Jaewan Kim
ea3e08d53d
Allow shell to read AVF DT nodes
...
Hostside test needs to check existence of /proc/device-tree/avf/guest
to check whether AVF debug policy is installed.
Bug: 345118393
Test: Verified manually on tangorpro-user
(cherry picked from https://android-review.googlesource.com/q/commit:168e04da79db850714afd018a6e88da983c89579 )
Merged-In: I33d6bd1bd7c5513395f162e2bcbbfd15c1b80bcd
Change-Id: I33d6bd1bd7c5513395f162e2bcbbfd15c1b80bcd
2024-06-19 01:06:25 +00:00
Android Build Coastguard Worker
cd0a00b7c4
Snap for 11973804 from f2d382e533
to 24Q3-release
...
Change-Id: I00f2d7f3bc24cf1f28e99cbafa644f06dda9c5d6
2024-06-15 01:25:39 +00:00
Priyanka Advani
f2d382e533
Merge "Revert "Introducing vm_tethering_service as system_server_service"" into main am: 5aa7ff8369
am: 3c1cd9c05b
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3134016
Change-Id: I1900577c1bfecc23d29f9008c7964d66994f0eed
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-14 17:58:35 +00:00
Priyanka Advani
3c1cd9c05b
Merge "Revert "Introducing vm_tethering_service as system_server_service"" into main am: 5aa7ff8369
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3134016
Change-Id: I1c79e6da041c4341349835b3296479090b8b0fdb
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-14 17:54:40 +00:00
Priyanka Advani
5aa7ff8369
Merge "Revert "Introducing vm_tethering_service as system_server_service"" into main
2024-06-14 17:48:06 +00:00
Priyanka Advani
3833f2f9d6
Revert "Introducing vm_tethering_service as system_server_service"
...
This reverts commit 70e6e885ae
.
Reason for revert: <Potential culprit for b/347203579 - verifying through ABTD before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted.>
Change-Id: I28064a2f38114d4e91356828576bfb3b9030b977
2024-06-14 17:46:44 +00:00
Ján Sebechlebský
b0e2bd676b
Merge "Add missing SELinux rule for accessing GPU" into main am: f41e544cb2
am: 2bb77d1934
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3125913
Change-Id: I9d9241d8c3d0a3ab36ee81e5ce050c09a7914b77
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-14 08:14:37 +00:00
Ján Sebechlebský
2bb77d1934
Merge "Add missing SELinux rule for accessing GPU" into main am: f41e544cb2
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3125913
Change-Id: I685cd9cba816f85d1f30c1e83721f0dbf333aad0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-14 08:07:02 +00:00
Ján Sebechlebský
f41e544cb2
Merge "Add missing SELinux rule for accessing GPU" into main
2024-06-14 07:58:43 +00:00
Seungjae Yoo
8f99958c86
Merge "Introducing vm_tethering_service as system_server_service" into main am: 9d04376e55
am: e4890ed894
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3121391
Change-Id: I501a80b2d047f45f1fa3c1f75ceb083060bb2a62
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-14 05:53:47 +00:00
Seungjae Yoo
e4890ed894
Merge "Introducing vm_tethering_service as system_server_service" into main am: 9d04376e55
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3121391
Change-Id: I4f3ab70bcd4f8965d00ad84a7cd5fc4afaa29913
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-14 05:46:25 +00:00
Seungjae Yoo
9d04376e55
Merge "Introducing vm_tethering_service as system_server_service" into main
2024-06-14 05:43:49 +00:00
Treehugger Robot
f085b3cd8f
Merge "Cleanup ImageInterface.SetImageVariation" into main am: 7c2d9978c1
am: 10171d408d
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3131517
Change-Id: I7d8d199329b802d42ea9ade8071426498ae03d13
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-14 04:35:32 +00:00
Treehugger Robot
10171d408d
Merge "Cleanup ImageInterface.SetImageVariation" into main am: 7c2d9978c1
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3131517
Change-Id: I310ed3c3876ee1018f6318521d924480e9642334
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-14 04:29:12 +00:00
Treehugger Robot
7c2d9978c1
Merge "Cleanup ImageInterface.SetImageVariation" into main
2024-06-14 04:26:52 +00:00
Treehugger Robot
e9d2d0d4fe
Merge "SELinux: allow gms core write to aconfigd socket" into main am: 3115b03d9e
am: 7c9ac69a60
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3132573
Change-Id: Ife258811230ffce62549ad244d513fb81a8e4062
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-14 00:34:13 +00:00
Treehugger Robot
7c9ac69a60
Merge "SELinux: allow gms core write to aconfigd socket" into main am: 3115b03d9e
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3132573
Change-Id: I2ee1d7a39e326cec8d51e23f17339deb5eb3b274
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-14 00:27:51 +00:00
Treehugger Robot
3115b03d9e
Merge "SELinux: allow gms core write to aconfigd socket" into main
2024-06-14 00:22:03 +00:00
Android Build Coastguard Worker
c3a7a5bb6c
Snap for 11967491 from b70ff52882
to 24Q3-release
...
