tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
45269 commits 1 branch 0 tags 50 MiB
Commit graph

45269 commits

This branch
This branch
All branches
Author SHA1 Message Date
Matt Stokes
d15c3ac74e Merge "Revert "Allow system_server to communicate with virtual_camera"" into main am: 61ba09b9a8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2834733

Change-Id: I6a45394dd5f9284144f7c24e37535cfe49568d6c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-16 19:30:15 +00:00
Matt Stokes
61ba09b9a8 Merge "Revert "Allow system_server to communicate with virtual_camera"" into main 2023-11-16 18:58:19 +00:00
Matt Stokes
76a62dfb3e Revert "Allow system_server to communicate with virtual_camera" 
This reverts commit 45f1ecee7a.

Reason for revert: <Droid TestMonitor b/311401010>

Change-Id: I82716e9d52a66018c5e7d7d13c8292d7d19f253c
 2023-11-16 17:42:25 +00:00
Ján Sebechlebský
1a3b533557 Merge "Allow system_server to communicate with virtual_camera" into main am: 4b16e566e1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2824498

Change-Id: I8759a11c9bd49d00d0f75eeee0cf7ca55a61a43f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-16 12:08:04 +00:00
Ján Sebechlebský
4b16e566e1 Merge "Allow system_server to communicate with virtual_camera" into main 2023-11-16 11:20:43 +00:00
Jooyung Han
26bf264bc2 Add properties for vulkan apex am: f8c18cb0f2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2821213

Change-Id: I1282e39f074dc01e3e51946c6a6037b4514b9968
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-16 08:19:47 +00:00
Jooyung Han
3caea66cd7 Merge "apex_sepolicy_tests: check apex roots are search-able" into main am: a5463fd4b9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2829353

Change-Id: Ibf25226c1917ad3c5c85da51800d7657703346f9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-15 05:10:36 +00:00
Jooyung Han
f8c18cb0f2 Add properties for vulkan apex 
ro.vulkan.apex property is added to tell which APEX provides vulkan
driver.

Bug: 205618237
Test: CtsGraphicsTestCases
Change-Id: Icdf6ee5ede16c08405f48d736ed38ad4117d8e2d
 2023-11-15 13:45:38 +09:00
Jooyung Han
a5463fd4b9 Merge "apex_sepolicy_tests: check apex roots are search-able" into main 2023-11-15 04:36:41 +00:00
Thiébaud Weksteen
7be4946321 [automerger skipped] Merge "Revert "Introduce sdk_sandbox_audit SELinux domain"" into android14-tests-dev am: 3195af1315 -s ours am: db2b83d8c8 -s ours 
am skip reason: Merged-In I9c5873181c925c6b8ebb411328d30aa519053acf with SHA-1 4db0e27a50 is already in history. Merged-In was found from reverted change.

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2829793

Change-Id: Ic2986330da02f9a35e2fe81997c4b468df7dca47
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-15 03:34:20 +00:00
Sandro Montanari
814f097900 [automerger skipped] Revert "Introduce sdk_sandbox_audit SELinux domain" am: a41bfab758 -s ours am: 6ed0dd8688 -s ours 
am skip reason: Merged-In I9c5873181c925c6b8ebb411328d30aa519053acf with SHA-1 4db0e27a50 is already in history. Merged-In was found from reverted change.

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2829793

Change-Id: Ice43c8ca2bdcd77027aa799cc2af5ced550e2fe4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-15 03:34:17 +00:00
Thiébaud Weksteen
90945326cd Revert "Prebuilt updates for aosp/2827450" am: b460885e50 am: c541c1eb80 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2830890

Change-Id: I6d5f197c9cb4a1728e0bd6bc9acf220f05ed05de
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-15 03:34:07 +00:00
Thiébaud Weksteen
db2b83d8c8 [automerger skipped] Merge "Revert "Introduce sdk_sandbox_audit SELinux domain"" into android14-tests-dev am: 3195af1315 -s ours 
am skip reason: Merged-In I9c5873181c925c6b8ebb411328d30aa519053acf with SHA-1 4db0e27a50 is already in history. Merged-In was found from reverted change.

