tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
45580 commits 1 branch 0 tags 50 MiB
Commit graph

351 commits

Author SHA1 Message Date
Alice Wang
ece557dc7a Revert "[avf][rkp] Allow virtualizationservice to register RKP H..." 
Revert submission 2778549-expose-avf-rkp-hal

Reason for revert: SELinux denial
avc:  denied  { find } for pid=3400 uid=10085 name=android.hardware.security.keymint.IRemotelyProvisionedComponent/avf scontext=u:r:rkpdapp:s0:c85,c256,c512,c768 tcontext=u:object_r:avf_remotelyprovisionedcomponent_service:s0 tclass=service_manager permissive=0


Reverted changes: /q/submissionid:2778549-expose-avf-rkp-hal

Bug: 308596709
Change-Id: If8e448e745f2701cf00e7757d0a079d8700d43c0
 2023-10-31 15:01:18 +00:00
Alice Wang
7109a31496 Merge "[avf][rkp] Allow virtualizationservice to register RKP HAL service" into main 2023-10-31 12:21:41 +00:00
Alex Xu
f82b6897cf Merge "Add sepolicy for security_state service." into main 2023-10-27 19:20:58 +00:00
Alice Wang
104626ca99 [avf][rkp] Allow virtualizationservice to register RKP HAL service 
Bug: 274881098
Test: atest MicrodroidHostTests
Change-Id: Ib0953fa49f27719be63bb244071b132bc385dca3
 2023-10-27 09:26:42 +00:00
Alex Xu
902a010aaa Add sepolicy for security_state service. 
security_state service manages security state (e.g. SPL) information across partitions, modules, etc.

Bug: 307819014
Test: Manual
Change-Id: I4ebcd8431c11b41f7e210947b32cf64c2adf3901
 2023-10-26 06:11:58 +00:00
David Drysdale
c4ab01baad Add sepolicy for non-secure AuthGraph impl 
Bug: 284470121
Bug: 291228560
Test: hal_implementation_test
Test: VtsAidlAuthGraphSessionTest
Change-Id: I85bf9e0656bab3c96765cc15a5a983aefb6af66d
 2023-10-26 02:00:43 +00:00
Thiébaud Weksteen
b6e7430dad Accept test_data attribute for file_contexts_test 
If file_contexts_test is given a test_data attribute, it will use
`checkfc -t` to validate the file_context against it, instead of using
the policy. Both options are mutually exclusive.

Bug: 299839280
Test: m
Change-Id: I3f541e0d0bb5d03ed146e27d67bc811cda3164b1
 2023-10-23 16:10:18 +11:00
Thiébaud Weksteen
a69e14f342 Refactor contextsTestModule 
Keep the type of context and decides on the flags within
GenerateAndroidBuildActions. This is a no-op but will help supporting
other options for checkfc.

Bug: 299839280
Test: mm
Change-Id: I3a6f9db9d890e0a0ccb3eca37c01b2977fa2e2d1
 2023-10-23 11:21:58 +11:00
Vladimir Komsiyski
6e07de8088 Merge "Policy for virtualdevice_native service." into main 2023-10-06 14:20:09 +00:00
Vladimir Komsiyski
31facf0677 Policy for virtualdevice_native service. 
A parallel implementation of certain VDM APIs that need to
be exposed to native framework code.

Similar to package_native_service.

Not meant to be used directly by apps but should still be
available in the client process via the corresponding native
manager (e.g. SensorManager).

Starting the service: ag/24955732
Testing the service: ag/24955733

Bug: 303535376
Change-Id: I90bb4837438de5cb964d0b560585b085cc8eabef
Test: manual
 2023-10-06 12:52:42 +00:00
Wonsik Kim
98acf4400b Merge "Add a fuzzer for media.c2 HAL" into main am: c8eacad5a8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2736097

Change-Id: If12e0ee24d2b44868a281079f2cd7222ec817284
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-12 17:00:49 +00:00
Wonsik Kim
c8eacad5a8 Merge "Add a fuzzer for media.c2 HAL" into main 2023-09-12 16:14:49 +00:00
Treehugger Robot
d065d025ed Merge "C2 AIDL sepolicy update" into main am: 8342def00a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2721424

