tequilaOS/platform_system_sepolicy

Author	SHA1	Message	Date
Treehugger Robot	b52c0719d0	Merge "Allow hal_codec2_server to read fifo_file from untrusted_app_all" into main	2023-12-07 23:10:50 +00:00
Sungtak Lee	cc2a7ddd66	Allow hal_codec2_server to read fifo_file from untrusted_app_all Test: m Bug: 254050314 Change-Id: I6f7968dd63258e3f5496205f70af180d71fd9517	2023-12-07 21:23:12 +00:00
Steven Moreland	bd2c72b393	Merge "allow watchdog to dump servicemanager" into main am: `073b71671c` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2858185 Change-Id: I3c209624087bbe691554c97cd0e48fcebabe3b58 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-12-07 18:33:19 +00:00
Steven Moreland	073b71671c	Merge "allow watchdog to dump servicemanager" into main	2023-12-07 18:08:08 +00:00
Jeffrey Vander Stoep	b6c262c238	Revert "Remove implicit access for isolated_app" This reverts commit `7ba4801b6e`. Reason for revert: b/315295188 Change-Id: Ib4a4d68763f68bc1cebe6528ce4b81188f35ba49 Test: build and run on Cuttlefish. Verify that isolated_app denials go away.	2023-12-07 16:52:28 +01:00
Tom Huang	76ab19469f	Merge "Add bluetooth finder service sepolicy" into main am: `226f837c4d` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2863825 Change-Id: Icf1fbce87dc07904e825e75a6243398c4f4b7305 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-12-07 05:16:45 +00:00
Tom Huang	226f837c4d	Merge "Add bluetooth finder service sepolicy" into main	2023-12-07 04:15:37 +00:00
kuanyuhuang	8826540b4b	Add bluetooth finder service sepolicy Bug: 314360499 Test: atest vts_treble_vintf_vendor_test Change-Id: Ie15b2bfcd488b215d197be685a4a7571aff639e5	2023-12-07 00:51:43 +00:00
Treehugger Robot	bd0d48b998	[automerger skipped] Merge "Making sys.boot.reason.last restricted" into android14-tests-dev am: `8deb864534` -s ours am: `aa06f39414` -s ours am skip reason: Merged-In I9f83ade92858056609bc665ecb6ce9b93eb051e4 with SHA-1 `957e8f37a1` is already in history Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2858607 Change-Id: Ie4f58aba326901c4da620477bab0732d6d1bd22b Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-12-06 14:10:52 +00:00
Alexei Nicoara	72725c14ac	[automerger skipped] Making sys.boot.reason.last restricted am: `c2af2e2ec4` -s ours am: `0b12bbe8c3` -s ours am skip reason: Merged-In I9f83ade92858056609bc665ecb6ce9b93eb051e4 with SHA-1 `957e8f37a1` is already in history Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2858607 Change-Id: Iccf5393227c0410bb1456866ddc7923cf5a03b08 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-12-06 14:10:49 +00:00
Treehugger Robot	aa06f39414	[automerger skipped] Merge "Making sys.boot.reason.last restricted" into android14-tests-dev am: `8deb864534` -s ours am skip reason: Merged-In I9f83ade92858056609bc665ecb6ce9b93eb051e4 with SHA-1 `957e8f37a1` is already in history Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2858607 Change-Id: I112b54b27a59cf7beac38efe0b5f20180621c4fb Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-12-06 13:21:25 +00:00
Alexei Nicoara	0b12bbe8c3	[automerger skipped] Making sys.boot.reason.last restricted am: `c2af2e2ec4` -s ours am skip reason: Merged-In I9f83ade92858056609bc665ecb6ce9b93eb051e4 with SHA-1 `957e8f37a1` is already in history Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2858607 Change-Id: I0e41e434d77733d3418727f896459e3276a0730b Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-12-06 13:21:20 +00:00
