Ideally, public should only contain APIs (types / attributes) for
vendor. The other statements like allow/neverallow/typeattributes are
regarded as implementation detail for platform and should be in private.
Bug: 232023812
Test: m selinux_policy
Test: diff <(git diff --staged | grep "^-" | cut -b2- | sort) \
<(git diff --staged | grep "^+" | cut -b2- | sort)
Test: remove comments on plat_sepolicy.cil, replace base_typeattr_*
to base_typeattr and then compare old and new plat_sepolicy.cil
Change-Id: I5e7d2da4465ab0216de6bacdf03077d37f6ffe12
Vendor_init needs to read this property to process event triggers
depending on ro.product.build.16k_page.enabled .
Test: th
Bug: 319335586
Change-Id: I4f52073fbd2a138d84162710c925f65cc705c356
- Add pm.dexopt.* properties.
- Add rules for running artd in chroot.
Bug: 311377497
Test: manual - Run Pre-reboot Dexopt and see no denial.
Change-Id: If5ff9b23e99be033f19ab257c90e0f52bf250ccf
This allows RecoverySystem to destroy all secretkeeper secrets before
rebooting into recovery, thus ensuring that secrets are unrecoverable
even if data wipe in recovery is interrupted or skipped.
Bug: 324321147
Test: Manual - System -> Reset options -> Erase all data.
Test: Hold VolDown key to interrupt reboot and stop at bootloader
screen.
Test: fastboot oem bcd wipe command && fastboot oem bcd wipe recovery
Test: fastboot reboot
est: Device reboots into recovery and prompts to factory reset:
Test: 'Cannot load Android system. Your data may be corrupt. ...
Change-Id: Ia0c9e4ecf839590ecbb478836efcd00bbeea5f47
Read access to this file is needed by any process that reads flags.
For now, exclude access to vendors.
Bug: 328444881
Test: m
Change-Id: I1899d2a0c61a6286fc285a532244730ad1e4a0fc
am skip reason: Merged-In Id015429b48ffffb73e7a71addddd48a22e4740bf with SHA-1 c5cb5a248d is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3002429
Change-Id: I17da2be60dc6d3b43b8d37661b1aa484ab5e1a65
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
am skip reason: Merged-In Id015429b48ffffb73e7a71addddd48a22e4740bf with SHA-1 c5cb5a248d is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3002429
Change-Id: I32d3f39b75c9c681cf762e685aeeed086cc7fc8f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
am skip reason: Merged-In I9750c24ffa26994e4f5deadd9d772e31211a446a with SHA-1 f008c29e47 is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3002428
Change-Id: Icad9512a24c7818896dbd9be9bad40686e3016e5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
am skip reason: Merged-In I9750c24ffa26994e4f5deadd9d772e31211a446a with SHA-1 f008c29e47 is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3002428
Change-Id: I31cdb90f3ffc7165785ad5535968437d029b29e1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This allows RecoverySystem to destroy all synthetic blob protector keys
and make FBE-encrypted data unrecoverable even if data wipe in recovery
is interrupted or skipped.
Bug: 324321147
Test: Manual - System -> Reset options -> Erase all data.
Test: Hold VolDown key to interrupt reboot and stop at bootloader
screen.
Test: fastboot oem bcd wipe command && fastboot oem bcd wipe recovery
Test: fastboot reboot
Test: Device reboots into recovery and prompts to factory reset:
Test: 'Cannot load Android system. Your data may be corrupt. ...
Change-Id: I5be2f9e8314d36448994f4f14ff585ded7095c8c
Backporting the original change would require aosp/2960462, aosp/2976451
and aosp/2982791. Simply add the exception and the basic type definition.
Test: m plat_policy_for_vendor.cil
Change-Id: I9750c24ffa26994e4f5deadd9d772e31211a446a
Merged-In: I9750c24ffa26994e4f5deadd9d772e31211a446a
am skip reason: Merged-In Ib172d101d68409f2500b507df50b02953c392448 with SHA-1 b4f42d449b is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3002427
Change-Id: I0133f83fe1ae742d2ea4725aec22e3cbfc4c5199
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
While testing aconfig storage file read by a demo app. We discovered
the need to do metadata_file:dir search in logcat log.
Bug: b/312459182
Test: demo app start
Change-Id: I0872ff192280228cc2270ae4a04755bc5cfbd9cc
Give perfetto rw dir and create file permissions for new directory.
Give system server control to read, write, search, unlink files from new directory.
Test: locally ensure traces can be written by perfetto and accessed and deleted by system server
Bug: 293957254
(cherry picked from https://android-review.googlesource.com/q/commit:c5cb5a248d1cda1557f19f98c92ffda96d44d31a)
Merged-In: Id015429b48ffffb73e7a71addddd48a22e4740bf
Change-Id: Id015429b48ffffb73e7a71addddd48a22e4740bf
Allow camera server to switch the scheduling policy
for certain time critical threads.
Bug: 323292530
Test: Manual using camera application,
Camera CTS
Change-Id: Ib665009c095efc21f65b1d8b3ddd9c2528c1c794
Just allow aconfig_storage_metadata_file:file read permission is not
enough to read the pb file, we also need
aconfig_storage_metadata_file:dir search permission.
Bug: b/312459182
Test: audit2allow after having demo app access the file
Change-Id: I1790ea84a56e83f43313af82378f245e2bb6597e
For aconfigd test, for atest to work, the shell domain needs to be able
to connect to aconfigd_socket. In addition, aconfigd needs to be able to
access the test storage files as shell_data_file. All these policies are
only needed for userdebug_or_eng build.
Bug: 312459182
Test: m, launch avd, atest, then audit2allow, no avc denials found
Change-Id: Ifb369f7e0000dfe35305fe976e330fa516ff440c
LMKD needs to be able to attach BPF tracepoints. It needs to be able to
access tracefs, attach and run bpf programs.
Test: m
Test: Verified no denials with lmkd and libmemevents integration
Bug: 244232958
Change-Id: I57248b729c0f011937bec139930ca9d24ba91c3b
Signed-off-by: Carlos Galo <carlosgalo@google.com>
Cancelling/ending traces wasn't working properly in the Developer
Telemetry APIs due to this missing rule. Now, calling destroyForcibly
on the Perfetto process running the trace successfully kills the
process.
Bug: 293957254
Test: locally with atest ProfilingFrameworkTests#testRequestProfilingCancel
Change-Id: I91d83dde01897eb9e48cf4a90e44d088c3f2a45f
