Commit: 78e595deab added a new hwservice,
which replaced a previous system service. This effectively means we are
deleting one object and creating a new one, so no compatibility mapping
should be necessary since previous vendor processes trying to access the
service will not be able to find it now independent of policy.
Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: I6882d968dccb55561379e940f6ecb62902bb1659
When moving SELinux rules from file_contexts to genfs_contexts, we
added some genfs rules to label specific files. It turns out that one
of those files was the prefix of some other files, and since genfs
does prefix-labeling, those other files had their labels changed.
To fix this, we are changing the whole tracefs /instances/wifi from
debugfs_tracing_instances to debugfs_wifi_tracing (a few of the files
already had this label). This simplifies the rules.
Bug: 62413700
Test: Built, flashed, and booted two devices. Verified that the files
have the correct context and that wifi, camera, and traceur work.
Change-Id: Id62db079f439ae8c531b44d1184eea26d5b760c3
Commit: b8f7a40833 removed three
attributes from public policy. These attributes could be assigned
to vendor types, and so need to be kept in policy when combined with
vendor policy of that version.
Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: I7d71ef7795f8b82c214c2ef72478c3ca84d1869c
Commit: 4dc88795d0 changed the label of
uid_time_in_state from proc to proc_uid_time_in_state. This file
could have been used by vendor services. Add a compat mapping.
Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: I2e5222c4d4fe12cb0bbc4e85ba53c1f59b714d61
Change fb889f23d "Force expand all hal_* attributes" annotated all
hal_* attributes to be expanded to their associated types. However
some of these attributes are used in CTS for neverallow checking.
Mark these attributes to be preserved.
In addition, remove the hacky workaround introduced in oc-dev
for b/62658302 where extraneous neverallow rules were introduced
to prevent unused or negated attributes from being auto-expanded
from policy.
Bug: 62658302
Bug: 63135903
Test: cts-tradefed run cts -m CtsSecurityHostTestCases -t \
android.cts.security.SELinuxNeverallowRulesTest
armeabi-v7a CtsSecurityHostTestCases completed in 4s.
501 passed, 0 failed, 0 not executed
Merged-In: I989def70a16f66e7a18bef1191510793fbe9cb8c
Change-Id: I989def70a16f66e7a18bef1191510793fbe9cb8c
Change fb889f23d "Force expand all hal_* attributes" annotated all
hal_* attributes to be expanded to their associated types. However
some of these attributes are used in CTS for neverallow checking.
Mark these attributes to be preserved.
In addition, remove the hacky workaround introduced in oc-dev
for b/62658302 where extraneous neverallow rules were introduced
to prevent unused or negated attributes from being auto-expanded
from policy.
Bug: 62658302
Bug: 63135903
Test: cts-tradefed run cts -m CtsSecurityHostTestCases -t \
android.cts.security.SELinuxNeverallowRulesTest
armeabi-v7a CtsSecurityHostTestCases completed in 4s.
501 passed, 0 failed, 0 not executed
Change-Id: I989def70a16f66e7a18bef1191510793fbe9cb8c
The code used to look like this, but in commit
4cae28d43c we replaced the generic
regexes to improve performance. Now that we've switched to genfs,
this no longer affects performance, so let's simplify the labeling.
Bug: 62413700
Test: Built, flashed, and booted two devices. Verified that all of
the files have the correct context and that wifi, camera, and traceur
work.
Change-Id: I1a859d17075fa25543ee090cc7a7478391bc45c1
This should slightly improve performance, as file_contexts is slower
than genfs_contexts.
Now that the kernel patch enabling genfs labeling of tracefs has
landed, we can re-enable this.
Bug: 62413700
Test: Built, flashed, and booted two devices. Verified that all of
the files have the correct context and that wifi, camera, and traceur
work.
Change-Id: Ifc1c6ac634b94e060ed1f311049bd37f6fcc8313
Test: let fs_mgr format a damaged /data partition
Bug: 35219933
Change-Id: I379567772c73e52f532a24acf640c21f2bab5c5b
Merged-In: I379567772c73e52f532a24acf640c21f2bab5c5b
Commits 7fa51593c8 and
92fdd8954f removed the
tracing_shell_writable and tracing_shell_writable_debug types, and
relabeled the files with debugfs_tracing and debugfs_tracing_debug,
respectively. Record this in the compatibility file so that vendor
policy using these types will still work.
Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: Ic6573518035514a86abe2081483431427612699e
Commit: abb1ba6532 added policy for a
new property, which was not present in O. This policy introduced a
new type. Record it as such.
Bug: 62573845
Test: None, prebuilt change only.
Change-Id: I7d90cd69a5e6e29677598cc109676d5b1ce5ba05
Commit: bde5c8013d added a new type,
mediaprovider, which is being applied to an object (process) formerly
labeled as priv_app. Add the new type to the versioned attribute for
priv_app so that any vendor policy written for interaction with
mediaprovider continues to work.
Bug: 62573845
Test: None. Prebuilt-only change.
Change-Id: Id98293369401a2af23c2328a1cb4a5bb2258aac8
