tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
42285 commits 1 branch 0 tags 50 MiB
Commit graph

9442 commits

Author SHA1 Message Date
Ioannis Ilkos
df0fb4ef3d Merge "Sysprop for the count of active OOME tracing sessions" am: 300f93bf5a am: 2a73c910d3 am: ebf9f35f15 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2433415

Change-Id: If19649f185a8247c4b3196b30629d491d598ff73
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-17 19:58:55 +00:00
Ioannis Ilkos
2a73c910d3 Merge "Sysprop for the count of active OOME tracing sessions" am: 300f93bf5a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2433415

Change-Id: I94c868305fc6c681b01bc86b6f3d9ffaf8fac9d1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-17 18:51:54 +00:00
Nikita Ioffe
923b51fc1d Merge "Sepolicy rules to allow crosvm to start a gdb-server" am: 09cbce900f am: 9892a80308 am: 22f42bfff8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2436892

Change-Id: I361acada88ee38266dcc00210f0ffdfc702b1f38
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-17 18:36:50 +00:00
Alfred Piccioni
700b8d2ced Merge "Adds support for fuseblk binaries." am: dd4c5fa93b am: 89cd736d8d am: 14de90550b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2393296

Change-Id: Ie06c83f0f628e4aba4f84e9fd948fc4c64743b5d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-17 18:36:24 +00:00
Ioannis Ilkos
300f93bf5a Merge "Sysprop for the count of active OOME tracing sessions" 2023-02-17 17:50:59 +00:00
Nikita Ioffe
9892a80308 Merge "Sepolicy rules to allow crosvm to start a gdb-server" am: 09cbce900f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2436892

Change-Id: I2df5e7c76cfe7149139d018c01be1903a7dc1ee6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-17 16:25:13 +00:00
Alfred Piccioni
89cd736d8d Merge "Adds support for fuseblk binaries." am: dd4c5fa93b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2393296

Change-Id: Ic1a8d2a297848430a672826f1780bbb3e976f1be
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-17 16:23:38 +00:00
Nikita Ioffe
09cbce900f Merge "Sepolicy rules to allow crosvm to start a gdb-server" 2023-02-17 15:46:05 +00:00
Alfred Piccioni
dd4c5fa93b Merge "Adds support for fuseblk binaries." 2023-02-17 15:15:31 +00:00
Nikita Ioffe
40a48c1046 Sepolicy rules to allow crosvm to start a gdb-server 
Bug: 242057159
Test: see another change in this topic
Change-Id: Ie5116c8891a62096e767500b90a19fc5975c3599
 2023-02-15 16:44:50 +00:00
Feiyu Chen
6ecb07f81e Merge "Add SELinux policy for edgetpu_native device_config prop" am: b4b757cd83 am: e68fe11b3a am: c549fa4675 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2434232

Change-Id: Ib731951384e7c1c451d8d176289eaab29c6b99d9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-15 05:18:35 +00:00
Feiyu Chen
e68fe11b3a Merge "Add SELinux policy for edgetpu_native device_config prop" am: b4b757cd83 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2434232

Change-Id: Iba932201fe56697b23f25a7ecb41a2f9829dd48a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-15 03:31:01 +00:00
Feiyu Chen
b4b757cd83 Merge "Add SELinux policy for edgetpu_native device_config prop" 2023-02-15 02:32:22 +00:00
Ioannis Ilkos
8d168e2d8a Sysprop for the count of active OOME tracing sessions 
In order for ART code to call perfetto DataSource::Trace() we need to
wait for all data source instances to have completed their setup. To do
so, we need to know how many of them exist.

This introduces a new sysprop traced.oome_heap_session.count, writeable
by perfetto traced and readable by apps and system_server that can be
used to communicate this.

See go/art-oom-heap-dump for more details

Test: manual, atest HeapprofdJavaCtsTest
Bug: 269246893
Change-Id: Ib8220879a40854f98bc2f550ff2e7ebf3e077756
 2023-02-14 15:14:39 +00:00
Treehugger Robot
0ae1926576 Merge "Add system property for leaudio_allow_list" am: ae07b5380b am: 79b8e705aa am: 55d69325e9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2375411

Change-Id: I0072eadd143a989436277d43fca5d48411c5615e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-14 14:04:25 +00:00
Pedro Loureiro
efd12cc5bf Merge "Add SEPolicy for device config service" am: 43b0b8a65c am: 14060332c7 am: fe0ce26f53 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2430374

