Ruchi Kandoi
bd85244dbc
hal_memtrack: Add sepolicy for memtrack service.
...
am: 0a924a6e1a
2016-11-04 00:16:28 +00:00
Ruchi Kandoi
77a862665c
hal_power: Add sepolicy for power service.
...
am: 3c30c4e2db
2016-11-04 00:16:26 +00:00
Ruchi Kandoi
0a924a6e1a
hal_memtrack: Add sepolicy for memtrack service.
...
Bug: 31180823
Test: reduced sepolicy errors
Change-Id: Ibfba2efa903adec340e37abec2afb3b94a262678
Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com>
2016-11-03 13:05:48 -07:00
Ruchi Kandoi
3c30c4e2db
hal_power: Add sepolicy for power service.
...
Bug: 31177288
Test: reduced sepolicy errors
Change-Id: I29556276ee14c341ac8f472875e6b69f903851ff
Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com>
2016-11-03 13:01:48 -07:00
Steven Moreland
cdd1bd76fa
Sepolicy for light hal.
...
am: 1ec710c8ff
2016-11-01 23:40:27 +00:00
Steven Moreland
1ec710c8ff
Sepolicy for light hal.
...
Bug: 32022100
Test: end to end
Change-Id: I5dd9b64c98a5c549fdaf9e47d5a92fa6963370c7
2016-11-01 21:30:51 +00:00
Dianne Hackborn
33619e31de
Allow new settings system service.
...
am: 11877133ba
2016-11-01 21:30:34 +00:00
Felipe Leme
517a9ed1e3
Merge "Added permissions for the dumpstate service."
...
am: ae9d3c0c31
2016-11-01 21:18:49 +00:00
Dianne Hackborn
11877133ba
Allow new settings system service.
...
Test: N/A
Change-Id: Ib3c85118bf752152f5ca75ec13371073fc2873cc
2016-11-01 21:16:56 +00:00
Treehugger Robot
ae9d3c0c31
Merge "Added permissions for the dumpstate service."
2016-11-01 21:13:31 +00:00
Jorge Lucangeli Obes
52dd15a0c1
Merge "init: Allow SETPCAP for dropping bounding set."
...
am: 02c8383521
2016-11-01 20:28:16 +00:00
Treehugger Robot
02c8383521
Merge "init: Allow SETPCAP for dropping bounding set."
2016-11-01 20:23:14 +00:00
Jorge Lucangeli Obes
847bfa4ab2
init: Allow SETPCAP for dropping bounding set.
...
This is required for https://android-review.googlesource.com/#/c/295748
so that init can drop the capability bounding set for services.
Bug: 32438163
Test: With 295748 and a test service using ambient capabilities.
Change-Id: I57788517cfe2ef0e7a2f1dfab94d0cb967ede065
2016-11-01 14:32:13 -04:00
Felipe Leme
b5f5931e8c
Added permissions for the dumpstate service.
...
- Allow dumpstate to create the dumpservice service.
- Allow System Server and Shell to find that service.
- Don't allow anyone else to create that service.
- Don't allow anyone else to find that service.
BUG: 31636879
Test: manual verification
Change-Id: I642fe873560a2b123e6bafde645467d45a5f5711
2016-11-01 10:43:25 -07:00
Nick Kralevich
a9aac6a9bf
Merge "system_server: allow appendable file descriptors"
...
am: 184851a212
2016-10-31 15:55:34 +00:00
Nick Kralevich
fa418650d2
Merge "Get rid of more auditallow spam"
...
am: 82b9182ef3
2016-10-31 15:55:22 +00:00
Treehugger Robot
184851a212
Merge "system_server: allow appendable file descriptors"
2016-10-31 15:45:38 +00:00
Treehugger Robot
82b9182ef3
Merge "Get rid of more auditallow spam"
2016-10-31 15:43:42 +00:00
Nick Kralevich
74b8425929
kernel.te: tighten entrypoint / execute_no_trans neverallow
...
am: 02cfce49ae
2016-10-31 15:22:50 +00:00
Nick Kralevich
02cfce49ae
kernel.te: tighten entrypoint / execute_no_trans neverallow
...
