Commit graph

21004 commits

Author SHA1 Message Date
Changyeon Jo
c90bc366e6 Update sepolicy for EVS v1.x
am: 5ee628f0ce

Change-Id: I3aa2c140f2ab37a604ab70221926d15c25822bef
2019-07-30 19:57:29 -07:00
Changyeon Jo
5ee628f0ce Update sepolicy for EVS v1.x
Modify vendor file context and hal_evs_server policy to enable EVS v1.1
service.

Change-Id: I1e717b3209200300005c3fa7f91423589505a41c
Signed-off-by: Changyeon Jo <changyeon@google.com>
2019-07-30 13:22:03 -07:00
Greg Hartman
a550160b92 Allow vendor to configure lmkd properties
am: 626114424f

Change-Id: I90510b01562d9c5cb291a0e75ae0b82db839e954
2019-07-26 07:10:35 -07:00
Greg Hartman
626114424f Allow vendor to configure lmkd properties
BUG: 138399045
Test: Boot cuttlefish. properties set
Change-Id: I3138048e9d13f8c0aee1ad3eb4e761809bafcf1d
2019-07-25 23:06:44 +00:00
Yifan Hong
7ae259e287 Merge "Allow charger to read ro.charger.*"
am: aff273f672

Change-Id: I3ad472cc32c14332d54222d7d3638c2b0f9315ae
2019-07-25 11:35:50 -07:00
Yifan Hong
aff273f672 Merge "Allow charger to read ro.charger.*" 2019-07-25 18:20:22 +00:00
Przemyslaw Szczepaniak
b8662b4e91 Merge "Add file contexts for com.android.neuralnetworks APEX package."
am: 3f233287d5

Change-Id: Ie6a809be0a43733a6e693f89ccda06edde8356ba
2019-07-24 02:25:57 -07:00
Przemyslaw Szczepaniak
3f233287d5 Merge "Add file contexts for com.android.neuralnetworks APEX package." 2019-07-24 09:12:18 +00:00
Elliott Hughes
509135ac69 Merge "Remove perfprofd references."
am: c807b3fd8a

Change-Id: I90501f397c29847e2e497f10515571fa10f9d992
2019-07-23 17:10:33 -07:00
Elliott Hughes
c807b3fd8a Merge "Remove perfprofd references." 2019-07-23 23:23:15 +00:00
Andrei-Valentin Onea
6863758a7b Merge "Add rule for platform_compat service"
am: 72211e36ad

Change-Id: I6eca69732654e27a9192b4bdca27908539ff0b1e
2019-07-23 08:01:19 -07:00
Andrei-Valentin Onea
72211e36ad Merge "Add rule for platform_compat service" 2019-07-23 14:40:36 +00:00
Kiyoung Kim
de9e5f8723 Merge "Enable Kernel log from linkerconfig"
am: 4fd03ba7b3

Change-Id: Id0090fc516bbbd865e3772af0f26f92d7d9daea5
2019-07-23 03:45:15 -07:00
Treehugger Robot
4fd03ba7b3 Merge "Enable Kernel log from linkerconfig" 2019-07-23 10:27:35 +00:00
Kiyoung Kim
2d5f2e242d Enable Kernel log from linkerconfig
LinkerConfig generator runs from early init, so if there is any warning
/ error then logs can be only found from kernel log. To enable kernel
logging from linkerconfig, specific policy should be added.

Test: m -j && Tested from Cuttlefish
Change-Id: I6c49d7693e0334ae8550891b72bcb04e37c16d89
2019-07-23 13:42:55 +09:00
Yifan Hong
1145be1fc3 Allow charger to read ro.charger.*
Allow charger to read system properties with this prefix
so that charger's behavior is controlled by runtime.

Test: run offline charging on walleye
Bug: 124118169
Change-Id: I4266b2d043a5323b4adbd1636ada46b7e08ca667
2019-07-22 14:32:03 -07:00
chunhui.li
7ce480885f Merge "fix data/asan/product/lib(64) can't access by platform_app issue"
am: 386701db0a

Change-Id: Id60bc60e69e62d7a83a843816a6121b9055a4f44
2019-07-19 16:32:23 -07:00
Treehugger Robot
386701db0a Merge "fix data/asan/product/lib(64) can't access by platform_app issue" 2019-07-19 23:02:40 +00:00
Wei Wang
c0d613c53f Merge "Fix: dumpstate HAL service property context"
am: 0962dd9e91

Change-Id: I857f9fdb226cac386495635aaa8b5aaa416dd2a9
2019-07-19 12:54:22 -07:00
Wei Wang
0962dd9e91 Merge "Fix: dumpstate HAL service property context" 2019-07-19 19:46:55 +00:00
David Anderson
ec5bf1a250 Merge "Allow gsid to create and access loop devices."
am: 23ba03fc8d

Change-Id: Ifef169b3a5b256daec51ffe3ed4b7bf452e00d39
2019-07-19 12:45:52 -07:00
David Anderson
23ba03fc8d Merge "Allow gsid to create and access loop devices." 2019-07-19 19:35:26 +00:00
Tom Cherry
af9b6fc10b Merge "Allow domain access r_file_perms for passwd and group files"
am: aa4af2c082

Change-Id: I352be482e68c35e03e1757904fa6b56906c93f3b
2019-07-19 11:33:45 -07:00
Elliott Hughes
132b081ee3 Remove perfprofd references.
perfprofd was never finished, and has been removed.

