tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
48224 commits 1 branch 0 tags 50 MiB
Commit graph

48224 commits

This branch
This branch
All branches
Author SHA1 Message Date
Zi Wang
d82f51dc1d Merge changes Ib9972bcd,I87d18451 into main am: f5f05c1f9f am: 2baa88a1b4 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3118318

Change-Id: I3cac14a251f6e62e61d88fc739fb02515098fa5d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-06-10 17:33:39 +00:00
Zi Wang
2baa88a1b4 Merge changes Ib9972bcd,I87d18451 into main am: f5f05c1f9f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3118318

Change-Id: I39d4edc62894f10149fcc382058934d5d26f0681
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-06-10 16:53:54 +00:00
Zi Wang
f5f05c1f9f Merge changes Ib9972bcd,I87d18451 into main 
* changes:
  Use OutputFilesProvider on certain module types
  Use OutputFilesProvider on certain module types
 2024-06-10 16:33:43 +00:00
Alice Wang
d1ea1ff475 Merge "Add system property to disable avf remote attestation" into main am: 97091293b7 am: 94148a33fe 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3117519

Change-Id: I5029668ac2293d8a270a2b5bed869836cc837cb8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-06-10 12:23:25 +00:00
Alice Wang
94148a33fe Merge "Add system property to disable avf remote attestation" into main am: 97091293b7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3117519

Change-Id: Ia99358fe9e6c4dcacc2814c96268ec47f9884db9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-06-10 12:09:00 +00:00
Alice Wang
97091293b7 Merge "Add system property to disable avf remote attestation" into main 2024-06-10 11:31:52 +00:00
Alice Wang
3d9ce1a965 Add system property to disable avf remote attestation 
Introduce a new system property
avf.remote_attestation.enabled to allow vendors
to disable the feature in vendor init.

Bug: 341598459
Test: enable/disable the feature and check VmAttestationTestApp
Change-Id: I809e4c62a8590822eef70093e33854ab79757835
 2024-06-10 09:16:24 +00:00
Treehugger Robot
29adc9967c Merge "system_app.te: fix misleading comment" into main am: 104099ef21 am: e6618432f9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3120251

Change-Id: Iea1ca65f32ea08665dd9c6d991601c69cd5373b5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-06-10 09:03:15 +00:00
Treehugger Robot
e6618432f9 Merge "system_app.te: fix misleading comment" into main am: 104099ef21 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3120251

Change-Id: Ia49f4b47e4d08da7195812dd01b7df456c7e9025
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-06-10 08:24:21 +00:00
Treehugger Robot
104099ef21 Merge "system_app.te: fix misleading comment" into main 2024-06-10 08:03:10 +00:00
Nick Kralevich
c8ac77735e system_app.te: fix misleading comment 
A comment within system_app.te implies that system_apps can read/write
the /data/data directory (and all subdirectories). The comment is
misleading. Fix the comment.

Test: comment only change. No test needed
Change-Id: I51b95f8b55ac89730a866d2a829326b276b11824
 2024-06-07 10:20:18 -07:00
Ellen Arteca
90474bb471 Merge "Modify permissions to move encryption policy assignment to vold_prepare_subdirs" into main am: c628579730 am: 949db99e7c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3095418

Change-Id: I2c856547883f86a7833d36b8e1deaf7e92ed175b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-06-06 23:51:14 +00:00
Ellen Arteca
949db99e7c Merge "Modify permissions to move encryption policy assignment to vold_prepare_subdirs" into main am: c628579730 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3095418

Change-Id: I0a019e1b6054825929fadd320036991e3979778c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-06-06 23:36:22 +00:00
Ellen Arteca
c628579730 Merge "Modify permissions to move encryption policy assignment to vold_prepare_subdirs" into main 2024-06-06 23:16:13 +00:00
mrziwang
dc268a72fb Use OutputFilesProvider on certain module types 
se_build_files, se_cil_compat_map and sepolicy_vers will be using
OutputFilesProvider for output files inter-module-communication.

