tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
33497 commits 1 branch 0 tags 50 MiB
Commit graph

415 commits

Author SHA1 Message Date
Janis Danisevskis
e1a289b66f Merge "Rename vpnprofilestore to legacykeystore." into sc-dev am: adb49d3df6 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/14981212

Change-Id: Ie341418b9491cd93e2af1ebe354f943e8ff85499
 2021-06-30 19:57:20 +00:00
Janis Danisevskis
4678660d83 Rename vpnprofilestore to legacykeystore. 
Bug: 191373871
Test: N/A
Merged-In: I3f11827909bd37a2127069de82670776a8e192b3
Change-Id: I3f11827909bd37a2127069de82670776a8e192b3
 2021-06-30 12:40:39 -07:00
Janis Danisevskis
ab433c765b Rename vpnprofilestore to legacykeystore. 
Ignore-AOSP-First: No mergepath from AOSP.
Bug: 191373871
Test: N/A
Change-Id: I3f11827909bd37a2127069de82670776a8e192b3
 2021-06-30 09:36:30 -07:00
Hasini Gunasinghe
7611870f49 Merge "Add keystore permission for metrics re-routing." into sc-dev am: 898fc5b39b 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/14937250

Change-Id: I881b239515d17f81099ed16d519e1071e80c68ea
 2021-06-30 13:32:33 +00:00
Hasini Gunasinghe
61d07e7ce0 Add keystore permission for metrics re-routing. 
Keystore2 atoms need to be rounted to statsd via a proxy.
The proxy needs to have this permission in order to pull metrics from
keystore.

Ignore-AOSP-First: No mergepath to AOSP.
Bug: 188590587
Test: Statsd Testdrive script
Change-Id: Ic94f4bb19a08b6300cfd2d3ed09b31d5b7081bfd
 2021-06-15 22:19:39 +00:00
Joanne Chung
a6657178f4 [Sepolicy] Change sepolicy name back to formal name. 
The feature is public, we can change the fake name to formal name.

Bug: 185550380
Test: build pass and can run service correctly
Merged-In: I956d916077f9a71cdf1df2f0be6f83e6f1f30a98

Change-Id: Idc29942eee6c2fd7658beb69ba62a70397176a66
 2021-06-10 11:02:27 +00:00
Andrew Walbran
591726e719 Merge "Rename VirtManager to VirtualizationService." am: 04e6256c94 am: 899b1fe7d7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1715889

Change-Id: I240395c0c2309009bb26cf5859670d10a5b109df
 2021-05-26 22:21:31 +00:00
Andrew Walbran
4b80a3fc3d Rename VirtManager to VirtualizationService. 
Bug: 188042280
Test: atest VirtualizationTestCases
Change-Id: Ia46a0dda923cb30382cbcba64aeb569685041d2b
 2021-05-21 14:47:30 +00:00
Chris Wailes
27cc792529 RESTRICT AUTOMERGE: Revert "Add SELinux properties for artd" 
This reverts commit 467d8a80ea.

Test: m
Bug: 184281926
Change-Id: Ie95c5f65645d8d372bae9e7ebc325a42b777c1e8
 2021-05-19 19:28:39 +00:00
Christian Wailes
6de8e5debe Merge "Add SELinux properties for artd" am: 6553a8dbe6 am: b9502c818f am: b921e1dac4 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1663786

Change-Id: Ie4bd8ae58edc80993c56ba3cf806135c716526fc
 2021-04-28 20:23:52 +00:00
Chris Wailes
467d8a80ea Add SELinux properties for artd 
Test: boot device and check for artd process
Change-Id: I2a161701102ecbde3e293af0346d1db0b11d4aab
 2021-04-27 14:49:13 -07:00
Treehugger Robot
f4014837fa Merge "Add permission checker service" am: 644639584b am: e8a381e3e4 am: 82d927bad8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1678585

Change-Id: I85473ed47a9ad47ba1356149644464821bd84a25
 2021-04-19 19:35:30 +00:00
Svet Ganov
214a65213a Add permission checker service 
bug: 158792096

Test: atest CtsPermission5TestCases

Change-Id: I9dbbf2fe84131ba38ac70e7171e3bd826c150640
 2021-04-17 23:41:50 +00:00
Joanne Chung
685748706d [Sepolicy] Change sepolicy name back to formal name. 
We use a fake name to prevent feature leak, we should change it back
before API freeze.

