Nick Chalko
31bd5722e2
Merge "Add sysfs_extcon for /sys/class/extcon"
...
am: cac127c8fd
2019-02-21 23:53:14 -08:00
Treehugger Robot
cac127c8fd
Merge "Add sysfs_extcon for /sys/class/extcon"
2019-02-22 07:42:33 +00:00
Tri Vo
183fc3f2a2
audit apps opening /dev/ashmem
...
am: 877fe9dea6
2019-02-21 18:43:22 -08:00
Hridya Valsaraju
1912daf6a9
Fastbootd must be able to erase logical partitions
...
This CL adds permissions to allow fastbootd to erase
logical partitions.
[ 33.423370] c5 587 audit: type=1400 audit(2073228.303:11): avc: denied { ioctl } for
pid=587 comm="fastbootd" path="/dev/block/dm-0" dev="tmpfs" ino=25433 ioctlcmd=0x127d
scontext=u:r:fastbootd:s0 tcontext=u:object_r:dm_device:s0 tclass=blk_file permissive=0^M
[ 33.446927] c5 587 audit: type=1400 audit(2073228.326:12): avc: denied { ioctl }
for pid=587 comm="fastbootd" path="/dev/block/dm-0" dev="tmpfs" ino=25433 ioctlcmd=0x1277
scontext=u:r:fastbootd:s0 tcontext=u:object_r:dm_device:s0 tclass=blk_file permissive=0^M
Test: fastboot erase system
Bug: 125391557
Change-Id: I0c99db123ed5357ceb7e16e192042e8e044e3557
2019-02-21 12:36:28 -08:00
Tri Vo
877fe9dea6
audit apps opening /dev/ashmem
...
Bug: 113362644
Test: boot device
Test: use Chrome app, no audit logs
Change-Id: I6c78c7ac258a4ea90d501a152b5c9e7851afcf08
2019-02-21 11:43:20 -08:00
Xin Li
9bdc97c311
DO NOT MERGE - Merge pi-dev@5234907 into stage-aosp-master
...
Bug: 120848293
Change-Id: I01c03ddd0caed61851b3bf5b4fbb26de15248577
2019-02-21 09:25:13 -08:00
Nick Chalko
4ccc8568ec
Add sysfs_extcon for /sys/class/extcon
...
Bug: 124364409
Change-Id: Idc33732454674bbdc7f4ff6eda173acc24e318b3
Test: cherry picked to pi-tv-dr-dev and tested on JBL Link bar
2019-02-21 17:16:34 +00:00
Nick Kralevich
1ad7030ef8
Merge "Allow shell /proc/loadavg access"
...
am: ba1be2c4bb
2019-02-20 17:43:49 -08:00
Treehugger Robot
ba1be2c4bb
Merge "Allow shell /proc/loadavg access"
2019-02-21 01:32:22 +00:00
Sundong Ahn
88bb57ec88
Add ro.surface_flinger.display_primary*
...
The ro.surface_flinger.display_primary* properties are added to
property_contexts. Because these properties are located in vendor
partition, but surfaceflinger service which use these properties
is in the system partition.
Bug: 124531214
Test: m -j && boot test
Change-Id: If90c4bc75796d8966bbf3ee2e3bab39145395800
2019-02-21 09:54:13 +09:00
Daniel Rosenberg
8e5d258b6c
Allow postinstall scripts to trigger F2FS GC
...
am: f63fe72142
2019-02-20 15:08:56 -08:00
Daniel Rosenberg
fe47f9e353
Add Label to f2fs sysfs files
...
am: 46c50683d6
2019-02-20 15:08:44 -08:00
Daniel Rosenberg
f63fe72142
Allow postinstall scripts to trigger F2FS GC
...
Test: Add checkpoint_gc to postinstall scripts
Bug: 123367711
Change-Id: I24a0bd1c2c2086545f1587765bb9814da24ec7f2
2019-02-20 22:40:53 +00:00
Daniel Rosenberg
46c50683d6
Add Label to f2fs sysfs files
...
Test: ls -lZ /sys/fs/f2fs
Bug: 123367711
Change-Id: I0035feb8409b7ec8e11510795fb7d8845992694e
2019-02-20 22:40:40 +00:00
Nick Kralevich
28e4b83ec7
Allow shell /proc/loadavg access
...
