tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
33758 commits 1 branch 0 tags 50 MiB
Commit graph

33758 commits

This branch
This branch
All branches
Author SHA1 Message Date
Seth Moore
9b47a0ab38 Merge "Add keystore2 permission to get attestation keys" am: 883c50c443 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1922579

Change-Id: I726ef9912127c1e83f1dfbb7b9f54316f42444c6
 2022-01-25 13:27:20 +00:00
Seth Moore
883c50c443 Merge "Add keystore2 permission to get attestation keys" 2022-01-25 13:11:34 +00:00
Treehugger Robot
138fc583dd Merge "Add use_bionic_libs macro" am: d9befdb685 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1956088

Change-Id: I99e9cf2aac70655d11ddb79d3be0f560038b3eca
 2022-01-25 04:51:41 +00:00
Treehugger Robot
d9befdb685 Merge "Add use_bionic_libs macro" 2022-01-25 04:37:07 +00:00
Paul Hu
1f935d64bf Merge "Add sepolicy for mdns service" am: 415a2f9b58 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1916037

Change-Id: Ic44c291a95dc2034fc82f47dbd30a097e59eac64
 2022-01-25 02:48:44 +00:00
Maciej Żenczykowski
554cbd7ddf Merge "Allow bpfloader to execute btfloader" am: fa7683c9ad 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1954078

Change-Id: I34aef36415d5b0f011e621cc6066053cef6ee456
 2022-01-25 02:48:27 +00:00
Paul Hu
415a2f9b58 Merge "Add sepolicy for mdns service" 2022-01-25 02:35:42 +00:00
Maciej Żenczykowski
fa7683c9ad Merge "Allow bpfloader to execute btfloader" 2022-01-25 02:31:59 +00:00
Hunsuk Choi
f3e65b463f Merge "Combining hal_radio_*_service into hal_radio_service" am: 5c27113222 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1958840

Change-Id: I72abe47fa8038f9606187a9d7f9814c9ca2d399e
 2022-01-25 01:07:46 +00:00
Hunsuk Choi
5c27113222 Merge "Combining hal_radio_*_service into hal_radio_service" 2022-01-25 00:49:58 +00:00
Jiyong Park
16c1ae3a3d Add use_bionic_libs macro 
... to dedupe rules for allowing access to bootstrap bionic libraries.

Bug: N/A
Test: m
Change-Id: I575487416a356c22f5f06f1713032f11d979d7d4
 2022-01-25 09:47:56 +09:00
Yabin Cui
c70015e106 Merge "Add sepolicy for simpleperf_boot." am: 40d41f7639 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1950977

Change-Id: I2026fb57ae608eea576e3fa24b9ca1f9b94df4df
 2022-01-25 00:41:21 +00:00
Treehugger Robot
9babb6e601 Merge "Fix virtualizationservice denials" am: 9acd00484b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1956099

Change-Id: I7082598df7ba8a8fad2f7dd70140edc5da2f6bec
 2022-01-25 00:40:51 +00:00
Yabin Cui
40d41f7639 Merge "Add sepolicy for simpleperf_boot." 2022-01-25 00:29:09 +00:00
Treehugger Robot
9acd00484b Merge "Fix virtualizationservice denials" 2022-01-25 00:26:11 +00:00
Hunsuk Choi
7938201cbb Combining hal_radio_*_service into hal_radio_service 
Test: build and flash
Bug: 198331673
Change-Id: Id5d699ffc77f708e2144ffea6d2a6805822e7f50
 2022-01-24 19:42:42 +00:00
Treehugger Robot
f9e54e2d91 Merge "Update compos permissions" am: db8d838e5a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1956100

Change-Id: I6b142e0d09663fa1fd6465a67f9a98ff4683fa8b
 2022-01-24 17:17:42 +00:00
Treehugger Robot
db8d838e5a Merge "Update compos permissions" 2022-01-24 17:01:52 +00:00
paulhu
70b0a77ee0 Add sepolicy for mdns service 
mdns service is a subset of netd-provided services, so it gets
the same treatment as netd_service or dnsresolver_service

