tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
42903 commits 1 branch 0 tags 50 MiB
Commit graph

42903 commits

This branch
This branch
All branches
Author SHA1 Message Date
Treehugger Robot
c76e2b4b91 Merge "Relax sdk sandbox sepolicy." into udc-dev am: 2079ab2f28 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23061000

Change-Id: I4377e8617fd1e9d97a0b28f88536ace2b9a4b12b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-10 10:47:16 +00:00
Treehugger Robot
2079ab2f28 Merge "Relax sdk sandbox sepolicy." into udc-dev 2023-05-10 09:51:25 +00:00
Gavin Corkery
5e22766f47 Merge "Allow mediaprovider and mediaserver to read sdk_sandbox_data_file" into udc-dev am: fefe81b685 am: 868227b663 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/21931719

Change-Id: I14bb602b1de39f74034026ae190c6df84920af7b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-09 16:57:39 +00:00
Gavin Corkery
868227b663 Merge "Allow mediaprovider and mediaserver to read sdk_sandbox_data_file" into udc-dev am: fefe81b685 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/21931719

Change-Id: Ia024858f4192ebeccfe6b86b16aafa19cd31b6ad
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-09 16:18:25 +00:00
Gavin Corkery
fefe81b685 Merge "Allow mediaprovider and mediaserver to read sdk_sandbox_data_file" into udc-dev 2023-05-09 15:41:32 +00:00
Gavin Corkery
10417857ea Allow mediaprovider and mediaserver to read sdk_sandbox_data_file 
Context: go/videoview-local-sandbox. This change is required to
play local files in a VideoView in the SDK sandbox.

Ignore-AOSP-First: Cherrypick

Test: Manual steps described in doc
Bug: 266592086
Change-Id: I940609d5dff4fc73d0376489646488c7b96eebb8
 2023-05-09 13:10:01 +00:00
Maciej Żenczykowski
b1f847eebd remove inprocess tethering 
Test: TreeHugger
Bug: 279942846
(cherry picked from https://android-review.googlesource.com/q/commit:e52d2349dd173678194deb4935d866effa0da9a4)
Merged-In: I0fd3a7dfe9b554d18de435e5df47de048e453d00
Change-Id: I0fd3a7dfe9b554d18de435e5df47de048e453d00
 2023-05-08 21:16:32 +00:00
Mugdha Lakhani
30cf7bbf28 Relax sdk sandbox sepolicy. 
auditallow block from sdk_sandbox has been removed as we haven't yet
measured the system health impact of adding this. It'll be added to an
audit domain later after we've ruled out negative system health impact.

Bug: b/270148964
Test: atest PackageManagerLocalTest SdkSandboxDataIsolationHostTest
SdkSandboxRestrictionsTest
Change-Id: Ic4ce690e82b09ed176495f3b55be6069ffc074ac
Merged-In: Ic4ce690e82b09ed176495f3b55be6069ffc074ac
 2023-05-06 19:25:40 +00:00
Peiyong Lin
bceecf2bd0 Merge "Allow graphics_config_writable_prop to be modified." into udc-dev am: 82e2aa6c61 am: 747e54326e 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22993902

Change-Id: Ibf257e1ffbcbb0ae1df14ce7c2393138999a8145
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-05 17:07:17 +00:00
Peiyong Lin
747e54326e Merge "Allow graphics_config_writable_prop to be modified." into udc-dev am: 82e2aa6c61 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22993902

Change-Id: I0546c4468dfbfb017c3c288c83883f99e5cb8c7b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-05 16:54:26 +00:00
Peiyong Lin
82e2aa6c61 Merge "Allow graphics_config_writable_prop to be modified." into udc-dev 2023-05-05 16:24:26 +00:00
Treehugger Robot
568be11492 Merge "Add neverallow rules to protect SDK's private data" into udc-dev am: b7146a9e58 am: e114c652a0 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22907484

Change-Id: I3c16dfe139609be098ebc781aecc8dbe332bafdf
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-05 16:03:38 +00:00
Treehugger Robot
e114c652a0 Merge "Add neverallow rules to protect SDK's private data" into udc-dev am: b7146a9e58 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22907484

