tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
20811 commits 1 branch 0 tags 50 MiB
Commit graph

20811 commits

This branch
This branch
All branches
Author SHA1 Message Date
Kalesh Singh
deb8024fd0 Merge "Sepolicy for vendor hals to access IAshmem" am: 06984017b7 
am: 3b3bc95112

Change-Id: Icf6c0569d988f09d3edca1d1d8ed030099ddbc61
 2019-06-07 23:26:26 -07:00
Kalesh Singh
3b3bc95112 Merge "Sepolicy for vendor hals to access IAshmem" 
am: 06984017b7

Change-Id: I0ad0f27bb7eb0de48899d3ca6ae6682a2b5f6d74
 2019-06-07 23:21:25 -07:00
Treehugger Robot
06984017b7 Merge "Sepolicy for vendor hals to access IAshmem" 2019-06-08 06:06:17 +00:00
Tri Vo
c7b6667921 Merge "README: Use BOARD_VENDOR_SEPOLICY_DIRS" am: 3b0ce13eef 
am: 39127fffc5

Change-Id: I0c19cf78a31db843c344b880b6a054a5c5500695
 2019-06-07 16:51:17 -07:00
Tri Vo
39127fffc5 Merge "README: Use BOARD_VENDOR_SEPOLICY_DIRS" 
am: 3b0ce13eef

Change-Id: I921d2cfa76429545b69bf005bdfb0df2c3545763
 2019-06-07 16:46:16 -07:00
Tri Vo
3b0ce13eef Merge "README: Use BOARD_VENDOR_SEPOLICY_DIRS" 2019-06-07 23:35:18 +00:00
Kalesh Singh
55181e7f9b Sepolicy for vendor hals to access IAshmem 
Although this may appear very permissive, it ok since the current allow
rule already gives every domain access to /dev/ashmem.

Change-Id: I1f121a3c6a911819b2c3e0605a0544a039cb5503
Bug: 134161662
Test: Check logcat for Sepolicy denials (logcat -d | grep shmem)
 2019-06-07 15:50:44 -07:00
Ryan Savitski
b09be7d3a8 userdebug: support perfetto traces as a section in incident reports am: ce3a33ff18 
am: 25d6ad4a41

Change-Id: I1eec93260bc224f1156ad4d4329df7f818568494
 2019-06-07 08:30:21 -07:00
Ryan Savitski
25d6ad4a41 userdebug: support perfetto traces as a section in incident reports 
am: ce3a33ff18

Change-Id: I7d1513b600d662733dd0c852920550b3925d3ebb
 2019-06-07 08:23:57 -07:00
Felix
ec3ac470a9 README: Use BOARD_VENDOR_SEPOLICY_DIRS 
BOARD_SEPOLICY_DIRS is deprecated and references should be updated.

Signed-off-by: Felix <google@ix5.org>
Change-Id: I063940a63256a881206740e8a7ecae215f3a5ca8
 2019-06-07 09:23:00 +02:00
Ryan Savitski
ce3a33ff18 userdebug: support perfetto traces as a section in incident reports 
This set of patches adds a way for the perfetto command line client to
save a trace to a hardcoded location,
/data/misc/perfetto-traces/incident-trace, and call into incidentd to
start a report, which will include said trace in a new section.

This is not a long-term solution, and is structured to minimize changes
to perfetto and incidentd. The latter is currently architected in a way
where it can only pull pre-defined information out of the system, so
we're resorting to persisting the intermediate results in a hardcoded
location.

This will introduce at most two more linked files at the same time.