Test: CI
Bug: 339477385
Change-Id: Ib9972bcdea4850508cb9070903af53973bff9f66
 2024-06-06 14:42:10 -07:00
Steven Moreland
5db4cf2605 more vm socket isolation am: 378ed74529 am: 57061954d2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3114226

Change-Id: If484cab984486b6c884d0ce53a8b460cdcd009e1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-06-06 19:06:28 +00:00
Steven Moreland
57061954d2 more vm socket isolation am: 378ed74529 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3114226

Change-Id: Ib8605365b1823611b41183bdfc548c6abc913ec8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-06-06 18:47:07 +00:00
mrziwang
cb3f550b59 Use OutputFilesProvider on certain module types 
The module types below no longer implement OutputFileProducer, but
use OutputFilesProvider for output files inter-module-communication.

se_policy_conf
se_policy_cil
se_policy_binary
se_compat_cil
se_versioned_policy

Test: CI
Bug: 339477385
Change-Id: I87d1845162f91065acd7d2f6c27fd7583cc8b5e0
 2024-06-06 10:49:47 -07:00
Ellen Arteca
aa898dc541 Modify permissions to move encryption policy assignment to vold_prepare_subdirs 
We have moved the encryption policy assignment from vold to
vold_prepare_subdirs. This CL removes some permissions from vold
over storage areas that are no longer needed due to this change,
and adds some permissions to vold_prepare_subdirs.

Bug: 325129836
Test: atest StorageAreaTest
Change-Id: Ief2a8021ed3524018d001e20eae60f712f485d81
 2024-06-06 17:48:43 +00:00
Steven Moreland
378ed74529 more vm socket isolation 
Bugs: me
Test: build
Change-Id: Ie34ac041f1234891043098a4decf05ec7a9e6761
 2024-06-05 23:45:44 +00:00
Dennis Shen
01574fa210 Merge "selinux: allow everybody to read flags from RO flag storage file" into main am: 0467d14618 am: 1f2eea0c7a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3112421

Change-Id: Ifd062c82caa79b9a71268bfffbf33d99b9d6b915
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-06-04 17:37:11 +00:00
Dennis Shen
1f2eea0c7a Merge "selinux: allow everybody to read flags from RO flag storage file" into main am: 0467d14618 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3112421

Change-Id: I948458b771e030fb4b7ef31f5a5c38a854f7db2f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-06-04 17:22:58 +00:00
Dennis Shen
0467d14618 Merge "selinux: allow everybody to read flags from RO flag storage file" into main 2024-06-04 17:11:18 +00:00
Dennis Shen
33bc92dab5 selinux: allow everybody to read flags from RO flag storage file 
Bug: b/312459182
Test: m and avd
Change-Id: Ie5ce92b299ce2434256c9f963865b9d626b400fa
 2024-06-04 15:02:56 +00:00
Treehugger Robot
91154f4719 Merge "Allow dexopt_chroot_setup to mount/unmount debugfs." into main am: c6a554f200 am: 23ce6a536b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3111559

Change-Id: I8634bc117809192e33ca9f69db66b171c7dc5183
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-06-04 14:35:26 +00:00
Treehugger Robot
23ce6a536b Merge "Allow dexopt_chroot_setup to mount/unmount debugfs." into main am: c6a554f200 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3111559

Change-Id: I130c9ac4848eda54b134faef7f49676017dd9b47
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-06-04 14:20:41 +00:00
Treehugger Robot
c6a554f200 Merge "Allow dexopt_chroot_setup to mount/unmount debugfs." into main 2024-06-04 13:54:51 +00:00
Treehugger Robot
c91caadd2c Merge "Allow dexopt_chroot_setup to bind-mount dirs for incremental apps." into main am: 8d9a89ed9e am: e0a8a9fa19 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3111602

Change-Id: I6affce30b2b5e137d121e1c2c5a8a4305494bdaf
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-06-04 13:20:20 +00:00
Treehugger Robot
e0a8a9fa19 Merge "Allow dexopt_chroot_setup to bind-mount dirs for incremental apps." into main am: 8d9a89ed9e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3111602

Change-Id: I7be81be6650996bf85b9c6bc77368f0b7521353e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-06-04 13:05:30 +00:00
Jiakai Zhang
413f44d5c4 Allow dexopt_chroot_setup to mount/unmount debugfs. 
Some old devices use debugfs for /sys/kernel/debug.

