tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
41753 commits 1 branch 0 tags 50 MiB
Commit graph

41753 commits

This branch
This branch
All branches
Author SHA1 Message Date
Devika Krishnadas
d4908949ef Merge "Add label for allocator 2 service" into main 2023-07-20 18:36:23 +00:00
Kiyoung Kim
4b6eabed21 Merge "Label former VNDK-SP libraries in vendor as sphal" into main 2023-07-20 01:46:44 +00:00
Lee George Thomas
ae8d169405 Merge "Add SELinux context for a new lmk system property" into main 2023-07-19 22:28:24 +00:00
Devika Krishnadas
c850a596b9 Add label for allocator 2 service 
Bug: 287353739

Change-Id: Ia78237361acac4b668d87ec94746e43945f58bbf
Signed-off-by: Devika Krishnadas <kdevika@google.com>
 2023-07-19 20:20:52 +00:00
Kiyoung Kim
0c3a3fd799 Label former VNDK-SP libraries in vendor as sphal 
When VNDK is being deprecated, former VNDK-SP libraries should be loaded
from vendor when system process uses SP-HAL, but this currently fails
because all former VNDK-SP libraries will be marked as vendor library.
This change labels former VNDK-SP libraries installed in the vendor
partition as same labels with SP-HAL libraries so it can be loaded from
system processes.

Bug: 291673098
Test: aosp_cf boot succeded with KEEP_VNDK=false build flag.
Change-Id: I2601ae8e7acd5bbd16fdbe6cee078dfcaa1a5aa2
 2023-07-19 14:13:06 +09:00
Lee George Thomas
d3f8efa843 Add SELinux context for a new lmk system property 
Add SELinux context for a new lmk system property to add configurability
for delaying psi monitoring until boot completed.

Bug: 288566858
Test: Build, boot and verified logs for avc denial logs.
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:6a80da52aa35a942e064c19fd31c01145d965688)
Merged-In: I7ba35f0ee5aad8f917e01c7586f04d11ed078633

Change-Id: I7ba35f0ee5aad8f917e01c7586f04d11ed078633
 2023-07-17 13:59:14 -07:00
David Anderson
f08664825b Merge "Allow lpdumpd to read Virtual A/B diagnostics." into main 2023-07-17 16:55:14 +00:00
Inseob Kim
9d6ce199be Fix seapp_contexts documentation 
Bug: 291528964
Test: N/A; documentation change
Change-Id: I00986c5ace94ed3ee91f3c90300966b0a006bcd5
 2023-07-17 19:53:25 +09:00
David Anderson
e6ad1f2e4c Allow lpdumpd to read Virtual A/B diagnostics. 
Give lpdump read (but not write) access to /metadata/ota so it can call
SnapshotManager::Dump for diagnostics.

Bug: 291083311
Test: lpdump
Change-Id: I732bcebcd809449c86254ea23785dc2c692bedd5
 2023-07-14 09:08:56 -07:00
Kangping Dong
49fa8f5fe6 rename otbr-agent to ot-daemon 
Rename to better align with our long-term vision on Android

Bug: 288202515
Change-Id: I1b7e39950d39ec781e46c6c0e1b38ad837b9ce4e
 2023-07-04 18:56:37 +08:00
Treehugger Robot
7788174e66 Merge "webview: add cgroup dir create permission" 2023-07-03 09:52:58 +00:00
Zhanglong Xia
87c6069fe1 Merge "Add sepolicy rules for Thread Network HAL" 2023-07-01 00:12:41 +00:00
Zhanglong Xia
b2d1fbb7b2 Add sepolicy rules for Thread Network HAL 
Bug: b/283905423
Test: Build and run the Thread Network stack in Cuttlefish.
Change-Id: I783022c66b80274069f8f3c292d84918f41f8221
 2023-06-30 10:56:38 +08:00
Jiyong Park
bd1be6c554 Allow microdroid_payload to read /dev/console 
The first serial device of the VM can be made bi-directional. When it is
used as an output device, it's via /dev/kmsg. microdroid_payload already
has a write access to it. When it is used as an input device, it's via
/dev/console. Grant microdroid_payload read access to the device.

Bug: 263360203
Test: atest MicrodroidTestApp:com.android.microdroid.test.MicrodroidTests#testConsoleInputSupported
Change-Id: Ief039d06ffbddee1e254d662a6c1f321a607d5f5
 2023-06-29 19:03:34 +09:00
Wanhong Jiang
d18e345b8f webview: add cgroup dir create permission 
On 32 bit gsi img, when the webview launch, system will crash, due to
system_server not have the selinux permission of cgroup dir create.
Only 32 bit gsi img has this issue, 64 bit not have.

