tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
24468 commits 1 branch 0 tags 50 MiB
Commit graph

24468 commits

This branch
This branch
All branches
Author SHA1 Message Date
Automerger Merge Worker
4862a3e303 Rename ro.device_owner system property am: 0b30311feb am: 4cbbee6ec6 am: b0bb694f93 
Change-Id: Ic78eb84a26d75d33e7bed57ba76ecc24fb8e197a
 2020-02-19 23:14:24 +00:00
Automerger Merge Worker
5d5da562ba Merge "Add SELinux policy for credstore and update for IC HAL port from HIDL to AIDL." am: 1948c11d13 am: 19516eb39f 
Change-Id: I1f39855d01dff44f139d246d2183ac0176bd3c73
 2020-02-19 22:38:30 +00:00
Automerger Merge Worker
3e8a884be8 Merge "Fix selinux denials for incidentd" am: 510c53df03 am: b7aa618034 
Change-Id: Ib7e68637014b11de27639fc5726e79338e58130c
 2020-02-19 22:37:31 +00:00
Automerger Merge Worker
19516eb39f Merge "Add SELinux policy for credstore and update for IC HAL port from HIDL to AIDL." am: 1948c11d13 
Change-Id: I6d72f8264cdb8a15b52d005e02d717c76b5d4ea4
 2020-02-19 22:23:14 +00:00
Automerger Merge Worker
e47edaa9b5 [automerger skipped] Merge "Remove sys.linker property" am: 385274a35a am: 19afb2df98 am: bed34f4fa7 -s ours 
am skip reason: Change-Id Iacb2d561317d0920f93104717ce4f4bb424cc095 with SHA-1 77a48d64ba is in history

Change-Id: I80d7c621000a5b84fd10f8c1cf092defcd4004be
 2020-02-19 22:20:58 +00:00
Automerger Merge Worker
efbd524476 Merge "Update file_contexts for contexthub HAL 1.1" am: c5953aba8b am: ab1bf2c331 am: 5beece6e58 
Change-Id: Ic709e86c1e9ff2337c710d3e521e3f97a8343d66
 2020-02-19 22:20:14 +00:00
Automerger Merge Worker
b7aa618034 Merge "Fix selinux denials for incidentd" am: 510c53df03 
Change-Id: I8db7c1aa00e1e35040b690db15f5739e77fbd335
 2020-02-19 22:19:38 +00:00
Automerger Merge Worker
afba98b8e3 Merge "Add properties for volume metadata encryption." am: 251fef9206 am: 319df9cf6e am: d8816d1557 
Change-Id: Id35dc2fd7a60d2de7ab1166ef077a18c8a091d2f
 2020-02-19 22:19:26 +00:00
David Zeuthen
1948c11d13 Merge "Add SELinux policy for credstore and update for IC HAL port from HIDL to AIDL." 2020-02-19 21:14:40 +00:00
Mike Ma
510c53df03 Merge "Fix selinux denials for incidentd" 2020-02-19 21:07:14 +00:00
Automerger Merge Worker
db9b2bce55 Merge "Allow zygote to go into media directory to bind mount obb dir" am: fa60d7fc60 am: 3f92eb4b66 
Change-Id: I9e2c68055c6555130e332d468be7afc56067dafd
 2020-02-19 19:49:06 +00:00
David Zeuthen
02bf814aa2 Add SELinux policy for credstore and update for IC HAL port from HIDL to AIDL. 
The credstore service is a system service which backs the
android.security.identity.* Framework APIs. It essentially calls into
the Identity Credential HAL while providing persistent storage for
credentials.

