tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
13754 commits 1 branch 0 tags 50 MiB
Commit graph

13754 commits

This branch
This branch
All branches
Author SHA1 Message Date
Treehugger Robot
f543ddb384 Merge "Revert "Renames nonplat_* to vendor_*"" 2017-12-07 04:02:29 +00:00
Treehugger Robot
bffa911d6b Merge "Commit 27.0 sepolicy prebuilts to master." 2017-12-07 01:52:56 +00:00
Bo Hu
283dd9ebb9 Revert "Renames nonplat_* to vendor_*" 
This reverts commit 8b562206bf.

Reason for revert: broke mac build

b/70273082

FAILED: out/target/product/generic_x86/obj/ETC/vendor_sepolicy.cil_intermediates/vendor_sepolicy.cil
/bin/bash -c "(out/host/darwin-x86/bin/version_policy -b out/target/product/generic_x86/obj/FAKE/selinux_policy_intermediates/plat_pub_policy.cil -t out/target/product/generic_x86/obj/ETC/vendor_sepolicy.cil_intermediates/vendor_policy_raw.cil -n 10000.0 -o out/target/product/generic_x86/obj/ETC/vendor_sepolicy.cil_intermediates/vendor_sepolicy.cil.tmp ) && (grep -Fxv -f out/target/product/generic_x86/obj/ETC/plat_pub_versioned.cil_intermediates/plat_pub_versioned.cil out/target/product/generic_x86/obj/ETC/vendor_sepolicy.cil_intermediates/vendor_sepolicy.cil.tmp > out/target/product/generic_x86/obj/ETC/vendor_sepolicy.cil_intermediates/vendor_sepolicy.cil ) && (out/host/darwin-x86/bin/secilc -m -M true -G -N -c 30 		out/target/product/generic_x86/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil out/target/product/generic_x86/obj/ETC/plat_pub_versioned.cil_intermediates/plat_pub_versioned.cil out/target/product/generic_x86/obj/ETC/10000.0.cil_intermediates/10000.0.cil out/target/product/generic_x86/obj/ETC/vendor_sepolicy.cil_intermediates/vendor_sepolicy.cil -o /dev/null -f /dev/null )"
Parsing out/target/product/generic_x86/obj/FAKE/selinux_policy_intermediates/plat_pub_policy.cil
Parsing out/target/product/generic_x86/obj/ETC/vendor_sepolicy.cil_intermediates/vendor_policy_raw.cil
grep: out of memory

Change-Id: I14f0801fdd6b9be28e53dfcc0f352b844005db59
 2017-12-07 00:16:13 +00:00
Treehugger Robot
f691b12732 Merge "Sepolicy: Give perfprofd access to kernel notes" 2017-12-07 00:13:50 +00:00
Treehugger Robot
1d7fcdd59a Merge "Sepolicy: Label kernel notes" 2017-12-07 00:09:25 +00:00
Xin Li
91690c904c Merge "DO NOT MERGE: Merge Oreo MR1 into master" 2017-12-06 23:18:28 +00:00
Xin Li
4b836a8216 DO NOT MERGE: Merge Oreo MR1 into master 
Exempt-From-Owner-Approval: Changes already landed internally
Change-Id: I11a15296360fd68485402e33814e7e756925c6a8
 2017-12-06 14:24:58 -08:00
Andreas Gampe
365dd03cb1 Sepolicy: Give perfprofd access to kernel notes 
Simpleperf reads kernel notes.

Bug: 70275668
Test: m
Test: manual
Change-Id: I1a2403c959464586bd52f0398ece0f02e3980fc4
 2017-12-06 13:55:06 -08:00
Andreas Gampe
9213fe0217 Sepolicy: Label kernel notes 
Label /sys/kernel/notes.

