tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
35237 commits 1 branch 0 tags 50 MiB
Commit graph

35237 commits

This branch
This branch
All branches
Author SHA1 Message Date
Treehugger Robot
bc5dd2e143 Merge "Add ro.boot.microdroid.app_debuggable" am: cb1e4682c8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1986511

Change-Id: I49ed965517379b6e7be57c2ce7d81cb77ab6e62b
 2022-02-16 13:08:55 +00:00
Treehugger Robot
cb1e4682c8 Merge "Add ro.boot.microdroid.app_debuggable" 2022-02-16 11:56:04 +00:00
Andrew Scull
b13117f3ba Add ro.boot.microdroid.app_debuggable 
This property is set in the bootconfig to reflect the debuggability of
the payload app. It is consumed microdroid_manager as a DICE input and
by compos to make choices based on the debuggability, e.g. not doing
test builds in non-debug states.

Bug: 219740340
Test: atest ComposHostTestCases
Test: atest MicrodroidTests
Change-Id: If84710f1fdbab957f5d19ce6ba3daad7e3e65935
 2022-02-16 09:40:27 +00:00
Treehugger Robot
2a17f21086 Merge "Revert^2 "Migrate contexts tests to Android.bp"" am: 8817edcbb4 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1987148

Change-Id: Ia3f3cb136477d4958a652a68389d3f8af9327d26
 2022-02-16 05:02:46 +00:00
Treehugger Robot
8817edcbb4 Merge "Revert^2 "Migrate contexts tests to Android.bp"" 2022-02-16 04:23:47 +00:00
Inseob Kim
b5e235346e Revert^2 "Migrate contexts tests to Android.bp" 
This reverts commit baa93cc651.

Reason for revert: amlogic build fixed

Change-Id: I8b046dc810d47a2d87012f02a668873889fce705
 2022-02-16 02:26:11 +00:00
Xin Li
9fced2e705 Skip SP2A.220305.012 
Bug: 219523960
Merged-In: Ied609152e6a9ba6d17b70db325ca33f1cb345eb8
Change-Id: Ie743f909429f36f876d16cb2d52b3bed971ef207
 2022-02-14 20:07:30 +00:00
Xin Li
f1f2839e6e Merge "Merge sc-v2-dev-plus-aosp-without-vendor@8084891" into stage-aosp-master 2022-02-14 17:31:17 +00:00
Ramji Jiyani
86cfb85d49 Merge "system_dlkm: sepolicy: add system_dlkm_file_type" am: ba8615a186 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1978574

Change-Id: I8c70b7c37e2d5a84b78f4b8862890c4a0d101f1d
 2022-02-11 18:52:59 +00:00
Daniel Norman
17327ac36a Merge "Expose the APEX multi-install props to non-root getprop." am: ea98866236 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1965921

Change-Id: I43a503e66debdf898e7987c9b4ebc9c8709144bb
 2022-02-11 18:52:06 +00:00
Ramji Jiyani
ba8615a186 Merge "system_dlkm: sepolicy: add system_dlkm_file_type" 2022-02-11 18:36:04 +00:00
Daniel Norman
ea98866236 Merge "Expose the APEX multi-install props to non-root getprop." 2022-02-11 18:25:27 +00:00
Xin Li
77c821174e Merge sc-v2-dev-plus-aosp-without-vendor@8084891 
Bug: 214455710
Merged-In: I129b5cb74259c9c028483e84c9b2ac3597c24701
Change-Id: I47ca55be668b9b2aabf86963b65b1403130ab802
 2022-02-11 06:58:07 +00:00
Keith Mok
64a1571f5d Merge "Update SEPolicy apexd for API 32" am: 9984dcb28e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1976997

Change-Id: I85bd1c4b700b95d17ff25b73779f5fa7f4d2f8bf
 2022-02-11 05:21:22 +00:00
Keith Mok
9984dcb28e Merge "Update SEPolicy apexd for API 32" 2022-02-11 05:03:20 +00:00
Ramji Jiyani
4a556890f9 system_dlkm: sepolicy: add system_dlkm_file_type 
Add new attribute system_dlkm_file_type for
/system_dlkm partition files.

