tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
37754 commits 1 branch 0 tags 50 MiB
Commit graph

37754 commits

This branch
This branch
All branches
Author SHA1 Message Date
Thiébaud Weksteen
5c5e0f7ecc Remove bug_map entry for system_server 
The permission was granted in 6390b3f.

Bug: 216097542
Bug: 73128755
Test: m selinux_policy
Change-Id: I7b1883a46f3972ed722ebc2844ecdbf24abf0ce1
 2022-03-30 02:31:43 +00:00
Andy Yu
8337d04202 Add label and permission for game_mode_intervention.list 
Bug: 219543620
Doc: go/game-dashboard-information-to-perfetto
Test: TBD
Change-Id: Ic6622aadef05e22c95d4ba739beed0e6fa1f3a38
 2022-03-29 14:12:14 -07:00
Adam Shih
7357fdc82d Merge "suppress su behavior when running lsof" am: 8296a542fe am: 213d717fc4 am: 19863ea4df 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2044870

Change-Id: Ia4ec5d797c84663f5d772d170236173756f6f151
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-03-29 06:25:03 +00:00
Adam Shih
19863ea4df Merge "suppress su behavior when running lsof" am: 8296a542fe am: 213d717fc4 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2044870

Change-Id: Ide53c8e6799a24473a35859ce274dd8af16758c6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-03-29 06:02:14 +00:00
Adam Shih
213d717fc4 Merge "suppress su behavior when running lsof" am: 8296a542fe 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2044870

Change-Id: I11b67e38056a5915f043ffbe182b8f91548158f3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-03-29 05:34:50 +00:00
Adam Shih
8296a542fe Merge "suppress su behavior when running lsof" 2022-03-29 05:17:26 +00:00
Treehugger Robot
9b41b4a255 Merge "Allow EVS HAL to use cardisplayproxyd" am: 288fee1744 am: 9c3e0f8023 am: 18ba26cf2e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2039003

Change-Id: I2c04d488d64e341035bbf037df327c2183c0d1e6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-03-28 22:34:10 +00:00
Chris Weir
b9e9c598d4 Merge "Allow wpa_supplicant to access Netlink Interceptor" am: 9e4f9120ee am: a47fe659f7 am: a0490980e7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2043169

Change-Id: I0c9d811f33190fa522465bc57eeedce123e09203
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-03-28 22:34:00 +00:00
Treehugger Robot
18ba26cf2e Merge "Allow EVS HAL to use cardisplayproxyd" am: 288fee1744 am: 9c3e0f8023 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2039003

Change-Id: Id4cecad0887d7842f54e511772093e7e97563216
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-03-28 22:20:30 +00:00
Chris Weir
a0490980e7 Merge "Allow wpa_supplicant to access Netlink Interceptor" am: 9e4f9120ee am: a47fe659f7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2043169

Change-Id: I7f69ec36bc8f947eb048dcb2d59b122ea6853539
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-03-28 22:20:22 +00:00
Treehugger Robot
9c3e0f8023 Merge "Allow EVS HAL to use cardisplayproxyd" am: 288fee1744 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2039003

Change-Id: I7e1f367593d42bf8dfc4df4f7c33fbc93627e891
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-03-28 22:04:34 +00:00
Chris Weir
a47fe659f7 Merge "Allow wpa_supplicant to access Netlink Interceptor" am: 9e4f9120ee 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2043169

Change-Id: I7f3b7de5e342197977b4343a9730cfcf8eb624ff
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-03-28 22:04:24 +00:00
Treehugger Robot
288fee1744 Merge "Allow EVS HAL to use cardisplayproxyd" 2022-03-28 22:04:20 +00:00
Chris Weir
9e4f9120ee Merge "Allow wpa_supplicant to access Netlink Interceptor" 2022-03-28 21:47:48 +00:00
Neha Pattan
64ef8be1de Sepolicy changes for adding new system service for AdServices. 
Test: build
Bug: 216375107
Change-Id: I238ac3f8966ce05768aef17bd05217a9772cf2f3
 2022-03-28 19:26:50 +00:00
Adam Shih
ae4dbf54d8 suppress su behavior when running lsof 
Relevant error logs show up when dumpstate do lsof using su identity:
RunCommand("LIST OF OPEN FILES", {"lsof"}, CommandOptions::AS_ROOT);

This is an intended behavior and the log is useless for debugging so I
suppress them.
Bug: 226717429
Test: do bugreport with relevant error gone.
Change-Id: Ide03315c1189ae2cbfe919566e6b97341c5991bb
 2022-03-28 05:55:41 +00:00
Mikhail Naganov
d08f5c240f Merge "Add AIDL audio HAL service to SEPolicy" am: 1704f61dcf am: ba497daa6c am: 3cb68e23a1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2040968

