tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
37519 commits 1 branch 0 tags 50 MiB
Commit graph

37519 commits

This branch
This branch
All branches
Author SHA1 Message Date
Ady Abraham
3f045e296e Allow hal_graphics_composer to write to a pipe 
We would like SurfaceFlinger to be able to create a pipe and provide
the write-end to the graphics composer to dump debug info for dumpsys.
    
 Bug: 220171623
 Test: atest VtsHalGraphicsComposer3_TargetTest
 Test: adb shell dumpsys SurfaceFlinger
 Test: adb shell dumpsys android.hardware.graphics.composer3.IComposer/default

Change-Id: Ie2cbe76fb0d224235a8ea99f68a20e2139e1cc56
 2022-02-19 01:09:41 +00:00
Suren Baghdasaryan
e121dc5ae2 Add ro.lmk.stall_limit_critical property policies 
Add policies to control ro.lmk.stall_limit_critical lmkd property.

Bug: 205182133
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: Ie5e68dc358c1657501cb59afaba0385697210ccf
 2022-02-18 13:39:28 -08:00
Yabin Cui
f3dc16fb68 Merge "profcollectd: allow to request wakelock from system_suspend." am: 2f2ff42a24 am: 06e7873d64 am: 53c6f8fa88 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1989138

Change-Id: Ie875ed5de66ac9abb4472883889ee9a9bce71510
 2022-02-18 17:24:56 +00:00
Yabin Cui
53c6f8fa88 Merge "profcollectd: allow to request wakelock from system_suspend." am: 2f2ff42a24 am: 06e7873d64 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1989138

Change-Id: Ife6e3b1a929007a0bd1d241e632cf5c634f976f0
 2022-02-18 17:02:51 +00:00
Yabin Cui
06e7873d64 Merge "profcollectd: allow to request wakelock from system_suspend." am: 2f2ff42a24 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1989138

Change-Id: Iddf70d8dcf23d2ba00f15d09a9dfe5573aaf763a
 2022-02-18 16:40:35 +00:00
Yabin Cui
2f2ff42a24 Merge "profcollectd: allow to request wakelock from system_suspend." 2022-02-18 16:16:01 +00:00
Treehugger Robot
aefc56802a Merge "SELinux issues:" am: c9ab4a420c am: 33f0d49ae4 am: 8316299dc8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1991271

Change-Id: Id96390f0d86a26f6be0fcd2186ff4924c62eabef
 2022-02-18 10:50:16 +00:00
Treehugger Robot
8316299dc8 Merge "SELinux issues:" am: c9ab4a420c am: 33f0d49ae4 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1991271

Change-Id: Iae3d10cb46831fc3c41f1dceed50d93f5e958422
 2022-02-18 10:28:43 +00:00
Treehugger Robot
7128d68656 Merge "Modify sepolicy for compos key changes" am: 5273f3a486 am: 46aba72e48 am: 96bc5e6133 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1988307

Change-Id: Iaba5542e5f84282793985d6e3702e0898559c97b
 2022-02-18 10:08:18 +00:00
Treehugger Robot
c33a592932 Merge "Remove needless bootloader_prop rule" am: 92ec679578 am: cffdca309f am: c2447d9e01 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1987806

Change-Id: I734015a6f77b3dcaaeb79191353113404e3d7608
 2022-02-18 10:08:07 +00:00
Treehugger Robot
ae84ff37c2 Merge "Let the DICE HAL getattr the device node" am: bbb21324b1 am: 16546e1760 am: ecf1c9cc25 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1990107

Change-Id: Ie4adf99a139d30e4cdc22d9c1336562723b55882
 2022-02-18 10:08:01 +00:00
Treehugger Robot
68d0b7d049 Merge "dontaudit denial on the odex file of location provider." am: c1e11bbea5 am: 6ee88d68eb am: 8b415cd51f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1988446

Change-Id: Ia60e8f6decc9662ec4a7c45e9f9e2fa7d56149c5
 2022-02-18 10:07:55 +00:00
Treehugger Robot
33f0d49ae4 Merge "SELinux issues:" am: c9ab4a420c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1991271

Change-Id: I08990e0ad83b7a090838d7837d303aa52bca201e
 2022-02-18 10:07:53 +00:00
Thiébaud Weksteen
e7d529fed6 Merge "Associate hal_service_type with all HAL services" am: b18abcdd51 am: 71b8ad6234 am: 351e89d5d3 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1987147

Change-Id: I7220245e469f58126ea4af0744690f907e9d2928
 2022-02-18 10:07:48 +00:00
Treehugger Robot
96bc5e6133 Merge "Modify sepolicy for compos key changes" am: 5273f3a486 am: 46aba72e48 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1988307

Change-Id: Ia820b69a2b76a857c72db3b5a2a0edd155f2a27d
 2022-02-18 09:46:12 +00:00
Treehugger Robot
c2447d9e01 Merge "Remove needless bootloader_prop rule" am: 92ec679578 am: cffdca309f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1987806

