tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
36146 commits 1 branch 0 tags 50 MiB
Commit graph

36146 commits

This branch
This branch
All branches
Author SHA1 Message Date
Yi-Yo Chiang
598d079de7 Label ro.force.debuggable as build_prop 
It was default_prop. Label it build_prop for good code hygiene.

Bug: 223517900
Test: Boot with and without debug boot image
Change-Id: I4e00d301eb526a0fc9e29657cbcedda8dd0fc7b1
 2022-06-10 14:52:38 +08:00
Treehugger Robot
e9cd3e95cb Merge "Obsolete BOARD_PLAT_*_SEPOLICY_DIR" am: 747fc1236e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2120421

Change-Id: Icd4eaabc5a7288d04b7f642aaa8bb8f2371d2e86
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-10 02:16:02 +00:00
Treehugger Robot
747fc1236e Merge "Obsolete BOARD_PLAT_*_SEPOLICY_DIR" 2022-06-10 01:56:16 +00:00
Vova Sharaienko
38ad5d01c4 Merge "hal_vehicle_default: enabled communication with statsd" am: 7816224ea2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2106885

Change-Id: Id31bf7bf78f66575871ba3718889442360c64e9f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-09 23:03:51 +00:00
Akilesh Kailash
ba1b02ae5b Allow update_verifier to connect to snapuserd daemon am: 5fe8252425 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2039364

Change-Id: I3425242728e614526befaca3be2f82bf482593a9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-09 23:03:33 +00:00
Vova Sharaienko
7816224ea2 Merge "hal_vehicle_default: enabled communication with statsd" 2022-06-09 22:51:21 +00:00
Devin Moore
309a355088 Add permissions for new netd AIDL HAL 
Netd is now serving an AIDL HAL to replace the old HIDL HAL.

Bug: 205764585
Test: Boot and check for avc denials
Change-Id: I1ca5ed4ff3b79f082ea2f6d3e81f60a64ca04855
 2022-06-09 22:39:15 +00:00
Dan Willemsen
9dd75fe474 Obsolete BOARD_PLAT_*_SEPOLICY_DIR 
See If803a33efc38a970247919bf224c12b8c717f955 for more details.

Bug: 235414673
Test: treehugger
Change-Id: Iff939a58e0a8238e085d63f28b5fa8d7982d82a0
 2022-06-09 09:36:21 -07:00
Inseob Kim
1e796342aa Fix policy file order for hal_attributes 
Partners should be able to add hal_attributes to system_ext or product's
public/attributes file. However, if system_ext or product's
public/attributes contain any domain sets, numbers for base_typeattr
become inconsistent. It's because the order is now:

    ...
    te_macros
    attributes
    ioctl_defines
    ioctl_macros
    *.te
    roles_decl
    ...

That is, system_ext/public/attributes and product/public/attributes are
included prior to system/sepolicy/**/*.te. Thus, plat_sepolicy.cil and
system_ext_sepolicy.cil/product_sepolicy.cil can conflict.

This change fixes this issue by making attributes and *.te files have
the same rank. This way, system_ext/public/attributes is included after
system/sepolicy/**/*.te.

Bug: 234137981
Test: m selinux_policy after adding hal_attribute to
      system_ext/public/attributes
Change-Id: I85e1f6b8e4ab47c723724684d1938297a3305fe8
 2022-06-09 11:26:35 +09:00
Akilesh Kailash
5fe8252425 Allow update_verifier to connect to snapuserd daemon 
Bug: 193863442
Test: OTA
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: I10cb900466078930c9124fc381ba2adfc50ffcd4
 2022-06-08 20:26:18 +00:00
Steven Terrell
c402a02164 Merge "Add System Property Controlling Animators" am: 06c506940e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2118925

Change-Id: Ieee8f322c099443e6e533d8475501e55e9748511
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-08 16:11:44 +00:00
Steven Terrell
06c506940e Merge "Add System Property Controlling Animators" 2022-06-08 15:33:44 +00:00
Jiakai Zhang
07bae2c1b8 Merge "Allow artd to get root capabilities and write to dalvikcache_data_file." am: b7a5e7cb8f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2118486

Change-Id: I47ac3549a2c5fbde261c3f3d508bdf28193a095b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-08 14:52:51 +00:00
Jiakai Zhang
b7a5e7cb8f Merge "Allow artd to get root capabilities and write to dalvikcache_data_file." 2022-06-08 14:33:34 +00:00
Jiakai Zhang
2ce60a69bc Allow artd to get root capabilities and write to dalvikcache_data_file. 
This CL adds rules to allow artd to delete optimized artifacts.

In general, some functionalities from installd are being migrated to
artd, so artd needs permissions to do what installd is doing: managing
profiles and compilation artifacts that belong to individual apps.

