tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
31543 commits 1 branch 0 tags 50 MiB
Commit graph

31543 commits

This branch
This branch
All branches
Author SHA1 Message Date
Yabin Cui
4c26361472 Merge "Allow simpleperf_app_runner to write to shell pipe fds." 2021-05-14 20:45:39 +00:00
Yabin Cui
d34a1dd223 Allow simpleperf_app_runner to write to shell pipe fds. 
Currently simpleperf knows whether an app is debuggable or profileable
by running commands via run-as and simpleperf_app_runner and seeing if
they fail. This isn't convenient. So we want simpleperf_app_runner to
pass app type to simpleperf through pipe fds.

Bug: 186469540
Test: run CtsSimpleperfTestCases.
Change-Id: Ia2d276def83361336bb25d9cf367073a01cb4932
 2021-05-14 10:16:24 -07:00
Treehugger Robot
5f0869cdf5 Merge "Allow /dev/dma_heap directory to be readable" am: 9327c4f1cc am: 76038444d8 am: 8a6512d43a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1705996

Change-Id: Ia310905d6fbe399979e148b226e4892f596fc9d1
 2021-05-14 06:12:35 +00:00
Treehugger Robot
8a6512d43a Merge "Allow /dev/dma_heap directory to be readable" am: 9327c4f1cc am: 76038444d8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1705996

Change-Id: I83a08799ef8de7203005c59856d6b01929b77262
 2021-05-14 05:55:39 +00:00
Treehugger Robot
76038444d8 Merge "Allow /dev/dma_heap directory to be readable" am: 9327c4f1cc 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1705996

Change-Id: I1e0fcba4e7f018587ead1dce753baebf8c56d2c3
 2021-05-14 05:25:12 +00:00
Treehugger Robot
9327c4f1cc Merge "Allow /dev/dma_heap directory to be readable" 2021-05-14 05:10:33 +00:00
Hridya Valsaraju
920939df71 Allow /dev/dma_heap directory to be readable 
Allow everyone to read /dev/dma_heap so that they can query the set of
available heaps with the GetDmabufHeapList() API in libdmabufheap.
This patch fixes the following denials that happen when clients use the
API:

avc: denied { read } for name="dma_heap" dev="tmpfs" ino=369
scontext=u:r:mediaswcodec:s0 tcontext=u:object_r:dmabuf_heap_device:s0
tclass=dir permissive=0
9507:05-12 17:19:59.567  1647  1647 W com.android.systemui: type=1400
audit(0.0:93): avc: denied { read } for
comm=4E444B204D65646961436F6465635F name="dma_heap" dev="tmpfs" ino=369
scontext=u:r:platform_app:s0:c512,c768
tcontext=u:object_r:dmabuf_heap_device:s0 tclass=dir permissive=0
app=com.android.systemui

Test: manual
Bug: 184397788
Change-Id: I84672bc0be5b409cd49080501d0bf3c269ca610c
 2021-05-14 05:09:30 +00:00
liuyg
87fc7e06db Revert "Allow the MediaProvider app to set FUSE passthrough property" am: 04c85dcfc4 am: 97e0c02e9e am: bdfad42b09 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1705066

Change-Id: I07875bd5e07c5b2b45fb5fdd064790b50ad7eeb7
 2021-05-13 19:55:46 +00:00
Alessio Balsini
4e758d5a43 Allow the MediaProvider app to set FUSE passthrough property am: c1e2918fd9 am: bafbd5eeb0 am: 3c7f9b1c7a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1693545

Change-Id: I4340d1aa457cf190eba110b74ef63f76abe6613d
 2021-05-13 19:55:35 +00:00
Nikita Ioffe
edcbc25d1b Add neverallow rules around who can mount/unmount /apex am: 4274f98522 am: 8f1e069132 am: 50ad7ef417 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1706246

Change-Id: I1f65d131a99a3cb55bb416d299747eb380bffdb3
 2021-05-13 19:54:54 +00:00
liuyg
bdfad42b09 Revert "Allow the MediaProvider app to set FUSE passthrough property" am: 04c85dcfc4 am: 97e0c02e9e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1705066