Change-Id: Ic9b09bf6e69fcec9e8f35de48be914f332bd45b3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-14 14:03:59 +00:00
Treehugger Robot
79b8e705aa Merge "Add system property for leaudio_allow_list" am: ae07b5380b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2375411

Change-Id: I4323da4ee1e703e48f78cef880c154e94c8f49f3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-14 12:17:11 +00:00
Pedro Loureiro
14060332c7 Merge "Add SEPolicy for device config service" am: 43b0b8a65c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2430374

Change-Id: I16624fc06f8cd15de32734e31a47acc504a5dea1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-14 12:16:51 +00:00
Treehugger Robot
ae07b5380b Merge "Add system property for leaudio_allow_list" 2023-02-14 11:21:55 +00:00
Pedro Loureiro
43b0b8a65c Merge "Add SEPolicy for device config service" 2023-02-14 11:18:41 +00:00
Akilesh Kailash
959a886b33 Merge "Set sepolicy for ublk control device and block device" am: a3c0ca4e67 am: 12e344b7de am: 782a9dd2d1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2433673

Change-Id: I6bb7907b4904e5bcd9ce45a789efaae001509f52
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-14 06:28:18 +00:00
Akilesh Kailash
12e344b7de Merge "Set sepolicy for ublk control device and block device" am: a3c0ca4e67 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2433673

Change-Id: Ia1104a335a2932a48bc2f9eecb547c65e13fe334
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-14 04:41:42 +00:00
Akilesh Kailash
a3c0ca4e67 Merge "Set sepolicy for ublk control device and block device" 2023-02-14 03:59:06 +00:00
Jeffrey Huang
5c1b962965 Merge "Restrict system server from reading statsd data" am: 01fd5eb907 am: e53a5b25b6 am: 6788ed4f1c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2410783

Change-Id: Ie7c7bc680c96aab593f115303a9c1b85664877ed
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-14 00:51:35 +00:00
Akilesh Kailash
63a21044f2 Set sepolicy for ublk control device and block device 
ublk-control device: /dev/ublk-control
ublk-block device: /dev/block/ublkbN where N is 0,1,2..

Bug: 269144965
Test: Verify sepolicy changes through kernel logs when user-space daemon
communicates with ublk driver

Change-Id: I10de557566e3c0628ea72fbbda4cff21e7cda68f
Signed-off-by: Akilesh Kailash <akailash@google.com>
 2023-02-13 16:30:40 -08:00
Jeffrey Huang
e53a5b25b6 Merge "Restrict system server from reading statsd data" am: 01fd5eb907 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2410783

Change-Id: I18a4d57758865141a9e0b6f479ff5aabf8db0ece
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-13 23:07:21 +00:00
Jeffrey Huang
01fd5eb907 Merge "Restrict system server from reading statsd data" 2023-02-13 22:37:09 +00:00
feiyuchen
70e1942fb3 Add SELinux policy for edgetpu_native device_config prop 
The new android property namespace will store the configurations which are set on the server side and read by the EdgeTpu HAL.

Notes:
* This CL is similar to nnapi_native CL: https://android-review.git.corp.google.com/c/platform/system/sepolicy/+/1844919
* The read permission of EdgeTpu HAL will be added in another internal CL.

Test: mm
Bug: 243553703
Bug: 246401730
Change-Id: I5705f679148b313d919f334c51e31f7645aca82a
 2023-02-13 21:55:57 +00:00
Pedro Loureiro
58847ab171 Add SEPolicy for device config service 
A new mainline module that will have the device config logic requires a new service (device_config_updatable).

Bug: 252703257

Test: manual because logic that launches service is behind flag

Change-Id: I4ffba0c7d2afc44af8438b7d84d836e42388bd7d
 2023-02-13 09:37:12 +00:00
Jeff Sharkey
36e24fc6f7 Merge "Add dropbox entries as files to dumpstate ZIP." am: 3926d95720 am: 89f51e46f2 am: 3662756348 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2422870

Change-Id: I80adc4ebf7f1a49b475cc64f62160fc48cdc9d7e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-10 23:11:06 +00:00
Jeff Sharkey
89f51e46f2 Merge "Add dropbox entries as files to dumpstate ZIP." am: 3926d95720 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2422870

Change-Id: I4481603e241edea765e7a745ed69bf31f0735b21
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-10 21:31:36 +00:00
Jeff Sharkey
3926d95720 Merge "Add dropbox entries as files to dumpstate ZIP." 2023-02-10 20:41:51 +00:00
Krishang Garodia
cae679a22d Merge "Update SE policy for all media provider processes" am: 6e51f51b5f am: 98cc4fec56 am: 1fc7e3ba0f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2429034

Change-Id: Iac5966beac9c22d01207396da49e5fbbc9400505
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-10 15:30:47 +00:00
Jeff Sharkey
ef5e5c82d4 Add dropbox entries as files to dumpstate ZIP. 
Since each dropbox entry is already stored as a file on disk, include
them as-is into the dumpstate ZIP file.