Bug: 111446262
Test: atest android.security.identity.cts
Test: VtsHalIdentityTargetTest
Test: android.hardware.identity-support-lib-test
Change-Id: I5cd9a6ae810e764326355c0842e88c490f214c60
 2020-02-19 13:46:45 -05:00
Automerger Merge Worker
3f92eb4b66 Merge "Allow zygote to go into media directory to bind mount obb dir" am: fa60d7fc60 
Change-Id: Ic77bee24252803ffb154e34cb566a731b76a49f8
 2020-02-19 18:43:57 +00:00
Automerger Merge Worker
1d601e11f9 Merge "Allow mediaprovider_app access to /proc/filesystems." am: 78f63707ac am: d925b6c670 
Change-Id: I56dce446bb69cb81d3326ee0b98f01400e0c30c8
 2020-02-19 18:38:47 +00:00
Treehugger Robot
fa60d7fc60 Merge "Allow zygote to go into media directory to bind mount obb dir" 2020-02-19 18:30:27 +00:00
Automerger Merge Worker
d925b6c670 Merge "Allow mediaprovider_app access to /proc/filesystems." am: 78f63707ac 
Change-Id: I183669c60220ab17e7d4e8b274853f6e2c0c08af
 2020-02-19 18:25:52 +00:00
Treehugger Robot
78f63707ac Merge "Allow mediaprovider_app access to /proc/filesystems." 2020-02-19 18:12:06 +00:00
Automerger Merge Worker
b0bb694f93 Rename ro.device_owner system property am: 0b30311feb am: 4cbbee6ec6 
Change-Id: Id32863aee5d81d33c53c86a0c885bee03d9ccee7
 2020-02-19 17:49:37 +00:00
Automerger Merge Worker
4cbbee6ec6 Rename ro.device_owner system property am: 0b30311feb 
Change-Id: I6be37316e7114b0b6d7e32b16600ff8a6f9c7037
 2020-02-19 17:30:08 +00:00
Martijn Coenen
fd54803f0b Allow mediaprovider_app access to /proc/filesystems. 
It needs to be able to see supported filesystems to handle external
storage correctly.

Bug: 146419093
Test: no denials
Change-Id: Ie1e0313c73c02a73558d07ccb70de02bfe8c231e
 2020-02-19 17:24:24 +01:00
Ricky Wai
ad538514a7 Allow zygote to go into media directory to bind mount obb dir 
Bug: 148049767
Change-Id: I2134de4df0db3268340fcfec6ad1cb8a94e3e8f9
 2020-02-19 14:24:27 +00:00
Rubin Xu
0b30311feb Rename ro.device_owner system property 
This is renamed to ro.organization_owned to cover the extended
usage now that there is a new management mode for fully-managed
organization owned devices: organization-owned managed profile.
A device is considered fully-managed if there is a device owner
or an organization-owned managed profile.

Bug: 148437300
Test: atest FrameworksServicesTests:DevicePolicyManagerTest
Test: atest FrameworksServicesTests:SecurityEventTest
Test: atest FrameworksCoreTests:EventLogTest
Test: atest com.android.cts.devicepolicy.DeviceOwnerTest#testSecurityLoggingWithSingleUser
Test: atest com.android.cts.devicepolicy.DeviceOwnerTest#testSecurityLoggingWithTwoUsers
Test: atest com.android.cts.devicepolicy.DeviceOwnerTest#testSecurityLoggingEnabledLogged
Change-Id: Ic3288fe343d3b51c59f08678e114fe9a81cb39a4
 2020-02-19 10:34:05 +00:00
Rambo Wang
8950e7a25b Allow system_app to interact with Dumpstate HAL 
To let end user enable/disable the verbose vender logging,
a developer option is added into Settings app which need
directly interact with Dumpstate HAL. In the future, the
same function may be added into SystemUI, eg. as a
QuickSettings tile.

To allow both Settings app and system.ui, system_app is
the best candidate for the sepolicy change.

