Copy the final system sepolicy from oc-dev to its prebuilt dir
corresponding to its version (26.0) so that we can uprev policy and
start maintaining compatibility files, as well as use it for CTS
tests targeting future platforms.
(cherry-pick of commit: 5c6a227ebb)
Bug: 37896931
Bug: 37916906
Test: none, this just copies the old policy.
Change-Id: Ib069d505e42595c467e5d1164fb16fcb0286ab93
The treble compatibility tests check for policy differences between old
and new policy. To do this correctly, we must not modify the policy which
represents the older policies. Move the files meant to be changed to a
different location from the ones that are not meant to be touched to avoid
any undesired changes to old policy, e.g. commit:
2bdefd65078d890889672938c6f0d2accdd25bc5
Bug: 36899958
Test: Build-time tests build.
Change-Id: I8fa3947cfae756f37556fb34e1654382e2e48372
untrusted_app_visible_hwservice was an attribute that was meant to
give partners time to add their HALs to AOSP. It was removed from mr1
and so needs to be accounted for in the compatibility mapping.
Bug: 64321916
Test: Builds with treble policy tests.
Change-Id: I359a842083016f0cf6c9d7ffed2116feb9e159c6
On Full Treble devices, servicemanager should only service
services from the platform service_contexts file.
Created new type to separate plat_ and nonplat_service_contexts,
and added new type to mapping (although I don't think this type
should have been used by vendors).
Bug: 36866029
Test: Marlin/Taimen boot
Change-Id: Ied112c64f22f8486a7415197660faa029add82d9
Commit: 2490f1adad meant to add
thermalserviced_tmpfs to the new_object list in the mapping file,
but copy-paste error resulted in thermalserviced_exec_tmpfs being
recorded instead. Fix this.
(cherry-pick of commit: fbacc656be)
Bug: 62573845
Test: None. prebuilt change.
Change-Id: Iab4eaef04742187d6397a539aae854651caa9935
A new API [getNamesForUids] was recently added to the PackageManager
and this API needs to be accessible to native code. However, there
were two constraints:
1) Instead of hand-rolling the binder, we wanted to auto generate
the bindings directly from the AIDL compiler.
2) We didn't want to expose/annotate all 180+ PackageManager APIs
when only a single API is needed.
So, we chose to create a parallel API that can be used explicitly
for native bindings without exposing the entirety of the
PackageManager.
Bug: 62805090
Test: Manual
Test: Create a native application that calls into the new service
Test: See the call works and data and returned
Change-Id: I0d469854eeddfa1a4fd04b5c53b7a71ba3ab1f41
Commit: ec3b6b7e25 added a new daemon
and corresponding types to sepolicy. The explicitly declared types
were added to 26.0.ignore.cil to reflect the labeling of new objects,
but another type, thermalserviced_tmpfs was created by macro and was
missed in code review. Add it as well.
Bug: 62573845
Test: None. prebuilt change.
Change-Id: Ia8968448eea0be889911f46fe255f581659eb548
(cherry picked from commit 2490f1adad)
Commit: 5aef6a9469 added a new type,
system_net_netd_hwservice, for a new hwservice. Record this in the
compatibility infrastructure as labeling a new object, rather than
relabeling one from O.
Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: If360eb9e05684d9b47316d53e494aa773485e93f
Commit: 3eed3eacfb added the compatibility
statement for the new mediaprovider app domain, but it missed another
new, private type, mediaprovider_tmpfs, that is automatically created for
all appdomains. It replaces priv_app_tmpfs, but since both types are
private, they do not need to be added to the actual mapping (vendor policy
cannot use it).
Bug: 62573845
Test: None. Prebuilt-only change.
Change-Id: I62229a5be74cd928fe0ca82a45b73cb61d6f5223
Commit: 632bc494f1 added hwservice labeling
and was cherry-picked to oc-dev, but the hal_wifi_offload_hwservice type
was not part of the cherry-pick because the service was not in oc-dev.
Record the type for compatibility purposes.
Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: Ib2c0fe862eddb566fbe6b0287238fa93dddae7b8
This type was removed in commit: 93166cefce
and no longer needs to be included in compatibility infrastructure.
Bug: 62573845
Test: None, prebuilt change.
Change-Id: I9dc05512c7fcb3ef4445c4c6b040809a1d595282
Prevent files in /proc from incorrectly having sysfs_type attribute.
Rework neverallows so that ueventd has write access to all of
/sys which it needs to handle uevents.
Bug: 63147833
Test: Build. Flash angler, verify files are correctly labeled and no
new denials are in the logs.
Change-Id: Ib94d44e78cee0e83e2ac924f1c72e611e8e73558
This reinstates the exception for netd_stable_secret_prop, which
was added after O sepolicy freeze. This exception, along with the
corresponding core sepolicy change, was reverted in order to
allow these policies to be added to per-device sepolicy.
DO NOT SUBMIT until http://ag/2528214 has automerged to master.
This reverts commit 777c8ee0c2.
Bug: 17613910
Bug: 62573845
Test: make -j64 bootimage
Change-Id: I20b52f1d8e1c0cbb18a339bf45586dacbc7405ad
This will allow removing the netd_stable_secret_prop from common
policy in master. It will be re-added after the wahoo-specific
sepolicy for netd_stable_secret_prop lands in oc-dr1-dev, is
automerged to master, and then is reverted in master.
This reverts commit ebea2b459c.
Bug: 17613910
Bug: 62573845
Test: None, prebuilt change only.
Change-Id: I1234326d2fe6446e7e09ba9e97187518fa9bce33
Platform SELinux policy may be updated without a corresponding
update to non-platform policy. This is meant to be accomplished by
maintaining a compatibility mapping file which will be built along
with the current platform policy to link older non-platform policy.