Bug: 130543265
Bug: 134706389
Tested: manually on blueline-userdebug
Change-Id: I2aa27e25f0209b3a5cdf5d550d0312693932b808
 2019-06-07 01:00:53 +01:00
Luke Huang
ec338079f8 Merge "Clean sepolicy of unused netd_socket" am: 848075e330 
am: f015b8fc08

Change-Id: Ib8c49501831dfc1087b6cd42d6c4538ffd779ded
 2019-06-02 23:55:06 -07:00
Luke Huang
f015b8fc08 Merge "Clean sepolicy of unused netd_socket" 
am: 848075e330

Change-Id: Iaa22ab4d8c42c0bcae2907626ae397c03b050f27
 2019-06-02 23:49:03 -07:00
Luke Huang
848075e330 Merge "Clean sepolicy of unused netd_socket" 2019-06-03 06:39:15 +00:00
Tri Vo
6cbe828e13 Reland "Add 29.0 mapping files" am: 50aa029f4b 
am: 5d1701a3ee

Change-Id: Ibdfcb99c0a49eca4107ea19e06e480d9a893a34a
 2019-06-02 18:14:46 -07:00
Tri Vo
53fcfa94a3 [automerger skipped] Reland "Fake 29.0 sepolicy prebuilts" am: 336d0fed4e 
am: 74c4220074 -s ours
am skip reason: change_id I3e091652fa8d1757b1f71f7559186d5b32f000d5 with SHA1 94b7372534 is in history

Change-Id: I88136b522be57d54dd3b198f30efde621efb6822
 2019-06-02 18:14:41 -07:00
Tri Vo
5d1701a3ee Reland "Add 29.0 mapping files" 
am: 50aa029f4b

Change-Id: I6ea1cc54d313ecdb393c7a7f867d2527b35d42cd
 2019-06-02 18:09:43 -07:00
Tri Vo
74c4220074 Reland "Fake 29.0 sepolicy prebuilts" 
am: 336d0fed4e

Change-Id: I634c299ebc0910cb7a3aee72738369076ca5691c
 2019-06-02 18:09:39 -07:00
Tri Vo
50aa029f4b Reland "Add 29.0 mapping files" 
Steps taken to produce the mapping files:

1. Add prebuilts/api/29.0/[plat_pub_versioned.cil|vendor_sepolicy.cil]
plat_pub_versioned.cil contains all public attributes and types from Q
Leave vendor_sepolicy.cil is empty.

2. Add new file private/compat/29.0/29.0.cil by doing the following:
- copy /system/etc/selinux/mapping/29.0.cil from pi-dev aosp_arm64-eng
device to private/compat/29.0/29.0.cil
- remove all attribute declaration statement (typeattribute ...) and
sort lines alphabetically
- some selinux types were added/renamed/deleted w.r.t 29 sepolicy.
Find all such types using treble_sepolicy_tests_29.0 test.
- for all these types figure out where to map them by looking at
28.0.[ignore.]cil files and add approprite entries to 29.0.[ignore.]cil.

This change also enables treble_sepolicy_tests_29.0 and installs
29.0.cil mapping file onto the device.

Bug: 133155528
Bug: 133196056
Test: m treble_sepolicy_tests_29.0
Test: m 29.0_compat_test
Test: m selinux_policy
Change-Id: I9e83e9bf118c8b8f8fcf84d5c0dcb6eb588e0d55
 2019-06-01 17:20:34 -07:00
Tri Vo
336d0fed4e Reland "Fake 29.0 sepolicy prebuilts" 
I took current AOSP policy as base, then removed sepolicy so that the
set of type and attributes was a subset of types and attributes in Q
sepolicy, with exception of those that have not yet been cleand up in
current AOSP:

mediaswcodec_server
netd_socket
mediaextractor_update_service
thermalserviced
thermalserviced_exec

Bug: 133196056
Test: n/a
Change-Id: I863429d61d3fad0272c1d3f1e429cd997513a74a
Merged-In: I3e091652fa8d1757b1f71f7559186d5b32f000d5
 2019-06-01 17:20:18 -07:00
Anders Fridlund
84f48f5493 Merge "Set context for files in the com.android.bootanimation apex" am: 7b54926292 
am: d90d539fbd

Change-Id: If055c247c0b784b10acbb39769a27f542eb34c2e
 2019-05-30 04:20:21 -07:00
Anders Fridlund
d90d539fbd Merge "Set context for files in the com.android.bootanimation apex" 
am: 7b54926292

