tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
36395 commits 1 branch 0 tags 50 MiB
Commit graph

36395 commits

This branch
This branch
All branches
Author SHA1 Message Date
Nikita Ioffe
d25ce989e3 [automerger skipped] Merge "Move allow rules from public/app.te to private/app.te" am: 52e44e8022 am: b5e83ea3cf am: a30e3c50df am: f2814d13d9 -s ours 
am skip reason: Merged-In I0c4a3f1ef568bbfdfb2176869fcd92ee648617fa with SHA-1 eb833f0b5d is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1949596

Change-Id: I6d52d87eaeb2510909b4579636b7092414473d1c
 2022-01-14 18:52:51 +00:00
Nikita Ioffe
f2814d13d9 Merge "Move allow rules from public/app.te to private/app.te" am: 52e44e8022 am: b5e83ea3cf am: a30e3c50df 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1949596

Change-Id: I20dfbdee289aa328219b1a7f20caad386f6898ff
 2022-01-14 18:37:09 +00:00
Nikita Ioffe
a30e3c50df Merge "Move allow rules from public/app.te to private/app.te" am: 52e44e8022 am: b5e83ea3cf 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1949596

Change-Id: I8abe823f7f3638d82ce480fafefb59aae310f3e3
 2022-01-14 18:17:37 +00:00
Nikita Ioffe
b5e83ea3cf Merge "Move allow rules from public/app.te to private/app.te" am: 52e44e8022 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1949596

Change-Id: I054ea64ddb7dd4d333c41d42b8c9116bda449d73
 2022-01-14 18:04:16 +00:00
Nikita Ioffe
52e44e8022 Merge "Move allow rules from public/app.te to private/app.te" 2022-01-14 17:47:29 +00:00
Lais Andrade
c3ef5c12d0 Merge "Revert "Migrate contexts tests to Android.bp"" am: 8bd664ba28 am: b9e7afda53 am: 24c0c93ae6 am: c6c7a7ff70 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1949061

Change-Id: Id7a02638043fb3ea7250d21b42b4a406f220a1c4
 2022-01-14 13:16:19 +00:00
Nikita Ioffe
d599bbc6b1 Merge "Move allow rules from public/app.te to private/app.te" 2022-01-14 13:10:05 +00:00
Lais Andrade
c6c7a7ff70 Merge "Revert "Migrate contexts tests to Android.bp"" am: 8bd664ba28 am: b9e7afda53 am: 24c0c93ae6 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1949061

Change-Id: Ic04faf833a237e8ffcb94770fa5f71a2628b53bf
 2022-01-14 13:03:51 +00:00
Lais Andrade
24c0c93ae6 Merge "Revert "Migrate contexts tests to Android.bp"" am: 8bd664ba28 am: b9e7afda53 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1949061

Change-Id: Ie932de12229152ef93e9a507377eaf3f89cbc9ea
 2022-01-14 12:52:55 +00:00
Lais Andrade
b9e7afda53 Merge "Revert "Migrate contexts tests to Android.bp"" am: 8bd664ba28 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1949061

Change-Id: Idf7ca0242d1c4b9eb3f7342245a9d2bee940d987
 2022-01-14 12:32:56 +00:00
Lais Andrade
8bd664ba28 Merge "Revert "Migrate contexts tests to Android.bp"" 2022-01-14 12:14:40 +00:00
Inseob Kim
baa93cc651 Revert "Migrate contexts tests to Android.bp" 
This reverts commit f612656adf.

Reason for revert: breaking amlogic build

Change-Id: I129b5cb74259c9c028483e84c9b2ac3597c24701
 2022-01-14 06:13:28 +00:00
Inseob Kim
1b5cacc6c4 Merge "Migrate contexts tests to Android.bp" am: 9a9994de28 am: 3ad72effaf am: 298f46da99 am: 3f2b264cde 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1925693

Change-Id: If95ad2d2d00ec5049585030f5d4a49b33fcbc83f
 2022-01-14 05:27:40 +00:00
Inseob Kim
3f2b264cde Merge "Migrate contexts tests to Android.bp" am: 9a9994de28 am: 3ad72effaf am: 298f46da99 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1925693

