tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
38808 commits 1 branch 0 tags 50 MiB
Commit graph

38808 commits

This branch
This branch
All branches
Author SHA1 Message Date
Treehugger Robot
558915461b Merge "Dontaudit chmod of virtualizationsevice_data_file" 2022-06-15 18:04:46 +00:00
Florian Mayer
7564cb1833 Merge "Add property for MTE permissive mode." am: 981f5581f6 am: 255cbf108a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2101776

Change-Id: If09152789586c662abfa9cbabeecde200f786a0a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-15 17:36:53 +00:00
Florian Mayer
5b3a8333af SELinux configuration for memory safety device configs. 
These will get read by system libraries in arbitrary processes, so it's
a public property with read access by `domain`.

Bug: 235129567
Change-Id: I1ab880626e4efa2affe90165ce94a404b918849d
 2022-06-15 10:34:54 -07:00
Florian Mayer
255cbf108a Merge "Add property for MTE permissive mode." am: 981f5581f6 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2101776

Change-Id: I41fc5e3b151382572f180d1c3b3495f7fa445412
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-15 17:17:38 +00:00
Florian Mayer
981f5581f6 Merge "Add property for MTE permissive mode." 2022-06-15 16:58:25 +00:00
Alan Stokes
40f33c1da1 Dontaudit chmod of virtualizationsevice_data_file 
Init attempts to rm -rf these files, to ensure any that are owned by
the old virtualizationservice UID get deleted. This fails for newer
directories, now we use the system UID, which is harmless. But rm
attempts to chmod the directories since it can't read them, which also
fails and generates a spurious audit. So here we suppress that.

Bug: 235338094
Test: No denials seen even when there are stale directories present
Change-Id: If55fbe151174ee08a12b64b301e4aa86ffc1a5bf
 2022-06-15 17:25:20 +01:00
Max Bires
f33d6752c1 Allow remote_prov_app to find mediametrics. 
This change allows remote_prov_app to find mediametrics. This is a
permission that all apps have. It is now needed for remote_prov_app due
to a new feature related to provisioning Widevine through the MediaDrm
framework.

Ignore-AOSP-First: Need to cherry pick to TM-dev
Bug: 235491155
Test: no selinux denials related to remote_prov_app
Change-Id: Id3057b036486288358a9a84100fe808eb56df5fe
 2022-06-15 15:42:23 +00:00
Treehugger Robot
9c667a3cb6 Merge "Don't audit mnt_produt_file in dumpstate." am: f31b1f45d5 am: 94b7580c3c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2112768

Change-Id: I809bdff6f1bcff957269e84e0efcb50566dc1cfb
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-15 10:23:46 +00:00
Treehugger Robot
94b7580c3c Merge "Don't audit mnt_produt_file in dumpstate." am: f31b1f45d5 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2112768

Change-Id: I07dfa25b78403ddc12f22384ff68663926e337f1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-15 10:04:06 +00:00
Treehugger Robot
f31b1f45d5 Merge "Don't audit mnt_produt_file in dumpstate." 2022-06-15 09:42:49 +00:00
Xin Li
1be8100d8f Merge Android 12 QPR 3 
Bug: 236045730
Merged-In: Id7ae2a2160eeea687a3a6876ce43baf05bb3bb8b
Change-Id: I342b75ca067e813bbd9092efd33dc078b2d6312e
 2022-06-14 16:48:21 -07:00
Avichal Rakesh
3baabb9157 Allow camera provider services following AIDL naming conventions 
Android 13 moved to using AIDL for HALs, which have different version
and naming conventions as compared to the new deprecated HIDL. This CL
updates the regex to include camera provider implementations that follow
AIDL naming conventions in the allowlist.

