tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
37047 commits 1 branch 0 tags 50 MiB
Commit graph

37047 commits

This branch
This branch
All branches
Author SHA1 Message Date
sandrom
e9a5e7ca6c Allow apexd to write to /metadata/sepolicy 
Test: manual tests
Bug: 218672709
Change-Id: I91e173cc41bca0f8fd62d5a783e514f6bbb0e214
 2022-02-09 15:11:06 +00:00
Inseob Kim
74caef3591 Add microdroid sepolicy test support 
MicrodroidHostTestCases will pull the VM's sepolicy and check it against
system/sepolicy/microdroid's neverallow rules, using sepolicy-analyze
tool.

Bug: 218461215
Test: atest MicrodroidHostTestCases
Change-Id: I62a69053996b71d69dd2bf6b7eabc8b701095477
 2022-02-09 23:35:44 +09:00
Inseob Kim
6c5fa54a8b Fix se_policy_conf file output stem 
OutputFileProducer interface has been returning "conf", not the
designated stem.

Test: try including se_policy_conf module as other module's srcs
Change-Id: I17de5e10ed9bd1d45dc9a8b1be11ea6f5290c179
 2022-02-09 23:35:43 +09:00
Jayant Chowdhary
58c0794156 Merge "System wide sepolicy changes for aidl camera hals." am: b00bf9d282 am: 4c51fa993e am: f3ccb9095a am: 887847beaa 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1975831

Change-Id: If90113a972d3f96bed74db0ae65da50caff1afbf
 2022-02-09 04:04:33 +00:00
Jayant Chowdhary
887847beaa Merge "System wide sepolicy changes for aidl camera hals." am: b00bf9d282 am: 4c51fa993e am: f3ccb9095a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1975831

Change-Id: I6ff56d02b6a1eae953f3b13bda2dad1bd104fa87
 2022-02-09 03:47:46 +00:00
Jayant Chowdhary
f3ccb9095a Merge "System wide sepolicy changes for aidl camera hals." am: b00bf9d282 am: 4c51fa993e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1975831

Change-Id: Icd36402e7e7ed40e67e40723a804db98ac2fd449
 2022-02-09 03:36:21 +00:00
Jayant Chowdhary
4c51fa993e Merge "System wide sepolicy changes for aidl camera hals." am: b00bf9d282 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1975831

Change-Id: Ie9b95c5b231a014d0123271b5cfd63f20b9519db
 2022-02-09 03:23:54 +00:00
Jayant Chowdhary
b00bf9d282 Merge "System wide sepolicy changes for aidl camera hals." 2022-02-09 03:08:37 +00:00
Thiébaud Weksteen
76ba7358f1 Merge "Allow policy tests to support space in file names" am: c3ae0ceaee am: d41e2add90 am: a3776701f4 am: 1c824bb7d0 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1968402

Change-Id: I95a2fe1e99c0fca8b2ed1b85f6e2cbbb787fb2fc
 2022-02-08 22:47:55 +00:00
Steven Moreland
c27d24c37c Allow BPF programs from vendor. 
Who needs all those context switches?

bpfloader controls which types of vendor programs can be used.

Bug: 140330870
Bug: 162057235
Test: successfully load bpf programs from vendor
Change-Id: I36e4f6550da33fea5bad509470dfd39f301f13c8
 2022-02-08 22:46:54 +00:00
Thiébaud Weksteen
1c824bb7d0 Merge "Allow policy tests to support space in file names" am: c3ae0ceaee am: d41e2add90 am: a3776701f4 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1968402

Change-Id: I0971d70bd5513e4b294cf225e6ce92479e4f1c8f
 2022-02-08 22:28:33 +00:00
Thiébaud Weksteen
a3776701f4 Merge "Allow policy tests to support space in file names" am: c3ae0ceaee am: d41e2add90 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1968402

