This allows OEM to get a copy of precompiled SEPolicy. This can be
useful when an OEM needs to bind-mount some of the Android partitions
across the VM boundary to ensure the correct labeling.
Bug: 301629552
Test: Presubmit builds should be enough.
Change-Id: I3339a7abfe2612993ee659fd5492c323aa895999
When suspend.disable_sync_on_suspend is set init must write to
/sys/power/sync_on_suspend.
Bug: 285395636
Change-Id: Ica1b039c3192f08ec84aa07d35c2d0c61e7449c0
am skip reason: Merged-In I72670ee42c268dd5747c2411d25959d366dd972c with SHA-1 6d3e772828 is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2762385
Change-Id: I2494150690c97f2c13ba829a6840d5e36b5d67d2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
am skip reason: Merged-In I72670ee42c268dd5747c2411d25959d366dd972c with SHA-1 6d3e772828 is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2762385
Change-Id: If027337f7e703fe5b80e18ecddeabbac29011c5f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
am skip reason: Merged-In I72670ee42c268dd5747c2411d25959d366dd972c with SHA-1 6d3e772828 is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2762385
Change-Id: Iacb6a5a7d103fd7125a5bdf48e2438fd3aece40e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
am skip reason: Merged-In I72670ee42c268dd5747c2411d25959d366dd972c with SHA-1 6d3e772828 is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2762385
Change-Id: I9f39e5b28001ed8307bb444b46e846b9d8767d76
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
am skip reason: Merged-In I72670ee42c268dd5747c2411d25959d366dd972c with SHA-1 6d3e772828 is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2762385
Change-Id: Ib82db36340060d01bf9284135768cb4cb6744e73
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
Relaxation of SELinux policies to allow users of libstagefright and
MediaCodec to be able to query server-side configurable flags.
Bug: 301372559
Bug: 301250938
Test: run cts -m CtsSecurityHostTestCases
Change-Id: I72670ee42c268dd5747c2411d25959d366dd972c
Merged-In: I72670ee42c268dd5747c2411d25959d366dd972c
am skip reason: Merged-In I72670ee42c268dd5747c2411d25959d366dd972c with SHA-1 1b32bccc1a is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2762618
Change-Id: I2305cd00e3c8f3c2ff721674c6fe8af500d04da4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
am skip reason: Merged-In I72670ee42c268dd5747c2411d25959d366dd972c with SHA-1 1b32bccc1a is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2762618
Change-Id: Ic5d201f979fb6160b8ded5dbd8e07e7ba213ed80
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
am skip reason: Merged-In I72670ee42c268dd5747c2411d25959d366dd972c with SHA-1 1b32bccc1a is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2762618
Change-Id: I4eea155c28552d50ebcb312aa162dab2863e2483
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
am skip reason: Merged-In I72670ee42c268dd5747c2411d25959d366dd972c with SHA-1 1b32bccc1a is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2762618
Change-Id: I556bbfb35c7aeb3564e63cd9ed993aae15e2baae
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
Relaxation of SELinux policies to allow users of libstagefright and
MediaCodec to be able to query server-side configurable flags.
Bug: 301372559
Bug: 301250938
Test: run cts -m CtsSecurityHostTestCases
Change-Id: I72670ee42c268dd5747c2411d25959d366dd972c
Merged-In: I72670ee42c268dd5747c2411d25959d366dd972c
am skip reason: Merged-In I95aa6772a40599636d109d6960c2898e44648c9b with SHA-1 ffeb680417 is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2762467
Change-Id: If30fb80505eb55e02b7bd76e8c69f04dcd94a5ab
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
am skip reason: Merged-In I95aa6772a40599636d109d6960c2898e44648c9b with SHA-1 3c818406c4 is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2762467
Change-Id: I8b7c5cf421f70df6518fc0711924510c2c3086a9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
am skip reason: Merged-In I95aa6772a40599636d109d6960c2898e44648c9b with SHA-1 ffeb680417 is already in history
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2762467
Change-Id: I719b9b0dd51bac4ac0fc513402918ca1c73dbe10
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
Relaxation of SELinux policies to allow users of libstagefright and
MediaCodec to be able to query server-side configurable flags.
Bug: 301372559
Bug: 301250938
Test: run cts -m CtsSecurityHostTestCases
Change-Id: I72670ee42c268dd5747c2411d25959d366dd972c
Merged-In: I95aa6772a40599636d109d6960c2898e44648c9b
We are compiling regex more than 300000 times, and it's a main
bottleneck for slow sepolicy_tests. Actually we don't need to compile
regex that much; most of cases can be handled by simple string
comparison. This change introduces heuristics for optimization.
Bug: 301874100
Test: verified that return values of MatchPathPrefix are not changed.
Test: run cProfile, before and after.
Before
ncalls tottime percall cumtime percall filename:lineno(function)
21951 0.923 0.000 56.491 0.003 policy.py:33(MatchPathPrefix)
After
ncalls tottime percall cumtime percall filename:lineno(function)
21951 0.078 0.000 1.159 0.000 policy.py:40(MatchPathPrefix)
Change-Id: I1ebad586c2518e74a8ca67024df5e77d068e3ca5
This reverts commit e2bd44d48d.
Reason for revert: 2nd attempt to add the policy change
Test: m selinux_policy
Change-Id: I5b9a102879a65917d496ba2194187ddd2b4545d1
* `binder_command`: Reported by the kernel every time a userspace
thread sends a binder command to the binder kernel driver. Only the
command type (e.g. `BC_TRANSACTION`, `BC_REPLY`) is reported, the
contents are not disclosed.
* `binder_command`: Reported by the kernel every time the binder driver
sends a command to a userspace thread. Only the command type (e.g.
`BR_TRANSACTION_COMPLETE`, `BR_FAILED_REPLY`) is reported, the
contents are not disclosed.
Bug: 295124679
Change-Id: I0dcfda7eba892abca3145188b9168a6b3a2ee0e8
This allows package manager enables fs-verity to an APK if it is
installed with .idsig in the classic install session (non-incremental).
This is done in ag/24707249 behind a flag. This sepolicy change was
missed by mistake.
Bug: 277344944
Test: atest android.appsecurity.cts.PkgInstallSignatureVerificationTest
Change-Id: If403d84611b69ab076a808addebbd5f0738cdc68
