tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
42068 commits 1 branch 0 tags 50 MiB
Commit graph

42068 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jörg Wagner
5bcee03eda Merge "Grant surfaceflinger and graphics allocator access to the secure heap" am: 9a3d794113 am: 6b3fc5f686 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2393292

Change-Id: Ib4deaaeddb5be91c1fc2cba4f44d1bc01363d8a8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-19 14:10:16 +00:00
Jörg Wagner
6b3fc5f686 Merge "Grant surfaceflinger and graphics allocator access to the secure heap" am: 9a3d794113 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2393292

Change-Id: I5de60e710b28ceae3b304310b1958438c5dd26d7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-19 13:36:05 +00:00
Jörg Wagner
9a3d794113 Merge "Grant surfaceflinger and graphics allocator access to the secure heap" 2023-01-19 13:03:06 +00:00
Jörg Wagner
213e1d8ea0 Grant surfaceflinger and graphics allocator access to the secure heap 
Transfers access permissions into the system policy which
would otherwise be setup on a per-device basis in exactly
the same recurring way.

For surfacefliner it avoids errors when it
(via its dependent graphics libraries) tries to allocate
memory from the protected heap, e.g. when operating on a
Vulkan device with protected memory support.

Bug: 235618476
Change-Id: I7f9a176c067ead2f3bd38b8c34fc55fa39d87655
 2023-01-19 09:02:56 +00:00
Jiakai Zhang
7af867899b Explicitly list "pm.dexopt." sysprops. am: 9bbc1c0e72 am: 1373154885 am: 56af66acc9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2388479

Change-Id: I63f1d58280f24d8806c9bafd9246d7929b7b7f00
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-19 07:36:47 +00:00
Jiakai Zhang
56af66acc9 Explicitly list "pm.dexopt." sysprops. am: 9bbc1c0e72 am: 1373154885 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2388479

Change-Id: I9aeefc0228a0b7f15fc937c6550607732308c867
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-19 06:58:13 +00:00
Jiakai Zhang
1373154885 Explicitly list "pm.dexopt." sysprops. am: 9bbc1c0e72 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2388479

Change-Id: Ia273f78fc603757969b4678767c2ea3b08f30520
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-19 06:27:43 +00:00
Jiakai Zhang
9bbc1c0e72 Explicitly list "pm.dexopt." sysprops. 
Bug: 256639711
Test: m
Change-Id: I5e6bd4fd8ec516a23f4e3a5658a651f04d40412c
 2023-01-19 12:07:25 +08:00
Treehugger Robot
b683f4a168 Merge "Modify the automotive display service file context" am: 347a7d5c3c am: 12ee7a4b50 am: abb83335cf 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2390133

Change-Id: Ia35b0244893eb4dfddbccab76f96416a180332f3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-19 03:24:51 +00:00
Seth Moore
02ff4b02cc Allow remote provisioner to read rkpd enablement property 
This way, remote provisioner can decide to noop when rkpd is
enabled.

Test: RemoteProvisionerUnitTests
Change-Id: I9c300360dc08c6d70431b83e1db714941d8caca1
 2023-01-19 03:13:23 +00:00
Treehugger Robot
abb83335cf Merge "Modify the automotive display service file context" am: 347a7d5c3c am: 12ee7a4b50 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2390133

Change-Id: I07d3f73cc79f75c63ba1eff0e023f37d9388dff0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-19 02:30:40 +00:00
Treehugger Robot
12ee7a4b50 Merge "Modify the automotive display service file context" am: 347a7d5c3c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2390133

Change-Id: I7184a7a8119714bd952af82b4fc109862aac70c3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-19 01:56:13 +00:00
Treehugger Robot
347a7d5c3c Merge "Modify the automotive display service file context" 2023-01-19 00:35:18 +00:00
Alistair Delva
3d3900c6a3 [automerger skipped] Merge "Add missing permissions for default bluetooth hal" am: e7fc603518 am: 4b3d6db075 -s ours am: 35da2d8b82 -s ours 
am skip reason: Merged-In Ie55352bbe48c5eef281a293bedc5aa057f5dcdad with SHA-1 fc43ec528e is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2376448

Change-Id: I63b7dd18a202ecc9b69dffa73a8440c860f628e7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-18 23:20:47 +00:00
Alistair Delva
35da2d8b82 [automerger skipped] Merge "Add missing permissions for default bluetooth hal" am: e7fc603518 am: 4b3d6db075 -s ours 
am skip reason: Merged-In Ie55352bbe48c5eef281a293bedc5aa057f5dcdad with SHA-1 fc43ec528e is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2376448

Change-Id: Ic3ce355c19527c32b9db33895e55f711bbd3f00b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-18 22:40:31 +00:00
Alistair Delva
4b3d6db075 Merge "Add missing permissions for default bluetooth hal" am: e7fc603518 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2376448

Change-Id: Ib3ddc8e777f012d839e7881b9a383dddc99d67d7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-18 22:26:05 +00:00
Alistair Delva
e7fc603518 Merge "Add missing permissions for default bluetooth hal" 2023-01-18 22:16:06 +00:00
Seth Moore
7ed4c00496 Add remote_provisioning.hostname property 
This property contains the server name for the remote provisioning
service, if any, used by the device.

