tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
42826 commits 1 branch 0 tags 50 MiB
Commit graph

42826 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jay Civelli
ec3e029174 Merge "Add 2 new system properties for Quick Start" into udc-dev am: 5fd77a4e68 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22872879

Change-Id: I4da2eaa71f26a8a632e6749290bf94facb1237c5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-04 17:13:08 +00:00
Jay Civelli
5fd77a4e68 Merge "Add 2 new system properties for Quick Start" into udc-dev 2023-05-04 16:35:59 +00:00
Jay Civelli
c97b3a244f Add 2 new system properties for Quick Start 
Test: Manually validated that GmsCore can access the properties, but not a test app.
Ignore-AOSP-First: Change is targeted at Google devices.
Change-Id: I2fa520dc31b328738f9a5fd1bcfc6632b61ad912
Bug: 280330984
 2023-05-03 04:04:15 +00:00
Kalesh Singh
f11e0af5c6 Merge "16k: Add sepolicy for max page size prop" into udc-dev am: ad3183676c 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22935830

Change-Id: Ie0232a428d0ecbea5c10de26206bb4f7bc64d3af
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-02 16:45:55 +00:00
Kalesh Singh
ad3183676c Merge "16k: Add sepolicy for max page size prop" into udc-dev 2023-05-02 16:11:59 +00:00
Jinyoung Jeong
8eaded4bc4 Fix selinux denial for setupwizard_esim_prop am: e52a8f2a47 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22955599

Change-Id: I5a52a063ffaba2f4063ff2865172e6bc85bafd1f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-02 14:57:35 +00:00
Jinyoung Jeong
e52a8f2a47 Fix selinux denial for setupwizard_esim_prop 
Bug: 280336861
Test: no denial logs found
Ignore-AOSP-First: will merge in AOSP aosp/2573840
Change-Id: Ieedf8343f55f047b3fd33cc1cd2c759400dce2b4
 2023-05-02 10:40:07 +00:00
Weilin Xu
c3a887cee6 Merge "Make broadcastradio_service accessible from CTS" into udc-dev am: 07767709c9 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22634562

Change-Id: I43c6be19b771098bda3c9b84d96b72b754c4c7aa
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-02 10:26:08 +00:00
Weilin Xu
07767709c9 Merge "Make broadcastradio_service accessible from CTS" into udc-dev 2023-05-02 05:05:55 +00:00
Treehugger Robot
f46c87d2d1 Merge "Allow fastbootd set boottime property" into udc-d1-dev 2023-05-02 04:54:37 +00:00
Jayden Kim
41feeca1db Merge "Add sepolicy for new bluetooth le radio path loss compensation sysprops" into udc-dev am: 5462a6501b 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22909867

Change-Id: I1145a72c9a4f5357f3e810629a33be52164a682c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-02 01:33:51 +00:00
Jayden Kim
5462a6501b Merge "Add sepolicy for new bluetooth le radio path loss compensation sysprops" into udc-dev 2023-05-02 01:01:14 +00:00
Kalesh Singh
58cefa04ab 16k: Add sepolicy for max page size prop 
Devices can select their max supported with PRODUCT_MAX_PAGE_SIZE_SUPPORTED.
This is exposed as ro.product.cpu.pagesize.max to VTS tests.

Add the required sepolicy labels for the new property.

Bug: 277360995
Test: atest -c vendor_elf_alignment_test -s <serial>
Signed-off-by: Kalesh Singh <kaleshsingh@google.com>
(cherry picked from https://android-review.googlesource.com/q/commit:0a66ea359f6751741f8100a9d934ae8d2e53d120)
Merged-In: Ibe01e301dbcc3392201dffd3bba845700ee2a5e8
Change-Id: Ibe01e301dbcc3392201dffd3bba845700ee2a5e8
 2023-05-01 09:13:39 -07:00
Evgenii Stepanov
7fcf927eda Merge "Relax sepolicy for device_config_runtime_native_*." into udc-dev am: f666700fa9 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22912955