Change-Id: Ice3516fe2dc57fd35c0b2c67b8cf9e397e2d3018
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-03-25 23:24:33 +00:00
Mikhail Naganov
3cb68e23a1 Merge "Add AIDL audio HAL service to SEPolicy" am: 1704f61dcf am: ba497daa6c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2040968

Change-Id: I36e4f5a82ae88238d86c7c6a9e89bf0f5a9a4db5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-03-25 23:10:44 +00:00
Mikhail Naganov
ba497daa6c Merge "Add AIDL audio HAL service to SEPolicy" am: 1704f61dcf 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2040968

Change-Id: I7059196f8538b36ea598f600bf7b058bdb958484
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-03-25 22:47:36 +00:00
Mikhail Naganov
1704f61dcf Merge "Add AIDL audio HAL service to SEPolicy" 2022-03-25 22:23:40 +00:00
Treehugger Robot
ba6b6196ff Merge "Add search in bpf directory for bpfdomains" am: d796c9eb6c am: 383b9f8467 am: ffb744699e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2034669

Change-Id: I9f0fe5f591f8195b96eb84a570507760581c2af8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-03-25 21:23:39 +00:00
Treehugger Robot
ffb744699e Merge "Add search in bpf directory for bpfdomains" am: d796c9eb6c am: 383b9f8467 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2034669

Change-Id: I665009db9e8300de83eac0dd4b061e1e0dc583c1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-03-25 21:09:36 +00:00
Treehugger Robot
383b9f8467 Merge "Add search in bpf directory for bpfdomains" am: d796c9eb6c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2034669

Change-Id: Ie2cd6676b07102d3917e4fd3948cf603df401983
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-03-25 20:43:56 +00:00
Treehugger Robot
d796c9eb6c Merge "Add search in bpf directory for bpfdomains" 2022-03-25 20:32:15 +00:00
Treehugger Robot
05611cb9f7 Merge "Add ThermalService and file access to SdkSandbox" am: ae1844e593 am: 2a59dd1f45 am: b587145b20 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2041705

Change-Id: I3a4942f0575fe2c63853c3ea6a1370afe5af9c70
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-03-25 19:07:48 +00:00
Treehugger Robot
b587145b20 Merge "Add ThermalService and file access to SdkSandbox" am: ae1844e593 am: 2a59dd1f45 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2041705

Change-Id: I8f738113630bdaf3071727ee88cd145f102f2047
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-03-25 18:54:25 +00:00
Treehugger Robot
2a59dd1f45 Merge "Add ThermalService and file access to SdkSandbox" am: ae1844e593 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2041705

Change-Id: Ic876c4aca8072c32d18e53a71a2a5bbf5b7515be
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-03-25 18:39:31 +00:00
Treehugger Robot
ae1844e593 Merge "Add ThermalService and file access to SdkSandbox" 2022-03-25 18:24:13 +00:00
Shiwangi Shah
155d318876 Add ThermalService and file access to SdkSandbox 
Thermal Service access needs to be provided to Sdk Sandbox
for Webview to record battery related metrics. We also
provide isolated process access to the file directory for sandbox
so that the renderer process can access it.

Bug: b/226558510
Test: Manual
Change-Id: I1ac14d4df7ab53e567a27086d0418ec612a7686f
 2022-03-25 12:20:07 +00:00
Bram Bonné
6c71ebdc64 Merge "Restrict sandbox access to drmservice" am: 11b691844f am: dabf511c2e am: 6af1a00c41 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2038304

Change-Id: Ibf0c435ef45c8bb66338e959284f3cc79bd20a0d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-03-25 09:03:57 +00:00
Bram Bonné
6af1a00c41 Merge "Restrict sandbox access to drmservice" am: 11b691844f am: dabf511c2e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2038304

Change-Id: I1fd9c39ae89432b3267d2fb4296078f8bdd9e4ea
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-03-25 08:42:08 +00:00
Bram Bonné
dabf511c2e Merge "Restrict sandbox access to drmservice" am: 11b691844f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2038304

Change-Id: I54b7b5180669a55e581208839a6cb5b5150e4eac
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-03-25 08:25:49 +00:00
Bram Bonné
11b691844f Merge "Restrict sandbox access to drmservice" 2022-03-25 08:07:24 +00:00
Chris Weir
6e92194802 Allow wpa_supplicant to access Netlink Interceptor 
wpa_supplicant needs permission to access the Netlink Interceptor HAL.