Bug: 288190486
Test: flash 32-bit GSI image and boot to check whether webview crash

Change-Id: I60fe69087ddbf97b5ebba62bf151626f9422c43c
 2023-06-28 18:35:53 +08:00
Max Bires
bc792606dc Merge "Remove deprecated enable_rkpd property" 2023-06-27 00:14:29 +00:00
Xin Li
372f5cd14e Merge "Merge Android 13 QPR3" 2023-06-26 22:29:53 +00:00
Dave Mankoff
665cad0d2c SE Linux perimissions for Feature Flags Service 
Bug: 279054964
Test: build && flash
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:a1f8ca3cd3c4861a06c5042148aab6623a563651)
Merged-In: I5fffaccba61e218496ac82ccf9ba308cf9892868
Change-Id: I5fffaccba61e218496ac82ccf9ba308cf9892868
 2023-06-26 13:42:45 +00:00
Treehugger Robot
35a6d49c02 Merge changes from topic "34.0_sepolicy_mapping" 
* changes:
  Add 34.0 mapping files
  Add 2 new system properties for Quick Start
  SEPolicy Prebuilts for 34.0
 2023-06-26 12:04:42 +00:00
Treehugger Robot
289fe96dc8 Merge "Add MediaPlayerService fuzzer to bindings" 2023-06-23 17:35:27 +00:00
Inseob Kim
78fd639cac Add 34.0 mapping files 
Bug: 288517951
Test: m treble_sepolicy_tests_34.0
Test: m 34.0_compat_test
Test: m selinux_policy
Change-Id: I5c20439dd2c7e5a8d739b8ea9a97e5060ce3cec4
 2023-06-23 10:43:17 +00:00
Jay Civelli
a574060586 Add 2 new system properties for Quick Start 
Test: Manually validated that GmsCore can access the properties, but not a test app.
Change-Id: I2fa520dc31b328738f9a5fd1bcfc6632b61ad912
Bug: 280330984
(cherry picked from commit c97b3a244f)
 2023-06-23 10:43:11 +00:00
Inseob Kim
34ad1d0bc1 SEPolicy Prebuilts for 34.0 
Bug: 288517951
Test: build
Change-Id: I682e553ec8090281ded447780be41a8ea222b084
Merged-In: I15bf3817a8a6867d52f7963a04a69e543a9801e9
 2023-06-23 10:23:59 +00:00
Max Bires
8a74ff2e2d Remove deprecated enable_rkpd property 
The enable_rkpd property is no longer needed. This change removes the
vestigial property.

Test: Successful build
Change-Id: I810d5a21cbe01b43a37244959e21febd0880be59
 2023-06-21 16:33:42 -07:00
Xin Li
4f5ba7ca8d Merge Android 13 QPR3 
Bug: 275386652
Merged-In: I89a052032341990256d608d6708b6d1ac8aceda9
Change-Id: Ifa06cf00a9afba89d0d31c865dc5fde9bf1c05e6
 2023-06-21 15:16:15 -07:00
Steven Moreland
ca5f06cdb9 Merge "Give serial number access to drm hal server not client" 2023-06-21 21:27:09 +00:00
Treehugger Robot
d947550b6f Merge "Remove flatten_apex: property" am: 7f7e8d79a9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2628996

Change-Id: I89a052032341990256d608d6708b6d1ac8aceda9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-21 05:24:50 +00:00
Treehugger Robot
7f7e8d79a9 Merge "Remove flatten_apex: property" 2023-06-21 04:52:41 +00:00
Hongguang Chen
b34240136c Allow mediatuner to get tuner.server.enable am: 8dd58bffd9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2631349

Change-Id: I3549a333a811c73948e918c2c98946e66b48d834
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-21 01:19:15 +00:00
Pawan Wagh
9f118c8d62 Add MediaPlayerService fuzzer to bindings 
Test: m
Bug: 232439428
Change-Id: I669c427279ce43fa614c68a02a468c3e64002537
 2023-06-20 22:50:45 +00:00
Hongguang Chen
8dd58bffd9 Allow mediatuner to get tuner.server.enable 
Bug: 287520719
Test: start mediatuner
Change-Id: I582aac593e2419b6cae37522e6493744fe58240a
 2023-06-20 17:24:51 +00:00
Brian Lindahl
73c779e5fd Force HALs to explicitly enable legacy method for clearing buffer caches am: 612ab8588f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2627815

Change-Id: I05655dff7c72d64498eb9c34e026542967f1431d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-20 14:17:12 +00:00
Jooyung Han
804e234ced Remove flatten_apex: property 
We no longer have targets using flattened apexes. Flattened apexes will
be removed from the build system.

