tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
20310 commits 1 branch 0 tags 50 MiB
Commit graph

18 commits

Author SHA1 Message Date
Treehugger Robot
8740465034 Merge "Move mediaswcodec service to APEX" 2019-03-06 02:06:19 +00:00
Chong Zhang
21b40e380e Move mediaswcodec service to APEX 
bug: 127499775
test:
- adb shell lshal debug android.hardware.media.c2@1.0::IComponentStore/software
check all software c2 codecs are still listed
- clean-built image shouldn't have mediaswcodec in /system/bin
- atest CtsMediaTestCases -- --module-arg CtsMediaTestCases:size:small
Change-Id: Ie528fe3b1053d5bfd9dc3b858c996b8e1c708cbc
 2019-03-05 14:54:14 -08:00
Andreas Gampe
4c2d06c458 Sepolicy: Add base runtime APEX postinstall policies 
Add art_apex_postinstall domain that is allowed to move
precreated AoT artifacts from /data/ota.

Bug: 125474642
Test: m
Change-Id: Id674e202737155a4ee31187f096d1dd655001fdd
 2019-02-28 09:24:17 -08:00
Andreas Gampe
ae127d8340 Sepolicy: Add base runtime APEX preinstall policies 
Add art_apex_preinstall domain that is allowed to create AoT
artifacts in /data/ota.

Bug: 125474642
Test: m
Change-Id: Ia091d8df34c4be4f84c2052d3c333a0e36bcb036
 2019-02-28 05:12:56 -08:00
Andreas Gampe
261ea86192 Sepolicy: Initial Apexd pre-/postinstall rules 
Give apexd permission to execute sh.

Add userdebug_or_eng domains and rules for the test
APEX for pre- and post-install.

Bug: 119260955
Bug: 119261380
Test: atest apexservice_test
Change-Id: I0c4a5e35e096101a53c9d1f212d2db2e63728267
 2019-01-24 15:06:17 -08:00
Chong Zhang
b1ab8c6f9f adding apex for media swcodecs 
bug: 111407413
Change-Id: Ica209ad9476b0597a206bf53823a1928643c8256
 2019-01-09 13:24:59 -08:00
Jiyong Park
048e136653 Label the dynamic linker in the runtime APEX correctly 
e2bc9fe9d5ac82457bc6050bf705ff43a1b05cbf in platform/art project added
the dynamic linker to the runtime APEX. Since the dynamic linker has
been labeled as 'system_linker_exec' so does the linker in the APEX.

Bug: 120266448
Test: ls -Z /apex/com.android.runtime/bin/linker
u:object_r:system_linker_exec:s0 /apex/com.android.runtime/bin/linker

Change-Id: I243b86a74d94058b3283830c32232c6584639ff3
 2019-01-04 01:19:44 +09:00
Treehugger Robot
66334bd0e4 Merge "Add SELinux policy for Conscrypt APEX" 2018-12-13 23:27:54 +00:00
Neil Fuller
13a72f4b71 Add tz files to the runtime module permissions 
Code in bionic / libcore will now look in the runtime
APEX module for data files.

Bug: 119293618
Bug: 119390260
Test: build / treehugger only
Change-Id: I965c763e7f0452b8ef5ffbf730733e9a41254beb
 2018-12-07 11:35:03 +00:00
Adam Vartanian
8e4412d5e1 Add SELinux policy for Conscrypt APEX 
Bug: 110404540
Test: cts -m CtsLibcoreTestCases -t com.android.org.conscrypt
Change-Id: Id89fc0f5e39515093f1d9d8a4fd075d717b50cf8
 2018-12-07 10:49:44 +00:00
Dario Freni
4df603a038 Remove permission for APEX manifest. 
There is no real need to access the manifest.json (which is being
renamed in other CLs anyway). So remove the access to it.

Bug: 119672727
Test: m, installed on device, boots.
Change-Id: I2d82062031da36f871b2a64d97a50a6f1e6fc3dd
 2018-11-24 17:19:05 +00:00
Treehugger Robot
ac317b915e Merge "Add com.android.resolv-file_contexts to /system/sepolicy/apex" 2018-11-21 13:10:13 +00:00
chenbruce
a5121f64a6 Add com.android.resolv-file_contexts to /system/sepolicy/apex 
Gathering file contexts for all APEXes there for easier auditing.

Test: m com.android.resolv
Bug: 119527674
Change-Id: I0f06c21c77f4b537e7c7d590204569f4531b5302
 2018-11-21 14:39:33 +08:00
Roland Levillain
04dcdeacee Merge "Add file_contexts for Release Runtime APEX module." 2018-11-20 11:54:17 +00:00
Roland Levillain
4592b0f07a Add file_contexts for Release Runtime APEX module. 
Also rename `file_contexts` for the "Debug" Runtime APEX module
(containing both release and debug variants, as well as additional
tools).

Test: make com.android.runtime
Test: make com.android.runtime.release
Test: make com.android.runtime.debug
Test: art/build/apex/runtests.sh
Bug: 113373927
Change-Id: I6b917d7f5b1734aeb717932081c7b03366ef2774
 2018-11-16 19:04:09 +00:00
Jiyong Park
b23f71d97d Set filecontext for the test apex 
Label the surfaceflinger binary as surfaceflinger_exec

Test: m apex.test; m; device is bootable

Change-Id: I22297ba514f7ba298a1d0d4b476a447f26e48078
 2018-11-16 21:10:38 +09:00
Jiyong Park
a4767dd116 Rename APEX file_contexts as <name>-file_context 
It was <name>_file_context before. Changing for better readability.

Bug: 119034475
Test: m apex.test com.android.tzdata com.android.runtime
Change-Id: Ic9d6479dfed56ac474c574343a38b5f73dde3c05
 2018-11-14 13:56:56 +09:00
Jiyong Park
03ccac0e75 Move file_contexts for APEXes to under /system/sepolicy 
For centralized development of sepolices, file_contexts files for APEXes
are all moved to under /system/seplicy.

Bug: 119034475
Bug: 113373927
Test: m apex.test com.android.tzdata com.android.runtime com.android.media
Change-Id: I9bf4874793db4dbdb75cbd759ae95f72d7281007
 2018-11-13 14:22:38 -08:00