Ricky Wai
7494cc133c
Add Network Watchlist data file selinux policy(Used in ConfigUpdater) am: ff3b957e63 am: 56a9edb19e
...
am: a70a3ca0ba
2018-01-02 18:29:22 +00:00
Ricky Wai
a70a3ca0ba
Add Network Watchlist data file selinux policy(Used in ConfigUpdater) am: ff3b957e63
...
am: 56a9edb19e
2018-01-02 18:25:47 +00:00
Ricky Wai
56a9edb19e
Add Network Watchlist data file selinux policy(Used in ConfigUpdater)
...
am: ff3b957e63
2018-01-02 18:22:13 +00:00
Ricky Wai
ff3b957e63
Add Network Watchlist data file selinux policy(Used in ConfigUpdater)
...
Bug: 63908748
Test: Able to boot
Change-Id: I14d8856d7aac7be9d1f26ecf5bfff69ea5ee9607
2018-01-02 18:16:46 +00:00
Andreas Gampe
ee80a1038a
Merge "Sepolicy: Introduce perfprofd binder service" am: 2f39276e3f am: d695693d86
...
am: b4d216d6be
2018-01-02 16:07:03 +00:00
Andreas Gampe
b4d216d6be
Merge "Sepolicy: Introduce perfprofd binder service" am: 2f39276e3f
...
am: d695693d86
2018-01-02 16:03:00 +00:00
Andreas Gampe
d695693d86
Merge "Sepolicy: Introduce perfprofd binder service"
...
am: 2f39276e3f
2018-01-02 15:59:27 +00:00
Treehugger Robot
2f39276e3f
Merge "Sepolicy: Introduce perfprofd binder service"
2018-01-02 15:55:29 +00:00
Tri Vo
f34774dc3d
Merge "system_server: search permission to all of sysfs." am: 8d07a8d595 am: b6f04b57bf
...
am: cacb24d53c
2017-12-30 05:06:06 +00:00
Tri Vo
cacb24d53c
Merge "system_server: search permission to all of sysfs." am: 8d07a8d595
...
am: b6f04b57bf
2017-12-30 05:02:55 +00:00
Tri Vo
b6f04b57bf
Merge "system_server: search permission to all of sysfs."
...
am: 8d07a8d595
2017-12-30 04:59:09 +00:00
Treehugger Robot
8d07a8d595
Merge "system_server: search permission to all of sysfs."
2017-12-30 04:56:53 +00:00
Andreas Gampe
aa9711f82b
Sepolicy: Introduce perfprofd binder service
...
Add policy for the perfprofd binder service.
For now, only allow su to talk to it.
Test: m
Change-Id: I690f75460bf513cb326314cce633fa25453515d6
2017-12-28 17:31:21 -08:00
Steven Moreland
4c57d6f661
Merge "Remove sys/class/leds permissions from dumpstate." am: 0b6856f59b am: f3bf89c682
...
am: 47eecb4c32
2017-12-22 22:02:23 +00:00
Steven Moreland
47eecb4c32
Merge "Remove sys/class/leds permissions from dumpstate." am: 0b6856f59b
...
am: f3bf89c682
2017-12-22 21:57:42 +00:00
Steven Moreland
f3bf89c682
Merge "Remove sys/class/leds permissions from dumpstate."
...
am: 0b6856f59b
2017-12-22 21:52:13 +00:00
Treehugger Robot
0b6856f59b
Merge "Remove sys/class/leds permissions from dumpstate."
2017-12-22 21:47:01 +00:00
Steven Moreland
a00b74196e
Remove sys/class/leds permissions from dumpstate.
...
These are device specific.
Bug: 70846424
Test: bugreport
Change-Id: Ic22c972f1b09988a8eccf0823dd0d87fc0c0a1f7
2017-12-22 21:46:34 +00:00
Jeffrey Vander Stoep
678082147d
Revert "Audit app access to /proc/net/*"
...
This reverts commit 84f9685972
2017-12-21 20:05:26 -08:00
Tri Vo
ce8bc8b00e
system_server: search permission to all of sysfs.
...
This will allow system_server to perfom path resolution on paths like:
/sys/devices/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm8998@0:qcom,pm8998_rtc/rtc
Fixes this denial:
avc: denied { search } for pid=947 comm=system_server
name=800f000.qcom,spmi dev=sysfs ino=19891
scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs_msm_subsys:s0
tclass=dir permissive=0 b/68003344
Bug: 68003344
Test: walleye boots without the denial above.
Change-Id: Ib282395124c7f2f554681fcc713b9afe189f441c
2017-12-21 22:35:27 +00:00
Joel Galenson
df80940892
Merge "Disallow most coredomains from accessing vendor_files on Treble." am: 6168a12ea9 am: ea3942f0a7
...
am: 6771dc79ef
2017-12-21 20:56:56 +00:00
Joel Galenson
6771dc79ef
Merge "Disallow most coredomains from accessing vendor_files on Treble." am: 6168a12ea9
...
am: ea3942f0a7
2017-12-21 19:53:12 +00:00
Joel Galenson
ea3942f0a7
Merge "Disallow most coredomains from accessing vendor_files on Treble."
...
am: 6168a12ea9
2017-12-21 19:03:24 +00:00
Tri Vo
b5b1314ba7
system_server: remove access to /sys/class/leds. am: 89a7b21541 am: ef3865076b
...
am: 6f31c4b2d4
2017-12-21 17:48:10 +00:00
Treehugger Robot
6168a12ea9
Merge "Disallow most coredomains from accessing vendor_files on Treble."
2017-12-21 17:07:20 +00:00
Tri Vo
6f31c4b2d4
system_server: remove access to /sys/class/leds. am: 89a7b21541
...
am: ef3865076b
2017-12-20 21:42:32 +00:00
Tri Vo
ef3865076b
system_server: remove access to /sys/class/leds.
