Makoto Onuki
b92ce307ea
Merge "Add app_binding system service" am: ac4b6478c1 am: 6d31c536bd
...
am: 19167eea45
2018-09-06 10:42:59 -07:00
Makoto Onuki
6d31c536bd
Merge "Add app_binding system service"
...
am: ac4b6478c1
2018-09-06 10:31:56 -07:00
Makoto Onuki
6af1181320
Add app_binding system service
...
Bug: 109809543
Test: Build and boot with the new service in the internal branch.
Change-Id: Iaee365771c3e8e5b8f5f3b6112bbf902c6bb02bd
2018-09-05 14:33:20 -07:00
Benjamin Gordon
b88d3c5e87
Merge "sepolicy: Add mmap for profman" am: 7b22940511 am: 350c51d0bb
...
am: f21a8fa535
2018-09-04 15:26:52 -07:00
Benjamin Gordon
350c51d0bb
Merge "sepolicy: Add mmap for profman"
...
am: 7b22940511
2018-09-04 15:12:36 -07:00
Treehugger Robot
7b22940511
Merge "sepolicy: Add mmap for profman"
2018-09-04 22:09:28 +00:00
Jeff Vander Stoep
2fdfc45dd2
app: Allow all apps to read dropbox FDs am: 6026a4adb9 am: 90753875f1
...
am: 4fa9592c83
2018-09-04 15:00:48 -07:00
Jeff Vander Stoep
90753875f1
app: Allow all apps to read dropbox FDs
...
am: 6026a4adb9
2018-09-04 14:47:56 -07:00
Benjamin Gordon
7cab455f2d
sepolicy: Add mmap for profman
...
SELinux has a separate file mmap permission in 4.14+ kernels. Add this
to profman in cases where it could already access files.
Bug: 112990132
Test: atest com.android.cts.dexmetadata.InstallDexMetadataHostTest
Change-Id: I4f3cd55fbd4d0052500f07aac7d286c397758abc
2018-09-04 14:55:31 -06:00
Jeff Vander Stoep
6026a4adb9
app: Allow all apps to read dropbox FDs
...
DropboxManager may pass FDs to any app with the READ_LOGS
permission which is available to all apps as a development
permission.
Test: atest CtsIncidentHostTestCases
Fixes: 111856304
Change-Id: I329e3125dab83de948b860061df9d232e31cb23e
2018-09-04 20:23:43 +00:00
Mark Salyzyn
200aac4302
llkd: Add stack symbol checking am: 275ea12d84 am: 74ac780247
...
am: 94e57b4361
2018-09-04 12:51:33 -07:00
Mark Salyzyn
74ac780247
llkd: Add stack symbol checking
...
am: 275ea12d84
2018-09-04 12:34:26 -07:00
Mark Salyzyn
275ea12d84
llkd: Add stack symbol checking
...
llkd needs the ptrace capabilities and dac override to monitor for
live lock conditions on the stack dumps.
Test: compile
Bug: 33808187
Change-Id: Ibc1e4cc10395fa9685c4ef0ca214daf212a5e126
2018-09-04 17:02:30 +00:00
Kevin Chyn
ee7a01b680
Add BiometricPromptService to sepolicy am: 57887307df am: 99979e0ce0
...
am: 491445d57b
2018-08-30 15:58:35 -07:00
Kevin Chyn
99979e0ce0
Add BiometricPromptService to sepolicy
...
am: 57887307df
2018-08-30 15:05:37 -07:00
Kevin Chyn
57887307df
Add BiometricPromptService to sepolicy
...
Bug: 72825012
Test: manual
Change-Id: I850c869cdc0ad8735800130bb4a8d67822197ff9
2018-08-30 11:43:20 -07:00
Mark Salyzyn
b1dceafff8
Merge "init: drop /dev/keychord access" am: b54e2b7bb3 am: 055af79ce5
...
am: d01ab0c477
2018-08-29 08:01:26 -07:00
Mark Salyzyn
055af79ce5
Merge "init: drop /dev/keychord access"
...
am: b54e2b7bb3
2018-08-29 07:53:26 -07:00
Treehugger Robot
b54e2b7bb3
Merge "init: drop /dev/keychord access"
2018-08-29 14:40:32 +00:00
Nick Kralevich
1c39637ee1
Merge "shell: remove /dev/input write access" am: efb6667a2c am: f2735e60ab
...
am: e0e51c0f1b
2018-08-28 14:58:28 -07:00
Nick Kralevich
f2735e60ab
Merge "shell: remove /dev/input write access"
...
am: efb6667a2c
2018-08-28 13:58:57 -07:00
Treehugger Robot
efb6667a2c
Merge "shell: remove /dev/input write access"
2018-08-28 17:53:27 +00:00
Mark Salyzyn
0722b5aab6
init: drop /dev/keychord access
...