We will update the AOSP when our feature is public released.

Bug: 181179744
Test: build pass and can run service correctly
Ignore-AOSP-First: to prevent new feature leak.
Test: atest CtsTranslationTestCases

Change-Id: I956d916077f9a71cdf1df2f0be6f83e6f1f30a98
 2021-04-14 14:48:28 +00:00
Roshan Pius
34f5268532 Merge "Uwb: Create a new Uwb system service" am: 0b8eafb54b am: 4b47c80944 am: f5a723a306 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1673587

Change-Id: Iae266dda5077f501918f61d2ea7da7cd23f8ae9f
 2021-04-14 03:00:57 +00:00
Roshan Pius
2a1610b4e0 Uwb: Create a new Uwb system service 
This service will intercept all UwbManager API calls and then perform
necessary permission checks before forwarding the call to the vendor
UWB service. Adding sepolicy permissions for exposing the service that
handles all public API's.

Bug: 183904955
Test: atest android.uwb.cts.UwbManagerTest
Change-Id: Icce4d2f586926421c06e8902a91533002c380b8d
 2021-04-12 10:26:24 -07:00
Wei Wang
f03a24ef9d Merge "Rename hint service into performance_hint service" am: 4ea9b0b9df am: c8ee9a85e9 am: 77e2c3841e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1672505

Change-Id: Idf37a4be53029a6565dab626502136ab6d6dfbac
 2021-04-10 02:05:28 +00:00
Wei Wang
7b039717a9 Rename hint service into performance_hint service 
Bug: 158791282
Test: Compiles, boots
Signed-off-by: Wei Wang <wvw@google.com>
Change-Id: I1bd2757f90c040353a176f2dfd0142222753cf8f
 2021-04-09 12:35:10 -07:00
Wei Wang
a9a100fc1a Merge "Add SEpolicy for HintManagerService" am: a02227bd7a am: 9d42156d64 am: 415e3e994d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1664996

Change-Id: I3c120ca74f9cf8b301ab923f0e5411c1da6bd796
 2021-04-06 18:23:57 +00:00
Wei Wang
4b98ddfee4 Add SEpolicy for HintManagerService 
Bug: 158791282
Test: Compiles, boots
Signed-off-by: Wei Wang <wvw@google.com>
Change-Id: I76ad7858076b47990e5ddf3acb880443d0074e42
 2021-04-06 00:01:57 -07:00
Kalesh Singh
d7de639f20 Merge "Memtrack Proxy Service Sepolicy" am: ca0e35d633 am: ebedb3dd20 am: 788990af1a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1657039

Change-Id: Iaaa68abb8ab78b763b42040d4c333d6c502bdb2c
 2021-04-05 20:52:52 +00:00
Kalesh Singh
58fdefc953 Memtrack Proxy Service Sepolicy 
Bug: 177664629
Test: Boot; No avc denials;
Change-Id: Ieae6b1dc446a91aca26fdf1314690ca30b0ed5c5
 2021-04-01 00:44:00 -04:00
Steven Moreland
53214fefd9 Merge "Remove old binder interface entry for keystore2" am: 0369e8ba9d am: 6a3aec4f4d am: f4c61816f8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1654452

Change-Id: I78b6157c451dc253459a5bb3c59b29c223beed32
 2021-03-31 00:21:14 +00:00
Stephen Crane
31f4eae342 Remove old binder interface entry for keystore2 
Now that keystore2 is a VNDK stable interface, we need to remove the
legacy unqualified interface from the keystore service context.