Bug: 225827974
Test: adb shell pm art delete-optimized-artifacts com.google.android.youtube
Change-Id: I1780cdfb481175fd3b0bc9031fdabb8e7cd71a12
 2022-06-08 10:13:22 +00:00
Treehugger Robot
8fbf709eb0 Merge "Add sepolicy for IBootControl AIDL" am: 921af40c4b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2050816

Change-Id: I4b116c21bdc31c96350c43640cfb19e245eef1bb
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-08 09:58:21 +00:00
Treehugger Robot
921af40c4b Merge "Add sepolicy for IBootControl AIDL" 2022-06-08 09:40:21 +00:00
Kelvin Zhang
187cb2c64c Add sepolicy for IBootControl AIDL 
Test: th
Bug: 227536004
Change-Id: I1206b4aae1aab904a76836c893ee583b5ce54624
 2022-06-07 16:26:19 -07:00
Steven Terrell
879f41c5f2 Add System Property Controlling Animators 
Adding a new system property that will act as a toggle
enabling/disabling the framework changes that were submitted to prevent
leaked animators.

Bug: 233391022

Test: manual.

Merged-In: I57225feb50a3f3b4ac8c39998c47f263ae211b66
Change-Id: Ifc339efc1c3a5e19920b77d1f24bef19c39d5f44
 2022-06-07 20:22:10 +00:00
Florian Mayer
2f9eef4c10 [automerger skipped] RESTRICT AUTOMERGE Revert "Move mtectrl to private" am: 654cd21c30 -s ours am: d89566e4b3 -s ours 
am skip reason: subject contains skip directive

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2117016

Change-Id: I4b7b78eba624704d755d1b0b5e2579b1d0e9ef7e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-07 03:47:14 +00:00
Florian Mayer
d89566e4b3 [automerger skipped] RESTRICT AUTOMERGE Revert "Move mtectrl to private" am: 654cd21c30 -s ours 
am skip reason: subject contains skip directive

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2117016

Change-Id: Idf1bec5ede203162fb4485c4d3e9bcf5d0b8093c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-07 03:29:09 +00:00
John Wu
b298a8a97e Merge "Revert "Revert "Revert "Remove key migration related changes"""" am: b553a30629 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2116891

Change-Id: I952aa402047f0be2518a75fb7fbe250a1ecf7e98
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-07 01:22:35 +00:00
John Wu
b553a30629 Merge "Revert "Revert "Revert "Remove key migration related changes"""" 2022-06-07 01:03:51 +00:00
Florian Mayer
654cd21c30 RESTRICT AUTOMERGE Revert "Move mtectrl to private" 
Revert submission 1959735

Reason for revert: b/220807329
Reverted Changes:
Idb5c4a4c6:Move mtectrl to private
I2e8419366:Add policy for command line tool to control MTE bo...

Change-Id: I663113df93fe9fec597ad346a1d07888b068c20e
 2022-06-06 23:52:17 +00:00
John Wu
3da8416b5d Revert "Revert "Revert "Remove key migration related changes""" 
This reverts commit 82c4d9b474.

Reason for revert: b/235140708

Change-Id: Ifd14bcf4480c74b81602c16723efebef7aad10bd
 2022-06-06 22:24:24 +00:00
Vova Sharaienko
5aa340abc2 hal_vehicle_default: enabled communication with statsd 
Bug: 233754988
Test: build & boot, logcat | grep SELinux
Change-Id: I92ca95e0088550677baab64fcc36afdc8845e2fc
 2022-06-06 19:00:01 +00:00
John Wu
2549151f97 Merge "Revert "Revert "Remove key migration related changes""" am: fd6f5dfe6b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2115245

Change-Id: Ifaa9db74a71dcf022162f2b59b697e6cd7e02336
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-06 18:25:15 +00:00
John Wu
fd6f5dfe6b Merge "Revert "Revert "Remove key migration related changes""" 2022-06-06 17:16:47 +00:00
John Wu
82c4d9b474 Revert "Revert "Remove key migration related changes"" 
This reverts commit e27f954836.

Reason for revert: this needs to land in AOSP

Change-Id: Ief92bf04eaff4235b0e33d427263bbff312837aa
 2022-06-03 18:23:15 +00:00
Jaihind Yadav
fd04d1e908 Don't audit mnt_produt_file in dumpstate. 
CTS testcase is failing because of the AVC denails for dumpstate
trying to search mnt_product.

Bug:234086759

Test: android.security.cts.SELinuxHostTest#testNoBugreportDenials

Change-Id: I794de8c296992b1d3cdafdb802376870a0eecce7
 2022-06-01 12:13:13 +00:00
Patrick Rohr
df9cd0c7bd sepolicy: allow TUNSETLINK and TUNSETCARRIER am: 02b55354bd 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2112201

Change-Id: I4757c41c54597bb77b97350ec55bce5425a65533
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-01 08:51:19 +00:00
Patrick Rohr
02b55354bd sepolicy: allow TUNSETLINK and TUNSETCARRIER 
This is required for testing new ethernet APIs in T.

