Age | Commit message (Collapse) | Author |
|
This reverts commit c4af45caa3cdc91c236a59ae2058968732734c8c.
Reason for revert: Restore this patch since it was not necessary to revert this patch.
Bug: 202520796
Change-Id: Ieb3346ecc604f4365dcace125072c1927c7a647c
|
|
a349fb7f9640f6160e3f9cbd718d5c6bfe932ff4
Change-Id: I23bf1aa53750c5b313bfb421ef008acbd40da313
|
|
Revert this patch since the bdev_type and sysfs_block_type SELinux
attributes are being removed.
Bug: 202520796
Test: Untested.
Change-Id: I1f1ca439b4b45b2691b482a93f8d550bf4544aca
Signed-off-by: Bart Van Assche <bvanassche@google.com>
|
|
The following patch iterates over all block devices:
https://android-review.googlesource.com/c/platform/system/core/+/1783847/9
The following patch grants 'init' and 'apexd' permission to iterate over
all block devices:
https://android-review.googlesource.com/c/platform/system/sepolicy/+/1783947
The above SELinux policy change requires to add the 'bdev_type'
attribute to all block devices. Hence this patch.
Bug: 194450129
Test: Untested.
Change-Id: Ibdeb66a892ded5e602c4cdead1183b087aeefc62
Signed-off-by: Bart Van Assche <bvanassche@google.com>
|
|
This removes rules causing build failure due to neverallow.
Bug: 170082975
Test: m selinux_policy
Test: selinux enforcement is disabled
Change-Id: Ia85042c30d7b42f3da169cb32fb3c527d54f0e43
|
|
No longer needed after:
https://android-review.googlesource.com/c/platform/system/sepolicy/+/1468206/
public/file.te: add 'allow proc_net proc:filesystem associate'
Bug: 145579144
Bug: 170265025
Test: treehugger will
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ia8f5876e1019f5ce88cbed60acdee7edf0475dee
|
|
We are going to enforce that each property has an explicit owner, such
as system, vendor, or product. This attaches vendor_property_type to
properties defined under vendor sepolicy directories.
Bug: 159097992
Test: lunch poplar-userdebug; m selinux_policy
Change-Id: I96a7c63aa97413b958a9395ff035aa1a203a7582
|
|
Any required functionally should be built into the kernel.
Test: NA
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ide42a95a36707a2fec3b641cbdcacfbc44a16d3d
(cherry picked from commit c3199dc0cdc1a658fce75d11694c21fd990948a9)
|
|
Commit d918c8df783e ("Remove redundant cgroup type/labelings.") in
project system/sepolicy/ removes cpuctl_device type and causes SELinux
compilation on Poplar.
device/linaro/poplar/sepolicy/untrusted_app.te:21:ERROR 'unknown type cpuctl_device' at token ';' on line 48537:
tombstone_data_file }:dir { getattr read search };
usb_device
checkpolicy: error(s) encountered while parsing configuration
Let's drop cpuctl_device type from Poplar sepolicy to fix the error.
Change-Id: Ia74b4a36ce10fef823d2b39f81db613f03753e90
Signed-off-by: Shawn Guo <shawn.guo@linaro.org>
|
|
(or line 12493 of policy.conf) violated by allow
vndservicemanager service_contexts_file:file { read getattr open };
libsepol.check_assertions: 1 neverallow failures occurred
Test: make -j24
Change-Id: Id7fbbfc0ab99ef1386f49194dfa387a70caeef3e
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
|
|
Poplar build is broken as below due to the merge of "neverallow fwk access to /vendor"
in system/sepolicy repository.
libsepol.report_failure: neverallow on line 1056 of system/sepolicy/public/domain.te (or line 12227 of policy.conf) violated by allow platform_app hi_overlay_file:file { read getattr open };
libsepol.report_failure: neverallow on line 1056 of system/sepolicy/public/domain.te (or line 12227 of policy.conf) violated by allow priv_app vendor_file:file { read getattr open };
libsepol.report_failure: neverallow on line 1056 of system/sepolicy/public/domain.te (or line 12227 of policy.conf) violated by allow bootanim hi_overlay_file:file { read getattr open };
libsepol.report_failure: neverallow on line 1056 of system/sepolicy/public/domain.te (or line 12227 of policy.conf) violated by allow surfaceflinger hi_overlay_file:file { read getattr open };
libsepol.report_failure: neverallow on line 1056 of system/sepolicy/public/domain.te (or line 12227 of policy.conf) violated by allow system_app vendor_file:file { read getattr open };
libsepol.report_failure: neverallow on line 1056 of system/sepolicy/public/domain.te (or line 12227 of policy.conf) violated by allow platform_app vendor_file:file { read getattr open };
libsepol.report_failure: neverallow on line 1056 of system/sepolicy/public/domain.te (or line 12227 of policy.conf) violated by allow priv_app hi_overlay_file:file { read getattr open };
libsepol.report_failure: neverallow on line 1056 of system/sepolicy/public/domain.te (or line 12227 of policy.conf) violated by allow system_app hi_overlay_file:file { read getattr open };
libsepol.check_assertions: 8 neverallow failures occurred
Let's update Poplar sepolicy to fix the failures and get build pass.
Change-Id: I6e47077e2bc36952f897cdace0b90caf2201838b
|
|
6d860e7 (origin/master, origin/HEAD) poplar: use vendor prebuilt wifi files
2de4ee5 wifi: add capabilities for wpa_supplicant
46ac944 poplar: create an optee folder for OP-TEE files
9411998 poplar: move hiavplayer.rc into vendor folder
e19a218 poplar: rename rootfs to vendor
fdb3113 BoardConfig.mk: add printk.devkmsg=on to BOARD_KERNEL_CMDLINE
da84bb1 init.poplar.rc: setprop service.adb.tcp.port 5555
ad56c8a Revert "WIP: temporarily disable bluetooth"
28e4d5e bt: add ro.boot.btmacaddr property and chmod of rtkbt_dev
363a2e4 wifi: enable wifi HAL support
958edb7 wifi: remove use of rtl8822bu module
fe5024d audio: add include of <unistd.h> to fix usleep warnings
6e36a97 device.mk: add Launcher2 package
4673aee WIP: temporarily disable bluetooth
8b6fdda poplar: remove obsolete self-extractors
b8b039f poplar: switch from add_lunch_combo to COMMON_LUNCH_CHOICES
acd1ef6 poplar: enable full treble support
d6df05c audio: update Android.mk for treble support
d9a9261 audio: include <log/log.h> instead of <cutils/log.h>
1f6821d device.mk: use TARGET_COPY_OUT_VENDOR for feature declarations
9b9a1a7 device.mk: clean up newlines and backslash
29db545 device.mk: build soundtrigger package for audio support
3d4498f device.mk: add ro.config.build.name property
fdb44d6 manifest: update manifest file for treble support
d0cc662 ueventd.poplar.rc: add hi_gfx2d device node back
ccc635e sepolicy: sync up selinux policy with Hisilicon development
2c391e5 sepoilcy: remove 'x' attribute from .te files
44c53b7 fstab.poplar: remove system and vendor mount
6b21fe2 fstab.poplar: use by-name symlinks instead of by-num
1e3bd67 poplar: add bt/wifi files and configurations
93bf7a1 device.mk: move BT section close to Wifi
Bug: 110793466
Test: Manual
Change-Id: If7db092bbed239ea83287fcf294b7d70c53e04b5
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
|