tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
47544 commits 1 branch 0 tags 50 MiB
Commit graph

170 commits

Author SHA1 Message Date
Inseob Kim
ff2018fa84 Fix bpfmt 
Bug: N/A
Test: N/A
Flag: NONE trivial format change
Change-Id: I8f6293dcc47a4ead347c4861ba929d4b3042c311
 2024-04-17 09:55:49 +09:00
Peter Lee
d3db89de5b Modify SELinux rules to allow vold to use the keymaster HAL directly. am: b1c857c824 am: 769bbce026 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2929772

Change-Id: I6d9e77b0889fad22a6006972a1ba90ecd87fba8f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-01 23:08:23 +00:00
Peter Lee
769bbce026 Modify SELinux rules to allow vold to use the keymaster HAL directly. am: b1c857c824 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2929772

Change-Id: I89c192fc02b8bb215cc52b8a4091930896595b21
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-01 22:24:27 +00:00
Peter Lee
b1c857c824 Modify SELinux rules to allow vold to use the keymaster HAL directly. 
Description:
Since the Android N project uses Keymaster 1.5 and added full disk encryption support in vold when upgrading to Android T, the SELinux rules need to allow vold to use the keymaster HAL directly.

Bug: 319506037

Change-Id: Ib21c59156a6de0c2b148e33de2fe8efb3606e697
 2024-02-01 06:32:23 +00:00
Brian Lindahl
660e460e8c Allow for server-side configuration of libstagefright 
Relaxation of SELinux policies to allow users of libstagefright and
MediaCodec to be able to query server-side configurable flags.

Bug: 301372559
Bug: 301250938
Bug: 308043377
Fixes: 308043377
Test: run cts -m CtsSecurityHostTestCases
Change-Id: I72670ee42c268dd5747c2411d25959d366dd972c
Merged-In: I95aa6772a40599636d109d6960c2898e44648c9b
(cherry picked from commit 1b32bccc1a)
 2023-12-11 23:02:32 +00:00
Thiébaud Weksteen
d2ce0987b3 Ignore non-API access by gmscore_app am: 9712670bb3 am: 774179cea8 am: bb1c4586e4 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/24947462

Change-Id: I88efc3f4fc00a051a15d9b6b6bfaaa36a491d9da
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-10-06 06:43:18 +00:00
Thiébaud Weksteen
774179cea8 Ignore non-API access by gmscore_app am: 9712670bb3 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/24947462

Change-Id: If6d7b4478bca2860da07fc541f5c9b53f66ff169
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-10-06 05:19:22 +00:00
Thiébaud Weksteen
9712670bb3 Ignore non-API access by gmscore_app 
Bug: 303319090
Bug: 303272800
Bug: 303374964
Test: m selinux_policy
Ignore-AOSP-First: merged in aosp already
Change-Id: I0999023b315bd31d70b1908353acebc87182747c
 2023-10-06 13:06:27 +11:00
Brian Lindahl
b6caa06fe9 Allow for server-side configuration of libstagefright am: 1b32bccc1a am: 3e8fbf6a4d am: 2a23f0d194 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2762467

Change-Id: I7570fe0cc0e87c0674524a5cf20c73dac257ff93
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-27 23:47:11 +00:00
Brian Lindahl
2a23f0d194 Allow for server-side configuration of libstagefright am: 1b32bccc1a am: 3e8fbf6a4d 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2762467

Change-Id: I1685cfb8cac9cd8ffaca1ad78b272ae3db8240eb
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-27 22:37:46 +00:00
Brian Lindahl
3e8fbf6a4d Allow for server-side configuration of libstagefright am: 1b32bccc1a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2762467

Change-Id: I21356699f9d67eed69fcc9a43154d6d66cfe454e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-27 21:33:23 +00:00
Brian Lindahl
1b32bccc1a Allow for server-side configuration of libstagefright 
Relaxation of SELinux policies to allow users of libstagefright and
MediaCodec to be able to query server-side configurable flags.

Bug: 301372559
Bug: 301250938
Test: run cts -m CtsSecurityHostTestCases
Change-Id: I72670ee42c268dd5747c2411d25959d366dd972c
Merged-In: I95aa6772a40599636d109d6960c2898e44648c9b
 2023-09-27 16:15:23 +00:00
Inseob Kim
2aac33597d Use prebuilts for compat test if prebuilts exist 
system/sepolicy should support both REL build and ToT build. That means
that system/sepolicy and prebuilts may differ. As the frozen sepolicy is
what vendor sepolicy uses, so we need to use prebuilts to run Treble
compat test.