Test: TH
Bug: 171872016
Change-Id: I1e6024d7d649be50aa2321543b289f81fcdfc483
 2022-05-31 20:36:33 -07:00
Jiakai Zhang
aa1673bace Allow artd to check optimization status. am: 76bfb7ecbf 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2111066

Change-Id: Id6967f85d6582b6bfc36316a98c7d34b9f8934a6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-31 16:11:20 +00:00
Jiakai Zhang
76bfb7ecbf Allow artd to check optimization status. 
Bug: 233383589
Test: -
  1. adb shell pm art get-optimization-status com.google.android.youtube
  2. See no SELinux denials.
Test: -
  1. adb shell pm compile -m speed com.google.android.youtube
  2. adb shell pm art get-optimization-status com.google.android.youtube
  3. See no SELinux denials.
Test: -
  1. adb shell pm install /product/app/YouTube/YouTube.apk
  2. adb shell pm art get-optimization-status com.google.android.youtube
  3. See no SELinux denials.
Change-Id: I943ebca4ec02c356fa0399b13f6154e7623f228b
 2022-05-31 14:05:04 +01:00
Patrick Rohr
3684e7af8f Merge "Fix system server and network stack netlink permissions" am: 817d82bcf5 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2101773

Change-Id: I50174efca8b92bc399bbddb7e1418cbca037d5dd
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-27 01:57:58 +00:00
Patrick Rohr
817d82bcf5 Merge "Fix system server and network stack netlink permissions" 2022-05-27 01:39:00 +00:00
Treehugger Robot
3aca65199c Merge "Allow system_server to connect to artd." am: a4c30a384a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2108124

Change-Id: I35406108f247a0fdb654780c162da0257f22133d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-26 15:32:30 +00:00
Treehugger Robot
a4c30a384a Merge "Allow system_server to connect to artd." 2022-05-26 14:33:42 +00:00
Jiakai Zhang
9ed8d3c9be Allow system_server to connect to artd. 
Bug: 233915142
Test: m
Change-Id: I07dc0b7ab2e54aea21799698b13651605f4c4b4a
 2022-05-26 13:57:53 +01:00
Thiébaud Weksteen
d45cc9c6da Merge "Revert "Remove key migration related changes"" am: cdf912f65e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2107148

Change-Id: If45e37fec3dc7fe4541484afae712c165a931cff
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-26 03:31:16 +00:00
Thiébaud Weksteen
cdf912f65e Merge "Revert "Remove key migration related changes"" 2022-05-26 03:08:29 +00:00
John Wu
e27f954836 Revert "Remove key migration related changes" 
This reverts commit cabed18a47.

Reason for revert: b/233922399

Change-Id: Ib371184de3c1bc4e3e0ca951e98d6b5e66952dcc
 2022-05-25 23:36:42 +00:00
John Wu
de99ffee8c Merge "Remove key migration related changes" am: c8d2d1d258 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2016242

Change-Id: I5bb40d0b8b71d709285fa93a3d0c3150bce16914
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-25 18:13:57 +00:00
John Wu
c8d2d1d258 Merge "Remove key migration related changes" 2022-05-25 17:53:17 +00:00
Mohamad Mahmoud
6534eb696b Merge "Allow system_server to read io and cpu pressure data Test: tested on device Bug: b/233036368" am: e7d1f32250 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2103244

Change-Id: Ib5d2e8d9cb9d9eaaea884389f2315331f577aac6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-25 16:07:50 +00:00
Mohamad Mahmoud
e7d1f32250 Merge "Allow system_server to read io and cpu pressure data Test: tested on device Bug: b/233036368" 2022-05-25 15:49:20 +00:00
Rubin Xu
b7a8225fd8 Merge "Allow Bluetooth stack to read security log sysprop" am: ab73c8f1c8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2096793

Change-Id: Iae1a538a9112569421c87de5ca082e066b6991f2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-25 12:01:57 +00:00
Rubin Xu
ab73c8f1c8 Merge "Allow Bluetooth stack to read security log sysprop" 2022-05-25 11:43:49 +00:00
Treehugger Robot
32d64b7b82 Merge "Allow zoned device support in f2fs" am: a98ea3d8cf 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2103273

Change-Id: I357bb6304b15ebba4038e8f98ba65c0815634a11
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-25 01:46:19 +00:00
Treehugger Robot
a98ea3d8cf Merge "Allow zoned device support in f2fs" 2022-05-25 01:40:24 +00:00