tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
24458 commits 1 branch 0 tags 50 MiB
Commit graph

24458 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jaegeuk Kim
9a8ba7f64b sepolicy: introduce boottime props in public 
Bug: 146053177
Bug: 146053658
Bug: 149844577
Change-Id: Iddfefedc4538044c6abcc2eea29b86e3f038aee0
Merged-In: Iddfefedc4538044c6abcc2eea29b86e3f038aee0
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
(cherry picked from commit 19df15400e)
 2020-03-06 16:48:29 +00:00
Automerger Merge Worker
758e55b8b6 Add property contexts for dex2oat cpu-set properties am: 23098ec3bb am: 7ab65fadb7 
Change-Id: I1c8bfc7584f3f9d93126fec6d8ab5cde8ef2f67d
 2020-03-06 16:32:39 +00:00
Automerger Merge Worker
7ab65fadb7 Add property contexts for dex2oat cpu-set properties am: 23098ec3bb 
Change-Id: Ifebf2c5b2780da8175f73135d8c534ce669473b4
 2020-03-06 16:19:26 +00:00
Automerger Merge Worker
f42d4aad33 [automerger skipped] Merge "Add rules to dump fingerprint hal traces" into rvc-dev am: 6ffa674965 -s ours 
am skip reason: Change-Id I0440bb8fd3cc1205a43eca6c7ef5f8d0afc92396 with SHA-1 258442b3d4 is in history

Change-Id: Ibddf08c25a862c576880f04a6ceaba0eac50c7f7
 2020-03-06 10:20:31 +00:00
Automerger Merge Worker
7796883222 [automerger skipped] Merge "Allow gsid to callback system server for oneway method" into rvc-dev am: 8834ca0f22 -s ours 
am skip reason: Change-Id I41c7b1278cfc103c90282b6a6781eab66fc9dcdb with SHA-1 389bc7baec is in history

Change-Id: Ie0a944182165bcb8cc393d2fdc56b1bbed15fda3
 2020-03-06 10:18:30 +00:00
Automerger Merge Worker
0ee1a35514 [automerger skipped] Merge "Allow update_engine to search metadata_file:dir." into rvc-dev am: 3ff32bccfc -s ours 
am skip reason: Change-Id I7804af1354d95683f4d05fc5593d78602aefe5a7 with SHA-1 b34ede070d is in history

Change-Id: I6233c7ef357f8f53428b0757742798926e642458
 2020-03-06 09:56:03 +00:00
Automerger Merge Worker
4ea18a625a Merge "property_contexts: Drop COMPATIBLE_PROP guard" am: d9514b860e am: 59c4286c1c 
Change-Id: I177e00c410fb13cd4ea3e4bffd1758d3fab1af12
 2020-03-06 03:31:28 +00:00
KRIS CHEN
6ffa674965 Merge "Add rules to dump fingerprint hal traces" into rvc-dev 2020-03-06 03:16:53 +00:00
Automerger Merge Worker
59c4286c1c Merge "property_contexts: Drop COMPATIBLE_PROP guard" am: d9514b860e 
Change-Id: I266b54a2b87832372321bdb2fd3cb1a9f01a8afa
 2020-03-06 03:08:50 +00:00
Treehugger Robot
d9514b860e Merge "property_contexts: Drop COMPATIBLE_PROP guard" 2020-03-06 02:47:35 +00:00
PO HUNG CHEN
8834ca0f22 Merge "Allow gsid to callback system server for oneway method" into rvc-dev 2020-03-06 02:25:21 +00:00
Automerger Merge Worker
994d8e21d4 [automerger skipped] Merge stage-aosp-master to aosp-master - DO NOT MERGE am: 6b7f6599fa am: fd7454d331 -s ours 
am skip reason: subject contains skip directive