Test: treehugger
Change-Id: I4fc8aa9b737360a66d89c5be39651284ee2d6ffd
2019-07-19 11:15:12 -07:00
Tom Cherry
aa4af2c082 Merge "Allow domain access r_file_perms for passwd and group files" 2019-07-19 18:00:41 +00:00
Andrei Onea
2bbcc9db89 Add rule for platform_compat service
Bug: 137769727
Test: m
Change-Id: Ib6160a82597198f4a120592293f90ffe1ffb123b
2019-07-19 18:57:11 +01:00
Tom Cherry
da05f1d6b8 Allow domain access r_file_perms for passwd and group files
In b/73062966, we add new AID ranges for each partition that doesn't
yet have them (system, system_ext, odm, product).  We also add group
and passwd files to these partitions to be able to map these AIDs into
human readable user and group names, and vice versa.

All processes should be able to read all users and groups.  We divide
the ranges into non-overlapping regions for each partition and we
namespace the names with the partition name as a prefix.

Allow domain r_file_perms to
/(system|product|system_ext)/etc/(group|passwd).

Vendor and odm passwd and group files already have this access, since
/(vendor|odm)/etc/* is already domain readable.

Example contents:
blueline:/ $ cat /system/etc/passwd
system_tom::6050:6050::/:/bin/sh
blueline:/ $ cat /product/etc/passwd
product_tom::7013:7013::/:/bin/sh

Bug: 73062966
Test: tree-hugger selinux denial during boot test
Change-Id: Ib4dc31778e95e952174e1365497feaf93dca7156
2019-07-19 09:19:23 -07:00
Wei Wang
046c510402 Fix: dumpstate HAL service property context
http://aosp/678384 changed property format

Fixes: 137695210
Test: inject timeout and take BR see dumpstate restarted
Change-Id: Ie24e2d42e92410a935ca4c9364b476d72aa459f3
2019-07-19 15:04:44 +08:00
chunhui.li
233a193462 fix data/asan/product/lib(64) can't access by platform_app issue
FMRadio change from system image to product image, then FMRadio
can't launch
selinux denied log:
avc: denied { open } for path="/data/asan/product/lib64/libfmjni.so"
dev="mmcblk0p35" ino=18 scontext=u:r:platform_app:s0:c512,c768
tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0
app=com.android.fmradio
solution: label data/asan/product/lib(64) to system_lib_file

Bug: 136974466
Test: launch FMRadio, it can work
Change-Id: Icdfc794cb077b81d550816d2e7779c763604e050
2019-07-19 03:23:47 +00:00
David Anderson
575f881668 Merge "Add selinux labels for /metadata/ota."
am: 9859aa0a24

Change-Id: I1d24e9d7db69f9b61e4384a1b1902112f9fb3678
2019-07-18 16:00:38 -07:00
David Anderson
9859aa0a24 Merge "Add selinux labels for /metadata/ota." 2019-07-18 22:42:13 +00:00
Przemyslaw Szczepaniak
a88ea13c1b Add file contexts for com.android.neuralnetworks APEX package.
Test: -
Bug: 137320025
Change-Id: I13b3b86f8176a8fa3ce2ad8a625f991229d29ff9
2019-07-18 09:58:48 +00:00
Roshan Pius
3754b4b007 sepolicy: Permission changes for new wifi mainline module
am: 3aa1c1725e

Change-Id: Ia9e876cdd12f1305dacb2961f398c492cc03dadb
2019-07-16 17:20:00 -07:00
David Anderson
c1bc87394d Add selinux labels for /metadata/ota.
/metadata/ota will store critical bits necessary to reify
system and vendor partition state during an OTA. It will be accessed
primarily by first-stage init, recovery/fastbootd, and update_engine.

Bug: 136678799
Test: manual test
Change-Id: Ib78cb96ac60ca11bb27d2b2fe011482e64ba0cf8
2019-07-16 13:38:10 -07:00
Roshan Pius
3aa1c1725e sepolicy: Permission changes for new wifi mainline module
Move wifi services out of system_server into a separate APK/process.

