tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
29509 commits 1 branch 0 tags 50 MiB
Commit graph

29509 commits

This branch
This branch
All branches
Author SHA1 Message Date
Nicolas Geoffray
6b393c128c Merge "Allow odrefresh to update the boot animation status." 2021-04-16 12:26:33 +00:00
David Massoud
c50fecd8ef Allow traced_probes to read devfreq 
- Add dir read access to /sys/class/devfreq/
- Add file read access to /sys/class/devfreq/$DEVICE/cur_freq

Resolves the following denials:
W traced_probes: type=1400 audit(0.0:8):
avc: denied { read } for name="devfreq" dev="sysfs"
ino=28076 scontext=u:r:traced_probes:s0
tcontext=u:object_r:sysfs:s0 tclass=dir permissive=0

W traced_probes: type=1400 audit(0.0:226):
avc: denied { read } for name="cur_freq" dev="sysfs"
ino=54729 scontext=u:r:traced_probes:s0
tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

See ag/14187061 for device specific sysfs_devfreq_cur labels

Bug: 181850306
Test: ls -Z, record perfetto trace
Change-Id: I23cebb16505313160e14b49e82e24da9b81cad70
 2021-04-16 20:02:06 +08:00
Treehugger Robot
d4ca559187 Merge "Mark ro.kernel properties as deprecated" am: 2678cacb3f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1676727

Change-Id: Id788a53bd69ee0abbf170135054d773e8791ed8c
 2021-04-16 08:59:45 +00:00
Treehugger Robot
2678cacb3f Merge "Mark ro.kernel properties as deprecated" 2021-04-16 08:48:23 +00:00
Nicolas Geoffray
efef689e36 Allow odrefresh to update the boot animation status. 
Test: m
Bug: 160683548
Change-Id: Ic7d3fe64a0ee54d6989e2a1b67e9eb0f6666b3a1
 2021-04-16 09:26:38 +01:00
Roman Kiryanov
08f51ea1c0 Mark ro.kernel properties as deprecated 
emulator migrated to `ro.boot`

Bug: 182291166
Test: presubmit
Signed-off-by: Roman Kiryanov <rkir@google.com>
Change-Id: I9cd443801ff7120ebb628acdc811f0eb339a02c9
 2021-04-15 22:46:40 -07:00
Hridya Valsaraju
8403ed70de Add a property to enable runtime debugfs restrictions in non-user builds 
This patch adds ro.product.enforce_debugfs_restrictions to
property_contexts. When the property is set to true in non-user builds,
init mounts debugfs in early-init to enable boot-time debugfs
initializations and unmounts it on boot complete. Similarly dumpstate
will mount debugfs to collect information from debugfs during bugreport
collection via the dumpstate HAL and unmount debugfs once done. Doing
so will allow non-user builds to keep debugfs disabled during runtime.

Test: make with/without PRODUCT_SET_DEBUGFS_RESTRICTIONS, adb shell am
bugreport
Bug: 184381659

Change-Id: Ib720523c7f94a4f9ce944d46977a3c01ed829414
 2021-04-15 22:38:23 -07:00
Treehugger Robot
76fc5c9fa5 Merge "Allow apexd to access a new dev_type: virtual disk" am: 1c996021a5 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1673185

Change-Id: I5cd7128b8b7caeefba9e84dfa82ab2b6e49838d3
 2021-04-16 01:22:48 +00:00
Treehugger Robot
1c996021a5 Merge "Allow apexd to access a new dev_type: virtual disk" 2021-04-16 00:54:40 +00:00
Robert Horvath
8504938690 Add bootanim property context, ro.bootanim.quiescent.enabled property 
Add property & property context to configure whether the bootanimation
should be played in a quiescent boot.

Bug: 185118020
Test: Set property through PRODUCT_PRODUCT_PROPERTIES
Test: Read property from bootanimation process
Change-Id: Ib9e88444da7f5e8000d7367199f5230f1e4d26d9
 2021-04-15 14:56:17 +00:00
Treehugger Robot
4e51d76dce Merge "Label ro.boot.qemu" am: 6a864fd0b5 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1676731

Change-Id: I5093de78f89b95c43032c39be9e192234f38b481
 2021-04-15 10:10:00 +00:00
Orion Hodson
8684e82953 Merge "Add odrefresh_data_file for odrefresh metrics" am: cb0627099e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1671828

Change-Id: Iab1f924e011fc8d32fe3c69c608846918d7fa209
 2021-04-15 10:09:30 +00:00
Treehugger Robot
6a864fd0b5 Merge "Label ro.boot.qemu" 2021-04-15 09:33:17 +00:00
Orion Hodson
cb0627099e Merge "Add odrefresh_data_file for odrefresh metrics" 2021-04-15 08:51:01 +00:00
Roman Kiryanov
640a58d3c1 Label ro.boot.qemu 
This is an Android Studio Emulator (aka ranchu)
specific property, it is used for emulator
specific workarounds.