Change-Id: I6a8a336fe7632d1af9d8ea125de40ccc34ecf07b
 2019-05-30 04:15:19 -07:00
Treehugger Robot
7b54926292 Merge "Set context for files in the com.android.bootanimation apex" 2019-05-30 11:10:09 +00:00
Luke Huang
3a97f5ae8c Clean sepolicy of unused netd_socket 
Bug: 65862741
Test: built, flashed, booted
Change-Id: I25578e54f8c222d381c8f8ea0ec143b5b503b6a6
Merged-In: I726aadd54b04df68cff992b70443c0335ca50972
 2019-05-30 17:41:16 +08:00
Kalesh Singh
533363bb54 Merge "Sepolicy for IAshmem HIDL interface" am: b374835ffb 
am: 99a5e65385

Change-Id: I15778c78f997acdc3422ea941301f0ea61dabff4
 2019-05-30 00:52:03 -07:00
Kalesh Singh
99a5e65385 Merge "Sepolicy for IAshmem HIDL interface" 
am: b374835ffb

Change-Id: I7cfad6fdfc003b476a1de2abde21b7b80af0325e
 2019-05-30 00:47:29 -07:00
Treehugger Robot
b374835ffb Merge "Sepolicy for IAshmem HIDL interface" 2019-05-30 07:36:41 +00:00
Jooyung Han
6eeaaa4394 Merge "Test files on intermediates dir, not on /system" am: 0ae642542a 
am: 6b9eae8622

Change-Id: I5ab27a3ebbe9927b53c72992a94a70f8cd62657b
 2019-05-29 18:07:04 -07:00
Jooyung Han
6b9eae8622 Merge "Test files on intermediates dir, not on /system" 
am: 0ae642542a

Change-Id: I225a2070e3ebfa0c66dd84757c3032a1fbc21b11
 2019-05-29 18:01:58 -07:00
Treehugger Robot
0ae642542a Merge "Test files on intermediates dir, not on /system" 2019-05-30 00:43:52 +00:00
Dan Willemsen
8d8452448e Merge "Fix missing rename of all_keys -> all_plat_keys" am: 0dea10cff7 
am: 1909890725

Change-Id: Iacec1ad247cb157258098d58a268ab4458a43000
 2019-05-29 15:02:07 -07:00
Dan Willemsen
1909890725 Merge "Fix missing rename of all_keys -> all_plat_keys" 
am: 0dea10cff7

Change-Id: I1a207bfbc69ebe67cde93201ff4b6772c440c0e4
 2019-05-29 14:56:13 -07:00
Kalesh Singh
46303aa1f7 Sepolicy for IAshmem HIDL interface 
Change-Id: Id78f995661120f136d671ea0084db358e7662122
Bug: 133443879
Test: Manually check logcat for sepolicy denials (logcat | grep IAshmem)
 2019-05-29 14:44:47 -07:00
Treehugger Robot
0dea10cff7 Merge "Fix missing rename of all_keys -> all_plat_keys" 2019-05-29 21:34:44 +00:00
Anders Fridlund
831830bc09 Set context for files in the com.android.bootanimation apex 
Set the bootanim_file context for files in the com.android.boootanim
apex-module.

Bug: 116821733
Test: Verify that the new boot animation is used from next boot
Change-Id: I15e7b00bb8044eee550a4490a271b05ae14587b6
 2019-05-29 13:49:41 -07:00
Jiyong Park
6ece872622 Merge "Don't use apexd when TARGET_FLATTEN_APEX == true" am: 825b11ef6f 
am: f902b4eb7d

Change-Id: I122aba3ce61085e123b40eda4a02361dd7c50138
 2019-05-29 09:33:37 -07:00
Jiyong Park
f902b4eb7d Merge "Don't use apexd when TARGET_FLATTEN_APEX == true" 
am: 825b11ef6f

