tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
41821 commits 1 branch 0 tags 50 MiB
Commit graph

182 commits

Author SHA1 Message Date
Nathalie Le Clair
6ab4000288 Merge "HDMI: Refactor HDMI packages" am: 98e20da831 am: b1b7c91270 am: 410ee2e7b1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2353483

Change-Id: Iebc38ccef625de72fdb585b27ffec979c5c6596f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-10 17:50:39 +00:00
Nathalie Le Clair
98e20da831 Merge "HDMI: Refactor HDMI packages" 2023-01-10 17:05:17 +00:00
Treehugger Robot
13d814b459 Merge "Add newline between contexts inputs" am: 17ac4a53f8 am: 95b80b7322 am: 1c650edd1a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2375548

Change-Id: Ib87543854ff33b46bf5636f83ea86fdf6a94a2eb
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-06 04:20:48 +00:00
Inseob Kim
35e9d41af3 Add newline between contexts inputs 
Bug: 263818248
Test: manual
Change-Id: I0ae98aac5044e42c8c6bf2bb1a3183510ec734de
 2023-01-04 15:27:32 +09:00
Treehugger Robot
064b0e451b Merge "EARC: Add Policy for EArc Service" am: 6baccc1d8e am: 1791ca2220 am: 5efaa62b95 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2320410

Change-Id: Iba53b7a01332976ef1fdf36a0c736aaebba9348a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-04 05:02:45 +00:00
Treehugger Robot
6baccc1d8e Merge "EARC: Add Policy for EArc Service" 2023-01-04 03:30:47 +00:00
Venkatarama Avadhani
5a86d5f3f3 HDMI: Refactor HDMI packages 
Organize the HDMI packages into CEC, EArc and connection under a common
hdmi package.

Bug: 261729059
Test: atest vts_treble_vintf_framework_test
      atest vts_treble_vintf_vendor_test
Change-Id: Ief5bff996028775ea355b392a4028a091fb83b99
 2022-12-27 18:15:26 +05:30
Venkatarama Avadhani
0f0861af8f EARC: Add Policy for EArc Service 
Test: atest vts_treble_vintf_framework_test
      atest vts_treble_vintf_vendor_test
Bug: 240388105
Change-Id: I561f647a68553fa0134f2e1bd65b0f18dd1785f1
 2022-12-27 18:11:36 +05:30
Treehugger Robot
4ddb01576e Merge "Add SELinux policy for sound dose HAL" am: 62894399c3 am: f6872e0ea8 am: 9db7dccfe4 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2361860

Change-Id: I5e51556a15e00da894b8f7660954717d3fcaaeda
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-19 21:19:24 +00:00
Vlad Popa
48dd5f7ac4 Add SELinux policy for sound dose HAL 
Note that this HAL is meant only as a workaround until the OEMs will
switch to the AIDL audio HAL.

Test: bluejay-userdebug
Bug: 257937004
Change-Id: Id01da9606f73354a01a94aace8a8966a09038fda
 2022-12-16 21:42:06 +01:00
Calvin Pan
8aae52f1bc Merge "Add grammatical_inflection service" am: f56dfeb2d4 am: ecdc4715bc am: 2a53d04c95 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2352743

Change-Id: I1bb81cf69f539049cee1e7afd2b61247f79af6a7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-15 10:15:27 +00:00
Calvin Pan
f56dfeb2d4 Merge "Add grammatical_inflection service" 2022-12-15 07:38:01 +00:00
Avichal Rakesh
72ea9c9983 Merge "cameraservice: Add selinux policy for vndk cameraservice." am: 95ecfc2f33 am: 5e5c23595e am: 062567b1b3 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2346843

Change-Id: I706d6ce19cba7633e998b1287250b6927bf795ae
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-15 00:47:46 +00:00
Avichal Rakesh
95ecfc2f33 Merge "cameraservice: Add selinux policy for vndk cameraservice." 2022-12-14 22:49:47 +00:00
Avichal Rakesh
0febfbd952 cameraservice: Add selinux policy for vndk cameraservice. 
This CL adds a new cameraservice type to allow vendor clients of
cameraservice to query and find the stable cameraservice
implementation.

Bug: 243593375
Test: Manually tested that cameraservice can register a vendor facing
      instance.
Change-Id: I61499406d4811c898719abcb89c51b4b8a29f4a7
 2022-12-14 20:46:43 +00:00
Calvin Pan
a9b1c2299c Add grammatical_inflection service 
This new service is exposed by system_server and available to all apps.

