tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
47467 commits 1 branch 0 tags 50 MiB
Commit graph

47467 commits

This branch
This branch
All branches
Author SHA1 Message Date
Mikhail Naganov
1460db3c7c Merge "audio: Provide a default implementation of IHalAdapterVendorExtension" into main am: c301f8ef3d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2930452

Change-Id: I78f36755805b4cfc220a92b4b779aa7e8c3a7f44
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-01 21:44:09 +00:00
Yuyang Huang
ec4196e1b7 Merge "Add system property bluetooth.sco.managed_by_audio" into main 2024-02-01 21:32:46 +00:00
Jeffrey Vander Stoep
a8a8cf9bac Merge "sepolicy: Grant hal_bluetooth_server to access tcp sockets" into main am: b3eeec1ac9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2899112

Change-Id: I813d09047c6cc81e273b556e42fe6f35efbdc098
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-01 21:30:49 +00:00
Jeffrey Vander Stoep
cbc0d73a19 Merge "sepolicy: Grant hal_bluetooth_server to access udp_socket" into main am: d3f08120bc 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2876771

Change-Id: Iee5bd4dd2adc6567b7f2e951e8556fcd8cbaf728
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-01 21:30:36 +00:00
Bubble Fang
484e50f68b Merge "Revert "Adding sepolicy rules for CrashRecoveryProperties"" into main am: e12fc98b59 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2943267

Change-Id: Iee5d52063db352425c217e3dc809ad9af017037c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-01 21:29:51 +00:00
Treehugger Robot
f610ab2296 Merge "Use /proc/device-tree for reading AVF DT" into main am: bb1c62ca16 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2938000

Change-Id: If0b9b806b163a26fcde5e2a2925d5421b25aad0f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-01 21:27:01 +00:00
Harshit Mahajan
af573353d3 Merge "Adding sepolicy rules for CrashRecoveryProperties" into main am: fedcb415a7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2931990

Change-Id: I79bfa1189aaa4406021d86101e4ac1ec4605c1fd
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-01 21:26:19 +00:00
Dan Shi
0ad6f6bdd6 Revert "audio: Provide a default implementation of IHalAdapterVe..." 
Revert submission 2929484-fix-b-321651892-ihaladapter

Reason for revert: possible cause of b/323385784

Reverted changes: /q/submissionid:2929484-fix-b-321651892-ihaladapter

Change-Id: I9664f8f9dd6eec159be7fbf3b148a12d44cef582
 2024-02-01 19:32:34 +00:00
Inseob Kim
ff3e91727c [automerger skipped] Remove hal_face_service virtual entry am: f447f4a624 -s ours 
am skip reason: Merged-In I1f61b687be4abe53c62c21769fb57dc9cf9daf45 with SHA-1 fb5d221b27 is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2935110

Change-Id: Ia809efc5132a240185d8f954215aaaa5ff40cf2f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-01 17:26:12 +00:00
Alan Stokes
aeab04ffcd Suppress spurious ipc_lock denials 
When running a VM from a root shell (e.g. via vm_shell), we see
frequent ipc_lock denials:

avc: denied { ipc_lock } for comm="crosvm" capability=14
scontext=u:r:crosvm:s0 tcontext=u:r:crosvm:s0 tclass=capability
permissive=0

These don't appear for non-root crosvm, and don't prevent the VM from
working. Suppress them to reduce log spam.

Test: Run vm_shell
Change-Id: I3b68ca9e3f15709a1f0fce285ba8916419ee82e8
 2024-02-01 17:01:20 +00:00
Mikhail Naganov
c301f8ef3d Merge "audio: Provide a default implementation of IHalAdapterVendorExtension" into main 2024-02-01 16:48:06 +00:00
Harshit Mahajan
7740a47b34 Revert^2 "Adding sepolicy rules for CrashRecoveryProperties" 
This reverts commit f76b3cf07a.

Reason for revert: This part is not causing failures

Change-Id: I3c01877f7473f35552e43433c069664276a99067
 2024-02-01 13:00:46 +00:00
Jeffrey Vander Stoep
b3eeec1ac9 Merge "sepolicy: Grant hal_bluetooth_server to access tcp sockets" into main 2024-02-01 10:07:34 +00:00
Jeffrey Vander Stoep
d3f08120bc Merge "sepolicy: Grant hal_bluetooth_server to access udp_socket" into main 2024-02-01 10:07:20 +00:00
Bubble Fang
e12fc98b59 Merge "Revert "Adding sepolicy rules for CrashRecoveryProperties"" into main 2024-02-01 08:44:38 +00:00
Bubble Fang
f76b3cf07a Revert "Adding sepolicy rules for CrashRecoveryProperties" 
Revert submission 2931990-cr-sysprop

Reason for revert: Causing CTS fail at b/323272250 b/323278067 b/323284822

Reverted changes: /q/submissionid:2931990-cr-sysprop

Change-Id: I41c3804cb5b6e0aff0cc8e90995d0e65888c7988
 2024-02-01 06:42:28 +00:00
Peter Lee
b1c857c824 Modify SELinux rules to allow vold to use the keymaster HAL directly. 
Description:
Since the Android N project uses Keymaster 1.5 and added full disk encryption support in vold when upgrading to Android T, the SELinux rules need to allow vold to use the keymaster HAL directly.

