tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
47507 commits 1 branch 0 tags 50 MiB
Commit graph

8 commits

Author SHA1 Message Date
Inseob Kim
8697fc80fd Add macro for board API level guard 
'starting_at_board_api' macro is added to guard system/sepolicy/public
types and attributes. The macro will work only when compiling vendor/odm
sepolicy. When compiling platform sepolicy (system / system_ext /
product), rules will always be included, regardless of board API level.

Policy authors should guard new public types and attributes with this
macro, similar to LLNDK. The new types and attributes will be exposed
since next vFRC release.

Bug: 330671090
Test: manually build with various board API level, see output
Change-Id: I03c601ce8fe1f77c7608dc488317d20276fd2d47
 2024-04-19 10:33:38 +09:00
Jeongik Cha
f09f43c4fd Sepolicy for crosvm to show display 
They are under RELEASE_AVF_SUPPORT_CUSTOM_VM_WITH_PARAVIRTUALIZED_DEVICES

Bug: 331708504
Test: check if the display shows
Change-Id: I06859493c995e384e1f30554a6a12b9cd3636f30
 2024-04-04 16:52:33 +09:00
Alan Stokes
38131e7ba8 Add virtualization_maintenance_service 
This is an AIDL service exposed by Virtualization Service to system
server (VirtualizationSystemService).

The implementation is Rust so no fuzzer is required.

I've put this behind the flag on general principle.

Bug: 294177871
Test: atest MicrodroidTests
Change-Id: Ia867fe27fb2e76d9688e4ba650ebf7b3f51ee597
 2024-02-20 17:08:28 +00:00
Inseob Kim
bf7f4a4401 Support multiple se_flags modules 
Instead of centralized one se_flags module under system/sepolicy,
additional se_flags modules can be defined anywhere to support defining
downstream branches' own flagging.

Bug: 321875465
Test: TH
Test: soong test
Change-Id: I6e45c859b7f09e27ba1d60033b0db1424472cb63
 2024-02-16 16:14:40 +09:00
Chienyuan Huang
2e19c7632e Add bluetooth ranging hal 
Bug: 310941161
Test: make
Change-Id: I9b2bc9d945b016361f44a5600c61ed2795c00622
 2023-12-08 09:37:17 +00:00
Inseob Kim
094e8e81a2 Flag-guard vfio_handler policies 
vfio_handler will be active only if device assignment feature is turned
on.

Bug: 306563735
Test: microdroid tests with and without the flag
Change-Id: I5559dfca1a29852b65481c95f37edc9977ee9d7d
 2023-11-22 05:28:20 +00:00
Inseob Kim
9868a0ce11 Fix flagging macros 
We should wrap the parameter because it will contain multiple lines of
codes which can probably contain comma.

Bug: 306563735
Test: build and see sepolicy output
Change-Id: I2f56f0a1ec2d5b14570fb9c5bb178d488bc023c9
 2023-11-17 18:07:11 +09:00
Inseob Kim
085f22f82d Add macros to flag-guard te and contexts files 
This adds two macros which can be used in te files and contexts files.

* is_flag_enabled(flag_name, codes)
* is_flag_disabled(flag_name, codes)

Also flag-guarding requires to process input files before any
validations. Property contexts test and seapp contexts test are
modified a little to handle that.

Bug: 306563735
Test: build with manual guarding
Change-Id: Ia1c6d00b7aab0da3901c19f16d553153aace018c
 2023-11-09 16:05:17 +09:00