tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
21058 commits 1 branch 0 tags 50 MiB
Commit graph

21058 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jeff Vander Stoep
b4ad398ca9 Merge "system_server_startup: allow SIGCHLD to zygote" into qt-dev 
am: 6dc831d2fb

Change-Id: I1f83d7940955d3c20bc025f106cd9580a5811d7f
 2019-06-15 17:45:03 -07:00
TreeHugger Robot
6dc831d2fb Merge "system_server_startup: allow SIGCHLD to zygote" into qt-dev 2019-06-16 00:29:00 +00:00
Jeff Vander Stoep
e0d9e50c96 system_server_startup: allow SIGCHLD to zygote 
avc: denied { sigchld } for comm="main"
scontext=u:r:system_server_startup:s0 tcontext=u:r:zygote:s0
tclass=process permissive=0

Test: build
Bug: 134496658
Change-Id: I98c106b17ba1740f953c3108bd0fc927c150096f
(cherry picked from commit 67dc274f87)
 2019-06-14 16:56:05 -07:00
Valerie Hau
d3499df3cf Add IMapper2.1 same process hal permissions 
Bug: 135166668
Test: build, boot, VtsHalGraphicsComposerV2_2TargetTest
Change-Id: Iedc11b73d3e3ba54dcd622b128cb513adec11d69
 2019-06-14 12:31:17 -07:00
Pirama Arumuga Nainar
da437c3a8f Merge "In native coverage builds, allow all domains to access /data/misc/trace" am: 1eb45b5606 
am: f6a95d82d8

Change-Id: Iac5840a4b2a5edf394954dff0a14e307fed28778
 2019-06-14 12:05:15 -07:00
Pirama Arumuga Nainar
f6a95d82d8 Merge "In native coverage builds, allow all domains to access /data/misc/trace" 
am: 1eb45b5606

Change-Id: Ic70c7f2ccfe1d2c969f8807bbdf7bdf3134fa8b7
 2019-06-14 11:56:59 -07:00
Treehugger Robot
1eb45b5606 Merge "In native coverage builds, allow all domains to access /data/misc/trace" 2019-06-14 18:35:25 +00:00
Rick Yiu
358a4bb66d Merge "Add macro for dumping hal debug info" am: f1f2b514fe 
am: 2446e21855

Change-Id: I3c308ede14b5c033cafd78c3202e1275d59a748d
 2019-06-14 08:57:20 -07:00
Rick Yiu
2446e21855 Merge "Add macro for dumping hal debug info" 
am: f1f2b514fe

Change-Id: I482156c2a004422a7e5c50674525cf9ad79aa1ba
 2019-06-14 08:49:21 -07:00
Treehugger Robot
f1f2b514fe Merge "Add macro for dumping hal debug info" 2019-06-14 15:38:24 +00:00
Rick Yiu
1a94b30d9a Add macro for dumping hal debug info 
Hal debug info could be dumped in user build by using this macro.

Bug: 134545528
Test: build pass
Change-Id: I650d69607c75b73e95efb3647de5dd03b86cb143
 2019-06-14 15:37:59 +00:00
Pirama Arumuga Nainar
ce9c0c5a5f In native coverage builds, allow all domains to access /data/misc/trace 
Bug: http://b/135139675

Coverage files are written to /data/misc/trace (governed by the
method_trace_data_file selinux type).  Allow all domains to access
(create directories, access files) this directory when native coverage
is enabled (by setting NATIVE_COVERAGE to true) in an userdebug or eng
build.

Also relax neverallow constraints to allow access to
method_trace_data_file for native coverage builds.

Test: Build 32-bit cuttlefish with coverage:
          m NATIVE_COVERAGE=true COVERAGE_PATHS="*"
      and verify that there are no selinux denials in kernel log and
      logcat.

Change-Id: I3fe7c77612854b9de7de7a0ddd5cbf44a2f5c21e
 2019-06-14 08:31:51 -07:00
Matthias Kramm
3a44b17897 Allow hal_face to write to /data/vendor/camera_calibration/*. 
Also, allow hal_camera to read from there.

