Treehugger Robot
9bb8a3a971
Merge "Compatibility for vendor_hidraw_device" into main am: 1327971c7c
am: a4ffe3b38d
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3116384
Change-Id: I1e09ffd0459dc0bf97276b25370320c7760d8ce8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-11 10:50:31 +00:00
Treehugger Robot
a4ffe3b38d
Merge "Compatibility for vendor_hidraw_device" into main am: 1327971c7c
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3116384
Change-Id: I34fb224ac84cf888527ad166b9ebd6cf13b6c1dc
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-11 10:34:00 +00:00
Treehugger Robot
1327971c7c
Merge "Compatibility for vendor_hidraw_device" into main
2024-06-11 10:12:02 +00:00
Karuna Wadhera
69ca37c200
Merge "Untrack keystore SELinux denial on AVF RKP Hal" into main am: e357df7504
am: c91f365902
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3122031
Change-Id: Ie185c21765ed4a8086a33fd0775d7c2bbf0a8aa2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-10 19:46:49 +00:00
Karuna Wadhera
c91f365902
Merge "Untrack keystore SELinux denial on AVF RKP Hal" into main am: e357df7504
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3122031
Change-Id: Ic45ddce19ccc5d3ba42c7c7c4e40e3c883d81351
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-10 19:31:14 +00:00
Karuna Wadhera
e357df7504
Merge "Untrack keystore SELinux denial on AVF RKP Hal" into main
2024-06-10 19:06:35 +00:00
Zi Wang
d82f51dc1d
Merge changes Ib9972bcd,I87d18451 into main am: f5f05c1f9f
am: 2baa88a1b4
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3118318
Change-Id: I3cac14a251f6e62e61d88fc739fb02515098fa5d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-10 17:33:39 +00:00
Zi Wang
2baa88a1b4
Merge changes Ib9972bcd,I87d18451 into main am: f5f05c1f9f
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3118318
Change-Id: I39d4edc62894f10149fcc382058934d5d26f0681
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-10 16:53:54 +00:00
Zi Wang
f5f05c1f9f
Merge changes Ib9972bcd,I87d18451 into main
...
* changes:
Use OutputFilesProvider on certain module types
Use OutputFilesProvider on certain module types
2024-06-10 16:33:43 +00:00
Karuna Wadhera
fb728ac3af
Untrack keystore SELinux denial on AVF RKP Hal
...
With the dontaudit line in keystore.te commented out on an otherwise clean build, I was unable to see the SELinux denial on boot. So, it seems like this denial may not be occurring anymore and it’s safe to remove the dontaudit line.
Bug: 312427637
Test: manual
Change-Id: Ib8887f0593ea984e3c011b76a81b7bf99cff2a44
2024-06-10 14:32:19 +00:00
Alan Stokes
8a6bb3ef84
Compatibility for vendor_hidraw_device
...
Older vendor policy may apply the label vendor_hidraw_device to the
HID device.
From 202404 we use the new label hidraw_device for this.
Fix the compatibility rules to allow new system policy to work with
older vendor policy by adding specific compat logic.
Note that the original 34.0 system policy didn't mention hidraw_device
at all, so the more normal compatibility mechanisms don't really work.
Bug: 340923653
Test: Builds, boots, no new denials
Change-Id: I358118b217c82b5f8111f3e05d35aa16c464b941
2024-06-10 14:59:04 +01:00
Alice Wang
d1ea1ff475
Merge "Add system property to disable avf remote attestation" into main am: 97091293b7
am: 94148a33fe
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3117519
Change-Id: I5029668ac2293d8a270a2b5bed869836cc837cb8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-10 12:23:25 +00:00
Alice Wang
94148a33fe
Merge "Add system property to disable avf remote attestation" into main am: 97091293b7
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3117519
Change-Id: Ia99358fe9e6c4dcacc2814c96268ec47f9884db9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-10 12:09:00 +00:00
Alice Wang
97091293b7
Merge "Add system property to disable avf remote attestation" into main
2024-06-10 11:31:52 +00:00
Alice Wang
3d9ce1a965
Add system property to disable avf remote attestation
...
Introduce a new system property
avf.remote_attestation.enabled to allow vendors
to disable the feature in vendor init.