Change-Id: I75d3493c4bb30b5bc8347d7b5ab58958f4e35222
 2021-05-13 19:01:47 +00:00
Alessio Balsini
3c7f9b1c7a Allow the MediaProvider app to set FUSE passthrough property am: c1e2918fd9 am: bafbd5eeb0 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1693545

Change-Id: I1f4f41ec59ab339e9f25e4e1f3e70c2ecd28cb20
 2021-05-13 19:01:18 +00:00
Nikita Ioffe
50ad7ef417 Add neverallow rules around who can mount/unmount /apex am: 4274f98522 am: 8f1e069132 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1706246

Change-Id: Ic85bebf6489a2823239e3646b20146f00c3be36a
 2021-05-13 19:01:13 +00:00
liuyg
97e0c02e9e Revert "Allow the MediaProvider app to set FUSE passthrough property" am: 04c85dcfc4 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1705066

Change-Id: I96b2cd9e390100bd9c0c1c2b469bc9c58403845a
 2021-05-13 18:47:05 +00:00
Alessio Balsini
bafbd5eeb0 Allow the MediaProvider app to set FUSE passthrough property am: c1e2918fd9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1693545

Change-Id: If140656fae3d6cf8e3939795a0b5fc85603885dd
 2021-05-13 18:40:29 +00:00
Nikita Ioffe
8f1e069132 Add neverallow rules around who can mount/unmount /apex am: 4274f98522 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1706246

Change-Id: Icc76ff101b1c6dd00dfcbba7ff4bfb368d34f1e9
 2021-05-13 18:36:29 +00:00
liuyg
04c85dcfc4 Revert "Allow the MediaProvider app to set FUSE passthrough property" 
This reverts commit c1e2918fd9.

Reason for revert: Build broke

Change-Id: I4b95e977cf66c586b0d0b465f1b3654c01074152
 2021-05-13 18:18:28 +00:00
Alessio Balsini
c1e2918fd9 Allow the MediaProvider app to set FUSE passthrough property 
Allow the MediaProvider app to write the system property
fuse.passthrough.enabled in case FUSE passthrough is enabled.
The need for this additional system property is due to the ScopedStorage
CTS tests that are assuming FUSE passtrhough is always on for devices
supporting it, but there may be some cases (e.g., GSI mixed builds)
where this is not possible true and the feature is disabled at runtime,
thus causing the tests to fail.
This additional system property is only set when FUSE passthrough is
actually being used by the system.

Bug: 186635810
Test: CtsScopedStorageDeviceOnlyTest
Signed-off-by: Alessio Balsini <balsini@google.com>
Change-Id: I623042d67399253a9167188c3748d93eb0f2d41f
 2021-05-13 17:38:16 +00:00
Nikita Ioffe
4274f98522 Add neverallow rules around who can mount/unmount /apex 
Test: m
Bug: 188002184
Change-Id: I8f46896edbee7b68df6f1e3008ff4141df164e4c
 2021-05-13 13:05:58 +01:00
Treehugger Robot
77c97faf89 Merge "Add sepolicy for com.android.compos" am: 965cad9626 am: 611db2ce7c am: 28c5a638a8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1704385

Change-Id: Ia4279cd2bbb289728bf9d7d746f102000df055d9
 2021-05-12 16:07:08 +00:00
Treehugger Robot
28c5a638a8 Merge "Add sepolicy for com.android.compos" am: 965cad9626 am: 611db2ce7c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1704385

Change-Id: I2d72a3d9fbb9051a0d13aec12987ad8b52cca1b4
 2021-05-12 15:50:16 +00:00
Treehugger Robot
611db2ce7c Merge "Add sepolicy for com.android.compos" am: 965cad9626 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1704385

Change-Id: I95e2d6eddbf9471d835b57b8c448522528e36a56
 2021-05-12 15:33:11 +00:00
Treehugger Robot
965cad9626 Merge "Add sepolicy for com.android.compos" 2021-05-12 15:19:04 +00:00
Yo Chiang
5427ebe8cd Merge "Revert "se_compat_cil: Prepend generated files with a header"" am: bb8d0050d9 am: e7e3c30c04 am: 16af5398ab 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1704766

