tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
43336 commits 1 branch 0 tags 50 MiB
Commit graph

43336 commits

This branch
This branch
All branches
Author SHA1 Message Date
Inseob Kim
73702452b9 Merge "Update seapp_contexts precedence documentation" into main am: 60b8c39abc am: 66ea241db2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2671176

Change-Id: I6b9963e0b4409b3586c5ab82755539dbcadbadd1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-26 12:52:39 +00:00
Inseob Kim
66ea241db2 Merge "Update seapp_contexts precedence documentation" into main am: 60b8c39abc 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2671176

Change-Id: I4c6d4a5f904fbf8121f3ff982fa44108a3ce792c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-26 12:09:32 +00:00
Inseob Kim
60b8c39abc Merge "Update seapp_contexts precedence documentation" into main 2023-07-26 11:39:08 +00:00
Inseob Kim
7bb1b5d170 Update seapp_contexts precedence documentation 
Bug: 280547417
Test: TH
Change-Id: I914ef7a7f87b0646411a67e4eec128b61d3ff321
 2023-07-26 11:28:55 +00:00
Eric Biggers
9f946680ba Merge "Remove fsverity_init SELinux rules" into main am: 3a575356fa am: ca7e36f44e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2662775

Change-Id: If8c09076709334da183a555bdf9c83b81a964107
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-26 00:35:03 +00:00
Eric Biggers
ca7e36f44e Merge "Remove fsverity_init SELinux rules" into main am: 3a575356fa 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2662775

Change-Id: I784acd4f47202d90e5ff81aa97bc49d8b9dd7846
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-25 23:46:13 +00:00
Eric Biggers
3a575356fa Merge "Remove fsverity_init SELinux rules" into main 2023-07-25 22:49:09 +00:00
Treehugger Robot
2239b4e016 Merge "Allow dex2oat access to symlinks in APEXes to find DCLA libs." into main am: 9f8e315bc8 am: 22af70c4b9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2673696

Change-Id: If23fa3faa5106bbae40814e7f719ae7359610fc5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-25 17:05:42 +00:00
Treehugger Robot
22af70c4b9 Merge "Allow dex2oat access to symlinks in APEXes to find DCLA libs." into main am: 9f8e315bc8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2673696

Change-Id: Id11bb798566aa6227dd50406a6d11ddc3750133b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-25 16:23:59 +00:00
Treehugger Robot
9f8e315bc8 Merge "Allow dex2oat access to symlinks in APEXes to find DCLA libs." into main 2023-07-25 15:25:57 +00:00
Martin Stjernholm
502a036436 Allow dex2oat access to symlinks in APEXes to find DCLA libs. 
With the introduction of DCLA (/apex/sharedlibs APEX), .so files can be
symlinked into that APEX, so we need to allow reading symlinks to be
able to link the dex2oat binary successfully.

This fixes "CANNOT LINK EXECUTABLE" errors for dex2oat during OTA
preopting.

Test: Apply an OTA manually and check logs for errors
Bug: 291974157
Change-Id: I9eca91c94e8d33fe618783cea262ea3881957620
 2023-07-25 00:07:27 +01:00
Pontus Lidman
41d8a94daa Merge "Add SELinux config for new SensorFusion property" into main am: 1d68b1b2da am: 9e71d05a76 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2667563

Change-Id: Id42f2abb4dc0d913366c6d7ff394c3e3e1f5562b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-21 22:13:16 +00:00
Pontus Lidman
9e71d05a76 Merge "Add SELinux config for new SensorFusion property" into main am: 1d68b1b2da 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2667563

Change-Id: I0d3ff020cdeb06b15ed196f8436c1a5aaa7d956e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-21 21:33:07 +00:00
Pontus Lidman
1d68b1b2da Merge "Add SELinux config for new SensorFusion property" into main 2023-07-21 20:52:40 +00:00
Pontus Lidman
0af0e71062 Add SELinux config for new SensorFusion property 
Add required SELinux configuration to support the sensor
configuration property:
sensors.aosp_low_power_sensor_fusion.maximum_rate

Test: use getprop to verify presence and readability
of the new property. dumpsys sensorservice to verify
sensor service is picking up the property value.

Change-Id: I96b8fd6ce72d7a5bf69b028802b329b03f261585
 2023-07-21 00:42:24 +00:00
Devika Krishnadas
7bf74f801f Merge "Add label for allocator 2 service" into main am: d4908949ef am: 5d227a112e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2634246

Change-Id: I751d9e53a03ee11e7ad50a126278fcb2880c080b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-20 19:57:33 +00:00
Devika Krishnadas
5d227a112e Merge "Add label for allocator 2 service" into main am: d4908949ef 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2634246

Change-Id: I0f5e52e4798478876eb707939feab9936f1182d0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-20 19:14:22 +00:00
Devika Krishnadas
d4908949ef Merge "Add label for allocator 2 service" into main 2023-07-20 18:36:23 +00:00
Eric Biggers
306f510611 Remove fsverity_init SELinux rules 
Since the fsverity_init binary is being removed, remove the
corresponding SELinux rules too.

