tequilaOS/platform_build
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
18718 commits 1 branch 0 tags 119 MiB
Commit graph

229 commits

Author SHA1 Message Date
Nick Kralevich
06b895ea48 am f9172a61: am 2eb95ac2: am ad6107c3: Merge "Coalesce generic_x86 and generic sepolicy where possible." 
* commit 'f9172a61d742ac048fced2c264585068a42527b3':
  Coalesce generic_x86 and generic sepolicy where possible.
 2014-06-17 18:06:10 +00:00
Stephen Smalley
a49411f49b Coalesce generic_x86 and generic sepolicy where possible. 
We originally forked a complete copy of generic/sepolicy into
generic_x86/sepolicy, but we can instead inherit from it and
merely add rules as needed under generic_x86/sepolicy.

Change-Id: I21e1a1425ce08676a8ea69685a4761db3bfde628
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 2014-06-17 09:35:56 -04:00
Stephen Smalley
78eee96a72 Restore generic_x86 sepolicy zygote.te file. 
I87d0976800557d73064e2da038315b0d019d7a60 removed zygote.te from
generic/sepolicy and generic/BoardConfig.mk but also incorrectly
removed it from generic_x86/BoardConfig.mk, even though
generic_x86/sepolicy/zygote.te still exists and contains rules
needed on the x86 emulator.  Otherwise the zygote fails with
execmem denials on the x86 emulator.

(x86 emulator is also broken currently due to yaffs2 /cache yielding
unlabeled denials, but that is unrelated to this change).

Change-Id: Ie36ed4ed7ba478a377f9a0d4383d006b49bde5cc
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 2014-06-17 09:20:17 -04:00
Nick Kralevich
e96f961efc am 7be1a519: am 331f4d58: am cc7aebb8: Merge "Restore generic_x86 sepolicy zygote.te file." 
* commit '7be1a5197ffb97aebc8a175b7a5dcbed248ac8a7':
  Restore generic_x86 sepolicy zygote.te file.
 2014-06-17 13:54:23 +00:00
dcashman
6672745d18 am cac1fc6d: am 5bb6eeb9: am d9c312b5: Merge "Allow all domains access to /dev/qemu_trace." 
* commit 'cac1fc6dd5daf5f03bacf8749f888d196985fda8':
  Allow all domains access to /dev/qemu_trace.
 2014-06-17 01:30:39 +00:00
dcashman
38a261a82b Allow all domains access to /dev/qemu_trace. 
/dev/qemu_trace is used by memcheck on qemu to get memory allocation events
from all processes on the system.  Allow all domains to access this device, and
other qemu-specific devices.

