tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
43671 commits 1 branch 0 tags 50 MiB
Commit graph

43671 commits

This branch
This branch
All branches
Author SHA1 Message Date
Vadim Caen
96c681a8a1 Merge "Policy for virtual_camera" into main am: bb59231998 am: 2199233cfd am: 3674481782 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2655420

Change-Id: I50e5361dbd21b189292b771c38764ab082aa9b05
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-26 13:36:21 +00:00
Dennis Shen
e3c06598a0 Merge "SELinux allow listing core_experiements_team_internal namespace" into main am: d0042c6e99 am: 5d837ee749 am: 2601a373fb 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2675539

Change-Id: Icfcbdc3dcd01560639db6ea8f4cf79b9790c2d4d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-26 13:36:09 +00:00
Inseob Kim
c5fee689c7 Merge "Update seapp_contexts precedence documentation" into main am: 60b8c39abc am: 66ea241db2 am: 73702452b9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2671176

Change-Id: I94239971c6a5f195d597156061695eb56bc78b7d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-26 13:35:53 +00:00
Vadim Caen
3674481782 Merge "Policy for virtual_camera" into main am: bb59231998 am: 2199233cfd 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2655420

Change-Id: Ic8d5d7b1cdd0d72777cd8ac1bd58ad0a4f5fa619
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-26 12:53:11 +00:00
Dennis Shen
2601a373fb Merge "SELinux allow listing core_experiements_team_internal namespace" into main am: d0042c6e99 am: 5d837ee749 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2675539

Change-Id: I7597c71c700dd6e3c1785a8d0afd6bbc70e1e515
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-26 12:52:58 +00:00
Inseob Kim
73702452b9 Merge "Update seapp_contexts precedence documentation" into main am: 60b8c39abc am: 66ea241db2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2671176

Change-Id: I6b9963e0b4409b3586c5ab82755539dbcadbadd1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-26 12:52:39 +00:00
Vadim Caen
2199233cfd Merge "Policy for virtual_camera" into main am: bb59231998 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2655420

Change-Id: I2321f72b47111a3900f3b5e645a77b7f2a728d1d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-26 12:33:49 +00:00
Dennis Shen
5d837ee749 Merge "SELinux allow listing core_experiements_team_internal namespace" into main am: d0042c6e99 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2675539

Change-Id: I234aa003d11f42376a6a836c0716165e8e6e0e31
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-26 12:32:42 +00:00
Vadim Caen
bb59231998 Merge "Policy for virtual_camera" into main 2023-07-26 12:20:17 +00:00
Dennis Shen
d0042c6e99 Merge "SELinux allow listing core_experiements_team_internal namespace" into main 2023-07-26 12:16:44 +00:00
Inseob Kim
66ea241db2 Merge "Update seapp_contexts precedence documentation" into main am: 60b8c39abc 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2671176

Change-Id: I4c6d4a5f904fbf8121f3ff982fa44108a3ce792c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-26 12:09:32 +00:00
Inseob Kim
60b8c39abc Merge "Update seapp_contexts precedence documentation" into main 2023-07-26 11:39:08 +00:00
Inseob Kim
7bb1b5d170 Update seapp_contexts precedence documentation 
Bug: 280547417
Test: TH
Change-Id: I914ef7a7f87b0646411a67e4eec128b61d3ff321
 2023-07-26 11:28:55 +00:00
Eric Biggers
5666555817 Merge "Remove fsverity_init SELinux rules" into main am: 3a575356fa am: ca7e36f44e am: 9f946680ba 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2662775

Change-Id: I323e47cb925c2dcb4cc5875957d199f4e3fb5fde
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-26 01:22:30 +00:00
Eric Biggers
9f946680ba Merge "Remove fsverity_init SELinux rules" into main am: 3a575356fa am: ca7e36f44e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2662775

Change-Id: If8c09076709334da183a555bdf9c83b81a964107
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-26 00:35:03 +00:00
Eric Biggers
ca7e36f44e Merge "Remove fsverity_init SELinux rules" into main am: 3a575356fa 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2662775

Change-Id: I784acd4f47202d90e5ff81aa97bc49d8b9dd7846
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-25 23:46:13 +00:00
Eric Biggers
3a575356fa Merge "Remove fsverity_init SELinux rules" into main 2023-07-25 22:49:09 +00:00
Dennis Shen
3b8c57fb93 SELinux allow listing core_experiements_team_internal namespace 
Bug: b/291771863
Change-Id: I788e4d5241d824dee249aa8c6d7cb5405c0fac37
 2023-07-25 20:15:02 +00:00
Vadim Caen
d64cf75c48 Policy for virtual_camera 
Adds a policy to run the virtual_camera process which:
 - registers a service implementing the camera HAL
 - registers a service to reveive communicate with virtual cameras via
   system_server

Bug: 253991421
Test: CTS test
android.virtualdevice.cts.VirtualDeviceManagerBasicTest#createDevice_createCamera

Change-Id: I772d176919b8dcd3b73946935ed439207c948f2b
 2023-07-25 19:27:48 +00:00
Treehugger Robot
33f980db75 Merge "Allow dex2oat access to symlinks in APEXes to find DCLA libs." into main am: 9f8e315bc8 am: 22af70c4b9 am: 2239b4e016 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2673696

