tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
43336 commits 1 branch 0 tags 50 MiB
Commit graph

43336 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jooyung Han
5f37382487 Allow webview_zygote to "search" vendor apex dirs am: f91152af55 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2620249

Change-Id: Ib36c38102026fab5349a02ae5b23d97dd75c53a3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-08 07:23:52 +00:00
Jooyung Han
f91152af55 Allow webview_zygote to "search" vendor apex dirs 
Now, root dir and apex_manifest.pb of vendor apex mounts are labelled as
vendor_apex_metadata_file. For webview_zygote to read overlays from
vendor apexes it needs to be allowed to "search" the roots of vendor
apexes.

Bug: 286330836
Test: atest CtsWebkitTestCases:android.webkit.cts.WebViewTest#testAddJavascriptInterface
Change-Id: I5ea333800221e272a4e678b00326a79a6398c861
 2023-06-08 13:18:44 +09:00
Alexander Roederer
e274770fa5 Merge "persist.sysui.notification.ranking_update_ashmem" am: 49b818497f am: b475d75b4d am: 1ebe668661 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2606135

Change-Id: Iea54b4c7fdab68226daa7851cd534b38fd4df75d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-08 03:01:00 +00:00
Alexander Roederer
1ebe668661 Merge "persist.sysui.notification.ranking_update_ashmem" am: 49b818497f am: b475d75b4d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2606135

Change-Id: I50be2c89f7471f423a12668bc122e0e7b28ca4c7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-08 02:15:20 +00:00
Jooyung Han
aa33b4a079 Merge "Introduce vendor_apex_metadata_file" am: 94dc202954 am: 1f47660fb4 am: 3f9a296855 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2606717

Change-Id: I98af12c69db65fada6ee659a9066ba14996bd2fc
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-08 01:58:18 +00:00
Alexander Roederer
b475d75b4d Merge "persist.sysui.notification.ranking_update_ashmem" am: 49b818497f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2606135

Change-Id: Id806c0f72e65884828c7a18778d7aa67b6b40d4e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-08 01:35:47 +00:00
Jooyung Han
3f9a296855 Merge "Introduce vendor_apex_metadata_file" am: 94dc202954 am: 1f47660fb4 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2606717

Change-Id: Id89d5266a07d0632bd4463ecb267e5d40a8ea19a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-08 01:11:16 +00:00
Alexander Roederer
49b818497f Merge "persist.sysui.notification.ranking_update_ashmem" 2023-06-08 00:58:04 +00:00
Jooyung Han
1f47660fb4 Merge "Introduce vendor_apex_metadata_file" am: 94dc202954 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2606717

Change-Id: If60331ca4fed494c06a2e1d4bffb1ae7a684d342
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-08 00:30:01 +00:00
Jooyung Han
94dc202954 Merge "Introduce vendor_apex_metadata_file" 2023-06-07 23:59:59 +00:00
Nikita Ioffe
31d82c0dcd Change the stem name to microdroid_precompiled_sepolicy 
Bug: 285855150
Test: m
Change-Id: I112ef67a7804f91e2a7c6b0998c8bbb436c57566
 2023-06-08 00:00:06 +01:00
Alexander Roederer
584a862df6 persist.sysui.notification.ranking_update_ashmem 
Adds persist.syui.notification.ranking_update_ashmem property and
associated permissions, which will be used to flag guard a change in
core/...NotificationRankingUpdate.java.

Permissions are limited in scope to avoid unnecessary access.
Apps may need to read the flag (because NotificationRankingUpdate.java
is a core library), but setting should only be possible internally (and
via debug shell).

