Ajay Panicker
82f9989062
Allow bluetooth service to access bluetooth directory and add /logs (6/6) am: a45672614d
...
am: ebcc814eb5
2016-09-19 20:18:58 +00:00
Ajay Panicker
ebcc814eb5
Allow bluetooth service to access bluetooth directory and add /logs (6/6)
...
am: a45672614d
2016-09-19 20:11:01 +00:00
Ajay Panicker
a45672614d
Allow bluetooth service to access bluetooth directory and add /logs (6/6)
...
Bug: 31466840
Change-Id: I3984754034349e6c41de6ae9cccbaab95ca5a918
2016-09-16 20:20:31 +00:00
Fyodor Kupolov
eb7ecd7199
Merge "Allow system_server to delete directories in preloads" am: f23299c547
...
am: 66c10511ee
2016-09-15 19:42:01 +00:00
Fyodor Kupolov
66c10511ee
Merge "Allow system_server to delete directories in preloads"
...
am: f23299c547
2016-09-15 19:40:02 +00:00
Treehugger Robot
f23299c547
Merge "Allow system_server to delete directories in preloads"
2016-09-15 18:18:24 +00:00
Janis Danisevskis
254e36b3ab
Allow debuggerd execmem on debuggable domains am: 071b935d0b
...
am: 241f358f73
2016-09-15 16:33:31 +00:00
Fyodor Kupolov
3189945192
Allow system_server to delete directories in preloads
...
(cherry picked from commit 028ed753b5
2016-09-15 09:31:05 -07:00
Janis Danisevskis
241f358f73
Allow debuggerd execmem on debuggable domains
...
am: 071b935d0b
2016-09-15 16:31:00 +00:00
Janis Danisevskis
071b935d0b
Allow debuggerd execmem on debuggable domains
...
In anticipation of fixing a loophole in the Linux kernel that allows
circumventing the execmem permission by using the ptrace interface,
this patch grants execmem permission on debuggable domains to
debuggerd. This will be required for setting software break points
once the kernel has been fixed.
Bug: 31000401
Change-Id: I9b8d5853b643d24b94d36e2adbcb135dbaef8b1e
2016-09-15 15:11:31 +01:00
Janis Danisevskis
5c3b1cdd67
Merge "Allow keystore to access KeyAttestationApplicationIDProviderService" am: 1a640f327d
...
am: 8e74f2f817
2016-09-14 21:33:04 +00:00
Janis Danisevskis
8e74f2f817
Merge "Allow keystore to access KeyAttestationApplicationIDProviderService"
...
am: 1a640f327d
2016-09-14 21:29:32 +00:00
Treehugger Robot
1a640f327d
Merge "Allow keystore to access KeyAttestationApplicationIDProviderService"
2016-09-14 21:11:00 +00:00
Jeff Vander Stoep
6ce7513653
Merge "nfc: allow access to drmserver_service" am: 52c8adb34a
...
am: 2c24ec8bb3
2016-09-14 20:06:51 +00:00
Jeff Vander Stoep
2c24ec8bb3
Merge "nfc: allow access to drmserver_service"
...
am: 52c8adb34a
2016-09-14 20:03:54 +00:00
Treehugger Robot
52c8adb34a
Merge "nfc: allow access to drmserver_service"
2016-09-14 19:59:19 +00:00
Takahiro Aizawa
61043ff5cc
Merge "selinux: Update policies for mediadrmserver" am: 0dc5d020ac
...
am: 75bbefc03a
2016-09-14 19:48:58 +00:00
Tianjie Xu
88fae39798
Add sepolicy for update_verifier am: 59379d8b48
...
am: 8a521266d2
2016-09-14 19:48:58 +00:00
Tao Bao
a3e136f897
update_verifier: Allow searching /dev/block. am: 1e17dafc6d
...
am: 58a3175c80
2016-09-14 19:48:55 +00:00
Takahiro Aizawa
75bbefc03a
Merge "selinux: Update policies for mediadrmserver"
...
am: 0dc5d020ac
2016-09-14 19:42:57 +00:00
Tianjie Xu
8a521266d2
Add sepolicy for update_verifier
...
am: 59379d8b48
2016-09-14 19:42:57 +00:00
Tao Bao
58a3175c80
update_verifier: Allow searching /dev/block.
...
am: 1e17dafc6d
2016-09-14 19:42:54 +00:00
Treehugger Robot
0dc5d020ac
Merge "selinux: Update policies for mediadrmserver"
2016-09-14 19:36:45 +00:00
Tianjie Xu
59379d8b48
Add sepolicy for update_verifier
...
(cherry picked from commit 5d8d2dc9f9
2016-09-14 19:31:22 +00:00
Tao Bao
1e17dafc6d
update_verifier: Allow searching /dev/block.
...
update_verifier calls bootcontrol HAL to mark the currently booting slot
as successfully booted.
avc: denied { search } for name="block" dev="tmpfs" scontext=u:r:update_verifier:s0 tcontext=u:object_r:block_device:s0 tclass=dir permissive=0
avc: denied { search } for name="block" dev="tmpfs" scontext=u:r:update_verifier:s0 tcontext=u:object_r:block_device:s0 tclass=dir permissive=0
Bug: 29569601
Test: Device boots up with no update_verifier denials and 'bootctl is-slot-marked-successful 0' returns 0.