Change-Id: I2ae8b39c4f3b4fa47a950ef1d45a96d19a8cdc17
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-30 19:18:41 +00:00
Evgenii Stepanov
f666700fa9 Merge "Relax sepolicy for device_config_runtime_native_*." into udc-dev 2023-04-30 18:29:18 +00:00
Jinyoung Jeong
5205a56ad3 Add setupwizard_esim_prop to access ro.setupwizard.esim_cid_ignore am: fa95e8c591 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22899490

Change-Id: I653ff006bc75c376434828de57bad34a28e49b15
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-30 03:23:24 +00:00
Evgenii Stepanov
11ce6894e8 Relax sepolicy for device_config_runtime_native_*. 
This change allows vendor init scripts to react to the MTE bootloader
override device_config. It extends the domain for runtime_native and
runtime_native_boot configs from "all apps", which is already very
permissive, to "everything".

Ignore-AOSP-First: UpsideDownCake/34 does not exist in AOSP
Bug: 239832365
Test: none
Change-Id: I66aa1492f929f43f937b4ab0780f7753c1f4b92e
 2023-04-28 14:37:18 -07:00
Jayden Kim
0e228763e1 Add sepolicy for new bluetooth le radio path loss compensation sysprops 
Bug: 277676657
Test: make -j; atest BluetoothInstrumentationTests
Change-Id: I94f8d9d18b9c4659703edb773dd29870430e40b7
Ignore-AOSP-First: This is a cherry-pick from AOSP
 2023-04-28 16:31:09 +00:00
Jinyoung Jeong
fa95e8c591 Add setupwizard_esim_prop to access ro.setupwizard.esim_cid_ignore 
bug: 279548423
Test:  http://fusion2/b7c803be-2dca-4195-b91f-6c4939746b5b, http://fusion2/bb76429b-7d84-4e14-b127-8458abb3e2ed
Ignore-AOSP-First: will merge in AOSP aosp/2571810
Change-Id: I4b190fca2f3825a09d27cfc74e8a528831f4f15b
 2023-04-28 16:25:26 +00:00
Wilson Sung
97af7582a1 Allow fastbootd set boottime property 
Bug: 264489957
Test: flash and no related avc error
Change-Id: Ia9a6d4918aa78e6b3e7df39496d786921192c8af
Ignore-AOSP-First: master need the prebuilt upadte
Signed-off-by: Wilson Sung <wilsonsung@google.com>
 2023-04-28 08:12:50 +00:00
Weilin Xu
85b94c7c49 Make broadcastradio_service accessible from CTS 
When CTS test app tries to get broadcastradio_service from context, it
is considered as untrusted app by sepolicy since broadcastradio_service
is not app_api_service. Made it as app_api_service so that CTS for
broadcastradio can be ran on devices.

Bug: 262191898
Test: atest CtsBroadcastRadioTestCase
Ignore-AOSP-First: fix CTS issue
Change-Id: I0583f549eb5b781ff23f81b2073baa0390009f9e
 2023-04-27 23:40:33 +00:00
Parth Sane
09334ff85b Merge "Add SysProp to set the number of threads in Apexd bootstrap" into udc-dev am: f6f4205d50 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22813140

Change-Id: Ie914438cf91737dd053c584b9cc40f7c3af77ee4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-26 13:00:04 +00:00
Parth Sane
f6f4205d50 Merge "Add SysProp to set the number of threads in Apexd bootstrap" into udc-dev 2023-04-26 12:31:14 +00:00
Parth Sane
daf8bbe7e4 Add SysProp to set the number of threads in Apexd bootstrap 
Test: Manual. Tested on device
Bug: 265019048
Change-Id: I1d559b4398c2e91f50da48dc6d5ccbef63fb9d18
(cherry picked from commit e8a2001086)
Ignore-AOSP-First: This is a cherry-pick from AOSP
 2023-04-25 17:40:39 +00:00
Jeff Vander Stoep
7a3ffd8b50 Disallow watch and watch_reads on apk_data_file for apps am: f9a774f1ae 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22283654

Change-Id: Id80c1e04d7aabee35cb92713a9435b2951cd24b5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-25 17:37:12 +00:00
Jeff Vander Stoep
f9a774f1ae Disallow watch and watch_reads on apk_data_file for apps 
This can be used as a side channel to observe when an application
is launched.