The kernel domain exists solely on boot, and is used by kernel threads.
Because of the way the system starts, there is never an entrypoint for
that domain, not even a file on rootfs. So tighten up the neverallow
restriction.
Remove an obsolete comment. The *.rc files no longer have a setcon
statement, and the transition from the kernel domain to init occurs
because init re-execs itself. The statement no longer applies.
Test: bullhead policy compiles.
Change-Id: Ibe75f3d25804453507dbb05c7a07bba1d37a1c7b
2016-10-30 18:46:44 -07:00
Nick Kralevich
8044129f42
system_server: allow appendable file descriptors
...
system_server is currently allowed write (but not open) access to
various app file descriptor types, to allow it to perform write
operations on file descriptors passed to it from Android processes.
However, system_server was not allowed to handle file descriptors
open only for append operations.
Write operations are a superset of that allowed by appendable
operations, so it makes no sense to deny system_server the use of
appendable file descriptors. Allow it for app data types, as well as a
few other types (for robustness).
Addresses the following denial generated when adb bugreport is run:
type=1400 audit(0.0:12): avc: denied { append } for
path="/data/user_de/0/com.android.shell/files/bugreports/bugreport-MASTER-2016-10-29-08-13-50-dumpstate_log-6214.txt"
dev="dm-2" ino=384984 scontext=u:r:system_server:s0
tcontext=u:object_r:shell_data_file:s0 tclass=file permissive=0
Bug: 32246161
Test: policy compiles
Test: No more append denials when running adb shell am bug-report --progress
Change-Id: Ia4e81cb0b3c3580fa9130952eedaed9cab3e8487
2016-10-29 08:20:56 -07:00
Nick Kralevich
2c8ea36ad8
Get rid of more auditallow spam
...
Addresses the following audit messages:
[ 7.984957] type=1400 audit(33873666.610:40): avc: granted { getattr
} for pid=1 comm="init" name="system@framework@boot-ext.art" dev="dm-2"
ino=106324 scontext=u:r:init:s0
tcontext=u:object_r:dalvikcache_data_file:s0 tclass=file
[ 65.528068] type=1400 audit(1477751916.508:96): avc: granted { search
} for pid=6330 comm="main" name="/" dev="cgroup" ino=12428
scontext=u:r:dumpstate:s0 tcontext=u:object_r:cgroup:s0 tclass=dir
[ 65.530425] type=1400 audit(1477751916.508:97): avc: granted { search
} for pid=6330 comm="main" name="/" dev="cgroup" ino=12428
scontext=u:r:dumpstate:s0 tcontext=u:object_r:cgroup:s0 tclass=dir
[ 65.530487] type=1400 audit(1477751916.508:98): avc: granted { open }
for pid=6330 comm="main" path="/dev/cpuctl/tasks" dev="cgroup" ino=12429
scontext=u:r:dumpstate:s0 tcontext=u:object_r:cgroup:s0 tclass=file
[ 65.530800] type=1400 audit(1477751916.508:98): avc: granted { open }