Bug: 341598459
Test: enable/disable the feature and check VmAttestationTestApp
Change-Id: I809e4c62a8590822eef70093e33854ab79757835
2024-06-10 09:16:24 +00:00
Treehugger Robot
29adc9967c
Merge "system_app.te: fix misleading comment" into main am: 104099ef21
am: e6618432f9
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3120251
Change-Id: Iea1ca65f32ea08665dd9c6d991601c69cd5373b5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-10 09:03:15 +00:00
Treehugger Robot
e6618432f9
Merge "system_app.te: fix misleading comment" into main am: 104099ef21
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3120251
Change-Id: Ia49f4b47e4d08da7195812dd01b7df456c7e9025
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-10 08:24:21 +00:00
Treehugger Robot
104099ef21
Merge "system_app.te: fix misleading comment" into main
2024-06-10 08:03:10 +00:00
Nick Kralevich
c8ac77735e
system_app.te: fix misleading comment
...
A comment within system_app.te implies that system_apps can read/write
the /data/data directory (and all subdirectories). The comment is
misleading. Fix the comment.
Test: comment only change. No test needed
Change-Id: I51b95f8b55ac89730a866d2a829326b276b11824
2024-06-07 10:20:18 -07:00
Ellen Arteca
90474bb471
Merge "Modify permissions to move encryption policy assignment to vold_prepare_subdirs" into main am: c628579730
am: 949db99e7c
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3095418
Change-Id: I2c856547883f86a7833d36b8e1deaf7e92ed175b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-06 23:51:14 +00:00
Ellen Arteca
949db99e7c
Merge "Modify permissions to move encryption policy assignment to vold_prepare_subdirs" into main am: c628579730
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3095418
Change-Id: I0a019e1b6054825929fadd320036991e3979778c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-06 23:36:22 +00:00
Ellen Arteca
c628579730
Merge "Modify permissions to move encryption policy assignment to vold_prepare_subdirs" into main
2024-06-06 23:16:13 +00:00
mrziwang
dc268a72fb
Use OutputFilesProvider on certain module types
...
se_build_files, se_cil_compat_map and sepolicy_vers will be using
OutputFilesProvider for output files inter-module-communication.
Test: CI
Bug: 339477385
Change-Id: Ib9972bcdea4850508cb9070903af53973bff9f66
2024-06-06 14:42:10 -07:00
Steven Moreland
5db4cf2605
more vm socket isolation am: 378ed74529
am: 57061954d2
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3114226
Change-Id: If484cab984486b6c884d0ce53a8b460cdcd009e1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-06 19:06:28 +00:00
Steven Moreland
57061954d2
more vm socket isolation am: 378ed74529
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3114226
Change-Id: Ib8605365b1823611b41183bdfc548c6abc913ec8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-06 18:47:07 +00:00
mrziwang
cb3f550b59
Use OutputFilesProvider on certain module types
...
The module types below no longer implement OutputFileProducer, but
use OutputFilesProvider for output files inter-module-communication.
se_policy_conf
se_policy_cil
se_policy_binary
se_compat_cil
se_versioned_policy
Test: CI
Bug: 339477385
Change-Id: I87d1845162f91065acd7d2f6c27fd7583cc8b5e0
2024-06-06 10:49:47 -07:00
Ellen Arteca
aa898dc541
Modify permissions to move encryption policy assignment to vold_prepare_subdirs
...
We have moved the encryption policy assignment from vold to
vold_prepare_subdirs. This CL removes some permissions from vold
over storage areas that are no longer needed due to this change,
and adds some permissions to vold_prepare_subdirs.
Bug: 325129836
Test: atest StorageAreaTest
Change-Id: Ief2a8021ed3524018d001e20eae60f712f485d81
2024-06-06 17:48:43 +00:00
Steven Moreland
378ed74529
more vm socket isolation
...
Bugs: me
Test: build
Change-Id: Ie34ac041f1234891043098a4decf05ec7a9e6761
2024-06-05 23:45:44 +00:00
Dennis Shen
01574fa210
Merge "selinux: allow everybody to read flags from RO flag storage file" into main am: 0467d14618
am: 1f2eea0c7a
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3112421
Change-Id: Ifd062c82caa79b9a71268bfffbf33d99b9d6b915
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-04 17:37:11 +00:00
Dennis Shen
1f2eea0c7a
Merge "selinux: allow everybody to read flags from RO flag storage file" into main am: 0467d14618
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3112421
Change-Id: I948458b771e030fb4b7ef31f5a5c38a854f7db2f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-04 17:22:58 +00:00
Dennis Shen
0467d14618
Merge "selinux: allow everybody to read flags from RO flag storage file" into main
2024-06-04 17:11:18 +00:00
Dennis Shen
33bc92dab5
selinux: allow everybody to read flags from RO flag storage file
...