Bug: 259175720
Test: atest and check the log
Change-Id: I522a3baab1631589bc86fdf706af745bb6cf9f03
 2022-12-14 05:22:53 +00:00
Pomai Ahlo
df3dd86f94 Merge "[ISap hidl2aidl] Update ISap in sepolicy" am: ab3a546000 am: 0824aff623 am: f2be496223 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2339122

Change-Id: Ia7b450f3a130465e63c1771114e27abd0acc5b14
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-13 22:19:59 +00:00
Pomai Ahlo
ab3a546000 Merge "[ISap hidl2aidl] Update ISap in sepolicy" 2022-12-13 20:57:24 +00:00
Treehugger Robot
7eaa454dca Merge "Add all supported instance names for audio IModule" am: ffae136437 am: 7ea2e57cb2 am: 13fe16936e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2336911

Change-Id: I9cce4e6a310eefabd0e46a7b05460ee6c2d4c803
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-13 20:15:04 +00:00
Treehugger Robot
1043456d8c Merge "sepolicy: Add Bluetooth AIDL" am: 8cce74d7e0 am: 920af49203 am: f97fd45474 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2238140

Change-Id: Ie5597ee415918d1aa8449f1937ac5168bfabc26e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-13 20:14:36 +00:00
Treehugger Robot
ffae136437 Merge "Add all supported instance names for audio IModule" 2022-12-13 19:30:00 +00:00
Treehugger Robot
8cce74d7e0 Merge "sepolicy: Add Bluetooth AIDL" 2022-12-13 18:26:03 +00:00
Mikhail Naganov
2293f5eb0b Add all supported instance names for audio IModule 
In AIDL, there is no 'factory' interface for retrieving
modules, instead each module is registered individually
with the ServiceManager.

Bug: 205884982
Test: atest VtsHalAudioCoreTargetTest
Change-Id: I55cdae0640171379cda33de1534a8dc887583197
 2022-12-13 01:17:46 +00:00
Chris Weir
4bead1ab07 Merge "SEPolicy for AIDL CAN HAL" am: caf905ff3c am: e640405f81 am: 448cfc4fb0 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2291528

Change-Id: I6403f38f89da90d3ca9fb285f100c3831b35b021
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-12 12:58:48 +00:00
Pomai Ahlo
5f4421fae5 [ISap hidl2aidl] Update ISap in sepolicy 
Change instances of android.hardware.radio.sim.ISap to android.hardware.radio.sap.ISap

ISap is no longer going to be with IRadioSim in the sim
directory.  It will be in its own sap directory.

Test: m
Bug: 241969533
Change-Id: I362a0dc6e4b81d709b24b2fa2d879814ab232ad4
 2022-12-10 01:13:13 +00:00
Chris Weir
caf905ff3c Merge "SEPolicy for AIDL CAN HAL" 2022-12-09 22:09:12 +00:00
Chris Weir
eee59458c2 SEPolicy for AIDL CAN HAL 
CAN HAL moving to AIDL, SEPolicy will need to be adjusted.

Bug: 170405615
Test: AIDL CAN HAL VTS
Change-Id: I0d238d38aebb5895ae27fcb52cf43cd481327421
 2022-12-09 11:00:10 -08:00
Pomai Ahlo
1bae94773e Merge "[ISap hidl2aidl] Add ISap to sepolicy" am: 90d117d661 am: 992b8aa2f3 am: be4f240892 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2329593

Change-Id: I746bfd8f6866c070c889e4482a5cba4016b1cf91
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-08 18:41:42 +00:00
Pomai Ahlo
90d117d661 Merge "[ISap hidl2aidl] Add ISap to sepolicy" 2022-12-08 17:32:38 +00:00
Treehugger Robot
8696a544e8 Merge "Add permissions for remote_provisioning service" am: 61d823f9c7 am: aeaf422fe5 am: e3df03bc24 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2263548

Change-Id: I160a31da6e765e050c0278b8851a4f241619a951
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-07 18:57:57 +00:00
Charlie Wang
c1bbeb20bd Merge "SELinux policy changes for Wearable Sensing APIs." 2022-12-07 14:09:46 +00:00
Seth Moore
3accea479a Add permissions for remote_provisioning service 
Bug: 254112668
Test: manual + presubmit
Change-Id: I54d56c34ad4a8199b8aa005742faf9e1e12583c3
 2022-12-06 08:46:20 -08:00
Jiyong Park
ef56721555 Add permissive_domains_on_user_builds to se_policy_binary 
In Android, we don't allow any domain to be permissive in user builds.
However, in Microdroid permissive domains should be allowed even in user
builds because fully debuggable VMs (where adb root is supported) can be
created there.

This change adds a new property `permissive_domains_on_user_builds` to
the `se_policy_binary` module as a controlled way of adding exceptions
to the enforcement.

Bug: 259729287
Test: m. This CL doesn't add any exception.
Change-Id: I2ae240e92dfdeadd827f027534e3e11ce4534240
 2022-12-06 10:41:29 +09:00
Pomai Ahlo
ff82b77ae8 [ISap hidl2aidl] Add ISap to sepolicy 
Test: m
Bug: 241969533
Change-Id: If9b67605481132d2908adae9fa1f9b1501c37ea0
 2022-12-05 16:23:25 -08:00
Charlie Wang
bf61b00eb7 SELinux policy changes for Wearable Sensing APIs. 
API changes are in ag/20407841. Please note we're still going through
security reviews here: b/249996246 and will incorporate feedback as we
go through the process. These selinux policies will enable the
WearableSensingService to run and unblock upstream development work.