Change-Id: I0644dc98063b3cc65ff7bbebd89046c0c2f791f9
 2022-02-08 22:12:05 +00:00
Thiébaud Weksteen
d41e2add90 Merge "Allow policy tests to support space in file names" am: c3ae0ceaee 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1968402

Change-Id: I0b73db62b9b83efd02f65e0bada75695a47a7447
 2022-02-08 22:00:19 +00:00
Thiébaud Weksteen
c3ae0ceaee Merge "Allow policy tests to support space in file names" 2022-02-08 21:48:17 +00:00
Treehugger Robot
9fb9dcf800 Merge "Add rule to allow servicemanager to call the hostapd service." am: 14db21eafa am: 5d45c0bc91 am: e026b73807 am: e1656b7cb0 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1975506

Change-Id: I93e9aeb113bda9950de8a139f7c1ee9fa65fbb3b
 2022-02-08 21:12:04 +00:00
Treehugger Robot
e1656b7cb0 Merge "Add rule to allow servicemanager to call the hostapd service." am: 14db21eafa am: 5d45c0bc91 am: e026b73807 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1975506

Change-Id: Ida4d6b87c1d2a8ae5ac89399449b5e3cc7120bc4
 2022-02-08 21:00:20 +00:00
Treehugger Robot
e026b73807 Merge "Add rule to allow servicemanager to call the hostapd service." am: 14db21eafa am: 5d45c0bc91 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1975506

Change-Id: I3de1107f03d4b55c552ac0f75e16139da664e567
 2022-02-08 20:44:34 +00:00
Treehugger Robot
5d45c0bc91 Merge "Add rule to allow servicemanager to call the hostapd service." am: 14db21eafa 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1975506

Change-Id: Ic364766d3356c3d0936215f06ab119fd30412ea7
 2022-02-08 20:33:59 +00:00
Treehugger Robot
14db21eafa Merge "Add rule to allow servicemanager to call the hostapd service." 2022-02-08 20:17:15 +00:00
Christine Franks
71ccbfc5f0 Merge "Add uhid_device to system_server" am: c98bde94c4 am: bdb8275788 am: a37c350aa6 am: f6692e40bb 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1972819

Change-Id: I183ca24f980e27968fd849b7e1fef8ba43f37d07
 2022-02-08 19:53:37 +00:00
Treehugger Robot
bc2d94d693 Merge "Rename property for default MTE mode." am: 0fc6fae857 am: c6530c9486 am: 051c1ef7d6 am: 3d38ea6f1a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1975306

Change-Id: I92762cc18d53df31d47d22376e221242837df7ff
 2022-02-08 19:52:19 +00:00
Christine Franks
f6692e40bb Merge "Add uhid_device to system_server" am: c98bde94c4 am: bdb8275788 am: a37c350aa6 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1972819

Change-Id: Ib26384e32e5737da45422d984f1217e08ec90957
 2022-02-08 19:25:00 +00:00
Treehugger Robot
3d38ea6f1a Merge "Rename property for default MTE mode." am: 0fc6fae857 am: c6530c9486 am: 051c1ef7d6 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1975306

Change-Id: Ieaac5305e40f6f69f2ece0eba12c0b3b229d058a
 2022-02-08 19:24:21 +00:00
Christine Franks
a37c350aa6 Merge "Add uhid_device to system_server" am: c98bde94c4 am: bdb8275788 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1972819

Change-Id: Ia3082cc4325489c253e21a817d8bd11f8abda97d
 2022-02-08 19:03:53 +00:00
Treehugger Robot
051c1ef7d6 Merge "Rename property for default MTE mode." am: 0fc6fae857 am: c6530c9486 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1975306

Change-Id: I280175413640a40296aa1b9119ec7c9ab6c48240
 2022-02-08 19:03:35 +00:00
Christine Franks
bdb8275788 Merge "Add uhid_device to system_server" am: c98bde94c4 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1972819

Change-Id: I7faf091b6ac4d6dddafaaf30e035d097ba8dd444
 2022-02-08 18:48:19 +00:00
Treehugger Robot
c6530c9486 Merge "Rename property for default MTE mode." am: 0fc6fae857 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1975306

Change-Id: I55a2c07b0d45df1a7ed3d3f03308a123a8812910
 2022-02-08 18:41:06 +00:00
Gabriel Biren
d59d96c476 Add rule to allow servicemanager to call 
the hostapd service.

