tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
33433 commits 1 branch 0 tags 50 MiB
Commit graph

33433 commits

This branch
This branch
All branches
Author SHA1 Message Date
Daniel Norman
8d50c9d1a9 Merge "Revert "Revert "Adds a new prop context for choosing between mul..."" am: 0dd5118c74 am: a8570d7e9c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1894203

Change-Id: I9174136a0ddf6dc90eccdd6da9bb55e24be2b8f1
 2021-11-17 21:42:28 +00:00
Daniel Norman
a8570d7e9c Merge "Revert "Revert "Adds a new prop context for choosing between mul..."" am: 0dd5118c74 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1894203

Change-Id: I965d05bcf36da9b831eb56fa5ab10b852216f9c3
 2021-11-17 21:38:44 +00:00
Daniel Norman
0dd5118c74 Merge "Revert "Revert "Adds a new prop context for choosing between mul..."" 2021-11-17 21:24:28 +00:00
Ashwini Oruganti
e6bc568653 Merge "Define and add the migrate_any_key permission to system_server" am: ed7ebb867e am: 362701c156 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1892955

Change-Id: Ib343b080cade9a328b3980778d5d345716902ed3
 2021-11-17 18:41:46 +00:00
Ashwini Oruganti
362701c156 Merge "Define and add the migrate_any_key permission to system_server" am: ed7ebb867e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1892955

Change-Id: I50534d364ff978bb4fe48ffb0dad51156ffe224e
 2021-11-17 18:22:50 +00:00
Ashwini Oruganti
ed7ebb867e Merge "Define and add the migrate_any_key permission to system_server" 2021-11-17 17:55:13 +00:00
Alan Stokes
811be459f9 Merge "Add type and mapping for /metadata/sepolicy" am: ca83dcce15 am: a1cd519e25 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1895135

Change-Id: I79500142071e5cc3caf37c001278a16a1ff126ca
 2021-11-17 14:41:43 +00:00
Alan Stokes
a1cd519e25 Merge "Add type and mapping for /metadata/sepolicy" am: ca83dcce15 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1895135

Change-Id: Iabd422dde45e26182720a4880cd8d224e432186b
 2021-11-17 14:26:22 +00:00
Alan Stokes
ca83dcce15 Merge "Add type and mapping for /metadata/sepolicy" 2021-11-17 14:11:14 +00:00
Jeff Vander Stoep
5aa5e5e845 Add type and mapping for /metadata/sepolicy 
Test: make -j; launch_cvd; adb shell ls -laZ /metadata
Bug: 199914227
Change-Id: I573af0949d92f401589238dab8c3e9fbe2ee7efe
 2021-11-17 10:45:24 +00:00
Daniel Norman
2f8ce0d9c1 Revert "Revert "Adds a new prop context for choosing between mul..." 
Revert "Revert "Adds multi_install_skip_symbol_files field (defa..."

Revert submission 1893459-revert-1869814-vapex-multi-config-VKODFOVCWY

Reason for revert: Fix-forward in https://r.android.com/1894088
Reverted Changes:
I087bfe0dc:Revert "Adds a new prop context for choosing betwe...
I27a498506:Revert "Load persist props before starting apexd."...
Ib5344edc0:Revert "Allow users to choose between multi-instal...
If09bf590e:Revert "Adds multi_install_skip_symbol_files field...
I905dac14c:Revert "Demonstrate multi-installed APEXes."

Change-Id: I03fb124d4e7044f236539a132816fd96cb814775
 2021-11-16 20:28:29 +00:00
Ashwini Oruganti
41843731cc Define and add the migrate_any_key permission to system_server 
This change adds a permission migrate_any_key that will help the system
server in migrating keys for an app that wants to leave a sharedUserId.