Introduce an example vendor policy built from 26.0 public policy and
make sure that the current platform policy and mapping file, for that
version, build with it. Add this as a dependency for the
selinux_treble_tests, which are meant to ensure treble properties,
ultimately to provide this compatibility guarantee.
Bug: 36899958
Test: Current platform policy builds with oc-dev vendor policy and
oc-dev mapping file. Removed private type with no effect. Removed
public type without corresponding mapping entry causes build to fail.
Change-Id: I7994ed651352e2da632fc91e598f819b64c05753
Commit: e58a8de5e7 added a new type
which has no analogue in 26.0. Record it as such.
Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: I6b6d2aa64e0ac2c39c8d0427d333e6c7fc2b0bb1
Commit: 86cb521502 gave /dev/memcg a
new label, but also explicitly prohibited access to vendor domains.
Add the type to the 'new types' and don't map it to any other type
for backwards compatibility.
Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: I8902716830b162ead69834544ace9e02a94c65b4
Commit: 38f0928fb0 added a type for a
new system service. This service did not exist previously, so mark
the type as not needing any compat entry.
Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: I52d8e144c614b27f5c52fa99be6cfac87159bbcd
Commit: 78e595deab added a new hwservice,
which replaced a previous system service. This effectively means we are
deleting one object and creating a new one, so no compatibility mapping
should be necessary since previous vendor processes trying to access the
service will not be able to find it now independent of policy.
Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: I6882d968dccb55561379e940f6ecb62902bb1659
Commit: b8f7a40833 removed three
attributes from public policy. These attributes could be assigned
to vendor types, and so need to be kept in policy when combined with
vendor policy of that version.
Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: I7d71ef7795f8b82c214c2ef72478c3ca84d1869c
Commit: 4dc88795d0 changed the label of
uid_time_in_state from proc to proc_uid_time_in_state. This file
could have been used by vendor services. Add a compat mapping.
Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: I2e5222c4d4fe12cb0bbc4e85ba53c1f59b714d61
Commits 7fa51593c8 and
92fdd8954f removed the
tracing_shell_writable and tracing_shell_writable_debug types, and
relabeled the files with debugfs_tracing and debugfs_tracing_debug,
respectively. Record this in the compatibility file so that vendor
policy using these types will still work.
Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: Ic6573518035514a86abe2081483431427612699e
Commit: abb1ba6532 added policy for a
new property, which was not present in O. This policy introduced a
new type. Record it as such.
Bug: 62573845
Test: None, prebuilt change only.
Change-Id: I7d90cd69a5e6e29677598cc109676d5b1ce5ba05
Commit: bde5c8013d added a new type,
mediaprovider, which is being applied to an object (process) formerly
labeled as priv_app. Add the new type to the versioned attribute for
priv_app so that any vendor policy written for interaction with
mediaprovider continues to work.
Bug: 62573845
Test: None. Prebuilt-only change.
Change-Id: Id98293369401a2af23c2328a1cb4a5bb2258aac8
Commit: 50889ce0eb added policy for a
new service, which was not present in O. This policy introduced a
new type. Record it as such.
Bug: 62573845
Test: None, prebuilt change only.
Change-Id: If9cfaff813c47d3b1c8374e8abfb4aedb902d486
Commit: 11bfcc1e96 added policy for
a new socket which was not present in O. This socket has a new
type associated with it. Record the type as a new type so that
compatibility testing will not complain.
Bug: 62573845
Test: None, prebuilt change only.
Change-Id: I375fc9ca0bd201e277a0302d9b34c0da0eb40fbd
Commit 5f573ab2aa added policy for
the additions of upstream fs tools. Make sure the new types are
denoted as such (no object relabeling needs to be done) and that
objects which are relabeled are.
Bug: 35219933
Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: I6515e05ebc60ca08e98029f471cf2861826036fc
domain_deprecated is a private attribute, which means that none of
its rules will be copied to vendor policy. Unfortunately, this
means that any public type that used the attribute now loses policy
rules on which a vendor may have been relying unknowingly. Add the
domain back in the compatiblity file so that O vendor policy remains
sufficient.
Bug: 62573845
Test: None, prebuilt change and prebuilt tests not in yet.
Change-Id: I2c4ce00ecb102f087472e183fa52d072fe6eb398
This was marked deprecated in 2014 and removed in 2015, let's remove
the sepolicy now too.
(Originally submitted in commit: 8c60f74dcc)
Bug: 38242876
Test: Builds and boots.
Change-Id: I4caa0dbf77956fcbc61a07897242b951c275b502
Add /dev/kmsg_debug on userdebug devices, to allow crash_dump to log
crashes to dmesg when logd isn't up yet (or is the one crashing).
(Originally commited in a015186fab)
Bug: 36574794
Bug: 62101480
Test: Builds and boots.
Change-Id: I249e11291c58fee77098dec3fd3271ea23363ac9
More changes went into oc-dev after the freeze-date. Reflect them.
Bug: 37896931
Test: prebuilts - none.
Change-Id: I3300751ea7362d5d96b327138544be65eb9fc483
commit: 5c6a227ebb added the oc-dev
sepolicy prebuilts (api 26.0), but did not include the corresponding
base mapping file, which is to be maintained along with current
platform development in order to ensure backwards compatibility.
Bug: 37896931
Test: none, this just copies the old mapping file to prebuilts.
Change-Id: Ia5c36ddab036352845878178fa9c6a9d649d238f
Copy the final system sepolicy from oc-dev to its prebuilt dir
corresponding to its version (26.0) so that we can uprev policy and
start maintaining compatibility files, as well as use it for CTS
tests targeting future platforms.
Bug: 37896931
Test: none, this just copies the old policy.
Change-Id: Ib069d505e42595c467e5d1164fb16fcb0286ab93