Test: RkpdAppUnitTests
Change-Id: Iad7805fe6da1ce89a9311d5caf7c9c651af2d16d
 2023-01-18 13:44:47 -08:00
Treehugger Robot
ec83003903 Merge "Allow mkfs/fsck for zoned block device" am: 9b69f0de58 am: e6b7e8aebf am: 55c2af74a5 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2390134

Change-Id: I2bc0e9592734ee30f1cb45ce1f8b12efc99c657f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-18 17:24:34 +00:00
Treehugger Robot
55c2af74a5 Merge "Allow mkfs/fsck for zoned block device" am: 9b69f0de58 am: e6b7e8aebf 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2390134

Change-Id: I6b2df8708e10b79e9219a790006f7f3dd4a0cd3b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-18 16:44:03 +00:00
Treehugger Robot
e6b7e8aebf Merge "Allow mkfs/fsck for zoned block device" am: 9b69f0de58 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2390134

Change-Id: Ib7a44a32ce2ec9cc66c74b48e1c5566a6f35e349
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-18 16:12:04 +00:00
Treehugger Robot
9b69f0de58 Merge "Allow mkfs/fsck for zoned block device" 2023-01-18 15:45:02 +00:00
Orion Hodson
189818b04a Merge "Additional sepolicy rules for dex2oat" am: 2ff660e134 am: a23a503026 am: ffff496512 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2389548

Change-Id: Ie029c3819b1280512f1353d523fc62f63ddd3fd7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-18 14:00:10 +00:00
Orion Hodson
ffff496512 Merge "Additional sepolicy rules for dex2oat" am: 2ff660e134 am: a23a503026 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2389548

Change-Id: Icc39dd59b254b2e8f310d169b996a13e6960e837
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-18 13:07:38 +00:00
Orion Hodson
a23a503026 Merge "Additional sepolicy rules for dex2oat" am: 2ff660e134 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2389548

Change-Id: I5a27225905b293151414d6f836c3483d0a2ec5eb
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-18 12:36:57 +00:00
Orion Hodson
2ff660e134 Merge "Additional sepolicy rules for dex2oat" 2023-01-18 11:35:39 +00:00
Jaegeuk Kim
b5f16b2392 Allow mkfs/fsck for zoned block device 
Zoned block device will be used along with userdata_block_device
for /data partition.

Bug: 197782466
Change-Id: I777a8b22b99614727086e72520a48dbd8306885b
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
 2023-01-17 17:59:28 -08:00
Lorenzo Colitti
0aa28bc420 Merge "Update SEPolicy for Tetheroffload AIDL" am: b8194ca7fb am: d842a85d44 am: 96c4f6591c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2355402

Change-Id: Iee354556ed20f847f84672d0032cb45f2326f3b9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-18 01:21:56 +00:00
Lorenzo Colitti
96c4f6591c Merge "Update SEPolicy for Tetheroffload AIDL" am: b8194ca7fb am: d842a85d44 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2355402

Change-Id: Ibddcef488be717a27fec5c46727e38e2f8df76ab
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-18 00:45:23 +00:00
Lorenzo Colitti
d842a85d44 Merge "Update SEPolicy for Tetheroffload AIDL" am: b8194ca7fb 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2355402

Change-Id: Ie4aad80ff32164a962fa5f140db97be9c51776fe
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-18 00:13:12 +00:00
Tri Vo
99f88846ff credstore: Add missing permissions 
Bug: 261214100
Test: CtsIdentityTestCases
Change-Id: I6a70ed279f65d1cb4bfa0d53fa0e0f25d00d44b5
 2023-01-17 16:07:19 -08:00
Lorenzo Colitti
b8194ca7fb Merge "Update SEPolicy for Tetheroffload AIDL" 2023-01-18 00:04:51 +00:00
Samip Garg
fd2098ef64 [automerger skipped] Snap tm-dev to android13-tests-dev am: 5f2509a85a am: 66b348dfe3 -s ours 
am skip reason: Merged-In I516aed92ad1c7cb4de796844402b3456dc625f94 with SHA-1 db3507dffc is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/20931914

Change-Id: Ib0a743b6ef52ee26a67fde6285442dfe182a4cda
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-17 22:31:56 +00:00
Jiakai Zhang
e9336feb14 Allow artd to create dirs and files for artifacts before restorecon. am: 7789460457 am: 5a6771ccb7 am: 615843c502 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2388476

Change-Id: I6da1701de98d6a8e6d66c2f0b1e8d23c485a38cc
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-17 21:11:10 +00:00
Jiakai Zhang
615843c502 Allow artd to create dirs and files for artifacts before restorecon. am: 7789460457 am: 5a6771ccb7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2388476