Bug: 179284822
Test: compiles
Change-Id: I2f35a1335092e69f5b3e346e2e27284e1ec595ec
 2021-11-16 10:18:19 -08:00
Treehugger Robot
1d36f66a48 Merge "Add camera.disable_preview_scheduler property" am: a594876cfe am: 1b4714c8e8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1887227

Change-Id: I8a1d31753e9cdc52b289ac35dc8c97748593afff
 2021-11-16 15:42:17 +00:00
Treehugger Robot
1b4714c8e8 Merge "Add camera.disable_preview_scheduler property" am: a594876cfe 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1887227

Change-Id: I39095a581c61d24ba8b462f7ca70cabd9df4f67c
 2021-11-16 15:30:41 +00:00
Treehugger Robot
a594876cfe Merge "Add camera.disable_preview_scheduler property" 2021-11-16 15:16:25 +00:00
Owen Kim
755dee1782 Merge "Revert "Adds a new prop context for choosing between multi-insta..."" am: 95d7aaa339 am: a6bd8d83f0 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1893458

Change-Id: I2e1e30f99a214c4d933a96e57631bc6a9a53a85a
 2021-11-16 09:21:20 +00:00
Owen Kim
a6bd8d83f0 Merge "Revert "Adds a new prop context for choosing between multi-insta..."" am: 95d7aaa339 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1893458

Change-Id: Ibd4d1225cd655151657d3f2511636637415e35b8
 2021-11-16 08:55:12 +00:00
Owen Kim
95d7aaa339 Merge "Revert "Adds a new prop context for choosing between multi-insta..."" 2021-11-16 08:39:27 +00:00
Owen Kim
780cd02d52 Revert "Adds a new prop context for choosing between multi-insta..." 
Revert "Adds multi_install_skip_symbol_files field (default fals..."

Revert submission 1869814-vapex-multi-config

Bug: 206551398
Reason for revert: DroidMonitor-triggered revert due to breakage https://android-build.googleplex.com/builds/tests/view?invocationId=I55600009996329947&testResultId=TR93527797572038984, bug b/206551398
Reverted Changes:
I0cd9d748d:Adds multi_install_skip_symbol_files field (defaul...
I5912a18e3:Demonstrate multi-installed APEXes.
I0e6881e3a:Load persist props before starting apexd.
I932442ade:Adds a new prop context for choosing between multi...
I754ecc3f7:Allow users to choose between multi-installed vend...

Change-Id: I087bfe0dcf8d6ab38d861b82196bac4e9147e8e6
 2021-11-16 07:08:15 +00:00
Daniel Norman
bee9f24f08 Merge "Adds a new prop context for choosing between multi-installed APEXes." am: 8e276eae6b am: d6746bd67a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1869814

Change-Id: Ifaeda19592f1a75a579fb37d9f91c743648adfa9
 2021-11-16 01:15:24 +00:00
Daniel Norman
d6746bd67a Merge "Adds a new prop context for choosing between multi-installed APEXes." am: 8e276eae6b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1869814

Change-Id: Idb0cbbe30faec914e9d894564733d50e213f77e0
 2021-11-16 00:56:56 +00:00
Daniel Norman
8e276eae6b Merge "Adds a new prop context for choosing between multi-installed APEXes." 2021-11-16 00:45:32 +00:00
Jiyong Park
a7d1c52585 Merge "Fix bootchart on android12" am: 5d0397047d am: e646809295 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1888457

Change-Id: I783f737043121394fa1a70eee0c9f0aadc1c5bf1
 2021-11-15 07:32:28 +00:00
Jiyong Park
e646809295 Merge "Fix bootchart on android12" am: 5d0397047d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1888457

Change-Id: Id956b60571e60f3ae89548176c26c38ff0ef7b02
 2021-11-15 07:17:37 +00:00
Jiyong Park
5d0397047d Merge "Fix bootchart on android12" 2021-11-15 07:04:06 +00:00
Treehugger Robot
6ea8b3b3b3 Merge "Add file_contexts for sepolicy mainline module" am: 8797f5841c am: 2b9f0a62cb 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1890636

Change-Id: I7c93ddbbcde75103a77b603fcbd268dbdb4d4bea
 2021-11-12 15:57:18 +00:00
Treehugger Robot
2b9f0a62cb Merge "Add file_contexts for sepolicy mainline module" am: 8797f5841c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1890636

Change-Id: I4d26ed69653efb0e116b2fc2d985484821835f57
 2021-11-12 15:39:43 +00:00
Treehugger Robot
8797f5841c Merge "Add file_contexts for sepolicy mainline module" 2021-11-12 15:21:29 +00:00
Jeff Vander Stoep
07246483ad Add file_contexts for sepolicy mainline module 
Test: m com.android.sepolicy
Bug: 202394777
Change-Id: I6d11c693463206632237de1c4042845153fd6415
 2021-11-12 14:55:54 +01:00
Yi-Yo Chiang
56c04282fd Merge "Treblelize bug_map: split bug_map to multiple partitions" am: 9fcecef0a8 am: 7cd1adeff5 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1884354