Gate this restriction on the application's targetSdkVersion to
avoid breaking existing apps. Only apps targeting 34 and above will
see the new restriction.

Remove duplicate permissions from public/shell.te. Shell is
already appdomain, so these permissions are already granted to it.

Ignore-AOSP-First: Security fix
Bug: 231587164
Test: boot device, install/uninstall apps. Observe no new denials.
Test: Run researcher provided PoC. Observe audit messages.
Change-Id: Ic7577884e9d994618a38286a42a8047516548782
 2023-04-25 15:20:45 +02:00
Alex Buynytskyy
47f031bc42 UpsideDownCake/34 is now REL am: 9c6c988bad 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22791156

Change-Id: Ia1d64836f9b70437cf85b92dc782ca420bcce897
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-24 16:01:15 +00:00
Alex Buynytskyy
9c6c988bad UpsideDownCake/34 is now REL 
Ignore-AOSP-First: UpsideDownCake Finalization
Bug: 275409981
Test: build
Change-Id: I15bf3817a8a6867d52f7963a04a69e543a9801e9
Merged-In: I15bf3817a8a6867d52f7963a04a69e543a9801e9
 2023-04-21 19:36:02 +00:00
Charles Chen
c3699d2c7c Fix attribute plurals for isolated_compute_allowed am: 27a8f43fde am: 82c81a216a am: badbeec6ac am: 5eb2d8b0df 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2552770

Change-Id: Ie07279c7ee00a8c8cbd0a6c806f6ac58cbf0ef8c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-20 21:44:58 +00:00
Charles Chen
64b3d3e10f Merge "Move isolated_compute_app to be public" am: 290d1876ff am: 48a0bcd865 am: d57f6bc6ae am: 5eba5e62a3 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2544610

Change-Id: I473210a465e994d89921cb5dd04d520d5c780f9e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-20 21:15:55 +00:00
Eric Rahm
11093a54df Merge changes from topic "cherrypicker-L58100000960054695:N31200001359782734" am: 66ef8f01ee am: 7e4c7b47a2 am: 051fd4658e am: 3c9b657e1d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2549731

Change-Id: Id705aeddbf7ae471ffa5961d613bcd5e4a6c704b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-20 19:58:47 +00:00
Eric Rahm
3ccef4033b Fix denial for ioctl FS Verity am: af6035c64f am: 4606eaa950 am: 1f2c6ef5e7 am: be8a31739a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2549730

Change-Id: Ic1bd19e4c3873bd45094b108b80504309fe860f2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-20 19:58:44 +00:00
Alexander Roederer
d13ba248dc Merge "Add persist.sysui.notification.builder_extras_ovrd" am: e46266d2ce am: 06ad0c13cc am: f5324ae425 am: 5c9320232a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2538550

Change-Id: Icb10f4a544bc1ee3e370dc3471713531800163a7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-20 19:49:33 +00:00
Charles Chen
5eb2d8b0df Fix attribute plurals for isolated_compute_allowed am: 27a8f43fde am: 82c81a216a am: badbeec6ac 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2552770

Change-Id: Ie5d474cceaac9833f53194b17636147cdc6eb75e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-20 18:49:53 +00:00
Charles Chen
5eba5e62a3 Merge "Move isolated_compute_app to be public" am: 290d1876ff am: 48a0bcd865 am: d57f6bc6ae 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2544610

Change-Id: I997bf77614cf78e61f89925857a60bb8a9a907fa
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-20 18:48:55 +00:00
Charles Chen
badbeec6ac Fix attribute plurals for isolated_compute_allowed am: 27a8f43fde am: 82c81a216a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2552770

