tequilaOS/platform_system_sepolicy

Author	SHA1	Message	Date
Seungjae Yoo	f60a1e0b90	Set sepolicy for vmnic in AVF Bug: 340376951 Test: Presubmit Change-Id: I5f48ff4a459805de2f74d160c1b61473c6de0466	2024-05-20 14:15:22 +09:00
Inseob Kim	ff2018fa84	Fix bpfmt Bug: N/A Test: N/A Flag: NONE trivial format change Change-Id: I8f6293dcc47a4ead347c4861ba929d4b3042c311	2024-04-17 09:55:49 +09:00
Jiakai Zhang	817c49f74c	Update sepolicy for service dexopt_chroot_setup and artd_pre_reboot. Bug: 311377497 Test: manual - Call getDexoptChrootSetupServiceRegisterer().waitForService() Test: manual - Set up a chroot environment and call getArtdPreRebootServiceRegisterer().waitForService() Change-Id: I50b5f7f858dab37f05174cb9787f64303d50d083	2024-02-08 10:13:27 +08:00
Torne (Richard Coles)	5c6353a757	Define file contexts for WebViewBootstrap apex. Set up minimal file_contexts for the com.android.webview.bootstrap APEX. Bug: 318717084 Test: m com.android.webview.bootstrap Change-Id: Id707617447dc44111891446eea442b31b7ff1b57	2024-01-25 15:05:12 -05:00
Yu-Ting Tseng	43cae4ea24	Revert^2 "Update uprobestats SELinux policy" This reverts commit `5e1d7f1c85`. Reason for revert: retry with a fix to the failed tests Test: atest art_standalone_oatdump_tests Change-Id: I28872c643ba4ec07ef41b1f9be86036c592a6e4e	2023-12-14 17:17:18 -08:00
Yu-Ting Tseng	5e1d7f1c85	Revert "Update uprobestats SELinux policy" This reverts commit `a87a13f16c`. Reason for revert: b/316386186 Change-Id: Ia39371ee9d96c1b1fdf71d67abc7765019c4f185	2023-12-14 19:50:49 +00:00
Yu-Ting Tseng	a87a13f16c	Update uprobestats SELinux policy The changes include - allow binder calls to ActivityManager and NativePackageManager - allow binder calls from system server - allow writes of statsd atoms - allow init to start uprobestats - permission for uprobestats config files and propery - allow execution of oatdump so it can look up code offsets - allow scanning /proc. Test: m selinux_policy Change-Id: Id1864b7dac3a2c5dcd8736c4932778e36b658ce3	2023-12-13 16:49:23 -08:00
Inseob Kim	094e8e81a2	Flag-guard vfio_handler policies vfio_handler will be active only if device assignment feature is turned on. Bug: 306563735 Test: microdroid tests with and without the flag Change-Id: I5559dfca1a29852b65481c95f37edc9977ee9d7d	2023-11-22 05:28:20 +00:00
Roshan Pius	13b56467fa	Merge "sepolicy: Rename NFC apex package name" into main	2023-10-16 18:31:02 +00:00
Roshan Pius	b013422f8f	sepolicy: Rename NFC apex package name To avoid clash with existing com.android.nfc package of NFC app. Bug: 303286040 Test: Compiles Merged-In: I1474146312b7131ac847aad23e1a71e24351d750 Change-Id: I1474146312b7131ac847aad23e1a71e24351d750	2023-10-13 18:04:49 +00:00
Maciej Żenczykowski	6b7fe0b63e	tethering apex - label netbpfload We may want to use a dedicated selinux context for this in the future, but in the mean time we need this. Test: TreeHugger Signed-off-by: Maciej Żenczykowski <maze@google.com> Change-Id: Ib3ed06efc4d2e3a621f187543fad4ab1a84027ec	2023-10-11 03:49:23 -07:00
Roshan Pius	0282b5dfbf	sepolicy(apex): Create NFC apex am: `bca3c75421` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2770906 Change-Id: Id4f3b571ec0432129acbb9d5013a3ddd5a174fbf Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-10-04 01:42:43 +00:00
Roshan Pius	bca3c75421	sepolicy(apex): Create NFC apex Bug: 303286040 Test: Compiles Change-Id: I6a0edcb29879880f18e96d7d7a9cb1b08be1dc1b	2023-10-03 13:31:42 -07:00
Thiébaud Weksteen	e396c3c486	Remove com.android.sepolicy policy am: `cc85f22c4d` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2755965 Change-Id: I44486d4b0a9d90b5b4b91d38840bc42902f34242 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-09-20 02:30:34 +00:00
