tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
43844 commits 1 branch 0 tags 50 MiB
Commit graph

174 commits

Author SHA1 Message Date
Thiébaud Weksteen
e396c3c486 Remove com.android.sepolicy policy am: cc85f22c4d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2755965

Change-Id: I44486d4b0a9d90b5b4b91d38840bc42902f34242
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-20 02:30:34 +00:00
Thiébaud Weksteen
cc85f22c4d Remove com.android.sepolicy policy 
Bug: 297794885
Test: presubmit
Change-Id: I91b1584fe2e13322cd3a0add92887097e190246e
 2023-09-19 12:41:52 +10:00
Kangping Dong
044116c3e4 Merge "[Thread] move ot-daemon to the tethering module" into main am: e32751f748 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2736996

Change-Id: I15539e9663e50ba4d77f311d1e6a9b5fc12d9970
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-11 18:58:45 +00:00
Kangping Dong
07bc7d3243 Merge "[Thread] move ot-ctl to vendor" into main am: 1348776bed 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2737114

Change-Id: I133f6f04d542130cbbd80a3a941991d560eb3ca5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-07 08:25:53 +00:00
Kangping Dong
0c9f48d6ef [Thread] move ot-daemon to the tethering module 
The com.android.threadnetwork module is merged into
the com.android.tethering module now.

Bug: 296211911
Change-Id: I9fec91fff4e2ae4be26da4b0f52e739c4a251cd2
 2023-09-06 14:07:14 +08:00
Kangping Dong
fd10f344dc [Thread] move ot-ctl to vendor 
"ot-ctl" is a command line tool which is useful for debugging or
testing with "ot-daemon". It's not required to be part of the
system image. It was previously added to the com.android.threadnetwork
apex package, and this commits removes it from the apex.

Test: ot-ctl is removed from /apex/com/android/threadnetwork/bin
Bug: 299224389
Change-Id: I607a02c9efb26f404ea9da2e5b7109094d3232b6
 2023-09-06 14:07:02 +08:00
Xin Li
e07dbe0a63 Merge Android U (ab/10368041) 
Bug: 291102124
Merged-In: Id2cc5dbbafffb4633706e5cc728cb44abd417340
Change-Id: I77e68f17a1273958bcdc32b5a4b6a0ff3ffdfd2a
 2023-08-23 17:20:59 -07:00
Harshit Mahajan
cd4f71a8b5 Add sepolicy rules for crashrecovery APEX. 
Bug: b/289203818
Test: NA

Change-Id: I6d25d413fb512a48e765088bc8dde59c89aec257
 2023-08-16 12:00:48 +00:00
Inseob Kim
825056de9a Add permission for VFIO device binding 
vfio_handler will bind platform devices to VFIO driver, and then
return a file descriptor containing DTBO. This change adds
permissions needed for that.

Bug: 278008182
Test: adb shell /apex/com.android.virt/bin/vm run-microdroid \
      --devices /sys/bus/platform/devices/16d00000.eh --protected
Change-Id: Ie947adff00d138426d4703cbb8e7a8cd429c2272
 2023-08-02 15:06:51 +09:00
Kangping Dong
49fa8f5fe6 rename otbr-agent to ot-daemon 
Rename to better align with our long-term vision on Android

Bug: 288202515
Change-Id: I1b7e39950d39ec781e46c6c0e1b38ad837b9ce4e
 2023-07-04 18:56:37 +08:00
Zhanglong Xia
b2d1fbb7b2 Add sepolicy rules for Thread Network HAL 
Bug: b/283905423
Test: Build and run the Thread Network stack in Cuttlefish.
Change-Id: I783022c66b80274069f8f3c292d84918f41f8221
 2023-06-30 10:56:38 +08:00
Treehugger Robot
8743379791 Merge "Remove flatten_apex: property" am: 7f7e8d79a9 am: d947550b6f am: a7627cf627 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2628996

Change-Id: I928001ab7426a6a247315293d0b6a86e176f8bf1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-21 06:29:40 +00:00
Jooyung Han
804e234ced Remove flatten_apex: property 
We no longer have targets using flattened apexes. Flattened apexes will
be removed from the build system.