Change-Id: Ie0196e2eb7c173269899256b2e9747e575ea6825
 2019-05-29 09:29:36 -07:00
David Anderson
fb123bb20c [automerger skipped] Allow init to mkdir inside /data/gsi. 
am: 51fae66027 -s ours
am skip reason: change_id Iaa610c72d8098e157bb89e321624369f86f4ea19 with SHA1 0b1094cc23 is in history

Change-Id: I268cfe168ebd748bb46b9553c387a59bb23d056d
 2019-05-29 09:18:01 -07:00
Jiyong Park
825b11ef6f Merge "Don't use apexd when TARGET_FLATTEN_APEX == true" 2019-05-29 16:12:05 +00:00
Jooyung Han
749cf93ae8 Test files on intermediates dir, not on /system 
*_context_test / sepolicy_tests / treble_sepolicy_tests_* /
sepolicy_freeze_test files are installed on /system/etc.

By being FAKE modules, test files are not installed on target.

Additionally, we need to set up dependency from droidcore to
selinux_policy to make tests run on normal builds (m).

Bug: 133460071
Test: m & see if tests run and no test files on /system/etc
Test: m selinux_policy & see if tests run
Change-Id: Icacf004d5c1c8ec720c7cedef7bae8aa648cbe49
 2019-05-30 01:05:43 +09:00
Dan Willemsen
9d06a8f594 Fix missing rename of all_keys -> all_plat_keys 
Bug: 130111713
Test: treehugger
Change-Id: I38f7bd45bb2ec9cfef35384b23811cf6ec15cac2
 2019-05-29 04:05:02 +00:00
Tri Vo
9c253a7a5a Merge "Revert "Add 29.0 mapping files"" am: 6d47c27458 
am: a0f8c64834

Change-Id: Ia077642a42c86a970335e97b4129b637ce2c9a9f
 2019-05-28 18:29:16 -07:00
Tri Vo
afc37a9832 [automerger skipped] Merge "Revert "DO NOT MERGE Fake 29.0 sepolicy prebuilts"" am: bf5ef59e10 -s ours 
am: a9c2be6942 -s ours
am skip reason: subject contains skip directive

Change-Id: If1052345efe3bbbbd1276bbb5b08b0898c9a5e4b
 2019-05-28 18:29:12 -07:00
Tri Vo
a0f8c64834 Merge "Revert "Add 29.0 mapping files"" 
am: 6d47c27458

Change-Id: If5332090c9cf35f4b489e014cc73c295ffb74834
 2019-05-28 18:24:14 -07:00
Tri Vo
a9c2be6942 [automerger skipped] Merge "Revert "DO NOT MERGE Fake 29.0 sepolicy prebuilts"" 
am: bf5ef59e10 -s ours
am skip reason: subject contains skip directive

Change-Id: I328a192c81de22b0bb5c6e790140ddd7f6ddac65
 2019-05-28 18:24:10 -07:00
Tri Vo
6d47c27458 Merge "Revert "Add 29.0 mapping files"" 2019-05-29 01:12:15 +00:00
Tri Vo
bf5ef59e10 Merge "Revert "DO NOT MERGE Fake 29.0 sepolicy prebuilts"" 2019-05-29 01:12:15 +00:00
Tri Vo
8043136f7f Revert "Add 29.0 mapping files" 
This reverts commit 5702e9d758.

Reason for revert: breaks build

Change-Id: I2a1772545ec4aae8723ecce93c9bf9d49e905986
 2019-05-29 01:10:07 +00:00
Tri Vo
9ea0af1e9a Revert "DO NOT MERGE Fake 29.0 sepolicy prebuilts" 
This reverts commit bc8dc3aa9d.

Reason for revert: breaks build

Change-Id: I4163392f3a0f56add59d0d2a1d2695cee09cc32e
 2019-05-29 01:09:16 +00:00
Tri Vo
f8433484fa Merge changes from topic "29_mapping" am: da3fbc60cc 
am: c00dd3a1ea

Change-Id: Ia075ae7e61a73d244ab03678238240cd5617b556
 2019-05-28 17:17:57 -07:00