tequilaOS/platform_system_sepolicy

Author	SHA1	Message	Date
Alessandra Loro	6ecd2077bc	Merge "Drop back-compatibility for hiding ro.debuggable and ro.secure"	2022-09-08 09:51:22 +00:00
Sandro Montanari	3b94a3f3bc	Revert^2 "Move allow rules of sdk_sandbox to apex policy" Next attempt at rolling forward aosp/2200430. It appears the first-stage-init did not create the /dev/selinux folder on GSI instances, resulting in breakages when selinux.cpp tries to copy files to that folder. To verify these changes for b/244793900, follow gpaste/4922166775644160 Bug: 243923977 Test: atest SeamendcHostTest Change-Id: I2bc630cfaad697d44053adcfd639a06e3510cc72	2022-09-07 08:22:59 +00:00
Treehugger Robot	090f957d65	Merge "Fix io_uring permission denial for snapuserd"	2022-09-06 17:15:45 +00:00
Kelvin Zhang	aa3ac9fafd	Fix io_uring permission denial for snapuserd Starting with `91a9ab7c94` , calling io_uring_setup will need selinux permission to create anon inodes. Test: th Bug: 244785938 Change-Id: I351983fefabe0f6fdaf9272506ea9dd24bc083a9	2022-09-06 17:11:54 +00:00
Kelvin Zhang	d87c1eb663	Merge "Fix selinux denials for fastbootd"	2022-09-06 05:50:57 +00:00
Kelvin Zhang	853085bd65	Fix selinux denials for fastbootd Test: flash on O6, flash an image using git_master system + mainline kernel Bug: 244785938 Change-Id: I1b0e1ea0f1937abd2ad96a606b565812ee8096e1	2022-09-05 17:41:07 +00:00
Samiul Islam	b8650e82db	Merge "Revert "Move allow rules of sdk_sandbox to apex policy""	2022-09-05 11:45:44 +00:00
Sandro Montanari	8cce5b2ffb	Revert "Move allow rules of sdk_sandbox to apex policy" Revert "Add seamendc tests for sdk_sandbox in apex sepolicy" Revert submission 2201484-sdk_sandbox Note: this is not a clean revert, I kept the changes in aosp/2199179 and the changes to system/sepolicy/Android.mk. Those changes are already part of internal, I do not want to put those files out of sync again. Test: atest SeamendcHostTest Reason for revert: b/244793900 Reverted Changes: Ib14b14cbc:Add seamendc tests for sdk_sandbox in apex sepolic... I27ee933da:Move allow rules of sdk_sandbox to apex policy Change-Id: If225cdd090248e050d1f0b42f547a4b073bbafc6	2022-09-05 09:39:15 +00:00
Treehugger Robot	1896c039dd	Merge "crosvm: dontaudit netlink perms for acpi"	2022-09-02 22:00:45 +00:00
Treehugger Robot	6eecd0a00c	Merge "Allow installd delete staging folders."	2022-09-02 22:00:02 +00:00
Steven Moreland	fd59a2d46e	crosvm: dontaudit netlink perms for acpi Currently experiencing these neverallows, but they're intentional. Fixes: 228077254 Test: N/A Change-Id: I79f8caaf1695e91d695b8cecbc5f01df09e4e2d2	2022-09-02 20:41:56 +00:00
Alex Buynytskyy	37a0dcbbbc	Allow installd delete staging folders. Apparently readdir uses getattr and skips a folder if denied. Bug: 244638667 Test: adb root; adb shell mkdir -p /data/app-staging/session_917335144/lib; adb reboot; adb logcat \| grep session_917335144, check if the folder was removed Change-Id: I39de49c77d3bf3428d75f0cf4d4c603ea7e03ed5	2022-09-02 13:16:24 -07:00
Treehugger Robot	455ae8adca	Merge "Allow init to launch BootControlHAL in recovery"	2022-09-02 19:25:28 +00:00
Treehugger Robot	33a74d6881	Merge "Allow system_server to obtain verity root hash for install files."	2022-09-02 18:08:04 +00:00
Kelvin Zhang	19a5785522	Allow init to launch BootControlHAL in recovery Test: install OTA with data wipe, reboot Bug: 227536004 Change-Id: I3b76b054e67dcaee83ad330f9fcbcbd98bb6f1f7	2022-09-02 17:50:10 +00:00
Treehugger Robot	d7dfa043ab	Merge "Rename migrate_legacy_obb_data.sh"	2022-09-02 17:38:43 +00:00
Alex Buynytskyy	aad4ae8a74	Allow system_server to obtain verity root hash for install files. Bug: 160605420 Test: atest ChecksumsTest, check for selinux denials Change-Id: I33b60d86317c37ef58a1be691d6a90dfef637db1	2022-09-02 09:30:21 -07:00
Treehugger Robot	3047b2ca12	Merge "Set apex. property as "system_restricted""	2022-09-02 12:46:03 +00:00
Sandro Montanari	536babd22b	Merge "Move allow rules of sdk_sandbox to apex policy"	2022-09-02 09:29:06 +00:00
Jooyung Han	cae2368d2d	Set apex. property as "system_restricted" Since the property is supposed to be used by vendor-side .rc file as read-only (especially by vendor apex), it should be "system_restricted". Also allow vendor_init to read the property. Bug: 232172382 Test: boot cuttlefish (with vendor apex using the property) Change-Id: I502388e550e0a3c961a51af2e2cf11335a45b992	2022-09-02 18:11:33 +09:00
Jooyung Han	ba80cd59a7	Merge changes from topics "apex-ready-prop", "apex-update-prop" * changes: Modifed sepolicy for new apex ready prop Remove init.apex.<apex-name>.load/unload property	2022-09-02 06:46:54 +00:00
Cole Faust	a60a34cd79	Rename migrate_legacy_obb_data.sh See other cl in this topic for more information. Bug: 198619163 Test: adb root; adb shell /system/bin/migrate_legacy_obb_data; adb logcat \| grep obb shows "migrate_legacy_obb_data: No legacy obb data to migrate." Change-Id: Ic2fb4183f80b36463f279b818e90c203e9a51422	2022-09-01 18:11:56 -07:00
Deyao Ren	7848d3a437	Modifed sepolicy for new apex ready prop Bug: 232172382 Test: atest ApexTestCases Change-Id: I2947b2c9b1d983bdbc410e67509508f73efff1f4	2022-09-01 22:20:10 +00:00
Deyao Ren	3fab00fab2	Remove init.apex.<apex-name>.load/unload property Bug: 240533726 Test: atest CtsInitTestCases ApexTestCases Change-Id: Ibe4d1c199157397a747bb87918848917a24f0535	2022-09-01 16:24:55 +00:00
Sandro	084b41748d	Move allow rules of sdk_sandbox to apex policy Third attempt to roll-forward the apex_sepolicy changes from aosp/2179294 and aosp/2170746. I was finally able to figure out the likely root cause of the test breakages in internal b/243971667. The related CL aosp/2199179 is making the apex_sepolicy files mandatory for all AOSP builds. Without the apex_sepolicy files, mixed GSI builds in internal using AOSP as base would not implement the sdk_sandbox rules, causing breakages for the SdkSandbox components. Bug: 243923977 Test: atest SeamendcHostTest Change-Id: I27ee933da6648cca8ff1f37bde388f72b4fe6ad6	2022-09-01 09:11:38 +00:00
Treehugger Robot	7bd59df9b7	Merge "Make sure only VS can access its data files"	2022-09-01 08:40:00 +00:00
Alan Stokes	991087cb24	Make sure only VS can access its data files Bug: 237054515 Test: Builds Change-Id: Id207bfc3639254e63b00e2a9ac9780ab83a013ff	2022-08-31 17:39:59 +01:00
Alice Wang	c60552839b	Merge "Allow getopt to eliminate warnings in MicrodroidBenchmarks tests"	2022-08-31 15:18:44 +00:00
Alice Wang	40718f45d6	Allow getopt to eliminate warnings in MicrodroidBenchmarks tests This CL allows getopt in sepolicy to eliminate getopt denied warnings in MicrodroidBenchmarks tests, e.g. $ atest MicrodroidBenchmarks W FinalizerDaemon: type=1400 audit(0.0:625): avc: denied { getopt } for scontext=u:r:untrusted_app:s0:c163,c256,c512, c768 tcontext=u:r:virtualizationservice:s0 tclass=vsock_socket permissive=0 app=com.android.microdroid.benchmark Bug: 236123069 Test: atest MicrodroidBenchmarks Change-Id: I2ed94ae6beab60176d9fac85a0b818089d563427	2022-08-31 13:21:46 +00:00
