Commit graph

38728 commits

Author SHA1 Message Date
Inseob Kim
cf9c59241d Merge "Fix policy file order for hal_attributes" am: b2984a49bd
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2121272

Change-Id: I5613be959f16d63d21cab13eda4343f2055e7b70
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-10 09:29:27 +00:00
Inseob Kim
b2984a49bd Merge "Fix policy file order for hal_attributes" 2022-06-10 09:07:02 +00:00
Yi-Yo Chiang
598d079de7 Label ro.force.debuggable as build_prop
It was default_prop. Label it build_prop for good code hygiene.

Bug: 223517900
Test: Boot with and without debug boot image
Change-Id: I4e00d301eb526a0fc9e29657cbcedda8dd0fc7b1
2022-06-10 14:52:38 +08:00
Thiébaud Weksteen
033f4d11f6 [automerger skipped] DO NOT MERGE: Move bind permission on netlink to private am: d6e0b0b371 am: 2e26d143bf -s ours am: 7944bcd029 -s ours am: 31da33921e -s ours am: 566d02d543 -s ours am: e498ed9f0e -s ours am: 7b9395086e -s ours
am skip reason: subject contains skip directive

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/17630426

Change-Id: Ib63b36dca2123bb5517323d657e53fe4092ed729
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-10 03:32:02 +00:00
Thiébaud Weksteen
7b9395086e [automerger skipped] DO NOT MERGE: Move bind permission on netlink to private am: d6e0b0b371 am: 2e26d143bf -s ours am: 7944bcd029 -s ours am: 31da33921e -s ours am: 566d02d543 -s ours am: e498ed9f0e -s ours
am skip reason: subject contains skip directive

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/17630426

Change-Id: Ic3b7c00f7b89594a61200e8da1be4d0808b9d868
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-10 03:10:24 +00:00
Treehugger Robot
7a015c31ed Merge "Obsolete BOARD_PLAT_*_SEPOLICY_DIR" am: 747fc1236e am: e9cd3e95cb
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2120421

Change-Id: Idf614d34ba934688b4d9e7a22be28b5d133c54b7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-10 02:35:02 +00:00
Treehugger Robot
e9cd3e95cb Merge "Obsolete BOARD_PLAT_*_SEPOLICY_DIR" am: 747fc1236e
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2120421

Change-Id: Icd4eaabc5a7288d04b7f642aaa8bb8f2371d2e86
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-10 02:16:02 +00:00
Thiébaud Weksteen
f5242681b7 [automerger skipped] DO NOT MERGE: Move bind permission on netlink to private am: d6e0b0b371 am: 2e26d143bf -s ours am: 7944bcd029 -s ours am: 31da33921e -s ours am: 566d02d543 -s ours am: 9f688bcbfd -s ours am: 269074e48d -s ours am: 0d8e2fe39e -s ours
am skip reason: subject contains skip directive

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/17630426

Change-Id: I4b3a16d90de91b833a15e912ca4ef2e59a9d5579
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-10 02:15:47 +00:00
Treehugger Robot
747fc1236e Merge "Obsolete BOARD_PLAT_*_SEPOLICY_DIR" 2022-06-10 01:56:16 +00:00
Thiébaud Weksteen
0d8e2fe39e [automerger skipped] DO NOT MERGE: Move bind permission on netlink to private am: d6e0b0b371 am: 2e26d143bf -s ours am: 7944bcd029 -s ours am: 31da33921e -s ours am: 566d02d543 -s ours am: 9f688bcbfd -s ours am: 269074e48d -s ours
am skip reason: subject contains skip directive

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/17630426

Change-Id: I11166af5f4113a7f92db65ea9bb8e246e9257318
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-10 01:43:17 +00:00
Thiébaud Weksteen
269074e48d [automerger skipped] DO NOT MERGE: Move bind permission on netlink to private am: d6e0b0b371 am: 2e26d143bf -s ours am: 7944bcd029 -s ours am: 31da33921e -s ours am: 566d02d543 -s ours am: 9f688bcbfd -s ours
am skip reason: subject contains skip directive

