ASAN makes use of shenanigans that violate our policy best-practices.
This is by design. Exempt them from these tests to get it building
again.
Bug: 37740897
Test: Builds with ASAN enabled.
Change-Id: Iffde28c2741466da5862b2dfe1fffa2c0d93caeb
One of my previous commits removed this, so I am now restoring it.
This commit also contains a bit of cleanup from previous commits by
removing some unneeded types.
It also fixes traceur by porting ag/2409144 to master.
Bug: 62413700, 62547086
Test: Built, flashed, and booted Marlin. Verified that the files have
the correct context. Verified that atrace and traceur work.
Change-Id: I76fa0e9060aff554687d57ab3976c8704a4068f0
Now that we're expected to use this when taking traces, we need to add
this permission so that Traceur can also access this file.
Test: Used Traceur and saw the traces appear in the bugreports
directory, as expected.
Bug: 62493544
Change-Id: Ib4304176abbb51e2e3b45c566ff14574e1cfaa82
Merged-In: I464b0df30fabfc5f1c7cd7430e53e8d04bfacb53
(this merged-in is not the same change; it's a conflicting change in
master)
Test that:
- File types on /sys have attr sysfs_type
- File types on /sys/kernel/debug have attr debugfs_type
- File types on /data have attr data_file_type
Test: build policy
Change-Id: Ie4f1f1c7e5345da0999082962f084fdac6b85428
In libprocessgroup, we want to only send signals once to processes,
particularly for SIGTERM. We must send the signal both to all
processes within a POSIX process group and a cgroup. To ensure that
we do not duplicate the signals being sent, we check the processes in
the cgroup to see if they're in the POSIX process groups that we're
killing. If they are, we skip sending a second signal. This requires
getpgid permissions, hence this SELinux change.
avc: denied { getpgid } for pid=797 comm="ActivityManager" scontext=u:r:system_server:s0 tcontext=u:r:untrusted_app_25:s0:c512,c768 tclass=process permissive=1
avc: denied { getpgid } for pid=797 comm="ActivityManager" scontext=u:r:system_server:s0 tcontext=u:r:untrusted_app_25:s0:c512,c768 tclass=process permissive=1
avc: denied { getpgid } for pid=797 comm="ActivityManager" scontext=u:r:system_server:s0 tcontext=u:r:system_app:s0 tclass=process permissive=1
avc: denied { getpgid } for pid=797 comm="ActivityManager" scontext=u:r:system_server:s0 tcontext=u:r:system_app:s0 tclass=process permissive=1
avc: denied { getpgid } for pid=1 comm="init" scontext=u:r:init:s0 tcontext=u:r:zygote:s0 tclass=process permissive=1
avc: denied { getpgid } for pid=1 comm="init" scontext=u:r:init:s0 tcontext=u:r:zygote:s0 tclass=process permissive=1
avc: denied { getpgid } for pid=1 comm="init" scontext=u:r:init:s0 tcontext=u:r:system_server:s0 tclass=process permissive=1
avc: denied { getpgid } for pid=1 comm="init" scontext=u:r:init:s0 tcontext=u:r:system_server:s0 tclass=process permissive=1
Bug: 37853905
Bug: 62418791
Test: Boot, kill zygote, reboot
Change-Id: Ib6c265dbaac8833c47145ae28fb6594ca8545570
[ 7.674739] selinux: selinux_android_file_context: Error getting
file context handle (No such file or directory)
Bug: 62564629
Test: build and flash marlin. Successfully switch between regular
and recovery modes
Change-Id: I0f871f8842d95322c844fb7b13ad1b4b42578e35
commit: 5c6a227ebb added the oc-dev
sepolicy prebuilts (api 26.0), but did not include the corresponding
base mapping file, which is to be maintained along with current
platform development in order to ensure backwards compatibility.
Bug: 37896931
Test: none, this just copies the old mapping file to prebuilts.
Change-Id: Ia5c36ddab036352845878178fa9c6a9d649d238f