Reverted change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2827450

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2829793

Change-Id: I5da5356a52c8cc132ca175b734c9e6679ef022e0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-15 03:03:01 +00:00
Sandro Montanari
6ed0dd8688 [automerger skipped] Revert "Introduce sdk_sandbox_audit SELinux domain" am: a41bfab758 -s ours 
am skip reason: Merged-In I9c5873181c925c6b8ebb411328d30aa519053acf with SHA-1 4db0e27a50 is already in history. Merged-In was found from reverted change.

Reverted change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2827450

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2829793

Change-Id: I2f00b81a7ba4868c6a6a52d842e143d423cc5ac6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-15 03:02:57 +00:00
Thiébaud Weksteen
c541c1eb80 Revert "Prebuilt updates for aosp/2827450" am: b460885e50 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2830890

Change-Id: Ief55d435dff2e58e463d4498fb3cf5740af8d21d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-15 03:02:23 +00:00
Thiébaud Weksteen
3195af1315 Merge "Revert "Introduce sdk_sandbox_audit SELinux domain"" into android14-tests-dev 2023-11-15 02:51:06 +00:00
Jooyung Han
b9517900e6 apex_sepolicy_tests: check apex roots are search-able 
Narrow down the check for apex roots. It was 'read', but 'search' should
be enough.

Bug: 310528686
Test: m
Change-Id: Ibe5f2e948464580832d87e8d8364c33a437efed2
 2023-11-15 10:45:14 +09:00
Thiébaud Weksteen
b460885e50 Revert "Prebuilt updates for aosp/2827450" 
This reverts commit 74ec7d8343.

Reason for revert: Tests are still failing

Change-Id: Ic7dcd5fb4703cfe476f74835782b99d5848ed738
 2023-11-14 23:37:47 +00:00
Sandro Montanari
8dab5407de Prebuilt updates for aosp/2827450 am: 74ec7d8343 am: 20d6a0ec30 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2828198

Change-Id: I7780eb835be7dafc39865ac6446b416c7d96ed77
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-14 18:51:08 +00:00
Sandro Montanari
20d6a0ec30 Prebuilt updates for aosp/2827450 am: 74ec7d8343 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2828198

Change-Id: Idce3a100d6c6db0d90f21142baf1158185bd97e1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-14 18:16:13 +00:00
Sandro Montanari
74ec7d8343 Prebuilt updates for aosp/2827450 
Bug: 295861450
Test: presubmits

Merged-In: I3d36a17697623f51618913d16ed4d3ea2ccf923b
Change-Id: I3f031449457a7cf8912b17c3eac4b7aa82710d58
 2023-11-14 15:07:54 +00:00
Vadim Caen
45f1ecee7a Allow system_server to communicate with virtual_camera 
and consitently name service and process as "virtual_camera" (with
underscore)

Test: Cts VirtalCameraTest
Bug: 270352264
Change-Id: I2c6c0c03aab47aa1795cbda19af25e6661a0bf4a
 2023-11-14 15:27:57 +01:00
Sandro Montanari
a41bfab758 Revert "Introduce sdk_sandbox_audit SELinux domain" 
This reverts commit 5eb6189fc0.

Reason for revert: breaks build in git_udc-qpr-dev-throttled

Change-Id: I97b5fe5e1db668a33d00b15bd3cb5e663050eba2
 2023-11-14 12:27:39 +00:00
Sandro Montanari
2bfd24e906 [automerger skipped] Merge "Introduce sdk_sandbox_audit SELinux domain" into android14-tests-dev am: 1b612c280c -s ours am: 2b00f73b12 -s ours 
am skip reason: Merged-In I9c5873181c925c6b8ebb411328d30aa519053acf with SHA-1 4db0e27a50 is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2827450

Change-Id: I8cda89bf2c39b3a670d0cd40824bc646212f6865
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-14 09:46:22 +00:00
Sandro Montanari
136e355fa0 [automerger skipped] Introduce sdk_sandbox_audit SELinux domain am: 5eb6189fc0 -s ours am: c503338a3f -s ours 
am skip reason: Merged-In I9c5873181c925c6b8ebb411328d30aa519053acf with SHA-1 4db0e27a50 is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2827450

Change-Id: Ie68f04ce481bdbd71e001b8df3d03e80fc7eb156
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-14 09:46:19 +00:00
Inseob Kim
19d3118140 [automerger skipped] Revert "Add permission for VFIO device binding" am: c6227550f7 -s ours am: 273fd0ab18 -s ours 
am skip reason: Merged-In Ie947adff00d138426d4703cbb8e7a8cd429c2272 with SHA-1 901385f711 is already in history. Merged-In was found from reverted change.

