tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
37519 commits 1 branch 0 tags 50 MiB
Commit graph

37519 commits

This branch
This branch
All branches
Author SHA1 Message Date
Inseob Kim
73f43ff847 Remove compat test from treble sepolicy tests 
Treble sepolicy tests check whether previous versions are compatible to
ToT sepolicy or not. treble_sepolicy_tests_for_release.mk implements it,
but it also includes a compat test whether ToT sepolicy + {ver} mapping
+ {ver} plat_pub_versioned.cil can be built together or not. We
definitely need such tests, but we already have a test called "compat
test" which does exactly that, and testing it again with Treble sepolicy
tests is just redundant. The only difference between those two is that
Treble sepolicy tests can also test system_ext and product compat files,
which was contributed by a partner.

The ultimate goal here is to migrate *.mk to Soong, thus merging these
two tests (compat, Treble) into one. As we've already migrated the
compat test to Soong, this change removes the compat test part from
treble sepolicy tests. Instead, the compat test will be extended so it
can test system_ext and product compat files too.
prebuilts/api/{ver}/plat_pub_versioned.cil and
prebuilts/api/{ver}/vendor_sepolicy.cil are also removed as they aren't
used anymore: vendor_sepolicy.cil is an empty stub, and
plat_pub_versioned.cil can be built from the prebuilt source files.

Bug: 33691272
Test: m selinux_policy
Change-Id: I72f5ad0e8bbe6a7c0bbcc02f0f902b953df6ff1a
 2022-02-16 04:09:29 +00:00
Inseob Kim
b5e235346e Revert^2 "Migrate contexts tests to Android.bp" 
This reverts commit baa93cc651.

Reason for revert: amlogic build fixed

Change-Id: I8b046dc810d47a2d87012f02a668873889fce705
 2022-02-16 02:26:11 +00:00
Thiébaud Weksteen
373cf3ba8e Associate hal_service_type with all HAL services 
By default, HAL's services are not accessible by dumpstate. HIDL
implementations were silenced via a dontaudit on hwservice_manager. But
AIDL implementations will trigger a denial, unless authorized via
`dump_hal`. Mark all HAL services with a new attribute
`hal_service_type` so they can be ignored by dumpstate.

Test: m selinux_policy
Bug: 219172252
Change-Id: Ib484368fdeff814d4799792d57a238d6d6e965fd
 2022-02-16 10:49:21 +11:00
Samiul Islam
76935bdef5 Add new label for supplemental data 
Supplemental data is separate from app data and only supplemental
process should have access to these directories.

This CL creates a new label for such data and updates the seapp_context
to assign correct label from installd.

The new label will be applied as follows:

/data/user/0/supplemental                   #system_data_file
/data/user/0/supplemental/<app-name>        #system_data_file
/data/user/0/supplemental/<app-name>/shared #supplemental_app_data_file

Bug: 217543371
Bug: 217559719
Test: atest SupplementalProcessStorageHostTest
      - #testSelinuxLabel_SharedData
      - #testSupplementalDataAppDirectory_SharedStorageIsUsable
Ignore-AOSP-First: Feature is being developed in internal branch
Change-Id: I6572a7a5c46c52c9421d0e9c9fc653ddbd6de145
 2022-02-15 18:36:58 +00:00
Thiébaud Weksteen
e29414f253 Merge "Grant getpgid to system_server on zygote" into sc-v2-dev am: 4171439689 am: d6b83253eb 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16743651

Change-Id: Icb829ce0baf203ec8feafb1aef8623267f084b7e
 2022-02-15 05:20:22 +00:00
Thiébaud Weksteen
d6b83253eb Merge "Grant getpgid to system_server on zygote" into sc-v2-dev am: 4171439689 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16743651

Change-Id: I16a2d6788b042bd94b3eae12613ccf7f79f47bdc
 2022-02-15 05:14:20 +00:00
Thiébaud Weksteen
4096ad5abd Merge changes from topic "presubmit-am-47892e9f11d746939b74901bbda929d2" into sc-v2-dev-plus-aosp am: 69d3e66ae3 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16743651

