tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
41130 commits 1 branch 0 tags 50 MiB
Commit graph

41130 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jeff Pu
80a18e9a7e Merge "Allow servicemanager to make binder call to hal_fingerprint" am: 22adabc37e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2424930

Change-Id: I8f0d95737a0d718703d1e0b650e1fc5465f8d79a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-10 13:59:21 +00:00
Krishang Garodia
6e51f51b5f Merge "Update SE policy for all media provider processes" 2023-02-10 13:57:52 +00:00
Jeff Pu
22adabc37e Merge "Allow servicemanager to make binder call to hal_fingerprint" 2023-02-10 13:35:32 +00:00
Krishang Garodia
caf7984a2e Update SE policy for all media provider processes 
Bug: 230394838
Bug: 195009152
Test: manual
Change-Id: Ic8e1d45c910e1455dd28bfb748d134c066a33591
 2023-02-10 11:06:53 +00:00
Thiébaud Weksteen
cdf98439cf Merge "Ignore fusefs_type access for su" am: f0e86adfc3 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2428452

Change-Id: Icc808be7f95789e703f52ae6e3c2e7a25f821284
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-09 23:13:17 +00:00
Thiébaud Weksteen
f0e86adfc3 Merge "Ignore fusefs_type access for su" 2023-02-09 22:46:54 +00:00
Jeff Pu
0e6dce0ae9 Allow servicemanager to make binder call to hal_fingerprint 
Bug: 263519851
Test: boot Cuttlefish with lazy virtual fingerprint HAL
Change-Id: I8cef9d1c55065561786718aad589cf4dd327ff66
 2023-02-09 22:02:29 +00:00
Charlie Wang
55886d20d9 Merge "Extension of isolated_compute_app for media services." am: bc778658ab 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2411335

Change-Id: I1133741d332cd7cdf075db8330baf1db61f58105
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-09 18:29:54 +00:00
Max Bires
5516282b8b Merge "Allow GMSCore to read RKP properties." am: db8a6b31ca 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2428194

Change-Id: I5b0aa3092d77a1e3c8917cd36d8a076b7d783f88
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-09 18:29:40 +00:00
Charlie Wang
bc778658ab Merge "Extension of isolated_compute_app for media services." 2023-02-09 18:13:57 +00:00
Cody Northrop
e4e43ebad8 Allow camera HAL to read EGL vendor properties 
Test: TreeHugger
Bug: b/267752967
Change-Id: I174420a3ef1f0059007616b4bee3091a888b1999
 2023-02-09 17:55:03 +00:00
Max Bires
db8a6b31ca Merge "Allow GMSCore to read RKP properties." 2023-02-09 17:51:57 +00:00
Henri Chataing
1f26ebadf8 Merge "Define the permissions for Nfc sysprops" am: ff275229d1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2424852

Change-Id: Ief06daa97a1ff07a8ebdc2cc1f0a77e769d2f76a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-09 17:01:39 +00:00
Henri Chataing
ff275229d1 Merge "Define the permissions for Nfc sysprops" 2023-02-09 16:08:40 +00:00
Jack He
259ea80e91 Merge "Add sysprop for LeAudio inband ringtone support" am: 796621872b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2422865

Change-Id: Ie3311c5fa54dad74f20578faba36fbd4981f1625
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-09 02:09:07 +00:00
Thiébaud Weksteen
3714d72a64 Ignore fusefs_type access for su 
Similarly to fs_type, fusefs_type accesses are ignored. It may be
triggered by tradefed when listing mounted points.

Bug: 177481425
Bug: 240632971
Bug: 239090033
Bug: 238971088
Bug: 238932200
Bug: 239085619
Test: presubmit boot tests
Change-Id: Ic96140d6bf2673d0de6c934581b3766f911780b6
 2023-02-09 12:45:14 +11:00
Jack He
796621872b Merge "Add sysprop for LeAudio inband ringtone support" 2023-02-09 01:36:31 +00:00
Max Bires
89bbb2581b Allow GMSCore to read RKP properties. 
GMSCore requires access to read RKP properties in order for test suites
to validate the hostname is properly set.

Test: N/A
Change-Id: If537e58d4df74516435bec8955c83bb5494a80f0
 2023-02-08 17:14:47 -08:00
Charles Chen
3e9f05faa3 Extension of isolated_compute_app for media services. 
Support media use cases in isolated_compute_app such as decoding with MediaCodecs.

Bug:266943251
Test: m &&  manual - sample app with IsolatedProcess=True can use MediaCodec.

