Chia-I Wu
32436ba2a3
resolve merge conflicts of 837a6f2 to master
...
Test: make
Change-Id: Icf77940472c7b7776b731c0ce0c1f53ac8bd198c
2016-11-15 06:43:35 +08:00
Chad Brubaker
057d754f9c
Label ephemeral APKs and handle their install/uninstall am: 6f090f6911 am: 7ece155217 am: fb1c1974c0
...
am: 4394f36d6b
2016-11-12 00:56:45 +00:00
Chad Brubaker
4394f36d6b
Label ephemeral APKs and handle their install/uninstall am: 6f090f6911 am: 7ece155217
...
am: fb1c1974c0
2016-11-12 00:49:37 +00:00
Chad Brubaker
fb1c1974c0
Label ephemeral APKs and handle their install/uninstall am: 6f090f6911
...
am: 7ece155217
2016-11-12 00:43:07 +00:00
Chad Brubaker
7ece155217
Label ephemeral APKs and handle their install/uninstall
...
am: 6f090f6911
2016-11-12 00:36:35 +00:00
Chad Brubaker
6f090f6911
Label ephemeral APKs and handle their install/uninstall
...
Fixes: 32061937
Test: install/uninstall and verified no denials
Change-Id: I487727b6b32b1a0fb06ce66ed6dd69db43c8d536
2016-11-12 00:27:28 +00:00
Nick Kralevich
a64a56453a
property.te: delete security_prop am: ee751c33c5 am: b1985a8498 am: 8e280c9ce3
...
am: f1801d72d3
2016-11-11 23:11:15 +00:00
Nick Kralevich
f1801d72d3
property.te: delete security_prop am: ee751c33c5 am: b1985a8498
...
am: 8e280c9ce3
2016-11-11 22:57:55 +00:00
Nick Kralevich
8e280c9ce3
property.te: delete security_prop am: ee751c33c5
...
am: b1985a8498
2016-11-11 22:50:54 +00:00
Nick Kralevich
b1985a8498
property.te: delete security_prop
...
am: ee751c33c5
2016-11-11 22:44:33 +00:00
Nick Kralevich
ee751c33c5
property.te: delete security_prop
...
This property is never used.
Test: policy compiles
Change-Id: I43ace92950e1221754db28548031fbbfc0437d7a
2016-11-11 12:31:19 -08:00
TreeHugger Robot
ee9c88f939
Merge changes from topic 'health-hal'
...
* changes:
health: add sepolicy for health hal service
health: allow rules for passthrough health HAL
2016-11-11 18:57:51 +00:00
Nick Kralevich
9f89a1f4a1
Merge "property.te: sort entries" am: 7da34af860 am: 4778d65665 am: 527531883d
...
am: 5ed9cdeee7
2016-11-11 17:47:20 +00:00
Nick Kralevich
5ed9cdeee7
Merge "property.te: sort entries" am: 7da34af860 am: 4778d65665
...
am: 527531883d
2016-11-11 17:40:19 +00:00
Nick Kralevich
527531883d
Merge "property.te: sort entries" am: 7da34af860
...
am: 4778d65665
2016-11-11 17:33:48 +00:00
Nick Kralevich
4778d65665
Merge "property.te: sort entries"
...
am: 7da34af860
2016-11-11 17:27:09 +00:00
Treehugger Robot
7da34af860
Merge "property.te: sort entries"
2016-11-11 17:20:33 +00:00
Robert Sesek
ce43274139
Add the "webview_zygote" domain. am: dc43f7cd84 am: d94ae33832 am: 1dfbcab386
...
am: b4830b23ab
2016-11-11 15:51:01 +00:00
Robert Sesek
b4830b23ab
Add the "webview_zygote" domain. am: dc43f7cd84 am: d94ae33832
...
am: 1dfbcab386
2016-11-11 15:44:00 +00:00
Robert Sesek
1dfbcab386
Add the "webview_zygote" domain. am: dc43f7cd84
...
am: d94ae33832
2016-11-11 15:37:00 +00:00
Robert Sesek
d94ae33832
Add the "webview_zygote" domain.
