tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
26955 commits 1 branch 0 tags 50 MiB
Commit graph

26955 commits

This branch
This branch
All branches
Author SHA1 Message Date
Treehugger Robot
9640e3c44d Merge "Android.mk: Support SYSTEM_EXT* sepolicy" am: 5b238f9799 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1277793

Change-Id: I245db072c495f1b6a10ee7522836549fc912eb1b
 2020-10-12 04:20:32 +00:00
Treehugger Robot
08dea35ec5 Merge "build: Rename Plat->SystemExt*SepolicyDirs" am: 9a0cff4756 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1274773

Change-Id: I9dc23057e1c512f0604bccc0ef6b1b98a8b51ff0
 2020-10-12 04:20:10 +00:00
Treehugger Robot
5b238f9799 Merge "Android.mk: Support SYSTEM_EXT* sepolicy" 2020-10-12 03:49:24 +00:00
Treehugger Robot
9a0cff4756 Merge "build: Rename Plat->SystemExt*SepolicyDirs" 2020-10-12 03:49:24 +00:00
Xin Li
6355987626 Skip ab/6749736 in stage. 
Merged-In: Ie19dbe9d24525ea2612b7c7616efb852613b8ff3
Change-Id: If40e43eea59eb97e0b294d38d730d206955b7bee
 2020-10-08 17:24:04 -07:00
Yifan Hong
fab3665eac Merge "Revert "Add /boot files as ramdisk_boot_file."" am: 271ba1c3ff 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1454917

Change-Id: I2f63826ee6da31b8925f9df72cabcd61c3cc5126
 2020-10-08 22:36:33 +00:00
Yifan Hong
271ba1c3ff Merge "Revert "Add /boot files as ramdisk_boot_file."" 2020-10-08 22:28:43 +00:00
Yifan Hong
f5f4c1207a Revert "Add /boot files as ramdisk_boot_file." 
This reverts commit 2576a2fc30.

Reason for revert: conflict with device-specific sepolicy

Bug: 170411692
Change-Id: Ie5fde9dd91b603f155cee7a9d7ef432a05dc6827
Test: pass
 2020-10-08 22:13:44 +00:00
Steven Moreland
96bfdd55c7 Merge changes from topic "b163478173-I" am: eacff783ee 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1454056

Change-Id: Ic084c4bca152d9334fe3ccb180116b0304d8f7b0
 2020-10-08 22:10:45 +00:00
linpeter
dfe96e800d sepolicy: remove hal_light_severice exception am: d62ddfef9c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1454055

Change-Id: I6d9692fde0cb3df98bab89275ee1dba37843c55e
 2020-10-08 22:10:24 +00:00
Steven Moreland
eacff783ee Merge changes from topic "b163478173-I" 
* changes:
  Rem /vendor app neverallow to get vendor services
  sepolicy: remove hal_light_severice exception
 2020-10-08 21:52:21 +00:00
Treehugger Robot
fbe4b3458c Merge "Add F2FS_IOC_SEC_TRIM_FILE ioctl code" am: b4a08cb2cc 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1452355

Change-Id: I188f6dfa9a01f6d0de6a1b125b8a6d13b012d855
 2020-10-08 19:01:46 +00:00
Treehugger Robot
b4a08cb2cc Merge "Add F2FS_IOC_SEC_TRIM_FILE ioctl code" 2020-10-08 18:09:29 +00:00
Yifan Hong
9e5e5af767 Merge "Add /boot files as ramdisk_boot_file." am: 02b3681931 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1454915

Change-Id: I35ed71ba12c0d5586684476154520c111cfa27cf
 2020-10-08 16:56:03 +00:00
Yifan Hong
02b3681931 Merge "Add /boot files as ramdisk_boot_file." 2020-10-08 16:30:28 +00:00
Marin Shalamanov
651b41749a Add sysprop for updating device product info am: 01dbd09c8c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1454016

Change-Id: If180fe8b83d5358b137e10d253c88c277ff094b8
 2020-10-08 16:02:31 +00:00
Yifan Hong
2576a2fc30 Add /boot files as ramdisk_boot_file. 
/boot/etc/build.prop is a file available at first_stage_init to
be moved into /second_stage_resources.

The file is only read by first_stage_init before SELinux is
initialized. No other domains are allowed to read it.

Test: build aosp_hawk
Test: boot and getprop
Bug: 170364317
Change-Id: I0f8e3acc3cbe6d0bae639d2372e1423acfc683c7
 2020-10-08 07:55:12 -07:00
Marin Shalamanov
01dbd09c8c Add sysprop for updating device product info 
Test: read the prop from SurfaceFlinger; test on device
Change-Id: I4cde2244a9991e7051b3a3d52882ed4430ed046f
 2020-10-08 15:49:50 +02:00
Florian Mayer
752e48d4c2 Allow heapprofd to read shell_data_file. 
This allows to profile binaries pushed by the user.