for pid=6330 comm="main" path="/dev/cpuctl/tasks" dev="cgroup" ino=12429
scontext=u:r:dumpstate:s0 tcontext=u:object_r:cgroup:s0 tclass=file
[ 65.530842] type=1400 audit(1477751916.508:99): avc: granted { search
} for pid=6330 comm="main" name="/" dev="cgroup" ino=12428
scontext=u:r:dumpstate:s0 tcontext=u:object_r:cgroup:s0 tclass=dir
[ 65.531138] type=1400 audit(1477751916.508:99): avc: granted { search
} for pid=6330 comm="main" name="/" dev="cgroup" ino=12428
scontext=u:r:dumpstate:s0 tcontext=u:object_r:cgroup:s0 tclass=dir
[ 65.531176] type=1400 audit(1477751916.508:100): avc: granted {
search } for pid=6330 comm="main" name="bg_non_interactive" dev="cgroup"
ino=12444 scontext=u:r:dumpstate:s0 tcontext=u:object_r:cgroup:s0
tclass=dir
[ 65.531465] type=1400 audit(1477751916.508:100): avc: granted {
search } for pid=6330 comm="main" name="bg_non_interactive" dev="cgroup"
ino=12444 scontext=u:r:dumpstate:s0 tcontext=u:object_r:cgroup:s0
tclass=dir
[ 65.531502] type=1400 audit(1477751916.508:101): avc: granted { open
} for pid=6330 comm="main" path="/dev/cpuctl/bg_non_interactive/tasks"
dev="cgroup" ino=12445 scontext=u:r:dumpstate:s0
tcontext=u:object_r:cgroup:s0 tclass=file
[ 65.531789] type=1400 audit(1477751916.508:101): avc: granted { open
} for pid=6330 comm="main" path="/dev/cpuctl/bg_non_interactive/tasks"
dev="cgroup" ino=12445 scontext=u:r:dumpstate:s0
tcontext=u:object_r:cgroup:s0 tclass=file
[ 65.531827] type=1400 audit(1477751916.508:102): avc: granted {
search } for pid=6330 comm="main" name="/" dev="cgroup" ino=12459
scontext=u:r:dumpstate:s0 tcontext=u:object_r:cgroup:s0 tclass=dir
[ 65.713056] type=1400 audit(1477751916.508:102): avc: granted {
search } for pid=6330 comm="main" name="/" dev="cgroup" ino=12459
scontext=u:r:dumpstate:s0 tcontext=u:object_r:cgroup:s0 tclass=dir
Bug: 32246161
Test: policy compiles
Test: dumpstate no longer generates the audit messages above.
Change-Id: Id5afe2ebeb24f8a7407aac1a0a09806b1521b0e4
2016-10-29 08:15:08 -07:00
Roshan Pius
a70008f691
Merge changes I5bbbcad3,Ifa4630ed
...
am: ece327292c
2016-10-28 23:43:18 +00:00
Roshan Pius
e1d1b3dc07
wifi_hal: Rename to 'hal_wifi'
...
am: 8224596a32
2016-10-28 23:43:17 +00:00
Roshan Pius
35ac63bab2
wpa: Add permissions for hwbinder
...
am: 6caeac7b47
2016-10-28 23:43:15 +00:00
Treehugger Robot
ece327292c
Merge changes I5bbbcad3,Ifa4630ed
...
* changes:
wifi_hal: Rename to 'hal_wifi'
wpa: Add permissions for hwbinder
2016-10-28 23:36:21 +00:00
Nick Kralevich
6f2f72c2b1
Get rid of auditallow spam.
...
am: 79a08e13bd
2016-10-28 20:50:31 +00:00
Nick Kralevich
79a08e13bd
Get rid of auditallow spam.
...