Addresses the following denials:
type=1400 audit(1402674828.500:3): avc:  denied  { read write } for  pid=44 comm="servicemanager" name="qemu_trace" dev="tmpfs" ino=1494 scontext=u:r:servicemanager:s0 tcontext=u:object_r:qemu_device:s0 tclass=chr_file
type=1400 audit(1402674828.500:4): avc:  denied  { open } for  pid=44 comm="servicemanager" name="qemu_trace" dev="tmpfs" ino=1494 scontext=u:r:servicemanager:s0 tcontext=u:object_r:qemu_device:s0 tclass=chr_file
type=1400 audit(1402674828.520:5): avc:  denied  { read write } for  pid=42 comm="logd" name="qemu_trace" dev="tmpfs" ino=1494 scontext=u:r:logd:s0 tcontext=u:object_r:qemu_device:s0 tclass=chr_file
type=1400 audit(1402674828.520:6): avc:  denied  { open } for  pid=42 comm="logd" name="qemu_trace" dev="tmpfs" ino=1494 scontext=u:r:logd:s0 tcontext=u:object_r:qemu_device:s0 tclass=chr_file
type=1400 audit(1402674828.610:7): avc:  denied  { read write } for  pid=48 comm="debuggerd" name="qemu_trace" dev="tmpfs" ino=1494 scontext=u:r:debuggerd:s0 tcontext=u:object_r:qemu_device:s0 tclass=chr_file
type=1400 audit(1402674828.610:8): avc:  denied  { open } for  pid=48 comm="debuggerd" name="qemu_trace" dev="tmpfs" ino=1494 scontext=u:r:debuggerd:s0 tcontext=u:object_r:qemu_device:s0 tclass=chr_file
type=1400 audit(1402674829.000:9): avc: denied { read write } for pid=47 comm="netd" name="qemu_trace" dev="tmpfs" ino=1494 scontext=u:r:netd:s0 tcontext=u:object_r:qemu_device:s0 tclass=chr_file
type=1400 audit(1402674829.000:10): avc: denied { open } for pid=47 comm="netd" name="qemu_trace" dev="tmpfs" ino=1494 scontext=u:r:netd:s0 tcontext=u:object_r:qemu_device:s0 tclass=chr_file
type=1400 audit(1402674829.180:11): avc: denied { read write } for pid=53 comm="installd" name="qemu_trace" dev="tmpfs" ino=1494 scontext=u:r:installd:s0 tcontext=u:object_r:qemu_device:s0 tclass=chr_file
type=1400 audit(1402674829.200:12): avc: denied { read write } for pid=45 comm="vold" name="qemu_trace" dev="tmpfs" ino=1494 scontext=u:r:vold:s0 tcontext=u:object_r:qemu_device:s0 tclass=chr_file
type=1400 audit(1402674829.200:13): avc: denied { open } for pid=53 comm="installd" name="qemu_trace" dev="tmpfs" ino=1494 scontext=u:r:installd:s0 tcontext=u:object_r:qemu_device:s0 tclass=chr_file
type=1400 audit(1402674829.200:14): avc: denied { open } for pid=45 comm="vold" name="qemu_trace" dev="tmpfs" ino=1494 scontext=u:r:vold:s0 tcontext=u:object_r:qemu_device:s0 tclass=chr_file
type=1400 audit(1402674829.280:15): avc: denied { read write } for pid=54 comm="keystore" name="qemu_trace" dev="tmpfs" ino=1494 scontext=u:r:keystore:s0 tcontext=u:object_r:qemu_device:s0 tclass=chr_file
type=1400 audit(1402674829.280:16): avc: denied { open } for pid=54 comm="keystore" name="qemu_trace" dev="tmpfs" ino=1494 scontext=u:r:keystore:s0 tcontext=u:object_r:qemu_device:s0 tclass=chr_file
type=1400 audit(1402674830.580:17): avc: denied { read write } for pid=51 comm="drmserver" name="qemu_trace" dev="tmpfs" ino=1494 scontext=u:r:drmserver:s0 tcontext=u:object_r:qemu_device:s0 tclass=chr_file
type=1400 audit(1402674830.580:18): avc: denied { open } for pid=51 comm="drmserver" name="qemu_trace" dev="tmpfs" ino=1494 scontext=u:r:drmserver:s0 tcontext=u:object_r:qemu_device:s0 tclass=chr_file
type=1400 audit(1402674930.860:22): avc: denied { read write } for pid=655 comm="iptables" name="qemu_trace" dev="tmpfs" ino=1494 scontext=u:r:netd:s0 tcontext=u:object_r:qemu_device:s0 tclass=chr_file
type=1400 audit(1402674930.870:23): avc: denied { open } for pid=655 comm="iptables" name="qemu_trace" dev="tmpfs" ino=1494 scontext=u:r:netd:s0 tcontext=u:object_r:qemu_device:s0 tclass=chr_file

Bug: 15570479
Change-Id: I87d0976800557d73064e2da038315b0d019d7a60
 2014-06-16 14:17:05 -07:00
dcashman
42971a6ad7 Revert "Allow all domains access to /dev/qemu_trace." 
This reverts commit b1b12f8ad4.

(cherry picked from commit 097e840b06)

Change-Id: I89a9a0879a415c177091852a579c6dfd8c8a5b0a
 2014-06-16 12:16:32 -07:00
dcashman
4b445e8998 am 3aeceecd: am cd978db2: am 96df14d6: Merge "Allow all domains access to /dev/qemu_trace." 
* commit '3aeceecddf2c7ee7f785e7e16c54d8bb99e3c9f1':
  Allow all domains access to /dev/qemu_trace.
 2014-06-16 18:11:30 +00:00
dcashman
097e840b06 Revert "Allow all domains access to /dev/qemu_trace." 
This reverts commit b1b12f8ad4.
 2014-06-16 10:45:16 -07:00
dcashman
b1b12f8ad4 Allow all domains access to /dev/qemu_trace. 
/dev/qemu_trace is used by memcheck on qemu to get memory allocation events
from all processes on the system.  Allow all domains to access this device, and
other qemu-specific devices..

