tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
41752 commits 1 branch 0 tags 50 MiB
Commit graph

41752 commits

This branch
This branch
All branches
Author SHA1 Message Date
Zhanglong Xia
a1c3cc2c1c Merge "Add sepolicy rules for Thread Network HAL" am: 87c6069fe1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2646219

Change-Id: Ia35dc04ba697bda1eaca54f2ad1a5459a66abe0c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-01 00:37:23 +00:00
Jiyong Park
1400794824 Allow microdroid_payload to read /dev/console am: bd1be6c554 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2640390

Change-Id: I48dd543efe276b043e36128be976297e66fb1464
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-01 00:34:16 +00:00
Zhanglong Xia
87c6069fe1 Merge "Add sepolicy rules for Thread Network HAL" 2023-07-01 00:12:41 +00:00
Zhanglong Xia
b2d1fbb7b2 Add sepolicy rules for Thread Network HAL 
Bug: b/283905423
Test: Build and run the Thread Network stack in Cuttlefish.
Change-Id: I783022c66b80274069f8f3c292d84918f41f8221
 2023-06-30 10:56:38 +08:00
Jiyong Park
bd1be6c554 Allow microdroid_payload to read /dev/console 
The first serial device of the VM can be made bi-directional. When it is
used as an output device, it's via /dev/kmsg. microdroid_payload already
has a write access to it. When it is used as an input device, it's via
/dev/console. Grant microdroid_payload read access to the device.

Bug: 263360203
Test: atest MicrodroidTestApp:com.android.microdroid.test.MicrodroidTests#testConsoleInputSupported
Change-Id: Ief039d06ffbddee1e254d662a6c1f321a607d5f5
 2023-06-29 19:03:34 +09:00
Max Bires
93bb9bfed6 Merge "Remove deprecated enable_rkpd property" am: bc792606dc 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2634094

Change-Id: I3062463c70e08c86cbbecb759576fa072fa23bf7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-27 00:21:17 +00:00
Max Bires
bc792606dc Merge "Remove deprecated enable_rkpd property" 2023-06-27 00:14:29 +00:00
Xin Li
6ae8c164ff [automerger skipped] Merge "Merge Android 13 QPR3" am: 372f5cd14e -s ours 
am skip reason: Merged-In I89a052032341990256d608d6708b6d1ac8aceda9 with SHA-1 d947550b6f is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2634999

Change-Id: I36c5b52ad74f0770d5accfaf903f8f3cc8442530
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-26 22:59:46 +00:00
Xin Li
b5699ce8e3 [automerger skipped] Merge Android 13 QPR3 am: 4f5ba7ca8d -s ours 
am skip reason: Merged-In I89a052032341990256d608d6708b6d1ac8aceda9 with SHA-1 d947550b6f is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2634999

Change-Id: I692ee95e1dfbcbee24487c91feed6a9cc927d15d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-26 22:57:51 +00:00
Xin Li
372f5cd14e Merge "Merge Android 13 QPR3" 2023-06-26 22:29:53 +00:00
Dave Mankoff
2793152d6f SE Linux perimissions for Feature Flags Service am: 665cad0d2c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2638309

Change-Id: Ib39b9721489dec0a32bd41fb2b5f04b44b8c349a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-26 19:35:21 +00:00
Dave Mankoff
665cad0d2c SE Linux perimissions for Feature Flags Service 
Bug: 279054964
Test: build && flash
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:a1f8ca3cd3c4861a06c5042148aab6623a563651)
Merged-In: I5fffaccba61e218496ac82ccf9ba308cf9892868
Change-Id: I5fffaccba61e218496ac82ccf9ba308cf9892868
 2023-06-26 13:42:45 +00:00
Treehugger Robot
473a600e28 Merge changes from topic "34.0_sepolicy_mapping" am: 35a6d49c02 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2636991

Change-Id: I5b6e36c095805560e313221b8d3e316af082b324
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-26 12:45:16 +00:00
Jay Civelli
0afd410d15 Add 2 new system properties for Quick Start am: a574060586 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2636990

Change-Id: Ib9fb707735f49c7ff8db5c329caf149063608d18
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-26 12:45:13 +00:00
Inseob Kim
9d1f5152c5 SEPolicy Prebuilts for 34.0 am: 34ad1d0bc1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2636989

Change-Id: I244401245e25e8948678ee6877f3b68636978044
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-26 12:45:10 +00:00
Treehugger Robot
35a6d49c02 Merge changes from topic "34.0_sepolicy_mapping" 
* changes:
  Add 34.0 mapping files
  Add 2 new system properties for Quick Start
  SEPolicy Prebuilts for 34.0
 2023-06-26 12:04:42 +00:00
Treehugger Robot
f0d5eb54ff Merge "Add MediaPlayerService fuzzer to bindings" am: 289fe96dc8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2631949

