tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
35342 commits 1 branch 0 tags 50 MiB
Commit graph

35342 commits

This branch
This branch
All branches
Author SHA1 Message Date
Treehugger Robot
ae1acbe12d Merge "Touch up microdroid sepolicy after removing keystore" 2022-01-28 17:53:34 +00:00
Ken Chen
1aed006a77 Move pf_key socket creation permission to system_server 
Allow system_server to trigger the kernel synchronize rcu with open and
close pf_key socket. This action was previously done by netd but now
it need to be done by system_server instead because the handling code in
netd are moved to mainline module which will be loaded by system_server
in JNI mode.

Note: the permission will be removed from netd once all bpf interactions
have moved out of netd.

Bug: 202086915
Test: android.app.usage.cts.NetworkUsageStatsTest
      android.net.cts.TrafficStatsTest
Change-Id: I440e0c87193775115a9b9ffb19270c47b01b082e
 2022-01-28 17:12:51 +01:00
Etienne Ruffieux
cdd0c11743 Bluetooth boot time start service 
Added new sysprops to retrieve Bluetooth configs

Tag: #feature
Test: manual
Bug: 216497194
Change-Id: I94c771f87fdeb5497b81d2098193b4cd230654b6
 2022-01-28 14:44:15 +00:00
Treehugger Robot
2c1fee1a67 Merge "Add Media metrics rule to API 32 prebuilts." am: d5bd56d11f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1965040

Change-Id: Ic7899e82ec749bfe149f4af9bbb79a17ddb11b0f
 2022-01-28 13:56:31 +00:00
Treehugger Robot
d5bd56d11f Merge "Add Media metrics rule to API 32 prebuilts." 2022-01-28 13:39:54 +00:00
Andrew Scull
533b300516 Merge changes from topic "udroid-get-km-gone" am: 5abe95a6c4 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1964121

Change-Id: I2626fbced6306fb052f5431de7437077ad8ffc94
 2022-01-28 13:28:55 +00:00
Andrew Scull
afe5463d2d Remove keymint from microdroid sepolicy am: af2c894f2c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1964120

Change-Id: Ie768cbb75eae116f482cbd453c4701eb1998d28a
 2022-01-28 13:28:53 +00:00
Andrew Scull
9201c5228b Remove keystore from microdroid sepolicy am: f75d5cde48 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1964119

Change-Id: I36f1a90ae0c82476a6bce62e7ede4daeca42448c
 2022-01-28 13:28:52 +00:00
Andrew Scull
5abe95a6c4 Merge changes from topic "udroid-get-km-gone" 
* changes:
  Remove hwservicemanager from microdroid sepolicy
  Remove keymint from microdroid sepolicy
  Remove keystore from microdroid sepolicy
 2022-01-28 13:12:53 +00:00
Andrew Scull
6f2529c01b Touch up microdroid sepolicy after removing keystore 
Avoid divergence in the files that will eventually shared with the main
Android sepolicy and fix a style mistake.

Bug: 215747811
Test: atest MicrodroidTests
Change-Id: I40b0bebb432d73ab6ab847c117e72d8bc18fe873
 2022-01-28 13:07:16 +00:00
Jeff Vander Stoep
fd5dd79984 Build precompiled_sepolicy.apex_sepolicy.sha256 
This ensures that precompiled policy can be checked against updatable
sepolicy from com.android.sepolicy. This saves ~1s of boot time.

Bug: 199914227
Test: build, verify that precompiled_sepolicy.apex_sepolicy.sha256
exists.

Change-Id: I1ce6b3363d418c073f95f120908107604799fd26
 2022-01-28 13:45:39 +01:00
Lalit Maganti
dc933135a0 Merge "sepolicy: add permissions for trace reporting" am: 34fb0d8933 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1918625

Change-Id: Ib271bebdc76a50f24d1d44cb70ea886252688250
 2022-01-28 12:35:45 +00:00
Lalit Maganti
34fb0d8933 Merge "sepolicy: add permissions for trace reporting" 2022-01-28 12:15:57 +00:00
Dario Freni
75bc16cba8 Add Media metrics rule to API 32 prebuilts. 
Bug: 190422448
Test: presubmit
Change-Id: I304278b9d15f89d0e04d5268af2ac82ac97acd84
 2022-01-28 11:47:17 +00:00
Treehugger Robot
770fec0a15 Merge "Allow zygote to setattr cgroup" am: e2f870f099 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1859781

Change-Id: Ia3d97fc7039a3568c72dda55535b49866d5ca037
 2022-01-28 10:52:33 +00:00
Treehugger Robot
e2f870f099 Merge "Allow zygote to setattr cgroup" 2022-01-28 10:33:32 +00:00
Thiébaud Weksteen
9ebf0c8ecf Split sepolicy_neverallow rule 
sepolicy_neverallow is based on a combination of calling checkpolicy
followed by sepolicy-analyze. If the first tool fails, the error message
associated with the second is returned, which is misleading.