Suren Baghdasaryan	f08bc50f9d	sepolicy: Move proc_watermark_scale_factor mapping from ignore list New label proc_watermark_scale_factor was mistakenly added into ignore list. Fix this by moving the mapping into correct .cil files. Fixes: `6988677f22` ("Allow init to execute extra_free_kbytes.sh script") Bug: 241761479 Signed-off-by: Suren Baghdasaryan <surenb@google.com> Change-Id: If12cad2ed20504d374d77a68eaba1600d2768338	2022-08-29 18:17:37 +00:00
Sandro Montanari	618cc55a15	Merge "Revert "Move allow rules of sdk_sandbox to apex policy""	2022-08-29 12:34:28 +00:00
Sandro Montanari	38f009ba13	Revert "Move allow rules of sdk_sandbox to apex policy" Revert "Add seamendc tests for sdk_sandbox in apex sepolicy" Revert submission 2182195-seamendc Reason for revert: 243971667 Reverted Changes: I59fda23d9:Add seamendc tests for sdk_sandbox in apex sepolic... I4c4800418:Move allow rules of sdk_sandbox to apex policy Change-Id: Icc3fff21aae23f24f37dbae6276699c56842f9a1	2022-08-29 09:03:18 +00:00
Yixiao Luo	aa98f8a58c	Merge "TV Input HAL 2.0 sepolicy"	2022-08-26 23:19:24 +00:00
Sandro Montanari	d87f90f205	Merge "Move allow rules of sdk_sandbox to apex policy"	2022-08-26 09:07:27 +00:00
Thiébaud Weksteen	c0fef5c1ae	Merge "Remove wpantund and lowpan_service"	2022-08-25 23:57:20 +00:00
Yixiao Luo	e83ae791aa	TV Input HAL 2.0 sepolicy Bug: 227673740 Test: atest VtsHalTvInputTargetTest Change-Id: I53f6537a8f911661e368824a5a5dc5db57413980	2022-08-25 14:31:49 -07:00
Sandro	3bb7bb2e70	Move allow rules of sdk_sandbox to apex policy This is a roll-forward of a small chunk of aosp/2170746. The previous CL was causing test breakages (b/240731742, b/240462388, b/240463116). This CL is smaller than the previous one, it only moves allow rules from the platform policy to the apex policy (I believe the error was caused by typeattribute rules). I also ran the closest approximation I could find to the breaking environment, and it appears the tests are passing https://android-build.googleplex.com/builds/abtd/run/L44100000955891118 https://android-build.googleplex.com/builds/abtd/run/L68000000955937148 Bug: 236691128 Test: atest SeamendcHostTest Change-Id: I4c480041838c8c14011f099ba8295097fe9212db	2022-08-25 15:48:25 +00:00
Paul Crowley	283aef2860	Add ro.keystore.boot_level_key.strategy Bug: 241241178 Test: set property on Cuttlefish, check logs for strategy used. Change-Id: Ifaaec811316c43fdae232f9a08c5d862011ccc71	2022-08-24 21:38:36 -07:00
Hongguang	9515559657	Add properties to configure whether the lazy tuner is enabled. ro.tuner.lazyhal: system_vendor_config_prop to decide whether the lazy tuner HAL is enabled. tuner.server.enable: system_internal_prop to decide whether tuner server should be enabled. Bug: 236002754 Test: Check tuner HAL and framework behavior Change-Id: I6a2ebced0e0261f669e7bda466f46556dedca016	2022-08-23 07:01:05 +00:00
Shunkai Yao	3a6c68f2ba	AIDL effect: Add default Effect factory implementation to platform sepolicy Add example implementation services: IFactory under android.hardware.audio.effect. An audio HAL AIDL example service will register with the default implementations. Bug: 238913361 Test: m, and flash with Pixel 6a. Change-Id: Ib331899fd47b6b334b120e20617174d01e71ddb8	2022-08-22 19:27:26 +00:00
Thiébaud Weksteen	8439a1ff29	Remove wpantund and lowpan_service Bug: 235018188 Test: TH Change-Id: I0e2f03ad6d17f5d9223b2c500b6c3183835ec807	2022-08-22 14:09:01 +10:00
Kelvin Zhang	0a8d5697a6	Merge "Add sepolicy for fastboot io uring feature flag"	2022-08-19 16:37:07 +00:00
Ryan Savitski	3f3e222527	perfetto profiling: fix access to ART apex files The profilers cannot open files under /data/misc/apexdata/com.android.art/dalvik-cache because they're not allowed to search /data/misc/apexdata with the apex_module_data_file label. Example denial: avc: denied { search } for name="apexdata" dev="dm-37" ino=89 scontext=u:r:traced_perf:s0 tcontext=u:object_r:apex_module_data_file:s0 tclass=dir permissive=0 Tested: patched & flashed onto a TM device, then profiled system_server Bug: 241544593 Change-Id: Ifd8b94a9ebcae09701e95f6cd6a14383209963db	2022-08-19 00:30:40 +01:00
Alessandra Loro	8a7dcb5e1e	Drop back-compatibility for hiding ro.debuggable and ro.secure Bug: 193912100 Test: back-compatibility change for android.security.SELinuxTargetSdkTest Change-Id: I47f2ddc4fa87bf6c8f872d2679348b2eecddcaad	2022-08-18 13:43:17 +00:00
Alessandra Loro	50fa5cd9a0	Merge "Disallow untrusted apps to read ro.debuggable and ro.secure"	2022-08-17 12:34:24 +00:00
Richard Chang	6d5bb236da	Merge "sepolicy: allow vendor system native boot experiments property"	2022-08-17 06:29:30 +00:00
Juan Yescas	bec405a7c2	Add ro.boot.ddr_size sysprop to sepolicy srcs/android/sysprop/MemoryProperties.sysprop This property is populated by property service from the kernel command line parameter androidboot.ddr_size=XXXX. Vendors can set this command line option from the bootloader. Bug: 231718727 Test: n/a Change-Id: I3fb8a18125081b1a30dee715831f5701964cb375	2022-08-16 19:45:35 +00:00
Xin Li	122f787b8a	Merge "DO NOT MERGE - Merge Android 13"	2022-08-16 19:11:36 +00:00
Kelvin Zhang	aa7a9a4096	Add sepolicy for fastboot io uring feature flag fastboot will read this prop to check if io uring is supported. Add proper sepolicy. Test: th Bug: 31712568 Change-Id: I8990d8a31748534d4444a2ef25b58d629651dac7	2022-08-16 18:13:00 +00:00
Katherine Lai	c6ad2cb247	Merge "Add bluetooth sniff and LE connection sysprops"	2022-08-16 16:57:12 +00:00
Alessandra Loro	d0e108fbbe	Disallow untrusted apps to read ro.debuggable and ro.secure ro.secure and ro.debuggable system properties are not intended to be visible via Android SDK. This change blocks untrusted apps from reading these properties. Test: android.security.SELinuxTargetSdkTest Bug: 193912100 Change-Id: I40ac5d43da5778b5fa863b559c28e8d72961f831	2022-08-16 14:24:27 +00:00
Gavin Corkery	b593054797	Stop auditing sdk_sandbox access to audio_service am: `5f7432546f` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2186035 Change-Id: I9f76c4a336be806596ff6a4074b703dbda652b6d Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-08-15 13:46:04 +00:00
Gavin Corkery	5f7432546f	Stop auditing sdk_sandbox access to audio_service This service has valid use cases such as video players and should therefore not be audited. Change-Id: I3a0cffb34429320a412a7c05220376c0b58e28a3 Test: make Bug: 211632068	2022-08-15 10:18:50 +00:00
Siim Sammul	0c09546a31	Merge "Allow creating /data/tombstones files by system_server. Needed for ag/18773746" am: `9c0d804b45` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2112289 Change-Id: Id5378c2791e0cc5f933df73849b511cbac6dce1e Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-08-11 10:21:20 +00:00
Siim Sammul	9c0d804b45	Merge "Allow creating /data/tombstones files by system_server. Needed for ag/18773746"	2022-08-11 09:58:56 +00:00
Richard Chang	74334efa4b	sepolicy: allow vendor system native boot experiments property Grant system_server and flags_health_check permission to set the properties that correspond to vendor system native boot experiments. Bug: 241730607 Test: Build Merged-In: Idc2334534c2d42a625b451cfce488d7d7a651036 Change-Id: I3e98f1b05058245cad345061d801ecd8de623109	2022-08-11 08:03:42 +00:00
