For whatever reason, system/sepolicy/prebuilts/api/30.0 and rvc-dev's
system/sepolicy differ a little. This makes 30.0 prebuilts up-to-date
and also updates plat_pub_versioned.cil, built from aosp_arm64-eng
target on rvc-dev branch.
Bug: 168159977
Test: m selinux_policy
Change-Id: I03e8a40bf021966c32f0926972cc2a483458ce5b
We would like to assert that only PackageManager can make
modifications to /data/app. However, I first need to remove
some existing permissions that seem like they are no longer
used (as per jtinker@). Add audit statements to confirm.
Test: build
Change-Id: Ie5ec5199f7e2f862c4d16d8c86b9b0db6fbe481c
via opening/closing a PF_KEY socket (this mirrors netd's privs)
Bug: 173167302
Test: m
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ia2c2cb52c4ec9149db29dc86a7927e3432bd2b9b
debugfs_tracing can only be accessed by tracing tools provided by the
platform.
Bug: 172028429
Test: boot with no relevant log showing up
Change-Id: I412dd51a1b268061c5a972488b8bc4a0ee456601
The updatable and non-updatable permission manager cannot share one
AIDL, so we need to create a new system service for the non-updatable
legacy one, and add the SELinux policy for it.
Bug: 158736025
Test: presubmit
Change-Id: Ief8da6335e5bfb17d915d707cf48f4a43332f6ae
Bug: 169279846
Test: atest bpf-time-in-state-tests
Test: verified that the time-in-state BPF prog still loads into
the kernel with no errors and gets attached without errors
Change-Id: If74632ae6f72e0371fea844d4ba7bef9260d1bdb
Using the installed locations for the sepolicy contexts tests
causes checkbuilds to incorrectly install the files, and races
with the packaging rules to cause them to be non-deterministically
included in the final NOTICE files or images. Use the intermediates
location instead.
Fixes: 174692639
Test: mmma system/sepolicy
Change-Id: Iea6869583b634f6018915934a1576fc283c106b2
Add additional sepolicy so linkerconfig in Runtime APEX can be executed
from init.
Bug: 165769179
Test: Cuttlefish boot succeeded
Change-Id: Ic08157ce4c6a084db29f427cf9f5ad2cb12e50dd
To prevent the attribute from being optimized away.
Test: m selinux_policy
Test: investigate sys/fs/selinux/policy
Change-Id: I5340425f491afdf863d9b670492c0dcb24835932
18ccf9725e
Revert submission 1498525-revert-1499099-revert-1450615-mac-address-restrictions-MNRMVNXRJM-OSETMCLBXY
Reason for revert: b/173384499#comment21
Reverted Changes:
I320d3bcf8:Revert^2 "Enforce RTM_GETLINK restrictions on all ...
I51c83733c:Revert^2 "Return anonymized MAC for apps targeting...
I0e8280c74:Revert "Revert "Updates tests for untrusted app MA...
Ia9f61819f:Revert^2 "Soft-enables new MAC address restriction...
Change-Id: I35a00e187f1b39f6aaa777709fb948f840565a82
Pass pctx and ctx to NewRuleBuilder instead of RuleBuilder.Build,
and don't pass ctx to RuleBuilderCommand.BuiltTool. Follows the
changes in I63e6597e19167393876dc2259d6f521363b7dabc.
Test: m checkbuild
Change-Id: I372e8ecc3c4ea7ca8f66a8e1054eddd1a9af9dbd
the cgroups v2 uid/gid hierarchy will replace cgroup for all sepolicy
rules. For this reason, old rules have to be duplicated to cgroup_v2,
plus some rules must be added to allow the ownership change for cgroup
files created by init and zygote.
Test: booted device, verified correct access from init, system_server
and zygote to the uid/pid cgroup files
Change-Id: I80c2a069b0fb409b442e1160148ddc48e31d6809
tests/sepolicy_tests.py has been checking whether the property owner
attributes are mutually exclusive. This is because current policy
language can't express the following snippet:
neverallow domain {
system_property_type && vendor_property_type
}:file no_rw_file_perms;
neverallow domain {
system_property_type && vendor_property_type
}:property_service set;
This uses technical_debt.cil to workaround this.
Bug: 171437654
Test: Try to compile a type having both system_property_type and
vendor_property_type
Change-Id: Ic65f2d00aa0f2fb7f5d78331b0a26e733fcd128e
set_prop(hal_wifi, wifi_hal_prop) violates a neverallow rule
on PRODUCT_SHIPPING_API_LEVEL=28 b/173611344#comment20
Bug: 173611344
Test: m
Change-Id: I56ff953e196777ffdc7a8ca92bcf788e3431aaac
Define access rights to new per-API level task profiles and cgroup
description files under /etc/task_profiles/.
Bug: 172066799
Test: boot with per-API task profiles
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I04c9929fdffe33a9fc82d431a53f47630f9dcfc3
One day we won't need this mechanism any more & can remove all traces
of it.
Bug: 141677108
Test: builds
Change-Id: I95525a163ab4f19d8ca411c02a3c06498c6777ef