The dumpsys output has already included truncated versions of all
dropbox entries for many years, and adding them as separate files
inside the dumpstate ZIP will speed up debugging and issue triage.

Bug: 267673062
Test: manual
Change-Id: I6e83dd01221f43bb2e2efc1a12368db30a545c71
 2023-02-10 14:02:35 +00:00
Krishang Garodia
98cc4fec56 Merge "Update SE policy for all media provider processes" am: 6e51f51b5f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2429034

Change-Id: Ia3bcaf702b2ccadce5186f869baebd8c6afad56d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-10 13:59:33 +00:00
Krishang Garodia
6e51f51b5f Merge "Update SE policy for all media provider processes" 2023-02-10 13:57:52 +00:00
Krishang Garodia
caf7984a2e Update SE policy for all media provider processes 
Bug: 230394838
Bug: 195009152
Test: manual
Change-Id: Ic8e1d45c910e1455dd28bfb748d134c066a33591
 2023-02-10 11:06:53 +00:00
Charlie Wang
b240222f41 Merge "Extension of isolated_compute_app for media services." am: bc778658ab am: 55886d20d9 am: 4cd8e4ef41 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2411335

Change-Id: Id6faecafa7b62d9e82a56d833222ecb366d1e416
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-09 21:03:24 +00:00
Max Bires
1ac58d12be Merge "Allow GMSCore to read RKP properties." am: db8a6b31ca am: 5516282b8b am: 76d8c830f8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2428194

Change-Id: I050a338e9805b050586bdc0d30d4ed01ec248d84
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-09 21:00:13 +00:00
Charlie Wang
55886d20d9 Merge "Extension of isolated_compute_app for media services." am: bc778658ab 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2411335

Change-Id: I1133741d332cd7cdf075db8330baf1db61f58105
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-09 18:29:54 +00:00
Max Bires
5516282b8b Merge "Allow GMSCore to read RKP properties." am: db8a6b31ca 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2428194

Change-Id: I5b0aa3092d77a1e3c8917cd36d8a076b7d783f88
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-09 18:29:40 +00:00
Henri Chataing
38b90d44d0 Merge "Define the permissions for Nfc sysprops" am: ff275229d1 am: 1f26ebadf8 am: 80c5782174 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2424852

Change-Id: Ifcbe6d1eac4f6af02a5fd8263d4fa8a5ec0951f7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-09 18:23:44 +00:00
Charlie Wang
bc778658ab Merge "Extension of isolated_compute_app for media services." 2023-02-09 18:13:57 +00:00
Max Bires
db8a6b31ca Merge "Allow GMSCore to read RKP properties." 2023-02-09 17:51:57 +00:00
Henri Chataing
1f26ebadf8 Merge "Define the permissions for Nfc sysprops" am: ff275229d1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2424852

Change-Id: Ief06daa97a1ff07a8ebdc2cc1f0a77e769d2f76a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-09 17:01:39 +00:00
Henri Chataing
ff275229d1 Merge "Define the permissions for Nfc sysprops" 2023-02-09 16:08:40 +00:00
Jack He
54ac416034 Merge "Add sysprop for LeAudio inband ringtone support" am: 796621872b am: 259ea80e91 am: 030470c067 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2422865

Change-Id: I5c4390e3b7848824914e9ffe2a839bd4452a8de9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-09 03:37:31 +00:00
Jack He
259ea80e91 Merge "Add sysprop for LeAudio inband ringtone support" am: 796621872b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2422865

Change-Id: Ie3311c5fa54dad74f20578faba36fbd4981f1625
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-09 02:09:07 +00:00
Jack He
796621872b Merge "Add sysprop for LeAudio inband ringtone support" 2023-02-09 01:36:31 +00:00
Max Bires
89bbb2581b Allow GMSCore to read RKP properties. 
GMSCore requires access to read RKP properties in order for test suites
to validate the hostname is properly set.

Test: N/A
Change-Id: If537e58d4df74516435bec8955c83bb5494a80f0
 2023-02-08 17:14:47 -08:00