Katherine Lai	e564c90cba	Add bluetooth sniff and LE connection sysprops Added new sysprops to configure sniff parameters (max interval, min interval, attempt, timeout) and LE connection parameters (min/max connection interval, latency, supervision timeout, direct connection timeout, scan interval/window) Bug: 233119719 Bug: 233119457 Tag: #floss Test: Manual Change-Id: I9663e05067800ef79528bfbc7b626c29cf5514de	2022-08-09 22:57:57 +00:00
Derek Smith	541d5421f7	Merge "traced_probes: allow perfetto to read buddyinfo proc entry" am: `5ff4b6ff78` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2175504 Change-Id: I74e8d437731cce2fa0e4d0f1f0ab8389559e903f Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-08-05 21:40:36 +00:00
Derek Smith	5ff4b6ff78	Merge "traced_probes: allow perfetto to read buddyinfo proc entry"	2022-08-05 20:51:39 +00:00
Garfield Tan	0e76cc62b1	Allow zygote to read persist.wm.debug.* prop am: `49a8b76d4a` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2175950 Change-Id: Ic901b7baa3b2ab71be3c72289b50d451e6526ba9 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-08-05 20:40:24 +00:00
Garfield Tan	49a8b76d4a	Allow zygote to read persist.wm.debug.* prop Window manager team wants to leverage system properties for feature flags that need to be read in ViewRootImpl and other classes preloaded in Zygote. Appdomain is allowed to read that permission in commit I5808bf92dbba37e9e6da5559f8e0a5fdac016bf3. Bug: 241464028 Test: Zygote can preload persist.wm.debug.* props. Change-Id: I0c2ae63db53530c1facd8c2132f99c0d919b4ad8	2022-08-04 14:48:06 -07:00
Derek Smith	f595029023	traced_probes: allow perfetto to read buddyinfo proc entry Allow perfetto to read the /proc/buddyinfo entry to trace memory fragmentation of the system over time. Test: Manual: Capture perfetto buddyinfo traces Signed-off-by: Derek Smith <dpsmith@google.com> Change-Id: If2336377ae241668496d2caf81c6eac6b50dd2ff	2022-08-04 20:21:37 +00:00
Lokesh Gidra	92d617c0ce	Revert "Move parts of sdk_sandbox from private to apex policy" am: `1269a179ac` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2170746 Change-Id: I934b9c6dfcb3f0656b72ed7247cd752b9a6fd3c7 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-08-03 22:21:08 +00:00
Lokesh Gidra	1269a179ac	Revert "Move parts of sdk_sandbox from private to apex policy" Revert "Add java SeamendcHostTest in cts" Revert submission 2111065-seamendc Reason for revert: b/240731742, b/240462388 and b/240463116 Reverted Changes: I3ce2845f2:Move parts of sdk_sandbox from private to apex pol... I0c10106e2:Add java SeamendcHostTest in cts Test: revert cl Change-Id: If9981796694b22b7cbfe1368cd815889c741e69d	2022-08-03 14:24:04 +00:00
Max Bires	8d4c2f4496	Merge "Remove inapplicable comment." am: `3fc9964f1a` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2172882 Change-Id: I6cd88fa85955fcac947a1c50a0153a1b9a83b9a5 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-08-03 01:08:02 +00:00
Max Bires	3fc9964f1a	Merge "Remove inapplicable comment."	2022-08-03 00:39:44 +00:00
Treehugger Robot	e558e909d4	Merge "Add sepolicy for bluetooth.core.gap.le.conn.min.limit sysprop" am: `bc2ecffff5` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2170423 Change-Id: Ifd6b084143f9ec0ab0fe5a4eabbb276977ca5d03 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-08-02 19:32:04 +00:00
Max Bires	da19b45a14	Remove inapplicable comment. There don't seem to be any security issues raised by allowing crash dump to access keystore. More specifically, all key material is encrypted by KeyMint anyways in the absolute worst case, so even if key exposure occurred, there would be no harm. Fixes: 186868271 Test: The comment is gone. Change-Id: Ib09fc8e1eaa3f1a0876139e175dc28be9e0d4a4a	2022-08-02 11:01:25 -07:00
Steven Moreland	99d79a5737	Merge "servicemanager started property" am: `560a947de8` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2161201 Change-Id: I37959f094a56b64a0e61141e8dca613a7294322d Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-07-29 18:48:10 +00:00
Dorin Drimus	1c3cf830d9	Add sepolicy for bluetooth.core.gap.le.conn.min.limit sysprop Bug: 240709612 Change-Id: I893f5ec04a8abb4ecf724e9e179d0295a681b82b Test: N/A, CL only adds the sysprop API sepolicy	2022-07-29 18:45:52 +00:00
Steven Moreland	560a947de8	Merge "servicemanager started property"	2022-07-29 18:30:14 +00:00
Treehugger Robot	de453119e2	Merge "Update SELinux policy for app compilation CUJ." am: `9e2f8aa7a1` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2160660 Change-Id: I76e3fa493a483a85fec07fd77f8aba15e4136b49 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-07-29 17:48:30 +00:00
Treehugger Robot	9e2f8aa7a1	Merge "Update SELinux policy for app compilation CUJ."	2022-07-29 17:22:44 +00:00
Jiakai Zhang	c871c1cc75	Update SELinux policy for app compilation CUJ. - Adapt installd rules for app compilation. - Add profman rules for checking the profile before compilation. This is new behavior compared to installd. Bug: 229268202 Test: - 1. adb shell pm art optimize-package -m speed-profile -f \ com.google.android.youtube 2. See no SELinux denial. Change-Id: Idfe1ccdb1b27fd275fdf912bc8d005551f89d4fc	2022-07-29 14:07:52 +00:00
Steven Moreland	fd1eb68337	servicemanager started property If something starts before servicemanager does, intelligently wait for servicemanager to start rather than sleeping for 1s. Bug: 239382640 Test: boot Change-Id: If0380c3a1fce937b0939cd6137fcb25f3e47d14c	2022-07-28 17:09:14 +00:00
Vlad Popa	91926a8b64	Merge "Add SELinux policy for accessing the AudioService" am: `f503e3e7e2` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2167262 Change-Id: I3a23093dcb121ef347a72a25137618b52ec3af01 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-07-28 12:48:20 +00:00
Vlad Popa	f503e3e7e2	Merge "Add SELinux policy for accessing the AudioService"	2022-07-28 09:18:03 +00:00
sandrom	dd5b63f702	Move parts of sdk_sandbox from private to apex policy am: `e6971f1330` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2111065 Change-Id: I6711e1c15bbfd191ee1a4ad890e372563b873eab Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-07-27 16:33:05 +00:00
sandrom	e6971f1330	Move parts of sdk_sandbox from private to apex policy Bug: 236691128 Test: atest SeamendcHostTest Change-Id: I3ce2845f259afb29b80e2d9b446aa94e64ef8902	2022-07-27 13:39:06 +00:00
Vlad Popa	3fc7d83663	Add SELinux policy for accessing the AudioService This is used by the playback notification API to get a reference to the AudioService with the help of the ServiceManager. Change-Id: I70324cf0579fd029ee9b3a20115bdab9106d24a8 Test: avd/avd_boot_test Bug: 235521198	2022-07-27 12:11:50 +00:00
Matt Buckley	110d394660	Merge "Add ro.surface_flinger.enable_adpf_cpu_hint sysprop to sepolicy" am: `ae7e3756ba` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2161459 Change-Id: I3e088f0c56907c6829f18ac9af6f61a7e42102bd Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-07-22 05:35:27 +00:00