Test: Ensure no build failures, ensure no SecurityException on boot
Bug: 249135378, 244181656
Ignore-AOSP-First: to prevent new feature leak.
Change-Id: I597827766cc3ed68ae65fb177f518eaf874f1eda
 2022-12-05 09:20:14 -08:00
Myles Watson
671a0c3bda sepolicy: Add Bluetooth AIDL 
Bug: 205758693
Test: manual - boot local image with Cuttlefish
Change-Id: Ic0c5408d83f8c352b72f79e9024212c7ff0c84c1
 2022-12-02 13:08:26 -08:00
Steven Moreland
c3802445d0 Merge "sepolicy for SE HAL" 2022-11-29 22:30:40 +00:00
Devin Moore
371f7a448e Add AIDL sensorservice's new fuzzer to the mapping 
Test: atest libsensorserviceaidl_fuzzer
Bug: 205764765
Change-Id: I6b81f110df4573e135746c9d2031d2469bcc43fc
 2022-11-18 19:32:50 +00:00
Devin Moore
45d8baf70d Merge "Add sepolicy for new AIDL sensorservice" 2022-11-18 19:21:47 +00:00
Steven Moreland
4c6586817a sepolicy for SE HAL 
Bug: 205762050
Test: N/A
Change-Id: I76cd5ebc4d0e456a3e4f1aa22f5a932fb21f6a23
 2022-11-15 22:41:09 +00:00
Devin Moore
e714ba95ed Add sepolicy for new AIDL sensorservice 
Test: boot cuttlefish and check for avc denials
Bug: 205764765
Change-Id: Ie9d02b43250ca3c5f642b2d87d2a5b532a9b5195
 2022-11-14 17:26:24 +00:00
Sandeep Dhavale
d64fb55474 Merge "Fastboot AIDL Sepolicy changes" 2022-11-10 18:29:00 +00:00
Sandeep Dhavale
f0ea953e60 Fastboot AIDL Sepolicy changes 
Bug: 205760652
Test: Build & flash
Change-Id: I2709c5cc2ca859481aac6fecbc99fe30a52a668b
Signed-off-by: Sandeep Dhavale <dhavale@google.com>
 2022-11-09 22:21:27 +00:00
Lakshman Annadorai
4d277b7baa Revert "Add sepolicies for CPU HAL." 
This reverts commit f4ab6c9f3c.

Reason for revert: CPU HAL is no longer required because the CPU frequency sysfs files are stable Linux Kernel interfaces and could be read directly from the framework.

Change-Id: I8e992a72e59832801fc0d8087e51efb379d0398f
 2022-11-09 16:47:07 +00:00
Lakshman Annadorai
f4ab6c9f3c Add sepolicies for CPU HAL. 
Change-Id: Ia091bf8f597a25351b5ee33b2c2afc982f175d51
Test: Ran `m; emulator; adb logcat -b all -d > logcat.txt;`
      and verified CPU HAL is running without any sepolicy violation.
Bug: 252883241
 2022-11-04 18:13:00 +00:00
Pawan Wagh
704df9c0e5 Use EXCEPTION_NO_FUZZER as default in fuzzer bindings 
Bug: 257294037
Test: m
Change-Id: Iadc5cb3dde2a2b990e028e63a0cac8c5bdf6a0e4
 2022-11-03 20:54:33 +00:00
Steven Moreland
e5ff93de78 Merge "Adding trusty-confirmationui service fuzzer binding." 2022-11-01 17:04:48 +00:00
Treehugger Robot
e6a43ec4c9 Merge "Add selinux rules for android.hardware.usb.gadget.IUsbGadget AIDL migration" 2022-10-27 14:03:48 +00:00
Ricky Niu
fc1463c164 Add selinux rules for android.hardware.usb.gadget.IUsbGadget AIDL migration 
Covers the rules needed for the default AIDL implementation.

10-26 10:22:42.408   448   448 I auditd  : type=1400 audit(0.0:95): avc: denied { read } for comm="android.hardwar" name="interrupts" dev="proc" ino=4026531995 scontext=u:r:hal_usb_gadget_default:s0 tcontext=u:object_r:proc_interrupts:s0 tclass=file permissive=0

Bug: 218791946
Test: reboot and check if AIDL service is running.

Signed-off-by: Ricky Niu <rickyniu@google.com>
Change-Id: I8bdab3a682398f3c7e825a8894f45af2a9b6c199
 2022-10-27 15:42:56 +08:00
Rajesh Nyamagoud
f9fed0102e Adding trusty-confirmationui service fuzzer binding. 
Bug: b/205760172
Test: m
Change-Id: I448fcaf2c9440689312e273c608b44f415ccf1f4
 2022-10-25 17:11:05 +00:00