Needed in order to allow hostapd to
receive a callback from servicemanager
when the active service count changes.

Bug: 213475388
Test: atest VtsHalHostapdTargetTest
Change-Id: I3a5ec8219d23227fab85325f90d8b4aee6c76973
 2022-02-08 18:00:15 +00:00
Christine Franks
c98bde94c4 Merge "Add uhid_device to system_server" 2022-02-08 17:13:32 +00:00
Treehugger Robot
0fc6fae857 Merge "Rename property for default MTE mode." 2022-02-08 16:47:32 +00:00
Alan Stokes
53c76a25bb Support legacy apexdata labels 
This partly reverts fa10a14fac. There we
removed individual labels for various apexdata labels, replacing them
with apex_system_server_data_file.

Unfortunately that doesn't handle upgrade scenarios well, e.g. when
updating system but keeping the old vendor sepolicy. The directories
keep their old labels, and vold_prepare_subdirs is unable to relabel
them as there is no policy to allow it to.

So we bring back the legacy labels, in private not public, and add the
rules needed to ensure system_server and vold_prepare_subdirs have the
access they need. All the other access needed is obtained via the
apex_data_file_type attribute.

Bug: 217581286
Test: Reset labels using chcon, reboot, directories are relabeled, no denials
Change-Id: If696882450f2634e382f217dab8f9f3882bff03f
 2022-02-08 16:07:08 +00:00
Treehugger Robot
c1fa6ebdd2 Merge "Allow reading hypervisor capabilities" am: e335de9aeb am: 0b2fe7bba9 am: 4bfc9805ba am: 2d3b3aa21c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1974460

Change-Id: I68ae833004eeeb90f02593eb6cdae3d44f6cfb52
 2022-02-08 12:38:43 +00:00
Treehugger Robot
ae7c348e9b Merge "bpfloader: use kernel logs" am: 2e468b48c5 am: 46f9d2ebc4 am: c954fe57d8 am: 4f6c67df9c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1975407

Change-Id: I4bb2e98bb4094d0b03915ab4c2d4f249ae0355d4
 2022-02-08 12:38:28 +00:00
Treehugger Robot
2d3b3aa21c Merge "Allow reading hypervisor capabilities" am: e335de9aeb am: 0b2fe7bba9 am: 4bfc9805ba 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1974460

Change-Id: Iaa57b2ba3bbb6e44692a9e4d3e7dc2ee7db2b7e5
 2022-02-08 12:21:38 +00:00
Treehugger Robot
4f6c67df9c Merge "bpfloader: use kernel logs" am: 2e468b48c5 am: 46f9d2ebc4 am: c954fe57d8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1975407

Change-Id: If73c340ffc3b41847f27e2da23a3bb9f2fbc261d
 2022-02-08 12:20:30 +00:00
Treehugger Robot
4bfc9805ba Merge "Allow reading hypervisor capabilities" am: e335de9aeb am: 0b2fe7bba9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1974460

Change-Id: Id26b6b4dd098dfe455d4e5d98b2454a87769a813
 2022-02-08 12:09:10 +00:00
Treehugger Robot
c954fe57d8 Merge "bpfloader: use kernel logs" am: 2e468b48c5 am: 46f9d2ebc4 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1975407

Change-Id: Idd5d7551c7977116bdb741fad752fd2edb6dfa0e
 2022-02-08 12:07:54 +00:00
Treehugger Robot
0b2fe7bba9 Merge "Allow reading hypervisor capabilities" am: e335de9aeb 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1974460

