tequilaOS/platform_system_sepolicy

Author	SHA1	Message	Date
Jin Jeong	99324e0d2f	Merge "Revert "Add setupwizard_esim_prop to access ro.setupwizard.esim_..."" into udc-dev am: `7b646790c5` am: `f95904e9a7` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23201116 Change-Id: I47923ed8c0650149ffea42838861851eba5292b6 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-24 02:30:02 +00:00
Jin Jeong	63c2056f81	Merge "Revert "Fix selinux denial for setupwizard_esim_prop"" into udc-dev am: `a93b7daef3` am: `93252e4871` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23167567 Change-Id: I6bc3151e88da2fdb1c1fa203390f96691734c1b5 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-24 02:29:56 +00:00
Jin Jeong	f95904e9a7	Merge "Revert "Add setupwizard_esim_prop to access ro.setupwizard.esim_..."" into udc-dev am: `7b646790c5` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23201116 Change-Id: I0a6bb0acf6dcaeba93658630c6bf53892650ee51 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-24 01:47:07 +00:00
Jin Jeong	93252e4871	Merge "Revert "Fix selinux denial for setupwizard_esim_prop"" into udc-dev am: `a93b7daef3` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23167567 Change-Id: I04f844254e44c6262d9651554d44bd8c464e0482 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-24 01:47:01 +00:00
Jin Jeong	7b646790c5	Merge "Revert "Add setupwizard_esim_prop to access ro.setupwizard.esim_..."" into udc-dev	2023-05-24 01:07:12 +00:00
Jin Jeong	a93b7daef3	Merge "Revert "Fix selinux denial for setupwizard_esim_prop"" into udc-dev	2023-05-24 01:07:12 +00:00
Anoush Khazeni	ad40691149	Merge "Adding a property entry for the assistant volume." into udc-dev am: `1e1a425a9b` am: `38b5b0804b` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23214185 Change-Id: I87eccc8ddc7f8ed46991b4159fdf658c06073118 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-22 19:24:33 +00:00
Anoush Khazeni	38b5b0804b	Merge "Adding a property entry for the assistant volume." into udc-dev am: `1e1a425a9b` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23214185 Change-Id: I42a23d2afa814d8ddbe331b433084c0f9eafb204 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-22 19:03:15 +00:00
Anoush Khazeni	1e1a425a9b	Merge "Adding a property entry for the assistant volume." into udc-dev	2023-05-22 18:58:43 +00:00
Suren Baghdasaryan	248cb36db3	allow modprobe to load modules from /system/lib/modules/ am: `8a6f45d363` am: `67036eb3a7` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23351624 Change-Id: Iedae70c32829c4c7c6de67ea63dc524b2b073a7c Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-22 03:51:09 +00:00
Suren Baghdasaryan	67036eb3a7	allow modprobe to load modules from /system/lib/modules/ am: `8a6f45d363` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23351624 Change-Id: I280596a0a0f68e7ef7befd51b5be32527c9c54c0 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-22 02:56:58 +00:00
Suren Baghdasaryan	8a6f45d363	allow modprobe to load modules from /system/lib/modules/ This is needed to load GKI leaf modules like zram.ko. Bug: 279227085 Signed-off-by: Suren Baghdasaryan <surenb@google.com> Change-Id: I8a8205e50aa00686f478aba5336299e03490bbb5 Merged-In: I8a8205e50aa00686f478aba5336299e03490bbb5	2023-05-19 19:03:17 +00:00
Peiyong Lin	ccfc06a30d	Merge "Revert "Add "ro.hardware.egl_legacy" for ANGLE system driver"" into udc-dev am: `8fde7b737b` am: `a1ff69b2f0` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23338256 Change-Id: Ia10647e6bfdd632c0cb96ea1891a7e78e32e04a4 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-19 11:24:10 +00:00
Peiyong Lin	a1ff69b2f0	Merge "Revert "Add "ro.hardware.egl_legacy" for ANGLE system driver"" into udc-dev am: `8fde7b737b` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23338256 Change-Id: I4dfa3097b465226fb09113fb69783f76e0a2ee62 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-19 10:41:54 +00:00
Peiyong Lin	8fde7b737b	Merge "Revert "Add "ro.hardware.egl_legacy" for ANGLE system driver"" into udc-dev	2023-05-19 09:57:00 +00:00