Addresses the following denials:
type=1400 audit(1402674828.500:3): avc:  denied  { read write } for  pid=44 comm="servicemanager" name="qemu_trace" dev="tmpfs" ino=1494 scontext=u:r:servicemanager:s0 tcontext=u:object_r:qemu_device:s0 tclass=chr_file
type=1400 audit(1402674828.500:4): avc:  denied  { open } for  pid=44 comm="servicemanager" name="qemu_trace" dev="tmpfs" ino=1494 scontext=u:r:servicemanager:s0 tcontext=u:object_r:qemu_device:s0 tclass=chr_file
type=1400 audit(1402674828.520:5): avc:  denied  { read write } for  pid=42 comm="logd" name="qemu_trace" dev="tmpfs" ino=1494 scontext=u:r:logd:s0 tcontext=u:object_r:qemu_device:s0 tclass=chr_file
type=1400 audit(1402674828.520:6): avc:  denied  { open } for  pid=42 comm="logd" name="qemu_trace" dev="tmpfs" ino=1494 scontext=u:r:logd:s0 tcontext=u:object_r:qemu_device:s0 tclass=chr_file
type=1400 audit(1402674828.610:7): avc:  denied  { read write } for  pid=48 comm="debuggerd" name="qemu_trace" dev="tmpfs" ino=1494 scontext=u:r:debuggerd:s0 tcontext=u:object_r:qemu_device:s0 tclass=chr_file
type=1400 audit(1402674828.610:8): avc:  denied  { open } for  pid=48 comm="debuggerd" name="qemu_trace" dev="tmpfs" ino=1494 scontext=u:r:debuggerd:s0 tcontext=u:object_r:qemu_device:s0 tclass=chr_file
type=1400 audit(1402674829.000:9): avc: denied { read write } for pid=47 comm="netd" name="qemu_trace" dev="tmpfs" ino=1494 scontext=u:r:netd:s0 tcontext=u:object_r:qemu_device:s0 tclass=chr_file
type=1400 audit(1402674829.000:10): avc: denied { open } for pid=47 comm="netd" name="qemu_trace" dev="tmpfs" ino=1494 scontext=u:r:netd:s0 tcontext=u:object_r:qemu_device:s0 tclass=chr_file
type=1400 audit(1402674829.180:11): avc: denied { read write } for pid=53 comm="installd" name="qemu_trace" dev="tmpfs" ino=1494 scontext=u:r:installd:s0 tcontext=u:object_r:qemu_device:s0 tclass=chr_file
type=1400 audit(1402674829.200:12): avc: denied { read write } for pid=45 comm="vold" name="qemu_trace" dev="tmpfs" ino=1494 scontext=u:r:vold:s0 tcontext=u:object_r:qemu_device:s0 tclass=chr_file
type=1400 audit(1402674829.200:13): avc: denied { open } for pid=53 comm="installd" name="qemu_trace" dev="tmpfs" ino=1494 scontext=u:r:installd:s0 tcontext=u:object_r:qemu_device:s0 tclass=chr_file
type=1400 audit(1402674829.200:14): avc: denied { open } for pid=45 comm="vold" name="qemu_trace" dev="tmpfs" ino=1494 scontext=u:r:vold:s0 tcontext=u:object_r:qemu_device:s0 tclass=chr_file
type=1400 audit(1402674829.280:15): avc: denied { read write } for pid=54 comm="keystore" name="qemu_trace" dev="tmpfs" ino=1494 scontext=u:r:keystore:s0 tcontext=u:object_r:qemu_device:s0 tclass=chr_file
type=1400 audit(1402674829.280:16): avc: denied { open } for pid=54 comm="keystore" name="qemu_trace" dev="tmpfs" ino=1494 scontext=u:r:keystore:s0 tcontext=u:object_r:qemu_device:s0 tclass=chr_file
type=1400 audit(1402674830.580:17): avc: denied { read write } for pid=51 comm="drmserver" name="qemu_trace" dev="tmpfs" ino=1494 scontext=u:r:drmserver:s0 tcontext=u:object_r:qemu_device:s0 tclass=chr_file
type=1400 audit(1402674830.580:18): avc: denied { open } for pid=51 comm="drmserver" name="qemu_trace" dev="tmpfs" ino=1494 scontext=u:r:drmserver:s0 tcontext=u:object_r:qemu_device:s0 tclass=chr_file
type=1400 audit(1402674930.860:22): avc: denied { read write } for pid=655 comm="iptables" name="qemu_trace" dev="tmpfs" ino=1494 scontext=u:r:netd:s0 tcontext=u:object_r:qemu_device:s0 tclass=chr_file
type=1400 audit(1402674930.870:23): avc: denied { open } for pid=655 comm="iptables" name="qemu_trace" dev="tmpfs" ino=1494 scontext=u:r:netd:s0 tcontext=u:object_r:qemu_device:s0 tclass=chr_file

