tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
37047 commits 1 branch 0 tags 50 MiB
Commit graph

37047 commits

This branch
This branch
All branches
Author SHA1 Message Date
Treehugger Robot
6cc4be77ad Merge "Support legacy apexdata labels" am: 605715d665 am: 1d087ac705 am: 62853dbe2d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1977066

Change-Id: I4287ff2b213a039320c78bfecdb1572b53a2efab
 2022-02-10 12:18:55 +00:00
Mohammed Rashidy
f1ea833625 Merge changes from topic "revert-1967140-EVS_sepolicy_updates_T-MBLQTXKQEY" am: 7f1eaf1b45 am: aa0cb606c3 am: 3bed79292e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1979387

Change-Id: I4c0586bb40b6ffafc0edf57de36ce79b50fbb9bd
 2022-02-10 12:18:45 +00:00
Mohammed Rashidy
7f9b355e86 Revert "Updates sepolicy for EVS HAL" am: 418f41ad13 am: 4d67e0d02b am: a46cbab128 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1979386

Change-Id: Ib119c49aca0e8e36b30f71d56b438d9ffeda902b
 2022-02-10 12:18:43 +00:00
Treehugger Robot
62853dbe2d Merge "Support legacy apexdata labels" am: 605715d665 am: 1d087ac705 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1977066

Change-Id: I42847212d11841f3debd7ef800975830bda1aff3
 2022-02-10 12:08:15 +00:00
Mohammed Rashidy
3bed79292e Merge changes from topic "revert-1967140-EVS_sepolicy_updates_T-MBLQTXKQEY" am: 7f1eaf1b45 am: aa0cb606c3 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1979387

Change-Id: If236dcb72b0e8b63c9ee25734993c6ee4a901178
 2022-02-10 12:08:05 +00:00
Mohammed Rashidy
a46cbab128 Revert "Updates sepolicy for EVS HAL" am: 418f41ad13 am: 4d67e0d02b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1979386

Change-Id: Ic2731340287bdade17123222b6e79531f19f89ba
 2022-02-10 12:08:02 +00:00
Treehugger Robot
1d087ac705 Merge "Support legacy apexdata labels" am: 605715d665 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1977066

Change-Id: Id2d5508fb56eae96da5d04fdcb907a410aeb102a
 2022-02-10 11:55:44 +00:00
Mohammed Rashidy
aa0cb606c3 Merge changes from topic "revert-1967140-EVS_sepolicy_updates_T-MBLQTXKQEY" am: 7f1eaf1b45 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1979387

Change-Id: I7f5e8791adc7e30a2f7c2da3c0658c2c33b88e4f
 2022-02-10 11:55:32 +00:00
Mohammed Rashidy
4d67e0d02b Revert "Updates sepolicy for EVS HAL" am: 418f41ad13 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1979386

Change-Id: If3080898b802cf7551c01c9425499591b815da6b
 2022-02-10 11:55:30 +00:00
Treehugger Robot
605715d665 Merge "Support legacy apexdata labels" 2022-02-10 11:44:11 +00:00
Mohammed Rashidy
7f1eaf1b45 Merge changes from topic "revert-1967140-EVS_sepolicy_updates_T-MBLQTXKQEY" 
* changes:
  Revert "Adds a sepolicy for EVS manager service"
  Revert "Updates sepolicy for EVS HAL"
 2022-02-10 11:38:40 +00:00
Sandro Montanari
f7248e08c2 Merge "Allow apexd to write to /metadata/sepolicy" am: 306fca99db am: d20a77319a am: 2f0a5fe6bb am: ab8d84de2f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1965103

Change-Id: I741bfc4408a1e1a3b2f30cdf86d3314a780f98e8
 2022-02-10 10:51:58 +00:00
Sandro Montanari
ab8d84de2f Merge "Allow apexd to write to /metadata/sepolicy" am: 306fca99db am: d20a77319a am: 2f0a5fe6bb 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1965103

Change-Id: I46b3707d97a525a85d6f6e95d7c3f8e22235a97a
 2022-02-10 10:38:23 +00:00
Sandro Montanari
2f0a5fe6bb Merge "Allow apexd to write to /metadata/sepolicy" am: 306fca99db am: d20a77319a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1965103

