tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
41157 commits 1 branch 0 tags 50 MiB
Commit graph

41157 commits

This branch
This branch
All branches
Author SHA1 Message Date
Ronish Kalia
1970c6d622 Merge "[CP] Rename healthconnect to healthfitness" am: f45caeb2fd 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2433416

Change-Id: I402f368eb2fe95b45c69eb837cf8bf213398c4f4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-14 20:48:42 +00:00
Ronish Kalia
f45caeb2fd Merge "[CP] Rename healthconnect to healthfitness" 2023-02-14 20:22:07 +00:00
Treehugger Robot
c499098432 Merge "Map AIDL Gatekeeper to same policy as HIDL version" am: 22d25dcae4 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2421501

Change-Id: I1bb798d424a9595cd549bb88f967f0d44fffd936
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-14 18:56:34 +00:00
Treehugger Robot
22d25dcae4 Merge "Map AIDL Gatekeeper to same policy as HIDL version" 2023-02-14 17:48:17 +00:00
ronish
f406edf440 [CP] Rename healthconnect to healthfitness 
Change-Id: Icb20784bfe3d07aff5b198b5c8dd2302bb7c854d
 2023-02-14 17:34:26 +00:00
Ioannis Ilkos
8d168e2d8a Sysprop for the count of active OOME tracing sessions 
In order for ART code to call perfetto DataSource::Trace() we need to
wait for all data source instances to have completed their setup. To do
so, we need to know how many of them exist.

This introduces a new sysprop traced.oome_heap_session.count, writeable
by perfetto traced and readable by apps and system_server that can be
used to communicate this.

See go/art-oom-heap-dump for more details

Test: manual, atest HeapprofdJavaCtsTest
Bug: 269246893
Change-Id: Ib8220879a40854f98bc2f550ff2e7ebf3e077756
 2023-02-14 15:14:39 +00:00
Treehugger Robot
79b8e705aa Merge "Add system property for leaudio_allow_list" am: ae07b5380b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2375411

Change-Id: I4323da4ee1e703e48f78cef880c154e94c8f49f3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-14 12:17:11 +00:00
Pedro Loureiro
14060332c7 Merge "Add SEPolicy for device config service" am: 43b0b8a65c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2430374

Change-Id: I16624fc06f8cd15de32734e31a47acc504a5dea1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-14 12:16:51 +00:00
Treehugger Robot
ae07b5380b Merge "Add system property for leaudio_allow_list" 2023-02-14 11:21:55 +00:00
Pedro Loureiro
43b0b8a65c Merge "Add SEPolicy for device config service" 2023-02-14 11:18:41 +00:00
Akilesh Kailash
12e344b7de Merge "Set sepolicy for ublk control device and block device" am: a3c0ca4e67 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2433673

Change-Id: Ia1104a335a2932a48bc2f9eecb547c65e13fe334
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-14 04:41:42 +00:00
Akilesh Kailash
a3c0ca4e67 Merge "Set sepolicy for ublk control device and block device" 2023-02-14 03:59:06 +00:00
Akilesh Kailash
63a21044f2 Set sepolicy for ublk control device and block device 
ublk-control device: /dev/ublk-control
ublk-block device: /dev/block/ublkbN where N is 0,1,2..

Bug: 269144965
Test: Verify sepolicy changes through kernel logs when user-space daemon
communicates with ublk driver

Change-Id: I10de557566e3c0628ea72fbbda4cff21e7cda68f
Signed-off-by: Akilesh Kailash <akailash@google.com>
 2023-02-13 16:30:40 -08:00
Jeffrey Huang
e53a5b25b6 Merge "Restrict system server from reading statsd data" am: 01fd5eb907 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2410783

Change-Id: I18a4d57758865141a9e0b6f479ff5aabf8db0ece
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-13 23:07:21 +00:00
Jeffrey Huang
01fd5eb907 Merge "Restrict system server from reading statsd data" 2023-02-13 22:37:09 +00:00
feiyuchen
70e1942fb3 Add SELinux policy for edgetpu_native device_config prop 
The new android property namespace will store the configurations which are set on the server side and read by the EdgeTpu HAL.

Notes:
* This CL is similar to nnapi_native CL: https://android-review.git.corp.google.com/c/platform/system/sepolicy/+/1844919
* The read permission of EdgeTpu HAL will be added in another internal CL.

