tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
44861 commits 1 branch 0 tags 50 MiB
Commit graph

308 commits

Author SHA1 Message Date
Treehugger Robot
bbd374d9c6 Merge "Add BUILD_BROKEN_VENDOR_SEAPP_USES_COREDOMAIN" into main am: 54bacb776d am: 43c16bb862 am: 30be961a64 am: 91fe4f822e am: b6638a25d6 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2715179

Change-Id: I605fdb8a61126abc46ac0b53425976183f9ed63f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-08-22 05:20:51 +00:00
Treehugger Robot
30be961a64 Merge "Add BUILD_BROKEN_VENDOR_SEAPP_USES_COREDOMAIN" into main am: 54bacb776d am: 43c16bb862 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2715179

Change-Id: I246ca42a28663320cd90dbe8f1b4adb73f577fa6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-08-22 03:32:46 +00:00
Inseob Kim
d8de8757ae Add BUILD_BROKEN_VENDOR_SEAPP_USES_COREDOMAIN 
Starting from Android V, vendor seapp_contexts files can't assign
coredomain to vendor apps, as it's Treble violation. This build broken
variable is to suppress the enforcement for devices launching with U or
prior.

Bug: 280547417
Test: set BUILD_BROKEN_VENDOR_SEAPP_USES_COREDOMAIN := true and build
Change-Id: I7b91db8183a867aa490e490e56cb872ea830b21f
 2023-08-21 15:15:34 +09:00
Jeff Pu
edcaac62fd Merge "Add biometric face virtual hal service" into main am: 5a70ae0fc8 am: c7518dd417 am: eb5d11211f am: 1d60f4711f am: 827340f866 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2709670

Change-Id: I0afc11e844131b8cd5662bc6e8790e5be149d5b4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-08-18 15:06:03 +00:00
Jeff Pu
eb5d11211f Merge "Add biometric face virtual hal service" into main am: 5a70ae0fc8 am: c7518dd417 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2709670

Change-Id: I6a7d4504737edfcd9c323367457b125868146956
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-08-18 13:36:46 +00:00
Jeff Pu
fb5d221b27 Add biometric face virtual hal service 
Bug: 228638448
Test: Manually following face virtual hal provisioning procedure
Change-Id: I1f61b687be4abe53c62c21769fb57dc9cf9daf45
 2023-08-16 17:00:08 -04:00
Igor Zaslavsky
bef94b9a51 Merge "Add RemoteAuthService" into main am: 805daca25e am: ee962c027c am: ac6c122924 am: 9703f80cba am: bcbcc7dec5 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2693411

Change-Id: If03fd2307624c8fd3a026370417454b62bf64cfb
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-08-08 20:29:07 +00:00
Igor Zaslavsky
ac6c122924 Merge "Add RemoteAuthService" into main am: 805daca25e am: ee962c027c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2693411

Change-Id: If093d85c0fcb16c542e59bbeb9274c15fb5b9ba1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-08-08 18:16:22 +00:00
Jakob Schneider
cf9de37946 Merge "Add SEPolicy for the ArchiveManager/Service." into main am: 09916a69c9 am: ec62d1395c am: 8989b19ac4 am: bd99287bfd am: 2cf7d7d37e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2683127

Change-Id: I2c2313b57775d2217dd3d92bd5b2c81b3030ea8c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-08-04 19:56:57 +00:00
igorzas
7489e93613 Add RemoteAuthService 
Add SEPolicy for the RemoteAuth Manager/Service
Add Fuzzer exception, remote_auth service is going to be in Java and
Rust only

Design doc: go/remote-auth-manager-fishfood-design

Test: loaded on device.
Bug: 290092977
Change-Id: I4decb29b863170aed5e7c85da9c4b50c0675d3bd
 2023-08-04 17:55:14 +00:00
Jakob Schneider
8989b19ac4 Merge "Add SEPolicy for the ArchiveManager/Service." into main am: 09916a69c9 am: ec62d1395c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2683127