Change-Id: I4ebf83557098da7a20f0d3f6248bc10208c1dc4e
 2020-03-06 00:25:33 +00:00
Automerger Merge Worker
fd7454d331 Merge stage-aosp-master to aosp-master - DO NOT MERGE am: 6b7f6599fa 
Change-Id: Ic9b9d139745d2e707f76318b988e2a8bffca4c71
 2020-03-06 00:12:20 +00:00
Yifan Hong
3ff32bccfc Merge "Allow update_engine to search metadata_file:dir." into rvc-dev 2020-03-05 22:57:08 +00:00
Bill Yi
6b7f6599fa Merge stage-aosp-master to aosp-master - DO NOT MERGE 
Change-Id: I46fe648ce4bd015b1ffff8d5a001d33311d2363b
 2020-03-05 09:51:38 -08:00
Automerger Merge Worker
a7f9a4a77a Merge "Add rules to dump fingerprint hal traces" am: 4f027f0eff am: e7c95cb7a2 
Change-Id: I6c986b586309e4a0be143ca601d57c524d19f782
 2020-03-05 17:18:13 +00:00
Automerger Merge Worker
074f5dbe74 Merge "Allow update_engine to search metadata_file:dir." am: fe45425667 am: 100d38e316 
Change-Id: I5f7bfcd445db111ded3efdbdd3c0ac24672ffdfc
 2020-03-05 17:17:13 +00:00
Automerger Merge Worker
e7c95cb7a2 Merge "Add rules to dump fingerprint hal traces" am: 4f027f0eff 
Change-Id: I3eee908d3b625f963f4b48d4b4fff4cbeb3cba07
 2020-03-05 17:01:37 +00:00
Automerger Merge Worker
100d38e316 Merge "Allow update_engine to search metadata_file:dir." am: fe45425667 
Change-Id: I2a1bacd9c2234233c28bf81c1140b0abdf6de12a
 2020-03-05 17:00:50 +00:00
KRIS CHEN
4f027f0eff Merge "Add rules to dump fingerprint hal traces" 2020-03-05 16:46:52 +00:00
Yifan Hong
16cd491297 Allow update_engine to search metadata_file:dir. 
This is previously needed by snapshotctl to initiate the merge,
but now update_engine is responsible for initiating the merge.

Bug: 147696014
Test: no selinux denial on boot.
Change-Id: I7804af1354d95683f4d05fc5593d78602aefe5a7
Merged-In: I7804af1354d95683f4d05fc5593d78602aefe5a7
 2020-03-05 08:45:11 -08:00
Yifan Hong
fe45425667 Merge "Allow update_engine to search metadata_file:dir." 2020-03-05 16:41:16 +00:00
Orion Hodson
23098ec3bb Add property contexts for dex2oat cpu-set properties 
New properties are:

 dalvik.vm.dex2oat-cpu-set [default compiler thread affinity]
 dalvik.vm.boot-dex2oat-cpu-set [compiler thread affinity for boot]
 dalvik.vm.image-dex2oat-cpu-set [thread affinity recompiling the boot image]

Bug: 141446571
Bug: 149395059
Test: Run installd tests with new properties defined in target mk file.
Change-Id: Idcbb1332aa9c18f6082b827eae0334d063644a41
(cherry picked from commit 7b2ee48cd2)
 2020-03-05 08:48:53 +00:00
Automerger Merge Worker
c72fcd33c8 Merge "app: allow PROT_EXEC on ashmem objects" into rvc-dev am: 1cef3d2fa6 
Change-Id: Ic215074fd6ef9c4efcfd30ec6c8825daaecff6f9
 2020-03-05 06:24:02 +00:00
TreeHugger Robot
1cef3d2fa6 Merge "app: allow PROT_EXEC on ashmem objects" into rvc-dev 2020-03-05 06:09:36 +00:00
Automerger Merge Worker
998ac81cc0 [automerger skipped] Allow apps to use mmap on fuse fds. am: 975215578f am: f35884b84f -s ours 
am skip reason: Change-Id Ib7ca64e11b24f8835874698df15a9a0fdce67454 with SHA-1 65a20f1ccd is in history