Test: mm
Bug: 243553703
Bug: 246401730
Change-Id: I5705f679148b313d919f334c51e31f7645aca82a
 2023-02-13 21:55:57 +00:00
Jaegeuk Kim
38c89acec4 Allow to format zoned device w/o dm-default-key 
Bug: 197782466
Change-Id: Id8afd1afef61303087ca54f4d4bb109efa98e381
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
 2023-02-13 10:37:11 -08:00
Pedro Loureiro
58847ab171 Add SEPolicy for device config service 
A new mainline module that will have the device config logic requires a new service (device_config_updatable).

Bug: 252703257

Test: manual because logic that launches service is behind flag

Change-Id: I4ffba0c7d2afc44af8438b7d84d836e42388bd7d
 2023-02-13 09:37:12 +00:00
Cody Northrop
02792c7f6f Merge "Allow camera HAL to read EGL vendor properties" am: b9a2339bf8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2428196

Change-Id: Ie0a21c33232b520f714471e627ed52e4ffaa611c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-11 01:58:49 +00:00
Cody Northrop
b9a2339bf8 Merge "Allow camera HAL to read EGL vendor properties" 2023-02-11 00:44:10 +00:00
Patrick Rohr
37f2fa0da7 Merge "cronet: remove com.android.cronet sepolicy" am: 8f0388f32e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2431473

Change-Id: Iffaac193e3e7787d86c950ef866a8cefab903dc8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-10 23:21:54 +00:00
Patrick Rohr
8f0388f32e Merge "cronet: remove com.android.cronet sepolicy" 2023-02-10 22:53:40 +00:00
Jeff Sharkey
89f51e46f2 Merge "Add dropbox entries as files to dumpstate ZIP." am: 3926d95720 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2422870

Change-Id: I4481603e241edea765e7a745ed69bf31f0735b21
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-10 21:31:36 +00:00
Jeff Sharkey
3926d95720 Merge "Add dropbox entries as files to dumpstate ZIP." 2023-02-10 20:41:51 +00:00
Patrick Rohr
c8f4e19a74 cronet: remove com.android.cronet sepolicy 
com.android.cronet has never been released and has since been deleted as
Cronet was added to the tethering module.

Test: TH
Bug: 266673389
Change-Id: Ia288d4322c13ba986164a12f4999fea1cd60d529
 2023-02-10 11:47:02 -08:00
Jeff Sharkey
ef5e5c82d4 Add dropbox entries as files to dumpstate ZIP. 
Since each dropbox entry is already stored as a file on disk, include
them as-is into the dumpstate ZIP file.

The dumpsys output has already included truncated versions of all
dropbox entries for many years, and adding them as separate files
inside the dumpstate ZIP will speed up debugging and issue triage.

Bug: 267673062
Test: manual
Change-Id: I6e83dd01221f43bb2e2efc1a12368db30a545c71
 2023-02-10 14:02:35 +00:00
Krishang Garodia
98cc4fec56 Merge "Update SE policy for all media provider processes" am: 6e51f51b5f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2429034

Change-Id: Ia3bcaf702b2ccadce5186f869baebd8c6afad56d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-10 13:59:33 +00:00
Jeff Pu
80a18e9a7e Merge "Allow servicemanager to make binder call to hal_fingerprint" am: 22adabc37e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2424930

Change-Id: I8f0d95737a0d718703d1e0b650e1fc5465f8d79a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-10 13:59:21 +00:00
Krishang Garodia
6e51f51b5f Merge "Update SE policy for all media provider processes" 2023-02-10 13:57:52 +00:00
Jeff Pu
22adabc37e Merge "Allow servicemanager to make binder call to hal_fingerprint" 2023-02-10 13:35:32 +00:00
Krishang Garodia
caf7984a2e Update SE policy for all media provider processes 
Bug: 230394838
Bug: 195009152
Test: manual
Change-Id: Ic8e1d45c910e1455dd28bfb748d134c066a33591
 2023-02-10 11:06:53 +00:00
Thiébaud Weksteen
cdf98439cf Merge "Ignore fusefs_type access for su" am: f0e86adfc3 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2428452