Bug: 15570479
Change-Id: I4999a1eb5c25b4238c53fe1e989bcf5fed1ae355
 2014-06-16 10:10:38 -07:00
Ying Wang
fa3aebf762 am b3529761: am 2d4a27ee: am d707b5aa: Merge "AArch64: Set TARGET_2ND_CPU_VARIANT for Arm64 to cortex-a15" 
* commit 'b3529761af24d19cd8cefa2c93f91920f0dfb28f':
  AArch64: Set TARGET_2ND_CPU_VARIANT for Arm64 to cortex-a15
 2014-06-11 21:38:20 +00:00
Serban Constantinescu
93694e63ee AArch64: Set TARGET_2ND_CPU_VARIANT for Arm64 to cortex-a15 
A sensible default for the 32bit CPU_VARIANT of an ARM64 build is
cortex-a15. Please note that the AArch32 execution state of ARMv8
is a superset of ARMv7.

Change-Id: Id2b655172750e04609ae9ba22d621fe83cd69b1a
Signed-off-by: Serban Constantinescu <serban.constantinescu@arm.com>
 2014-06-04 16:19:24 +01:00
Elliott Hughes
7c9a8e6400 am 55b2c360: am ad319779: am 4afe808c: Merge "Fix all the system image sizes." 
* commit '55b2c3600fcbdc6bd0dbf3319eb219188553429c':
  Fix all the system image sizes.
 2014-05-28 18:01:54 +00:00
Elliott Hughes
368600b1e8 Fix all the system image sizes. 
x86 just bit me. I did manage to build mips today, but I assume it
can't be long before we hit the limit there too if every other target
has hit it already.

Change-Id: I28dfe3b4f9565cb79e0bf6b0ffc55a9d6e64a9b0
 2014-05-27 16:47:44 -07:00
Narayan Kamath
7d55bea91f resolved conflicts for merge of 38c3c930 to master 
Change-Id: I88bb5131ce15bc5a4d7a7870d33c78fc9d952bb2
 2014-05-27 12:29:41 +01:00
Narayan Kamath
62da5fd161 Switch x86_64 emulator to 64 bit primary. 
Also siezes the opportunity to remove the hardcoded
TARGET_PREFER_32_BIT_APPS directing in core_64_bit.mk.
This avoids the need for further hacks but needs supporting
changes to a few apps to force them to 32 bit.

Change-Id: I36ba9e5f5b08dd87d6a4afc27961a436306eed99
 2014-05-27 12:12:00 +01:00
Elliott Hughes
5ef394b824 am d72b3164: am e972f9ff: am 0dbcff95: Merge "The generic_arm64 system image is full." 
* commit 'd72b3164bdb731dd9871b221fe8db099a1f94514':
  The generic_arm64 system image is full.
 2014-05-21 00:01:45 +00:00
Elliott Hughes
0499399231 The generic_arm64 system image is full. 
Change-Id: I454c674033525f2f7847d2c91979dff8093c335b
 2014-05-20 14:44:26 -07:00
Ji-Hwan Lee
d9af5a5458 am d9f11a3f: am c0f0e8ca: am 13b48588: Merge "Allow qemu_device read-write access to various processes" 
* commit 'd9f11a3f2b0670ac68bfae782c5fe8c58032efc6':
  Allow qemu_device read-write access to various processes
 2014-05-19 17:01:10 +00:00
Ji-Hwan Lee
93e450767f Allow qemu_device read-write access to various processes 
Basically, allow access of qemu_device where gpu_device is allowed, for the
case when the emulator runs with OpenGL/ES emulation.  Most noticably,
surfaceflinger crashes without qemu_device access.

