tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
25253 commits 1 branch 0 tags 50 MiB
Commit graph

25253 commits

This branch
This branch
All branches
Author SHA1 Message Date
TreeHugger Robot
976b9be5ba Merge "Allow sgdisk to use BLKPBSZGET ioctl" into rvc-dev am: ca26a345db 
Change-Id: I79c925cb0a572e7a3f6645afc46e3d60b40bb449
 2020-05-18 08:31:57 +00:00
Jeffrey Vander Stoep
ba56e3f31c Merge "incident_service: only disallow untrusted access" into rvc-dev am: 6dc1e5f472 
Change-Id: Ibd2f83f84afe803050ab069f30c5da663fefcd45
 2020-05-18 08:31:51 +00:00
TreeHugger Robot
ca26a345db Merge "Allow sgdisk to use BLKPBSZGET ioctl" into rvc-dev 2020-05-18 08:25:01 +00:00
Jeffrey Vander Stoep
6dc1e5f472 Merge "incident_service: only disallow untrusted access" into rvc-dev 2020-05-18 08:19:19 +00:00
Alistair Delva
35895ddb79 Allow sgdisk to use BLKPBSZGET ioctl 
The gpt_fdisk project was updated recently, but sepolicy was not updated
with it :) Now sgdisk can use BLKPBSZGET to detect the physical block
size. Seen on cuttlefish when adding external SD Card support to it.

avc: denied { ioctl } for comm="sgdisk" path="/dev/block/vold/disk:252,16"
dev="tmpfs" ino=8625 ioctlcmd=0x127b scontext=u:r:sgdisk:s0
tcontext=u:object_r:vold_device:s0 tclass=blk_file permissive=0

Bug: 156286088
Change-Id: I9f2df88ee253261b52f3022838380fbb1cab6da0
 2020-05-17 12:32:44 -07:00
Alistair Delva
312a235159 Merge "Allow sgdisk to use BLKPBSZGET ioctl" am: 19eab1a117 am: c44ce0c93b 
Change-Id: I9aead9b0e18efad2f67ad5274a6c4722e039b517
 2020-05-17 00:59:00 +00:00
Alistair Delva
c44ce0c93b Merge "Allow sgdisk to use BLKPBSZGET ioctl" am: 19eab1a117 
Change-Id: I4ec0f2175604c3e7c59134b3affd9006c20be0e8
 2020-05-17 00:48:45 +00:00
Alistair Delva
19eab1a117 Merge "Allow sgdisk to use BLKPBSZGET ioctl" 2020-05-17 00:37:55 +00:00
Alistair Delva
feda4b1da5 Allow sgdisk to use BLKPBSZGET ioctl 
The gpt_fdisk project was updated recently, but sepolicy was not updated
with it :) Now sgdisk can use BLKPBSZGET to detect the physical block
size. Seen on cuttlefish when adding external SD Card support to it.

avc: denied { ioctl } for comm="sgdisk" path="/dev/block/vold/disk:252,16"
dev="tmpfs" ino=8625 ioctlcmd=0x127b scontext=u:r:sgdisk:s0
tcontext=u:object_r:vold_device:s0 tclass=blk_file permissive=0

Bug: 156286088
Change-Id: I9f2df88ee253261b52f3022838380fbb1cab6da0
 2020-05-15 10:51:40 -07:00
Inseob Kim
7c0ea6876c [automerger skipped] Merge "Rename system_radio_prop" am: b0de2a8fe8 am: 558b367c94 -s ours 
am skip reason: Change-Id If30bc620dbeac926a8b9bcde908357fda739a6c1 with SHA-1 44fbcdb677 is in history

Change-Id: I4f09c0ea36acf5ea4077120ef7217ba6fb618ce8
 2020-05-15 10:31:17 +00:00
Inseob Kim
558b367c94 Merge "Rename system_radio_prop" am: b0de2a8fe8 
Change-Id: Ibf4e19380740da936c28587b558cdd1c77fb1e3b
 2020-05-15 10:19:44 +00:00
Inseob Kim
b0de2a8fe8 Merge "Rename system_radio_prop" 2020-05-15 10:01:36 +00:00
Inseob Kim
dc1e5019d6 Rename system_radio_prop 
For whatever reason sys.usb.config* has been labeled as
system_radio_prop, which doesn't make sense. Changing context name as
usb_prop. For the same reason exported_system_radio_prop is also
renamed to usb-related names.

