tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
40169 commits 1 branch 0 tags 50 MiB
Commit graph

40169 commits

This branch
This branch
All branches
Author SHA1 Message Date
Gabriel Biren
ae4b3b939f Merge "Add SeLinux policy for WiFi Vendor HAL AIDL service." am: b7e21bcfe7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2154515

Change-Id: Ib101c7348a93c6b4c2be9f344d0a7d59cd964ab8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-10-25 17:07:57 +00:00
Henry Fang
8c7a122464 Merge "Allow CAS AIDL sample HAL" am: 0c3f615602 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2223584

Change-Id: Id1be26b10dbee96ac46b82e620a02d6267027e91
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-10-25 17:07:16 +00:00
Gabriel Biren
b7e21bcfe7 Merge "Add SeLinux policy for WiFi Vendor HAL AIDL service." 2022-10-25 17:03:10 +00:00
Henry Fang
0c3f615602 Merge "Allow CAS AIDL sample HAL" 2022-10-25 16:38:20 +00:00
Jiakai Zhang
0696bd8c95 Merge "Update SELinux policy to allow artd to perform secondary dex compilation" am: 1b89f6370a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2265158

Change-Id: Ia22fa260c8ef8f2e8a7f47fdb3857ef756790d8a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-10-25 13:41:35 +00:00
Jiakai Zhang
1b89f6370a Merge "Update SELinux policy to allow artd to perform secondary dex compilation" 2022-10-25 13:12:16 +00:00
Treehugger Robot
0a67513a63 Merge "Allow priv apps to use virtualizationservice" am: 6a80e5c6fd 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2267863

Change-Id: I684e9fda234e2699d8b5f6086b52beb729b5a7a8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-10-25 10:00:02 +00:00
Treehugger Robot
6a80e5c6fd Merge "Allow priv apps to use virtualizationservice" 2022-10-25 09:04:08 +00:00
Nikita Ioffe
784731690c Merge "Switch to tombstoned.microdroid" am: dd32f3bfbc 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2267864

Change-Id: Ic3a00709b1e47ce0ece664bc22763da37b133edb
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-10-25 00:15:06 +00:00
Nikita Ioffe
dd32f3bfbc Merge "Switch to tombstoned.microdroid" 2022-10-24 23:25:43 +00:00
Treehugger Robot
02ee86e98b Merge "Add sepolicy for background_install_control service" am: 878ac541e7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2263542

Change-Id: I7a5d62ff7b3c329f2adcb9dcdf2c602d867d7c27
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-10-24 21:41:53 +00:00
Treehugger Robot
878ac541e7 Merge "Add sepolicy for background_install_control service" 2022-10-24 21:18:14 +00:00
Wenhao Wang
e825ad2a62 Add sepolicy for background_install_control service 
The background_install_control service is going to detect
background installed apps and provide the list of such apps.

Bug: 244216300
Test: manual
Change-Id: I6500f29ee063da4a3bc18e109260de419dd39218
 2022-10-24 11:26:35 -07:00
Jiakai Zhang
2ffeca72a6 Update SELinux policy to allow artd to perform secondary dex compilation 
Secondary dex files are in app data directories. In order to perform
secondary dex compilation, artd needs permissions to:
- Read secondary dex files
- Create "oat" dir
- Create a reference profile in "oat" dir
- Rename the reference profile
- Delete the reference profile
- Read the current profile in "oat" dir
- Delete the current profile
- Create compilation artifacts in "oat" dir
- Rename compilation artifacts
- Delete compilation artifacts

Bug: 249984283
Test: -
  1. adb shell pm art optimize-package --secondary-dex -m speed-profile -f com.google.android.gms
  2. See no SELinux denial.
Change-Id: I19a0ea7895a54c67959b22085de27d1d0ccc1efc
 2022-10-24 16:07:01 +01:00
Nikita Ioffe
d0fb527326 Switch to tombstoned.microdroid 
Bug: 239367015
Test: microdroid presubmits
Change-Id: I01b4cc90425d79c5b33b8e17bf9fe942c3d6233b
 2022-10-24 15:36:19 +01:00
Alan Stokes
30608520bf Allow priv apps to use virtualizationservice 
And allow VS and crosvm access to privapp_data_file, to the same
extent as app_data_file.

Update some comments, move a neverallow to the bottom of the file with
the others.

