tequilaOS/platform_system_sepolicy

Author	SHA1	Message	Date
ronish	dfa42f0ddd	Rename healthconnect to healthfitness Bug: 264516143 Change-Id: Icabd6f58ae615a2f3e718e54dbc1c1c955883d19	2023-02-07 18:16:24 +00:00
Treehugger Robot	a920820458	Merge "Add selinux permissions for ro.usb.uvc.enabled" am: `11eb002e83` am: `a2cb810593` am: `45b9cbff85` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2410787 Change-Id: I0dc8f969b103f5df5a819f0fa2e0d3ed3b66fd50 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-02-01 08:56:45 +00:00
Treehugger Robot	45b9cbff85	Merge "Add selinux permissions for ro.usb.uvc.enabled" am: `11eb002e83` am: `a2cb810593` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2410787 Change-Id: Ied6a40ee9de3a51e0f2e17be63120febb32d6430 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-02-01 08:16:34 +00:00
Treehugger Robot	a2cb810593	Merge "Add selinux permissions for ro.usb.uvc.enabled" am: `11eb002e83` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2410787 Change-Id: Ie38aa8c6a5be43b53cd72214cd6f4fe16f872407 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-02-01 07:43:58 +00:00
Treehugger Robot	11eb002e83	Merge "Add selinux permissions for ro.usb.uvc.enabled"	2023-02-01 07:17:11 +00:00
Treehugger Robot	e061dd7c0d	Merge "Modify canhalconfigurator file context" am: `35820e6910` am: `1c9645177c` am: `2c683d7ae8` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2399853 Change-Id: I1438f1b1c52a2dd7880a69f361106b0526d933d4 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-02-01 03:28:08 +00:00
Treehugger Robot	2c683d7ae8	Merge "Modify canhalconfigurator file context" am: `35820e6910` am: `1c9645177c` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2399853 Change-Id: I0b06d202b29714198ef208fed089c64238252f1c Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-02-01 02:47:11 +00:00
Treehugger Robot	1c9645177c	Merge "Modify canhalconfigurator file context" am: `35820e6910` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2399853 Change-Id: I88dba0b0233a554e1ed2ea336df753fd335fc64c Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-02-01 02:10:31 +00:00
Treehugger Robot	35820e6910	Merge "Modify canhalconfigurator file context"	2023-02-01 00:34:33 +00:00
Hongwei Wang	5c534f1055	Merge "Allow platform_app:systemui to write protolog file" am: `f4979adab7` am: `7476ab79ff` am: `935e584f9e` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2397593 Change-Id: I356069c55e061a5bbb9278c0cfec9a379ad43d6f Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-01-31 22:35:27 +00:00
Hongwei Wang	935e584f9e	Merge "Allow platform_app:systemui to write protolog file" am: `f4979adab7` am: `7476ab79ff` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2397593 Change-Id: I46a66c5c80d984d34054c8acf0ad5aabf9b76a71 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-01-31 21:46:31 +00:00
Hongwei Wang	7476ab79ff	Merge "Allow platform_app:systemui to write protolog file" am: `f4979adab7` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2397593 Change-Id: Id077867308be1b610fd4b12ed50e87908bd5e8d2 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-01-31 20:58:01 +00:00
Hongwei Wang	f4979adab7	Merge "Allow platform_app:systemui to write protolog file"	2023-01-31 19:38:16 +00:00
Avichal Rakesh	a12d3103be	Add selinux permissions for ro.usb.uvc.enabled This CL the selinux rules for the property ro.usb.uvc.enabled which will be used to toggle UVC Gadget functionality on the Android Device. Bug: 242344221 Bug: 242344229 Test: Manually tested that the property can only be read at runtime, not written to. Change-Id: I0fd6051666d9554037acc68fa81226503f514a45	2023-01-31 11:17:50 -08:00
Inseob Kim	7a4650d1ee	Merge "Add comments on compat files" am: `beee8849a6` am: `1dba2f058a` am: `6a045a1884` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2405373 Change-Id: I91d104879c119315a524ea7c62a5728182375610 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-01-31 09:13:27 +00:00
