tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
23769 commits 1 branch 0 tags 50 MiB
Commit graph

23769 commits

This branch
This branch
All branches
Author SHA1 Message Date
Steven Moreland
f60d2bf5db Merge "Remove treble coredomain whitelist." am: a531789459 
Change-Id: Ie4ec70b6e91747b8a353c7d987dc9f492cc5e051
 2020-04-03 17:58:35 +00:00
Steven Moreland
a531789459 Merge "Remove treble coredomain whitelist." 2020-04-03 17:41:20 +00:00
Steven Moreland
a00530b07c Remove treble coredomain whitelist. 
Seems that this is no longer needed, except for vendor_init.

Bug: 152813275
Test: m (runs this test)
Change-Id: I773053cbe1a84911684cc2ff15904ee7ddf7a73e
 2020-04-02 16:02:54 -07:00
Treehugger Robot
895a086ff7 Merge "Create surfaceflinger_prop and migrate props" am: 15ac2abfd7 
Change-Id: I280bd438a5efbc6524dfc603e3691d4ae68555f3
 2020-04-02 22:57:34 +00:00
Treehugger Robot
15ac2abfd7 Merge "Create surfaceflinger_prop and migrate props" 2020-04-02 22:38:42 +00:00
Robin Lee
8b5a2cf3b0 Allow blank_screen to make binder calls to the servicemanager am: e58b2d4cae 
Change-Id: Ibfe2ac37b8396be169819d0d99380db1a7f51999
 2020-04-02 19:32:48 +00:00
Robin Lee
e58b2d4cae Allow blank_screen to make binder calls to the servicemanager 
blank_screen can not find and use the lights HAL if it cannot use the servicemanager. This
broke turning off the display during shutdown.

Change-Id: I6aff1cb71f805637abc79493ba2574143c5cf7cf
Test: adb root; adb shell setenforce 1; adb shell setprop ctl.start blank_screen
Test: adb logcat -b all | grep 'denied'
Bug: 151363454
 2020-04-02 18:40:11 +02:00
Treehugger Robot
886eca4f1f Merge "Reduce graphics logspam" am: fcdb7145c1 
Change-Id: I311400bf765518759d190522f8503515ef82ad11
 2020-04-02 13:23:39 +00:00
Treehugger Robot
fcdb7145c1 Merge "Reduce graphics logspam" 2020-04-02 13:06:35 +00:00
Jeff Vander Stoep
67896eef07 Reduce graphics logspam 
There is no change in behavior. These denials were already
being blocked.

Bug: 79617173
Test: build
Change-Id: Iffd1e5ba42854615eeea9490fe9150678ac98796
 2020-04-02 13:43:26 +02:00
Inseob Kim
94bae860a9 Create surfaceflinger_prop and migrate props 
This is a subtask of removing exported*_prop.

Bug: 152468529
Test: m && boot crosshatch
Change-Id: I9d6ec7ade96a3a53288f23d155cc829c2107bb6f
 2020-04-02 11:21:14 +00:00
Jeff Vander Stoep
f047f015a3 Track another instance of b/77870037 am: 8c9826ec21 
Change-Id: I3049478006595df7bef5a4a2f1b1034ad96d5ae3
 2020-04-02 10:04:22 +00:00
Jeff Vander Stoep
8c9826ec21 Track another instance of b/77870037 
Bug: 77870037
Test: build
Change-Id: I77f5888aaf0fedd07635e301dbc642e3f8749688
 2020-04-02 10:17:22 +02:00
Treehugger Robot
547f10ac32 Merge "Rename exported2_config_prop to systemsound_config_prop" am: cb4138129a 
Change-Id: I4a978826c2a4fa588311af2177f12020251a3842
 2020-04-02 00:46:51 +00:00
Treehugger Robot
cb4138129a Merge "Rename exported2_config_prop to systemsound_config_prop" 2020-04-02 00:24:28 +00:00
Treehugger Robot
4a5126b9f6 Merge "iorapd: Allow dumpstate (bugreport) to dump iorapd" am: d7d59798d0 
Change-Id: I84a00e2c9efa6c9891323a39d9a62904b496d2df
 2020-04-01 19:55:33 +00:00
Treehugger Robot
d7d59798d0 Merge "iorapd: Allow dumpstate (bugreport) to dump iorapd" 2020-04-01 19:32:40 +00:00
Collin Fijalkovich
119d0a451a Merge "Allow Traceur record the mm_event trace event." am: 25e9ff9ddc 
Change-Id: I72becf852437b269aab4bf70d14810175985f22c
 2020-04-01 17:14:15 +00:00
Collin Fijalkovich
25e9ff9ddc Merge "Allow Traceur record the mm_event trace event." 2020-04-01 16:57:09 +00:00
Florian Mayer
4a1081350f Allow incidentd to attach perfetto traces on user. am: 487bf1c5ff 
Change-Id: I42f6c15b3d20350deebafb96e483a5224d23392e
 2020-04-01 11:01:50 +00:00
Inseob Kim
fd2d6ec3bc Rename exported2_config_prop to systemsound_config_prop 
Fixing bad names (exported*_prop) on property contexts.