Change-Id: I30b8344bc537ec4ed11240fc601bc3d5ba5dc9a0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-08-04 17:38:17 +00:00
Jakob Schneider
09916a69c9 Merge "Add SEPolicy for the ArchiveManager/Service." into main 2023-08-04 16:10:01 +00:00
Jakob Schneider
5c5a6af643 Add SEPolicy for the ArchiveManager/Service. 
Test: boots - CTS coming in a future change
Change-Id: Ia42bc21e1523c7b225b7c84c3a3f18dd3ed1a54f
 2023-08-04 14:13:03 +01:00
Kangping Dong
52d81d653f Merge "add sepolicy rules for OT daemon binder service" into main am: 9d965761ca am: 0fb33095a4 am: 3d003e1519 am: 39f874cbed am: 872e6ef0e7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2648124

Change-Id: I1d8efc5cd19b825e094cad26941ab7fff9c31c14
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-08-03 18:12:16 +00:00
Kangping Dong
3d003e1519 Merge "add sepolicy rules for OT daemon binder service" into main am: 9d965761ca am: 0fb33095a4 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2648124

Change-Id: I2948438cddbe921c244e05f05b1a357675dbcef4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-08-03 16:00:51 +00:00
Kangping Dong
9d965761ca Merge "add sepolicy rules for OT daemon binder service" into main 2023-08-03 14:13:21 +00:00
Kangping Dong
0b3e8c62ee add sepolicy rules for OT daemon binder service 
Bug: 262681784
Change-Id: I3b4d3603709a761ad1410b81c0e5b4e4fc51c43c
 2023-08-03 13:31:53 +08:00
Treehugger Robot
be318de74d Merge "Add permission for VFIO device binding" into main am: 6ebc7deb48 am: 5b2f696b93 am: 1efce2fe90 am: 5c02b42429 am: 4585c9c223 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2682786

Change-Id: I344dceb3cf6b976b66a92bdfa84f845bf109f0d4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-08-02 14:13:12 +00:00
Treehugger Robot
1efce2fe90 Merge "Add permission for VFIO device binding" into main am: 6ebc7deb48 am: 5b2f696b93 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2682786

Change-Id: Idbe7867385fe39c7d8556d785b7370033d24cb9b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-08-02 12:05:46 +00:00
Inseob Kim
825056de9a Add permission for VFIO device binding 
vfio_handler will bind platform devices to VFIO driver, and then
return a file descriptor containing DTBO. This change adds
permissions needed for that.

Bug: 278008182
Test: adb shell /apex/com.android.virt/bin/vm run-microdroid \
      --devices /sys/bus/platform/devices/16d00000.eh --protected
Change-Id: Ie947adff00d138426d4703cbb8e7a8cd429c2272
 2023-08-02 15:06:51 +09:00
Inseob Kim
5d296d6a59 Ensure vendor seapp contexts can't use coredomain am: d7d3609af7 am: b2d5c7529c am: add7efee41 am: fa230d5e36 am: aeb73ff642 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2638235

Change-Id: I4c71a2ddc9846d2eb19143d3d4573be07e35717d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-31 05:24:52 +00:00
Inseob Kim
add7efee41 Ensure vendor seapp contexts can't use coredomain am: d7d3609af7 am: b2d5c7529c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2638235

Change-Id: Ic6a9f623746875170434ecd10ae2f8e2df630a13
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-31 03:19:58 +00:00
Inseob Kim
d7d3609af7 Ensure vendor seapp contexts can't use coredomain 
Bug: 280547417
Test: build
Change-Id: Iadff17523767f91f073c6569400e17f1da55fbdc
 2023-07-28 16:18:11 +09:00
Vadim Caen
1debb1f293 Merge "Policy for virtual_camera" into main am: bb59231998 am: 2199233cfd am: 3674481782 am: 96c681a8a1 am: 81bc867e73 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2655420

