tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
33805 commits 1 branch 0 tags 50 MiB
Commit graph

10 commits

Author SHA1 Message Date
Treehugger Robot
5273f3a486 Merge "Modify sepolicy for compos key changes" 2022-02-18 09:03:30 +00:00
Andrew Scull
9738638c03 Let the DICE HAL getattr the device node 
Make sure all the permissions are granted to let the HAL do its work
properly.

Bug: 214231981
Test: atest MicrodroidTestApp
Change-Id: I54c633b8163ea313c87856fb0513074a76ac86a1
 2022-02-17 12:35:22 +00:00
Alan Stokes
766caba5de Modify sepolicy for compos key changes 
Add the compos_key_helper domain for the process which has access to
the signing key, make sure it can't be crashdumped. Also extend that
protection to diced & its HAL.

Rename compos_verify_key to compos_verify, because it doesn't verify
keys any more.

Move exec types used by Microdroid to file.te in the host rather than
their own dedicated files.

Bug: 218494522
Test: atest CompOsSigningHostTest CompOsDenialHostTest
Change-Id: I942667355d8ce29b3a9eb093e0b9c4f6ee0df6c1
 2022-02-17 12:14:40 +00:00
Andrew Scull
af2c894f2c Remove keymint from microdroid sepolicy 
The keymint HAL has been removed from microdroid to remove the
corresponding sepolicy.

Bug: 215747811
Test: atest MicrodroidTests
Change-Id: I08aae50dd9a4575954db40ec974625e43bff2335
 2022-01-27 21:48:37 +00:00
Andrew Scull
f75d5cde48 Remove keystore from microdroid sepolicy 
The keystore service has been removed from microdroid to remove the
corresponding sepolicy.

Bug: 215747811
Test: atest MicrodroidTests
Change-Id: I6600b47f8b8c6bba05b1f59b4d87713283805817
 2022-01-27 21:48:37 +00:00
Andrew Scull
f451a1407f Give DICE HAL access to driver 
The driver facilitates the handover of values from the bootloader so
needs to be accessible by the HAL.

Bug: 214231981
Test: run microdroid with a "google,open-dice" DT node
Change-Id: Ib5317e6a42befe22d8f1dbefeb9803f5ec92b061
 2022-01-25 15:22:42 +00:00
Jiyong Park
16c1ae3a3d Add use_bionic_libs macro 
... to dedupe rules for allowing access to bootstrap bionic libraries.

Bug: N/A
Test: m
Change-Id: I575487416a356c22f5f06f1713032f11d979d7d4
 2022-01-25 09:47:56 +09:00
Andrew Scull
f94a381585 Make the DICE HAL a bootstrap process 
This HAL starts before APEXs are activated so needs access to the
bootstrap bionic libraries.

Bug: 214231981
Test: run microdroid
Change-Id: If82729eb2eff812916f257d24ce206e371be0c56
 2022-01-21 18:19:21 +00:00
Jiyong Park
8948c1ce4b Add policies for diced and hal_dice in microdroid 
Bug: 214231981
Test: run microdroid and check diced is up and running
Change-Id: I605d7d6a790b8a14e575e67e1dcf02eaf7a5eafc
 2022-01-13 01:37:00 +09:00
Inseob Kim
e1389977e0 Move microdroid sepolicy to system/sepolicy 
Bug: 190511750
Test: boot microdroid
Change-Id: I4aa4a56e9be5103d70469c3508110a973f3e4f12
 2021-07-19 07:48:34 +00:00