Bug: 219974678
Test: Manually tested that AIDL implementation is allowed to run
Change-Id: Ic005703bdaaa6376ca4714f22f89271b2a8878f2
 2022-06-14 22:39:54 +00:00
Florian Mayer
56af9a268a Add property for MTE permissive mode. 
Bug: 202037138
Change-Id: I272996f124ca8391f9312150d1d8757751fe6acb
 2022-06-14 10:21:25 -07:00
Inseob Kim
67bcce7163 Merge "Allow microdroid_manager to write serial device" am: ff418d6499 am: 4e71f7d8c8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2121197

Change-Id: I296c2c6b473fcddc3ca9712d08785a175b25e399
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-14 03:36:45 +00:00
Inseob Kim
4e71f7d8c8 Merge "Allow microdroid_manager to write serial device" am: ff418d6499 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2121197

Change-Id: Id7ae2a2160eeea687a3a6876ce43baf05bb3bb8b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-14 03:17:46 +00:00
Inseob Kim
ff418d6499 Merge "Allow microdroid_manager to write serial device" 2022-06-14 02:51:12 +00:00
Neil Fuller
37888b33ba Remove TZUvA feature. 
The feature was superseded by tzdata mainline module(s).

Bug: 148144561
Test: see system/timezone
Test: m selinux_policy
Change-Id: I48d445ac723ae310b8a134371342fc4c0d202300
Merged-In: I48d445ac723ae310b8a134371342fc4c0d202300
 2022-06-13 11:45:50 +00:00
Inseob Kim
44f68942fa Allow microdroid_manager to write serial device 
A serial device is used to pass failure reason to host.

Bug: 220071963
Test: atest MicrodroidTests
Change-Id: I085e902b4f0a79d3c8d2cd5c737ad169caac3659
 2022-06-13 18:00:11 +09:00
Treehugger Robot
1f3e23185a Merge "Remove the last traces of idmap (replaced by idmap2)" am: 850045ae07 am: 4ed1cb5a1e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2122593

Change-Id: Ie6eab2f168e8587b6a3b7a94e3ce92098a16e3f4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-13 07:58:39 +00:00
Treehugger Robot
4ed1cb5a1e Merge "Remove the last traces of idmap (replaced by idmap2)" am: 850045ae07 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2122593

Change-Id: I3a13d0387b86db5744d15775699f2192b6804e2e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-13 07:40:54 +00:00
Treehugger Robot
850045ae07 Merge "Remove the last traces of idmap (replaced by idmap2)" 2022-06-13 07:19:11 +00:00
Yi-yo Chiang
290546b504 Merge "Label ro.force.debuggable as build_prop" am: c85ac2ea3a am: fcbd51b544 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2122376

Change-Id: I28c54af35917a64b2b288b5d97e09074470cc797
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-13 06:59:12 +00:00
Yi-yo Chiang
fcbd51b544 Merge "Label ro.force.debuggable as build_prop" am: c85ac2ea3a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2122376

Change-Id: Ibbe3afff89ca75284e9d4705b03095d0c3fc36f9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-13 06:41:14 +00:00
Yi-yo Chiang
c85ac2ea3a Merge "Label ro.force.debuggable as build_prop" 2022-06-13 06:17:47 +00:00
Android Build Coastguard Worker
96e8cbe612 Snap for 8710048 from 7b9395086e to tm-release 
Change-Id: I358b63f6f72b31769cac7659a9f3e38cf103d4e5
 2022-06-11 01:28:58 +00:00
Devin Moore
92c36611e3 Merge "Add permissions for new netd AIDL HAL" am: e47782171a am: ff958713a2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2095165

Change-Id: I7d2b464664e78b2cb32820adef2595a248203969
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-10 20:30:09 +00:00
Devin Moore
ff958713a2 Merge "Add permissions for new netd AIDL HAL" am: e47782171a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2095165

Change-Id: I28a8dea121386f90f48850326a8d1c1a41984d6d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-10 19:41:26 +00:00
Devin Moore
e47782171a Merge "Add permissions for new netd AIDL HAL" 2022-06-10 18:04:28 +00:00
Mårten Kongstad
0547fb5ab2 Remove the last traces of idmap (replaced by idmap2) 
Remove mention of the /system/bin/idmap binary: the file no longer
exists.

Remove interaction between the domains installd and idmap to interact:
installd used to fork and exec the idmap binary, but the idmap2 binary
has its own binder service.

