tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
43949 commits 1 branch 0 tags 50 MiB
Commit graph

43949 commits

This branch
This branch
All branches
Author SHA1 Message Date
Isaac J. Manjarres
1064f51841 Let incidentd read the wakeup_sources debugfs node for userdebug/eng builds 
Currently, incidentd is allowed to read the wakeup_sources debugfs
node only if a device does not enforce debugfs restrictions. If a device
enforces debugfs restrictions, debugfs cannot be mounted on user builds,
but can be mounted on userdebug and eng builds.

Processes that need to use debugfs should therefore be able to
access it on userdebug and eng builds. So, allow incidentd to
read the wakeup sources debugfs node for userdebug and eng builds.

Bug: 300477252
Change-Id: I9bb480a0418a6d176b39753d552f409e139be178
Signed-off-by: Isaac J. Manjarres <isaacmanjarres@google.com>
 2023-09-20 14:06:21 -07:00
Carlos Galo
ecb23b6ccb Merge "system_server: allow access to proc/memhealth/*" into main am: a8e1fe01da 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2754950

Change-Id: Ia3a154eda9673c605505d5440715cbb726f9c26b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-20 06:03:53 +00:00
Carlos Galo
a8e1fe01da Merge "system_server: allow access to proc/memhealth/*" into main 2023-09-20 05:04:44 +00:00
Thiébaud Weksteen
e396c3c486 Remove com.android.sepolicy policy am: cc85f22c4d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2755965

Change-Id: I44486d4b0a9d90b5b4b91d38840bc42902f34242
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-20 02:30:34 +00:00
Jooyung Han
309065bb5b hal_dumpstate service is now AIDL service 
Bug: 301079572
Test: VtsHalDumpstateTargetTest
Change-Id: I86e80cadcfa51557efad58d854880b9d421e9df9
 2023-09-20 10:53:03 +09:00
Carlos Galo
004cc8c21c system_server: allow access to proc/memhealth/* 
Libmemevents requires read-access to the attribute files exposed by the
memhealth driver.

Test: build
Test: no denials to /proc/memhealth/oom_victim_list from libmemevents
Bug: 244232958
Change-Id: I617c75ab874ad948af37d3e345e5202e46781f3f
Signed-off-by: Carlos Galo <carlosgalo@google.com>
 2023-09-20 00:30:13 +00:00
Thiébaud Weksteen
cc85f22c4d Remove com.android.sepolicy policy 
Bug: 297794885
Test: presubmit
Change-Id: I91b1584fe2e13322cd3a0add92887097e190246e
 2023-09-19 12:41:52 +10:00
Treehugger Robot
35feb11562 Merge "Revert^3 "Start tracking vendor seapp coredomain violations"" into main am: 531e26d991 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2754249

Change-Id: I9bdf9240ad963a39882c75d76bf69ba2afd69af5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-18 06:16:58 +00:00
Treehugger Robot
531e26d991 Merge "Revert^3 "Start tracking vendor seapp coredomain violations"" into main 2023-09-18 05:06:32 +00:00
Inseob Kim
8bc8b75f95 Revert^3 "Start tracking vendor seapp coredomain violations" 
This reverts commit b193c80986.

Reason for revert: Fix is merged

Change-Id: Ia2dcd6584ee763c6da3f3b7fdd9f4710ffde9bfc
 2023-09-18 04:08:19 +00:00
Inseob Kim
76d5f36905 Merge "Revert^2 "Start tracking vendor seapp coredomain violations"" into main am: 5d94d75e38 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2752267

Change-Id: Ic7857eca04d3ad375735f9676b0cf17d1c667849
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-15 04:01:08 +00:00
Treehugger Robot
7a921e30f0 Merge "Revert "Start tracking vendor seapp coredomain violations"" into main am: 430c93557f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2750383

Change-Id: Idb97d60610296a2af52d503a2b7a597beab5498e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-15 04:00:27 +00:00
Inseob Kim
5d94d75e38 Merge "Revert^2 "Start tracking vendor seapp coredomain violations"" into main 2023-09-15 03:59:23 +00:00
Inseob Kim
b193c80986 Revert^2 "Start tracking vendor seapp coredomain violations" 
This reverts commit 6ec4e5f048.