Bug: 209894875
Test: built, flashed, booted
Change-Id: I33de769c4fff41e816792a34015a70f89e4b8a8c
 2022-01-25 00:50:21 +08:00
Andrew Scull
30d424db19 Merge "Make the DICE HAL a bootstrap process" am: 9d34085078 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1956104

Change-Id: I60ab5cb483233059b9378897c9bfd62cb56cbea5
 2022-01-24 14:47:32 +00:00
Andrew Scull
9d34085078 Merge "Make the DICE HAL a bootstrap process" 2022-01-24 14:33:31 +00:00
Jiyong Park
25f873c275 Merge changes from topic "diced" am: 0120813598 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1956080

Change-Id: Ie6b7edc9798fd81bb98f6073904acdf63da78480
 2022-01-24 10:38:03 +00:00
Jiyong Park
5190435bbc Make servicemanager and diced bootstrap processes am: 92382fe69f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1956079

Change-Id: I6ae7b1b3f5d84f524a326f884e474128ba0ed850
 2022-01-24 10:38:00 +00:00
Jiyong Park
0120813598 Merge changes from topic "diced" 
* changes:
  Allow microdroid_manager to talk to diced
  Make servicemanager and diced bootstrap processes
 2022-01-24 10:24:03 +00:00
Inseob Kim
44c7c3d94a compat_generator: find new types and removed types am: cbc95ea5e2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1956082

Change-Id: I62a3831a5b640c1afa60f72520dee1d740c033f6
 2022-01-24 04:06:25 +00:00
Inseob Kim
cbc95ea5e2 compat_generator: find new types and removed types 
To generate compat files, we need:

- base plat sepolicy
- old plat sepolicy
- base plat pub sepolicy
- mapping file from the device
- latest compat files

Generator now triggers the build system itself to get necessary base
files, and then uses the artifacts to extract new types and removed
types.

For the next step, the new/removed types will be mapped to old types,
based on the latest compat files.

Bug: 214336258
Test: sepolicy_generate_compat --branch sc-v2-dev --target-version \
    32.0 --latest-version 31.0 -vvvv --build latest
Change-Id: I1f228233c1e3638e78bc0630ae51e48667a12ef5
 2022-01-24 10:51:18 +09:00
Treehugger Robot
4876bd4468 Merge "Add new goal for compat file generator" am: 4ec796aa2f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1956081

Change-Id: Ibfeb5d87bee5bf7bdde3fcf586d7d16a5541d8e8
 2022-01-24 01:24:00 +00:00
Treehugger Robot
4ec796aa2f Merge "Add new goal for compat file generator" 2022-01-24 01:10:37 +00:00
Treehugger Robot
f727e72f09 Merge "Remove system/bin/clatd from clatd_exec" am: 7423beb1bd 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1952418

Change-Id: Ib30363fa8f7bfc07cd1f25f01bdc3ec0eabe55ec
 2022-01-23 13:35:56 +00:00
Treehugger Robot
7423beb1bd Merge "Remove system/bin/clatd from clatd_exec" 2022-01-23 13:25:16 +00:00
George Chang
c3c16ea2b2 Merge "Add hal_nfc_service" am: 95113bbbed 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1878147

Change-Id: Idf6dbefe4f675667df6eeae130149ff03f551cd3
 2022-01-22 01:59:51 +00:00
George Chang
95113bbbed Merge "Add hal_nfc_service" 2022-01-22 01:46:41 +00:00
Sharon Su
1da3471495 Merge "Change in SELinux Policy for wallpaper effects generation API. Test: presubmit tests" am: 0cd7ba7617 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1955283

Change-Id: Ib0ea671ee32a3df49109880214833f6d70b22eed
 2022-01-22 00:19:15 +00:00
Sharon Su
0cd7ba7617 Merge "Change in SELinux Policy for wallpaper effects generation API. Test: presubmit tests" 2022-01-22 00:06:00 +00:00
Treehugger Robot
e12bcb296e Merge "Add sepolicy for IInputProcessor HAL" am: c23930818d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1945423

