Lalit Maganti
917d7d74ef
sepolicy: allow shell to read/write traced prop am: 673b4db777
...
am: 45e5338233
2018-04-23 03:28:10 -07:00
Lalit Maganti
45e5338233
sepolicy: allow shell to read/write traced prop
...
am: 673b4db777
2018-04-23 03:24:50 -07:00
Lalit Maganti
673b4db777
sepolicy: allow shell to read/write traced prop
...
This is to fix the CTS failures given by the bugs below where devices
where traced is not enabled by default causes test failures.
Bug: 78215159
Bug: 78347829
Change-Id: Ib0f6a1cdb770528dbbeb857368534ff5040e464e
2018-04-23 09:55:04 +00:00
yro
cd3c5d816e
Merge "Setting up sepolicies for statsd planB of listening to its own socket" into pi-dev
...
am: 51baefaf2c
2018-04-20 19:57:19 -07:00
TreeHugger Robot
51baefaf2c
Merge "Setting up sepolicies for statsd planB of listening to its own socket" into pi-dev
2018-04-21 02:29:55 +00:00
Joel Galenson
8e3d9484f4
Remove some priv_app logspam. am: 9ec59f6cb9
...
am: e74a878fc2
2018-04-20 17:30:09 -07:00
Joel Galenson
e74a878fc2
Remove some priv_app logspam.
...
am: 9ec59f6cb9
2018-04-20 17:23:45 -07:00
Joel Galenson
9ec59f6cb9
Remove some priv_app logspam.
...
avc: denied { search } for name="/" scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:fs_bpf:s0 tclass=dir permissive=0
Bug: 72749888
Test: Boot without seeing the denial.
Change-Id: Iaf3559928473c68066e6a42ba71655a683861901
2018-04-20 15:33:26 -07:00
Jeff Vander Stoep
3c2f89044d
Merge "vendor_init: allow stat() of /data dir" into pi-dev
...
am: 1050e7e82f
2018-04-20 14:48:52 -07:00
TreeHugger Robot
1050e7e82f
Merge "vendor_init: allow stat() of /data dir" into pi-dev
2018-04-20 21:41:28 +00:00
Petri Gynther
da19d0e93f
[automerger skipped] A2DP offload: switch to new properties
...
am: 683a60bd43
2018-04-20 14:24:01 -07:00
Petri Gynther
683a60bd43
A2DP offload: switch to new properties
...
Bug: 63932139
Bug: 76201991
Test: Manual A2DP testing (A2DP offload enabled and disabled)
Change-Id: Icebb4a84cf241b3b6bc52e4826fdedd5a73d796a
Merged-In: Icebb4a84cf241b3b6bc52e4826fdedd5a73d796a
2018-04-20 14:11:11 -07:00
yro
93c16bda16
Setting up sepolicies for statsd planB of listening to its own socket
...
Test: manual
Bug: 78318738
Change-Id: Ifa1cbbfdbb5acb713dfeb1d4bf98d1e116e5a89b
2018-04-20 13:57:54 -07:00
Tianjie Xu
f2f47b5734
Merge "Allow dumpstate to read the update_engine logs" into pi-dev
...
am: 1affab2200
2018-04-20 13:18:30 -07:00
Tianjie Xu
1affab2200
Merge "Allow dumpstate to read the update_engine logs" into pi-dev
2018-04-20 20:09:00 +00:00
Tianjie Xu
c9962ca2b3
Merge "Allow dumpstate to read the update_engine logs" am: ebddc5993f
...
am: 6210924b1a
2018-04-20 13:05:54 -07:00
Tianjie Xu
6210924b1a
Merge "Allow dumpstate to read the update_engine logs"
...
am: ebddc5993f
2018-04-20 13:02:02 -07:00
Tianjie Xu
ebddc5993f
Merge "Allow dumpstate to read the update_engine logs"
2018-04-20 19:52:45 +00:00
Jeff Vander Stoep
6f8d2628b3
vendor_init: allow stat() of /data dir
...
avc: denied { getattr } for path="/data" scontext=u:r:vendor_init:s0
tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=1
Bug: 78345561
Test: build/boot device. Denial is gone.
