tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
33838 commits 1 branch 0 tags 50 MiB
Commit graph

33838 commits

This branch
This branch
All branches
Author SHA1 Message Date
Roopa Sattiraju
dd862e57ee Changing sepolicy file to the right apex name am: 89556c69df 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1967166

Change-Id: Ib38c787a25ced135ff427eb7345247f1e239dcc4
 2022-02-02 05:34:27 +00:00
Roopa Sattiraju
89556c69df Changing sepolicy file to the right apex name 
Bug: 216476895
Test: Compile
Change-Id: I31a5534bad0f5c01ee163f109fa5dd0b54835ea8
 2022-02-01 15:59:30 -08:00
Andrew Scull
50094d86cf Merge "Allow the microdroid app to use diced" am: 4bbfaa6a2d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1965106

Change-Id: Ic340f816742ca2ad713521012a7d42279b660f99
 2022-02-01 13:39:02 +00:00
Andrew Scull
4bbfaa6a2d Merge "Allow the microdroid app to use diced" 2022-02-01 13:23:20 +00:00
Treehugger Robot
8a96be8df9 Merge "Adds selinux rules for ICarDisplayProxy service" am: 108fdbc5f7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1965562

Change-Id: I4954e05e2c8e7ce34f09120c137102fe134d1227
 2022-01-31 22:09:21 +00:00
Treehugger Robot
108fdbc5f7 Merge "Adds selinux rules for ICarDisplayProxy service" 2022-01-31 21:52:46 +00:00
Changyeon Jo
66eba13833 Adds selinux rules for ICarDisplayProxy service 
Bug: 170401743
Test: m -j selinux_policy
Change-Id: Idf3f09d0bcf24de18d6eddb05e51991b4c5edbe8
 2022-01-31 19:40:20 +00:00
Treehugger Robot
d2eabdb5a0 Merge "Build precompiled_sepolicy.apex_sepolicy.sha256" am: d0120eb4ac 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1965099

Change-Id: Ica7c23a256f9ee99c2f4a19cc00b4f0496297f84
 2022-01-31 09:29:38 +00:00
Treehugger Robot
d0120eb4ac Merge "Build precompiled_sepolicy.apex_sepolicy.sha256" 2022-01-31 09:11:05 +00:00
Andrew Scull
248e8a998f Allow the microdroid app to use diced 
Bug: 214231981
Test: atest MicrodroidTestApp
Change-Id: I9672d678c7b698d15a0efa8dab567dbc2696ca81
 2022-01-30 22:42:38 +00:00
Thiébaud Weksteen
0603b86049 Merge "Split sepolicy_neverallow rule" am: 080a201dee 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1962379

Change-Id: Iaa5cf554b34902865b0a5c7f09a9c198d97354a3
 2022-01-30 22:23:39 +00:00
Thiébaud Weksteen
080a201dee Merge "Split sepolicy_neverallow rule" 2022-01-30 22:16:35 +00:00
Thiébaud Weksteen
5dec00e247 Merge "Grant getpgid to system_server on zygote" am: 79ff061802 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1963561

Change-Id: Ie4afeda8caebf6cbd4be30a0b772715d8c3dc3e2
 2022-01-30 22:14:58 +00:00
Thiébaud Weksteen
79ff061802 Merge "Grant getpgid to system_server on zygote" 2022-01-30 21:59:04 +00:00
Huihong Luo
270ddf48d0 Merge "Migrate screenshot methods to AIDL" am: 9b82051367 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1954716

Change-Id: I67bfa6d8d94bcb2406fcdb3e6bf99fa4630af55c
 2022-01-29 21:35:33 +00:00
Huihong Luo
9b82051367 Merge "Migrate screenshot methods to AIDL" 2022-01-29 21:17:18 +00:00
Etienne Ruffieux
ecac410d40 Merge "Bluetooth boot time start service" am: f3acf42a4c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1965101

Change-Id: I116996cf7b5e1d9b94b8f76119fb91d2eaf52a9b
 2022-01-28 20:26:41 +00:00
Etienne Ruffieux
f3acf42a4c Merge "Bluetooth boot time start service" 2022-01-28 20:13:35 +00:00
Treehugger Robot
6093f3febf Merge "Move pf_key socket creation permission to system_server" am: d3d214482f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1964902

