Muhammad Qureshi
5c9ed93f17
Merge "Add file-contexts for statsd apex"
...
am: accc143126
2019-08-23 21:26:14 -07:00
Treehugger Robot
accc143126
Merge "Add file-contexts for statsd apex"
2019-08-23 21:53:32 +00:00
TreeHugger Robot
89224c8334
Merge "DO NOT MERGE - Merge build QP1A.190711.001 into stage-aosp-master history" into stage-aosp-master
2019-08-23 20:28:00 +00:00
Steven Moreland
2092764024
Merge "Remove mediacodec_service." into stage-aosp-master
2019-08-23 17:33:44 +00:00
Xin Li
daf5391ecc
DO NOT MERGE - Merge build QP1A.190711.001 into stage-aosp-master history
...
Bug: 139893257
Change-Id: I54c9edcfbefe9e803e6c36e5d52cd8cb54199e29
2019-08-23 06:42:13 +00:00
Jon Spivack
685af5eaab
Merge "Allow vndservicemanager to start processes"
...
am: 018f745b90
2019-08-22 18:50:11 -07:00
Jon Spivack
018f745b90
Merge "Allow vndservicemanager to start processes"
2019-08-23 01:29:06 +00:00
Steven Moreland
88fedc2159
Merge "Reland "Re-open /dev/binder access to all.""
...
am: aa6793febd
2019-08-22 16:15:59 -07:00
Steven Moreland
aa6793febd
Merge "Reland "Re-open /dev/binder access to all.""
2019-08-22 22:55:04 +00:00
Robert Shih
30e9337e4e
Merge "Allow drmserver to communicate with mediametrics"
...
am: 444b5483a2
2019-08-22 15:03:44 -07:00
Treehugger Robot
444b5483a2
Merge "Allow drmserver to communicate with mediametrics"
2019-08-22 21:51:24 +00:00
Tri Vo
d0cb128907
Merge "selinux: tag gpu_service as app_api_service"
...
am: 9203c0009d
2019-08-22 13:31:42 -07:00
Tri Vo
9203c0009d
Merge "selinux: tag gpu_service as app_api_service"
2019-08-22 19:57:04 +00:00
Tri Vo
a1a3ea37aa
Merge "Expand typattribute declarations into older maps"
...
am: dc887eeb7a
2019-08-22 12:53:18 -07:00
Tri Vo
dc887eeb7a
Merge "Expand typattribute declarations into older maps"
2019-08-22 19:33:26 +00:00
Tri Vo
5511676b31
selinux: tag gpu_service as app_api_service
...
gpu_service is already accessible to untrusted 3p apps aosp/898376.
Otherwise, vendor apps can't access gpu_service.
Bug: 139685237
Test: m selinux_policy
Change-Id: I30a951cd712b0ae4aacd2c4d6d42e74fac5c0707
Merged-In: I30a951cd712b0ae4aacd2c4d6d42e74fac5c0707
(cherry picked from commit 32f279c096
2019-08-22 11:38:08 -07:00
Robert Shih
353c4ab3a4
Allow drmserver to communicate with mediametrics
...
Bug: 134789967
Test: dumpsys media.metrics
Change-Id: I550e328dac9592f66ea589eacfb2d349a8666878
2019-08-22 11:31:03 -07:00
Marissa Wall
6782faba9f
Merge "gralloc: add IAllocator/IMapper 4.0 sepolicy"
...
am: 1751aa5b80
2019-08-22 10:48:50 -07:00
Treehugger Robot
1751aa5b80
Merge "gralloc: add IAllocator/IMapper 4.0 sepolicy"
2019-08-22 17:20:45 +00:00
Tri Vo
b5a4640f65
selinux: remove sysfs_mac_address
...
am: f1e71dc75c
2019-08-22 03:14:30 -07:00
Tri Vo
f1e71dc75c
selinux: remove sysfs_mac_address
...
Nothing is actually labeled as 'sysfs_mac_address'.
