Robot
cec7de1859 Merge changes from topic "uid_pid with recovery mode" am: cbf08f8cc7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1587544

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: Ibffd60cdad4211d0d95f5068b1457161ff0a34d6
 2021-02-13 21:52:06 +00:00
Marco Ballesio
9afaef844b sepolicy: rules for uid/pid cgroups v2 hierarchy am: aa4ce95c6f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1585406

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: Icd7136331223fa9f4a215ce07330da173ba61db0
 2021-02-13 21:51:47 +00:00
Treehugger Robot
cbf08f8cc7 Merge changes from topic "uid_pid with recovery mode" 
* changes:
  sepolicy: grant system_server process group creation rights
  sepolicy: rules for uid/pid cgroups v2 hierarchy
 2021-02-13 21:32:31 +00:00
Marco Ballesio
98a5e60592 sepolicy: grant system_server process group creation rights 
system_server must be allowed to create process groups in behalf of
processes spawned by the app zygote

Bug: 62435375
Bug: 168907513
Test: verified that webview processes are migrated in their own process
group

Change-Id: Icd9cd53b759a79fe4dc46f7ffabc0cf248e6e4b8
 2021-02-12 15:16:18 -08:00
Elliott Hughes
5aaf7f3461 init/ueventd and system_server no longer need access to /dev/hw_random. 
We let the kernel worry about that now.

Bug: http://b/179086242
Test: treehugger
Change-Id: I51bdfaf7488717cc4e4c642261e31d1801cfba68
 2021-02-12 09:33:22 -08:00
Mohammad Islam
0cf562e2c8 Merge "Allow apexd to relabel files in /data/apex/decompressed" am: 1a2a3bd369 am: 3663ec7d1e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1561696

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I557850e21ef51f84dae2855225e1f6ffa7d119ce
 2021-02-12 11:12:51 +00:00
Mohammad Islam
3663ec7d1e Merge "Allow apexd to relabel files in /data/apex/decompressed" am: 1a2a3bd369 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1561696

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: If4af5950e9a44a123331a2e94c3695d7a072c411
 2021-02-12 10:50:06 +00:00
Mohammad Islam
1a2a3bd369 Merge "Allow apexd to relabel files in /data/apex/decompressed" 2021-02-12 10:16:55 +00:00
Treehugger Robot
b4781f0eca Merge "The SE Policies to incorporate ISecureClock and ISharedSecret services along with IKeyMintDevice service into default keymint HAL Server. Test: Rebuild, execute and run atest VtsAidlSharedSecretTargetTest and atest VtsAidlSecureClockTargetTest. Bug: b/171844725, b/168673523." am: 98e48ac6b4 am: cf5f18538e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1562770

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I9fec342a6157d820d0a9499a24908df3ddd586df
 2021-02-12 05:17:31 +00:00
Shubang Lu
31cd19cb1e Merge "Add SE policy for media_metrics" am: a19f9d2455 am: fd40534a40 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1580990

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: If22acb99427c46a075c8d4aae1e1046da7b02fc9
 2021-02-12 05:17:23 +00:00
Treehugger Robot
cf5f18538e Merge "The SE Policies to incorporate ISecureClock and ISharedSecret services along with IKeyMintDevice service into default keymint HAL Server. Test: Rebuild, execute and run atest VtsAidlSharedSecretTargetTest and atest VtsAidlSecureClockTargetTest. Bug: b/171844725, b/168673523." am: 98e48ac6b4 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1562770

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I0589e6bcbdde95f1d465ee5ec4d591ed96287f47
 2021-02-12 04:47:46 +00:00
Shubang Lu
fd40534a40 Merge "Add SE policy for media_metrics" am: a19f9d2455 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1580990

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I7f1fbabf3dd22beebd91654d046e9b3fff4b67c3
 2021-02-12 04:46:21 +00:00
Treehugger Robot
98e48ac6b4 Merge "The SE Policies to incorporate ISecureClock and ISharedSecret services along with IKeyMintDevice service into default keymint HAL Server. Test: Rebuild, execute and run atest VtsAidlSharedSecretTargetTest and atest VtsAidlSecureClockTargetTest. Bug: b/171844725, b/168673523." 2021-02-12 02:42:35 +00:00
Shubang Lu
a19f9d2455 Merge "Add SE policy for media_metrics" 2021-02-12 02:00:32 +00:00
Maciej Żenczykowski
d68cb48e90 apply 'fs_bpf_tethering' label to /sys/fs/bpf/tethering 
We want to label /sys/fs/bpf/tethering/... with a new label distinct
from /sys/fs/bpf, as this will allow locking down the programs/maps
tighter then is currently possible with the existing system.

These programs and maps are provided via the tethering mainline module,
and as such their number, names, key/value types, etc. are all prone to
be changed by a tethering mainline module update.