Treehugger Robot	8deb864534	Merge "Making sys.boot.reason.last restricted" into android14-tests-dev	2023-12-06 12:53:05 +00:00
David Drysdale	98c169553f	Merge "Allow for ISecretkeeper/default" into main am: `3f63eead74` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2829790 Change-Id: Ieb11eab2afcf05d9cde00938b9afe3350b53f769 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-12-06 11:21:07 +00:00
Ján Sebechlebský	ebc72434c8	Merge "Allow virtual camera to do binder calls to apps and vice versa." into main am: `7b6c59ad81` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2862025 Change-Id: Ibc038ea37f260e50b9b7137f466144460d9fe462 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-12-06 11:20:35 +00:00
David Drysdale	3f63eead74	Merge "Allow for ISecretkeeper/default" into main	2023-12-06 11:12:33 +00:00
Ján Sebechlebský	ba86b72848	Merge " Allow virtual camera service to find permission_service" into main am: `6a362c7fa8` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2859665 Change-Id: Iadb1ad2a5fa96401e7ea25645f447dff304f8ab5 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-12-06 11:08:17 +00:00
Ján Sebechlebský	7b6c59ad81	Merge "Allow virtual camera to do binder calls to apps and vice versa." into main	2023-12-06 10:23:15 +00:00
Ján Sebechlebský	6a362c7fa8	Merge " Allow virtual camera service to find permission_service" into main	2023-12-06 10:22:58 +00:00
Jan Sebechlebsky	6e1795cad0	Allow virtual camera to do binder calls to apps and vice versa. Virtual camera passes Surface to the app which internally uses binder to communicate with the other side of buffer queue. Bug: 301023410 Test: atest VirtualCameraTest Change-Id: I3ea23532a5077c0b57a6f74c7814b9fdf69829ea	2023-12-06 09:31:17 +01:00
Treehugger Robot	91b6feed24	Merge "crash_dump: read bootstrap libs" into main am: `116f36fdf8` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2860733 Change-Id: Ie88318906d183fc271b321b3f8a550739aa4bf1e Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-12-06 07:45:44 +00:00
Treehugger Robot	116f36fdf8	Merge "crash_dump: read bootstrap libs" into main	2023-12-06 06:20:14 +00:00
Steven Moreland	91497cc9db	crash_dump: read bootstrap libs Required for nicer stacks for crashes and ANRs, etc.. Bug: N/A Test: adb shell am hang, check servicemanager section no longer displays warnings now that that it is dumped by watchdog Change-Id: I49a93c1fec9c3219c11dc1a82440c7c2a1944010	2023-12-06 01:43:46 +00:00
Marie Matheson	c3c9ebe781	Merge "Allow isolated to read staged apks" into main am: `bce6591af7` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2854133 Change-Id: Ia140bce50b51b9218b6ba7dd2dac669cdc7b76f3 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-12-05 19:38:40 +00:00
Marie Matheson	bce6591af7	Merge "Allow isolated to read staged apks" into main	2023-12-05 17:57:17 +00:00
Marie Matheson	cf2694bf86	Allow isolated to read staged apks type=1400 audit(0.0:835): avc: denied { read } for path="/data/app/vmdl1923101285.tmp/base.apk" dev="dm-37" ino=29684 scontext=u:r:isolated_app:s0:c512,c768 tcontext=u:object_r:apk_tmp_file:s0 tclass=file permissive=0 Bug: 308775782 Test: Flashed to device with and without this change, confirmed that this change allows an isolated process to read already opened staged apk file Change-Id: I7226bae79344c3b2a5a0f59940dde6d64a8a7ea1	2023-12-05 15:17:19 +00:00
David Drysdale	8d1876b4f6	Allow for ISecretkeeper/default Test: VtsAidlAuthGraphSessionTest Bug: 306364873 Change-Id: I788d6cd67c2b6dfa7b5f14bc66444d18e3fd35d3	2023-12-05 14:33:47 +00:00