Bug: 278826656
Test: m
Change-Id: I657e01dbfd2525b07c29a234277062d5ac2fab9f
 2023-06-20 15:41:05 +09:00
Brian Lindahl
612ab8588f Force HALs to explicitly enable legacy method for clearing buffer caches 
Some HAL implementations can't support setLayerBuffer multiple times to
clear the per-layer buffer caches. Therefore, default this behavior to
disabled, and allow HALs to explcitily enable this behavior to obtain
the necessary memory savings.

Test: play videos with both true and false on both HIDL and AIDL
Bug: 285561686
Change-Id: I928cef25e35cfc5337db4ceb8581bf5926b4fbe3
 2023-06-15 14:30:07 -06:00
Nikita Ioffe
4eb36f4615 Merge "Reland "Change the stem name to microdroid_precompiled_s..."" am: d16d7d17e5 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2627369

Change-Id: I56600eae4e2ba33c56a5d4827db882388cdae97a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-15 11:45:31 +00:00
Nikita Ioffe
d16d7d17e5 Merge "Reland "Change the stem name to microdroid_precompiled_s..."" 2023-06-15 10:27:39 +00:00
Dimitry Ivanov
6c61a71e33 Merge "Allow app_zygote to map memfd backed memeory as PROT_EXEC" am: c01d3fb36c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2623093

Change-Id: I6e6457337d66ba4e7c5590799c565af05b99e363
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-15 09:51:00 +00:00
Dimitry Ivanov
c01d3fb36c Merge "Allow app_zygote to map memfd backed memeory as PROT_EXEC" 2023-06-15 08:44:16 +00:00
Nikita Ioffe
4e6839e677 Reland "Change the stem name to microdroid_precompiled_s..." 
Bug: 285855150
Test: presubmit
Change-Id: I3343b7cf22165541f880fd1c88b27b0204c94c4b
 2023-06-14 20:31:29 +00:00
Pawan Wagh
b23a691e10 Merge "Revert "Change the stem name to microdroid_precompiled_sepolicy"" am: 899f6c0537 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2626909

Change-Id: I69ec0b39693293176b40fb8f9702b8d001c013d7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-14 18:57:21 +00:00
Pawan Wagh
899f6c0537 Merge "Revert "Change the stem name to microdroid_precompiled_sepolicy"" 2023-06-14 18:40:59 +00:00
Pawan Wagh
8f2923421e Revert "Change the stem name to microdroid_precompiled_sepolicy" 
Revert submission 2625691

Reason for revert: b/287283650

Reverted changes: /q/submissionid:2625691

Change-Id: I775d07a388556796d25b4f5d99135d5878489ce8
 2023-06-14 18:28:17 +00:00
Pawan Wagh
02c84cec70 Merge "Add update service fuzzer to bindings" am: b4f463824c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2619905

Change-Id: I3221bc020b8400a6a1e9f0ccf556527e39e71146
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-14 18:10:07 +00:00
Pawan Wagh
b4f463824c Merge "Add update service fuzzer to bindings" 2023-06-14 17:33:23 +00:00
Nikita Ioffe
789c5a3430 Merge "Change the stem name to microdroid_precompiled_sepolicy" am: 437f31c328 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2617776

Change-Id: I323e7da1e2a963068e5efbb91fe4372925adaf0f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-14 15:30:48 +00:00
Nikita Ioffe
437f31c328 Merge "Change the stem name to microdroid_precompiled_sepolicy" 2023-06-14 15:20:18 +00:00
dimitry
97f7775743 Allow app_zygote to map memfd backed memeory as PROT_EXEC 
Binary translation maps these regions to install translated code,
see linked bug for more context.

Bug: http://b/189502716
Test: run cts -m CtsExternalServiceTestCases -t android.externalservice.cts.ExternalServiceTest#testBindExternalServiceWithZygote
      in binary translated enviroment.
Change-Id: I3bc978b9013e9fc5cf700d1efca769331ec395b0
 2023-06-14 12:24:12 +02:00
Eric Biggers
0038d8f822 Merge "Allow vold to rename system_data_file directories" am: 8b703551d8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2619901

Change-Id: I66f26b92e4b1aad9f086d19249f60aa1d596909b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-13 22:40:36 +00:00
Eric Biggers
8b703551d8 Merge "Allow vold to rename system_data_file directories" 2023-06-13 22:11:39 +00:00
Pawan Wagh
e0f268a982 Merge "Add credstore service fuzzer to bindings" am: 767dc6be06 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2619904

Change-Id: I80ca6ebfadea23dc48a9d018f1efe6adafef5e52
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-13 16:39:25 +00:00