Change-Id: I1f38f1972f363cec24061d0adf217aeea9808150
2024-06-13 23:25:37 +00:00
Jihoon Kang
8298ae56e6
Cleanup ImageInterface.SetImageVariation
...
This change modifies the interface method of
ImageInterface.SetImageVariation so that the image variation is set
directly at the caller image variation module, instead of passing the
pointer to set the image variation.
Test: m nothing
Change-Id: Ice92b2496dbe9e342edf5542946620ae409f7d4f
2024-06-13 21:47:41 +00:00
Dennis Shen
182b19b51c
SELinux: allow gms core write to aconfigd socket
...
Bug: b/312459182
Test: m
Change-Id: If59a1c8bdf98274b9dac33a2125780a3c43910db
2024-06-13 18:45:49 +00:00
Jan Sebechlebsky
9999b0a332
Add missing SELinux rule for accessing GPU
...
Bug: 301023410
Test: atest virtual_camera_tests CtsVirtualDevicesCameraTestCases CtsVirtualDevicesCameraCtsTestCases
Merged-In: Iaaab570fc2cb3b2bfe17f964a52b09a0549e0a8b
Change-Id: Iaaab570fc2cb3b2bfe17f964a52b09a0549e0a8b
2024-06-13 14:23:22 +00:00
Satoshi Niwa
b70ff52882
Merge "Add /system/bin/traced_relay to file_contexts" into main am: 3c4364447d
am: 1649ae652c
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3127574
Change-Id: If5f2b3229c47ba0d4021f41107a3701744ce98de
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-13 09:06:20 +00:00
Satoshi Niwa
1649ae652c
Merge "Add /system/bin/traced_relay to file_contexts" into main am: 3c4364447d
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3127574
Change-Id: Id099746839932f72a593173f12429d97057a83d9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-13 08:58:58 +00:00
Satoshi Niwa
3c4364447d
Merge "Add /system/bin/traced_relay to file_contexts" into main
2024-06-13 08:53:29 +00:00
Satoshi Niwa
56a5c1c0db
Add /system/bin/traced_relay to file_contexts
...
traced_relay is a service that takes the place of traced
in a guest VM and relays the producer connections to the
host tracing service. (aosp/2646664)
The service requires the same permissions as traced.
Bug: 333835162
Bug: 340402999
Test: Run traced_relay in a guest VM
Change-Id: Ifc7854e0d3ebaf0f9021cf455a2433037525a0bc
2024-06-13 04:17:37 +00:00
Seungjae Yoo
70e6e885ae
Introducing vm_tethering_service as system_server_service
...
Bug: 340376953
Test: Presubmit
Change-Id: Iab1b348c8c593ea6d9615b6f80cddc8b78bed1fa
2024-06-13 11:07:52 +09:00
Seungjae Yoo
dbabf60855
Merge "Grant TUNGETIFF ioctl and revoke SIOCGIFFLAGS ioctl to vmnic" into main am: 5a77925214
am: 6a28c726c4
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3120132
Change-Id: I8395c287163184eb068144cbfaf390f6b9bfb033
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-13 01:51:11 +00:00
Seungjae Yoo
6a28c726c4
Merge "Grant TUNGETIFF ioctl and revoke SIOCGIFFLAGS ioctl to vmnic" into main am: 5a77925214
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3120132
Change-Id: I0e5ff9a9bb667d43027641cad61da692c0fe7415
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-13 01:44:15 +00:00
Seungjae Yoo
5a77925214
Merge "Grant TUNGETIFF ioctl and revoke SIOCGIFFLAGS ioctl to vmnic" into main
2024-06-13 01:38:54 +00:00
Jeffrey Huang
9156fffdce
Merge "Allow statsd to read file descriptors from any app" into main am: bfcc43e84e
am: 970d43eaab
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3107057
Change-Id: I8f15b7b2c0ac6f8eb7f119d0f6d43a2ffcfe0f11
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-12 21:45:57 +00:00
Jeffrey Huang
970d43eaab
Merge "Allow statsd to read file descriptors from any app" into main am: bfcc43e84e
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3107057
Change-Id: I046583d19a6772fbb4f91e27de56a6280dc27e43
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-12 21:33:08 +00:00
Jeffrey Huang
bfcc43e84e
Merge "Allow statsd to read file descriptors from any app" into main
2024-06-12 21:14:37 +00:00
Android Build Coastguard Worker
dbdceaf016
Snap for 11954976 from 9bb8a3a971
to 24Q3-release
...