Bug: 15052949
Change-Id: Ib891365a6d503309bced64e2512c4d8f29d9a07e
 2014-05-19 20:49:17 +09:00
Ji-Hwan Lee
b32ea89a6a am 38c18c3b: am acfb2723: am c60783c9: Merge "Increase system image size to 650M for generic_arm64" 
* commit '38c18c3b9adca416517fb332628253e2bb43fe23':
  Increase system image size to 650M for generic_arm64
 2014-05-18 07:58:11 +00:00
Ji-Hwan Lee
c89e1826ba Increase system image size to 650M for generic_arm64 
Change-Id: I7969ec54dc4225bbe36651c4d9c6a09de1eb89f4
 2014-05-18 02:42:14 +09:00
Ji-Hwan Lee
02fba08334 am 0994317a: am 658d89e9: am 4ec7007f: Merge "Increase system image size to 650M for generic_x86" 
* commit '0994317a003a8e3e1891d4f3ae44fcfc3191b2bf':
  Increase system image size to 650M for generic_x86
 2014-05-16 02:03:58 +00:00
Ji-Hwan Lee
f942e496a3 Increase system image size to 650M for generic_x86 
Change-Id: I4457796bdaff8c2626eb0788199be75f3ab4cd47
 2014-05-16 08:03:21 +09:00
David 'Digit' Turner
edc702c7d6 am 873782cc: am 9e3259f5: am fb67f05d: Merge changes I53b2ada9,I30794ea5 
* commit '873782ccd44349c766f5d74e65b3b323618dd6ed':
  Disable emulator from platform builds.
  envsetup.sh: Use prebuilt emulator binaries if available.
 2014-05-11 09:28:16 +00:00
David 'Digit' Turner
f6e2694dd2 Disable emulator from platform builds. 
Now that emulator prebuilts are available under prebuilts/android-emulator/,
disable building the emulator from source in all platform builds, except
if one defines BUILD_EMULATOR to 'true' in its environment.

NOTE: This patch should be applied after this one to avoid issues
      with the GPU emulation libraries:
            https://android-review.googlesource.com/93980

Change-Id: I53b2ada9ca0c2e159dccee7cdca7f55f6b0d1d42
 2014-05-09 15:32:39 +02:00
Tsu Chiang Chuang
7e9d23d9e7 am c0d50f62: am 5bd1da1e: am 41d8760d: Merge "Bump userdata image size from 200 MB to 550 MB" 
* commit 'c0d50f6295e9c552456c825f9c8045dced05a409':
  Bump userdata image size from 200 MB to 550 MB
 2014-05-08 23:12:40 +00:00
Tsu Chiang Chuang
27a026c802 Bump userdata image size from 200 MB to 550 MB 
Change-Id: Ibdf319091a7187dc894f4a923d40868cec4b7b41
 2014-05-06 17:40:23 -07:00
Ying Wang
40227dfaaf am 876dca69: am 2c32044d: am b7e0bdc0: Merge "Increase system image size of generic_x86_64 to 750MB." 
* commit '876dca695d1be00054fe7c4b5ac4e7c36b6c1eb9':
  Increase system image size of generic_x86_64 to 750MB.
 2014-05-06 02:09:46 +00:00
Ying Wang
ff4aa89db8 Increase system image size of generic_x86_64 to 750MB. 
Change-Id: I0c3264c7f629bc4d8c30539590de00967188807b
 2014-05-05 19:01:28 -07:00
Ying Wang
15f6287e09 am 0049c40e: am 54a570bd: am 57df0c7b: Merge "Increase system image size of generic_x86_64 to 650MB." 
* commit '0049c40efd053d0fae186515e7cfc3fc0671c4cd':
  Increase system image size of generic_x86_64 to 650MB.
 2014-05-05 18:50:19 +00:00
Ying Wang
edf99a23ee Increase system image size of generic_x86_64 to 650MB. 
Change-Id: Iacf6dcd00d78039d1b19595db6f293f8f202ac5a
 2014-05-05 11:34:30 -07:00
Ian Rogers
2b96d6ae78 resolved conflicts for merge of 77efd7b4 to master 
Change-Id: I2ff1be499d3c4a5c7da3b016c63a519edcda458f
 2014-04-22 10:03:16 -07:00
Ian Rogers
d4186e8c1f Make the zygote 64-bit for the x86-64 emulator. 
Change-Id: I4ad5d1ef2406e947176c8e180822b25c04fc83f0
 2014-04-18 17:09:33 -07:00
Greg Hackmann
b3f2dac1e0 am 0fd37501: am f518e838: am f1750876: Merge "Revert "HACK: disable emulator on x86_64"" 
* commit '0fd37501c4610783c53a6f8d4000ba7a230f61df':
  Revert "HACK: disable emulator on x86_64"
 2014-04-03 01:41:16 +00:00
Greg Hackmann
f175087608 Merge "Revert "HACK: disable emulator on x86_64"" 2014-04-02 22:53:45 +00:00
Colin Cross
9871d2e270 am 0396b102: am 578f7ec4: am 45db0e05: Merge "aosp_arm64: increase userdata image size" 
* commit '0396b10235ece43be797e48673ec05c4cf4c74d7':
  aosp_arm64: increase userdata image size
 2014-04-02 17:44:54 +00:00
Colin Cross
d46c7381c8 aosp_arm64: increase userdata image size 
Increase userdata image size to allow make tests to builds with
extra tests to fit.

