We added an auditallow for these permissions on 11/26/2019, and have not
seen any recent logs for this in go/sedenials. No other priv-app should
rely on this now that gmscore is running in its own domain.
Bug: 142672293
Test: TH
Change-Id: Ic2f68b3af861e0c00e2dea731c4d6b3255ab5175
Also, allow zygote to scan dirs in /mnt/expand and relabel.
Test: No denials at boot
Test: No denials seen when creating mounts
Bug: 143937733
Change-Id: I86e77d27f5e9fb2f5852f787c7e5d9179c7404aa
It follows examples of other APEX to make file_contexts of cronet
module as "android:path" property
Bug: 146416755
Test: atest cronet_e2e_tests
Test: atest CronetApiTest
Change-Id: I0608eb4bb43cee50f49217f19fb53f297fbf5ead
Merged-In: I0608eb4bb43cee50f49217f19fb53f297fbf5ead
We added an auditallow for these permissions on 12/11/2019, and have not
seen any recent logs for this in go/sedenials. No other priv-app should
rely on this now that gmscore is running in its own domain.
Bug: 142672293
Test: TH
Change-Id: Iaeaef560883b61644625b21e5c7095d4d9c68da9
We added an auditallow for these permissions on 11/26/2019, and have not
seen any recent logs for this in go/sedenials. No other priv-app should
rely on this now that gmscore is running in its own domain.
Bug: 142672293
Test: TH
Change-Id: I18f99f54385b7c4e7c2ae923eff4c76800323a73
We added an auditallow for these permissions on 11/26/2019, and have not
seen any recent logs for this in go/sedenials. No other priv-app should
rely on this now that gmscore is running in its own domain.
Bug: 142672293
Test: TH
Change-Id: I2a59cac8041646b548ba1a73fcd5fddabb4d1429
This property type will be used for read-only userspace reboot related
properties that are used to configure userspace reboot behaviour, e.g.:
* timeout for userspace reboot watchdog;
* timeout for services to terminate;
* timeout for services to shutdown;
* etc.
Since all this configuration is device specific, vendor_init should be
able to set these properties.
Test: build/soong/soong_ui.bash \
--make-mode \
TARGET_PRODUCT=full \
TARGET_BUILD_VARIANT=eng \
droid \
dist DIST_DIR=/tmp/buildbot/dist_dirs/aosp-master-linux-full-eng/funwithprops \
checkbuild
Bug: 135984674
Bug: 147374477
Change-Id: I1f69980aea6020e788d5d2acaf24c0231939907c
We added an auditallow for these permissions on 11/26/2019, and have not
seen any recent logs for this in go/sedenials. No other priv-app should
rely on this now that gmscore is running in its own domain.
Bug: 142672293
Test: TH
Change-Id: I554ace42852023521e94017b1e782b6a09129fdf
Looking at go/sedenials, we have learnt that other priv-apps rely on
this permission. The auditallow has served its purpose and can now be
removed.
Bug: 142672293
Test: TH
Change-Id: I9ba1cbfa9ae90ae64e78276e5c1a699aa2a7f864
Say, foo_type was introduced in 29.0 sepolicy and is in 29.0.ignore.cil.
Also assume (typeattributeset foo_type_29_0 (foo_type bar_type))
Make sure that above mapping is not expanded into 28.0.cil, 27.0.cil, etc.
Test: m selinux_policy
Test: build aosp/1199739
Change-Id: Ib564431ab67f555ea1ae650dc31a68121e9c6d84
The module is getting renamed, so rename all the policy
relating to it at the same time.
Bug: 137191822
Test: presubmit
Change-Id: Ia9d966ca9884ce068bd96cf5734e4a459158c85b
Merged-In: Ia9d966ca9884ce068bd96cf5734e4a459158c85b
(cherry picked from commit 6505573c36)
This is a test service for testing dynamic start/stop of AIDL services. In order to test realistic use cases with SELinux enabled, it requires the same permissions as a regular service.
Bug: 147153962
Test: aidl_lazy_test aidl_lazy_test_1 aidl_lazy_test_2
Change-Id: Ifc3b2eaefba9c06c94f9cf24b4474107d4e26563
This change flips the switch and stops running gmscore_app in permissive
mode. Looking at the data in go/sedenials, we don't see any untracked
denial that isn't occurring for the priv_app domain as well. gmscore
should have all the necessary permissions it had was running in the
priv_app domain.
Bug: 142672293
Test: Build, flash, boot.
Change-Id: I0db56671cdfccbd79cd303bc2a819260ef7677fe
This had been settable by vendors up to and including Q release by
making config_prop avendor_init writeable. We don't allow this any
more. This should be a real vendor settable property now.
Bug: 143755062
Test: adb logcat -b all | grep cameraservice
Test: atest CtsCameraTestCases
Change-Id: Id583e899a906da8a8e8d71391ff2159a9510a630
The original idea was to compartmentalize services for apps to access.
ex. an app that manage display brightness should not have access to
audio service.
However, identifying all services is hard and we often end up granting
app_api_service in practice to avoid unexpected crashes.
Bug: 147198856
Test: Remove device app_api_service related sepolicy and related process
remain functional
Change-Id: I3aafcf1a91847a97c86f1d7992653b806a713bd4
Looking at go/sedenials, we're fairly confident that this domain has all
the necessary permissions. This change enforces all the defined rules
for the permissioncontroller_app domain and unsets the permissive mode.
Bug: 142672293
Test: Green builds, no new selinux denials.
Change-Id: Idaaf2f7aa88b2981f9fab2f74350a934fe415d71
This reverts commit f536a60407.
Reason for revert: Resubmit the CL with the fix in vendor_init.te
Bug: 144534640
Test: lunch sdk-userdebug; m sepolicy_tests
Change-Id: I47c589c071324d8f031a0f7ebdfa8188869681e9
Define a new property_context vndk_prop for ro.product.vndk.version.
It is set by init process but public to all modules.
Bug: 144534640
Test: check if ro.product.vndk.version is set correctly.
Change-Id: If739d4e25de93d9ed2ee2520408e07a8c87d46fe
Noticed denials in go/sedenials. This permission is currently granted to
priv_app via app_api_service.
Bug: 142672293
Test: TH
Change-Id: I9834044b2ba13b12694e88ae5cec8eb5c38c658c
This type will be used for read-only properties used to configure
userspace reboot behaviour (e.g. whenever device supports it, watchdog
timeout, etc.).
Test: adb shell getprop ro.init.userspace_reboot.is_supported
Bug: 135984674
Change-Id: I387b2f2f6e3ca96c66c8fa3e6719d013d71f76c7
