tequilaOS/platform_system_sepolicy

Author	SHA1	Message	Date
Treehugger Robot	da002632a2	Merge "create disable_sync_on_suspend property" into main	2023-09-28 00:03:50 +00:00
Brian Lindahl	7c5134977f	[automerger skipped] Allow for server-side configuration of libstagefright am: `1b32bccc1a` -s ours am: `41e9533e8e` -s ours am skip reason: Merged-In I95aa6772a40599636d109d6960c2898e44648c9b with SHA-1 `ffeb680417` is already in history Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2762467 Change-Id: If30fb80505eb55e02b7bd76e8c69f04dcd94a5ab Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-09-27 21:50:59 +00:00
Brian Lindahl	dccb6d84a1	[automerger skipped] Allow for server-side configuration of libstagefright am: `1b32bccc1a` -s ours am skip reason: Merged-In I95aa6772a40599636d109d6960c2898e44648c9b with SHA-1 `3c818406c4` is already in history Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2762467 Change-Id: I8b7c5cf421f70df6518fc0711924510c2c3086a9 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-09-27 21:41:06 +00:00
Brian Lindahl	41e9533e8e	[automerger skipped] Allow for server-side configuration of libstagefright am: `1b32bccc1a` -s ours am skip reason: Merged-In I95aa6772a40599636d109d6960c2898e44648c9b with SHA-1 `ffeb680417` is already in history Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2762467 Change-Id: I719b9b0dd51bac4ac0fc513402918ca1c73dbe10 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-09-27 20:32:10 +00:00
Steve Muckle	931b1a0f35	create disable_sync_on_suspend property Bug: 285395636 Test: suspend/resume testing Change-Id: I6a770241bca41929bc99dd86828b28a570dea68c	2023-09-27 16:33:09 +00:00
Yu-Ting Tseng	f3e2bf3bc2	Merge "Revert "Revert "SELinux policy changes for uprobe.""" into main am: `7a9e87c4dc` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2762026 Change-Id: I8bc9096be89bea5d84e63e5f040a4ee170171676 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-09-27 16:26:11 +00:00
Brian Lindahl	1b32bccc1a	Allow for server-side configuration of libstagefright Relaxation of SELinux policies to allow users of libstagefright and MediaCodec to be able to query server-side configurable flags. Bug: 301372559 Bug: 301250938 Test: run cts -m CtsSecurityHostTestCases Change-Id: I72670ee42c268dd5747c2411d25959d366dd972c Merged-In: I95aa6772a40599636d109d6960c2898e44648c9b	2023-09-27 16:15:23 +00:00
Yu-Ting Tseng	7a9e87c4dc	Merge "Revert "Revert "SELinux policy changes for uprobe.""" into main	2023-09-27 15:17:44 +00:00
Treehugger Robot	054256adb6	Merge "Use heuristics to run sepolicy_tests faster" into main am: `e55e8c94f6` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2762825 Change-Id: I540508ceb2dfc55025747028ac8b4d6c153e90bb Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-09-27 03:04:03 +00:00
Treehugger Robot	e55e8c94f6	Merge "Use heuristics to run sepolicy_tests faster" into main	2023-09-27 02:39:21 +00:00
Changyeon Jo	cbf259e0cc	Allow dumpstate to make binder IPC to automotive display service am: `152a2f1755` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2763750 Change-Id: I9e10befa1abd12dd3b35e62ad4a036bc359070ce Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-09-26 22:38:09 +00:00
Changyeon Jo	152a2f1755	Allow dumpstate to make binder IPC to automotive display service Bug: 280837170 Test: atest android.security.cts.SELinuxHostTest#testNoBugreportDenials Change-Id: I8239ba23bb60b95e7dd07a4c8a99167f1e08192b	2023-09-26 18:47:45 +00:00
