tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
38911 commits 1 branch 0 tags 50 MiB
Commit graph

514 commits

Author SHA1 Message Date
Amos Bianchi
3189fafa2a Add sepolicy for new module. 
Bug: b/241442337
Test: TH
Change-Id: Ia58e2d4b205638509545a0a2c356cd68862beb1f
 2022-09-23 10:40:47 -07:00
Yu Shan
e799e9284c Merge "Create selinux policy for remoteaccess HAL." 2022-09-22 01:17:00 +00:00
Weilin Xu
52546635b2 Applying new IBroadcastRadio AIDL 
Update Sepolicy for AIDL broadcast radio HAL. Ignore
fuzzer default AIDL implementation for now.

Bug: 170336130
Test: m -j
Change-Id: Ie55c08c6a721de1f8dc40acc81de68565f99f7d7
 2022-09-21 23:17:20 +00:00
Steven Moreland
5043c02262 Merge "hidl2aidl: conversion of gatekeeper hidl to aidl" 2022-09-21 21:26:01 +00:00
Reema Bajwa
396d34b7c8 Merge "Add SELinux changes for Credential Manager Service in system server Test: Built & Deployed on device locally." 2022-09-21 17:34:09 +00:00
Yu Shan
05a7389aa9 Create selinux policy for remoteaccess HAL. 
Will add fuzzer once the service is implemented.

Test: Run remoteaccess HAL on gcar_emu. Verify the service is running.
Bug: 241483300
Change-Id: I01b31a88414536ddd90f9098f422ae43a48cf726
 2022-09-20 18:09:49 -07:00
Anna Zhuravleva
2864a66331 Add sepolicy for Health Connect system service. 
Add selinux policy so the healthconnect system service
can be accessed by other processes.

Bug: 246961138
Test: build
Change-Id: I37e0e7f1a2b4696b18f8876a107c509d2906e850
 2022-09-20 17:14:35 +00:00
Reema Bajwa
5b57bfaf7e Add SELinux changes for Credential Manager Service in system server 
Test: Built & Deployed on device locally.

Change-Id: I892107ed528e0ca7435aa29a0fa1e6dbf4f225c5
 2022-09-19 17:51:06 +00:00
Subrahmanyaman
1d2a3fedcc hidl2aidl: conversion of gatekeeper hidl to aidl 
Conversion of the gatekeeper hidl interface to stable aidl interface.

Bug: 205760843
Test: run vts -m VtsHalGatekeeperTarget
Change-Id: I44f554e711efadcd31de79b543f42c0afb27c23c
 2022-09-19 17:43:26 +00:00
Yixiao Luo
aa98f8a58c Merge "TV Input HAL 2.0 sepolicy" 2022-08-26 23:19:24 +00:00
Thiébaud Weksteen
c0fef5c1ae Merge "Remove wpantund and lowpan_service" 2022-08-25 23:57:20 +00:00
Yixiao Luo
e83ae791aa TV Input HAL 2.0 sepolicy 
Bug: 227673740
Test: atest VtsHalTvInputTargetTest
Change-Id: I53f6537a8f911661e368824a5a5dc5db57413980
 2022-08-25 14:31:49 -07:00
Thiébaud Weksteen
8439a1ff29 Remove wpantund and lowpan_service 
Bug: 235018188
Test: TH
Change-Id: I0e2f03ad6d17f5d9223b2c500b6c3183835ec807
 2022-08-22 14:09:01 +10:00
Steven Moreland
5c587349fd Merge "Fully prepare vendor_service removal." am: 46138cca6a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2140049

Change-Id: Ib5f07ce54608fcb325c0ba5cc1402ab25e13c3fa
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-08-01 23:35:20 +00:00
Steven Moreland
e6b2acbfc4 Fully prepare vendor_service removal. 
Removes all references to vendor_service in policy except the
definition of this type, which also needs to be removed by
clients.

We don't need this because interface type shouldn't be associated
with where they are served. We can serve HALs from anywhere if they are
implemented in software.

Bug: 237115222
Test: builds
Change-Id: If370a904af81e015e7e1f7a408c4bfde2ebff9a4
 2022-07-25 22:20:16 +00:00
Xin Li
b347e9fd52 Merge tm-dev-plus-aosp-without-vendor@8763363 
Bug: 236760014
Merged-In: I036e48530e37f7213a21b250b858a37fba3e663b
Change-Id: Ic7d4432aea1d37546d342df3e2157b9dc8207770
 2022-06-27 23:40:18 +00:00
Almaz Mingaleev
0e70ea793f Merge "Remove TZUvA feature." 2022-06-23 07:47:26 +00:00
Neil Fuller
37888b33ba Remove TZUvA feature. 
The feature was superseded by tzdata mainline module(s).