Change-Id: Ibaae75349e9fb28f63e708c5994221206340d759
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-25 18:01:41 +00:00
Treehugger Robot
2239b4e016 Merge "Allow dex2oat access to symlinks in APEXes to find DCLA libs." into main am: 9f8e315bc8 am: 22af70c4b9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2673696

Change-Id: If23fa3faa5106bbae40814e7f719ae7359610fc5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-25 17:05:42 +00:00
Treehugger Robot
22af70c4b9 Merge "Allow dex2oat access to symlinks in APEXes to find DCLA libs." into main am: 9f8e315bc8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2673696

Change-Id: Id11bb798566aa6227dd50406a6d11ddc3750133b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-25 16:23:59 +00:00
Treehugger Robot
9f8e315bc8 Merge "Allow dex2oat access to symlinks in APEXes to find DCLA libs." into main 2023-07-25 15:25:57 +00:00
Martin Stjernholm
502a036436 Allow dex2oat access to symlinks in APEXes to find DCLA libs. 
With the introduction of DCLA (/apex/sharedlibs APEX), .so files can be
symlinked into that APEX, so we need to allow reading symlinks to be
able to link the dex2oat binary successfully.

This fixes "CANNOT LINK EXECUTABLE" errors for dex2oat during OTA
preopting.

Test: Apply an OTA manually and check logs for errors
Bug: 291974157
Change-Id: I9eca91c94e8d33fe618783cea262ea3881957620
 2023-07-25 00:07:27 +01:00
Pontus Lidman
aa1b131d6a Merge "Add SELinux config for new SensorFusion property" into main am: 1d68b1b2da am: 9e71d05a76 am: 41d8a94daa 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2667563

Change-Id: Idf4c18912e2de2417454957e29c920cefc00c763
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-21 23:00:10 +00:00
Pontus Lidman
41d8a94daa Merge "Add SELinux config for new SensorFusion property" into main am: 1d68b1b2da am: 9e71d05a76 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2667563

Change-Id: Id42f2abb4dc0d913366c6d7ff394c3e3e1f5562b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-21 22:13:16 +00:00
Pontus Lidman
9e71d05a76 Merge "Add SELinux config for new SensorFusion property" into main am: 1d68b1b2da 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2667563

Change-Id: I0d3ff020cdeb06b15ed196f8436c1a5aaa7d956e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-21 21:33:07 +00:00
Pontus Lidman
1d68b1b2da Merge "Add SELinux config for new SensorFusion property" into main 2023-07-21 20:52:40 +00:00
Pontus Lidman
0af0e71062 Add SELinux config for new SensorFusion property 
Add required SELinux configuration to support the sensor
configuration property:
sensors.aosp_low_power_sensor_fusion.maximum_rate

Test: use getprop to verify presence and readability
of the new property. dumpsys sensorservice to verify
sensor service is picking up the property value.

Change-Id: I96b8fd6ce72d7a5bf69b028802b329b03f261585
 2023-07-21 00:42:24 +00:00
Devika Krishnadas
f909d3d92f Merge "Add label for allocator 2 service" into main am: d4908949ef am: 5d227a112e am: 7bf74f801f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2634246

Change-Id: Ia963dc28b9b7ebdb4fac048448c31b8d264db1b5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-20 20:43:20 +00:00
Devika Krishnadas
7bf74f801f Merge "Add label for allocator 2 service" into main am: d4908949ef am: 5d227a112e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2634246

Change-Id: I751d9e53a03ee11e7ad50a126278fcb2880c080b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-20 19:57:33 +00:00
Devika Krishnadas
5d227a112e Merge "Add label for allocator 2 service" into main am: d4908949ef 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2634246

Change-Id: I0f5e52e4798478876eb707939feab9936f1182d0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-20 19:14:22 +00:00
Devika Krishnadas
d4908949ef Merge "Add label for allocator 2 service" into main 2023-07-20 18:36:23 +00:00
Eric Biggers
306f510611 Remove fsverity_init SELinux rules 
Since the fsverity_init binary is being removed, remove the
corresponding SELinux rules too.

For now, keep the rule "allow domain kernel:key search", which existed
to allow the fsverity keyring to be searched.  It turns out to actually
be needed for a bit more than that.  We should be able to replace it
with something more precise, but we need to be careful.

