tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
38782 commits 1 branch 0 tags 50 MiB
Commit graph

8840 commits

Author SHA1 Message Date
Juan Yescas
bec405a7c2 Add ro.boot.ddr_size sysprop to sepolicy 
srcs/android/sysprop/MemoryProperties.sysprop

This property is populated by property service from the kernel
command line parameter androidboot.ddr_size=XXXX. Vendors can set
this command line option from the bootloader.

Bug: 231718727
Test: n/a
Change-Id: I3fb8a18125081b1a30dee715831f5701964cb375
 2022-08-16 19:45:35 +00:00
Xin Li
122f787b8a Merge "DO NOT MERGE - Merge Android 13" 2022-08-16 19:11:36 +00:00
Katherine Lai
c6ad2cb247 Merge "Add bluetooth sniff and LE connection sysprops" 2022-08-16 16:57:12 +00:00
Gavin Corkery
b593054797 Stop auditing sdk_sandbox access to audio_service am: 5f7432546f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2186035

Change-Id: I9f76c4a336be806596ff6a4074b703dbda652b6d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-08-15 13:46:04 +00:00
Gavin Corkery
5f7432546f Stop auditing sdk_sandbox access to audio_service 
This service has valid use cases such as video players and should therefore not be audited.

Change-Id: I3a0cffb34429320a412a7c05220376c0b58e28a3
Test: make
Bug: 211632068
 2022-08-15 10:18:50 +00:00
Siim Sammul
0c09546a31 Merge "Allow creating /data/tombstones files by system_server. Needed for ag/18773746" am: 9c0d804b45 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2112289

Change-Id: Id5378c2791e0cc5f933df73849b511cbac6dce1e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-08-11 10:21:20 +00:00
Siim Sammul
9c0d804b45 Merge "Allow creating /data/tombstones files by system_server. Needed for ag/18773746" 2022-08-11 09:58:56 +00:00
Katherine Lai
e564c90cba Add bluetooth sniff and LE connection sysprops 
Added new sysprops to configure sniff parameters (max interval,
min interval, attempt, timeout) and LE connection parameters
(min/max connection interval, latency, supervision timeout,
direct connection timeout, scan interval/window)

Bug: 233119719
Bug: 233119457
Tag: #floss
Test: Manual
Change-Id: I9663e05067800ef79528bfbc7b626c29cf5514de
 2022-08-09 22:57:57 +00:00
Derek Smith
541d5421f7 Merge "traced_probes: allow perfetto to read buddyinfo proc entry" am: 5ff4b6ff78 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2175504

Change-Id: I74e8d437731cce2fa0e4d0f1f0ab8389559e903f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-08-05 21:40:36 +00:00
Derek Smith
5ff4b6ff78 Merge "traced_probes: allow perfetto to read buddyinfo proc entry" 2022-08-05 20:51:39 +00:00
Garfield Tan
0e76cc62b1 Allow zygote to read persist.wm.debug.* prop am: 49a8b76d4a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2175950

Change-Id: Ic901b7baa3b2ab71be3c72289b50d451e6526ba9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-08-05 20:40:24 +00:00
Garfield Tan
49a8b76d4a Allow zygote to read persist.wm.debug.* prop 
Window manager team wants to leverage system properties for feature
flags that need to be read in ViewRootImpl and other classes preloaded
in Zygote. Appdomain is allowed to read that permission in commit
I5808bf92dbba37e9e6da5559f8e0a5fdac016bf3.

Bug: 241464028
Test: Zygote can preload persist.wm.debug.* props.
Change-Id: I0c2ae63db53530c1facd8c2132f99c0d919b4ad8
 2022-08-04 14:48:06 -07:00
Derek Smith
f595029023 traced_probes: allow perfetto to read buddyinfo proc entry 
Allow perfetto to read the /proc/buddyinfo entry to trace
memory fragmentation of the system over time.

Test: Manual: Capture perfetto buddyinfo traces

Signed-off-by: Derek Smith <dpsmith@google.com>
Change-Id: If2336377ae241668496d2caf81c6eac6b50dd2ff
 2022-08-04 20:21:37 +00:00
Lokesh Gidra
92d617c0ce Revert "Move parts of sdk_sandbox from private to apex policy" am: 1269a179ac 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2170746

Change-Id: I934b9c6dfcb3f0656b72ed7247cd752b9a6fd3c7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-08-03 22:21:08 +00:00
Lokesh Gidra
1269a179ac Revert "Move parts of sdk_sandbox from private to apex policy" 
Revert "Add java SeamendcHostTest in cts"

Revert submission 2111065-seamendc

Reason for revert: b/240731742, b/240462388 and b/240463116
Reverted Changes:
I3ce2845f2:Move parts of sdk_sandbox from private to apex pol...
I0c10106e2:Add java SeamendcHostTest in cts

Test: revert cl
Change-Id: If9981796694b22b7cbfe1368cd815889c741e69d
 2022-08-03 14:24:04 +00:00
Max Bires
8d4c2f4496 Merge "Remove inapplicable comment." am: 3fc9964f1a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2172882