Test: manual flash+adb setprop/getprop
Bug: 249848655
Change-Id: I661644893714661d8c8b5553c943fa17d08c000c
 2023-06-07 22:31:00 +00:00
Steven Moreland
5fdc6bf93c atrace: don't audit debugfs access 
Fixes: 230656878
Test: N/A
Change-Id: I80277bb4655c34e932482bb5e19a81fe6b7a537a
 2023-06-07 20:29:47 +00:00
David Anderson
ae8817dc1e Allow ueventd to access device-mapper. 
ueventd needs access to device-mapper to fix a race condition in symlink
creation. When device-mapper uevents are received, we historically read
the uuid and name from sysfs. However it turns out sysfs may not be
fully populated at that time. It is more reliable to read this
information directly from device-mapper.

Bug: 286011429
Test: libdm_test, treehugger
(cherry picked from https://android-review.googlesource.com/q/commit:e09c0eee36d58894bb0d30b9af4e33ee7dd7011c)
Merged-In: I36b9b460a0fa76a37950d3672bd21b1c885a5069
Change-Id: I36b9b460a0fa76a37950d3672bd21b1c885a5069

Change-Id: I1197d0051a9ce96b7edd87347b5db266b1643d30
 2023-06-07 08:06:12 -07:00
Yakun Xu
07429e39ee add sepolicy rules for Thread network 
bug: 257371610
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:0fd52fd521b8167b0ec8836dac3765a16fd6863b)
Merged-In: I2c90639f4baecb010230b3aa60f2f09c0ddd9e4f
Change-Id: I2c90639f4baecb010230b3aa60f2f09c0ddd9e4f
 2023-06-07 07:04:19 +00:00
Robert Shih
1bd70df43b Give serial number access to drm hal server not client 
Bug: 284812208
Change-Id: I489feba47f9eb0d9a4ea483cd55aa3a8bbfd389e
 2023-06-06 08:33:19 +00:00
Thiébaud Weksteen
ae39ba7068 Grant signal permission for dumpstate on app_zygote 
Bug: 282614147
Bug: 238263438
Bug: 238263561
Bug: 238263942
Bug: 264483390
Bug: 279680264
Test: TreeHugger
Change-Id: I8b74fec0ea855e244e218fdeb43a57407fe77388
 2023-06-06 10:29:57 +10:00
Steven Moreland
2d3ec65eab Merge "sepolicy: take sepolicy split in .mk" am: 394de71b25 am: 4f8749fb39 am: 41dee692bc 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2608418

Change-Id: I0b3d3aaffefb25d74bbb5085a5c1766afb0f8570
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-06 00:28:19 +00:00
Steven Moreland
41dee692bc Merge "sepolicy: take sepolicy split in .mk" am: 394de71b25 am: 4f8749fb39 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2608418

Change-Id: Iea553b55dcde8b6cb40e7c810aa7f7f9fa363f0b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-05 23:38:39 +00:00
Steven Moreland
4f8749fb39 Merge "sepolicy: take sepolicy split in .mk" am: 394de71b25 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2608418

Change-Id: I9ae6b75996509cecc2ea272c8af4ef9d63087a69
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-05 23:19:09 +00:00
Steven Moreland
394de71b25 Merge "sepolicy: take sepolicy split in .mk" 2023-06-05 23:08:24 +00:00
Jooyung Han
b6211b88cf Introduce vendor_apex_metadata_file 
A new label for ./apex_manifest.pb and ./ entries in vendor apexes. This
is read-allowed by a few system components which need to read "apex" in
general. For example, linkerconfig needs to read apex_manifest.pb from
all apexes including vendor apexes.

Previously, these entries were labelled as system_file even for vendor
apexes.