Change-Id: I096e99c403f513a203040cf97e199392dc794177
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-07 19:52:25 +00:00
Treehugger Robot
8342def00a Merge "C2 AIDL sepolicy update" into main 2023-09-07 17:54:05 +00:00
Treehugger Robot
31406c242e Merge changes Ia2c07331,I93f0d222 into main am: f476f5c8f1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2742356

Change-Id: If3a6af8553b6d645653ae38e898c3770b7dab868
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-07 09:14:47 +00:00
Inseob Kim
5d7423ff3d Build prebuilt policy with Soong 
... and remove redundant Makefile codes. This also updates commit hook
as we now only use Soong to build sepolicy.

Bug: 296875906
Test: m selinux_policy
Change-Id: I93f0d222a0c10e31c51c9380780a8927c47d62b1
 2023-09-07 16:32:30 +09:00
Wonsik Kim
53e5ae799d Add a fuzzer for media.c2 HAL 
Bug: 251850069
Test: presubmit
Change-Id: I4c58df29641465c019147b86bfd58b0e37961b1f
 2023-09-06 14:31:27 -07:00
Wonsik Kim
a981983e70 C2 AIDL sepolicy update 
Bug: 251850069
Test: presubmit
Change-Id: Ica39920472de154aa01b8e270297553aedda6782
 2023-09-06 14:30:26 -07:00
Treehugger Robot
d1710c749b Merge "Relax freeze_test to check only compatibility" into main am: b316f8bf95 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2737118

Change-Id: I575c28928e4c5690fc1b87ee09938cf0ed451476
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-05 07:06:46 +00:00
Inseob Kim
36d9d39e6e Relax freeze_test to check only compatibility 
For now, freeze_test compares prebuilts against sources with diff, to
ensure that sources are identical to prebuilts. However, it could be the
case that the branch should be able to build both REL and ToT. In that
case, changes to the sources are inevitable and the freeze test will
fail.

To fix the issue, freeze_test will now only check compatibility. To be
specific, it will check if any public types or attributes are removed.
Contexts files and neverallow rules are not checked, but they may be
added later. Also to support the new freeze_test

- build_files module is changed to use glob (because REL version won't
  be in compat versions list)
- plat_pub_policy modules are added under prebuilts/api (because
  freeze_test needs that)

Bug: 296875906
Test: m selinux_policy
Change-Id: I39c40992965b98664facea3b760d9d6be1f6b87e
 2023-09-05 03:37:18 +00:00
Inseob Kim
9f976cba9d Merge "Remove code about mixed sepolicy build" into main am: 726bcb500c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2733319

Change-Id: I3b3099e72f547e09f1abca1cec1b7c55b6d91593
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-01 01:33:44 +00:00
Inseob Kim
6c6aa01ae4 Remove code about mixed sepolicy build 
There is no one actively using mixed sepolicy build, and it made
sepolicy codes too complicated. As we are deprecating mixed build,
removing such code for cleanup.

Bug: 298305798
Test: boot cuttlefish
Change-Id: I8beedd5a281fa957532deecb857da4e1bb66992a
 2023-08-31 16:54:17 +09:00
Inseob Kim
da15aa9d1b Use board api level for seapp coredomain check am: 06518b14f7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2727834

Change-Id: Ia96fef6b3b70fbe0743efc0cedf6e6767ba584d8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-08-29 01:56:08 +00:00
Xin Li
80690d5086 Merge "Merge Android U (ab/10368041)" into aosp-main-future 2023-08-28 22:13:48 +00:00
Inseob Kim
06518b14f7 Use board api level for seapp coredomain check 
Rather than PRODUCT_SHIPPING_API_LEVEL, use board api level
(BOARD_API_LEVEL or BOARD_SHIPPING_API_LEVEL) to determine whether we
check coredomain violations or not.