Test: Compile, boot, and ensure no SELinux violations for keystore2 service
Change-Id: I770c08eae9690b0dc0e2bae86c9ef72f9540d2f4
 2021-03-29 21:40:38 +00:00
Steven Moreland
74478747f0 Merge "Add IKeystoreService interface to keystore_service" am: 2d2f8af278 am: a5018de37c am: 057ee13375 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1627399

Change-Id: I6f5d81d4d0e49a15d64fd2c52f2701b1dbf59ce7
 2021-03-29 19:08:45 +00:00
Steven Moreland
2d2f8af278 Merge "Add IKeystoreService interface to keystore_service" 2021-03-29 17:02:31 +00:00
Jeffrey Vander Stoep
e972d93ee2 Merge "virtmanager: add selinux domain" am: 48740d0d6b am: 49c5eeb4bd am: 29d3f92f0a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1654408

Change-Id: I3b59de07d23b4db357843ae3686063a2424b3510
 2021-03-29 09:04:42 +00:00
Jeff Vander Stoep
f16527f6cf virtmanager: add selinux domain 
Address any denials in the log - currently just adding
the virtualization service.

Bug: 183583115
Test: ps -AZ | grep virtmanager
u: r:virtmanager:s0             virtmanager   2453     1 10930880  4544 0                   0 S virtmanager
Change-Id: Ie034dcc3b1dbee610c591220358065b8508d81cf
 2021-03-25 22:22:05 +01:00
Treehugger Robot
289fef6cb5 Merge "Add soundtrigger3 HAL (AIDL) to sepolicy" am: 80acc2812e am: 08765f2b4e am: 5437929469 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1649829

Change-Id: I2173b5777c67a39b1534c79f35f6ed3b48794b21
 2021-03-24 03:02:14 +00:00
Ytai Ben-Tsvi
9eaf3be545 Add soundtrigger3 HAL (AIDL) to sepolicy 
Test: Compile and boot. Don't yet have a HAL implementation to test
      with.
Change-Id: I387abd0e8913eef865cba2aee0a4ef714232bb19
 2021-03-23 10:34:19 -07:00
Stephen Crane
25a0df28a6 Add IKeystoreService interface to keystore_service 
IKeystoreService is a VINTF stability interface, and keystore2 is now
using this interface correctly from Rust.

Test: m && adb shell start keystore2
Bug: 179907868
Change-Id: I3b583df2fac7e6bca7c1875efb7650f9ea0a548c
 2021-03-22 11:46:59 -07:00
Thierry Strudel
49ef5dcf5e rename power_stats service to powerstats 
Ignore-AOSP-First: powerstats service is new in Android S and not in AOSP
Tests: adb shell incident -b > incident_report.proto
Tests: dumpsys powerstats
Tests: atest FrameworksServicesTests:PowerStatsServiceTest
Bug: 159813106
Signed-off-by: Thierry Strudel <tstrudel@google.com>
Change-Id: I25c9d5ea9af2e4768938342c977a6d888420de87
 2021-03-15 16:58:13 -07:00
Aaron Huang
eaf9fa72c3 Merge "Add selinux policies for pac_proxy_service" am: 68e7eaf35d am: 14716bb880 am: 13e3769f74 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1553997

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I4100b47e48094bfe86ca6ec43bc26c1a3efd55c7
 2021-03-15 12:56:09 +00:00
Aaron Huang
68e7eaf35d Merge "Add selinux policies for pac_proxy_service" 2021-03-15 11:49:45 +00:00
Treehugger Robot
9b56cbc670 Merge "Keystore 2.0: Rename KeystoreUserManager to KeystoreMaintenance" am: 20a1a984ad am: 3a40fd261a am: 745e5fd871 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1622582

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: Ifc82d58908c74fc2ae0f8807f9c99291cf5a8b93
 2021-03-11 13:01:02 +00:00
Janis Danisevskis
f3fe4cfc06 Keystore 2.0: Rename KeystoreUserManager to KeystoreMaintenance 
Test: N/A
Change-Id: I40c07e40cb0a852814058fe89d57c44ea85f1994
 2021-03-09 14:35:16 -08:00
Aaron Huang
e2e39dfba3 Add selinux policies for pac_proxy_service 
The policies allow system server to register a pac_proxy_service.