Change-Id: I5a17509a858aa1fd7b068943a5cfd457518ddb27
 2022-01-28 19:07:14 +00:00
Treehugger Robot
d3d214482f Merge "Move pf_key socket creation permission to system_server" 2022-01-28 19:01:36 +00:00
Robert Shih
0de1ba742a Merge "Add sepolicy for DRM AIDL HAL" am: d70f0af2bf 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1918837

Change-Id: I34ff7ea1a6cbb6e8f0c11759b4ceb7366b8e2992
 2022-01-28 19:01:02 +00:00
Robert Shih
d70f0af2bf Merge "Add sepolicy for DRM AIDL HAL" 2022-01-28 18:40:53 +00:00
Treehugger Robot
5c5fef071a Merge "Touch up microdroid sepolicy after removing keystore" am: ae1acbe12d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1965100

Change-Id: I6184c30e97b95a4e92157e209e0bf6058c9403a8
 2022-01-28 18:07:47 +00:00
Treehugger Robot
ae1acbe12d Merge "Touch up microdroid sepolicy after removing keystore" 2022-01-28 17:53:34 +00:00
Ken Chen
1aed006a77 Move pf_key socket creation permission to system_server 
Allow system_server to trigger the kernel synchronize rcu with open and
close pf_key socket. This action was previously done by netd but now
it need to be done by system_server instead because the handling code in
netd are moved to mainline module which will be loaded by system_server
in JNI mode.

Note: the permission will be removed from netd once all bpf interactions
have moved out of netd.

Bug: 202086915
Test: android.app.usage.cts.NetworkUsageStatsTest
      android.net.cts.TrafficStatsTest
Change-Id: I440e0c87193775115a9b9ffb19270c47b01b082e
 2022-01-28 17:12:51 +01:00
Etienne Ruffieux
cdd0c11743 Bluetooth boot time start service 
Added new sysprops to retrieve Bluetooth configs

Tag: #feature
Test: manual
Bug: 216497194
Change-Id: I94c771f87fdeb5497b81d2098193b4cd230654b6
 2022-01-28 14:44:15 +00:00
Treehugger Robot
2c1fee1a67 Merge "Add Media metrics rule to API 32 prebuilts." am: d5bd56d11f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1965040

Change-Id: Ic7899e82ec749bfe149f4af9bbb79a17ddb11b0f
 2022-01-28 13:56:31 +00:00
Treehugger Robot
d5bd56d11f Merge "Add Media metrics rule to API 32 prebuilts." 2022-01-28 13:39:54 +00:00
Andrew Scull
533b300516 Merge changes from topic "udroid-get-km-gone" am: 5abe95a6c4 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1964121

Change-Id: I2626fbced6306fb052f5431de7437077ad8ffc94
 2022-01-28 13:28:55 +00:00
Andrew Scull
afe5463d2d Remove keymint from microdroid sepolicy am: af2c894f2c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1964120

Change-Id: Ie768cbb75eae116f482cbd453c4701eb1998d28a
 2022-01-28 13:28:53 +00:00
Andrew Scull
9201c5228b Remove keystore from microdroid sepolicy am: f75d5cde48 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1964119

Change-Id: I36f1a90ae0c82476a6bce62e7ede4daeca42448c
 2022-01-28 13:28:52 +00:00
Andrew Scull
5abe95a6c4 Merge changes from topic "udroid-get-km-gone" 
* changes:
  Remove hwservicemanager from microdroid sepolicy
  Remove keymint from microdroid sepolicy
  Remove keystore from microdroid sepolicy
 2022-01-28 13:12:53 +00:00
Andrew Scull
6f2529c01b Touch up microdroid sepolicy after removing keystore 
Avoid divergence in the files that will eventually shared with the main
Android sepolicy and fix a style mistake.

Bug: 215747811
Test: atest MicrodroidTests
Change-Id: I40b0bebb432d73ab6ab847c117e72d8bc18fe873
 2022-01-28 13:07:16 +00:00
Jeff Vander Stoep
fd5dd79984 Build precompiled_sepolicy.apex_sepolicy.sha256 
This ensures that precompiled policy can be checked against updatable
sepolicy from com.android.sepolicy. This saves ~1s of boot time.

Bug: 199914227
Test: build, verify that precompiled_sepolicy.apex_sepolicy.sha256
exists.

