Tri Vo
1968f2bd57
Merge "neverallow shell access to 'device' type" am: 536d195469 am: ee1ff62257
...
am: c1dba09f28
2018-01-19 08:07:43 +00:00
Steven Moreland
832958ab5d
Merge "Disallow sysfs_leds to coredomains." am: 5d5284ad93 am: abe248d14d
...
am: 977949e360
2018-01-19 08:07:25 +00:00
Tri Vo
c1dba09f28
Merge "neverallow shell access to 'device' type" am: 536d195469
...
am: ee1ff62257
2018-01-19 08:02:19 +00:00
Steven Moreland
977949e360
Merge "Disallow sysfs_leds to coredomains." am: 5d5284ad93
...
am: abe248d14d
2018-01-19 08:01:58 +00:00
Tri Vo
ee1ff62257
Merge "neverallow shell access to 'device' type"
...
am: 536d195469
2018-01-19 07:50:27 +00:00
Steven Moreland
abe248d14d
Merge "Disallow sysfs_leds to coredomains."
...
am: 5d5284ad93
2018-01-19 07:50:06 +00:00
Treehugger Robot
536d195469
Merge "neverallow shell access to 'device' type"
2018-01-19 05:20:30 +00:00
Treehugger Robot
5d5284ad93
Merge "Disallow sysfs_leds to coredomains."
2018-01-19 04:56:36 +00:00
Jaekyun Seok
5580de4bdc
Merge "Add rcs.publish.status to the whitelist" am: 5971d678e6 am: 006abea25a
...
am: 0399f1e452
2018-01-19 04:50:37 +00:00
Yifan Hong
4e0af024f0
Merge "charger: allow to read /sys/class/power_supply" am: 1dafee26ee am: d39b16ba59
...
am: 1f5cce99e9
2018-01-19 04:50:16 +00:00
Jaekyun Seok
0399f1e452
Merge "Add rcs.publish.status to the whitelist" am: 5971d678e6
...
am: 006abea25a
2018-01-19 04:28:02 +00:00
Yifan Hong
1f5cce99e9
Merge "charger: allow to read /sys/class/power_supply" am: 1dafee26ee
...
am: d39b16ba59
2018-01-19 04:27:46 +00:00
Jaekyun Seok
006abea25a
Merge "Add rcs.publish.status to the whitelist"
...
am: 5971d678e6
2018-01-19 04:20:16 +00:00
Yifan Hong
d39b16ba59
Merge "charger: allow to read /sys/class/power_supply"
...
am: 1dafee26ee
2018-01-19 04:19:58 +00:00
Jaekyun Seok
5971d678e6
Merge "Add rcs.publish.status to the whitelist"
2018-01-19 03:22:34 +00:00
Treehugger Robot
1dafee26ee
Merge "charger: allow to read /sys/class/power_supply"
2018-01-19 03:18:43 +00:00
Steven Moreland
09fddac1d7
Disallow sysfs_leds to coredomains.
...
Bug: 70846424
Test: neverallow not tripped
Change-Id: I9e351ee906162a594930b5ab300facb5fe807f13
2018-01-18 18:10:06 -08:00
TreeHugger Robot
205e38fbf9
Merge "Enforce per-app data protections for targetSdk 28+"
2018-01-19 00:56:07 +00:00
Yifan Hong
2d64886d08
charger: allow to read /sys/class/power_supply
...
Test: charger mode correctly shuts off when unplugged
Change-Id: I06a7ffad67beb9f6d9642c4f53c35067b0dc2b3d
Fixes: 71328882
2018-01-18 16:46:17 -08:00
Jaekyun Seok
c27869e2d3
Merge "Add default namespaces of odm properties" am: 74828e65d5 am: 3f63d625b3
...
am: 0e194f1ea9
2018-01-19 00:17:04 +00:00
Jaekyun Seok
0e194f1ea9
Merge "Add default namespaces of odm properties" am: 74828e65d5
...
am: 3f63d625b3
2018-01-19 00:12:24 +00:00
Jaekyun Seok
3f63d625b3
Merge "Add default namespaces of odm properties"
...
am: 74828e65d5
2018-01-19 00:05:35 +00:00
Treehugger Robot
74828e65d5
Merge "Add default namespaces of odm properties"
2018-01-18 23:11:09 +00:00
Jaekyun Seok
34aad97ea9
Add rcs.publish.status to the whitelist
...
Bug: 72154054
Test: tested with walleye
Change-Id: I35271c6044946c4ec639409c914d54247cfb9f79
2018-01-19 07:35:44 +09:00
Tri Vo
5dab913441
neverallow shell access to 'device' type
...
Bug: 65643247
Test: builds, the change doesn't affect runtime behavior.
Change-Id: I621a8006db7074f124cb16a12662c768bb31e465
2018-01-18 21:56:00 +00:00
Jeff Vander Stoep
6231b4d9fc
Enforce per-app data protections for targetSdk 28+
...
Adds per-app categories to untrusted app domains and their
app data types. Per-app categories are in addition to the
existing per-user categories.
Apps targeting sdk version 28+ will now have the following
characteristics:
Domain: u:r:untrusted_app:s0:c[0-9]+,c[0-9]+,c[0-9],c[0-9]
Data context: u:object_r:app_data_file:s0:c[0-9]+,c[0-9]+,c[0-9],c[0-9]
Whereas apps targeting 27- will look like:
Domain: u:r:untrusted_app_27:s0:c[0-9]+,c[0-9]+
Data context: u:object_r:app_data_file:s0:c[0-9]+,c[0-9]+
To ensure backwards compatibility with previous SDK versions,
the levelFrom=all now enforces categories by dominance instead of
equality. Apps with per-app and per-user categories will continue
to have selinux permissions (but not necessarily unix permissions)
to access app data with only per-user categories, but apps with only
per-user categories will not be able to access the data of apps with
both per-app and per-user categories.