Bug: 296875906
Test: m selinux_policy on REL
Change-Id: I4b290266ba87e3f011d640bec133fc88359ea52f
 2023-09-08 10:44:49 +09:00
Inseob Kim
0d49b9bc28 Use only public cil files for Treble compat test 
Rationale for this change:

1) Vendors use only public files, so we should be able to use only
   public cil files for compatibility test.
2) treble_sepolicy_tests_for_release.mk is too complex, because it
   requires compiled sepolicy. Reducing the complexity will help migrate
   into REL build.
3) This fixes a tiny bug of treble_sepolicy_tests that it can't catch
   public types being moved to private types, and then removed. 29.0.cil
   and 30.0.cil change contains such missing public types.

Bug: 296875906
Test: m selinux_policy (with/without intentional breakage)
Change-Id: Ia2c0733176df898f268b5680195da25b588b09c7
 2023-09-07 16:35:08 +09:00
Inseob Kim
5d7423ff3d Build prebuilt policy with Soong 
... and remove redundant Makefile codes. This also updates commit hook
as we now only use Soong to build sepolicy.

Bug: 296875906
Test: m selinux_policy
Change-Id: I93f0d222a0c10e31c51c9380780a8927c47d62b1
 2023-09-07 16:32:30 +09:00
Inseob Kim
36d9d39e6e Relax freeze_test to check only compatibility 
For now, freeze_test compares prebuilts against sources with diff, to
ensure that sources are identical to prebuilts. However, it could be the
case that the branch should be able to build both REL and ToT. In that
case, changes to the sources are inevitable and the freeze test will
fail.

To fix the issue, freeze_test will now only check compatibility. To be
specific, it will check if any public types or attributes are removed.
Contexts files and neverallow rules are not checked, but they may be
added later. Also to support the new freeze_test

- build_files module is changed to use glob (because REL version won't
  be in compat versions list)
- plat_pub_policy modules are added under prebuilts/api (because
  freeze_test needs that)

Bug: 296875906
Test: m selinux_policy
Change-Id: I39c40992965b98664facea3b760d9d6be1f6b87e
 2023-09-05 03:37:18 +00:00
Inseob Kim
d781909856 Merge "Remove 28.0 compat support" am: 1174fcf338 am: 9cf125cb34 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2519755

Change-Id: Idc225a85b5b95d770e6367bc2d0c606225c5b8a4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-07 02:00:23 +00:00
Inseob Kim
d16612cd8a Remove 28.0 compat support 
Treble doesn't support U system + P vendor, so removing P (28.0)
prebuilts and compat files.

Bug: 267692547
Test: build
Change-Id: I3734a3d331ba8071d00cc196a2545773ae6a7a60
 2023-04-03 15:17:03 +09:00
Andy Hung
bd89baaecf Merge "sepolicy: Add spatial audio tuning properties." 2023-03-27 15:22:49 +00:00
Andy Hung
789c2937a5 sepolicy: Add spatial audio tuning properties. am: 574369e474 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22241161

Change-Id: I00a6e7937068ee8a3006223ba6d320c90a73321e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-24 04:22:53 +00:00
Andy Hung
16a79f885d sepolicy: Add spatial audio tuning properties. 
audio.spatializer.pose_predictor_type
audio.spatializer.prediction_duration_ms

Test: compiles
Test: adb shell setprop with invalid enum fails.
Bug: 274849680
Merged-In: Ie7e656acbdd3fe101ecbd2cc9dfb6c8a440a6a8b
Change-Id: Ie7e656acbdd3fe101ecbd2cc9dfb6c8a440a6a8b
 2023-03-23 20:56:59 -07:00
Andy Hung
574369e474 sepolicy: Add spatial audio tuning properties. 
audio.spatializer.pose_predictor_type
audio.spatializer.prediction_duration_ms

Ignore-AOSP-First: will land in AOSP later.
Test: compiles
Test: adb shell setprop with invalid enum fails.
Bug: 274849680
Change-Id: Ie7e656acbdd3fe101ecbd2cc9dfb6c8a440a6a8b
 2023-03-23 18:01:42 -07:00
Andy Hung
64a1d36e3d Merge "sepolicy: Add spatial audio configuration properties" into tm-qpr-dev am: 816d7372d3 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22142639

Change-Id: I0f164623b16f992ca90a10c07d86781934b29775
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-22 12:55:52 +00:00
Andy Hung
03c348df74 sepolicy: Add spatial audio configuration properties 
Controls default enable or disable for binaural and transaural.

