tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
28529 commits 1 branch 0 tags 50 MiB
Commit graph

9 commits

Author SHA1 Message Date
Bob Badour
601ebb43a3 [LSC] Add LOCAL_LICENSE_KINDS to system/sepolicy 
Added SPDX-license-identifier-Apache-2.0 to:
  build/Android.bp
  build/soong/Android.bp
  tests/Android.bp
  tools/Android.bp

Added SPDX-license-identifier-Apache-2.0 legacy_unencumbered to:
  Android.bp
  Android.mk
  compat.mk
  contexts_tests.mk
  mac_permissions.mk
  seapp_contexts.mk
  treble_sepolicy_tests_for_release.mk

Added legacy_unencumbered to:
  apex/Android.bp
  tools/sepolicy-analyze/Android.bp

Bug: 68860345
Bug: 151177513
Bug: 151953481

Test: m all

Exempt-From-Owner-Approval: janitorial work
Change-Id: I1ab286543ef1bdcb494cf74f2b35e35a08225d28
 2021-02-05 01:28:24 -08:00
Dan Willemsen
081b164ad2 Add dependencies on M4 
Most of the users already added dependencies when it was used, but a
couple didn't. These broken when I converted $(M4) into a built
artifact, as the artifact wasn't created before use.

Test: treehugger
Change-Id: Ic5c18131de84747e8b96413f61993fa777cb9d2c
 2020-07-23 18:00:47 -07:00
Bowgo Tsai
3ffd6b3f01 Copying platform seinfo into vendor partition 
Some vendor apps are using platform key for signing.
This moves them to untrusted_app domain when the system partition is
switched to a Generic System Image (GSI), because the value of
platform's seinfo in /system/etc/selinux/plat_mac_permissions.xml
has been changed.

Duplicating the device-specific platform seinfo into
/vendor/etc/selinux/vendor_mac_permissions.xml to make it
self-contained within the vendor partition.

Bug: 157141777
Test: boot the device with a GSI, then `adb shell ps -eZ | grep qtidata`
Test: ./build/make/tools/releasetools/sign_target_files_apks \
      --default_key_mappings path/to/keydir \
      -o out/dist/<lunch>-target_files-*.zip \
      signed-tardis-target_files.zip and checks the platform seinfo in
      /vendor/etc/selinux/vendor_mac_permissions.xml is replaced.

Change-Id: Ic9a79780e30f456138e4de67210cc60ac2e490d6
Merged-In: Ic9a79780e30f456138e4de67210cc60ac2e490d6
(cherry picked from commit 8a86424e34)
 2020-06-04 17:27:15 +08:00
Bowgo Tsai
a3429fcc2b Separate system_ext_mac_permissions.xml out of system sepolicy. 
Bug: 137712473
Test: boot crosshatch
Test: Moving product sepolicy to system_ext and checks the file contents in
      /system_ext/etc/selinux are identical to previous contents in
      /product/etc/selinux.
Change-Id: I434e7f23a1ae7d01d084335783255330329c44e9
 2019-09-26 21:29:36 +08:00
Remi NGUYEN VAN
bd3ab0278b Add MAINLINE_SEPOLICY_DEV_CERTIFICATES to keys.conf 
DEFAULT_SYSTEM_DEV_CERTIFICATE is not appropriate as some OEMs may need
to change only the certificates used to generate
plat_mac_permissions.xml for mainline modules.

Test: m, checked output plat_mac_permissions.xml
Bug: 138097611
Bug: 134995443
Change-Id: Ie19130a243db043f432039c54c379f06e60ab6c6
 2019-08-07 18:23:47 +09:00
Dan Willemsen
3c3e59b2a2 Use prebuilt m4 instead of system m4 
Bug: 117561006
Test: treehugger
Change-Id: Id794aed10fdffef10490561d2cfeb2a92801b331
 2019-06-19 10:59:57 -07:00
Dan Willemsen
3afe235071 Sync all_plat_keys to keys.conf 
Since this rule does read the networkstack key.

Bug: 130111713
Test: treehugger
Test: run this on RBE, which only exposes the source files depended upon
Change-Id: Ib4c7e0680158e7892c062f00fe64c2da4195da2b
 2019-06-10 20:09:14 +00:00
Dan Willemsen
9d06a8f594 Fix missing rename of all_keys -> all_plat_keys 
Bug: 130111713
Test: treehugger
Change-Id: I38f7bd45bb2ec9cfef35384b23811cf6ec15cac2
 2019-05-29 04:05:02 +00:00
Tri Vo
8b3016b5db sepolicy: refactor Android.mk 
system/sepolicy/Android.mk has become too large (~2k lines) and hard to
navigate. This patch reorganizes build rules for convenience. No
functional changes are made.

Test: m selinux_policy
Change-Id: I9a022b223b2387a4475da6d8209d561bfea228fb
 2019-01-25 18:01:17 +00:00