Changes:
a) Created sepolicy for the new wifi apk.
b) The new APK will run with network_stack uid (eventually will be moved
to the same process).

Used 'audit2allow' tool to gather list of permissions required.

Note: The existing wifi related permissions in system_server is left
behind to allow the module to be loaded into system_server or
network_stack process depending on device configuration.

Bug: 113174748
Test: Device boots up and able to make wifi connection.
Test: Tested hotspot functionality.
Test: Ran WifiManagerTest & WifiSoftApTest ACTS tests locally.
Test: Will send for wifi regression tests.
Change-Id: Id19643a235bf0c28238f2729926b893ac2025b97
(cherry-picked from c7aa90091e6bec70a31a643cc4519a9a86fb0b38)
2019-07-16 13:30:15 -07:00
Pirama Arumuga Nainar
e18db5dd9c Merge "Revert "Track usbd SELinux denial.""
am: 2d16fef4ce

Change-Id: I506be13000049028dec91d464a17b80a52df43e4
2019-07-15 18:43:14 -07:00
Pirama Arumuga Nainar
2d16fef4ce Merge "Revert "Track usbd SELinux denial."" 2019-07-16 01:17:10 +00:00
Kiyoung Kim
fa21eb75f7 Merge "Add linker config generator and output file to sepolicy"
am: 8231ac82e5

Change-Id: I266798bc918e0bc2cf7db54d456431428eba872b
2019-07-15 17:39:47 -07:00
Kiyoung Kim
8231ac82e5 Merge "Add linker config generator and output file to sepolicy" 2019-07-16 00:32:13 +00:00
Tom Cherry
c72dc07de2 Merge "Allow dumpstate to read /data/misc/logd always"
am: 4c52cedf22

Change-Id: I32bce2aedcbb2adb4d566410945a98299ea21fc9
2019-07-15 16:43:00 -07:00
Tom Cherry
4c52cedf22 Merge "Allow dumpstate to read /data/misc/logd always" 2019-07-15 23:28:23 +00:00
liwugang
bf941df194 Merge "version_policy: avoid fclose a NULL file pointer"
am: b74402abe8

Change-Id: Ib305a77a29d7f7a9de1adae3bf0ea54f1b32a298
2019-07-15 11:52:36 -07:00
Treehugger Robot
b74402abe8 Merge "version_policy: avoid fclose a NULL file pointer" 2019-07-15 18:35:47 +00:00
Pirama Arumuga Nainar
98e320b6e0 Revert "Track usbd SELinux denial."
Bug: 72472544
This reverts commit 07efe37c5f.

Reason for revert: The selinux denial is no longer reproducible.

Test: Presubmit builds

Change-Id: I79d18743171315401401c1b06b3f97d837bf500f
2019-07-14 21:05:41 -07:00
David Anderson
3fc261f05a Merge "Allow fastbootd and update_engine to read from sysfs_dm."
am: 17231129ce

Change-Id: I4a5e68c56e38ead423b4ed0a87c66194a7a278db
2019-07-12 16:25:07 -07:00
David Anderson
17231129ce Merge "Allow fastbootd and update_engine to read from sysfs_dm." 2019-07-12 23:03:41 +00:00
Brad Ebinger
7d8594ab5c Rename service from ircs to ircsmessage
am: 243ef72edb

Change-Id: If9a5c2ce85d4d58bcbaa09cb4da58f6a9cd9009a
2019-07-12 14:54:19 -07:00
Kiyoung Kim
affa6f323c Add linker config generator and output file to sepolicy
Sepolicy for linkerconfig generator and ld.config.txt file from
generator

Bug: 135004088
Test: m -j & tested from device
Change-Id: I2ea7653a33996dde67a84a2e7a0efa660886434a
2019-07-12 12:32:19 +09:00
David Anderson
53ea513bdf Allow gsid to create and access loop devices.
gsid creates loop devices when it cannot use device-mapper. This can
occur when images are split into multiple files (for example, FAT32) or
when a device is unencrypted, or FBE without metadata encryption. In
addition to accessing /dev/loop-control and loop devices, it also needs
LOOP_SET_DIRECT_IO and LOOP_SET_BLOCK_SIZE to optimize writes.

Bug: 134536978
Test: gsi_tool install works on crosshatch with metadata encryption
      disabled

Change-Id: I3f0aee1d0757e4b299deee74a8c1077846d56292
2019-07-11 16:36:25 -07:00
Brad Ebinger
243ef72edb Rename service from ircs to ircsmessage
ircs is not specific enough. There will be multiple services in the
future with ircsmessage used specificially for  message store.

Test: compile, tests
Change-Id: Ia7d57e6900c733408be26d6520aa46c512229248
2019-07-11 14:09:51 -07:00