tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
24410 commits 1 branch 0 tags 50 MiB
Commit graph

24410 commits

This branch
This branch
All branches
Author SHA1 Message Date
Martijn Coenen
df9dc40e9b Merge "Add policy for LOOP_CONFIGURE ioctl." am: cdecd3ca4c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1396648

Change-Id: Ie44ce55eaad8484ac1bbd019ac452f57a249d9a4
 2020-08-12 07:03:40 +00:00
Martijn Coenen
cdecd3ca4c Merge "Add policy for LOOP_CONFIGURE ioctl." 2020-08-12 06:38:37 +00:00
Treehugger Robot
232c15cb90 Merge "Revert "gmscore_app is attempting to access /dev/ashmem"" am: 5b1f0808b7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1394238

Change-Id: Id0e4b7fdc6809ba6d0ad9666b0888bdf620c7b9a
 2020-08-11 23:23:45 +00:00
Treehugger Robot
5b1f0808b7 Merge "Revert "gmscore_app is attempting to access /dev/ashmem"" 2020-08-11 23:04:28 +00:00
Martijn Coenen
47f61db25e Add policy for LOOP_CONFIGURE ioctl. 
This is a new ioctl for configuring loop devices, and is used by apexd.

Bug: 148607611
Bug: 161575393
Test: boot on device with/without LOOP_CONFIGURE
Change-Id: I9ef940c7c9f91eb32a01e68b858169c140d15d0f
Merged-In: I9ef940c7c9f91eb32a01e68b858169c140d15d0f
 2020-08-11 13:22:09 +00:00
Treehugger Robot
fab591d17c Merge "Revert "sepolicy: remove hal_light_severice exception"" am: 05a25295c1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1396229

Change-Id: I063f6de40640e9d3938700207de205a0fc2ffb27
 2020-08-11 08:32:13 +00:00
Treehugger Robot
05a25295c1 Merge "Revert "sepolicy: remove hal_light_severice exception"" 2020-08-11 08:15:58 +00:00
Nelson Li
ea973db671 Revert "sepolicy: remove hal_light_severice exception" 
This reverts commit e83da12576.

Reason for revert: It cause build break

Bug: 163434807
Change-Id: I756d313c52d243f37294aa57d31c43b0a14bc05f
 2020-08-11 05:46:20 +00:00
Treehugger Robot
8f04003ad0 Merge "sepolicy: remove hal_light_severice exception" am: cfa9edcbfd 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1393370

Change-Id: I46d626b09d6def62dde7e6d6a25ec09d230f4bed
 2020-08-11 04:30:44 +00:00
Treehugger Robot
cfa9edcbfd Merge "sepolicy: remove hal_light_severice exception" 2020-08-11 04:11:29 +00:00
Treehugger Robot
6149cc6fcd Merge "Prepare sepolicy for launching Keystore 2.0 service" am: 8cd90a5d20 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1395528

Change-Id: I34d80e17ee3487bbbc765f6b0fceca68a0cb36d5
 2020-08-11 00:44:18 +00:00
Treehugger Robot
8cd90a5d20 Merge "Prepare sepolicy for launching Keystore 2.0 service" 2020-08-11 00:33:47 +00:00
Yifan Hong
8ac37f025f Support GKI updates 
Adds proper file_contexts and domains for pre/postinstall hooks.
Allow the pre/postinstall hooks to communicate with update_engine stable
service.

Bug: 161563386
Test: apply a GKI update

Change-Id: I4437aab8e87ccbe55858150b95f67ec6e445ac1f
 2020-08-10 16:10:38 -07:00
Janis Danisevskis
ff98459989 Prepare sepolicy for launching Keystore 2.0 service 
This patch labels /system/bin/keystore2 as a keystore executable and
allows keystore to register "system.security.keystore2" with the service
manager.

Bug: 160623310
Test: None
Change-Id: I1812e565438c2b8ae55c8d10bcc8450d27717697
 2020-08-10 14:40:20 -07:00
Hridya Valsaraju
efd277f8a7 Revert "gmscore_app is attempting to access /dev/ashmem" 
Test: build, boot
Change-Id: Id7bff6db07ab7aa0695e132a9d9ffae4912f401c
 2020-08-10 17:07:52 +00:00
Hasini Gunasinghe
d633424574 Merge "Allow keystore to write to statsd." am: 3e190653d7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1329553

Change-Id: If9c1b725e39c8a14ec4dd5c21063b43405c5d511
 2020-08-10 15:23:53 +00:00
Hasini Gunasinghe
3e190653d7 Merge "Allow keystore to write to statsd." 2020-08-10 15:09:49 +00:00
linpeter
e83da12576 sepolicy: remove hal_light_severice exception 
Bug: 148154485
Test: build pass, HBM switch
Change-Id: I65e7d8d4783af9427c05f6082fd487b79f70397f
 2020-08-10 09:59:15 +08:00
Evgenii Stepanov
b4b258a75a Property contexts for ro.sanitize.* am: cc782e4516 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1367776

Change-Id: I2e76adeeabce3b3f29c3907022261a74ef203025
 2020-08-07 22:58:55 +00:00
Hasini Gunasinghe
83e1f14f93 Allow keystore to write to statsd. 
Keystore logging is migrated to use statsd. Therefore,
	keystore needs permission to write to statsd.

