tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
37246 commits 1 branch 0 tags 50 MiB
Commit graph

37246 commits

This branch
This branch
All branches
Author SHA1 Message Date
Treehugger Robot
ae84ff37c2 Merge "Let the DICE HAL getattr the device node" am: bbb21324b1 am: 16546e1760 am: ecf1c9cc25 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1990107

Change-Id: Ie4adf99a139d30e4cdc22d9c1336562723b55882
 2022-02-18 10:08:01 +00:00
Treehugger Robot
68d0b7d049 Merge "dontaudit denial on the odex file of location provider." am: c1e11bbea5 am: 6ee88d68eb am: 8b415cd51f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1988446

Change-Id: Ia60e8f6decc9662ec4a7c45e9f9e2fa7d56149c5
 2022-02-18 10:07:55 +00:00
Thiébaud Weksteen
e7d529fed6 Merge "Associate hal_service_type with all HAL services" am: b18abcdd51 am: 71b8ad6234 am: 351e89d5d3 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1987147

Change-Id: I7220245e469f58126ea4af0744690f907e9d2928
 2022-02-18 10:07:48 +00:00
Treehugger Robot
ecf1c9cc25 Merge "Let the DICE HAL getattr the device node" am: bbb21324b1 am: 16546e1760 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1990107

Change-Id: Ie6c20a9ab8a0258432e110409811f2b07540033a
 2022-02-18 09:45:51 +00:00
Treehugger Robot
8b415cd51f Merge "dontaudit denial on the odex file of location provider." am: c1e11bbea5 am: 6ee88d68eb 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1988446

Change-Id: Ida61de471532e0ef22de4dbcf295b626809c1dd6
 2022-02-18 09:45:43 +00:00
Thiébaud Weksteen
351e89d5d3 Merge "Associate hal_service_type with all HAL services" am: b18abcdd51 am: 71b8ad6234 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1987147

Change-Id: I195b5afcf1294146a5ced5e49edc5ae877ab62a2
 2022-02-18 09:45:25 +00:00
Treehugger Robot
16546e1760 Merge "Let the DICE HAL getattr the device node" am: bbb21324b1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1990107

Change-Id: I41285713a811517e84ee13e00620c23e4949dbaa
 2022-02-18 09:24:07 +00:00
Treehugger Robot
6ee88d68eb Merge "dontaudit denial on the odex file of location provider." am: c1e11bbea5 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1988446

Change-Id: I65f3a3cf6530bc50ac66c34b216b767b04f41bb6
 2022-02-18 09:23:58 +00:00
Thiébaud Weksteen
71b8ad6234 Merge "Associate hal_service_type with all HAL services" am: b18abcdd51 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1987147

Change-Id: I9d202c1eabadb613f02c9447cb94c12eb494ea64
 2022-02-18 09:23:49 +00:00
Treehugger Robot
bbb21324b1 Merge "Let the DICE HAL getattr the device node" 2022-02-17 14:15:43 +00:00
Andrew Scull
9738638c03 Let the DICE HAL getattr the device node 
Make sure all the permissions are granted to let the HAL do its work
properly.

Bug: 214231981
Test: atest MicrodroidTestApp
Change-Id: I54c633b8163ea313c87856fb0513074a76ac86a1
 2022-02-17 12:35:22 +00:00
Treehugger Robot
c1e11bbea5 Merge "dontaudit denial on the odex file of location provider." 2022-02-17 10:25:22 +00:00
Samiul Islam
6a04cde139 Merge "Add new label for supplemental data" 2022-02-17 09:38:38 +00:00
Thiébaud Weksteen
b18abcdd51 Merge "Associate hal_service_type with all HAL services" 2022-02-17 04:28:09 +00:00
Treehugger Robot
22ff4b28ca Merge "Remove compat test from treble sepolicy tests" am: 8e6b55a13d am: 7e5a5e8b1f am: dd30d8381e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1985246

Change-Id: I1a8b8deb8c70bea1a803d104b0b8451450bb8f93
 2022-02-17 02:29:56 +00:00
Treehugger Robot
dd30d8381e Merge "Remove compat test from treble sepolicy tests" am: 8e6b55a13d am: 7e5a5e8b1f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1985246