Change-Id: I6cd88fa85955fcac947a1c50a0153a1b9a83b9a5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-08-03 01:08:02 +00:00
Max Bires
3fc9964f1a Merge "Remove inapplicable comment." 2022-08-03 00:39:44 +00:00
Treehugger Robot
e558e909d4 Merge "Add sepolicy for bluetooth.core.gap.le.conn.min.limit sysprop" am: bc2ecffff5 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2170423

Change-Id: Ifd6b084143f9ec0ab0fe5a4eabbb276977ca5d03
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-08-02 19:32:04 +00:00
Max Bires
da19b45a14 Remove inapplicable comment. 
There don't seem to be any security issues raised by allowing crash dump
to access keystore. More specifically, all key material is encrypted by
KeyMint anyways in the absolute worst case, so even if key exposure
occurred, there would be no harm.

Fixes: 186868271
Test: The comment is gone.
Change-Id: Ib09fc8e1eaa3f1a0876139e175dc28be9e0d4a4a
 2022-08-02 11:01:25 -07:00
Steven Moreland
99d79a5737 Merge "servicemanager started property" am: 560a947de8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2161201

Change-Id: I37959f094a56b64a0e61141e8dca613a7294322d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-07-29 18:48:10 +00:00
Dorin Drimus
1c3cf830d9 Add sepolicy for bluetooth.core.gap.le.conn.min.limit sysprop 
Bug: 240709612
Change-Id: I893f5ec04a8abb4ecf724e9e179d0295a681b82b
Test: N/A, CL only adds the sysprop API sepolicy
 2022-07-29 18:45:52 +00:00
Steven Moreland
560a947de8 Merge "servicemanager started property" 2022-07-29 18:30:14 +00:00
Treehugger Robot
de453119e2 Merge "Update SELinux policy for app compilation CUJ." am: 9e2f8aa7a1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2160660

Change-Id: I76e3fa493a483a85fec07fd77f8aba15e4136b49
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-07-29 17:48:30 +00:00
Treehugger Robot
9e2f8aa7a1 Merge "Update SELinux policy for app compilation CUJ." 2022-07-29 17:22:44 +00:00
Jiakai Zhang
c871c1cc75 Update SELinux policy for app compilation CUJ. 
- Adapt installd rules for app compilation.

- Add profman rules for checking the profile before compilation. This is new behavior compared to installd.

Bug: 229268202
Test: -
  1. adb shell pm art optimize-package -m speed-profile -f \
       com.google.android.youtube
  2. See no SELinux denial.
Change-Id: Idfe1ccdb1b27fd275fdf912bc8d005551f89d4fc
 2022-07-29 14:07:52 +00:00
Steven Moreland
fd1eb68337 servicemanager started property 
If something starts before servicemanager does,
intelligently wait for servicemanager to start rather
than sleeping for 1s.

Bug: 239382640
Test: boot
Change-Id: If0380c3a1fce937b0939cd6137fcb25f3e47d14c
 2022-07-28 17:09:14 +00:00
Vlad Popa
91926a8b64 Merge "Add SELinux policy for accessing the AudioService" am: f503e3e7e2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2167262

Change-Id: I3a23093dcb121ef347a72a25137618b52ec3af01
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-07-28 12:48:20 +00:00
Vlad Popa
f503e3e7e2 Merge "Add SELinux policy for accessing the AudioService" 2022-07-28 09:18:03 +00:00
sandrom
dd5b63f702 Move parts of sdk_sandbox from private to apex policy am: e6971f1330 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2111065

Change-Id: I6711e1c15bbfd191ee1a4ad890e372563b873eab
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-07-27 16:33:05 +00:00
sandrom
e6971f1330 Move parts of sdk_sandbox from private to apex policy 
Bug: 236691128
Test: atest SeamendcHostTest

Change-Id: I3ce2845f259afb29b80e2d9b446aa94e64ef8902
 2022-07-27 13:39:06 +00:00
Vlad Popa
3fc7d83663 Add SELinux policy for accessing the AudioService 
This is used by the playback notification API to get a reference to the
AudioService with the help of the ServiceManager.

