Florian Mayer
951a1c8fad
Allow profilable domains to use heapprofd fd and tmpfs.
...
am: 315d8bfa15
2019-03-04 07:42:40 -08:00
Florian Mayer
315d8bfa15
Allow profilable domains to use heapprofd fd and tmpfs.
...
This is needed to allow to communicate over shared memory.
Bug: 126724929
Change-Id: I73e69ae3679cd50124ab48121e259fd164176ed3
2019-03-04 12:05:35 +00:00
Nicolas Geoffray
7ac1c1b7ad
Merge "Allow ota_preopt to read runtime properties." am: d4536b0814 am: 3ea802699c
...
am: 7f60efc9f0
2019-03-04 02:34:25 -08:00
Nicolas Geoffray
7f60efc9f0
Merge "Allow ota_preopt to read runtime properties." am: d4536b0814
...
am: 3ea802699c
2019-03-04 02:30:20 -08:00
Nicolas Geoffray
3ea802699c
Merge "Allow ota_preopt to read runtime properties."
...
am: d4536b0814
2019-03-04 02:26:03 -08:00
Nicolas Geoffray
d4536b0814
Merge "Allow ota_preopt to read runtime properties."
2019-03-04 10:15:28 +00:00
Dario Freni
3b106357ae
Use label staging_data_file for installed APEX. am: 5ed5072e06 am: a2e321d86a
...
am: 489a6a4e50
2019-03-03 16:14:15 -08:00
Dario Freni
489a6a4e50
Use label staging_data_file for installed APEX. am: 5ed5072e06
...
am: a2e321d86a
2019-03-03 15:58:10 -08:00
Dario Freni
a2e321d86a
Use label staging_data_file for installed APEX.
...
am: 5ed5072e06
2019-03-03 15:54:05 -08:00
Dario Freni
5ed5072e06
Use label staging_data_file for installed APEX.
...
This is needed in cases SELinux labels are restored under /data/apex by
an external process calling restorecon. In normal condition files under
/data/apex/active retain the label staging_data_file used at their
original creation by StagingManager. However, we observed that the label
might be changed to apex_data_file, which we were able to reproduce by
running restorecon.
Explicitly mark files under /data/apex/active and /data/apex/backup as
staging_data_file.
This CL also remove some stale rules being addressed since.
Test: ran restorecon on files in /data/apex/active, attempted installing
a new apex which triggered the violation when files are linked to
/data/apex/backup. With this CL, the operation succeeds.
Bug: 112669193
Change-Id: Ib4136e9b9f4993a5b7e02aade8f5c5e300a7793c
2019-03-03 20:53:42 +00:00
Changyeon Jo
4c5f70e788
Updates hal_evs sepolicy
...
Adds hwservice_manager permission.
Change-Id: Ie1b5d1d2a9f778338ec117a4dbf7d3c9a524511e
Signed-off-by: Changyeon Jo <changyeon@google.com>
2019-03-03 17:35:06 +00:00
Yiwei Zhang
c6a2b83ceb
Game Driver Metrics: allow statsd to find GpuService am: ec27090048 am: ab17d26412
...
am: ef48c6e119
2019-03-01 21:26:48 -08:00
Yiwei Zhang
ef48c6e119
Game Driver Metrics: allow statsd to find GpuService am: ec27090048
...
am: ab17d26412
2019-03-01 21:22:51 -08:00
Yiwei Zhang
ab17d26412
Game Driver Metrics: allow statsd to find GpuService
...
am: ec27090048
2019-03-01 21:18:40 -08:00
Yiwei Zhang
ec27090048
Game Driver Metrics: allow statsd to find GpuService
...
Bug: 123529932
Test: adb shell cmd stats pull-source <GpuStats source ID>
Change-Id: Iceb7f4e45661b6dd6e92a3815edbf345f434f9b6
2019-03-01 17:51:12 -08:00
Chris Wailes
6a0bde2eb3
Renamed blastula to unspecialized app process (usap)
...
Bug: 123017829
Test: make & boot & launch apps
Change-Id: I48b067216f52773c128f72234e453c134b85b75a
2019-03-02 01:18:10 +00:00
Jayant Chowdhary
fe0af517db
Abstract use of cameraserver behind an attribute
...