Bug: 118711077
Bug: 119264713
Test: atest FrameworksServicesTests:com.android.server.om OverlayDeviceTests OverlayHostTests CtsAppSecurityHostTestCases:OverlayHostTest
Change-Id: I06d22057308984e43cb84ff365dbdd1864c7064b
 2022-06-10 12:58:21 +02:00
Inseob Kim
9adae764e3 Merge "Fix policy file order for hal_attributes" am: b2984a49bd am: cf9c59241d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2121272

Change-Id: I8de647f091fb7a0e6f102dff92737dd29eb3704d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-10 09:47:19 +00:00
Inseob Kim
cf9c59241d Merge "Fix policy file order for hal_attributes" am: b2984a49bd 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2121272

Change-Id: I5613be959f16d63d21cab13eda4343f2055e7b70
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-10 09:29:27 +00:00
Inseob Kim
b2984a49bd Merge "Fix policy file order for hal_attributes" 2022-06-10 09:07:02 +00:00
Yi-Yo Chiang
598d079de7 Label ro.force.debuggable as build_prop 
It was default_prop. Label it build_prop for good code hygiene.

Bug: 223517900
Test: Boot with and without debug boot image
Change-Id: I4e00d301eb526a0fc9e29657cbcedda8dd0fc7b1
 2022-06-10 14:52:38 +08:00
Thiébaud Weksteen
033f4d11f6 [automerger skipped] DO NOT MERGE: Move bind permission on netlink to private am: d6e0b0b371 am: 2e26d143bf -s ours am: 7944bcd029 -s ours am: 31da33921e -s ours am: 566d02d543 -s ours am: e498ed9f0e -s ours am: 7b9395086e -s ours 
am skip reason: subject contains skip directive

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/17630426

Change-Id: Ib63b36dca2123bb5517323d657e53fe4092ed729
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-10 03:32:02 +00:00
Thiébaud Weksteen
7b9395086e [automerger skipped] DO NOT MERGE: Move bind permission on netlink to private am: d6e0b0b371 am: 2e26d143bf -s ours am: 7944bcd029 -s ours am: 31da33921e -s ours am: 566d02d543 -s ours am: e498ed9f0e -s ours 
am skip reason: subject contains skip directive

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/17630426

Change-Id: Ic3b7c00f7b89594a61200e8da1be4d0808b9d868
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-10 03:10:24 +00:00
Treehugger Robot
7a015c31ed Merge "Obsolete BOARD_PLAT_*_SEPOLICY_DIR" am: 747fc1236e am: e9cd3e95cb 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2120421

Change-Id: Idf614d34ba934688b4d9e7a22be28b5d133c54b7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-10 02:35:02 +00:00
Treehugger Robot
e9cd3e95cb Merge "Obsolete BOARD_PLAT_*_SEPOLICY_DIR" am: 747fc1236e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2120421

Change-Id: Icd4eaabc5a7288d04b7f642aaa8bb8f2371d2e86
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-10 02:16:02 +00:00
Thiébaud Weksteen
f5242681b7 [automerger skipped] DO NOT MERGE: Move bind permission on netlink to private am: d6e0b0b371 am: 2e26d143bf -s ours am: 7944bcd029 -s ours am: 31da33921e -s ours am: 566d02d543 -s ours am: 9f688bcbfd -s ours am: 269074e48d -s ours am: 0d8e2fe39e -s ours 
am skip reason: subject contains skip directive

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/17630426

Change-Id: I4b3a16d90de91b833a15e912ca4ef2e59a9d5579
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-10 02:15:47 +00:00
Treehugger Robot
747fc1236e Merge "Obsolete BOARD_PLAT_*_SEPOLICY_DIR" 2022-06-10 01:56:16 +00:00
Thiébaud Weksteen
0d8e2fe39e [automerger skipped] DO NOT MERGE: Move bind permission on netlink to private am: d6e0b0b371 am: 2e26d143bf -s ours am: 7944bcd029 -s ours am: 31da33921e -s ours am: 566d02d543 -s ours am: 9f688bcbfd -s ours am: 269074e48d -s ours 
am skip reason: subject contains skip directive