Matt Buckley	ae7e3756ba	Merge "Add ro.surface_flinger.enable_adpf_cpu_hint sysprop to sepolicy"	2022-07-22 05:17:27 +00:00
Matt Buckley	1b23789dfe	Add ro.surface_flinger.enable_adpf_cpu_hint sysprop to sepolicy Add new sysprop to control adpf cpu hints for surfaceflinger Bug: b/195990840 Test: n/a Change-Id: I5460e4668a2d69af194649ec076489de22caa348	2022-07-21 23:00:15 +00:00
Thiébaud Weksteen	19710d032e	Merge "Remove key migration related changes" am: `c5a3726e58` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2160358 Change-Id: I64b2b63672c8482216d9515718bd5b64de26c6dd Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-07-21 03:27:36 +00:00
Thiébaud Weksteen	c5a3726e58	Merge "Remove key migration related changes"	2022-07-21 01:20:53 +00:00
Katherine Lai	45ce880b05	Merge "Add bluetooth classic sysprops" am: `963596866a` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2154517 Change-Id: I58363adb52d3cfa93fb86ef8ee24f95e41b55d60 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-07-20 20:56:52 +00:00
Katherine Lai	963596866a	Merge "Add bluetooth classic sysprops"	2022-07-20 20:38:43 +00:00
John Wu	e5010a22a6	Remove key migration related changes Migrating keys across UIDs is no longer required Test: m Bug: 228999189 Change-Id: I33e85635a4fe82bf1f98a9bfcf505a1067b4ed91	2022-07-20 15:19:37 +10:00
Maciej Żenczykowski	e65c35282a	allow bpfloader to create symbolic links in /sys/fs/bpf am: `d5098f99a9` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2154891 Change-Id: I3d282bde16f20a11d341b43640960a9c38b54645 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-07-19 07:36:43 +00:00
Katherine Lai	9bddb0d32f	Add bluetooth classic sysprops Added new sysprops to configure classic link supervision timeout, page/inquiry scan activity, and page timeout Bug: 233119719 Tag: #floss Tag: #feature Test: Manual Change-Id: I92c598f97ca37486c208c7e37ad0d194f6f0b8b2	2022-07-18 20:55:20 +00:00
Maciej Żenczykowski	d5098f99a9	allow bpfloader to create symbolic links in /sys/fs/bpf (this is to allow /sys/fs/bpf/tethering -> net_shared/tethering for InProcessTethering, ie. Android Go devices) Bug: 190523685 Bug: 236925089 Test: TreeHugger, manually on aosp_cf_x86_go_phone-userdebug Signed-off-by: Maciej Żenczykowski <maze@google.com> Change-Id: Ifa52429f958b0af80f91af6bfb064c1cdf9cd070	2022-07-18 05:14:44 -07:00
Jooyung Han	507b641085	Merge "Allow (hw)servicemanager use bootstrap bionic" am: `8fe0b28bf1` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2152734 Change-Id: Ie004a6d7c7e284baf4cf20f057a91cbe649ce6e9 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-07-15 00:34:25 +00:00
Jooyung Han	8fe0b28bf1	Merge "Allow (hw)servicemanager use bootstrap bionic"	2022-07-15 00:12:55 +00:00
Treehugger Robot	3b61b61c5a	Merge "Allow system_server to signal InputProcessor HAL" am: `674d3e7822` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2152242 Change-Id: I8156dd48981a76ed08e68ed548b4cdd47b92e89c Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-07-14 23:25:46 +00:00
Treehugger Robot	674d3e7822	Merge "Allow system_server to signal InputProcessor HAL"	2022-07-14 23:06:38 +00:00
Siarhei Vishniakou	4cb2d3c13d	Allow system_server to signal InputProcessor HAL This is needed for Watchdog to be able to dump InputProcessor HAL. Watchdog can be triggered locally for testing by patching InputDispatcher.cpp: void InputDispatcher::monitor() { // Acquire and release the lock to ensure that the dispatcher has not deadlocked. std::unique_lock _l(mLock); + std::this_thread::sleep_for(std::chrono::minutes(40)); mLooper->wake(); mDispatcherIsAlive.wait(_l); Bug: 237322365 Test: adb bugreport (after triggering watchdog) Change-Id: I746df8be4faaef2a67293d6b1c0cde5fa7810de6 Merged-In: I746df8be4faaef2a67293d6b1c0cde5fa7810de6	2022-07-14 22:05:07 +00:00
Nikita Ioffe	fb3df6dc4a	Merge "Add apexd.config.loop_wait.attempts sysprop to sepolicy" am: `5dd9e3a320` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2152793 Change-Id: I6161cbd8f80aa3a2cb17c2af364ee6df9d5354f3 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-07-14 10:34:05 +00:00
Nikita Ioffe	5dd9e3a320	Merge "Add apexd.config.loop_wait.attempts sysprop to sepolicy"	2022-07-14 10:15:56 +00:00
Jooyung Han	133ca4ea6b	Allow (hw)servicemanager use bootstrap bionic Bug: 237672865 Test: m && boot Change-Id: I436cf97c4c8e852e36cd1faa9da646c9f8a4d0a4	2022-07-14 11:31:03 +09:00
SzuWei Lin	b540e93de2	Merge "Set up sepolicy for mediaserver64" am: `5d24b9a14d` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2144720 Change-Id: I7a144eb156c3247102f47ce24d707ed882021d24 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-07-14 00:38:17 +00:00
SzuWei Lin	5d24b9a14d	Merge "Set up sepolicy for mediaserver64"	2022-07-14 00:20:03 +00:00
Nikita Ioffe	0fd6e24297	Add apexd.config.loop_wait.attempts sysprop to sepolicy Also mark all apexd.config. properties to be apexd_config_prop Bug: 237955261 Test: m Change-Id: I93a9e1b450426ebe7cd11c87a9586697dc76a70e	2022-07-13 12:31:18 +01:00
Treehugger Robot	c383817add	Merge "Added properties for rebootless apex install" am: `be031287e4` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2147819 Change-Id: Iac6f20e59f2924248892657c74525034ce1b3c95 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-07-13 04:20:59 +00:00
SzuWei Lin	994195359f	Set up sepolicy for mediaserver64 Add mediaserver(32\|64) for supporting 64-bit only devices. The patch is for setting up the sepolicy for mediaserver(32\|64). Bug: 236664614 Test: make gsi_arm64-user; Check the sepolicy Change-Id: I61c69588b84305b9863a72b5a466d4185f7f1958	2022-07-11 16:18:55 +08:00
Jooyung Han	ccfb0ef146	Added properties for rebootless apex install When apexd installs an apex without reboot, init also need to do some work around the installation (e.g. terminating services from the apex and remove data read from the apex and updating linker configuration etc) Apexd sets control properties to unload and load apex and init notifies the completion with state properties. These new properties are supposed to be used by apexd/init interaction. Bug: 232114573 Bug: 232173613 Test: CtsStagedInstallHostTestCases Test: CtsInitTestCases Change-Id: I5af6b36310f3c81f1cd55537473e54756541d347	2022-07-08 12:12:45 +09:00
Thiébaud Weksteen	5ce2e0e243	Merge "Revert "Remove key migration related changes"" am: `febedf5a42` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2147821 Change-Id: Ib0679d31928a4c09300cdfbe0dd03dd08ff084db Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-07-07 09:01:59 +00:00
Thiébaud Weksteen	febedf5a42	Merge "Revert "Remove key migration related changes""	2022-07-07 08:43:54 +00:00
Thiébaud Weksteen	f412c13a02	Revert "Remove key migration related changes" This reverts commit `65dcdf2921`. Reason for revert: broken internal target Change-Id: Idf57285d95f5466dfa3af08230af4c8f9d76326c	2022-07-07 08:40:23 +00:00