Bug: 148822215
Test: make && make RunSettingsRoboTests
Change-Id: Ic6ef497505719e07cc37518b78c9dc146cda2d2c
 2020-02-19 06:03:32 +00:00
Automerger Merge Worker
439782118f Merge "Add cache-key property for package and permission information" am: 7978cd866d am: 36c2023b80 am: 9ac55860fa 
Change-Id: Ic8e540e3b3946f2dc7b626dd1d839e22101181ea
 2020-02-19 05:57:39 +00:00
Automerger Merge Worker
a73fb7ff44 Merge "Allow gmscore to read tcp sockets passed by priv-apps" am: 7848af185a am: 64b7d07109 am: 10e9260a16 
Change-Id: Ibbb1662ad4da58e5e373e53e8b1d02baee4378c7
 2020-02-19 05:57:00 +00:00
Automerger Merge Worker
44376cc541 Merge "Add binder cache key for PlatformCompat" am: 9254affacf am: 7795c0d083 am: 16263aca9b 
Change-Id: I412bb9555d0d5fbe8bfe1da780fe9d1729c3f407
 2020-02-19 05:56:17 +00:00
Mike Ma
ab61935ac2 Fix selinux denials for incidentd 
This is to fix selinux denials on incident-helper-cmd.
incident-helper-cmd is a Java program spawn from app_process. There are
currently some selinux denials because app_process tries to read boot
flags, read dalvik cache, run JIT and exec from JIT cache.

This change:
- allows incidentd to read the runtime feature flag properties. This is
a normal behavior during app_process startup
- allows incidentd to lock a few java libraries under
/apex/com.android.art. Again, this is normal when ART starts
- mutes denial of writing to and exec from dalvik cache / JIT cache

Fixes: 149011438
Test: Run $ incident 1116, and verify there's no selinux denial
Change-Id: I95a6b93e6a5510c749bebe7ecbcab9a803be0801
 2020-02-18 21:51:40 -08:00
Automerger Merge Worker
bed34f4fa7 Merge "Remove sys.linker property" am: 385274a35a am: 19afb2df98 
Change-Id: Ib736016d1ea3ccca468719a2a026d63814428255
 2020-02-19 04:07:12 +00:00
Automerger Merge Worker
19afb2df98 Merge "Remove sys.linker property" am: 385274a35a 
Change-Id: I58a5ebd1243ad61b7add75d9f4b305ab75ed609c
 2020-02-19 03:54:14 +00:00
Kiyoung Kim
385274a35a Merge "Remove sys.linker property" 2020-02-19 03:34:29 +00:00
Kiyoung Kim
dc34050e17 Remove sys.linker property 
sys.linker property was defined to enable / disable generate linker
configuration, but the property has been removed. Remove sys.linker
property definition as it is no longer in use

Bug: 149335054
Test: m -j passed && cuttlefish worked without sepolicy error
Change-Id: Iacb2d561317d0920f93104717ce4f4bb424cc095
Merged-In: Iacb2d561317d0920f93104717ce4f4bb424cc095
 2020-02-19 10:16:06 +09:00
Automerger Merge Worker
5beece6e58 Merge "Update file_contexts for contexthub HAL 1.1" am: c5953aba8b am: ab1bf2c331 
Change-Id: Ia4326dcbca271ba98dd3451b2f1b040c40b85469
 2020-02-19 00:05:40 +00:00
Automerger Merge Worker
d8816d1557 Merge "Add properties for volume metadata encryption." am: 251fef9206 am: 319df9cf6e 
Change-Id: I01604644af33067fdcb04e2500443dbe65624bee
 2020-02-19 00:05:23 +00:00
Automerger Merge Worker
ab1bf2c331 Merge "Update file_contexts for contexthub HAL 1.1" am: c5953aba8b 
Change-Id: I498c444abddc5f853932ebfa102b4ab246843164
 2020-02-18 23:39:58 +00:00
Automerger Merge Worker
319df9cf6e Merge "Add properties for volume metadata encryption." am: 251fef9206 
Change-Id: I8bc905316a9592ba38a7e0738cd00bfbef10812d
 2020-02-18 23:39:37 +00:00
Treehugger Robot
c5953aba8b Merge "Update file_contexts for contexthub HAL 1.1" 2020-02-18 23:33:30 +00:00
Paul Crowley
251fef9206 Merge "Add properties for volume metadata encryption." 2020-02-18 23:17:06 +00:00
Anthony Stange
667b2fa6ec Update file_contexts for contexthub HAL 1.1 
Bug: 135951924
Test: Verify this lets contexthub HAL 1.1 run on a device that supports
it

