Wale Ogunwale
c1ebd93528
Added sepolicy for uri_grants service
...
am: 3280985971
2018-07-23 17:36:57 -07:00
Wale Ogunwale
3280985971
Added sepolicy for uri_grants service
...
Bug: 80414790
Test: boots
Change-Id: I15233721fa138e0fdf1a30f66d52b64cbab18b81
2018-07-23 15:31:40 -07:00
Xin Li
57e1dba0fd
Merge pi-dev-plus-aosp-without-vendor into stage-dr1-aosp-master
...
Bug: 111615259
Change-Id: If6887f7ee3af14ebb25440db9b654e9ff374bb23
2018-07-22 22:10:28 -07:00
Tri Vo
dc51b2bf21
28 mapping workaround for devices upgrading to P. am: 0cc68ea0b2
...
am: f832f2149d
2018-07-22 19:31:40 -07:00
Tri Vo
f832f2149d
28 mapping workaround for devices upgrading to P.
...
am: 0cc68ea0b2
2018-07-22 19:27:05 -07:00
Tri Vo
0cc68ea0b2
28 mapping workaround for devices upgrading to P.
...
Bug: 72458734
Test: Compile current system sepolicy with P vendor sepolicy
Test: Plug in a P device then do:
m selinux_policy
cp $OUT/system/etc/selinux/plat_sepolicy.cil plat_sepolicy.cil
cp $ANDROID_BUILD_TOP/system/sepolicy/private/compat/28.0/28.0.cil 28.0.cil
adb pull /vendor/etc/selinux/plat_pub_versioned.cil
adb pull /vendor/etc/selinux/vendor_sepolicy.cil
secilc plat_sepolicy.cil -m -M true -G -N -c 30 28.0.cil \
plat_pub_versioned.cil vendor_sepolicy.cil
Change-Id: I399b3a204eb94bee0ba1b5024b1c3463219c678e
2018-07-20 15:19:36 -07:00
Alan Stokes
ac0bfccb2a
Merge "Re-order rules to match AOSP." into stage-aosp-master am: 95b223b46f
...
am: 14c5117b65
2018-07-20 07:49:06 -07:00
Alan Stokes
14c5117b65
Merge "Re-order rules to match AOSP." into stage-aosp-master
...
am: 95b223b46f
2018-07-20 07:45:32 -07:00
Alan Stokes
95b223b46f
Merge "Re-order rules to match AOSP." into stage-aosp-master
2018-07-20 14:37:53 +00:00
Alan Stokes
7b377b1f59
Temporarily add auditing of execmod by apps. am: 708aa90dd2 am: a55f637a3d
...
am: 9563a64d93
2018-07-20 07:00:08 -07:00
Alan Stokes
9563a64d93
Temporarily add auditing of execmod by apps. am: 708aa90dd2
...
am: a55f637a3d
2018-07-20 06:56:44 -07:00
Alan Stokes
a55f637a3d
Temporarily add auditing of execmod by apps.
...
am: 708aa90dd2
2018-07-20 06:52:41 -07:00
Alan Stokes
c2aad29d05
Re-order rules to match AOSP.
...
This is to avoid merge problems if we make any further changes in AOSP.
Test: Builds.
Change-Id: Ib4193d31c02dda300513f82f6c7426a2e81d8111
2018-07-20 13:32:30 +00:00
Alan Stokes
708aa90dd2
Temporarily add auditing of execmod by apps.
...
This is so we can get data on which apps are actually doing this.
Bug: 111544476
Test: Device boots. No audits seen on test device.
Change-Id: I5f72200ed8606775904d353c4d3d790373fe7dea
2018-07-20 12:40:29 +01:00
Xin Li
a006a5484c
Merge "Merge pi-dev-plus-aosp-without-vendor into stage-dr1-aosp-master" into stage-dr1-aosp-master
...
am: f7288e703c
2018-07-19 23:52:43 -07:00
TreeHugger Robot
f7288e703c
Merge "Merge pi-dev-plus-aosp-without-vendor into stage-dr1-aosp-master" into stage-dr1-aosp-master
2018-07-20 06:03:49 +00:00
Tri Vo
eee30d0d01
Merge "Add mapping files for 28.0.[ignore.]cil" am: 13e60ed1fa am: 6c32e0624f
...
am: a7bec59eaf
2018-07-19 18:11:27 -07:00
Tri Vo
a7bec59eaf
Merge "Add mapping files for 28.0.[ignore.]cil" am: 13e60ed1fa
...
am: 6c32e0624f
2018-07-19 18:07:16 -07:00
Tri Vo
6c32e0624f
Merge "Add mapping files for 28.0.[ignore.]cil"
...
am: 13e60ed1fa
2018-07-19 18:03:05 -07:00
Tri Vo
13e60ed1fa
Merge "Add mapping files for 28.0.[ignore.]cil"
2018-07-20 00:56:27 +00:00
Xin Li
5818c714cd
Merge pi-dev-plus-aosp-without-vendor into stage-dr1-aosp-master
...