Change-Id: Ic708afb2898331a07a6c24f92ac9ae739d1406b0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-26 14:44:18 +00:00
Vadim Caen
3674481782 Merge "Policy for virtual_camera" into main am: bb59231998 am: 2199233cfd 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2655420

Change-Id: Ic8d5d7b1cdd0d72777cd8ac1bd58ad0a4f5fa619
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-26 12:53:11 +00:00
Vadim Caen
d64cf75c48 Policy for virtual_camera 
Adds a policy to run the virtual_camera process which:
 - registers a service implementing the camera HAL
 - registers a service to reveive communicate with virtual cameras via
   system_server

Bug: 253991421
Test: CTS test
android.virtualdevice.cts.VirtualDeviceManagerBasicTest#createDevice_createCamera

Change-Id: I772d176919b8dcd3b73946935ed439207c948f2b
 2023-07-25 19:27:48 +00:00
Zhanglong Xia
598767a95d Merge "Add sepolicy rules for Thread Network HAL" am: 87c6069fe1 am: a1c3cc2c1c am: b883c879d0 am: cc85dcfce1 am: 30bede645d am: b3b81fe79a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2646219

Change-Id: I896829516320004bbf146d883aea742f07593a43
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-01 04:11:28 +00:00
Zhanglong Xia
cc85dcfce1 Merge "Add sepolicy rules for Thread Network HAL" am: 87c6069fe1 am: a1c3cc2c1c am: b883c879d0 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2646219

Change-Id: I034e65e721add0682536f9a3534aa91a466c9398
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-07-01 02:00:13 +00:00
Zhanglong Xia
b2d1fbb7b2 Add sepolicy rules for Thread Network HAL 
Bug: b/283905423
Test: Build and run the Thread Network stack in Cuttlefish.
Change-Id: I783022c66b80274069f8f3c292d84918f41f8221
 2023-06-30 10:56:38 +08:00
Dave Mankoff
b07f8d7c81 SE Linux perimissions for Feature Flags Service am: 665cad0d2c am: 2793152d6f am: d28466469a am: ca71c58731 am: f9d8b6c725 am: adc96ed50b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2638309

Change-Id: I143b1710ac8ac550949ab5536761d1ed5b1f6b9e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-27 01:16:03 +00:00
Dave Mankoff
ca71c58731 SE Linux perimissions for Feature Flags Service am: 665cad0d2c am: 2793152d6f am: d28466469a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2638309

Change-Id: I39b99d528fce3c45756ff502ccdd6fb003dd4dc2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-26 21:06:54 +00:00
Dave Mankoff
665cad0d2c SE Linux perimissions for Feature Flags Service 
Bug: 279054964
Test: build && flash
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:a1f8ca3cd3c4861a06c5042148aab6623a563651)
Merged-In: I5fffaccba61e218496ac82ccf9ba308cf9892868
Change-Id: I5fffaccba61e218496ac82ccf9ba308cf9892868
 2023-06-26 13:42:45 +00:00
Treehugger Robot
b4000d369b Merge "Add MediaPlayerService fuzzer to bindings" am: 289fe96dc8 am: f0d5eb54ff am: f08a62ecd0 am: d36e33e82a am: 7ec0d19fe4 am: f83c9bd2d0 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2631949

Change-Id: If9d95e097e6eb174b4efd276e5946df27d18d32d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-23 23:17:55 +00:00
Treehugger Robot
d36e33e82a Merge "Add MediaPlayerService fuzzer to bindings" am: 289fe96dc8 am: f0d5eb54ff am: f08a62ecd0 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2631949

Change-Id: I7840a706313458384edc8d3ed6d31046a9c6e65a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-23 20:04:59 +00:00
Treehugger Robot
289fe96dc8 Merge "Add MediaPlayerService fuzzer to bindings" 2023-06-23 17:35:27 +00:00
Treehugger Robot
4e738540dd Merge "Remove flatten_apex: property" am: 7f7e8d79a9 am: d947550b6f am: a7627cf627 am: 8743379791 am: 2e5e101971 am: ec1771e501 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2628996

