tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
40557 commits 1 branch 0 tags 50 MiB
Commit graph

40557 commits

This branch
This branch
All branches
Author SHA1 Message Date
Treehugger Robot
cbe84dcb4d Merge "Provide network permissions to RKPD app." am: 89248159da 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2324014

Change-Id: I7e28568a57eee51c407e08232bab06fab4babf66
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-01 22:03:05 +00:00
Treehugger Robot
89248159da Merge "Provide network permissions to RKPD app." 2022-12-01 21:38:16 +00:00
Treehugger Robot
b9e9451c42 Merge "Move microdroid_*.config_done part to diff context" am: 98d709b4df 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2323437

Change-Id: I9f8e4487de318c0dcf23cece3276adb35da05516
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-01 19:47:51 +00:00
Treehugger Robot
98d709b4df Merge "Move microdroid_*.config_done part to diff context" 2022-12-01 19:07:38 +00:00
Vikram Gaur
592b345626 Provide network permissions to RKPD app. 
Test: TH
Change-Id: I5f721f5b3066ea95780487286a03b7028f11a3d5
 2022-12-01 18:54:08 +00:00
Treehugger Robot
8078bc949f Merge "Sepolicy for microdroid_manager.init_done" am: 3c41cfa51f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2322655

Change-Id: I887404471156e417cdc3fe52e512fc598bc977bc
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-01 16:58:45 +00:00
Treehugger Robot
3c41cfa51f Merge "Sepolicy for microdroid_manager.init_done" 2022-12-01 16:23:43 +00:00
Shikha Panwar
f9089686e9 Move microdroid_*.config_done part to diff context 
We introduced selinux context: microdroid_lifecycle_prop to group the
properties set by microdroid_manager related to its boot lifecycle.
microdroid_manager.config_done is more suitable to be grouped in this
context.

Test: MicrodroidHostTests#testMicrodroidBoots which also checks selinux
denials

Bug: 260005615
Change-Id: I81729146c2fc98479b9a71053e4cf8ba5d89de5e
 2022-12-01 15:13:05 +00:00
Shikha Panwar
e1578a50fb Sepolicy for microdroid_manager.init_done 
Add a new selinux context: microdroid_lifecycle_prop for properties like
microdroid_manager.init_done. Also adding neverallow rule to not let
anyone other than init & microdroid_manager set it.

Bug: 260713790
Test: Builds
Change-Id: I81470ce596cfe5870b6777b6ae6fde3a0dc486d1
 2022-12-01 14:59:06 +00:00
Yu Shan
96c3b41113 Allow wider remote access names. 
Test: local test @v1-tcu-test-service.
Bug: 254547153
Change-Id: I82ed9e9e439913602e26042e357b5fa33338ef97
 2022-11-30 17:07:49 -08:00
Steven Moreland
ab6bb503e9 Merge "sepolicy for SE HAL" am: c3802445d0 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2285333

Change-Id: I6d8b7c34c3600c49adb9035bf204d30000495432
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-11-29 23:05:05 +00:00
Steven Moreland
c3802445d0 Merge "sepolicy for SE HAL" 2022-11-29 22:30:40 +00:00
Nikita Ioffe
2039173556 Merge "Add sepolicy for microdroid_config_prop sysprops" am: ddc29b8d79 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2318890

Change-Id: I10cd67f604e3f9e1246cc51130988d906d037426
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-11-29 11:19:13 +00:00
Nikita Ioffe
ddc29b8d79 Merge "Add sepolicy for microdroid_config_prop sysprops" 2022-11-29 10:48:24 +00:00
Sandeep Dhavale
50eb2db0a1 Merge "Allow hal_fastboot_server to have access to metadata partition" am: b59723691a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2316618

Change-Id: I01698bd5d41ef0d07a895eeabb004e79db8cf123
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-11-28 23:09:09 +00:00
Sandeep Dhavale
b59723691a Merge "Allow hal_fastboot_server to have access to metadata partition" 2022-11-28 22:26:29 +00:00
Nikita Ioffe
1cf4d77af8 Add sepolicy for microdroid_config_prop sysprops 
Bug: 260361248
Bug: 260005615
Test: m
Change-Id: I50f7c0040ce6d315a3dc910c4f0b412d244a7449
 2022-11-28 13:43:42 +00:00
Treehugger Robot
a1643bd395 Merge "[cleanup] Remove attribute service_manager_type in microdroid" am: cbb1191148 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2317509