Thiébaud Weksteen	3d242f752a	Merge "Remove key migration related changes" am: `c3cb5a25e3` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2134299 Change-Id: I79a4e7aeaa3a5f05a40332c1cbff8bda093529f5 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-07-07 04:32:15 +00:00
Thiébaud Weksteen	c3cb5a25e3	Merge "Remove key migration related changes"	2022-07-07 04:13:22 +00:00
Treehugger Robot	dbd0da73ba	Merge "Revert system app/process profileability on user builds" am: `829acbee3a` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2142152 Change-Id: Idf3f36723d703f55141b97aaa0605194283d723e Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-07-04 15:56:18 +00:00
Treehugger Robot	829acbee3a	Merge "Revert system app/process profileability on user builds"	2022-07-04 15:41:08 +00:00
Treehugger Robot	06f721e8de	Merge "Allow all Apps to Recv UDP Sockets from SystemServer" am: `c37a39c26d` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2143512 Change-Id: I214835a158c7851bb5971fe0fcf90cb1d8fb7fc2 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-07-04 08:30:12 +00:00
Treehugger Robot	c37a39c26d	Merge "Allow all Apps to Recv UDP Sockets from SystemServer"	2022-07-04 08:21:47 +00:00
Treehugger Robot	400465d53a	Merge "selinux: allow bpfloader bpffs_type:file getattr" am: `e6bd93d6b6` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2143115 Change-Id: I7af7bc511f0b4373e07d34a70fafc475fb44fd6c Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-07-04 08:21:10 +00:00
Treehugger Robot	e6bd93d6b6	Merge "selinux: allow bpfloader bpffs_type:file getattr"	2022-07-04 07:51:45 +00:00
David Brazdil	9a394805ac	crash_dump: Remove permission to dump crosvm am: `28b34f1bca` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2143613 Change-Id: Ie6e57d2bf703384593c037d72de843586cb4dc33 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-07-04 07:45:09 +00:00
Maciej Żenczykowski	1fcf7c8e7e	selinux: allow bpfloader bpffs_type:file getattr (to be able to stat() nodes in /sys/fs/bpf) Test: TreeHugger Signed-off-by: Maciej Żenczykowski <maze@google.com> Change-Id: Ic71ebea683844a8d5ac0b542da815bae2816973a	2022-07-02 02:02:51 -07:00
David Brazdil	28b34f1bca	crash_dump: Remove permission to dump crosvm A crosvm instance running a protected VM contains a memory mapping of the VM's protected memory. crash_dump can trigger a kernel panic if it attaches to such crosvm instance and tries to dump this memory region. Until we have a means of excluding only the protected memory from crash_dump, prevent crash_dump from dumping crosvm completely by taking away its SELinux permission to ptrace crosvm. Bug: 236672526 Test: run 'killall -s SIGSEGV crosvm' while running crosvm Change-Id: I6672746c479183cc2bbe3dce625e5b5ebcf6d822	2022-07-01 17:30:54 +01:00
Ryan Savitski	babba5e83b	Revert system app/process profileability on user builds Please see bug for context. This reverts commits: * `6111f0cfc8` * `bb197bba02` * `20d0aca7e6` And updates prebuilts/api/33.0 accordingly. Bug: 217368496 Tested: builds successfully (barbet-userdebug) Change-Id: If7fcf3d5a2fdb1a48dcaf8ef8f97e8375d461e61	2022-07-01 12:41:01 +00:00
Jeff Vander Stoep	7295721417	Allow all Apps to Recv UDP Sockets from SystemServer Access to this functionality is gated elsewhere e.g. by allowing/disallowing access to the service. Bug: 237512474 Test: IpSecManagerTest Test: Manual with GMSCore + PPN library Change-Id: Ibb00b7c470a4cb148cfdcfb6b147edde45e49b1a	2022-07-01 12:41:28 +01:00
Xin Li	03efcb5695	Merge "Merge tm-dev-plus-aosp-without-vendor@8763363" into stage-aosp-master	2022-06-29 21:21:45 +00:00
Mitch Phillips	038018e113	Merge "Add persistent gwp-asan sysprops"	2022-06-29 20:56:56 +00:00
Siim Sammul	252a0502c8	Allow creating /data/tombstones files by system_server. Needed for ag/18773746 Bug: 225173288 Test: atest ErrorsTest + manual Change-Id: I31bab12a59babd9a197cfb03d2417b926e60af84	2022-06-29 15:07:01 +00:00
Xin Li	b347e9fd52	Merge tm-dev-plus-aosp-without-vendor@8763363 Bug: 236760014 Merged-In: I036e48530e37f7213a21b250b858a37fba3e663b Change-Id: Ic7d4432aea1d37546d342df3e2157b9dc8207770	2022-06-27 23:40:18 +00:00
John Wu	65dcdf2921	Remove key migration related changes Migrating keys across UIDs is no longer required Test: m Bug: 228999189 Change-Id: Icdecbdb3997f9c5b3d470578b1d61e580a1c3537	2022-06-26 01:04:02 +10:00
Mitch Phillips	add13f0783	Add persistent gwp-asan sysprops Like the non-persistent variants, should be settable by shell without root to allow external developer use on locked bootloaders. Bug: 236738714 Test: atest bionic-unit-tests Change-Id: Id9fc4abe491f560134267b06dd53c2dacca9422d	2022-06-23 11:11:35 -07:00
Maciej Żenczykowski	5c8461a277	much more finegrained bpf selinux privs for networking mainline am: `15715aea32` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/19039305 Change-Id: I0a8443a02956251a9d5da3bd582f711d0999fd08 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-06-23 11:15:50 +00:00
Maciej Żenczykowski	afa8ca689f	Merge "much more finegrained bpf selinux privs for networking mainline"	2022-06-23 11:05:03 +00:00
Almaz Mingaleev	0e70ea793f	Merge "Remove TZUvA feature."	2022-06-23 07:47:26 +00:00
Maciej Żenczykowski	b13921c3f0	much more finegrained bpf selinux privs for networking mainline Goal is to gain a better handle on who has access to which maps and to allow (with bpfloader changes to create in one directory and move into the target directory) per-map selection of selinux context, while still having reasonable defaults for stuff pinned directly into the target location. BPFFS (ie. /sys/fs/bpf) labelling is as follows: subdirectory selinux context mainline usecase / usable by / fs_bpf no () core operating system (ie. platform) /net_private fs_bpf_net_private yes, T+ network_stack /net_shared fs_bpf_net_shared yes, T+ network_stack & system_server /netd_readonly fs_bpf_netd_readonly yes, T+ network_stack & system_server & r/o to netd /netd_shared fs_bpf_netd_shared yes, T+ network_stack & system_server & netd [] /tethering fs_bpf_tethering yes, S+ network_stack /vendor fs_bpf_vendor no, T+ vendor initial support for bpf was added back in P, but things worked differently back then with no bpfloader, and instead netd doing stuff by hand, bpfloader with pinning into /sys/fs/bpf was (I believe) added in Q (and was definitely there in R) ** additionally bpf programs are accesible to netutils_wrapper for use by iptables xt_bpf extensions 'mainline yes' currently means shipped by the com.android.tethering apex, but this is really another case of bad naming, as it's really the 'networking/connectivity/tethering' apex / mainline module. Long term the plan is to merge a few other networking mainline modules into it (and maybe give it a saner name...). The reason for splitting net_private vs tethering is that: S+ must support 4.9+ kernels and S era bpfloader v0.2+ T+ must support 4.14+ kernels and T beta3 era bpfloader v0.13+ The kernel affects the intelligence of the in-kernel bpf verifier and the available bpf helper functions. Older kernels have a tendency to reject programs that newer kernels allow. / && /vendor are not shipped via mainline, so only need to work with the bpfloader that's part of the core os. Bug: 218408035 Test: TreeHugger, manually on cuttlefish Signed-off-by: Maciej Żenczykowski <maze@google.com> Change-Id: I674866ebe32aca4fc851818c1ffcbec12ac4f7d4 (cherry picked from commit `15715aea32`)	2022-06-22 16:07:42 -07:00
