tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
33699 commits 1 branch 0 tags 50 MiB
Commit graph

33699 commits

This branch
This branch
All branches
Author SHA1 Message Date
Huihong Luo
9b82051367 Merge "Migrate screenshot methods to AIDL" 2022-01-29 21:17:18 +00:00
Etienne Ruffieux
f3acf42a4c Merge "Bluetooth boot time start service" 2022-01-28 20:13:35 +00:00
Treehugger Robot
d3d214482f Merge "Move pf_key socket creation permission to system_server" 2022-01-28 19:01:36 +00:00
Robert Shih
d70f0af2bf Merge "Add sepolicy for DRM AIDL HAL" 2022-01-28 18:40:53 +00:00
Treehugger Robot
ae1acbe12d Merge "Touch up microdroid sepolicy after removing keystore" 2022-01-28 17:53:34 +00:00
Ken Chen
1aed006a77 Move pf_key socket creation permission to system_server 
Allow system_server to trigger the kernel synchronize rcu with open and
close pf_key socket. This action was previously done by netd but now
it need to be done by system_server instead because the handling code in
netd are moved to mainline module which will be loaded by system_server
in JNI mode.

Note: the permission will be removed from netd once all bpf interactions
have moved out of netd.

Bug: 202086915
Test: android.app.usage.cts.NetworkUsageStatsTest
      android.net.cts.TrafficStatsTest
Change-Id: I440e0c87193775115a9b9ffb19270c47b01b082e
 2022-01-28 17:12:51 +01:00
Etienne Ruffieux
cdd0c11743 Bluetooth boot time start service 
Added new sysprops to retrieve Bluetooth configs

Tag: #feature
Test: manual
Bug: 216497194
Change-Id: I94c771f87fdeb5497b81d2098193b4cd230654b6
 2022-01-28 14:44:15 +00:00
Treehugger Robot
d5bd56d11f Merge "Add Media metrics rule to API 32 prebuilts." 2022-01-28 13:39:54 +00:00
Andrew Scull
5abe95a6c4 Merge changes from topic "udroid-get-km-gone" 
* changes:
  Remove hwservicemanager from microdroid sepolicy
  Remove keymint from microdroid sepolicy
  Remove keystore from microdroid sepolicy
 2022-01-28 13:12:53 +00:00
Andrew Scull
6f2529c01b Touch up microdroid sepolicy after removing keystore 
Avoid divergence in the files that will eventually shared with the main
Android sepolicy and fix a style mistake.

Bug: 215747811
Test: atest MicrodroidTests
Change-Id: I40b0bebb432d73ab6ab847c117e72d8bc18fe873
 2022-01-28 13:07:16 +00:00
Lalit Maganti
34fb0d8933 Merge "sepolicy: add permissions for trace reporting" 2022-01-28 12:15:57 +00:00
Dario Freni
75bc16cba8 Add Media metrics rule to API 32 prebuilts. 
Bug: 190422448
Test: presubmit
Change-Id: I304278b9d15f89d0e04d5268af2ac82ac97acd84
 2022-01-28 11:47:17 +00:00
Treehugger Robot
e2f870f099 Merge "Allow zygote to setattr cgroup" 2022-01-28 10:33:32 +00:00
Treehugger Robot
27416257f3 Merge "Changes in SELinux Policy for cloudsearch API naming" 2022-01-28 01:45:02 +00:00
Andrew Scull
6c288a2676 Remove hwservicemanager from microdroid sepolicy 
With the keymint HAL removed from microdroid, there are no more legacy
HALs meaning no further need for hwservicemanager.

Bug: 215747811
Test: atest MicrodroidTests
Change-Id: I111f3456399ef91e51d1cfead67659601c23db9e
 2022-01-27 21:48:37 +00:00
Andrew Scull
af2c894f2c Remove keymint from microdroid sepolicy 
The keymint HAL has been removed from microdroid to remove the
corresponding sepolicy.