Bug: 124128212
Test: Builds
Change-Id: Ia0df765e15a72b3bdd1cba07ff1cf16128da5ae2
Signed-off-by: Jayant Chowdhary <jchowdhary@google.com>
2019-03-01 14:02:59 -08:00
Jayant Chowdhary
ca41deb378
Add selinux rules for HIDL ICameraServer.
...
Bug: 110364143
Test: lshal->android.frameworks.cameraservice.service@2.0::ICameraService/default
is registered.
Merged-In: I689ca5a570c169581b2bfb9d117fcdafced0a7e0
Change-Id: I689ca5a570c169581b2bfb9d117fcdafced0a7e0
Signed-off-by: Jayant Chowdhary <jchowdhary@google.com>
(cherry picked from commit 039d4151da
2019-03-01 14:01:07 -08:00
Jesse Hall
f4762ac5ea
Merge "Update fence event path for kernel 4.10+" am: f669b1393d am: 07f63edcb9
...
am: 5d57b83e85
2019-03-01 13:20:39 -08:00
Jesse Hall
5d57b83e85
Merge "Update fence event path for kernel 4.10+" am: f669b1393d
...
am: 07f63edcb9
2019-03-01 13:13:22 -08:00
Jesse Hall
07f63edcb9
Merge "Update fence event path for kernel 4.10+"
...
am: f669b1393d
2019-03-01 13:08:06 -08:00
Treehugger Robot
f669b1393d
Merge "Update fence event path for kernel 4.10+"
2019-03-01 20:56:05 +00:00
Joel Galenson
f24854f8e8
Fix denials during bugreport.
...
Bug: 124465994
Test: cts-tradefed run cts -m CtsSecurityHostTestCases -t
android.security.cts.SELinuxHostTest#testNoBugreportDenials
Test: Build all policies.
Change-Id: Ic20b1e0fd3a8bdea408d66f33351b1f5ebc5d84c
2019-03-01 12:35:48 -08:00
Suren Baghdasaryan
a52c22172b
Merge "sepolicy for vendor cgroups.json and task_profiles.json files" am: e3f15e2abc am: b582791324
...
am: 14a03c82a4
2019-03-01 10:29:38 -08:00
Suren Baghdasaryan
14a03c82a4
Merge "sepolicy for vendor cgroups.json and task_profiles.json files" am: e3f15e2abc
...
am: b582791324
2019-03-01 10:15:02 -08:00
Suren Baghdasaryan
b582791324
Merge "sepolicy for vendor cgroups.json and task_profiles.json files"
...
am: e3f15e2abc
2019-03-01 10:09:12 -08:00
Suren Baghdasaryan
e3f15e2abc
Merge "sepolicy for vendor cgroups.json and task_profiles.json files"
2019-03-01 18:01:39 +00:00
Jesse Hall
17b29bd523
Update fence event path for kernel 4.10+
...
The sysfs path for controlling dma fence events changed yet again in
Linux 4.10, see kernel commit f54d1867005c3.
Test: adb shell atrace --list_categories | grep sync
Change-Id: Id6332f794ee4e350c936e1e777e9d94fc7cd6d11
2019-03-01 09:55:11 -08:00
Sudheer Shanka
9dc9986d35
Merge "Remove priv_app SELinux denial tracking." am: 45d73adc62 am: 55e69ebe5a
...
am: ef56e9c974
2019-03-01 09:18:24 -08:00
Sudheer Shanka
ef56e9c974
Merge "Remove priv_app SELinux denial tracking." am: 45d73adc62
...
am: 55e69ebe5a
2019-03-01 09:14:22 -08:00
Sudheer Shanka
55e69ebe5a
Merge "Remove priv_app SELinux denial tracking."
...
am: 45d73adc62
2019-03-01 09:11:46 -08:00
Sudheer Shanka
45d73adc62
Merge "Remove priv_app SELinux denial tracking."