Bug: 137816564
Test: m selinux_policy
Change-Id: I2d7e71ecb3a2b4ed76c13eb05ecac3064c1bc469
2019-08-21 13:07:09 -07:00
Maciej enczykowski
8f5e8e5b82
Do not allow untrusted apps to read sysfs_net files
...
am: 804d99ac76
2019-08-20 23:25:28 -07:00
Steven Moreland
d181bc2c16
Remove mediacodec_service.
...
Since this service no longer exists.
Fix: 80317992
Test: TH, codesearch.
Change-Id: I257c8cc3dba657d98f19eb61b36aae147afea393
2019-08-21 01:19:20 +00:00
Maciej Żenczykowski
804d99ac76
Do not allow untrusted apps to read sysfs_net files
...
(this includes /sys/class/net/*/address device mac addresses)
Test: builds
Bug: 137816564
Change-Id: I84268b2e0207559ed00baafb8a3f231c676f8df1
Signed-off-by: Maciej Żenczykowski <maze@google.com>
2019-08-20 16:09:46 -07:00
Tri Vo
7bfd7303b3
Expand typattribute declarations into older maps
...
Say, foo_attribute is removed in 30 API. We need to preserve
typeattribute declaration in 29.0.cil, 28.0.cil, etc for backwards
compatibility.
(typeattribute binder_in_vendor_violators)
Automatically expand these typeattribute declaration into older map
files, so that we only need to update 29.0.cil.
Test: remove binder_in_vendor_violators; only 29.0.cil map needs to be
updated
Change-Id: Ifa7767d771f802e122b2f1ff6faf198ba2afa42e
2019-08-20 16:07:29 -07:00
Steven Moreland
b75b047f44
Reland "Re-open /dev/binder access to all."
...
This reverts commit 6b2eaade82
2019-08-20 16:03:37 -07:00
Steven Moreland
db28fe2381
Revert "Re-open /dev/binder access to all."
...
am: 6b2eaade82
2019-08-20 15:55:40 -07:00
Steven Moreland
6b2eaade82
Revert "Re-open /dev/binder access to all."
...
This reverts commit 94ff361501
2019-08-20 22:39:43 +00:00
Steven Moreland
169bfcfe88
Merge changes Icdf207c5,I20aa48ef
...
am: 30a06d278f
2019-08-20 13:41:45 -07:00
Steven Moreland
30a06d278f
Merge changes Icdf207c5,I20aa48ef
...
* changes:
Re-open /dev/binder access to all.
mediacodec: remove non-Treble allows
2019-08-20 19:50:24 +00:00
Steven Moreland
a23822b6cb
[automerger skipped] Add uce service to core policy.
...
am: 20414effb692f72cd22d
2019-08-20 12:12:13 -07:00
Steven Moreland
94ff361501
Re-open /dev/binder access to all.
...
Separate runtime infrastructure now makes sure that only Stable AIDL
interfaces are used system<->vendor.
Bug: 136027762
Test: boot device, use /dev/binder from vendor
Change-Id: Icdf207c5d5a4ef769c0ca6582dc58306f65be67e
2019-08-20 00:03:34 +00:00
Steven Moreland
641c45e258
mediacodec: remove non-Treble allows
...
Since mediacodec system services have been entirely deleted.
Bug: 80317992
Test: TH
Change-Id: I20aa48ef57474df000279a487f6b077790d273c1
2019-08-20 00:03:24 +00:00
Jon Spivack
b58c4c2a62
Allow vndservicemanager to start processes
...
Used to lazily start AIDL services.
Bug: 138756857
Test: Manual
Change-Id: I890ca70e654f8e8bb795189abb4018c0d5d05865
2019-08-19 16:05:13 -07:00
Muhammad Qureshi
71a051af5a
Add file-contexts for statsd apex
...
Bug: 139549262
Test: build, install, and verify statsd module is mounted
Change-Id: Iabfb4d5bf5c7f06ed6c3d06f2dd9ec8b382f5688
2019-08-19 15:27:38 -07:00
Steven Moreland
dbfbddbf0e
Merge "Add uce service to core policy." into stage-aosp-master
2019-08-19 21:38:00 +00:00
Roland Levillain
2d47c5da94
Allow dexoptanalyzer to mmap files with Linux 4.14+ that it can already access.
