tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
15327 commits 1 branch 0 tags 50 MiB
Commit graph

15327 commits

This branch
This branch
All branches
Author SHA1 Message Date
Joel Galenson
1a4c83a856 Let vold_prepare_subdirs completely clean deleted user data. am: 254a872cab 
am: 397c854db6

Change-Id: I635703793fe5b980087900aa8cfcaacb402c101f
 2018-04-16 17:03:10 -07:00
Joel Galenson
397c854db6 Let vold_prepare_subdirs completely clean deleted user data. 
am: 254a872cab

Change-Id: I5de455d60678503f72ae8ee2985c5e7fb0c09b79
 2018-04-16 16:59:39 -07:00
Joel Galenson
254a872cab Let vold_prepare_subdirs completely clean deleted user data. 
After adding a new user, deleting it, and rebooting, some of the user's data still remained.  This adds the SELinux permissions necessary to remove all of the data.  It fixes the followign denials:

avc: denied { rmdir } for scontext=u:r:vold_prepare_subdirs:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir
avc: denied { unlink } for scontext=u:r:vold_prepare_subdirs:s0 tcontext=u:object_r:system_data_file:s0 tclass=file

Bug: 74866238
Test: Create user, delete user, reboot user, see no denials or
leftover data.

Change-Id: Ibc43bd2552b388a9708bf781b5ad206f21df62dc
 2018-04-16 16:39:43 -07:00
sqian
f576b81c91 [automerger skipped] Merge "Add sepolicy for radio sap 1.2" am: e96766dc42 
am: 31b6f0bbea  -s ours

Change-Id: I3fc15d7967ff84298743debcba6bed8f26637f4f
 2018-04-16 16:24:59 -07:00
sqian
31b6f0bbea Merge "Add sepolicy for radio sap 1.2" 
am: e96766dc42

Change-Id: I6001e9f1094ee6da73ae48bc04559f10d3847060
 2018-04-16 16:22:32 -07:00
Joel Galenson
18350e71c7 Merge "Add bug_map entries for bugs we've seen." am: e1ee3535be 
am: 2b15785f00

Change-Id: I4112a2adbfc4cd97ac42c09c6c8d8adcbd3bad6a
 2018-04-16 16:13:57 -07:00
Jaekyun Seok
c3ef1e7b45 Allow dumpstate to read property_type am: 4de238e9b9 
am: dfb48cf6fc

Change-Id: I4a5516f694a72624ce353a00b4dd0df0f14ebff6
 2018-04-16 16:13:38 -07:00
Treehugger Robot
e96766dc42 Merge "Add sepolicy for radio sap 1.2" 2018-04-16 23:08:50 +00:00
Joel Galenson
2b15785f00 Merge "Add bug_map entries for bugs we've seen." 
am: e1ee3535be

Change-Id: I3593d3bc6c9cea534d0752a439e485aaafd737c1
 2018-04-16 16:01:58 -07:00
Treehugger Robot
e1ee3535be Merge "Add bug_map entries for bugs we've seen." 2018-04-16 22:52:49 +00:00
Jaekyun Seok
dfb48cf6fc Allow dumpstate to read property_type 
am: 4de238e9b9

Change-Id: I2014df25df9903a210d5b0e26599e780e929f2e0
 2018-04-16 15:52:27 -07:00
Tom Cherry
2b54453f60 [automerger skipped] Merge "Allow vendor_init to write to misc_block_device" into pi-dev 
am: 6991a930e1  -s ours

Change-Id: I8307e8b7122d829f38df7773f1674cf65a5f2504
 2018-04-16 15:29:31 -07:00
TreeHugger Robot
6991a930e1 Merge "Allow vendor_init to write to misc_block_device" into pi-dev 2018-04-16 22:01:16 +00:00
Shuo Qian
3506241425 Merge "Add sepolicy for radio sap 1.2" into pi-dev 
am: e8c2d1898a

Change-Id: I832dab4e23f82e4e4f6219590901c824371bbc89
 2018-04-16 12:12:14 -07:00
sqian
b951e7330d Add sepolicy for radio sap 1.2 
Bug: 74114758
Test: Checked radio-service and sap-service is on the lshal after running the service
Change-Id: I1b18711286e000a7d17664e7d3a2045aeeb8c285
Merged-In: I1b18711286e000a7d17664e7d3a2045aeeb8c285
(cherry picked from commit 64839e874b)
 2018-04-16 12:00:11 -07:00
Shuo Qian
e8c2d1898a Merge "Add sepolicy for radio sap 1.2" into pi-dev 2018-04-16 18:44:39 +00:00
Joel Galenson
f55786cfce Add bug_map entries for bugs we've seen. 
This adds numerous bug_map entries to try to annotate all denials
we've seen.