Change-Id: Icb9002232de8337e91a6ddca0cfd8943bae088be
 2020-03-05 05:05:49 +00:00
Automerger Merge Worker
f35884b84f Allow apps to use mmap on fuse fds. am: 975215578f 
Change-Id: I5bc9dc24cb69563fd131991381dc8abc575fde8b
 2020-03-05 04:45:17 +00:00
Automerger Merge Worker
a22f4634de Merge "Allow apps to use mmap on fuse fds." into rvc-dev am: f8beb5d88c 
Change-Id: I307f1311b8b392d19cc9f8275a1a05ff73f752a6
 2020-03-05 01:33:04 +00:00
Sudheer Shanka
975215578f Allow apps to use mmap on fuse fds. 
This is needed for the following denial:
type=1400 audit(0.0:124): avc: denied { map } for
comm=54696D652D6C696D69746564207465 path="/mnt/appfuse/10182_2/2"
dev="fuse" ino=2 scontext=u:r:untrusted_app:s0:c182,c256,c512,c768
tcontext=u:object_r:app_fuse_file:s0 tclass=file permissive=0

Bug: 150801745
Test: atest CtsBlobStoreTestCases:com.android.cts.blob.BlobStoreManagerTest#testOpenBlob -- --abi x86
Merged-In: Ib7ca64e11b24f8835874698df15a9a0fdce67454
Change-Id: I4dc4ce91da3513a2d1f08ada401741f6d5a090c3
 2020-03-04 17:21:18 -08:00
Sudheer Shanka
f8beb5d88c Merge "Allow apps to use mmap on fuse fds." into rvc-dev 2020-03-05 01:18:08 +00:00
Automerger Merge Worker
2ecd66dced Merge "Update automotive display service rules" into rvc-dev am: 82862fc46d 
Change-Id: I67b53193c1179a7e34f5481772aad924c48fbfc2
 2020-03-05 01:00:08 +00:00
Changyeon Jo
82862fc46d Merge "Update automotive display service rules" into rvc-dev 2020-03-05 00:43:16 +00:00
Sudheer Shanka
65a20f1ccd Allow apps to use mmap on fuse fds. 
This is needed for the following denial:
type=1400 audit(0.0:124): avc: denied { map } for
comm=54696D652D6C696D69746564207465 path="/mnt/appfuse/10182_2/2"
dev="fuse" ino=2 scontext=u:r:untrusted_app:s0:c182,c256,c512,c768
tcontext=u:object_r:app_fuse_file:s0 tclass=file permissive=0

Bug: 150801745
Test: atest CtsBlobStoreTestCases:com.android.cts.blob.BlobStoreManagerTest#testOpenBlob -- --abi x86
Change-Id: Ib7ca64e11b24f8835874698df15a9a0fdce67454
 2020-03-04 14:03:51 -08:00
Automerger Merge Worker
281cfde072 Merge "Merge "allow priv_apps to read from incremental_control_file" am: bb4a0467f8 am: e45d2de45f am: 1e69a4a655 am: 98e8848e22 am: ef728f532b" into rvc-dev am: 09b1bff0aa 
Change-Id: Ie4b32057680ecc12a42c09cdd84ec4103b22e83e
 2020-03-04 20:24:08 +00:00
TreeHugger Robot
09b1bff0aa Merge "Merge "allow priv_apps to read from incremental_control_file" am: bb4a0467f8 am: e45d2de45f am: 1e69a4a655 am: 98e8848e22 am: ef728f532b" into rvc-dev 2020-03-04 20:06:56 +00:00
Automerger Merge Worker
b720dfc761 Merge "Adding sepolicy of tuner resource manager service" into rvc-dev am: fd948c2afd 
Change-Id: I5ebbb25c3849713e2afddd6f834a9a86c2020413
 2020-03-04 17:34:56 +00:00
TreeHugger Robot
fd948c2afd Merge "Adding sepolicy of tuner resource manager service" into rvc-dev 2020-03-04 17:21:59 +00:00
Howard Chen
4930db74ea Allow gsid to callback system server for oneway method 
Bug: 149790245
Bug: 149716497
Test: adb shell am start-activity \
    -n com.android.dynsystem/com.android.dynsystem.VerificationActivity \
    -a android.os.image.action.START_INSTALL \
    -d file:///storage/emulated/0/Download/system.raw.gz \
    --el KEY_SYSTEM_SIZE $(du -b system.raw|cut -f1) \
    --el KEY_USERDATA_SIZE 8589934592

