Treehugger Robot
c67985a067
Merge "Sepolicy: Allow crash_dump to ptrace apexd in userdebug"
2019-03-06 22:12:11 +00:00
Yifan Hong
9cb837bb95
Merge "health: allow wake_alarm capability."
...
am: a5f5fc5afd
2019-03-06 14:10:49 -08:00
Treehugger Robot
a5f5fc5afd
Merge "health: allow wake_alarm capability."
2019-03-06 21:41:25 +00:00
Tri Vo
63a0489f82
Merge "load selinux mapping ignore file in BOARD_PLAT_PRIVATE_SEPOLICY_DIR" am: 304bafd410 am: e92e130caa
...
am: 659dc68307
2019-03-06 12:53:30 -08:00
Tri Vo
659dc68307
Merge "load selinux mapping ignore file in BOARD_PLAT_PRIVATE_SEPOLICY_DIR" am: 304bafd410
...
am: e92e130caa
2019-03-06 12:41:23 -08:00
Tri Vo
e92e130caa
Merge "load selinux mapping ignore file in BOARD_PLAT_PRIVATE_SEPOLICY_DIR"
...
am: 304bafd410
2019-03-06 12:33:19 -08:00
Tri Vo
304bafd410
Merge "load selinux mapping ignore file in BOARD_PLAT_PRIVATE_SEPOLICY_DIR"
2019-03-06 20:26:07 +00:00
Yifan Hong
2d0979268f
health: allow wake_alarm capability.
...
CAP_WAKE_ALARM was required for timerfd_create since 4.10 kernel upstream.
Add capability to platform policy for healthd and health HAL.
Fixes: 124210362
Test: boots (sanity)
Change-Id: I8ebb383608eedd59beddec3f476b071e81b80871
2019-03-06 19:10:09 +00:00
Jiyong Park
2fed03eeaa
Merge "Add a new system-to-vendor sysprop ro.apex.updatable" am: 452d6a5faa am: 15c0da7f90
...
am: 1e326b1a92
2019-03-06 10:40:56 -08:00
Jiyong Park
1e326b1a92
Merge "Add a new system-to-vendor sysprop ro.apex.updatable" am: 452d6a5faa
...
am: 15c0da7f90
2019-03-06 10:10:32 -08:00
Jiyong Park
15c0da7f90
Merge "Add a new system-to-vendor sysprop ro.apex.updatable"
...
am: 452d6a5faa
2019-03-06 09:52:01 -08:00
Treehugger Robot
452d6a5faa
Merge "Add a new system-to-vendor sysprop ro.apex.updatable"
2019-03-06 17:38:46 +00:00
David Anderson
a7b298cda3
Merge "Allow gatekeeperd to read ro.gsid.image_running." am: 731e104acc am: 15ae14f060
...
am: 008fe2d1e2
2019-03-05 20:22:39 -08:00
David Anderson
008fe2d1e2
Merge "Allow gatekeeperd to read ro.gsid.image_running." am: 731e104acc
...
am: 15ae14f060
2019-03-05 19:37:44 -08:00
Chong Zhang
ccc5566c37
Merge "Move mediaswcodec service to APEX" am: 8740465034 am: 9d5845f592
...
am: 017a324120
2019-03-05 19:27:01 -08:00
David Anderson
15ae14f060
Merge "Allow gatekeeperd to read ro.gsid.image_running."
...
am: 731e104acc
2019-03-05 19:22:30 -08:00
Chong Zhang
017a324120
Merge "Move mediaswcodec service to APEX" am: 8740465034
...
am: 9d5845f592
2019-03-05 18:40:15 -08:00
David Anderson
731e104acc
Merge "Allow gatekeeperd to read ro.gsid.image_running."
2019-03-06 02:40:03 +00:00
Chong Zhang
9d5845f592
Merge "Move mediaswcodec service to APEX"
...
am: 8740465034
2019-03-05 18:26:05 -08:00
Treehugger Robot
8740465034
Merge "Move mediaswcodec service to APEX"
2019-03-06 02:06:19 +00:00
Chong Zhang
21b40e380e
Move mediaswcodec service to APEX
...
bug: 127499775
test:
- adb shell lshal debug android.hardware.media.c2@1.0::IComponentStore/software
check all software c2 codecs are still listed
- clean-built image shouldn't have mediaswcodec in /system/bin
- atest CtsMediaTestCases -- --module-arg CtsMediaTestCases:size:small
Change-Id: Ie528fe3b1053d5bfd9dc3b858c996b8e1c708cbc
2019-03-05 14:54:14 -08:00
Andreas Gampe
efece54e06
Sepolicy: Allow crash_dump to ptrace apexd in userdebug
...
In userdebug, for better diagnostics, allow crash_dump to "connect
to" apexd.
Considering apexd is quite powerful, user devices remain restricted.
Bug: 118771487
Test: m
Change-Id: Id42bd2ad7505cd5578138bfccd8840acba9a334d
2019-03-05 09:59:50 -08:00
Joel Galenson
6f7fc830c1
Merge "Fix denials during bugreport." am: 51f6075f73 am: b8bd45a560
...
am: 87968faa25
2019-03-05 09:47:58 -08:00
Joel Galenson
87968faa25
Merge "Fix denials during bugreport." am: 51f6075f73
...
am: b8bd45a560
2019-03-05 09:39:58 -08:00
Joel Galenson
b8bd45a560
Merge "Fix denials during bugreport."
...
am: 51f6075f73
2019-03-05 09:35:47 -08:00
Treehugger Robot
51f6075f73
Merge "Fix denials during bugreport."
2019-03-05 17:27:58 +00:00
Luke Huang
524f25ebb0
Add sepolicy for resolver service
...