...
am: dc43f7cd84
2016-11-11 15:30:00 +00:00
Robert Sesek
dc43f7cd84
Add the "webview_zygote" domain.
...
The webview_zygote is a new unprivileged zygote and has its own sockets for
listening to fork requests. However the webview_zygote does not run as root
(though it does require certain capabilities) and only allows dyntransition to
the isolated_app domain.
Test: m
Test: angler boots
Bug: 21643067
Change-Id: I89a72ffe6dcb983c4a44048518efd7efb7ed8e83
2016-11-11 10:13:17 -05:00
Nick Kralevich
26c6d726dd
property.te: sort entries
...
Sort the entries in property.te. This will make it slightly easier to
read, and avoids merge conflicts by discouraging the common practice of
adding entries to the bottom of this file.
Test: policy compiles.
Change-Id: I87ae96b33156dba73fb7eafc0f9a2a961b689853
2016-11-11 02:44:51 -08:00
Jason Monk
16d5ce62a0
Add persist.vendor.overlay. to properties am: 0e1cbf568a am: 829672f098 am: e6a26a2a01
...
am: cd6265f01d
2016-11-11 00:25:10 +00:00
Jason Monk
cd6265f01d
Add persist.vendor.overlay. to properties am: 0e1cbf568a am: 829672f098
...
am: e6a26a2a01
2016-11-11 00:19:09 +00:00
Jason Monk
e6a26a2a01
Add persist.vendor.overlay. to properties am: 0e1cbf568a
...
am: 829672f098
2016-11-11 00:13:38 +00:00
Jason Monk
829672f098
Add persist.vendor.overlay. to properties
...
am: 0e1cbf568a
2016-11-11 00:07:08 +00:00
Sandeep Patil
ef62fd9159
health: add sepolicy for health hal service
...
Test: tested with default health HAL on angler running as service.
Bug: b/32754732
Change-Id: Ie0b70d43cb23cd0878e1b7b99b9bebdbd70d17c7
Signed-off-by: Sandeep Patil <sspatil@google.com>
2016-11-10 14:53:24 -08:00
Jason Monk
0e1cbf568a
Add persist.vendor.overlay. to properties
...
Allow the system_server to change. Allow the zygote to read it as well.
Test: Have system_server set a property
Change-Id: Ie90eec8b733fa7193861026a3a6e0fb0ba5d5318
2016-11-10 17:35:39 -05:00
Sandeep Patil
32cacb42b9
health: allow rules for passthrough health HAL
...
- allows binder calls to hwservicemanager
- allows healthd to read system_file for passthrough HAL
Test: Tested healthd with and without a board specific health HAL on
Angler.
Bug: b/32724915
Change-Id: Icf621859f715cb44bce5d8d3b60320ef495d1543
Signed-off-by: Sandeep Patil <sspatil@google.com>
2016-11-09 08:44:05 -08:00
Nick Kralevich
ced59af355
Revert "Restore system_server ioctl socket access." am: 58305da980 am: b2245d6420 am: f4c76c5fd5
...
am: 74d3b416f7
2016-11-09 01:50:22 +00:00
Nick Kralevich
74d3b416f7
Revert "Restore system_server ioctl socket access." am: 58305da980 am: b2245d6420
...
am: f4c76c5fd5
2016-11-09 01:43:48 +00:00
Nick Kralevich
f4c76c5fd5
Revert "Restore system_server ioctl socket access." am: 58305da980
...
am: b2245d6420
2016-11-09 01:38:51 +00:00
Nick Kralevich
b2245d6420
Revert "Restore system_server ioctl socket access."
...
am: 58305da980
2016-11-09 01:33:12 +00:00
Sandeep Patil
a03dc5da5b
Merge "healthd: create SEPolicy for 'charger' and reduce healthd's scope"
2016-11-08 23:45:16 +00:00
Nick Kralevich
58305da980
Revert "Restore system_server ioctl socket access."
...
