tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
41794 commits 1 branch 0 tags 50 MiB
Commit graph

41794 commits

This branch
This branch
All branches
Author SHA1 Message Date
David Brazdil
6e49d76764 Merge "Start using virtmgr for running VMs" am: 2cfd7d5e4b am: 2de678977a am: 3f1b27afa6 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2367809

Change-Id: Ifcbd6552535e0ed63b4aee33c9055d0d1534d209
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-06 17:54:16 +00:00
David Brazdil
3f1b27afa6 Merge "Start using virtmgr for running VMs" am: 2cfd7d5e4b am: 2de678977a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2367809

Change-Id: I8e3305438b002a4a4963c71dbbacfe56728d4a04
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-06 17:15:56 +00:00
David Brazdil
2de678977a Merge "Start using virtmgr for running VMs" am: 2cfd7d5e4b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2367809

Change-Id: Id29260cd0d23e3908833b0d903957402210ca224
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-06 16:44:06 +00:00
David Brazdil
2cfd7d5e4b Merge "Start using virtmgr for running VMs" 2023-01-06 16:13:32 +00:00
Bill Yi
f1fc388bae [automerger skipped] Merge "Merge TQ1A.230105.002 to stage-aosp-master - DO NOT MERGE" into stage-aosp-master am: d0acca7852 -s ours am: 208a7aaadd -s ours 
am skip reason: subject contains skip directive

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/20873138

Change-Id: Icd0a1587dcdbf67b5c520eb7a3e459e7d7cbe212
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-06 12:10:38 +00:00
Bill Yi
7bfda13cdd [automerger skipped] Merge TQ1A.230105.002 to stage-aosp-master - DO NOT MERGE am: 537945aaec -s ours am: bd1b3c9777 -s ours 
am skip reason: subject contains skip directive

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/20873138

Change-Id: I4dc3eb20b28aa6a8575084d407c9751b27f41609
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-06 12:10:09 +00:00
Bill Yi
208a7aaadd [automerger skipped] Merge "Merge TQ1A.230105.002 to stage-aosp-master - DO NOT MERGE" into stage-aosp-master am: d0acca7852 -s ours 
am skip reason: Merged-In I5d03241b079692da856025a33b24013728fa0e57 with SHA-1 923a805f7c is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/20873138

Change-Id: Iea3f06f237b708bc240d6b3d7242b65d80cf699d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-06 07:33:24 +00:00
Bill Yi
bd1b3c9777 [automerger skipped] Merge TQ1A.230105.002 to stage-aosp-master - DO NOT MERGE am: 537945aaec -s ours 
am skip reason: Merged-In I5d03241b079692da856025a33b24013728fa0e57 with SHA-1 923a805f7c is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/20873138

Change-Id: Ib43859e575a8b3488e5b84b39879ab27d9e986ff
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-06 07:32:55 +00:00
Bill Yi
d0acca7852 Merge "Merge TQ1A.230105.002 to stage-aosp-master - DO NOT MERGE" into stage-aosp-master 2023-01-06 07:01:01 +00:00
Treehugger Robot
13d814b459 Merge "Add newline between contexts inputs" am: 17ac4a53f8 am: 95b80b7322 am: 1c650edd1a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2375548

Change-Id: Ib87543854ff33b46bf5636f83ea86fdf6a94a2eb
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-06 04:20:48 +00:00
Treehugger Robot
1c650edd1a Merge "Add newline between contexts inputs" am: 17ac4a53f8 am: 95b80b7322 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2375548

Change-Id: If343dba5dae2821fa345135abafb891e85be5574
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-06 03:41:07 +00:00
Treehugger Robot
95b80b7322 Merge "Add newline between contexts inputs" am: 17ac4a53f8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2375548

Change-Id: I9acac60411da6eee86246a9e375b35dfb61691d1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-06 03:10:45 +00:00
Treehugger Robot
17ac4a53f8 Merge "Add newline between contexts inputs" 2023-01-06 02:40:22 +00:00
David Brazdil
55d808c28c Start using virtmgr for running VMs 
Split virtualizationservice policy into rules that should remain with
the global service and rules that now apply to virtmgr - a child process
of the client that runs the VM on its behalf.