Bug: 126141549
Test: built, flashed, booted
Change-Id: I34260e1e5cc238fbe92574f928252680c1e6b417
2019-03-05 15:49:33 +00:00
Changyeon Jo
579baaa20f
Merge "Updates hal_evs sepolicy" am: 9c65dc76b8 am: a60b26786c
...
am: 64983640a9
2019-03-05 06:38:31 -08:00
Changyeon Jo
64983640a9
Merge "Updates hal_evs sepolicy" am: 9c65dc76b8
...
am: a60b26786c
2019-03-05 06:34:27 -08:00
Changyeon Jo
a60b26786c
Merge "Updates hal_evs sepolicy"
...
am: 9c65dc76b8
2019-03-05 06:30:25 -08:00
Changyeon Jo
9c65dc76b8
Merge "Updates hal_evs sepolicy"
2019-03-05 14:22:57 +00:00
Jinguang Dong
e012569944
load selinux mapping ignore file in BOARD_PLAT_PRIVATE_SEPOLICY_DIR
...
Now it can only load selinux mapping ignore file in system/sepolicy/private,
But for google's partners, we want to add selinux mapping ignore file in BOARD_PLAT_PRIVATE_SEPOLICY_DIR.
Test: it can load load selinux mapping ignore file in BOARD_PLAT_PRIVATE_SEPOLICY_DIR
Change-Id: I983422c21fe027fcb17c175357a26845eb977669
2019-03-05 17:23:24 +08:00
Jiyong Park
48d0793ec0
Add a new system-to-vendor sysprop ro.apex.updatable
...
The system property is for system to be able to identify vendor
implementation that is ready to support updatable APEXes. When this
sysprop is set to true, the init creates separate mount namespaces for
processes launched before apexd. When unset, default is false.
Bug: 122428178
Test: device boots to the UI
Test: atest android.appsecurity.cts.ExternalStorageHostTest
Change-Id: I4ae1eac5eec5f5085d8d32ff58300dfa9967c29a
2019-03-05 16:31:23 +09:00
Joel Galenson
05bd46baeb
Reduce the number of parallel compiles. am: 3fbd303d1c am: 86e955aefa
...
am: a1f90819ac
2019-03-04 17:42:08 -08:00
Joel Galenson
a1f90819ac
Reduce the number of parallel compiles. am: 3fbd303d1c
...
am: 86e955aefa
2019-03-04 17:37:33 -08:00
Joel Galenson
86e955aefa
Reduce the number of parallel compiles.
...
am: 3fbd303d1c
2019-03-04 17:25:48 -08:00
Florian Mayer
87715af6b6
Merge "Fix typo." am: e146c216cc am: 103a843fc7
...
am: 0e1c608648
2019-03-04 14:13:12 -08:00
Florian Mayer
0e1c608648
Merge "Fix typo." am: e146c216cc
...
am: 103a843fc7
2019-03-04 14:08:06 -08:00
Joel Galenson
3fbd303d1c
Reduce the number of parallel compiles.
...
Running this script sometimes completely hangs all of our computers.
This change seems to work better for me.
Test: Use script to compile many Androids.
Change-Id: I95539034b35a4ff6dbc39cd67856b0bd7e20d587
2019-03-04 14:04:49 -08:00
Florian Mayer
103a843fc7
Merge "Fix typo."
...
am: e146c216cc
2019-03-04 14:04:03 -08:00
Joel Galenson
19c90604ad
Fix denials during bugreport.
...
Bug: 124465994
Test: cts-tradefed run cts -m CtsSecurityHostTestCases -t
android.security.cts.SELinuxHostTest#testNoBugreportDenials
Test: Build all policies.
Change-Id: Ic20b1e0fd3a8bdea408d66f33351b1f5ebc5d84c
(cherry picked from commit f24854f8e8
2019-03-04 14:01:12 -08:00
Treehugger Robot
e146c216cc
Merge "Fix typo."
2019-03-04 21:52:58 +00:00
TreeHugger Robot
fc8d3f317d
Merge "Fix denials during bugreport."
2019-03-04 21:24:10 +00:00
Jayant Chowdhary
f79849f05d
Merge changes from topic "fwk-cameraservice-sepolicy" am: bfb9f7caa5 am: 81c3b60a89
...
am: 19f653a1f7
2019-03-04 12:19:01 -08:00
Jayant Chowdhary
19f653a1f7
Merge changes from topic "fwk-cameraservice-sepolicy" am: bfb9f7caa5
...
am: 81c3b60a89
2019-03-04 12:14:54 -08:00
Jayant Chowdhary
81c3b60a89
Merge changes from topic "fwk-cameraservice-sepolicy"
...
am: bfb9f7caa5
2019-03-04 12:11:01 -08:00
Jayant Chowdhary
bfb9f7caa5
Merge changes from topic "fwk-cameraservice-sepolicy"
...
* changes:
Abstract use of cameraserver behind an attribute
Add selinux rules for HIDL ICameraServer.
2019-03-04 19:43:07 +00:00
Florian Mayer
3b601a5e59
Fix typo.
...
Change-Id: I03d31ea03d7a1e3e230a97ac1f0ead82d5962f34
2019-03-04 16:43:37 +00:00
Florian Mayer
7463a3c6cb
Allow profilable domains to use heapprofd fd and tmpfs. am: 315d8bfa15 am: 951a1c8fad
...
am: 0361f64b30
2019-03-04 07:55:56 -08:00
Florian Mayer
0361f64b30
Allow profilable domains to use heapprofd fd and tmpfs. am: 315d8bfa15
...
am: 951a1c8fad
2019-03-04 07:49:47 -08:00