Thiébaud Weksteen	cc85f22c4d	Remove com.android.sepolicy policy Bug: 297794885 Test: presubmit Change-Id: I91b1584fe2e13322cd3a0add92887097e190246e	2023-09-19 12:41:52 +10:00
Kangping Dong	044116c3e4	Merge "[Thread] move ot-daemon to the tethering module" into main am: `e32751f748` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2736996 Change-Id: I15539e9663e50ba4d77f311d1e6a9b5fc12d9970 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-09-11 18:58:45 +00:00
Kangping Dong	07bc7d3243	Merge "[Thread] move ot-ctl to vendor" into main am: `1348776bed` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2737114 Change-Id: I133f6f04d542130cbbd80a3a941991d560eb3ca5 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-09-07 08:25:53 +00:00
Kangping Dong	0c9f48d6ef	[Thread] move ot-daemon to the tethering module The com.android.threadnetwork module is merged into the com.android.tethering module now. Bug: 296211911 Change-Id: I9fec91fff4e2ae4be26da4b0f52e739c4a251cd2	2023-09-06 14:07:14 +08:00
Kangping Dong	fd10f344dc	[Thread] move ot-ctl to vendor "ot-ctl" is a command line tool which is useful for debugging or testing with "ot-daemon". It's not required to be part of the system image. It was previously added to the com.android.threadnetwork apex package, and this commits removes it from the apex. Test: ot-ctl is removed from /apex/com/android/threadnetwork/bin Bug: 299224389 Change-Id: I607a02c9efb26f404ea9da2e5b7109094d3232b6	2023-09-06 14:07:02 +08:00
Xin Li	e07dbe0a63	Merge Android U (ab/10368041) Bug: 291102124 Merged-In: Id2cc5dbbafffb4633706e5cc728cb44abd417340 Change-Id: I77e68f17a1273958bcdc32b5a4b6a0ff3ffdfd2a	2023-08-23 17:20:59 -07:00
Harshit Mahajan	cd4f71a8b5	Add sepolicy rules for crashrecovery APEX. Bug: b/289203818 Test: NA Change-Id: I6d25d413fb512a48e765088bc8dde59c89aec257	2023-08-16 12:00:48 +00:00
Inseob Kim	825056de9a	Add permission for VFIO device binding vfio_handler will bind platform devices to VFIO driver, and then return a file descriptor containing DTBO. This change adds permissions needed for that. Bug: 278008182 Test: adb shell /apex/com.android.virt/bin/vm run-microdroid \ --devices /sys/bus/platform/devices/16d00000.eh --protected Change-Id: Ie947adff00d138426d4703cbb8e7a8cd429c2272	2023-08-02 15:06:51 +09:00
Kangping Dong	49fa8f5fe6	rename otbr-agent to ot-daemon Rename to better align with our long-term vision on Android Bug: 288202515 Change-Id: I1b7e39950d39ec781e46c6c0e1b38ad837b9ce4e	2023-07-04 18:56:37 +08:00
Zhanglong Xia	b2d1fbb7b2	Add sepolicy rules for Thread Network HAL Bug: b/283905423 Test: Build and run the Thread Network stack in Cuttlefish. Change-Id: I783022c66b80274069f8f3c292d84918f41f8221	2023-06-30 10:56:38 +08:00
Treehugger Robot	8743379791	Merge "Remove flatten_apex: property" am: `7f7e8d79a9` am: `d947550b6f` am: `a7627cf627` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2628996 Change-Id: I928001ab7426a6a247315293d0b6a86e176f8bf1 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-06-21 06:29:40 +00:00
Jooyung Han	804e234ced	Remove flatten_apex: property We no longer have targets using flattened apexes. Flattened apexes will be removed from the build system. Bug: 278826656 Test: m Change-Id: I657e01dbfd2525b07c29a234277062d5ac2fab9f	2023-06-20 15:41:05 +09:00
Kangping Dong	f946b06074	Merge "add sepolicy rules for Thread network" am: `aa83af5c3b` am: `ff6ae919c2` am: `498a752dd7` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2612795 Change-Id: Iaf8e6d654eb9fbb7d2b2b17ef16468b0eb7f6ce1 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-06-08 14:50:57 +00:00