Change-Id: I2fea99d5a39816e78595215481b60ee51eb9182f
 2014-04-02 09:17:29 -07:00
Greg Hackmann
dc01136bea Revert "HACK: disable emulator on x86_64" 
This reverts commit 4562c5bcb3.
 2014-03-31 16:54:52 -07:00
Lajos Molnar
3d402686ca Merge "stagefright: use media_codecs_google*.xml files" 2014-03-21 21:15:32 +00:00
Ying Wang
c6848b398d Remove the redundant DISABLE_DEXPREOPT 
To disable dexpreopt, use just:
WITH_DEXPREOPT=false

Change-Id: I5804f3774f8ec50eb16c5336776dbce0c28b16d9
 2014-03-20 13:01:31 -07:00
Lajos Molnar
f40956fbbf stagefright: use media_codecs_google*.xml files 
Bug: 13549114
Change-Id: I25d6344c78da152f394fa7b4855a2eb61008afc6
 2014-03-19 17:39:39 -07:00
Nick Kralevich
f2fd6d9af2 Merge "Allow shell serial_device read-write access" 2014-03-19 16:37:40 +00:00
Nick Kralevich
b20966f803 Allow shell serial_device read-write access 
When starting the emulator, the system console writes entries
to /dev/ttyS2. We need to allow the writes, otherwise this generates
denials when you run "emulator -verbose -logcat '*:v' -show-kernel"

Addresses the following denial:
type=1400 audit(1395076594.320:446): avc:  denied  { read write } for  pid=5600 comm="sh" path="/dev/ttyS2" dev="tmpfs" ino=1487 scontext=u:r:shell:s0 tcontext=u:object_r:serial_device:s0 tclass=chr_file

Bug: 13506702
Change-Id: I3729537cabb0bf8e8b2905d3def43a293bb1081f
 2014-03-18 15:17:35 -07:00
Greg Hackmann
4562c5bcb3 HACK: disable emulator on x86_64 
The build system and qemu disagree about where the x86_64 kernel should
live; disable the emulator until that's resolved

Change-Id: Ia7a2745ee8f3f4211ce39f8d851d5d860acbf62b
Signed-off-by: Greg Hackmann <ghackmann@google.com>
 2014-03-18 11:13:37 -07:00
Tim Murray
b5f333bbef Work in progress to enable build system support for Clang. 
Change-Id: I278b48bcd976afcbde8d86261da9b9b9efc9002c
 2014-03-14 00:39:03 -07:00
Ying Wang
cd07521f46 Merge "Revert "generic_x86: toggle 64bit binder ABI"" 2014-02-27 17:19:34 +00:00
Ying Wang
32d35a71ff Revert "generic_x86: toggle 64bit binder ABI" 
This reverts commit e2525ade32.

Change-Id: Ibaec151084ce4f00194a5a22c4be7531710b4a9f
 2014-02-27 17:19:13 +00:00
Stephen Smalley
1c0e1cde7b Add policy for MIPS emulator, fix x86 policy. 
The qemud and /dev/qemu_pipe policy bits copied to generic
and generic_x86 by I620d4aef84a5d4565abb1695db54ce1653612bce
are required for generic_mips as well.  In testing, we
further saw other denials for generic_mips that correspond
exactly to what is already allowed in the generic sepolicy, so
just inherit the sepolicy files from generic for now.
We could do likewise for the generic_x86 sepolicy for the files that are
identical with generic if desired, but that is not done by this change.

The generic_x86 sepolicy was missing a rule for /sys/qemu_trace
moved to the generic sepolicy by the prior change, so fix that omission.

The generic*64 variants will need something similar, either by inheriting
from one of the existing sepolicy directories as in the MIPS
case or by forking their own copies as in the x86 case.

Change-Id: Iec7c8825734a3f96f7db8ae1d10dce1f30b22bdf
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 2014-02-26 09:12:55 -05:00
Stephen Smalley
768ff518f0 Move qemud and /dev/qemu policy bits to emulator-specific sepolicy. 
Change-Id: I620d4aef84a5d4565abb1695db54ce1653612bce
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 2014-02-25 13:49:57 -05:00