Reason for revert: breaking build

Change-Id: If99f309fd8d5dd5b42a871259451c10530e1769d
 2023-09-15 03:58:00 +00:00
Treehugger Robot
430c93557f Merge "Revert "Start tracking vendor seapp coredomain violations"" into main 2023-09-15 03:06:00 +00:00
Inseob Kim
6ec4e5f048 Revert "Start tracking vendor seapp coredomain violations" 
This reverts commit 292f22a33b.

Reason for revert: removed all attribute usages; no need

Change-Id: Iab489f1a94733438ba0c552fb9e3eb354423a156
 2023-09-14 15:57:04 +00:00
Treehugger Robot
2546b174dd Merge "Revert "sepolicy: allow surfaceflinger to read device_config_aconfig_flags_prop"" into main am: 3fceb02a3c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2750942

Change-Id: Ia59d38a364b95637ee68adbc5d62f8ce4ecb115a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-14 02:24:09 +00:00
Treehugger Robot
3fceb02a3c Merge "Revert "sepolicy: allow surfaceflinger to read device_config_aconfig_flags_prop"" into main 2023-09-14 01:18:00 +00:00
Alexei Nicoara
02416fd087 Merge "Making sys.boot.reason.last restricted" into main am: 37d8c5f8c2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2743635

Change-Id: I421aef11c62dd7401bfbb20bfc5806ebb6824cd3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-13 18:00:26 +00:00
Alexei Nicoara
37d8c5f8c2 Merge "Making sys.boot.reason.last restricted" into main 2023-09-13 17:35:49 +00:00
Ady Abraham
b1600f9275 Revert "sepolicy: allow surfaceflinger to read device_config_aconfig_flags_prop" 
This reverts commit 62d337ec6d.

Reason for revert: aosp/2746856 should be sufficient 

Change-Id: Iec8456cc46970f3a027ea5fd95c010058ad62611
 2023-09-13 17:11:11 +00:00
Wonsik Kim
98acf4400b Merge "Add a fuzzer for media.c2 HAL" into main am: c8eacad5a8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2736097

Change-Id: If12e0ee24d2b44868a281079f2cd7222ec817284
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-12 17:00:49 +00:00
Wonsik Kim
c8eacad5a8 Merge "Add a fuzzer for media.c2 HAL" into main 2023-09-12 16:14:49 +00:00
Dennis Shen
71f389016f Merge "Update SELinux to allow vendor process access" into main am: b7052688e3 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2746856

Change-Id: I2e20f23460e111cee6c9333480cc5b1644cef32a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-12 12:56:06 +00:00
Dennis Shen
b7052688e3 Merge "Update SELinux to allow vendor process access" into main 2023-09-12 12:19:14 +00:00
Wilson Sung
e804cc4342 Allow shell access to attestation properties am: 679b7cb04a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2747474

Change-Id: Iff01f882609d1de339beb5dbc30f6e6c309e5d71
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-12 08:49:56 +00:00
Wilson Sung
679b7cb04a Allow shell access to attestation properties 
The properties for attestation are congifured in build.prop files and
used by frameworks Build.java.
Allow app to access them from 'adb shell am'

Bug: 296168846
Test: m selinux_policy
Change-Id: Ie749cf5d621c03c21aa538f96a06d21680a61569
 2023-09-12 11:33:14 +08:00
Jooyung Han
0cde24b1d4 Merge "APEX file_context should have valid labels" into main am: 84b9b076ab 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2745099

Change-Id: If8170d47783132e432e34b41e5f84afc42611777
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-11 22:59:01 +00:00
Treehugger Robot
0d737278c2 Merge "Add device_config read access to priv_app" into main am: 6ac568d4ab 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2747353

Change-Id: Ia3ee33accbc40db7204f8db84c9d750bba90bd5f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-11 22:58:14 +00:00
Jooyung Han
84b9b076ab Merge "APEX file_context should have valid labels" into main 2023-09-11 22:30:20 +00:00
Treehugger Robot
6ac568d4ab Merge "Add device_config read access to priv_app" into main 2023-09-11 22:22:59 +00:00
Kangping Dong
044116c3e4 Merge "[Thread] move ot-daemon to the tethering module" into main am: e32751f748 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2736996

Change-Id: I15539e9663e50ba4d77f311d1e6a9b5fc12d9970
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-11 18:58:45 +00:00
Alexei Nicoara
957e8f37a1 Making sys.boot.reason.last restricted 
sys.boot.reason.last needs to be readable by SysUI to correctly display the reason why authentication is required to unlock the phone.