Bug: 285075529
Test: m && launch_cvd
Test: atest VendorApexHostTestsCases
Change-Id: Icc234bf604e3cafe6da81d21db744abfaa524dcf
 2023-06-05 17:17:51 +09:00
Jooyung Han
39295cade9 Fix apex_sepolicy_tests_test am: 3e592f2eb6 am: 3d4795888e am: 98b1084ec7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2614829

Change-Id: Iac3a6e13943ce24a8163815c939a46329e2e87c2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-05 04:28:22 +00:00
Jooyung Han
98b1084ec7 Fix apex_sepolicy_tests_test am: 3e592f2eb6 am: 3d4795888e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2614829

Change-Id: I05b36eab2b128ac22ec0331d915bf12265403ecf
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-05 04:02:44 +00:00
Jooyung Han
3d4795888e Fix apex_sepolicy_tests_test am: 3e592f2eb6 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2614829

Change-Id: I00d9962fc6b941c0c79cbe7af1c5760d5e705077
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-05 03:21:32 +00:00
Jooyung Han
3e592f2eb6 Fix apex_sepolicy_tests_test 
check_rule() should collect errors and return them. The previous fix was
early returing when there's a successful case.

Bug: 285225556
Test: atest apex_sepolicy_tests_test
Change-Id: I71c207210c565ab280f8794d201c074812b49acb
 2023-06-05 01:52:14 +00:00
Pawan Wagh
526efb51a5 Add wificond service fuzzer to bindings 
Test: m
Bug: 232439428
Change-Id: I471296a8b33862199ce9c27fca7ceae2db8105ea
 2023-06-03 01:29:14 +00:00
Steven Moreland
721f5af6a3 sepolicy: take sepolicy split in .mk 
This value is always set to true in the core build
system. Removing reads of it so we can mark it as
obsolete.

Bug: 257176017
Test: build
Change-Id: Ie7a72496bd4712583944ed833cd4364c5e3c520b
 2023-06-02 16:14:17 +00:00
Motomu Utsumi
993e3a6b1e Merge "Add sepolicy config for tethering_u_or_later_native namespace" into udc-dev am: 682b2421d1 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23214698

Change-Id: Ica65b79fe2934516eb115e6330fe65a17194ca1b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-02 10:40:19 +00:00
Motomu Utsumi
682b2421d1 Merge "Add sepolicy config for tethering_u_or_later_native namespace" into udc-dev 2023-06-02 10:22:00 +00:00
Brian Lindahl
ccc0033ce2 Move allow rule out of the neverallow section am: abbd8aeefd am: 94a092c7d0 am: 9933bee328 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2611889

Change-Id: I0808bb2bde69adbadfbf9d790736eba2bd86029e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-02 02:57:08 +00:00
Brian Lindahl
9933bee328 Move allow rule out of the neverallow section am: abbd8aeefd am: 94a092c7d0 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2611889

Change-Id: I1d13a4bafac0673e3081a525edc4ac7c2781af48
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-02 02:10:31 +00:00
Brian Lindahl
94a092c7d0 Move allow rule out of the neverallow section am: abbd8aeefd 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2611889

Change-Id: I42ef4633a4a99e6cef4ee0099644fc72f5114b44
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-02 01:23:06 +00:00
Treehugger Robot
8a30fb3b9b Merge "Set up sepolicy for drmserver64" into udc-dev am: a4e8a5bc6a 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23297144

Change-Id: I87c9884bf51c394e2248a7923974bd5dcc88cbc5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-02 00:13:44 +00:00
Treehugger Robot
a4e8a5bc6a Merge "Set up sepolicy for drmserver64" into udc-dev 2023-06-01 23:22:31 +00:00
Treehugger Robot
99be42b2a0 Merge changes from topic "artsrv-experiment-flag" am: 30c25de59d am: 52322051d2 am: c352f9333c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2591925

Change-Id: I3af6d130d243550c31fa9a42f3dfea3c322da299
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-01 20:28:30 +00:00
Martin Stjernholm
8ddfd5ff62 [automerger skipped] Allow the ART boot oneshot service to configure ART config properties. am: e1ac267ddd am: 0508eb7321 am: b66e0e2ba1 -s ours 
am skip reason: Merged-In I14baf55d07ad559294bd3b7d9562230e78201d25 with SHA-1 3d7093fd7b is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2590148