Bug: 182291166
Test: presubmit
Signed-off-by: Roman Kiryanov <rkir@google.com>
Change-Id: I2b8daf7c8ddb05b4082e4229f7b606c6ad4e717e
 2021-04-14 23:51:11 -07:00
Treehugger Robot
2933f3aab0 Merge "Build userdebug_plat_sepolicy.cil with Android.bp" am: 8d2bfafcf5 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1673194

Change-Id: Ie09df99a1615906faedf3af14bf3bc6777506bc8
 2021-04-15 05:44:25 +00:00
Treehugger Robot
8d2bfafcf5 Merge "Build userdebug_plat_sepolicy.cil with Android.bp" 2021-04-15 05:22:35 +00:00
Yi-Yo Chiang
2b708a2725 Allow health storage HAL to read default fstab 
Fixes: 184797681
Bug: 181110285
Test: Presubmit
Test: atest VtsHalHealthStorageV1_0TargetTest
Change-Id: I87510bc82d742cd209846161cb73543308edcb09
 2021-04-15 12:44:24 +08:00
Yo Chiang
25596272b6 Merge "Allow shell to read default fstab" am: 1bb00f0d81 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1669728

Change-Id: Iec066b8383e6afb856f94b55b91711ff55e4f85e
 2021-04-15 03:52:07 +00:00
Yo Chiang
1bb00f0d81 Merge "Allow shell to read default fstab" 2021-04-15 03:34:50 +00:00
Treehugger Robot
97994bab50 Merge "Allow mediaprovider to find the camera server." am: e40879c3b5 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1676687

Change-Id: Ic21f8e35f7389cadb000298447d135fe6bad933f
 2021-04-15 03:31:20 +00:00
Treehugger Robot
b46aacdc00 Merge "Add keystore2 namespace for LocksettingsService." am: 955362bfd0 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1676685

Change-Id: I56571d00c89b52eb3a4628bfaffae06808febb0b
 2021-04-15 03:30:52 +00:00
Treehugger Robot
e40879c3b5 Merge "Allow mediaprovider to find the camera server." 2021-04-15 03:13:31 +00:00
Treehugger Robot
955362bfd0 Merge "Add keystore2 namespace for LocksettingsService." 2021-04-15 02:53:43 +00:00
Krzysztof Kosiński
a04ecbfd3e Allow mediaprovider to find the camera server. 
Fixed SELinux denials when trying to render the camera preview
to a texture in an internal test app. See the bug for additional
information.

Bug: 183749637
Test: Ran the internal test app, doesn't crash anymore.
Change-Id: I8fb62be424cd91c46cada55bb23db1624707997d
 2021-04-14 18:41:28 -07:00
Treehugger Robot
38dbf9f085 Merge "traced: move traced_tmpfs to public policy" am: f40c8b67ca 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1675826

Change-Id: I363092c5d7b68b965ba295be1a53779dcbb1c5d2
 2021-04-15 00:33:40 +00:00
Treehugger Robot
f40c8b67ca Merge "traced: move traced_tmpfs to public policy" 2021-04-14 23:40:03 +00:00
Janis Danisevskis
79d167704e Add keystore2 namespace for LocksettingsService. 
Bug: 184664830
Test: N/A
Change-Id: Ie04186eddaae689b968690b2bb0d3692c81ac645
 2021-04-14 16:03:13 -07:00
Jeff Vander Stoep
16ebb161eb traced: move traced_tmpfs to public policy 
Allow the perfetto_producer macro to be used in device-specific
policy.

Bug: 185379881
Test: TH
Change-Id: I6932ff91a3ed095b5edce4076bdfd8607e925c6e
 2021-04-14 22:18:41 +02:00
Michael Butler
34ae962fc6 Merge "Allow binder to send signals to hal_neuralnetworks_service" am: 19ae37f4ef 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1674541

Change-Id: Idc704b37335e60c286fced17129f74e2ab72de16
 2021-04-14 20:14:28 +00:00
Michael Butler
19ae37f4ef Merge "Allow binder to send signals to hal_neuralnetworks_service" 2021-04-14 19:35:08 +00:00
Emilian Peev
1d1e424ac6 Merge "Define vendor side property "ro.camerax.extensions.enabled"" am: 87a3f24857 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1504131

Change-Id: I692728b89c9315e7190486f89597d626e2b2c88d
 2021-04-14 16:32:42 +00:00
Emilian Peev
87a3f24857 Merge "Define vendor side property "ro.camerax.extensions.enabled"" 2021-04-14 16:20:16 +00:00
Treehugger Robot
13eb54a4e4 Merge "OWNERS: add inseob@google.com" am: 539440d228 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1674607

Change-Id: I8b4a98bd4336ed0be2585c18c71b60e9c176e011
 2021-04-14 16:10:51 +00:00
paulhu
c471e4c08d Amend networkstack sepolicy for testing 
NetworkStack GTS tests need get network_watchlist_service and
system_config_service to test their APIs which are used by
module. But it will block by avc denied when trying to get
these services. Thus, amend networkstack sepolicy that can get
these services correctly.