Bug: 280547417
Test: see build command of vendor_seapp_contexts
Change-Id: I20859d6054ab85f464b29631bdfd55ade3e78f53
 2023-08-25 21:20:08 +09:00
Kangping Dong
5e82983ee4 Merge "[Thread] add sepolicy rules for Thread system service" into main 2023-08-24 06:42:08 +00:00
Xin Li
e07dbe0a63 Merge Android U (ab/10368041) 
Bug: 291102124
Merged-In: Id2cc5dbbafffb4633706e5cc728cb44abd417340
Change-Id: I77e68f17a1273958bcdc32b5a4b6a0ff3ffdfd2a
 2023-08-23 17:20:59 -07:00
Kangping Dong
45efca84e5 [Thread] add sepolicy rules for Thread system service 
Add SEPolicy for the ThreadNetworkService
Add Fuzzer exception, thread_network service is java only

FR: b/235016403

Test: build and start thread_network service
bug: 262683651
Change-Id: Ifa2e9500dd535b0b4f2ad9af006b8dddaea900db
 2023-08-23 17:08:58 +08:00
Inseob Kim
61d6beb39e Skip building compat files if REL 
Bug: 296780580
Test: build with next
Change-Id: I588d249f35fc7049d0db3b64692ed818050af0ed
 2023-08-23 08:41:44 +00:00
Inseob Kim
76d9f26019 Don't check seapp violations for U or prior 
Bug: 280547417
Test: build
Change-Id: Ie71d7b4884f4e6981bd1d78bb0586111dc4fc72a
 2023-08-23 12:54:10 +09:00
Inseob Kim
d7b381caca Revert "Add BUILD_BROKEN_VENDOR_SEAPP_USES_COREDOMAIN" 
Revert submission 2715179-BUILD_BROKEN_VENDOR_SEAPP_USES_COREDOMAIN

Reason for revert: not needed

Reverted changes: /q/submissionid:2715179-BUILD_BROKEN_VENDOR_SEAPP_USES_COREDOMAIN

Change-Id: I4595a648691e11b0f3860b0d1414fbc9b9c94791
 2023-08-23 02:07:47 +00:00
Inseob Kim
d8de8757ae Add BUILD_BROKEN_VENDOR_SEAPP_USES_COREDOMAIN 
Starting from Android V, vendor seapp_contexts files can't assign
coredomain to vendor apps, as it's Treble violation. This build broken
variable is to suppress the enforcement for devices launching with U or
prior.

Bug: 280547417
Test: set BUILD_BROKEN_VENDOR_SEAPP_USES_COREDOMAIN := true and build
Change-Id: I7b91db8183a867aa490e490e56cb872ea830b21f
 2023-08-21 15:15:34 +09:00
Jeff Pu
fb5d221b27 Add biometric face virtual hal service 
Bug: 228638448
Test: Manually following face virtual hal provisioning procedure
Change-Id: I1f61b687be4abe53c62c21769fb57dc9cf9daf45
 2023-08-16 17:00:08 -04:00
igorzas
7489e93613 Add RemoteAuthService 
Add SEPolicy for the RemoteAuth Manager/Service
Add Fuzzer exception, remote_auth service is going to be in Java and
Rust only

Design doc: go/remote-auth-manager-fishfood-design

Test: loaded on device.
Bug: 290092977
Change-Id: I4decb29b863170aed5e7c85da9c4b50c0675d3bd
 2023-08-04 17:55:14 +00:00
Jakob Schneider
09916a69c9 Merge "Add SEPolicy for the ArchiveManager/Service." into main 2023-08-04 16:10:01 +00:00
Jakob Schneider
5c5a6af643 Add SEPolicy for the ArchiveManager/Service. 
Test: boots - CTS coming in a future change
Change-Id: Ia42bc21e1523c7b225b7c84c3a3f18dd3ed1a54f
 2023-08-04 14:13:03 +01:00
Kangping Dong
9d965761ca Merge "add sepolicy rules for OT daemon binder service" into main 2023-08-03 14:13:21 +00:00
Kangping Dong
0b3e8c62ee add sepolicy rules for OT daemon binder service 
Bug: 262681784
Change-Id: I3b4d3603709a761ad1410b81c0e5b4e4fc51c43c
 2023-08-03 13:31:53 +08:00
Inseob Kim
825056de9a Add permission for VFIO device binding 
vfio_handler will bind platform devices to VFIO driver, and then
return a file descriptor containing DTBO. This change adds
permissions needed for that.