Test: Treehugger passes.
Bug: 157664923
Change-Id: If15ee3eb2ae7036dbaccd31525feadb8f54c6162
Merged-In: I2fb61fd7e9732191e6991f199d04b5425b637830
 2020-08-07 16:35:18 +00:00
Evgenii Stepanov
cc782e4516 Property contexts for ro.sanitize.* 
Bug: 142430632
Test: adb shell getprop ro.sanitize.hwaddress in hwasan build
Change-Id: I106ed955c7c0c73234e55d1b896b446b75a251cc
 2020-08-06 23:30:07 +00:00
Inseob Kim
6463d7a888 Remove exported2_system_prop am: 96b9d86a0e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1392876

Change-Id: Ia5877bf261d0e1df1e204ceb7a457dacbe13b95e
 2020-08-06 05:41:05 +00:00
Inseob Kim
96b9d86a0e Remove exported2_system_prop 
It's not used anymore.

Bug: 161659925
Test: boot
Change-Id: I5b08bdace28a509d464759a66025c951178225c6
Merged-In: I5b08bdace28a509d464759a66025c951178225c6
(cherry picked from commit 7d96ddbfb0)
 2020-08-06 12:52:32 +09:00
Janis Danisevskis
52166d83aa Add keystore2_key namespace shell_key for shell. am: 47f3761cc8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1387867

Change-Id: Ib824b938e2791746b434b8614f08854893957ad5
 2020-08-05 23:42:53 +00:00
Janis Danisevskis
d2e99c0264 Add su_key, a keystore2_key namespace for su. am: d3451f88be 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1387866

Change-Id: I4246945d0855ebfd6dab8e86310307fdad1663e4
 2020-08-05 23:42:52 +00:00
Janis Danisevskis
33a600ce3c Setup vold_key keystore2_key namespace. am: 32d7738224 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1387865

Change-Id: Ifa8853e433450ba1fa7549468330350a173b2497
 2020-08-05 23:42:51 +00:00
Janis Danisevskis
dd7be913f3 Make Keystore equivalent policy for Keystore2 am: abb93f24c0 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1387864

Change-Id: I87b64d709b7400aa3df37fad586be0b6e8977794
 2020-08-05 23:42:50 +00:00
Janis Danisevskis
7db77f2a2f Add security class keystore2_key. am: 24f3dce0ca 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1387863

Change-Id: Ic944d78017e6e3dedd83e5ccb4a66db7e9b36384
 2020-08-05 23:42:50 +00:00
Janis Danisevskis
23d730032d Add libselinux keystore_key backend. am: c40681f1b5 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1387862

Change-Id: I48cb5cb97016c46f110753f0d39198f6272f7d1d
 2020-08-05 23:42:49 +00:00
Janis Danisevskis
47f3761cc8 Add keystore2_key namespace shell_key for shell. 
Add a keystore2_key namespace that can be used by `shell` for testing.

Bug: 158500146
Bug: 162265751
Test: keystore2_test
Change-Id: I78b9b285969dd503a09609f7bcb02552b24d1a6b
Merged-In: I78b9b285969dd503a09609f7bcb02552b24d1a6b
 2020-08-05 21:58:04 +00:00
Janis Danisevskis
d3451f88be Add su_key, a keystore2_key namespace for su. 
Add a keystore2_key namespace that can be used by `su` for testing.

Test: keystore2_test
Bug: 158500146
Bug: 160623310
Bug: 159466840
Change-Id: I017a10ad8c7fce28e8bc921b764e65c49bae5107
Merged-In: I017a10ad8c7fce28e8bc921b764e65c49bae5107
 2020-08-05 16:11:48 +00:00
Janis Danisevskis
32d7738224 Setup vold_key keystore2_key namespace. 
Allow vold to access its namespace using raw Keymint blobs.

Test: keystore2_test runs some tests against this policy.
Bug: 160623310
Bug: 158500146
Change-Id: Iaf338f1ac48dd56ef6e1b73cb3b8634a91e8bf9f
Merged-In: Iaf338f1ac48dd56ef6e1b73cb3b8634a91e8bf9f
 2020-08-05 16:11:48 +00:00
Janis Danisevskis
abb93f24c0 Make Keystore equivalent policy for Keystore2 
Bug: 158500146
Bug: 159466840
Test: keystore2_test tests part of this policy
Change-Id: Id3dcb2ba4423d93170b9ba7ecf8aed0580ce83bc
Merged-In: Id3dcb2ba4423d93170b9ba7ecf8aed0580ce83bc
 2020-08-05 16:11:48 +00:00
Janis Danisevskis
24f3dce0ca Add security class keystore2_key. 
Keystore 2.0 has a different set of permission that it enforces.
We introduce keystore2_key so that we can set up policy for both
Keystore 1.0 and Keystore 2.0 for a gradual transition from one to
the other.