Separate both part of the rule using a new build command.

Bug: 175911415
Test: Modify policy to trigger neverallow (checkpolicy); no misleading
    messages from sepolicy-analyze
Change-Id: I5977ced23dee09a28c7df334e4790d212e0db0c1
 2022-01-28 13:51:36 +11:00
Thiébaud Weksteen
6390b3f090 Grant getpgid to system_server on zygote 
Should system_server kill zygote on crashes, it will attempt to kill any
process in the same process group. This ensures that no untracked
children are left.

Bug: 216097542
Test: m selinux_policy
Change-Id: Ie16074f76e351d80d9f17be930a731f923f99835
 2022-01-28 13:47:20 +11:00
Treehugger Robot
45a466e098 Merge "Changes in SELinux Policy for cloudsearch API naming" am: 27416257f3 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1963460

Change-Id: I52583715a25d36d0fefbe337d66e94116d40c135
 2022-01-28 02:01:35 +00:00
Treehugger Robot
27416257f3 Merge "Changes in SELinux Policy for cloudsearch API naming" 2022-01-28 01:45:02 +00:00
Andrew Scull
af2c894f2c Remove keymint from microdroid sepolicy 
The keymint HAL has been removed from microdroid to remove the
corresponding sepolicy.

Bug: 215747811
Test: atest MicrodroidTests
Change-Id: I08aae50dd9a4575954db40ec974625e43bff2335
 2022-01-27 21:48:37 +00:00
Andrew Scull
f75d5cde48 Remove keystore from microdroid sepolicy 
The keystore service has been removed from microdroid to remove the
corresponding sepolicy.

Bug: 215747811
Test: atest MicrodroidTests
Change-Id: I6600b47f8b8c6bba05b1f59b4d87713283805817
 2022-01-27 21:48:37 +00:00
Andrew Scull
6c288a2676 Remove hwservicemanager from microdroid sepolicy 
With the keymint HAL removed from microdroid, there are no more legacy
HALs meaning no further need for hwservicemanager.

Bug: 215747811
Test: atest MicrodroidTests
Change-Id: I111f3456399ef91e51d1cfead67659601c23db9e
 2022-01-27 21:48:37 +00:00
Hui Wu
42d24fd59d Changes in SELinux Policy for cloudsearch API naming 
Bug: 216507592
Test: Presubmit Tests
Change-Id: I5aa647d146cfea0b44efb4c247d9856e0666ea86
 2022-01-27 13:42:17 -08:00
Treehugger Robot
21a37767ab Merge "Add sepolicy for new bluetooth device/profile sysprops" am: 98a4bc34a7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1954976

Change-Id: I8f510f48e3104efb0530cf1c0e3c01ea5245568e
 2022-01-27 19:30:11 +00:00
Treehugger Robot
98a4bc34a7 Merge "Add sepolicy for new bluetooth device/profile sysprops" 2022-01-27 19:17:02 +00:00
Seth Moore
3ac43c6044 Merge "Revert^2 "Allow default identity service to call keymint"" am: 9e2ff8d975 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1960027

Change-Id: Ic9825cb50b8f825b4c37b38063df72dd05590d73
 2022-01-27 18:34:32 +00:00
Seth Moore
9e2ff8d975 Merge "Revert^2 "Allow default identity service to call keymint"" 2022-01-27 18:18:12 +00:00
Robert Shih
4968374205 Add sepolicy for DRM AIDL HAL 
Bug: 208486736
Test: atest VtsAidlHalDrmTargetTest
Change-Id: Ia2b1488a564d94384d183d30291fbf5a6d2df4ab
 2022-01-27 01:51:05 -08:00
Sal Savage
568662f953 Add sepolicy for new bluetooth device/profile sysprops 
Bug: 215225542
Test: make -j; atest BluetoothInstrumentationTests
Change-Id: Ia532eca413a778b46ea392586d7affc2fd43b90b
 2022-01-26 13:09:17 -08:00
Treehugger Robot
d0a3b18e55 Merge "Move mtectrl to private" am: 6003019fa8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1958841

Change-Id: I9666cac77b262fd86581cd5e6b9c8d5f4970e692
 2022-01-26 09:43:44 +00:00
Treehugger Robot
6003019fa8 Merge "Move mtectrl to private" 2022-01-26 09:30:59 +00:00
Florian Mayer
b54919630f Merge "[mte] add property to globally enable mte." am: 0f30f3d8ff 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1959654

Change-Id: I71548ab12c26cacd10d0d40079a4b2d7cf01990e
 2022-01-26 00:10:26 +00:00
Inseob Kim
3bd63cc206 Move mtectrl to private 
Because mtectrl is a system internal domain, and we don't need to expose
the type to vendor.