Bug: 177035719
Test: FrameworksNetTests

Change-Id: Idf64dc6e491f5bce66dcab2dbf15823c8d0c2403
 2021-03-03 20:18:44 +08:00
Janis Danisevskis
360bc8c4b3 Merge "Keystore 2.0: Add policy for vpnprofilestore" am: ffdbf4370a am: 99590f81c5 am: 9a04a6e84f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1569720

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I348a2761c8a65d57943c9531e4a1efd6711b61b0
 2021-03-01 08:04:30 +00:00
Janis Danisevskis
291bc98a36 Keystore 2.0: Add policy for vpnprofilestore 
Test: N/A
Change-Id: Iba6ca7be95dfcead8ce8ee17d6a6d78a5441d58f
 2021-02-23 13:24:52 -08:00
Janis Danisevskis
13de5cd5b2 Merge "Keystore 2.0: Add permissions and policy for user manager AIDL." am: 1aad552cfd am: 5d5296e396 am: 17a5923e03 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1560611

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I708bf1c7939df174daaa4908f0fb828c5de5d66a
 2021-02-19 01:25:11 +00:00
Janis Danisevskis
1aad552cfd Merge "Keystore 2.0: Add permissions and policy for user manager AIDL." 2021-02-18 23:00:29 +00:00
Hasini Gunasinghe
685ca0c888 Keystore 2.0: Add permissions and policy for user manager AIDL. 
Bug: 176123105
Test: User can set a password and unlock the phone.
Change-Id: I96c033328eb360413e82e82c0c69210dea2ddac9
 2021-02-17 08:55:31 -08:00
Treehugger Robot
5f5a9d836d Merge "Adding SEPolicy for IRemotelyProvisionedComponent" am: 5ace493461 am: d074d435c8 am: 621d0198c5 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1569961

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I9d998ef60d046c571f5803b750b1b0c38fc47987
 2021-02-17 01:38:12 +00:00
Max Bires
d2a9e6e630 Adding SEPolicy for IRemotelyProvisionedComponent 
This SEPolicy change allows the hal_keymint domain to add
hal_remotelyprovisionedcomponent_service to hwservice_manager.

Test: The Keymint HAL can successfully start an instance of
IRemotelyProvisionedComponent

Change-Id: I15f34daf319e8de5b656bfacb8d050950bf8f250
 2021-02-15 20:48:45 -08:00
Treehugger Robot
6cc2899475 Merge "The SE Policies to incorporate ISecureClock and ISharedSecret services along with IKeyMintDevice service into default keymint HAL Server. Test: Rebuild, execute and run atest VtsAidlSharedSecretTargetTest and atest VtsAidlSecureClockTargetTest. Bug: b/171844725, b/168673523." am: 98e48ac6b4 am: cf5f18538e am: b4781f0eca 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1562770

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: Idea77691f9239721d3254c397563924db7eac4e8
 2021-02-12 05:50:19 +00:00
Shubang Lu
7336caac0d Merge "Add SE policy for media_metrics" am: a19f9d2455 am: fd40534a40 am: 31cd19cb1e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1580990