Bug: 278826656
Test: m
Change-Id: I657e01dbfd2525b07c29a234277062d5ac2fab9f
 2023-06-20 15:41:05 +09:00
Kangping Dong
f946b06074 Merge "add sepolicy rules for Thread network" am: aa83af5c3b am: ff6ae919c2 am: 498a752dd7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2612795

Change-Id: Iaf8e6d654eb9fbb7d2b2b17ef16468b0eb7f6ce1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-08 14:50:57 +00:00
Yakun Xu
07429e39ee add sepolicy rules for Thread network 
bug: 257371610
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:0fd52fd521b8167b0ec8836dac3765a16fd6863b)
Merged-In: I2c90639f4baecb010230b3aa60f2f09c0ddd9e4f
Change-Id: I2c90639f4baecb010230b3aa60f2f09c0ddd9e4f
 2023-06-07 07:04:19 +00:00
Martin Stjernholm
e1ac267ddd Allow the ART boot oneshot service to configure ART config properties. 
Test: See commit 2691baf9d4f8086902d46b2e340a6e5464857b90 in art/
      (ag/23125728)
Bug: 281850017
Change-Id: I14baf55d07ad559294bd3b7d9562230e78201d25
(cherry picked from commit 3d7093fd7b)
Merged-In: I14baf55d07ad559294bd3b7d9562230e78201d25
 2023-05-16 16:13:42 +01:00
Martin Stjernholm
5557ec5583 Merge "Allow the ART boot oneshot service to configure ART config properties." into udc-dev am: 4f2b8ce361 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23131204

Change-Id: Idb0edb8c39f038d7d21e8c1c41c486d0b34a5e99
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-12 10:54:04 +00:00
Martin Stjernholm
3d7093fd7b Allow the ART boot oneshot service to configure ART config properties. 
Test: See commit 2691baf9d4f8086902d46b2e340a6e5464857b90 in art/
      (ag/23125728)
Bug: 281850017
Ignore-AOSP-First: Will cherry-pick to AOSP later
Change-Id: I14baf55d07ad559294bd3b7d9562230e78201d25
 2023-05-11 13:38:57 +01:00
Maciej Żenczykowski
0f0c1ab9ce Merge "remove inprocess tethering" am: c56709f9af am: 2960719ac6 am: 8d0ab95eb8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2567011

Change-Id: Ib2931d6591e6175fff493401517e0f6507e8a271
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-05 22:46:21 +00:00
Maciej Żenczykowski
e52d2349dd remove inprocess tethering 
Test: TreeHugger
Bug: 279942846
Change-Id: I0fd3a7dfe9b554d18de435e5df47de048e453d00
 2023-04-27 19:26:06 +00:00
Satoshi Niwa
6c32aa519c sepolicy: Add apex/com.android.tethering.inprocess-file_contexts am: 80cd0acd64 am: 6fa337fef5 am: dcbde45b66 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2504898

Change-Id: I3cddfbef5290c5898ebd218a258f4571370bb4ea
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-23 08:42:12 +00:00
Satoshi Niwa
80cd0acd64 sepolicy: Add apex/com.android.tethering.inprocess-file_contexts 
Needed when using com.android.tethering.inprocess with
flattened APEX.

Bug: 273821347
Test: trybot
Change-Id: Iae6d9547922575398c634433dc07b2e46fbffd8e
 2023-03-23 12:43:48 +09:00
Treehugger Robot
ec3147ab9a Merge "Set system_lib_file for libs in tethering apex" am: 8c086ac589 am: 62b20a0c26 am: 6fb58c72c1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2442879

Change-Id: I5376082ff0d62b7bf6939bd7ae8eb275db23e3e4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-17 18:36:37 +00:00
Jooyung Han
a5506bcd8f Set system_lib_file for libs in tethering apex 
The library (libcom.android.tethering.connectivity_native.so) in the
apex is a part of LLNDK. So it should be properly labelled so that
vendor can access it.

