tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
42222 commits 1 branch 0 tags 50 MiB
Commit graph

1963 commits

Author SHA1 Message Date
Akilesh Kailash
12e344b7de Merge "Set sepolicy for ublk control device and block device" am: a3c0ca4e67 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2433673

Change-Id: Ia1104a335a2932a48bc2f9eecb547c65e13fe334
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-14 04:41:42 +00:00
Akilesh Kailash
a3c0ca4e67 Merge "Set sepolicy for ublk control device and block device" 2023-02-14 03:59:06 +00:00
Akilesh Kailash
63a21044f2 Set sepolicy for ublk control device and block device 
ublk-control device: /dev/ublk-control
ublk-block device: /dev/block/ublkbN where N is 0,1,2..

Bug: 269144965
Test: Verify sepolicy changes through kernel logs when user-space daemon
communicates with ublk driver

Change-Id: I10de557566e3c0628ea72fbbda4cff21e7cda68f
Signed-off-by: Akilesh Kailash <akailash@google.com>
 2023-02-13 16:30:40 -08:00
Jeffrey Huang
e53a5b25b6 Merge "Restrict system server from reading statsd data" am: 01fd5eb907 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2410783

Change-Id: I18a4d57758865141a9e0b6f479ff5aabf8db0ece
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-13 23:07:21 +00:00
Jeffrey Huang
01fd5eb907 Merge "Restrict system server from reading statsd data" 2023-02-13 22:37:09 +00:00
Brian Julian
e346f2fe80 Merge "Backports sepolicy for AltitudeService to T." am: f388934ffe 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2406792

Change-Id: I8cd9387e7b27e032e38b23a531a710a8801c6a5b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-08 18:51:22 +00:00
Brian Julian
32b0a39d27 Backports sepolicy for AltitudeService to T. 
Test: VtsHalAltitudeServiceTargetTest
Bug: 265013616
Change-Id: I8eb6af8b9350e0d021ef781eb9f3776b4adf3b7f
Merged-In: I8eb6af8b9350e0d021ef781eb9f3776b4adf3b7f
 2023-02-07 19:38:17 +00:00
Jeffrey Huang
fcf5a91e00 Restrict system server from reading statsd data 
Bug: 267367423
Test: m -j
Change-Id: I0628142c2380cf568643f864ae211fbf5380550c
 2023-02-06 18:29:21 -08:00
Treehugger Robot
d1c26af880 Merge "Add selinux permissions for DeviceAsWebcam Service" am: 870b368ec5 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2410788

Change-Id: I4f2f7feac7862ff525e1ebf15c7ee1f036ca9fb3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-03 02:00:29 +00:00
Avichal Rakesh
e0929241a1 Add selinux permissions for DeviceAsWebcam Service 
DeviceAsWebcam is a new service that turns an android device into a
webcam. It requires access to all services that a
regular app needs access to, and it requires read/write permission to
/dev/video* nodes which is how the linux kernel mounts the UVC gadget.

Bug: 242344221
Bug: 242344229
Test: Manually tested that the service can access all the nodes it
      needs, and no selinux exceptions are reported for the service
      when running.
Change-Id: I45c5df105f5b0c31dd6a733f50eb764479d18e9f
 2023-02-02 12:26:33 -08:00
Alex Hong
41d99a9951 Merge changes from topic "fix_missing_set_denials" am: e79c506fe4 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2410790

Change-Id: I24358b23b958974800af032577f7b6758e0f05c8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-02 14:23:14 +00:00
Alex Hong
255a5ae441 Allow vendor_init to set properties for recovery/fastbootd USB IDs am: 1abf80e5c1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2388472

Change-Id: I01ea3a4ebb6d5111941e61f8a7e41bbff2d83a3c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-02 14:23:10 +00:00
Alex Hong
e79c506fe4 Merge changes from topic "fix_missing_set_denials" 
* changes:
  Add build properties for attestation feature
  Allow vendor_init to set properties for recovery/fastbootd USB IDs
 2023-02-02 14:04:36 +00:00
Alex Hong
4c23abb282 Add build properties for attestation feature 
The properties for attestation are congifured in build.prop files and
used by frameworks Build.java.
Allow vendor_init to set these properties and allow Zygote to access
them.

