tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
33921 commits 1 branch 0 tags 50 MiB
Commit graph

33921 commits

This branch
This branch
All branches
Author SHA1 Message Date
Mohammed Rashidy
aa0cb606c3 Merge changes from topic "revert-1967140-EVS_sepolicy_updates_T-MBLQTXKQEY" am: 7f1eaf1b45 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1979387

Change-Id: I7f5e8791adc7e30a2f7c2da3c0658c2c33b88e4f
 2022-02-10 11:55:32 +00:00
Mohammed Rashidy
4d67e0d02b Revert "Updates sepolicy for EVS HAL" am: 418f41ad13 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1979386

Change-Id: If3080898b802cf7551c01c9425499591b815da6b
 2022-02-10 11:55:30 +00:00
Mohammed Rashidy
7f1eaf1b45 Merge changes from topic "revert-1967140-EVS_sepolicy_updates_T-MBLQTXKQEY" 
* changes:
  Revert "Adds a sepolicy for EVS manager service"
  Revert "Updates sepolicy for EVS HAL"
 2022-02-10 11:38:40 +00:00
Mohammed Rashidy
418f41ad13 Revert "Updates sepolicy for EVS HAL" 
Revert submission 1967140-EVS_sepolicy_updates_T

Reason for revert: triggered revert due to breakage https://android-build.googleplex.com/builds/quarterdeck?branch=git_master&target=cf_x86_64_auto-userdebug&lkgb=8168894&lkbb=8168958&fkbb=8168947, bug b/218802298
Reverted Changes:
I730d56ab1:Allows hal_evs_default to read directories
I2df8e10f5:Updates sepolicy for EVS HAL
Ie6cb3e269:Adds a sepolicy for EVS manager service

Change-Id: I1cc37b0e56646db61bdb34cb209aefe7376c5a50
 2022-02-10 10:07:44 +00:00
Mohammed Rashidy
0137c98b90 Revert "Adds a sepolicy for EVS manager service" 
Revert submission 1967140-EVS_sepolicy_updates_T

Reason for revert: triggered revert due to breakage https://android-build.googleplex.com/builds/quarterdeck?branch=git_master&target=cf_x86_64_auto-userdebug&lkgb=8168894&lkbb=8168958&fkbb=8168947, bug b/218802298
Reverted Changes:
I730d56ab1:Allows hal_evs_default to read directories
I2df8e10f5:Updates sepolicy for EVS HAL
Ie6cb3e269:Adds a sepolicy for EVS manager service

Change-Id: I207c261bcf2c8498d937ab02c499bf709a5f1b15
 2022-02-10 10:07:44 +00:00
Sandro Montanari
d20a77319a Merge "Allow apexd to write to /metadata/sepolicy" am: 306fca99db 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1965103

Change-Id: I1aecfb46a194d837c62ac3ad14f84f03f5920a9b
 2022-02-10 10:01:30 +00:00
Sandro Montanari
306fca99db Merge "Allow apexd to write to /metadata/sepolicy" 2022-02-10 09:41:34 +00:00
Treehugger Robot
177cf20196 Merge changes from topic "EVS_sepolicy_updates_T" am: 2cedd28cf9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1967009

Change-Id: I6e25a9c2f0030539b1bbf5892c4fd51f931053b7
 2022-02-10 08:12:58 +00:00
Treehugger Robot
2cedd28cf9 Merge changes from topic "EVS_sepolicy_updates_T" 
* changes:
  Updates sepolicy for EVS HAL
  Adds a sepolicy for EVS manager service
 2022-02-10 08:02:04 +00:00
Maciej Żenczykowski
960f03e7e6 Merge "bpfdomain: attribute for domain which can use BPF" am: 337e6b1e1c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1978573

Change-Id: I4dfb42eedfec394488dea73910f11b23f08cfb92
 2022-02-10 07:25:40 +00:00
Maciej Żenczykowski
337e6b1e1c Merge "bpfdomain: attribute for domain which can use BPF" 2022-02-10 07:08:22 +00:00
Treehugger Robot
2379b4582c Merge "Fix se_policy_conf file output stem" am: 099b15ea2e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1978386

Change-Id: I7ad40cc5750a49f77ff015d979e140d357c1892d
 2022-02-10 03:24:26 +00:00
Treehugger Robot
099b15ea2e Merge "Fix se_policy_conf file output stem" 2022-02-10 03:08:30 +00:00
Changyeon Jo
a083d7a8d8 Updates sepolicy for EVS HAL 
This CL updates hal_evs_default to be sufficient for the defautl EVS HAL
implementation and modifies other services' policies to be able to
communicate with EVS HAL implementations