The virtualizationservice domain remains responsible for:
 * allocating CIDs (access to props)
 * creating temporary VM directories (virtualization_data_file, chown)
 * receiving tombstones from VMs
 * pushing atoms to statsd
 * removing memlock rlimit from virtmgr

The new virtualizationmanager domain becomes responsible for:
 * executing crosvm
 * creating vsock connections, handling callbacks
 * preparing APEXes
 * pushing ramdumps to tombstoned
 * collecting stats for telemetry atoms

The `virtualizationservice_use` macro is changed to allow client domains
to transition to the virtmgr domain upon executing it as their child,
and to allow communication over UDS.

Clients are not allowed to communicate with virtualizationservice via
Binder, only virtmgr is now allowed to do that.

Bug: 250685929
Test: atest -p packages/modules/Virtualization:avf-presubmit
Change-Id: Iefdccd908fc28e5d8c6f4566290e79ed88ade70b
 2023-01-05 17:39:39 +00:00
Bill Yi
537945aaec Merge TQ1A.230105.002 to stage-aosp-master - DO NOT MERGE 
Merged-In: I5d03241b079692da856025a33b24013728fa0e57
Change-Id: Ic1d5da8b8192ff04d58c86a748066d21dc976999
 2023-01-04 12:52:29 -08:00
Jiakai Zhang
4b8f3a33c5 Merge changes from topic "artd-sepolicy-b254013425" am: d09a14baee am: 33426b1423 am: 923a805f7c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2369929

Change-Id: I47d665131877ffe3b14805295e5ec53c14e986d3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-04 19:50:03 +00:00
Jiakai Zhang
ed2d69098e Allow system_server to read /data/misc/profman. am: 10aa6465d9 am: 4eda7b5335 am: edeaa6ea16 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2350182

Change-Id: I4de1b5e7f96f82fcc6d26db85678f2c5fc8f0fb0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-04 19:50:00 +00:00
Jiakai Zhang
923a805f7c Merge changes from topic "artd-sepolicy-b254013425" am: d09a14baee am: 33426b1423 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2369929

Change-Id: I5d03241b079692da856025a33b24013728fa0e57
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-04 19:00:52 +00:00
Jiakai Zhang
edeaa6ea16 Allow system_server to read /data/misc/profman. am: 10aa6465d9 am: 4eda7b5335 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2350182

Change-Id: If36138e202e0c8a7a1c8d0ffab641ef097dd6e4f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-04 19:00:49 +00:00
Jiakai Zhang
33426b1423 Merge changes from topic "artd-sepolicy-b254013425" am: d09a14baee 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2369929

Change-Id: I4f0572dfbb4fe7e116a00a8345478676355d0e50
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-04 18:26:22 +00:00
Jiakai Zhang
4eda7b5335 Allow system_server to read /data/misc/profman. am: 10aa6465d9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2350182

Change-Id: I5792df13d00fa4480aeacfa7af304edc93201616
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-04 18:26:19 +00:00
Jiakai Zhang
d09a14baee Merge changes from topic "artd-sepolicy-b254013425" 
* changes:
  Allow artd to scan directories for cleaning up obsolete managed files.
  Allow system_server to read /data/misc/profman.
 2023-01-04 17:43:24 +00:00
Inseob Kim
35e9d41af3 Add newline between contexts inputs 
Bug: 263818248
Test: manual
Change-Id: I0ae98aac5044e42c8c6bf2bb1a3183510ec734de
 2023-01-04 15:27:32 +09:00
Treehugger Robot
064b0e451b Merge "EARC: Add Policy for EArc Service" am: 6baccc1d8e am: 1791ca2220 am: 5efaa62b95 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2320410

Change-Id: Iba53b7a01332976ef1fdf36a0c736aaebba9348a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-04 05:02:45 +00:00
Treehugger Robot
5efaa62b95 Merge "EARC: Add Policy for EArc Service" am: 6baccc1d8e am: 1791ca2220 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2320410