Change-Id: I497c74a770550262be863862700ffcebb6d8a7c7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-23 18:34:45 +00:00
Treehugger Robot
289fe96dc8 Merge "Add MediaPlayerService fuzzer to bindings" 2023-06-23 17:35:27 +00:00
Inseob Kim
78fd639cac Add 34.0 mapping files 
Bug: 288517951
Test: m treble_sepolicy_tests_34.0
Test: m 34.0_compat_test
Test: m selinux_policy
Change-Id: I5c20439dd2c7e5a8d739b8ea9a97e5060ce3cec4
 2023-06-23 10:43:17 +00:00
Jay Civelli
a574060586 Add 2 new system properties for Quick Start 
Test: Manually validated that GmsCore can access the properties, but not a test app.
Change-Id: I2fa520dc31b328738f9a5fd1bcfc6632b61ad912
Bug: 280330984
(cherry picked from commit c97b3a244f)
 2023-06-23 10:43:11 +00:00
Inseob Kim
34ad1d0bc1 SEPolicy Prebuilts for 34.0 
Bug: 288517951
Test: build
Change-Id: I682e553ec8090281ded447780be41a8ea222b084
Merged-In: I15bf3817a8a6867d52f7963a04a69e543a9801e9
 2023-06-23 10:23:59 +00:00
Max Bires
8a74ff2e2d Remove deprecated enable_rkpd property 
The enable_rkpd property is no longer needed. This change removes the
vestigial property.

Test: Successful build
Change-Id: I810d5a21cbe01b43a37244959e21febd0880be59
 2023-06-21 16:33:42 -07:00
Xin Li
4f5ba7ca8d Merge Android 13 QPR3 
Bug: 275386652
Merged-In: I89a052032341990256d608d6708b6d1ac8aceda9
Change-Id: Ifa06cf00a9afba89d0d31c865dc5fde9bf1c05e6
 2023-06-21 15:16:15 -07:00
Steven Moreland
659dd24ae5 Merge "Give serial number access to drm hal server not client" am: ca5f06cdb9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2616969

Change-Id: Id931b2d4509f207a8a20e3f789de2e3808ee430a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-21 22:03:53 +00:00
Steven Moreland
ca5f06cdb9 Merge "Give serial number access to drm hal server not client" 2023-06-21 21:27:09 +00:00
Treehugger Robot
d947550b6f Merge "Remove flatten_apex: property" am: 7f7e8d79a9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2628996

Change-Id: I89a052032341990256d608d6708b6d1ac8aceda9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-21 05:24:50 +00:00
Treehugger Robot
7f7e8d79a9 Merge "Remove flatten_apex: property" 2023-06-21 04:52:41 +00:00
Hongguang Chen
b34240136c Allow mediatuner to get tuner.server.enable am: 8dd58bffd9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2631349

Change-Id: I3549a333a811c73948e918c2c98946e66b48d834
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-21 01:19:15 +00:00
Pawan Wagh
9f118c8d62 Add MediaPlayerService fuzzer to bindings 
Test: m
Bug: 232439428
Change-Id: I669c427279ce43fa614c68a02a468c3e64002537
 2023-06-20 22:50:45 +00:00
Hongguang Chen
8dd58bffd9 Allow mediatuner to get tuner.server.enable 
Bug: 287520719
Test: start mediatuner
Change-Id: I582aac593e2419b6cae37522e6493744fe58240a
 2023-06-20 17:24:51 +00:00
Brian Lindahl
73c779e5fd Force HALs to explicitly enable legacy method for clearing buffer caches am: 612ab8588f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2627815

Change-Id: I05655dff7c72d64498eb9c34e026542967f1431d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-20 14:17:12 +00:00
Jooyung Han
804e234ced Remove flatten_apex: property 
We no longer have targets using flattened apexes. Flattened apexes will
be removed from the build system.

Bug: 278826656
Test: m
Change-Id: I657e01dbfd2525b07c29a234277062d5ac2fab9f
 2023-06-20 15:41:05 +09:00
Brian Lindahl
612ab8588f Force HALs to explicitly enable legacy method for clearing buffer caches 
Some HAL implementations can't support setLayerBuffer multiple times to
clear the per-layer buffer caches. Therefore, default this behavior to
disabled, and allow HALs to explcitily enable this behavior to obtain
the necessary memory savings.