Inseob Kim	6a045a1884	Merge "Add comments on compat files" am: `beee8849a6` am: `1dba2f058a` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2405373 Change-Id: I90fb845d98075e0fac17bf45db1f9f5ef099fef8 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-01-31 08:16:52 +00:00
Inseob Kim	1dba2f058a	Merge "Add comments on compat files" am: `beee8849a6` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2405373 Change-Id: I09be668bc0fe182d1a87c046c1002a865f7b9342 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-01-31 07:32:10 +00:00
Inseob Kim	beee8849a6	Merge "Add comments on compat files"	2023-01-31 06:34:19 +00:00
Jiakai Zhang	91d888f2ac	Merge "dontaudit dexoptanalyzer's DM file check on secondary dex files." am: `07cec2bd5e` am: `57d7bd317d` am: `bddbf640a5` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2407092 Change-Id: I8aa84ee2f0746ff1497bfeedd27105f16f7b8853 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-01-31 04:39:41 +00:00
Jiakai Zhang	bddbf640a5	Merge "dontaudit dexoptanalyzer's DM file check on secondary dex files." am: `07cec2bd5e` am: `57d7bd317d` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2407092 Change-Id: I44a5fcc3b5c6f2ebe03a10a8ef34e424ced05284 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-01-31 03:55:19 +00:00
Jiakai Zhang	57d7bd317d	Merge "dontaudit dexoptanalyzer's DM file check on secondary dex files." am: `07cec2bd5e` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2407092 Change-Id: I61c2ef978c55536fcb60432f20d82b311f8e1608 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-01-31 02:41:13 +00:00
Jiakai Zhang	07cec2bd5e	Merge "dontaudit dexoptanalyzer's DM file check on secondary dex files."	2023-01-31 02:01:15 +00:00
Inseob Kim	338f81baac	Add comments on compat files To prevent further confusion. Bug: 258029505 Test: manual Change-Id: Iaa145e4480833a224b1a07fc68adb7d3e8a36e4b	2023-01-31 09:57:26 +09:00
Abhishek Pandit-Subedi	ca470e5a14	Merge "Add sysprop for LeGetVendorCapabilities" am: `107af48013` am: `4aa7129dae` am: `1f346a5108` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2405121 Change-Id: I966cf2cb5b6c925a70c91e32b02008590ea369b6 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-01-30 19:22:01 +00:00
Abhishek Pandit-Subedi	1f346a5108	Merge "Add sysprop for LeGetVendorCapabilities" am: `107af48013` am: `4aa7129dae` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2405121 Change-Id: If06d243f3e8ff356ec58ebeee2dd6fb95164ee07 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-01-30 18:42:59 +00:00
Abhishek Pandit-Subedi	4aa7129dae	Merge "Add sysprop for LeGetVendorCapabilities" am: `107af48013` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2405121 Change-Id: Ib0dab2f71e84c42cd34fb3147ff065704a8ab5e8 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-01-30 18:41:15 +00:00
Abhishek Pandit-Subedi	107af48013	Merge "Add sysprop for LeGetVendorCapabilities"	2023-01-30 17:41:16 +00:00
Gil Cukierman	81a9721c3e	Merge "Add SELinux Policy For io_uring" am: `fab49d0a64` am: `bc0f54877a` am: `27b502dfb9` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2302679 Change-Id: I9d2a5ad7a0397a759e5a31d303834d442ed75372 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-01-30 16:33:54 +00:00
Gil Cukierman	27b502dfb9	Merge "Add SELinux Policy For io_uring" am: `fab49d0a64` am: `bc0f54877a` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2302679 Change-Id: I21fd2c66080a7ee46c85090e818ed69dbc7af699 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-01-30 15:54:34 +00:00
Gil Cukierman	bc0f54877a	Merge "Add SELinux Policy For io_uring" am: `fab49d0a64` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2302679 Change-Id: I65aad86e82542723e96a7e24e16a597e91d7aa6c Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-01-30 15:14:42 +00:00
Jiakai Zhang	b8e46c42d7	Allow installd to kill profman. am: `a7774c2cba` am: `13909cdb3f` am: `cc5183be39` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2406753 Change-Id: I4ca802d62151114b6dd818de7288f2a6e5bb3544 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-01-30 14:54:12 +00:00
Gil Cukierman	fab49d0a64	Merge "Add SELinux Policy For io_uring"	2023-01-30 14:38:43 +00:00
