tequilaOS/platform_system_sepolicy

Author	SHA1	Message	Date
Tri Vo	3107b53241	Merge "Remove access to 'sysfs' files from healtd and charger." am: `1fc08a299c` am: `b10d2964b3` Change-Id: I07d6bdf0cf606b2ec56196e129a8340207d5d08b	2017-12-12 23:55:07 +00:00
Tri Vo	049bf53a11	Merge "shell: directory access to sysfs_net" am: `5b8d279fcd` am: `cd06968498` Change-Id: Ib53a57006c73d54b1c62c18129aba5f67710bf2a	2017-12-12 23:45:35 +00:00
Tri Vo	b10d2964b3	Merge "Remove access to 'sysfs' files from healtd and charger." am: `1fc08a299c` Change-Id: If06792db331fecabaaa3de4b77c680c8bc8b7833	2017-12-12 23:41:16 +00:00
Tri Vo	cd06968498	Merge "shell: directory access to sysfs_net" am: `5b8d279fcd` Change-Id: Id86a7031965cc900a3ca72ff503544d02f07120e	2017-12-12 23:40:36 +00:00
Treehugger Robot	1fc08a299c	Merge "Remove access to 'sysfs' files from healtd and charger."	2017-12-12 23:18:08 +00:00
Treehugger Robot	5b8d279fcd	Merge "shell: directory access to sysfs_net"	2017-12-12 23:11:36 +00:00
Tri Vo	f34e592984	shell: directory access to sysfs_net This will allow bionic cts test to list network interfaces in /sys/class/net. Bug: 70537905 Test: adb shell /data/nativetest/bionic-unit-tests/bionic-unit-tests --gtest_filter=ifaddrs.getifaddrs_interfaces Change-Id: Ie07425fc54f9101e911962142824697e64d2bc45	2017-12-12 09:41:13 -08:00
Bowgo Tsai	5d937ace47	Switch file context of odm(/.*) to vendor_file am: `e9ae77355e` am: `aed99921e3` Change-Id: I552df075c970f7eeefce33a40661c13837f4959f	2017-12-12 04:49:36 +00:00
Bowgo Tsai	aed99921e3	Switch file context of odm(/.*) to vendor_file am: `e9ae77355e` Change-Id: If44d773ce2ac76861fdb07975c7dfa0d46929a3e	2017-12-12 04:47:05 +00:00
Bowgo Tsai	e9ae77355e	Switch file context of odm(/.*) to vendor_file /odm partition is the extension of /vendor partition, so we should not use system_file for it. Currently there is no ABI between vendor and odm. We can use 'odm_file' when needed in the future. Bug: 64240127 Test: boot a device Change-Id: I4e8300d597aeeba60a255c8d114a54b24bc39470	2017-12-12 10:32:17 +08:00
Jeff Vander Stoep	cf4f3a2e62	Restore recovery's ability to format cache and preserve logs am: `87dd195b78` am: `f8fe149f47` Change-Id: I894bf5bcb00ca934b3fd5016e86b1a5910ba7c7f	2017-12-11 20:41:38 +00:00
Jeff Vander Stoep	f8fe149f47	Restore recovery's ability to format cache and preserve logs am: `87dd195b78` Change-Id: Id3fde8b3c5901986a25d0e5daba4e34e8e471c93	2017-12-11 20:38:35 +00:00
Jeff Vander Stoep	87dd195b78	Restore recovery's ability to format cache and preserve logs Commit `b8b4f5d6` 'Clean up old file-based OTA SELinux rules' removed many permissions from recovery, a few of which are still required. Restore these. [ 2918.409108] type=1400 audit(2327427.540:159): avc: denied { search } for pid=339 comm="recovery" name="/" dev="mmcblk0p38" ino=2 scontext=u:r:recovery:s0 tcontext=u:object_r:unlabeled:s0 tclass=dir permissive=0 [ 2586.563071] E:Failed to mount / create /cache/recovery: Permission denied [ 2586.780320] E:Can't open /cache/recovery/log: Permission denied [ 2586.850399] E:Can't open /cache/recovery/last_log: Permission denied [ 2586.918979] E:Can't open /cache/recovery/last_install: Permission denied [ 54.035867] type=1400 audit(59206654.526:12): avc: denied { chown } for pid=330 comm="recovery" capability=0 scontext=u:r:recovery:s0 tcontext=u:r:recovery:s0 tclass=capability permissive=0a Bug: 70350029 Test: xunchang to test Change-Id: I46ab049b8eb600b44c84a61777fade150cadd197	2017-12-11 09:38:14 -08:00