Bug: 185309847
Test: Verify GTS test can get service correctly.
Change-Id: Icb18065e94d0026c3232cebb7d5eb39277fe7552
 2021-04-15 00:06:05 +08:00
Treehugger Robot
539440d228 Merge "OWNERS: add inseob@google.com" 2021-04-14 15:27:58 +00:00
Marvin Ramin
157957b9ec Add existing ro.hdmi sysprops to sepolicy 
Bug: 185198967
Change-Id: I8efaa7b220c7bba34f2431b1a044c21cd6a1e198
Test: make
 2021-04-14 13:20:13 +00:00
Yo Chiang
caa0b4dceb Merge "se_compat_cil: Prepend generated files with a header" am: 466964d401 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1673192

Change-Id: I6dcef0079e14d8ac7c979ad16c7a47dae77bb9c7
 2021-04-14 08:57:19 +00:00
Yo Chiang
466964d401 Merge "se_compat_cil: Prepend generated files with a header" 2021-04-14 08:30:38 +00:00
Yi-Yo Chiang
b44e506223 se_compat_cil: Prepend generated files with a header 
to ensure the file size is greater than 0, as secilc cannot handle
zero-sized cil files.

Fixes: 185256986
Bug: 183362912
Test: Forrest re-run broken test
Change-Id: Ief3039d38728fbeff67c6e39d6b15bddb006e5f8
 2021-04-14 07:41:23 +00:00
Jeff Vander Stoep
4b5ed6453a OWNERS: add inseob@google.com 
For ownership of system properties and microdroid policy.

Test: n/a
Change-Id: I8b729d0c6b9445b37d94858ae803db7db5eb9ff7
 2021-04-14 09:37:35 +02:00
Yo Chiang
e48dbd82ff Merge "Remove references to BOARD_PLAT_{PUBLIC,PRIVATE}_SEPOLICY_DIR" am: 86a8275378 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1671536

Change-Id: I464910b25aa9409978bed1964126979b0bd42b6d
 2021-04-14 07:33:31 +00:00
Yo Chiang
86a8275378 Merge "Remove references to BOARD_PLAT_{PUBLIC,PRIVATE}_SEPOLICY_DIR" 2021-04-14 06:55:59 +00:00
Inseob Kim
57b64bd282 Build userdebug_plat_sepolicy.cil with Android.bp 
Bug: 33691272
Test: build and see $OUT/debug_ramdisk
Change-Id: I7994857a3dd4e54f2c2d35ff8e362ecae93ea7a2
 2021-04-14 15:54:26 +09:00
Roshan Pius
4b47c80944 Merge "Uwb: Create a new Uwb system service" am: 0b8eafb54b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1673587

Change-Id: I2f834534410b9b65e78b30f5131128f3bab04e1b
 2021-04-14 01:46:18 +00:00
Roshan Pius
0b8eafb54b Merge "Uwb: Create a new Uwb system service" 2021-04-14 00:52:10 +00:00
Emilian Peev
a974640390 Define vendor side property "ro.camerax.extensions.enabled" 
Add "ro.camerax.extensions.enabled" vendor-specific property.
Allow public apps to read this property.

Bug: 171572972
Test: Camera CTS
Change-Id: Id5fadedff6baaaebe5306100c2a054e537aa61ed
 2021-04-13 16:42:10 -07:00
Michael Butler
581fafffd3 Allow binder to send signals to hal_neuralnetworks_service 
Bug: 170696939
Test: mma
Change-Id: Ic960f81854f5d9c913d09adcfba9782bc94c3c2b
 2021-04-13 16:27:19 -07:00
Zimuzo Ezeozue
22e8e5cc88 Merge "Allow appdomain sepolicy search access to /mnt/media_rw" am: a62ecbdf51 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1669925

Change-Id: I60a9c103e228b09d634f9c4734b6ee42812e0a3e
 2021-04-13 23:24:02 +00:00
Zimuzo Ezeozue
a62ecbdf51 Merge "Allow appdomain sepolicy search access to /mnt/media_rw" 2021-04-13 22:49:51 +00:00