This reverts commit a41bfab758.
Reason for revert: Automerger path causing the regression is no more
Change-Id: I4c9ab6f2e18c9d8157f5667bc98fcce00e78f93d
Current sepolicy expects the library located under /vendor/lib(64), but
the actual location of the library is /vendor/lib(64)/hw, as it defines
relative path 'hw'. This change corrects location of
android.hidl.memory@1.0-impl.so, so it can be labeled with
same_process_hal_file as expected.
Bug: 311298012
Test: Failing test passed over ABTD
Change-Id: Ib84dbde0742716d399f04ce8ec11a0c4f24be8b0
Using Join with the fully fledged input path as string
breaks setting a custom $OUT_DIR
Test: export OUT_DIR=`pwd`/out_custom && m nothing
Change-Id: Ie5043c0eb8e5f854be0d0d318008ea24f3d94c09
1. declare setupwizard_mode_prop for ro.setupwizard.mode
2. that prop could be set during vendor_init, so changed prop type
Bug: 310208141
Test: boot and check if there is no sepolicy issue
Change-Id: I89246ab2c686db139cad48550b860d69a41106ff
In AVF, virtualizationmanager checks the selinux label of given disk
image for proving whether the given image is edited maliciously.
Existing one(vendor_configs_file, /vendor/etc/*) was too wide to use for this purpose.
Bug: 285854379
Test: m
Change-Id: I6c966c92b238a2262d2eb7f41041ed4c359e9e0a
Narrow down the check for apex roots. It was 'read', but 'search' should
be enough.
Bug: 310528686
Test: m
Change-Id: Ibe5f2e948464580832d87e8d8364c33a437efed2
and consitently name service and process as "virtual_camera" (with
underscore)
Test: Cts VirtalCameraTest
Bug: 270352264
Change-Id: I2c6c0c03aab47aa1795cbda19af25e6661a0bf4a
am skip reason: Merged-In I9c5873181c925c6b8ebb411328d30aa519053acf with SHA-1 4db0e27a50 is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2827450
Change-Id: I408f1d5bec2f00214fc0472e1862a3a435cd055f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
am skip reason: Merged-In I9c5873181c925c6b8ebb411328d30aa519053acf with SHA-1 4db0e27a50 is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2827450
Change-Id: I6886db030bb1e2d8aa0bb3222c11307c0ccdc01d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
am skip reason: Merged-In Ie947adff00d138426d4703cbb8e7a8cd429c2272 with SHA-1 825056de9a is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2825716
Change-Id: I67fe9d38864e0f87211959b75d41a5f76a9ad031
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
Looks like we missed this, and so non-rooted locked devices can't override the persistent sysprops. On Pixel 8 for example, we ship with 'persist.arm64.memtag.system_server=off' by default (from some droidfood carry-overs), and this can't be edited (https://googleprojectzero.blogspot.com/2023/11/first-handset-with-mte-on-market.html).
We should allow these advanced users to set all the MTE properties on the device that they own, and they can already control the non-persistent properties.
Change-Id: Ie495f6f9ad43146a0bfcd5bb291fca3760467370
Test: N/A
Bug: N/A
payload_accessible_device label can be used by microdroid vendor's
file_contexts to allow payloads to access their assigned devices.
Bug: 306313100
Test: put vendor_file_contexts, boot microdroid, see labels
Change-Id: I91aeb3169d14160a2d80587e3eb2e7fde240f804
This adds two macros which can be used in te files and contexts files.
* is_flag_enabled(flag_name, codes)
* is_flag_disabled(flag_name, codes)
Also flag-guarding requires to process input files before any
validations. Property contexts test and seapp contexts test are
modified a little to handle that.
Bug: 306563735
Test: build with manual guarding
Change-Id: Ia1c6d00b7aab0da3901c19f16d553153aace018c
This will be used to guard sepolicy changes. Also this adds default
modules for se_policy_conf and contexts modules.
Bug: 306563735
Test: build
Change-Id: I9b3460aaca07d325e0f83a1e2bf0e57caa498101
Remove a duplicate entry with its comment as the sorting logic is not
applied since commit dfa4a48b.
Bug: 299839280
Test: m selinux_policy
Change-Id: I4fa556c2ff8f114b56bba7ab32fac1d17373ef8b