Change-Id: Id904a8b745dc79e6364d8b398cb84578fcfba5ed
 2022-02-15 05:14:04 +00:00
Thiébaud Weksteen
4171439689 Merge "Grant getpgid to system_server on zygote" into sc-v2-dev 2022-02-15 04:57:57 +00:00
Thiébaud Weksteen
69d3e66ae3 Merge changes from topic "presubmit-am-47892e9f11d746939b74901bbda929d2" into sc-v2-dev-plus-aosp 
* changes:
  [automerge] Grant getpgid to system_server on zygote 2p: c816666f40
  Grant getpgid to system_server on zygote
 2022-02-15 04:57:57 +00:00
Xin Li
67bef58377 [automerger skipped] Skip SP2A.220305.012 am: 9fced2e705 -s ours am: b97017bf6a -s ours 
am skip reason: Merged-In Ied609152e6a9ba6d17b70db325ca33f1cb345eb8 with SHA-1 57401bc71f is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16873305

Change-Id: Id92d08b448cd323527ee6244723b9ccfb16bc36b
 2022-02-14 22:05:09 +00:00
Xin Li
b97017bf6a [automerger skipped] Skip SP2A.220305.012 am: 9fced2e705 -s ours 
am skip reason: Merged-In Ied609152e6a9ba6d17b70db325ca33f1cb345eb8 with SHA-1 57401bc71f is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16873305

Change-Id: I7c7abedef1f2ca518ca339fd781c46c91d608977
 2022-02-14 21:49:27 +00:00
Xin Li
9fced2e705 Skip SP2A.220305.012 
Bug: 219523960
Merged-In: Ied609152e6a9ba6d17b70db325ca33f1cb345eb8
Change-Id: Ie743f909429f36f876d16cb2d52b3bed971ef207
 2022-02-14 20:07:30 +00:00
Xin Li
f7b437ec03 [automerger skipped] Merge "Merge sc-v2-dev-plus-aosp-without-vendor@8084891" into stage-aosp-master am: f1f2839e6e -s ours am: 8c55673104 -s ours 
am skip reason: Merged-In I129b5cb74259c9c028483e84c9b2ac3597c24701 with SHA-1 baa93cc651 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16845407

Change-Id: Ib00f3ac7b1782bb0fafcbffe0ff24b6ca04b33c7
 2022-02-14 18:21:06 +00:00
Xin Li
8c55673104 [automerger skipped] Merge "Merge sc-v2-dev-plus-aosp-without-vendor@8084891" into stage-aosp-master am: f1f2839e6e -s ours 
am skip reason: Merged-In I129b5cb74259c9c028483e84c9b2ac3597c24701 with SHA-1 baa93cc651 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16845407

Change-Id: Ic71807871233a423235f7b782a033b8110af1a12
 2022-02-14 18:03:43 +00:00
Xin Li
f1f2839e6e Merge "Merge sc-v2-dev-plus-aosp-without-vendor@8084891" into stage-aosp-master 2022-02-14 17:31:17 +00:00
Chris Morin
1d88bf547e Allow dumpstate to create tmpfs files 
dumpstate needs to be able to create tmpfs files for it's upcoming use
of memfd_create.

Test: Generate bugreport
Change-Id: I4ce19635d9b76929b05d85bdba89340e5d5399d1
 2022-02-12 13:52:39 -08:00
Ramji Jiyani
982c6d39a2 Merge "system_dlkm: sepolicy: add system_dlkm_file_type" am: ba8615a186 am: 86cfb85d49 am: b925768cb3 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1978574

Change-Id: I17438ed404b798434e5cee28981ebd2b78b48e98
 2022-02-11 19:24:08 +00:00
Daniel Norman
d309c7225c Merge "Expose the APEX multi-install props to non-root getprop." am: ea98866236 am: 17327ac36a am: 004827ac14 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1965921

Change-Id: Ie247ac133be1573e4d8c3f1978b81e59729b4106
 2022-02-11 19:23:55 +00:00
Ramji Jiyani
b925768cb3 Merge "system_dlkm: sepolicy: add system_dlkm_file_type" am: ba8615a186 am: 86cfb85d49 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1978574

Change-Id: I5ac3fc1d3d4ecba09d26329de54c4f4b950c4b00
 2022-02-11 19:13:53 +00:00
Daniel Norman
004827ac14 Merge "Expose the APEX multi-install props to non-root getprop." am: ea98866236 am: 17327ac36a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1965921