Inseob Kim	55d140f904	Use heuristics to run sepolicy_tests faster We are compiling regex more than 300000 times, and it's a main bottleneck for slow sepolicy_tests. Actually we don't need to compile regex that much; most of cases can be handled by simple string comparison. This change introduces heuristics for optimization. Bug: 301874100 Test: verified that return values of MatchPathPrefix are not changed. Test: run cProfile, before and after. Before ncalls tottime percall cumtime percall filename:lineno(function) 21951 0.923 0.000 56.491 0.003 policy.py:33(MatchPathPrefix) After ncalls tottime percall cumtime percall filename:lineno(function) 21951 0.078 0.000 1.159 0.000 policy.py:40(MatchPathPrefix) Change-Id: I1ebad586c2518e74a8ca67024df5e77d068e3ca5	2023-09-26 16:47:45 +09:00
Yu-Ting Tseng	3e8e8eac08	Revert "Revert "SELinux policy changes for uprobe."" This reverts commit `e2bd44d48d`. Reason for revert: 2nd attempt to add the policy change Test: m selinux_policy Change-Id: I5b9a102879a65917d496ba2194187ddd2b4545d1	2023-09-25 13:30:34 -07:00
Victor Hsieh	f5900cbb89	Merge "Allow system_server to enable fs-verity on staging APK" into main am: `8ee7e50799` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2759627 Change-Id: Idfaab2dda7dd63b69a3d7d4d5955a393dd9347d9 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-09-25 16:20:23 +00:00
Victor Hsieh	8ee7e50799	Merge "Allow system_server to enable fs-verity on staging APK" into main	2023-09-25 15:35:48 +00:00
Qais Yousef	2376f09b33	Merge "Revert "SELinux policy changes for uprobe."" into main am: `e11729f825` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2759328 Change-Id: I6756e4cf2038bcc8ff67e547ff6368e7dcf8cbc7 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-09-25 09:59:24 +00:00
Qais Yousef	e11729f825	Merge "Revert "SELinux policy changes for uprobe."" into main	2023-09-25 09:24:47 +00:00
Daniele Di Proietto	ed2a836e18	tracing: SELinux access to a couple of more binder events * `binder_command`: Reported by the kernel every time a userspace thread sends a binder command to the binder kernel driver. Only the command type (e.g. `BC_TRANSACTION`, `BC_REPLY`) is reported, the contents are not disclosed. * `binder_command`: Reported by the kernel every time the binder driver sends a command to a userspace thread. Only the command type (e.g. `BR_TRANSACTION_COMPLETE`, `BR_FAILED_REPLY`) is reported, the contents are not disclosed. Bug: 295124679 Change-Id: I0dcfda7eba892abca3145188b9168a6b3a2ee0e8	2023-09-25 09:10:55 +00:00
Inseob Kim	075c18b495	Remove remaining APEX sepolicy types am: `2f0bcc1b0a` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2761425 Change-Id: Id60354d0340ccd4be990c99b9a58d0eea01e1ebc Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-09-25 09:06:41 +00:00
Inseob Kim	2f0bcc1b0a	Remove remaining APEX sepolicy types Bug: 297794885 Test: boot cuttlefish Change-Id: I2ff465217adcf1bb0267ea6d487a9a46b6584458	2023-09-25 11:19:44 +09:00
Yu-Ting Tseng	e2bd44d48d	Revert "SELinux policy changes for uprobe." This reverts commit `c69343fea9`. Reason for revert: b/301700965 Change-Id: Id858e82398cb6dc65be355ce27f3c9d56f889cfa	2023-09-23 04:13:14 +00:00
Yu-Ting Tseng	4bad805071	Merge "SELinux policy changes for uprobe." into main am: `fcc90e8af2` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2645793 Change-Id: I90e001b5dc22282010ea0f29f98c9b079139d759 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-09-22 20:51:11 +00:00
Yu-Ting Tseng	fcc90e8af2	Merge "SELinux policy changes for uprobe." into main	2023-09-22 20:01:06 +00:00