Needed for the bionic stdlib.getloadavg test.
Access to /proc/loadavg was inadvertantly removed when a new label was
assigned to that file in system/sepolicy commit
8c2323d3f9
2019-02-20 13:56:52 -08:00
David Anderson
879acc21ef
Merge "Add sepolicy for gsid properties, and allow system_server to read them."
...
am: 8bcd43a33e
2019-02-20 12:29:42 -08:00
David Anderson
8bcd43a33e
Merge "Add sepolicy for gsid properties, and allow system_server to read them."
2019-02-20 19:49:01 +00:00
Xin Li
48ec35f4d8
[automerger skipped] Merge "DO NOT MERGE - Merge PPRL.190205.001 into master"
...
am: 0e8a36f38f
2019-02-20 11:33:44 -08:00
Xin Li
f70a169189
[automerger skipped] DO NOT MERGE - Merge PPRL.190205.001 into master
...
am: 7636cff2b7
2019-02-20 08:55:15 -08:00
Xin Li
0e8a36f38f
Merge "DO NOT MERGE - Merge PPRL.190205.001 into master"
2019-02-20 16:25:58 +00:00
Hridya Valsaraju
bd628654bf
Merge "Add permissions required for flashing"
...
am: 21eac99526
2019-02-20 01:59:25 -08:00
Treehugger Robot
21eac99526
Merge "Add permissions required for flashing"
2019-02-20 09:43:23 +00:00
David Anderson
8c9f1e4119
Allow gatekeeperd to read ro.gsid.image_running.
...
Bug: 123716647
Test: PIN authentication works after booting into a GSI
Change-Id: Id1af1e207988eedbcce5e530c167994bf34cf7e2
2019-02-19 21:08:22 +00:00
David Anderson
8fe3c74654
Add sepolicy for gsid properties, and allow system_server to read them.
...
Bug: 123777418
Test: manual test
Change-Id: I9f8c721dfd074e638573d85cf1d8045a69c3854e
2019-02-19 21:08:09 +00:00
Gavin Corkery
92e7716255
Merge "Rename data/staging to data/pkg_staging."
...
am: 52c1d81aa4
2019-02-19 12:25:56 -08:00
Gavin Corkery
52c1d81aa4
Merge "Rename data/staging to data/pkg_staging."
2019-02-19 19:44:13 +00:00
Gavin Corkery
2db5015b4c
Rename data/staging to data/pkg_staging.
...
Test: Build and flash, atest apex_e2e_tests
Fixes: 122999313
Change-Id: I2cfa49d8467d67edc470b1cade3746426fa86e37
Merged-In: I2cfa49d8467d67edc470b1cade3746426fa86e37
2019-02-19 15:51:14 +00:00
Jeff Vander Stoep
4c6f1cb7a3
Whitelist flaky presubmit failures
...
am: b3b7543de6
2019-02-18 21:58:48 -08:00
Xin Li
7636cff2b7
DO NOT MERGE - Merge PPRL.190205.001 into master
...
Bug: 124234733
Change-Id: I78dac98a0d72fc8b8fe868c964458a98f5727786
2019-02-18 15:58:55 -08:00
Jeff Vander Stoep
b3b7543de6
Whitelist flaky presubmit failures
...
These denials already have tracking bugs.
Addresses
avc: denied { write } for comm=".gms.persistent" name="0" dev="tmpfs"
scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:mnt_user_file:s0
tclass=dir permissive=0 app=com.google.android.gms
avc: denied { getattr } for path="/data/system_ce/0/accounts_ce.db"
scontext=u:r:vold:s0 tcontext=u:object_r:system_data_file:s0
tclass=file permissive=0
Bug: 124108085
Bug: 118185801
Test: build tests
Change-Id: I97192e5c85d8d3a9efe950a0bbb33ea88aac76bd
2019-02-18 21:24:46 +00:00
Jeff Vander Stoep
ce152532af
crash_dump: dontaudit gpu_device access
...
am: 504a654983
2019-02-18 13:19:06 -08:00
Jeff Vander Stoep
504a654983
crash_dump: dontaudit gpu_device access
...
And add neverallow so that it's removed from partner policy if
it was added there due to denials.
