tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
15816 commits 1 branch 0 tags 50 MiB
Commit graph

15816 commits

This branch
This branch
All branches
Author SHA1 Message Date
Niklas Lindgren
751a16186c [automerger skipped] Setup policy for downloaded apns directory 
am: 780cd6df4b  -s ours

Change-Id: I8c11ee2cd6090ecc8a2fa1753c7c8bb14b8394e6
 2018-05-22 14:22:38 -07:00
Tom Cherry
e21e9e6373 Merge "Finer grained permissions for ctl. properties" into pi-dev 
am: 0e403c8242

Change-Id: I778a16ae2bcc5713ba3ca1c81fd90c97b0a5d64d
 2018-05-22 13:26:42 -07:00
Tom Cherry
0e403c8242 Merge "Finer grained permissions for ctl. properties" into pi-dev 2018-05-22 20:15:07 +00:00
Joel Galenson
7d90706a96 Exclude bug_map from the sepolicy_freeze_test. am: 98f83b67cc 
am: b827679256

Change-Id: I20e21172ecc08125b958712d1da6aa57cec40e95
 2018-05-22 11:30:51 -07:00
Joel Galenson
b827679256 Exclude bug_map from the sepolicy_freeze_test. 
am: 98f83b67cc

Change-Id: Iea6b2fc54f01b06f97d94ac1996b59f816b646f2
 2018-05-22 11:26:18 -07:00
Alan Stokes
491a095435 Remove fixed bug from bug_map. 
am: c8711592ad

Change-Id: Ib622f35e8adb682c5a2b0eef9ae02857d028597c
 2018-05-22 10:52:15 -07:00
Joel Galenson
98f83b67cc Exclude bug_map from the sepolicy_freeze_test. 
The bug_map file is only used whitelisting known test failures.  It
needs to change fairly often to fix new failures and it doesn't affect
users, so it shouldn't matter if it diverges from prebuilts.

Test: Enable this test and build with and without different bug_maps.
Change-Id: I9176a6c7e9f7852a0cd7802fd121b1e86b216b22
 2018-05-22 09:22:41 -07:00
Tom Cherry
2208f96e9e Finer grained permissions for ctl. properties 
Currently, permissions for ctl. property apply to each action verb, so
if a domain has permissions for controlling service 'foo', then it can
start, stop, and restart foo.

This change implements finer grainer permissions such that permission
can be given to strictly start a given service, but not stop or
restart it.  This new permission scheme is mandatory for the new
control functions, sigstop_on, sigstop_off, interface_start,
interface_stop, interface_restart.

Bug: 78511553
Test: see appropriate successes and failures based on permissions

Change-Id: Ibe0cc0d6028fb0ed7d6bcba626721e0d84cc20fa
 2018-05-22 09:13:16 -07:00
Alan Stokes
c8711592ad Remove fixed bug from bug_map. 
Bug: 77816522
Bug: 73947096

Test: Flashed device, no denial seen
Change-Id: Ib2f1fc670c9a76abbb9ff6747fec00fa5bcde5af
(cherry picked from commit 62913dbfd2)
 2018-05-22 08:41:23 -07:00
Tom Cherry
bab2435a06 Merge "neverallow coredomain from writing vendor properties" into pi-dev 
am: e5cc744d18

Change-Id: I66f2965200090a4ded857c6eb9ac6b79ee5b596c
 2018-05-21 22:10:10 -07:00
TreeHugger Robot
e5cc744d18 Merge "neverallow coredomain from writing vendor properties" into pi-dev 2018-05-22 05:04:40 +00:00
Logan Chien
ac05755694 [automerger skipped] Merge "Add ro.vndk.lite to property_contexts" am: 60227ea7c0 
am: 9deac4f8a7  -s ours

Change-Id: I328e81b89e14fcffadec3f034c607182076ac041
 2018-05-21 21:16:52 -07:00
Logan Chien
9deac4f8a7 Merge "Add ro.vndk.lite to property_contexts" 
am: 60227ea7c0

Change-Id: I09c42f8992b912089458e1426f14434d7568b845
 2018-05-21 21:07:38 -07:00
Logan Chien
60227ea7c0 Merge "Add ro.vndk.lite to property_contexts" 2018-05-22 04:04:07 +00:00
Bowgo Tsai
eb2ff1cbdd Merge "ueventd: allow reading kernel cmdline" into pi-dev 
am: fd00fd123d

Change-Id: I9421816a71b08b24f652f61dec994a153354e2df
 2018-05-21 16:28:37 -07:00
Carmen Jackson
59b08ee9ac [automerger skipped] Merge "Add sync and fence tracepoints to user-visible list of tracepoints." am: cfaaa9f42d 
am: 2e22f88dc5  -s ours