Bug: 278008182
Test: adb shell /apex/com.android.virt/bin/vm run-microdroid \
      --devices /sys/bus/platform/devices/16d00000.eh --protected
Change-Id: Ie947adff00d138426d4703cbb8e7a8cd429c2272
 2023-08-02 15:06:51 +09:00
Inseob Kim
d7d3609af7 Ensure vendor seapp contexts can't use coredomain 
Bug: 280547417
Test: build
Change-Id: Iadff17523767f91f073c6569400e17f1da55fbdc
 2023-07-28 16:18:11 +09:00
Vadim Caen
d64cf75c48 Policy for virtual_camera 
Adds a policy to run the virtual_camera process which:
 - registers a service implementing the camera HAL
 - registers a service to reveive communicate with virtual cameras via
   system_server

Bug: 253991421
Test: CTS test
android.virtualdevice.cts.VirtualDeviceManagerBasicTest#createDevice_createCamera

Change-Id: I772d176919b8dcd3b73946935ed439207c948f2b
 2023-07-25 19:27:48 +00:00
Akshata Kadam
fbbfed4751 Added entries for audioflinger and audiopolicy aidl fuzzer 
Test: m
Bug: 202897137
Bug: 244152048

Change-Id: I8b9d3a3d9184d8d602fd8df339338007793d2bfa
 2023-07-04 13:25:39 +05:30
Zhanglong Xia
b2d1fbb7b2 Add sepolicy rules for Thread Network HAL 
Bug: b/283905423
Test: Build and run the Thread Network stack in Cuttlefish.
Change-Id: I783022c66b80274069f8f3c292d84918f41f8221
 2023-06-30 10:56:38 +08:00
Dave Mankoff
665cad0d2c SE Linux perimissions for Feature Flags Service 
Bug: 279054964
Test: build && flash
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:a1f8ca3cd3c4861a06c5042148aab6623a563651)
Merged-In: I5fffaccba61e218496ac82ccf9ba308cf9892868
Change-Id: I5fffaccba61e218496ac82ccf9ba308cf9892868
 2023-06-26 13:42:45 +00:00
Treehugger Robot
289fe96dc8 Merge "Add MediaPlayerService fuzzer to bindings" 2023-06-23 17:35:27 +00:00
Treehugger Robot
8743379791 Merge "Remove flatten_apex: property" am: 7f7e8d79a9 am: d947550b6f am: a7627cf627 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2628996

Change-Id: I928001ab7426a6a247315293d0b6a86e176f8bf1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-21 06:29:40 +00:00
Pawan Wagh
9f118c8d62 Add MediaPlayerService fuzzer to bindings 
Test: m
Bug: 232439428
Change-Id: I669c427279ce43fa614c68a02a468c3e64002537
 2023-06-20 22:50:45 +00:00
Jooyung Han
804e234ced Remove flatten_apex: property 
We no longer have targets using flattened apexes. Flattened apexes will
be removed from the build system.

Bug: 278826656
Test: m
Change-Id: I657e01dbfd2525b07c29a234277062d5ac2fab9f
 2023-06-20 15:41:05 +09:00
Pawan Wagh
9e7493abb8 Merge "Add update service fuzzer to bindings" am: b4f463824c am: 02c84cec70 am: cf602ed963 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2619905

Change-Id: I179defcdef57cb4abe5e02c71e3c1e134bcc0f5f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-14 20:04:05 +00:00
Pawan Wagh
b4f463824c Merge "Add update service fuzzer to bindings" 2023-06-14 17:33:23 +00:00
Pawan Wagh
01a43aec9b Merge "Add credstore service fuzzer to bindings" am: 767dc6be06 am: e0f268a982 am: 252e98a0dc 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2619904

Change-Id: I6d6397e345bdb94149fd21a343eaa0a58abed686
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-13 18:03:17 +00:00
Pawan Wagh
767dc6be06 Merge "Add credstore service fuzzer to bindings" 2023-06-13 15:30:53 +00:00
Pawan Wagh
21f6f52922 Add update service fuzzer to bindings 
Test: m
Bug: 232439428
Change-Id: I9532d1d473d3b053f464df48169dc9b23951a095
 2023-06-09 00:01:54 +00:00
Pawan Wagh
38cfa74af2 Add credstore service fuzzer to bindings 
Test: m
Bug: 232439428
Change-Id: Ie47e0e7a479f130935ada52a28d4e26e3bf07041
 2023-06-08 21:28:46 +00:00
Treehugger Robot
0aff4d4a79 Merge "Add wificond service fuzzer to bindings" am: 34814e6d48 am: 5ed2584008 am: 1e8251cd60 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2611796