Test: run profile of out of tree perfetto on flame userdebug.
Bug: 170208766
Change-Id: I152d6d244cc5065ee2de24f839e4ad467bc22cdc
 2020-10-08 12:49:06 +00:00
Adam Shih
2ee80e720b Merge "Suppress errors that are not needed" am: b5f770a8b8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1450517

Change-Id: Ie6f174cc7f9f235d12084420a5bc54a9720b7607
 2020-10-08 02:18:24 +00:00
Adam Shih
b5f770a8b8 Merge "Suppress errors that are not needed" 2020-10-08 01:53:52 +00:00
Treehugger Robot
5c9d1b7d4d Merge "Create selinux_policy_* for /product and /system_ext" am: fb4d45a762 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1450518

Change-Id: Ief1b983b4467685b3256878c9f47bed2464f5a7e
 2020-10-08 00:59:57 +00:00
Treehugger Robot
fb4d45a762 Merge "Create selinux_policy_* for /product and /system_ext" 2020-10-08 00:49:44 +00:00
Benjamin Schwartz
034a9c4e34 Rename PowerStats HAL service am: 92bb74c851 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1449837

Change-Id: I926dacec3f6cc4f44e0a76db29b6c69b8dde4105
 2020-10-08 00:04:41 +00:00
Steven Moreland
52b0886903 Rem /vendor app neverallow to get vendor services 
This CL changes a neverallow for /vendor apps accessing vendor_service.
Originally, /vendor apps ({appdomain -coredomain}) were disallowed from
accessing all AIDL services since they are platform implementation
details that may change over time, and these apps run in a system
context. However, now, vendor services can be stable. So, in order to
give the flexibility needed for vendor framework components installed to
the /vendor partition to access AIDL HALs, opening this up.

Bug: 163478173
Test: build (validates neverallows)
Change-Id: Ic2280021e875671ad99e3f1ba820c6e4408fd645
 2020-10-07 22:38:46 +00:00
linpeter
d62ddfef9c sepolicy: remove hal_light_severice exception 
Bug: 148154485
test: build pass, HBM switch
Change-Id: I775ee6015b03817ed1394f3b6c306f4b5153190e
Merged-In: I775ee6015b03817ed1394f3b6c306f4b5153190e
(cherry picked from commit 0c09c42f23)
 2020-10-07 22:34:35 +00:00
Benjamin Schwartz
92bb74c851 Rename PowerStats HAL service 
Bug: 169864180
Test: m
Merged-In: I79ddf26acf398e80c6ff4a96c26b04aef73feac3
Change-Id: Ic458514285f819f44e50e2bee26a08fc6cf54261
 2020-10-07 21:56:53 +00:00
Yifan Hong
73f9b6cc84 Add /second_stage_resources tmpfs. 
At build time, the directory is created as an empty directory. At
runtime, init mounts tmpfs at this path to preserve files from first
stage init to second stage init.

Right now, first stage init copies the following file to this tmpfs
before switching root:
- /boot/etc/build.prop -> /second_stage_resources/boot/etc/build.prop

After init property service finishes loading all properties, this tmpfs
is umounted, and this directory is left empty.

Bug: 169169031
Test: run and init loads props properly.
Change-Id: Ic6e62b10d8aec446b51c6bc67fdc2dbc943096ba
 2020-10-07 11:55:20 -07:00
Yifan Hong
6bb5a76d29 Add ro.bootimage.* property contexts 
In addition, allow shell to read this property.

Test: getprop -Z
Test: cts-tradefed run cts -m CtsGestureTestCases
      and check /sdcard/device-info-files/PropertyDeviceInfo.deviceinfo.json

Bug: 169169031
Change-Id: Ib71b01bac326354696e159129f9dea4c2e918c51
 2020-10-07 11:55:20 -07:00
Yo Chiang
e939cbdd37 Add F2FS_IOC_SEC_TRIM_FILE ioctl code 
`secdiscard` calls ioctl(F2FS_IOC_SEC_TRIM_FILE). Add the ioctl
definition and allow rule.

Bug: 170275781
Bug: 140759142
Bug: 168571434
Test: Build pass
Change-Id: I967e0a3c1216f36174f08d5ace2f7a6bcd4103b6
 2020-10-07 17:39:46 +00:00
Lais Andrade
b75a857210 Add sepolicy for vibrator manager am: ac2da76606 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1426692

Change-Id: Ie83856bbd279a3f99321216c155ebfe1134f062c
 2020-10-07 15:07:36 +00:00
Lais Andrade
ac2da76606 Add sepolicy for vibrator manager 
This will allow SystemServer to add the new vibrator manager service.