Maciej Żenczykowski	15715aea32	much more finegrained bpf selinux privs for networking mainline Goal is to gain a better handle on who has access to which maps and to allow (with bpfloader changes to create in one directory and move into the target directory) per-map selection of selinux context, while still having reasonable defaults for stuff pinned directly into the target location. BPFFS (ie. /sys/fs/bpf) labelling is as follows: subdirectory selinux context mainline usecase / usable by / fs_bpf no () core operating system (ie. platform) /net_private fs_bpf_net_private yes, T+ network_stack /net_shared fs_bpf_net_shared yes, T+ network_stack & system_server /netd_readonly fs_bpf_netd_readonly yes, T+ network_stack & system_server & r/o to netd /netd_shared fs_bpf_netd_shared yes, T+ network_stack & system_server & netd [] /tethering fs_bpf_tethering yes, S+ network_stack /vendor fs_bpf_vendor no, T+ vendor initial support for bpf was added back in P, but things worked differently back then with no bpfloader, and instead netd doing stuff by hand, bpfloader with pinning into /sys/fs/bpf was (I believe) added in Q (and was definitely there in R) ** additionally bpf programs are accesible to netutils_wrapper for use by iptables xt_bpf extensions 'mainline yes' currently means shipped by the com.android.tethering apex, but this is really another case of bad naming, as it's really the 'networking/connectivity/tethering' apex / mainline module. Long term the plan is to merge a few other networking mainline modules into it (and maybe give it a saner name...). The reason for splitting net_private vs tethering is that: S+ must support 4.9+ kernels and S era bpfloader v0.2+ T+ must support 4.14+ kernels and T beta3 era bpfloader v0.13+ The kernel affects the intelligence of the in-kernel bpf verifier and the available bpf helper functions. Older kernels have a tendency to reject programs that newer kernels allow. / && /vendor are not shipped via mainline, so only need to work with the bpfloader that's part of the core os. Ignore-AOSP-First: will be cherrypicked from tm-dev to aosp/master Bug: 218408035 Test: TreeHugger, manually on cuttlefish Signed-off-by: Maciej Żenczykowski <maze@google.com> Change-Id: I674866ebe32aca4fc851818c1ffcbec12ac4f7d4	2022-06-22 15:16:07 -07:00
Treehugger Robot	11a9ff428d	Merge "Allow remote_prov_app to find mediametrics."	2022-06-22 06:14:28 +00:00
Alan Stokes	709c394626	Allow compos_verify to write VM logs am: `1035ba1023` am: `daedb78a2c` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2129275 Change-Id: I92f662dc58ae87cc861149911d233ce2c4c39a6b Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-06-20 11:04:20 +00:00
Alan Stokes	1035ba1023	Allow compos_verify to write VM logs Previously I've resisted granting write access to these files, since it allows the instance image to be altered. But that doesn't allow an attacker to do anything other than render it invalid, since it's protected by the VM key. Note that logs are only written when the VM is debuggable, which is currently only when only non-protected VMs are available. Bug: 235350758 Test: Force debug on, stage APEX, compile, reboot -> see vm logs Test: Presubmit Change-Id: I17c9a17db83d15adfab97b8cfe4ccd67393a08c1	2022-06-17 13:41:51 +01:00
Treehugger Robot	d1e6ba9a7b	Merge "SELinux configuration for memory safety device configs." am: `13b939a91a` am: `c0866fe311` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2120412 Change-Id: If4a0b99f14d37155a840c997cd36da4ecd334b2e Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-06-16 07:10:04 +00:00
Treehugger Robot	13b939a91a	Merge "SELinux configuration for memory safety device configs."	2022-06-16 06:27:04 +00:00
Max Bires	fcb3f81aaa	Allow remote_prov_app to find mediametrics. am: `f33d6752c1` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/18912728 Change-Id: I339eb8ce2ee3a15f7fd088b1c3de1a9c7e3c8e01 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-06-15 20:59:12 +00:00
Max Bires	d1cd55f660	Allow remote_prov_app to find mediametrics. This change allows remote_prov_app to find mediametrics. This is a permission that all apps have. It is now needed for remote_prov_app due to a new feature related to provisioning Widevine through the MediaDrm framework. Bug: 235491155 Test: no selinux denials related to remote_prov_app Change-Id: Id3057b036486288358a9a84100fe808eb56df5fe Merged-In: Id3057b036486288358a9a84100fe808eb56df5fe	2022-06-15 13:42:32 -07:00
Treehugger Robot	9f06fb778d	Merge "Dontaudit chmod of virtualizationsevice_data_file" am: `558915461b` am: `7274ce1c86` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2128132 Change-Id: Ie071abf30781d6e064d411f7fb1654f796828cdd Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-06-15 18:39:50 +00:00
Treehugger Robot	558915461b	Merge "Dontaudit chmod of virtualizationsevice_data_file"	2022-06-15 18:04:46 +00:00
Florian Mayer	7564cb1833	Merge "Add property for MTE permissive mode." am: `981f5581f6` am: `255cbf108a` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2101776 Change-Id: If09152789586c662abfa9cbabeecde200f786a0a Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-06-15 17:36:53 +00:00
Florian Mayer	5b3a8333af	SELinux configuration for memory safety device configs. These will get read by system libraries in arbitrary processes, so it's a public property with read access by `domain`. Bug: 235129567 Change-Id: I1ab880626e4efa2affe90165ce94a404b918849d	2022-06-15 10:34:54 -07:00
Alan Stokes	40f33c1da1	Dontaudit chmod of virtualizationsevice_data_file Init attempts to rm -rf these files, to ensure any that are owned by the old virtualizationservice UID get deleted. This fails for newer directories, now we use the system UID, which is harmless. But rm attempts to chmod the directories since it can't read them, which also fails and generates a spurious audit. So here we suppress that. Bug: 235338094 Test: No denials seen even when there are stale directories present Change-Id: If55fbe151174ee08a12b64b301e4aa86ffc1a5bf	2022-06-15 17:25:20 +01:00
Max Bires	f33d6752c1	Allow remote_prov_app to find mediametrics. This change allows remote_prov_app to find mediametrics. This is a permission that all apps have. It is now needed for remote_prov_app due to a new feature related to provisioning Widevine through the MediaDrm framework. Ignore-AOSP-First: Need to cherry pick to TM-dev Bug: 235491155 Test: no selinux denials related to remote_prov_app Change-Id: Id3057b036486288358a9a84100fe808eb56df5fe	2022-06-15 15:42:23 +00:00
Florian Mayer	56af9a268a	Add property for MTE permissive mode. Bug: 202037138 Change-Id: I272996f124ca8391f9312150d1d8757751fe6acb	2022-06-14 10:21:25 -07:00