Test: see bug
Bug: 270980127
Merged-In: I190644e88a520cf13ee2b56066d5afd258460b9e
Change-Id: I190644e88a520cf13ee2b56066d5afd258460b9e
 2023-03-21 15:08:27 -07:00
Andy Hung
816d7372d3 Merge "sepolicy: Add spatial audio configuration properties" into tm-qpr-dev 2023-03-21 17:53:50 +00:00
Ioannis Ilkos
865d0883ac Merge changes from topic "tm-qpr-oome-perfetto" into tm-qpr-dev am: 37883b47f8 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/21986580

Change-Id: I66f23e61f789b8a18f44f6a68af9f399e9d06be0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-20 11:02:24 +00:00
Ioannis Ilkos
ad1c3e4200 Merge changes from topic "tm-qpr-syssrv-perfetto" into tm-qpr-dev am: a6494f6163 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/21986577

Change-Id: I37e9725ed27177234f34357ebacd27e1c648dfec
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-20 11:01:53 +00:00
Ioannis Ilkos
37883b47f8 Merge changes from topic "tm-qpr-oome-perfetto" into tm-qpr-dev 
* changes:
  update api=33 sepolicy prebuilts for perfetto oome heap dumps
  Fix incorrect domain used in system_server.te
  Sysprop for the count of active OOME tracing sessions
 2023-03-20 10:35:12 +00:00
Ioannis Ilkos
a6494f6163 Merge changes from topic "tm-qpr-syssrv-perfetto" into tm-qpr-dev 
* changes:
  update api=33 sepolicy prebuilts for perfetto profiling of system_server and sys/platform apps
  tm-qpr backport: allow perfetto profiling of system_server and sys/platform apps
 2023-03-20 10:31:50 +00:00
Andy Hung
3b7b6c3b30 sepolicy: Add spatial audio configuration properties 
Controls default enable or disable for binaural and transaural.

Ignore-AOSP-First: will land in AOSP afterwards
Test: see bug
Bug: 270980127
Change-Id: I190644e88a520cf13ee2b56066d5afd258460b9e
 2023-03-17 14:58:36 -07:00
Nathan Huckleberry
7878f968fe Allow vold to use FS_IOC_GET_ENCRYPTION_KEY_STATUS am: 7bedb9d1a0 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/21649283

Change-Id: I553546da822bb3880b3b325382409f63f5e47b85
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-17 00:26:48 +00:00
Ioannis Ilkos
c3fa8c0d82 update api=33 sepolicy prebuilts for perfetto oome heap dumps 
Bug: 272719059
Ignore-AOSP-First: tm-qpr-dev backports
Change-Id: I7e0703ce8fb8fb46217f67046c19fb71653bc86e
 2023-03-13 17:48:46 +00:00
Ryan Savitski
be99ac546a update api=33 sepolicy prebuilts for perfetto profiling of system_server and sys/platform apps 
Bug: 272719059
Ignore-AOSP-First: tm-qpr-dev backports
Change-Id: Iadee4b1a04d032e901b58bc76a0b658782fe027f
 2023-03-13 17:14:04 +00:00
Nathan Huckleberry
7bedb9d1a0 Allow vold to use FS_IOC_GET_ENCRYPTION_KEY_STATUS 
This ioctl can be used to avoid a race condition between key
reinstallation and busy files clean up.

Test: Trigger busy file clean-up and ensure that the ioctl succeeds
Bug: 140762419

Change-Id: I153c2e7b2d5eb39e0f217c9ef8b9dceba2a5a487
(cherry picked from commit ffb9f8855a)
Ignore-AOSP-First: Prebuilts needed to be updated when cherry-picking.
 2023-03-10 18:58:42 +00:00
David Duarte
1d17625658 Update prebuilt to add bluetooth_prop to system_server sepolicy. am: c9530bbdfd 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/21359400

Change-Id: Idadf25b8631d21ab7eaa3834c500419253a7edb9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-15 07:23:13 +00:00
David Duarte
c9530bbdfd Update prebuilt to add bluetooth_prop to system_server sepolicy. 
Ignore-AOSP-First: Update after cherry-pick from AOSP
Fix: 268537356
Test: None
Change-Id: I72ad993e73b31045ce529e108b143e890955a167
 2023-02-10 00:27:32 +00:00
Hongwei Wang
95f1221fc1 Allow platform_app:systemui to write protolog file 
This is enabled on debuggable builds only, includes
- Grant mlstrustedobject typeattribute to wm_trace_data_file
- Grant platform_app (like systemui) the write access to
  wm_trace_data_file