Change-Id: I6c04ac35ab4a63cce5e125116b988f646732b2f0
 2022-02-10 10:24:51 +00:00
Mohammed Rashidy
0137c98b90 Revert "Adds a sepolicy for EVS manager service" 
Revert submission 1967140-EVS_sepolicy_updates_T

Reason for revert: triggered revert due to breakage https://android-build.googleplex.com/builds/quarterdeck?branch=git_master&target=cf_x86_64_auto-userdebug&lkgb=8168894&lkbb=8168958&fkbb=8168947, bug b/218802298
Reverted Changes:
I730d56ab1:Allows hal_evs_default to read directories
I2df8e10f5:Updates sepolicy for EVS HAL
Ie6cb3e269:Adds a sepolicy for EVS manager service

Change-Id: I207c261bcf2c8498d937ab02c499bf709a5f1b15
 2022-02-10 10:07:44 +00:00
Mohammed Rashidy
418f41ad13 Revert "Updates sepolicy for EVS HAL" 
Revert submission 1967140-EVS_sepolicy_updates_T

Reason for revert: triggered revert due to breakage https://android-build.googleplex.com/builds/quarterdeck?branch=git_master&target=cf_x86_64_auto-userdebug&lkgb=8168894&lkbb=8168958&fkbb=8168947, bug b/218802298
Reverted Changes:
I730d56ab1:Allows hal_evs_default to read directories
I2df8e10f5:Updates sepolicy for EVS HAL
Ie6cb3e269:Adds a sepolicy for EVS manager service

Change-Id: I1cc37b0e56646db61bdb34cb209aefe7376c5a50
 2022-02-10 10:07:44 +00:00
Sandro Montanari
d20a77319a Merge "Allow apexd to write to /metadata/sepolicy" am: 306fca99db 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1965103

Change-Id: I1aecfb46a194d837c62ac3ad14f84f03f5920a9b
 2022-02-10 10:01:30 +00:00
Sandro Montanari
306fca99db Merge "Allow apexd to write to /metadata/sepolicy" 2022-02-10 09:41:34 +00:00
Treehugger Robot
47f43ab23c Merge changes from topic "EVS_sepolicy_updates_T" am: 2cedd28cf9 am: 177cf20196 am: 85c9e1cf9e am: feb9f3f2c2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1967009

Change-Id: I112edf374e2b96e74f786897d580d396bec33c29
 2022-02-10 08:52:51 +00:00
Treehugger Robot
feb9f3f2c2 Merge changes from topic "EVS_sepolicy_updates_T" am: 2cedd28cf9 am: 177cf20196 am: 85c9e1cf9e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1967009

Change-Id: Ifab88cdb330f41baa33b22697c044123cdb7b17b
 2022-02-10 08:36:53 +00:00
Treehugger Robot
85c9e1cf9e Merge changes from topic "EVS_sepolicy_updates_T" am: 2cedd28cf9 am: 177cf20196 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1967009

Change-Id: I180dbf22fc1b32cf586f81a5622b50aeec5be9eb
 2022-02-10 08:25:12 +00:00
Treehugger Robot
177cf20196 Merge changes from topic "EVS_sepolicy_updates_T" am: 2cedd28cf9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1967009

Change-Id: I6e25a9c2f0030539b1bbf5892c4fd51f931053b7
 2022-02-10 08:12:58 +00:00
Maciej Żenczykowski
cd95bce516 Merge "bpfdomain: attribute for domain which can use BPF" am: 337e6b1e1c am: 960f03e7e6 am: 03fdb25b24 am: cefda06338 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1978573

Change-Id: Ie478be8bae6218b7b06c5df549acb9e780171818
 2022-02-10 08:06:16 +00:00
Treehugger Robot
2cedd28cf9 Merge changes from topic "EVS_sepolicy_updates_T" 
* changes:
  Updates sepolicy for EVS HAL
  Adds a sepolicy for EVS manager service
 2022-02-10 08:02:04 +00:00
Maciej Żenczykowski
cefda06338 Merge "bpfdomain: attribute for domain which can use BPF" am: 337e6b1e1c am: 960f03e7e6 am: 03fdb25b24 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1978573