Jan Sebechlebsky	0959befc45	Allow virtual camera service to find permission_service Bug: 301023410 Test: atest CtsVirtualDevicesCameraTestCases Change-Id: I517fa4cdf6c3143eaf8ab9858e13159a7c5a818a	2023-12-05 14:20:39 +01:00
Jooyung Han	157848354e	Introduce vendor_apex_metadata_file A new label for ./apex_manifest.pb and ./ entries in vendor apexes. This is read-allowed by a few system components which need to read "apex" in general. For example, linkerconfig needs to read apex_manifest.pb from all apexes including vendor apexes. Previously, these entries were labelled as system_file even for vendor apexes. Bug: 285075529 Bug: 308058980 Test: m && launch_cvd Test: atest VendorApexHostTestsCases Change-Id: Icc234bf604e3cafe6da81d21db744abfaa524dcf Merged-In: Icc234bf604e3cafe6da81d21db744abfaa524dcf	2023-12-05 15:42:14 +11:00
Alexei Nicoara	c2af2e2ec4	Making sys.boot.reason.last restricted sys.boot.reason.last needs to be readable by SysUI to correctly display the reason why authentication is required to unlock the phone. Bug: 299327097 Bug: 308058980 Test: presubmit Change-Id: I9f83ade92858056609bc665ecb6ce9b93eb051e4 Merged-In: I9f83ade92858056609bc665ecb6ce9b93eb051e4	2023-12-05 14:56:03 +11:00
Steven Moreland	5830ddb1d9	allow watchdog to dump servicemanager Cmd line: /system/bin/servicemanager ABI: 'x86_64' "servicemanager" sysTid=202 NOTE: Function names and BuildId information is missing for some frames due NOTE: to unreadable libraries. For unwinds of apps, only shared libraries NOTE: found under the lib/ directory are readable. NOTE: On this device, run setenforce 0 to make the libraries readable. NOTE: Unreadable libraries: NOTE: /system/lib64/bootstrap/libc.so #00 pc 00000000000babda /system/lib64/bootstrap/libc.so #01 pc 0000000000017819 /system/lib64/libutils.so (android::Looper::pollAll(int, int, int, void**)+441) (BuildId: 2ed0ced7383d1676a37aed1236486ac3) #02 pc 0000000000011a25 /system/bin/servicemanager (main+1157) (BuildId: 509b83cb97addfa90aaa4ad911c2a3df) #03 pc 00000000000547a9 /system/lib64/bootstrap/libc.so Bug: 314088872 Test: adb shell am hang and check ANRs Change-Id: I7daf19a3afbd18aa93093fb152f9555022ece88f	2023-12-04 23:24:41 +00:00
Thiébaud Weksteen	57b93a9733	Merge "Fix dumpstate denials related to ot_daemon" into main am: `cba619bf60` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2854492 Change-Id: I232a38e79d8311dcbf8b0e0fac48f02d22fb8d5b Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-12-03 23:54:34 +00:00
Thiébaud Weksteen	cba619bf60	Merge "Fix dumpstate denials related to ot_daemon" into main	2023-12-03 23:09:01 +00:00
Daniel Norman	4ea95b1730	Merge "Allow system_server access to hidraw devices." into main am: `27bb0c60f6` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2855126 Change-Id: I6afaec68f2dc3f3436c6894d36e30ebcce874642 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-12-01 18:45:33 +00:00
Ted Wang	2ca6c9a46a	Merge "Add bluetooth finder hal" into main am: `fb82802fc0` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2836616 Change-Id: Ia3824b12b13d2f53c8770076a41c4c0da59fdf3b Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-12-01 18:16:59 +00:00
Daniel Norman	27bb0c60f6	Merge "Allow system_server access to hidraw devices." into main	2023-12-01 18:12:02 +00:00
Ted Wang	fb82802fc0	Merge "Add bluetooth finder hal" into main	2023-12-01 17:41:04 +00:00