Change-Id: I5adc57d0f060241468b8e6362edc319ce605b679
 2022-01-14 05:15:33 +00:00
Inseob Kim
298f46da99 Merge "Migrate contexts tests to Android.bp" am: 9a9994de28 am: 3ad72effaf 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1925693

Change-Id: If3ab96033497317f98641e96d3128dc98ebd4164
 2022-01-14 04:58:43 +00:00
Inseob Kim
3ad72effaf Merge "Migrate contexts tests to Android.bp" am: 9a9994de28 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1925693

Change-Id: If5b66450ed73810c9c51c75b9444e7744a9954e5
 2022-01-14 04:47:56 +00:00
Inseob Kim
9a9994de28 Merge "Migrate contexts tests to Android.bp" 2022-01-14 04:25:03 +00:00
Maciej Żenczykowski
4f5a1ea0fb Merge "Add clatd to apex/com.android.tethering-file_contexts" am: 334d21491d am: 36c4a97895 am: 39672aac5c am: cd74c9117e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1926907

Change-Id: I8a67e1117a9b0483ced498cb6ce7101134a164b1
 2022-01-14 04:01:49 +00:00
Maciej Żenczykowski
cd74c9117e Merge "Add clatd to apex/com.android.tethering-file_contexts" am: 334d21491d am: 36c4a97895 am: 39672aac5c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1926907

Change-Id: I5588ad9996dc4c1b032c75680b9745816068ef16
 2022-01-14 03:54:48 +00:00
Maciej Żenczykowski
39672aac5c Merge "Add clatd to apex/com.android.tethering-file_contexts" am: 334d21491d am: 36c4a97895 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1926907

Change-Id: Iee0c426fcc4bd5dad0e0dcc02349cd6c413f93f5
 2022-01-14 03:43:11 +00:00
Maciej Żenczykowski
36c4a97895 Merge "Add clatd to apex/com.android.tethering-file_contexts" am: 334d21491d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1926907

Change-Id: I0f95775889c1466c7c22b2518067b1ff98dc84ba
 2022-01-14 03:39:14 +00:00
Maciej Żenczykowski
334d21491d Merge "Add clatd to apex/com.android.tethering-file_contexts" 2022-01-14 03:22:34 +00:00
Inseob Kim
f612656adf Migrate contexts tests to Android.bp 
Now that we have sepolicy module in Android.bp, we can migrate contexts
tests. Also vendor_service_contexts_test will be run, as we now include
vendor_service_contexts unconditionally.

Unfortunately, vendor_service_contexts_test is now broken, due to a
malformed type hal_power_stats_vendor_service. We will temporarily
exempt the type from the test, to speed up migrating to Android.bp.

Bug: 33691272
Test: m selinux_policy and see tests running
Test: add a malformed type other than hal_power_stats_vendor_service and
      run tests
Change-Id: Ic60eb38b9a7c79006f0b5ff4453768e03006604b
 2022-01-14 10:59:59 +09:00
Akilesh Kailash
baa752e071 Merge "New property to control Async I/O for snapuserd" am: 9de6ad61ff am: f3262f89ef am: 5a333c328c am: 20cc7e22c7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1936919

Change-Id: Ia051234549fcf735dbc87b59609ac09e41af09f5
 2022-01-14 01:10:37 +00:00
Akilesh Kailash
20cc7e22c7 Merge "New property to control Async I/O for snapuserd" am: 9de6ad61ff am: f3262f89ef am: 5a333c328c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1936919

Change-Id: Iafd1a572298d93c5c050d1a1ccfd2e2cc986f81d
 2022-01-14 00:58:34 +00:00
Akilesh Kailash
5a333c328c Merge "New property to control Async I/O for snapuserd" am: 9de6ad61ff am: f3262f89ef 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1936919

Change-Id: I6370e41af65bc0b30d8b6c908d8c4c71badd90b1
 2022-01-14 00:38:10 +00:00
Akilesh Kailash
f3262f89ef Merge "New property to control Async I/O for snapuserd" am: 9de6ad61ff 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1936919

Change-Id: Idb6562dd22d874b98db12493437a9615a8eee113
 2022-01-14 00:20:25 +00:00
Akilesh Kailash
9de6ad61ff Merge "New property to control Async I/O for snapuserd" 2022-01-14 00:06:23 +00:00
Nikita Ioffe
269e7cfc51 Move allow rules from public/app.te to private/app.te 
Allow rules in public/*.te can only reference types defined in
public/*.te files. This can be quite cumbersome in cases a rule needs to
be updated to reference a type that is only defined in private/*.te.