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2829493

Change-Id: Iae2e8d5cf961bb045a7f636a866d6c893d4abc94
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-14 09:46:08 +00:00
Sandro Montanari
2b00f73b12 [automerger skipped] Merge "Introduce sdk_sandbox_audit SELinux domain" into android14-tests-dev am: 1b612c280c -s ours 
am skip reason: Merged-In I9c5873181c925c6b8ebb411328d30aa519053acf with SHA-1 4db0e27a50 is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2827450

Change-Id: I408f1d5bec2f00214fc0472e1862a3a435cd055f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-14 09:16:04 +00:00
Sandro Montanari
c503338a3f [automerger skipped] Introduce sdk_sandbox_audit SELinux domain am: 5eb6189fc0 -s ours 
am skip reason: Merged-In I9c5873181c925c6b8ebb411328d30aa519053acf with SHA-1 4db0e27a50 is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2827450

Change-Id: I6886db030bb1e2d8aa0bb3222c11307c0ccdc01d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-14 09:16:00 +00:00
Inseob Kim
273fd0ab18 [automerger skipped] Revert "Add permission for VFIO device binding" am: c6227550f7 -s ours 
am skip reason: Merged-In Ie947adff00d138426d4703cbb8e7a8cd429c2272 with SHA-1 901385f711 is already in history. Merged-In was found from reverted change.

Reverted change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2825716

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2829493

Change-Id: Idb26e5c857a5ebb9b6d86626fdfc00005e242a4d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-14 09:15:27 +00:00
Sandro Montanari
1b612c280c Merge "Introduce sdk_sandbox_audit SELinux domain" into android14-tests-dev 2023-11-14 09:14:57 +00:00
Sandro Montanari
5eb6189fc0 Introduce sdk_sandbox_audit SELinux domain 
Bug: 295861450
Test: atest CtsSdkSandboxInprocessTests and adb shell ps -Z
Change-Id: I9c5873181c925c6b8ebb411328d30aa519053acf
Merged-In: I9c5873181c925c6b8ebb411328d30aa519053acf
 2023-11-14 09:14:03 +00:00
Inseob Kim
c6227550f7 Revert "Add permission for VFIO device binding" 
This reverts commit 901385f711.

Reason for revert: breaking build

Change-Id: Ib936ca7c347b657b94bb44692cd0e9ceee5db55a
Merged-In: Ie947adff00d138426d4703cbb8e7a8cd429c2272
 2023-11-14 08:41:48 +00:00
Inseob Kim
0aa366a7d3 [automerger skipped] Add permission for VFIO device binding am: 901385f711 -s ours am: e5004a3d7e -s ours 
am skip reason: Merged-In Ie947adff00d138426d4703cbb8e7a8cd429c2272 with SHA-1 825056de9a is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2825716

Change-Id: I46a72a811af7123e87c5ff24cbb52c53b1b7828f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-14 07:00:38 +00:00
Inseob Kim
e5004a3d7e [automerger skipped] Add permission for VFIO device binding am: 901385f711 -s ours 
am skip reason: Merged-In Ie947adff00d138426d4703cbb8e7a8cd429c2272 with SHA-1 825056de9a is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2825716

Change-Id: I67fe9d38864e0f87211959b75d41a5f76a9ad031
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-14 06:29:52 +00:00
Treehugger Robot
fc06236fcc Merge "Revert "Revert^2 "[avf][rkp] Allow virtualizationservice to regi..."" into main am: 3f92c1beb3 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2829351

Change-Id: I7a498e1911a666539ae6eeef9fd5040ecf4c34fa
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-14 03:10:27 +00:00
Treehugger Robot
3f92c1beb3 Merge "Revert "Revert^2 "[avf][rkp] Allow virtualizationservice to regi..."" into main 2023-11-14 02:41:56 +00:00
Inseob Kim
901385f711 Add permission for VFIO device binding 
vfio_handler will bind platform devices to VFIO driver, and then
return a file descriptor containing DTBO. This change adds
permissions needed for that.