Bug: 251513116
Test: adb shell dumpsys activity service SystemUIService \
      WMShell protolog [start | stop]
Ignore-AOSP-First: cherry-pick of aosp/2397593
Merged-In: I9f77f8995e4bf671616ce6c49eeb93720e31430e
Change-Id: I9f77f8995e4bf671616ce6c49eeb93720e31430e
 2023-02-08 18:30:30 +00:00
Hongwei Wang
7476ab79ff Merge "Allow platform_app:systemui to write protolog file" am: f4979adab7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2397593

Change-Id: Id077867308be1b610fd4b12ed50e87908bd5e8d2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-31 20:58:01 +00:00
Alessandra Loro
bad245a5e2 Hide ro.debuggable and ro.secure from ephemeral and isolated applications am: 09effc0d78 am: 968d385d37 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2402006

Change-Id: I2a95f2f80f90de603a2029ec1d7026876c883137
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-27 20:07:43 +00:00
Alessandra Loro
968d385d37 Hide ro.debuggable and ro.secure from ephemeral and isolated applications am: 09effc0d78 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2402006

Change-Id: I068d5585305d8715d8ff081869d785fb07dedb4a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-27 19:23:38 +00:00
Alessandra Loro
09effc0d78 Hide ro.debuggable and ro.secure from ephemeral and isolated applications 
Bug: 193912100
Bug: 265874811
Test: N/A

Ignore-AOSP-First: cherry-pick for tm-qpr
Change-Id: I916c9795d96e4a4a453f9aed5e380f11981804e9
Merged-In: I916c9795d96e4a4a453f9aed5e380f11981804e9
 2023-01-26 16:56:40 +00:00
Kalesh Singh
eb1a50003c suspend: Allow access to /sys/power/wake_[un]lock 
This is needed to prevent autosuspend when the framework is restarting
See: go/no-suspend-deadlocks

Bug: 255898234
Bug: 265513788
Bug: 266077359
Test: Check logcat for avc denials
Change-Id: I6313e28d0f2e4bc553881fcc3742dc74ca319b44
Merged-In: I6313e28d0f2e4bc553881fcc3742dc74ca319b44
 2023-01-25 16:39:05 -08:00
Alessandra Loro
d4858ae25a Drop back-compatibility for hiding ro.debuggable and ro.secure am: c6aec92b7c am: 60673b7437 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2399373

Change-Id: I5c4220e15342bbe9d1442107661f5c78cfc5fd1b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-25 19:34:16 +00:00
Alessandra Loro
6b354f6a92 Disallow untrusted apps to read ro.debuggable and ro.secure am: 0d68fc3525 am: ea182aa198 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2399372

Change-Id: I7b2c1ade72e3d8aeb52f6034e56990cf3abbea6c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-25 19:34:14 +00:00
Pete Bentley
e3adcf5f10 Update sepolicy prebuilts for PRNG seeder changes. am: e635929f6f am: ea49ed9381 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2300079

Change-Id: I34bbb44dee5120f30d74d9c2a0cc463afb1705ed
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-25 19:30:22 +00:00
Alessandra Loro
60673b7437 Drop back-compatibility for hiding ro.debuggable and ro.secure am: c6aec92b7c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2399373

Change-Id: Ib75355b064ebabe725f48accc0605f662fd28fb0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-25 18:46:53 +00:00
Alessandra Loro
ea182aa198 Disallow untrusted apps to read ro.debuggable and ro.secure am: 0d68fc3525 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2399372

Change-Id: I3a4319a2431fab9ae492a606d431370674bf44a6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-25 18:46:51 +00:00
Pete Bentley
ea49ed9381 Update sepolicy prebuilts for PRNG seeder changes. am: e635929f6f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2300079

Change-Id: I0df17dc2b6a0e341365e6484c8a855c5d8c68adc
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-25 18:38:20 +00:00
Hongwei Wang
9372026ad2 Allow platform_app:systemui to write protolog file 
This is enabled on debuggable builds only, includes
- Grant mlstrustedsubject typeattribute to wm_trace_data_file
- Grant platform_app (like systemui) the write access to
  wm_trace_data_file

Bug: 251513116
Test: adb shell dumpsys activity service SystemUIService \
      WMShell protolog [start | stop]
Change-Id: I9f77f8995e4bf671616ce6c49eeb93720e31430e
 2023-01-24 16:30:57 -08:00
Alessandra Loro
c6aec92b7c Drop back-compatibility for hiding ro.debuggable and ro.secure 
Ignore-AOSP-First: cherry-pick for tm-qpr-dev
Bug: 193912100
Bug: 265874811
Test: N/A for cherry-pick
Change-Id: I47f2ddc4fa87bf6c8f872d2679348b2eecddcaad
Merged-In: I47f2ddc4fa87bf6c8f872d2679348b2eecddcaad
 2023-01-23 12:06:37 +00:00