Change-Id: I4352aa3bec7b6e48b61caa751a15d7ead1a98210
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-20 18:06:15 +00:00
Charles Chen
d57f6bc6ae Merge "Move isolated_compute_app to be public" am: 290d1876ff am: 48a0bcd865 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2544610

Change-Id: I3db506238449d86892b769fb137364aa76c52ca8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-20 18:05:24 +00:00
Charles Chen
82c81a216a Fix attribute plurals for isolated_compute_allowed am: 27a8f43fde 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2552770

Change-Id: Ibdcc12fe4cf92d4ba9f7ed25b7142eaab88ad8c8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-20 17:47:35 +00:00
Charles Chen
48a0bcd865 Merge "Move isolated_compute_app to be public" am: 290d1876ff 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2544610

Change-Id: I9093ea1878a6dbb6af85fb69a3547303dfd08784
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-20 17:25:33 +00:00
Eric Rahm
3c9b657e1d Merge changes from topic "cherrypicker-L58100000960054695:N31200001359782734" am: 66ef8f01ee am: 7e4c7b47a2 am: 051fd4658e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2549731

Change-Id: I3bc5e7644efdaf99291b2efa61de9740b3f8a7e3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-20 17:23:14 +00:00
Eric Rahm
be8a31739a Fix denial for ioctl FS Verity am: af6035c64f am: 4606eaa950 am: 1f2c6ef5e7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2549730

Change-Id: Id4297a235f5803ab4d8efafa2b2a632d29a2494c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-20 17:23:10 +00:00
Charles Chen
27a8f43fde Fix attribute plurals for isolated_compute_allowed 
Following the naming convention.

Bug: N/A
Test: m
Change-Id: Ie26d67423f9ee484ea91038143ba763ed8f97e2f
 2023-04-20 16:39:39 +00:00
Charles Chen
290d1876ff Merge "Move isolated_compute_app to be public" 2023-04-20 16:31:52 +00:00
Eric Rahm
051fd4658e Merge changes from topic "cherrypicker-L58100000960054695:N31200001359782734" am: 66ef8f01ee am: 7e4c7b47a2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2549731

Change-Id: Ib7a6476be234490f7d4053f6d2d423b5578744e0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-20 16:28:52 +00:00
Eric Rahm
1f2c6ef5e7 Fix denial for ioctl FS Verity am: af6035c64f am: 4606eaa950 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2549730

Change-Id: I8a8ae8b48342843cd643abbb499b03b399c03cbd
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-20 16:28:45 +00:00
Eric Rahm
7e4c7b47a2 Merge changes from topic "cherrypicker-L58100000960054695:N31200001359782734" am: 66ef8f01ee 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2549731

Change-Id: I1e806c6f293c964bf949b0cd4d14ee70eea0201b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-20 15:50:42 +00:00
Eric Rahm
4606eaa950 Fix denial for ioctl FS Verity am: af6035c64f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2549730

Change-Id: I59e5261f9a2fea9d855756e7bb255b683868b3a9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-20 15:50:40 +00:00
Alexander Roederer
5c9320232a Merge "Add persist.sysui.notification.builder_extras_ovrd" am: e46266d2ce am: 06ad0c13cc am: f5324ae425 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2538550

Change-Id: I7f3e24a17423eb7a29e4a8bb17e14e06ca27ec4e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-20 15:27:08 +00:00
Eric Rahm
66ef8f01ee Merge changes from topic "cherrypicker-L58100000960054695:N31200001359782734" 
* changes:
  Allow system_server to verify installed apps
  Fix denial for ioctl FS Verity
 2023-04-20 15:06:22 +00:00
Alexander Roederer
f5324ae425 Merge "Add persist.sysui.notification.builder_extras_ovrd" am: e46266d2ce am: 06ad0c13cc 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2538550

Change-Id: I2c53a5567cf76028273a970ede2068ef46224a30
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-20 14:45:21 +00:00