Neil Fuller	37888b33ba	Remove TZUvA feature. The feature was superseded by tzdata mainline module(s). Bug: 148144561 Test: see system/timezone Test: m selinux_policy Change-Id: I48d445ac723ae310b8a134371342fc4c0d202300 Merged-In: I48d445ac723ae310b8a134371342fc4c0d202300	2022-06-13 11:45:50 +00:00
Treehugger Robot	1f3e23185a	Merge "Remove the last traces of idmap (replaced by idmap2)" am: `850045ae07` am: `4ed1cb5a1e` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2122593 Change-Id: Ie6eab2f168e8587b6a3b7a94e3ce92098a16e3f4 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-06-13 07:58:39 +00:00
Treehugger Robot	850045ae07	Merge "Remove the last traces of idmap (replaced by idmap2)"	2022-06-13 07:19:11 +00:00
Yi-yo Chiang	290546b504	Merge "Label ro.force.debuggable as build_prop" am: `c85ac2ea3a` am: `fcbd51b544` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2122376 Change-Id: I28c54af35917a64b2b288b5d97e09074470cc797 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-06-13 06:59:12 +00:00
Yi-yo Chiang	c85ac2ea3a	Merge "Label ro.force.debuggable as build_prop"	2022-06-13 06:17:47 +00:00
Devin Moore	92c36611e3	Merge "Add permissions for new netd AIDL HAL" am: `e47782171a` am: `ff958713a2` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2095165 Change-Id: I7d2b464664e78b2cb32820adef2595a248203969 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-06-10 20:30:09 +00:00
Devin Moore	e47782171a	Merge "Add permissions for new netd AIDL HAL"	2022-06-10 18:04:28 +00:00
Mårten Kongstad	0547fb5ab2	Remove the last traces of idmap (replaced by idmap2) Remove mention of the /system/bin/idmap binary: the file no longer exists. Remove interaction between the domains installd and idmap to interact: installd used to fork and exec the idmap binary, but the idmap2 binary has its own binder service. Bug: 118711077 Bug: 119264713 Test: atest FrameworksServicesTests:com.android.server.om OverlayDeviceTests OverlayHostTests CtsAppSecurityHostTestCases:OverlayHostTest Change-Id: I06d22057308984e43cb84ff365dbdd1864c7064b	2022-06-10 12:58:21 +02:00
Yi-Yo Chiang	598d079de7	Label ro.force.debuggable as build_prop It was default_prop. Label it build_prop for good code hygiene. Bug: 223517900 Test: Boot with and without debug boot image Change-Id: I4e00d301eb526a0fc9e29657cbcedda8dd0fc7b1	2022-06-10 14:52:38 +08:00
Akilesh Kailash	e673ce9fb5	Allow update_verifier to connect to snapuserd daemon am: `5fe8252425` am: `ba1b02ae5b` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2039364 Change-Id: I7b25072da70f0ed71173a4db6dfa30dd9b269a69 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-06-09 23:45:04 +00:00
Devin Moore	309a355088	Add permissions for new netd AIDL HAL Netd is now serving an AIDL HAL to replace the old HIDL HAL. Bug: 205764585 Test: Boot and check for avc denials Change-Id: I1ca5ed4ff3b79f082ea2f6d3e81f60a64ca04855	2022-06-09 22:39:15 +00:00
Akilesh Kailash	5fe8252425	Allow update_verifier to connect to snapuserd daemon Bug: 193863442 Test: OTA Signed-off-by: Akilesh Kailash <akailash@google.com> Change-Id: I10cb900466078930c9124fc381ba2adfc50ffcd4	2022-06-08 20:26:18 +00:00
Steven Terrell	06c506940e	Merge "Add System Property Controlling Animators"	2022-06-08 15:33:44 +00:00
Jiakai Zhang	70ac4483d0	Merge "Allow artd to get root capabilities and write to dalvikcache_data_file." am: `b7a5e7cb8f` am: `07bae2c1b8` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2118486 Change-Id: I7322fe21d5f14880c72b62132a592aa538032eff Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-06-08 15:22:02 +00:00
Jiakai Zhang	b7a5e7cb8f	Merge "Allow artd to get root capabilities and write to dalvikcache_data_file."	2022-06-08 14:33:34 +00:00
Treehugger Robot	27945bccb0	Merge "Add sepolicy for IBootControl AIDL" am: `921af40c4b` am: `8fbf709eb0` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2050816 Change-Id: Ib687153be4608959548009903420a48def7e9891 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-06-08 10:32:27 +00:00
Jiakai Zhang	2ce60a69bc	Allow artd to get root capabilities and write to dalvikcache_data_file. This CL adds rules to allow artd to delete optimized artifacts. In general, some functionalities from installd are being migrated to artd, so artd needs permissions to do what installd is doing: managing profiles and compilation artifacts that belong to individual apps. Bug: 225827974 Test: adb shell pm art delete-optimized-artifacts com.google.android.youtube Change-Id: I1780cdfb481175fd3b0bc9031fdabb8e7cd71a12	2022-06-08 10:13:22 +00:00
Treehugger Robot	921af40c4b	Merge "Add sepolicy for IBootControl AIDL"	2022-06-08 09:40:21 +00:00
Kelvin Zhang	187cb2c64c	Add sepolicy for IBootControl AIDL Test: th Bug: 227536004 Change-Id: I1206b4aae1aab904a76836c893ee583b5ce54624	2022-06-07 16:26:19 -07:00
Steven Terrell	879f41c5f2	Add System Property Controlling Animators Adding a new system property that will act as a toggle enabling/disabling the framework changes that were submitted to prevent leaked animators. Bug: 233391022 Test: manual. Merged-In: I57225feb50a3f3b4ac8c39998c47f263ae211b66 Change-Id: Ifc339efc1c3a5e19920b77d1f24bef19c39d5f44	2022-06-07 20:22:10 +00:00
Steven Terrell	399f831f56	Merge "Add System Property Controlling Animators" into tm-dev am: `6eb7171c4b` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/18565495 Change-Id: I0f8e5c4b1f876545c192812851b5d18c8897acfd Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-06-07 19:57:37 +00:00
Steven Terrell	6eb7171c4b	Merge "Add System Property Controlling Animators" into tm-dev	2022-06-07 19:49:48 +00:00
John Wu	18e0e8b3d5	Merge "Revert "Revert "Revert "Remove key migration related changes"""" am: `b553a30629` am: `b298a8a97e` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2116891 Change-Id: I4cd8e81ecb7a11320fcff56417db9546dab8f677 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-06-07 01:39:51 +00:00
John Wu	b553a30629	Merge "Revert "Revert "Revert "Remove key migration related changes""""	2022-06-07 01:03:51 +00:00
John Wu	3da8416b5d	Revert "Revert "Revert "Remove key migration related changes""" This reverts commit `82c4d9b474`. Reason for revert: b/235140708 Change-Id: Ifd14bcf4480c74b81602c16723efebef7aad10bd	2022-06-06 22:24:24 +00:00
John Wu	f9ca56efea	Merge "Revert "Revert "Remove key migration related changes""" am: `fd6f5dfe6b` am: `2549151f97` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2115245 Change-Id: Ic70baaa2153e6f164d67f804158b5e4873b1630e Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-06-06 18:42:03 +00:00
John Wu	fd6f5dfe6b	Merge "Revert "Revert "Remove key migration related changes"""	2022-06-06 17:16:47 +00:00
John Wu	82c4d9b474	Revert "Revert "Remove key migration related changes"" This reverts commit `e27f954836`. Reason for revert: this needs to land in AOSP Change-Id: Ief92bf04eaff4235b0e33d427263bbff312837aa	2022-06-03 18:23:15 +00:00
Patrick Rohr	205c7123ea	sepolicy: allow TUNSETLINK and TUNSETCARRIER am: `02b55354bd` am: `df9cd0c7bd` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2112201 Change-Id: I5dae26e8b8a707368ab36330a9850bfd78a7cbb5 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-06-01 09:16:44 +00:00