For now, keep the rule "allow domain kernel:key search", which existed
to allow the fsverity keyring to be searched.  It turns out to actually
be needed for a bit more than that.  We should be able to replace it
with something more precise, but we need to be careful.

Bug: 290064770
Test: Verified no SELinux denials when booting Cuttlefish
Change-Id: I992b75808284cb8a3c26a84be548390193113668
 2023-07-20 17:57:23 +00:00
Kiyoung Kim
2f4fcc4b77 Merge "Label former VNDK-SP libraries in vendor as sphal" into main am: 4b6eabed21 am: ecbdd19801 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2664335

Change-Id: Ifd3e3b8500015649ab5ff5263cc699e373e02689
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-20 03:00:56 +00:00
Kiyoung Kim
ecbdd19801 Merge "Label former VNDK-SP libraries in vendor as sphal" into main am: 4b6eabed21 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2664335

Change-Id: I52e0b26b3337ed5efd6e456ddb0ed6caa6269eb1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-20 02:17:46 +00:00
Kiyoung Kim
4b6eabed21 Merge "Label former VNDK-SP libraries in vendor as sphal" into main 2023-07-20 01:46:44 +00:00
Lee George Thomas
78eb197d5d [automerger skipped] Merge "Add SELinux context for a new lmk system property" into main am: ae8d169405 am: f3be3b67dc -s ours 
am skip reason: Merged-In I7ba35f0ee5aad8f917e01c7586f04d11ed078633 with SHA-1 5d03e8cf33 is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2650043

Change-Id: If60f45e850eff556f3f3ec976558f42bbd5d65f4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-19 23:36:47 +00:00
Lee George Thomas
f3be3b67dc Merge "Add SELinux context for a new lmk system property" into main am: ae8d169405 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2650043

Change-Id: I7ef15ca041271832d665d03af6cc379167418caf
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-19 22:57:50 +00:00
Lee George Thomas
ae8d169405 Merge "Add SELinux context for a new lmk system property" into main 2023-07-19 22:28:24 +00:00
Devika Krishnadas
c850a596b9 Add label for allocator 2 service 
Bug: 287353739

Change-Id: Ia78237361acac4b668d87ec94746e43945f58bbf
Signed-off-by: Devika Krishnadas <kdevika@google.com>
 2023-07-19 20:20:52 +00:00
Kiyoung Kim
0c3a3fd799 Label former VNDK-SP libraries in vendor as sphal 
When VNDK is being deprecated, former VNDK-SP libraries should be loaded
from vendor when system process uses SP-HAL, but this currently fails
because all former VNDK-SP libraries will be marked as vendor library.
This change labels former VNDK-SP libraries installed in the vendor
partition as same labels with SP-HAL libraries so it can be loaded from
system processes.

Bug: 291673098
Test: aosp_cf boot succeded with KEEP_VNDK=false build flag.
Change-Id: I2601ae8e7acd5bbd16fdbe6cee078dfcaa1a5aa2
 2023-07-19 14:13:06 +09:00
Lee George Thomas
5d03e8cf33 Add SELinux context for a new lmk system property 
Add SELinux context for a new lmk system property to add configurability
for delaying psi monitoring until boot completed.

Bug: 288566858
Test: Build, boot and verified logs for avc denial logs.
Ignore-AOSP-First: This is CPed from an AOSP CL to avoid downstream merge conflict

Change-Id: I7ba35f0ee5aad8f917e01c7586f04d11ed078633
 2023-07-17 22:40:48 +00:00
Lee George Thomas
d3f8efa843 Add SELinux context for a new lmk system property 
Add SELinux context for a new lmk system property to add configurability
for delaying psi monitoring until boot completed.

Bug: 288566858
Test: Build, boot and verified logs for avc denial logs.
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:6a80da52aa35a942e064c19fd31c01145d965688)
Merged-In: I7ba35f0ee5aad8f917e01c7586f04d11ed078633

Change-Id: I7ba35f0ee5aad8f917e01c7586f04d11ed078633
 2023-07-17 13:59:14 -07:00
David Anderson
383c3d4908 Merge "Allow lpdumpd to read Virtual A/B diagnostics." into main am: f08664825b am: 9bb18711a9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2656944

Change-Id: Ibcf4d3c147b00b41ec41b2d7ede2cdccd2f5e544
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-17 18:22:33 +00:00
David Anderson
9bb18711a9 Merge "Allow lpdumpd to read Virtual A/B diagnostics." into main am: f08664825b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2656944

Change-Id: I272915312f296451bc067cce2a26ba1fe241b006
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-17 17:37:19 +00:00
David Anderson
f08664825b Merge "Allow lpdumpd to read Virtual A/B diagnostics." into main 2023-07-17 16:55:14 +00:00
Inseob Kim
28b03d6b48 Fix seapp_contexts documentation am: 9d6ce199be am: 12bb1745f1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2658739