2019-03-01 17:01:06 +00:00
Nicolas Geoffray
be50acb73d
Merge "Allow installd to scan JARs in /vendor/framework." am: ee0348e8d1 am: d67c585333
...
am: c6c6ffd498
2019-03-01 07:17:06 -08:00
Nicolas Geoffray
c6c6ffd498
Merge "Allow installd to scan JARs in /vendor/framework." am: ee0348e8d1
...
am: d67c585333
2019-03-01 07:07:10 -08:00
Nicolas Geoffray
d67c585333
Merge "Allow installd to scan JARs in /vendor/framework."
...
am: ee0348e8d1
2019-03-01 06:58:01 -08:00
Nicolas Geoffray
ee0348e8d1
Merge "Allow installd to scan JARs in /vendor/framework."
2019-03-01 14:44:49 +00:00
Nicolas Geoffray
400147579a
Allow ota_preopt to read runtime properties.
...
Test: m
Bug: 126646365
Change-Id: I20770fd73b8ccc876c3d9042074a754d89e324a2
2019-03-01 10:05:35 +00:00
Andreas Gampe
d412e51ecf
Sepolicy: Add runtime APEX postinstall fsverity permissions am: 67e14adba6 am: 718d5ed045
...
am: 03efbbdd60
2019-02-28 22:29:43 -08:00
Andreas Gampe
03efbbdd60
Sepolicy: Add runtime APEX postinstall fsverity permissions am: 67e14adba6
...
am: 718d5ed045
2019-02-28 22:25:38 -08:00
Andreas Gampe
718d5ed045
Sepolicy: Add runtime APEX postinstall fsverity permissions
...
am: 67e14adba6
2019-02-28 22:20:31 -08:00
Andreas Gampe
67e14adba6
Sepolicy: Add runtime APEX postinstall fsverity permissions
...
Add rights to check and enable fsverity data.
Bug: 125474642
Test: m
Change-Id: I35ce4d6ac3db5b00d35860033a5751de26acf17c
2019-02-28 16:51:12 -08:00
Suren Baghdasaryan
6155b2fd11
sepolicy for vendor cgroups.json and task_profiles.json files
...
Vendors should be able to specify additional cgroups and task profiles
without changing system files. Add access rules for /vendor/etc/cgroups.json
and /vendor/etc/task_profiles.json files which will augment cgroups and
task profiles specified in /etc/cgroups.json and /etc/task_profiles.json
system files. As with system files /vendor/etc/cgroups.json is readable
only by init process. task_profiles.json is readable by any process that
uses cgroups.
Bug: 124960615
Change-Id: I12fcff0159b4e7935ce15cc19ae36230da0524fc
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
2019-03-01 00:32:15 +00:00
David Anderson
853811dc37
Merge "Allow system_server and shell to start gsid on-demand." am: 753225ce9c am: da4057e3a4
...
am: f1d803049a
2019-02-28 14:58:22 -08:00
Tri Vo
53d0c91d0a
Merge "ashmem: expand app access" am: e8cb09db42 am: 16f4d00cd6
...
am: fc56dea893
2019-02-28 14:57:42 -08:00
Joel Galenson
7b4f4d4082
Merge "Fix CTS neverallow violation." am: 412cc87475 am: a1a7a91cb5
...
am: 072332b20f
2019-02-28 14:56:59 -08:00
Andreas Gampe
990e5353c8
Sepolicy: Add base runtime APEX postinstall policies am: 4c2d06c458 am: b3fafa2f62
...
am: c4389e3468
2019-02-28 14:56:04 -08:00
Andreas Gampe
262fc748dc
Sepolicy: Add runtime APEX preinstall fsverity permissions am: 57346a0566 am: 7710cf6e09
...
am: 047f827be6
2019-02-28 14:55:40 -08:00
Andreas Gampe
d033c2fc41
Sepolicy: Add base runtime APEX preinstall policies am: ae127d8340 am: 105dea9f8f
...
am: e5ab7a049e
2019-02-28 14:55:07 -08:00
David Anderson
f1d803049a
Merge "Allow system_server and shell to start gsid on-demand." am: 753225ce9c
...
am: da4057e3a4
2019-02-28 14:50:07 -08:00
Tri Vo
fc56dea893
Merge "ashmem: expand app access" am: e8cb09db42
...
am: 16f4d00cd6
2019-02-28 14:49:34 -08:00