Change-Id: I1baa7819bc829e3c4b83d7168008a5b06b01cc9f
2016-09-14 19:29:06 +00:00
Wei Wang
66dc4709c3
Merge "allow system_server to set bootanim scheduling priority" am: 2c1b02eba6
...
am: 90d84da7e2
2016-09-14 19:28:54 +00:00
Wei Wang
90d84da7e2
Merge "allow system_server to set bootanim scheduling priority"
...
am: 2c1b02eba6
2016-09-14 19:25:53 +00:00
Janis Danisevskis
61e5ccae9e
Allow keystore to access KeyAttestationApplicationIDProviderService
...
(cherry picked from commit 58b079a259
2016-09-14 19:24:48 +00:00
Treehugger Robot
2c1b02eba6
Merge "allow system_server to set bootanim scheduling priority"
2016-09-14 19:22:48 +00:00
Hugo Benichi
8c488decc6
Merge "New service name for IpConnectivity metrics" am: ed06b57b77
...
am: cd66025669
2016-09-14 19:20:23 +00:00
Hugo Benichi
cd66025669
Merge "New service name for IpConnectivity metrics"
...
am: ed06b57b77
2016-09-14 19:17:23 +00:00
Treehugger Robot
ed06b57b77
Merge "New service name for IpConnectivity metrics"
2016-09-14 19:04:10 +00:00
Martijn Coenen
053df7d9fa
Allow the NFC process to access hwservicemanager. am: 50ab0b1ace
...
am: 41726e3420
2016-09-14 17:55:49 +00:00
Martijn Coenen
8b01f03284
Initial hardware servicemanager sepolicy. am: 6b952393f6
...
am: 1988efc001
2016-09-14 17:55:47 +00:00
Jeff Vander Stoep
2a00c64a4f
nfc: allow access to drmserver_service
...
(cherry picked from commit 24ad5862bd
2016-09-14 17:53:27 +00:00
Martijn Coenen
41726e3420
Allow the NFC process to access hwservicemanager.
...
am: 50ab0b1ace
2016-09-14 17:52:49 +00:00
Martijn Coenen
1988efc001
Initial hardware servicemanager sepolicy.
...
am: 6b952393f6
2016-09-14 17:52:46 +00:00
Takahiro Aizawa
ec7508546b
selinux: Update policies for mediadrmserver
...
(cherry picked from commit 23a276a295
2016-09-14 10:32:56 -07:00
Hugo Benichi
c1c82606f1
New service name for IpConnectivity metrics
...
(cherry picked from commit f412cc623f
2016-09-14 10:19:02 -07:00
Wei Wang
88323b2e6d
allow system_server to set bootanim scheduling priority
...
(cherry picked from commit 1617c0ce89
2016-09-14 10:15:15 -07:00
Martijn Coenen
50ab0b1ace
Allow the NFC process to access hwservicemanager.
...
Add a macro to make this easier for other processes
as well.
Change-Id: I489d0ce042fe5ef88dc767a6fbdb9b795be91601
(cherry picked from commit c2b9c1561e4bd7ac86d78b44ca7927994e781da0)
2016-09-14 16:47:09 +00:00
Martijn Coenen
6b952393f6
Initial hardware servicemanager sepolicy.
...
Change-Id: I07d188e4dd8801a539db1e9f3edf82a1d662648e
(cherry picked from commit 61a082a55dbc2798d50d0d4b766151d69334729a)
2016-09-14 16:35:34 +00:00
Jeff Tinker
c2103a9710
Merge "Fix SELinux denials for protected content playback" am: 36e260f772
...
am: 90bca6f3c4
2016-09-14 02:55:51 +00:00
Jeff Tinker
90bca6f3c4
Merge "Fix SELinux denials for protected content playback"
...
am: 36e260f772
2016-09-14 02:52:50 +00:00
Treehugger Robot
36e260f772
Merge "Fix SELinux denials for protected content playback"
2016-09-14 02:35:37 +00:00
Andreas Gampe
04718d5626
sepolicy: give otapreopt getattr am: f9c741b860
...
am: 35a560a4a4
2016-09-13 22:00:32 +00:00
Andreas Gampe
feaeddce46
Sepolicy: Add otapreopt_slot am: a3a0bb446b
...
am: c81a0a1a5e
2016-09-13 22:00:30 +00:00
Andreas Gampe
35a560a4a4
sepolicy: give otapreopt getattr
...
am: f9c741b860
2016-09-13 21:57:32 +00:00
Andreas Gampe
c81a0a1a5e
Sepolicy: Add otapreopt_slot
...
am: a3a0bb446b
2016-09-13 21:57:30 +00:00
Andreas Gampe
dc3f6fab00
Merge "Sepolicy: allow otapreopt_chroot to mount vendor" am: 9eae9a7181
...
am: cbb4c08d7c
2016-09-13 20:48:49 +00:00