Bug: 71814576
Bug: 154885206
Test: m selinux_policy
Change-Id: If30bc620dbeac926a8b9bcde908357fda739a6c1
Merged-In: If30bc620dbeac926a8b9bcde908357fda739a6c1
(cherry picked from commit 44fbcdb677)
 2020-05-15 15:06:10 +09:00
Inseob Kim
f111a1090f Merge "Rename system_radio_prop" into rvc-dev-plus-aosp 2020-05-15 06:05:13 +00:00
Inseob Kim
05dd481045 Remove rcs.publish.state am: 296d367804 am: b745b61910 
Change-Id: I8ee062b059739bdf6626464e949c239af76a47d0
 2020-05-15 01:58:19 +00:00
Inseob Kim
b745b61910 Remove rcs.publish.state am: 296d367804 
Change-Id: I41929bcb9d4d0c9de7910e136bc157faa0630850
 2020-05-15 01:46:32 +00:00
Steven Moreland
63eb4a39a0 [automerger skipped] servicemanager: add dump fd permissions am: d895b40f2e -s ours 
am skip reason: Change-Id I189aeba2d3a5dfafccb8f8a4db224db71820faca with SHA-1 b0fb5b44f8 is in history

Change-Id: Ief567fa25ad8a1d30e5331adfac3ad1b1553f2ff
 2020-05-15 00:29:15 +00:00
Steven Moreland
d895b40f2e servicemanager: add dump fd permissions 
Getting hit when bugreport tries to dump this.

Fixes: 155835324
Test: adb bugreport, check denials
(cherry picked from commit b0fb5b44f8)
Merged-In: I189aeba2d3a5dfafccb8f8a4db224db71820faca
Change-Id: Ic044f245d8fee9f7a49cf23f76961f7dedbb3d8b
 2020-05-14 17:27:14 +00:00
Inseob Kim
296d367804 Remove rcs.publish.state 
It was used within external/ims to save its internal state. Removing it
from property_contexts as it's deleted now (aosp/1209267).

Bug: 152471138
Test: N/A
Change-Id: I1451390aada3dfff6c147de585cc316c5307c0b4
 2020-05-14 20:38:31 +09:00
Inseob Kim
44fbcdb677 Rename system_radio_prop 
For whatever reason sys.usb.config* has been labeled as
system_radio_prop, which doesn't make sense. Changing context name as
usb_prop. For the same reason exported_system_radio_prop is also
renamed to usb-related names.

Bug: 71814576
Bug: 154885206
Test: m selinux_policy
Change-Id: If30bc620dbeac926a8b9bcde908357fda739a6c1
 2020-05-14 09:38:34 +09:00
Nikita Ioffe
7e2ee72685 [automerger skipped] Merge "Allow priv_app to search apex_data_file and read staging_data_file" am: 7b9d03c1b2 am: 8182ca9591 -s ours 
am skip reason: Change-Id I14116f02f3d3f0a8390f1d968a3971f15bd4b3f2 with SHA-1 89d43a51ba is in history

Change-Id: Ic3ae21012b4d106d20d9d1ebc6bddda110fa617c
 2020-05-13 20:45:22 +00:00
Nikita Ioffe
8182ca9591 Merge "Allow priv_app to search apex_data_file and read staging_data_file" am: 7b9d03c1b2 
Change-Id: I72e7a058162055426e56f2c3f2e7f280893171d5
 2020-05-13 20:32:25 +00:00
Treehugger Robot
c77743142a Merge "servicemanager: add dump fd permissions" am: 69fc359cd4 am: df590078cd 
Change-Id: Ifc55b260c4b288517ad09de37963b346c6921a36
 2020-05-13 20:24:37 +00:00
Nikita Ioffe
7b9d03c1b2 Merge "Allow priv_app to search apex_data_file and read staging_data_file" 2020-05-13 20:15:12 +00:00
Treehugger Robot
df590078cd Merge "servicemanager: add dump fd permissions" am: 69fc359cd4 
Change-Id: If9ed718fe4234e50fbc50d559ba06cbe6a363c08
 2020-05-13 20:02:31 +00:00
Treehugger Robot
69fc359cd4 Merge "servicemanager: add dump fd permissions" 2020-05-13 19:43:34 +00:00
Jeff Vander Stoep
fdda81a521 incident_service: only disallow untrusted access 
Allow device-specific domains to access the incident_service.

Test: build
Bug: 156479626
(Cherry picked from commit 2aa8042f9d)
Change-Id: I64d844f7a549afb4224d91b086c1f5fd76d0664c
 2020-05-13 18:53:30 +00:00
Treehugger Robot
c29a4923ef Merge "incident_service: only disallow untrusted access" am: c9767ea276 am: cacace73c1 
Change-Id: I2d1c816eebe1f5184d353ad055e8d3b7f4be9611
 2020-05-13 18:19:49 +00:00
Treehugger Robot
cacace73c1 Merge "incident_service: only disallow untrusted access" am: c9767ea276 
Change-Id: I381909a28afeebc23edf16b544e4a3d8b704221c
 2020-05-13 17:57:03 +00:00
Treehugger Robot
c9767ea276 Merge "incident_service: only disallow untrusted access" 2020-05-13 17:40:18 +00:00
Inseob Kim
7192067e60 Add new context dalvik_runtime_prop am: 1337e15717 am: 2258cebdf5 
Change-Id: Ieffc0c1e8fec97a3202168349de7b7c00617c014
 2020-05-13 16:53:19 +00:00
Inseob Kim
2258cebdf5 Add new context dalvik_runtime_prop am: 1337e15717 
Change-Id: I43bfa184af3f6b97de0f1be9432b98fd0312b1d4
 2020-05-13 16:29:13 +00:00
Jeff Vander Stoep
2aa8042f9d incident_service: only disallow untrusted access 
Allow device-specific domains to access the incident_service.