Bug: 78117980
Test: Build
Change-Id: I1da0690e0b4b0a44d673a54123a0b49a0d115a49
 2018-04-16 10:31:38 -07:00
Jeff Vander Stoep
c0150e0760 tombstoned: allow unlinking anr files 
am: fde3e6a0f7

Change-Id: I6624dc55fd91ba2483dc8e834606322c4e45df73
 2018-04-16 08:37:43 -07:00
Jeff Vander Stoep
fde3e6a0f7 tombstoned: allow unlinking anr files 
Tombstoned unlinks "trace_XX" files if there are too many of them.

avc: denied { unlink } for comm="tombstoned" name="trace_12"
scontext=u:r:tombstoned:s0 tcontext=u:object_r:anr_data_file:s0
tclass=file

Bug: 77970585
Test: Build/boot taimen. adb root; sigquit an app.

(cherry picked from commit eb8f938fd4)

Change-Id: I2f29d12f747d688f8f4e06b48cf72c5109adc2ae
 2018-04-16 12:51:35 +01:00
Jaekyun Seok
4de238e9b9 Allow dumpstate to read property_type 
dumpstate needs to read all the system properties for debugging.

Bug: 77277669
Test: succeeded building and tested with taimen
Change-Id: I3603854b3be67d4fc55d74f7925a21bfa59c81ee
 2018-04-16 06:18:24 +00:00
Jeff Sharkey
ea3997beab Merge "Add exFAT support; unify behind "sdcard_type"." am: ba89007178 
am: ff0369ad4c

Change-Id: I3d323c85ff019824be74fa6887b0578f308e6251
 2018-04-14 16:28:52 -07:00
Jeff Vander Stoep
7847680beb Merge "tombstoned: allow unlinking anr files" am: 6b1ce73e1f 
am: ce83df5763

Change-Id: I4eaf900d032173006d645572c4b37d366bf3df07
 2018-04-14 16:26:56 -07:00
Jeff Vander Stoep
aea3738644 Merge "whitelist test failure that bypassed presubmit" am: 9935689982 
am: b3a2e92b2f

Change-Id: I2f71fcf0681a948396e7153a923f877878fb3533
 2018-04-14 16:19:59 -07:00
Suren Baghdasaryan
f30758564f Selinux: Give lmkd read access to /proc/meminfo am: 76384b3ee0 
am: b3005f7273

Change-Id: I4f74bf0de7d732bc738b7dc83c5578450ba803d9
 2018-04-14 16:17:54 -07:00
Jeff Sharkey
ff0369ad4c Merge "Add exFAT support; unify behind "sdcard_type"." 
am: ba89007178

Change-Id: I82151185ff4d1f7509cbba53fd3c992e5e2d7b2d
 2018-04-14 16:15:22 -07:00
Jeff Vander Stoep
ce83df5763 Merge "tombstoned: allow unlinking anr files" 
am: 6b1ce73e1f

Change-Id: Ic7424464c50f61dfccfec6741838b94ea528aa73
 2018-04-14 16:12:47 -07:00
Jeff Vander Stoep
b3a2e92b2f Merge "whitelist test failure that bypassed presubmit" 
am: 9935689982

Change-Id: I49025feedde771a5aa1aff4854b3ced1c82ebb87
 2018-04-14 16:10:28 -07:00
Suren Baghdasaryan
b3005f7273 Selinux: Give lmkd read access to /proc/meminfo 
am: 76384b3ee0

Change-Id: Ibcebdff61f06fb2b7f4bd9cd321a41b138cea2c0
 2018-04-14 16:07:18 -07:00
Jeff Sharkey
ba89007178 Merge "Add exFAT support; unify behind "sdcard_type"." 2018-04-13 23:47:54 +00:00
Treehugger Robot
6b1ce73e1f Merge "tombstoned: allow unlinking anr files" 2018-04-13 23:31:27 +00:00
Treehugger Robot
9935689982 Merge "whitelist test failure that bypassed presubmit" 2018-04-13 23:06:19 +00:00
Jeff Vander Stoep
4c402df7e3 whitelist test failure that bypassed presubmit 
avc: denied { read } for comm="batterystats-wo" name="show_stat" dev="sysfs"
scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs:s0 tclass=file

Bug: 77816522
Test: build
Change-Id: I50a9bfe1a9e4df9c84cf4b2b4aedbb8f82ac94cd
(cherry picked from commit 2ccd99a53a)
 2018-04-13 14:36:11 -07:00
Suren Baghdasaryan
76384b3ee0 Selinux: Give lmkd read access to /proc/meminfo 
Allow lmkd read access to /proc/meminfo for retrieving information
on memory state.

