tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
33487 commits 1 branch 0 tags 50 MiB
Commit graph

33487 commits

This branch
This branch
All branches
Author SHA1 Message Date
Treehugger Robot
c995fd7ac3 Merge "Split composd's service in two" am: 6d485dfd89 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1897594

Change-Id: I534d6a997f2d51745714e5a4467c2a1fd5129cca
 2021-11-22 11:30:18 +00:00
Treehugger Robot
6d485dfd89 Merge "Split composd's service in two" 2021-11-22 11:19:40 +00:00
Alan Stokes
8788f7afe2 Split composd's service in two 
They are served by the same process but have different clients:
- the main interface is exposed to system server;
- the internal interface is called by odrefresh when spawned by composd.

Test: compos_cmd forced-compile-test
Bug: 199147668
Change-Id: Ie1561b7700cf633d7d5c8df68ff58797a8d8bced
 2021-11-22 09:36:45 +00:00
Rajesh Nyamagoud
ce542660c9 Added sepolicy rule for vendor uuid mapping config 
New type added in sepolicy to restrict Vendor defined uuid mapping
config file access to SecureElement.

Bug: b/180639372
Test: Run OMAPI CTS and VTS tests
Change-Id: I81d715fa5d5a72c893c529eb542ce62747afcd03
 2021-11-20 01:08:11 +00:00
Rajesh Nyamagoud
453dcf6752 Support for OMAPI Vendor stable interface 
Label defined for OMAPI Vendor Stable Interface

Bug: b/180639372
Test: Run OMAPI CTS and VTS tests
Change-Id: Ifa67a22c85ffb38cb377a6e347b0e1f18af1d0f8
 2021-11-20 01:05:07 +00:00
Elliot Sisteron
6703102c79 Mark safety_center_service as app_api_service in SELinux Policy. 
This is to make the SafetyCenterManager usable in CTS tests.
Test: SafetyCenterManager CTS test in ag/16284943
Bug: 203098016

Change-Id: I28a42da32f1f7f93c45294c7e984e6d1fd2cdd8d
 2021-11-20 00:14:50 +00:00
Treehugger Robot
5d0c815440 Merge "recovery init domain_trans to health HAL." am: d6c57bb99d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1893225

Change-Id: Iceea98db985774fff86dd6b8dec325b0de0e57c9
 2021-11-20 00:09:03 +00:00
Yuntao Xu
ad7db61293 Merge "Split property/file/service contexts modules" am: 9fcf271f71 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1895249

Change-Id: Ied1686d81722a21c2288b70f9e11ed6638b72a50
 2021-11-20 00:08:48 +00:00
Akilesh Kailash
8a9ec2a496 New property to control virtual a/b user-space snapshots 
Bug: 193863443
Test: OTA on pixel
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: I89e5d105071c2529c9ceb661c04588ff88ffdd76
 2021-11-19 23:35:32 +00:00
Treehugger Robot
d6c57bb99d Merge "recovery init domain_trans to health HAL." 2021-11-19 21:25:33 +00:00
Yuntao Xu
9fcf271f71 Merge "Split property/file/service contexts modules" 2021-11-19 19:24:55 +00:00
Elliot Sisteron
1e50a0757d SELinux policy changes for SafetyCenter APIs. am: 67cedde1fe 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1897505

Change-Id: I6e761f7b4cd30ef474fc34768a34a78e45b76508
 2021-11-19 16:23:58 +00:00
Elliot Sisteron
67cedde1fe SELinux policy changes for SafetyCenter APIs. 
Context about this is on ag/16182563.

Test: Ensure no build failures, ensure no SecurityException on boot when
SafetyCenterService is added as boot phase
Bug: 203098016

Change-Id: I4c20980301a3d0f53e6d8cba0b56ae0992833c30
 2021-11-19 14:32:11 +00:00
Yuntao Xu
42e732c861 Split property/file/service contexts modules 
1. Splitted plat_property_contexts, plat_file_contexts, and
plat_service_contexts so they can be included by the
CtsSecurityHostTestCases module.

2. Add temporary seapp_contexts Soong module, which are needed by the
CtsSecurityHostTestCases, and makefile_goal is an interim solution before
migrating both of them to Soong.

Bug: 194096505
Test: m CtsSecurityHostTestCases
Change-Id: I99ba55b1a89f196b3c8504e623b65960a9262165
 2021-11-19 18:23:12 +09:00
Yifan Hong
705db2b7e8 recovery init domain_trans to health HAL. 
Test: run health HAL in recovery
Bug: 177269435
Bug: 170338625
Change-Id: Iac800463d4d29c56466a6671929a51139ca3fde7
 2021-11-18 18:16:09 -08:00
Paul Lawrence
e3e26b7bea Allow bpfloader to read fuse's bpf_prog number 
Bug: 202785178
Test: Along with rest of topic, file
/sys/fs/bpf/prog_fuse_media_fuse_media
appears on boot with fuse-bpf in kernel