Bug: 211547922
Test: SELinuxUncheckedDenialBootTest
Change-Id: I5666524a9708c6fefe113ad4109b8a344405ad57
 2023-02-02 18:52:35 +08:00
Karthik Mahesh
4fc055b5cd Merge "Add sepolicy for ODP system server service." am: 4fd76147c4 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2402876

Change-Id: I0aea8a5cc639ad2bd70b59148dfc2c463827497a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-02 10:39:26 +00:00
Karthik Mahesh
4fd76147c4 Merge "Add sepolicy for ODP system server service." 2023-02-02 08:21:46 +00:00
Karthik Mahesh
52e5914ca4 Add sepolicy for ODP system server service. 
Bug: 236174677
Test: build
Change-Id: Ief208b795dd05ddaa406f50a5fa91f46fe52fd71
 2023-02-01 22:27:36 -08:00
Florian Mayer
e17c5905a6 Merge "[MTE] Add memory_safety_native_boot namespace" am: cbeec8f821 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2411338

Change-Id: I68c6e7830b622bcbd6d9f10527378183a53044ae
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-01 22:21:23 +00:00
Florian Mayer
cbeec8f821 Merge "[MTE] Add memory_safety_native_boot namespace" 2023-02-01 21:41:45 +00:00
Charles Chen
5317542847 Merge changes from topic "iso_compute" am: b36ecf6caa 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2390967

Change-Id: Ib84377f876f96dfcbac94bcee9a4a9c7cf408eed
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-01 18:29:18 +00:00
Charles Chen
b36ecf6caa Merge changes from topic "iso_compute" 
* changes:
  Add isolated_compute_app domain
  Share isolated properties across islolated apps
 2023-02-01 17:33:59 +00:00
Alex Hong
1abf80e5c1 Allow vendor_init to set properties for recovery/fastbootd USB IDs 
Bug: 211547922
Test: SELinuxUncheckedDenialBootTest
Test: Enter recovery/fastbootd mode
      $ lsusb -d 18d1:
Change-Id: Ibee1210c1a70a3165e70f9b3b57e11949e412c97
 2023-02-01 17:49:32 +08:00
Treehugger Robot
a2cb810593 Merge "Add selinux permissions for ro.usb.uvc.enabled" am: 11eb002e83 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2410787

Change-Id: Ie38aa8c6a5be43b53cd72214cd6f4fe16f872407
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-01 07:43:58 +00:00
Florian Mayer
94926f51df [MTE] Add memory_safety_native_boot namespace 
Bug: 267234468
Change-Id: I248fdf58a744f0c70a26d6a8f7d4caa0a6ce8edb
 2023-01-31 15:48:40 -08:00
Avichal Rakesh
a12d3103be Add selinux permissions for ro.usb.uvc.enabled 
This CL the selinux rules for the property ro.usb.uvc.enabled which will
be used to toggle UVC Gadget functionality on the Android Device.

Bug: 242344221
Bug: 242344229
Test: Manually tested that the property can only be read at runtime,
      not written to.
Change-Id: I0fd6051666d9554037acc68fa81226503f514a45
 2023-01-31 11:17:50 -08:00
Charles Chen
3d4a6b7474 Add isolated_compute_app domain 
Provides a new domain to enable secure sensitive data processing. This
allows processing of sensitive data, while enforcing necessary privacy
restrictions to prevent the egress of data via network, IPC or file
system.

Bug: 255597123
Test: m &&  manual - sample app with IsolatedProcess=True can use camera
service

Change-Id: I401667dbcf492a1cf8c020a79f8820d61990e72d
 2023-01-31 15:24:55 +00:00
Inseob Kim
1dba2f058a Merge "Add comments on compat files" am: beee8849a6 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2405373

Change-Id: I09be668bc0fe182d1a87c046c1002a865f7b9342
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-31 07:32:10 +00:00
Inseob Kim
338f81baac Add comments on compat files 
To prevent further confusion.

Bug: 258029505
Test: manual
Change-Id: Iaa145e4480833a224b1a07fc68adb7d3e8a36e4b
 2023-01-31 09:57:26 +09:00
Yuyang Huang
32788d6842 Blocks untrusted apps to access /dev/socket/mdnsd from U am: cfdea5f4f3 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2388478

Change-Id: I9cee4d4b5d13612b02f63b377d32efae99d3ca67
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-20 10:09:07 +00:00
Yuyang Huang
cfdea5f4f3 Blocks untrusted apps to access /dev/socket/mdnsd from U 
The untrusted apps should not directly access /dev/socket/mdnsd since
API level 34 (U). Only adbd and netd should remain to have access to
/dev/socket/mdnsd. For untrusted apps running with API level 33-, they
still have access to /dev/socket/mdnsd for backward compatibility.

