tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
41775 commits 1 branch 0 tags 50 MiB
Commit graph

218 commits

Author SHA1 Message Date
Inseob Kim
825056de9a Add permission for VFIO device binding 
vfio_handler will bind platform devices to VFIO driver, and then
return a file descriptor containing DTBO. This change adds
permissions needed for that.

Bug: 278008182
Test: adb shell /apex/com.android.virt/bin/vm run-microdroid \
      --devices /sys/bus/platform/devices/16d00000.eh --protected
Change-Id: Ie947adff00d138426d4703cbb8e7a8cd429c2272
 2023-08-02 15:06:51 +09:00
Inseob Kim
d7d3609af7 Ensure vendor seapp contexts can't use coredomain 
Bug: 280547417
Test: build
Change-Id: Iadff17523767f91f073c6569400e17f1da55fbdc
 2023-07-28 16:18:11 +09:00
Vadim Caen
d64cf75c48 Policy for virtual_camera 
Adds a policy to run the virtual_camera process which:
 - registers a service implementing the camera HAL
 - registers a service to reveive communicate with virtual cameras via
   system_server

Bug: 253991421
Test: CTS test
android.virtualdevice.cts.VirtualDeviceManagerBasicTest#createDevice_createCamera

Change-Id: I772d176919b8dcd3b73946935ed439207c948f2b
 2023-07-25 19:27:48 +00:00
Zhanglong Xia
b2d1fbb7b2 Add sepolicy rules for Thread Network HAL 
Bug: b/283905423
Test: Build and run the Thread Network stack in Cuttlefish.
Change-Id: I783022c66b80274069f8f3c292d84918f41f8221
 2023-06-30 10:56:38 +08:00
Dave Mankoff
665cad0d2c SE Linux perimissions for Feature Flags Service 
Bug: 279054964
Test: build && flash
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:a1f8ca3cd3c4861a06c5042148aab6623a563651)
Merged-In: I5fffaccba61e218496ac82ccf9ba308cf9892868
Change-Id: I5fffaccba61e218496ac82ccf9ba308cf9892868
 2023-06-26 13:42:45 +00:00
Treehugger Robot
289fe96dc8 Merge "Add MediaPlayerService fuzzer to bindings" 2023-06-23 17:35:27 +00:00
Pawan Wagh
9f118c8d62 Add MediaPlayerService fuzzer to bindings 
Test: m
Bug: 232439428
Change-Id: I669c427279ce43fa614c68a02a468c3e64002537
 2023-06-20 22:50:45 +00:00
Jooyung Han
804e234ced Remove flatten_apex: property 
We no longer have targets using flattened apexes. Flattened apexes will
be removed from the build system.

Bug: 278826656
Test: m
Change-Id: I657e01dbfd2525b07c29a234277062d5ac2fab9f
 2023-06-20 15:41:05 +09:00
Pawan Wagh
b4f463824c Merge "Add update service fuzzer to bindings" 2023-06-14 17:33:23 +00:00
Pawan Wagh
767dc6be06 Merge "Add credstore service fuzzer to bindings" 2023-06-13 15:30:53 +00:00
Pawan Wagh
21f6f52922 Add update service fuzzer to bindings 
Test: m
Bug: 232439428
Change-Id: I9532d1d473d3b053f464df48169dc9b23951a095
 2023-06-09 00:01:54 +00:00
Pawan Wagh
38cfa74af2 Add credstore service fuzzer to bindings 
Test: m
Bug: 232439428
Change-Id: Ie47e0e7a479f130935ada52a28d4e26e3bf07041
 2023-06-08 21:28:46 +00:00
Treehugger Robot
34814e6d48 Merge "Add wificond service fuzzer to bindings" 2023-06-08 18:30:49 +00:00
Steven Moreland
394de71b25 Merge "sepolicy: take sepolicy split in .mk" 2023-06-05 23:08:24 +00:00
Pawan Wagh
526efb51a5 Add wificond service fuzzer to bindings 
Test: m
Bug: 232439428
Change-Id: I471296a8b33862199ce9c27fca7ceae2db8105ea
 2023-06-03 01:29:14 +00:00
Steven Moreland
721f5af6a3 sepolicy: take sepolicy split in .mk 
This value is always set to true in the core build
system. Removing reads of it so we can mark it as
obsolete.