Victor Hsieh	6b71195fbe	Allow system_server to enable fs-verity on staging APK This allows package manager enables fs-verity to an APK if it is installed with .idsig in the classic install session (non-incremental). This is done in ag/24707249 behind a flag. This sepolicy change was missed by mistake. Bug: 277344944 Test: atest android.appsecurity.cts.PkgInstallSignatureVerificationTest Change-Id: If403d84611b69ab076a808addebbd5f0738cdc68	2023-09-22 10:20:22 -07:00
Handa Wang	79ff7174d5	Merge "allow ot_daemon to read/write sockets shared by system_server" into main am: `b6314bd9ca` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2722778 Change-Id: Icf53b3f673c6c4ef3450892d4a8d5d4fc5f17086 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-09-22 10:00:46 +00:00
Handa Wang	b6314bd9ca	Merge "allow ot_daemon to read/write sockets shared by system_server" into main	2023-09-22 09:05:06 +00:00
Handa Wang	8612e80d18	allow ot_daemon to read/write sockets shared by system_server system_server creates an ICMPv6 socket and send it to ot_daemon via ParcelFileDescriptor. ot_daemon will use that socket to send/receive ICMPv6 messages. Here's how the socket is created in System Server: int sock = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6); Bug: 294486086 Security consultation bug: 296809188 Test: Verified on a cuttlefish Change-Id: I9d479c9da01187a0e476591f447f7199ecb3a409	2023-09-22 02:18:46 +00:00
Treehugger Robot	d281acf1b5	Merge "hal_dumpstate service is now AIDL service" into main am: `ae071b717b` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2756129 Change-Id: I44fcc2c033df089e86ecd8bda6e5d5d8dd701522 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-09-22 01:51:01 +00:00
Treehugger Robot	ae071b717b	Merge "hal_dumpstate service is now AIDL service" into main	2023-09-22 01:16:28 +00:00
Yu-Ting Tseng	c69343fea9	SELinux policy changes for uprobe. Test: m selinux_policy Change-Id: I56565c05b6337ecd5ec20fb11443c13daaef1ad8	2023-09-21 14:50:13 -07:00
Isaac J. Manjarres	2f2af76c7b	Let incidentd read the wakeup_sources debugfs node for userdebug/eng builds am: `1064f51841` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2755348 Change-Id: I81cf504336b2b1dcb83addd17de3cbfb7618fa24 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-09-21 14:10:48 +00:00
Isaac J. Manjarres	1064f51841	Let incidentd read the wakeup_sources debugfs node for userdebug/eng builds Currently, incidentd is allowed to read the wakeup_sources debugfs node only if a device does not enforce debugfs restrictions. If a device enforces debugfs restrictions, debugfs cannot be mounted on user builds, but can be mounted on userdebug and eng builds. Processes that need to use debugfs should therefore be able to access it on userdebug and eng builds. So, allow incidentd to read the wakeup sources debugfs node for userdebug and eng builds. Bug: 300477252 Change-Id: I9bb480a0418a6d176b39753d552f409e139be178 Signed-off-by: Isaac J. Manjarres <isaacmanjarres@google.com>	2023-09-20 14:06:21 -07:00
Carlos Galo	ecb23b6ccb	Merge "system_server: allow access to proc/memhealth/*" into main am: `a8e1fe01da` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2754950 Change-Id: Ia3a154eda9673c605505d5440715cbb726f9c26b Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-09-20 06:03:53 +00:00
Carlos Galo	a8e1fe01da	Merge "system_server: allow access to proc/memhealth/*" into main	2023-09-20 05:04:44 +00:00