Bug: 133792720
Change-Id: Iedec8d7325b4424d166f8e4d09182e1f29808ef2
Test: Running presubmit.
 2019-06-14 05:53:59 -07:00
Jiyong Park
fa9e9176f8 Merge "Allow apexd to stop itself" am: 7436dba4c4 
am: 6b9060cf15

Change-Id: Id9302af08aec77b69ca7a2c889c7c45e4428a439
 2019-06-13 23:50:06 -07:00
Jiyong Park
6b9060cf15 Merge "Allow apexd to stop itself" 
am: 7436dba4c4

Change-Id: I25b636bdf4f45252da8152016334731ad1198090
 2019-06-13 23:42:22 -07:00
Treehugger Robot
7436dba4c4 Merge "Allow apexd to stop itself" 2019-06-14 06:30:05 +00:00
Ryan Savitski
83e291ca3e [automerger skipped] userdebug: support perfetto traces as a section in incident reports 
am: 72f247f5ff -s ours
am skip reason: change_id I2aa27e25f0209b3a5cdf5d550d0312693932b808 with SHA1 ce3a33ff18 is in history

Change-Id: Ie4d41a9f751fd01a8539eb944f8fed0e223a8a0f
 2019-06-13 16:51:15 -07:00
Tri Vo
73ce5b8e02 Merge "sepolicy: fix 28.0.ignore.cil build" am: 0d5455a111 
am: 01c235c93c

Change-Id: I1cacfb23f7bb1d7ac9f6a1450785b3c9e4dc9e96
 2019-06-13 14:01:05 -07:00
Tri Vo
01c235c93c Merge "sepolicy: fix 28.0.ignore.cil build" 
am: 0d5455a111

Change-Id: Ic344c1618a1c7fc929ce6d06cd43661040b4729a
 2019-06-13 13:54:50 -07:00
Tri Vo
0d5455a111 Merge "sepolicy: fix 28.0.ignore.cil build" 2019-06-13 20:25:41 +00:00
Neil Fuller
789eb70d89 Merge "Track removal of tz data files from runtime module" am: a83de7b4ac 
am: 6b103ab141

Change-Id: I39b61d8db3186889433d61f0e0e2759fcc675cba
 2019-06-13 07:32:53 -07:00
Neil Fuller
6b103ab141 Merge "Track removal of tz data files from runtime module" 
am: a83de7b4ac

Change-Id: I2b24116607b58612bfce58c5db60f853dee40e50
 2019-06-13 07:25:50 -07:00
Neil Fuller
a83de7b4ac Merge "Track removal of tz data files from runtime module" 2019-06-13 14:13:19 +00:00
Jiyong Park
6e823dd597 Allow apexd to stop itself 
apexd stops itself when it finds that it is running on a device with
flattened APEXes (i.e. ro.apex.updatable = false).

Bug: 133907211
Test: launch sdk_phone_x86_64
adb logcat -d | grep apexd | wc -l
returns 3

Change-Id: I7fa161b069aa34adb028194b55f367fe740a0cfc
 2019-06-13 09:45:05 +09:00
Tri Vo
e381deb759 sepolicy: fix 28.0.ignore.cil build 
29.0.ignore.cil/29.0.cil should be expanded into
28.0.ignore.cil/28.0.cil, so that there is no need to duplicate changes
in both places.

Test: adding a type to 29.0.ignore.cil/29.0.cil only doesn't trigger a
build error.
Change-Id: I543c0fc5e3749211e5bede81aabb0b520435a510
 2019-06-12 15:56:05 -07:00
David Anderson
45e8c91045 Merge "Allow gsid to read dm nodes from sysfs." am: 4afae94836 
am: 0524b03d8d

Change-Id: If235259b37b61532ba281da7585433cb1fd6c735
 2019-06-12 14:34:30 -07:00
David Anderson
0524b03d8d Merge "Allow gsid to read dm nodes from sysfs." 
am: 4afae94836

Change-Id: If61d1504843a0ea09372830801dde9f6706934f8
 2019-06-12 14:27:24 -07:00
David Anderson
4afae94836 Merge "Allow gsid to read dm nodes from sysfs." 2019-06-12 21:09:59 +00:00
Dan Willemsen
754da1e102 Merge "Sync all_plat_keys to keys.conf" am: 63521329b4 
am: 6d30472751

Change-Id: I5b6b6d61b9bfdcfe24790d752da75708ac2ec935
 2019-06-10 18:17:53 -07:00
Dan Willemsen
6d30472751 Merge "Sync all_plat_keys to keys.conf" 
am: 63521329b4

Change-Id: Icc533bd92b030e26e0a9e76b296d81c47eb64f63
 2019-06-10 18:08:22 -07:00
Treehugger Robot
63521329b4 Merge "Sync all_plat_keys to keys.conf" 2019-06-10 23:28:53 +00:00
Dan Willemsen
3afe235071 Sync all_plat_keys to keys.conf 
Since this rule does read the networkstack key.