Bug: 257176017
Test: build
Change-Id: Ie7a72496bd4712583944ed833cd4364c5e3c520b
 2023-06-02 16:14:17 +00:00
Pawan Wagh
7f90d50ae0 Add media extractor service fuzzer to bindings 
Test: m
Bug: 232439428
Change-Id: I660c54df153993056668b6774d177072d8eadc3b
 2023-05-31 01:19:21 +00:00
Pawan Wagh
144cad1b19 Merge "Add media metrics aidl fuzzer to bindings" 2023-05-24 23:01:42 +00:00
Pawan Wagh
d25d64796d Add media metrics aidl fuzzer to bindings 
Test: m
Bug: 232439428
Change-Id: I6c645bf89fdded1dffdba8d40889eeb20b0734e1
 2023-05-23 22:55:15 +00:00
LaMont Jones
3ee898434c Parallelize singleton execution. 
Bug: 281536768
Test: manual, presubmits
Change-Id: I35fe5f4ce5732942399edf0d68e561039d7c253d
 2023-05-19 18:19:28 +00:00
Treehugger Robot
ae5be3dd8e Merge "Add installd service fuzzer to bindings" 2023-05-19 17:21:07 +00:00
Pawan Wagh
c22df151ea Add Camera service fuzzers to bindings 
Test: m
Bug: 232439428
Change-Id: I7b2f535d4731503ea23de5b143e49bd41b6a5c71
 2023-05-18 18:39:32 +00:00
Pawan Wagh
c3fd0b60d8 Merge "Add Suspend service fuzzers to bindings" 2023-05-17 21:17:48 +00:00
Pawan Wagh
c5eac2875b Add installd service fuzzer to bindings 
Test: m
Bug: 232439428
Change-Id: I62f23f0e4a6e760be3bbab6c2af428f47285f588
 2023-05-17 20:35:44 +00:00
Pawan Wagh
8169c8fdd5 Merge "Add incidentd_service_fuzzer to bindings" 2023-05-16 21:43:42 +00:00
Pawan Wagh
6d8487370b Add incidentd_service_fuzzer to bindings 
Test: m
Bug: 232439428
Change-Id: I9d91a50af04a18d61c05f88a05e22bbb0920058a
 2023-05-16 00:53:11 +00:00
Pawan Wagh
a9d3164472 Add Suspend service fuzzers to bindings 
Test: m
Bug: 232439428
Change-Id: I43b2926c4db076a89f17d8856f4fdec9c4594c05
 2023-05-12 23:41:17 +00:00
Pawan Wagh
68efd7ab8c Add gpu_service_fuzzer to bindings 
Test: m
Bug: 232439428
Change-Id: If6da70d7eeeb686eebf69afcca2fa1213a1d8bf6
 2023-05-12 21:50:14 +00:00
Inseob Kim
6c6f53b1a8 Use target specific intermediate paths 
This won't be harmful and this can help reduce rebuilding sepolicy
artifacts upon lunch target change.

Bug: 279524023
Test: m selinux_policy
Change-Id: I859de6dc0ac1958b44d847159904960bd7f9a0c2
 2023-04-27 11:11:48 +09:00
Thiébaud Weksteen
97a5408aca Merge "Remove comments in service_contexts" 2023-04-26 23:42:00 +00:00
Pawan Wagh
94b3f498cd Merge "Add gatekeeperd_service_fuzzer to bindings" 2023-04-26 19:37:15 +00:00
Steven Moreland
d8b05e70bf Merge "aidl_lazy_test: additional service context" 2023-04-26 18:45:50 +00:00
Thiébaud Weksteen
74482f5328 Remove comments in service_contexts 
Commit b554e59 converted the build rules of contexts to Soong.
Previously, both services_contexts and hwservice_contexts were stripped
of comments. This is useful as a CTS test (testAospServiceContexts)
ensures that the device service_contexts matches AOSP. Restore the
previous behaviour.

Bug: 279384270
Test: m selinux_policy; diff plat_service_contexts; no more comments
Change-Id: Id0245efacf4e4b123f805869d95bacf804ccb915
 2023-04-26 13:46:59 +10:00
Steven Moreland
295e68f238 aidl_lazy_test: additional service context 
A lazy service shouldn't quit when it has clients, but
sometimes it needs to, such as when the device is
shutting down, so we test that it works.

In Android U, I broke this behavior, and it was caught
by other tests. However, now we have test support
for this directly in aidl_lazy_test.

No fuzzer, because this is a test service only, so it's
low-value.

