tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
22403 commits 1 branch 0 tags 50 MiB
Commit graph

22403 commits

This branch
This branch
All branches
Author SHA1 Message Date
Ashwini Oruganti
7493bb52c1 Allow GMS core to call dumpsys storaged 
Now that GMS core is running in gmscore_app and not priv_app, we need
this rule for the new domain. This also adds an auditallow to the same
rule for priv_app, so we can delete it once no logs show up in
go/sedenials for this rule triggerring.

Bug: 142672293
Test: TH
Change-Id: I308d40835156e0c19dd5074f69584ebf1c72ad58
 2019-12-11 12:49:04 -08:00
Yan Yan
fe55f30397 Merge "Make ipsec file_contexts as "android:path" property" 2019-12-04 02:07:34 +00:00
Treehugger Robot
54072d9a73 Merge "Fix vendor defining macros and neverallows" 2019-12-04 01:12:15 +00:00
Hangyu Kuang
4c1e76adcb Merge "MediaTranscodingService: Add sepolicy for MediaTranscodingService." 2019-12-03 23:55:20 +00:00
Treehugger Robot
53e3983923 Merge "Audit binder_call rule for priv_app in update_engine.te" 2019-12-03 23:46:56 +00:00
Treehugger Robot
92e540c978 Merge "Merge Android10 QPR1 into AOSP master" 2019-12-03 23:15:00 +00:00
Ashwini Oruganti
c116142d2e Audit binder_call rule for priv_app in update_engine.te 
We've moved GMS core to its own domain, and this permission should no
longer be applied to the broader priv_app domain.

Before we delete the rule, we are auditing it to see if any other
privapps need it.

Bug: 142672293
Test: TH
Change-Id: I29c29739f4c3caf5d24361b69adc584047da0ef0
 2019-12-03 14:02:57 -08:00
Jeff Sharkey
8d287db808 Structure MediaProvider as an APEX. 
Based on guidance from the Mainline team, we're placing the
MediaProvider APK inside a new APEX, as this will allow us to
move MediaStore.java inside the module boundary in a future CL.

Bug: 144247087
Test: manual
Change-Id: I88f6f2e598d9611e8b92143504e4328d93671cab
 2019-12-03 13:35:46 -07:00
Treehugger Robot
f651f6efc6 Merge "Allow update_engine to call gmscore_app" 2019-12-03 20:27:51 +00:00
Ashwini Oruganti
ae7297b7da Allow update_engine to call gmscore_app 
We need this permission now that GMS core runs in its own domain and not
in the priv_app domain.

Bug: 145379440
Bug: 142672293
Test: TH
Change-Id: Idc4bf6863ba767d287c218c07d0eb5aebbe50f91
 2019-12-03 11:13:51 -08:00
Inseob Kim
b4baf73477 Fix vendor defining macros and neverallows 
init and dumpstate should be able to access all properties, but they are
in coredomain, so neverallow rules for vendor properties should be
changed in order to avoid conflicts.

Bug: 145339613
Test: add vendor_internal_prop manually and build.
Change-Id: If582870f855e4444f8ac0d091696c0c7fd833791
 2019-12-03 18:42:12 +09:00
Xin Li
914bd86d0e Merge Android10 QPR1 into AOSP master 
Bug: 145570283
Change-Id: Ie78ec6d7b9300593c9ac370d7dd801ba3f7e0e97
 2019-12-02 21:25:28 -08:00
Hangyu Kuang
ee3a8ea798 MediaTranscodingService: Add sepolicy for MediaTranscodingService. 
Bug:145233472
Test: Build and flash the phone.
"adb shell dumpsys -l | grep media" shows media.transcoding service.

Change-Id: I48a42e7b595754989c92a8469eb91360ab6db7c6
 2019-12-02 13:57:28 -08:00
Stan Rokita
193dfaeca0 Merge "Add sensors multihal support in file_contexts regex" 
am: d494872641

Change-Id: I8a297a051ad05023aa985e005ce0b67cd8ffcaf2
 2019-12-02 13:39:35 -08:00
Stan Rokita
d494872641 Merge "Add sensors multihal support in file_contexts regex" 2019-12-02 20:54:57 +00:00
Ashwini Oruganti
807fe543e5 Don't run vzwomatrigger_app in permissive mode 
am: b7c81c04c0

Change-Id: I7cf647863753a4dcf7ffea1d5e8af3edf618d5d6
 2019-12-02 11:35:26 -08:00
Ashwini Oruganti
b7c81c04c0 Don't run vzwomatrigger_app in permissive mode 
This change enforces all the defined rules for the vzwomatrigger_app
domain and unsets permissive mode. There have not been any new denials
in the past weeks for this domain (source: go/sedenials), and hence this
domain appears to not need any new permissions.