Tri Vo	d276b4349d	Remove access to 'sysfs' files from healtd and charger. We rely on vendors to label all dependencies of healthd/charger under /sys/class/power_supply with sysfs_batteryinfo type. Bug: 65643247 Bug: 32659667 Test: boots without denials from healthd, to sysfs_batteryinfo or to sysfs_msm_subsys. Test: charging with device turned off works without /sys denials. Change-Id: I893f309ecad8a0caf7d0b81f5f945725907255c2	2017-12-11 16:31:24 +00:00
Tri Vo	bad36992bc	Merge "Label /sys/class/net as sysfs_net." am: `3dbe6f25d1` am: `91bdd48d59` Change-Id: Ib39800d9db748c9630d9d3a7302a4aceabee8199	2017-12-09 21:47:57 +00:00
Tri Vo	91bdd48d59	Merge "Label /sys/class/net as sysfs_net." am: `3dbe6f25d1` Change-Id: I0bb09b038e50d4264f4a534727f683937920db7d	2017-12-09 21:44:20 +00:00
Tri Vo	3dbe6f25d1	Merge "Label /sys/class/net as sysfs_net."	2017-12-09 21:40:37 +00:00
Andreas Gampe	10201a1088	Merge "Sepolicy: Update rules for perfprofd" am: `7e1d3882bc` am: `d9ecc4cac3` Change-Id: I61ca6c7e840a73d3c0f516f4b2943326e51b1070	2017-12-09 20:40:07 +00:00
Andreas Gampe	d9ecc4cac3	Merge "Sepolicy: Update rules for perfprofd" am: `7e1d3882bc` Change-Id: I67f21eaf8714c5291818510e1676082410418100	2017-12-09 20:37:31 +00:00
Treehugger Robot	7e1d3882bc	Merge "Sepolicy: Update rules for perfprofd"	2017-12-09 20:31:34 +00:00
Tri Vo	c135f0acd6	Label /sys/class/net as sysfs_net. We already expect contents of /sys/class/net to be labeled as sysfs_net. Also label the directory for consistensy since we usually label /sys/class/foo directories as sysfs_foo. Bug: 65643247 Test: netd_integration_test Test: can browse internet without denials to sysfs_net Change-Id: I9d28ab4baf71df99ae966276532f14684d1abca6	2017-12-08 16:12:52 -08:00
Tomasz Wasilczyk	b1a960f649	Merge "Add broadcast radio HAL 2.0 default implementation to the sepolicy." am: `6413f9dadc` am: `8689d5b84d` Change-Id: I07c28a288fe7512c4db2a5332a74701196dd3ff9	2017-12-09 00:02:02 +00:00
Tomasz Wasilczyk	8689d5b84d	Merge "Add broadcast radio HAL 2.0 default implementation to the sepolicy." am: `6413f9dadc` Change-Id: I645d7d7d941988b482fcfbf27895ddf7e3d794fe	2017-12-08 23:58:35 +00:00
Treehugger Robot	6413f9dadc	Merge "Add broadcast radio HAL 2.0 default implementation to the sepolicy."	2017-12-08 23:46:45 +00:00
Andreas Gampe	e40d676058	Sepolicy: Update rules for perfprofd Follow along with updates in the selinux policy. Test: m Test: manual Change-Id: I0dfc6af8fbfc9c8b6860490ab16f02a220d41915	2017-12-08 15:21:09 -08:00
Jaegeuk Kim	b94f48708e	add sload_f2fs permission am: `336424b606` am: `b6c24a0559` Change-Id: I17846cad7276ae28f47f711440886bde4696eb14	2017-12-08 01:14:25 +00:00
Jaegeuk Kim	b6c24a0559	add sload_f2fs permission am: `336424b606` Change-Id: Iaa22210d87c4640d10f47307c715b16bf51ae5cc	2017-12-08 01:07:56 +00:00
Jaegeuk Kim	336424b606	add sload_f2fs permission Change-Id: Icfcf02a21dace99ab3f466de495db24a88127ad7 Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>	2017-12-08 00:36:31 +00:00
Elliott Hughes	de2fdc577e	Add a /bin symlink for convenience. am: `2b42fe4bf6` am: `14d3368efc` Change-Id: I91a65fd480f4e8e97a6bb3d4ff0ba3f10efb8ea0	2017-12-07 18:50:34 +00:00
Dan Cashman	87e4498c54	Merge "Commit 27.0 compat mapping file to master." am: `0500c7e867` am: `41341f013c` Change-Id: I274fd8b1efd39caff8131b5a5628e771d2ae5fe5	2017-12-07 18:50:02 +00:00