Bug: 217271351
Test: m -j selinux_policy and Treehugger
Change-Id: I2df8e10f574d62f8b84e0ff0381656ab1b18b52f
 2022-02-10 01:42:59 +00:00
Changyeon Jo
5c3bc58163 Adds a sepolicy for EVS manager service 
Bug: 170401743
Bug: 216727303
Test: m -j selinux_policy and TreeHugger
Change-Id: Ie6cb3e269fc46a61b56ca93efd69fbc447da0e3d
 2022-02-10 01:42:21 +00:00
Steven Moreland
6598175e06 bpfdomain: attribute for domain which can use BPF 
Require all domains which can be used for BPF to be marked as
bpfdomain, and add a restriction for these domains to not
be able to use net_raw or net_admin. We want to make sure the
network stack has exclusive access to certain BPF attach
points.

Bug: 140330870
Bug: 162057235
Test: build (compile-time neverallows)
Change-Id: I29100e48a757fdcf600931d5eb42988101275325
 2022-02-10 00:34:50 +00:00
Yabin Cui
4906441dc5 Merge "profcollectd: allow to call callbacks registered by system_server." am: c30b45e242 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1973763

Change-Id: Id7138581429d7a7a4d03e8df35cd6d5e6f669490
 2022-02-09 18:21:42 +00:00
Yabin Cui
c30b45e242 Merge "profcollectd: allow to call callbacks registered by system_server." 2022-02-09 18:09:59 +00:00
Steven Moreland
4e83d24871 Merge "Allow BPF programs from vendor." am: 2536bf9dac 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1189663

Change-Id: I71bbd8460727eff793dd59d5c5b1d8dcc963fdde
 2022-02-09 17:45:41 +00:00
Steven Moreland
2536bf9dac Merge "Allow BPF programs from vendor." 2022-02-09 17:28:16 +00:00
sandrom
e9a5e7ca6c Allow apexd to write to /metadata/sepolicy 
Test: manual tests
Bug: 218672709
Change-Id: I91e173cc41bca0f8fd62d5a783e514f6bbb0e214
 2022-02-09 15:11:06 +00:00
Inseob Kim
6c5fa54a8b Fix se_policy_conf file output stem 
OutputFileProducer interface has been returning "conf", not the
designated stem.

Test: try including se_policy_conf module as other module's srcs
Change-Id: I17de5e10ed9bd1d45dc9a8b1be11ea6f5290c179
 2022-02-09 23:35:43 +09:00
Jayant Chowdhary
4c51fa993e Merge "System wide sepolicy changes for aidl camera hals." am: b00bf9d282 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1975831

Change-Id: Ie9b95c5b231a014d0123271b5cfd63f20b9519db
 2022-02-09 03:23:54 +00:00
Jayant Chowdhary
b00bf9d282 Merge "System wide sepolicy changes for aidl camera hals." 2022-02-09 03:08:37 +00:00
Steven Moreland
c27d24c37c Allow BPF programs from vendor. 
Who needs all those context switches?

bpfloader controls which types of vendor programs can be used.

Bug: 140330870
Bug: 162057235
Test: successfully load bpf programs from vendor
Change-Id: I36e4f6550da33fea5bad509470dfd39f301f13c8
 2022-02-08 22:46:54 +00:00
Thiébaud Weksteen
d41e2add90 Merge "Allow policy tests to support space in file names" am: c3ae0ceaee 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1968402

Change-Id: I0b73db62b9b83efd02f65e0bada75695a47a7447
 2022-02-08 22:00:19 +00:00
Thiébaud Weksteen
c3ae0ceaee Merge "Allow policy tests to support space in file names" 2022-02-08 21:48:17 +00:00
Treehugger Robot
5d45c0bc91 Merge "Add rule to allow servicemanager to call the hostapd service." am: 14db21eafa 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1975506

Change-Id: Ic364766d3356c3d0936215f06ab119fd30412ea7
 2022-02-08 20:33:59 +00:00
Treehugger Robot
14db21eafa Merge "Add rule to allow servicemanager to call the hostapd service." 2022-02-08 20:17:15 +00:00
Christine Franks
bdb8275788 Merge "Add uhid_device to system_server" am: c98bde94c4 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1972819

Change-Id: I7faf091b6ac4d6dddafaaf30e035d097ba8dd444
 2022-02-08 18:48:19 +00:00
Treehugger Robot
c6530c9486 Merge "Rename property for default MTE mode." am: 0fc6fae857 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1975306

Change-Id: I55a2c07b0d45df1a7ed3d3f03308a123a8812910
 2022-02-08 18:41:06 +00:00
Gabriel Biren
d59d96c476 Add rule to allow servicemanager to call 
the hostapd service.