Change-Id: I245c4c12dff2028abfe1c7a3002c3a3b5e7b4e47
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-05 15:22:00 +00:00
Treehugger Robot
b7146a9e58 Merge "Add neverallow rules to protect SDK's private data" into udc-dev 2023-05-05 14:38:12 +00:00
Howard Chen
f0de156722 Merge "Allow gsid to create alternative installation directory" into udc-qpr-dev 2023-05-05 03:08:06 +00:00
Jay Civelli
3a23a03471 Merge "Add 2 new system properties for Quick Start" into udc-dev am: 5fd77a4e68 am: ec3e029174 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22872879

Change-Id: I981c52220d24c1fe9615266f1f717c5f946873bc
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-04 17:55:28 +00:00
Jay Civelli
ec3e029174 Merge "Add 2 new system properties for Quick Start" into udc-dev am: 5fd77a4e68 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22872879

Change-Id: I4da2eaa71f26a8a632e6749290bf94facb1237c5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-04 17:13:08 +00:00
Mugdha Lakhani
2d9b9f2b31 Add neverallow rules to protect SDK's private data 
SDK's data should not be accessible directly by other domains, including
system server. Added neverallow to ensure that.

Bug: b/279885689
Test: make and boot device
Change-Id: If6a6b4d43f297ec2aa27434dd26f6c88d0d8bcf2
Merged-In:  If6a6b4d43f297ec2aa27434dd26f6c88d0d8bcf2
 2023-05-04 16:38:40 +00:00
Jay Civelli
5fd77a4e68 Merge "Add 2 new system properties for Quick Start" into udc-dev 2023-05-04 16:35:59 +00:00
Peiyong Lin
194abd16cb Allow graphics_config_writable_prop to be modified. 
vendor_init needs to set graphics_config_writable_prop, moving it to
system_public_prop.

Ignore-AOSP-First: Cherry-pick
Bug: b/270994705
Test: atest CtsAngleIntegrationHostTestCases
Test: m && boot
Change-Id: I2f47c1048aad4565cb13d4289b9a018734d18c07
Merged-In: I2f47c1048aad4565cb13d4289b9a018734d18c07
 2023-05-04 16:04:44 +00:00
Howard Chen
de62e955e3 Allow gsid to create alternative installation directory 
Bug: 275484855
Test: adb shell gsi_tool install -n -w \
  --gsi-size $(du -b system.raw|cut -f1) \
  --install-dir /data/gsi/oem --userdata-size 8589934592 < system.raw
Change-Id: I46aa48fafec2f3845fa1a5139afb8c03db6b0d4e
 2023-05-04 13:52:44 +08:00
Jay Civelli
c97b3a244f Add 2 new system properties for Quick Start 
Test: Manually validated that GmsCore can access the properties, but not a test app.
Ignore-AOSP-First: Change is targeted at Google devices.
Change-Id: I2fa520dc31b328738f9a5fd1bcfc6632b61ad912
Bug: 280330984
 2023-05-03 04:04:15 +00:00
Kalesh Singh
d55e7fd6be Merge "16k: Add sepolicy for max page size prop" into udc-dev am: ad3183676c am: f11e0af5c6 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22935830

Change-Id: Id0ea8f104aaff8fe4ba8823d5a17897821ace4fd
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-02 17:30:21 +00:00
Kalesh Singh
f11e0af5c6 Merge "16k: Add sepolicy for max page size prop" into udc-dev am: ad3183676c 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22935830

Change-Id: Ie0232a428d0ecbea5c10de26206bb4f7bc64d3af
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-02 16:45:55 +00:00
Kalesh Singh
ad3183676c Merge "16k: Add sepolicy for max page size prop" into udc-dev 2023-05-02 16:11:59 +00:00
Jinyoung Jeong
54461210fd Fix selinux denial for setupwizard_esim_prop am: e52a8f2a47 am: 8eaded4bc4 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22955599

Change-Id: I026b0242fe5e437c6e36ff380241fdc9aae775ff
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-02 14:57:59 +00:00
Jinyoung Jeong
8eaded4bc4 Fix selinux denial for setupwizard_esim_prop am: e52a8f2a47 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22955599