Change-Id: I864dcfb16494efada2fbd2a7d34b5d7f6b8128cb
 2023-02-08 15:48:25 -08:00
Brian Julian
e346f2fe80 Merge "Backports sepolicy for AltitudeService to T." am: f388934ffe 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2406792

Change-Id: I8cd9387e7b27e032e38b23a531a710a8801c6a5b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-08 18:51:22 +00:00
David Drysdale
c9529ff336 Map AIDL Gatekeeper to same policy as HIDL version 
Bug: 268342724
Test: VtsHalGatekeeperTargetTest
Change-Id: Ifa90247753ae558f7bdb70cb4b4e494466cc457b
 2023-02-08 18:42:17 +00:00
Brian Julian
f388934ffe Merge "Backports sepolicy for AltitudeService to T." 2023-02-08 18:28:25 +00:00
Ryan Savitski
de2aa42a42 Merge "sepolicy: rework perfetto producer/profiler rules for "user" builds" am: b9a365a35f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2419280

Change-Id: Ie9d2cdac2900cdadda71e69dff5402a50536b187
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-08 18:16:07 +00:00
Ryan Savitski
b9a365a35f Merge "sepolicy: rework perfetto producer/profiler rules for "user" builds" 2023-02-08 17:23:44 +00:00
Patty Huang
a2ef6f9584 Add system property for leaudio_allow_list 
Bug: 239768625
Test: Manual
Tag: #feature
Change-Id: I95e9672e452b3cfbec6ea57052444fcf833fdeab
 2023-02-08 13:39:02 +08:00
Łukasz Rymanowski
88193e8aa1 Add sysprop for LeAudio inband ringtone support 
Bug: 242685105
Test: manual
Change-Id: I9e884c0c2765285110cde943e5eb419139167a50
 2023-02-07 22:31:12 +00:00
Henri Chataing
60eaabc953 Define the permissions for Nfc sysprops 
Bug: 268219397
Test: m
Change-Id: Ic945e56ce947c3ddae4847f007e6870e3188c065
 2023-02-07 21:57:13 +00:00
Brian Julian
32b0a39d27 Backports sepolicy for AltitudeService to T. 
Test: VtsHalAltitudeServiceTargetTest
Bug: 265013616
Change-Id: I8eb6af8b9350e0d021ef781eb9f3776b4adf3b7f
Merged-In: I8eb6af8b9350e0d021ef781eb9f3776b4adf3b7f
 2023-02-07 19:38:17 +00:00
Jakub Rotkiewicz
2d1023f256 Merge "Bluetooth: Added sepolicy for Snoop Logger filtering" am: db85fd141e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2302410

Change-Id: I01ef5cc083efda96bd1083949a39e4177ca45a73
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-07 12:48:24 +00:00
Jaewan Kim
a6f591b123 Allow virtualizationmanager to read AVF debug policy am: 93f5788ec5 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2423325

Change-Id: Iddb3d51769a1a2f0d39d6612698ec411b891f958
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-07 12:47:48 +00:00
Jakub Rotkiewicz
db85fd141e Merge "Bluetooth: Added sepolicy for Snoop Logger filtering" 2023-02-07 11:51:56 +00:00
Jeffrey Huang
fcf5a91e00 Restrict system server from reading statsd data 
Bug: 267367423
Test: m -j
Change-Id: I0628142c2380cf568643f864ae211fbf5380550c
 2023-02-06 18:29:21 -08:00
Jaewan Kim
93f5788ec5 Allow virtualizationmanager to read AVF debug policy 
virtualizationmanager may handle some AVF debug policies for unproteted VM.

Bug: 243630590
Test: Run unprotected VM with/without ramdump
Change-Id: I2941761efe230a9925d1146f8ac55b50e984a4e9
 2023-02-07 02:04:02 +09:00
Charles Chen
c704d3bea2 Merge "One-click fix script for isolated_app_all replacement" am: 15d5e5f173 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2411336

Change-Id: I63a9b98a6114ce34e80265636b2b3ed2ef7202b4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-05 14:58:21 +00:00
Charles Chen
15d5e5f173 Merge "One-click fix script for isolated_app_all replacement" 2023-02-05 14:22:33 +00:00
Avichal Rakesh
b95f1e539a Merge "Prevent non-system apps from read ro.usb.uvc.enabled" am: 36c4d512be 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2415830

Change-Id: Ie3acb6f962e05a3f9ddc6036590e3ec67ed650d3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-03 20:31:11 +00:00
Avichal Rakesh
36c4d512be Merge "Prevent non-system apps from read ro.usb.uvc.enabled" 2023-02-03 20:00:44 +00:00
Ryan Savitski
941ba723ba sepolicy: rework perfetto producer/profiler rules for "user" builds 
This patch:
* allows for heap and perf profiling of all processes on the system
  (minus undumpable and otherwise incompatible domains). For apps, the
  rest of the platform will still perform checks based on
  profileable/debuggable manifest flags. For native processes, the
  profilers will check that the process runs as an allowlisted UID.
* allows for all apps (=appdomain) to act as perfetto tracing data
  writers (=perfetto_producer) for the ART java heap graph plugin
  (perfetto_hprof).
* allows for system_server to act a perfetto_producer for java heap
  graphs.