Bug: 290064770
Test: Verified no SELinux denials when booting Cuttlefish
Change-Id: I992b75808284cb8a3c26a84be548390193113668
 2023-07-20 17:57:23 +00:00
Kiyoung Kim
3f6e3f06b0 Merge "Label former VNDK-SP libraries in vendor as sphal" into main am: 4b6eabed21 am: ecbdd19801 am: 2f4fcc4b77 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2664335

Change-Id: Ib985ac43e08cfcbf93dbdbba883fe676b5c626bd
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-20 03:45:42 +00:00
Kiyoung Kim
2f4fcc4b77 Merge "Label former VNDK-SP libraries in vendor as sphal" into main am: 4b6eabed21 am: ecbdd19801 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2664335

Change-Id: Ifd3e3b8500015649ab5ff5263cc699e373e02689
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-20 03:00:56 +00:00
Kiyoung Kim
ecbdd19801 Merge "Label former VNDK-SP libraries in vendor as sphal" into main am: 4b6eabed21 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2664335

Change-Id: I52e0b26b3337ed5efd6e456ddb0ed6caa6269eb1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-20 02:17:46 +00:00
Kiyoung Kim
4b6eabed21 Merge "Label former VNDK-SP libraries in vendor as sphal" into main 2023-07-20 01:46:44 +00:00
Lee George Thomas
a7e1ba87c2 [automerger skipped] Merge "Add SELinux context for a new lmk system property" into main am: ae8d169405 am: f3be3b67dc -s ours am: 78eb197d5d -s ours 
am skip reason: Merged-In I7ba35f0ee5aad8f917e01c7586f04d11ed078633 with SHA-1 5d03e8cf33 is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2650043

Change-Id: Ibd7d70b8a50c849664895d3c61df513a1d46540c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-19 23:59:10 +00:00
Lee George Thomas
78eb197d5d [automerger skipped] Merge "Add SELinux context for a new lmk system property" into main am: ae8d169405 am: f3be3b67dc -s ours 
am skip reason: Merged-In I7ba35f0ee5aad8f917e01c7586f04d11ed078633 with SHA-1 5d03e8cf33 is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2650043

Change-Id: If60f45e850eff556f3f3ec976558f42bbd5d65f4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-19 23:36:47 +00:00
Lee George Thomas
f3be3b67dc Merge "Add SELinux context for a new lmk system property" into main am: ae8d169405 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2650043

Change-Id: I7ef15ca041271832d665d03af6cc379167418caf
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-19 22:57:50 +00:00
Lee George Thomas
ae8d169405 Merge "Add SELinux context for a new lmk system property" into main 2023-07-19 22:28:24 +00:00
Devika Krishnadas
c850a596b9 Add label for allocator 2 service 
Bug: 287353739

Change-Id: Ia78237361acac4b668d87ec94746e43945f58bbf
Signed-off-by: Devika Krishnadas <kdevika@google.com>
 2023-07-19 20:20:52 +00:00
Lee George Thomas
771407a3f5 Add SELinux context for a new lmk system property am: 5d03e8cf33 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/24009227

Change-Id: I5b0eed5acd70c80524eb12d63a75e401f4a81769
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-19 20:16:55 +00:00
Kiyoung Kim
0c3a3fd799 Label former VNDK-SP libraries in vendor as sphal 
When VNDK is being deprecated, former VNDK-SP libraries should be loaded
from vendor when system process uses SP-HAL, but this currently fails
because all former VNDK-SP libraries will be marked as vendor library.
This change labels former VNDK-SP libraries installed in the vendor
partition as same labels with SP-HAL libraries so it can be loaded from
system processes.

Bug: 291673098
Test: aosp_cf boot succeded with KEEP_VNDK=false build flag.
Change-Id: I2601ae8e7acd5bbd16fdbe6cee078dfcaa1a5aa2
 2023-07-19 14:13:06 +09:00
Lee George Thomas
5d03e8cf33 Add SELinux context for a new lmk system property 
Add SELinux context for a new lmk system property to add configurability
for delaying psi monitoring until boot completed.

Bug: 288566858
Test: Build, boot and verified logs for avc denial logs.
Ignore-AOSP-First: This is CPed from an AOSP CL to avoid downstream merge conflict

Change-Id: I7ba35f0ee5aad8f917e01c7586f04d11ed078633
 2023-07-17 22:40:48 +00:00
Lee George Thomas
d3f8efa843 Add SELinux context for a new lmk system property 
Add SELinux context for a new lmk system property to add configurability
for delaying psi monitoring until boot completed.

Bug: 288566858
Test: Build, boot and verified logs for avc denial logs.
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:6a80da52aa35a942e064c19fd31c01145d965688)
Merged-In: I7ba35f0ee5aad8f917e01c7586f04d11ed078633

Change-Id: I7ba35f0ee5aad8f917e01c7586f04d11ed078633
 2023-07-17 13:59:14 -07:00
David Anderson
856e8d7b02 Merge "Allow lpdumpd to read Virtual A/B diagnostics." into main am: f08664825b am: 9bb18711a9 am: 383c3d4908 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2656944

Change-Id: I02a7daf8eaa71ad88774f0bed38716972d4f164e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-17 19:07:29 +00:00
David Anderson
383c3d4908 Merge "Allow lpdumpd to read Virtual A/B diagnostics." into main am: f08664825b am: 9bb18711a9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2656944

Change-Id: Ibcf4d3c147b00b41ec41b2d7ede2cdccd2f5e544
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-17 18:22:33 +00:00
David Anderson
9bb18711a9 Merge "Allow lpdumpd to read Virtual A/B diagnostics." into main am: f08664825b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2656944

Change-Id: I272915312f296451bc067cce2a26ba1fe241b006
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-17 17:37:19 +00:00