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/17630426

Change-Id: I6631a56c85aa17da2da3c1c975c6ba2ffb3dfe48
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-10 01:19:43 +00:00
Thiébaud Weksteen
9f688bcbfd [automerger skipped] DO NOT MERGE: Move bind permission on netlink to private am: d6e0b0b371 am: 2e26d143bf -s ours am: 7944bcd029 -s ours am: 31da33921e -s ours am: 566d02d543 -s ours
am skip reason: subject contains skip directive

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/17630426

Change-Id: Id133415d8659c7c6572a84ce288c08ebf127e2a2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-10 01:02:41 +00:00
Thiébaud Weksteen
e498ed9f0e [automerger skipped] DO NOT MERGE: Move bind permission on netlink to private am: d6e0b0b371 am: 2e26d143bf -s ours am: 7944bcd029 -s ours am: 31da33921e -s ours am: 566d02d543 -s ours
am skip reason: subject contains skip directive

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/17630426

Change-Id: I8782b78cac7b0bdb90d646a1bc1422f6e5e9a18d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-10 01:01:38 +00:00
Thiébaud Weksteen
566d02d543 [automerger skipped] DO NOT MERGE: Move bind permission on netlink to private am: d6e0b0b371 am: 2e26d143bf -s ours am: 7944bcd029 -s ours am: 31da33921e -s ours
am skip reason: subject contains skip directive

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/17630426

Change-Id: I17212f12f13a065afb904f82355e4e36ffee49d4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-10 00:33:30 +00:00
Thiébaud Weksteen
31da33921e [automerger skipped] DO NOT MERGE: Move bind permission on netlink to private am: d6e0b0b371 am: 2e26d143bf -s ours am: 7944bcd029 -s ours
am skip reason: subject contains skip directive

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/17630426

Change-Id: I3cae5899a82c1631302d5b95b16ce3ce0aae20cb
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-10 00:15:58 +00:00
Thiébaud Weksteen
7944bcd029 [automerger skipped] DO NOT MERGE: Move bind permission on netlink to private am: d6e0b0b371 am: 2e26d143bf -s ours
am skip reason: subject contains skip directive

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/17630426

Change-Id: I6e92aa29c692a386d5b1801d1609ef7d257a0ee5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-09 23:59:44 +00:00
Vova Sharaienko
ba7b22eb58 Merge "hal_vehicle_default: enabled communication with statsd" am: 7816224ea2 am: 38ad5d01c4
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2106885

Change-Id: I44c534028b7080f332ea901efb4d6fb20c89793a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-09 23:45:29 +00:00
Akilesh Kailash
e673ce9fb5 Allow update_verifier to connect to snapuserd daemon am: 5fe8252425 am: ba1b02ae5b
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2039364

Change-Id: I7b25072da70f0ed71173a4db6dfa30dd9b269a69
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-09 23:45:04 +00:00
Thiébaud Weksteen
2e26d143bf DO NOT MERGE: Move bind permission on netlink to private am: d6e0b0b371
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/17630426

Change-Id: I7d3a7d51f77d00070ba4b25040483528177ed43b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-09 23:43:33 +00:00
Vova Sharaienko
38ad5d01c4 Merge "hal_vehicle_default: enabled communication with statsd" am: 7816224ea2
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2106885

Change-Id: Id31bf7bf78f66575871ba3718889442360c64e9f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-09 23:03:51 +00:00
Akilesh Kailash
ba1b02ae5b Allow update_verifier to connect to snapuserd daemon am: 5fe8252425
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2039364

Change-Id: I3425242728e614526befaca3be2f82bf482593a9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-09 23:03:33 +00:00
Vova Sharaienko
7816224ea2 Merge "hal_vehicle_default: enabled communication with statsd" 2022-06-09 22:51:21 +00:00
Devin Moore
309a355088 Add permissions for new netd AIDL HAL
Netd is now serving an AIDL HAL to replace the old HIDL HAL.

Bug: 205764585
Test: Boot and check for avc denials
Change-Id: I1ca5ed4ff3b79f082ea2f6d3e81f60a64ca04855
2022-06-09 22:39:15 +00:00
Dan Willemsen
9dd75fe474 Obsolete BOARD_PLAT_*_SEPOLICY_DIR
See If803a33efc38a970247919bf224c12b8c717f955 for more details.