Bug: 218392646
Bug: 200082547
Test: TH
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
Change-Id: I193c3f1270f7a1b1259bc241def3fe51d77396f3
 2022-02-11 04:19:33 +00:00
Treehugger Robot
6fa204250e Merge "Add microdroid sepolicy test support" am: 47b3505fbf 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1978387

Change-Id: I70801b12abc3d614d503c584ff0451a20d87d285
 2022-02-11 00:37:00 +00:00
Treehugger Robot
47b3505fbf Merge "Add microdroid sepolicy test support" 2022-02-11 00:22:27 +00:00
Keith Mok
16c0a350c5 Update SEPolicy apexd for API 32 
The bootchart problem need the selinux policy fix.
But it is missing API 32

Bug: 218729155
Test: Build
Change-Id: Ia011f8bcd52403980c2a6751bb612dd5b770e130
 2022-02-11 00:20:17 +00:00
Florian Mayer
3fc6370375 Merge "[MTE] Add property to specify default MTE mode for apps." am: 94782041d1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1976994

Change-Id: I32140e8f8e8081a5f91fb09df241ffa8931f5ba6
 2022-02-10 23:48:54 +00:00
Florian Mayer
94782041d1 Merge "[MTE] Add property to specify default MTE mode for apps." 2022-02-10 23:38:23 +00:00
Treehugger Robot
5c66bea55b Merge "dmesgd: sepolicies" am: f07e7c31a4 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1968400

Change-Id: I0afd007ea41fc82aa0887368bc2e84c94bf358d8
 2022-02-10 21:04:30 +00:00
Treehugger Robot
33f3804491 Merge changes from topic "revert-1979386-revert-1967140-EVS_sepolicy_updates_T-MBLQTXKQEY-UVTCTRHQWF" am: 48f59f9ec2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1978173

Change-Id: I82c6ff9bf4bcc3a572013b5afefb0123daaef7a3
 2022-02-10 21:03:47 +00:00
Treehugger Robot
f07e7c31a4 Merge "dmesgd: sepolicies" 2022-02-10 21:00:56 +00:00
Treehugger Robot
48f59f9ec2 Merge changes from topic "revert-1979386-revert-1967140-EVS_sepolicy_updates_T-MBLQTXKQEY-UVTCTRHQWF" 
* changes:
  Revert^2 "Updates sepolicy for EVS HAL"
  Revert^2 "Adds a sepolicy for EVS manager service"
 2022-02-10 20:50:42 +00:00
Kevin Jeon
b476cc1f23 Merge "Make Traceur seapp_context reflect platform status" am: 25dfbfec14 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1962019

Change-Id: I9a8a640707d12580a9144418e64d4868aa56d651
 2022-02-10 19:24:58 +00:00
Kevin Jeon
25dfbfec14 Merge "Make Traceur seapp_context reflect platform status" 2022-02-10 19:09:45 +00:00
Kevin Jeon
9118e3a5ca Make Traceur seapp_context reflect platform status 
Because Traceur is being signed with the platform key in aosp/1961100,
the platform seinfo identifier is being added to Traceur so that SELinux
will correctly identify it as a platform app.

Bug: 209476712
Test: - Checked that Traceur can still take normal and long traces on
        AOSP userdebug and internal user/userdebug.
      - Checked that the Traceur app is now located in /system/app/
	instead of /system/priv-app/.
Change-Id: Ibe7881d48798e3b71bb40e566fa8243cbb630b04
Merged-In: Ibe7881d48798e3b71bb40e566fa8243cbb630b04
 2022-02-10 17:51:28 +00:00
Alexander Potapenko
0a64d100b8 dmesgd: sepolicies 
dmesgd is a daemon that collects kernel memory error reports.

