tequilaOS/platform_system_sepolicy

Author	SHA1	Message	Date
Jing Ji	d1b9526ea0	Merge "Add rules for an unix domain socket for system_server"	2020-01-17 18:53:19 +00:00
Automerger Merge Worker	b354eba19c	Merge "Allow adb start/stop mdnsd via ctl.start/stop" into qt-qpr1-dev am: `2192ec6223` Change-Id: I1bafff0ae8087a3c72209eb2a6edcaddc1e5d463	2020-01-17 18:44:15 +00:00
TreeHugger Robot	2192ec6223	Merge "Allow adb start/stop mdnsd via ctl.start/stop" into qt-qpr1-dev	2020-01-17 18:31:09 +00:00
Automerger Merge Worker	d3ec89c9a4	Merge "Rename the binder cache key for hasSystemFeature()" am: `2af7e0a1fb` am: `0dd7c6d30d` Change-Id: I001c7175432566937548f254ccd7185358838726	2020-01-17 15:45:15 +00:00
Automerger Merge Worker	0dd7c6d30d	Merge "Rename the binder cache key for hasSystemFeature()" am: `2af7e0a1fb` Change-Id: Ibf149b061871b27f7f7b0eb2cd3eb2f2443ead49	2020-01-17 15:35:45 +00:00
Lee Shombert	2af7e0a1fb	Merge "Rename the binder cache key for hasSystemFeature()"	2020-01-17 15:24:59 +00:00
Dario Freni	e4e4d8eeac	Add file contexts for com.android.extservices APEX. Bug: 147674123 Test: built on aosp_taimen and verified package is available from the apex. Change-Id: I416b3267c116b18b204dd63f999b127f52b1757a	2020-01-17 13:47:30 +00:00
Howard Chen	e978947408	Make the sepolicy for gsid cleaner Test: compile pass Change-Id: Id147035df1685134938b70f07599e6cecbdbb6f4	2020-01-17 14:23:53 +08:00
Automerger Merge Worker	872c4b45fa	Merge "priv_app: Remove permission to read from /data/anr/traces.txt" am: `2e5ce26f17` am: `33f9e754c9` Change-Id: I33e72a8c28031c3c97f60ea2258c646def8bdcf8	2020-01-17 03:39:26 +00:00
Automerger Merge Worker	bb1f2cc7c2	Merge "priv_app: Remove rules for ota_package_file" am: `71be259d73` am: `0f41baddc1` Change-Id: I95a647b21b857241bc02d4fe64062a73184d64c3	2020-01-17 03:39:12 +00:00
Automerger Merge Worker	03722182c2	Use vndk_prop for old vndk properties am: `291d6b379d` am: `ab605560e5` Change-Id: If7e4ee09b5a9a9f350152e482ead5f0fb79f31a4	2020-01-17 03:38:30 +00:00
Automerger Merge Worker	916ce82fe2	Merge "access_vectors: remove incorrect comment about mac_admin" am: `abba8e600e` am: `310719d3ea` Change-Id: I69b794db915f57d9d68ee04a86fe4cb84415634f	2020-01-17 03:37:39 +00:00
Automerger Merge Worker	f3d9a24c68	Merge "Add selinux contexts for system_config_service" am: `13722174b7` am: `4d6ca6c90f` Change-Id: I7cf77f5d717bb901379483bb1437f45e9234bd49	2020-01-17 03:36:14 +00:00
Automerger Merge Worker	33f9e754c9	Merge "priv_app: Remove permission to read from /data/anr/traces.txt" am: `2e5ce26f17` Change-Id: Ibaa103332a499d49b31f168deb6b7a0097f5de94	2020-01-17 03:28:05 +00:00
Automerger Merge Worker	0f41baddc1	Merge "priv_app: Remove rules for ota_package_file" am: `71be259d73` Change-Id: I6b580f34e0c035393bb0229f5bd1658795193a9b	2020-01-17 03:27:40 +00:00
Automerger Merge Worker	ab605560e5	Use vndk_prop for old vndk properties am: `291d6b379d` Change-Id: I051e06e9b8f0a49bf8cf8b58e1f18f13ce4853a6	2020-01-17 03:26:47 +00:00
Automerger Merge Worker	310719d3ea	Merge "access_vectors: remove incorrect comment about mac_admin" am: `abba8e600e` Change-Id: I21e45bcfd48abb4a0fc85e6451e1fa73f7907e9e	2020-01-17 03:25:38 +00:00
Automerger Merge Worker	4d6ca6c90f	Merge "Add selinux contexts for system_config_service" am: `13722174b7` Change-Id: Iaf58372d5922403a14c7870571f097438d94425e	2020-01-17 03:23:57 +00:00
Treehugger Robot	2e5ce26f17	Merge "priv_app: Remove permission to read from /data/anr/traces.txt"	2020-01-17 01:10:45 +00:00
Treehugger Robot	71be259d73	Merge "priv_app: Remove rules for ota_package_file"	2020-01-17 00:57:15 +00:00