Bug: 148144561
Test: see system/timezone
Test: m selinux_policy
Change-Id: I48d445ac723ae310b8a134371342fc4c0d202300
Merged-In: I48d445ac723ae310b8a134371342fc4c0d202300
 2022-06-13 11:45:50 +00:00
Devin Moore
92c36611e3 Merge "Add permissions for new netd AIDL HAL" am: e47782171a am: ff958713a2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2095165

Change-Id: I7d2b464664e78b2cb32820adef2595a248203969
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-10 20:30:09 +00:00
Devin Moore
309a355088 Add permissions for new netd AIDL HAL 
Netd is now serving an AIDL HAL to replace the old HIDL HAL.

Bug: 205764585
Test: Boot and check for avc denials
Change-Id: I1ca5ed4ff3b79f082ea2f6d3e81f60a64ca04855
 2022-06-09 22:39:15 +00:00
Treehugger Robot
27945bccb0 Merge "Add sepolicy for IBootControl AIDL" am: 921af40c4b am: 8fbf709eb0 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2050816

Change-Id: Ib687153be4608959548009903420a48def7e9891
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-08 10:32:27 +00:00
Kelvin Zhang
187cb2c64c Add sepolicy for IBootControl AIDL 
Test: th
Bug: 227536004
Change-Id: I1206b4aae1aab904a76836c893ee583b5ce54624
 2022-06-07 16:26:19 -07:00
Treehugger Robot
3e78ff7f5d Merge "Iorapd and friends have been removed" am: f6fefa9d61 am: 74607b608e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2098987

Change-Id: I6582ca6634d76a54e73900d76b9f3534cb04c192
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-19 09:57:40 +00:00
Jeff Vander Stoep
b07c12c39d Iorapd and friends have been removed 
Remove references in sepolicy. Leave a few of the types defined since
they're public and may be used in device-specific policy.

Bug: 211461392
Test: build/boot cuttlefish
Change-Id: I615137b92b82b744628ab9b7959ae5ff28001169
 2022-05-18 12:07:39 +02:00
Xinyi Zhou
2c05b69417 Change nearby from system_api_service to app_api_service am: 791567ece6 am: 4bf6ea7727 am: 223c2b078b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2064652

Change-Id: I2dc8d8ceb3d4e5d82b81d1980579c63ca3ca5fff
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-14 18:23:57 +00:00
Xinyi Zhou
791567ece6 Change nearby from system_api_service to app_api_service 
This fixes CTS tests where NearbyManager is null because of SELinux is
in enforcing mode. Detailed explanation: https://docs.google.com/document/d/1CiGn7Vg6LYwrMFvWonuK3fhNDCG5Sm4uCvefkvqpDcY/edit?usp=sharing

NearbyManager APIs are using BLUETOOTH_PRIVILEDGED permission so only System apps can use them.

Fix: 228273869
Test: -m
Change-Id: I091fbea408cea52e934cb6a3917226fb1b2adbc4
 2022-04-13 21:18:47 -07:00
Lorenzo Colitti
ce493bd00d Merge "Connectivity Native AIDL interface Sepolicy" am: bf8af42bf5 am: 5ef1893f50 am: 4d7cd06a40 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1943988

Change-Id: I330642784c6fddd6949a55156d1fa6b198425a4a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-01 22:36:20 +00:00
Lorenzo Colitti
bf8af42bf5 Merge "Connectivity Native AIDL interface Sepolicy" 2022-04-01 21:46:37 +00:00
Neha Pattan
1838513cca Merge "Sepolicy changes for adding new system service for AdServices." am: dcb324bdb3 am: e5d6614096 am: c5c329718a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2046744

Change-Id: I6f1d6ee7b30e7d6a5f26282268b4a56fa57cb873
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-04-01 19:33:33 +00:00
Neha Pattan
64ef8be1de Sepolicy changes for adding new system service for AdServices. 
Test: build
Bug: 216375107
Change-Id: I238ac3f8966ce05768aef17bd05217a9772cf2f3
 2022-03-28 19:26:50 +00:00
Bram Bonne
b93f26fd89 Move sdk_sandbox sepolicy to AOSP. 
Bug: 224796470
Bug: 203670791
Bug: 204989872
Bug: 211761016
Bug: 217543371
Bug: 217559719
Bug: 215105355
Bug: 220320098
Test: make, ensure device boots