Fixes the following SELinux messages when running adb bugreport:
avc: granted { read } for name="libart.so" dev="dm-0" ino=1886
scontext=u:r:dumpstate:s0 tcontext=u:object_r:libart_file:s0 tclass=file
avc: granted { read open } for path="/system/lib64/libart.so" dev="dm-0"
ino=1886 scontext=u:r:dumpstate:s0 tcontext=u:object_r:libart_file:s0
tclass=file
avc: granted { getattr } for path="/system/lib64/libart.so" dev="dm-0"
ino=1886 scontext=u:r:dumpstate:s0 tcontext=u:object_r:libart_file:s0
tclass=file
avc: granted { read } for path="/system/lib64/libart.so" dev="dm-0"
ino=1886 scontext=u:r:dumpstate:s0 tcontext=u:object_r:libart_file:s0
tclass=file
avc: granted { read } for path="/system/lib64/libart.so" dev="dm-0"
ino=1886 scontext=u:r:dumpstate:s0 tcontext=u:object_r:libart_file:s0
tclass=file
avc: granted { read } for path="/system/lib64/libart.so" dev="dm-0"
ino=1886 scontext=u:r:dumpstate:s0 tcontext=u:object_r:libart_file:s0
tclass=file
avc: granted { read } for path="/system/lib64/libart.so" dev="dm-0"
ino=1886 scontext=u:r:dumpstate:s0 tcontext=u:object_r:libart_file:s0
tclass=file
avc: granted { read execute } for path="/system/lib64/libart.so"
dev="dm-0" ino=1886 scontext=u:r:dumpstate:s0
tcontext=u:object_r:libart_file:s0 tclass=file
avc: granted { read } for path="/system/lib64/libart.so" dev="dm-0"
ino=1886 scontext=u:r:dumpstate:s0 tcontext=u:object_r:libart_file:s0
tclass=file
avc: granted { read } for path="/system/lib64/libart.so" dev="dm-0"
ino=1886 scontext=u:r:dumpstate:s0 tcontext=u:object_r:libart_file:s0
tclass=file
avc: granted { search } for name="dalvik-cache" dev="dm-2" ino=106289
scontext=u:r:dumpstate:s0 tcontext=u:object_r:dalvikcache_data_file:s0
tclass=dir
avc: granted { getattr } for path="/data/dalvik-cache/arm64" dev="dm-2"
ino=106290 scontext=u:r:dumpstate:s0
tcontext=u:object_r:dalvikcache_data_file:s0 tclass=dir
avc: granted { search } for name="dalvik-cache" dev="dm-2" ino=106289
scontext=u:r:dumpstate:s0 tcontext=u:object_r:dalvikcache_data_file:s0
tclass=dir
avc: granted { search } for name="arm64" dev="dm-2" ino=106290
scontext=u:r:dumpstate:s0 tcontext=u:object_r:dalvikcache_data_file:s0
tclass=dir
avc: granted { getattr } for
path="/data/dalvik-cache/arm64/system@framework@boot.art" dev="dm-2"
ino=106318 scontext=u:r:dumpstate:s0
tcontext=u:object_r:dalvikcache_data_file:s0 tclass=file
avc: granted { search } for name="dalvik-cache" dev="dm-2" ino=106289
scontext=u:r:dumpstate:s0 tcontext=u:object_r:dalvikcache_data_file:s0
tclass=dir
avc: granted { search } for name="arm64" dev="dm-2" ino=106290
scontext=u:r:dumpstate:s0 tcontext=u:object_r:dalvikcache_data_file:s0
tclass=dir
avc: granted { read } for name="system@framework@boot.art" dev="dm-2"
ino=106318 scontext=u:r:dumpstate:s0
tcontext=u:object_r:dalvikcache_data_file:s0 tclass=file
avc: granted { read open } for
path="/data/dalvik-cache/arm64/system@framework@boot.art" dev="dm-2"
ino=106318 scontext=u:r:dumpstate:s0
tcontext=u:object_r:dalvikcache_data_file:s0 tclass=file
avc: granted { search } for name="dalvik-cache" dev="dm-2" ino=106289
scontext=u:r:dumpstate:s0 tcontext=u:object_r:dalvikcache_data_file:s0
tclass=dir
[ 169.349480] type=1400 audit(1477679159.734:129): avc: granted { read
} for pid=6413 comm="main" name="ipv6_route" dev="proc" ino=4026535947
scontext=u:r:dumpstate:s0 tcontext=u:object_r:proc_net:s0 tclass=file
[ 169.350030] type=1400 audit(1477679159.734:130): avc: granted { read
open } for pid=6413 comm="main" path="/proc/6413/net/ipv6_route"