Change-Id: I4f27384fb7e79471f34b73e58a1978ad1311e42d
 2022-02-17 02:08:30 +00:00
Treehugger Robot
7e5a5e8b1f Merge "Remove compat test from treble sepolicy tests" am: 8e6b55a13d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1985246

Change-Id: I9b7cb61dfb0dc823d39c8e35d1fff323675a835d
 2022-02-17 01:46:44 +00:00
Treehugger Robot
8e6b55a13d Merge "Remove compat test from treble sepolicy tests" 2022-02-17 01:26:04 +00:00
Jiakai Zhang
bf58100685 dontaudit denial on the odex file of location provider. 
Bug: 194054685
Test: Presubmits
Change-Id: Ia636f7b32251c3b8cb018fee9216e5968d4e95ff
 2022-02-16 14:12:49 +00:00
Treehugger Robot
877d620501 Merge "Add ro.boot.microdroid.app_debuggable" am: cb1e4682c8 am: bc5dd2e143 am: 2b17271ff0 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1986511

Change-Id: If291376893f2cc49d5a35f11d4495d18a482c507
 2022-02-16 13:51:34 +00:00
Treehugger Robot
2b17271ff0 Merge "Add ro.boot.microdroid.app_debuggable" am: cb1e4682c8 am: bc5dd2e143 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1986511

Change-Id: Ib0f0ab444a99b0d300f091f94f4a6028d317de9e
 2022-02-16 13:32:47 +00:00
Treehugger Robot
bc5dd2e143 Merge "Add ro.boot.microdroid.app_debuggable" am: cb1e4682c8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1986511

Change-Id: I49ed965517379b6e7be57c2ce7d81cb77ab6e62b
 2022-02-16 13:08:55 +00:00
Treehugger Robot
cb1e4682c8 Merge "Add ro.boot.microdroid.app_debuggable" 2022-02-16 11:56:04 +00:00
Andrew Scull
b13117f3ba Add ro.boot.microdroid.app_debuggable 
This property is set in the bootconfig to reflect the debuggability of
the payload app. It is consumed microdroid_manager as a DICE input and
by compos to make choices based on the debuggability, e.g. not doing
test builds in non-debug states.

Bug: 219740340
Test: atest ComposHostTestCases
Test: atest MicrodroidTests
Change-Id: If84710f1fdbab957f5d19ce6ba3daad7e3e65935
 2022-02-16 09:40:27 +00:00
Treehugger Robot
52274c4910 Merge "Revert^2 "Migrate contexts tests to Android.bp"" am: 8817edcbb4 am: 2a17f21086 am: 302919c289 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1987148

Change-Id: Iccec615f228131cb15718c14418409c7a4105a3d
 2022-02-16 05:45:19 +00:00
Treehugger Robot
302919c289 Merge "Revert^2 "Migrate contexts tests to Android.bp"" am: 8817edcbb4 am: 2a17f21086 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1987148

Change-Id: I7fe47abe1495a5106bcc330ab881c8cce846ba61
 2022-02-16 05:25:39 +00:00
Treehugger Robot
2a17f21086 Merge "Revert^2 "Migrate contexts tests to Android.bp"" am: 8817edcbb4 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1987148

Change-Id: Ia3f3cb136477d4958a652a68389d3f8af9327d26
 2022-02-16 05:02:46 +00:00
Treehugger Robot
8817edcbb4 Merge "Revert^2 "Migrate contexts tests to Android.bp"" 2022-02-16 04:23:47 +00:00
Inseob Kim
73f43ff847 Remove compat test from treble sepolicy tests 
Treble sepolicy tests check whether previous versions are compatible to
ToT sepolicy or not. treble_sepolicy_tests_for_release.mk implements it,
but it also includes a compat test whether ToT sepolicy + {ver} mapping
+ {ver} plat_pub_versioned.cil can be built together or not. We
definitely need such tests, but we already have a test called "compat
test" which does exactly that, and testing it again with Treble sepolicy
tests is just redundant. The only difference between those two is that
Treble sepolicy tests can also test system_ext and product compat files,
which was contributed by a partner.