Change-Id: I1ce6b3363d418c073f95f120908107604799fd26
 2022-01-28 13:45:39 +01:00
Lalit Maganti
dc933135a0 Merge "sepolicy: add permissions for trace reporting" am: 34fb0d8933 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1918625

Change-Id: Ib271bebdc76a50f24d1d44cb70ea886252688250
 2022-01-28 12:35:45 +00:00
Lalit Maganti
34fb0d8933 Merge "sepolicy: add permissions for trace reporting" 2022-01-28 12:15:57 +00:00
Dario Freni
75bc16cba8 Add Media metrics rule to API 32 prebuilts. 
Bug: 190422448
Test: presubmit
Change-Id: I304278b9d15f89d0e04d5268af2ac82ac97acd84
 2022-01-28 11:47:17 +00:00
Treehugger Robot
770fec0a15 Merge "Allow zygote to setattr cgroup" am: e2f870f099 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1859781

Change-Id: Ia3d97fc7039a3568c72dda55535b49866d5ca037
 2022-01-28 10:52:33 +00:00
Treehugger Robot
e2f870f099 Merge "Allow zygote to setattr cgroup" 2022-01-28 10:33:32 +00:00
Thiébaud Weksteen
9ebf0c8ecf Split sepolicy_neverallow rule 
sepolicy_neverallow is based on a combination of calling checkpolicy
followed by sepolicy-analyze. If the first tool fails, the error message
associated with the second is returned, which is misleading.

Separate both part of the rule using a new build command.

Bug: 175911415
Test: Modify policy to trigger neverallow (checkpolicy); no misleading
    messages from sepolicy-analyze
Change-Id: I5977ced23dee09a28c7df334e4790d212e0db0c1
 2022-01-28 13:51:36 +11:00
Thiébaud Weksteen
6390b3f090 Grant getpgid to system_server on zygote 
Should system_server kill zygote on crashes, it will attempt to kill any
process in the same process group. This ensures that no untracked
children are left.

Bug: 216097542
Test: m selinux_policy
Change-Id: Ie16074f76e351d80d9f17be930a731f923f99835
 2022-01-28 13:47:20 +11:00
Treehugger Robot
45a466e098 Merge "Changes in SELinux Policy for cloudsearch API naming" am: 27416257f3 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1963460

Change-Id: I52583715a25d36d0fefbe337d66e94116d40c135
 2022-01-28 02:01:35 +00:00
Treehugger Robot
27416257f3 Merge "Changes in SELinux Policy for cloudsearch API naming" 2022-01-28 01:45:02 +00:00
Andrew Scull
af2c894f2c Remove keymint from microdroid sepolicy 
The keymint HAL has been removed from microdroid to remove the
corresponding sepolicy.

Bug: 215747811
Test: atest MicrodroidTests
Change-Id: I08aae50dd9a4575954db40ec974625e43bff2335
 2022-01-27 21:48:37 +00:00
Andrew Scull
f75d5cde48 Remove keystore from microdroid sepolicy 
The keystore service has been removed from microdroid to remove the
corresponding sepolicy.

Bug: 215747811
Test: atest MicrodroidTests
Change-Id: I6600b47f8b8c6bba05b1f59b4d87713283805817
 2022-01-27 21:48:37 +00:00
Andrew Scull
6c288a2676 Remove hwservicemanager from microdroid sepolicy 
With the keymint HAL removed from microdroid, there are no more legacy
HALs meaning no further need for hwservicemanager.

Bug: 215747811
Test: atest MicrodroidTests
Change-Id: I111f3456399ef91e51d1cfead67659601c23db9e
 2022-01-27 21:48:37 +00:00
Hui Wu
42d24fd59d Changes in SELinux Policy for cloudsearch API naming 
Bug: 216507592
Test: Presubmit Tests
Change-Id: I5aa647d146cfea0b44efb4c247d9856e0666ea86
 2022-01-27 13:42:17 -08:00
Treehugger Robot
21a37767ab Merge "Add sepolicy for new bluetooth device/profile sysprops" am: 98a4bc34a7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1954976

Change-Id: I8f510f48e3104efb0530cf1c0e3c01ea5245568e
 2022-01-27 19:30:11 +00:00
Treehugger Robot
98a4bc34a7 Merge "Add sepolicy for new bluetooth device/profile sysprops" 2022-01-27 19:17:02 +00:00
Seth Moore
3ac43c6044 Merge "Revert^2 "Allow default identity service to call keymint"" am: 9e2ff8d975 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1960027

Change-Id: Ic9825cb50b8f825b4c37b38063df72dd05590d73
 2022-01-27 18:34:32 +00:00