Bug: 70275668
Test: m
Change-Id: Ieb666425d2db13f85225fb902fe06b0bf2335bef
 2017-12-06 13:55:06 -08:00
Andreas Gampe
ae49e57410 Merge "Sepolicy: Silence /data/local/tmp access of perfprofd" am: 61f5f287ba 
am: 95e3e7c54c

Change-Id: I81f10dc7cbe4e11cddbeaef66882794f45bc81a2
 2017-12-06 21:45:11 +00:00
Josh Gao
ccb67ab8a1 crash_dump: allow reading from pipes. am: 914a7fb95a 
am: d7ff4d0b6b

Change-Id: I72c5e0a1278e164a3889f610bd91c53fb523b9c0
 2017-12-06 21:44:39 +00:00
Andreas Gampe
95e3e7c54c Merge "Sepolicy: Silence /data/local/tmp access of perfprofd" 
am: 61f5f287ba

Change-Id: I1761f3cd95aaf054414be37b81338e4662906aca
 2017-12-06 21:39:44 +00:00
Josh Gao
d7ff4d0b6b crash_dump: allow reading from pipes. 
am: 914a7fb95a

Change-Id: I053ba4143c225fc471c6c70afdcc0ce284060f69
 2017-12-06 21:39:10 +00:00
Treehugger Robot
61f5f287ba Merge "Sepolicy: Silence /data/local/tmp access of perfprofd" 2017-12-06 21:31:30 +00:00
Tri Vo
a7f988d041 Merge "init: remove open, read, write access to 'sysfs' type." am: 9b2dc9cfbb 
am: 3ed2877372

Change-Id: I6929ce22f7255ed00f56d921b20a9ec98bba4164
 2017-12-06 19:12:55 +00:00
Josh Gao
914a7fb95a crash_dump: allow reading from pipes. 
Bug: http://b/63989615
Test: mma
Change-Id: I41506ecb0400867230502181c1aad7e51ce16d70
 2017-12-06 11:05:54 -08:00
Tri Vo
3ed2877372 Merge "init: remove open, read, write access to 'sysfs' type." 
am: 9b2dc9cfbb

Change-Id: I1921ca6c85e74935686d10918f0b0fb616e78ace
 2017-12-06 19:05:42 +00:00
Treehugger Robot
9b2dc9cfbb Merge "init: remove open, read, write access to 'sysfs' type." 2017-12-06 18:51:09 +00:00
Andreas Gampe
ec5bcd70b0 Sepolicy: Silence /data/local/tmp access of perfprofd 
Until simpleperf does not optimistically try /data/local/tmp for
tmp storage, silence the denials.

Bug: 70232908
Test: m
Test: manual
Change-Id: Icbc230dbfbfa6493b4e494185c536a10e3b0ae7b
 2017-12-06 10:19:39 -08:00
Dan Cashman
805824884f Commit 27.0 sepolicy prebuilts to master. 
Bug: 65551293
Bug: 69390067
Test: None. Prebuilt only change.
Change-Id: I62304b342a8b52fd505892cc2d4ebc882148224b
 2017-12-06 09:23:36 -08:00
Tri Vo
0e3235f45d init: remove open, read, write access to 'sysfs' type. 
Add write access to:
sysfs_android_usb
sysfs_leds
sysfs_power
sysfs_zram

Add setattr access to:
sysfs_android_usb
sysfs_devices_system_cpu
sysfs_lowmemorykiller
sysfs_power
sysfs_leds
sysfs_ipv4

Bug: 70040773
Bug: 65643247
Change-Id: I68e2e796f5599c9d281897759c8d8eef9363559a
Test: walleye boots with no denials from init to sysfs.
 2017-12-06 17:00:59 +00:00
kaichieh
52cac880da Renames nonplat_* to vendor_* am: 8b562206bf am: b616688eda 
am: 209f71dfb2

Change-Id: Ifd708b183f0ac6dde62dbf3298385c39ac6500e3
 2017-12-06 10:29:23 +00:00
kaichieh
209f71dfb2 Renames nonplat_* to vendor_* am: 8b562206bf 
am: b616688eda

Change-Id: Ie3fe2f0e9200553b4a7e57d578b506c1bb7fe78d
 2017-12-06 10:22:30 +00:00
kaichieh
b616688eda Renames nonplat_* to vendor_* 
am: 8b562206bf

Change-Id: I5df30ebf4f0ba450ff3da8e54c76da23af955105
 2017-12-06 10:11:42 +00:00
kaichieh
8b562206bf Renames nonplat_* to vendor_* 
This change renames the non-platform sepolicy files on a DUT from
nonplat_* to vendor_*.

