tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
48346 commits 1 branch 0 tags 50 MiB
Commit graph

48346 commits

This branch
This branch
All branches
Author SHA1 Message Date
Treehugger Robot
a41271a0bf Merge "Allow artd to kill subprocesses during Pre-reboot Dexopt." into main am: 0a3f94e01f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3106359

Change-Id: I6163e51a0d27281e76230a158502dcd891ae8224
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-05-29 11:25:24 +00:00
Treehugger Robot
0a3f94e01f Merge "Allow artd to kill subprocesses during Pre-reboot Dexopt." into main 2024-05-29 11:13:54 +00:00
Yi-Yo Chiang
8e2758970b Merge "Allow vmlauncher_app to create ptys to communicate with shell" into main am: d9c73d7aaf 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3093564

Change-Id: I5432221fa91f265e21c69f92e891078391c45c5e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-05-29 06:15:10 +00:00
Yi-Yo Chiang
d9c73d7aaf Merge "Allow vmlauncher_app to create ptys to communicate with shell" into main 2024-05-29 05:54:43 +00:00
Xin Li
5f0dccf559 Merge "Update SELinux error" into aosp-main-future 2024-05-29 01:51:16 +00:00
Inseob Kim
abe5ee1343 Merge "Grant dalvik_dynamic_prop access to power HAL" into main am: 9bd1809252 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3099138

Change-Id: I17343fd8813fd394679ccb5c9647914b35ab297c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-05-29 01:13:14 +00:00
Inseob Kim
9bd1809252 Merge "Grant dalvik_dynamic_prop access to power HAL" into main 2024-05-29 00:52:45 +00:00
Xin Li
fd30d1b3b9 Update SELinux error 
Test: SELinuxUncheckedDenialBootTest
Bug: 329380904

Ignore-AOSP-First: "AOSP Staging Branch"
Change-Id: I563bde489aa84a03e85e7cdffc8f1fa534cc9bcc
 2024-05-29 00:41:07 +00:00
Jiakai Zhang
c9b01d60cf Allow artd to kill subprocesses during Pre-reboot Dexopt. 
Bug: 311377497
Test: Run and cancel Pre-reboot Dexopt.
Change-Id: I6dd96a3644b66586a59064ed3cf9b3e5bb7ee0c5
 2024-05-28 19:05:26 +01:00
Xin Li
fcf2677e09 Mark 2024-06 Release (ab/AP2A.240605.024) as merged in aosp-main-future 
Bug: 343100748
Merged-In: I7dc2c6596e98491dbee6e7125c1736bf2002f2b3
Change-Id: I714b21d3e7a339e69113fc288408b429cbb3b6b7
 2024-05-27 22:54:48 -07:00
Seungjae Yoo
12fd482d55 Let crosvm be able to use TAP interface created by vmnic 
Bug: 340376951
Test: adb shell /apex/com.android.virt/bin/vm run-microdroid
--network-supported

Change-Id: Ic2828b8e6c82269d0180dbac9466ae2874435596
 2024-05-28 14:33:40 +09:00
Inseob Kim
95d0189141 Merge "microdroid: Add rules for /sys/kernel/mm/pgsize_migration/enabled" into main am: 0f6ddab01c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3102560

Change-Id: Ia1fb0b1fca2c3ac62e5953481d6a013541426ae8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-05-28 02:10:04 +00:00
Inseob Kim
0f6ddab01c Merge "microdroid: Add rules for /sys/kernel/mm/pgsize_migration/enabled" into main 2024-05-28 01:49:48 +00:00
Kalesh Singh
d60a38b02e microdroid: Add rules for /sys/kernel/mm/pgsize_migration/enabled 
The dynamic linker needs to read this node to determine how it should
load ELF files. See page_size_migration_supported() [1]

Allow the node to be enabled/disabled by init.

[1] 3d5e32517b:bionic/linker/linker_phdr.cpp;l=709-721

Bug: 342520142
Bug: 330117029
Bug: 327600007
Bug: 330767927
Bug: 328266487
Bug: 329803029
Test: no avc deined in logcat
Change-Id: I91381e36943ea0387ff245e924ddab53a4928a05
Signed-off-by: Kalesh Singh <kaleshsingh@google.com>
 2024-05-28 00:30:31 +00:00
Inseob Kim
9bb8e36856 Add virtualizationmanager fuzzer 
Bug: 294158658
Test: run fuzzer
Change-Id: I8cf93ae2e79e22d72cf3ea8e96d6e767f8b8f5b0
 2024-05-27 17:41:21 +09:00
Inseob Kim
a28d1ca7d4 gofmt service_fuzzer_bindings 
Bug: N/A
Test: commit hook
Change-Id: Ic0c400310591e71201cd7c401bdb4bf10cf8daa6
 2024-05-27 17:39:59 +09:00
Seungjae Yoo
c9c2512b72 Merge "Set sepolicy for creating TAP interfaces in vmnic of AVF" into main am: 74ea085cf1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3094879