Change-Id: Ie858f1fe65aeb1845b00a5143c345e81aa2ec632
2018-04-20 12:51:44 -07:00
Tianjie Xu
4af699ae3e
Allow dumpstate to read the update_engine logs
...
Denial message:
avc: denied { read } for pid=2775 comm="dumpstate" name="update_engine_log"
dev="sda35" ino=3850274 scontext=u:r:dumpstate:s0
tcontext=u:object_r:update_engine_log_data_file:s0 tclass=dir permissive=0
Bug: 78201703
Test: take a bugreport
Change-Id: I2c788c1211812aa0fcf58cee37a6e8f955424849
(cherry picked from commit 7d47427997
2018-04-20 10:40:51 -07:00
Alan Stokes
8deca65599
Merge "Remove fixed bug from bug_map." am: e03074b4d1
...
am: 353d1af696
2018-04-20 01:40:12 -07:00
Alan Stokes
353d1af696
Merge "Remove fixed bug from bug_map."
...
am: e03074b4d1
2018-04-20 01:35:40 -07:00
Alan Stokes
e03074b4d1
Merge "Remove fixed bug from bug_map."
2018-04-20 08:28:02 +00:00
Petri Gynther
d5a59777d0
A2DP offload: switch to new properties am: 820656a73f
...
am: 93cba01663
2018-04-20 00:55:56 -07:00
Petri Gynther
93cba01663
A2DP offload: switch to new properties
...
am: 820656a73f
2018-04-20 00:51:34 -07:00
Jaekyun Seok
46c2c4e864
[automerger skipped] Merge "Neverallow unexpected domains to access bluetooth_prop and wifi_prop" into pi-dev
...
am: 5faa0c2af7
2018-04-19 22:12:16 -07:00
TreeHugger Robot
5faa0c2af7
Merge "Neverallow unexpected domains to access bluetooth_prop and wifi_prop" into pi-dev
2018-04-20 05:07:56 +00:00
Petri Gynther
820656a73f
A2DP offload: switch to new properties
...
Bug: 63932139
Bug: 76201991
Test: Manual A2DP testing (A2DP offload enabled and disabled)
Change-Id: Icebb4a84cf241b3b6bc52e4826fdedd5a73d796a
2018-04-19 11:30:07 -07:00
Chong Zhang
fad90d552f
Merge "Allow system_server to adjust cpuset for media.codec" into pi-dev
...
am: ad3529a855
2018-04-19 11:23:08 -07:00
TreeHugger Robot
ad3529a855
Merge "Allow system_server to adjust cpuset for media.codec" into pi-dev
2018-04-19 17:40:39 +00:00
Jaekyun Seok
0146653530
Neverallow unexpected domains to access bluetooth_prop and wifi_prop am: 41e42d63fe
...
am: c822ec3e58
2018-04-18 18:03:07 -07:00
Jaekyun Seok
c822ec3e58
Neverallow unexpected domains to access bluetooth_prop and wifi_prop
...
am: 41e42d63fe
2018-04-18 17:59:21 -07:00
Jaekyun Seok
dce86b3cc6
Neverallow unexpected domains to access bluetooth_prop and wifi_prop
...
And this CL will remove unnecessary vendor-init exceptions for nfc_prop
and radio_prop as well.
Bug: 77633703
Test: succeeded building and tested with Pixels
Change-Id: I468b8fd907c6408f51419cfb58eb2b8da29118ae
Merged-In: I468b8fd907c6408f51419cfb58eb2b8da29118ae
(cherry picked from commit 41e42d63fe
2018-04-19 09:51:02 +09:00
Jaekyun Seok
41e42d63fe
Neverallow unexpected domains to access bluetooth_prop and wifi_prop
...
And this CL will remove unnecessary vendor-init exceptions for nfc_prop
and radio_prop as well.