Change-Id: I7945e5044d54ba6a5f00524512c9153f0229242b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-04 04:27:27 +00:00
Treehugger Robot
1791ca2220 Merge "EARC: Add Policy for EArc Service" am: 6baccc1d8e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2320410

Change-Id: Ibeedf9ea55a4f80d80678f1fd89a9e5bcd279145
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-04 03:41:40 +00:00
Treehugger Robot
6baccc1d8e Merge "EARC: Add Policy for EArc Service" 2023-01-04 03:30:47 +00:00
Andy Hung
14edfb9154 [automerger skipped] audio HAL: SELinux changes for Spatial Audio optimization am: a8b6900a49 am: 27a18ebb60 -s ours am: 818941d4f7 -s ours 
am skip reason: Merged-In Id5f052116834034a9e4fd5c3adf17d3d7ef6610a with SHA-1 2461bf39bd is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2370862

Change-Id: Ic2741776cd2018a8612e6f455497542471b9b45b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-03 19:59:37 +00:00
Andy Hung
818941d4f7 [automerger skipped] audio HAL: SELinux changes for Spatial Audio optimization am: a8b6900a49 am: 27a18ebb60 -s ours 
am skip reason: Merged-In Id5f052116834034a9e4fd5c3adf17d3d7ef6610a with SHA-1 2461bf39bd is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2370862

Change-Id: I548a52dd1f1be94d42a3e02b96234a01eb98bc71
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-03 19:18:39 +00:00
Andy Hung
27a18ebb60 audio HAL: SELinux changes for Spatial Audio optimization am: a8b6900a49 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2370862

Change-Id: Ifb809f2d31bc4a2b5ac7dbddece3cf22b38de286
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-03 18:44:51 +00:00
Jiakai Zhang
440ae7883e Allow artd to scan directories for cleaning up obsolete managed files. 
Bug: 254013425
Test: -
  1. adb shell pm art cleanup
  2. See no SELinux denials.
Change-Id: Idf4c0863810e1500a7e324811f128400bdfcb98c
 2023-01-03 16:48:41 +00:00
Jiakai Zhang
10aa6465d9 Allow system_server to read /data/misc/profman. 
Before this change, system_server only has write access. We want read
access the directory so that we can check if it has the right
permissions before we write to it.

Bug: 262230400
Test: No longer see SELinux denials on that directory.
Change-Id: Ic26b2a170031c4f14423b8b1f1a8564d64f532ae
 2023-01-03 16:48:11 +00:00
Andy Hung
a8b6900a49 audio HAL: SELinux changes for Spatial Audio optimization 
Add CAP_SYS_NICE.
Reduce glitches caused by core migration.
Reduce power consumption as Spatializer Effect is DSP compute bound.

Test: instrumented
Test: adb shell 'uclampset -a -p $(pgrep -of android.hardware.audio.service)'
Test: adb shell cat "/proc/$(adb shell pgrep -of android.hardware.audio.service)/status"
Test: adb shell 'ps -Tl -p $(pgrep -of android.hardware.audio.service)'
Bug: 181148259
Bug: 260918856
Bug: 261228892
Bug: 261686532
Bug: 262803152
Ignore-AOSP-First: tm-qpr-dev fix, will move to AOSP afterwards.
Merged-In: Id5f052116834034a9e4fd5c3adf17d3d7ef6610a
Change-Id: Id5f052116834034a9e4fd5c3adf17d3d7ef6610a
 2022-12-28 16:55:07 -08:00
Venkatarama Avadhani
0f0861af8f EARC: Add Policy for EArc Service 
Test: atest vts_treble_vintf_framework_test
      atest vts_treble_vintf_vendor_test
Bug: 240388105
Change-Id: I561f647a68553fa0134f2e1bd65b0f18dd1785f1
 2022-12-27 18:11:36 +05:30
Jiyong Park
1b093bfdcc Merge "prng_seeder is a bootstrap process in microdroid" am: bce697f3c5 am: 3f2a59349e am: a4400c9c81 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2366089

