tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
43402 commits 1 branch 0 tags 50 MiB
Commit graph

43402 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jiyong Park
680bacdc02 Fix typo: async_persist_write -> async_persist_writes am: a5365f94de am: 35903f86e2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2696854

Change-Id: I2ad32b7501c036bc2c241676856302cab515d9ba
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-08-07 19:50:12 +00:00
Jiyong Park
35903f86e2 Fix typo: async_persist_write -> async_persist_writes am: a5365f94de 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2696854

Change-Id: I8875228171d8ef75256d1a648c3970b6f6967fe5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-08-07 18:50:18 +00:00
Jiyong Park
a5365f94de Fix typo: async_persist_write -> async_persist_writes 
The correct property name that init uses ends with 's' and shown in [1].

[1] https://cs.android.com/android/platform/superproject/main/+/main:system/core/init/property_service.cpp;l=1513?q=ro.property_service.async_persist_writes&ss=android%2Fplatform%2Fsuperproject%2Fmain#:~:text=1512-,1513,-1514

Bug: 250125146
Test: N/A
Change-Id: I8cd09e2908d53ecb41a1dee621821a2faca604b1
 2023-08-08 02:01:50 +09:00
Treehugger Robot
710264c80c Merge "Use regular file for VM DTBO" into main am: 995ee52887 am: b32ef340d1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2691526

Change-Id: I542fd1f1db642b371f416fbf7f69a30547f41360
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-08-07 10:16:33 +00:00
Treehugger Robot
b32ef340d1 Merge "Use regular file for VM DTBO" into main am: 995ee52887 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2691526

Change-Id: I2267903bc9a53f6164f6661170cbb30c0759eff3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-08-07 09:35:51 +00:00
Treehugger Robot
995ee52887 Merge "Use regular file for VM DTBO" into main 2023-08-07 08:54:53 +00:00
Jakob Schneider
8989b19ac4 Merge "Add SEPolicy for the ArchiveManager/Service." into main am: 09916a69c9 am: ec62d1395c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2683127

Change-Id: I30b8344bc537ec4ed11240fc601bc3d5ba5dc9a0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-08-04 17:38:17 +00:00
Jakob Schneider
ec62d1395c Merge "Add SEPolicy for the ArchiveManager/Service." into main am: 09916a69c9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2683127

Change-Id: I4d764f612a3738dbff3917bd6dfa64eb2c0a5dbe
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-08-04 16:56:34 +00:00
Jakob Schneider
09916a69c9 Merge "Add SEPolicy for the ArchiveManager/Service." into main 2023-08-04 16:10:01 +00:00
Jakob Schneider
5c5a6af643 Add SEPolicy for the ArchiveManager/Service. 
Test: boots - CTS coming in a future change
Change-Id: Ia42bc21e1523c7b225b7c84c3a3f18dd3ed1a54f
 2023-08-04 14:13:03 +01:00
Inseob Kim
bbe514d9b3 Use regular file for VM DTBO 
Bug: 287379025
Test: adb shell /apex/com.android.virt/bin/vm run-microdroid \
      --protected --mem 512 --devices \
      /sys/bus/platform/devices/16d00000.eh
Change-Id: Id77c25f5f22672da9281078fc17f45087d893f4d
 2023-08-04 15:26:17 +09:00
Jiyong Park
0adf85a167 Merge "Label ro.property_service.async_persist_write as build_config_prop" into main am: bf36988355 am: 6e9db365e8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2689107

Change-Id: Ibf2e3b7a95626d01637bb959fc68d0491982bc63
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-08-04 05:29:05 +00:00
Jiyong Park
6e9db365e8 Merge "Label ro.property_service.async_persist_write as build_config_prop" into main am: bf36988355 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2689107

Change-Id: I01982d8e41eb34348027bc330ebae9a6b6312f55
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-08-04 04:46:29 +00:00
Jiyong Park
bf36988355 Merge "Label ro.property_service.async_persist_write as build_config_prop" into main 2023-08-04 04:09:48 +00:00
Treehugger Robot
47bef7e7ae Merge "Don't audit shell_test_data_file for runas_app" into main am: a1beaa570b am: f045f05f40 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2684453

Change-Id: If4220e1f759e53d1eb3acc2da8936d648d83d32a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-08-04 01:19:46 +00:00
Treehugger Robot
f045f05f40 Merge "Don't audit shell_test_data_file for runas_app" into main am: a1beaa570b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2684453

