tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
38919 commits 1 branch 0 tags 50 MiB
Commit graph

38919 commits

This branch
This branch
All branches
Author SHA1 Message Date
Sandro
143988dedb Add apex_sepolicy targets for running go/seamendc 
This is a roll-forward of some of the changes rolled back in
aosp/2170746. I am rolling forward in smaller chunks so that it is
easier to identify and avoid possible breakages.

Bug: 236691128
Test: atest SeamendcHostTest
Change-Id: Ibe451325d471fe04cd52683ba90a22543fa84c7c
 2022-08-09 09:33:09 +00:00
Edwin Wong
078df507dc Merge "Enable dumpsys widevine without root" am: b7529adf07 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2166095

Change-Id: I11291fea53e0d4be42390f2848e050d128eb9839
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-08-09 05:58:48 +00:00
Edwin Wong
b7529adf07 Merge "Enable dumpsys widevine without root" 2022-08-09 05:37:28 +00:00
Sandro Montanari
fca23d3c9c Merge "searchpolicy: return empty list when providing non existing source/target" am: 8c731dc5b5 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2175365

Change-Id: I439365cb0a9c858eb2e0ea8b5bb39de2af68dcf9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-08-08 08:48:49 +00:00
Sandro Montanari
8c731dc5b5 Merge "searchpolicy: return empty list when providing non existing source/target" 2022-08-08 08:25:59 +00:00
Derek Smith
541d5421f7 Merge "traced_probes: allow perfetto to read buddyinfo proc entry" am: 5ff4b6ff78 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2175504

Change-Id: I74e8d437731cce2fa0e4d0f1f0ab8389559e903f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-08-05 21:40:36 +00:00
Derek Smith
5ff4b6ff78 Merge "traced_probes: allow perfetto to read buddyinfo proc entry" 2022-08-05 20:51:39 +00:00
Garfield Tan
0e76cc62b1 Allow zygote to read persist.wm.debug.* prop am: 49a8b76d4a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2175950

Change-Id: Ic901b7baa3b2ab71be3c72289b50d451e6526ba9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-08-05 20:40:24 +00:00
Sandro
26152e9576 searchpolicy: return empty list when providing non existing source/target 
Before this CL, "searchpolicy -t <NAME>" or "searchpolicy -s <NAME>"
would return all rules in the policy if NAME did not exist.

Bug: 238394904
Test: atest SELinuxHostTest
Change-Id: Id8eae496c2e605a094c4931b60812e10d2adab62
 2022-08-05 11:35:39 +00:00
Edwin Wong
9730877236 Enable dumpsys widevine without root 
Before the addition of sepolicy:
Error with service 'android.hardware.drm.IDrmFactory/widevine' while dumping: FAILED_TRANSACTION

Success after change.

Test: adb shell dumpsys android.hardware.drm.IDrmFactory/widevine

Bug: 238682056
Change-Id: I3817c9487bdec0c812690823cbb941cff80f394f
 2022-08-05 02:55:28 +00:00
Garfield Tan
49a8b76d4a Allow zygote to read persist.wm.debug.* prop 
Window manager team wants to leverage system properties for feature
flags that need to be read in ViewRootImpl and other classes preloaded
in Zygote. Appdomain is allowed to read that permission in commit
I5808bf92dbba37e9e6da5559f8e0a5fdac016bf3.

Bug: 241464028
Test: Zygote can preload persist.wm.debug.* props.
Change-Id: I0c2ae63db53530c1facd8c2132f99c0d919b4ad8
 2022-08-04 14:48:06 -07:00
Derek Smith
f595029023 traced_probes: allow perfetto to read buddyinfo proc entry 
Allow perfetto to read the /proc/buddyinfo entry to trace
memory fragmentation of the system over time.

Test: Manual: Capture perfetto buddyinfo traces

Signed-off-by: Derek Smith <dpsmith@google.com>
Change-Id: If2336377ae241668496d2caf81c6eac6b50dd2ff
 2022-08-04 20:21:37 +00:00
Steven Moreland
4e7418fcf2 Merge "remove vendor_service" am: f4f8aa0d84 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2153809

Change-Id: I14b6dcca0344e56e4a94c081c1ab2d1d03193bd6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-08-04 01:54:36 +00:00
Steven Moreland
f4f8aa0d84 Merge "remove vendor_service" 2022-08-04 01:35:27 +00:00
Lokesh Gidra
92d617c0ce Revert "Move parts of sdk_sandbox from private to apex policy" am: 1269a179ac 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2170746

Change-Id: I934b9c6dfcb3f0656b72ed7247cd752b9a6fd3c7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-08-03 22:21:08 +00:00
Lokesh Gidra
1269a179ac Revert "Move parts of sdk_sandbox from private to apex policy" 
Revert "Add java SeamendcHostTest in cts"