This change moves all the allow rules from public/app.te to
private/app.te to make it possible to reference private types in the
allow rules.

Bug: 211761016
Test: m
Test: presubmit
Change-Id: I0c4a3f1ef568bbfdfb2176869fcd92ee648617fa
Merged-In: I0c4a3f1ef568bbfdfb2176869fcd92ee648617fa
 2022-01-13 22:56:14 +00:00
Akilesh Kailash
5c5fd255d2 New property to control Async I/O for snapuserd 
io_uring_setup() system call requires ipc_lock.

(avc: denied { ipc_lock } for comm="snapuserd" capability=14 scontext=u:r:snapuserd:s0 tcontext=u:r:snapuserd:s0 tclass=capability permissive=0)

Add selinux policy.

Bug: 202784286
Test: OTA tests
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: I806714c7ade0a5d4821b061396c9f064ee5ed8b6
 2022-01-13 06:27:46 +00:00
Treehugger Robot
55280b72ae Merge "Allow authfs to read extra APK mount" am: 70cd2da646 am: 92509fdf37 am: abf38c159b am: fab2d194d1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1937797

Change-Id: I426c0c9bf5d1108226bd1818c06c83cb734d3fbd
 2022-01-13 02:09:11 +00:00
Treehugger Robot
fab2d194d1 Merge "Allow authfs to read extra APK mount" am: 70cd2da646 am: 92509fdf37 am: abf38c159b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1937797

Change-Id: I3f18bcb2b899d83f226d5c85beabd1cada86dc52
 2022-01-13 01:56:49 +00:00
Treehugger Robot
abf38c159b Merge "Allow authfs to read extra APK mount" am: 70cd2da646 am: 92509fdf37 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1937797

Change-Id: I59d9523d52fb72f142077f1c7f15462dc09a0faa
 2022-01-13 01:39:15 +00:00
Treehugger Robot
92509fdf37 Merge "Allow authfs to read extra APK mount" am: 70cd2da646 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1937797

Change-Id: Ie777cd2676ea60b13bc9e96bbde599b01615d3df
 2022-01-13 01:21:38 +00:00
Treehugger Robot
70cd2da646 Merge "Allow authfs to read extra APK mount" 2022-01-13 01:06:01 +00:00
Gregory Montoir
0aac77acce Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} am: f7727ace66 am: 84f6646c7c am: 8bac0a5547 am: 82d397e19d am: 40654af0fd am: 3ede85d2f6 am: c7490bd0f4 am: 6b0666f252 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16602719

Change-Id: I38a3e6e60783997e058adf44d76735d522f50ac1
 2022-01-13 00:46:04 +00:00
Gregory Montoir
826de93e85 Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} am: f7727ace66 am: 84f6646c7c am: 8bac0a5547 am: 796f6637e4 am: 8881759651 am: ee34c61f9d am: 4791f7c0e4 am: f591417b5d 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16602719

Change-Id: If5f3d400af81cdaf1e229813e7327df0fb082ad7
 2022-01-13 00:45:53 +00:00
Gregory Montoir
d698c8edb1 Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} am: f7727ace66 am: 84f6646c7c am: 8bac0a5547 am: 82d397e19d am: 40654af0fd am: 3ede85d2f6 am: efdb92ca22 am: 6e344f1802 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16602719

Change-Id: I71d362e8c8f56123ad08099d1cb6b7cba0462d91
 2022-01-13 00:45:42 +00:00
Gregory Montoir
9ebf4785d6 Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} am: f7727ace66 am: 84f6646c7c am: 8bac0a5547 am: 796f6637e4 am: 8881759651 am: ee34c61f9d am: 90aa30a199 am: ce512a168f 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16602719