It also splits the versioned platform sepolicy from vendor_sepolicy.cil
to a new file /vendor/etc/selinux/plat_pub_versioned.cil. And only keeps
vendor customizations in vendor_sepolicy.cil.

Build variable BOARD_SEPOLICY_DIRS is also renamed to
BOARD_VENDOR_SEPOLICY_DIRS.

Bug: 64240127
Test: boot an existing device
Change-Id: I53a9715b2f9ddccd214f4cf9ef081ac426721612
 2017-12-06 12:57:19 +08:00
Jason Monk
b1d216387b Add selinux for slice service am: 07131ec803 am: 4021886a4f 
am: b8c732d3f7

Change-Id: I6e90eb78684a3483b17e02e0aea1da7fa6f6a4cf
 2017-12-05 20:48:25 +00:00
Jason Monk
b8c732d3f7 Add selinux for slice service am: 07131ec803 
am: 4021886a4f

Change-Id: I4acd402ab1b152c07387b18bebceb3b1e8711c73
 2017-12-05 20:25:51 +00:00
Jason Monk
4021886a4f Add selinux for slice service 
am: 07131ec803

Change-Id: Id52c9d602fd05e07d79b39b78c164015eab888b0
 2017-12-05 20:23:19 +00:00
Jaegeuk Kim
9bed4b0611 make_f2fs: grant rw to vold am: c8e7a9f4a7 am: ba828ff741 
am: a425889fd4

Change-Id: I9cc0a67175f038af978fb8e04fb77f79d2fc9ceb
 2017-12-05 18:06:40 +00:00
Jaegeuk Kim
a425889fd4 make_f2fs: grant rw to vold am: c8e7a9f4a7 
am: ba828ff741

Change-Id: Ieb657f3b12fb7b4ea9c5e67f73c5c9b4d5971888
 2017-12-05 18:03:38 +00:00
Jaegeuk Kim
ba828ff741 make_f2fs: grant rw to vold 
am: c8e7a9f4a7

Change-Id: Ib7ea2f91d6a2099f76c0124097db2f389da9b95e
 2017-12-05 17:57:37 +00:00
Jason Monk
07131ec803 Add selinux for slice service 
Test: make/sync
Bug: 68751119
Change-Id: Ie3c60ff68b563cef07f20d15f298d6b62e9356bc
 2017-12-05 11:26:08 -05:00
Jaegeuk Kim
c8e7a9f4a7 make_f2fs: grant rw to vold 
This allows to format sdcard for adoptable storage.

Bug: 69641635
Change-Id: I8d471be657e2e8f4df56c94437239510ca65096e
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
 2017-12-04 18:41:03 -08:00
rickywai
43fc504d2c Merge "Add network watchlist service SELinux policy rules" am: e2c271834b am: 2a57b35f91 
am: 9e9fc44ad7

Change-Id: Ia7eebb316512b3f6d85241650133c5b1b0641c33
 2017-12-04 08:41:07 +00:00
rickywai
9e9fc44ad7 Merge "Add network watchlist service SELinux policy rules" am: e2c271834b 
am: 2a57b35f91

Change-Id: I8fb7da35e35f0d0b13cd9c71ac958b34ffe4de61
 2017-12-04 08:37:36 +00:00
rickywai
2a57b35f91 Merge "Add network watchlist service SELinux policy rules" 
am: e2c271834b

Change-Id: If5386ad857ccffa44be29545283e3ee792503572
 2017-12-04 08:35:01 +00:00
rickywai
e2c271834b Merge "Add network watchlist service SELinux policy rules" 2017-12-04 08:30:49 +00:00
Andreas Gampe
ef5e300973 Sepolicy: Fix perfprofd path am: 99e4f40246 am: ffaaed8026 
am: 30c277e595