Change-Id: I41c7b1278cfc103c90282b6a6781eab66fc9dcdb
Merged-In: I41c7b1278cfc103c90282b6a6781eab66fc9dcdb
(cherry picked from commit 389bc7baec)
 2020-03-04 18:23:08 +08:00
Automerger Merge Worker
7bc9f944cf Merge "Allow gsid to callback system server for oneway method" am: 4e47834266 am: 3c777ae94c 
Change-Id: Iec9e53b667f13740030e43e4f7da50e53fb27957
 2020-03-04 09:46:07 +00:00
Automerger Merge Worker
3c777ae94c Merge "Allow gsid to callback system server for oneway method" am: 4e47834266 
Change-Id: Ia8f911d46f4b7bf8e98cb4fcfdbf6a41fa0bb131
 2020-03-04 09:34:59 +00:00
Howard Chen
4e47834266 Merge "Allow gsid to callback system server for oneway method" 2020-03-04 09:16:47 +00:00
Kris Chen
8a04a13978 Add rules to dump fingerprint hal traces 
Bug: 150008549
Test: adb shell am hang
Test: adb bugreport
Change-Id: I0440bb8fd3cc1205a43eca6c7ef5f8d0afc92396
Merged-In: I0440bb8fd3cc1205a43eca6c7ef5f8d0afc92396
 2020-03-03 17:39:02 +08:00
Kris Chen
258442b3d4 Add rules to dump fingerprint hal traces 
Bug: 150008549
Test: adb shell am hang
Test: adb bugreport
Change-Id: I0440bb8fd3cc1205a43eca6c7ef5f8d0afc92396
 2020-03-03 16:58:58 +08:00
Yifan Hong
b34ede070d Allow update_engine to search metadata_file:dir. 
This is previously needed by snapshotctl to initiate the merge,
but now update_engine is responsible for initiating the merge.

Bug: 147696014
Test: no selinux denial on boot.
Change-Id: I7804af1354d95683f4d05fc5593d78602aefe5a7
 2020-03-02 18:20:37 -08:00
Automerger Merge Worker
05e25caf10 Merge "vold: allow to set boottime prop" am: 94dc474264 am: 8c0a066211 
Change-Id: I07b3652fa18d0027c0839fb91a1b60811528919a
 2020-03-03 01:05:33 +00:00
Automerger Merge Worker
8c0a066211 Merge "vold: allow to set boottime prop" am: 94dc474264 
Change-Id: Ifaeadbf36f4486af3d566f9be774fecc4d8b9d32
 2020-03-03 00:47:32 +00:00
Automerger Merge Worker
3ca6ce6f9e vold: allow to set boottime prop am: 2834fb274b 
Change-Id: I4981dbeee4bc27fbcd17b969dc5d7aa1dd2e4646
 2020-03-03 00:43:00 +00:00
Jaegeuk Kim
2834fb274b vold: allow to set boottime prop 
Bug: 149595111
Bug: 149844577
Bug: 138909685
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change-Id: I46b8828569dd008944685a1f0c45cbddc4870002
Merged-In: I46b8828569dd008944685a1f0c45cbddc4870002
 2020-03-03 00:34:46 +00:00
Jaegeuk Kim
94dc474264 Merge "vold: allow to set boottime prop" 2020-03-03 00:33:50 +00:00
Felix
342b58a2ee property_contexts: Drop COMPATIBLE_PROP guard 
public/property_contexts needs to be included regardless of
API level so that the property *labels* are always included.
Else, devices without PRODUCT_COMPATIBLE_PROPERTY (shipping
API level <27) will run into denials because the props are
labeled `default_prop`.

As a side benefit, this reduces deviation in test matrices.

The guard was originally introduced in:
e49714542e "Whitelist exported platform properties"

Test: Build for device without PRODUCT_COMPATIBLE_PROPERTY,
no more denials for accessing `default_prop` from e.g. HALs.

Change-Id: I5bbe5d078040bb26dd48d353953661c9375d2009
Signed-off-by: Felix <google@ix5.org>
 2020-03-02 16:28:38 +01:00