Commit graph

24246 commits

Author SHA1 Message Date
Treehugger Robot
2b2353d9fe Merge "Allow init to stat the root directory of FUSE filesystems." am: b4d3c575b3 am: cbc02c695a am: 875b7a9352
Change-Id: Ia7ed9caf62bf9ca00cb17410f863f69ea34911fc
2020-02-17 10:12:04 +00:00
Treehugger Robot
4696e7435a Merge "perfetto: allow producers to supply shared memory" am: 429ce33777 am: 63b0c52392 am: cb085e398f
Change-Id: I1444fccc8bd6ebefc166f05715694de9d9ef47a2
2020-02-17 10:11:53 +00:00
Songchun Fan
a2e1abde38 Merge changes Ie973be6b,Ie090e085 am: ff40f150e8 am: a403503c57 am: 23cb5adc6e
Change-Id: I26fae9ed6a962bf55077b17e3dbdcd692f525eaf
2020-02-17 10:11:43 +00:00
George Chang
f2e6ab34c5 Merge "Add sepolicy for persist.nfc_cfg." am: 9cc657e43e am: 4fc2a2396a am: 989fcaae3c
Change-Id: Ia8fc2e68189a35df1689a268d3c8dede5e9a219d
2020-02-17 10:11:22 +00:00
Treehugger Robot
ba73230e6d Merge "access_vectors: add lockdown class" am: 98d0a95753 am: 9c6a92e0e7 am: 86a25241c5
Change-Id: I42ce31fa5d58cb3e59785f157949fcc9b1b95603
2020-02-17 10:11:12 +00:00
Treehugger Robot
49e22cd9ae Merge "Update selinux policy for statsd apex" am: 16e12a5ee3 am: 5d360fc02e am: 23a17b4b5d
Change-Id: I4e38927a28f7783922da5709e5d64774a2bec6fe
2020-02-17 10:10:44 +00:00
David Stevens
f746f9c25f Merge commit 'f3187f394915eac633f6803ac0ed34a4455d3a17' into manual_merge_f3187f394915eac633f6803ac0ed34a4455d3a17
Bug: None
Test: blueline boots and property is build time configurable

Change-Id: Ie7a0f25f7e40a8aaa446033702c5fc0f32f438e0
2020-02-17 04:28:59 +00:00
Treehugger Robot
875b7a9352 Merge "Allow init to stat the root directory of FUSE filesystems." am: b4d3c575b3 am: cbc02c695a
Change-Id: I83776a7483b00c1a126e4b3bd5e8320129e60609
2020-02-14 21:11:32 +00:00
Treehugger Robot
cbc02c695a Merge "Allow init to stat the root directory of FUSE filesystems." am: b4d3c575b3
Change-Id: I9ba637c13c6334e2563e5584fa5b1b09b04206a3
2020-02-14 20:56:20 +00:00
Treehugger Robot
b4d3c575b3 Merge "Allow init to stat the root directory of FUSE filesystems." 2020-02-14 20:40:28 +00:00
Treehugger Robot
cb085e398f Merge "perfetto: allow producers to supply shared memory" am: 429ce33777 am: 63b0c52392
Change-Id: I7f5aa7880defd434b69b7981ccfcb18cd19dd468
2020-02-14 20:28:54 +00:00
Treehugger Robot
63b0c52392 Merge "perfetto: allow producers to supply shared memory" am: 429ce33777
Change-Id: I231c8ac22c5645e356b7b5ad2c2ca9db6d231f23
2020-02-14 20:15:51 +00:00
Treehugger Robot
429ce33777 Merge "perfetto: allow producers to supply shared memory" 2020-02-14 19:59:49 +00:00
Songchun Fan
23cb5adc6e Merge changes Ie973be6b,Ie090e085 am: ff40f150e8 am: a403503c57
Change-Id: I9d06c6f73149786152c637dced2291b5973c1e70
2020-02-14 18:25:56 +00:00
Songchun Fan
a403503c57 Merge changes Ie973be6b,Ie090e085 am: ff40f150e8
Change-Id: I027ddb483a7697fa1059f3873ed6eb52ba1f1eb1
2020-02-14 18:16:13 +00:00
Songchun Fan
ff40f150e8 Merge changes Ie973be6b,Ie090e085
* changes:
  permissions for incremental control file
  new label for incremental control files
2020-02-14 18:00:02 +00:00
Martijn Coenen
a0fa53ead6 Allow init to stat the root directory of FUSE filesystems.
init has a mount handler that stats mount-points for block devices; on
devices without sdcardfs, that handler will stat the FUSE filesystem,
since we have a bindmount on FUSE to the lower filesystem, which is an
actual block device.