Bug: 158500146
Test: None
Change-Id: I3dcab06d73d242d63d21883659c304dfab8bf74f
Merged-In: I3dcab06d73d242d63d21883659c304dfab8bf74f
 2020-08-05 16:11:48 +00:00
Janis Danisevskis
c40681f1b5 Add libselinux keystore_key backend. 
We add a new back end for SELinux based keystore2_key namespaces.
This patch adds the rump policy and build system infrastructure
for installing keystore2_key context files on the target devices.

Bug: 158500146
Bug: 159466840
Test: None
Change-Id: I423c9e68ad259926e4a315d052dfda97fa502106
Merged-In: I423c9e68ad259926e4a315d052dfda97fa502106
 2020-08-05 16:11:48 +00:00
JaeMan
3a6dbd8004 Add ro.vendor.build.version.sdk to build_vendor_prop am: 2e91219f9a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1388698

Change-Id: Ic6ebe3c73381d4dbfff5b5241aac42baff1014ed
 2020-08-05 07:58:23 +00:00
JaeMan
2e91219f9a Add ro.vendor.build.version.sdk to build_vendor_prop 
At b/160209547, it is needed to read
ro.vendor.build.version.sdk prop to determine
whether skipping test or not based on vendor
image's release version. But
ro.vendor.build.version.sdk is not added to
property_contexts and failed to read that prop in
tests. So, added ro.vendor.build.version.sdk to
property_contexts for checking vendor image's
release version in test.

Bug: 160209547
Test: m selinux_policy
Change-Id: I86bcfa632de61c5805e42aea3a1f232ae4ad080e
(cherry picked from commit 65cecec142)
 2020-08-05 05:33:28 +00:00
Tianjie Xu
c63d862ac8 Merge "Add secontext for ro.product.ab_ota_partitions" am: 2253b0fc93 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1375155

Change-Id: I3576a4cc5e2fe8439616e85dce3223a0c5692207
 2020-08-04 21:56:56 +00:00
Tianjie Xu
2253b0fc93 Merge "Add secontext for ro.product.ab_ota_partitions" 2020-08-04 21:36:08 +00:00
Yifan Hong
5c6474467d Merge "Add update_engine_stable_service" am: 537ec551c8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1377952

Change-Id: I285aad7bc281555be619d8b0dfbb64e294f5f67c
 2020-08-04 19:15:48 +00:00
Yifan Hong
537ec551c8 Merge "Add update_engine_stable_service" 2020-08-04 19:06:08 +00:00
Treehugger Robot
ce2c6fd783 Merge "Allow dumpstate to dump auto hal servers" am: 142d16a964 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1381029

Change-Id: Ie88b5759f9c992e33e3861f505beeb76b54f36ae
 2020-08-04 17:52:55 +00:00
Treehugger Robot
142d16a964 Merge "Allow dumpstate to dump auto hal servers" 2020-08-04 17:28:41 +00:00
Jooyung Han
586f4afc50 Merge "Allow linkerconfig to read apex-info-file.xml" am: 45c59f1d15 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1376857

Change-Id: Id1a018820059438cc1c1f86df67a1927db0ec32a
 2020-08-04 03:31:03 +00:00
Jooyung Han
45c59f1d15 Merge "Allow linkerconfig to read apex-info-file.xml" 2020-08-04 03:11:49 +00:00
Danning Chen
286c0921bf Merge "Add sepolicy for people service" am: 3ecbc38868 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1383564

Change-Id: I0a0270129648b6169d0f8a1e38b7338d1e04cf82
 2020-08-03 19:33:32 +00:00
Danning Chen
3ecbc38868 Merge "Add sepolicy for people service" 2020-08-03 18:54:31 +00:00
Inseob Kim
f959c3abf8 Remove exported3_radio_prop am: 4ae7ec1915 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1385759

Change-Id: I5cfc37b43c5860428df1b0e4ce281c0c78cae5bb
 2020-08-03 15:03:38 +00:00
Inseob Kim
965c24a9b1 [automerger skipped] Rename exported3_radio_prop to radio_control_prop am: acd02fc5e4 -s ours 
am skip reason: Change-Id If5fe3be7c64b36435c4ad0dc9a8089077295d502 with SHA-1 c87c63bd3c is in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1385758

Change-Id: I4f51f66cd01d0415d10bd3e6259c1449dd1fd637
 2020-08-03 15:03:37 +00:00
Inseob Kim
4ae7ec1915 Remove exported3_radio_prop 
It's renamed to radio_control_prop

Bug: 162214733
Test: boot
Change-Id: Idede1a1ab471a354a6f5df12b6889abc7c1ad869
 2020-08-03 09:23:39 +00:00