am skip reason: Merged-In I7e4c044a6a2afb48c33d65cc421e797d77aacc12 with SHA-1 28b811df1c is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2977032
Change-Id: I674060405e05470708ce20d95cf828ab9c5b2b17
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
am skip reason: Merged-In I7e4c044a6a2afb48c33d65cc421e797d77aacc12 with SHA-1 28b811df1c is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2977032
Change-Id: Ie115d6f1b4683ddc625809756a7caf824cd406d4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This includes rules for starting Perfetto as well as rules for
communicating over stdio between Perfetto and system_server.
This is a cherrypick of aosp/2958867 with prebuilts updated.
Bug: 325709490
Test: Presubmit
Change-Id: I7e4c044a6a2afb48c33d65cc421e797d77aacc12
Merged-In: I7e4c044a6a2afb48c33d65cc421e797d77aacc12
am skip reason: Merged-In I6c966c92b238a2262d2eb7f41041ed4c359e9e0a with SHA-1 d2a0892121 is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2974133
Change-Id: Ic9437442074bbdc06daa44a2d4041074ed2357d7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
am skip reason: Merged-In I6c966c92b238a2262d2eb7f41041ed4c359e9e0a with SHA-1 d2a0892121 is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2974133
Change-Id: I6a8242a6da2ede1f9d3f27cfb3fc52bb452e7510
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
libft2.so is removed from LLNDK, as it was LLNDK-private just because it is
referenced from VNDK-SPs, but it is no longer true because of VNDK
deprecation. This change adds libft2.so to have same sepolicy with other
sphal libraries, so it can be loaded from sphal libraries same as
before. Mark same to libpng.so as it is referenced from libft2.so
Bug: 326402649
Test: Barbet boot succeeded without sepolicy error
Change-Id: Id8c1194da478bd4fc02e701230fd1a3c0b3c00be
This new property is to set an apex name when input configuration files
are bundled in an apex.
libinput checks the new sysprop when loading input configuration.
This removes hard-coded apex name (com.android.input.config).
Bug: 315080500
Test: adb shell dumpsys input
# set "touch.orientationAware = 0" in Touchscreen_0.idc
# build/install the input config apex
# Observe the Input configuration
# "Touch Input Mapper" shows "OrientationAware: false"
Change-Id: Ie0bf30bff2ed7f983caa5b893994a5bd2759e192
In AVF, virtualizationmanager checks the selinux label of given disk
image for proving whether the given image is edited maliciously.
Existing one(vendor_configs_file, /vendor/etc/*) was too wide to
use for this purpose.
Bug: 325709490
Bug: 285854379
Test: m
Merged-In: I6c966c92b238a2262d2eb7f41041ed4c359e9e0a
Change-Id: I6c966c92b238a2262d2eb7f41041ed4c359e9e0a
(cherry picked from commit d2a0892121)
The default policy for the "lockdown" access vector on Android was
introduced in commit bcfca1a6. While the "confidentiality" permission
was granted to all processes, the "integrity" was marked as
neverallowed.
Upstream, the support for that access vector was removed from kernel
5.16 onwards.
It was found that the "integrity" permission either does not apply to
Android or duplicates other access control (e.g., capabilities
sys_admin).
Instead of simply removing the neverallow rule, the access is granted to
all processes. This will prevent the proliferation of references to this
access vector in vendors' policies and ultimately facilitate its
removal.
Test: presubmit
Bug: 285443587
Bug: 269377822
Bug: 319390252
Change-Id: If2ad34fbbf2c0d29ac54ab5d1be430623f86f1f7
misctrl can set properties which can be injected into
bugreports.
Limit visibility of these properties so that no device
code can branch based off these properties.
Bug: 317262681
Test: bugreport
Change-Id: I74f6f240b08b2681540bca262dcc76bcdca9cdad
Give perfetto rw dir and create file permissions for new directory.
Give system server control to read, write, search, unlink files from new directory.
Test: locally ensure traces can be written by perfetto and accessed and deleted by system server
Bug: 293957254
Change-Id: Id015429b48ffffb73e7a71addddd48a22e4740bf
This reverts commit 7ee66a0391.
Reason for revert: The change is supposed to be a noop, trying it as a separate CL now
Change-Id: I0a1befb0015f39596423da7049040de6be18db65
This is an AIDL service exposed by Virtualization Service to system
server (VirtualizationSystemService).
The implementation is Rust so no fuzzer is required.
I've put this behind the flag on general principle.
Bug: 294177871
Test: atest MicrodroidTests
Change-Id: Ia867fe27fb2e76d9688e4ba650ebf7b3f51ee597
This reverts commit f77cf6780c.
Reason for revert: sepolicy change is still necessary. (won't break things)
Change-Id: If47218b39ac34c21f3e09d29a5e713b240c4f0a6
Bootanimation only access boot animation files on oem. Label
these files with bootanim_oem_file and remove oemfs file allow rule.
Also allow mediaserver and app to read this new label as they can access
/oem/media folder.
Bug: 324437684
Test: Confirm that boot animation on oem is shown without violations
Change-Id: I940ccde9391a5daa920f31926d32e68b1de5b7eb
Instead of centralized one se_flags module under system/sepolicy,
additional se_flags modules can be defined anywhere to support defining
downstream branches' own flagging.
Bug: 321875465
Test: TH
Test: soong test
Change-Id: I6e45c859b7f09e27ba1d60033b0db1424472cb63