Peiyong Lin	98ec998136	Revert "Add "ro.hardware.egl_legacy" for ANGLE system driver" This reverts commit `92251f5d15`. Reason for revert: Remove deferred list functionality now that the shape of ANGLE shipping form is binaries. Applications on the list are broken with ANGLE due to the lack of YUV support, this is currently being worked on. Ignore-AOSP-First: Cherry-pick revert. Bug: 280450222 Change-Id: Ied92e6f482fe77e045139b4b0531b1db1a7ffb13 Test: atest CtsAngleIntegrationHostTestCases	2023-05-19 00:41:17 +00:00
Gavin Corkery	44ef0774ea	Merge "Allow apps and SDK sandbox to access each others' open FDs" into udc-dev am: `0461233b7a` am: `3438cb6403` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23208520 Change-Id: Ia6fc96b327eff0736b4cdad8d1a9f04a99832a14 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-18 09:07:47 +00:00
Gavin Corkery	3438cb6403	Merge "Allow apps and SDK sandbox to access each others' open FDs" into udc-dev am: `0461233b7a` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23208520 Change-Id: I043ff1c38dc14b2ebc93ee7bfd5905c128d32509 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-18 08:26:18 +00:00
Gavin Corkery	0461233b7a	Merge "Allow apps and SDK sandbox to access each others' open FDs" into udc-dev	2023-05-18 07:51:32 +00:00
Anoush Khazeni	87da0af704	Adding a property entry for the assistant volume. Ignore-AOSP-First: confidential feature Adding a system property to be read by AudioService to override the minimum volume setting for the assistant stream. Bug: 277829235 Test: Build only Change-Id: I08c500c0a3bb040559ca99d1817b7b848deee8c6	2023-05-17 11:44:26 -07:00
Gavin Corkery	a707712813	Allow apps and SDK sandbox to access each others' open FDs An app may wish to pass an open FD for the SDK sandbox to consume, and vice versa. Neither party will be permitted to write to the other's open FD. Ignore-AOSP-First: Cherrypick Test: Manual Bug: 281843854 Change-Id: I73f79b6566ed3e3d8491db6bed011047d5a650ce Merged-In: I73f79b6566ed3e3d8491db6bed011047d5a650ce	2023-05-17 14:28:40 +00:00
Treehugger Robot	49e5ad5cbf	Merge "Add canary restrictions for sdk_sandbox" into udc-dev am: `9b7ea76a8d` am: `5bc4d481f2` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23153643 Change-Id: Ic91ca234bd0001295465f2347b9dc9310cdb47a5 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-13 00:47:18 +00:00
Treehugger Robot	5bc4d481f2	Merge "Add canary restrictions for sdk_sandbox" into udc-dev am: `9b7ea76a8d` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23153643 Change-Id: I9eccd1a4e90831ce2306e15bd7b132cf368fe620 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-13 00:04:15 +00:00
Mugdha Lakhani	d44c51e017	Add canary restrictions for sdk_sandbox Add sdk_sandbox_next and apply it if a new input selector, isSdkSandboxNext, is applied. This is set to true by libselinux if a flag is set in the seInfo passed to it. This enables some testers to test out the set of restrictions we're planning for the next SDK version. sdk_sandbox_next is not the final set of restrictions of the next SDK version. Bug: b/270148964 Test: atest PackageManagerLocalTest SdkSandboxDataIsolationHostTest SdkSandboxRestrictionsTest Change-Id: Ie8bad9c1b8f8eb032d13e1822689c78ad3d2c68a Merged-In: Ie8bad9c1b8f8eb032d13e1822689c78ad3d2c68a	2023-05-12 20:06:31 +00:00
Treehugger Robot	adac570c2d	Merge "Grant system_server the permission to create its own profile." into udc-dev am: `62037d3f93` am: `23b4d83e79` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23201106 Change-Id: Icaf1a59866d1e6332852f9885bcb1dad59ec80ac Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-12 11:41:14 +00:00
Martin Stjernholm	693eb182d0	Merge "Allow the ART boot oneshot service to configure ART config properties." into udc-dev am: `4f2b8ce361` am: `f82b6d2c1c` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23131204 Change-Id: Ia96628706fd7361d18ab6db209b584a2538e651b Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-12 11:40:47 +00:00