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I914da5f2f5d9e4781db22823099de6df92653df8
 2021-02-12 05:50:05 +00:00
Treehugger Robot
98e48ac6b4 Merge "The SE Policies to incorporate ISecureClock and ISharedSecret services along with IKeyMintDevice service into default keymint HAL Server. Test: Rebuild, execute and run atest VtsAidlSharedSecretTargetTest and atest VtsAidlSecureClockTargetTest. Bug: b/171844725, b/168673523." 2021-02-12 02:42:35 +00:00
shubang
2210767054 Add SE policy for media_metrics 
Test: CTS;
Change-Id: Ib9382f2513d8fd0e6812d0157c710d0ad5817231
 2021-02-11 18:38:07 +00:00
Vova Sharaienko
9a1fa1a5a5 Merge "Stats: new sepolicy for the AIDL service" am: e8d2732651 am: 28497aaed1 am: 5b1e49a609 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1570880

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: Ieb9cb60e84a824135efc824d8f4d13dcedc2bcc9
 2021-02-11 04:44:52 +00:00
Vova Sharaienko
e8d2732651 Merge "Stats: new sepolicy for the AIDL service" 2021-02-11 03:07:56 +00:00
Vova Sharaienko
c64a5b42aa Stats: new sepolicy for the AIDL service 
Allows the AIDL IStats service to be exposed via ServiceManager
Defines IStats service client domain to be used by pixelstats_vendor

Bug: 178859845
Test: Build, flash, and aidl_stats_client
Change-Id: If41e50d0182993d0b7f8501e9147e0becf526689
 2021-02-10 23:48:35 +00:00
Chirag Pathak
814e89a1b2 The SE Policies to incorporate ISecureClock and ISharedSecret services along with IKeyMintDevice service into default keymint HAL Server. 
Test: Rebuild, execute and run atest VtsAidlSharedSecretTargetTest and atest VtsAidlSecureClockTargetTest.
Bug: b/171844725, b/168673523.

Change-Id: I8b81ec12c45566d31edcd117e41fd559df32c37d
 2021-02-10 18:45:07 +00:00
Treehugger Robot
654695c91b Merge "SEPolicy for RemoteProvisioning App" am: e6654e8bfd am: 1018f58e44 am: a49cceb4a3 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1536783

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I0488fb9454347af8b93b55253f157757589733f7
 2021-02-10 05:33:07 +00:00
Treehugger Robot
e6654e8bfd Merge "SEPolicy for RemoteProvisioning App" 2021-02-10 04:20:52 +00:00
Collin Fijalkovich
2420721a4d Merge "Configure sepolicy for TracingServiceProxy" am: 1f318c8cab am: 0ac7fa9374 am: 6890c61dab 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1528451

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I028cd1890fd00767a3e2e7023ecf27748b974ab0
 2021-02-08 21:36:53 +00:00
Collin Fijalkovich
1f318c8cab Merge "Configure sepolicy for TracingServiceProxy" 2021-02-08 17:24:06 +00:00
Treehugger Robot
ad00e4b605 Merge "Fix service name for VPN_MANAGEMENT_SERVICE." am: 47d078e1d4 am: cdccadbb6c am: 21712f0049 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1579864

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: If8a79459398dd325a500a3baf30057dd3ea8dfcf
 2021-02-08 11:21:01 +00:00
Max Bires
23f0f3b28a SEPolicy for RemoteProvisioning App 
This change adds the SEPolicy changes required to support the remote
provisioning flow. The notable additions are specifically labeling the
remote provisioning app and giving it access to find the remote
provisioning service which is added in keystore. It also requires
network access in order to communicate to the provisioning servers.

This functionality is extremely narrow to the point that it seems worth
it to define a separate domain for this app, rather than add this in to
the priv_app or platform_app permission files. Since this app also
communicates with the network, it also seems advantageous to limit its
permissions only to what is absolutely necessary to perform its
function.

Test: No denials!
Change-Id: I602c12365a575d914afc91f55e6a9b6aa2e14189
 2021-02-08 01:33:12 -08:00
Lorenzo Colitti
d7c9de4e31 Fix service name for VPN_MANAGEMENT_SERVICE. 
aosp/1574082 added sepolicy for a "vpnmanager" system service
which is being introduced to move code from ConnectivityService
to a new VpnManagerService.