Bug: 215747811
Test: atest MicrodroidTests
Change-Id: I08aae50dd9a4575954db40ec974625e43bff2335
 2022-01-27 21:48:37 +00:00
Andrew Scull
f75d5cde48 Remove keystore from microdroid sepolicy 
The keystore service has been removed from microdroid to remove the
corresponding sepolicy.

Bug: 215747811
Test: atest MicrodroidTests
Change-Id: I6600b47f8b8c6bba05b1f59b4d87713283805817
 2022-01-27 21:48:37 +00:00
Hui Wu
42d24fd59d Changes in SELinux Policy for cloudsearch API naming 
Bug: 216507592
Test: Presubmit Tests
Change-Id: I5aa647d146cfea0b44efb4c247d9856e0666ea86
 2022-01-27 13:42:17 -08:00
Treehugger Robot
98a4bc34a7 Merge "Add sepolicy for new bluetooth device/profile sysprops" 2022-01-27 19:17:02 +00:00
Seth Moore
9e2ff8d975 Merge "Revert^2 "Allow default identity service to call keymint"" 2022-01-27 18:18:12 +00:00
Robert Shih
4968374205 Add sepolicy for DRM AIDL HAL 
Bug: 208486736
Test: atest VtsAidlHalDrmTargetTest
Change-Id: Ia2b1488a564d94384d183d30291fbf5a6d2df4ab
 2022-01-27 01:51:05 -08:00
Sal Savage
568662f953 Add sepolicy for new bluetooth device/profile sysprops 
Bug: 215225542
Test: make -j; atest BluetoothInstrumentationTests
Change-Id: Ia532eca413a778b46ea392586d7affc2fd43b90b
 2022-01-26 13:09:17 -08:00
Treehugger Robot
6003019fa8 Merge "Move mtectrl to private" 2022-01-26 09:30:59 +00:00
Inseob Kim
3bd63cc206 Move mtectrl to private 
Because mtectrl is a system internal domain, and we don't need to expose
the type to vendor.

Test: build and boot
Change-Id: Idb5c4a4c6f175e338722971944bf08ba99835476
 2022-01-26 08:59:55 +09:00
Florian Mayer
0f30f3d8ff Merge "[mte] add property to globally enable mte." 2022-01-25 23:59:01 +00:00
Seth Moore
ea3b7e8938 Revert^2 "Allow default identity service to call keymint" 
5a1e60c090

Change-Id: Ia04a96e6b5ce89b8ef5f34c33279e58c4de6430c
 2022-01-25 23:04:37 +00:00
Seth Moore
c725aaf974 Merge "Revert "Allow default identity service to call keymint"" 2022-01-25 23:03:24 +00:00
Seth Moore
5a1e60c090 Revert "Allow default identity service to call keymint" 
Revert submission 1956689-add rkp to identity-default

Reason for revert: Broke git-master. Will resubmit later.
Reverted Changes:
I96dcf3027:Add remote key provisioning to the IC HAL
Id686ac33a:Add dependency on keymint cpp lib
Ib368a2a00:Log to logd in the default identity service
I7d2906de0:Refactor IC support for RKP
Iae0f14f1c:Fix formatting of identity credential aidl
I01d086a4b:Allow default identity service to call keymint

Change-Id: I22a9e9bf8b7edc3d6b635b3e4a07a2efc4ff087a
 2022-01-25 22:44:24 +00:00
Treehugger Robot
fabaac131a Merge "Delete more unused policies by CompOS" 2022-01-25 20:54:41 +00:00
Treehugger Robot
c8ff1677ed Merge "Add context for ro.boot.microdroid.debuggable property" 2022-01-25 20:41:07 +00:00
Seth Moore
63fa21b46a Merge "Allow default identity service to call keymint" 2022-01-25 20:33:01 +00:00
Florian Mayer
be3197c996 [mte] add property to globally enable mte. 
Bug: 216305376

Change-Id: I25d0b3c9d0e7e6bba14eedf9b833c5e07786ec71
 2022-01-25 17:21:58 +00:00
Victor Hsieh
ea38d6925d Delete more unused policies by CompOS 
Bug: 205750213
Test: TH
Change-Id: Ie08465e8801a74d61f85715e85a856293c4232d5
 2022-01-25 08:40:46 -08:00
Andrew Scull
30373f3015 Add context for ro.boot.microdroid.debuggable property 
This property is read by microdroid_manager to check whether the VM is
in debug mode. Give it a context to satisfy the sepolicy.