When system_server notices that a kernel error occured, it sets the
dmesgd.start system property to 1, which results in init starting
dmesgd.

Once that happens, dmesgd runs `dmesg` and parses its output to collect
the last error report. That report, together with the headers containing
device- and build-specific information is stored in Dropbox.

Empirically, dmesgd needs the following permissions:
- execute shell (for popen()) and toolbox (for dmesg),
  read system_log (for dmesg)
- read /proc/version (to generate headers)
- perform Binder calls to servicemanager and system_server,
  find dropbox_service (for dropbox)
- create files in /data/misc/dmesgd (to store persistent state)

Bug: 215095687
Test: run dmesgd on a user device with injected KFENCE bugs
Change-Id: Iff21a2ffd99fc31b89a58ac774299b5e922721ea
 2022-02-10 17:42:52 +00:00
Changyeon Jo
eacb1095a8 Revert^2 "Updates sepolicy for EVS HAL" 
418f41ad13

Bug: 216727303
Test: m -j selinux_policy on failed targets reported
      in b/218802298
Change-Id: Iec8fd2a1e9073bf3dc679e308407572a8fcf44d9
 2022-02-10 17:21:54 +00:00
Changyeon Jo
8c12609bce Revert^2 "Adds a sepolicy for EVS manager service" 
0137c98b90

Bug: 216727303
Test: m -j selinux_policy on failed targets reported
      in b/218802298
Change-Id: I2ae2fc85a4055f2cb7d19ff70b120e7b7ff0957d
 2022-02-10 17:21:14 +00:00
Treehugger Robot
1d087ac705 Merge "Support legacy apexdata labels" am: 605715d665 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1977066

Change-Id: Id2d5508fb56eae96da5d04fdcb907a410aeb102a
 2022-02-10 11:55:44 +00:00
Mohammed Rashidy
aa0cb606c3 Merge changes from topic "revert-1967140-EVS_sepolicy_updates_T-MBLQTXKQEY" am: 7f1eaf1b45 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1979387

Change-Id: I7f5e8791adc7e30a2f7c2da3c0658c2c33b88e4f
 2022-02-10 11:55:32 +00:00
Mohammed Rashidy
4d67e0d02b Revert "Updates sepolicy for EVS HAL" am: 418f41ad13 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1979386

Change-Id: If3080898b802cf7551c01c9425499591b815da6b
 2022-02-10 11:55:30 +00:00
Treehugger Robot
605715d665 Merge "Support legacy apexdata labels" 2022-02-10 11:44:11 +00:00
Mohammed Rashidy
7f1eaf1b45 Merge changes from topic "revert-1967140-EVS_sepolicy_updates_T-MBLQTXKQEY" 
* changes:
  Revert "Adds a sepolicy for EVS manager service"
  Revert "Updates sepolicy for EVS HAL"
 2022-02-10 11:38:40 +00:00
Mohammed Rashidy
0137c98b90 Revert "Adds a sepolicy for EVS manager service" 
Revert submission 1967140-EVS_sepolicy_updates_T

Reason for revert: triggered revert due to breakage https://android-build.googleplex.com/builds/quarterdeck?branch=git_master&target=cf_x86_64_auto-userdebug&lkgb=8168894&lkbb=8168958&fkbb=8168947, bug b/218802298
Reverted Changes:
I730d56ab1:Allows hal_evs_default to read directories
I2df8e10f5:Updates sepolicy for EVS HAL
Ie6cb3e269:Adds a sepolicy for EVS manager service

Change-Id: I207c261bcf2c8498d937ab02c499bf709a5f1b15
 2022-02-10 10:07:44 +00:00
Mohammed Rashidy
418f41ad13 Revert "Updates sepolicy for EVS HAL" 
Revert submission 1967140-EVS_sepolicy_updates_T