Bug: 255286871
Test: Install demo app to system/priv-app, see it work without explicit grant.
Change-Id: Ic763c3fbfdfe9b7a7ee6f1fe76d2a74281b69f4f
 2022-10-24 15:33:02 +01:00
Reema Bajwa
556771a8f6 Merge "Add app_api_service and ephemeral_app_api to credential_service selinux policy to allow regular apps and instant apps to access credential manager Test: Built & deployed locally Bug: 253155284 Feature Bug: 241268646" am: 7e707248b2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2260243

Change-Id: I69442233d4bfd4573a1cd86da1421f0f4b24b918
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-10-22 01:06:05 +00:00
Reema Bajwa
7e707248b2 Merge "Add app_api_service and ephemeral_app_api to credential_service selinux policy to allow regular apps and instant apps to access credential manager Test: Built & deployed locally Bug: 253155284 Feature Bug: 241268646" 2022-10-22 00:41:37 +00:00
Arthur Ishiguro
cd563757f9 Merge "Add sepolicy for default Context Hub HAL access to stats service" am: 3002f1afe2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2260773

Change-Id: I2eee571031f0e8277de66056f779fe9b023e48f8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-10-20 17:05:51 +00:00
Arthur Ishiguro
3002f1afe2 Merge "Add sepolicy for default Context Hub HAL access to stats service" 2022-10-20 16:29:32 +00:00
Treehugger Robot
dddcfee197 Merge changes I9deb367b,I8c88622e,I18747dc6,I4e94db4a am: 8cd5d0b899 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2261556

Change-Id: I8a296f33ea9b1d75bb339b389385afa572b1cd91
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-10-20 04:42:47 +00:00
Treehugger Robot
8cd5d0b899 Merge changes I9deb367b,I8c88622e,I18747dc6,I4e94db4a 
* changes:
  Generate compat files and modules with scripts
  Fix wrongly hardcoded version
  Remove deprecated distutils dependency
  Remove redundant comments
 2022-10-20 04:12:45 +00:00
Arthur Ishiguro
ca5474c5cf Add sepolicy for default Context Hub HAL access to stats service 
Bug: 254328944
Test: Verify no selinux error through logcat
Change-Id: Iebc7e6c42a99d091dd1afcc5ff0204bd6f3c71e7
 2022-10-19 16:49:01 +00:00
Gabriel Biren
e310ef8163 Add SeLinux policy for WiFi Vendor HAL AIDL service. 
Bug: 205044134
Test: Manual - reboot phone and check if AIDL
      service is running.
Change-Id: I242e6ef860d2defdb0ab0a3d649b2a4e3f0de5a6
 2022-10-19 16:34:56 +00:00
Reema Bajwa
d151d63fa0 Add app_api_service and ephemeral_app_api to credential_service selinux policy to allow regular apps and instant apps to access credential manager 
Test: Built & deployed locally
Bug: 253155284
Feature Bug: 241268646

Change-Id: I6cf6738858bccfbb07f0cf2e92fcbd472b4c56ce
 2022-10-19 14:50:46 +00:00
Inseob Kim
f87eb38696 Generate compat files and modules with scripts 
The steps have been done by hand, which is highly errorprone.

Bug: 207344718
Test: run the script manually
Change-Id: I9deb367b0cbd8d357147f83964bc214cd00266f7
 2022-10-19 18:32:01 +09:00
Inseob Kim
bf2a967f1f Fix wrongly hardcoded version 
Also removed 10000.0 as there is no 10000.0 in the cil (only 10000_0
exists)

Test: manual
Change-Id: I8c88622e75847388394ba7a0e2e16ceb600ac4f1
 2022-10-19 18:31:07 +09:00
Inseob Kim
73172d83ca Remove deprecated distutils dependency 
Test: manual
Change-Id: I18747dc6dc47d8e865cadb87dee4a88d1ec32d49
 2022-10-19 18:25:23 +09:00
Inseob Kim
0c4a3ed6e9 Remove redundant comments 
Because compat/Android.bp will be modified by compat generate script.