Change-Id: Ibee39c2697d2a5d3cc6180b6a15af964b6fb9842
 2022-02-11 19:12:58 +00:00
Ramji Jiyani
86cfb85d49 Merge "system_dlkm: sepolicy: add system_dlkm_file_type" am: ba8615a186 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1978574

Change-Id: I8c70b7c37e2d5a84b78f4b8862890c4a0d101f1d
 2022-02-11 18:52:59 +00:00
Daniel Norman
17327ac36a Merge "Expose the APEX multi-install props to non-root getprop." am: ea98866236 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1965921

Change-Id: I43a503e66debdf898e7987c9b4ebc9c8709144bb
 2022-02-11 18:52:06 +00:00
Ramji Jiyani
ba8615a186 Merge "system_dlkm: sepolicy: add system_dlkm_file_type" 2022-02-11 18:36:04 +00:00
Daniel Norman
ea98866236 Merge "Expose the APEX multi-install props to non-root getprop." 2022-02-11 18:25:27 +00:00
Xin Li
77c821174e Merge sc-v2-dev-plus-aosp-without-vendor@8084891 
Bug: 214455710
Merged-In: I129b5cb74259c9c028483e84c9b2ac3597c24701
Change-Id: I47ca55be668b9b2aabf86963b65b1403130ab802
 2022-02-11 06:58:07 +00:00
Keith Mok
0036188cc4 Merge "Update SEPolicy apexd for API 32" am: 9984dcb28e am: 64a1571f5d am: 61220c8175 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1976997

Change-Id: I6989e866921eb81821c6b00a3c2c009f73fdc8bb
 2022-02-11 05:44:29 +00:00
Keith Mok
61220c8175 Merge "Update SEPolicy apexd for API 32" am: 9984dcb28e am: 64a1571f5d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1976997

Change-Id: Ie8074e60e624d10f3b34672246db62e19b4043e6
 2022-02-11 05:34:09 +00:00
Keith Mok
64a1571f5d Merge "Update SEPolicy apexd for API 32" am: 9984dcb28e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1976997

Change-Id: I85bd1c4b700b95d17ff25b73779f5fa7f4d2f8bf
 2022-02-11 05:21:22 +00:00
Keith Mok
9984dcb28e Merge "Update SEPolicy apexd for API 32" 2022-02-11 05:03:20 +00:00
Ramji Jiyani
4a556890f9 system_dlkm: sepolicy: add system_dlkm_file_type 
Add new attribute system_dlkm_file_type for
/system_dlkm partition files.

Bug: 218392646
Bug: 200082547
Test: TH
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
Change-Id: I193c3f1270f7a1b1259bc241def3fe51d77396f3
 2022-02-11 04:19:33 +00:00
Treehugger Robot
37d8455a12 Merge "Add microdroid sepolicy test support" am: 47b3505fbf am: 6fa204250e am: 33b27499a0 am: 7ee5ef3157 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1978387

Change-Id: Id057c15ecaefee6c8d26b2e2c15659b6162a80ab
 2022-02-11 01:12:58 +00:00
Treehugger Robot
7ee5ef3157 Merge "Add microdroid sepolicy test support" am: 47b3505fbf am: 6fa204250e am: 33b27499a0 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1978387

Change-Id: I24347c205670d1f5834783cc1a0d09d17fb2491e
 2022-02-11 00:58:00 +00:00
Treehugger Robot
33b27499a0 Merge "Add microdroid sepolicy test support" am: 47b3505fbf am: 6fa204250e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1978387

Change-Id: I086792bdc5b5c12b71f6abfca204e226a9b358b7
 2022-02-11 00:48:56 +00:00
Treehugger Robot
6fa204250e Merge "Add microdroid sepolicy test support" am: 47b3505fbf 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1978387

Change-Id: I70801b12abc3d614d503c584ff0451a20d87d285
 2022-02-11 00:37:00 +00:00
Florian Mayer
74f50b8528 Merge "[MTE] Add property to specify default MTE mode for apps." am: 94782041d1 am: 3fc6370375 am: d140ade8cb am: 097e720524 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1976994