Bug: b/312459182
Test: m and avd
Change-Id: Ie5ce92b299ce2434256c9f963865b9d626b400fa
2024-06-04 15:02:56 +00:00
Treehugger Robot
91154f4719
Merge "Allow dexopt_chroot_setup to mount/unmount debugfs." into main am: c6a554f200
am: 23ce6a536b
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3111559
Change-Id: I8634bc117809192e33ca9f69db66b171c7dc5183
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-04 14:35:26 +00:00
Treehugger Robot
23ce6a536b
Merge "Allow dexopt_chroot_setup to mount/unmount debugfs." into main am: c6a554f200
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3111559
Change-Id: I130c9ac4848eda54b134faef7f49676017dd9b47
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-04 14:20:41 +00:00
Treehugger Robot
c6a554f200
Merge "Allow dexopt_chroot_setup to mount/unmount debugfs." into main
2024-06-04 13:54:51 +00:00
Treehugger Robot
c91caadd2c
Merge "Allow dexopt_chroot_setup to bind-mount dirs for incremental apps." into main am: 8d9a89ed9e
am: e0a8a9fa19
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3111602
Change-Id: I6affce30b2b5e137d121e1c2c5a8a4305494bdaf
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-04 13:20:20 +00:00
Treehugger Robot
e0a8a9fa19
Merge "Allow dexopt_chroot_setup to bind-mount dirs for incremental apps." into main am: 8d9a89ed9e
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3111602
Change-Id: I7be81be6650996bf85b9c6bc77368f0b7521353e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-04 13:05:30 +00:00
Jiakai Zhang
413f44d5c4
Allow dexopt_chroot_setup to mount/unmount debugfs.
...
Some old devices use debugfs for /sys/kernel/debug.
Bug: 311377497
Change-Id: Ib9958b5cfdd85c37acd27ff6e637efdbd2a068e3
Test: adb shell pm art pr-dexopt-job --test
2024-06-04 12:54:25 +00:00
Treehugger Robot
8d9a89ed9e
Merge "Allow dexopt_chroot_setup to bind-mount dirs for incremental apps." into main
2024-06-04 12:48:49 +00:00
Treehugger Robot
80d78ae979
Merge "testNoBugreportDenials fix on user" into main am: 8ebc2aa055
am: 28b66e2893
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3111766
Change-Id: I3e29af5398bff8c12422bbe8b289b127b5d034c5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-04 01:32:46 +00:00
Treehugger Robot
28b66e2893
Merge "testNoBugreportDenials fix on user" into main am: 8ebc2aa055
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3111766
Change-Id: Iaf7772fc912f0a247ac835e32d6eb76deae7a3f5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-04 01:24:39 +00:00
Jooyung Han
b103d9dfe0
Merge "installd renames dirs in /data/app-staging" into main am: 672143fa6a
am: 9a441ba91c
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3111259
Change-Id: Ied1053d8182aecfc4562ea917294437ca3d46fc2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-04 01:24:04 +00:00
Treehugger Robot
8ebc2aa055
Merge "testNoBugreportDenials fix on user" into main
2024-06-04 01:20:02 +00:00
Jooyung Han
9a441ba91c
Merge "installd renames dirs in /data/app-staging" into main am: 672143fa6a
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3111259
Change-Id: I8ec24a3754acfac90b6a417ca6c768c0f8678f18
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-04 01:15:59 +00:00
Jooyung Han
672143fa6a
Merge "installd renames dirs in /data/app-staging" into main
2024-06-04 01:12:49 +00:00
Jiakai Zhang
0a49ac3dbd
Allow dexopt_chroot_setup to bind-mount dirs for incremental apps.
...
Bug: 311377497
Test: adb shell pm art pr-dexopt-job --test
Change-Id: I8da90876191eadfea77d34c7441d0e4bdb377d31
2024-06-03 20:43:25 +01:00
Daniel Zheng
037108359f
Merge "add sepolicy for low mem device configurations" into main am: 2f4324ac5d
am: 41c63c394f
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3096261
Change-Id: I254d7217ee0aa6c3780d639296872b462590841f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-03 19:33:32 +00:00
Steven Moreland
496f08d378
testNoBugreportDenials fix on user
...
Bug: 343635916
Test: N/A
Change-Id: I2f73cc8429f87e9b7ada8e7c9a3fabcc9eb3d7ee
2024-06-03 19:30:04 +00:00
Daniel Zheng
41c63c394f
Merge "add sepolicy for low mem device configurations" into main am: 2f4324ac5d
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3096261
Change-Id: Ie2500bdc8247253f539df4e1a312bb0842af3d0a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-03 19:26:53 +00:00
Daniel Zheng
2f4324ac5d
Merge "add sepolicy for low mem device configurations" into main
2024-06-03 19:17:52 +00:00