Change-Id: Ieca50440bfed78bd54f5550454cf55d4eb0df510
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-08 20:35:22 +00:00
Treehugger Robot
34814e6d48 Merge "Add wificond service fuzzer to bindings" 2023-06-08 18:30:49 +00:00
Steven Moreland
2d3ec65eab Merge "sepolicy: take sepolicy split in .mk" am: 394de71b25 am: 4f8749fb39 am: 41dee692bc 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2608418

Change-Id: I0b3d3aaffefb25d74bbb5085a5c1766afb0f8570
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-06 00:28:19 +00:00
Steven Moreland
394de71b25 Merge "sepolicy: take sepolicy split in .mk" 2023-06-05 23:08:24 +00:00
Pawan Wagh
526efb51a5 Add wificond service fuzzer to bindings 
Test: m
Bug: 232439428
Change-Id: I471296a8b33862199ce9c27fca7ceae2db8105ea
 2023-06-03 01:29:14 +00:00
Steven Moreland
721f5af6a3 sepolicy: take sepolicy split in .mk 
This value is always set to true in the core build
system. Removing reads of it so we can mark it as
obsolete.

Bug: 257176017
Test: build
Change-Id: Ie7a72496bd4712583944ed833cd4364c5e3c520b
 2023-06-02 16:14:17 +00:00
Pawan Wagh
e0260436a3 Add media extractor service fuzzer to bindings am: 7f90d50ae0 am: 0e74d4e69e am: bb06602cc1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2600804

Change-Id: I073576df149593ff8a71b7b208a1c7d67229da31
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-31 11:16:53 +00:00
Pawan Wagh
7f90d50ae0 Add media extractor service fuzzer to bindings 
Test: m
Bug: 232439428
Change-Id: I660c54df153993056668b6774d177072d8eadc3b
 2023-05-31 01:19:21 +00:00
Pawan Wagh
a4a07e3fb4 Merge "Add media metrics aidl fuzzer to bindings" am: 144cad1b19 am: cf26f9e29b am: 31fe43e0da 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2601825

Change-Id: I070aa4b459e0953e3f502fb0b1daab4e8329aefe
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-25 00:53:20 +00:00
Pawan Wagh
144cad1b19 Merge "Add media metrics aidl fuzzer to bindings" 2023-05-24 23:01:42 +00:00
Pawan Wagh
d25d64796d Add media metrics aidl fuzzer to bindings 
Test: m
Bug: 232439428
Change-Id: I6c645bf89fdded1dffdba8d40889eeb20b0734e1
 2023-05-23 22:55:15 +00:00
Treehugger Robot
a251f9a6bb Merge "Parallelize singleton execution." am: bcb0e13831 am: ff97fdff7e am: 6ec2ab500f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2593085

Change-Id: I629bb1e0770857d15d8a8febee705a5131ef08cc
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-22 19:00:24 +00:00
Treehugger Robot
7337112178 Merge "Add installd service fuzzer to bindings" am: ae5be3dd8e am: a310d36da8 am: 6dc5922c2a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2595030

Change-Id: I939b50cc2db4f7ee42a3fe8c7a8c1c6abcbfe1a0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-19 19:27:33 +00:00
LaMont Jones
3ee898434c Parallelize singleton execution. 
Bug: 281536768
Test: manual, presubmits
Change-Id: I35fe5f4ce5732942399edf0d68e561039d7c253d
 2023-05-19 18:19:28 +00:00
Treehugger Robot
ae5be3dd8e Merge "Add installd service fuzzer to bindings" 2023-05-19 17:21:07 +00:00
Pawan Wagh
623c34140a Add Camera service fuzzers to bindings am: c22df151ea am: f1063bac96 am: 40e8686279 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2597151

Change-Id: I397a9101ade5e1368962389d60394fbd1b1eacd9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-19 01:44:00 +00:00
Pawan Wagh
c22df151ea Add Camera service fuzzers to bindings 
Test: m
Bug: 232439428
Change-Id: I7b2f535d4731503ea23de5b143e49bd41b6a5c71
 2023-05-18 18:39:32 +00:00
Pawan Wagh
c17d4cdbe5 Merge "Add Suspend service fuzzers to bindings" am: c3fd0b60d8 am: cb01a56d01 am: 19cc928a78 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2587575