Change-Id: I5a52a063ffaba2f4063ff2865172e6bc85bafd1f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-02 14:57:35 +00:00
Weilin Xu
eb34a36bbd Merge "Make broadcastradio_service accessible from CTS" into udc-dev am: 07767709c9 am: c3a887cee6 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22634562

Change-Id: I56444aa513cd755a7ed8ce6821f538538b8df161
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-02 14:44:41 +00:00
Jinyoung Jeong
e52a8f2a47 Fix selinux denial for setupwizard_esim_prop 
Bug: 280336861
Test: no denial logs found
Ignore-AOSP-First: will merge in AOSP aosp/2573840
Change-Id: Ieedf8343f55f047b3fd33cc1cd2c759400dce2b4
 2023-05-02 10:40:07 +00:00
Weilin Xu
c3a887cee6 Merge "Make broadcastradio_service accessible from CTS" into udc-dev am: 07767709c9 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22634562

Change-Id: I43c6be19b771098bda3c9b84d96b72b754c4c7aa
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-02 10:26:08 +00:00
Treehugger Robot
34165823a7 Merge "Allow fastbootd set boottime property" into udc-d1-dev am: f46c87d2d1 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22899494

Change-Id: I7243d29106e64b7eb3aca50eb000604fedb6bda7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-02 08:33:44 +00:00
Weilin Xu
07767709c9 Merge "Make broadcastradio_service accessible from CTS" into udc-dev 2023-05-02 05:05:55 +00:00
Treehugger Robot
f46c87d2d1 Merge "Allow fastbootd set boottime property" into udc-d1-dev 2023-05-02 04:54:37 +00:00
Jayden Kim
da728815e3 Merge "Add sepolicy for new bluetooth le radio path loss compensation sysprops" into udc-dev am: 5462a6501b am: 41feeca1db 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22909867

Change-Id: I77fc6209e0aafa7eadb09a9aaa8262daac90907d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-02 02:16:20 +00:00
Jayden Kim
41feeca1db Merge "Add sepolicy for new bluetooth le radio path loss compensation sysprops" into udc-dev am: 5462a6501b 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22909867

Change-Id: I1145a72c9a4f5357f3e810629a33be52164a682c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-02 01:33:51 +00:00
Jayden Kim
5462a6501b Merge "Add sepolicy for new bluetooth le radio path loss compensation sysprops" into udc-dev 2023-05-02 01:01:14 +00:00
Kalesh Singh
58cefa04ab 16k: Add sepolicy for max page size prop 
Devices can select their max supported with PRODUCT_MAX_PAGE_SIZE_SUPPORTED.
This is exposed as ro.product.cpu.pagesize.max to VTS tests.

Add the required sepolicy labels for the new property.

Bug: 277360995
Test: atest -c vendor_elf_alignment_test -s <serial>
Signed-off-by: Kalesh Singh <kaleshsingh@google.com>
(cherry picked from https://android-review.googlesource.com/q/commit:0a66ea359f6751741f8100a9d934ae8d2e53d120)
Merged-In: Ibe01e301dbcc3392201dffd3bba845700ee2a5e8
Change-Id: Ibe01e301dbcc3392201dffd3bba845700ee2a5e8
 2023-05-01 09:13:39 -07:00
Evgenii Stepanov
c3ea7d75a4 Merge "Relax sepolicy for device_config_runtime_native_*." into udc-dev am: f666700fa9 am: 7fcf927eda 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22912955

Change-Id: Ia1e9b7edc737346f98bec4e0e012fd547ab74087
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-30 20:02:34 +00:00
Evgenii Stepanov
7fcf927eda Merge "Relax sepolicy for device_config_runtime_native_*." into udc-dev am: f666700fa9 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22912955

Change-Id: I2ae8b39c4f3b4fa47a950ef1d45a96d19a8cdc17
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-30 19:18:41 +00:00
Evgenii Stepanov
f666700fa9 Merge "Relax sepolicy for device_config_runtime_native_*." into udc-dev 2023-04-30 18:29:18 +00:00
Jinyoung Jeong
5bf17cb398 Add setupwizard_esim_prop to access ro.setupwizard.esim_cid_ignore am: fa95e8c591 am: 5205a56ad3 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22899490