Bug: 207344718
Test: N/A
Change-Id: I4e94db4a9aab492d7fd6df97fad7bfe80756260c
 2022-10-19 18:22:48 +09:00
Treehugger Robot
67f9821aa4 Merge "Add policies for new services HDMI and HDMICEC" am: 4a5c2dee68 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2223061

Change-Id: I40f635565583adb88a98fb2304eacb04adc8dab2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-10-19 03:31:09 +00:00
Treehugger Robot
4a5c2dee68 Merge "Add policies for new services HDMI and HDMICEC" 2022-10-19 02:58:03 +00:00
Steven Moreland
2b39859d1a Merge "servicemanager: kernel log perms" am: 586703a90c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2120755

Change-Id: I64241a470ee02206e7513f0d9bd9b5f827ee1ab6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-10-18 20:27:45 +00:00
Steven Moreland
586703a90c Merge "servicemanager: kernel log perms" 2022-10-18 20:06:41 +00:00
Steven Moreland
5c3f315771 servicemanager: kernel log perms 
Bug: 210919187
Fixes: 235390578
Test: boot (logs still only show up sometimes)
Change-Id: I16b9814260103ce550836655d0409d43b8850ea0
 2022-10-17 21:30:50 +00:00
Pawan Wagh
ed30ef1e1e Merge "Revert "Revert "Updating exisiting fuzzers in fuzzer bindings""" am: 59f3e11574 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2255140

Change-Id: I6ebe139f6d4dcd524eb409fb4ab07bc20940af82
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-10-17 16:52:45 +00:00
Pawan Wagh
59f3e11574 Merge "Revert "Revert "Updating exisiting fuzzers in fuzzer bindings""" 2022-10-17 16:21:46 +00:00
Hunsuk Choi
40e6ec320b Merge "Add IRadioIms and IImsMedia context" am: 0c00096874 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2252878

Change-Id: Iffe9f97bf14f9e8e051d0c7000ea54f21d0c5d20
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-10-17 06:46:26 +00:00
Hunsuk Choi
0c00096874 Merge "Add IRadioIms and IImsMedia context" 2022-10-17 06:13:01 +00:00
Treehugger Robot
6a520d6622 Merge "Add selinux policy to register remote access HAL." am: 184064cd13 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2242819

Change-Id: I107d43afa110e509f097f0dbdb923d2589cacfd7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-10-15 03:50:05 +00:00
Treehugger Robot
184064cd13 Merge "Add selinux policy to register remote access HAL." 2022-10-15 03:13:07 +00:00
Pawan Wagh
fe3d48f3fb Revert "Revert "Updating exisiting fuzzers in fuzzer bindings"" 
This reverts commit e3245a40df.

Reason for revert: Check for missing dependency is added now. It should fix builds on master-art branch.
Bug: 253648584
Change-Id: I1ecd4521a1038ace711a4abeb0964b764ad5bc94
 2022-10-14 18:51:34 +00:00
Pawan Wagh
d1c05f92bb Merge "sepolicy : check if missing dependencies are allowed" am: 093c870e67 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2253074

Change-Id: Idda66a62e55b9d1a575ccf243317594259d33f4c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-10-14 18:37:34 +00:00
Rob Seymour
7aaf88d74f Merge "Allow service managers access to apex data." am: 9833c60b35 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2168782

Change-Id: Ic07e1e7fed18781c587c99d451738f034650475e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-10-14 18:36:49 +00:00
Pawan Wagh
093c870e67 Merge "sepolicy : check if missing dependencies are allowed" 2022-10-14 18:04:55 +00:00
Rob Seymour
9833c60b35 Merge "Allow service managers access to apex data." 2022-10-14 18:04:46 +00:00
Keir Fraser
267c488ccb Allow microdroid_manager to create a ZRAM swap device am: 5cbe30c386 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2251456

Change-Id: I46d954514c634529237991387de94bbbed176eaf
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-10-13 15:50:13 +00:00
Keir Fraser
5cbe30c386 Allow microdroid_manager to create a ZRAM swap device 
Bug: 238284600
Test: Start a VM, confirm swap is available
Change-Id: I5b6050fabd652d9c15584afa0bfdc10b33401dd1
 2022-10-13 14:22:15 +00:00
Hunsuk Choi
24abed20f5 Add IRadioIms and IImsMedia context 
Bug: 216387835
Test: build & flash
Change-Id: I7eb3a45e1b13ca702e6bab7e152c4b4722ceccdd
(cherry picked from commit 26a4cc08701586459e1042604a204f6485c27d08)
Merged-In: I7eb3a45e1b13ca702e6bab7e152c4b4722ceccdd
 2022-10-13 06:17:30 +00:00
Treehugger Robot
1989e9a3a7 Merge "Fix too-broad allows granted to domain" am: c3b7489ee5 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2251313

Change-Id: I83e9ebd22b900a0ca494e49e9f17f35a8c08a785
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-10-13 06:08:00 +00:00
Treehugger Robot
c3b7489ee5 Merge "Fix too-broad allows granted to domain" 2022-10-13 05:37:13 +00:00