Bug: 319506037

Change-Id: Ib21c59156a6de0c2b148e33de2fe8efb3606e697
 2024-02-01 06:32:23 +00:00
Treehugger Robot
bb1c62ca16 Merge "Use /proc/device-tree for reading AVF DT" into main 2024-02-01 03:21:18 +00:00
Jaewan Kim
2141ad5877 Use /proc/device-tree for reading AVF DT 
Although /proc/device-tree is symlink to /sys/firmware/devicetree/base,
/proc/device-tree is the stable API but the absolute path may be
changed in the future.

Bug: 322465386
Test: atest CustomPvmfwHostTestCases
Change-Id: I81cbe8a4dddbac97e4fb94e6684d2a91127f3378
 2024-02-01 01:53:59 +00:00
Harshit Mahajan
fedcb415a7 Merge "Adding sepolicy rules for CrashRecoveryProperties" into main 2024-02-01 00:59:34 +00:00
Haining Chen
c269e3acee Merge "Add sepolicy for adaptive auth service" into main am: 2b8ddb7d7c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2926551

Change-Id: Ib7efb0b61d4a558fc80c7f716988966446cb4ef0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-01-31 20:36:46 +00:00
Haining Chen
2b8ddb7d7c Merge "Add sepolicy for adaptive auth service" into main 2024-01-31 19:58:26 +00:00
Yuyang Huang
d367ea8e6a Add system property bluetooth.sco.managed_by_audio 
Bug: 294134504
Test: m .
Change-Id: Ieab490d5a508beb6440751b8a0ac28b0e3e2c1bb
 2024-01-31 18:10:18 +00:00
Harshit Mahajan
3e37acd48f Adding sepolicy rules for CrashRecoveryProperties 
Restricting that properties can only be written by platform and module.
It will be read and written from init and sytem_server.

Bug: b/289203818
Test: m
Change-Id: Ie6b44d1222ec1a9fbfc9b90e0455588f9defe848
 2024-01-31 12:52:10 +00:00
Yanfei Zhou
3a739f9bed sepolicy: Grant hal_bluetooth_server to access udp_socket 
This change updates neverallow list to allow accessing udp
sockets from hal_bluetooth_server.

Bug: 305104428
Change-Id: Ic1d80c7cb1aa62969b541ee30686afd57ec51fb0
 2024-01-31 11:44:40 +00:00
Sumit Deshmukh
76e2176de8 sepolicy: Grant hal_bluetooth_server to access tcp sockets 
This change updates neverallow list to allow accessing tcp
sockets from hal_bluetooth_server.

Bug: 305104428
Change-Id: I609380108ccd7b73ed251dd006caa0849bf6c53c
 2024-01-31 11:36:49 +00:00
Hansen Kurli
ff6cb347be Remove all sepolicy relating to ppp/mtp. 
Legacy VPNs are removed, including the usage of mtpd/pppd.
Only the type ppp and mtp remain as there are usages elsewhere.

Bug: 161776767
Test: m, presubmit
Change-Id: I556b0daa55f9ea7bf844f6a52d10dda02e324ee0
 2024-01-30 17:46:49 +08:00
Inseob Kim
f447f4a624 Remove hal_face_service virtual entry 
Bug: 317187030
Test: TH
Change-Id: I309eb8091532a88ecd0af354399437fec3bcfa25
Merged-In: I1f61b687be4abe53c62c21769fb57dc9cf9daf45
 2024-01-30 10:08:04 +09:00
Xin Li
b96adcf722 Merge Android 24Q1 Release (ab/11220357) 
Bug: 319669529
Merged-In: Ia3c8bcddaed44d4dd03df6d504fecb61d999cbec
Change-Id: Iefabaeb2456a31cd008f6ccb6b4e924c87dc2f65
 2024-01-29 13:06:50 -08:00
Wonsik Kim
b4aec97ad4 Merge "mediaswcodec: Allow getprop for aac drc params" into main am: cf8ae3a3e4 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2817825

Change-Id: I2993aa1d9ab2ccffccb64eb378a859334be2be36
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-01-29 19:45:33 +00:00
Wonsik Kim
cf8ae3a3e4 Merge "mediaswcodec: Allow getprop for aac drc params" into main 2024-01-29 19:25:16 +00:00
Alan Stokes
9dae492da8 Merge "crosvm doesn't need IPC_LOCK" into main am: 31b6d34f6b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2928271

Change-Id: I08d3598b86c9a7dc01eaaa5a44eed49806745267
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-01-29 09:38:52 +00:00
Alan Stokes
31b6d34f6b Merge "crosvm doesn't need IPC_LOCK" into main 2024-01-29 09:19:43 +00:00
Treehugger Robot
f57e6f06aa Merge "Allow system_server to find hal_bluetooth with service_manager" into main am: 14d7483a93 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2911495