Change-Id: Ie84b5fcde6fe7ffaf6304071068cf7e54a8b432d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-23 06:10:08 +00:00
Jiyong Park
a4400c9c81 Merge "prng_seeder is a bootstrap process in microdroid" am: bce697f3c5 am: 3f2a59349e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2366089

Change-Id: I4d7ff103d17940c49e83321a468a8c4d049c600a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-23 04:55:35 +00:00
Jiyong Park
3f2a59349e Merge "prng_seeder is a bootstrap process in microdroid" am: bce697f3c5 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2366089

Change-Id: Ic415e815959aabcebe4b1a28f4ea3bb43ac28a89
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-23 04:24:18 +00:00
Jiyong Park
bce697f3c5 Merge "prng_seeder is a bootstrap process in microdroid" 2022-12-23 03:31:18 +00:00
Jiyong Park
c4cf20a146 prng_seeder is a bootstrap process in microdroid 
It is started very early before linker namespaces are configured, thus
making it a bootstrap process.

Bug: 263398430
Test: watch boottime benchmark
Change-Id: I60411601a6be78f8401e43d136b567615002797c
 2022-12-22 10:24:26 +09:00
Miguel Aranda
846bb52abe Merge "Add SEPolicy tags for concrypt cacerts." am: 7394ea85d2 am: 301f24028d am: 9742dbb4de 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2362479

Change-Id: Ib0e6881d1d339a753787351a11dfd58d176eeff7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-22 01:17:24 +00:00
Miguel Aranda
9742dbb4de Merge "Add SEPolicy tags for concrypt cacerts." am: 7394ea85d2 am: 301f24028d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2362479

Change-Id: I62a173dfe02822f4956d9d6879c16e1206c5f66f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-22 00:33:15 +00:00
Miguel Aranda
301f24028d Merge "Add SEPolicy tags for concrypt cacerts." am: 7394ea85d2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2362479

Change-Id: Iaa0bec8e86431d7fd2df1e544c40dceccde9cfeb
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-21 23:58:15 +00:00
Miguel Aranda
7394ea85d2 Merge "Add SEPolicy tags for concrypt cacerts." 2022-12-21 23:20:38 +00:00
Jiyong Park
769f81dcb8 Merge "Add rules for prng_seeder" am: f59f5d2eba am: 2053d9c986 am: a24605fea8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2364952

Change-Id: I821675fce56b0b0aa505d9d17ee76ce5f67c908d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-21 13:55:50 +00:00
Jiyong Park
a24605fea8 Merge "Add rules for prng_seeder" am: f59f5d2eba am: 2053d9c986 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2364952

Change-Id: I82866e9cd7798b27122b05f74f59302b5c4ffe6e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-21 13:07:08 +00:00
Jiyong Park
2053d9c986 Merge "Add rules for prng_seeder" am: f59f5d2eba 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2364952

Change-Id: I3665fbd4ffa736fc25b3b4ba0d8533af64a85ede
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-21 12:32:40 +00:00
Jiyong Park
f59f5d2eba Merge "Add rules for prng_seeder" 2022-12-21 12:15:32 +00:00
Miguel
f63164a474 Add SEPolicy tags for concrypt cacerts. 
Test: booting
Change-Id: I53815eb272fcdff739ba596cc1dd6bcca57c7d12
 2022-12-21 06:42:21 +00:00
Treehugger Robot
98d738a6fc Merge "Allow system_server to enable fs-verity." am: 3ca356b7df am: b839e55d39 am: df00a04e22 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2364635

Change-Id: I761bf3803a8ad72e12d7668d6d4eb168d168e5f5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-21 03:26:33 +00:00
Treehugger Robot
df00a04e22 Merge "Allow system_server to enable fs-verity." am: 3ca356b7df am: b839e55d39 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2364635

Change-Id: I9f93dc926fcc975ab6a107bb65d7dd0f5af3f9c4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-21 02:42:25 +00:00