Jiakai Zhang	cc5183be39	Allow installd to kill profman. am: `a7774c2cba` am: `13909cdb3f` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2406753 Change-Id: Id7bcd5974e76902398aa9b0d8dbac6c466345742 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-01-30 14:13:34 +00:00
Jiakai Zhang	13909cdb3f	Allow installd to kill profman. am: `a7774c2cba` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2406753 Change-Id: I836e0c01d4356af7d125ba2ac754689239e57838 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-01-30 13:04:58 +00:00
Jiakai Zhang	a7774c2cba	Allow installd to kill profman. installd needs to kill profman if profman times out. Bug: 242352919 Test: - 1. Add an infinate loop to profman. 2. Run `adb shell pm compile -m speed-profile com.android.chrome` 3. See profman being killed after 1 minute. Change-Id: I71761eaab027698de0339d855b9a436b56580ed8	2023-01-30 11:09:08 +00:00
Jiakai Zhang	dbfa7d58b7	dontaudit dexoptanalyzer's DM file check on secondary dex files. Bug: 259758044 Change-Id: I5cf88e2f2217c03cff071f17aadd71153f170c61 Test: Presubmit	2023-01-30 07:56:10 +00:00
Inseob Kim	416338ac16	Add property_service_for_system on microdroid Bug: 262237198 Test: boot microdroid Ignore-AOSP-First: Security fix Change-Id: I6ddeff2962f723abc10e25f768e7507fd620e274	2023-01-30 12:42:50 +09:00
Paul Lawrence	ca1da77bbc	Merge "Policy for property_service_for_system socket"	2023-01-27 23:18:26 +00:00
Alessandra Loro	b725e06dbe	[automerger skipped] Hide ro.debuggable and ro.secure from ephemeral and isolated applications am: `09effc0d78` am: `968d385d37` am: `bad245a5e2` -s ours am: `3b150529a2` -s ours am: `99ec974402` -s ours am skip reason: Merged-In I916c9795d96e4a4a453f9aed5e380f11981804e9 with SHA-1 `813483e069` is already in history Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2402006 Change-Id: I10162b5368f944d94c670926edf4002d4823a7ce Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-01-27 22:45:32 +00:00
Alessandra Loro	99ec974402	[automerger skipped] Hide ro.debuggable and ro.secure from ephemeral and isolated applications am: `09effc0d78` am: `968d385d37` am: `bad245a5e2` -s ours am: `3b150529a2` -s ours am skip reason: Merged-In I916c9795d96e4a4a453f9aed5e380f11981804e9 with SHA-1 `813483e069` is already in history Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2402006 Change-Id: Ifee6643e9c52631d661906e5cb3a5edb543b1ee5 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-01-27 21:38:47 +00:00
Alessandra Loro	dd51682fd0	[automerger skipped] Hide ro.debuggable and ro.secure from ephemeral and isolated applications am: `09effc0d78` -s ours am: `44785c2623` -s ours am: `3111caa958` -s ours am: `5b4312026f` -s ours am skip reason: Merged-In I916c9795d96e4a4a453f9aed5e380f11981804e9 with SHA-1 `24d90e792e` is already in history Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2402006 Change-Id: I624f64455451c2db9a00ae9cfa588f53b0aeabd6 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-01-27 21:04:40 +00:00
Alessandra Loro	3b150529a2	[automerger skipped] Hide ro.debuggable and ro.secure from ephemeral and isolated applications am: `09effc0d78` am: `968d385d37` am: `bad245a5e2` -s ours am skip reason: Merged-In I916c9795d96e4a4a453f9aed5e380f11981804e9 with SHA-1 `813483e069` is already in history Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2402006 Change-Id: I1e75918f68dfb4ba10a511c635f2313a5aa12857 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-01-27 21:03:50 +00:00
Alessandra Loro	f7ecf93d61	[automerger skipped] Hide ro.debuggable and ro.secure from ephemeral and isolated applications am: `09effc0d78` am: `968d385d37` am: `72eb49e1fa` -s ours am skip reason: Merged-In I916c9795d96e4a4a453f9aed5e380f11981804e9 with SHA-1 `813483e069` is already in history Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2402006 Change-Id: Ib50cc87e3afd8b0601164cc31dada2c29b5bc441 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-01-27 21:03:17 +00:00