Bug: 265364111
Test: Manual test
Change-Id: Id37998fcb9379fda6917782b0eaee29cd3c51525
 2023-01-20 15:25:46 +09:00
Jiakai Zhang
1373154885 Explicitly list "pm.dexopt." sysprops. am: 9bbc1c0e72 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2388479

Change-Id: Ia273f78fc603757969b4678767c2ea3b08f30520
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-19 06:27:43 +00:00
Jiakai Zhang
9bbc1c0e72 Explicitly list "pm.dexopt." sysprops. 
Bug: 256639711
Test: m
Change-Id: I5e6bd4fd8ec516a23f4e3a5658a651f04d40412c
 2023-01-19 12:07:25 +08:00
Alistair Delva
4b3d6db075 Merge "Add missing permissions for default bluetooth hal" am: e7fc603518 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2376448

Change-Id: Ib3ddc8e777f012d839e7881b9a383dddc99d67d7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-18 22:26:05 +00:00
Alistair Delva
e7fc603518 Merge "Add missing permissions for default bluetooth hal" 2023-01-18 22:16:06 +00:00
Treehugger Robot
e6b7e8aebf Merge "Allow mkfs/fsck for zoned block device" am: 9b69f0de58 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2390134

Change-Id: Ib7a44a32ce2ec9cc66c74b48e1c5566a6f35e349
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-18 16:12:04 +00:00
Jaegeuk Kim
b5f16b2392 Allow mkfs/fsck for zoned block device 
Zoned block device will be used along with userdata_block_device
for /data partition.

Bug: 197782466
Change-Id: I777a8b22b99614727086e72520a48dbd8306885b
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
 2023-01-17 17:59:28 -08:00
Lorenzo Colitti
d842a85d44 Merge "Update SEPolicy for Tetheroffload AIDL" am: b8194ca7fb 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2355402

Change-Id: Ie4aad80ff32164a962fa5f140db97be9c51776fe
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-18 00:13:12 +00:00
Lorenzo Colitti
b8194ca7fb Merge "Update SEPolicy for Tetheroffload AIDL" 2023-01-18 00:04:51 +00:00
Henri Chataing
9ff3423527 Add missing permissions for default bluetooth hal 
Test: launch_cvd
Bug: 205758693
Change-Id: Ie55352bbe48c5eef281a293bedc5aa057f5dcdad
Merged-In: Ie55352bbe48c5eef281a293bedc5aa057f5dcdad
 2023-01-12 19:02:57 +00:00
Xin Li
0ba8f8934a Merge tm-qpr-dev-plus-aosp-without-vendor@9467136 
Bug: 264720040
Merged-In: Id5f052116834034a9e4fd5c3adf17d3d7ef6610a
Change-Id: I84e152300ba7ece94e47e270eba1d7280a72343a
 2023-01-11 22:47:37 -08:00
Nathalie Le Clair
98e20da831 Merge "HDMI: Refactor HDMI packages" 2023-01-10 17:05:17 +00:00
Bill Yi
15ee6d11bc Merge TQ1A.230105.002 to aosp-master - DO NOT MERGE 
Merged-In: I9acac60411da6eee86246a9e375b35dfb61691d1
Merged-In: If343dba5dae2821fa345135abafb891e85be5574
Change-Id: Ia868a5a11f13d47bf11fbb21b3d5cee12d7c8c99
 2023-01-06 07:13:50 -08:00
Treehugger Robot
5efaa62b95 Merge "EARC: Add Policy for EArc Service" am: 6baccc1d8e am: 1791ca2220 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2320410

Change-Id: I7945e5044d54ba6a5f00524512c9153f0229242b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-04 04:27:27 +00:00
Treehugger Robot
6baccc1d8e Merge "EARC: Add Policy for EArc Service" 2023-01-04 03:30:47 +00:00
KH Shi
8ae99b5e5f Update SEPolicy for Tetheroffload AIDL 
Bug: b/205762647
Test: m
Change-Id: Iaf87e8a64a4a1af20f54e3c09c31d051acf549a1
 2023-01-04 11:28:47 +08:00
Venkatarama Avadhani
5a86d5f3f3 HDMI: Refactor HDMI packages 
Organize the HDMI packages into CEC, EArc and connection under a common
hdmi package.

Bug: 261729059
Test: atest vts_treble_vintf_framework_test
      atest vts_treble_vintf_vendor_test
Change-Id: Ief5bff996028775ea355b392a4028a091fb83b99
 2022-12-27 18:15:26 +05:30
Venkatarama Avadhani
0f0861af8f EARC: Add Policy for EArc Service 
Test: atest vts_treble_vintf_framework_test
      atest vts_treble_vintf_vendor_test
Bug: 240388105
Change-Id: I561f647a68553fa0134f2e1bd65b0f18dd1785f1
 2022-12-27 18:11:36 +05:30
Calvin Pan
2a53d04c95 Merge "Add grammatical_inflection service" am: f56dfeb2d4 am: ecdc4715bc 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2352743

Change-Id: I8a2a4412d17d6a044e9925ed35a287eb75f04a03
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-15 09:04:12 +00:00
Calvin Pan
f56dfeb2d4 Merge "Add grammatical_inflection service" 2022-12-15 07:38:01 +00:00
Avichal Rakesh
062567b1b3 Merge "cameraservice: Add selinux policy for vndk cameraservice." am: 95ecfc2f33 am: 5e5c23595e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2346843

Change-Id: Ifa44e738457c8e8f3d4365804a87e690cca94da4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-15 00:01:04 +00:00