Change-Id: Ic2bfff2aea2c9dfcc0bec93346d6a0c4af2f9c1d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-17 23:16:41 +00:00
Pawan Wagh
c3fd0b60d8 Merge "Add Suspend service fuzzers to bindings" 2023-05-17 21:17:48 +00:00
Pawan Wagh
c5eac2875b Add installd service fuzzer to bindings 
Test: m
Bug: 232439428
Change-Id: I62f23f0e4a6e760be3bbab6c2af428f47285f588
 2023-05-17 20:35:44 +00:00
Pawan Wagh
02929fc8f9 Merge "Add incidentd_service_fuzzer to bindings" am: 8169c8fdd5 am: 2070ddc86e am: e602d8d9b2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2589492

Change-Id: I803e0c0fa9c5f5c01774f2d4e0753c75793f7952
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-16 23:38:20 +00:00
Pawan Wagh
8169c8fdd5 Merge "Add incidentd_service_fuzzer to bindings" 2023-05-16 21:43:42 +00:00
Pawan Wagh
6d8487370b Add incidentd_service_fuzzer to bindings 
Test: m
Bug: 232439428
Change-Id: I9d91a50af04a18d61c05f88a05e22bbb0920058a
 2023-05-16 00:53:11 +00:00
Pawan Wagh
f28f614343 Merge "Add gpu_service_fuzzer to bindings" am: c9d2b575fc am: a10aea7bc8 am: a7270f7524 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2587312

Change-Id: I5f1b7ae705875be36f9210c666f0da332d7e981f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-15 22:33:27 +00:00
Pawan Wagh
a9d3164472 Add Suspend service fuzzers to bindings 
Test: m
Bug: 232439428
Change-Id: I43b2926c4db076a89f17d8856f4fdec9c4594c05
 2023-05-12 23:41:17 +00:00
Pawan Wagh
68efd7ab8c Add gpu_service_fuzzer to bindings 
Test: m
Bug: 232439428
Change-Id: If6da70d7eeeb686eebf69afcca2fa1213a1d8bf6
 2023-05-12 21:50:14 +00:00
Inseob Kim
4e554b8023 Use target specific intermediate paths am: 6c6f53b1a8 am: 01cf7fedc3 am: da9ba4e30c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2563992

Change-Id: I9ad490bf13aafb24c00185dbd995e6e57c0679bc
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-27 18:12:53 +00:00
Thiébaud Weksteen
f5d8bbb320 Merge "Remove comments in service_contexts" am: 97a5408aca am: 7d9b05e014 am: ebe909c195 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2564530

Change-Id: Iee037919d9ca5ee962aef517ff628a5e9e6e4452
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-27 18:01:13 +00:00
Pawan Wagh
cde5152f6e Merge "Add gatekeeperd_service_fuzzer to bindings" am: 94b3f498cd am: 541170435e am: ecc8b0e33b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2553744

Change-Id: I0debe5e07a4e5ae5ccc7b4dec480692c8d8a24f0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-27 08:03:36 +00:00
Inseob Kim
6c6f53b1a8 Use target specific intermediate paths 
This won't be harmful and this can help reduce rebuilding sepolicy
artifacts upon lunch target change.

Bug: 279524023
Test: m selinux_policy
Change-Id: I859de6dc0ac1958b44d847159904960bd7f9a0c2
 2023-04-27 11:11:48 +09:00
Thiébaud Weksteen
97a5408aca Merge "Remove comments in service_contexts" 2023-04-26 23:42:00 +00:00
Steven Moreland
dc10d40add Merge "aidl_lazy_test: additional service context" am: d8b05e70bf am: b5a4c528f7 am: 7537e74b96 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2564270

Change-Id: I049e98038884725e7c31150f12ebe4520be1080e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-26 21:46:23 +00:00
Pawan Wagh
94b3f498cd Merge "Add gatekeeperd_service_fuzzer to bindings" 2023-04-26 19:37:15 +00:00
Steven Moreland
d8b05e70bf Merge "aidl_lazy_test: additional service context" 2023-04-26 18:45:50 +00:00
Thiébaud Weksteen
74482f5328 Remove comments in service_contexts 
Commit b554e59 converted the build rules of contexts to Soong.
Previously, both services_contexts and hwservice_contexts were stripped
of comments. This is useful as a CTS test (testAospServiceContexts)
ensures that the device service_contexts matches AOSP. Restore the
previous behaviour.