Thiébaud Weksteen	e396c3c486	Remove com.android.sepolicy policy am: `cc85f22c4d` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2755965 Change-Id: I44486d4b0a9d90b5b4b91d38840bc42902f34242 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-09-20 02:30:34 +00:00
Jooyung Han	309065bb5b	hal_dumpstate service is now AIDL service Bug: 301079572 Test: VtsHalDumpstateTargetTest Change-Id: I86e80cadcfa51557efad58d854880b9d421e9df9	2023-09-20 10:53:03 +09:00
Carlos Galo	004cc8c21c	system_server: allow access to proc/memhealth/* Libmemevents requires read-access to the attribute files exposed by the memhealth driver. Test: build Test: no denials to /proc/memhealth/oom_victim_list from libmemevents Bug: 244232958 Change-Id: I617c75ab874ad948af37d3e345e5202e46781f3f Signed-off-by: Carlos Galo <carlosgalo@google.com>	2023-09-20 00:30:13 +00:00
Thiébaud Weksteen	cc85f22c4d	Remove com.android.sepolicy policy Bug: 297794885 Test: presubmit Change-Id: I91b1584fe2e13322cd3a0add92887097e190246e	2023-09-19 12:41:52 +10:00
Treehugger Robot	35feb11562	Merge "Revert^3 "Start tracking vendor seapp coredomain violations"" into main am: `531e26d991` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2754249 Change-Id: I9bdf9240ad963a39882c75d76bf69ba2afd69af5 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-09-18 06:16:58 +00:00
Treehugger Robot	531e26d991	Merge "Revert^3 "Start tracking vendor seapp coredomain violations"" into main	2023-09-18 05:06:32 +00:00
Inseob Kim	8bc8b75f95	Revert^3 "Start tracking vendor seapp coredomain violations" This reverts commit `b193c80986`. Reason for revert: Fix is merged Change-Id: Ia2dcd6584ee763c6da3f3b7fdd9f4710ffde9bfc	2023-09-18 04:08:19 +00:00
Inseob Kim	76d5f36905	Merge "Revert^2 "Start tracking vendor seapp coredomain violations"" into main am: `5d94d75e38` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2752267 Change-Id: Ic7857eca04d3ad375735f9676b0cf17d1c667849 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-09-15 04:01:08 +00:00
Treehugger Robot	7a921e30f0	Merge "Revert "Start tracking vendor seapp coredomain violations"" into main am: `430c93557f` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2750383 Change-Id: Idb97d60610296a2af52d503a2b7a597beab5498e Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-09-15 04:00:27 +00:00
Inseob Kim	5d94d75e38	Merge "Revert^2 "Start tracking vendor seapp coredomain violations"" into main	2023-09-15 03:59:23 +00:00
Inseob Kim	b193c80986	Revert^2 "Start tracking vendor seapp coredomain violations" This reverts commit `6ec4e5f048`. Reason for revert: breaking build Change-Id: If99f309fd8d5dd5b42a871259451c10530e1769d	2023-09-15 03:58:00 +00:00
Treehugger Robot	430c93557f	Merge "Revert "Start tracking vendor seapp coredomain violations"" into main	2023-09-15 03:06:00 +00:00
Inseob Kim	6ec4e5f048	Revert "Start tracking vendor seapp coredomain violations" This reverts commit `292f22a33b`. Reason for revert: removed all attribute usages; no need Change-Id: Iab489f1a94733438ba0c552fb9e3eb354423a156	2023-09-14 15:57:04 +00:00
Treehugger Robot	2546b174dd	Merge "Revert "sepolicy: allow surfaceflinger to read device_config_aconfig_flags_prop"" into main am: `3fceb02a3c` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2750942 Change-Id: Ia59d38a364b95637ee68adbc5d62f8ce4ecb115a Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-09-14 02:24:09 +00:00
Treehugger Robot	3fceb02a3c	Merge "Revert "sepolicy: allow surfaceflinger to read device_config_aconfig_flags_prop"" into main	2023-09-14 01:18:00 +00:00

... 3 4 5 6 7 ...

44082 commits