Change-Id: I7cd6232e72848b4364c8af01f26616907e35fe34
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-01 20:28:29 +00:00
Treehugger Robot
c352f9333c Merge changes from topic "artsrv-experiment-flag" am: 30c25de59d am: 52322051d2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2591925

Change-Id: I5ddccd628418931aca9281e577e806cee8d75f61
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-01 19:40:54 +00:00
Martin Stjernholm
b66e0e2ba1 Allow the ART boot oneshot service to configure ART config properties. am: e1ac267ddd am: 0508eb7321 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2590148

Change-Id: I0497f535267badf00d465aa20923a9a195cb3b5a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-01 19:40:52 +00:00
Treehugger Robot
52322051d2 Merge changes from topic "artsrv-experiment-flag" am: 30c25de59d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2591925

Change-Id: I49eca7dfe3862ba4c6da27f4cab4c678ae934701
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-01 18:59:29 +00:00
Martin Stjernholm
0508eb7321 Allow the ART boot oneshot service to configure ART config properties. am: e1ac267ddd 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2590148

Change-Id: Ifa49b047d4febfd8c5c7594d8e7a47ab8a171517
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-01 18:59:27 +00:00
Brian Lindahl
abbd8aeefd Move allow rule out of the neverallow section 
Resovles comment from aosp/2605806

Bug: 234833109
Test: build
Change-Id: I248613ed2d9a7f26d404df8552c2dfc74694754a
 2023-06-01 12:36:55 -06:00
Treehugger Robot
30c25de59d Merge changes from topic "artsrv-experiment-flag" 
* changes:
  Give art_boot explicit access to experiment flags.
  Allow the ART boot oneshot service to configure ART config properties.
 2023-06-01 18:21:50 +00:00
SzuWei Lin
90e295c513 Set up sepolicy for drmserver64 
Add drmserver(32|64) for supporting 64-bit only devices. The patch is
for setting up the sepolicy for drmserver(32|64).

Bug: 282603373
Test: make gsi_arm64-user; Check the sepolicy
Ignore-AOSP-First: depend on an internal project
Change-Id: If8451de8120372b085de1977ea8fd1b28e5b9ab0
 2023-06-01 08:41:54 +00:00
Jooyung Han
b71a0a7399 Merge "Fix apex_sepolicy_tests_test" am: 370d741453 am: a7e2e1a229 am: ea3b6e2bae 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2606716

Change-Id: Ifec2d76477e71e444be8cab3c61db68802c11eb0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-01 05:01:44 +00:00
Jooyung Han
ea3b6e2bae Merge "Fix apex_sepolicy_tests_test" am: 370d741453 am: a7e2e1a229 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2606716

Change-Id: Ic70ffbc63141712c2ab68e062c7e7a07835427f7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-01 03:30:42 +00:00
Jooyung Han
a7e2e1a229 Merge "Fix apex_sepolicy_tests_test" am: 370d741453 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2606716

Change-Id: Ieeb02885d17d975d006f0ff8dbdbdf43880d3129
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-01 02:48:17 +00:00
Jooyung Han
370d741453 Merge "Fix apex_sepolicy_tests_test" 2023-06-01 02:05:55 +00:00
Motomu Utsumi
2473262434 Add sepolicy config for tethering_u_or_later_native namespace 
Setup tethering_u_or_later_native namespace

Test: adb shell device_config put tethering_u_or_later_native test 1
Test: Read persist.device_config.tethering_u_or_later_native.test property
Test: from system server and Tethering.apk
Ignore-AOSP-First: topic has CL that updates DeviceConfig
Bug: 281944942
Change-Id: I2862974dc1a15f6768a34763bb9e2bad93eaf4ca
 2023-06-01 00:34:59 +09:00
Gavin Corkery
73a8f6d8c8 Merge "Sync API 34 prebuilts" into udc-dev-plus-aosp 2023-05-31 14:19:48 +00:00