Change-Id: I6db7c93c3238b384b4a7a1e0954426fa937b2187
 2017-12-02 22:07:44 +00:00
Andreas Gampe
30c277e595 Sepolicy: Fix perfprofd path am: 99e4f40246 
am: ffaaed8026

Change-Id: I47b0e0222a6511f9030605e946018770a41082c2
 2017-12-02 22:05:11 +00:00
Andreas Gampe
ffaaed8026 Sepolicy: Fix perfprofd path 
am: 99e4f40246

Change-Id: I80eaf2eb1867d99137c1c7afd1708ebaf6a60e35
 2017-12-02 22:03:42 +00:00
Andreas Gampe
99e4f40246 Sepolicy: Fix perfprofd path 
Corresponds to commit 410cdebaf966746d6667d6d0dd4cee62262905e1 in
system/extras.

Bug: 32286026
Test: m
Change-Id: I1e0934aa5bf4649d598ec460128de6f02711597f
 2017-12-01 17:29:36 -08:00
Tri Vo
45b3625922 Revert "init: remove open, read, write access to 'sysfs' type." am: 423d14bfa1 am: 996487ceda 
am: 16462878b2

Change-Id: I6cf0335743030dc5f1932b5934cea72194a41cde
 2017-12-01 23:04:44 +00:00
Tri Vo
16462878b2 Revert "init: remove open, read, write access to 'sysfs' type." am: 423d14bfa1 
am: 996487ceda

Change-Id: I16b59653e0743ab386b45c3e8d051f32604eef21
 2017-12-01 23:02:13 +00:00
Tri Vo
996487ceda Revert "init: remove open, read, write access to 'sysfs' type." 
am: 423d14bfa1

Change-Id: I0cdadf49d68b77c7c6b93738deea4a1e72bc41a3
 2017-12-01 22:59:14 +00:00
Tri Vo
423d14bfa1 Revert "init: remove open, read, write access to 'sysfs' type." 
This reverts commit c2241a8d16.

Reason for revert: build breakage b/70040773

Change-Id: I6af098ae20c4771a1070800d02c98e5783999a39
 2017-12-01 22:31:01 +00:00
Tri Vo
2a9ce73491 init: remove open, read, write access to 'sysfs' type. am: c2241a8d16 am: 317d6b4da2 
am: 8f8c0d3b44

Change-Id: Iec602150ddbab0a46c9cc8685eeab64696574070
 2017-12-01 19:22:59 +00:00
Tri Vo
8f8c0d3b44 init: remove open, read, write access to 'sysfs' type. am: c2241a8d16 
am: 317d6b4da2

Change-Id: Ic9442ac7692994b0090aa2e00c0ec9b1444a98a3
 2017-12-01 19:20:28 +00:00
Tri Vo
317d6b4da2 init: remove open, read, write access to 'sysfs' type. 
am: c2241a8d16

Change-Id: I4178c482a6b1241bedbadea1aa721c7b08ae8cb3
 2017-12-01 19:18:24 +00:00
Tri Vo
c2241a8d16 init: remove open, read, write access to 'sysfs' type. 
Add write access to:
sysfs_android_usb
sysfs_leds
sysfs_power
sysfs_zram

Add setattr access to:
sysfs_android_usb
sysfs_devices_system_cpu
sysfs_lowmemorykiller
sysfs_power
sysfs_leds
sysfs_ipv4

Bug: 65643247
Test: walleye boots with no denials from init to sysfs.

Change-Id: Ibc9a54a5f43f3d53ab7cbb0fdb9589959b31ebde
 2017-12-01 19:13:11 +00:00
Joel Galenson
a9601ddd09 Merge "Allow init to create /dev/event-log-tags." am: cea60d7eb5 am: 54d044c12e 
am: c8956ea389

Change-Id: I33d6b8706dad92aacd2b68a8589d2cf3d41a05f4
 2017-12-01 16:59:25 +00:00