Patrick Rohr	69fa8ca6f2	sepolicy: allow TUNSETLINK and TUNSETCARRIER This is required for testing new ethernet APIs in T. This change is not identical to the corresponding AOSP change because it also needs to update the T prebuilts. Test: TH Bug: 171872016 Merged-In: I1e6024d7d649be50aa2321543b289f81fcdfc483 (cherry picked from commit `02b55354bd`) Change-Id: I1d620bcd9b3d02c6acb45636bb862f40282f636d	2022-06-01 17:26:10 +09:00
Lorenzo Colitti	ee87a35010	Merge changes from topic "cherrypicker-L90100000954806085:N90400001269057103" into tm-dev * changes: Add xfrm netlink permissions for system server Fix system server and network stack netlink permissions	2022-06-01 07:47:45 +00:00
Patrick Rohr	02b55354bd	sepolicy: allow TUNSETLINK and TUNSETCARRIER This is required for testing new ethernet APIs in T. Test: TH Bug: 171872016 Change-Id: I1e6024d7d649be50aa2321543b289f81fcdfc483	2022-05-31 20:36:33 -07:00
Benedict Wong	8b7c1cbd5e	Add xfrm netlink permissions for system server This change enables xfrm netlink socket use for the system server, and the network_stack process. This will be used by IpSecService to configure SAs, and network stack to monitor counters & replay bitmaps for monitoring of IPsec tunnels. This patch updates the prebuilts, in addition to the changes to the master source. Bug: 233392908 Test: Compiled Merged-In: I25539dc579f21d6288fa962d1fad9b51573f017d (cherry picked from commit `b25b4bf53f`) Change-Id: I25539dc579f21d6288fa962d1fad9b51573f017d	2022-06-01 03:10:11 +00:00
Jiakai Zhang	3cc9edd110	Allow artd to check optimization status. am: `76bfb7ecbf` am: `aa1673bace` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2111066 Change-Id: I61f4f01637834e7322b371fcc06c8f616b0d1fd7 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-05-31 16:55:07 +00:00
Jiakai Zhang	76bfb7ecbf	Allow artd to check optimization status. Bug: 233383589 Test: - 1. adb shell pm art get-optimization-status com.google.android.youtube 2. See no SELinux denials. Test: - 1. adb shell pm compile -m speed com.google.android.youtube 2. adb shell pm art get-optimization-status com.google.android.youtube 3. See no SELinux denials. Test: - 1. adb shell pm install /product/app/YouTube/YouTube.apk 2. adb shell pm art get-optimization-status com.google.android.youtube 3. See no SELinux denials. Change-Id: I943ebca4ec02c356fa0399b13f6154e7623f228b	2022-05-31 14:05:04 +01:00
Patrick Rohr	d0478822ce	Fix system server and network stack netlink permissions Give system_server and network_stack the same permissions as netd. This is needed as we are continuously moving code out of netd into network_stack and system_server. This change is not identical to the corresponding AOSP change because it also needs to update the T prebuilts. Test: TH Bug: 233300834 Change-Id: I9559185081213fdeb33019733654ce95af816d99 (cherry picked from commit `ab02397814`) Merged-In: I9559185081213fdeb33019733654ce95af816d99	2022-05-31 15:30:32 +09:00
Steven Terrell	bc844c5c2b	Add System Property Controlling Animators Adding a new system property that will act as a toggle enabling/disabling the framework changes that were submitted to prevent leaked animators. Bug: 233391022 Test: manual. Ignore-AOSP-First: planning to commit to tm-dev then cherry-pick over to AOSP later. Change-Id: I57225feb50a3f3b4ac8c39998c47f263ae211b66	2022-05-27 20:00:37 +00:00
Patrick Rohr	1c319bd326	Merge "Fix system server and network stack netlink permissions" am: `817d82bcf5` am: `3684e7af8f` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2101773 Change-Id: I17d97fba15dcee3cb4e0b5bbbab1d445bd3e4d0e Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-05-27 02:21:22 +00:00
Patrick Rohr	817d82bcf5	Merge "Fix system server and network stack netlink permissions"	2022-05-27 01:39:00 +00:00
Treehugger Robot	f60d25a494	Merge "Allow system_server to connect to artd." am: `a4c30a384a` am: `3aca65199c` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2108124 Change-Id: I9992364429733bcca456bb6a3cf3905ad058f552 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-05-26 15:59:15 +00:00
Treehugger Robot	a4c30a384a	Merge "Allow system_server to connect to artd."	2022-05-26 14:33:42 +00:00
Jiakai Zhang	9ed8d3c9be	Allow system_server to connect to artd. Bug: 233915142 Test: m Change-Id: I07dc0b7ab2e54aea21799698b13651605f4c4b4a	2022-05-26 13:57:53 +01:00
Thiébaud Weksteen	e8d8ce83ed	Merge "Revert "Remove key migration related changes"" am: `cdf912f65e` am: `d45cc9c6da` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2107148 Change-Id: I11abb211c0c4e328763c5fb9916ad6e39a5670ae Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-05-26 03:59:04 +00:00
Thiébaud Weksteen	cdf912f65e	Merge "Revert "Remove key migration related changes""	2022-05-26 03:08:29 +00:00
John Wu	e27f954836	Revert "Remove key migration related changes" This reverts commit `cabed18a47`. Reason for revert: b/233922399 Change-Id: Ib371184de3c1bc4e3e0ca951e98d6b5e66952dcc	2022-05-25 23:36:42 +00:00
Rubin Xu	8ff276e8d2	Allow Bluetooth stack to read security log sysprop Bluetooth stack needs to read persist.logd.security and ro.organization_owned sysprop (via __android_log_security()) to control security logging for Bluetooth events. Bug: 232283779 Test: manual Change-Id: Ic8162cd4a4436981a15acea6ac75079081790525 (cherry picked from commit `a274858e3b`) Merged-In: Ic8162cd4a4436981a15acea6ac75079081790525	2022-05-25 21:05:02 +00:00
John Wu	c8d2d1d258	Merge "Remove key migration related changes"	2022-05-25 17:53:17 +00:00
Mohamad Mahmoud	cee6a14e1e	Merge "Allow system_server to read io and cpu pressure data Test: tested on device Bug: b/233036368" am: `e7d1f32250` am: `6534eb696b` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2103244 Change-Id: If215ca1b641fe83e3670f844dadd9cbf1623043b Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-05-25 16:27:22 +00:00
Mohamad Mahmoud	e7d1f32250	Merge "Allow system_server to read io and cpu pressure data Test: tested on device Bug: b/233036368"	2022-05-25 15:49:20 +00:00
Sanjana Sunil	709b339420	Merge "Allow zygote to relabel sdk_sandbox_system_data_file" into tm-dev	2022-05-25 15:06:14 +00:00
Rubin Xu	6f73a02792	Merge "Allow Bluetooth stack to read security log sysprop" am: `ab73c8f1c8` am: `b7a8225fd8` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2096793 Change-Id: Ia80bbd0c59b6cec578cc46eabc40e6a4c69c6ffe Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-05-25 12:20:46 +00:00
Rubin Xu	ab73c8f1c8	Merge "Allow Bluetooth stack to read security log sysprop"	2022-05-25 11:43:49 +00:00
Treehugger Robot	0f12b12c8c	Merge "Add xfrm netlink permissions for system server" am: `f2b91a0199` am: `5cb7ed06e3` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2101798 Change-Id: I6114c0a707d7117711f183ee9ce9a56299af8c99 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-05-25 02:04:54 +00:00
Treehugger Robot	f2b91a0199	Merge "Add xfrm netlink permissions for system server"	2022-05-25 01:14:25 +00:00

... 2 3 4 5 6 ...

9039 commits