Commit graph

146 commits

Author SHA1 Message Date
Anton Hansson
e822545909 Add sepolicy for sdkext module prop
Add a domain for derive_sdk which is allowed to set
persist.com.android.sdkext.sdk_info, readable by all
apps (but should only be read by the BCP).

Bug: 137191822
Test: run derive_sdk, getprop persist.com.android.sdkext.sdk_info
Change-Id: I389116f45faad11fa5baa8d617dda30fb9acec7a
2019-12-05 14:11:50 +00:00
Luke Huang
13ed58b6eb Add file_contexts for apex com.android.cronet
Bug: 139397529
Bug: 143926783
Test: build
Change-Id: Ic39f88b4f4d22ea3953cb27a72f5f20a74672bd3
2019-12-05 16:58:36 +08:00
Yan Yan
fe55f30397 Merge "Make ipsec file_contexts as "android:path" property" 2019-12-04 02:07:34 +00:00
Jeff Sharkey
8d287db808 Structure MediaProvider as an APEX.
Based on guidance from the Mainline team, we're placing the
MediaProvider APK inside a new APEX, as this will allow us to
move MediaStore.java inside the module boundary in a future CL.

Bug: 144247087
Test: manual
Change-Id: I88f6f2e598d9611e8b92143504e4328d93671cab
2019-12-03 13:35:46 -07:00
Anton Hansson
fd25d49569 Add sepolicy for com.android.sdkext module
Bug: 137191822
Test: m com.android.sdkext
Change-Id: Ia5fb99af7fad43ce4321b1c6611ab54340a87589
2019-12-02 14:13:41 +00:00
Mark Chien
9bf53d557d Merge "[Tether18] Add file_contexts for com.android.tethering.apex" 2019-12-02 04:11:35 +00:00
Mark Chien
646864216f [Tether18] Add file_contexts for com.android.tethering.apex
Bug: 144320626
Test: build

Change-Id: I6b5c079a917524bf4f1ad3f89b1f44708f0d6ed7
2019-11-28 14:53:58 +08:00
evitayan
780185f503 Make ipsec file_contexts as "android:path" property
It follows examples of other APEX to make file_contexts of ipsec
module as "android:path" property

Bug: 143192273
Test: atest ipsec_e2e_tests
Change-Id: Idbba1f964aad7e54077ac77250f9cfd6a6b5049e
2019-11-27 07:00:14 -08:00
Treehugger Robot
4a51f6d55d Merge "Add apex structure to appsearch module." 2019-11-27 02:04:39 +00:00
Zach Johnson
f2c87aaf79 Add sepolicy for bluetooth apex
Bug: 142747680
Test: compile, verify APEX mounts correctly
Change-Id: I3d1bd964343584b3f344d82b58019acad6de353c
2019-11-25 17:07:31 -08:00
Roshan Pius
3fbdcd4380 sepolicy: Add entry for wifi apex mainline module
Bug: 144722612
Test: Device boots up & connects to wifi networks
Change-Id: If9207075b87dc938926c1fc1432d3b8fe481bc02
2019-11-25 20:51:50 +00:00
Terry Wang
fe5e7f7000 Add apex structure to appsearch module.
This change adds file_contexts for appsearch.

Bug: 144874026
Test: manual
Change-Id: Id8cba2eab3dbaab252eb42095e2ed265446b93c8
2019-11-25 11:30:38 -08:00
Benedict Wong
bf76bf82e1 Merge "Add file_contexts for com.android.ipsec" 2019-11-23 03:45:53 +00:00
Jooyung Han
a9324749cc Make file_contexts as "android:path" property
Till now, file_contexts has been treated differently that other input
src files. Now it is tagged as `android:"path"` because it is.

Bug: 144732805
Test: m
Change-Id: I6b22a8d22417b75c5cb8cd3b2e534d67e958b074
2019-11-20 17:54:34 +09:00
Treehugger Robot
ec2f903d9b Merge "Create a cellbroadcast apex" 2019-11-10 13:55:54 +00:00
Chen Xu
debf4b622f Create a cellbroadcast apex
create a single com.android.cellbroadcast apex to pack two apks
together: com.android.cellbroadcastreceiver and
com.android.cellbroadcastservice.

Bug: 135956699
Test: m com.android.cellbroadcast && adb install
com.android.cellbroadcast

Change-Id: Ib3f4447e1215f3dbff2ed019d4e15f3cea062920
2019-11-09 23:35:37 -08:00
evitayan
ddcaa5810f Add file_contexts for com.android.ipsec
com.android.ipsec will be shipped as a mainline module in APEX
format. A file_contexts is required for building an APEX.