Test: no more denial on cf without sdcardfs
Change-Id: Idb351f5ccba00440f4f8b39616de76336bb81a1b
2020-02-14 17:17:36 +01:00
George Chang
989fcaae3c Merge "Add sepolicy for persist.nfc_cfg." am: 9cc657e43e am: 4fc2a2396a
Change-Id: Ic3731f6ea1159a1347f2225f4113a5bfe3f901f1
2020-02-14 12:12:25 +00:00
George Chang
4fc2a2396a Merge "Add sepolicy for persist.nfc_cfg." am: 9cc657e43e
Change-Id: I612768a6cc57180aa3bf056128a9f95156009e26
2020-02-14 11:49:02 +00:00
George Chang
9cc657e43e Merge "Add sepolicy for persist.nfc_cfg." 2020-02-14 11:37:33 +00:00
Treehugger Robot
86a25241c5 Merge "access_vectors: add lockdown class" am: 98d0a95753 am: 9c6a92e0e7
Change-Id: I1a58cebddd76891473aad1b256046eaa3af59b4c
2020-02-14 10:48:18 +00:00
Treehugger Robot
9c6a92e0e7 Merge "access_vectors: add lockdown class" am: 98d0a95753
Change-Id: I91e2e21af1c7a4d5b507927ccfb5a9016fd02ec8
2020-02-14 10:31:33 +00:00
Treehugger Robot
98d0a95753 Merge "access_vectors: add lockdown class" 2020-02-14 10:18:17 +00:00
Treehugger Robot
23a17b4b5d Merge "Update selinux policy for statsd apex" am: 16e12a5ee3 am: 5d360fc02e
Change-Id: I224138aa6908ac0898735b4dc27f3df84fe0b13f
2020-02-14 05:11:26 +00:00
Treehugger Robot
5d360fc02e Merge "Update selinux policy for statsd apex" am: 16e12a5ee3
Change-Id: I65a8d3cffaf0aec75080ef9fd6cf4b5da94e415d
2020-02-14 04:59:04 +00:00
Treehugger Robot
16e12a5ee3 Merge "Update selinux policy for statsd apex" 2020-02-14 04:43:51 +00:00
stevensd
f3187f3949 Merge "selinux policy for buffer queue config" am: e3e16a313b am: c8f9abad21
Change-Id: I8ea094448b9ac72740b68e900b365f9e3a03afcc
2020-02-14 04:03:31 +00:00
stevensd
c8f9abad21 Merge "selinux policy for buffer queue config" am: e3e16a313b
Change-Id: Iee1983864bdb008cf0149f9ed59905db6264202d
2020-02-14 03:09:29 +00:00
stevensd
e3e16a313b Merge "selinux policy for buffer queue config" 2020-02-14 02:54:20 +00:00
Jeffrey Huang
baacdfa48b Update selinux policy for statsd apex
Bug: 145923087
Test: m -j
Change-Id: I6197e6005d7c6e5c69b42de54f07965798663565
2020-02-13 15:42:23 -08:00
Etan Cohen
8bd638eae4 Merge "[WIFICOND] Rename service to nl80211" 2020-02-13 22:34:09 +00:00
Songchun Fan
051549cc83 remove incfs genfscon label am: d9b78b4c84 am: b55fd10e0b am: 6262f99b5a
Change-Id: If020e8520a27c473551bd1d92529d9e4cee44830
2020-02-13 21:16:04 +00:00
Nick Kralevich
e4686b4d8e access_vectors: add lockdown class
Needed to support upstream patch
59438b4647

Bug: 148822198
Test: compiles
Change-Id: I304c1a97c12067dd08d4ceef93702101908012ed
2020-02-13 13:05:54 -08:00
Songchun Fan
6262f99b5a remove incfs genfscon label am: d9b78b4c84 am: b55fd10e0b
Change-Id: I2f46b66a5a8872797a5a2cfb189e05c55b4047ce
2020-02-13 21:02:25 +00:00
Songchun Fan
3922253de9 permissions for incremental control file
=== for mounting and create file ===