Change-Id: Ia96ae5407f5a83390ce1b610da0d49264e90d7e2
Merged-In: Ib085c49f29dab47268e479fe5266490a66adaa87
Merged-In: I2215ffe74e0fa19ff936e90c08c4ebfd177e5258
Merged-In: I478c9a16032dc1f1286f5295fc080cbe574f09c9
Merged-In: Ibf478466e5d6ab0ee08fca4da3b4bae974a82db0
Merged-In: I5d519605d9fbe80c7b4c9fb6572bc72425f6e90a
Merged-In: I05d2071e023d0de8a93dcd111674f8d8102a21ce
Merged-In: I6572a7a5c46c52c9421d0e9c9fc653ddbd6de145
Merged-In: I1b6d1a778cb658bdfd930b684e4ba0640031b226
Merged-In: I9fb98e0caee75bdaaa35d11d174004505f236799
 2022-03-17 10:22:33 +01:00
Tyler Wear
691def4fd5 Connectivity Native AIDL interface Sepolicy 
Sepolicy files for new ConnectivityNative service.
This is a new service implemented in java accessible from
native code. Stable aidl is used to avoid having to manually write
the unparcling code in two different languages. A new service is
required because there is no connectivity service in the system
server that exposes a stable aidl interface.

Bug: 179733303
Change-Id: If2372712a4a8ac7b0631a2195aabc910d1a829cc
 2022-02-24 08:53:13 -08:00
Nikita Ioffe
e2da633ef7 Rename SupplementalProcess to SdkSandbox 
Ignore-AOSP-First: sepolicy is not in aosp, yet
Bug: 220320098
Test: presubmit
Change-Id: I9fb98e0caee75bdaaa35d11d174004505f236799
 2022-02-23 20:44:20 +00:00
Thiébaud Weksteen
e7d529fed6 Merge "Associate hal_service_type with all HAL services" am: b18abcdd51 am: 71b8ad6234 am: 351e89d5d3 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1987147

Change-Id: I7220245e469f58126ea4af0744690f907e9d2928
 2022-02-18 10:07:48 +00:00
Thiébaud Weksteen
373cf3ba8e Associate hal_service_type with all HAL services 
By default, HAL's services are not accessible by dumpstate. HIDL
implementations were silenced via a dontaudit on hwservice_manager. But
AIDL implementations will trigger a denial, unless authorized via
`dump_hal`. Mark all HAL services with a new attribute
`hal_service_type` so they can be ignored by dumpstate.

Test: m selinux_policy
Bug: 219172252
Change-Id: Ib484368fdeff814d4799792d57a238d6d6e965fd
 2022-02-16 10:49:21 +11:00
Treehugger Robot
a77159c365 Merge changes from topic "revert-1979386-revert-1967140-EVS_sepolicy_updates_T-MBLQTXKQEY-UVTCTRHQWF" am: 48f59f9ec2 am: 33f3804491 am: 35d788475c am: 05ef2c2c88 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1978173

Change-Id: Id411487bab280f9c0e5d5f575ec8d9e3154fd447
 2022-02-10 22:06:17 +00:00
Changyeon Jo
eacb1095a8 Revert^2 "Updates sepolicy for EVS HAL" 
418f41ad13

Bug: 216727303
Test: m -j selinux_policy on failed targets reported
      in b/218802298
Change-Id: Iec8fd2a1e9073bf3dc679e308407572a8fcf44d9
 2022-02-10 17:21:54 +00:00
Changyeon Jo
8c12609bce Revert^2 "Adds a sepolicy for EVS manager service" 
0137c98b90

Bug: 216727303
Test: m -j selinux_policy on failed targets reported
      in b/218802298
Change-Id: I2ae2fc85a4055f2cb7d19ff70b120e7b7ff0957d
 2022-02-10 17:21:14 +00:00
Mohammed Rashidy
1ea99c86e9 Merge changes from topic "revert-1967140-EVS_sepolicy_updates_T-MBLQTXKQEY" am: 7f1eaf1b45 am: aa0cb606c3 am: 3bed79292e am: f1ea833625 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1979387

Change-Id: I8ad7455e22999359816e3e47dfcb5b95845a63e4
 2022-02-10 12:32:56 +00:00
Mohammed Rashidy
5e3beea9bc Revert "Updates sepolicy for EVS HAL" am: 418f41ad13 am: 4d67e0d02b am: a46cbab128 am: 7f9b355e86 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1979386