Bug: 279384270
Test: m selinux_policy; diff plat_service_contexts; no more comments
Change-Id: Id0245efacf4e4b123f805869d95bacf804ccb915
 2023-04-26 13:46:59 +10:00
Steven Moreland
295e68f238 aidl_lazy_test: additional service context 
A lazy service shouldn't quit when it has clients, but
sometimes it needs to, such as when the device is
shutting down, so we test that it works.

In Android U, I broke this behavior, and it was caught
by other tests. However, now we have test support
for this directly in aidl_lazy_test.

No fuzzer, because this is a test service only, so it's
low-value.

Bug: 279301793
Bug: 278337172
Bug: 277886514
Bug: 276536663
Bug: 278117892
Test: aidl_lazy_test
Change-Id: I36b2602bb87b56ba1eb72420c7fdd60ff1fa14e2
 2023-04-26 00:41:05 +00:00
Pawan Wagh
7550c6b385 Merge "Adding storaged fuzzers" am: ef3bc95afc am: 562a20b95f am: 2517fd240d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2559890

Change-Id: I2d1709fa73ad0755477059901099793beb0e2e43
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-26 00:37:44 +00:00
Pawan Wagh
2d184d2885 Adding storaged fuzzers 
Test: m
Bug: 232439428
Change-Id: I0be9260ecdbdf8e48905869cc4da2efade651ba8
 2023-04-24 23:18:34 +00:00
Pawan Wagh
ac031bff46 Add gatekeeperd_service_fuzzer to bindings 
Test: m
Bug: 232439428
Change-Id: Icc93e0fa7df8c74b2330b97055b3f159b8e1a9a9
 2023-04-21 23:11:04 +00:00
Yu Shan
36370a80be Merge "Define sepolicy for ivn HAL." am: 9861e84085 am: 506e69012d am: 78ca38f285 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2530161

Change-Id: I5802fb2e124cfab86869d0c123f5b6d670e5c8d0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-12 02:44:59 +00:00
Yu Shan
9eb72464b5 Define sepolicy for ivn HAL. 
Test: manually verify ivn HAL on gcar_emu.
Bug: 274139217
Change-Id: Ie12dccb723078d83b561c152cc4458e52c0f8090
 2023-04-10 17:42:51 -07:00
Treehugger Robot
1b51c1f8e1 Merge "Add sepolicy rules for CpuMonitorService." am: 1ab1f7cd01 am: dac8bace6d am: c202f26753 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2497975

Change-Id: I5dbbd3d496afc934e1f3c4fb3253f857b3df1aac
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-28 22:13:51 +00:00
Lakshman Annadorai
124be07e24 Add sepolicy rules for CpuMonitorService. 
Change-Id: Icda952c148150e4d7824e303d163996679a0f36b
Test: m
Bug: 242722241
 2023-03-27 16:29:09 +00:00
Tri Vo
26c4ed9d40 Merge "Remove RemoteProvisioner and remoteprovisioning services" am: 0099ba37f3 am: 45734ff4a7 am: ddc3df3035 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2488295

Change-Id: I46b1309c166d253a0c132c4c70fea547f2fe2619
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-17 19:05:42 +00:00
Tri Vo
4bb2d30701 Remove RemoteProvisioner and remoteprovisioning services 
Bug: 273325840
Test: keystore2_test
Change-Id: I295ccdda5a3d87b568098fdf97b0ca5923e378bf
 2023-03-14 15:45:35 -07:00
Pawan Wagh
d5e720b7f0 Merge "Adding netd and authorization fuzzers to bindings" am: 6ad15b7c74 am: 194ea6e259 am: 48d7cb584e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2478135

Change-Id: Ib680e81344d6e89c73c4986f87056aac3e2863ec
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-10 22:31:01 +00:00