Change-Id: I4e7284bd790a22813ce6589611d9dedcbe8a6fed
 2022-02-11 00:29:50 +00:00
Frank Wang
c292da6f76 Merge "Add file contexts for OnDevicePersonalization module." 2022-02-11 00:25:59 +00:00
Treehugger Robot
47b3505fbf Merge "Add microdroid sepolicy test support" 2022-02-11 00:22:27 +00:00
Keith Mok
16c0a350c5 Update SEPolicy apexd for API 32 
The bootchart problem need the selinux policy fix.
But it is missing API 32

Bug: 218729155
Test: Build
Change-Id: Ia011f8bcd52403980c2a6751bb612dd5b770e130
 2022-02-11 00:20:17 +00:00
Florian Mayer
097e720524 Merge "[MTE] Add property to specify default MTE mode for apps." am: 94782041d1 am: 3fc6370375 am: d140ade8cb 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1976994

Change-Id: If739e4162a6bc749e0b9dd5cd2bd2fc4cb5b6226
 2022-02-11 00:17:12 +00:00
Florian Mayer
d140ade8cb Merge "[MTE] Add property to specify default MTE mode for apps." am: 94782041d1 am: 3fc6370375 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1976994

Change-Id: Ic1b595a7c68194f67097afa1f03a09d3c0717990
 2022-02-11 00:00:19 +00:00
Florian Mayer
3fc6370375 Merge "[MTE] Add property to specify default MTE mode for apps." am: 94782041d1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1976994

Change-Id: I32140e8f8e8081a5f91fb09df241ffa8931f5ba6
 2022-02-10 23:48:54 +00:00
Florian Mayer
94782041d1 Merge "[MTE] Add property to specify default MTE mode for apps." 2022-02-10 23:38:23 +00:00
Treehugger Robot
9a24b3f994 Merge "dmesgd: sepolicies" am: f07e7c31a4 am: 5c66bea55b am: 0878e5d007 am: c22334b926 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1968400

Change-Id: I0f649b1e87b152d80cc4617c7fa858c53eb9e595
 2022-02-10 22:06:38 +00:00
Treehugger Robot
a77159c365 Merge changes from topic "revert-1979386-revert-1967140-EVS_sepolicy_updates_T-MBLQTXKQEY-UVTCTRHQWF" am: 48f59f9ec2 am: 33f3804491 am: 35d788475c am: 05ef2c2c88 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1978173

Change-Id: Id411487bab280f9c0e5d5f575ec8d9e3154fd447
 2022-02-10 22:06:17 +00:00
Treehugger Robot
c22334b926 Merge "dmesgd: sepolicies" am: f07e7c31a4 am: 5c66bea55b am: 0878e5d007 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1968400

Change-Id: I81c8795157133bc53ac0d8792bcb0994242cc7cf
 2022-02-10 21:48:23 +00:00
Treehugger Robot
05ef2c2c88 Merge changes from topic "revert-1979386-revert-1967140-EVS_sepolicy_updates_T-MBLQTXKQEY-UVTCTRHQWF" am: 48f59f9ec2 am: 33f3804491 am: 35d788475c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1978173

Change-Id: Ib0190154fcd41e2ec7ec3ebeac85a38adc04ca1e
 2022-02-10 21:48:02 +00:00
Treehugger Robot
0878e5d007 Merge "dmesgd: sepolicies" am: f07e7c31a4 am: 5c66bea55b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1968400

Change-Id: I9e2b52c64c88450db675ceab33e78b870e8fc182
 2022-02-10 21:23:59 +00:00
Treehugger Robot
35d788475c Merge changes from topic "revert-1979386-revert-1967140-EVS_sepolicy_updates_T-MBLQTXKQEY-UVTCTRHQWF" am: 48f59f9ec2 am: 33f3804491 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1978173

Change-Id: Ie8e1b9eefc611f62d6ec196563d3b3fdcf816236
 2022-02-10 21:23:41 +00:00
Treehugger Robot
5c66bea55b Merge "dmesgd: sepolicies" am: f07e7c31a4 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1968400

Change-Id: I0afd007ea41fc82aa0887368bc2e84c94bf358d8
 2022-02-10 21:04:30 +00:00
Treehugger Robot
33f3804491 Merge changes from topic "revert-1979386-revert-1967140-EVS_sepolicy_updates_T-MBLQTXKQEY-UVTCTRHQWF" am: 48f59f9ec2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1978173

Change-Id: I82c6ff9bf4bcc3a572013b5afefb0123daaef7a3
 2022-02-10 21:03:47 +00:00