Elliott Hughes	14d3368efc	Add a /bin symlink for convenience. am: `2b42fe4bf6` Change-Id: I63795f9d95a7498f4db3c776ba30bf77bcd91011	2017-12-07 18:38:47 +00:00
Dan Cashman	41341f013c	Merge "Commit 27.0 compat mapping file to master." am: `0500c7e867` Change-Id: I282d89d4f6e0f429e119e59cd1af3140baddb00a	2017-12-07 18:38:20 +00:00
Tomasz Wasilczyk	4f7bb7576a	Add broadcast radio HAL 2.0 default implementation to the sepolicy. Test: VTS Bug: 69958777 Change-Id: I6db7dd9afc9c7f254a0233ff3144b02e48727038	2017-12-07 09:48:16 -08:00
Elliott Hughes	2b42fe4bf6	Add a /bin symlink for convenience. Bug: http://b/63142920 Test: `make dist` Change-Id: Iae363fd5e7181941408d3d75cbf248e651bc8b49	2017-12-07 16:55:15 +00:00
Bo Hu	0cd1e53d72	Merge "Revert "Renames nonplat_* to vendor_*"" am: `f543ddb384` am: `595c7a6998` Change-Id: I54c0e3d658d09ec5bf703cf7c32fdd09c130d731	2017-12-07 08:44:26 +00:00
Dan Cashman	b7b36b35bb	Merge "Commit 27.0 sepolicy prebuilts to master." am: `bffa911d6b` am: `792a40e0a7` Change-Id: I358f85f14af81021bb7190d8191e035dc27a80c1	2017-12-07 08:43:57 +00:00
Andreas Gampe	3f09245e28	Merge "Sepolicy: Give perfprofd access to kernel notes" am: `f691b12732` am: `73fa36c3c6` Change-Id: I4afeaa535d03ad60c470f8ae24bbefb916940d9d	2017-12-07 08:43:34 +00:00
Andreas Gampe	5059b423aa	Merge "Sepolicy: Label kernel notes" am: `1d7fcdd59a` am: `aee0b123b7` Change-Id: Ie31724412c06d6839fc28c420ff4fe1bf45d4196	2017-12-07 08:43:03 +00:00
Xin Li	7a7ea5d8ee	Merge "DO NOT MERGE: Merge Oreo MR1 into master" am: `91690c904c` -s ours am: `643e8de042` Change-Id: I715e141c60b6ff985f69c69628d62b8e7f4722ae	2017-12-07 08:42:38 +00:00
Xin Li	f099e65ef2	DO NOT MERGE: Merge Oreo MR1 into master am: `4b836a8216` -s ours am: `14e00bfe92` Change-Id: I633beab83b1a9fdbf91ccc4cd3dafc7e47321c5c	2017-12-07 07:25:07 +00:00
Bo Hu	595c7a6998	Merge "Revert "Renames nonplat_* to vendor_*"" am: `f543ddb384` Change-Id: I3fa0267c5b2e3cc9cadcbdece143901778a95002	2017-12-07 06:34:19 +00:00
Dan Cashman	792a40e0a7	Merge "Commit 27.0 sepolicy prebuilts to master." am: `bffa911d6b` Change-Id: I09d4b1d266aad1a04c22725d6515fb7eac44f6c4	2017-12-07 06:33:51 +00:00
Andreas Gampe	73fa36c3c6	Merge "Sepolicy: Give perfprofd access to kernel notes" am: `f691b12732` Change-Id: I54de88864b408476b1d553ae87cc2da82fbe863c	2017-12-07 06:33:29 +00:00
Andreas Gampe	aee0b123b7	Merge "Sepolicy: Label kernel notes" am: `1d7fcdd59a` Change-Id: I73c02c704d449b7ba3792a58785938a7c7518051	2017-12-07 06:33:06 +00:00
Xin Li	643e8de042	Merge "DO NOT MERGE: Merge Oreo MR1 into master" am: `91690c904c` -s ours Change-Id: I1ec3c50300e7f09e66731b4f6359589b7b806a0b	2017-12-07 06:32:01 +00:00
Treehugger Robot	0500c7e867	Merge "Commit 27.0 compat mapping file to master."	2017-12-07 06:20:35 +00:00
Xin Li	14e00bfe92	DO NOT MERGE: Merge Oreo MR1 into master am: `4b836a8216` -s ours Change-Id: I9af3b2e85dc0475ab3817db57f5abcda9f63fe14	2017-12-07 04:52:20 +00:00
Dan Cashman	f26e39728e	Commit 27.0 compat mapping file to master. Bug: 65551293 Bug: 69390067 Test: None. Prebuilt only change. Change-Id: Ie793eb4a35927cb494281df59ae0a63666bb6e76	2017-12-06 20:30:26 -08:00
Treehugger Robot	f543ddb384	Merge "Revert "Renames nonplat_* to vendor_*""	2017-12-07 04:02:29 +00:00
Treehugger Robot	bffa911d6b	Merge "Commit 27.0 sepolicy prebuilts to master."	2017-12-07 01:52:56 +00:00

1 2 3 4 5 ...

13268 commits