tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
41353 commits 1 branch 0 tags 50 MiB
Commit graph

41353 commits

This branch
This branch
All branches
Author SHA1 Message Date
Nikita Ioffe
e63a597a47 Merge "Add domain level neverallow to restrict access to ptrace" am: 1b4e9393d3 am: 41d6edd0e7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2505897

Change-Id: I9a4cfaafff462a2fe8a0b77e6cfed13e147f68e7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-29 12:35:52 +00:00
Nikita Ioffe
41d6edd0e7 Merge "Add domain level neverallow to restrict access to ptrace" am: 1b4e9393d3 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2505897

Change-Id: I89b2a8b69e9884ac1bf0e3e3c375219aa8905fd5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-29 12:05:37 +00:00
Nikita Ioffe
1b4e9393d3 Merge "Add domain level neverallow to restrict access to ptrace" 2023-03-29 11:46:26 +00:00
Treehugger Robot
c202f26753 Merge "Add sepolicy rules for CpuMonitorService." am: 1ab1f7cd01 am: dac8bace6d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2497975

Change-Id: I567cc5450201ff7336b74a0bfb377df43d02e9a8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-28 21:34:49 +00:00
Maciej Żenczykowski
6ceb6ad71d Merge "netd/netutils_wrapper/network_stack/system_server - allow getattr on bpf progs/maps" am: 8cd6e1569e am: 3ef679de95 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2509787

Change-Id: I62ad7b3be28ec04bca16e264749fdd0dbdf08978
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-28 21:34:33 +00:00
Treehugger Robot
dac8bace6d Merge "Add sepolicy rules for CpuMonitorService." am: 1ab1f7cd01 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2497975

Change-Id: I91e88b5e3dbe4b056a3d140ad8b9186624318638
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-28 21:11:50 +00:00
Treehugger Robot
1ab1f7cd01 Merge "Add sepolicy rules for CpuMonitorService." 2023-03-28 21:02:14 +00:00
Maciej Żenczykowski
3ef679de95 Merge "netd/netutils_wrapper/network_stack/system_server - allow getattr on bpf progs/maps" am: 8cd6e1569e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2509787

Change-Id: I53af7ec1d6c9b6f4768b3c08b690f55613908831
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-28 20:54:20 +00:00
Maciej Żenczykowski
8cd6e1569e Merge "netd/netutils_wrapper/network_stack/system_server - allow getattr on bpf progs/maps" 2023-03-28 20:26:57 +00:00
Steven Moreland
7b6d873852 Merge "remove iorapd from sepolicy" am: f7fa8ead83 am: 459d8edaf0 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2493275

Change-Id: Icae9969b6ebd9471fddbe1ebe540629aeb0f2210
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-28 20:25:12 +00:00
Steven Moreland
459d8edaf0 Merge "remove iorapd from sepolicy" am: f7fa8ead83 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2493275

Change-Id: I65d7f57cc405f062c367fa8729f59c4a3e4f42c1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-28 19:55:58 +00:00
Steven Moreland
f7fa8ead83 Merge "remove iorapd from sepolicy" 2023-03-28 19:32:32 +00:00
Maciej Żenczykowski
52c8a2ebd5 netd/netutils_wrapper/network_stack/system_server - allow getattr on bpf progs/maps 
This is so that we can potentially verify that things
are setup right.

Test: TreeHugger
Bug: 275209284
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I59a49cbece2710345fff0b2fb98e32f4e5f3af44
 2023-03-28 03:11:42 +00:00
Steven Moreland
c0ce089045 remove iorapd from sepolicy 
It's already marked as removed in:
   ./private/compat/33.0/33.0.cil

Bug: N/A
Test: builds
Change-Id: I1b31f83fb5b210be047edb2896c7b66b58353784
 2023-03-27 20:55:55 +00:00
Hector Dearman
47b65e7f6b Merge "Allow traced_probes to subscribe to statsd atoms" am: c9ff8d010b am: 121da8e36f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2501735

Change-Id: I2d352a3b135999d1c49622ca0bfea9ab59724262
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-27 17:02:15 +00:00
Hector Dearman
121da8e36f Merge "Allow traced_probes to subscribe to statsd atoms" am: c9ff8d010b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2501735

Change-Id: I4781ed0ec3bcdeee98c1301f8981e65e44b3e3ed
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-27 16:32:35 +00:00
Lakshman Annadorai
124be07e24 Add sepolicy rules for CpuMonitorService. 
Change-Id: Icda952c148150e4d7824e303d163996679a0f36b
Test: m
Bug: 242722241
 2023-03-27 16:29:09 +00:00
Hector Dearman
c9ff8d010b Merge "Allow traced_probes to subscribe to statsd atoms" 2023-03-27 16:04:42 +00:00
Andy Hung
87c666527f [automerger skipped] Merge "sepolicy: Add spatial audio tuning properties." am: bd89baaecf am: 5a3972f7bc -s ours 
am skip reason: Merged-In Ie7e656acbdd3fe101ecbd2cc9dfb6c8a440a6a8b with SHA-1 574369e474 is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2504836