Fixes: 124476401
Test: build
Change-Id: I16903ba43f34011a0753b5267c35425dc7145f05
2019-02-18 21:06:42 +00:00
Remi NGUYEN VAN
286bce8bfb
Merge "sepolicy change for NetworkStack signature"
...
am: ec651944a0
2019-02-15 17:56:38 -08:00
Remi NGUYEN VAN
ec651944a0
Merge "sepolicy change for NetworkStack signature"
2019-02-16 01:48:49 +00:00
Hridya Valsaraju
e6c36ef12f
Add permissions required for flashing
...
These are required to handle the following denials:
audit: type=1400 audit(96805.060:7): avc: denied { sys_admin } for
pid=517 comm="fastbootd" capability=21 scontext=u:r:fastbootd:s0 tcontext=u:r:fastbootd:s0
tclass=capability permissive=0␍␊
[14:14:36:606] [ 11.196190] audit: type=1400 audit(103042.976:10): avc: denied { read } for
pid=520 comm="fastbootd" name="by-name" dev="tmpfs" ino=18500 scontext=u:r:fastbootd:s0
tcontext=u:object_r:block_device:s0 tclass=dir permissive=1
Test: fastboot flashall
Bug: 124410201
Change-Id: I80041a78a5b6df09c6526be6a4066eb771887265
2019-02-15 14:45:18 -08:00
Sudheer Shanka
b8df6eda98
Merge "Track untrusted_app_27 SELinux denial"
...
am: 161601cbf6
2019-02-15 14:37:23 -08:00
Sudheer Shanka
161601cbf6
Merge "Track untrusted_app_27 SELinux denial"
2019-02-15 22:26:09 +00:00
Mark Salyzyn
2340f1017a
fs_mgr: overlayfs support legacy devices (marlin) Part Deux
...
am: bd80e63e03
2019-02-15 13:47:22 -08:00
Mark Salyzyn
bd80e63e03
fs_mgr: overlayfs support legacy devices (marlin) Part Deux
...
On legacy devices system_<other> partition is blocked from
becoming the backing store under certain circumstances.
Test: system/core/fs_mgr/tests/adb-remount-test.sh
Bug: 120448575
Bug: 123079041
Change-Id: I1803f072ca21bc116554eee1d01a1dbd2c9ed0c9
2019-02-15 15:56:16 +00:00
Sudheer Shanka
9c96649b27
Track untrusted_app_27 SELinux denial
...
vrcore is trying to access external storage before
it is available.
Bug: 118185801
Test: n/a
Change-Id: Ieb38a1bfb977d9f6f642fecdd1000a195b2c8259
2019-02-15 00:42:47 -08:00
Sudheer Shanka
a82094795e
Merge "Update a comment to match the latest rules."
...
am: 6c773be030
2019-02-14 22:41:30 -08:00
Treehugger Robot
6c773be030
Merge "Update a comment to match the latest rules."
2019-02-15 06:38:25 +00:00
Alan Stokes
b7d23bc285
Merge "Fix typo in file name."
...
am: 2379bb7603
2019-02-14 20:21:44 -08:00
Treehugger Robot
2379bb7603
Merge "Fix typo in file name."
2019-02-15 04:16:44 +00:00
Jeffrey Vander Stoep
0782f93463
Merge "Track SELinux denial."
...
am: 567a8063a9
2019-02-14 20:08:59 -08:00
Jeffrey Vander Stoep
567a8063a9
Merge "Track SELinux denial."
2019-02-15 03:59:41 +00:00
Jeff Vander Stoep
f05de2ee39
Track SELinux denial.
...
This should help fix presubmit tests.
Bug: 124468495
Bug: 124476401
Test: Build.
Change-Id: I7d8befaef2a90d6dc824f99e3088a922c8d1fdc4
2019-02-14 19:52:03 -08:00
Tianjie Xu
79d234f469
Merge "Allow update engine to write to statsd socket"
...
am: 4dd5976170
2019-02-14 14:13:40 -08:00
Xin Li
176f17cbff
Merge "DO NOT MERGE - Merge pi-platform-release (PPRL.190205.001) into stage-aosp-master" into stage-aosp-master
2019-02-14 22:11:31 +00:00
Tianjie Xu
4dd5976170
Merge "Allow update engine to write to statsd socket"
2019-02-14 22:07:11 +00:00