Bug: 278008182
Bug: 308058980
Test: adb shell /apex/com.android.virt/bin/vm run-microdroid \
      --devices /sys/bus/platform/devices/16d00000.eh --protected
Change-Id: Ie947adff00d138426d4703cbb8e7a8cd429c2272
Merged-In: Ie947adff00d138426d4703cbb8e7a8cd429c2272
(cherry picked from commit 825056de9a)
 2023-11-14 01:56:24 +00:00
Alan Stokes
18bcf12fbb Revert "Revert^2 "[avf][rkp] Allow virtualizationservice to regi..." 
Revert submission 2812456-revert-2812435-revert-2778549-expose-avf-rkp-hal-GTFGLMUUKQ-PAWNEHUQBT

Reason for revert: SELinux denials: b/310744536

Reverted changes: /q/submissionid:2812456-revert-2812435-revert-2778549-expose-avf-rkp-hal-GTFGLMUUKQ-PAWNEHUQBT

Change-Id: I88b5f03dccb1b4ab906afde7d66853e816cce7f1
 2023-11-14 01:40:53 +00:00
Alice Wang
9f1f416b17 Merge "Revert^2 "[avf][rkp] Allow virtualizationservice to register RKP HAL"" into main am: dd034824b1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2812455

Change-Id: Ided47a6c565f8153868e717f14a70a5650cc5ff2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-13 22:11:40 +00:00
Alice Wang
dd034824b1 Merge "Revert^2 "[avf][rkp] Allow virtualizationservice to register RKP HAL"" into main 2023-11-13 21:33:49 +00:00
Mitch Phillips
5ae185a5bf Allow persist.arm64.memtag.* sysprops to be changed on user devices. am: 980c33614e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2826290

Change-Id: I7907e9b076e9c90cb23355e1dfb9e57be3a4e7b4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-10 23:42:41 +00:00
Mitch Phillips
980c33614e Allow persist.arm64.memtag.* sysprops to be changed on user devices. 
Looks like we missed this, and so non-rooted locked devices can't override the persistent sysprops. On Pixel 8 for example, we ship with 'persist.arm64.memtag.system_server=off' by default (from some droidfood carry-overs), and this can't be edited (https://googleprojectzero.blogspot.com/2023/11/first-handset-with-mte-on-market.html).

We should allow these advanced users to set all the MTE properties on the device that they own, and they can already control the non-persistent properties.

Change-Id: Ie495f6f9ad43146a0bfcd5bb291fca3760467370
Test: N/A
Bug: N/A
 2023-11-10 13:03:58 +00:00
Treehugger Robot
b29a20e3f9 Merge "Define a new sysprop ro.board.api_frozen" into main am: 2341903b87 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2825714

Change-Id: I3db2ba0ba010d4c101a0c33316af025292511083
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-10 11:19:47 +00:00
Treehugger Robot
2341903b87 Merge "Define a new sysprop ro.board.api_frozen" into main 2023-11-10 10:30:13 +00:00
Justin Yun
5e4c7fdea9 Define a new sysprop ro.board.api_frozen 
ro.board.api_frozen shows if ro.board.api_level is finalized.

Bug: 295269182
Test: getprop ro.board.api_frozen
Change-Id: Ib8fb762eb21e7568c8b7254b3f25741fd2eee77f
 2023-11-10 17:43:56 +09:00
David Drysdale
1870a591b5 Merge "Add the fuzzer for IAuthGraphKeyExchange" into main am: e7ba3d04e6 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2813013

Change-Id: I487da417c897cac0a981bc038bc21450c7a755c7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-10 07:30:34 +00:00
David Drysdale
e7ba3d04e6 Merge "Add the fuzzer for IAuthGraphKeyExchange" into main 2023-11-10 06:55:25 +00:00
Thiébaud Weksteen
9edab7c149 Merge "Document the file_contexts evaluation" into main am: cf18974d93 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2820637

Change-Id: I14aeb6e63f41392c60d8c83254d1a50c52f5bf4b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-09 22:45:14 +00:00
Thiébaud Weksteen
cf18974d93 Merge "Document the file_contexts evaluation" into main 2023-11-09 21:56:54 +00:00
Treehugger Robot
2976b8d9fa Merge "Add a label for payload accessible devices" into main am: 99ccd0de80 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2812754

Change-Id: Ic5011e08b70c92ef2f458972941620f318d62af5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-09 15:03:26 +00:00