Change-Id: I1422ba73a836d97b6b6f2344c3e5ae6e36d75414
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-11-25 10:42:34 +00:00
Treehugger Robot
cbb1191148 Merge "[cleanup] Remove attribute service_manager_type in microdroid" 2022-11-25 10:08:37 +00:00
Keir Fraser
6aea0833a1 Merge "Adjust policy for hypervisor system properties" am: 255de93341 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2314862

Change-Id: I099a68dd9fee2fda11d0f781342e0995b1a7f95a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-11-24 13:12:14 +00:00
Keir Fraser
255de93341 Merge "Adjust policy for hypervisor system properties" 2022-11-24 12:44:10 +00:00
Alice Wang
56894138b2 Merge "[cleanup] Remove permissions about binder_device inside microdroid" am: 08ae0e46de 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2312267

Change-Id: I5f070612db522604e7d4cbe7423e0d6c9205b2ce
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-11-24 12:41:58 +00:00
Alice Wang
9a444d0499 [cleanup] Remove attribute service_manager_type in microdroid 
Bug: 257260848
Test: atest MicrodroidTests MicrodroidHostTests
Change-Id: Ic91fe1673d0648ac596eb67189d237175eb2976e
 2022-11-24 12:00:48 +00:00
Alice Wang
08ae0e46de Merge "[cleanup] Remove permissions about binder_device inside microdroid" 2022-11-24 11:59:28 +00:00
Treehugger Robot
c06b9a67a2 Merge "[cleanup] Remove microdroid_service_context and its usages" am: ca7bbf0681 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2312835

Change-Id: Idd8e0717f5454141db721c31d6ae2547b299f9ea
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-11-24 11:44:39 +00:00
Treehugger Robot
ca7bbf0681 Merge "[cleanup] Remove microdroid_service_context and its usages" 2022-11-24 10:35:58 +00:00
Keir Fraser
84bb5eeccb Adjust policy for hypervisor system properties 
1. Allow them to be configured by vendor_init.
2. Introduce a new system property
   hypervisor.memory_reclaim.supported, which is configured by
   vendor_init and accessed only by virtualizationservice, and is not
   as widely accessible as the existing hypervisor sysprops.

Bug: 235579465
Test: atest MicrodroidTests
Change-Id: I952432568a6ab351b5cc155ff5eb0cb0dcddf433
 2022-11-24 10:23:58 +00:00
Sandeep Dhavale
b1524d7116 Allow hal_fastboot_server to have access to metadata partition 
With AIDL fastboot, wiping partition will be handled by new service.
Allow hal_fastboot_server to the exception to neverallow rule.

Bug: 260140380
Test: th
Test: fastboot -w
Change-Id: Ic38ad715cb097ccd9c8936bb8e2a04e3e70b3245
Signed-off-by: Sandeep Dhavale <dhavale@google.com>
 2022-11-24 04:35:15 +00:00
Treehugger Robot
fde7686300 Merge "microdroid: Allow microdroid_manager to get local CID" am: d547a5a7a2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2269268

Change-Id: If0d2a6decb08022b3d18f586871280f99febec81
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-11-23 21:30:21 +00:00
Treehugger Robot
d547a5a7a2 Merge "microdroid: Allow microdroid_manager to get local CID" 2022-11-23 21:00:07 +00:00
Alice Wang
8224b9028f Merge "[cleanup] Remove permissions about binderfs inside microdroid" am: 334640c993 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2312208

Change-Id: Ie68411b9310007dbc15d9075f3a90ae1324e8bff
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-11-23 12:00:14 +00:00
Alice Wang
8cac66dc34 [cleanup] Remove permissions about binder_device inside microdroid 
The binder_device in microdroid has been removed in aosp/2310572.

Bug: 222479468
Test: atest MicrodroidTests MicrodroidHostTests
Change-Id: Ie87e3b5ca1afc4046d5b35cba5fc2f99bbc09f43
 2022-11-23 11:57:54 +00:00
Alice Wang
334640c993 Merge "[cleanup] Remove permissions about binderfs inside microdroid" 2022-11-23 11:34:29 +00:00
Alice Wang
2af6f857bf [cleanup] Remove unneeded apex_service permissions in microdroid am: 0065888fe7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2312207

Change-Id: I717fec556ea254fa6f4bf676dcea33e6798fe838
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-11-23 10:29:44 +00:00
Alice Wang
4a608c1960 [cleanup] Remove microdroid_service_context and its usages 
As service_manager has been removed in microdroid.