Bug: 111615259
Change-Id: Ibfeb032b9e24541dcb3885cd15e31ca5ae3728e9
2018-07-19 13:50:39 -07:00
Jae Shin
1fa9634896
Add mapping files for 28.0.[ignore.]cil
...
Steps taken to produce the mapping files:
1. Add prebuilts/api/28.0/[plat_pub_versioned.cil|vendor_sepolicy.cil]
from the /vendor/etc/selinux/[plat_pub_versioned.cil|vendor_sepolicy.cil]
files built on pi-dev with lunch target aosp_arm64-eng
2. Add new file private/compat/28.0/28.0.cil by doing the following:
- copy /system/etc/selinux/mapping/28.0.cil from pi-dev aosp_arm64-eng
device to private/compat/28.0/28.0.cil
- remove all attribute declaration statement (typeattribute ...) and
sort lines alphabetically
- some selinux types were added/renamed/deleted w.r.t 28 sepolicy.
Find all such types using treble_sepolicy_tests_28.0 test.
- for all these types figure out where to map them by looking at
27.0.[ignore.]cil files and add approprite entries to 28.0.[ignore.]cil.
This change also enables treble_sepolicy_tests_28.0 and install 28.0.cil
mapping onto the device.
Bug: 72458734
Test: m selinux_policy
Change-Id: I90e17c0b43af436da4b62c16179c198b5c74002c
2018-07-18 20:08:38 -07:00
Todd Poynor
e0ff3fbe4e
[automerger skipped] Merge changes from topic "selinux_cherry_picks" into stage-aosp-master
...
am: 39f114d79d
2018-07-18 17:31:27 -07:00
TreeHugger Robot
39f114d79d
Merge changes from topic "selinux_cherry_picks" into stage-aosp-master
...
* changes:
remove thermalcallback_hwservice
reorder api 27 compat entries for removed types to match AOSP
2018-07-19 00:21:31 +00:00
Jeff Vander Stoep
5d094a5aff
app: exempt su from auditallow statement am: f95bf194c1
...
am: 7f6087c972
2018-07-18 16:24:35 -07:00
Jeff Vander Stoep
7f6087c972
app: exempt su from auditallow statement
...
am: f95bf194c1
2018-07-18 16:21:00 -07:00
Todd Poynor
c3e9ff90d3
remove thermalcallback_hwservice
...
This hwservice isn't registered with hwservicemanager but rather passed
to the thermal hal, so it doesn't need sepolicy associated with it to
do so.
Test: manual: boot, inspect logs
Test: VtsHalThermalV1_1TargetTest
Bug: 109802374
Change-Id: Ifb727572bf8eebddc58deba6c0ce513008e01861
Merged-In: Ifb727572bf8eebddc58deba6c0ce513008e01861
(cherry picked from commit c6afcb7fc0
2018-07-18 16:18:50 -07:00
Todd Poynor
d1ff81c2a7
reorder api 27 compat entries for removed types to match AOSP
...
Avoids subsequent merge conflicts in this section of the file.
Test: manual: compile
Change-Id: I9af723dccff54039031dc4d8f3e5ee34be5960d1
Merged-In: I9af723dccff54039031dc4d8f3e5ee34be5960d1
(cherry picked from commit 6682530515
2018-07-18 16:17:40 -07:00
Tri Vo
8b624a1add
resolve merge conflicts of d07ab2fe93 to stage-aosp-master
...
am: 690de22d48
2018-07-18 14:35:43 -07:00
Jeff Vander Stoep
f95bf194c1
app: exempt su from auditallow statement
...
Cut down on logspam during kernel_net_tests
Test: /data/nativetest64/kernel_net_tests/kernel_net_tests
Change-Id: Id19f50caebc09711f80b7d5f9d87be103898dd9a
2018-07-18 21:21:46 +00:00
Tri Vo
690de22d48
resolve merge conflicts of d07ab2fe93 to stage-aosp-master
...
BUG: None
Test: I solemnly swear I tested this conflict resolution.