Change-Id: I666b057d77be6c9f5351d615e7b9813ebe236a1b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-08-04 00:37:53 +00:00
Treehugger Robot
a1beaa570b Merge "Don't audit shell_test_data_file for runas_app" into main 2023-08-04 00:06:39 +00:00
Fabien Sanglard
0876d7a978 Don't audit shell_test_data_file for runas_app 
Test: NA
Bug: 291838956
Change-Id: Iab61ade7fc105004c59da7b827f0aa5151b5f3ab
 2023-08-03 21:28:21 +00:00
Kangping Dong
3d003e1519 Merge "add sepolicy rules for OT daemon binder service" into main am: 9d965761ca am: 0fb33095a4 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2648124

Change-Id: I2948438cddbe921c244e05f05b1a357675dbcef4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-08-03 16:00:51 +00:00
Kangping Dong
0fb33095a4 Merge "add sepolicy rules for OT daemon binder service" into main am: 9d965761ca 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2648124

Change-Id: I21567f881a585d96a3605f6f1e2d6380daf9bd73
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-08-03 14:59:26 +00:00
Kangping Dong
9d965761ca Merge "add sepolicy rules for OT daemon binder service" into main 2023-08-03 14:13:21 +00:00
Kangping Dong
0b3e8c62ee add sepolicy rules for OT daemon binder service 
Bug: 262681784
Change-Id: I3b4d3603709a761ad1410b81c0e5b4e4fc51c43c
 2023-08-03 13:31:53 +08:00
Kelvin Zhang
8b7a70aa67 Merge "Give vold permission to wipe a block device" into main am: 0e7babefee am: e1f3828901 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2677935

Change-Id: I18b4d9aca4c766ebaf0c830e4f0193c6a7264fff
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-08-03 00:57:06 +00:00
Kelvin Zhang
e1f3828901 Merge "Give vold permission to wipe a block device" into main am: 0e7babefee 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2677935

Change-Id: I39a501d12dd53f773ee972aa62435d7ac9e5d262
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-08-03 00:11:33 +00:00
Kelvin Zhang
0e7babefee Merge "Give vold permission to wipe a block device" into main 2023-08-02 23:31:50 +00:00
Kelvin Zhang
2b413622ce Give vold permission to wipe a block device 
During mountFstab call, vold might need to wipe and re-format a device.
See code in system/vold/model/PublicVolume.cpp , PublicVolume::doFormat
Allow IOCTLs such as BLKDISCARDZEROES for wiping.

Test: th
Bug: 279808236
Change-Id: I0bebf850aa45ece6227fa5c3e9c3fdb38164f79e
 2023-08-02 14:27:08 -07:00
Treehugger Robot
1efce2fe90 Merge "Add permission for VFIO device binding" into main am: 6ebc7deb48 am: 5b2f696b93 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2682786

Change-Id: Idbe7867385fe39c7d8556d785b7370033d24cb9b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-08-02 12:05:46 +00:00
Treehugger Robot
5b2f696b93 Merge "Add permission for VFIO device binding" into main am: 6ebc7deb48 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2682786

Change-Id: I89dc6f0a066d0c793a693a0df83bdd0f4830a770
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-08-02 11:22:32 +00:00
Treehugger Robot
6ebc7deb48 Merge "Add permission for VFIO device binding" into main 2023-08-02 10:51:08 +00:00
Jiyong Park
b08766a6ea Label ro.property_service.async_persist_write as build_config_prop 
So far, it has been labeled as default_prop because there was no entry
for the sysprop in property_context. As a result, it couldn't be set by
vendor_init.

Fixing that by correctly labeling it. build_config_prop is defined as
`system_vendor_config_prop` which vendor_init can set.

Bug: 250125146
Test: adb root && adb shell ro.property_service.async_persist_write 1
adb shell getprop -Z ro.property_service.async_persist_write

shows [ro.property_service.async_persist_write]: [u:object_r:build_config_prop:s0]

Change-Id: Ib30c708c8c2693892503a8f0d590541984c2667b
 2023-08-02 16:21:07 +09:00
Inseob Kim
825056de9a Add permission for VFIO device binding 
vfio_handler will bind platform devices to VFIO driver, and then
return a file descriptor containing DTBO. This change adds
permissions needed for that.