Change-Id: I7cf685813a5a49893c8f9a6ac4b5f6619f3c18aa
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
 2018-04-13 21:35:52 +00:00
Jeff Vander Stoep
eb8f938fd4 tombstoned: allow unlinking anr files 
Tombstoned unlinks "trace_XX" files if there are too many of them.

avc: denied { unlink } for comm="tombstoned" name="trace_12"
scontext=u:r:tombstoned:s0 tcontext=u:object_r:anr_data_file:s0
tclass=file

Bug: 77970585
Test: Build/boot taimen. adb root; sigquit an app.
Change-Id: I2c7cf81a837d82c4960c4c666b38cd910885d78d
 2018-04-13 14:33:32 -07:00
Joel Galenson
8b7720ceee [automerger skipped] Merge "Allow some vold_prepare_subdirs denials." am: bf41ff48cf 
am: e2b2999e3d  -s ours

Change-Id: I4f6a48400277952e7e736749a7e578a9f9973c54
 2018-04-13 14:31:45 -07:00
Wale Ogunwale
05227fccd5 Merge "Finalizing P SDK" into pi-dev 
am: 8ed7e52137

Change-Id: Ic976378b83b5bcaa401f757b3b0ad66face85146
 2018-04-13 14:25:35 -07:00
Joel Galenson
33c182a7c8 Merge "Track storaged SELinux denial." into pi-dev 
am: e1801fa733

Change-Id: Ib4d19a23e1674361b07a03be65b5ba5bb94a51f0
 2018-04-13 14:25:07 -07:00
Joel Galenson
6b51856d0e Merge "Allow some vold_prepare_subdirs denials." into pi-dev 
am: cdc68c652d

Change-Id: I7a2898cbbb77d8c2b88c50617e373423df13fe56
 2018-04-13 14:24:47 -07:00
Chia-I Wu
f60ccadf18 Make persist.sys.sf.native_mode an integer am: 9047a4de89 
am: eb5843635b

Change-Id: I6b42246d7ab2a7864adcfb39324a04732c2be686
 2018-04-13 13:58:34 -07:00
Joel Galenson
e2b2999e3d Merge "Allow some vold_prepare_subdirs denials." 
am: bf41ff48cf

Change-Id: Ib079060b523745a49f7b22470a1c9b8cccc87e1e
 2018-04-13 13:53:52 -07:00
Chia-I Wu
eb5843635b Make persist.sys.sf.native_mode an integer 
am: 9047a4de89

Change-Id: I92c96aee077c2e3e6b84a6382d003fa7a1dc0b44
 2018-04-13 13:53:30 -07:00
Wale Ogunwale
8ed7e52137 Merge "Finalizing P SDK" into pi-dev 2018-04-13 20:53:03 +00:00
Treehugger Robot
bf41ff48cf Merge "Allow some vold_prepare_subdirs denials." 2018-04-13 20:44:44 +00:00
TreeHugger Robot
e1801fa733 Merge "Track storaged SELinux denial." into pi-dev 2018-04-13 20:41:25 +00:00
TreeHugger Robot
cdc68c652d Merge "Allow some vold_prepare_subdirs denials." into pi-dev 2018-04-13 20:40:53 +00:00
Jeff Sharkey
000cafc701 Add exFAT support; unify behind "sdcard_type". 
We're adding support for OEMs to ship exFAT, which behaves identical
to vfat.  Some rules have been manually enumerating labels related
to these "public" volumes, so unify them all behind "sdcard_type".

Test: atest
Bug: 67822822
Change-Id: I09157fd1fc666ec5d98082c6e2cefce7c8d3ae56
 2018-04-13 14:08:10 -06:00
Chia-I Wu
9047a4de89 Make persist.sys.sf.native_mode an integer 
This allows for more native modes.

Bug: 73824924
Test: adb shell setprop persist.sys.sf.native_mode 2
Change-Id: Iffdeadc8dc260de4b0c7f2b46aab08d64d25e3b1
 2018-04-13 10:55:00 -07:00
Joel Galenson
2b840913d8 Track storaged SELinux denial. 
This should help fix presubmit tests.

Bug: 77634061
Test: Built policy.
Change-Id: Ib9f15c93b71c2b67f25d4c9f949a5e2b3ce93b9c
(cherry picked from commit c6b5a96bb6)
 2018-04-13 10:36:12 -07:00
Tom Cherry
5d8aba8b33 Allow vendor_init to write to misc_block_device am: db465285cf 
am: 4af9448a1d

Change-Id: I1f178435ae86b871b29e9cfa3c3547b28c72b5be
 2018-04-13 10:24:34 -07:00
Florian Mayer
5e0690c916 Merge "Make traced_probes mlstrustedsubject." into pi-dev 
am: c9523bd47c

Change-Id: I3194c759039d08fe8b1f08f37ddcebab67626327
 2018-04-13 10:23:01 -07:00