Test: atest, TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ifc4108d76a1106a936b941a3dda1abc5a65c05b0
 2021-02-11 17:45:06 -08:00
Treehugger Robot
e1a1ccbfef Merge "Allow dumpsys meminfo to print out DMA-BUF statistics" am: 83d6f96fdc am: 099e2f1a09 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1582856

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I01b78ac46cf7b16d5c2567b3e02ded02ccb333ec
 2021-02-12 00:55:43 +00:00
Treehugger Robot
099e2f1a09 Merge "Allow dumpsys meminfo to print out DMA-BUF statistics" am: 83d6f96fdc 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1582856

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: Id76c925e6f3a36fca52962d75c8a4f5b8907ac76
 2021-02-12 00:28:10 +00:00
Treehugger Robot
83d6f96fdc Merge "Allow dumpsys meminfo to print out DMA-BUF statistics" 2021-02-11 23:48:04 +00:00
Marco Ballesio
aa4ce95c6f sepolicy: rules for uid/pid cgroups v2 hierarchy 
Bug: 168907513
Test: verified the correct working of the v2 uid/pid hierarchy in normal
and recovery modes

This reverts commit aa8bb3a29b.

Change-Id: Ib344d500ea49b86e862e223ab58a16601eebef47
 2021-02-11 23:40:38 +00:00
shubang
2210767054 Add SE policy for media_metrics 
Test: CTS;
Change-Id: Ib9382f2513d8fd0e6812d0157c710d0ad5817231
 2021-02-11 18:38:07 +00:00
Hridya Valsaraju
0001dee765 Allow dumpsys meminfo to print out DMA-BUF statistics 
These permissions fix the following denials:

avc: denied { read } for name="buffers" dev="sysfs" ino=3267
scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs_dmabuf_stats:s0
tclass=dir permissive=1
avc: denied { open } for path="/sys/kernel/dmabuf/buffers" dev="sysfs"
ino=3267 scontext=u:r:system_server:s0
tcontext=u:object_r:sysfs_dmabuf_stats:s0 tclass=dir permissive=1
avc: denied { read } for name="size" dev="sysfs"
ino=30556 scontext=u:r:system_server:s0
tcontext=u:object_r:sysfs_dmabuf_stats:s0 tclass=file permissive=1
avc: denied { open } for path="/sys/kernel/dmabuf/buffers/41673/size" dev="sysfs"
ino=30556 scontext=u:r:system_server:s0
tcontext=u:object_r:sysfs_dmabuf_stats:s0 tclass=file permissive=1
avc: denied { getattr } for path="/sys/kernel/dmabuf/buffers/41673/size" dev="sysfs"
ino=30556 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs_dmabuf_stats:s0
tclass=file permissive=1
avc: denied { read } for name="dma_heap" dev="tmpfs" ino=344
scontext=u:r:system_server:s0 tcontext=u:object_r:dmabuf_heap_device:s0
tclass=dir permissive=1
avc: denied { open } for path="/dev/dma_heap" dev="tmpfs" ino=344
scontext=u:r:system_server:s0 tcontext=u:object_r:dmabuf_heap_device:s0
tclass=dir permissive=1

Test: adb shell dumpsys meminfo
Bug: 167709539
Change-Id: Ifa43fd16369d5da1db16e45ff0e189da0c975b75
 2021-02-11 10:04:26 -08:00
Galia Peycheva
201414cff6 Add blur sysprop to sepolicy 
Bug: 170378891
Test: m
Change-Id: I6876e3bfe9dfdf066bfa54334555fdab5b3598d5
 2021-02-11 17:32:30 +00:00
Weilun Du
180a277d67 Add qemu.hw.mainkeys to system property_contexts 
Bug: 178143857

Signed-off-by: Weilun Du <wdu@google.com>
Change-Id: Idfc2bffa52016d1e880974bb193025400e90a538
 2021-02-11 04:18:54 +00:00
Vova Sharaienko
5b1e49a609 Merge "Stats: new sepolicy for the AIDL service" am: e8d2732651 am: 28497aaed1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1570880

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: Iec5b1496a5b762957d5729106938bead1aba5705
 2021-02-11 04:12:15 +00:00
Vova Sharaienko
28497aaed1 Merge "Stats: new sepolicy for the AIDL service" am: e8d2732651 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1570880

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I46f47561663e9a3fb200cc061859c4e23ab8217c
 2021-02-11 03:48:46 +00:00
Vova Sharaienko
e8d2732651 Merge "Stats: new sepolicy for the AIDL service" 2021-02-11 03:07:56 +00:00
Vova Sharaienko
c64a5b42aa Stats: new sepolicy for the AIDL service 
Allows the AIDL IStats service to be exposed via ServiceManager
Defines IStats service client domain to be used by pixelstats_vendor

Bug: 178859845
Test: Build, flash, and aidl_stats_client
Change-Id: If41e50d0182993d0b7f8501e9147e0becf526689
 2021-02-10 23:48:35 +00:00
Treehugger Robot
ba3f48d860 Merge "Fix ANR permission denial for AIDL HALs." am: 654f8b82a8 am: f749766036 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1582316

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: Iee8b5949d4d14dcbefb8fa1834319b1b4224cb96
 2021-02-10 22:23:05 +00:00