Bug: 143905344
Test: Built and installed apex on device
Change-Id: I9f9a6190886181e9e4254ea2a984d338fda533da
2019-11-08 22:03:33 +00:00
Josh Gao
807f15e93d Move adbd to an apex.
Test: adb shell "su 0 readlink /proc/\`pidof adbd\`/exe"
Change-Id: Ic71e78111a7201b1e5a8eb6b43a1ea689a655cd1
2019-10-29 14:58:09 -07:00
Hai Zhang
9a960fa6ef Add APEX module for permission.
We need an APEX module for permission to reliably roll back runtime
permission state, specifically, platform runtime-permissions.xml will
be moved into the data directory of this APEX and be rolled back when
PermissionController is rolled back.

Bug: 136503238
Test: build
Change-Id: Id3ade3f2f7d31f7badf456d438e01ce0eac964eb
2019-10-11 12:29:35 -07:00
Jooyung Han
42d33e0226 Add file_contexts for "com.android.vndk" APEX
This new apex is a VNDK APEX which is going to replace /system/lib/vndk
libraries.

Bug: 134357236
Bug: 139772411
Test: m com.android.vndk

Change-Id: I9bdda5bc7862917a196b894cc562e0351db76c52
2019-09-18 10:35:39 +09:00
Tobias Thierer
353ad0fd47 SEPolicy for boringssl_self_test.
This CL adds hand-written SELinux rules to:
 - define the boringssl_self_test security domain
 - label the corresponding files at type boringssl_self_test_marker
   and boringssl_self_test_exec.
 - define an automatic transition from init to boringssl_self_test
   domains, plus appropriate access permissions.

Bug: 137267623
Test: When run together with the other changes from draft CL topic
      http://aosp/q/topic:bug137267623_bsslselftest, check that:
      - both /dev/boringssl/selftest/* marker files are
        present after the device boots.
      - Test: after the boringssl_self_test{32,64} binaries have
        run, no further SELinux denials occur for processes
        trying to write the marker file.

Change-Id: I77de0bccdd8c1e22c354d8ea146e363f4af7e36f
2019-09-05 02:40:57 +01:00
Martin Stjernholm
f6bd00af8b Split off ART rules for new ART APEX.
Test: Build & boot
Bug: 135753770
Exempt-From-Owner-Approval: Approved internally
Change-Id: Iab56f6b5bb7a59fbeaad214a64fbd959060574f4
Merged-In: Iab56f6b5bb7a59fbeaad214a64fbd959060574f4
2019-08-30 17:47:31 +01:00
Treehugger Robot
accc143126 Merge "Add file-contexts for statsd apex" 2019-08-23 21:53:32 +00:00
Muhammad Qureshi
71a051af5a Add file-contexts for statsd apex
Bug: 139549262
Test: build, install, and verify statsd module is mounted
Change-Id: Iabfb4d5bf5c7f06ed6c3d06f2dd9ec8b382f5688
2019-08-19 15:27:38 -07:00
Victor Chang
422d86ae03 Add sepolicy for com.android.i18n module
Bug: 137009149
Test: device boots
Change-Id: Ib6afa4437f1a844ade9a35e5d23e816e02edba35
2019-07-26 17:34:02 +01:00
Przemyslaw Szczepaniak
a88ea13c1b Add file contexts for com.android.neuralnetworks APEX package.
Test: -
Bug: 137320025
Change-Id: I13b3b86f8176a8fa3ce2ad8a625f991229d29ff9
2019-07-18 09:58:48 +00:00
Neil Fuller
073271071a Track removal of tz data files from runtime module
Track the removal of time zone data files from the runtime mainline module.

Bug: 132168458
Test: build / boot only
Change-Id: I67e596e4da2b23726c36866ff1648a833d2853c7
2019-06-10 15:39:19 +01:00
Anders Fridlund
831830bc09 Set context for files in the com.android.bootanimation apex
Set the bootanim_file context for files in the com.android.boootanim
apex-module.

Bug: 116821733
Test: Verify that the new boot animation is used from next boot
Change-Id: I15e7b00bb8044eee550a4490a271b05ae14587b6
2019-05-29 13:49:41 -07:00
Treehugger Robot
8740465034 Merge "Move mediaswcodec service to APEX" 2019-03-06 02:06:19 +00:00
Chong Zhang
21b40e380e Move mediaswcodec service to APEX
bug: 127499775
test:
- adb shell lshal debug android.hardware.media.c2@1.0::IComponentStore/software
check all software c2 codecs are still listed
- clean-built image shouldn't have mediaswcodec in /system/bin
- atest CtsMediaTestCases -- --module-arg CtsMediaTestCases:size:small
Change-Id: Ie528fe3b1053d5bfd9dc3b858c996b8e1c708cbc
2019-03-05 14:54:14 -08:00
Andreas Gampe
4c2d06c458 Sepolicy: Add base runtime APEX postinstall policies
Add art_apex_postinstall domain that is allowed to move
precreated AoT artifacts from /data/ota.

Bug: 125474642
Test: m
Change-Id: Id674e202737155a4ee31187f096d1dd655001fdd
2019-02-28 09:24:17 -08:00
Andreas Gampe
ae127d8340 Sepolicy: Add base runtime APEX preinstall policies
Add art_apex_preinstall domain that is allowed to create AoT
artifacts in /data/ota.