Change-Id: I7338ec239e9abad6d89257a726150384e4b1ff25
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-30 04:05:28 +00:00
Jinyoung Jeong
5205a56ad3 Add setupwizard_esim_prop to access ro.setupwizard.esim_cid_ignore am: fa95e8c591 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22899490

Change-Id: I653ff006bc75c376434828de57bad34a28e49b15
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-30 03:23:24 +00:00
Evgenii Stepanov
11ce6894e8 Relax sepolicy for device_config_runtime_native_*. 
This change allows vendor init scripts to react to the MTE bootloader
override device_config. It extends the domain for runtime_native and
runtime_native_boot configs from "all apps", which is already very
permissive, to "everything".

Ignore-AOSP-First: UpsideDownCake/34 does not exist in AOSP
Bug: 239832365
Test: none
Change-Id: I66aa1492f929f43f937b4ab0780f7753c1f4b92e
 2023-04-28 14:37:18 -07:00
Jayden Kim
0e228763e1 Add sepolicy for new bluetooth le radio path loss compensation sysprops 
Bug: 277676657
Test: make -j; atest BluetoothInstrumentationTests
Change-Id: I94f8d9d18b9c4659703edb773dd29870430e40b7
Ignore-AOSP-First: This is a cherry-pick from AOSP
 2023-04-28 16:31:09 +00:00
Jinyoung Jeong
fa95e8c591 Add setupwizard_esim_prop to access ro.setupwizard.esim_cid_ignore 
bug: 279548423
Test:  http://fusion2/b7c803be-2dca-4195-b91f-6c4939746b5b, http://fusion2/bb76429b-7d84-4e14-b127-8458abb3e2ed
Ignore-AOSP-First: will merge in AOSP aosp/2571810
Change-Id: I4b190fca2f3825a09d27cfc74e8a528831f4f15b
 2023-04-28 16:25:26 +00:00
Wilson Sung
97af7582a1 Allow fastbootd set boottime property 
Bug: 264489957
Test: flash and no related avc error
Change-Id: Ia9a6d4918aa78e6b3e7df39496d786921192c8af
Ignore-AOSP-First: master need the prebuilt upadte
Signed-off-by: Wilson Sung <wilsonsung@google.com>
 2023-04-28 08:12:50 +00:00
Weilin Xu
85b94c7c49 Make broadcastradio_service accessible from CTS 
When CTS test app tries to get broadcastradio_service from context, it
is considered as untrusted app by sepolicy since broadcastradio_service
is not app_api_service. Made it as app_api_service so that CTS for
broadcastradio can be ran on devices.

Bug: 262191898
Test: atest CtsBroadcastRadioTestCase
Ignore-AOSP-First: fix CTS issue
Change-Id: I0583f549eb5b781ff23f81b2073baa0390009f9e
 2023-04-27 23:40:33 +00:00
Thiébaud Weksteen
0734dbcfa9 Remove comments in service_contexts 
Commit b554e59 converted the build rules of contexts to Soong.
Previously, both services_contexts and hwservice_contexts were stripped
of comments. This is useful as a CTS test (testAospServiceContexts)
ensures that the device service_contexts matches AOSP. Restore the
previous behaviour.

Bug: 279384270
Test: m selinux_policy; diff plat_service_contexts; no more comments
(cherry picked from https://android-review.googlesource.com/q/commit:74482f5328484f143ab9a6135a01039a94230336)
Merged-In: Id0245efacf4e4b123f805869d95bacf804ccb915
Change-Id: Id0245efacf4e4b123f805869d95bacf804ccb915
 2023-04-27 00:50:22 +00:00
Parth Sane
09334ff85b Merge "Add SysProp to set the number of threads in Apexd bootstrap" into udc-dev am: f6f4205d50 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22813140

Change-Id: Ie914438cf91737dd053c584b9cc40f7c3af77ee4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-26 13:00:04 +00:00
Parth Sane
f6f4205d50 Merge "Add SysProp to set the number of threads in Apexd bootstrap" into udc-dev 2023-04-26 12:31:14 +00:00