Change-Id: I3e283b08361f6166016502e406366aa34fa1ea39
2024-06-11 23:26:44 +00:00
Treehugger Robot
9bb8a3a971
Merge "Compatibility for vendor_hidraw_device" into main am: 1327971c7c
am: a4ffe3b38d
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3116384
Change-Id: I1e09ffd0459dc0bf97276b25370320c7760d8ce8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-11 10:50:31 +00:00
Treehugger Robot
a4ffe3b38d
Merge "Compatibility for vendor_hidraw_device" into main am: 1327971c7c
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3116384
Change-Id: I34fb224ac84cf888527ad166b9ebd6cf13b6c1dc
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-11 10:34:00 +00:00
Treehugger Robot
1327971c7c
Merge "Compatibility for vendor_hidraw_device" into main
2024-06-11 10:12:02 +00:00
Seungjae Yoo
a217b1f191
Grant TUNGETIFF ioctl and revoke SIOCGIFFLAGS ioctl to vmnic
...
To delete TAP interface in vmnic, it should retrieve libc::ifreq struct
object from file descriptor of TAP interface, to execute SIOCSIFFLAGS
and TUNSETIFF ioctls.
On the other hand, we can reuse libc::ifreq struct for executing
SIOCSIFFLAGS ioctl constructed for executing TUNSETIFF and TUNSETPERSIST
ioctls. So we don't need to grant SIOSGIFFLAGS ioctl anymore, to get
libc::ifreq struct.
Bug: 340376951
Test: Presubmit
Change-Id: I448c8ca5366c0e27d5d5fe09bcb366c5f23650ac
2024-06-11 13:27:36 +09:00
Android Build Coastguard Worker
16c3e0c836
Snap for 11949167 from 69ca37c200
to 24Q3-release
...
Change-Id: I18fc91c9ae9ce34d30fa9afa39f43c05779a0b05
2024-06-10 23:26:11 +00:00
Karuna Wadhera
69ca37c200
Merge "Untrack keystore SELinux denial on AVF RKP Hal" into main am: e357df7504
am: c91f365902
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3122031
Change-Id: Ie185c21765ed4a8086a33fd0775d7c2bbf0a8aa2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-10 19:46:49 +00:00
Karuna Wadhera
c91f365902
Merge "Untrack keystore SELinux denial on AVF RKP Hal" into main am: e357df7504
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3122031
Change-Id: Ic45ddce19ccc5d3ba42c7c7c4e40e3c883d81351
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-10 19:31:14 +00:00
Karuna Wadhera
e357df7504
Merge "Untrack keystore SELinux denial on AVF RKP Hal" into main
2024-06-10 19:06:35 +00:00
Zi Wang
d82f51dc1d
Merge changes Ib9972bcd,I87d18451 into main am: f5f05c1f9f
am: 2baa88a1b4
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3118318
Change-Id: I3cac14a251f6e62e61d88fc739fb02515098fa5d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-10 17:33:39 +00:00
Zi Wang
2baa88a1b4
Merge changes Ib9972bcd,I87d18451 into main am: f5f05c1f9f
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3118318
Change-Id: I39d4edc62894f10149fcc382058934d5d26f0681
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-10 16:53:54 +00:00
Zi Wang
f5f05c1f9f
Merge changes Ib9972bcd,I87d18451 into main
...
* changes:
Use OutputFilesProvider on certain module types
Use OutputFilesProvider on certain module types
2024-06-10 16:33:43 +00:00
Karuna Wadhera
fb728ac3af
Untrack keystore SELinux denial on AVF RKP Hal
...
With the dontaudit line in keystore.te commented out on an otherwise clean build, I was unable to see the SELinux denial on boot. So, it seems like this denial may not be occurring anymore and it’s safe to remove the dontaudit line.
Bug: 312427637
Test: manual
Change-Id: Ib8887f0593ea984e3c011b76a81b7bf99cff2a44
2024-06-10 14:32:19 +00:00
Alan Stokes
8a6bb3ef84
Compatibility for vendor_hidraw_device
...
Older vendor policy may apply the label vendor_hidraw_device to the
HID device.
From 202404 we use the new label hidraw_device for this.
Fix the compatibility rules to allow new system policy to work with
older vendor policy by adding specific compat logic.
Note that the original 34.0 system policy didn't mention hidraw_device
at all, so the more normal compatibility mechanisms don't really work.
Bug: 340923653
Test: Builds, boots, no new denials
Change-Id: I358118b217c82b5f8111f3e05d35aa16c464b941
2024-06-10 14:59:04 +01:00
Alice Wang
d1ea1ff475
Merge "Add system property to disable avf remote attestation" into main am: 97091293b7
am: 94148a33fe
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3117519
Change-Id: I5029668ac2293d8a270a2b5bed869836cc837cb8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-10 12:23:25 +00:00
Alice Wang
94148a33fe
Merge "Add system property to disable avf remote attestation" into main am: 97091293b7
...
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3117519
Change-Id: Ia99358fe9e6c4dcacc2814c96268ec47f9884db9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-10 12:09:00 +00:00
Alice Wang
97091293b7
Merge "Add system property to disable avf remote attestation" into main
2024-06-10 11:31:52 +00:00