Revert submission 2111065-seamendc

Reason for revert: b/240731742, b/240462388 and b/240463116
Reverted Changes:
I3ce2845f2:Move parts of sdk_sandbox from private to apex pol...
I0c10106e2:Add java SeamendcHostTest in cts

Test: revert cl
Change-Id: If9981796694b22b7cbfe1368cd815889c741e69d
 2022-08-03 14:24:04 +00:00
Treehugger Robot
0930d82c76 Merge "Add API level 33 persistent GWP-ASan Sysprop" am: 1d538e9b22 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2147179

Change-Id: Iff91be573efa4b3b37a2256a334daa66018f35d0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-08-03 05:11:02 +00:00
Treehugger Robot
1d538e9b22 Merge "Add API level 33 persistent GWP-ASan Sysprop" 2022-08-03 04:41:57 +00:00
Max Bires
8d4c2f4496 Merge "Remove inapplicable comment." am: 3fc9964f1a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2172882

Change-Id: I6cd88fa85955fcac947a1c50a0153a1b9a83b9a5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-08-03 01:08:02 +00:00
Max Bires
3fc9964f1a Merge "Remove inapplicable comment." 2022-08-03 00:39:44 +00:00
Thiébaud Weksteen
7700bb7f95 Merge "Remove dumpstate from exception for hal_attribute_service" am: b478c02402 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2171082

Change-Id: Ic45b67c9ff104b859c5d4ce2c66e4395644a18e6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-08-02 22:30:02 +00:00
Thiébaud Weksteen
b478c02402 Merge "Remove dumpstate from exception for hal_attribute_service" 2022-08-02 21:59:04 +00:00
Treehugger Robot
e558e909d4 Merge "Add sepolicy for bluetooth.core.gap.le.conn.min.limit sysprop" am: bc2ecffff5 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2170423

Change-Id: Ifd6b084143f9ec0ab0fe5a4eabbb276977ca5d03
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-08-02 19:32:04 +00:00
Treehugger Robot
bc2ecffff5 Merge "Add sepolicy for bluetooth.core.gap.le.conn.min.limit sysprop" 2022-08-02 18:58:46 +00:00
Max Bires
da19b45a14 Remove inapplicable comment. 
There don't seem to be any security issues raised by allowing crash dump
to access keystore. More specifically, all key material is encrypted by
KeyMint anyways in the absolute worst case, so even if key exposure
occurred, there would be no harm.

Fixes: 186868271
Test: The comment is gone.
Change-Id: Ib09fc8e1eaa3f1a0876139e175dc28be9e0d4a4a
 2022-08-02 11:01:25 -07:00
Sandro
3505cba8f8 Add missing definition to definitions.cil am: d40a70403c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2171608

Change-Id: I86abb36147c7c074aa7adfb7aca60128f1d2c63b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-08-02 13:03:13 +00:00
Sandro
d40a70403c Add missing definition to definitions.cil 
The servicemanager_prop type was added in aosp/2161201

Bug: 2111065
Test: atest SeamendcHostTest
Change-Id: I0f0efe215845f6f1d1d54bc03243950eb5cb71ed
 2022-08-02 09:53:22 +00:00
Steven Moreland
5c587349fd Merge "Fully prepare vendor_service removal." am: 46138cca6a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2140049

Change-Id: Ib5f07ce54608fcb325c0ba5cc1402ab25e13c3fa
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-08-01 23:35:20 +00:00
Steven Moreland
46138cca6a Merge "Fully prepare vendor_service removal." 2022-08-01 23:20:05 +00:00
Roland Levillain
ddac3b9b82 Reconcile file_contexts files for Release and Debug ART APEXes. am: 4e8dbdf63e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2168184

Change-Id: Iac97b16658722eb52b32ea86e0fc30767538b85d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-08-01 13:20:27 +00:00
Roland Levillain
4e8dbdf63e Reconcile file_contexts files for Release and Debug ART APEXes. 
Replicate change
https://android-review.googlesource.com/c/1663786/2/apex/com.android.art-file_contexts
in `apex/com.android.art.debug-file_contexts`.