Change-Id: Ica76fb819a7829649300f5beb8f2faf1ea04f595
 2022-02-18 09:45:59 +00:00
Treehugger Robot
ecf1c9cc25 Merge "Let the DICE HAL getattr the device node" am: bbb21324b1 am: 16546e1760 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1990107

Change-Id: Ie6c20a9ab8a0258432e110409811f2b07540033a
 2022-02-18 09:45:51 +00:00
Treehugger Robot
8b415cd51f Merge "dontaudit denial on the odex file of location provider." am: c1e11bbea5 am: 6ee88d68eb 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1988446

Change-Id: Ida61de471532e0ef22de4dbcf295b626809c1dd6
 2022-02-18 09:45:43 +00:00
Thiébaud Weksteen
351e89d5d3 Merge "Associate hal_service_type with all HAL services" am: b18abcdd51 am: 71b8ad6234 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1987147

Change-Id: I195b5afcf1294146a5ced5e49edc5ae877ab62a2
 2022-02-18 09:45:25 +00:00
Treehugger Robot
c9ab4a420c Merge "SELinux issues:" 2022-02-18 09:42:04 +00:00
Treehugger Robot
46aba72e48 Merge "Modify sepolicy for compos key changes" am: 5273f3a486 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1988307

Change-Id: I09762bb3672b50549dcd492f9d8031e552825576
 2022-02-18 09:24:42 +00:00
Treehugger Robot
cffdca309f Merge "Remove needless bootloader_prop rule" am: 92ec679578 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1987806

Change-Id: I375e8364a63bc8d51346e3be98ce3cf6db2c6286
 2022-02-18 09:24:16 +00:00
Treehugger Robot
16546e1760 Merge "Let the DICE HAL getattr the device node" am: bbb21324b1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1990107

Change-Id: I41285713a811517e84ee13e00620c23e4949dbaa
 2022-02-18 09:24:07 +00:00
Treehugger Robot
6ee88d68eb Merge "dontaudit denial on the odex file of location provider." am: c1e11bbea5 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1988446

Change-Id: I65f3a3cf6530bc50ac66c34b216b767b04f41bb6
 2022-02-18 09:23:58 +00:00
Thiébaud Weksteen
71b8ad6234 Merge "Associate hal_service_type with all HAL services" am: b18abcdd51 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1987147

Change-Id: I9d202c1eabadb613f02c9447cb94c12eb494ea64
 2022-02-18 09:23:49 +00:00
Treehugger Robot
5273f3a486 Merge "Modify sepolicy for compos key changes" 2022-02-18 09:03:30 +00:00
Shashwat Razdan
d581bd244d SELinux issues: 
```
02-18 01:02:35.599     1     1 I auditd  : type=1107 audit(0.0:149): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=vendor.wlan.firmware.version pid=478 uid=1010 gid=1010 scontext=u:r:hal_wifi_default:s0 tcontext=u:object_r:vendor_default_prop:s0 tclass=property_service permissive=0'
02-18 01:02:35.599     1     1 I auditd  : type=1107 audit(0.0:150): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=vendor.wlan.driver.version pid=478 uid=1010 gid=1010 scontext=u:r:hal_wifi_default:s0 tcontext=u:object_r:vendor_default_prop:s0 tclass=property_service permissive=0'
```


Bug: 220258444
Change-Id: I5a99d1895d5ef9c5e784cf9e92c0c8847da21b58
Test: Presubmits
 2022-02-18 07:38:19 +00:00
Yabin Cui
409d019f9b profcollectd: allow to request wakelock from system_suspend. 
Bug: 219934028
Test: run profcollectd and
Test: dumpsys suspend_control_internal --wakelocks
Change-Id: I3cefb0139781a6d5cf32507871f0f7f2b8306614
 2022-02-17 10:20:08 -08:00
Treehugger Robot
92ec679578 Merge "Remove needless bootloader_prop rule" 2022-02-17 15:51:31 +00:00
Treehugger Robot
bbb21324b1 Merge "Let the DICE HAL getattr the device node" 2022-02-17 14:15:43 +00:00
Andrew Scull
9738638c03 Let the DICE HAL getattr the device node 
Make sure all the permissions are granted to let the HAL do its work
properly.

Bug: 214231981
Test: atest MicrodroidTestApp
Change-Id: I54c633b8163ea313c87856fb0513074a76ac86a1
 2022-02-17 12:35:22 +00:00
Alan Stokes
766caba5de Modify sepolicy for compos key changes 
Add the compos_key_helper domain for the process which has access to
the signing key, make sure it can't be crashdumped. Also extend that
protection to diced & its HAL.

Rename compos_verify_key to compos_verify, because it doesn't verify
keys any more.

Move exec types used by Microdroid to file.te in the host rather than
their own dedicated files.