Bug: 235414673
Test: treehugger
Change-Id: Iff939a58e0a8238e085d63f28b5fa8d7982d82a0
2022-06-09 09:36:21 -07:00
Inseob Kim
1e796342aa Fix policy file order for hal_attributes
Partners should be able to add hal_attributes to system_ext or product's
public/attributes file. However, if system_ext or product's
public/attributes contain any domain sets, numbers for base_typeattr
become inconsistent. It's because the order is now:

    ...
    te_macros
    attributes
    ioctl_defines
    ioctl_macros
    *.te
    roles_decl
    ...

That is, system_ext/public/attributes and product/public/attributes are
included prior to system/sepolicy/**/*.te. Thus, plat_sepolicy.cil and
system_ext_sepolicy.cil/product_sepolicy.cil can conflict.

This change fixes this issue by making attributes and *.te files have
the same rank. This way, system_ext/public/attributes is included after
system/sepolicy/**/*.te.

Bug: 234137981
Test: m selinux_policy after adding hal_attribute to
      system_ext/public/attributes
Change-Id: I85e1f6b8e4ab47c723724684d1938297a3305fe8
2022-06-09 11:26:35 +09:00
Android Build Coastguard Worker
0a525f75cf Snap for 8698879 from 6eb7171c4b to tm-release
Change-Id: I38d502ccfe41ce6ef69d1d87edbf59734b045fdf
2022-06-08 23:29:09 +00:00
Akilesh Kailash
5fe8252425 Allow update_verifier to connect to snapuserd daemon
Bug: 193863442
Test: OTA
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: I10cb900466078930c9124fc381ba2adfc50ffcd4
2022-06-08 20:26:18 +00:00
Steven Terrell
a3bc9c6db3 [automerger skipped] Merge "Add System Property Controlling Animators" am: 06c506940e am: c402a02164 -s ours
am skip reason: Merged-In I57225feb50a3f3b4ac8c39998c47f263ae211b66 with SHA-1 bc844c5c2b is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2118925

Change-Id: I855af1bf1945604f969981a79d88d29ea103d16e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-08 16:32:29 +00:00
Steven Terrell
c402a02164 Merge "Add System Property Controlling Animators" am: 06c506940e
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2118925

Change-Id: Ieee8f322c099443e6e533d8475501e55e9748511
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-08 16:11:44 +00:00
Steven Terrell
06c506940e Merge "Add System Property Controlling Animators" 2022-06-08 15:33:44 +00:00
Jiakai Zhang
70ac4483d0 Merge "Allow artd to get root capabilities and write to dalvikcache_data_file." am: b7a5e7cb8f am: 07bae2c1b8
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2118486

Change-Id: I7322fe21d5f14880c72b62132a592aa538032eff
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-08 15:22:02 +00:00
Jiakai Zhang
07bae2c1b8 Merge "Allow artd to get root capabilities and write to dalvikcache_data_file." am: b7a5e7cb8f
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2118486

Change-Id: I47ac3549a2c5fbde261c3f3d508bdf28193a095b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-08 14:52:51 +00:00
Jiakai Zhang
b7a5e7cb8f Merge "Allow artd to get root capabilities and write to dalvikcache_data_file." 2022-06-08 14:33:34 +00:00
Treehugger Robot
27945bccb0 Merge "Add sepolicy for IBootControl AIDL" am: 921af40c4b am: 8fbf709eb0
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2050816

Change-Id: Ib687153be4608959548009903420a48def7e9891
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-08 10:32:27 +00:00
Jiakai Zhang
2ce60a69bc Allow artd to get root capabilities and write to dalvikcache_data_file.
This CL adds rules to allow artd to delete optimized artifacts.

In general, some functionalities from installd are being migrated to
artd, so artd needs permissions to do what installd is doing: managing
profiles and compilation artifacts that belong to individual apps.