Unfortunately that CL missed the fact that "vpn_management" is
already a service name and present in the public API since R.
Instead of adding another service name, use the existing service
name to lessen confusion. It is difficult to avoid confusion
entirely because there was already a public class called
VpnService when the VpnManager class was added to the public API
surface.

Bug: 173331190
Test: builds, boots, "dumpsys vpn_management" throws no errors
Change-Id: I4ab188ef62592aac167ba1f7b586accc882815e8
 2021-02-07 17:51:53 +09:00
Collin Fijalkovich
6f4cfe8709 Configure sepolicy for TracingServiceProxy 
Configures sepolicy to allow for the new TracingServiceProxy system
services, and to allow Perfetto to access the service.

Bug: 175591887
Test: Validated the service started successfullyy, and invoked via CLI
Change-Id: Idb6438948a9d96063f8455544b97ef66267cde23
 2021-02-05 11:04:11 -08:00
Lorenzo Colitti
5a90802341 Merge "Add sepolicy for the vpnmanager service." am: 9b20cadf4a am: 22ec4b2218 am: 0848d6eb43 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1574082

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I8fd00cd9d0ad66bac09516403a9d68957aebcb49
 2021-02-04 12:16:11 +00:00
Lorenzo Colitti
5ee34a0ed3 Add sepolicy for the vpnmanager service. 
The system server code that backs VPN APIs such as VpnService and
VpnManager currently lives in ConnectivityService and is accessed
via IConnectivityManager.

In S, ConnectivityService is being moved to the tethering
mainline module, but the VPN code is not. So add an new
service (vpnmanager, IVpnManager, VpnManagerService) to support
these APIs.

Service implementation at http://r.android.com/1572982 . That CL
cannot be in a topic with this one because it will conflict in
master and sc-dev.

Bug: 173331190
Test: builds, boots, "dumpsys vpnmanager" throws no errors
Change-Id: Ic09c93cc454ec959a3beda2b09efa74b8db30c27
 2021-02-04 13:01:09 +09:00
Treehugger Robot
05c2ffa894 Merge "Add sepolicy for app hibernation system service" am: 4fb66f04d7 am: 50e905c408 am: 09276d791a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1544944

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I5632c479121670e23c5c3878476643f85f8cfb69
 2021-01-27 07:56:38 +00:00
Treehugger Robot
4fb66f04d7 Merge "Add sepolicy for app hibernation system service" 2021-01-26 22:23:13 +00:00
Alex Agranovich
6ffde9833f Merge "Change SELinux policy for texttospeech manager service." am: 93fcd51689 am: d46511ecfb am: a7d34e1d3e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1556238

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I45f42b4a61a6120c9a497cf0354652fd98cf9b69
 2021-01-26 14:21:28 +00:00
Alex Agranovich
93fcd51689 Merge "Change SELinux policy for texttospeech manager service." 2021-01-26 12:26:31 +00:00
Winson Chiu
8dda08ba6c Add domain_verification_service am: f8ad8c08ea am: 8692160fed am: ea10a3292c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1519390

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: Ibdb5aa52f4979b90dfc6153831b60f8f1eca5b8e
 2021-01-25 23:27:37 +00:00
Winson Chiu
f8ad8c08ea Add domain_verification_service 
For upcoming @SystemApi DomainVerificationManager.