Bug: 152468650
Test: m sepolicy_tests
Change-Id: Ie98212ee0fa89966e70faa83322b65b613f3b3f5
 2020-04-01 18:23:39 +09:00
Florian Mayer
487bf1c5ff Allow incidentd to attach perfetto traces on user. 
Bug: 151140716
Change-Id: I821d1a504e6ffcea3a52e2c76bf2290e7b382a48
 2020-04-01 10:41:14 +02:00
Igor Murashkin
e67fad5deb iorapd: Allow dumpstate (bugreport) to dump iorapd 
Bug: 152616197
Test: adb bugreport
Change-Id: I36e3b6d847341ddd84792ccc3f2c2c620e1c3f7b
Merged-In: I36e3b6d847341ddd84792ccc3f2c2c620e1c3f7b
 2020-03-31 13:48:47 -07:00
Treehugger Robot
bfd6e24f80 Merge "Ignore the denial when system_other is erased" am: cdc1a840ea 
Change-Id: I5810a13666d82ea78ae2cd45ba75523a0e3e095a
 2020-03-31 12:12:16 +00:00
Treehugger Robot
cdc1a840ea Merge "Ignore the denial when system_other is erased" 2020-03-31 11:52:32 +00:00
Bowgo Tsai
35c2f102f2 Ignore the denial when system_other is erased 
This CL addresses the following denial, when the system_other
partition is erased. This happens when 1) the device gets an
OTA update and 2) factory reset to wipe userdata partition.

Note that the system_other partition will be mounted under
/postinstall only in the first boot after factory reset.
Also, system_other.img is only included in the factory ROM and
is absent in the OTA package. When it is absent and userdata
is wiped, the mount will fail and triggers the following denials
when both cppreopts.sh and preloads_copy.sh access /postinstall dir.

SELinux denials to address:
  avc: denied { search } for comm="find" name="postinstall" dev="dm-5"
  ino=44 scontext=u:r:preloads_copy:s0
  tcontext=u:object_r:postinstall_mnt_dir:s0 tclass=dir permissive=0

  avc: denied { search } for comm="cppreopts.sh" name="postinstall" dev="dm-5"
  ino=44 scontext=u:r:cppreopts:s0
  tcontext=u:object_r:postinstall_mnt_dir:s0 tclass=dir permissive=0

Bug: 152453231
Test: fastboot erase system_other (e.g., system_b) and fastboot -w
Change-Id: Ie67f02467d5da51b0caba6e8fda56bc2c6bbc944
 2020-03-31 13:58:11 +08:00
Collin Fijalkovich
2d1e4ce577 Allow Traceur record the mm_event trace event. 
Bug: 150130660
Test: Took a trace with Traceur and verified mm_event records
were included when the memory category was enabled.