Change-Id: Ib07f72104a175b446d1dddf94693b59728bf076d
 2022-02-10 07:51:50 +00:00
Maciej Żenczykowski
03fdb25b24 Merge "bpfdomain: attribute for domain which can use BPF" am: 337e6b1e1c am: 960f03e7e6 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1978573

Change-Id: I16c24227e09796344bbe634829503e78464fca20
 2022-02-10 07:43:13 +00:00
Kevin Jeon
a24b968331 Merge "Make Traceur seapp_context reflect platform status" 2022-02-10 07:28:27 +00:00
Maciej Żenczykowski
960f03e7e6 Merge "bpfdomain: attribute for domain which can use BPF" am: 337e6b1e1c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1978573

Change-Id: I4dfb42eedfec394488dea73910f11b23f08cfb92
 2022-02-10 07:25:40 +00:00
Maciej Żenczykowski
337e6b1e1c Merge "bpfdomain: attribute for domain which can use BPF" 2022-02-10 07:08:22 +00:00
Treehugger Robot
6319ef7e7d Merge "Fix se_policy_conf file output stem" am: 099b15ea2e am: 2379b4582c am: 84e19dfd8b am: e22419760c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1978386

Change-Id: Icd9170f356c31f76cbd83050e0a6ac9a4f85ed91
 2022-02-10 04:00:49 +00:00
Treehugger Robot
e22419760c Merge "Fix se_policy_conf file output stem" am: 099b15ea2e am: 2379b4582c am: 84e19dfd8b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1978386

Change-Id: I03f8d28978c6b3e373a348a315ccd8c982b97c7e
 2022-02-10 03:47:02 +00:00
Treehugger Robot
84e19dfd8b Merge "Fix se_policy_conf file output stem" am: 099b15ea2e am: 2379b4582c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1978386

Change-Id: I537a9a37e72b816fdcacac462f5a4ca63e603c7c
 2022-02-10 03:36:16 +00:00
Treehugger Robot
2379b4582c Merge "Fix se_policy_conf file output stem" am: 099b15ea2e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1978386

Change-Id: I7ad40cc5750a49f77ff015d979e140d357c1892d
 2022-02-10 03:24:26 +00:00
Treehugger Robot
099b15ea2e Merge "Fix se_policy_conf file output stem" 2022-02-10 03:08:30 +00:00
Changyeon Jo
a083d7a8d8 Updates sepolicy for EVS HAL 
This CL updates hal_evs_default to be sufficient for the defautl EVS HAL
implementation and modifies other services' policies to be able to
communicate with EVS HAL implementations

Bug: 217271351
Test: m -j selinux_policy and Treehugger
Change-Id: I2df8e10f574d62f8b84e0ff0381656ab1b18b52f
 2022-02-10 01:42:59 +00:00
Changyeon Jo
5c3bc58163 Adds a sepolicy for EVS manager service 
Bug: 170401743
Bug: 216727303
Test: m -j selinux_policy and TreeHugger
Change-Id: Ie6cb3e269fc46a61b56ca93efd69fbc447da0e3d
 2022-02-10 01:42:21 +00:00
Steven Moreland
6598175e06 bpfdomain: attribute for domain which can use BPF 
Require all domains which can be used for BPF to be marked as
bpfdomain, and add a restriction for these domains to not
be able to use net_raw or net_admin. We want to make sure the
network stack has exclusive access to certain BPF attach
points.

Bug: 140330870
Bug: 162057235
Test: build (compile-time neverallows)
Change-Id: I29100e48a757fdcf600931d5eb42988101275325
 2022-02-10 00:34:50 +00:00
Ji Luo
64f03bc0c9 [automerged blank] Fix bootchart on android12 2p: 1b3278b2da 
Blank merge reason: Change-Id Ia7d166605cd0b58849cb44d9a16dc3c73e1d4353 with SHA-1 d338d0ef55 is in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16829091