Bug: 142672293
Test: Green builds
Change-Id: I588b4e3038a3e8188d97183a592f9023a95dd3a8
 2019-12-02 09:41:54 -08:00
Anton Hansson
03683c2295 Merge "Add sepolicy for com.android.sdkext module" 
am: 243797950e

Change-Id: I4b2e2bcf04a7e42e27b6a9e6cceae205dddf2ddb
 2019-12-02 09:19:22 -08:00
Anton Hansson
243797950e Merge "Add sepolicy for com.android.sdkext module" 2019-12-02 17:09:16 +00:00
Anton Hansson
fd25d49569 Add sepolicy for com.android.sdkext module 
Bug: 137191822
Test: m com.android.sdkext
Change-Id: Ia5fb99af7fad43ce4321b1c6611ab54340a87589
 2019-12-02 14:13:41 +00:00
Jeff Vander Stoep
ae2bb0dd40 gmscore_app: add bug map 
am: a213e0c3c5

Change-Id: I973b2a61960faf96fc12da7ecf197386866f4aa6
 2019-12-02 06:04:24 -08:00
Jeff Vander Stoep
a213e0c3c5 gmscore_app: add bug map 
De-flake tests.

Test: build
Bug: 145267097
Change-Id: I7c21229d8577ffb9283a94290b3cfe575868d348
 2019-12-02 13:42:11 +01:00
Mark Chien
946f1bf87b Merge "[Tether18] Add file_contexts for com.android.tethering.apex" 
am: 9bf53d557d

Change-Id: I677f6bd93bd5fa099eba2c1fc705364ce94ccb9f
 2019-12-01 20:20:30 -08:00
Mark Chien
9bf53d557d Merge "[Tether18] Add file_contexts for com.android.tethering.apex" 2019-12-02 04:11:35 +00:00
Mark Chien
646864216f [Tether18] Add file_contexts for com.android.tethering.apex 
Bug: 144320626
Test: build

Change-Id: I6b5c079a917524bf4f1ad3f89b1f44708f0d6ed7
 2019-11-28 14:53:58 +08:00
Shuo Qian
dea5117ac3 Merge "Setting up SELinux policy for Emergency number database" 
am: 584234e8b1

Change-Id: I87aa18467be2a9c38d804629eea38f3c5ebb844c
 2019-11-27 12:06:51 -08:00
Shuo Qian
584234e8b1 Merge "Setting up SELinux policy for Emergency number database" 2019-11-27 19:14:50 +00:00
Jeff Vander Stoep
ae3667d6ae Whitelist app->storage denials 
am: 99d5970dcf

Change-Id: I93dae16d115d35d2eebb35d8cc98cbf941b11873
 2019-11-27 10:49:17 -08:00
evitayan
780185f503 Make ipsec file_contexts as "android:path" property 
It follows examples of other APEX to make file_contexts of ipsec
module as "android:path" property

Bug: 143192273
Test: atest ipsec_e2e_tests
Change-Id: Idbba1f964aad7e54077ac77250f9cfd6a6b5049e
 2019-11-27 07:00:14 -08:00
Jeff Vander Stoep
99d5970dcf Whitelist app->storage denials 
Make presubmit less flaky.

Bug: 145267097
Test: build
Change-Id: Id3e8c636f9ebda0dd07a0dcf5211f4a73bd3e3c2
 2019-11-27 15:01:05 +01:00
Harpreet \"Eli\" Sangha
ae8ad79141 Merge "Fix File Context Entry for Bluetooth Services." 
am: d6a91453d8

Change-Id: I437f849121d5aa8fdc6f312c92880558af157a74
 2019-11-26 20:04:55 -08:00
Treehugger Robot
d6a91453d8 Merge "Fix File Context Entry for Bluetooth Services." 2019-11-27 03:56:40 +00:00
Terry Wang
038b7b664f Merge "Add apex structure to appsearch module." 
am: 4a51f6d55d