Bug: 214231981
Test: atest MicrodroidTestApp
Change-Id: I9d4bda5e487324c95229c7978e8fe0a53fa9f616
 2022-01-25 16:07:21 +00:00
Andrew Scull
f451a1407f Give DICE HAL access to driver 
The driver facilitates the handover of values from the bootloader so
needs to be accessible by the HAL.

Bug: 214231981
Test: run microdroid with a "google,open-dice" DT node
Change-Id: Ib5317e6a42befe22d8f1dbefeb9803f5ec92b061
 2022-01-25 15:22:42 +00:00
Etienne Ruffieux
0a19dbdcd3 Merge "Added new context declaration for Bluetooth configs" 2022-01-25 14:00:08 +00:00
Seth Moore
883c50c443 Merge "Add keystore2 permission to get attestation keys" 2022-01-25 13:11:34 +00:00
Treehugger Robot
d9befdb685 Merge "Add use_bionic_libs macro" 2022-01-25 04:37:07 +00:00
Paul Hu
415a2f9b58 Merge "Add sepolicy for mdns service" 2022-01-25 02:35:42 +00:00
Maciej Żenczykowski
fa7683c9ad Merge "Allow bpfloader to execute btfloader" 2022-01-25 02:31:59 +00:00
Etienne Ruffieux
bde2fc6c48 Added new context declaration for Bluetooth configs 
As we need to create new sysprops for Bluetooth mainline
configs, we need to have a property context available to
vendors and be able to access configs from other packages.

Tag: #feature
Bug: 211570675
Test: Added overlays and logs
Change-Id: If9c61f251578b61c070619069519e0aa563a9573
 2022-01-25 01:18:05 +00:00
Hunsuk Choi
5c27113222 Merge "Combining hal_radio_*_service into hal_radio_service" 2022-01-25 00:49:58 +00:00
Jiyong Park
16c1ae3a3d Add use_bionic_libs macro 
... to dedupe rules for allowing access to bootstrap bionic libraries.

Bug: N/A
Test: m
Change-Id: I575487416a356c22f5f06f1713032f11d979d7d4
 2022-01-25 09:47:56 +09:00
Yabin Cui
40d41f7639 Merge "Add sepolicy for simpleperf_boot." 2022-01-25 00:29:09 +00:00
Treehugger Robot
9acd00484b Merge "Fix virtualizationservice denials" 2022-01-25 00:26:11 +00:00
Hunsuk Choi
7938201cbb Combining hal_radio_*_service into hal_radio_service 
Test: build and flash
Bug: 198331673
Change-Id: Id5d699ffc77f708e2144ffea6d2a6805822e7f50
 2022-01-24 19:42:42 +00:00
Treehugger Robot
db8d838e5a Merge "Update compos permissions" 2022-01-24 17:01:52 +00:00
paulhu
70b0a77ee0 Add sepolicy for mdns service 
mdns service is a subset of netd-provided services, so it gets
the same treatment as netd_service or dnsresolver_service

Bug: 209894875
Test: built, flashed, booted
Change-Id: I33de769c4fff41e816792a34015a70f89e4b8a8c
 2022-01-25 00:50:21 +08:00
Andrew Scull
9d34085078 Merge "Make the DICE HAL a bootstrap process" 2022-01-24 14:33:31 +00:00
Jiyong Park
0120813598 Merge changes from topic "diced" 
* changes:
  Allow microdroid_manager to talk to diced
  Make servicemanager and diced bootstrap processes
 2022-01-24 10:24:03 +00:00