Bug: 247858731
Change-Id: I792ec1812d94b4fa9a8688ed74f2f62f6a7f33a6
 2023-02-03 15:05:14 +00:00
Charles Chen
e8b651b240 One-click fix script for isolated_app_all replacement 
Provides the script to replace current isolated_app with
isolated_app_all if possible.

Bug: 267487579
Test: m && presubmit
Change-Id: Ifcec81ddf3da2ffb4eac67d8be1de70c1eab6b92
 2023-02-03 14:55:29 +00:00
Treehugger Robot
6fb804af4e Merge "Allow dex2oat access to relevant properties" am: ce230383ae 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2412099

Change-Id: Ic30d184edbac6e88150897b6f391231fb7539047
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-03 09:23:50 +00:00
Treehugger Robot
ce230383ae Merge "Allow dex2oat access to relevant properties" 2023-02-03 08:57:34 +00:00
Treehugger Robot
d1c26af880 Merge "Add selinux permissions for DeviceAsWebcam Service" am: 870b368ec5 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2410788

Change-Id: I4f2f7feac7862ff525e1ebf15c7ee1f036ca9fb3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-03 02:00:29 +00:00
Treehugger Robot
870b368ec5 Merge "Add selinux permissions for DeviceAsWebcam Service" 2023-02-03 01:40:58 +00:00
Cody Northrop
2008915bf8 Merge "Add EGL blobcache multifile properties" am: 1f1705917e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2402875

Change-Id: I73b5c4786e2cff76b395914857ed6630850ebb9e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-02 21:15:51 +00:00
Cody Northrop
1f1705917e Merge "Add EGL blobcache multifile properties" 2023-02-02 20:55:50 +00:00
Avichal Rakesh
e2cb0f2813 Prevent non-system apps from read ro.usb.uvc.enabled 
ro.us.uvc.enabled should not be readable from apps that can't or
shouldn't act on UVC support. This means all non-system apps. This CL
adds an explicit neverallow rule to prevent all appdomains (except
system_app and device_as_webcam).

Bug: 242344221
Bug: 242344229
Test: Build passes, manually confirmed that non-system apps cannot
      access the property
Change-Id: I1a40c3c3cb10cebfc9ddb791a06f26fcc9342ed9
 2023-02-02 12:26:33 -08:00
Avichal Rakesh
e0929241a1 Add selinux permissions for DeviceAsWebcam Service 
DeviceAsWebcam is a new service that turns an android device into a
webcam. It requires access to all services that a
regular app needs access to, and it requires read/write permission to
/dev/video* nodes which is how the linux kernel mounts the UVC gadget.

Bug: 242344221
Bug: 242344229
Test: Manually tested that the service can access all the nodes it
      needs, and no selinux exceptions are reported for the service
      when running.
Change-Id: I45c5df105f5b0c31dd6a733f50eb764479d18e9f
 2023-02-02 12:26:33 -08:00
Sumit Bhagwani
3241672e80 Non app processes shouldn't be able to peek checkin data am: 7602d0f348 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2417613

Change-Id: Iab7cebd106f5b6b7217ad81449705ed6f92e89c7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-02 20:12:29 +00:00
Sumit Bhagwani
7602d0f348 Non app processes shouldn't be able to peek checkin data 
Change-Id: I1df0ce47ae9d08f66689f82e21656cbdd70d7f25
Test: Manually built the change and flashed the device.
Bug: 197636740
 2023-02-02 17:51:51 +00:00
Alfred Piccioni
30ae427ed0 Adds support for fuseblk binaries. 
This is a rather large, single change to the SEPolicies, as fuseblk
required multiple new domains. The goal is to allow any fuseblk
drivers to also use the same sepolicy.

Note the compartmentalized domain for sys_admin and mount/unmount
permissions.

Bug: 254407246

Test: Extensive testing with an ADT-4 and NTFS USB drives.
Change-Id: I6619ac77ce44ba60edd6ab10e8436a8712459b48
 2023-02-02 15:32:39 +01:00