The underlying ioctl denial was fixed in device-specific policy.
It's not needed in core policy.
A search of SELinux denials shows no reported denials, other than the
ones showing up on marlin.
This reverts commit ec3285cde0863ce3e7c7
2016-11-08 12:40:44 -08:00
Nick Kralevich
16b4b92707
profman/debuggerd: allow libart_file:file r_file_perms am: 364fd19782 am: d62abbeea3 am: ff6715f3d2
...
am: c9d0e1e9b9
2016-11-08 20:25:09 +00:00
Nick Kralevich
c9d0e1e9b9
profman/debuggerd: allow libart_file:file r_file_perms am: 364fd19782 am: d62abbeea3
...
am: ff6715f3d2
2016-11-08 20:19:40 +00:00
Nick Kralevich
ff6715f3d2
profman/debuggerd: allow libart_file:file r_file_perms am: 364fd19782
...
am: d62abbeea3
2016-11-08 20:14:08 +00:00
Nick Kralevich
d62abbeea3
profman/debuggerd: allow libart_file:file r_file_perms
...
am: 364fd19782
2016-11-08 20:08:38 +00:00
Nick Kralevich
364fd19782
profman/debuggerd: allow libart_file:file r_file_perms
...
Addresses the following auditallow spam:
avc: granted { read open } for comm="profman"
path="/system/lib/libart.so" dev="dm-0" ino=1368 scontext=u:r:profman:s0
tcontext=u:object_r:libart_file:s0 tclass=file
avc: granted { read open } for comm="debuggerd64"
path="/system/lib64/libart.so" dev="dm-0" ino=1897
scontext=u:r:debuggerd:s0 tcontext=u:object_r:libart_file:s0 tclass=file
avc: granted { getattr } for comm="debuggerd64"
path="/system/lib64/libart.so" dev="dm-0" ino=1837
scontext=u:r:debuggerd:s0 tcontext=u:object_r:libart_file:s0 tclass=file
Test: Policy compiles. Not a tightening of rules.
Change-Id: I501b0a6a343c61b3ca6283647a18a9a15deddf2a
2016-11-08 09:28:28 -08:00
Polina Bondarenko
d15db77471
sepolicy: Add policy for thermal HIDL service am: 9785f2addd am: 458888a7d3 am: abbc718f19
...
am: 1bda71f5e3
2016-11-08 15:32:50 +00:00
Polina Bondarenko
1bda71f5e3
sepolicy: Add policy for thermal HIDL service am: 9785f2addd am: 458888a7d3
...
am: abbc718f19
2016-11-08 15:26:19 +00:00
Polina Bondarenko
abbc718f19
sepolicy: Add policy for thermal HIDL service am: 9785f2addd
...
am: 458888a7d3
2016-11-08 15:19:49 +00:00
Polina Bondarenko
458888a7d3
sepolicy: Add policy for thermal HIDL service
...
am: 9785f2addd
2016-11-08 15:13:48 +00:00
TreeHugger Robot
b602b3b6b5
Merge "Revert "Restore system_server ioctl socket access.""
2016-11-08 14:35:16 +00:00
Polina Bondarenko
9785f2addd
sepolicy: Add policy for thermal HIDL service
...
Bug: 32022261
Test: manual
Change-Id: I664a3b5c37f6a3a36e4e5beb91b384a9599c83f8
2016-11-08 13:34:31 +01:00
Nick Kralevich
cbefe07f1c
installd: r_dir_file(installd, system_file) am: 68f233648e am: b8b0d3746f am: 24176ec819
...
am: 5bfb4b3ce8
2016-11-08 03:42:09 +00:00
Nick Kralevich
5bfb4b3ce8
installd: r_dir_file(installd, system_file) am: 68f233648e am: b8b0d3746f
...
am: 24176ec819
2016-11-08 03:36:39 +00:00
Nick Kralevich
24176ec819
installd: r_dir_file(installd, system_file) am: 68f233648e
...
am: b8b0d3746f
2016-11-08 03:31:08 +00:00