Test: Patch this commit into a tree that uses `artd` (only internal
      ones at the moment) and run the following command on a device
      running the Debug ART APEX:
        adb shell pm art \
          get-optimization-status com.google.android.youtube
Change-Id: If0b10b585778e8b585e76b2a4512a2f23facd22e
 2022-08-01 09:13:46 +01:00
Thiébaud Weksteen
b18a9d9b65 Remove dumpstate from exception for hal_attribute_service 
Bug: 240362192
Test: TH
Change-Id: Ifb54a4467c56bc8aee49ac928f84d83863c0a2b9
 2022-08-01 11:34:09 +10:00
Steven Moreland
99d79a5737 Merge "servicemanager started property" am: 560a947de8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2161201

Change-Id: I37959f094a56b64a0e61141e8dca613a7294322d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-07-29 18:48:10 +00:00
Dorin Drimus
1c3cf830d9 Add sepolicy for bluetooth.core.gap.le.conn.min.limit sysprop 
Bug: 240709612
Change-Id: I893f5ec04a8abb4ecf724e9e179d0295a681b82b
Test: N/A, CL only adds the sysprop API sepolicy
 2022-07-29 18:45:52 +00:00
Steven Moreland
560a947de8 Merge "servicemanager started property" 2022-07-29 18:30:14 +00:00
Treehugger Robot
de453119e2 Merge "Update SELinux policy for app compilation CUJ." am: 9e2f8aa7a1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2160660

Change-Id: I76e3fa493a483a85fec07fd77f8aba15e4136b49
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-07-29 17:48:30 +00:00
Treehugger Robot
9e2f8aa7a1 Merge "Update SELinux policy for app compilation CUJ." 2022-07-29 17:22:44 +00:00
Jiakai Zhang
c871c1cc75 Update SELinux policy for app compilation CUJ. 
- Adapt installd rules for app compilation.

- Add profman rules for checking the profile before compilation. This is new behavior compared to installd.

Bug: 229268202
Test: -
  1. adb shell pm art optimize-package -m speed-profile -f \
       com.google.android.youtube
  2. See no SELinux denial.
Change-Id: Idfe1ccdb1b27fd275fdf912bc8d005551f89d4fc
 2022-07-29 14:07:52 +00:00
Steven Moreland
fd1eb68337 servicemanager started property 
If something starts before servicemanager does,
intelligently wait for servicemanager to start rather
than sleeping for 1s.

Bug: 239382640
Test: boot
Change-Id: If0380c3a1fce937b0939cd6137fcb25f3e47d14c
 2022-07-28 17:09:14 +00:00
Sandro
eca956218e seamendc: prefetch binary policy in memory before parsing am: 8978204264 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2163942

Change-Id: I57e48f09c3d83e9e57fbfdf85f78312abfe6d640
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-07-28 15:57:53 +00:00
Sandro
8978204264 seamendc: prefetch binary policy in memory before parsing 
This optimization improves the runtime of seamendc by ~6-7ms.

Bug: 236691128
Test: atest seamendc-test && atest SeamendcHostTest
Change-Id: Id1e86a5f51d035fac415a0e6ae05b99b3bd774d4
 2022-07-28 14:25:03 +00:00
Vlad Popa
91926a8b64 Merge "Add SELinux policy for accessing the AudioService" am: f503e3e7e2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2167262

Change-Id: I3a23093dcb121ef347a72a25137618b52ec3af01
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-07-28 12:48:20 +00:00
Vlad Popa
f503e3e7e2 Merge "Add SELinux policy for accessing the AudioService" 2022-07-28 09:18:03 +00:00
sandrom
dd5b63f702 Move parts of sdk_sandbox from private to apex policy am: e6971f1330 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2111065

Change-Id: I6711e1c15bbfd191ee1a4ad890e372563b873eab
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-07-27 16:33:05 +00:00
sandrom
e6971f1330 Move parts of sdk_sandbox from private to apex policy 
Bug: 236691128
Test: atest SeamendcHostTest

Change-Id: I3ce2845f259afb29b80e2d9b446aa94e64ef8902
 2022-07-27 13:39:06 +00:00
Vlad Popa
3fc7d83663 Add SELinux policy for accessing the AudioService 
This is used by the playback notification API to get a reference to the
AudioService with the help of the ServiceManager.

Change-Id: I70324cf0579fd029ee9b3a20115bdab9106d24a8
Test: avd/avd_boot_test
Bug: 235521198
 2022-07-27 12:11:50 +00:00
Treehugger Robot
b3cf5e6948 Merge "Use dump_hal() macro for HAL services" am: f97d76d210 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2162565

Change-Id: Ic2256293a1379ba457df8e97df93610182d47716
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-07-27 08:22:13 +00:00
Treehugger Robot
f97d76d210 Merge "Use dump_hal() macro for HAL services" 2022-07-27 08:10:45 +00:00
Thiébaud Weksteen
33263a0869 Use dump_hal() macro for HAL services 
Sort the list of services alphabetically.

Test: build & boot bramble
Change-Id: I3dae597ae3780d7ac97bb8aeeeaf964b375cdf5e
 2022-07-27 13:13:47 +10:00
Inseob Kim
d6c252b1cb Merge "Use embedded launcher for python binaries" am: 52ffc6fe2a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2162563

Change-Id: I5231dce4ee5dfb6cf4a236197a3a1e3da7648a01
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-07-27 00:34:11 +00:00