...
am: c72b7d1731
2019-08-19 13:52:23 -07:00
Steven Moreland
20414effb6
Add uce service to core policy.
...
This service is requested by AOSP framework, but there is no context for
it defined.
Bug: 136023468
Test: N/A
Change-Id: Ibc5b048aaa1c9eda7b9180caca92cb876c3f6b28
Merged-In: Ibc5b048aaa1c9eda7b9180caca92cb876c3f6b28
(cherry picked from commit 67cb30fabf
2019-08-19 12:42:56 -07:00
Steven Moreland
92f72cd22d
Add uce service to core policy.
...
This service is requested by AOSP framework, but there is no context for
it defined.
Bug: 136023468
Test: N/A
Change-Id: Ibc5b048aaa1c9eda7b9180caca92cb876c3f6b28
Merged-In: Ibc5b048aaa1c9eda7b9180caca92cb876c3f6b28
(cherry picked from commit 67cb30fabf
2019-08-19 12:29:39 -07:00
Roland Levillain
c72b7d1731
Allow dexoptanalyzer to mmap files with Linux 4.14+ that it can already access.
...
SELinux has a separate file mmap permission in 4.14+ kernels. Add this
to dexoptanalyzer(d) in cases where it could already access files (in
particular, secondary dex files).
Addresses denials of the form:
avc: denied { map } for […] path="/data/data/[…]" […]
scontext=u:r:dexoptanalyzer:s0 tcontext=u:object_r:app_data_file:s0
Test: Reproduce steps in bug 138683603 on a device with a 4.14+ kernel
and check the absence of SELinux denials
Bug: 138683603
Change-Id: Ieba53eb431c0ba3914dcb5e5abdae667bd063555
2019-08-16 20:02:32 +01:00
Amy Zhang
3b62596f4f
Merge "Tuner Hal 1.0 Enable ITuner service"
...
am: 3e7429359f
2019-08-15 13:23:33 -07:00
Amy Zhang
3e7429359f
Merge "Tuner Hal 1.0 Enable ITuner service"
2019-08-15 18:04:05 +00:00
Remi NGUYEN VAN
b65731efb8
Merge "Add MAINLINE_SEPOLICY_DEV_CERTIFICATES to keys.conf"
...
am: 1fc3f318bf
2019-08-15 01:11:27 -07:00
Treehugger Robot
1fc3f318bf
Merge "Add MAINLINE_SEPOLICY_DEV_CERTIFICATES to keys.conf"
2019-08-15 07:43:46 +00:00
Xin Li
b08436b805
DO NOT MERGE - Skip qt-dev-plus-aosp-without-vendor (5713463) in stage-aosp-master
...
Bug: 134405016
Change-Id: I7d7912abeb19a2a3ca8685f72a54837388ca7e84
2019-08-14 11:35:24 -07:00
Amy
89b4bbd4d8
Tuner Hal 1.0 Enable ITuner service
...
Test: cuttlefish
Bug: 135708935
Change-Id: Ica063458860df45f0e2ab640a2ab35cd4da3da8e
2019-08-14 11:22:09 -07:00
Kiyoung Kim
039549102c
Merge changes from topic "use_generated_linkerconfig"
...
am: aff00188eb
2019-08-14 02:47:24 -07:00
Kiyoung Kim
98d2042b00
Add more permission for linkerconfig
...
am: 70e931caba
2019-08-14 02:47:20 -07:00
Kiyoung Kim
aff00188eb
Merge changes from topic "use_generated_linkerconfig"
...
* changes:
Define sepolicy with property for linker
Add more permission for linkerconfig
2019-08-14 09:28:23 +00:00
Kiyoung Kim
82c87ede24
Define sepolicy with property for linker
...
To support linker-specific property, sys.linker.* has been defined as
linker_prop. This will have get_prop access from domain so all binaries
can start with linker using proper property access level.
Bug: 138920271
Test: m -j && Confirmed from cuttlefish that get_prop errors are no longer found
Change-Id: Iaf584e0cbdd5bca3d5667e93cf9a6401e757a314
2019-08-14 12:35:15 +09:00