Bug: 278008182
Test: adb shell /apex/com.android.virt/bin/vm run-microdroid \
      --devices /sys/bus/platform/devices/16d00000.eh --protected
Change-Id: Ie947adff00d138426d4703cbb8e7a8cd429c2272
 2023-08-02 15:06:51 +09:00
Jooyung Han
c9b5da0c12 Merge "Revert "Add /bootstrap-apex"" into main am: e9e32f58a1 am: 2ef2c05c8a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2685547

Change-Id: I48d112898ba12a481868e97c116deea60c331343
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-08-01 12:00:10 +00:00
Jooyung Han
2ef2c05c8a Merge "Revert "Add /bootstrap-apex"" into main am: e9e32f58a1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2685547

Change-Id: I0e5e37ec8611d17aefac3eb235d747fe706a934a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-08-01 11:19:12 +00:00
Jooyung Han
e9e32f58a1 Merge "Revert "Add /bootstrap-apex"" into main 2023-08-01 10:44:45 +00:00
Jooyung Han
aca291806e Revert "Add /bootstrap-apex" 
Revert submission 2666915-share-bootstrap

Reason for revert: b/293949266 vold_prepare_subdirs fails to create apexdata directories.

Reverted changes: /q/submissionid:2666915-share-bootstrap

Change-Id: Idab6db691c1130a1f5d596f5e05783cab7fdde05
 2023-08-01 09:06:42 +00:00
Jooyung Han
2dcdd781d3 Merge "Add /bootstrap-apex" into main am: 8b295ddaf2 am: 3b025b39ec 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2666935

Change-Id: I02c7c5c7439a42bbfce30706c7afb28640df603c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-31 23:09:37 +00:00
Jooyung Han
3b025b39ec Merge "Add /bootstrap-apex" into main am: 8b295ddaf2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2666935

Change-Id: I0f2d5a800f865caf2c3d35e263880d630a661ff6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-31 22:25:08 +00:00
Jooyung Han
8b295ddaf2 Merge "Add /bootstrap-apex" into main 2023-07-31 21:53:57 +00:00
Inseob Kim
add7efee41 Ensure vendor seapp contexts can't use coredomain am: d7d3609af7 am: b2d5c7529c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2638235

Change-Id: Ic6a9f623746875170434ecd10ae2f8e2df630a13
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-31 03:19:58 +00:00
Inseob Kim
b2d5c7529c Ensure vendor seapp contexts can't use coredomain am: d7d3609af7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2638235

Change-Id: I964b981ccc9f0befe2ca81574f7effdfd571d920
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-31 02:40:32 +00:00
Inseob Kim
d7d3609af7 Ensure vendor seapp contexts can't use coredomain 
Bug: 280547417
Test: build
Change-Id: Iadff17523767f91f073c6569400e17f1da55fbdc
 2023-07-28 16:18:11 +09:00
Lee George Thomas
03cf825b41 Merge "Label /data/misc/bootanim with bootanim_data_file." into main am: db1535a09b am: a348e5c69a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2676595

Change-Id: If4b5e75911e48e8655d105183126e48f31c8293e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-27 20:00:55 +00:00
Lee George Thomas
a348e5c69a Merge "Label /data/misc/bootanim with bootanim_data_file." into main am: db1535a09b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2676595

Change-Id: Ia0fe829fa48a1197961e365df7f75cd40d19ba7d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-27 18:32:28 +00:00
Lee George Thomas
db1535a09b Merge "Label /data/misc/bootanim with bootanim_data_file." into main 2023-07-27 17:34:08 +00:00
Treehugger Robot
c09b371bad Merge "Remove redundant allows" into main am: 598de5b6c8 am: e3fec04da1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2677815

Change-Id: Id0834a2437bb9d95c3fd525026fe3cfcc9e60127
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-27 11:00:27 +00:00
Treehugger Robot
e3fec04da1 Merge "Remove redundant allows" into main am: 598de5b6c8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2677815

Change-Id: I866a4c2715f368af0c2d48e5de79bfba8bb270af
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-27 09:54:56 +00:00
Treehugger Robot
598de5b6c8 Merge "Remove redundant allows" into main 2023-07-27 09:23:23 +00:00
Eric Biggers
5be91be28c Merge "Revert "Remove fsverity_init SELinux rules"" into main am: dfe3906e7b am: 9def335a7e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2676759

Change-Id: Id87d9dee76b3b4e49ccf69b6f9bcd6a9ff91fb23
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-26 19:54:15 +00:00
Eric Biggers
9def335a7e Merge "Revert "Remove fsverity_init SELinux rules"" into main am: dfe3906e7b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2676759

Change-Id: I4bd15df782993f7694e34e4093d68b24443601d6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-26 19:08:06 +00:00
Eric Biggers
dfe3906e7b Merge "Revert "Remove fsverity_init SELinux rules"" into main 2023-07-26 18:06:52 +00:00