Andrea Zilio	d7d0bc5b7f	Merge "Add pm.archiving.enabled system property" into main am: `1a3e09bdf1` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2852511 Change-Id: Icebf658d13eb7a1e20fae9932fbffe5ffd82e2a1 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-12-01 11:38:39 +00:00
Jeff Pu	0a522a3d8f	[automerger skipped] Add biometric face virtual hal service am: `e0755e0d68` -s ours am: `374f35be24` -s ours am skip reason: Merged-In I1f61b687be4abe53c62c21769fb57dc9cf9daf45 with SHA-1 `fb5d221b27` is already in history Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2854489 Change-Id: I94e3698227d268eec1f8f0a36b6d71dfc3f3b23f Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-12-01 11:38:04 +00:00
Andrea Zilio	1a3e09bdf1	Merge "Add pm.archiving.enabled system property" into main	2023-12-01 10:52:21 +00:00
Jeff Pu	374f35be24	[automerger skipped] Add biometric face virtual hal service am: `e0755e0d68` -s ours am skip reason: Merged-In I1f61b687be4abe53c62c21769fb57dc9cf9daf45 with SHA-1 `fb5d221b27` is already in history Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2854489 Change-Id: Ic29a37f6fd5248c578d334f83322ee9b3ef8133c Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-12-01 10:27:29 +00:00
Kangping Dong	e1ee768a97	Fix dumpstate denials related to ot_daemon Bug: 313794601 Test: atest android.security.cts.SELinuxHostTest#testNoBugreportDenials Change-Id: I5dfa427e3c7ad99ec21392d2f219f14b66dd6256	2023-12-01 13:02:38 +08:00
Jeff Pu	e0755e0d68	Add biometric face virtual hal service Bug: 228638448 Bug:313817413 Test: Manually following face virtual hal provisioning procedure Change-Id: I1f61b687be4abe53c62c21769fb57dc9cf9daf45 Merged-In: I1f61b687be4abe53c62c21769fb57dc9cf9daf45	2023-12-01 03:16:38 +00:00
Daniel Norman	4245d0413b	Allow system_server access to hidraw devices. This allows AccessibilityManagerService in system_server to interact with a HID-supported Braille Display. Bug: 303522222 Test: ls -z /dev/hidraw0 Test: plat_file_contexts_test Test: Open FileInputStream and FileOutputStream on this device path from AccessibilityManagerService (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:67a63cc046769759aa43cf1653f11e57c55cd1db) Merged-In: I2982e907bd2a70c1e4e8161647d6efd65110b99c Change-Id: I2982e907bd2a70c1e4e8161647d6efd65110b99c	2023-11-30 23:33:55 +00:00
Treehugger Robot	419203bea5	Merge "Fix dumpstate denials related to virtual_camera" into main am: `d3fe043eb8` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2852613 Change-Id: Ifd5829ddd964479ed7b53320a2470bc8e993138b Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-11-30 22:43:12 +00:00
Treehugger Robot	99cf9a3df5	Merge "Allow hal_codec2_server to read fifo_file" into main am: `f6a4cb8115` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2847905 Change-Id: Ia220902299ab47e6f80025527143605fe283c146 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-11-30 22:42:39 +00:00
Treehugger Robot	d3fe043eb8	Merge "Fix dumpstate denials related to virtual_camera" into main	2023-11-30 22:34:24 +00:00
Treehugger Robot	f6a4cb8115	Merge "Allow hal_codec2_server to read fifo_file" into main	2023-11-30 21:43:42 +00:00
Andrea Zilio	32ab868eac	Add pm.archiving.enabled system property Test: Builds and starts up fine on acloud Bug: 314160630 Change-Id: I1d90876979bcdb9416bb711f59678a0e640a3e89	2023-11-30 21:14:21 +00:00
Jan Sebechlebsky	de644175a9	Fix dumpstate denials related to virtual_camera Bug: 313794601 Test: atest android.security.cts.SELinuxHostTest#testNoBugreportDenials Change-Id: Ie5b7c89388190fa927f8c762b2e65557f9d9870b	2023-11-30 10:57:16 +01:00

... 3 4 5 6 7 ...

45609 commits