Yakun Xu	07429e39ee	add sepolicy rules for Thread network bug: 257371610 (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:0fd52fd521b8167b0ec8836dac3765a16fd6863b) Merged-In: I2c90639f4baecb010230b3aa60f2f09c0ddd9e4f Change-Id: I2c90639f4baecb010230b3aa60f2f09c0ddd9e4f	2023-06-07 07:04:19 +00:00
Martin Stjernholm	e1ac267ddd	Allow the ART boot oneshot service to configure ART config properties. Test: See commit 2691baf9d4f8086902d46b2e340a6e5464857b90 in art/ (ag/23125728) Bug: 281850017 Change-Id: I14baf55d07ad559294bd3b7d9562230e78201d25 (cherry picked from commit `3d7093fd7b`) Merged-In: I14baf55d07ad559294bd3b7d9562230e78201d25	2023-05-16 16:13:42 +01:00
Martin Stjernholm	5557ec5583	Merge "Allow the ART boot oneshot service to configure ART config properties." into udc-dev am: `4f2b8ce361` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23131204 Change-Id: Idb0edb8c39f038d7d21e8c1c41c486d0b34a5e99 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-12 10:54:04 +00:00
Martin Stjernholm	3d7093fd7b	Allow the ART boot oneshot service to configure ART config properties. Test: See commit 2691baf9d4f8086902d46b2e340a6e5464857b90 in art/ (ag/23125728) Bug: 281850017 Ignore-AOSP-First: Will cherry-pick to AOSP later Change-Id: I14baf55d07ad559294bd3b7d9562230e78201d25	2023-05-11 13:38:57 +01:00
Maciej Żenczykowski	0f0c1ab9ce	Merge "remove inprocess tethering" am: `c56709f9af` am: `2960719ac6` am: `8d0ab95eb8` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2567011 Change-Id: Ib2931d6591e6175fff493401517e0f6507e8a271 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-05 22:46:21 +00:00
Maciej Żenczykowski	e52d2349dd	remove inprocess tethering Test: TreeHugger Bug: 279942846 Change-Id: I0fd3a7dfe9b554d18de435e5df47de048e453d00	2023-04-27 19:26:06 +00:00
Satoshi Niwa	6c32aa519c	sepolicy: Add apex/com.android.tethering.inprocess-file_contexts am: `80cd0acd64` am: `6fa337fef5` am: `dcbde45b66` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2504898 Change-Id: I3cddfbef5290c5898ebd218a258f4571370bb4ea Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-03-23 08:42:12 +00:00
Satoshi Niwa	80cd0acd64	sepolicy: Add apex/com.android.tethering.inprocess-file_contexts Needed when using com.android.tethering.inprocess with flattened APEX. Bug: 273821347 Test: trybot Change-Id: Iae6d9547922575398c634433dc07b2e46fbffd8e	2023-03-23 12:43:48 +09:00
Treehugger Robot	ec3147ab9a	Merge "Set system_lib_file for libs in tethering apex" am: `8c086ac589` am: `62b20a0c26` am: `6fb58c72c1` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2442879 Change-Id: I5376082ff0d62b7bf6939bd7ae8eb275db23e3e4 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-02-17 18:36:37 +00:00
Jooyung Han	a5506bcd8f	Set system_lib_file for libs in tethering apex The library (libcom.android.tethering.connectivity_native.so) in the apex is a part of LLNDK. So it should be properly labelled so that vendor can access it. Bug: n/a Test: m com.android.tethering Test: adb shell -lZ /apex/com.android.tethering/lib64 Change-Id: I6c949c992042f4a38f25ca6f4243d31e81354467	2023-02-17 12:41:19 +09:00
ronish	f406edf440	[CP] Rename healthconnect to healthfitness Change-Id: Icb20784bfe3d07aff5b198b5c8dd2302bb7c854d	2023-02-14 17:34:26 +00:00
Ronish Kalia	edf140f2f4	Merge "Rename healthconnect to healthfitness"	2023-02-14 12:08:47 +00:00
Patrick Rohr	3c0d2675f4	Merge "cronet: remove com.android.cronet sepolicy" am: `8f0388f32e` am: `37f2fa0da7` am: `b59779e3cb` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2431473 Change-Id: Ic67b24d98613402fa41ba6fdc40df9a060150a5d Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-02-11 01:02:14 +00:00