Change-Id: I5750ca03dd2851b1a194d129acaa9ac3513c44c1
 2018-05-21 16:21:33 -07:00
Carmen Jackson
2e22f88dc5 Merge "Add sync and fence tracepoints to user-visible list of tracepoints." 
am: cfaaa9f42d

Change-Id: Id15a4518ee6d9a64c815a115e8f68a90e1052626
 2018-05-21 16:15:40 -07:00
TreeHugger Robot
fd00fd123d Merge "ueventd: allow reading kernel cmdline" into pi-dev 2018-05-21 23:14:38 +00:00
Treehugger Robot
cfaaa9f42d Merge "Add sync and fence tracepoints to user-visible list of tracepoints." 2018-05-21 23:09:30 +00:00
Niklas Lindgren
780cd6df4b Setup policy for downloaded apns directory 
apns downloaded will enter a new directory that
TelephonyProvider can access.

Bug: 79948106
Test: Manual
Change-Id: I1e7660adf020dc7052da94dfa03fd58d0386ac55
Merged-In: I1e7660adf020dc7052da94dfa03fd58d0386ac55
 2018-05-21 15:58:16 -07:00
Jordan Liu
05497ede82 Merge "Setup policy for downloaded apns directory" am: fdb38fa6d0 
am: a968e32d7c

Change-Id: Ia7aa0f73ef36ec9c8f992a8e1412585ab54a10be
 2018-05-21 14:49:22 -07:00
Jordan Liu
a968e32d7c Merge "Setup policy for downloaded apns directory" 
am: fdb38fa6d0

Change-Id: I2304c445ffa2192609570f08c8214ea9fa33dd6c
 2018-05-21 14:21:14 -07:00
Carmen Jackson
e22f04c975 Add sync and fence tracepoints to user-visible list of tracepoints. 
The 'sync' tracepoint was updated to be 'fence' in kernel 4.9, so this
change also adds that one to the list.

Bug: 79935503
Test: Took a trace using 'sync' in user mode and saw the tracepoints
being saved.

Change-Id: I793c6f54cd9364f33853983f8c5dfb28b98c2708
Merged-In: I793c6f54cd9364f33853983f8c5dfb28b98c2708
 2018-05-21 14:18:46 -07:00
Carmen Jackson
8640cffa1e Merge "Add sync and fence tracepoints to user-visible list of tracepoints." into pi-dev 
am: 09648d9ae3

Change-Id: I1821400703aa5dc41a485d3430946345978045c0
 2018-05-21 14:12:20 -07:00
TreeHugger Robot
09648d9ae3 Merge "Add sync and fence tracepoints to user-visible list of tracepoints." into pi-dev 2018-05-21 21:06:39 +00:00
Carmen Jackson
f47f0c3869 Add sync and fence tracepoints to user-visible list of tracepoints. 
The 'sync' tracepoint was updated to be 'fence' in kernel 4.9, so this
change also adds that one to the list.

Bug: 79935503
Test: Took a trace using 'sync' in user mode and saw the tracepoints
being saved.

Change-Id: I793c6f54cd9364f33853983f8c5dfb28b98c2708
 2018-05-21 12:18:18 -07:00
Jordan Liu
fdb38fa6d0 Merge "Setup policy for downloaded apns directory" 2018-05-21 19:06:54 +00:00
Paul Crowley
c9e9b326d0 Merge "Move more metadata policy from device to here" into pi-dev 
am: 5252ad93e2

Change-Id: I591f253f82a91b1e953f46ff2c29e48e4929665b
 2018-05-21 10:46:45 -07:00
TreeHugger Robot
5252ad93e2 Merge "Move more metadata policy from device to here" into pi-dev 2018-05-21 17:36:12 +00:00
Tri Vo
87cd58bb33 Merge "audioserver: add access to wake locks." am: 7710647a65 
am: 68760afb6c

Change-Id: I7695e7d5f20eda1820ff31663f74c72613f62c82
 2018-05-21 10:33:12 -07:00
Tri Vo
68760afb6c Merge "audioserver: add access to wake locks." 
am: 7710647a65

Change-Id: Ia731204c3bb8b47d4740eb08b10a4d5be757788d
 2018-05-21 10:24:48 -07:00
Niklas Lindgren
f3626f3a86 Setup policy for downloaded apns directory 
apns downloaded will enter a new directory that
TelephonyProvider can access.

Bug: 79948106
Test: Manual
Change-Id: I1e7660adf020dc7052da94dfa03fd58d0386ac55
 2018-05-21 18:45:50 +02:00
Tri Vo
7710647a65 Merge "audioserver: add access to wake locks." 2018-05-21 16:28:10 +00:00
Bowgo Tsai
282fc3e48e ueventd: allow reading kernel cmdline 
This is needed when ueventd needs to read device tree files
(/proc/device-tree). Prior to acccess, it tries to read
"androidboot.android_dt_dir" from kernel cmdline for a custom
Android DT path.