Change-Id: I0fd8a7a9f35ed63f78bea52028935705750c0a7a
 2022-02-08 11:54:28 +00:00
Treehugger Robot
e335de9aeb Merge "Allow reading hypervisor capabilities" 2022-02-08 11:49:33 +00:00
Treehugger Robot
46f9d2ebc4 Merge "bpfloader: use kernel logs" am: 2e468b48c5 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1975407

Change-Id: Ica35494fc1df34ebb9ccfd82c2aa1d5e658e4463
 2022-02-08 11:48:26 +00:00
Treehugger Robot
2e468b48c5 Merge "bpfloader: use kernel logs" 2022-02-08 10:51:39 +00:00
Jayant Chowdhary
e3019be3db System wide sepolicy changes for aidl camera hals. 
Bug: 196432585

Test: Camera CTS

Change-Id: I0ec0158c9cf82937d6c00841448e6e42f6ff4bb0
Signed-off-by: Jayant Chowdhary <jchowdhary@google.com>
 2022-02-08 09:37:17 +00:00
Treehugger Robot
ba0f87ae7d [automerger skipped] Merge "Allow priv-app to report off body events to keystore." am: d83aba62f6 am: 5b2f49942b am: 8bf0e529c4 am: 6077d20d93 -s ours 
am skip reason: Merged-In If40c2883edd39bee8e49e8e958eb12e9b29a0fe0 with SHA-1 9aeba4f661 is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1973028

Change-Id: Ia06ca0d57aacd9f8ad10b4b67b49b293815fe700
 2022-02-08 00:55:50 +00:00
Shubang Lu
6522714c0c [automerger skipped] Merge "SE policy: rename iapp -> interactive_app" am: 3885ab88c5 am: 04a33ef734 am: 0b428880b5 am: f07e408c1b -s ours 
am skip reason: Merged-In I15fd60a2dba79dd5e2a3cf57ed542e5a930680f1 with SHA-1 885bcd2ad6 is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1956658

Change-Id: I3234e63df9fb8f670096596faf5f129ea7e7a533
 2022-02-08 00:55:39 +00:00
Treehugger Robot
6077d20d93 Merge "Allow priv-app to report off body events to keystore." am: d83aba62f6 am: 5b2f49942b am: 8bf0e529c4 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1973028

Change-Id: I112d3986f203c98ef082894d3c11fc5acf65358c
 2022-02-08 00:30:27 +00:00
Shubang Lu
f07e408c1b Merge "SE policy: rename iapp -> interactive_app" am: 3885ab88c5 am: 04a33ef734 am: 0b428880b5 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1956658

Change-Id: I1e897a6e8e65ac068c307afa42a48ea53bdcf69f
 2022-02-08 00:30:10 +00:00
Treehugger Robot
8bf0e529c4 Merge "Allow priv-app to report off body events to keystore." am: d83aba62f6 am: 5b2f49942b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1973028

Change-Id: I24f7a978a4f9e7f9023c9e26c975534d11a5b03f
 2022-02-08 00:15:01 +00:00
Shubang Lu
0b428880b5 Merge "SE policy: rename iapp -> interactive_app" am: 3885ab88c5 am: 04a33ef734 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1956658

Change-Id: I5edf232cfbdb9beb06b73ff6602efd1307054885
 2022-02-08 00:14:36 +00:00
Treehugger Robot
5b2f49942b Merge "Allow priv-app to report off body events to keystore." am: d83aba62f6 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1973028

Change-Id: I9b990153f44fb93b4ee09b25e4efb6bd492d7fc0
 2022-02-07 23:57:28 +00:00
Shubang Lu
04a33ef734 Merge "SE policy: rename iapp -> interactive_app" am: 3885ab88c5 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1956658

Change-Id: I6e469662688bb7d91af5c7070063763b49dc0900
 2022-02-07 23:57:01 +00:00