Change-Id: Iba7e28ba7cffaa195d7bc97035a9241efaae78a2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-05-27 04:26:56 +00:00
Seungjae Yoo
74ea085cf1 Merge "Set sepolicy for creating TAP interfaces in vmnic of AVF" into main 2024-05-27 04:06:48 +00:00
Treehugger Robot
507c43ab0e Merge "Use symlinks for common policy files on microdroid" into main am: cc465b6f52 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3102620

Change-Id: I0eadd0772a41e32cfe09ebc1809b9a09c010667b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-05-27 01:04:40 +00:00
Inseob Kim
179c2c9671 Grant dalvik_dynamic_prop access to power HAL 
Currently vendors need to write dex2oat property from power HAL for
performance but vendors should workaround it with init rc scripts. This
allows power HAL to write such properties directly, without workaround.

Bug: 163539793
Test: boot
Change-Id: I1812c577cb11d24d924d32cdab40594c0eb72d52
 2024-05-27 10:04:37 +09:00
Treehugger Robot
cc465b6f52 Merge "Use symlinks for common policy files on microdroid" into main 2024-05-27 00:44:45 +00:00
Android Build Coastguard Worker
b271b9a2cb Snap for 11889377 from 940c6b42ea to 24Q3-release 
Change-Id: I50fc67f61bf9cb774199e869b03668bb954b14fc
 2024-05-25 03:24:57 +00:00
Xin Li
eabce7d0ef Merge "Merge Android 24Q2 Release (ab/11526283) to aosp-main-future" into aosp-main-future 2024-05-24 21:17:00 +00:00
Steven Moreland
940c6b42ea Merge "fix bugreport denial for new binderfs log type" into main am: 42598a96ba am: 770648b344 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3102137

Change-Id: I22d93294e11dd780913e3bd7e0ff1d1ee28b9771
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-05-24 18:08:04 +00:00
Steven Moreland
770648b344 Merge "fix bugreport denial for new binderfs log type" into main am: 42598a96ba 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3102137

Change-Id: Ic2ed7fb7a13556888c8293b6cf18631888b189fa
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-05-24 17:55:54 +00:00
Steven Moreland
42598a96ba Merge "fix bugreport denial for new binderfs log type" into main 2024-05-24 17:42:01 +00:00
Xin Li
81e2126bb3 Merge Android 24Q2 Release (ab/11526283) to aosp-main-future 
Bug: 337098550
Merged-In: Ic3cbc8e238628955c1e9c44ee60cae4001667533
Change-Id: I04e8aabd8e4c1f6d856eeab541b6a730d3a71e26
 2024-05-24 08:33:13 -07:00
Treehugger Robot
1c6f17509d Merge "Revert "Suppress denials for odsign console"" into main am: c087c0b98c am: 07e0507c74 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3101601

Change-Id: I95cdc87581e38c8b18c9d084d20b0b2b27db6b33
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-05-24 13:51:10 +00:00
Treehugger Robot
07e0507c74 Merge "Revert "Suppress denials for odsign console"" into main am: c087c0b98c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3101601

Change-Id: Ifb6d5d5a8024f090006387d6af962184c87427e5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-05-24 13:38:31 +00:00
Treehugger Robot
c087c0b98c Merge "Revert "Suppress denials for odsign console"" into main 2024-05-24 13:20:01 +00:00
Alan Stokes
ef8cf12fd5 Revert "Suppress denials for odsign console" 
This reverts commit 8b80dacadc.

Reason for revert: b/341649167
Bug: 293259827
Change-Id: I25183a11b2c522f475eceeadcde5bcc74c95ba56
 2024-05-24 08:56:37 +00:00
Inseob Kim
ee4267a7cb Use symlinks for common policy files on microdroid 
Bug: 215093641
Test: boot microdroid
Change-Id: Ica76c9379a4ff29e8160644ee4099560ef5e48d9
 2024-05-24 15:14:51 +09:00
Kelvin Zhang
223f7957b8 Add ro.fstype.data to indicate fs type of /data 
This allows init to conditionally execute some init.rc commands
based on the filesystem type of /data partition . For example,
we may wish to do some initialization work for 16KB mode only
if /data is ext4.