Change-Id: I4fd1bb01d20d9c684a2437378737b74af0f51fa2
 2019-11-26 18:09:34 -08:00
Treehugger Robot
4a51f6d55d Merge "Add apex structure to appsearch module." 2019-11-27 02:04:39 +00:00
Harpreet \"Eli\" Sangha
078689ae03 Fix File Context Entry for Bluetooth Services. 
Test: Boot on HiKey960 and check dmesg errors.
Change-Id: I9ac0968753c7cd9a23c63eac98b20a7778277716
Signed-off-by: Harpreet \"Eli\" Sangha <eliptus@google.com>
 2019-11-27 10:11:12 +09:00
Roshan Pius
34c69ae8eb Merge changes Ifa33dae9,I69ccc6af,Ibb4db9d9 
am: d16a3968f3

Change-Id: Ib57570877f9195b2d54337552e4ee868f7dbc29f
 2019-11-26 16:48:07 -08:00
Treehugger Robot
d16a3968f3 Merge changes Ifa33dae9,I69ccc6af,Ibb4db9d9 
* changes:
  Revert "sepolicy: Permission changes for new wifi mainline module"
  Revert "wifi_stack: Move to network_stack process"
  Revert "sepolicy(wifi): Allow audio service access from wifi"
 2019-11-27 00:41:35 +00:00
Ashwini Oruganti
3d23d9ab9e Merge "Audit GMS core related allow rules in priv_app.te" 
am: 63fb238052

Change-Id: I6f3c1e455ade4deb13cde882bcf864ca6ea4f7c5
 2019-11-26 15:04:38 -08:00
Treehugger Robot
63fb238052 Merge "Audit GMS core related allow rules in priv_app.te" 2019-11-26 23:00:25 +00:00
David Sehr
b08791945a Merge "Revert^2 "SELinux policy for system server JVMTI"" 
am: 453ed17a61

Change-Id: Ia488cd027e46fa6f20ebbce91ea6ada63ab5e6da
 2019-11-26 14:26:00 -08:00
David Sehr
453ed17a61 Merge "Revert^2 "SELinux policy for system server JVMTI"" 2019-11-26 22:19:11 +00:00
Ashwini Oruganti
e6ed127dcb Audit GMS core related allow rules in priv_app.te 
We've moved GMS core to its own domain, and these permissions should be
removed from the priv_app domain. This change adds auditallow to these
permissions so we know if it's safe to check if any other privapps are
relying on these.

Bug: 142672293
Test: Green builds
Change-Id: I35402f1166a0edf8e001d894413f470c090c7b57
 2019-11-26 13:16:21 -08:00
Shuo Qian
9322cb088a Setting up SELinux policy for Emergency number database 
Test: Manual; https://paste.googleplex.com/6222197494382592
Bug: 136027884
Change-Id: I29214de6b5b5a62bff246c1256567844f4ce55c7
 2019-11-26 12:51:02 -08:00
Colin Cross
bb82c57996 Merge "bug_map: track bluetooth storage_stub_file denial" 
am: e84bef4647

Change-Id: I2151dbd566bd46a20a375a9519c6d6e8817dc567
 2019-11-26 12:07:41 -08:00
Colin Cross
e84bef4647 Merge "bug_map: track bluetooth storage_stub_file denial" 2019-11-26 18:33:37 +00:00
Colin Cross
b24b629ed3 bug_map: track bluetooth storage_stub_file denial 
Bug: 145212474
Test: none
Change-Id: I64e7e73907637e100d59b735c57cc40996044607
 2019-11-26 10:31:46 -08:00
markchien
b4eb08da19 Merge "[Tether12] Give network stack permission for tetheroffload" 
am: e91bdc73d8

Change-Id: I703bffef2c8cf333fcd01532311cecdbebd8c800
 2019-11-26 05:41:52 -08:00
Treehugger Robot
e91bdc73d8 Merge "[Tether12] Give network stack permission for tetheroffload" 2019-11-26 13:34:38 +00:00
Robert Shih
caefd4cdc3 Merge "allow mediaserver to access drm hidl" 
am: 487411abab

Change-Id: Ie12aa1b3fe9fa2e38e1c56399b78a7723325fb5a
 2019-11-25 17:46:02 -08:00
Robert Shih
487411abab Merge "allow mediaserver to access drm hidl" 2019-11-26 01:36:00 +00:00