Bug: 257260848
Test: atest MicrodroidTests MicrodroidHostTests

Change-Id: I05b3366a14ecd8d6aabfff5eca9b6fbf804dc97a
 2022-11-23 10:03:53 +00:00
Alice Wang
890f7c8b3d Merge "[cleanup] Remove permissions about servicemanager_prop inside microdroid" am: 160ad719fb 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2312206

Change-Id: Ia91423397d27b715cd37d80f985d27c0d7196a0b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-11-22 21:40:15 +00:00
Alice Wang
79629bdd60 [cleanup] Remove permissions about binderfs inside microdroid 
The binderfs in microdroid has been removed in aosp/2310572.

Bug: 222479468
Test: atest MicrodroidTests MicrodroidHostTests
Change-Id: I757ae39ebc841e8bb23300c4f65a3646ad8031fb
 2022-11-22 21:22:38 +00:00
Alice Wang
0065888fe7 [cleanup] Remove unneeded apex_service permissions in microdroid 
As microdroid doesn't use apex_service.

Bug: 222479468
Test: atest MicrodroidTests MicrodroidHostTests
Change-Id: Ie79473322905bda56c57d91f3c524ad715c99aff
 2022-11-22 21:21:30 +00:00
Alice Wang
160ad719fb Merge "[cleanup] Remove permissions about servicemanager_prop inside microdroid" 2022-11-22 21:06:51 +00:00
Treehugger Robot
dc98c10d7f Merge "Encryptedstore/Selinux: Format the crypt device" am: 4c240dcaab 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2309189

Change-Id: I83b08712c2ba085ea4a2bb7f1a1f737dc7270422
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-11-22 20:09:41 +00:00
Treehugger Robot
4c240dcaab Merge "Encryptedstore/Selinux: Format the crypt device" 2022-11-22 19:33:09 +00:00
Devin Moore
6741d357f5 Merge "Add AIDL sensorservice's new fuzzer to the mapping" am: 338f9a0253 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2308683

Change-Id: I32d9988867c60a1ea64713f0d8d9285a94233f2e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-11-22 18:16:02 +00:00
Shikha Panwar
c6ff74a210 Encryptedstore/Selinux: Format the crypt device 
Add selinux policies required for formatting the crypt device.
1. Allow encryptedstore to execute mk2fs.
2. The execution will happen without domain transition - so add
   permissions related to formatting the device.
3. Allow encryptedstore to write on /dev/vd device - required to zero
   starting bits initially

Test: Run vm with --storage & --storage-size option
Bug: 241541860
Change-Id: I9766e3c67e47a58707beee8b3a156944e3b0a9ce
 2022-11-22 17:42:01 +00:00
Devin Moore
338f9a0253 Merge "Add AIDL sensorservice's new fuzzer to the mapping" 2022-11-22 17:37:49 +00:00
Alice Wang
2af1ac6739 Merge "[cleanup] Remove permissions about servicemanager inside microdroid" am: 7358947455 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2311886

Change-Id: I9ebae8149a7a0851fdfd72f9a8b5b939610c7cd4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-11-22 16:22:01 +00:00
Alice Wang
7358947455 Merge "[cleanup] Remove permissions about servicemanager inside microdroid" 2022-11-22 15:57:36 +00:00
Alice Wang
165148e62c [cleanup] Remove permissions about servicemanager_prop inside microdroid 
As servicemanager is removed from microdroid.

Bug: 222479468
Test: atest MicrodroidTests MicrodroidHostTests
Change-Id: Ie39e4b214f297258f3dceecc11fa3d8289af3be4
 2022-11-22 14:55:47 +00:00
Alice Wang
574be921af [cleanup] Remove permissions about servicemanager inside microdroid 
Bug: 222479468
Test: atest MicrodroidTests MicrodroidHostTests
Change-Id: I562d0d018f0dbd7d4b93c39b2bde4d2a8b50de13
 2022-11-22 14:36:09 +00:00
Treehugger Robot
0b9c2b6467 Merge "Revert "Add listen/accept permission to MM's vsock"" am: ea83f4f046 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2311586

Change-Id: I3f5413b90a7443d87d396b51e945206a2567ec9d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-11-22 14:28:13 +00:00
Treehugger Robot
ea83f4f046 Merge "Revert "Add listen/accept permission to MM's vsock"" 2022-11-22 13:52:20 +00:00