Change-Id: I636eb1ba0dc81ac393fab7203451f7aaa842b551
 2021-05-12 06:26:42 +00:00
Yo Chiang
16af5398ab Merge "Revert "se_compat_cil: Prepend generated files with a header"" am: bb8d0050d9 am: e7e3c30c04 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1704766

Change-Id: I08a736c0b9e1083defd75bf56bbfdbc8ed7288ac
 2021-05-12 06:09:50 +00:00
Yo Chiang
e7e3c30c04 Merge "Revert "se_compat_cil: Prepend generated files with a header"" am: bb8d0050d9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1704766

Change-Id: Ib8e9454f243ceb944af9db9ec346bc1dba0408cc
 2021-05-12 05:53:43 +00:00
Yo Chiang
bb8d0050d9 Merge "Revert "se_compat_cil: Prepend generated files with a header"" 2021-05-12 05:35:51 +00:00
Yo Chiang
7c3ecf1356 Revert "se_compat_cil: Prepend generated files with a header" 
This reverts commit b44e506223.

Reason for revert: secilc is fixed by aosp/1701846, so the workaround is no longer needed

Bug: 183362912
Test: S GSI on R CF boot test
Change-Id: Ic73c7cea1ebe42b483049cbc29f192e738748894
 2021-05-12 01:54:27 +00:00
Shawn Willden
f753633ef7 Merge "TEMP" am: 4361ef2724 am: ccb890cff2 am: ea5ffa4955 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1700226

Change-Id: I8ee3322722970038d24b5d5ce1d0b0c27445fed7
 2021-05-11 23:43:11 +00:00
Shawn Willden
ea5ffa4955 Merge "TEMP" am: 4361ef2724 am: ccb890cff2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1700226

Change-Id: I35c84c29412925905c56ebdf33d4b9b65344ab79
 2021-05-11 23:17:26 +00:00
Shawn Willden
ccb890cff2 Merge "TEMP" am: 4361ef2724 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1700226

Change-Id: Icc47685e0190310af38b87c660125f1c41a30fe7
 2021-05-11 23:02:39 +00:00
Shawn Willden
4361ef2724 Merge "TEMP" 2021-05-11 22:53:43 +00:00
Max Bires
2189a1a447 TEMP 
Have system server add keystore2 stacktraces for ANR reporting

Test: ANR something
Bug: 184006658
Change-Id: I75892479cb59a8ae79cb9555b731dce479175aff
 2021-05-11 22:52:05 +00:00
Victor Hsieh
7b68126421 Add sepolicy for com.android.compos 
This is to unblock the apex setup.

There is only a system_file in the context, but we might need more
specific ones later.

Bug: 186126404
Test: m

Change-Id: Icf713c9bb92e7f7402c0b45bd0f1b06e9cb35d2b
 2021-05-11 14:07:57 -07:00
JJ Lee
448ca882b3 Add ro.audio.offload_wakelock to audio_config_prop am: dcc9b45e3b am: 8369aed9cf am: c3b03a2c5b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1699887

Change-Id: I6ced2f6ae881e05eb5d42eb2c7b38cda41db01f9
 2021-05-11 14:32:33 +00:00
JJ Lee
c3b03a2c5b Add ro.audio.offload_wakelock to audio_config_prop am: dcc9b45e3b am: 8369aed9cf 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1699887

Change-Id: I91ef6800c93518b656821bee8b74a7c08c7ef4b7
 2021-05-11 14:13:38 +00:00
JJ Lee
8369aed9cf Add ro.audio.offload_wakelock to audio_config_prop am: dcc9b45e3b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1699887

Change-Id: I860c25d0ac4043e2e5187081cd479d85183efb33
 2021-05-11 13:50:55 +00:00
JJ Lee
dcc9b45e3b Add ro.audio.offload_wakelock to audio_config_prop 
Add ro.audio.offload_wakelock to audio_config_prop to allow
AudioFlinger to read this property.