Test: play videos with both true and false on both HIDL and AIDL
Bug: 285561686
Change-Id: I928cef25e35cfc5337db4ceb8581bf5926b4fbe3
 2023-06-15 14:30:07 -06:00
Nikita Ioffe
4eb36f4615 Merge "Reland "Change the stem name to microdroid_precompiled_s..."" am: d16d7d17e5 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2627369

Change-Id: I56600eae4e2ba33c56a5d4827db882388cdae97a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-15 11:45:31 +00:00
Nikita Ioffe
d16d7d17e5 Merge "Reland "Change the stem name to microdroid_precompiled_s..."" 2023-06-15 10:27:39 +00:00
Dimitry Ivanov
6c61a71e33 Merge "Allow app_zygote to map memfd backed memeory as PROT_EXEC" am: c01d3fb36c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2623093

Change-Id: I6e6457337d66ba4e7c5590799c565af05b99e363
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-15 09:51:00 +00:00
Dimitry Ivanov
c01d3fb36c Merge "Allow app_zygote to map memfd backed memeory as PROT_EXEC" 2023-06-15 08:44:16 +00:00
Nikita Ioffe
4e6839e677 Reland "Change the stem name to microdroid_precompiled_s..." 
Bug: 285855150
Test: presubmit
Change-Id: I3343b7cf22165541f880fd1c88b27b0204c94c4b
 2023-06-14 20:31:29 +00:00
Pawan Wagh
b23a691e10 Merge "Revert "Change the stem name to microdroid_precompiled_sepolicy"" am: 899f6c0537 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2626909

Change-Id: I69ec0b39693293176b40fb8f9702b8d001c013d7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-14 18:57:21 +00:00
Pawan Wagh
899f6c0537 Merge "Revert "Change the stem name to microdroid_precompiled_sepolicy"" 2023-06-14 18:40:59 +00:00
Pawan Wagh
8f2923421e Revert "Change the stem name to microdroid_precompiled_sepolicy" 
Revert submission 2625691

Reason for revert: b/287283650

Reverted changes: /q/submissionid:2625691

Change-Id: I775d07a388556796d25b4f5d99135d5878489ce8
 2023-06-14 18:28:17 +00:00
Pawan Wagh
02c84cec70 Merge "Add update service fuzzer to bindings" am: b4f463824c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2619905

Change-Id: I3221bc020b8400a6a1e9f0ccf556527e39e71146
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-14 18:10:07 +00:00
Pawan Wagh
b4f463824c Merge "Add update service fuzzer to bindings" 2023-06-14 17:33:23 +00:00
Nikita Ioffe
789c5a3430 Merge "Change the stem name to microdroid_precompiled_sepolicy" am: 437f31c328 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2617776

Change-Id: I323e7da1e2a963068e5efbb91fe4372925adaf0f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-14 15:30:48 +00:00
Nikita Ioffe
437f31c328 Merge "Change the stem name to microdroid_precompiled_sepolicy" 2023-06-14 15:20:18 +00:00
dimitry
97f7775743 Allow app_zygote to map memfd backed memeory as PROT_EXEC 
Binary translation maps these regions to install translated code,
see linked bug for more context.

Bug: http://b/189502716
Test: run cts -m CtsExternalServiceTestCases -t android.externalservice.cts.ExternalServiceTest#testBindExternalServiceWithZygote
      in binary translated enviroment.
Change-Id: I3bc978b9013e9fc5cf700d1efca769331ec395b0
 2023-06-14 12:24:12 +02:00
Eric Biggers
0038d8f822 Merge "Allow vold to rename system_data_file directories" am: 8b703551d8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2619901

Change-Id: I66f26b92e4b1aad9f086d19249f60aa1d596909b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-13 22:40:36 +00:00
Eric Biggers
8b703551d8 Merge "Allow vold to rename system_data_file directories" 2023-06-13 22:11:39 +00:00
Pawan Wagh
e0f268a982 Merge "Add credstore service fuzzer to bindings" am: 767dc6be06 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2619904

Change-Id: I80ca6ebfadea23dc48a9d018f1efe6adafef5e52
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-13 16:39:25 +00:00
Eric Biggers
95930cf6a7 Allow vold to rename system_data_file directories 
To fully close a race condition where processes can access per-user
directories before an encryption policy has been assigned, vold is going
to start creating these directories under temporary names and moving
them into place once fully prepared.  To make this possible, give vold
permission to rename directories with type system_data_file.

Bug: 156305599
Bug: 285239971
Change-Id: Iae2c8f7d2dc343e7d177e6fb2e893ecca1796f7f
 2023-06-13 16:22:03 +00:00