Change-Id: I7b1b000d5ee8c457a294a31f8d3a7e58f93e9736
 2021-11-12 07:27:16 +00:00
Yi-Yo Chiang
7cd1adeff5 Merge "Treblelize bug_map: split bug_map to multiple partitions" am: 9fcecef0a8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1884354

Change-Id: I5e98e080b2f6259929cbdacff3a47523bf7b2d23
 2021-11-12 07:08:37 +00:00
Yi-Yo Chiang
9fcecef0a8 Merge "Treblelize bug_map: split bug_map to multiple partitions" 2021-11-12 06:53:27 +00:00
Daniel Norman
6b0049dcf0 Adds a new prop context for choosing between multi-installed APEXes. 
Bug: 199290365
Test: see https://r.android.com/1872018
Change-Id: I932442adefc7ad10d7cd81e61e95efd41f8cf379
 2021-11-11 19:11:11 +00:00
Maciej Żenczykowski
0b4cec93d8 introduce new 'proc_bpf' for bpf related sysctls am: 3702f3385e am: 127f77ff8c am: aed3c394e8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1888379

Change-Id: I01caa9c3917e716caee32ce9ccb17e6175e96590
 2021-11-11 13:02:15 +00:00
Maciej Żenczykowski
aed3c394e8 introduce new 'proc_bpf' for bpf related sysctls am: 3702f3385e am: 127f77ff8c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1888379

Change-Id: Ie36c06ddf1c4baa99d501f8c5148d4a2e8ef05af
 2021-11-11 12:50:49 +00:00
Maciej Żenczykowski
127f77ff8c introduce new 'proc_bpf' for bpf related sysctls am: 3702f3385e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1888379

Change-Id: I18137837817e777bbd4e31b9782e980ad9a851a9
 2021-11-11 12:32:51 +00:00
Maciej Żenczykowski
3702f3385e introduce new 'proc_bpf' for bpf related sysctls 
What to tag chosen based on output of:
  find /proc 2>/dev/null | egrep bpf
on a 5.10 kernel.

Tagged with prefixes to be more likely not require changes in the future

  $ adb root
  $ adb shell 'ls -lZ /proc/sys/net/core/bpf_* /proc/sys/kernel/*bpf*'

Before:
  -rw-r--r-- 1 root root u:object_r:proc:s0      0 2021-11-11 02:11 /proc/sys/kernel/bpf_stats_enabled
  -rw-r--r-- 1 root root u:object_r:proc:s0      0 2021-11-11 02:11 /proc/sys/kernel/unprivileged_bpf_disabled
  -rw-r--r-- 1 root root u:object_r:proc_net:s0  0 2021-11-11 02:11 /proc/sys/net/core/bpf_jit_enable
  -rw------- 1 root root u:object_r:proc_net:s0  0 2021-11-11 02:11 /proc/sys/net/core/bpf_jit_harden
  -rw------- 1 root root u:object_r:proc_net:s0  0 2021-11-11 02:11 /proc/sys/net/core/bpf_jit_kallsyms
  -rw------- 1 root root u:object_r:proc_net:s0  0 2021-11-11 02:11 /proc/sys/net/core/bpf_jit_limit

After:
  -rw-r--r-- 1 root root u:object_r:proc_bpf:s0  0 2021-11-11 02:08 /proc/sys/kernel/bpf_stats_enabled
  -rw-r--r-- 1 root root u:object_r:proc_bpf:s0  0 2021-11-11 02:08 /proc/sys/kernel/unprivileged_bpf_disabled
  -rw-r--r-- 1 root root u:object_r:proc_bpf:s0  0 2021-11-11 02:08 /proc/sys/net/core/bpf_jit_enable
  -rw------- 1 root root u:object_r:proc_bpf:s0  0 2021-11-11 02:08 /proc/sys/net/core/bpf_jit_harden
  -rw------- 1 root root u:object_r:proc_bpf:s0  0 2021-11-11 02:08 /proc/sys/net/core/bpf_jit_kallsyms
  -rw------- 1 root root u:object_r:proc_bpf:s0  0 2021-11-11 02:08 /proc/sys/net/core/bpf_jit_limit