Justin Yun	291d6b379d	Use vndk_prop for old vndk properties For vndk related properties, use vndk_prop context. vndk_prop can be defined by 'init' and 'vendor_init', but free to read by any processes. Bug: 144534640 Test: check boot to see if the VNDK properties are readable Change-Id: Ifa2bb0ce6c301ea2071e25ac4f7e569ea3ce5d83	2020-01-17 00:24:20 +00:00
Treehugger Robot	abba8e600e	Merge "access_vectors: remove incorrect comment about mac_admin"	2020-01-17 00:22:26 +00:00
Jing Ji	2b12440ff7	Add rules for an unix domain socket for system_server System_server will listen on incoming packets from zygotes. Bug: 136036078 Test: atest CtsAppExitTestCases:ActivityManagerAppExitInfoTest Change-Id: I42feaa317615b90c5277cd82191e677548888a71	2020-01-16 16:09:48 -08:00
Hai Zhang	f301cd299b	Add policies for permission APEX data directory. Bug: 136503238 Test: presubmit Change-Id: I636ab95070df4c58cf2c98b395d99cb807a7f243	2020-01-16 16:08:55 -08:00
Automerger Merge Worker	03a1842686	Merge "stable aidl Power HAL policy" am: `fbe4afa7aa` am: `4cb024e790` Change-Id: Ibd3e4024f15d0d488d3cda544e524efad2ac74f5	2020-01-16 22:57:07 +00:00
Automerger Merge Worker	2b4f17279d	Merge "Configure SELinux for PowerManager Caches" am: `fc52615d13` am: `6bc4c6660c` Change-Id: I4f605761fa3faa9b92f6535b9f3f595cbb304d8b	2020-01-16 22:56:54 +00:00
Lee Shombert	d3625cdcec	Rename the binder cache key for hasSystemFeature() The code that uses the property has not been committed, so this change has no impact on the codebase. Bug: 140788621 Test: build an image that combines this change with the client code and boot a phone. Verify that there are no policy violations. Change-Id: Ie6c1a791578c61adae5b71a38e61a2f5b20bb817	2020-01-16 14:56:27 -08:00
Ashwini Oruganti	565c685b35	priv_app: Remove permission to read from /data/anr/traces.txt We added an auditallow for this permission on 12/17/2019, and have not seen any recent logs for this in go/sedenials. No other priv-app should rely on this now that gmscore is running in its own domain. Bug: 147833123 Test: TH Change-Id: I96f810a55e0eb8f3778aea9598f6437de0f65c7f	2020-01-16 14:42:43 -08:00
Treehugger Robot	13722174b7	Merge "Add selinux contexts for system_config_service"	2020-01-16 22:41:42 +00:00
Wei Wang	4cb024e790	Merge "stable aidl Power HAL policy" am: `fbe4afa7aa` Change-Id: Id2791733129f015b4364774ebc3f79b84b043dc4	2020-01-16 14:40:30 -08:00
Collin Fijalkovich	6bc4c6660c	Merge "Configure SELinux for PowerManager Caches" am: `fc52615d13` Change-Id: I135086378fdb132480065629655f27264cbbd524	2020-01-16 14:40:05 -08:00
Wei Wang	fbe4afa7aa	Merge "stable aidl Power HAL policy"	2020-01-16 22:35:42 +00:00
Ashwini Oruganti	d61b0ce1bc	priv_app: Remove rules for ota_package_file We added auditallows for these permissions on 12/16/2019, and have not seen any recent logs for this in go/sedenials. No other priv-app should rely on this now that gmscore is running in its own domain. Bug: 147833123 Test: TH Change-Id: I4789b29462ef561288aeaabbdb1e57271d5fcd2a	2020-01-16 14:20:12 -08:00
Collin Fijalkovich	fc52615d13	Merge "Configure SELinux for PowerManager Caches"	2020-01-16 19:34:10 +00:00
Automerger Merge Worker	550e7f28dd	Merge "Fix spelling of 'system' for android.hardware.identity@1.0-service.example" am: `89277a412d` am: `91c15d1bc2` Change-Id: I51e479beeafdba3e49078efb79c46fcfa4cae116	2020-01-16 19:11:28 +00:00
Automerger Merge Worker	655a52aa90	Merge "DO NOT MERGE - Merge qt-qpr1-dev-plus-aosp-without-vendor (6129114) into stage-aosp-master" into stage-aosp-master am: `e141b5713a` Change-Id: Id16bf1a6a4cabc1d97c5b7e8572d3afb786db744	2020-01-16 19:07:23 +00:00
David Zeuthen	91c15d1bc2	Merge "Fix spelling of 'system' for android.hardware.identity@1.0-service.example" am: `89277a412d` Change-Id: Ifd1270d6fc278aaae44159140ce1165d1c9531d8	2020-01-16 10:47:10 -08:00
Treehugger Robot	89277a412d	Merge "Fix spelling of 'system' for android.hardware.identity@1.0-service.example"	2020-01-16 18:43:34 +00:00