Change-Id: Ib4e902bc0140c69bf84ccded95a55ad70200d296
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-01-29 09:17:47 +00:00
Treehugger Robot
14d7483a93 Merge "Allow system_server to find hal_bluetooth with service_manager" into main 2024-01-29 08:48:23 +00:00
Ted Wang
fb2d929c48 Allow system_server to find hal_bluetooth with service_manager 
Bug: 322731389
Test: make and check if there is avc denied.
Change-Id: Ifb0fef383c42e7b6045dfa4ff9240ef2315be2f1
 2024-01-29 07:31:57 +00:00
Treehugger Robot
da434b804d Merge "Define file contexts for WebViewBootstrap apex." into main am: 99d0e2b7ee 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2928691

Change-Id: I4b9380e018055c2f54e459ed1826e39b0b20f217
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-01-27 03:06:59 +00:00
Treehugger Robot
99d0e2b7ee Merge "Define file contexts for WebViewBootstrap apex." into main 2024-01-27 02:23:20 +00:00
Mikhail Naganov
00c2fedc5a audio: Provide a default implementation of IHalAdapterVendorExtension 
This service is used by the audio server for translating
between legacy string KV pairs and AIDL vendor parameters.
It resides on the system_ext partition.

Since it has to be implemented by every SoC vendor, provide
an example implementation. This example service is added
to CF and GSI system_ext. Vendors can use their own names
and policy labels, the only thing that the audio server
depends on is the AIDL interface.

There is no fuzzer for this service because the example
implementation only contains trivial code (interface
methods are stubbed out).

Bug: 321651892
Test: atest audiorouting_tests
Change-Id: I8ab922660a30ffd44772987204ac4a28c1007c66
 2024-01-26 15:35:51 -08:00
Youngtae Cha
acc02bf04e Merge "Setting up SELinux policy for TelephonyCofnig" into main am: 0d106f832c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2908982

Change-Id: Ic98ba6bea40c2f99a670ed11812faf7a08e98afc
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-01-26 16:24:13 +00:00
Youngtae Cha
0d106f832c Merge "Setting up SELinux policy for TelephonyCofnig" into main 2024-01-26 15:37:46 +00:00
Alan Stokes
bc12bccd8f crosvm doesn't need IPC_LOCK 
crosvm calls mlock. It used to need this capability, but now we remove
the rlimit (in Virtualization Manager via Virtualization Service) so
it no longer needs it and in fact is no longer granted it.

(This was previously removed in
commit 88f98d96da, but accidentally
re-introduced in commit 88f98d96dae3fb2616e93969685cbd737c364a0f.)

Bug: 322197421
Test: atest MicrodroidTests
Change-Id: I091170d0cb9b5617584b687e7f24cff153e06c85
 2024-01-26 12:03:02 +00:00
Hansen Kurli
c95af29fe9 Merge "Remove all sepolicy relating to racoon" into main am: 59bd48484b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2849357

Change-Id: I6a1843d0b00a3ee82607be7cbe87849434ad162a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-01-26 10:24:56 +00:00
Hansen Kurli
59bd48484b Merge "Remove all sepolicy relating to racoon" into main 2024-01-26 09:48:22 +00:00
Andrea Zilio
913c1a7df8 Enable system server to read pm.archiving.enabled system property, as system server will need this check to have the archiving feature during testing. am: 410b2ae5fd 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2922326

Change-Id: I6a2bc767d298d5c7895a5c9ec6c7d6583c633ecc
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-01-26 03:53:58 +00:00
Andrea Zilio
410b2ae5fd Enable system server to read pm.archiving.enabled system property, as system server will need this check to have the archiving feature during testing. 
Change-Id: Ia75f3ea0570075e9600548e24e42f17a783187ba
Bug: 321730881
Test: Presubmit
 2024-01-26 01:50:27 +00:00
Torne (Richard Coles)
5c6353a757 Define file contexts for WebViewBootstrap apex. 
Set up minimal file_contexts for the com.android.webview.bootstrap APEX.

Bug: 318717084
Test: m com.android.webview.bootstrap
Change-Id: Id707617447dc44111891446eea442b31b7ff1b57
 2024-01-25 15:05:12 -05:00
Kangping Dong
093ef2e62d Merge "Add sepolicy for the Thread Network property" into main am: 943f869f1b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2906071

Change-Id: If290e7f97d61061b61d061ca3e33e583da2a120d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-01-25 10:11:19 +00:00
Kangping Dong
943f869f1b Merge "Add sepolicy for the Thread Network property" into main 2024-01-25 09:39:13 +00:00
Haining Chen
982295a6af Add sepolicy for adaptive auth service 
Bug: 285053096
Test: m -j
Change-Id: I549de0536071ff5622c54e86927b1f20dab9d007
 2024-01-24 15:47:14 -08:00