Bug: 125474642
Test: m
Change-Id: Ia091d8df34c4be4f84c2052d3c333a0e36bcb036
2019-02-28 05:12:56 -08:00
Andreas Gampe
261ea86192 Sepolicy: Initial Apexd pre-/postinstall rules
Give apexd permission to execute sh.

Add userdebug_or_eng domains and rules for the test
APEX for pre- and post-install.

Bug: 119260955
Bug: 119261380
Test: atest apexservice_test
Change-Id: I0c4a5e35e096101a53c9d1f212d2db2e63728267
2019-01-24 15:06:17 -08:00
Chong Zhang
b1ab8c6f9f adding apex for media swcodecs
bug: 111407413
Change-Id: Ica209ad9476b0597a206bf53823a1928643c8256
2019-01-09 13:24:59 -08:00
Jiyong Park
048e136653 Label the dynamic linker in the runtime APEX correctly
e2bc9fe9d5ac82457bc6050bf705ff43a1b05cbf in platform/art project added
the dynamic linker to the runtime APEX. Since the dynamic linker has
been labeled as 'system_linker_exec' so does the linker in the APEX.

Bug: 120266448
Test: ls -Z /apex/com.android.runtime/bin/linker
u:object_r:system_linker_exec:s0 /apex/com.android.runtime/bin/linker

Change-Id: I243b86a74d94058b3283830c32232c6584639ff3
2019-01-04 01:19:44 +09:00
Treehugger Robot
66334bd0e4 Merge "Add SELinux policy for Conscrypt APEX" 2018-12-13 23:27:54 +00:00
Neil Fuller
13a72f4b71 Add tz files to the runtime module permissions
Code in bionic / libcore will now look in the runtime
APEX module for data files.

Bug: 119293618
Bug: 119390260
Test: build / treehugger only
Change-Id: I965c763e7f0452b8ef5ffbf730733e9a41254beb
2018-12-07 11:35:03 +00:00
Adam Vartanian
8e4412d5e1 Add SELinux policy for Conscrypt APEX
Bug: 110404540
Test: cts -m CtsLibcoreTestCases -t com.android.org.conscrypt
Change-Id: Id89fc0f5e39515093f1d9d8a4fd075d717b50cf8
2018-12-07 10:49:44 +00:00
Dario Freni
4df603a038 Remove permission for APEX manifest.
There is no real need to access the manifest.json (which is being
renamed in other CLs anyway). So remove the access to it.

Bug: 119672727
Test: m, installed on device, boots.
Change-Id: I2d82062031da36f871b2a64d97a50a6f1e6fc3dd
2018-11-24 17:19:05 +00:00
Treehugger Robot
ac317b915e Merge "Add com.android.resolv-file_contexts to /system/sepolicy/apex" 2018-11-21 13:10:13 +00:00
chenbruce
a5121f64a6 Add com.android.resolv-file_contexts to /system/sepolicy/apex
Gathering file contexts for all APEXes there for easier auditing.

Test: m com.android.resolv
Bug: 119527674
Change-Id: I0f06c21c77f4b537e7c7d590204569f4531b5302
2018-11-21 14:39:33 +08:00
Roland Levillain
04dcdeacee Merge "Add file_contexts for Release Runtime APEX module." 2018-11-20 11:54:17 +00:00
Roland Levillain
4592b0f07a Add file_contexts for Release Runtime APEX module.
Also rename `file_contexts` for the "Debug" Runtime APEX module
(containing both release and debug variants, as well as additional
tools).

Test: make com.android.runtime
Test: make com.android.runtime.release
Test: make com.android.runtime.debug
Test: art/build/apex/runtests.sh
Bug: 113373927
Change-Id: I6b917d7f5b1734aeb717932081c7b03366ef2774
2018-11-16 19:04:09 +00:00
Jiyong Park
b23f71d97d Set filecontext for the test apex
Label the surfaceflinger binary as surfaceflinger_exec

Test: m apex.test; m; device is bootable

Change-Id: I22297ba514f7ba298a1d0d4b476a447f26e48078
2018-11-16 21:10:38 +09:00
Jiyong Park
a4767dd116 Rename APEX file_contexts as <name>-file_context
It was <name>_file_context before. Changing for better readability.

Bug: 119034475
Test: m apex.test com.android.tzdata com.android.runtime
Change-Id: Ic9d6479dfed56ac474c574343a38b5f73dde3c05
2018-11-14 13:56:56 +09:00
Jiyong Park
03ccac0e75 Move file_contexts for APEXes to under /system/sepolicy
For centralized development of sepolices, file_contexts files for APEXes
are all moved to under /system/seplicy.

Bug: 119034475
Bug: 113373927
Test: m apex.test com.android.tzdata com.android.runtime com.android.media
Change-Id: I9bf4874793db4dbdb75cbd759ae95f72d7281007
2018-11-13 14:22:38 -08:00