Bug: 78613232
Test: boot a device without unknown SELinux denials
Change-Id: Iff9c882b4fcad5e384757a1e42e4a1d1259bb574
(cherry picked from commit 98ef2abb12)
 2018-05-21 09:55:41 +08:00
Frank Salim
956b93623a Merge "Add ro.hardware.keystore_desede" into pi-dev 
am: a0f9509908

Change-Id: I8fed87b5514516d2dcb8d1796ee42ca081ee490d
 2018-05-18 16:04:36 -07:00
Frank Salim
a0f9509908 Merge "Add ro.hardware.keystore_desede" into pi-dev 2018-05-18 22:49:00 +00:00
Paul Crowley
bb3ba3e5d9 Move more metadata policy from device to here 
Test: booted metadata-encrypted device
Bug: 79781913
Change-Id: Ib4cb4a04145e5619994083da055f06fe7ae0137a
 2018-05-18 14:12:40 -07:00
Frank Salim
6fe4ef7e8c Add ro.hardware.keystore_desede 
This allows Android Keystore to statically register support for 3DES
during zygote initialization based on the device's support for hardware
backed 3DES keys.

Bug: b/79986680
Test: keystore CTS
Change-Id: Ic9a6653cdd623a3ab10e0efbcdb37c437e6c59b9
 2018-05-18 18:25:44 +00:00
Tom Cherry
cdb1624c27 neverallow coredomain from writing vendor properties 
System properties can be abused to get around Treble requirements of
having a clean system/vendor split.  This CL seeks to prevent that by
neverallowing coredomain from writing vendor properties.

Bug: 78598545
Test: build 2017/2018 Pixels
Test: build aosp_arm64
Change-Id: I5e06894150ba121624d753228e550ba9b81f7677
 2018-05-18 20:15:19 +09:00
Bowgo Tsai
4951aa3037 Merge "ueventd: allow reading kernel cmdline" am: 1606d5601a 
am: 46bffaba08

Change-Id: I7780fbd7eada856aebcb3a1270a112f266a326d0
 2018-05-17 23:08:08 -07:00
Bowgo Tsai
46bffaba08 Merge "ueventd: allow reading kernel cmdline" 
am: 1606d5601a

Change-Id: Iaebe915312b9665bc2d419fbbac735d804a52451
 2018-05-17 23:03:34 -07:00
Treehugger Robot
1606d5601a Merge "ueventd: allow reading kernel cmdline" 2018-05-18 05:55:00 +00:00
Jaegeuk Kim
5580a18255 Merge "dumpstate: allow /metadata for df" into pi-dev 
am: e2f70ebc07

Change-Id: Ic56b485f0297178d45061c0b6b7fb44fbb0b0fa5
 2018-05-17 18:14:01 -07:00
TreeHugger Robot
e2f70ebc07 Merge "dumpstate: allow /metadata for df" into pi-dev 2018-05-18 00:38:09 +00:00
Tri Vo
ef81102a1d audioserver: add access to wake locks. 
Bug: n/a
Test: audioserver is sucessfully able to acquire a wake lock
Change-Id: Ic3d3692eba2c1641ba3c9d8dc5f000f89105d752
 2018-05-17 17:27:56 -07:00
Chong Zhang
99cad10dd5 Merge "Allow system_server to adjust cpuset for media.codec" am: 4876409114 
am: bf120a2f35

Change-Id: I1138040b270367d61957ddf1d186250e3cb3a0b9
 2018-05-17 15:15:28 -07:00
Chong Zhang
bf120a2f35 Merge "Allow system_server to adjust cpuset for media.codec" 
am: 4876409114

Change-Id: I8e4c7d25255aa5565ded1909ceeb1befbec4acad
 2018-05-17 15:11:37 -07:00
Treehugger Robot
4876409114 Merge "Allow system_server to adjust cpuset for media.codec" 2018-05-17 22:06:03 +00:00
Jin Qian
dd36fadfd8 Merge "storaged: add storaged_pri service" am: 4c14d75369 
am: 47de8c57a7

Change-Id: I94bcaa391044d2c93180cb302028ad528407c000
 2018-05-17 11:58:50 -07:00
Jin Qian
47de8c57a7 Merge "storaged: add storaged_pri service" 
am: 4c14d75369

Change-Id: Ie1fa7c5609d945f604ff6cbfb3bb2a5db4e56cd8
 2018-05-17 11:55:13 -07:00