Bug: 218494522
Test: atest CompOsSigningHostTest CompOsDenialHostTest
Change-Id: I942667355d8ce29b3a9eb093e0b9c4f6ee0df6c1
 2022-02-17 12:14:40 +00:00
Treehugger Robot
c1e11bbea5 Merge "dontaudit denial on the odex file of location provider." 2022-02-17 10:25:22 +00:00
Samiul Islam
6a04cde139 Merge "Add new label for supplemental data" 2022-02-17 09:38:38 +00:00
Thiébaud Weksteen
b18abcdd51 Merge "Associate hal_service_type with all HAL services" 2022-02-17 04:28:09 +00:00
Treehugger Robot
22ff4b28ca Merge "Remove compat test from treble sepolicy tests" am: 8e6b55a13d am: 7e5a5e8b1f am: dd30d8381e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1985246

Change-Id: I1a8b8deb8c70bea1a803d104b0b8451450bb8f93
 2022-02-17 02:29:56 +00:00
Treehugger Robot
dd30d8381e Merge "Remove compat test from treble sepolicy tests" am: 8e6b55a13d am: 7e5a5e8b1f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1985246

Change-Id: I4f27384fb7e79471f34b73e58a1978ad1311e42d
 2022-02-17 02:08:30 +00:00
Treehugger Robot
7e5a5e8b1f Merge "Remove compat test from treble sepolicy tests" am: 8e6b55a13d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1985246

Change-Id: I9b7cb61dfb0dc823d39c8e35d1fff323675a835d
 2022-02-17 01:46:44 +00:00
Treehugger Robot
8e6b55a13d Merge "Remove compat test from treble sepolicy tests" 2022-02-17 01:26:04 +00:00
Jiakai Zhang
bf58100685 dontaudit denial on the odex file of location provider. 
Bug: 194054685
Test: Presubmits
Change-Id: Ia636f7b32251c3b8cb018fee9216e5968d4e95ff
 2022-02-16 14:12:49 +00:00
Treehugger Robot
877d620501 Merge "Add ro.boot.microdroid.app_debuggable" am: cb1e4682c8 am: bc5dd2e143 am: 2b17271ff0 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1986511

Change-Id: If291376893f2cc49d5a35f11d4495d18a482c507
 2022-02-16 13:51:34 +00:00
Treehugger Robot
2b17271ff0 Merge "Add ro.boot.microdroid.app_debuggable" am: cb1e4682c8 am: bc5dd2e143 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1986511

Change-Id: Ib0f0ab444a99b0d300f091f94f4a6028d317de9e
 2022-02-16 13:32:47 +00:00
Treehugger Robot
bc5dd2e143 Merge "Add ro.boot.microdroid.app_debuggable" am: cb1e4682c8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1986511

Change-Id: I49ed965517379b6e7be57c2ce7d81cb77ab6e62b
 2022-02-16 13:08:55 +00:00
Treehugger Robot
cb1e4682c8 Merge "Add ro.boot.microdroid.app_debuggable" 2022-02-16 11:56:04 +00:00
Andrew Scull
12bd3d9d2e Remove needless bootloader_prop rule 
Bootloader properties are available to all domains so don't need special
policy rules for microdroid_manager.

Test: atest MicrodroidTests
Change-Id: I0ccf6b28467a47c0f3cf7715b9ff34d01e8ac970
 2022-02-16 09:40:29 +00:00
Andrew Scull
b13117f3ba Add ro.boot.microdroid.app_debuggable 
This property is set in the bootconfig to reflect the debuggability of
the payload app. It is consumed microdroid_manager as a DICE input and
by compos to make choices based on the debuggability, e.g. not doing
test builds in non-debug states.

Bug: 219740340
Test: atest ComposHostTestCases
Test: atest MicrodroidTests
Change-Id: If84710f1fdbab957f5d19ce6ba3daad7e3e65935
 2022-02-16 09:40:27 +00:00
Treehugger Robot
52274c4910 Merge "Revert^2 "Migrate contexts tests to Android.bp"" am: 8817edcbb4 am: 2a17f21086 am: 302919c289 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1987148

Change-Id: Iccec615f228131cb15718c14418409c7a4105a3d
 2022-02-16 05:45:19 +00:00
Treehugger Robot
302919c289 Merge "Revert^2 "Migrate contexts tests to Android.bp"" am: 8817edcbb4 am: 2a17f21086 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1987148

Change-Id: I7fe47abe1495a5106bcc330ab881c8cce846ba61
 2022-02-16 05:25:39 +00:00
Treehugger Robot
2a17f21086 Merge "Revert^2 "Migrate contexts tests to Android.bp"" am: 8817edcbb4 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1987148

Change-Id: Ia3f3cb136477d4958a652a68389d3f8af9327d26
 2022-02-16 05:02:46 +00:00
Treehugger Robot
8817edcbb4 Merge "Revert^2 "Migrate contexts tests to Android.bp"" 2022-02-16 04:23:47 +00:00