dev="proc" ino=4026535947 scontext=u:r:dumpstate:s0
tcontext=u:object_r:proc_net:s0 tclass=file
[ 169.350361] type=1400 audit(1477679159.734:130): avc: granted { read
open } for pid=6413 comm="main" path="/proc/6413/net/ipv6_route"
dev="proc" ino=4026535947 scontext=u:r:dumpstate:s0
tcontext=u:object_r:proc_net:s0 tclass=file
[ 169.350399] type=1400 audit(1477679159.734:131): avc: granted {
getattr } for pid=6413 comm="main" path="/proc/6413/net/ipv6_route"
dev="proc" ino=4026535947 scontext=u:r:dumpstate:s0
tcontext=u:object_r:proc_net:s0 tclass=file
[ 169.350963] type=1400 audit(1477679159.734:131): avc: granted {
getattr } for pid=6413 comm="main" path="/proc/6413/net/ipv6_route"
dev="proc" ino=4026535947 scontext=u:r:dumpstate:s0
tcontext=u:object_r:proc_net:s0 tclass=file
[ 169.351002] type=1400 audit(1477679159.734:132): avc: granted { read
} for pid=6413 comm="main" name="if_inet6" dev="proc" ino=4026535946
scontext=u:r:dumpstate:s0 tcontext=u:object_r:proc_net:s0 tclass=file
[ 169.351330] type=1400 audit(1477679159.734:132): avc: granted { read
} for pid=6413 comm="main" name="if_inet6" dev="proc" ino=4026535946
scontext=u:r:dumpstate:s0 tcontext=u:object_r:proc_net:s0 tclass=file
[ 169.351366] type=1400 audit(1477679159.734:133): avc: granted { read
open } for pid=6413 comm="main" path="/proc/6413/net/if_inet6"
dev="proc" ino=4026535946 scontext=u:r:dumpstate:s0
tcontext=u:object_r:proc_net:s0 tclass=file
[ 169.351861] type=1400 audit(1477679159.734:133): avc: granted { read
open } for pid=6413 comm="main" path="/proc/6413/net/if_inet6"
dev="proc" ino=4026535946 scontext=u:r:dumpstate:s0
tcontext=u:object_r:proc_net:s0 tclass=file
[ 169.351910] type=1400 audit(1477679159.734:134): avc: granted {
getattr } for pid=6413 comm="main" path="/proc/6413/net/if_inet6"
dev="proc" ino=4026535946 scontext=u:r:dumpstate:s0
tcontext=u:object_r:proc_net:s0 tclass=file
[ 169.353105] type=1400 audit(1477679159.734:134): avc: granted {
getattr } for pid=6413 comm="main" path="/proc/6413/net/if_inet6"
dev="proc" ino=4026535946 scontext=u:r:dumpstate:s0
tcontext=u:object_r:proc_net:s0 tclass=file
[ 169.353186] type=1400 audit(1477679159.734:135): avc: granted { read
} for pid=6413 comm="main" name="if_inet6" dev="proc" ino=4026535946
scontext=u:r:dumpstate:s0 tcontext=u:object_r:proc_net:s0 tclass=file
[ 169.353594] type=1400 audit(1477679159.734:135): avc: granted { read
} for pid=6413 comm="main" name="if_inet6" dev="proc" ino=4026535946
scontext=u:r:dumpstate:s0 tcontext=u:object_r:proc_net:s0 tclass=file
[ 169.353636] type=1400 audit(1477679159.734:136): avc: granted { read
open } for pid=6413 comm="main" path="/proc/6413/net/if_inet6"
dev="proc" ino=4026535946 scontext=u:r:dumpstate:s0
tcontext=u:object_r:proc_net:s0 tclass=file
[ 169.354230] type=1400 audit(1477679159.734:136): avc: granted { read
open } for pid=6413 comm="main" path="/proc/6413/net/if_inet6"
dev="proc" ino=4026535946 scontext=u:r:dumpstate:s0
tcontext=u:object_r:proc_net:s0 tclass=file
[ 169.354437] type=1400 audit(1477679159.734:137): avc: granted {
getattr } for pid=6413 comm="main" path="/proc/6413/net/if_inet6"
dev="proc" ino=4026535946 scontext=u:r:dumpstate:s0
tcontext=u:object_r:proc_net:s0 tclass=file
[ 169.395359] type=1400 audit(1477679159.734:137): avc: granted {
getattr } for pid=6413 comm="main" path="/proc/6413/net/if_inet6"
dev="proc" ino=4026535946 scontext=u:r:dumpstate:s0
tcontext=u:object_r:proc_net:s0 tclass=file
Test: policy compiles
Test: adb bugreport runs without auditallow messages above.