Bug: 166586119
Test: manually build and install on test device
Change-Id: I496f46e2f5482aaa7bfba31d6c6b2967486941cc
 2020-10-07 13:17:58 +00:00
Justin Yun
0f722695e0 Create selinux_policy_* for /product and /system_ext 
Separate selinux_policy_system_ext and selinux_policy_product from
the selinux_policy_nonsystem module. With this CL,
selinux_policy_nonsystem will include the files for /vendor and /odm
partitions only. It will still include selinux_policy_system_ext and
selinux_policy_product as required modules.

Bug: 170282998
Test: build and check boot
Change-Id: Ie2f646a217ec86ede95caec101622bc530d12cfc
 2020-10-07 18:28:47 +09:00
Adam Shih
e712c3db12 Suppress errors that are not needed 
The purpose of misc_writer is to write misc partition. However,
when it includes libfstab, it will probe files like kernal command
line (proc/cmdline) and metadata, which are permissions it does not
need.

Bug: 170189742
Test: Boot under permissive mode and find the errors gone.
Change-Id: Icda3200660a3bee5cadb6f5e0026fa71941ae5dc
 2020-10-07 08:52:51 +00:00
Treehugger Robot
6525b0e885 Merge "Allow media.transcoding to access package manager native" am: cee3b93a91 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1449300

Change-Id: I140ac54baa976d58c300acbd217a7e343f873577
 2020-10-06 21:53:44 +00:00
Treehugger Robot
cee3b93a91 Merge "Allow media.transcoding to access package manager native" 2020-10-06 21:28:24 +00:00
Nikita Ioffe
d6bba5a014 Merge "Allow apexd to read ro.cold_boot_done prop" am: a45bb1a6f6 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1447015

Change-Id: I7772133e1e70bc6d80e9ca259cd2f58a36a5313f
 2020-10-06 15:26:24 +00:00
Nikita Ioffe
a45bb1a6f6 Merge "Allow apexd to read ro.cold_boot_done prop" 2020-10-06 14:52:20 +00:00
Jooyung Han
1fd5bead9c Merge "Use file_contexts files for flattened APEXes" am: 9cd0f8e73d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1435471

Change-Id: I63bf8f6d17e56c9ad103115237f49b22921be35e
 2020-10-06 03:43:54 +00:00
Jooyung Han
9cd0f8e73d Merge "Use file_contexts files for flattened APEXes" 2020-10-06 03:26:14 +00:00
Marco Ballesio
8dd1201f0c sepolicy: allow tracing access to irq/ipi am: 550f926a03 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1449302

Change-Id: I93c30418b3b5c6b0ffc6196bcc3ded285cd2851e
 2020-10-05 23:32:06 +00:00
Marco Ballesio
550f926a03 sepolicy: allow tracing access to irq/ipi 
irq and ipi tracepoint are required for Traceur's irq category.

Bug: 153486528
Test: manually captured a Traceur trace on user builds, verified that the
tracepoints were present.

Change-Id: I2f42fc293e87e2a3567ab55f7533fe6a5d7852bf
 2020-10-05 14:08:28 -07:00
Chong Zhang
ce3c1f3ba1 Allow media.transcoding to access package manager native 
This is needed to retrieve package names for dumpsys and metrics.

bug: 154733526
Change-Id: Ibe376a961d29e6ffd10326b625683fdc28a1924e
 2020-10-05 12:12:19 -07:00
Treehugger Robot
f898f27368 Merge "Rename service android.security.keystore2 to android.system.keystore2." am: 2c7b055751 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1448096

Change-Id: I0095654a52348a1c4cdd00a2a3e53f69af590d48
 2020-10-05 18:19:29 +00:00
Treehugger Robot
2c7b055751 Merge "Rename service android.security.keystore2 to android.system.keystore2." 2020-10-05 17:59:48 +00:00
Mohammad Islam
fb167d50ce Merge "Allow system_server to rename file from /data/app-staging folder" am: df63b17eec 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1435499

Change-Id: I8a66242d71fbfb676dd4c17f3f7e62b8348ce66d
 2020-10-05 17:36:38 +00:00
Mohammad Islam
df63b17eec Merge "Allow system_server to rename file from /data/app-staging folder" 2020-10-05 16:01:59 +00:00
Janis Danisevskis
381c8421ae Rename service android.security.keystore2 to android.system.keystore2. 
Keystore2 to is now a system/hardware/interfaces service.

Test: N/A
Change-Id: I97f356a94a9da710354c6c282a4f1dbf66b5a3b5
 2020-10-05 08:56:08 -07:00
Jakub Pawlowski
a627a3a642 Merge "Revert "Add vendor_property_type to vendor_default_prop"" am: 63ef2b68ae 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1448579

Change-Id: I969a21f8064b021b3b135fbc40f45116a479c0da
 2020-10-05 12:12:51 +00:00
Jakub Pawlowski
63ef2b68ae Merge "Revert "Add vendor_property_type to vendor_default_prop"" 2020-10-05 11:53:47 +00:00