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I46ea81ff42d3b915cf7a96735dc2636d9808ead6
 2021-11-11 02:54:21 -08:00
Ji Luo
d338d0ef55 Fix bootchart on android12 
Access denial of Apexd would cause runtime abort and the
bootchart is not working on Android 12:
  ...
  F nativeloader: Error finding namespace of apex: no namespace called com_android_art
  F zygote64: runtime.cc:669] Runtime aborting...
  F zygote64: runtime.cc:669] Dumping all threads without mutator lock held
  F zygote64: runtime.cc:669] All threads:
  F zygote64: runtime.cc:669] DALVIK THREADS (1):
  F zygote64: runtime.cc:669] "main" prio=10 tid=1 Runnable (still starting up)
  F zygote64: runtime.cc:669]   | group="" sCount=0 ucsCount=0 flags=0 obj=0x0 self=0xb4000072de0f4010
  ...

Bug: 205880718
Test: bootchart test.

Signed-off-by: Ji Luo <ji.luo@nxp.com>
Change-Id: Ia7d166605cd0b58849cb44d9a16dc3c73e1d4353
 2021-11-11 16:53:24 +08:00
David Brazdil
dd97ff8b89 Merge "Allow control of AVF experiments" am: f7d7c22115 am: 2322e6d63d am: 56e948959a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1875377

Change-Id: I399257b878cc5ea04c3772db170c3853cd86571e
 2021-11-10 21:34:38 +00:00
David Brazdil
56e948959a Merge "Allow control of AVF experiments" am: f7d7c22115 am: 2322e6d63d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1875377

Change-Id: I859004cc44c7a6c48d7d98788856fe6b7c17664f
 2021-11-10 21:17:04 +00:00
David Brazdil
2322e6d63d Merge "Allow control of AVF experiments" am: f7d7c22115 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1875377

Change-Id: I8ae42a96909cd571a79a1b941db9ec85e3336b1c
 2021-11-10 21:00:05 +00:00
Jaegeuk Kim
8af7cf410d Merge "sepolicy: allow to play f2fs-compression for odex/vdex files" am: 6065b053ff am: 4e964bf2b8 am: 39b360df2f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1883728

Change-Id: I77b8435bc875c8fd90bffdfca15ee1c60de11b0b
 2021-11-10 20:59:34 +00:00
David Brazdil
f7d7c22115 Merge "Allow control of AVF experiments" 2021-11-10 20:42:25 +00:00
Jaegeuk Kim
39b360df2f Merge "sepolicy: allow to play f2fs-compression for odex/vdex files" am: 6065b053ff am: 4e964bf2b8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1883728

Change-Id: Ifcb463fea6c892bcb95b56ccc683521d39d62723
 2021-11-10 20:41:39 +00:00
Jaegeuk Kim
4e964bf2b8 Merge "sepolicy: allow to play f2fs-compression for odex/vdex files" am: 6065b053ff 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1883728

Change-Id: I9edbabdcb26179388f82e5ba5d72ef77cd5017c7
 2021-11-10 20:25:12 +00:00
Shuzhen Wang
73be025636 Add camera.disable_preview_scheduler property 
Test: Build and boot
Bug: 200306379
Change-Id: I7d0b40de33a2d19c88322eacefe9d7342d55a6f4
 2021-11-10 12:22:57 -08:00
Jaegeuk Kim
6065b053ff Merge "sepolicy: allow to play f2fs-compression for odex/vdex files" 2021-11-10 19:56:57 +00:00
Andrew Scull
d7bed7733e Allow control of AVF experiments 
Grant system_server and flags_health_check permission to set the
properties that correspond to the AVF experiments.

Bug: 192819132
Test: m
Change-Id: I0e6fa73187abb4412d07ecfd42c1074b8afa5346
 2021-11-10 10:42:47 +00:00
Maciej Żenczykowski
d3ba540041 Merge "remove spurious clat selinux privs" am: d43e99bed1 am: 85a1557fd2 am: c7601254e3 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1322108

Change-Id: Ibb9a2be56a18c001ca2754a023048fac9edd01c1
 2021-11-10 04:25:17 +00:00
Maciej Żenczykowski
c7601254e3 Merge "remove spurious clat selinux privs" am: d43e99bed1 am: 85a1557fd2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1322108

Change-Id: Iea29a11df6ec7345b2b0077a4911e26dcb11f8da
 2021-11-10 04:12:51 +00:00