Change-Id: I049e77d476ac0d090e48895a19a454b764aac74c
 2020-02-18 23:12:05 +00:00
Automerger Merge Worker
9ac55860fa Merge "Add cache-key property for package and permission information" am: 7978cd866d am: 36c2023b80 
Change-Id: I7fc6680eda408ea07dee887a62ce874e3cb49cdd
 2020-02-18 21:36:57 +00:00
Automerger Merge Worker
10e9260a16 Merge "Allow gmscore to read tcp sockets passed by priv-apps" am: 7848af185a am: 64b7d07109 
Change-Id: I462b473d1e8d25346d4d2a5041a13635e9bb9247
 2020-02-18 21:36:47 +00:00
Automerger Merge Worker
36c2023b80 Merge "Add cache-key property for package and permission information" am: 7978cd866d 
Change-Id: Iee1797369aa6804b9726127cfc41d55f08b0519f
 2020-02-18 21:23:04 +00:00
Treehugger Robot
64b7d07109 Merge "Allow gmscore to read tcp sockets passed by priv-apps" am: 7848af185a 
Change-Id: Ifb1f618057aae71fa8d302f67fb2ee9a4730cd9a
 2020-02-18 21:11:48 +00:00
Treehugger Robot
7978cd866d Merge "Add cache-key property for package and permission information" 2020-02-18 20:11:06 +00:00
Treehugger Robot
7848af185a Merge "Allow gmscore to read tcp sockets passed by priv-apps" 2020-02-18 18:41:22 +00:00
Daniel Colascione
77b3da68ed Add cache-key property for package and permission information 
Bug: 140788621
Test: inspection
Change-Id: Ia6a14721531fe95be01223e2f95c9de0ec683417
 2020-02-18 10:05:15 -08:00
Andrei-Valentin Onea
16263aca9b Merge "Add binder cache key for PlatformCompat" am: 9254affacf am: 7795c0d083 
Change-Id: Idaa3cc547b6af9b44c0d4d4553d4112b58cf3db9
 2020-02-18 17:39:40 +00:00
Andrei-Valentin Onea
7795c0d083 Merge "Add binder cache key for PlatformCompat" am: 9254affacf 
Change-Id: Ief4a6ee14b3beef8168db609a1c08064b4638df3
 2020-02-18 17:30:40 +00:00
Andrei-Valentin Onea
9254affacf Merge "Add binder cache key for PlatformCompat" 2020-02-18 17:16:09 +00:00
Ashwini Oruganti
22a8c14971 Allow gmscore to read tcp sockets passed by priv-apps 
In the GTS test NetStatsHostTest#testASetThreadStatsUid,
com.android.vending appears to be passing a tcp socket by file
descriptor to gmscore. This change updates the gmscore_app permissions
to allow this.

Bug: 148974132
Test: TH
Change-Id: Ia9e7869dda231329ae56c05d430631710779bf30
 2020-02-18 08:38:44 -08:00
Kiyoung Kim
77a48d64ba Remove sys.linker property 
sys.linker property was defined to enable / disable generate linker
configuration, but the property has been removed. Remove sys.linker
property definition as it is no longer in use

Bug: 149335054
Test: m -j passed && cuttlefish worked without sepolicy error
Change-Id: Iacb2d561317d0920f93104717ce4f4bb424cc095
 2020-02-18 10:13:55 +09:00