Change-Id: I70324cf0579fd029ee9b3a20115bdab9106d24a8
Test: avd/avd_boot_test
Bug: 235521198
 2022-07-27 12:11:50 +00:00
Matt Buckley
110d394660 Merge "Add ro.surface_flinger.enable_adpf_cpu_hint sysprop to sepolicy" am: ae7e3756ba 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2161459

Change-Id: I3e088f0c56907c6829f18ac9af6f61a7e42102bd
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-07-22 05:35:27 +00:00
Matt Buckley
ae7e3756ba Merge "Add ro.surface_flinger.enable_adpf_cpu_hint sysprop to sepolicy" 2022-07-22 05:17:27 +00:00
Matt Buckley
1b23789dfe Add ro.surface_flinger.enable_adpf_cpu_hint sysprop to sepolicy 
Add new sysprop to control adpf cpu hints for surfaceflinger

Bug: b/195990840
Test: n/a
Change-Id: I5460e4668a2d69af194649ec076489de22caa348
 2022-07-21 23:00:15 +00:00
Thiébaud Weksteen
19710d032e Merge "Remove key migration related changes" am: c5a3726e58 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2160358

Change-Id: I64b2b63672c8482216d9515718bd5b64de26c6dd
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-07-21 03:27:36 +00:00
Thiébaud Weksteen
c5a3726e58 Merge "Remove key migration related changes" 2022-07-21 01:20:53 +00:00
Katherine Lai
45ce880b05 Merge "Add bluetooth classic sysprops" am: 963596866a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2154517

Change-Id: I58363adb52d3cfa93fb86ef8ee24f95e41b55d60
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-07-20 20:56:52 +00:00
Katherine Lai
963596866a Merge "Add bluetooth classic sysprops" 2022-07-20 20:38:43 +00:00
John Wu
e5010a22a6 Remove key migration related changes 
Migrating keys across UIDs is no longer required

Test: m
Bug: 228999189
Change-Id: I33e85635a4fe82bf1f98a9bfcf505a1067b4ed91
 2022-07-20 15:19:37 +10:00
Maciej Żenczykowski
e65c35282a allow bpfloader to create symbolic links in /sys/fs/bpf am: d5098f99a9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2154891

Change-Id: I3d282bde16f20a11d341b43640960a9c38b54645
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-07-19 07:36:43 +00:00
Katherine Lai
9bddb0d32f Add bluetooth classic sysprops 
Added new sysprops to configure classic link supervision timeout,
page/inquiry scan activity, and page timeout

Bug: 233119719
Tag: #floss
Tag: #feature
Test: Manual
Change-Id: I92c598f97ca37486c208c7e37ad0d194f6f0b8b2
 2022-07-18 20:55:20 +00:00
Maciej Żenczykowski
d5098f99a9 allow bpfloader to create symbolic links in /sys/fs/bpf 
(this is to allow /sys/fs/bpf/tethering -> net_shared/tethering
 for InProcessTethering, ie. Android Go devices)

Bug: 190523685
Bug: 236925089
Test: TreeHugger, manually on aosp_cf_x86_go_phone-userdebug
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ifa52429f958b0af80f91af6bfb064c1cdf9cd070
 2022-07-18 05:14:44 -07:00
Jooyung Han
507b641085 Merge "Allow (hw)servicemanager use bootstrap bionic" am: 8fe0b28bf1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2152734

Change-Id: Ie004a6d7c7e284baf4cf20f057a91cbe649ce6e9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-07-15 00:34:25 +00:00
Jooyung Han
8fe0b28bf1 Merge "Allow (hw)servicemanager use bootstrap bionic" 2022-07-15 00:12:55 +00:00
Treehugger Robot
3b61b61c5a Merge "Allow system_server to signal InputProcessor HAL" am: 674d3e7822 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2152242

Change-Id: I8156dd48981a76ed08e68ed548b4cdd47b92e89c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-07-14 23:25:46 +00:00
Treehugger Robot
674d3e7822 Merge "Allow system_server to signal InputProcessor HAL" 2022-07-14 23:06:38 +00:00
Siarhei Vishniakou
4cb2d3c13d Allow system_server to signal InputProcessor HAL 
This is needed for Watchdog to be able to dump InputProcessor HAL.
Watchdog can be triggered locally for testing by patching
InputDispatcher.cpp:

 void InputDispatcher::monitor() {
     // Acquire and release the lock to ensure that the dispatcher has not deadlocked.
     std::unique_lock _l(mLock);
+    std::this_thread::sleep_for(std::chrono::minutes(40));
     mLooper->wake();
     mDispatcherIsAlive.wait(_l);

Bug: 237322365
Test: adb bugreport (after triggering watchdog)
Change-Id: I746df8be4faaef2a67293d6b1c0cde5fa7810de6
Merged-In: I746df8be4faaef2a67293d6b1c0cde5fa7810de6
 2022-07-14 22:05:07 +00:00
Nikita Ioffe
fb3df6dc4a Merge "Add apexd.config.loop_wait.attempts sysprop to sepolicy" am: 5dd9e3a320 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2152793

Change-Id: I6161cbd8f80aa3a2cb17c2af364ee6df9d5354f3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-07-14 10:34:05 +00:00
Nikita Ioffe
5dd9e3a320 Merge "Add apexd.config.loop_wait.attempts sysprop to sepolicy" 2022-07-14 10:15:56 +00:00
Jooyung Han
133ca4ea6b Allow (hw)servicemanager use bootstrap bionic 
Bug: 237672865
Test: m && boot
Change-Id: I436cf97c4c8e852e36cd1faa9da646c9f8a4d0a4
 2022-07-14 11:31:03 +09:00