Bug: 279301793
Bug: 278337172
Bug: 277886514
Bug: 276536663
Bug: 278117892
Test: aidl_lazy_test
Change-Id: I36b2602bb87b56ba1eb72420c7fdd60ff1fa14e2
 2023-04-26 00:41:05 +00:00
Pawan Wagh
2d184d2885 Adding storaged fuzzers 
Test: m
Bug: 232439428
Change-Id: I0be9260ecdbdf8e48905869cc4da2efade651ba8
 2023-04-24 23:18:34 +00:00
Pawan Wagh
ac031bff46 Add gatekeeperd_service_fuzzer to bindings 
Test: m
Bug: 232439428
Change-Id: Icc93e0fa7df8c74b2330b97055b3f159b8e1a9a9
 2023-04-21 23:11:04 +00:00
Yu Shan
9eb72464b5 Define sepolicy for ivn HAL. 
Test: manually verify ivn HAL on gcar_emu.
Bug: 274139217
Change-Id: Ie12dccb723078d83b561c152cc4458e52c0f8090
 2023-04-10 17:42:51 -07:00
Lakshman Annadorai
124be07e24 Add sepolicy rules for CpuMonitorService. 
Change-Id: Icda952c148150e4d7824e303d163996679a0f36b
Test: m
Bug: 242722241
 2023-03-27 16:29:09 +00:00
Tri Vo
4bb2d30701 Remove RemoteProvisioner and remoteprovisioning services 
Bug: 273325840
Test: keystore2_test
Change-Id: I295ccdda5a3d87b568098fdf97b0ca5923e378bf
 2023-03-14 15:45:35 -07:00
Pawan Wagh
6ad15b7c74 Merge "Adding netd and authorization fuzzers to bindings" 2023-03-10 20:11:33 +00:00
Pawan Wagh
9f5825c863 Adding netd and authorization fuzzers to bindings 
Test: m
Bug: 232439428
Change-Id: Ic0d94e7e6a89992619fe87f58737efddffc91408
 2023-03-08 18:37:58 +00:00
Cole Faust
22f253cdfc Replace SortedStringKeys with SortedKeys 
SortedStringKeys is deprecated.

Bug: 193460475
Test: presubmits
Change-Id: I8b0f62964c078ab1d29c27df8ccddf05bd171c23
 2023-03-01 11:00:15 -08:00
Pawan Wagh
3e019dd623 Adding resolv_service_fuzzer to bindings 
Test: m
Bug: 232439428
Change-Id: Idcef29b9a42ff701f38fc3bcc83fd92f6bd1a1c1
 2023-02-17 23:20:42 +00:00
Pawan Wagh
61e77a8759 Adding fuzzer entries for drmmanager and vold 
Test: m
Bug: 232439428
Change-Id: I99879c0cfa71bfce44be3b080ca97934bdfa3100
 2023-02-15 21:40:27 +00:00
Pedro Loureiro
58847ab171 Add SEPolicy for device config service 
A new mainline module that will have the device config logic requires a new service (device_config_updatable).

Bug: 252703257

Test: manual because logic that launches service is behind flag

Change-Id: I4ffba0c7d2afc44af8438b7d84d836e42388bd7d
 2023-02-13 09:37:12 +00:00
Brian Julian
32b0a39d27 Backports sepolicy for AltitudeService to T. 
Test: VtsHalAltitudeServiceTargetTest
Bug: 265013616
Change-Id: I8eb6af8b9350e0d021ef781eb9f3776b4adf3b7f
Merged-In: I8eb6af8b9350e0d021ef781eb9f3776b4adf3b7f
 2023-02-07 19:38:17 +00:00
Karthik Mahesh
52e5914ca4 Add sepolicy for ODP system server service. 
Bug: 236174677
Test: build
Change-Id: Ief208b795dd05ddaa406f50a5fa91f46fe52fd71
 2023-02-01 22:27:36 -08:00
Lorenzo Colitti
b8194ca7fb Merge "Update SEPolicy for Tetheroffload AIDL" 2023-01-18 00:04:51 +00:00
Thomas Nguyen
3445819d5a Add IRadioSatellite context 
Bug: 260644201
Test: atest VtsHalRadioTargetTes

Change-Id: I43555e1f076cdf96fb0b7805cd664d7ba6798aec
 2023-01-10 18:27:41 +00:00
Nathalie Le Clair
98e20da831 Merge "HDMI: Refactor HDMI packages" 2023-01-10 17:05:17 +00:00