Bug: 299327097
Test: presubmit
Change-Id: I9f83ade92858056609bc665ecb6ce9b93eb051e4
 2023-09-11 18:29:24 +01:00
Dennis Shen
584852eaa7 Update SELinux to allow vendor process access 
Bug: b/298934058, b/295379636
Change-Id: I2521ae27a88d471263ba4bff69947b2ce28b4b4e
 2023-09-11 14:30:29 +00:00
Kangping Dong
e32751f748 Merge "[Thread] move ot-daemon to the tethering module" into main 2023-09-11 11:20:52 +00:00
Jooyung Han
92bfb372fc APEX file_context should have valid labels 
A new test mode (--all) tests if every file context label used in APEX
is "known". It should fail if unknown label is used in APEX.

Bug: 299391194
Test: atest apex_sepolicy_tests_test
Change-Id: Ie467019a6dc74bba9901ba8d705b31e6de24cd62
 2023-09-11 13:39:09 +09:00
Seigo Nonaka
5717c080c8 Add device_config read access to priv_app 
Bug: 299830837
Test: manually done
Change-Id: Ie0490496bcb98d7c5894b2ada372fe76fea64d26
 2023-09-11 09:53:44 +09:00
Jeff Pu
2b22cd44e4 Accept binder calls from servicemanger am: 3778cd4765 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2746858

Change-Id: Ie4c08f7b8d88fec9283aa31da9442f556253007a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-08 22:06:18 +00:00
Jeff Pu
3778cd4765 Accept binder calls from servicemanger 
Bug: 228638448
Test: Manual
Change-Id: Iaa64d252417ffeda7c07365c5ecd1b517b07314b
 2023-09-08 16:02:05 -04:00
Seungjae Yoo
12e4f6930b Merge "Change sepolicy of virtualizationservice and vfio_handler for VM DTBO" into main am: 2151f06ada 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2745015

Change-Id: I6631ae7bf84211e996f6f1375e13ea9d1791598f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-08 05:19:30 +00:00
Treehugger Robot
8d022b888c Merge "Use prebuilts for compat test if prebuilts exist" into main am: 6952d2f612 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2746580

Change-Id: I920639164d6e304b50046a17506be2972ee1199f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-08 05:18:40 +00:00
Seungjae Yoo
2151f06ada Merge "Change sepolicy of virtualizationservice and vfio_handler for VM DTBO" into main 2023-09-08 05:04:03 +00:00
Treehugger Robot
6952d2f612 Merge "Use prebuilts for compat test if prebuilts exist" into main 2023-09-08 04:35:02 +00:00
Inseob Kim
df2d29a4bb Fix se_freeze_test am: 472d7dcada 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2744995

Change-Id: Ie98763c9ec0ad65aa96f2b5e0fdf7102841a743c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-08 04:30:23 +00:00
Inseob Kim
472d7dcada Fix se_freeze_test 
The module name is changed but it isn't applied to Android.mk

Bug: 296875906
Test: m selinux_policy and see se_freeze_test run
Change-Id: Ia25845a1aff2c2b5f910f8432a455ee93a157580
 2023-09-08 11:54:11 +09:00
Inseob Kim
2aac33597d Use prebuilts for compat test if prebuilts exist 
system/sepolicy should support both REL build and ToT build. That means
that system/sepolicy and prebuilts may differ. As the frozen sepolicy is
what vendor sepolicy uses, so we need to use prebuilts to run Treble
compat test.

Bug: 296875906
Test: m selinux_policy on REL
Change-Id: I4b290266ba87e3f011d640bec133fc88359ea52f
 2023-09-08 10:44:49 +09:00
Ady Abraham
6ffc794089 Merge "sepolicy: allow surfaceflinger to read device_config_aconfig_flags_prop" into main am: ab64129dbb 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2743784

Change-Id: Iae18b26bf74ae987212370d8c173bf32b4aa0f05
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-07 19:54:28 +00:00
Treehugger Robot
d065d025ed Merge "C2 AIDL sepolicy update" into main am: 8342def00a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2721424

Change-Id: I096e99c403f513a203040cf97e199392dc794177
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-07 19:52:25 +00:00
Ady Abraham
ab64129dbb Merge "sepolicy: allow surfaceflinger to read device_config_aconfig_flags_prop" into main 2023-09-07 19:16:18 +00:00
Treehugger Robot
8342def00a Merge "C2 AIDL sepolicy update" into main 2023-09-07 17:54:05 +00:00