Bug: 178789331
Test: build pass, property can be successfully set and read
Signed-off-by: JJ Lee <leejj@google.com>
Change-Id: I4650e03eb0a406b7531c08001adcfebe822bd75b
 2021-05-10 14:36:15 +08:00
Xin Li
d38e1a1379 [automerger skipped] DO NOT MERGE - Mark RQ2A.210105.001 as merged. am: 945c456807 -s ours am: 93958bf847 -s ours am: f3cd7c5fd4 -s ours 
am skip reason: subject contains skip directive

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1699299

Change-Id: I4dc1d2e33ac2a7d3353c549431f21e187b1ad01b
 2021-05-08 02:37:06 +00:00
Xin Li
f3cd7c5fd4 [automerger skipped] DO NOT MERGE - Mark RQ2A.210105.001 as merged. am: 945c456807 -s ours am: 93958bf847 -s ours 
am skip reason: Merged-In Ifbb111dbee0429d8aaea4688c0390ee80e25cb22 with SHA-1 a96cb4d339 is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1699299

Change-Id: I277bbea82d909395e3a64e4e31114bfed8a98d94
 2021-05-08 02:13:48 +00:00
Xin Li
93958bf847 [automerger skipped] DO NOT MERGE - Mark RQ2A.210105.001 as merged. am: 945c456807 -s ours 
am skip reason: Merged-In Ifbb111dbee0429d8aaea4688c0390ee80e25cb22 with SHA-1 a96cb4d339 is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1699299

Change-Id: Ie2704cfe5b6670051340f02284851934e7392fcb
 2021-05-08 01:48:59 +00:00
Xin Li
945c456807 DO NOT MERGE - Mark RQ2A.210105.001 as merged. 
Bug: 180401296
Merged-In: Ifbb111dbee0429d8aaea4688c0390ee80e25cb22
Change-Id: I8f6ea01c2aba66ed72afb27f3b21aa1daf83a432
 2021-05-07 14:32:31 -07:00
Vova Sharaienko
8f2377b827 Merge "Stats: Marked service as app_api_service" am: ad8cf2fe1b am: 0fa219044b am: 24f79747ff 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1698879

Change-Id: I495e724efa509f61a6dfa98e47850cdb062aadaa
 2021-05-07 17:06:12 +00:00
Vova Sharaienko
24f79747ff Merge "Stats: Marked service as app_api_service" am: ad8cf2fe1b am: 0fa219044b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1698879

Change-Id: I9cc656f755874ddcb710c686d2d5f3a28e822d54
 2021-05-07 16:47:34 +00:00
Vova Sharaienko
0fa219044b Merge "Stats: Marked service as app_api_service" am: ad8cf2fe1b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1698879

Change-Id: Ia25fba01be2714781c796661c45b1325c8f823dd
 2021-05-07 16:29:16 +00:00
Vova Sharaienko
ad8cf2fe1b Merge "Stats: Marked service as app_api_service" 2021-05-07 16:05:57 +00:00
Inseob Kim
d6aa7f96c4 Merge "Migrate precompiled sepolicy hashes to Android.bp" am: 5f831c37f9 am: bbe881263a am: f1f80f21b4 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1697248

Change-Id: I9684e735800e2c5d86b32d1f45c4665523009f9c
 2021-05-07 01:03:02 +00:00
Inseob Kim
f1f80f21b4 Merge "Migrate precompiled sepolicy hashes to Android.bp" am: 5f831c37f9 am: bbe881263a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1697248

Change-Id: I9818c394c90c8e5e7aa16202c12ba5f152427024
 2021-05-07 00:44:10 +00:00
Inseob Kim
bbe881263a Merge "Migrate precompiled sepolicy hashes to Android.bp" am: 5f831c37f9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1697248

Change-Id: I1bcdd8cd91f5288656dd7a22a3095fd930d2f056
 2021-05-07 00:29:09 +00:00
Inseob Kim
5f831c37f9 Merge "Migrate precompiled sepolicy hashes to Android.bp" 2021-05-06 23:59:18 +00:00