Bug: 225827974
Test: adb shell pm art delete-optimized-artifacts com.google.android.youtube
Change-Id: I1780cdfb481175fd3b0bc9031fdabb8e7cd71a12
2022-06-08 10:13:22 +00:00
Treehugger Robot
8fbf709eb0 Merge "Add sepolicy for IBootControl AIDL" am: 921af40c4b
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2050816

Change-Id: I4b116c21bdc31c96350c43640cfb19e245eef1bb
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-08 09:58:21 +00:00
Treehugger Robot
921af40c4b Merge "Add sepolicy for IBootControl AIDL" 2022-06-08 09:40:21 +00:00
Kelvin Zhang
187cb2c64c Add sepolicy for IBootControl AIDL
Test: th
Bug: 227536004
Change-Id: I1206b4aae1aab904a76836c893ee583b5ce54624
2022-06-07 16:26:19 -07:00
Steven Terrell
879f41c5f2 Add System Property Controlling Animators
Adding a new system property that will act as a toggle
enabling/disabling the framework changes that were submitted to prevent
leaked animators.

Bug: 233391022

Test: manual.

Merged-In: I57225feb50a3f3b4ac8c39998c47f263ae211b66
Change-Id: Ifc339efc1c3a5e19920b77d1f24bef19c39d5f44
2022-06-07 20:22:10 +00:00
Steven Terrell
399f831f56 Merge "Add System Property Controlling Animators" into tm-dev am: 6eb7171c4b
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/18565495

Change-Id: I0f8e5c4b1f876545c192812851b5d18c8897acfd
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-07 19:57:37 +00:00
Steven Terrell
6eb7171c4b Merge "Add System Property Controlling Animators" into tm-dev 2022-06-07 19:49:48 +00:00
Florian Mayer
845071c3eb [automerger skipped] RESTRICT AUTOMERGE Revert "Move mtectrl to private" am: 654cd21c30 -s ours am: d89566e4b3 -s ours am: 2f9eef4c10 -s ours
am skip reason: subject contains skip directive

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2117016

Change-Id: I7aa139a105fa0d3ede806308ac09e11b66ba6d4d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-07 04:08:01 +00:00
Florian Mayer
2f9eef4c10 [automerger skipped] RESTRICT AUTOMERGE Revert "Move mtectrl to private" am: 654cd21c30 -s ours am: d89566e4b3 -s ours
am skip reason: subject contains skip directive

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2117016

Change-Id: I4b7b78eba624704d755d1b0b5e2579b1d0e9ef7e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-07 03:47:14 +00:00
Florian Mayer
d89566e4b3 [automerger skipped] RESTRICT AUTOMERGE Revert "Move mtectrl to private" am: 654cd21c30 -s ours
am skip reason: subject contains skip directive

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2117016

Change-Id: Idf1bec5ede203162fb4485c4d3e9bcf5d0b8093c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-07 03:29:09 +00:00
John Wu
18e0e8b3d5 Merge "Revert "Revert "Revert "Remove key migration related changes"""" am: b553a30629 am: b298a8a97e
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2116891

Change-Id: I4cd8e81ecb7a11320fcff56417db9546dab8f677
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-07 01:39:51 +00:00
John Wu
b298a8a97e Merge "Revert "Revert "Revert "Remove key migration related changes"""" am: b553a30629
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2116891

Change-Id: I952aa402047f0be2518a75fb7fbe250a1ecf7e98
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-07 01:22:35 +00:00
John Wu
b553a30629 Merge "Revert "Revert "Revert "Remove key migration related changes"""" 2022-06-07 01:03:51 +00:00
Florian Mayer
654cd21c30 RESTRICT AUTOMERGE Revert "Move mtectrl to private"
Revert submission 1959735

Reason for revert: b/220807329
Reverted Changes:
Idb5c4a4c6:Move mtectrl to private
I2e8419366:Add policy for command line tool to control MTE bo...

Change-Id: I663113df93fe9fec597ad346a1d07888b068c20e
2022-06-06 23:52:17 +00:00
John Wu
3da8416b5d Revert "Revert "Revert "Remove key migration related changes"""
This reverts commit 82c4d9b474.

Reason for revert: b/235140708

Change-Id: Ifd14bcf4480c74b81602c16723efebef7aad10bd
2022-06-06 22:24:24 +00:00
Vova Sharaienko
5aa340abc2 hal_vehicle_default: enabled communication with statsd
Bug: 233754988
Test: build & boot, logcat | grep SELinux
Change-Id: I92ca95e0088550677baab64fcc36afdc8845e2fc
2022-06-06 19:00:01 +00:00