Bug: 77633703
Test: succeeded building and tested with Pixels
Change-Id: I468b8fd907c6408f51419cfb58eb2b8da29118ae
2018-04-19 08:22:26 +09:00
Tom Cherry
ee2e5ced22
Merge "Allow vendor_init to access unencrypted_data_file" am: 09ade7fce4
...
am: 2f69dd8c43
2018-04-18 15:32:06 -07:00
Tom Cherry
2f69dd8c43
Merge "Allow vendor_init to access unencrypted_data_file"
...
am: 09ade7fce4
2018-04-18 15:22:59 -07:00
Tom Cherry
09ade7fce4
Merge "Allow vendor_init to access unencrypted_data_file"
2018-04-18 22:08:57 +00:00
Jeff Vander Stoep
df6d77cd45
Protect dropbox service data with selinux am: 4d3ee1a5b6
...
am: 1874950d21
2018-04-18 15:05:34 -07:00
Jeff Vander Stoep
1874950d21
Protect dropbox service data with selinux
...
am: 4d3ee1a5b6
2018-04-18 15:02:26 -07:00
Jeff Vander Stoep
4d3ee1a5b6
Protect dropbox service data with selinux
...
Create a new label for /data/system/dropbox, and neverallow direct
access to anything other than init and system_server.
While all apps may write to the dropbox service, only apps with
android.permission.READ_LOGS, a signature|privileged|development
permission, may read them. Grant access to priv_app, system_app,
and platform_app, and neverallow access to all untrusted_apps.
Bug: 31681871
Test: atest CtsStatsdHostTestCases
Test: atest DropBoxTest
Test: atest ErrorsTests
Change-Id: Ice302b74b13c4d66e07b069c1cdac55954d9f5df
2018-04-18 19:53:03 +00:00
Tri Vo
1ff62be936
[automerger skipped] Merge "Sepolicy for rw mount point for vendors." am: 5a5894a979
...
am: 1ab34eb09e
2018-04-18 12:48:53 -07:00
Tri Vo
1ab34eb09e
Merge "Sepolicy for rw mount point for vendors."
...
am: 5a5894a979
2018-04-18 12:45:16 -07:00
Tom Cherry
620dc7f814
Allow vendor_init to access unencrypted_data_file
...
FBE needs to access these files to set up or verify encryption for
directories during mkdir.
Bug: 77850279
Test: walleye + more restrictions continues to have FBE work
Change-Id: I84e201436ce4531d36d1257d932c3e2e772ea05e
(cherry picked from commit 18a284405f
2018-04-18 19:39:04 +00:00
Tri Vo
5a5894a979
Merge "Sepolicy for rw mount point for vendors."
2018-04-18 19:32:32 +00:00
Mark Salyzyn
fdf4c6bfb8
Merge "init: lock down access to keychord_device" into pi-dev
...
am: 8ace003930
2018-04-18 12:31:08 -07:00
TreeHugger Robot
8ace003930
Merge "init: lock down access to keychord_device" into pi-dev
2018-04-18 18:56:32 +00:00
Tom Cherry
95bcffaa45
Merge "Allow vendor_init to access unencrypted_data_file" into pi-dev
...
am: 4f0a21cca8
2018-04-18 10:47:57 -07:00
Tom Cherry
4f0a21cca8
Merge "Allow vendor_init to access unencrypted_data_file" into pi-dev
2018-04-18 17:37:23 +00:00
Alan Stokes
62913dbfd2
Remove fixed bug from bug_map.
...
Bug: 77816522
Bug: 73947096
Test: Flashed device, no denial seen
Change-Id: Ib2f1fc670c9a76abbb9ff6747fec00fa5bcde5af
2018-04-18 17:11:45 +01:00
Alan Stokes
051b47c865
Merge "Revert "Revert "Add /sys/kernel/memory_state_time to sysfs_power.""" am: a87a8db2ac
...
am: e6fa185ae6
2018-04-18 02:47:49 -07:00