Test: build and boot
Change-Id: Idb5c4a4c6f175e338722971944bf08ba99835476
 2022-01-26 08:59:55 +09:00
Florian Mayer
0f30f3d8ff Merge "[mte] add property to globally enable mte." 2022-01-25 23:59:01 +00:00
Seth Moore
9c8fbe47ec Merge "Revert "Allow default identity service to call keymint"" am: c725aaf974 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1959803

Change-Id: I98529c868fda5e1c76a25cb14c77be4e7a7d31be
 2022-01-25 23:18:25 +00:00
Seth Moore
ea3b7e8938 Revert^2 "Allow default identity service to call keymint" 
5a1e60c090

Change-Id: Ia04a96e6b5ce89b8ef5f34c33279e58c4de6430c
 2022-01-25 23:04:37 +00:00
Seth Moore
c725aaf974 Merge "Revert "Allow default identity service to call keymint"" 2022-01-25 23:03:24 +00:00
Seth Moore
5a1e60c090 Revert "Allow default identity service to call keymint" 
Revert submission 1956689-add rkp to identity-default

Reason for revert: Broke git-master. Will resubmit later.
Reverted Changes:
I96dcf3027:Add remote key provisioning to the IC HAL
Id686ac33a:Add dependency on keymint cpp lib
Ib368a2a00:Log to logd in the default identity service
I7d2906de0:Refactor IC support for RKP
Iae0f14f1c:Fix formatting of identity credential aidl
I01d086a4b:Allow default identity service to call keymint

Change-Id: I22a9e9bf8b7edc3d6b635b3e4a07a2efc4ff087a
 2022-01-25 22:44:24 +00:00
Treehugger Robot
6d0eabd67b Merge "Delete more unused policies by CompOS" am: fabaac131a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1959643

Change-Id: I5f85e8f63a09bc65900daf0490004ef4bbf2b258
 2022-01-25 21:02:33 +00:00
Treehugger Robot
fabaac131a Merge "Delete more unused policies by CompOS" 2022-01-25 20:54:41 +00:00
Treehugger Robot
66d98a7bbe Merge "Add context for ro.boot.microdroid.debuggable property" am: c8ff1677ed 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1958826

Change-Id: I0ee83d33a3642a6bf10bff80a4f82a5852ab88be
 2022-01-25 20:54:29 +00:00
Seth Moore
618c2d04cc Merge "Allow default identity service to call keymint" am: 63fa21b46a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1954396

Change-Id: I519466daae1613657463a2d589182a864e094a4d
 2022-01-25 20:53:30 +00:00
Treehugger Robot
c8ff1677ed Merge "Add context for ro.boot.microdroid.debuggable property" 2022-01-25 20:41:07 +00:00
Seth Moore
63fa21b46a Merge "Allow default identity service to call keymint" 2022-01-25 20:33:01 +00:00
Andrew Scull
20558224de Give DICE HAL access to driver am: f451a1407f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1959022

Change-Id: I1898ab6807ecdb18fa4b3dff236867bc0424b074
 2022-01-25 17:59:46 +00:00
Florian Mayer
be3197c996 [mte] add property to globally enable mte. 
Bug: 216305376

Change-Id: I25d0b3c9d0e7e6bba14eedf9b833c5e07786ec71
 2022-01-25 17:21:58 +00:00
Victor Hsieh
ea38d6925d Delete more unused policies by CompOS 
Bug: 205750213
Test: TH
Change-Id: Ie08465e8801a74d61f85715e85a856293c4232d5
 2022-01-25 08:40:46 -08:00
Andrew Scull
30373f3015 Add context for ro.boot.microdroid.debuggable property 
This property is read by microdroid_manager to check whether the VM is
in debug mode. Give it a context to satisfy the sepolicy.

Bug: 214231981
Test: atest MicrodroidTestApp
Change-Id: I9d4bda5e487324c95229c7978e8fe0a53fa9f616
 2022-01-25 16:07:21 +00:00
Andrew Scull
f451a1407f Give DICE HAL access to driver 
The driver facilitates the handover of values from the bootloader so
needs to be accessible by the HAL.

Bug: 214231981
Test: run microdroid with a "google,open-dice" DT node
Change-Id: Ib5317e6a42befe22d8f1dbefeb9803f5ec92b061
 2022-01-25 15:22:42 +00:00