Treehugger Robot	23b4d83e79	Merge "Grant system_server the permission to create its own profile." into udc-dev am: `62037d3f93` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23201106 Change-Id: Ie3782edae7942fadf78814e784bf72fd570ca2d0 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-12 11:19:44 +00:00
Treehugger Robot	62037d3f93	Merge "Grant system_server the permission to create its own profile." into udc-dev	2023-05-12 11:11:03 +00:00
Martin Stjernholm	f82b6d2c1c	Merge "Allow the ART boot oneshot service to configure ART config properties." into udc-dev am: `4f2b8ce361` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23131204 Change-Id: If7f7a7b10eddf86c6a7501c00263cfe9a4dd011c Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-12 10:58:26 +00:00
Martin Stjernholm	4f2b8ce361	Merge "Allow the ART boot oneshot service to configure ART config properties." into udc-dev	2023-05-12 10:28:21 +00:00
Jiakai Zhang	bdfc175e1e	Grant system_server the permission to create its own profile. When ART Service is enabled, the runtime uses a different strategy to write profiles: it first creates a temp profile file, and then moves it to the final location, instead of mutating the file in place. This new strategy requires the permission to create files. While apps have this permission, unfortunately, system_server didn't. This CL fixes this problem. Bug: 282019264 Test: - 1. Enable boot image profiling (https://source.android.com/docs/core/runtime/boot-image-profiles#configuring-devices) 2. Snapshot the boot image profile (adb shell pm snapshot-profile android) 3. Dump the boot image profile (adb shell profman --dump-only --profile-file=/data/misc/profman/android.prof) 4. See profile data for services.jar Ignore-AOSP-First: This change requires updating the 34.0 prebuilt, which doesn't exist on AOSP. Will cherry-pick to AOSP later. Change-Id: Ie24a51f2d40d752164ce14725f122c73432d50c9	2023-05-12 10:51:38 +01:00
Jin Jeong	9627dc5c78	Revert "Fix selinux denial for setupwizard_esim_prop" Revert submission 22955599-euicc_selinux_fix2 Reason for revert: b/279988311 we rename the vendor.modem property so we don't need to add the new rules Reverted changes: /q/submissionid:22955599-euicc_selinux_fix2 Change-Id: I00cac36ac2f2a23d02c99b9ad9df57061d1ae61c	2023-05-12 04:18:33 +00:00
Jin Jeong	ec4fe33a6a	Revert "Add setupwizard_esim_prop to access ro.setupwizard.esim_..." Revert submission 22899490-euicc_selinux_fix Reason for revert: b/279988311 we rename the vendor.modem property so we don't need to add the new rules Reverted changes: /q/submissionid:22899490-euicc_selinux_fix Change-Id: I0c2bfe55987949ad52f62e468c84df954f39a4ad	2023-05-12 04:17:35 +00:00
Treehugger Robot	740bba657c	Merge "Allow camera service to access "ro.camera.disableJpegR" property" into udc-dev am: `1d32d9af19` am: `5fa5ae78d2` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23148868 Change-Id: I02ca17e1a5a127d6af49a5ef98b4eeac6166a0d0 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-11 19:07:25 +00:00
Treehugger Robot	5fa5ae78d2	Merge "Allow camera service to access "ro.camera.disableJpegR" property" into udc-dev am: `1d32d9af19` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23148868 Change-Id: I4cbc1cc0319b022f0eb6710e2c3e9c3865b2191d Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-11 18:42:05 +00:00
Treehugger Robot	1d32d9af19	Merge "Allow camera service to access "ro.camera.disableJpegR" property" into udc-dev	2023-05-11 18:12:35 +00:00
Mugdha Lakhani	1a87c7750d	Merge "Create sdk_sandbox_all." into udc-dev am: `f21942129a` am: `47899e2afb` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23061001 Change-Id: I338b999f90b6b873288c2ed905e28a2ef10fa134 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-11 15:29:28 +00:00