Bug: 32246161
Change-Id: Ie0ab2ed3c6babc1f93d3b8ae47c92dd905ebc93a
2016-10-28 11:46:00 -07:00
Roshan Pius
8224596a32
wifi_hal: Rename to 'hal_wifi'
...
Renaming the wifi HIDL implementation to 'hal_wifi' from 'wifi_hal_legacy'
to conform with HIDL style guide.
Denials:
01-01 21:55:23.896 2865 2865 I android.hardware.wifi@1.0-service:
wifi_hal_legacy is starting up...
01-01 21:55:23.898 2865 2865 W android.hardware.wifi@1.0-service:
/odm/lib64/hw/ does not exit.
01-01 21:55:23.899 2865 2865 F android.hardware.wifi@1.0-service:
service.cpp:59] Check failed: service->registerAsService("wifi") ==
android::NO_ERROR (service->registerAsService("wifi")=-2147483646,
android::NO_ERROR=0) Failed to register wifi HAL
01-01 21:55:23.899 2865 2865 F libc : Fatal signal 6 (SIGABRT),
code -6 in tid 2865 (android.hardwar)
01-01 21:55:23.901 377 377 W : debuggerd: handling request:
pid=2865 uid=2000 gid=2000 tid=2865
01-01 21:55:23.907 2867 2867 E : debuggerd: Unable to connect
to activity manager (connect failed: Connection refused)
01-01 21:55:23.908 2867 2867 F DEBUG : *** *** *** *** *** *** ***
*** *** *** *** *** *** *** *** ***
01-01 21:55:23.908 2867 2867 F DEBUG : Build fingerprint:
'Android/aosp_angler/angler:7.0/NYC/rpius10031052:userdebug/test-keys'
01-01 21:55:23.908 2867 2867 F DEBUG : Revision: '0'
01-01 21:55:23.908 2867 2867 F DEBUG : ABI: 'arm64'
01-01 21:55:23.908 2867 2867 F DEBUG : pid: 2865, tid: 2865, name:
android.hardwar >>> /system/bin/hw/android.hardware.wifi@1.0-service
<<<
01-01 21:55:23.909 2867 2867 F DEBUG : signal 6 (SIGABRT), code -6
(SI_TKILL), fault addr --------
01-01 21:55:23.910 2867 2867 F DEBUG : Abort message:
'service.cpp:59] Check failed: service->registerAsService("wifi") ==
android::NO_ERROR (service->registerAsService("wifi")=-2147483646,
android::NO_ERROR=0) Failed to register wifi HAL'
Bug: 31821133
Test: Compiled and ensured that the selinux denials are no longer
present in logs.
Change-Id: I5bbbcad307e9bb9e59fff87e2926751b3aecc813
2016-10-28 09:00:31 -07:00
William Roberts
14742b0f92
Merge "domain: neverallow on setfcap"
...
am: e112faeaa8
2016-10-28 00:03:22 +00:00
Treehugger Robot
e112faeaa8
Merge "domain: neverallow on setfcap"
2016-10-27 23:45:58 +00:00
William Roberts
c3f1da99b2
domain: neverallow on setfcap
...
Filesystem capabilities should only be set by the build tools
or by recovery during an update. Place a neverallow ensuring
this property.
Change-Id: I136c5cc16dff0c0faa3799d0ab5e29b43454a610
Signed-off-by: William Roberts <william.c.roberts@intel.com>
2016-10-27 12:45:47 -07:00
Roshan Pius
6caeac7b47
wpa: Add permissions for hwbinder
...
Modify permissions for wpa_supplicant to use hwbinder (for HIDL),
instead of binder.