...
am: 89a7b21541
2017-12-20 21:22:10 +00:00
Tri Vo
89a7b21541
system_server: remove access to /sys/class/leds.
...
Removing legacy rules. system_server now depends on Lights HAL (which
has its own domain) instead of /sys/class/leds.
Bug: 70846424
Test: sailfish boots; screen, flashlight work fine.
Change-Id: I6f116a599cab26ae71e45f462b33328bc8d43db5
2017-12-20 18:51:26 +00:00
Joel Galenson
52e11be07a
Disallow most coredomains from accessing vendor_files on Treble.
...
Test: Built the policy for many devices.
Change-Id: Ic61023dc2d597865504d1a4bc955bd1bc973f83c
2017-12-20 10:05:35 -08:00
Jeff Vander Stoep
7838cbff17
Merge "app: move appdomain to public policy" am: d4bb9b7342 am: 9a07f54ff7
...
am: a139dd2d61
2017-12-20 18:02:54 +00:00
Jeff Vander Stoep
a139dd2d61
Merge "app: move appdomain to public policy" am: d4bb9b7342
...
am: 9a07f54ff7
2017-12-20 17:56:21 +00:00
Jeff Vander Stoep
9a07f54ff7
Merge "app: move appdomain to public policy"
...
am: d4bb9b7342
2017-12-20 17:53:48 +00:00
Treehugger Robot
d4bb9b7342
Merge "app: move appdomain to public policy"
2017-12-20 17:49:31 +00:00
Tri Vo
298e188b36
Merge "init: tighten sysfs_type permissions" am: 021344cc51 am: 677a6b2ecc
...
am: ea687901d0
2017-12-20 17:21:37 +00:00
Tri Vo
ea687901d0
Merge "init: tighten sysfs_type permissions" am: 021344cc51
...
am: 677a6b2ecc
2017-12-20 17:18:37 +00:00
Tri Vo
677a6b2ecc
Merge "init: tighten sysfs_type permissions"
...
am: 021344cc51
2017-12-20 17:16:02 +00:00
Tri Vo
021344cc51
Merge "init: tighten sysfs_type permissions"
2017-12-20 17:11:10 +00:00
Tony Mak
e3b6b7a556
Add selinux policy for CrossProfileAppsService am: 215fb3efe4 am: 5c98a06f1d
...
am: 17a7819801
2017-12-20 07:06:17 +00:00
Tony Mak
17a7819801
Add selinux policy for CrossProfileAppsService am: 215fb3efe4
...
am: 5c98a06f1d
2017-12-20 07:03:44 +00:00
Tony Mak
5c98a06f1d
Add selinux policy for CrossProfileAppsService
...
am: 215fb3efe4
2017-12-20 07:01:12 +00:00
Jeff Vander Stoep
77b290f303
app: move appdomain to public policy
...
Vendor-specific app domains depend on the rules in app.te so they
must reside in public policy.
Bug: 70517907
Test: build
Change-Id: If45557a5732a06f78c752779a8182e053beb25a2
Merged-In: If45557a5732a06f78c752779a8182e053beb25a2
(cherry picked from commit 1f4cab8bd4
2017-12-19 21:31:01 -08:00
Jeffrey Vander Stoep
8cba16480a
Merge "app: move appdomain to public policy"
2017-12-20 05:20:14 +00:00
Tony Mak
215fb3efe4
Add selinux policy for CrossProfileAppsService
...
CrossProfileAppsService allows apps to do limited cross profile
operations, like checking the caller package is installed in
the specified user. It is similar to LauncherAppsService in some sense.
Merged-In: I26e383a57c32c4dc9b779752b20000b283a5bfdc
Change-Id: I26e383a57c32c4dc9b779752b20000b283a5bfdc
Fix: 67765768
Test: Built with ag/3063260. Can boot and verified those APIs are working.
(cherry picked from commit 6536c9e092
2017-12-20 09:42:37 +09:00
Tri Vo
55039509fd
init: tighten sysfs_type permissions
...
Removes open, read, setattr permissions to sysfs_type.
Adds explicit permissions to:
sysfs_dt_firmware_android
sysfs_vibrator
sysfs_wake_lock
Bug: 65643247
Test: walleye boots without denials to sysfs_type.
Change-Id: I2e344831655c2c8e8e48b07ecce6a2704f2a206a
2017-12-19 16:17:42 -08:00
yro
f10ff7df29
Setting up SELinux policy for statsd and stats service am: 2970845577 am: c9bfbc1686
...
am: e63570c375
2017-12-19 19:31:17 +00:00
yro
e63570c375
Setting up SELinux policy for statsd and stats service am: 2970845577
...
am: c9bfbc1686
2017-12-19 19:11:58 +00:00
yro
c9bfbc1686
Setting up SELinux policy for statsd and stats service
...
am: 2970845577
2017-12-19 18:56:05 +00:00
Jeff Vander Stoep
1f4cab8bd4
app: move appdomain to public policy
...
Vendor-specific app domains depend on the rules in app.te so they
must reside in public policy.
Bug: 70517907
Test: build
Change-Id: If45557a5732a06f78c752779a8182e053beb25a2
2017-12-19 08:19:52 -08:00
yro
2970845577
Setting up SELinux policy for statsd and stats service
...
Bug: 63757906
Test: manual testing conducted
Change-Id: Id03413ce82b5646d4bceddc59e16c7d5ee5bc193
2017-12-19 01:41:48 +00:00
Tri Vo
a4bb05fdbe
Merge "perfprofd: allow traversing sysfs directories." am: b73cd9f8df am: 2ee1a51c3c
...
am: 9ee60ea4a7
2017-12-19 01:19:21 +00:00