Bug: 205880718
Bug: 218729155
Change-Id: Iddddbe618c8ebbba42ade53a5f8cc7aa3b68bbd1
Merged-In: Ia7d166605cd0b58849cb44d9a16dc3c73e1d4353
 2022-02-09 23:29:38 +00:00
Ji Luo
1b3278b2da Fix bootchart on android12 
Access denial of Apexd would cause runtime abort and the
bootchart is not working on Android 12:
  ...
  F nativeloader: Error finding namespace of apex: no namespace called com_android_art
  F zygote64: runtime.cc:669] Runtime aborting...
  F zygote64: runtime.cc:669] Dumping all threads without mutator lock held
  F zygote64: runtime.cc:669] All threads:
  F zygote64: runtime.cc:669] DALVIK THREADS (1):
  F zygote64: runtime.cc:669] "main" prio=10 tid=1 Runnable (still starting up)
  F zygote64: runtime.cc:669]   | group="" sCount=0 ucsCount=0 flags=0 obj=0x0 self=0xb4000072de0f4010
  ...

Bug: 205880718
Bug: 218729155
Test: bootchart test.

Signed-off-by: Ji Luo <ji.luo@nxp.com>
Merged-In: Ia7d166605cd0b58849cb44d9a16dc3c73e1d4353
Change-Id: Ia7d166605cd0b58849cb44d9a16dc3c73e1d4353
 2022-02-09 23:24:51 +00:00
Florian Mayer
360ddf5583 [MTE] Add property to specify default MTE mode for apps. 
Bug: 216305376
Change-Id: I9374c8681510037279deaf3e5ae011e8f9111f17
 2022-02-09 22:13:59 +00:00
Yabin Cui
379fdd48b4 Merge "profcollectd: allow to call callbacks registered by system_server." am: c30b45e242 am: 4906441dc5 am: f6b6276ea1 am: 02b6803e47 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1973763

Change-Id: I498d0ea5c3822412178b999d4e24ee6990b84962
 2022-02-09 19:09:52 +00:00
Yabin Cui
02b6803e47 Merge "profcollectd: allow to call callbacks registered by system_server." am: c30b45e242 am: 4906441dc5 am: f6b6276ea1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1973763

Change-Id: I544fffbc8f64b89c41a326472e566b574e0eb1d0
 2022-02-09 18:57:44 +00:00
Yabin Cui
f6b6276ea1 Merge "profcollectd: allow to call callbacks registered by system_server." am: c30b45e242 am: 4906441dc5 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1973763

Change-Id: Ifcf3e4c71b4e54b3b2ffcf29cd699465a29dd325
 2022-02-09 18:40:04 +00:00
Steven Moreland
706d6649bb Merge "Allow BPF programs from vendor." am: 2536bf9dac am: 4e83d24871 am: 75fba000fe am: 6ba9fb383f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1189663

Change-Id: I7c2c05d981dac467a9dc1d4fe0c7486ade14141f
 2022-02-09 18:33:39 +00:00
Yabin Cui
4906441dc5 Merge "profcollectd: allow to call callbacks registered by system_server." am: c30b45e242 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1973763

Change-Id: Id7138581429d7a7a4d03e8df35cd6d5e6f669490
 2022-02-09 18:21:42 +00:00
Steven Moreland
6ba9fb383f Merge "Allow BPF programs from vendor." am: 2536bf9dac am: 4e83d24871 am: 75fba000fe 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1189663

Change-Id: I2f1426a0a21ca0a6394236d7343ab2c091f486ad
 2022-02-09 18:15:21 +00:00
Yabin Cui
c30b45e242 Merge "profcollectd: allow to call callbacks registered by system_server." 2022-02-09 18:09:59 +00:00
Steven Moreland
75fba000fe Merge "Allow BPF programs from vendor." am: 2536bf9dac am: 4e83d24871 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1189663

Change-Id: Ifd81acffdfb97ae18f33117f38cebb698057b2f4
 2022-02-09 18:04:05 +00:00
Steven Moreland
4e83d24871 Merge "Allow BPF programs from vendor." am: 2536bf9dac 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1189663

Change-Id: I71bbd8460727eff793dd59d5c5b1d8dcc963fdde
 2022-02-09 17:45:41 +00:00
Steven Moreland
2536bf9dac Merge "Allow BPF programs from vendor." 2022-02-09 17:28:16 +00:00