tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
45616 commits 1 branch 0 tags 50 MiB
Commit graph

45616 commits

This branch
This branch
All branches
Author SHA1 Message Date
Daniel Norman
4245d0413b Allow system_server access to hidraw devices. 
This allows AccessibilityManagerService in system_server to
interact with a HID-supported Braille Display.

Bug: 303522222
Test: ls -z /dev/hidraw0
Test: plat_file_contexts_test
Test: Open FileInputStream and FileOutputStream on this device
      path from AccessibilityManagerService
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:67a63cc046769759aa43cf1653f11e57c55cd1db)
Merged-In: I2982e907bd2a70c1e4e8161647d6efd65110b99c
Change-Id: I2982e907bd2a70c1e4e8161647d6efd65110b99c
 2023-11-30 23:33:55 +00:00
Treehugger Robot
419203bea5 Merge "Fix dumpstate denials related to virtual_camera" into main am: d3fe043eb8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2852613

Change-Id: Ifd5829ddd964479ed7b53320a2470bc8e993138b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-30 22:43:12 +00:00
Treehugger Robot
99cf9a3df5 Merge "Allow hal_codec2_server to read fifo_file" into main am: f6a4cb8115 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2847905

Change-Id: Ia220902299ab47e6f80025527143605fe283c146
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-30 22:42:39 +00:00
Treehugger Robot
d3fe043eb8 Merge "Fix dumpstate denials related to virtual_camera" into main 2023-11-30 22:34:24 +00:00
Treehugger Robot
f6a4cb8115 Merge "Allow hal_codec2_server to read fifo_file" into main 2023-11-30 21:43:42 +00:00
Andrea Zilio
32ab868eac Add pm.archiving.enabled system property 
Test: Builds and starts up fine on acloud
Bug: 314160630
Change-Id: I1d90876979bcdb9416bb711f59678a0e640a3e89
 2023-11-30 21:14:21 +00:00
Jan Sebechlebsky
de644175a9 Fix dumpstate denials related to virtual_camera 
Bug: 313794601
Test: atest android.security.cts.SELinuxHostTest#testNoBugreportDenials
Change-Id: Ie5b7c89388190fa927f8c762b2e65557f9d9870b
 2023-11-30 10:57:16 +01:00
Sungtak Lee
46c6c0e28e Allow hal_codec2_server to read fifo_file 
Test: m
Bug: 254050314
Change-Id: I5b2fc4fade7d9ff05af88044c0c779ac20478851
 2023-11-29 22:32:24 +00:00
Alex Xu
2664a80285 Merge "Update sepolicy for security_state service to include public API." into main am: 11f4cc754d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2851545

Change-Id: Id6d8d09b4c9bda0c8d4c1e6538fbb493eff4c5f4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-29 19:23:56 +00:00
Alex Xu
11f4cc754d Merge "Update sepolicy for security_state service to include public API." into main 2023-11-29 18:31:40 +00:00
Yu-Ting Tseng
de8e7682c0 [automerger skipped] Revert "Revert "SELinux policy changes for uprobe."" am: 086e1f0eaa -s ours am: 09b3def95b -s ours 
am skip reason: Merged-In I5b9a102879a65917d496ba2194187ddd2b4545d1 with SHA-1 3e8e8eac08 is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2827250

Change-Id: I4cc0c6b114e3b6fc28d1e91a9d12f7341490867b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-29 07:20:27 +00:00
Thiébaud Weksteen
efa4cf8469 Prebuilt updates am: 448968a6d1 am: 084b293596 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2848878

Change-Id: If8cc1dbc910cb2fec2d4996c1a2f8fef602472cc
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-29 06:56:58 +00:00
Yu-Ting Tseng
09b3def95b [automerger skipped] Revert "Revert "SELinux policy changes for uprobe."" am: 086e1f0eaa -s ours 
am skip reason: Merged-In I5b9a102879a65917d496ba2194187ddd2b4545d1 with SHA-1 3e8e8eac08 is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2827250

Change-Id: Ia6fdfbf2e483abdf129f441cd69c330200c96b82
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-29 06:25:54 +00:00
Thiébaud Weksteen
084b293596 Prebuilt updates am: 448968a6d1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2848878

Change-Id: I991e63e36e9e680edfd21e4a20293ae779caffcb
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-29 06:25:40 +00:00
Yu-Ting Tseng
086e1f0eaa Revert "Revert "SELinux policy changes for uprobe."" 
This reverts commit e2bd44d48d.

Reason for revert: 2nd attempt to add the policy change

Bug: 308058980
Test: m selinux_policy
Change-Id: I5b9a102879a65917d496ba2194187ddd2b4545d1
Merged-In: I5b9a102879a65917d496ba2194187ddd2b4545d1
 2023-11-29 06:12:36 +00:00
Thiébaud Weksteen
448968a6d1 Prebuilt updates 
Bug: 308058980
Test: m selinux_policy
Change-Id: I23b2265340002b4b9f8d15ad0a8e8324aa0f94e1
 2023-11-29 06:01:56 +00:00
Alex Xu
c4fb354a37 Update sepolicy for security_state service to include public API. 
security_state service manages security state (e.g. SPL) information across partitions, modules, etc.