Bug: 311377497
Change-Id: Ib9958b5cfdd85c37acd27ff6e637efdbd2a068e3
Test: adb shell pm art pr-dexopt-job --test
 2024-06-04 12:54:25 +00:00
Treehugger Robot
8d9a89ed9e Merge "Allow dexopt_chroot_setup to bind-mount dirs for incremental apps." into main 2024-06-04 12:48:49 +00:00
Treehugger Robot
80d78ae979 Merge "testNoBugreportDenials fix on user" into main am: 8ebc2aa055 am: 28b66e2893 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3111766

Change-Id: I3e29af5398bff8c12422bbe8b289b127b5d034c5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-06-04 01:32:46 +00:00
Treehugger Robot
28b66e2893 Merge "testNoBugreportDenials fix on user" into main am: 8ebc2aa055 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3111766

Change-Id: Iaf7772fc912f0a247ac835e32d6eb76deae7a3f5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-06-04 01:24:39 +00:00
Jooyung Han
b103d9dfe0 Merge "installd renames dirs in /data/app-staging" into main am: 672143fa6a am: 9a441ba91c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3111259

Change-Id: Ied1053d8182aecfc4562ea917294437ca3d46fc2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-06-04 01:24:04 +00:00
Treehugger Robot
8ebc2aa055 Merge "testNoBugreportDenials fix on user" into main 2024-06-04 01:20:02 +00:00
Jooyung Han
9a441ba91c Merge "installd renames dirs in /data/app-staging" into main am: 672143fa6a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3111259

Change-Id: I8ec24a3754acfac90b6a417ca6c768c0f8678f18
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-06-04 01:15:59 +00:00
Jooyung Han
672143fa6a Merge "installd renames dirs in /data/app-staging" into main 2024-06-04 01:12:49 +00:00
Jiakai Zhang
0a49ac3dbd Allow dexopt_chroot_setup to bind-mount dirs for incremental apps. 
Bug: 311377497
Test: adb shell pm art pr-dexopt-job --test
Change-Id: I8da90876191eadfea77d34c7441d0e4bdb377d31
 2024-06-03 20:43:25 +01:00
Daniel Zheng
037108359f Merge "add sepolicy for low mem device configurations" into main am: 2f4324ac5d am: 41c63c394f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3096261

Change-Id: I254d7217ee0aa6c3780d639296872b462590841f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-06-03 19:33:32 +00:00
Steven Moreland
496f08d378 testNoBugreportDenials fix on user 
Bug: 343635916
Test: N/A
Change-Id: I2f73cc8429f87e9b7ada8e7c9a3fabcc9eb3d7ee
 2024-06-03 19:30:04 +00:00
Daniel Zheng
41c63c394f Merge "add sepolicy for low mem device configurations" into main am: 2f4324ac5d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3096261

Change-Id: Ie2500bdc8247253f539df4e1a312bb0842af3d0a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-06-03 19:26:53 +00:00
Daniel Zheng
2f4324ac5d Merge "add sepolicy for low mem device configurations" into main 2024-06-03 19:17:52 +00:00
Treehugger Robot
8832195963 Merge "Improve CIL parsing" into main am: da362e9fa9 am: 22770877f7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3110097

Change-Id: Icd3c451b881423a36887858bab17e7a44fe68071
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-06-03 09:23:06 +00:00
Treehugger Robot
22770877f7 Merge "Improve CIL parsing" into main am: da362e9fa9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3110097

Change-Id: I0db46b765111b07de99052a7deb36350764b7f1b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-06-03 09:15:10 +00:00
Treehugger Robot
da362e9fa9 Merge "Improve CIL parsing" into main 2024-06-03 09:09:21 +00:00
Treehugger Robot
b45b22dc88 Merge "Allow system_server to kill artd and its subprocesses." into main am: d7f526fd05 am: e70d1b832a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3110061

Change-Id: I8d98aeeae7da2c3e60f8869eb345e1f2c4703c27
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-06-03 08:42:13 +00:00
Treehugger Robot
e70d1b832a Merge "Allow system_server to kill artd and its subprocesses." into main am: d7f526fd05 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3110061

Change-Id: I4bc46d4c1e4b253db29e8ff2be87aea1086e52a3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-06-03 08:32:41 +00:00
Treehugger Robot
d7f526fd05 Merge "Allow system_server to kill artd and its subprocesses." into main 2024-06-03 08:27:59 +00:00
Jooyung Han
cb51acc9dc installd renames dirs in /data/app-staging 
before removing a session directory. Hence, it needs more permissions on
staging_data_file.

Bug: 343165326
Test: atest CtsStagedInstallHostTestCases:com.android.tests.stagedinstall.host.StagedInstallTest#testRebootlessUpdate_unsignedPayload_fails
Change-Id: Ic94c74d4ef896129491cee39098f43f33793851f
 2024-06-03 14:24:46 +09:00
Mu-Le Lee
ff6ed0524a Merge "Sepolicy for crosvm to play audio with aaudio" into main am: 12d84e2484 am: 397d1c59bc 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3046213

Change-Id: I9023c8e645deeb5a842c3d423829fddf5c693529
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-06-01 01:43:07 +00:00