Bug: n/a
Test: m com.android.tethering
Test: adb shell -lZ /apex/com.android.tethering/lib64
Change-Id: I6c949c992042f4a38f25ca6f4243d31e81354467
 2023-02-17 12:41:19 +09:00
ronish
f406edf440 [CP] Rename healthconnect to healthfitness 
Change-Id: Icb20784bfe3d07aff5b198b5c8dd2302bb7c854d
 2023-02-14 17:34:26 +00:00
Ronish Kalia
edf140f2f4 Merge "Rename healthconnect to healthfitness" 2023-02-14 12:08:47 +00:00
Patrick Rohr
3c0d2675f4 Merge "cronet: remove com.android.cronet sepolicy" am: 8f0388f32e am: 37f2fa0da7 am: b59779e3cb 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2431473

Change-Id: Ic67b24d98613402fa41ba6fdc40df9a060150a5d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-11 01:02:14 +00:00
Patrick Rohr
c8f4e19a74 cronet: remove com.android.cronet sepolicy 
com.android.cronet has never been released and has since been deleted as
Cronet was added to the tethering module.

Test: TH
Bug: 266673389
Change-Id: Ia288d4322c13ba986164a12f4999fea1cd60d529
 2023-02-10 11:47:02 -08:00
ronish
dfa42f0ddd Rename healthconnect to healthfitness 
Bug: 264516143
Change-Id: Icabd6f58ae615a2f3e718e54dbc1c1c955883d19
 2023-02-07 18:16:24 +00:00
David Brazdil
6e49d76764 Merge "Start using virtmgr for running VMs" am: 2cfd7d5e4b am: 2de678977a am: 3f1b27afa6 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2367809

Change-Id: Ifcbd6552535e0ed63b4aee33c9055d0d1534d209
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-06 17:54:16 +00:00
David Brazdil
55d808c28c Start using virtmgr for running VMs 
Split virtualizationservice policy into rules that should remain with
the global service and rules that now apply to virtmgr - a child process
of the client that runs the VM on its behalf.

The virtualizationservice domain remains responsible for:
 * allocating CIDs (access to props)
 * creating temporary VM directories (virtualization_data_file, chown)
 * receiving tombstones from VMs
 * pushing atoms to statsd
 * removing memlock rlimit from virtmgr

The new virtualizationmanager domain becomes responsible for:
 * executing crosvm
 * creating vsock connections, handling callbacks
 * preparing APEXes
 * pushing ramdumps to tombstoned
 * collecting stats for telemetry atoms

The `virtualizationservice_use` macro is changed to allow client domains
to transition to the virtmgr domain upon executing it as their child,
and to allow communication over UDS.

Clients are not allowed to communicate with virtualizationservice via
Binder, only virtmgr is now allowed to do that.

Bug: 250685929
Test: atest -p packages/modules/Virtualization:avf-presubmit
Change-Id: Iefdccd908fc28e5d8c6f4566290e79ed88ade70b
 2023-01-05 17:39:39 +00:00
Miguel Aranda
846bb52abe Merge "Add SEPolicy tags for concrypt cacerts." am: 7394ea85d2 am: 301f24028d am: 9742dbb4de 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2362479

Change-Id: Ib0e6881d1d339a753787351a11dfd58d176eeff7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-22 01:17:24 +00:00
Miguel Aranda
7394ea85d2 Merge "Add SEPolicy tags for concrypt cacerts." 2022-12-21 23:20:38 +00:00
Miguel
f63164a474 Add SEPolicy tags for concrypt cacerts. 
Test: booting
Change-Id: I53815eb272fcdff739ba596cc1dd6bcca57c7d12
 2022-12-21 06:42:21 +00:00
David Brazdil
01debdb66f Merge "Create virtmgr domain and initial policy" am: 3e61a33df5 am: b5a4f52de7 am: 8d65921dfb 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2317789

Change-Id: Idb4430043747da236edbbb48715c80948bbad032
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-20 10:25:00 +00:00
David Brazdil
5fcfbe49da Create virtmgr domain and initial policy 
Start a new security domain for virtmgr - a child proces of an app that
manages its virtual machines.

Add permissions to auto-transition to the virtmgr domain when the client
fork/execs virtmgr and to communicate over UDS and pipe.