Bug: 307819014
Test: Manual
Change-Id: I70c5d24b19cc457215d329b03ce2fd696c765905
 2023-11-29 01:23:59 +00:00
Treehugger Robot
4d7c8deb40 Merge "Label wifi.interface." into main am: e22500d7b9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2845878

Change-Id: Ic5b53487a40b2b1b82f91598da3c03355c6b9023
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-28 10:58:50 +00:00
Treehugger Robot
e22500d7b9 Merge "Label wifi.interface." into main 2023-11-28 10:20:23 +00:00
Hansen Kurli
1aac0c51a0 Remove all sepolicy relating to racoon 
Legacy VPNs are removed, including the usage of racoon.

Bug: 161776767
Test: m
Change-Id: I8211b3f00cc0213b1c89b269857adc7c21b97efb
 2023-11-28 14:16:07 +08:00
Seungjae Yoo
d60c51cbe4 vendor_microdroid_file shouldn't be overwrited am: ed25d9436d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2846873

Change-Id: I8617f2cad23e811d32502f5130321c1213fe4f73
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-28 04:48:33 +00:00
Seungjae Yoo
ed25d9436d vendor_microdroid_file shouldn't be overwrited 
If malicious process in the host overwrites microdroid vendor image,
unexpected behavior could be happened.

Bug: 285854379
Test: adb shell /apex/com.android.virt/bin/vm run-microdroid --vendor /vendor/etc/avf/microdroid/microdroid_vendor.img

Change-Id: I18ce5112b75b2793c85bb59c137715beb602a5f3
 2023-11-28 11:20:18 +09:00
LuK1337
0372255af1 Label wifi.interface. 
This lets us override AIDL WiFi HAL interfaces.

Bug: 313385486
Change-Id: I3bb0c274f5fb6f709d09b67deff2df7229e04369
 2023-11-27 18:00:55 +00:00
Thiébaud Weksteen
dfd11d7740 Merge "Ignore access to /proc/pagetypeinfo for Settings" into main am: 8c225b0c73 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2845233

Change-Id: Id803459af1bd32bd32d5b4e83a98de2202e55e2f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-23 23:49:40 +00:00
Thiébaud Weksteen
8c225b0c73 Merge "Ignore access to /proc/pagetypeinfo for Settings" into main 2023-11-23 22:55:54 +00:00
Max Bires
268cffde84 Remove deprecated enable_rkpd property am: f019332f6d am: 6d82dbcdbb 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2843933

Change-Id: I84371a77842a2531ea317e74a607572dbe8e5f2e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-23 20:43:34 +00:00
Max Bires
6d82dbcdbb Remove deprecated enable_rkpd property am: f019332f6d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2843933

Change-Id: I5ffe70fa49fbb66326e5d46bc1959b65596b0073
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-23 20:11:50 +00:00
Thiébaud Weksteen
bdc7214f85 Ignore access to /proc/pagetypeinfo for Settings 
avc:  denied  { read } for  comm="pool-3-thread-6" name="pagetypeinfo"
dev="proc" ino=4026531857 scontext=u:r:system_app:s0
tcontext=u:object_r:proc_pagetypeinfo:s0 tclass=file permissive=0

Bug: 312375728
Test: m selinux_policy
Change-Id: Ic2946e181d3a0af65a6ebe093ef7f257c75a1c22
 2023-11-23 10:40:07 +11:00
George Chan
a39807cf39 Merge "Added system_api_service to bg_install_control_service" into main am: 09a7dd1714 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2833512

Change-Id: Ibea9151383d29554bfe21bbced200df0348c5bcc
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-22 23:14:21 +00:00
George Chan
09a7dd1714 Merge "Added system_api_service to bg_install_control_service" into main 2023-11-22 22:32:00 +00:00
George Chan
7d0df3459b Added system_api_service to bg_install_control_service 
Bug: 296060433
Test: m
Change-Id: I7b0a20991a417aefae99b4c206ca8234d85ed615
 2023-11-22 21:52:58 +00:00
Max Bires
f019332f6d Remove deprecated enable_rkpd property 
The enable_rkpd property is no longer needed. This change removes the
vestigial property.

Test: Successful build
Change-Id: I810d5a21cbe01b43a37244959e21febd0880be59
 2023-11-22 17:24:07 +00:00
Alice Wang
8bbd637329 Revert^4 "[avf][rkp] Allow virtualizationservice to register RKP HAL" am: e79bbf9cf8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2828234

Change-Id: Icf926e78100ec48014ca24e6a51b51c5ea93f7c1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-22 10:03:25 +00:00
Alice Wang
e79bbf9cf8 Revert^4 "[avf][rkp] Allow virtualizationservice to register RKP HAL" 
Revert submission 2829351-revert-2812456-revert-2812435-revert-2778549-expose-avf-rkp-hal-GTFGLMUUKQ-PAWNEHUQBT-WYENGHRTXK

Reason for revert: Relands the original topic:
https://r.android.com/q/topic:%22expose-avf-rkp-hal%22

Changes from the reverted cl aosp/2812455:
 - The AIDL service type has been renamed from avf_* to hal_* to be
   consistent with the others.