Test: manual, accessing new manager from test app works

Change-Id: Ic73733dce3e9152af9c6f08fb7e460fa5a01ebdf
 2021-01-25 19:09:50 +00:00
Alex Agranovich
39ad3df3eb Change SELinux policy for texttospeech manager service. 
Bug: 178112052
Test: Manual verification ($ adb shell service list)
Change-Id: Ibaf5d3f3c0565d9c61d03ffec62d8e222c9f5975
 2021-01-24 16:18:28 +02:00
Alex Salo
9cca875e94 Merge "Add a new selinux policy for the resolver service" am: e2808169e5 am: 45547c27a8 am: 29e1576b77 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1557120

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I675f478b1c1eadc295d9b03c1e030cb3a43d0f41
 2021-01-22 19:36:12 +00:00
Alex Salo
e2808169e5 Merge "Add a new selinux policy for the resolver service" 2021-01-22 18:20:23 +00:00
ChengYou Ho
58d19e3298 Add sepolicy for weaver aidl HAL service am: 291890a954 am: e8915e5719 am: b4f8f75537 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1554278

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I07d2ef12215a296c54d613708d0d8577392a794d
 2021-01-22 07:44:06 +00:00
ChengYou Ho
291890a954 Add sepolicy for weaver aidl HAL service 
Bug: 176107318
Change-Id: I9ca1a68e45b462c9b6ac912debb196b3a3ca45ba
 2021-01-22 06:34:41 +00:00
Yi Jiang
7d7951bcbd Add a new selinux policy for the resolver service 
Bug: 178151184
Test: manual
Change-Id: Ia44c50d24b3b5403b02ccc1b7873c7024b10e023
 2021-01-21 16:55:49 -08:00
Kevin Han
4cead73a86 Add sepolicy for app hibernation system service 
Add selinux policy so the app hibernation system service can be accessed
by other processes/apps.

Bug: 175829330
Test: builds
Change-Id: I96ea9dd977ec007bc11560601554547749b4df03
 2021-01-21 13:22:27 -08:00
Yifan Hong
1768704705 Merge "Add health storage AIDL service." am: 3f43fa8596 am: 848c9ef9b8 am: b5cf08f466 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1552650

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I6058d58763dfe61827dbf84b023be731d45ccb46
 2021-01-20 20:49:05 +00:00
Treehugger Robot
016ab37eb0 Merge "Change SELinux policy for speech recognizer." am: c774ceacdd am: 4339266bbf am: e18b898854 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1553601

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: Id5eb43219da92673868ebb034df35a6fa0f21d31
 2021-01-20 20:46:48 +00:00
Eva Chen
4126043d7b Merge "Add gnss_time_update_service selinux changes." 2021-01-20 20:17:21 +00:00
Yifan Hong
3f43fa8596 Merge "Add health storage AIDL service." 2021-01-20 19:45:15 +00:00
Treehugger Robot
c774ceacdd Merge "Change SELinux policy for speech recognizer." 2021-01-20 18:31:26 +00:00
Treehugger Robot
706d5feee2 Merge "Add sepolicy for new system service: media_communication_service" 2021-01-19 18:02:59 +00:00
Gavin Corkery
bd6a8d0746 Merge "Add sepolicy for RebootReadinessDetector" 2021-01-19 09:54:24 +00:00
Sergey Volnov
2a682a00d5 Change SELinux policy for speech recognizer. 
Bug: 176578753
Test: manual verification ($ adb shell service list)
Change-Id: I3ebf6f5d45d65578b2eaf7efac073731afd10a58
 2021-01-18 18:08:48 +00:00
Yifan Hong
06e4b8417a Add health storage AIDL service. 
Test: adb shell sm idle-maint run
Bug: 177470478
Change-Id: Id7ee5af64e8d21eafd041c9e8fa1382f65a3958b
 2021-01-15 18:23:01 -08:00
Treehugger Robot
0941c2022d Merge "Add policy for IKeystoreAuthorization AIDL service." 2021-01-15 19:53:16 +00:00
Hasini Gunasinghe
1a5c2f4ced Add policy for IKeystoreAuthorization AIDL service. 
The interaface now provided by IKeystoreAuthorization AIDL interface was
previously provided by Keystore AIDL interface.

This CL adds policy to allow Keystore2 to register
IKeystoreAuthorization aidl service and to allow service manager to
look up and connect to the service.