Test: boot, check ro.fstype.data, re-format /data and check again
Bug: 341216848
Change-Id: I97d5b3a2fa560476b106f39d56aa9df55cd539f4
 2024-05-23 20:01:29 -07:00
Seungjae Yoo
80fd618c66 Set sepolicy for creating TAP interfaces in vmnic of AVF 
Bug: 340376951
Test: Presubmit
Change-Id: I2948698a1738d441768d77da611d5e8dd3eb3c5b
 2024-05-24 11:18:16 +09:00
Android Build Coastguard Worker
1817c1c6c5 Snap for 11881322 from 95059f3ae7 to 24Q3-release 
Change-Id: Ib640ffbf160c7223220aa220d2be8c53c41b2aef
 2024-05-23 23:24:41 +00:00
Steven Moreland
9956cdff2f fix bugreport denial for new binderfs log type 
Bug: 342311206
Test: SELinuxHostTest#testNoBugreportDenials
Change-Id: I0c28f1353fb0663167ecbc219d5e98fd214121eb
 2024-05-23 20:05:33 +00:00
Treehugger Robot
95059f3ae7 Merge "Allow system_server to reopen its own memfd." into main am: ab0272ccb4 am: c488d0bd8f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3094247

Change-Id: Icf0ae50e46dae55fab19d14292082f563a9eda5d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-05-23 14:34:21 +00:00
Treehugger Robot
c488d0bd8f Merge "Allow system_server to reopen its own memfd." into main am: ab0272ccb4 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3094247

Change-Id: Iad3f40b3e52aef2f234e22b0099aabf7ce26742f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-05-23 14:03:43 +00:00
Treehugger Robot
ab0272ccb4 Merge "Allow system_server to reopen its own memfd." into main 2024-05-23 13:45:23 +00:00
Yakun Xu
d181ae0b52 Merge "Thread: allow ot-rcp on user build" into main am: 1838718317 am: d066eaa355 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3099137

Change-Id: Iae502717e4c80e2b686ed411112be7256aed8c47
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-05-23 08:42:35 +00:00
Yakun Xu
d066eaa355 Merge "Thread: allow ot-rcp on user build" into main am: 1838718317 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3099137

Change-Id: I3f7a1b218fd1e916f52539fc8c6e6e542aef207f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-05-23 08:00:10 +00:00
Yakun Xu
1838718317 Merge "Thread: allow ot-rcp on user build" into main 2024-05-23 07:44:27 +00:00
Yi-Yo Chiang
15bdfcb180 Allow vmlauncher_app to create ptys to communicate with shell 
* Allow vmlauncher_app to create pty/pts
* Allow vmlauncher_app to change permission of created pts
* Allow shell to read/write vmlauncher_app pts

adb shell can open and communicate with vmlauncher_app via the pts
device. VM console would be available on the pts.

Bug: 335362012
Test: adb shell -t microcom /dev/pts/0
Test: No new avc denials in logcat
Change-Id: If630235b486bf5ffffb45aeac3e29438029edb04
 2024-05-23 15:03:49 +08:00
Yakun Xu
66947c66d6 Thread: allow ot-rcp on user build 
This commit adds sepolicy on user build so that Thread HAL simulation
can run on cuttlefish user builds.

Bug: 342154029
Test: presubmit
Change-Id: I576f52a1bdf5b0966e73ee93e4b68bed613b0796
 2024-05-23 11:22:36 +08:00
Android Build Coastguard Worker
8fc8265950 Snap for 11876238 from 13f3904986 to 24Q3-release 
Change-Id: I147de849b80d442c71523621d3eaf19b9dbb974b
 2024-05-22 23:26:02 +00:00
Treehugger Robot
55d4c03775 Merge "Update transaction log permissions." into main am: 6f388111e0 am: 9f4c7bc53f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3092992

Change-Id: I72d0e009a283d244c8f51f303f521bbb2165d694
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-05-22 19:53:48 +00:00
Daniel Zheng
34453d2417 add sepolicy for low mem device configurations 
adding permissions to access read only props as declared by aosp/3088028

Bug: 332255580
Test: adb shell getprop on cvd device
Change-Id: Ia3c9bd684d8ae8fcdffbf542afe1ce097d038cd5
 2024-05-22 12:41:14 -07:00
Treehugger Robot
9f4c7bc53f Merge "Update transaction log permissions." into main am: 6f388111e0 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3092992

Change-Id: I3cf12a24653cd8ab3ba51fff8142148c0806758a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-05-22 19:33:18 +00:00
Treehugger Robot
6f388111e0 Merge "Update transaction log permissions." into main 2024-05-22 19:21:00 +00:00
Ellen Arteca
13f3904986 Merge "Fix installd not having permission to delete storage area keys" into main am: 19208cb0e3 am: 96da6272a8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3095417

Change-Id: I6074238bcf0be9de1728e6b4e2018f9dd1084918
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-05-22 17:33:54 +00:00