This will be used to guard sepolicy changes. Also this adds default
modules for se_policy_conf and contexts modules.
Bug: 306563735
Test: build
Change-Id: I9b3460aaca07d325e0f83a1e2bf0e57caa498101
Sorting algorithm of fc_sort is not perfect and often causes unexpected
behaviors. We are moving from fc_sort to manual ordering of platform
file_contexts files.
In addition, this sets remove_comment as true by default, as fc_sort has
been removing comments / empty lines.
Bug: 299839280
Test: TH
Change-Id: Ic8a02b64fc70481234467a470506580d2e6efd94
security_state service manages security state (e.g. SPL) information across partitions, modules, etc.
Bug: 307819014
Test: Manual
Change-Id: I4ebcd8431c11b41f7e210947b32cf64c2adf3901
If file_contexts_test is given a test_data attribute, it will use
`checkfc -t` to validate the file_context against it, instead of using
the policy. Both options are mutually exclusive.
Bug: 299839280
Test: m
Change-Id: I3f541e0d0bb5d03ed146e27d67bc811cda3164b1
Keep the type of context and decides on the flags within
GenerateAndroidBuildActions. This is a no-op but will help supporting
other options for checkfc.
Bug: 299839280
Test: mm
Change-Id: I3a6f9db9d890e0a0ccb3eca37c01b2977fa2e2d1
A parallel implementation of certain VDM APIs that need to
be exposed to native framework code.
Similar to package_native_service.
Not meant to be used directly by apps but should still be
available in the client process via the corresponding native
manager (e.g. SensorManager).
Starting the service: ag/24955732
Testing the service: ag/24955733
Bug: 303535376
Change-Id: I90bb4837438de5cb964d0b560585b085cc8eabef
Test: manual
... and remove redundant Makefile codes. This also updates commit hook
as we now only use Soong to build sepolicy.
Bug: 296875906
Test: m selinux_policy
Change-Id: I93f0d222a0c10e31c51c9380780a8927c47d62b1
For now, freeze_test compares prebuilts against sources with diff, to
ensure that sources are identical to prebuilts. However, it could be the
case that the branch should be able to build both REL and ToT. In that
case, changes to the sources are inevitable and the freeze test will
fail.
To fix the issue, freeze_test will now only check compatibility. To be
specific, it will check if any public types or attributes are removed.
Contexts files and neverallow rules are not checked, but they may be
added later. Also to support the new freeze_test
- build_files module is changed to use glob (because REL version won't
be in compat versions list)
- plat_pub_policy modules are added under prebuilts/api (because
freeze_test needs that)
Bug: 296875906
Test: m selinux_policy
Change-Id: I39c40992965b98664facea3b760d9d6be1f6b87e
There is no one actively using mixed sepolicy build, and it made
sepolicy codes too complicated. As we are deprecating mixed build,
removing such code for cleanup.
Bug: 298305798
Test: boot cuttlefish
Change-Id: I8beedd5a281fa957532deecb857da4e1bb66992a
Rather than PRODUCT_SHIPPING_API_LEVEL, use board api level
(BOARD_API_LEVEL or BOARD_SHIPPING_API_LEVEL) to determine whether we
check coredomain violations or not.
Bug: 280547417
Test: see build command of vendor_seapp_contexts
Change-Id: I20859d6054ab85f464b29631bdfd55ade3e78f53
Add SEPolicy for the ThreadNetworkService
Add Fuzzer exception, thread_network service is java only
FR: b/235016403
Test: build and start thread_network service
bug: 262683651
Change-Id: Ifa2e9500dd535b0b4f2ad9af006b8dddaea900db
Starting from Android V, vendor seapp_contexts files can't assign
coredomain to vendor apps, as it's Treble violation. This build broken
variable is to suppress the enforcement for devices launching with U or
prior.
Bug: 280547417
Test: set BUILD_BROKEN_VENDOR_SEAPP_USES_COREDOMAIN := true and build
Change-Id: I7b91db8183a867aa490e490e56cb872ea830b21f
Add SEPolicy for the RemoteAuth Manager/Service
Add Fuzzer exception, remote_auth service is going to be in Java and
Rust only
Design doc: go/remote-auth-manager-fishfood-design
Test: loaded on device.
Bug: 290092977
Change-Id: I4decb29b863170aed5e7c85da9c4b50c0675d3bd
Adds a policy to run the virtual_camera process which:
- registers a service implementing the camera HAL
- registers a service to reveive communicate with virtual cameras via
system_server
Bug: 253991421
Test: CTS test
android.virtualdevice.cts.VirtualDeviceManagerBasicTest#createDevice_createCamera
Change-Id: I772d176919b8dcd3b73946935ed439207c948f2b