Change-Id: Icc808be7f95789e703f52ae6e3c2e7a25f821284
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-09 23:13:17 +00:00
Thiébaud Weksteen
f0e86adfc3 Merge "Ignore fusefs_type access for su" 2023-02-09 22:46:54 +00:00
Jeff Pu
0e6dce0ae9 Allow servicemanager to make binder call to hal_fingerprint 
Bug: 263519851
Test: boot Cuttlefish with lazy virtual fingerprint HAL
Change-Id: I8cef9d1c55065561786718aad589cf4dd327ff66
 2023-02-09 22:02:29 +00:00
Charlie Wang
55886d20d9 Merge "Extension of isolated_compute_app for media services." am: bc778658ab 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2411335

Change-Id: I1133741d332cd7cdf075db8330baf1db61f58105
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-09 18:29:54 +00:00
Max Bires
5516282b8b Merge "Allow GMSCore to read RKP properties." am: db8a6b31ca 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2428194

Change-Id: I5b0aa3092d77a1e3c8917cd36d8a076b7d783f88
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-09 18:29:40 +00:00
Charlie Wang
bc778658ab Merge "Extension of isolated_compute_app for media services." 2023-02-09 18:13:57 +00:00
Cody Northrop
e4e43ebad8 Allow camera HAL to read EGL vendor properties 
Test: TreeHugger
Bug: b/267752967
Change-Id: I174420a3ef1f0059007616b4bee3091a888b1999
 2023-02-09 17:55:03 +00:00
Max Bires
db8a6b31ca Merge "Allow GMSCore to read RKP properties." 2023-02-09 17:51:57 +00:00
Henri Chataing
1f26ebadf8 Merge "Define the permissions for Nfc sysprops" am: ff275229d1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2424852

Change-Id: Ief06daa97a1ff07a8ebdc2cc1f0a77e769d2f76a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-09 17:01:39 +00:00
Henri Chataing
ff275229d1 Merge "Define the permissions for Nfc sysprops" 2023-02-09 16:08:40 +00:00
Jack He
259ea80e91 Merge "Add sysprop for LeAudio inband ringtone support" am: 796621872b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2422865

Change-Id: Ie3311c5fa54dad74f20578faba36fbd4981f1625
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-09 02:09:07 +00:00
Thiébaud Weksteen
3714d72a64 Ignore fusefs_type access for su 
Similarly to fs_type, fusefs_type accesses are ignored. It may be
triggered by tradefed when listing mounted points.

Bug: 177481425
Bug: 240632971
Bug: 239090033
Bug: 238971088
Bug: 238932200
Bug: 239085619
Test: presubmit boot tests
Change-Id: Ic96140d6bf2673d0de6c934581b3766f911780b6
 2023-02-09 12:45:14 +11:00
Jack He
796621872b Merge "Add sysprop for LeAudio inband ringtone support" 2023-02-09 01:36:31 +00:00
Max Bires
89bbb2581b Allow GMSCore to read RKP properties. 
GMSCore requires access to read RKP properties in order for test suites
to validate the hostname is properly set.

Test: N/A
Change-Id: If537e58d4df74516435bec8955c83bb5494a80f0
 2023-02-08 17:14:47 -08:00
Charles Chen
3e9f05faa3 Extension of isolated_compute_app for media services. 
Support media use cases in isolated_compute_app such as decoding with MediaCodecs.

Bug:266943251
Test: m &&  manual - sample app with IsolatedProcess=True can use MediaCodec.

Change-Id: I864dcfb16494efada2fbd2a7d34b5d7f6b8128cb
 2023-02-08 15:48:25 -08:00
Brian Julian
e346f2fe80 Merge "Backports sepolicy for AltitudeService to T." am: f388934ffe 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2406792

Change-Id: I8cd9387e7b27e032e38b23a531a710a8801c6a5b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-08 18:51:22 +00:00
David Drysdale
c9529ff336 Map AIDL Gatekeeper to same policy as HIDL version 
Bug: 268342724
Test: VtsHalGatekeeperTargetTest
Change-Id: Ifa90247753ae558f7bdb70cb4b4e494466cc457b
 2023-02-08 18:42:17 +00:00
Brian Julian
f388934ffe Merge "Backports sepolicy for AltitudeService to T." 2023-02-08 18:28:25 +00:00
Ryan Savitski
de2aa42a42 Merge "sepolicy: rework perfetto producer/profiler rules for "user" builds" am: b9a365a35f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2419280

Change-Id: Ie9d2cdac2900cdadda71e69dff5402a50536b187
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-08 18:16:07 +00:00