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/17630426

Change-Id: I11166af5f4113a7f92db65ea9bb8e246e9257318
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-10 01:43:17 +00:00
Thiébaud Weksteen
269074e48d [automerger skipped] DO NOT MERGE: Move bind permission on netlink to private am: d6e0b0b371 am: 2e26d143bf -s ours am: 7944bcd029 -s ours am: 31da33921e -s ours am: 566d02d543 -s ours am: 9f688bcbfd -s ours 
am skip reason: subject contains skip directive

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/17630426

Change-Id: I6631a56c85aa17da2da3c1c975c6ba2ffb3dfe48
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-10 01:19:43 +00:00
Thiébaud Weksteen
9f688bcbfd [automerger skipped] DO NOT MERGE: Move bind permission on netlink to private am: d6e0b0b371 am: 2e26d143bf -s ours am: 7944bcd029 -s ours am: 31da33921e -s ours am: 566d02d543 -s ours 
am skip reason: subject contains skip directive

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/17630426

Change-Id: Id133415d8659c7c6572a84ce288c08ebf127e2a2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-10 01:02:41 +00:00
Thiébaud Weksteen
e498ed9f0e [automerger skipped] DO NOT MERGE: Move bind permission on netlink to private am: d6e0b0b371 am: 2e26d143bf -s ours am: 7944bcd029 -s ours am: 31da33921e -s ours am: 566d02d543 -s ours 
am skip reason: subject contains skip directive

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/17630426

Change-Id: I8782b78cac7b0bdb90d646a1bc1422f6e5e9a18d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-10 01:01:38 +00:00
Thiébaud Weksteen
566d02d543 [automerger skipped] DO NOT MERGE: Move bind permission on netlink to private am: d6e0b0b371 am: 2e26d143bf -s ours am: 7944bcd029 -s ours am: 31da33921e -s ours 
am skip reason: subject contains skip directive

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/17630426

Change-Id: I17212f12f13a065afb904f82355e4e36ffee49d4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-10 00:33:30 +00:00
Thiébaud Weksteen
31da33921e [automerger skipped] DO NOT MERGE: Move bind permission on netlink to private am: d6e0b0b371 am: 2e26d143bf -s ours am: 7944bcd029 -s ours 
am skip reason: subject contains skip directive

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/17630426

Change-Id: I3cae5899a82c1631302d5b95b16ce3ce0aae20cb
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-10 00:15:58 +00:00
Thiébaud Weksteen
7944bcd029 [automerger skipped] DO NOT MERGE: Move bind permission on netlink to private am: d6e0b0b371 am: 2e26d143bf -s ours 
am skip reason: subject contains skip directive

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/17630426

Change-Id: I6e92aa29c692a386d5b1801d1609ef7d257a0ee5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-09 23:59:44 +00:00
Vova Sharaienko
ba7b22eb58 Merge "hal_vehicle_default: enabled communication with statsd" am: 7816224ea2 am: 38ad5d01c4 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2106885

Change-Id: I44c534028b7080f332ea901efb4d6fb20c89793a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-09 23:45:29 +00:00
Akilesh Kailash
e673ce9fb5 Allow update_verifier to connect to snapuserd daemon am: 5fe8252425 am: ba1b02ae5b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2039364

Change-Id: I7b25072da70f0ed71173a4db6dfa30dd9b269a69
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-09 23:45:04 +00:00
Thiébaud Weksteen
2e26d143bf DO NOT MERGE: Move bind permission on netlink to private am: d6e0b0b371 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/17630426

Change-Id: I7d3a7d51f77d00070ba4b25040483528177ed43b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-09 23:43:33 +00:00
Vova Sharaienko
38ad5d01c4 Merge "hal_vehicle_default: enabled communication with statsd" am: 7816224ea2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2106885

Change-Id: Id31bf7bf78f66575871ba3718889442360c64e9f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-09 23:03:51 +00:00