Bug: 224844967
Test: Modified version of wpa_supplicant can access Netlink Interceptor
Change-Id: I80c6c980b6655beadfaf14535702ad8e96c2befe
 2022-03-24 16:49:30 -07:00
Treehugger Robot
0809b5e7e9 Merge "microdroid: dont audit access to event-log-tags" am: c2b73ca1b2 am: 99462a5894 am: 15edd98f16 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2032564

Change-Id: Ia4bd6af6a4ea7da21b5374b1f3f775f8839d1753
Signed-off-by: Automerger Merge Worker
 2022-03-24 23:11:15 +00:00
Treehugger Robot
15edd98f16 Merge "microdroid: dont audit access to event-log-tags" am: c2b73ca1b2 am: 99462a5894 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2032564

Change-Id: I57bf4dd588f5f1c3237a320ae3bf8693316b9e7a
Signed-off-by: Automerger Merge Worker
 2022-03-24 22:49:41 +00:00
Treehugger Robot
99462a5894 Merge "microdroid: dont audit access to event-log-tags" am: c2b73ca1b2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2032564

Change-Id: I6c3eade3f964aacea6a05c5cd9d343f0abb304ec
Signed-off-by: Automerger Merge Worker
 2022-03-24 22:34:42 +00:00
Treehugger Robot
c2b73ca1b2 Merge "microdroid: dont audit access to event-log-tags" 2022-03-24 22:16:47 +00:00
Victor Hsieh
1059b9ad19 Merge "Allow odrefresh to use userfaultfd" am: e82248bcb0 am: 73dbe7b5e8 am: 9b23dcb4af 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2040965

Change-Id: I1f0a568116ac7309d6bc90938c227fa97d05ec48
 2022-03-24 16:44:42 +00:00
Victor Hsieh
9b23dcb4af Merge "Allow odrefresh to use userfaultfd" am: e82248bcb0 am: 73dbe7b5e8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2040965

Change-Id: I0a5e28e7b207e2008024f2f219d35f394cee665a
 2022-03-24 15:57:54 +00:00
Victor Hsieh
73dbe7b5e8 Merge "Allow odrefresh to use userfaultfd" am: e82248bcb0 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2040965

Change-Id: I1a571ae2eda151b3dbc037fbe1d1a2f11d004eb9
 2022-03-24 15:30:56 +00:00
Alan Stokes
243c96cabf Remove redundant neverallow am: f69f5a6512 am: e9ef3f1f1e am: 6df330038b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2041703

Change-Id: I76ebd3b60720a6e5fc92fe5e3707f761b4ca06fc
 2022-03-24 15:16:14 +00:00
Victor Hsieh
e82248bcb0 Merge "Allow odrefresh to use userfaultfd" 2022-03-24 15:15:17 +00:00
Alan Stokes
6df330038b Remove redundant neverallow am: f69f5a6512 am: e9ef3f1f1e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2041703

Change-Id: Iddc6f3aefc50590dc42147e01f14261817ab25c6
 2022-03-24 15:02:00 +00:00
Alan Stokes
e9ef3f1f1e Remove redundant neverallow am: f69f5a6512 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2041703

Change-Id: Ia730da91bf826bfe4465a9e287ee2db07781991a
 2022-03-24 14:32:22 +00:00
Bram Bonne
85dfe313e5 Restrict sandbox access to drmservice 
Bug: 226390597
Test: atest SdkSandboxRestrictionsTest

Change-Id: I49b55d66f1cdc1e8d65e3419460615822c3c3ef3
 2022-03-24 14:09:46 +01:00
Treehugger Robot
c97d76e491 Merge "Remove media crash neverallow exception." am: 34f4ca820f am: a5003227d3 am: a7b911daf6 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2027103

Change-Id: I1635dcb6ffd32050fa9f18f3f0163f4dda2d86b2
 2022-03-24 12:21:29 +00:00
Treehugger Robot
a7b911daf6 Merge "Remove media crash neverallow exception." am: 34f4ca820f am: a5003227d3 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2027103

Change-Id: I6608b57c17c3f82cb5e99d8d00ac6280ba23b409
 2022-03-24 12:06:59 +00:00
Alan Stokes
f69f5a6512 Remove redundant neverallow 
commit 7fd8933f0c removed this from host
sepolicy. It's redundant here as well.

Bug: 223596375
Test: Builds
Change-Id: I39d7432c6e31f49de5eb8dca8acc7e9c5d190617
 2022-03-24 11:56:20 +00:00
Treehugger Robot
a5003227d3 Merge "Remove media crash neverallow exception." am: 34f4ca820f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2027103

Change-Id: I9a079ac63a7145d0cd2699d351886dc56fd64b7e
 2022-03-24 11:43:51 +00:00