Denials:
01-15 14:31:58.573 541 541 W wpa_supplicant: type=1400
audit(0.0:10): avc: denied { call } for scontext=u:r:wpa:s0
tcontext=u:r:hwservicemanager:s0 tclass=binder permissive=0
01-15 14:31:58.573 541 541 W wpa_supplicant: type=1400
audit(0.0:11): avc: denied { call } for scontext=u:r:wpa:s0
tcontext=u:r:hwservicemanager:s0 tclass=binder permissive=0
BUG: 31365276
Test: Compiled and ensured that the selinux denials are no longer
present in logs.
Change-Id: Ifa4630edea6ec5a916b3940f9a03ef9dc6fc9af2
2016-10-26 14:52:12 -07:00
Jeff Vander Stoep
3ad4428c73
Merge "Rename macros for (non)binderized HALs"
...
am: 70591fedf5
2016-10-26 19:06:41 +00:00
Treehugger Robot
70591fedf5
Merge "Rename macros for (non)binderized HALs"
2016-10-26 18:48:30 +00:00
Jeff Vander Stoep
95bd7984b5
clean up hal types
...
am: 27ae545a78
2016-10-26 18:32:44 +00:00
Jeff Vander Stoep
f579ef15a8
Rename macros for (non)binderized HALs
...
Test: builds
Bug: 32243668
Change-Id: I1ad4b53003462e932cf80b6972db1520dc66d735
2016-10-26 10:04:18 -07:00
Jeff Vander Stoep
27ae545a78
clean up hal types
...
Bug: 32123421
Test: build Hikey
Change-Id: Iaf02626f3f3a94104c0f9d746c3cf5f20751a27d
2016-10-26 09:50:04 -07:00
Connor O'Brien
6771f2885f
sepolicy for boot_control HAL service
...
am: 2370fc775c
2016-10-25 22:31:02 +00:00
Connor O'Brien
2370fc775c
sepolicy for boot_control HAL service
...
Bug: 31864052
Test: Logging confirms service runs on boot
Merged-In: I41e9e5c45d2d42886cdf7ff6d364e9e6e3df1ff4
Change-Id: I41e9e5c45d2d42886cdf7ff6d364e9e6e3df1ff4
Signed-off-by: Connor O'Brien <connoro@google.com>
2016-10-25 13:33:48 -07:00
Jeff Vander Stoep
fb2be31617
Merge "Add macros for treble and non-treble only policy"
...
am: 367d90b6a4
2016-10-25 20:10:24 +00:00
Treehugger Robot
367d90b6a4
Merge "Add macros for treble and non-treble only policy"
2016-10-25 20:06:02 +00:00
Rahul Chaudhry
1e5aca27ce
Merge "fc_sort: cleanup warnings caught by clang tidy / static analyzer."
...
am: ce3b2a41a5
2016-10-24 19:10:26 +00:00
Treehugger Robot
ce3b2a41a5
Merge "fc_sort: cleanup warnings caught by clang tidy / static analyzer."
2016-10-24 19:03:57 +00:00
Jeff Vander Stoep
5855b4884c
Merge "isolated_app: no sdcard access"
...
am: 626edc7555
2016-10-21 20:45:29 +00:00
Treehugger Robot
626edc7555
Merge "isolated_app: no sdcard access"
2016-10-21 20:29:01 +00:00
Mikhail Naganov
9f90cadc1d
Update SELinux policy for audiohal
...
am: 2ff6b4da73
2016-10-21 19:08:08 +00:00
Mikhail Naganov
2ff6b4da73
Update SELinux policy for audiohal
...
Change-Id: Iaa9907ed516c947175a59bf49938c0ee03b4f6d1
2016-10-21 09:53:15 -07:00
Felipe Leme
ce4c82a8c2
Merge "Creates an autofill system service."
...
am: f5312f8e81
2016-10-21 16:19:26 +00:00
Jeff Vander Stoep
ce4b5eeaee
isolated_app: no sdcard access
...
Remove and neverallow isolated_app access to external storage and
USB accessories.
Test: aosp_angler-userdebug builds
Bug: 21643067
Change-Id: Ie912706a954a38610f2afd742b1ab4b8cd4b1f36
2016-10-21 09:15:48 -07:00