Change-Id: Ib132bbd0b7e08061101f4bde288c92fe994b7412
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-21 09:12:07 +00:00
Treehugger Robot
8743379791 Merge "Remove flatten_apex: property" am: 7f7e8d79a9 am: d947550b6f am: a7627cf627 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2628996

Change-Id: I928001ab7426a6a247315293d0b6a86e176f8bf1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-21 06:29:40 +00:00
Pawan Wagh
9f118c8d62 Add MediaPlayerService fuzzer to bindings 
Test: m
Bug: 232439428
Change-Id: I669c427279ce43fa614c68a02a468c3e64002537
 2023-06-20 22:50:45 +00:00
Jooyung Han
804e234ced Remove flatten_apex: property 
We no longer have targets using flattened apexes. Flattened apexes will
be removed from the build system.

Bug: 278826656
Test: m
Change-Id: I657e01dbfd2525b07c29a234277062d5ac2fab9f
 2023-06-20 15:41:05 +09:00
Pawan Wagh
08dfe8890d Merge "Add update service fuzzer to bindings" am: b4f463824c am: 02c84cec70 am: cf602ed963 am: 9e7493abb8 am: 3fb258b287 am: 320a3e4228 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2619905

Change-Id: I42d861aad0cd30b40751210de057cf655acd000e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-14 22:21:10 +00:00
Pawan Wagh
9e7493abb8 Merge "Add update service fuzzer to bindings" am: b4f463824c am: 02c84cec70 am: cf602ed963 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2619905

Change-Id: I179defcdef57cb4abe5e02c71e3c1e134bcc0f5f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-14 20:04:05 +00:00
Pawan Wagh
b4f463824c Merge "Add update service fuzzer to bindings" 2023-06-14 17:33:23 +00:00
Pawan Wagh
a620d1a96b Merge "Add credstore service fuzzer to bindings" am: 767dc6be06 am: e0f268a982 am: 252e98a0dc am: 01a43aec9b am: bc0bea24d0 am: 2f605f7560 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2619904

Change-Id: Ifabba81ab70025fa3c2b99f9a5e5a1fb60ff4aa8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-13 21:45:29 +00:00
Pawan Wagh
01a43aec9b Merge "Add credstore service fuzzer to bindings" am: 767dc6be06 am: e0f268a982 am: 252e98a0dc 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2619904

Change-Id: I6d6397e345bdb94149fd21a343eaa0a58abed686
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-13 18:03:17 +00:00
Pawan Wagh
767dc6be06 Merge "Add credstore service fuzzer to bindings" 2023-06-13 15:30:53 +00:00
Pawan Wagh
21f6f52922 Add update service fuzzer to bindings 
Test: m
Bug: 232439428
Change-Id: I9532d1d473d3b053f464df48169dc9b23951a095
 2023-06-09 00:01:54 +00:00
Treehugger Robot
9e607fa973 Merge "Add wificond service fuzzer to bindings" am: 34814e6d48 am: 5ed2584008 am: 1e8251cd60 am: 0aff4d4a79 am: 99b5189803 am: d5cb271637 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2611796

Change-Id: Id9ee6ff4a951c2cf2f339e9fe9f7b2907d9f1415
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-08 22:40:41 +00:00
Pawan Wagh
38cfa74af2 Add credstore service fuzzer to bindings 
Test: m
Bug: 232439428
Change-Id: Ie47e0e7a479f130935ada52a28d4e26e3bf07041
 2023-06-08 21:28:46 +00:00
Treehugger Robot
0aff4d4a79 Merge "Add wificond service fuzzer to bindings" am: 34814e6d48 am: 5ed2584008 am: 1e8251cd60 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2611796

Change-Id: Ieca50440bfed78bd54f5550454cf55d4eb0df510
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-08 20:35:22 +00:00
Treehugger Robot
34814e6d48 Merge "Add wificond service fuzzer to bindings" 2023-06-08 18:30:49 +00:00