Automerger Merge Worker	8fc512c313	DO NOT MERGE - Merge qt-qpr1-dev-plus-aosp-without-vendor (6129114) into stage-aosp-master am: `4761718f0b` Change-Id: I6208932ffa7b14922cb0e2d5de0971592655091b	2020-01-16 18:35:03 +00:00
TreeHugger Robot	e141b5713a	Merge "DO NOT MERGE - Merge qt-qpr1-dev-plus-aosp-without-vendor (6129114) into stage-aosp-master" into stage-aosp-master	2020-01-16 18:29:20 +00:00
Automerger Merge Worker	5f4f8d2429	Merge "Allow adbd to set/get persist.adb props, system_server to get." am: `bda9c33ab1` am: `ab5895c272` Change-Id: I4e7f5002e27d84be68db9e509d842d73aeb51a2a	2020-01-16 18:23:28 +00:00
Joshua Duong	ab5895c272	Merge "Allow adbd to set/get persist.adb props, system_server to get." am: `bda9c33ab1` Change-Id: I137ad8e14720729fd5ace7f6d5fef58dee324580	2020-01-16 09:56:58 -08:00
Joshua Duong	bda9c33ab1	Merge "Allow adbd to set/get persist.adb props, system_server to get."	2020-01-16 17:43:39 +00:00
Automerger Merge Worker	4e77006163	system_server: TelephonyManager reads /proc/cmdline am: `2951b4859d` Change-Id: I37906d269428d5e691395a1908aed9f647c27e11	2020-01-16 17:03:55 +00:00
Changyeon Jo	60c4276c15	Allow adb start/stop mdnsd via ctl.start/stop Bug: 128345139 Test: make selinux_policy Change-Id: I477d6d94c16974f23f703d5f334ef108279ab3bb Signed-off-by: Changyeon Jo <changyeon@google.com> (cherry picked from commit `cfeaa1c664`)	2020-01-16 08:26:51 -08:00
Automerger Merge Worker	f255e9a434	Merge "system_server: TelephonyManager reads /proc/cmdline" am: `834c964d66` am: `557a90196b` Change-Id: I6b3ace0cd3340c5e919eb00c44c1586cfe08483f	2020-01-16 16:10:16 +00:00
Jeff Vander Stoep	557a90196b	Merge "system_server: TelephonyManager reads /proc/cmdline" am: `834c964d66` Change-Id: I136556f053bd3ad8097278c0d7c7cf05b5e7d56d	2020-01-16 08:02:38 -08:00
Treehugger Robot	834c964d66	Merge "system_server: TelephonyManager reads /proc/cmdline"	2020-01-16 15:52:02 +00:00
Stephen Smalley	871546058d	access_vectors: remove incorrect comment about mac_admin CAP_MAC_ADMIN was originally introduced into the kernel for use by Smack and not used by SELinux. However, SELinux later appropriated CAP_MAC_ADMIN as a way to control setting/getting security contexts unknown to the currently loaded policy for use in labeling filesystems while running a policy that differs from the one being applied to the filesystem, in https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=12b29f34558b9b45a2c6eabd4f3c6be939a3980f circa v2.6.27. Hence, the comment about mac_admin being unused by SELinux is inaccurate. Remove it. The corresponding change to refpolicy is: `5fda529636` Test: policy builds Change-Id: Ie3637882200732e498c53a834a27284da838dfb8 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>	2020-01-16 10:29:15 -05:00
Stephen Smalley	51ed2f918d	access_vectors: remove flow_in and flow_out permissions from packet class These permissions were never checked upstream; they were only added to the kernel definitions when the peer class was added for consistency with Fedora SELinux policies by: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f67f4f315f31e7907779adb3296fb6682e755342 and were removed from the kernel's classmap in: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=47ac19ea429aee561f66e9cd05b908e8ffbc498a circa v2.6.39. NB These permissions do not appear to have ever been used in any Android policy, but the declarations do exist in the prebuilts/api/*/private/access_vectors files. This change does not update those files. The corresponding change was made to refpolicy in: `f4459adf32` Test: policy still builds Change-Id: Ic76c54b10fef2d5a688e5065e9f058f74f646820 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>	2020-01-16 10:17:12 -05:00

1 2 3 4 5 ...

23125 commits