Bug: 250685929
Test: atest -p packages/modules/Virtualization:avf-presubmit
Change-Id: I7624700b263f49264812e9bca6b83a003cc929be
 2022-12-13 18:40:05 +00:00
Manish Dungriyal
0cf6f300ee Add file_context for telephonymodules APEX 
Test: Build
Bug: 255736341
Ignore-AOSP-First: Yet to merge for AOSP
Change-Id: I2e511c4096d117a4dda271bcf235ac7c277f2c33
 2022-11-15 12:39:58 +00:00
Amos Bianchi
3189fafa2a Add sepolicy for new module. 
Bug: b/241442337
Test: TH
Change-Id: Ia58e2d4b205638509545a0a2c356cd68862beb1f
 2022-09-23 10:40:47 -07:00
Vikram Gaur
f4382c5391 Merge "Add SELinux policy changes for rkpd" 2022-09-23 09:33:45 +00:00
Vikram Gaur
d25c80a951 Add SELinux policy changes for rkpd 
This is a part of changes to bring up Remote Key Provisioning Daemon
module. See packages/modules/RemoteKeyProvisioning for more info.

Change-Id: Iae4e98176491637acb03e2e09b9d8dbc269be616
Test: atest rkpd_client_test
 2022-09-23 05:09:00 +00:00
qiaoli
9de81191c6 Add file contexts for FederatedCompute. 
Test: TH
Change-Id: If302dc80a5be0b72e417698a60a92a05bedde8a1
 2022-09-21 03:40:13 +00:00
Treehugger Robot
5a7f207a22 Merge "Add file contexts for HealthConnect APEX" am: 59c456eeb3 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2183548

Change-Id: I71c5c7248c9fa8a4916fadb0ab64993b2d2f790c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-08-15 13:46:13 +00:00
Anna Zhuravleva
406287da6c Add file contexts for HealthConnect APEX 
Test: build
Bug: 242298335
Change-Id: I9ad9037590a40b29bdc00b11d0a9c352b50608fc
 2022-08-12 19:03:11 +00:00
Roland Levillain
ddac3b9b82 Reconcile file_contexts files for Release and Debug ART APEXes. am: 4e8dbdf63e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2168184

Change-Id: Iac97b16658722eb52b32ea86e0fc30767538b85d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-08-01 13:20:27 +00:00
Roland Levillain
4e8dbdf63e Reconcile file_contexts files for Release and Debug ART APEXes. 
Replicate change
https://android-review.googlesource.com/c/1663786/2/apex/com.android.art-file_contexts
in `apex/com.android.art.debug-file_contexts`.

Test: Patch this commit into a tree that uses `artd` (only internal
      ones at the moment) and run the following command on a device
      running the Debug ART APEX:
        adb shell pm art \
          get-optimization-status com.google.android.youtube
Change-Id: If0b10b585778e8b585e76b2a4512a2f23facd22e
 2022-08-01 09:13:46 +01:00
Treehugger Robot
de453119e2 Merge "Update SELinux policy for app compilation CUJ." am: 9e2f8aa7a1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2160660

Change-Id: I76e3fa493a483a85fec07fd77f8aba15e4136b49
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-07-29 17:48:30 +00:00
Jiakai Zhang
c871c1cc75 Update SELinux policy for app compilation CUJ. 
- Adapt installd rules for app compilation.

- Add profman rules for checking the profile before compilation. This is new behavior compared to installd.

Bug: 229268202
Test: -
  1. adb shell pm art optimize-package -m speed-profile -f \
       com.google.android.youtube
  2. See no SELinux denial.
Change-Id: Idfe1ccdb1b27fd275fdf912bc8d005551f89d4fc
 2022-07-29 14:07:52 +00:00
Oriol Prieto Gasco
57f48ae1d2 Include bluetooth cert in mac_permissions.xml 
Also, rename the file_contexts file to match the new BT stack apex name
(com.android.bluetooth)

Test: TH
Bug: 236187653
Bug: 236192423
Ignore-AOSP-First: LSC

Change-Id: Ie610775d397d0a81f83e251ed3b5f73006bfd272
 2022-06-21 22:00:01 +00:00
Ling Ma
444d77f603 Removed telephony apex 
Will not need this in near future.

Fix: 230729916
Test: Build
Change-Id: Iec5049bb2cc16de1d947e07eec0f151182f5a22a
Merged-In: Iec5049bb2cc16de1d947e07eec0f151182f5a22a
Ignore-AOSP-First: cherry-picked from AOSP
 2022-05-17 17:50:57 +00:00
Ling Ma
f2a540615b Removed telephony apex 
Will not need this in near future.

Fix: 230729916
Test: Build
Change-Id: Iec5049bb2cc16de1d947e07eec0f151182f5a22a
 2022-05-05 14:18:14 -07:00