The ultimate goal here is to migrate *.mk to Soong, thus merging these
two tests (compat, Treble) into one. As we've already migrated the
compat test to Soong, this change removes the compat test part from
treble sepolicy tests. Instead, the compat test will be extended so it
can test system_ext and product compat files too.
prebuilts/api/{ver}/plat_pub_versioned.cil and
prebuilts/api/{ver}/vendor_sepolicy.cil are also removed as they aren't
used anymore: vendor_sepolicy.cil is an empty stub, and
plat_pub_versioned.cil can be built from the prebuilt source files.

Bug: 33691272
Test: m selinux_policy
Change-Id: I72f5ad0e8bbe6a7c0bbcc02f0f902b953df6ff1a
 2022-02-16 04:09:29 +00:00
Inseob Kim
b5e235346e Revert^2 "Migrate contexts tests to Android.bp" 
This reverts commit baa93cc651.

Reason for revert: amlogic build fixed

Change-Id: I8b046dc810d47a2d87012f02a668873889fce705
 2022-02-16 02:26:11 +00:00
Thiébaud Weksteen
373cf3ba8e Associate hal_service_type with all HAL services 
By default, HAL's services are not accessible by dumpstate. HIDL
implementations were silenced via a dontaudit on hwservice_manager. But
AIDL implementations will trigger a denial, unless authorized via
`dump_hal`. Mark all HAL services with a new attribute
`hal_service_type` so they can be ignored by dumpstate.

Test: m selinux_policy
Bug: 219172252
Change-Id: Ib484368fdeff814d4799792d57a238d6d6e965fd
 2022-02-16 10:49:21 +11:00
Samiul Islam
76935bdef5 Add new label for supplemental data 
Supplemental data is separate from app data and only supplemental
process should have access to these directories.

This CL creates a new label for such data and updates the seapp_context
to assign correct label from installd.

The new label will be applied as follows:

/data/user/0/supplemental                   #system_data_file
/data/user/0/supplemental/<app-name>        #system_data_file
/data/user/0/supplemental/<app-name>/shared #supplemental_app_data_file

Bug: 217543371
Bug: 217559719
Test: atest SupplementalProcessStorageHostTest
      - #testSelinuxLabel_SharedData
      - #testSupplementalDataAppDirectory_SharedStorageIsUsable
Ignore-AOSP-First: Feature is being developed in internal branch
Change-Id: I6572a7a5c46c52c9421d0e9c9fc653ddbd6de145
 2022-02-15 18:36:58 +00:00
Thiébaud Weksteen
e29414f253 Merge "Grant getpgid to system_server on zygote" into sc-v2-dev am: 4171439689 am: d6b83253eb 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16743651

Change-Id: Icb829ce0baf203ec8feafb1aef8623267f084b7e
 2022-02-15 05:20:22 +00:00
Thiébaud Weksteen
d6b83253eb Merge "Grant getpgid to system_server on zygote" into sc-v2-dev am: 4171439689 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16743651

Change-Id: I16a2d6788b042bd94b3eae12613ccf7f79f47bdc
 2022-02-15 05:14:20 +00:00
Thiébaud Weksteen
4096ad5abd Merge changes from topic "presubmit-am-47892e9f11d746939b74901bbda929d2" into sc-v2-dev-plus-aosp am: 69d3e66ae3 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16743651

Change-Id: Id904a8b745dc79e6364d8b398cb84578fcfba5ed
 2022-02-15 05:14:04 +00:00
Thiébaud Weksteen
69d3e66ae3 Merge changes from topic "presubmit-am-47892e9f11d746939b74901bbda929d2" into sc-v2-dev-plus-aosp 
* changes:
  [automerge] Grant getpgid to system_server on zygote 2p: c816666f40
  Grant getpgid to system_server on zygote
 2022-02-15 04:57:57 +00:00
Thiébaud Weksteen
4171439689 Merge "Grant getpgid to system_server on zygote" into sc-v2-dev 2022-02-15 04:57:57 +00:00
Xin Li
67bef58377 [automerger skipped] Skip SP2A.220305.012 am: 9fced2e705 -s ours am: b97017bf6a -s ours 
am skip reason: Merged-In Ied609152e6a9ba6d17b70db325ca33f1cb345eb8 with SHA-1 57401bc71f is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16873305