02-12 21:09:41.828   593   593 I Binder:593_2: type=1400 audit(0.0:832): avc: denied { relabelto } for name=".pending_reads" dev="incremental-fs" ino=2 scontext=u:r:vold:s0 tcontext=u:object_r:incremental_control_file:s0 tclass=file permissive=1
02-12 21:09:41.838   593   593 I Binder:593_2: type=1400 audit(0.0:833): avc: denied { read } for name=".pending_reads" dev="incremental-fs" ino=2 scontext=u:r:vold:s0 tcontext=u:object_r:incremental_control_file:s0 tclass=file permissive=1
02-12 21:09:41.838   593   593 I Binder:593_2: type=1400 audit(0.0:834): avc: denied { open } for path="/data/incremental/MT_data_incremental_tmp_1485189518/mount/.pending_reads" dev="incremental-fs" ino=2 scontext=u:r:vold:s0 tcontext=u:object_r:incremental_control_file:s0 tclass=file permissive=1
02-12 21:09:41.838   593   593 I Binder:593_2: type=1400 audit(0.0:835): avc: denied { getattr } for path=2F646174612F696E6372656D656E74616C2F4D545F646174615F696E6372656D656E74616C5F746D705F313438353138393531382F6D6F756E742F2E70656E64696E675F7265616473202864656C6574656429 dev="incremental-fs" ino=2 scontext=u:r:vold:s0 tcontext=u:object_r:incremental_control_file:s0 tclass=file permissive=1
02-12 21:09:41.838   593   593 I Binder:593_2: type=1400 audit(0.0:836): avc: denied { read } for path=2F646174612F696E6372656D656E74616C2F4D545F646174615F696E6372656D656E74616C5F746D705F313438353138393531382F6D6F756E742F2E70656E64696E675F7265616473202864656C6574656429 dev="incremental-fs" ino=2 scontext=u:r:system_server:s0 tcontext=u:object_r:incremental_control_file:s0 tclass=file permissive=1
02-12 21:09:41.841  1429  1429 I PackageInstalle: type=1400 audit(0.0:837): avc: denied { ioctl } for path=2F646174612F696E6372656D656E74616C2F4D545F646174615F696E6372656D656E74616C5F746D705F313438353138393531382F6D6F756E742F2E70656E64696E675F7265616473202864656C6574656429 dev="incremental-fs" ino=2 ioctlcmd=0x671e scontext=u:r:system_server:s0 tcontext=u:object_r:incremental_control_file:s0 tclass=file permissive=1

=== for reading signature from file ===
02-12 21:09:47.931  8972  8972 I android.vending: type=1400 audit(0.0:848): avc: denied { ioctl } for path="/data/app/vmdl951541350.tmp/base.apk" dev="incremental-fs" ino=6416 ioctlcmd=0x671f scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:apk_data_file:s0 tclass=file permissive=1 app=com.android.vending
02-12 21:09:47.994  1429  1429 I AppIntegrityMan: type=1400 audit(0.0:849): avc: denied { ioctl } for path="/data/app/vmdl951541350.tmp/base.apk" dev="incremental-fs" ino=6416 ioctlcmd=0x671f scontext=u:r:system_server:s0 tcontext=u:object_r:apk_data_file:s0 tclass=file permissive=1
02-12 21:09:50.034  8972  8972 I com.android.vending: type=1400 audit(0.0:850): avc: denied { ioctl } for comm=62674578656375746F72202332 path="/data/app/vmdl951541350.tmp/base.apk" dev="incremental-fs" ino=6416 ioctlcmd=0x671f scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:apk_data_file:s0 tclass=file permissive=1 app=com.android.vending
02-12 21:09:52.914  1429  1429 I PackageManager: type=1400 audit(0.0:851): avc: denied { ioctl } for path=2F646174612F696E6372656D656E74616C2F4D545F646174615F696E6372656D656E74616C5F746D705F313438353138393531382F6D6F756E742F2E70656E64696E675F7265616473202864656C6574656429 dev="incremental-fs" ino=2 ioctlcmd=0x671e scontext=u:r:system_server:s0 tcontext=u:object_r:incremental_control_file:s0 tclass=file permissive=1

=== data loader app reading from log file ===
02-12 22:09:19.741  1417  1417 I Binder:1417_3: type=1400 audit(0.0:654): avc: denied { read } for path=2F646174612F696E6372656D656E74616C2F4D545F646174615F696E6372656D656E74616C5F746D705F3131393237303339342F6D6F756E742F2E70656E64696E675F7265616473202864656C6574656429 dev="incremental-fs" ino=2 scontext=u:r:system_app:s0 tcontext=u:object_r:incremental_control_file:s0 tclass=file permissive=1
02-12 22:09:19.741 15903 15903 I Binder:15903_4: type=1400 audit(0.0:655): avc: denied { getattr } for path=2F646174612F696E6372656D656E74616C2F4D545F646174615F696E6372656D656E74616C5F746D705F3131393237303339342F6D6F756E742F2E70656E64696E675F7265616473202864656C6574656429 dev="incremental-fs" ino=2 scontext=u:r:system_app:s0 tcontext=u:object_r:incremental_control_file:s0 tclass=file permissive=1