Change-Id: I84152780671d288973b8920764626f913893e812
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-27 15:46:37 +00:00
Treehugger Robot
aabbb5c6ca Merge "microdroid: allow microdroid_manager to read AVF debug policy" am: 35a1bb8e32 am: d395216ffc 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2505675

Change-Id: I112b694b83a92248c6b79ada9cee231583bca5b9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-27 15:46:14 +00:00
Andy Hung
5a3972f7bc Merge "sepolicy: Add spatial audio tuning properties." am: bd89baaecf 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2504836

Change-Id: Ie06653fcfba7ef4fc6bb258cc29e56a338574318
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-27 15:31:47 +00:00
Andy Hung
bd89baaecf Merge "sepolicy: Add spatial audio tuning properties." 2023-03-27 15:22:49 +00:00
Treehugger Robot
d395216ffc Merge "microdroid: allow microdroid_manager to read AVF debug policy" am: 35a1bb8e32 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2505675

Change-Id: Idc96080a11029f2c89d498013f489df0fd4bcc23
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-27 15:16:57 +00:00
Treehugger Robot
35a1bb8e32 Merge "microdroid: allow microdroid_manager to read AVF debug policy" 2023-03-27 14:48:13 +00:00
Nikita Ioffe
4bfda5ba89 Add domain level neverallow to restrict access to ptrace 
Bug: 271562015
Test: m
Change-Id: I48f9a0fc5e708e15dd103d6ed369c8fe43d70495
 2023-03-27 14:45:33 +01:00
Treehugger Robot
249397458d Merge "Grant execute on toolbox_exec for isolated_compute_app" am: e105f468d7 am: e968fdb082 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2505639

Change-Id: I8ec3df2cb163bc8422ad44c076abc50d0b5aef96
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-27 08:59:11 +00:00
Treehugger Robot
4f957f610c Merge "Allow CompOS to read VM config properties" am: 42f1cad645 am: 36717942d2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2501960

Change-Id: I6ffea9c7f54b7c3f71f4324cb1740322739ba69a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-27 08:58:56 +00:00
Alan Stokes
cd10974d13 Remove policy for non-existent devices am: 4f92d5bd99 am: 1d33d118a5 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2506240

Change-Id: If1742a881b7f0efcc75673ae2ea3c1e5e598180a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-27 08:58:41 +00:00
Treehugger Robot
e968fdb082 Merge "Grant execute on toolbox_exec for isolated_compute_app" am: e105f468d7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2505639

Change-Id: I33364277c3273aad6887ea1c460c08310fa2a321
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-27 08:32:54 +00:00
Treehugger Robot
36717942d2 Merge "Allow CompOS to read VM config properties" am: 42f1cad645 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2501960

Change-Id: I0b34e1514aea1ea188dfe3cd93f6e4a95eecf0ec
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-27 08:32:39 +00:00
Alan Stokes
1d33d118a5 Remove policy for non-existent devices am: 4f92d5bd99 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2506240

Change-Id: If60fc206454e6d234993aff5abfb8e51cc198bdd
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-27 08:30:58 +00:00
Treehugger Robot
e105f468d7 Merge "Grant execute on toolbox_exec for isolated_compute_app" 2023-03-27 08:03:36 +00:00
Treehugger Robot
42f1cad645 Merge "Allow CompOS to read VM config properties" 2023-03-27 07:58:18 +00:00
Jaewan Kim
867bc33ede microdroid: allow microdroid_manager to read AVF debug policy 
Bug: 272752814
Test: atest on devices without AVF debug policy
Change-Id: I3fdbdd49f0e775b4b054328dc25c5f2ba1f9712f
 2023-03-27 03:52:27 +00:00
Thiébaud Weksteen
e9ac9ce0f3 Grant execute on toolbox_exec for isolated_compute_app 
In commit 7ba4801, the execute permission for all isolated_app was
removed. Grant access to isolated_compute_app which requires it.

The new treble test TestIsolatedAttributeConsistency is updated to
capture the new permission. See b/275263760.

Bug: 265960698
Bug: 275024392
Bug: 275263760
Test: atest CtsVoiceInteractionTestCases:android.voiceinteraction.cts.VoiceInteractionServiceTest
Change-Id: Ide27a7e351e8f53b0f5b1ad918a508d04ef515a1
 2023-03-27 12:44:03 +11:00
Alan Stokes
4f92d5bd99 Remove policy for non-existent devices 
We still had policy for devices which do not currently exist in
Microdroid. Remove the unused types and all references to them in the
policy, since they have no effect and just bloat the policy.