Test: build
Bug: 156479626
Change-Id: I3b368c09087e2d3542b70be5aa22f8ef47392221
 2020-05-13 15:06:17 +00:00
Inseob Kim
1337e15717 Add new context dalvik_runtime_prop 
persist.sys.dalvik.vm.lib.2 is moved to a new context
dalvik_runtime_prop from bad context name.

Bug: 154885206
Test: boot device and see logcat
Change-Id: I9dea95105c266088d5f071bf2d890048f0999b0b
 2020-05-13 23:33:03 +09:00
Inseob Kim
ded2e1c279 [automerger skipped] Merge "Remove sys.vdso property" am: 4ec6c0a48d am: 7e88a81ff8 -s ours 
am skip reason: Change-Id I80415edc002345849b375e07fdf5783cf60c2446 with SHA-1 7b59ae50e6 is in history

Change-Id: I50316bea6c9d715cacecec91648e17a9f5549c27
 2020-05-13 05:14:21 +00:00
Inseob Kim
7e88a81ff8 Merge "Remove sys.vdso property" am: 4ec6c0a48d 
Change-Id: Icb457fb0e590028f2cf3fca4a78108951a9a59b2
 2020-05-13 05:02:51 +00:00
Inseob Kim
4ec6c0a48d Merge "Remove sys.vdso property" 2020-05-13 04:52:06 +00:00
Inseob Kim
ddf9e77f2b Merge "Move media.* properties to media_config_prop" am: 6da0ab70d3 am: 9c3e542b1e 
Change-Id: I76127507e37783edfd9dada9fd1e498ec8aa2999
 2020-05-13 04:09:41 +00:00
Inseob Kim
9c3e542b1e Merge "Move media.* properties to media_config_prop" am: 6da0ab70d3 
Change-Id: I39f42dd764ee5227077ba3f92db219bc46302735
 2020-05-13 03:38:56 +00:00
Inseob Kim
6da0ab70d3 Merge "Move media.* properties to media_config_prop" 2020-05-13 03:24:35 +00:00
Treehugger Robot
900519acba [automerger skipped] Merge "Relabel ro.build. properties" am: 993baf3954 am: 25f1bf10d1 -s ours 
am skip reason: Change-Id Ic1194e8e7c23394e5a7c6176f9f9598109bb5fb7 with SHA-1 1d63d5d075 is in history

Change-Id: I6fd96b3cf3937638d431eb4316260d28e1effa80
 2020-05-13 03:08:41 +00:00
Inseob Kim
49e71895b3 Remove sys.vdso property 
This is an experimental property on Q and doesn't need anymore.

Exempt-From-Owner-Approval: cherry-pick

Bug: 154885206
Test: N/A
Change-Id: I80415edc002345849b375e07fdf5783cf60c2446
Merged-In: I80415edc002345849b375e07fdf5783cf60c2446
(cherry picked from commit 7b59ae50e6)
 2020-05-13 11:59:14 +09:00
Treehugger Robot
25f1bf10d1 Merge "Relabel ro.build. properties" am: 993baf3954 
Change-Id: Ib059c690830bd9c9c5fda08b21bafb72f47914fb
 2020-05-13 02:55:40 +00:00
Inseob Kim
11fc101433 Merge "Remove sys.vdso property" into rvc-dev-plus-aosp 2020-05-13 02:53:00 +00:00
Treehugger Robot
993baf3954 Merge "Relabel ro.build. properties" 2020-05-13 02:36:54 +00:00
Treehugger Robot
735385d87c Merge "Add hdmi_config_prop for hdmi properties" am: 6dc7d85b3a am: ffb0e0c328 
Change-Id: Ia8a8388edfc4617798d92a1ae3c4fc762feb5b54
 2020-05-13 00:55:59 +00:00
Treehugger Robot
ffb0e0c328 Merge "Add hdmi_config_prop for hdmi properties" am: 6dc7d85b3a 
Change-Id: Iabbac8c597c3361113fce1283565710aece514b7
 2020-05-13 00:41:55 +00:00
Inseob Kim
bfb10a9bc0 Move media.* properties to media_config_prop 
Bug: 154885206
Bug: 155844385
Test: m selinux_policy
Change-Id: Idfbafd29c51f7ce4512ea0d88fc7534e28eb1738
 2020-05-13 09:38:08 +09:00
Treehugger Robot
6dc7d85b3a Merge "Add hdmi_config_prop for hdmi properties" 2020-05-13 00:29:40 +00:00
Inseob Kim
8c23925351 Relabel ro.build. properties 
- exported_fingerprint_prop is deleted
- other ro.build. properties become build_prop

Bug: 155844385
Test: sepolicy_tests
Change-Id: Ic1194e8e7c23394e5a7c6176f9f9598109bb5fb7
Merged-In: Ic1194e8e7c23394e5a7c6176f9f9598109bb5fb7
(cherry picked from commit 1d63d5d075)
 2020-05-13 09:01:47 +09:00