Alessandra Loro	bad245a5e2	Hide ro.debuggable and ro.secure from ephemeral and isolated applications am: `09effc0d78` am: `968d385d37` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2402006 Change-Id: I2a95f2f80f90de603a2029ec1d7026876c883137 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-01-27 20:07:43 +00:00
Alessandra Loro	72eb49e1fa	Hide ro.debuggable and ro.secure from ephemeral and isolated applications am: `09effc0d78` am: `968d385d37` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2402006 Change-Id: If18ccdaf892eee91df43ebe2629d856078660331 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-01-27 20:06:28 +00:00
Alessandra Loro	5b4312026f	[automerger skipped] Hide ro.debuggable and ro.secure from ephemeral and isolated applications am: `09effc0d78` -s ours am: `44785c2623` -s ours am: `3111caa958` -s ours am skip reason: Merged-In I916c9795d96e4a4a453f9aed5e380f11981804e9 with SHA-1 `24d90e792e` is already in history Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2402006 Change-Id: I0be31119235f8fa393f8aaf25af8aa10b2642121 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-01-27 20:04:38 +00:00
Alessandra Loro	3111caa958	[automerger skipped] Hide ro.debuggable and ro.secure from ephemeral and isolated applications am: `09effc0d78` -s ours am: `44785c2623` -s ours am skip reason: Merged-In I916c9795d96e4a4a453f9aed5e380f11981804e9 with SHA-1 `24d90e792e` is already in history Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2402006 Change-Id: I387d1a606d2f104e6cd85345966e3e88631c3be9 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-01-27 19:43:33 +00:00
Alessandra Loro	968d385d37	Hide ro.debuggable and ro.secure from ephemeral and isolated applications am: `09effc0d78` Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2402006 Change-Id: I068d5585305d8715d8ff081869d785fb07dedb4a Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-01-27 19:23:38 +00:00
Alessandra Loro	44785c2623	[automerger skipped] Hide ro.debuggable and ro.secure from ephemeral and isolated applications am: `09effc0d78` -s ours am skip reason: Merged-In I916c9795d96e4a4a453f9aed5e380f11981804e9 with SHA-1 `24d90e792e` is already in history Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2402006 Change-Id: I270b951dd87754c9477b3d52f00b6dc21c9bc501 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-01-27 19:03:34 +00:00
Gil Cukierman	214294ce75	Add SELinux Policy For io_uring Brings in the io_uring class and associated restrictions and adds a new macro, `io_uring_use`, to sepolicy. In more detail, this change: * Adds a new macro expands to ensure the domain it is passed can undergo a type transition to a new type, `<domain>_iouring`, when the anon_inode being accessed is labeled `[io_uring]`. It also allows the domain to create, read, write, and map the io_uring anon_inode. * Adds the ability for a domain to use the `IORING_SETUP_SQPOLL` flag during `io_uring_setup` so that a syscall to `io_uring_enter` is not required by the caller each time it wishes to submit IO. This can be enabled securely as long as we don't enable sharing of io_uring file descriptors across domains. The kernel polling thread created by `SQPOLL` will inherit the credentials of the thread that created the io_uring [1]. * Removes the selinux policy that restricted all domains that make use of the `userfault_fd` macro from any `anon_inode` created by another domain. This is overly restrictive, as it prohibits the use of two different `anon_inode` use cases in a single domain e.g. userfaultfd and io_uring. This change also replaces existing sepolicy in fastbootd and snapuserd that enabled the use of io_uring. [1] https://patchwork.kernel.org/project/linux-security-module/patch/163159041500.470089.11310853524829799938.stgit@olly/ Bug: 253385258 Test: m selinux_policy Test: cd external/liburing; mm; atest liburing_test; # requires WIP CL ag/20291423 Test: Manually deliver OTAs (built with m dist) to a recent Pixel device and ensure snapuserd functions correctly (no io_uring failures) Change-Id: I96f38760b3df64a1d33dcd6e5905445ccb125d3f	2023-01-27 11:44:59 -05:00

1 2 3 4 5 ...

42068 commits