Patrick Rohr	c8f4e19a74	cronet: remove com.android.cronet sepolicy com.android.cronet has never been released and has since been deleted as Cronet was added to the tethering module. Test: TH Bug: 266673389 Change-Id: Ia288d4322c13ba986164a12f4999fea1cd60d529	2023-02-10 11:47:02 -08:00
ronish	dfa42f0ddd	Rename healthconnect to healthfitness Bug: 264516143 Change-Id: Icabd6f58ae615a2f3e718e54dbc1c1c955883d19	2023-02-07 18:16:24 +00:00
David Brazdil	6e49d76764	Merge "Start using virtmgr for running VMs" am: `2cfd7d5e4b` am: `2de678977a` am: `3f1b27afa6` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2367809 Change-Id: Ifcbd6552535e0ed63b4aee33c9055d0d1534d209 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-01-06 17:54:16 +00:00
David Brazdil	55d808c28c	Start using virtmgr for running VMs Split virtualizationservice policy into rules that should remain with the global service and rules that now apply to virtmgr - a child process of the client that runs the VM on its behalf. The virtualizationservice domain remains responsible for: * allocating CIDs (access to props) * creating temporary VM directories (virtualization_data_file, chown) * receiving tombstones from VMs * pushing atoms to statsd * removing memlock rlimit from virtmgr The new virtualizationmanager domain becomes responsible for: * executing crosvm * creating vsock connections, handling callbacks * preparing APEXes * pushing ramdumps to tombstoned * collecting stats for telemetry atoms The `virtualizationservice_use` macro is changed to allow client domains to transition to the virtmgr domain upon executing it as their child, and to allow communication over UDS. Clients are not allowed to communicate with virtualizationservice via Binder, only virtmgr is now allowed to do that. Bug: 250685929 Test: atest -p packages/modules/Virtualization:avf-presubmit Change-Id: Iefdccd908fc28e5d8c6f4566290e79ed88ade70b	2023-01-05 17:39:39 +00:00
Miguel Aranda	846bb52abe	Merge "Add SEPolicy tags for concrypt cacerts." am: `7394ea85d2` am: `301f24028d` am: `9742dbb4de` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2362479 Change-Id: Ib0e6881d1d339a753787351a11dfd58d176eeff7 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-12-22 01:17:24 +00:00
Miguel Aranda	7394ea85d2	Merge "Add SEPolicy tags for concrypt cacerts."	2022-12-21 23:20:38 +00:00
Miguel	f63164a474	Add SEPolicy tags for concrypt cacerts. Test: booting Change-Id: I53815eb272fcdff739ba596cc1dd6bcca57c7d12	2022-12-21 06:42:21 +00:00
David Brazdil	01debdb66f	Merge "Create virtmgr domain and initial policy" am: `3e61a33df5` am: `b5a4f52de7` am: `8d65921dfb` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2317789 Change-Id: Idb4430043747da236edbbb48715c80948bbad032 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-12-20 10:25:00 +00:00
David Brazdil	5fcfbe49da	Create virtmgr domain and initial policy Start a new security domain for virtmgr - a child proces of an app that manages its virtual machines. Add permissions to auto-transition to the virtmgr domain when the client fork/execs virtmgr and to communicate over UDS and pipe. Bug: 250685929 Test: atest -p packages/modules/Virtualization:avf-presubmit Change-Id: I7624700b263f49264812e9bca6b83a003cc929be	2022-12-13 18:40:05 +00:00
Manish Dungriyal	0cf6f300ee	Add file_context for telephonymodules APEX Test: Build Bug: 255736341 Ignore-AOSP-First: Yet to merge for AOSP Change-Id: I2e511c4096d117a4dda271bcf235ac7c277f2c33	2022-11-15 12:39:58 +00:00

1 2 3 4

187 commits