Merged-In: Ibccdf177c75fef0314c86319be3f0b0f249ce59d
Change-Id: Ibccdf177c75fef0314c86319be3f0b0f249ce59d
 2021-11-19 01:43:58 +00:00
Treehugger Robot
ad9ebec821 Merge "Sepolicy for StatsBootstrapAtomService" am: b8f39c49f5 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1885105

Change-Id: I73859cd8f97eb4e21760ab25a6c43c6f1ad9a5b6
 2021-11-18 23:48:16 +00:00
Treehugger Robot
b8f39c49f5 Merge "Sepolicy for StatsBootstrapAtomService" 2021-11-18 23:25:21 +00:00
Xin Li
41d02cab17 Merge "Merge sc-qpr1-dev-plus-aosp-without-vendor@7810918" into stage-aosp-master 2021-11-18 21:28:43 +00:00
Vova Sharaienko
a2293cc8c7 Merge "Revert "Split property and file contexts modules"" am: 919fa4f9fc 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1896454

Change-Id: I5bbff07582e2bff9cafd9d85a28b193e3ae3f3e1
 2021-11-18 18:12:59 +00:00
Vova Sharaienko
919fa4f9fc Merge "Revert "Split property and file contexts modules"" 2021-11-18 17:56:09 +00:00
Vova Sharaienko
bec08097c9 Revert "Split property and file contexts modules" 
Revert "Convert security/Android.mk to Android.bp"

Revert "Add seapp_contexts to allowlist of makefile goal"

Revert submission 1795972-Convert security/Android.mk to Android.bp

Reason for revert: http://b/206976319 Broken build 7928060 on aosp-master on sdk_arm64-sdk
Reverted Changes:
I0e0e7f677:Split property and file contexts modules
I5596d6f00:Add seapp_contexts to allowlist of makefile goal
If685e5ccc:Convert security/Android.mk to Android.bp

Change-Id: Ibbca0a17886d15b3fd7ecaf974a06df7107fd9aa
 2021-11-18 17:29:01 +00:00
Yuntao Xu
e271a778fc Merge "Split property and file contexts modules" am: 1b76673577 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1880996

Change-Id: I97f93d0c17224e213a93173fc8e41d30cfb6b8ae
 2021-11-18 17:21:20 +00:00
Yuntao Xu
1b76673577 Merge "Split property and file contexts modules" 2021-11-18 17:05:46 +00:00
Treehugger Robot
5446b99782 Merge "Allow system server to access composd." am: c1ebd11f2c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1892440

Change-Id: Ie67d38cfaecc630a07d19d252f2d4af18e0e98b0
 2021-11-18 13:13:26 +00:00
Treehugger Robot
c1ebd11f2c Merge "Allow system server to access composd." 2021-11-18 13:03:01 +00:00
Yifan Hong
833b68bdbd Merge changes from topic "servicemanager-recovery" am: 28f9b97646 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1891581

Change-Id: Ide034c5ab9ceef3d1ba5d7905af7ff9371ba616b
 2021-11-18 05:01:38 +00:00
Yifan Hong
546678089a Add recovery service_contexts files. am: d6b2901748 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1891582

Change-Id: If557854b35b9ab49176add91938d0aee4d2b61f3
 2021-11-18 05:01:37 +00:00
Yifan Hong
28f9b97646 Merge changes from topic "servicemanager-recovery" 
* changes:
  servicemanager: recovery write to kmsg.
  Add recovery service_contexts files.
 2021-11-18 04:39:15 +00:00
Treehugger Robot
e58de1b17a Merge changes I74797b13,I5d0b06e3 am: 1b0415fcb0 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1887529

Change-Id: I9c124a4962a49bc2da6018fc0a0dde6bc74932b2
 2021-11-18 00:12:08 +00:00
Treehugger Robot
1b0415fcb0 Merge changes I74797b13,I5d0b06e3 
* changes:
  Dice HAL: Add policy for dice HAL.
  Diced: Add policy for diced the DICE daemon.
 2021-11-17 23:56:14 +00:00
Daniel Norman
a8570d7e9c Merge "Revert "Revert "Adds a new prop context for choosing between mul..."" am: 0dd5118c74 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1894203

Change-Id: I965d05bcf36da9b831eb56fa5ab10b852216f9c3
 2021-11-17 21:38:44 +00:00
Janis Danisevskis
bc7a33ece9 Dice HAL: Add policy for dice HAL. 
And allow diced to talk to the dice HAL.