 - The new AIDL service type, hal_remotelyprovisionedcomponent_avf_service,
   for the IRPC/avf service, has been set up with the server/client model
   for AIDL Hal. The virtualizationservice is declared as server and
   RKPD is declared as client to access the service instead of raw
   service permission setup as in the reverted cl. This is aligned
   with the AIDL Hal configuration recommendation.

 - Since the existing type for IRPC hal_remotelyprovisionedcomponent is
   already associated with keymint server/client and has specific
   permission requirements, and some of the keymint clients might not
   need the AVF Hal. We decided to create a new AIDL service type
   instead of reusing the exisiting keymint service type.

Reverted changes: /q/submissionid:2829351-revert-2812456-revert-2812435-revert-2778549-expose-avf-rkp-hal-GTFGLMUUKQ-PAWNEHUQBT-WYENGHRTXK

Bug: 312427637
Bug: 310744536
Bug: 299257581
Test: atest MicrodroidHostTests librkp_support_test
Change-Id: Id37764b5f98e3c30c0c63601560697cf1c02c0ad
 2023-11-22 08:21:27 +00:00
Inseob Kim
42615f60cf Merge "Flag-guard vfio_handler policies" into main am: 0932bb9ba9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2822171

Change-Id: I3fa83d88ee973658e5334edf0fba73b625e107a4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-22 07:55:30 +00:00
Inseob Kim
0932bb9ba9 Merge "Flag-guard vfio_handler policies" into main 2023-11-22 07:45:53 +00:00
Ján Sebechlebský
5c1d248fd0 Merge changes I0ca68d6c,Ie621f896 into main am: d97e6b1d70 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2837616

Change-Id: I647fc47a9848a6b21703ad333fbe9fe6cc91695a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-22 07:14:17 +00:00
Ján Sebechlebský
d97e6b1d70 Merge changes I0ca68d6c,Ie621f896 into main 
* changes:
  Allow virtual camera service to access gpu.
  Revert^2 "Allow system_server to communicate with virtual_camera"
 2023-11-22 06:58:18 +00:00
Inseob Kim
094e8e81a2 Flag-guard vfio_handler policies 
vfio_handler will be active only if device assignment feature is turned
on.

Bug: 306563735
Test: microdroid tests with and without the flag
Change-Id: I5559dfca1a29852b65481c95f37edc9977ee9d7d
 2023-11-22 05:28:20 +00:00
Treehugger Robot
29e90755b3 Merge "Add dev_type test" into main am: ae44be3e4a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2762847

Change-Id: Icdf191f1755393cfeea23a47f6df3bcc5874a2a2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-22 05:23:22 +00:00
Treehugger Robot
ae44be3e4a Merge "Add dev_type test" into main 2023-11-22 04:36:58 +00:00
Ahmad Khalil
a6c6bf0889 Add fwk_vibrator_control_service am: 95ee9ea719 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2824730

Change-Id: Ic05d0a548a76ee70c2f8377afe2b3a087355870b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-21 23:20:27 +00:00
Ahmad Khalil
95ee9ea719 Add fwk_vibrator_control_service 
Convert vibrator_control to a framework service (fwk_vibrator_control_service) in system_server.

Bug: 305961689
Test: N/A
Change-Id: I5f3aba2c58a3166593a11034a8d21dfd12311c2e
 2023-11-21 20:59:48 +00:00
Matías Hernández
b58ddfddee Merge "Make color_display app_api_service in addition to system_api_service" into main am: e2e44c0156 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2841713

Change-Id: I3386f10c848e5acee1a5313bf9c64b8dfc1293ab
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-21 20:18:38 +00:00
Matías Hernández
e2e44c0156 Merge "Make color_display app_api_service in addition to system_api_service" into main 2023-11-21 19:52:44 +00:00
Eric Laurent
866a4cc2b4 Merge "Bluetooth: add system property for HID transport selection" into main am: 2fc53fec54 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2838356

Change-Id: Ie7ffcaff6f3d2baabcf9ff90ebc88d22ed15e0bb
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-21 19:14:51 +00:00
Eric Laurent
2fc53fec54 Merge "Bluetooth: add system property for HID transport selection" into main 2023-11-21 18:32:07 +00:00
Shikha Panwar
67d30d0d61 Merge "Secretkeeper/Sepolicy: Create required domains" into main am: 2838e84381 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2719356

Change-Id: Ia9c31d6b68999da467613bc25185e0a1123082ab
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-21 18:05:34 +00:00
Shikha Panwar
2838e84381 Merge "Secretkeeper/Sepolicy: Create required domains" into main 2023-11-21 17:56:46 +00:00
Matías Hernández
b8762f78b2 Make color_display app_api_service in addition to system_api_service 
This makes the service available for CTS tests (specifically NotificationManagerZenTest).

Test: m -j
Bug: 308673540
Change-Id: I45917abd0c0dd3f2c5365b2780ac3ab5e28f2580
 2023-11-21 18:51:56 +01:00