Change-Id: I402101e48136e60634c470a5480ad7ca37211e7e
 2022-01-13 00:44:18 +00:00
Gregory Montoir
6b0666f252 Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} am: f7727ace66 am: 84f6646c7c am: 8bac0a5547 am: 82d397e19d am: 40654af0fd am: 3ede85d2f6 am: c7490bd0f4 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16602719

Change-Id: I9fc35466b6a8b80149dfdedf939ead0008dfce00
 2022-01-13 00:31:57 +00:00
Gregory Montoir
f591417b5d Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} am: f7727ace66 am: 84f6646c7c am: 8bac0a5547 am: 796f6637e4 am: 8881759651 am: ee34c61f9d am: 4791f7c0e4 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16602719

Change-Id: I96aff5075e2f62d7cfdf5fbf7b62e9b5bcdde2da
 2022-01-13 00:27:20 +00:00
Gregory Montoir
6e344f1802 Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} am: f7727ace66 am: 84f6646c7c am: 8bac0a5547 am: 82d397e19d am: 40654af0fd am: 3ede85d2f6 am: efdb92ca22 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16602719

Change-Id: I8185ddbd5b09ce23383fb49bb05c75d46e7346e1
 2022-01-13 00:27:05 +00:00
Gregory Montoir
ce512a168f Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} am: f7727ace66 am: 84f6646c7c am: 8bac0a5547 am: 796f6637e4 am: 8881759651 am: ee34c61f9d am: 90aa30a199 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16602719

Change-Id: I76f6885db97541a29e407c37d4e3da11156eb9ce
 2022-01-13 00:26:55 +00:00
Gregory Montoir
c7490bd0f4 Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} am: f7727ace66 am: 84f6646c7c am: 8bac0a5547 am: 82d397e19d am: 40654af0fd am: 3ede85d2f6 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16602719

Change-Id: I010626d8923a314526ed4b3d34fd93d8c44d4413
 2022-01-13 00:15:48 +00:00
Gregory Montoir
efdb92ca22 Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} am: f7727ace66 am: 84f6646c7c am: 8bac0a5547 am: 82d397e19d am: 40654af0fd am: 3ede85d2f6 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16602719

Change-Id: I63de502f50c8acb58ef3910c972247b6d1b7cb0e
 2022-01-13 00:15:46 +00:00
Gregory Montoir
4791f7c0e4 Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} am: f7727ace66 am: 84f6646c7c am: 8bac0a5547 am: 796f6637e4 am: 8881759651 am: ee34c61f9d 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16602719

Change-Id: I92fa75428bc9e61ec3eb66c72a9745448a76adb2
 2022-01-13 00:15:39 +00:00
Gregory Montoir
90aa30a199 Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} am: f7727ace66 am: 84f6646c7c am: 8bac0a5547 am: 796f6637e4 am: 8881759651 am: ee34c61f9d 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16602719

Change-Id: If2d0ed11ebe759aa3b8170afb672451d5d997a2f
 2022-01-13 00:15:38 +00:00
Gregory Montoir
cd7c277f44 Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} am: 1a6b37d838 am: c3578b68ec am: 92de4b90f0 am: dcdb0fe207 am: 4ed24b78a3 am: 771b887aff 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16615268

Change-Id: I1ac52361a09c9c51e70a3aa9c18f42e1acaeed6c
 2022-01-13 00:08:59 +00:00
Gregory Montoir
9f5e1524e9 Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} am: 1a6b37d838 am: ff22c64cbb am: 87d5e2ef90 am: 8554dcd97a am: 8f9228f6ac am: 3954ef5f8a 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/16615268

Change-Id: I6172e54f3ea613aa188d67cb9792a530699b99f5
 2022-01-13 00:08:51 +00:00
Automerger Merge Worker
32b1f27660 Merge "Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6} am: f7727ace66 am: 84f6646c7c am: 8bac0a5547 am: 82d397e19d am: 40654af0fd am: dc0a1e027d" 2022-01-13 00:08:46 +00:00