Test: manual with incremental installation
BUG: 133435829
Change-Id: Ie973be6bc63faf8fe98c9e684060e9c81d124e6e
2020-02-13 12:53:36 -08:00
Songchun Fan
b1512f3ab7 new label for incremental control files
Test: manual with incremental installation
Test: coral:/data/incremental/MT_data_incremental_tmp_1658593565/mount # ls -lZ .pending_reads
Test: -rw-rw-rw- 1 root root u:object_r:incremental_control_file:s0  0 1969-12-31 19:00 .pending_reads
BUG: 133435829
Change-Id: Ie090e085d94c5121bf61237974effecef2dcb180
2020-02-13 12:52:51 -08:00
Songchun Fan
b55fd10e0b remove incfs genfscon label am: d9b78b4c84
Change-Id: I78fa1acada138b0f6e038f2b842766d0951c46b7
2020-02-13 20:50:37 +00:00
Songchun Fan
d9b78b4c84 remove incfs genfscon label
Test: manual with incremental installation
BUG: 133435829
Change-Id: I8b38db18851a5b3baf925be621de3eb0e83efbb4
2020-02-13 08:44:48 -08:00
David Stevens
3942fe1682 selinux policy for buffer queue config
Test: boot and check for no policy violations

Change-Id: I1ea2a79b9a45b503dcb061c196c5af1d0ddab653
2020-02-13 20:11:47 +09:00
Automerger Merge Worker
058a32b858 Merge "property_contexts: add location cache" am: d39a906a25 am: e27c59412d am: 5677813c9a
Change-Id: I5eec2ff8e8c9e01c068ffe7b473eaf81d32d8048
2020-02-13 05:08:27 +00:00
Automerger Merge Worker
5677813c9a Merge "property_contexts: add location cache" am: d39a906a25 am: e27c59412d
Change-Id: I172dd2ee5325c9ef23cc7ada51a82c6a9448501b
2020-02-13 04:58:18 +00:00
Automerger Merge Worker
e27c59412d Merge "property_contexts: add location cache" am: d39a906a25
Change-Id: Iee3a29e28721c11f69a32470630cb0c0a8b9b802
2020-02-13 04:41:01 +00:00
Automerger Merge Worker
175f2709f8 Update Q sepolicy prebuilt am: 5f6290f3a9 am: daa110d022 am: 09a4e3c0f0
Change-Id: I14a10ffd0baddc5b34541130d052ed42f4163468
2020-02-13 04:40:53 +00:00
Automerger Merge Worker
09a4e3c0f0 Update Q sepolicy prebuilt am: 5f6290f3a9 am: daa110d022
Change-Id: I78a4b47a575710502045a5b22e597dce8392829e
2020-02-13 04:30:15 +00:00
Treehugger Robot
d39a906a25 Merge "property_contexts: add location cache" 2020-02-13 04:27:21 +00:00
Automerger Merge Worker
daa110d022 Update Q sepolicy prebuilt am: 5f6290f3a9
Change-Id: Ie2970158c52e3675e17421ef4973cc926ddd4db5
2020-02-13 04:13:10 +00:00
Etan Cohen
fde1dadc71 [WIFICOND] Rename service to nl80211
Per API council feedback.

Bug: 149105833
Bug: 148680192
Test: atest android.net.wifi
Test: atest com.android.server.wifi
Test: manual - flash/boot - verify Wi-Fi scan/associate
Change-Id: Idaf7603d4ab79ddde5c223097ed9fe8734299eea
2020-02-12 11:26:59 -08:00
George Chang
db1dbd94a1 Add sepolicy for persist.nfc_cfg.
Add a new nfc_cfg persist property for nfc features

Bug: 142626304
Test: set property and load target files.
Change-Id: I853c97e8113dbcf729cf59ad45895402b0c82b3e
2020-02-12 16:20:52 +00:00
Automerger Merge Worker
1d90081baa Update Q sepolicy prebuilt am: 1dd6321a00 am: f4ccc4ba1a
Change-Id: I816b72245193ac1b1eda8dc3674b28ef551e2f83
2020-02-12 12:30:42 +00:00
Automerger Merge Worker
5b51f6faef [automerger skipped] Fix: dumpstate HAL service property context am: 5927933c70 -s ours am: bdfd9bcc18 -s ours
am skip reason: Change-Id Ie24e2d42e92410a935ca4c9364b476d72aa459f3 with SHA-1 046c510402 is in history

Change-Id: I53e3ed1260a0bca1cd875ef7768eb5027cf6a20e
2020-02-12 12:30:40 +00:00