Bug: 130111713
Test: treehugger
Test: run this on RBE, which only exposes the source files depended upon
Change-Id: Ib4c7e0680158e7892c062f00fe64c2da4195da2b
 2019-06-10 20:09:14 +00:00
Joel Galenson
d181604ce1 Merge "Give hal_drm_server appdomain fd access." am: 7d258073df 
am: 2c465fa2bb

Change-Id: I89eff6ce6cb82ad2a65c79a3c4e934b9a6ea81b6
 2019-06-10 11:43:41 -07:00
Joel Galenson
2c465fa2bb Merge "Give hal_drm_server appdomain fd access." 
am: 7d258073df

Change-Id: I82895792df44e2b3a1bfee6820cb05667a8f4a8c
 2019-06-10 11:38:53 -07:00
Treehugger Robot
7d258073df Merge "Give hal_drm_server appdomain fd access." 2019-06-10 18:20:47 +00:00
Neil Fuller
073271071a Track removal of tz data files from runtime module 
Track the removal of time zone data files from the runtime mainline module.

Bug: 132168458
Test: build / boot only
Change-Id: I67e596e4da2b23726c36866ff1648a833d2853c7
 2019-06-10 15:39:19 +01:00
Tri Vo
8500aa74eb Merge "Use BOARD_VENDOR_SEPOLICY_DIRS instead of BOARD_SEPOLICY_DIRS" am: 48d81b1c9e 
am: 47dc6bc87d

Change-Id: I9adf001c85f5570d56b3c2dcde29d4ea3c137335
 2019-06-09 09:51:29 -07:00
Tri Vo
47dc6bc87d Merge "Use BOARD_VENDOR_SEPOLICY_DIRS instead of BOARD_SEPOLICY_DIRS" 
am: 48d81b1c9e

Change-Id: I442397e058a4034756c1978111dfd8234234e5ae
 2019-06-09 09:46:27 -07:00
Treehugger Robot
48d81b1c9e Merge "Use BOARD_VENDOR_SEPOLICY_DIRS instead of BOARD_SEPOLICY_DIRS" 2019-06-09 16:33:55 +00:00
Kalesh Singh
f2f848690c Merge "Add core domain attribute to perfprofd for all targets" am: ab1e359761 
am: 4890ad499d

Change-Id: I6678dd975ed32464e37e544e401e4806ab055d74
 2019-06-07 23:26:30 -07:00
Kalesh Singh
deb8024fd0 Merge "Sepolicy for vendor hals to access IAshmem" am: 06984017b7 
am: 3b3bc95112

Change-Id: Icf6c0569d988f09d3edca1d1d8ed030099ddbc61
 2019-06-07 23:26:26 -07:00
Kalesh Singh
4890ad499d Merge "Add core domain attribute to perfprofd for all targets" 
am: ab1e359761

Change-Id: Iea1e8444ee56df958268f602a5117d51270e0bb5
 2019-06-07 23:21:28 -07:00
Kalesh Singh
3b3bc95112 Merge "Sepolicy for vendor hals to access IAshmem" 
am: 06984017b7

Change-Id: I0ad0f27bb7eb0de48899d3ca6ae6682a2b5f6d74
 2019-06-07 23:21:25 -07:00
Treehugger Robot
ab1e359761 Merge "Add core domain attribute to perfprofd for all targets" 2019-06-08 06:06:17 +00:00
Treehugger Robot
06984017b7 Merge "Sepolicy for vendor hals to access IAshmem" 2019-06-08 06:06:17 +00:00
Tri Vo
c7b6667921 Merge "README: Use BOARD_VENDOR_SEPOLICY_DIRS" am: 3b0ce13eef 
am: 39127fffc5

Change-Id: I0c19cf78a31db843c344b880b6a054a5c5500695
 2019-06-07 16:51:17 -07:00
Tri Vo
39127fffc5 Merge "README: Use BOARD_VENDOR_SEPOLICY_DIRS" 
am: 3b0ce13eef

Change-Id: I921d2cfa76429545b69bf005bdfb0df2c3545763
 2019-06-07 16:46:16 -07:00
Tri Vo
3b0ce13eef Merge "README: Use BOARD_VENDOR_SEPOLICY_DIRS" 2019-06-07 23:35:18 +00:00
Kalesh Singh
55181e7f9b Sepolicy for vendor hals to access IAshmem 
Although this may appear very permissive, it ok since the current allow
rule already gives every domain access to /dev/ashmem.

Change-Id: I1f121a3c6a911819b2c3e0605a0544a039cb5503
Bug: 134161662
Test: Check logcat for Sepolicy denials (logcat -d | grep shmem)
 2019-06-07 15:50:44 -07:00
David Anderson
95fbedd1b0 Allow gsid to read dm nodes from sysfs. 
This is needed now that libfiemap_writer reads from dm/name to find
device-mapper names.

Bug: 134536978
Test: gsi_tool install
Change-Id: I10e1234f2ea39c92b43ace97fa76878358dfc476
 2019-06-07 14:59:00 -07:00