While I'm here, delete all the bug_map entries. We don't use the
bug_map in Microdroid, and this is just an outdated snapshot from host
policy.

Bug: 274752167
Test: atest MicrodroidTests
Test: composd-cmd test-compile
Change-Id: I3ab90f8e3517c41eff0052a0c8f6610fa35ccdcb
 2023-03-24 18:13:18 +00:00
Treehugger Robot
e21262c1a9 Merge "Don't run ComposHostTestCases in presubmit" am: 1b382aa8b0 am: e7fc28b43f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2506475

Change-Id: I83b62401ed89a5cc89f8589c8a7ed3ff5b0a288b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-24 13:27:46 +00:00
Treehugger Robot
e7fc28b43f Merge "Don't run ComposHostTestCases in presubmit" am: 1b382aa8b0 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2506475

Change-Id: I67b0c4763bc1c5dd8ec2d3efbc64c41a40b1641c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-24 12:59:12 +00:00
Treehugger Robot
1b382aa8b0 Merge "Don't run ComposHostTestCases in presubmit" 2023-03-24 12:35:10 +00:00
Thiébaud Weksteen
e9fa1b60a1 Merge "Remove implicit access for isolated_app" am: 8ac5737d42 am: 065a7de2f9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2494689

Change-Id: I0be0c322a5cefa55a8119e3bc8ca568805ce5f05
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-24 04:36:43 +00:00
Andy Hung
789c2937a5 sepolicy: Add spatial audio tuning properties. am: 574369e474 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22241161

Change-Id: I00a6e7937068ee8a3006223ba6d320c90a73321e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-24 04:22:53 +00:00
Thiébaud Weksteen
065a7de2f9 Merge "Remove implicit access for isolated_app" am: 8ac5737d42 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2494689

Change-Id: I8bab40e1f1a034e65bc531a99cbc4db3021f6582
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-24 04:09:19 +00:00
Andy Hung
16a79f885d sepolicy: Add spatial audio tuning properties. 
audio.spatializer.pose_predictor_type
audio.spatializer.prediction_duration_ms

Test: compiles
Test: adb shell setprop with invalid enum fails.
Bug: 274849680
Merged-In: Ie7e656acbdd3fe101ecbd2cc9dfb6c8a440a6a8b
Change-Id: Ie7e656acbdd3fe101ecbd2cc9dfb6c8a440a6a8b
 2023-03-23 20:56:59 -07:00
Thiébaud Weksteen
8ac5737d42 Merge "Remove implicit access for isolated_app" 2023-03-24 03:46:00 +00:00
Andy Hung
19a6c09576 [automerger skipped] Merge "sepolicy: Add spatial audio configuration properties" am: 2e206f8cc9 am: ea5100f1ad -s ours 
am skip reason: Merged-In I190644e88a520cf13ee2b56066d5afd258460b9e with SHA-1 3b7b6c3b30 is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2501016

Change-Id: Ib913959a4c3ed95e2e689dce8bb5c7c28493caf8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-24 01:40:18 +00:00
Andy Hung
ea5100f1ad Merge "sepolicy: Add spatial audio configuration properties" am: 2e206f8cc9 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2501016

Change-Id: I61805a44c4f3d91d7921c8d48617915f498247fa
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-24 01:16:44 +00:00
Andy Hung
574369e474 sepolicy: Add spatial audio tuning properties. 
audio.spatializer.pose_predictor_type
audio.spatializer.prediction_duration_ms

Ignore-AOSP-First: will land in AOSP later.
Test: compiles
Test: adb shell setprop with invalid enum fails.
Bug: 274849680
Change-Id: Ie7e656acbdd3fe101ecbd2cc9dfb6c8a440a6a8b
 2023-03-23 18:01:42 -07:00
Andy Hung
2e206f8cc9 Merge "sepolicy: Add spatial audio configuration properties" 2023-03-24 00:41:02 +00:00
Alan Stokes
26dcfc5416 Don't run ComposHostTestCases in presubmit 
They're flaky on cuttlefish. Move to postsubmit instead.

Bug: 264496291
Test: N/A
Change-Id: I19b0357632be5a89e096fd1d9ce8d47dd865d245
 2023-03-23 15:45:24 +00:00
Alan Stokes
a45646c024 Allow CompOS to read VM config properties 
We want to allow both the VM and ART to contribute to the VM config
(e.g. memory size), so define labels for 2 sets of properties and
grant the necessary access.

Bug: 274102209
Test: builds
Change-Id: Iaca1e0704301c9155f44e1859fc5a36198917568
 2023-03-23 15:40:14 +00:00