Mugdha Lakhani	47899e2afb	Merge "Create sdk_sandbox_all." into udc-dev am: `f21942129a` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23061001 Change-Id: Ib2ad91d15d7a5ceb79729a6a4bef2a13aa0286f2 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-11 14:47:54 +00:00
Martin Stjernholm	3d7093fd7b	Allow the ART boot oneshot service to configure ART config properties. Test: See commit 2691baf9d4f8086902d46b2e340a6e5464857b90 in art/ (ag/23125728) Bug: 281850017 Ignore-AOSP-First: Will cherry-pick to AOSP later Change-Id: I14baf55d07ad559294bd3b7d9562230e78201d25	2023-05-11 13:38:57 +01:00
Emilian Peev	9e505e2ee7	Allow camera service to access "ro.camera.disableJpegR" property Additionally enable access to 'ro.camera.enableCompositeAPI0JpegR' Ignore-AOSP-First: Cherrypick Bug: 262265296 Test: Manual using adb shell dumpsys media.camera with property enabled and disabled Change-Id: I8ae75d06eb7f2a5fff03fb9f8ffda94079f287e7	2023-05-10 16:44:19 -07:00
Mugdha Lakhani	9304b8a6cc	Create sdk_sandbox_all. Rename sdk_sandbox to sdk_sandbox_34. Additionally, Extract out parts of sdk_sandbox_34 to sdk_sandbox_all.te that will be shared with all sdk_sandbox domains. Bug: b/270148964 Test: atest PackageManagerLocalTest SdkSandboxDataIsolationHostTest SdkSandboxRestrictionsTest Change-Id: I36e0c8795148de83c81dfe12559452812aa2b25e Merged-In: I36e0c8795148de83c81dfe12559452812aa2b25e	2023-05-10 17:54:07 +00:00
Treehugger Robot	9515104698	Merge "Relax sdk sandbox sepolicy." into udc-dev am: `2079ab2f28` am: `c76e2b4b91` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23061000 Change-Id: I91e80cb857886bdb37604ae5b615736e70c9d2f0 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-10 11:28:04 +00:00
Treehugger Robot	c76e2b4b91	Merge "Relax sdk sandbox sepolicy." into udc-dev am: `2079ab2f28` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23061000 Change-Id: I4377e8617fd1e9d97a0b28f88536ace2b9a4b12b Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-10 10:47:16 +00:00
Treehugger Robot	2079ab2f28	Merge "Relax sdk sandbox sepolicy." into udc-dev	2023-05-10 09:51:25 +00:00
Gavin Corkery	5e22766f47	Merge "Allow mediaprovider and mediaserver to read sdk_sandbox_data_file" into udc-dev am: `fefe81b685` am: `868227b663` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/21931719 Change-Id: I14bb602b1de39f74034026ae190c6df84920af7b Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-09 16:57:39 +00:00
Gavin Corkery	868227b663	Merge "Allow mediaprovider and mediaserver to read sdk_sandbox_data_file" into udc-dev am: `fefe81b685` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/21931719 Change-Id: Ia024858f4192ebeccfe6b86b16aafa19cd31b6ad Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-09 16:18:25 +00:00
Gavin Corkery	fefe81b685	Merge "Allow mediaprovider and mediaserver to read sdk_sandbox_data_file" into udc-dev	2023-05-09 15:41:32 +00:00
Gavin Corkery	10417857ea	Allow mediaprovider and mediaserver to read sdk_sandbox_data_file Context: go/videoview-local-sandbox. This change is required to play local files in a VideoView in the SDK sandbox. Ignore-AOSP-First: Cherrypick Test: Manual steps described in doc Bug: 266592086 Change-Id: I940609d5dff4fc73d0376489646488c7b96eebb8	2023-05-09 13:10:01 +00:00
Mugdha Lakhani	30cf7bbf28	Relax sdk sandbox sepolicy. auditallow block from sdk_sandbox has been removed as we haven't yet measured the system health impact of adding this. It'll be added to an audit domain later after we've ruled out negative system health impact. Bug: b/270148964 Test: atest PackageManagerLocalTest SdkSandboxDataIsolationHostTest SdkSandboxRestrictionsTest Change-Id: Ic4ce690e82b09ed176495f3b55be6069ffc074ac Merged-In: Ic4ce690e82b09ed176495f3b55be6069ffc074ac	2023-05-06 19:25:40 +00:00
Peiyong Lin	bceecf2bd0	Merge "Allow graphics_config_writable_prop to be modified." into udc-dev am: `82e2aa6c61` am: `747e54326e` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22993902 Change-Id: Ibf257e1ffbcbb0ae1df14ce7c2393138999a8145 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-05 17:07:17 +00:00

1 2

81 commits