Bug: 63897054
Test: Boot sailfish, run apps, verify no new selinux denials.
Test: cts-tradefed run cts -m CtsSelinuxTargetSdkCurrentTestCases
Test: cts-tradefed run cts -m CtsSelinuxTargetSdk27TestCases
Test: cts-tradefed run cts -m CtsSelinuxTargetSdk25TestCases
Test: adb sideload an OTA and verify that files are correctly labeled.
Change-Id: I64b013874fe87b55f47e817a1279e76ecf86b7c0
2018-01-18 13:32:57 -08:00
Tri Vo
fc81ae5e27
Merge "system_server: remove access sysfs_devices_system_cpu" am: 3ac8456fed am: 2a29ebac10
...
am: dfe6c3b0c8
2018-01-18 20:41:26 +00:00
Tri Vo
dfe6c3b0c8
Merge "system_server: remove access sysfs_devices_system_cpu" am: 3ac8456fed
...
am: 2a29ebac10
2018-01-18 20:39:23 +00:00
Tri Vo
2a29ebac10
Merge "system_server: remove access sysfs_devices_system_cpu"
...
am: 3ac8456fed
2018-01-18 20:36:51 +00:00
Tri Vo
3ac8456fed
Merge "system_server: remove access sysfs_devices_system_cpu"
2018-01-18 20:26:30 +00:00
Jeff Vander Stoep
13ac2500e2
Merge "Suppress denials for non-API access" am: ec4d4a5ed3 am: c25c474c2b
...
am: 98b70dcb04
2018-01-18 20:14:55 +00:00
Jeff Vander Stoep
98b70dcb04
Merge "Suppress denials for non-API access" am: ec4d4a5ed3
...
am: c25c474c2b
2018-01-18 20:12:38 +00:00
Jeff Vander Stoep
c25c474c2b
Merge "Suppress denials for non-API access"
...
am: ec4d4a5ed3
2018-01-18 20:10:36 +00:00
Treehugger Robot
ec4d4a5ed3
Merge "Suppress denials for non-API access"
2018-01-18 20:03:15 +00:00
Jeff Vander Stoep
6d8a876a4c
Suppress denials for non-API access
...
avc: denied { read } scontext=u:r:priv_app:s0:c512,c768
tcontext=u:object_r:proc_version:s0 tclass=file
avc: denied { read } scontext=u:r:priv_app:s0:c512,c768
tcontext=u:object_r:wifi_prop:s0 tclass=file
avc: denied { read } scontext=u:r:priv_app:s0:c512,c768
tcontext=u:object_r:net_dns_prop:s0 tclass=file
Bug: 72151306
Test: build
Change-Id: I4b658ccd128746356f635ca7955385a89609eea1
2018-01-18 08:55:02 -08:00
Jaekyun Seok
afca82a3bb
Add default namespaces of odm properties
...
Since /odm is an extension of /vendor, its default property contexts
should be consistent with ones of /vendor.
Bug: 36796459
Test: tested on wahoo devices
Change-Id: Ia67ebe81e9c7102aab35a34f14738ed9a24811d3
2018-01-18 13:31:37 +09:00
Tri Vo
c936223c51
Merge "storaged: remove access to sysfs_type" am: e3b05cf614 am: 2a415167a4
...
am: 38b224666f
2018-01-18 02:36:46 +00:00
Tri Vo
4d8ea7b48e
Merge "Mark shell as system_executes_vendor_violators." am: 65565c1cfd am: 6029d32912
...
am: 236e1b7ee4
2018-01-18 02:36:28 +00:00
Chenbo Feng
ef441de96e
Add sepolicy to lock down bpf access am: 566411edf2 am: 6b2a01a651
...
am: e638b198e0
2018-01-18 02:36:11 +00:00
Tri Vo
38b224666f
Merge "storaged: remove access to sysfs_type" am: e3b05cf614
...
am: 2a415167a4
2018-01-18 02:27:34 +00:00
Tri Vo
236e1b7ee4
Merge "Mark shell as system_executes_vendor_violators." am: 65565c1cfd
...
am: 6029d32912
2018-01-18 02:27:19 +00:00
Chenbo Feng
e638b198e0
Add sepolicy to lock down bpf access am: 566411edf2
...
am: 6b2a01a651
2018-01-18 02:27:00 +00:00
Tri Vo
2a415167a4
Merge "storaged: remove access to sysfs_type"
...
am: e3b05cf614
2018-01-18 02:18:21 +00:00
Tri Vo
6029d32912
Merge "Mark shell as system_executes_vendor_violators."
...
am: 65565c1cfd
2018-01-18 02:18:01 +00:00
Chenbo Feng
6b2a01a651
Add sepolicy to lock down bpf access
...
am: 566411edf2
2018-01-18 02:17:41 +00:00
Treehugger Robot
e3b05cf614
Merge "storaged: remove access to sysfs_type"
2018-01-18 01:25:42 +00:00
Roshan Pius
2724e81c9e
Merge "sepolicy(hostapd): Add a HIDL interface for hostapd"
2018-01-18 00:49:19 +00:00
Andy Hung
66b4faba12
dumpstate: add media.metrics am: 8b049d5b6f am: 9709a69aa7
...
am: 5ba720353a
2018-01-18 00:13:04 +00:00
Andy Hung
5ba720353a
dumpstate: add media.metrics am: 8b049d5b6f
...
am: 9709a69aa7
2018-01-18 00:03:08 +00:00
Andy Hung
9709a69aa7
dumpstate: add media.metrics
...
am: 8b049d5b6f
2018-01-17 23:55:45 +00:00