Change-Id: I3440fed7b4ba7536e9c91a46dea6e5a5b74855a3
 2022-01-21 23:14:55 +00:00
Treehugger Robot
c23930818d Merge "Add sepolicy for IInputProcessor HAL" 2022-01-21 22:45:52 +00:00
Kathy Chen
49527e07b6 Merge "SELinux policy changes for AmbientContext system API." am: 7bb9120ba7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1920077

Change-Id: Ice3c1ccb7f8e8f0a00ccb748ca8a646d87e7cdbd
 2022-01-21 22:08:35 +00:00
Kathy Chen
7bb9120ba7 Merge "SELinux policy changes for AmbientContext system API." 2022-01-21 21:51:09 +00:00
Yu Shan
a38ab823e6 Merge "Allow AIDL VHAL service." am: dd50991924 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1955286

Change-Id: Id3870b5cf29512e75a93dc125222ab5aa067d144
 2022-01-21 20:34:40 +00:00
Yu Shan
dd50991924 Merge "Allow AIDL VHAL service." 2022-01-21 20:12:58 +00:00
Kathy Chen
082263f3bc SELinux policy changes for AmbientContext system API. 
Context about this is on ag/16302285

Test: Ensure no build failures, ensure no SecurityException on boot
Bug: 192476579
Change-Id: If5ba2fa41975acf91c0002a0f301da11eaebd6d2
 2022-01-21 20:12:54 +00:00
Treehugger Robot
c39826824d Merge "Add selinux policy for new BinaryTransparencyService" am: 158927ed5c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1954957

Change-Id: I694df26a5b4413bf9b512ad8353851f44037a83a
 2022-01-21 19:22:54 +00:00
Treehugger Robot
158927ed5c Merge "Add selinux policy for new BinaryTransparencyService" 2022-01-21 19:10:31 +00:00
Florian Mayer
7aaa59df0a Merge "Add policy for command line tool to control MTE boot state." am: 06337c4260 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1954938

Change-Id: I5d2d65b4c1628da2ad8a27c536bc0e772016b556
 2022-01-21 18:28:31 +00:00
Andrew Scull
f94a381585 Make the DICE HAL a bootstrap process 
This HAL starts before APEXs are activated so needs access to the
bootstrap bionic libraries.

Bug: 214231981
Test: run microdroid
Change-Id: If82729eb2eff812916f257d24ce206e371be0c56
 2022-01-21 18:19:21 +00:00
Hungming Chen
740b0669f0 Remove system/bin/clatd from clatd_exec 
Since clatd is shipped by mainline module, remove the following privs
/system/bin/clatd      u:object_r:clatd_exec:s0

Test: build
Change-Id: Id98470fc5e641acc7e5635af02a520d2ed531cd8
 2022-01-21 18:19:05 +00:00
Jiyong Park
f252d81ec9 Allow microdroid_manager to talk to diced 
microdroid_manager needs to give the measurements to diced and get
per-VM secret from it for encrypting/decrypting the instance disk.

Bug: 214231981
Test: run microdroid
Change-Id: Ia4cab3f40263619e554466433cbb065e70ae0f07
 2022-01-21 18:19:03 +00:00
Florian Mayer
06337c4260 Merge "Add policy for command line tool to control MTE boot state." 2022-01-21 18:11:00 +00:00
Alan Stokes
7409470917 Update compos permissions 
We no longer use keystore, nor do we run dex2oat directly.

But we do now use IDiceNode::derive() to get our CDI_seal for key
derivation.

Bug: 214233409
Bug: 210998077
Test: atest ComposKeyTestCase
Change-Id: Id8ba882e7c250ad0365a7f493801e02cb5a0b700
 2022-01-21 15:15:19 +00:00
Treehugger Robot
04bc754e10 Merge "Allow system_server read and open access to sys/class/net." am: 439f17558c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1941943

Change-Id: I91ed6e75e9c6141814798bf7fbdb4cc5d8bd4d87
 2022-01-21 14:59:17 +00:00