Change-Id: Iea39467d0d37d12a78fbde57b8d9649fad45b652
 2020-03-30 16:23:32 -07:00
Peter Collingbourne
40475ffc25 Merge "Update sepolicy to account for crash_dump move." am: e432c093b7 
Change-Id: Idad93427f300d0f020e35c0e7d6524414c727d92
 2020-03-30 19:18:00 +00:00
Peter Collingbourne
e432c093b7 Merge "Update sepolicy to account for crash_dump move." 2020-03-30 19:03:42 +00:00
David Anderson
61b13e91ba Merge "fastbootd: Allow flashing the cache partition." am: 8d0e599fb4 
Change-Id: I6add3a957257cb682bed1ae91d80e60765bece22
 2020-03-27 23:49:50 +00:00
David Anderson
8d0e599fb4 Merge "fastbootd: Allow flashing the cache partition." 2020-03-27 23:48:13 +00:00
Treehugger Robot
9b2b5eadb2 Merge "Allow audio HAL to access application shared memory" am: d30653d84b 
Change-Id: Ib8c0ee5875e6c671d48c2b01f5d43692c384d3ec
 2020-03-27 08:42:20 +00:00
Treehugger Robot
d30653d84b Merge "Allow audio HAL to access application shared memory" 2020-03-27 08:26:42 +00:00
Howard Chen
31f119a3b0 Merge "Allow developer settings to query gsid status" am: c79439f729 
Change-Id: I3191e9a1762872cb17488a0850aacc90e7f71953
 2020-03-27 08:16:58 +00:00
Howard Chen
c79439f729 Merge "Allow developer settings to query gsid status" 2020-03-27 08:07:12 +00:00
Roman Kiryanov
30ec5f3405 Merge "Label android.hardware.lights-service.example as hal_light_default_exec" am: f7e86d40e1 
Change-Id: Ie2f4a26d031c7a7943c00adff3644ec8bdb52762
 2020-03-27 00:49:39 +00:00
Roman Kiryanov
f7e86d40e1 Merge "Label android.hardware.lights-service.example as hal_light_default_exec" 2020-03-27 00:39:38 +00:00
Ram Muthiah
a96fe8ade6 Merge "Update core sepolicy with neuralnetwork hal" am: d145478876 
Change-Id: I2518cb42dbe262fcedc2d3bb62136573b487f11f
 2020-03-26 23:55:01 +00:00
Ram Muthiah
d145478876 Merge "Update core sepolicy with neuralnetwork hal" 2020-03-26 23:41:23 +00:00
Ytai Ben-Tsvi
d09bf56664 Allow audio HAL to access application shared memory 
Bug: 151190218
Change-Id: I430ebe60e192803a3cc699477db83d1a33f8c62e
 2020-03-26 16:02:39 -07:00
Treehugger Robot
1d81b174eb Merge "Implement sysprop type checker" am: 1beea32dab 
Change-Id: I45b7407b2fa5d9837c2ef553a1fb05821c9ec709
 2020-03-26 21:58:18 +00:00
Roman Kiryanov
e0cc8b0f63 Label android.hardware.lights-service.example as hal_light_default_exec 
Bug: 152544844
Test: ls -Z /vendor/bin/hw/android.hardware.lights-service.example
Signed-off-by: Roman Kiryanov <rkir@google.com>
Change-Id: I32a6a443c57986b37fdcca788bfe01bf0cdd3e07
 2020-03-26 14:32:15 -07:00
Treehugger Robot
1beea32dab Merge "Implement sysprop type checker" 2020-03-26 21:22:26 +00:00
Hayden Gomes
0355e5f4d2 Add android.hardware.automotive.audiocontrol@2.0-service to file_contexts am: a010cef7ad 
Change-Id: Ie42ea61a36cba947cb668f68555b680cdfbe5e2f
 2020-03-26 20:26:25 +00:00
Ram Muthiah
14f1a7f47e Update core sepolicy with neuralnetwork hal 
Bug: 152338071
Bug: 145388549
Test: Forrest
Change-Id: I8224c04806db829ef20156d656755f7fc5874e3e
 2020-03-26 13:21:46 -07:00
David Anderson
91f28e0c2c fastbootd: Allow flashing the cache partition. 
This fixes the following denial:
  avc:  denied  { write } for  pid=332 comm="fastbootd" name="mmcblk0p35" dev="tmpfs" ino=11234 scontext=u:r:fastbootd:s0 tcontext=u:object_r:cache_block_device:s0 tclass=blk_file permissive=0
  avc:  denied  { ioctl } for  pid=294 comm="fastbootd" path="/dev/block/mmcblk0p35" dev="tmpfs" ino=6953 ioctlcmd=0x1277 scontext=u:r:fastbootd:s0 tcontext=u:object_r:cache_block_device:s0 tclass=blk_file permissive=0

Bug: 150112538
Test: fastboot flash cache on non-A/B device
Test: fastboot erase cache on non-A/B device
Change-Id: Ib2288b42f2bb47e83b1476319669d6c2719db2ec
 2020-03-25 20:58:40 -07:00
Hayden Gomes
a010cef7ad Add android.hardware.automotive.audiocontrol@2.0-service to file_contexts 
Bug: 148098383
Test: built and ran with new version
Change-Id: I06f8f2cd73dce73111559664871bdd3c9b814d7c
 2020-03-25 15:00:10 -07:00
Nikita Ioffe
17439c6a47 Merge "Use properties for various userspace reboot timeouts" am: df8e2672f0 
Change-Id: I6d8e296469bbecdbec57a2c1b974d9814a78fd76
 2020-03-25 20:27:09 +00:00
Nikita Ioffe
df8e2672f0 Merge "Use properties for various userspace reboot timeouts" 2020-03-25 20:02:05 +00:00
Zimuzo Ezeozue
229c80573f Merge "Grant MediaProvider access to /mnt/media_rw" am: c63e10d83c 
Change-Id: I3dc9cf0606494bec0f34b9217446dce171da3bdf
 2020-03-25 18:57:12 +00:00