Change-Id: Ib10946404d6de017697bbadeafa8d14165a8b037
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-17 13:07:39 +00:00
Inseob Kim
12bb1745f1 Fix seapp_contexts documentation am: 9d6ce199be 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2658739

Change-Id: Idf753171db1d1f05134c74433960b9b78674f7df
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-17 12:19:57 +00:00
Inseob Kim
9d6ce199be Fix seapp_contexts documentation 
Bug: 291528964
Test: N/A; documentation change
Change-Id: I00986c5ace94ed3ee91f3c90300966b0a006bcd5
 2023-07-17 19:53:25 +09:00
David Anderson
e6ad1f2e4c Allow lpdumpd to read Virtual A/B diagnostics. 
Give lpdump read (but not write) access to /metadata/ota so it can call
SnapshotManager::Dump for diagnostics.

Bug: 291083311
Test: lpdump
Change-Id: I732bcebcd809449c86254ea23785dc2c692bedd5
 2023-07-14 09:08:56 -07:00
Kangping Dong
2119b057a2 rename otbr-agent to ot-daemon am: 49fa8f5fe6 am: 543be76e49 am: ed27cc3a56 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2648164

Change-Id: I6c4bd6c242568f12fc322299c451adc94119ca81
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-05 08:09:56 +00:00
Kangping Dong
ed27cc3a56 rename otbr-agent to ot-daemon am: 49fa8f5fe6 am: 543be76e49 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2648164

Change-Id: I618e58713be6a0554668d829cb96d190264151ec
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-05 07:23:38 +00:00
Kangping Dong
543be76e49 rename otbr-agent to ot-daemon am: 49fa8f5fe6 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2648164

Change-Id: I576ab4a5990cbfe746efa57473cdb9dd9e5ad737
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-05 06:46:41 +00:00
Kangping Dong
49fa8f5fe6 rename otbr-agent to ot-daemon 
Rename to better align with our long-term vision on Android

Bug: 288202515
Change-Id: I1b7e39950d39ec781e46c6c0e1b38ad837b9ce4e
 2023-07-04 18:56:37 +08:00
Treehugger Robot
2241a74282 Merge "webview: add cgroup dir create permission" am: 7788174e66 am: 5ab4b3331a am: b56d3275df 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2636345

Change-Id: I69d8cdc4bd155ce5758f30fcb3ecb530f69d7492
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-03 12:03:32 +00:00
Treehugger Robot
b56d3275df Merge "webview: add cgroup dir create permission" am: 7788174e66 am: 5ab4b3331a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2636345

Change-Id: Idd1f665ef93bfc0efb67b1828cf77ca081353e19
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-03 11:18:00 +00:00
Treehugger Robot
5ab4b3331a Merge "webview: add cgroup dir create permission" am: 7788174e66 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2636345

Change-Id: Ia44fa4b250d6dacd5f656b7a6083e916623cf784
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-03 10:40:46 +00:00
Treehugger Robot
7788174e66 Merge "webview: add cgroup dir create permission" 2023-07-03 09:52:58 +00:00
Zhanglong Xia
cc85dcfce1 Merge "Add sepolicy rules for Thread Network HAL" am: 87c6069fe1 am: a1c3cc2c1c am: b883c879d0 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2646219

Change-Id: I034e65e721add0682536f9a3534aa91a466c9398
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-01 02:00:13 +00:00
Jiyong Park
a58a3f535c Allow microdroid_payload to read /dev/console am: bd1be6c554 am: 1400794824 am: f39e78de99 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2640390

Change-Id: Ie5bb0e5fcd248c4a7c85bd8984c226a54d67f888
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-01 01:59:14 +00:00
Zhanglong Xia
b883c879d0 Merge "Add sepolicy rules for Thread Network HAL" am: 87c6069fe1 am: a1c3cc2c1c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2646219

Change-Id: I6fc2a1e07873ce54b766835740bfeaff28369f75
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-01 01:17:24 +00:00
Jiyong Park
f39e78de99 Allow microdroid_payload to read /dev/console am: bd1be6c554 am: 1400794824 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2640390

Change-Id: I13b1d937c47f5989c7dd768eecf2573ce2e5ad5b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-01 01:16:25 +00:00
Zhanglong Xia
a1c3cc2c1c Merge "Add sepolicy rules for Thread Network HAL" am: 87c6069fe1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2646219

Change-Id: Ia35dc04ba697bda1eaca54f2ad1a5459a66abe0c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-01 00:37:23 +00:00
Jiyong Park
1400794824 Allow microdroid_payload to read /dev/console am: bd1be6c554 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2640390

Change-Id: I48dd543efe276b043e36128be976297e66fb1464
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-01 00:34:16 +00:00