Change-Id: I6e704950a709e76c8e2c5fdb3829487a4012f887
 2022-02-10 12:32:54 +00:00
Mohammed Rashidy
0137c98b90 Revert "Adds a sepolicy for EVS manager service" 
Revert submission 1967140-EVS_sepolicy_updates_T

Reason for revert: triggered revert due to breakage https://android-build.googleplex.com/builds/quarterdeck?branch=git_master&target=cf_x86_64_auto-userdebug&lkgb=8168894&lkbb=8168958&fkbb=8168947, bug b/218802298
Reverted Changes:
I730d56ab1:Allows hal_evs_default to read directories
I2df8e10f5:Updates sepolicy for EVS HAL
Ie6cb3e269:Adds a sepolicy for EVS manager service

Change-Id: I207c261bcf2c8498d937ab02c499bf709a5f1b15
 2022-02-10 10:07:44 +00:00
Mohammed Rashidy
418f41ad13 Revert "Updates sepolicy for EVS HAL" 
Revert submission 1967140-EVS_sepolicy_updates_T

Reason for revert: triggered revert due to breakage https://android-build.googleplex.com/builds/quarterdeck?branch=git_master&target=cf_x86_64_auto-userdebug&lkgb=8168894&lkbb=8168958&fkbb=8168947, bug b/218802298
Reverted Changes:
I730d56ab1:Allows hal_evs_default to read directories
I2df8e10f5:Updates sepolicy for EVS HAL
Ie6cb3e269:Adds a sepolicy for EVS manager service

Change-Id: I1cc37b0e56646db61bdb34cb209aefe7376c5a50
 2022-02-10 10:07:44 +00:00
Treehugger Robot
47f43ab23c Merge changes from topic "EVS_sepolicy_updates_T" am: 2cedd28cf9 am: 177cf20196 am: 85c9e1cf9e am: feb9f3f2c2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1967009

Change-Id: I112edf374e2b96e74f786897d580d396bec33c29
 2022-02-10 08:52:51 +00:00
Changyeon Jo
a083d7a8d8 Updates sepolicy for EVS HAL 
This CL updates hal_evs_default to be sufficient for the defautl EVS HAL
implementation and modifies other services' policies to be able to
communicate with EVS HAL implementations

Bug: 217271351
Test: m -j selinux_policy and Treehugger
Change-Id: I2df8e10f574d62f8b84e0ff0381656ab1b18b52f
 2022-02-10 01:42:59 +00:00
Changyeon Jo
5c3bc58163 Adds a sepolicy for EVS manager service 
Bug: 170401743
Bug: 216727303
Test: m -j selinux_policy and TreeHugger
Change-Id: Ie6cb3e269fc46a61b56ca93efd69fbc447da0e3d
 2022-02-10 01:42:21 +00:00
Jayant Chowdhary
58c0794156 Merge "System wide sepolicy changes for aidl camera hals." am: b00bf9d282 am: 4c51fa993e am: f3ccb9095a am: 887847beaa 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1975831

Change-Id: If90113a972d3f96bed74db0ae65da50caff1afbf
 2022-02-09 04:04:33 +00:00
Jayant Chowdhary
e3019be3db System wide sepolicy changes for aidl camera hals. 
Bug: 196432585

Test: Camera CTS

Change-Id: I0ec0158c9cf82937d6c00841448e6e42f6ff4bb0
Signed-off-by: Jayant Chowdhary <jchowdhary@google.com>
 2022-02-08 09:37:17 +00:00
Kevin Han
1c02210689 Merge "Extend visibility of hibernation service for CTS" am: 4d81dc33f8 am: 641d56be3f am: 461c5fd19d am: d9b5d64cdd 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1966099

Change-Id: I2af8f4ff4785dc779a4ef375e3230ad06bb77ec1
 2022-02-04 00:37:48 +00:00
Seth Moore
3f7ee1390e Add remotely provisioned key pool se policy am: a75cad0d0a am: 10ec76f621 am: 7a7ac7d5aa am: 38ed66df25 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1969539

Change-Id: If922ac778d3afbb210b284dfd167fc9212ef691f
 2022-02-04 00:00:45 +00:00
Kevin Han
4d81dc33f8 Merge "Extend visibility of hibernation service for CTS" 2022-02-03 23:43:03 +00:00