Change-Id: I58fff9dc7826eb60520b087d08ecd931cba63bf0
2018-07-18 13:08:55 -07:00
Tri Vo
d07ab2fe93
Merge "Add 28.0 prebuilts"
2018-07-18 18:31:23 +00:00
Steven Thomas
f7d5d2d936
Merge "Selinux changes for vr flinger vsync service" am: 663a827b47
...
am: 4b3ec1984e
2018-07-17 16:26:06 -07:00
Steven Thomas
4b3ec1984e
Merge "Selinux changes for vr flinger vsync service"
...
am: 663a827b47
2018-07-17 16:21:34 -07:00
Treehugger Robot
663a827b47
Merge "Selinux changes for vr flinger vsync service"
2018-07-17 23:15:13 +00:00
Tri Vo
afdfeeb506
Add 28.0 prebuilts
...
Bug: n/a
Test: n/a
Change-Id: I11e6baaa45bcb01603fc06e8a16002727f4e5a00
2018-07-17 15:31:47 -07:00
Josh Gao
dc86cc0da9
system_server: allow appending to debuggerd -j pipe. am: 5ca755e05e
...
am: 98545f075c
2018-07-17 15:29:40 -07:00
Josh Gao
98545f075c
system_server: allow appending to debuggerd -j pipe.
...
am: 5ca755e05e
2018-07-17 15:25:36 -07:00
Yifan Hong
bf7bf3ba0e
perfprofd: talk to health HAL.
...
am: 65c568d0dd
2018-07-17 13:24:23 -07:00
Josh Gao
5ca755e05e
system_server: allow appending to debuggerd -j pipe.
...
Test: debuggerd -j `pidof system_server`
Change-Id: I6cca98b20ab5a135305b91cbb7c0fe7b57872bd3
2018-07-17 12:46:01 -07:00
Yifan Hong
65c568d0dd
perfprofd: talk to health HAL.
...
Test: perfprofd tests
Bug: 110890430
Change-Id: I0f7476d76b8d35b6b48fe6b77544ca8ccc71534d
2018-07-17 11:37:26 -07:00
Jeff Vander Stoep
a0afe6eaf6
[automerger skipped] crash_dump: disallow ptrace of TCB components am: f0e6a70ab5 am: 7f6df93026 am: db8835e0c3 -s ours
...
am: a2bc6f8cfc
2018-07-13 21:47:05 -07:00
Jeff Vander Stoep
a2bc6f8cfc
[automerger skipped] crash_dump: disallow ptrace of TCB components am: f0e6a70ab5 am: 7f6df93026
...
am: db8835e0c3
2018-07-13 21:41:59 -07:00
Jeff Vander Stoep
db8835e0c3
crash_dump: disallow ptrace of TCB components am: f0e6a70ab5
...
am: 7f6df93026
2018-07-13 21:37:55 -07:00
Jeff Vander Stoep
3d4d8899d1
crash_dump: disallow ptrace of TCB components
...
am: 573d333589
2018-07-13 21:35:08 -07:00
Jeff Vander Stoep
7f6df93026
crash_dump: disallow ptrace of TCB components
...
am: f0e6a70ab5
2018-07-13 21:34:51 -07:00
Steven Thomas
7bec967402
Selinux changes for vr flinger vsync service
...
Add selinux policy for the new Binder-based vr flinger vsync service.
Bug: 72890037
Test: - Manually confirmed that I can't bind to the new vsync service
from a normal Android application, and system processes (other than
vr_hwc) are prevented from connecting by selinux.
- Confirmed the CTS test
android.security.cts.SELinuxHostTest#testAospServiceContexts, when
built from the local source tree with this CL applied, passes.
- Confirmed the CTS test
android.cts.security.SELinuxNeverallowRulesTest#testNeverallowRules521,
when built from the local source tree with this CL applied, passes.
Change-Id: Ib7a6bfcb1c2ebe1051f3accc18b481be1b188b06
2018-07-13 17:17:01 -07:00
Yifan Hong
b1b3a31e61
Merge changes from topic "coredomain_batteryinfo" am: 6397d7e0cb
...
am: c74c0fbb34
2018-07-13 13:08:55 -07:00
Yifan Hong
c74c0fbb34
Merge changes from topic "coredomain_batteryinfo"
...
am: 6397d7e0cb
2018-07-13 12:42:47 -07:00
Treehugger Robot
6397d7e0cb
Merge changes from topic "coredomain_batteryinfo"
...
* changes:
vold: not allowed to read sysfs_batteryinfo
full_treble: coredomain must not have access to sysfs_batteryinfo
2018-07-13 18:42:32 +00:00