Bug: 159475191
Test: Needs to be tested in runtime
Change-Id: I56829a8764e0efe55efdc92b75d7a3d918a20dae
 2021-01-15 09:43:22 -08:00
Gavin Corkery
e92af1c283 Add sepolicy for RebootReadinessDetector 
Test: Builds
Bug: 161353402
Change-Id: I3778e00ee249f5ab1904737196b282de1d315846
 2021-01-15 10:56:26 +00:00
Eva Chen
3fddbaad35 Add gnss_time_update_service selinux changes. 
GnssTimeUpdateService is a new service that is being added to System
Server. It will periodically get and suggest GNSS time for time detection on
Android.

Ignore-AOSP-First: Service relies on location APIs that are only in
internal right now.
Bug: 157265008
Test: Build only

Change-Id: Iedb2783b2f34ac71f665663b9db719e8ed4d35dc
 2021-01-14 22:57:18 -08:00
Shashwat Razdan
c97620be76 Changes in SELinux Policy for smartspace API 
Bug: 176851064
Test: manual verification ($ adb shell service list)
Change-Id: I2bfa765a7b04f46b22836d295613e629348afbc6
 2021-01-14 20:54:03 +00:00
Joanne Chung
8327dc1fb1 Merge "Add rule for new system service" 2021-01-12 11:54:53 +00:00
Joanne Chung
993aeab1c7 Add rule for new system service 
- Update policy for new system service, used for AiAi/Apps to
  present data in their UI.

Bug: 173243538
Bug: 176208267
Test: manual. Can boot to home and get manager successfully.
Change-Id: Ie88c6fa7ed80c0d695daaa7a9c92e11ce0fed229
 2021-01-12 18:00:17 +08:00
ChengYou Ho
f4f75d088a Add sepolicy for authsecret AIDL HAL 
Bug: 176107318
Change-Id: I49bc68fb5a92bcbc2f1d2c78f0741f8eff97fc06
 2021-01-12 06:01:22 +00:00
ChengYou Ho
553afe7242 Add sepolicy for oemlock aidl HAL 
Bug: 176107318
Change-Id: I26f8926401b15136f0aca79b3d5964ab3b59fbdd
 2021-01-11 05:57:17 +00:00
Hyundo Moon
8b0456720a Add sepolicy for new system service: media_communication_service 
Bug: 175511943
Test: Manaully (in internal master)
Change-Id: Ic2b6f2634c0e82348482b246cddae42da606591c
 2021-01-08 17:18:30 +09:00
Shubang Lu
ba4e6b89aa Merge "SE policy for tuner service." 2021-01-07 18:34:36 +00:00
Peiyong Lin
9449176122 Add SEPolicy rules for game service. 
Bug: b/174956354
Test: manual
Change-Id: Ife1aac3435427f89f5701e4ead0763839f01d61b
 2020-12-24 18:46:25 -08:00
Kalesh Singh
24ada7dbee Reland: Memtrack HAL stable aidl sepolicy 
Bug: 175021432
Test: Check logcat for denials
Change-Id: Id92fc543791072d8682e3a89cbf08370007108bf
 2020-12-22 16:08:53 -05:00
Joel Galenson
1c7eb3c3bd Clean up keymint service policy. 
Test: VtsAidlKeyMintTargetTest
Change-Id: Id6e83d63ffb1de7c48dbdf435fd9988e9174cfe2
 2020-12-16 08:59:09 -08:00
shubang
f8ab3eb1bb SE policy for tuner service. 
Test: make; acloud;  tuner sample input
Change-Id: I651632ec7f4ba79d94738c11c343f63510e59aa6
 2020-12-16 06:05:04 +00:00
Janis Danisevskis
de98dd9726 Merge changes Icb1f60b3,I935f2383 
* changes:
  Allow keystore to talk to keymint
  Add policy for the security compatibility hal service.
 2020-12-16 01:24:33 +00:00