Change-Id: I713a07e16c5a43319acf7e8b859e72a27db14213
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-17 20:01:08 +00:00
Jiakai Zhang
5a6771ccb7 Allow artd to create dirs and files for artifacts before restorecon. am: 7789460457 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2388476

Change-Id: I721371609f28e093b6bf082feb8a64adc0fe2779
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-17 19:26:42 +00:00
Jiakai Zhang
7789460457 Allow artd to create dirs and files for artifacts before restorecon. 
Bug: 262230400
Test: -
  1. Remove the "oat" directory of an app.
  2. Dexopt the app using ART Service.
  3. See no SELinux denials.
Change-Id: I717073b0172083d73a1b84e5c2bea59076663b2f
 2023-01-18 01:07:49 +08:00
Orion Hodson
c09e7e4674 Additional sepolicy rules for dex2oat 
Enable reading vendor overlay files and /proc.

Fix: 187016929
Test: m
Change-Id: I7df17b4fcc8a449abe2af4bc8394d0224243799c
 2023-01-17 15:43:58 +00:00
Treehugger Robot
6455f4fb3b Merge "Allow all system properties with the "pm.dexopt." prefix." am: cc39bf74f1 am: 6ec18d5439 am: 694e85687a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2388475

Change-Id: I981a5acbc27e52a36a52148cc88069a5b57a3ca5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-17 03:23:51 +00:00
Treehugger Robot
694e85687a Merge "Allow all system properties with the "pm.dexopt." prefix." am: cc39bf74f1 am: 6ec18d5439 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2388475

Change-Id: I80a5b480466718bef32057421029933ad53b7867
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-17 02:42:49 +00:00
Treehugger Robot
6ec18d5439 Merge "Allow all system properties with the "pm.dexopt." prefix." am: cc39bf74f1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2388475

Change-Id: Id90a1a0caa594483611374cb187c6b32e887ef53
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-17 02:08:06 +00:00
Treehugger Robot
cc39bf74f1 Merge "Allow all system properties with the "pm.dexopt." prefix." 2023-01-17 01:24:34 +00:00
Jiakai Zhang
cda13660d7 Allow all system properties with the "pm.dexopt." prefix. 
We use this as a namespace of all system properties used by ART Service.
As ART Service is in the updatable ART module, we need to be able to add
new properties.

Bug: 256639711
Test: Presubmit
Change-Id: Idcee583abccef9c0807699122074eb26927ca57b
 2023-01-16 21:24:07 +08:00
Samip Garg
533bf7ad22 [automerger skipped] Snap tm-dev to android13-tests-dev am: 5f2509a85a am: afc97a7c5e am: d6b358c112 -s ours am: 22bc7674f7 -s ours 
am skip reason: Merged-In I516aed92ad1c7cb4de796844402b3456dc625f94 with SHA-1 db3507dffc is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/20514546

Change-Id: If2f54541ee994704f73fbfcc255f0d52aa6d7ef3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-16 05:02:29 +00:00
Samip Garg
22bc7674f7 [automerger skipped] Snap tm-dev to android13-tests-dev am: 5f2509a85a am: afc97a7c5e am: d6b358c112 -s ours 
am skip reason: Merged-In I516aed92ad1c7cb4de796844402b3456dc625f94 with SHA-1 db3507dffc is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/20514546

Change-Id: I10ea51f44db5ac15b423ccc59ff8322bd485bda4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-16 04:13:49 +00:00
Samip Garg
d6b358c112 Snap tm-dev to android13-tests-dev am: 5f2509a85a am: afc97a7c5e 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/20514546

Change-Id: I15bbe1635d1d5d3b2436cbef2e5fa5e9e5f54f55
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-16 04:00:08 +00:00
Changyeon Jo
edf5420830 Modify the automotive display service file context 
The automotive display service is moved to /system_ext partition.

Bug: 246656948
Test: Build selinux policy for aosp_cf_x86_64_only_auto target.
      > lunch aosp_cf_x86_64_only_auto-userdebug
      > m -j selinux_policy
Change-Id: If822e54aa99053c1aaee9f41d067860ea965c2f2
 2023-01-15 01:31:09 +00:00
Treehugger Robot
ae5f83bad8 Merge "dontaudit crosvm reading VM's pipe" am: fa767b0e4a am: f18c34bfdf am: 57579f023b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2385815

Change-Id: I558fa90c626d33219862b5ffe6df5241f3817e00
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-14 03:16:11 +00:00
Treehugger Robot
57579f023b Merge "dontaudit crosvm reading VM's pipe" am: fa767b0e4a am: f18c34bfdf 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2385815

Change-Id: Ie23c77f8ce64c3347f3df00962ab2604e91f4573
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-14 01:12:34 +00:00
Treehugger Robot
f18c34bfdf Merge "dontaudit crosvm reading VM's pipe" am: fa767b0e4a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2385815

Change-Id: I4eb2bc22ab9b122bae111003af66e5fc008d0d75
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-14 00:38:22 +00:00