tequilaOS/platform_system_sepolicy

Author SHA1 Message Date

Author	SHA1	Message	Date
Roland Levillain	ab9c053078	Allow `oatpreopt` to run `dex2oat` from the Runtime APEX. - Allow `postinstall_dexopt` to transition to domain `dex2oat` when executing `dex2oat` from the Runtime APEX (`/postinstall/apex/com.android.com/bin/dex2oat`). - Allow `dex2oat` (from the Runtime APEX) to read files under `/postinstall` (e.g. APKs under `/system`, `/system/bin/linker`); - Also allow `dex2oat` (from the Runtime APEX) to use libraries under `/postinstall/system` (e.g. `/system/lib/libc.so`). This is temporary change until Bionic libraries are part of the Runtime APEX. Test: A/B OTA update test (asit/dexoptota/self_full). Bug: 113373927 Bug: 120796514 Change-Id: I0a8a6ac485f725753ee909b1561becd3bd908ce4	2019-01-23 16:18:35 +00:00
Alex Klyubin	f5446eb148	Vendor domains must not use Binder On PRODUCT_FULL_TREBLE devices, non-vendor domains (except vendor apps) are not permitted to use Binder. This commit thus: * groups non-vendor domains using the new "coredomain" attribute, * adds neverallow rules restricting Binder use to coredomain and appdomain only, and * temporarily exempts the domains which are currently violating this rule from this restriction. These domains are grouped using the new "binder_in_vendor_violators" attribute. The attribute is needed because the types corresponding to violators are not exposed to the public policy where the neverallow rules are. Test: mmm system/sepolicy Test: Device boots, no new denials Test: In Chrome, navigate to ip6.me, play a YouTube video Test: YouTube: play a video Test: Netflix: play a movie Test: Google Camera: take a photo, take an HDR+ photo, record video with sound, record slow motion video with sound. Confirm videos play back fine and with sound. Bug: 35870313 Change-Id: I0cd1a80b60bcbde358ce0f7a47b90f4435a45c95	2017-03-24 07:54:00 -07:00
dcashman	cc39f63773	Split general policy into public and private components. Divide policy into public and private components. This is the first step in splitting the policy creation for platform and non-platform policies. The policy in the public directory will be exported for use in non-platform policy creation. Backwards compatibility with it will be achieved by converting the exported policy into attribute-based policy when included as part of the non-platform policy and a mapping file will be maintained to be included with the platform policy that maps exported attributes of previous versions to the current platform version. Eventually we would like to create a clear interface between the platform and non-platform device components so that the exported policy, and the need for attributes is minimal. For now, almost all types and avrules are left in public. Test: Tested by building policy and running on device. Change-Id: Idef796c9ec169259787c3f9d8f423edf4ce27f8c	2016-10-06 13:09:06 -07:00

Roland Levillain

ab9c053078

Allow oatpreopt to run dex2oat from the Runtime APEX.

- Allow `postinstall_dexopt` to transition to domain `dex2oat` when
  executing `dex2oat` from the Runtime APEX
  (`/postinstall/apex/com.android.com/bin/dex2oat`).
- Allow `dex2oat` (from the Runtime APEX) to read files under
  `/postinstall` (e.g. APKs under `/system`, `/system/bin/linker`);

- Also allow `dex2oat` (from the Runtime APEX) to use libraries under
  `/postinstall/system` (e.g. `/system/lib/libc.so`). This is
  temporary change until Bionic libraries are part of the Runtime
  APEX.

Test: A/B OTA update test (asit/dexoptota/self_full).
Bug: 113373927
Bug: 120796514
Change-Id: I0a8a6ac485f725753ee909b1561becd3bd908ce4

2019-01-23 16:18:35 +00:00

Alex Klyubin

f5446eb148

Vendor domains must not use Binder

On PRODUCT_FULL_TREBLE devices, non-vendor domains (except vendor
apps) are not permitted to use Binder. This commit thus:
* groups non-vendor domains using the new "coredomain" attribute,
* adds neverallow rules restricting Binder use to coredomain and
  appdomain only, and
* temporarily exempts the domains which are currently violating this
  rule from this restriction. These domains are grouped using the new
  "binder_in_vendor_violators" attribute. The attribute is needed
  because the types corresponding to violators are not exposed to the
  public policy where the neverallow rules are.

Test: mmm system/sepolicy
Test: Device boots, no new denials
Test: In Chrome, navigate to ip6.me, play a YouTube video
Test: YouTube: play a video
Test: Netflix: play a movie
Test: Google Camera: take a photo, take an HDR+ photo, record video with
      sound, record slow motion video with sound. Confirm videos play
      back fine and with sound.
Bug: 35870313
Change-Id: I0cd1a80b60bcbde358ce0f7a47b90f4435a45c95

2017-03-24 07:54:00 -07:00

dcashman

cc39f63773

Split general policy into public and private components.

Divide policy into public and private components.  This is the first
step in splitting the policy creation for platform and non-platform
policies.  The policy in the public directory will be exported for use
in non-platform policy creation.  Backwards compatibility with it will
be achieved by converting the exported policy into attribute-based
policy when included as part of the non-platform policy and a mapping
file will be maintained to be included with the platform policy that
maps exported attributes of previous versions to the current platform
version.

Eventually we would like to create a clear interface between the
platform and non-platform device components so that the exported policy,
and the need for attributes is minimal.  For now, almost all types and
avrules are left in public.

Test: Tested by building policy and running on device.

Change-Id: Idef796c9ec169259787c3f9d8f423edf4ce27f8c

2016-10-06 13:09:06 -07:00

3 commits