Change-Id: Id92d08b448cd323527ee6244723b9ccfb16bc36b
 2022-02-14 22:05:09 +00:00
Xin Li
b97017bf6a [automerger skipped] Skip SP2A.220305.012 am: 9fced2e705 -s ours 
am skip reason: Merged-In Ied609152e6a9ba6d17b70db325ca33f1cb345eb8 with SHA-1 57401bc71f is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16873305

Change-Id: I7c7abedef1f2ca518ca339fd781c46c91d608977
 2022-02-14 21:49:27 +00:00
Xin Li
9fced2e705 Skip SP2A.220305.012 
Bug: 219523960
Merged-In: Ied609152e6a9ba6d17b70db325ca33f1cb345eb8
Change-Id: Ie743f909429f36f876d16cb2d52b3bed971ef207
 2022-02-14 20:07:30 +00:00
Xin Li
f7b437ec03 [automerger skipped] Merge "Merge sc-v2-dev-plus-aosp-without-vendor@8084891" into stage-aosp-master am: f1f2839e6e -s ours am: 8c55673104 -s ours 
am skip reason: Merged-In I129b5cb74259c9c028483e84c9b2ac3597c24701 with SHA-1 baa93cc651 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16845407

Change-Id: Ib00f3ac7b1782bb0fafcbffe0ff24b6ca04b33c7
 2022-02-14 18:21:06 +00:00
Xin Li
8c55673104 [automerger skipped] Merge "Merge sc-v2-dev-plus-aosp-without-vendor@8084891" into stage-aosp-master am: f1f2839e6e -s ours 
am skip reason: Merged-In I129b5cb74259c9c028483e84c9b2ac3597c24701 with SHA-1 baa93cc651 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16845407

Change-Id: Ic71807871233a423235f7b782a033b8110af1a12
 2022-02-14 18:03:43 +00:00
Xin Li
f1f2839e6e Merge "Merge sc-v2-dev-plus-aosp-without-vendor@8084891" into stage-aosp-master 2022-02-14 17:31:17 +00:00
Ramji Jiyani
982c6d39a2 Merge "system_dlkm: sepolicy: add system_dlkm_file_type" am: ba8615a186 am: 86cfb85d49 am: b925768cb3 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1978574

Change-Id: I17438ed404b798434e5cee28981ebd2b78b48e98
 2022-02-11 19:24:08 +00:00
Daniel Norman
d309c7225c Merge "Expose the APEX multi-install props to non-root getprop." am: ea98866236 am: 17327ac36a am: 004827ac14 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1965921

Change-Id: Ie247ac133be1573e4d8c3f1978b81e59729b4106
 2022-02-11 19:23:55 +00:00
Ramji Jiyani
b925768cb3 Merge "system_dlkm: sepolicy: add system_dlkm_file_type" am: ba8615a186 am: 86cfb85d49 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1978574

Change-Id: I5ac3fc1d3d4ecba09d26329de54c4f4b950c4b00
 2022-02-11 19:13:53 +00:00
Daniel Norman
004827ac14 Merge "Expose the APEX multi-install props to non-root getprop." am: ea98866236 am: 17327ac36a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1965921

Change-Id: Ibee39c2697d2a5d3cc6180b6a15af964b6fb9842
 2022-02-11 19:12:58 +00:00
Ramji Jiyani
86cfb85d49 Merge "system_dlkm: sepolicy: add system_dlkm_file_type" am: ba8615a186 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1978574

Change-Id: I8c70b7c37e2d5a84b78f4b8862890c4a0d101f1d
 2022-02-11 18:52:59 +00:00
Daniel Norman
17327ac36a Merge "Expose the APEX multi-install props to non-root getprop." am: ea98866236 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1965921

Change-Id: I43a503e66debdf898e7987c9b4ebc9c8709144bb
 2022-02-11 18:52:06 +00:00
Ramji Jiyani
ba8615a186 Merge "system_dlkm: sepolicy: add system_dlkm_file_type" 2022-02-11 18:36:04 +00:00