Reason for revert: triggered revert due to breakage https://android-build.googleplex.com/builds/quarterdeck?branch=git_master&target=cf_x86_64_auto-userdebug&lkgb=8168894&lkbb=8168958&fkbb=8168947, bug b/218802298
Reverted Changes:
I730d56ab1:Allows hal_evs_default to read directories
I2df8e10f5:Updates sepolicy for EVS HAL
Ie6cb3e269:Adds a sepolicy for EVS manager service

Change-Id: I1cc37b0e56646db61bdb34cb209aefe7376c5a50
 2022-02-10 10:07:44 +00:00
Sandro Montanari
d20a77319a Merge "Allow apexd to write to /metadata/sepolicy" am: 306fca99db 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1965103

Change-Id: I1aecfb46a194d837c62ac3ad14f84f03f5920a9b
 2022-02-10 10:01:30 +00:00
Sandro Montanari
306fca99db Merge "Allow apexd to write to /metadata/sepolicy" 2022-02-10 09:41:34 +00:00
Treehugger Robot
177cf20196 Merge changes from topic "EVS_sepolicy_updates_T" am: 2cedd28cf9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1967009

Change-Id: I6e25a9c2f0030539b1bbf5892c4fd51f931053b7
 2022-02-10 08:12:58 +00:00
Treehugger Robot
2cedd28cf9 Merge changes from topic "EVS_sepolicy_updates_T" 
* changes:
  Updates sepolicy for EVS HAL
  Adds a sepolicy for EVS manager service
 2022-02-10 08:02:04 +00:00
Maciej Żenczykowski
960f03e7e6 Merge "bpfdomain: attribute for domain which can use BPF" am: 337e6b1e1c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1978573

Change-Id: I4dfb42eedfec394488dea73910f11b23f08cfb92
 2022-02-10 07:25:40 +00:00
Maciej Żenczykowski
337e6b1e1c Merge "bpfdomain: attribute for domain which can use BPF" 2022-02-10 07:08:22 +00:00
Treehugger Robot
2379b4582c Merge "Fix se_policy_conf file output stem" am: 099b15ea2e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1978386

Change-Id: I7ad40cc5750a49f77ff015d979e140d357c1892d
 2022-02-10 03:24:26 +00:00
Treehugger Robot
099b15ea2e Merge "Fix se_policy_conf file output stem" 2022-02-10 03:08:30 +00:00
Changyeon Jo
a083d7a8d8 Updates sepolicy for EVS HAL 
This CL updates hal_evs_default to be sufficient for the defautl EVS HAL
implementation and modifies other services' policies to be able to
communicate with EVS HAL implementations

Bug: 217271351
Test: m -j selinux_policy and Treehugger
Change-Id: I2df8e10f574d62f8b84e0ff0381656ab1b18b52f
 2022-02-10 01:42:59 +00:00
Changyeon Jo
5c3bc58163 Adds a sepolicy for EVS manager service 
Bug: 170401743
Bug: 216727303
Test: m -j selinux_policy and TreeHugger
Change-Id: Ie6cb3e269fc46a61b56ca93efd69fbc447da0e3d
 2022-02-10 01:42:21 +00:00
Steven Moreland
6598175e06 bpfdomain: attribute for domain which can use BPF 
Require all domains which can be used for BPF to be marked as
bpfdomain, and add a restriction for these domains to not
be able to use net_raw or net_admin. We want to make sure the
network stack has exclusive access to certain BPF attach
points.

Bug: 140330870
Bug: 162057235
Test: build (compile-time neverallows)
Change-Id: I29100e48a757fdcf600931d5eb42988101275325
 2022-02-10 00:34:50 +00:00
Florian Mayer
360ddf5583 [MTE] Add property to specify default MTE mode for apps. 
Bug: 216305376
Change-Id: I9374c8681510037279deaf3e5ae011e8f9111f17
 2022-02-09 22:13:59 +00:00