This broke the build on master. See b/17613910#comment17
for details.
This reverts commit ef1fd98b6a.
Change-Id: I11f7d463061a9b6340c11827135586266e26f016
This is used to persist RFC 7217 stable secrets across device reboots.
Test: as follows
- Manually tested that stable_secret is generated on first use and
persists until reset of user data partition (factory reset).
- Tested that "adb shell getprop" was denied access to
persist.netd.stable_secret after running "adb unroot".
Bug: 17613910
Change-Id: I4dad00fb189d697aceaffae49ad63987c7e45054
This is to Allow commands like `adb shell run-as ...`.
Bug: http://b/62358246
Test: run commands manually.
Change-Id: I7bb6c79a6e27ff1224a80c6ddeffb7f27f492bb2
It appears that selinux requires the write permission to receive
a writable pipe from dumpstate, for unclear reasons. Add the permission
for now.
Bug: http://b/62297059
Test: dumpstate
Change-Id: I0f25682177115aacd5c2203ddc0008228b0380ad
modprobe domain was allowed to launch vendor toolbox even if its a
coredomain. That violates the treble separation. Fix that by creating a
separate 'vendor_modprobe' domain that init is allowed to transition to
through vendor_toolbox.
Bug: 37008075
Test: Build and boot sailfish
Change-Id: Ic3331797691bb5d1fdc05a674aa4aa313e1f86b2
Signed-off-by: Sandeep Patil <sspatil@google.com>
(cherry picked from commit 9e366a0e49)
Modprobe requires this permission or the following denial will
prevent loading of signed kernel modules:
audit: type=1400 audit(27331649.656:4): avc: denied { search } for
pid=448 comm="modprobe" scontext=u:r:modprobe:s0 tcontext=u:r:kernel:s0
tclass=key permissive=0
Bug: 62256697
Test: Verified signed module loading on sailfish.
Change-Id: Idde41d1ab58e760398190d6686665a252f1823bb
Add policy changes to enable a new service. The service
is currently switched off in config, but this change is
needed before it could be enabled.
Bug: 31008728
Test: make droid
Merged-In: I29c4509304978afb2187fe2e7f401144c6c3b4c6
Change-Id: I29c4509304978afb2187fe2e7f401144c6c3b4c6
Applications connect to tombstoned via a unix domain socket and request
an open FD to which they can write their traces. This socket has a new
label (tombstoned_java_trace_socket) and appdomain and system_server are
given permissions to connect and write to it.
Apps no longer need permissions to open files under /data/anr/ and
these permissions will be withdrawn in a future change.
Bug: 32064548
Test: Manual
(cherry picked from commit a8832dabc7f3b7b2381760d2b95f81abf78db709)
(cherry picked from commit 11bfcc1e96)
Change-Id: Icc60d227331c8eee70a9389ff1e7e78772f37e6f
Applications connect to tombstoned via a unix domain socket and request
an open FD to which they can write their traces. This socket has a new
label (tombstoned_java_trace_socket) and appdomain and system_server are
given permissions to connect and write to it.
Apps no longer need permissions to open files under /data/anr/ and
these permissions will be withdrawn in a future change.
Bug: 32064548
Test: Manual
Merged-In: I70a3e6e230268d12b454e849fa88418082269c4f
Change-Id: Ib4b73fc130f4993c44d96c8d68f61b6d9bb2c7d5
vendor implementations need to be able to run modprobe as part of
init.rc scripts. They cannot do so because of the strict neverallow
currently in place that disallows all coredomains (including init)
to execute vendor toybox.
Fix this by adding init to the exception list for the neverallow so
vendors can then run modprobe from .rc scripts and also add the rule to
allow init to transition to modprobe domain using vendor_toolbox.
Bug: b/38212864
Test: Boot sailfish
Change-Id: Ib839246954e9002859f3ba986094f206bfead137
Signed-off-by: Sandeep Patil <sspatil@google.com>
Needed to allow lower power Play Music of downloaded files.
05-24 10:12:49.331 24025 24025 W generic : type=1400
audit(0.0:1259): avc: denied { read } for
path="/data/data/com.google.android.music/files/music/925.mp3"
dev="sda35" ino=2179256 scontext=u:r:mediaextractor:s0
tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file
permissive=0
Test: Play Music
Bug: 62059834
Change-Id: I97bdb1d175dba8f7a8ec6cd9084323cfcd3660bd
Update SE Policy to allow calls to and callbacks for the Tether Offload HAL
HIDL binderized service.
Bug: 38417260
Test: New functionality. So we don't have any tests.
Change-Id: I2c95b290523c55c081afa1bca091f368559c9125
(cherry picked from commit 722249b3e8)
Right now, the hwcomposer hidl hal is unable to figure out where
to get the hidl mapper implementation.
It is expected that all graphics composer objects will need this
permission. The interfaces are written to work together with the
"IMapper" being the same-process ("sphal") component and the
"IComposer" interface being the binderized compoenent.
10-09 00:24:38.900 457 457 E SELinux : avc: denied { find } for
interface=android.hardware.graphics.mapper::IMapper pid=495
scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:hal_graphics_mapper_hwservice:s0 tclass=hwservice_manager
Test: boot marlin, denial no longer present.
Bug: 38415912
Change-Id: I1b274be10e115fa7b53fb81e85be8827da05997e