Needed in order to allow hostapd to
receive a callback from servicemanager
when the active service count changes.

Bug: 213475388
Test: atest VtsHalHostapdTargetTest
Change-Id: I3a5ec8219d23227fab85325f90d8b4aee6c76973
 2022-02-08 18:00:15 +00:00
Christine Franks
c98bde94c4 Merge "Add uhid_device to system_server" 2022-02-08 17:13:32 +00:00
Treehugger Robot
0fc6fae857 Merge "Rename property for default MTE mode." 2022-02-08 16:47:32 +00:00
Treehugger Robot
0b2fe7bba9 Merge "Allow reading hypervisor capabilities" am: e335de9aeb 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1974460

Change-Id: I0fd8a7a9f35ed63f78bea52028935705750c0a7a
 2022-02-08 11:54:28 +00:00
Treehugger Robot
e335de9aeb Merge "Allow reading hypervisor capabilities" 2022-02-08 11:49:33 +00:00
Treehugger Robot
46f9d2ebc4 Merge "bpfloader: use kernel logs" am: 2e468b48c5 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1975407

Change-Id: Ica35494fc1df34ebb9ccfd82c2aa1d5e658e4463
 2022-02-08 11:48:26 +00:00
Treehugger Robot
2e468b48c5 Merge "bpfloader: use kernel logs" 2022-02-08 10:51:39 +00:00
Jayant Chowdhary
e3019be3db System wide sepolicy changes for aidl camera hals. 
Bug: 196432585

Test: Camera CTS

Change-Id: I0ec0158c9cf82937d6c00841448e6e42f6ff4bb0
Signed-off-by: Jayant Chowdhary <jchowdhary@google.com>
 2022-02-08 09:37:17 +00:00
Treehugger Robot
5b2f49942b Merge "Allow priv-app to report off body events to keystore." am: d83aba62f6 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1973028

Change-Id: I9b990153f44fb93b4ee09b25e4efb6bd492d7fc0
 2022-02-07 23:57:28 +00:00
Shubang Lu
04a33ef734 Merge "SE policy: rename iapp -> interactive_app" am: 3885ab88c5 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1956658

Change-Id: I6e469662688bb7d91af5c7070063763b49dc0900
 2022-02-07 23:57:01 +00:00
Treehugger Robot
d83aba62f6 Merge "Allow priv-app to report off body events to keystore." 2022-02-07 23:46:05 +00:00
Shubang Lu
3885ab88c5 Merge "SE policy: rename iapp -> interactive_app" 2022-02-07 23:45:28 +00:00
Steven Moreland
233d4aabf6 bpfloader: use kernel logs 
Boots early. logd no workie!

Bug: 210919187
Test: see bpfloader logs
Change-Id: I313f55b0a6e1164fdffeb2d07952988d5e560ae7
 2022-02-07 23:16:55 +00:00
Josh Yang
8be76c8e5c Allow priv-app to report off body events to keystore. 
Bug: 183564407
Test: the selinux error is gone.
Change-Id: I6783528a0ca6c94781b6c12d96ffebbfe8b25594
Merged-In: If40c2883edd39bee8e49e8e958eb12e9b29a0fe0
 2022-02-07 22:42:51 +00:00
Florian Mayer
6020c42f2b Rename property for default MTE mode. 
This was requested in aosp/1959650.

Change-Id: I96f8771a39606b0934e4455991a6a34aea40235b
 2022-02-07 11:27:20 -08:00
Treehugger Robot
2f94a92cdc Merge "Allow microdroid_manager to BLKFLSBUF on the instance disk" am: 03b3b18c70 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1974319

Change-Id: I3065a65bd2c5bb4f780dfac95c9e5143f0990883
 2022-02-07 11:59:23 +00:00
Treehugger Robot
03b3b18c70 Merge "Allow microdroid_manager to BLKFLSBUF on the instance disk" 2022-02-07 11:44:54 +00:00
Alan Stokes
55803ca572 Allow reading hypervisor capabilities 
System server needs to do this to know whether a suitable VM for
CompOS can be created. System server does not need the ability to
actually start a VM, so we don't grant that.

Bug: 218276733
Test: Presubmits
Change-Id: Ibb198ad55819aa924f1bfde68ce5b22c89dca088
 2022-02-07 11:33:18 +00:00
shubang
a1b9f186fb SE policy: rename iapp -> interactive_app 
Bug: 205738783
Test: cuttlefish

Change-Id: I15fd60a2dba79dd5e2a3cf57ed542e5a930680f1
Merged-In: I15fd60a2dba79dd5e2a3cf57ed542e5a930680f1
 2022-02-07 07:54:32 +00:00