Bug: 198197213
Test: N/A
Change-Id: I74797b13656b38b50d7cd28a4c4c6ec4c8d1d1aa
 2021-11-17 13:36:18 -08:00
Janis Danisevskis
2b6c6063ae Diced: Add policy for diced the DICE daemon. 
Bug: 198197213
Test: N/A
Change-Id: I5d0b06e3cd0c594cff6120856ca3bb4f7c1dd98d
 2021-11-17 13:36:18 -08:00
Daniel Norman
0dd5118c74 Merge "Revert "Revert "Adds a new prop context for choosing between mul..."" 2021-11-17 21:24:28 +00:00
Ashwini Oruganti
362701c156 Merge "Define and add the migrate_any_key permission to system_server" am: ed7ebb867e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1892955

Change-Id: I50534d364ff978bb4fe48ffb0dad51156ffe224e
 2021-11-17 18:22:50 +00:00
Ashwini Oruganti
ed7ebb867e Merge "Define and add the migrate_any_key permission to system_server" 2021-11-17 17:55:13 +00:00
Alan Stokes
a1cd519e25 Merge "Add type and mapping for /metadata/sepolicy" am: ca83dcce15 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1895135

Change-Id: Iabd422dde45e26182720a4880cd8d224e432186b
 2021-11-17 14:26:22 +00:00
Alan Stokes
ca83dcce15 Merge "Add type and mapping for /metadata/sepolicy" 2021-11-17 14:11:14 +00:00
Jeff Vander Stoep
5aa5e5e845 Add type and mapping for /metadata/sepolicy 
Test: make -j; launch_cvd; adb shell ls -laZ /metadata
Bug: 199914227
Change-Id: I573af0949d92f401589238dab8c3e9fbe2ee7efe
 2021-11-17 10:45:24 +00:00
Yifan Hong
d6b2901748 Add recovery service_contexts files. 
This allows binder services to run in recovery.

Test: build them
Bug: 170338625
Change-Id: If8580c3fc1b3add87178365c58288126e61345b4
 2021-11-16 20:54:17 -08:00
Yifan Hong
31fdcc8369 servicemanager: recovery write to kmsg. 
Test: recovery mode
Bug: 170338625
Change-Id: Ic3883fda1a0b1d8d0965b3997d19f2fad4667c14
 2021-11-16 20:54:17 -08:00
Daniel Norman
2f8ce0d9c1 Revert "Revert "Adds a new prop context for choosing between mul..." 
Revert "Revert "Adds multi_install_skip_symbol_files field (defa..."

Revert submission 1893459-revert-1869814-vapex-multi-config-VKODFOVCWY

Reason for revert: Fix-forward in https://r.android.com/1894088
Reverted Changes:
I087bfe0dc:Revert "Adds a new prop context for choosing betwe...
I27a498506:Revert "Load persist props before starting apexd."...
Ib5344edc0:Revert "Allow users to choose between multi-instal...
If09bf590e:Revert "Adds multi_install_skip_symbol_files field...
I905dac14c:Revert "Demonstrate multi-installed APEXes."

Change-Id: I03fb124d4e7044f236539a132816fd96cb814775
 2021-11-16 20:28:29 +00:00
Ashwini Oruganti
41843731cc Define and add the migrate_any_key permission to system_server 
This change adds a permission migrate_any_key that will help the system
server in migrating keys for an app that wants to leave a sharedUserId.

Bug: 179284822
Test: compiles
Change-Id: I2f35a1335092e69f5b3e346e2e27284e1ec595ec
 2021-11-16 10:18:19 -08:00
Treehugger Robot
1b4714c8e8 Merge "Add camera.disable_preview_scheduler property" am: a594876cfe 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1887227

Change-Id: I39095a581c61d24ba8b462f7ca70cabd9df4f67c
 2021-11-16 15:30:41 +00:00
Treehugger Robot
a594876cfe Merge "Add camera.disable_preview_scheduler property" 2021-11-16 15:16:25 +00:00
Alan Stokes
9112c9aa6d Allow system server to access composd. 
Also allow composd to kill odrefresh (it execs it); this is necessary
for cancel() to work.

Bug: 199147668
Test: manual
Change-Id: I233cac50240130da2f4e99f452697c1162c10c40
 2021-11-16 09:29:58 +00:00
Owen Kim
a6bd8d83f0 Merge "Revert "Adds a new prop context for choosing between multi-insta..."" am: 95d7aaa339 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1893458

Change-Id: Ibd4d1225cd655151657d3f2511636637415e35b8
 2021-11-16 08:55:12 +00:00
Owen Kim
95d7aaa339 Merge "Revert "Adds a new prop context for choosing between multi-insta..."" 2021-11-16 08:39:27 +00:00
Owen Kim
780cd02d52 Revert "Adds a new prop context for choosing between multi-insta..." 
Revert "Adds multi_install_skip_symbol_files field (default fals..."

Revert submission 1869814-vapex-multi-config

Bug: 206551398
Reason for revert: DroidMonitor-triggered revert due to breakage https://android-build.googleplex.com/builds/tests/view?invocationId=I55600009996329947&testResultId=TR93527797572038984, bug b/206551398
Reverted Changes:
I0cd9d748d:Adds multi_install_skip_symbol_files field (defaul...
I5912a18e3:Demonstrate multi-installed APEXes.
I0e6881e3a:Load persist props before starting apexd.
I932442ade:Adds a new prop context for choosing between multi...
I754ecc3f7:Allow users to choose between multi-installed vend...

Change-Id: I087bfe0dcf8d6ab38d861b82196bac4e9147e8e6
 2021-11-16 07:08:15 +00:00