Test: compile
Bug: 64114943
Change-Id: I1d20cc027dbd1a94e2a79b6aebdd265cefe8a6a5
2018-08-28 10:33:49 -07:00
Nick Kralevich
51156264b4
shell: remove /dev/input write access
...
Shell access to existing input devices is an abuse vector.
The shell user can inject events that look like they originate
from the touchscreen etc.
Everyone should have already moved to UiAutomation#injectInputEvent
if they are running instrumentation tests (i.e. CTS), Monkey for
their stress tests, and the input command (adb shell input ...) for
injecting swipes and things.
Remove the write ability for shell users, and add a neverallow assertion
(which is also a CTS test) to prevent regressions.
Bug: 30861057
Test: auditallow statement added in
f617a404c2
2018-08-28 09:19:51 -07:00
Jeff Vander Stoep
08aa715966
crash_dump: disallow ptrace of TCB components
...
Remove permissions and add neverallow assertion.
(cherry picked from commit f1554f1588
2018-08-28 08:28:25 -07:00
Chia-I Wu
c9dffafb18
Merge "Allow signals to hal_graphics_allocator_server from dumpstate" am: ed16534eb5 am: 31f88efdad
...
am: 9cf9cb31e9
2018-08-27 12:01:40 -07:00
Chia-I Wu
31f88efdad
Merge "Allow signals to hal_graphics_allocator_server from dumpstate"
...
am: ed16534eb5
2018-08-27 11:53:32 -07:00
Treehugger Robot
ed16534eb5
Merge "Allow signals to hal_graphics_allocator_server from dumpstate"
2018-08-27 18:46:28 +00:00
Howard Ro
4c8e74e1aa
Merge "Allow all app types to socket send to statsdw (statsd socket)" am: 00f76cb4ff am: 7e143d0ce7
...
am: ac2d5c856a
2018-08-25 09:22:00 -07:00
Howard Ro
7e143d0ce7
Merge "Allow all app types to socket send to statsdw (statsd socket)"
...
am: 00f76cb4ff
2018-08-25 09:14:37 -07:00
Howard Ro
00f76cb4ff
Merge "Allow all app types to socket send to statsdw (statsd socket)"
2018-08-25 00:32:59 +00:00
Nick Kralevich
39031df25a
auditallow shell input_device:chr_file am: f617a404c2 am: 5a4374c536
...
am: 40f941eb40
2018-08-24 14:45:28 -07:00
Nick Kralevich
5a4374c536
auditallow shell input_device:chr_file
...
am: f617a404c2
2018-08-24 14:37:25 -07:00
Nick Kralevich
f617a404c2
auditallow shell input_device:chr_file
...
Test to see if anyone is writing to /dev/input from the shell.
Bug: 30861057
Test: device boots and no avc granted messages.
Change-Id: Ia3499ef9436f83cf13c633525348b63edd95990f
2018-08-24 12:40:30 -07:00
Shibin George
4303886828
Merge "Whitelist some more properties that go into /vendor/build.prop" am: 7ecc8b13ee am: 57a4327288
...
am: f7e6066b91
2018-08-23 22:29:02 -07:00
Shibin George
57a4327288
Merge "Whitelist some more properties that go into /vendor/build.prop"
...
am: 7ecc8b13ee
2018-08-23 22:19:05 -07:00
Treehugger Robot
7ecc8b13ee
Merge "Whitelist some more properties that go into /vendor/build.prop"
2018-08-24 05:06:33 +00:00
Howard Ro
21bd2aeb08
Allow all app types to socket send to statsdw (statsd socket)
...
Also move statsd to /public/
Bug: 110538431
Test: manual testing
Change-Id: I58319e169eaab7d997ed3628c3c9709cf7bd0d4a
2018-08-23 16:13:30 -07:00
Tri Vo
dc7ab41184
Merge "Rename untrusted_app_visible_*' to include 'violators'."
...
am: 00f28f6d09
2018-08-22 21:04:57 -07:00
Tri Vo
00f28f6d09
Merge "Rename untrusted_app_visible_*' to include 'violators'."
2018-08-23 03:22:20 +00:00
Christine Franks
a470c03a3f
Add color_service selinux policy am: a11cdd2f93 am: e35a63ee12
...
am: 71a3c90d40
2018-08-22 12:05:06 -07:00
Christine Franks
e35a63ee12
Add color_service selinux policy
...
am: a11cdd2f93
2018-08-22 11:56:37 -07:00
TreeHugger Robot
44ea177421
Merge "Add missing pm.* properties in property_contexts"
2018-08-22 16:01:19 +00:00
Christine Franks
a11cdd2f93
Add color_service selinux policy
...
Bug: 111215474
Test: boots
Change-Id: I98955bcd02f643400c3eb97232467c09a2c5c1e5
2018-08-21 17:53:00 -07:00
Tri Vo
7f8b6cc66c
Rename untrusted_app_visible_*' to include 'violators'.
...
Bug: 110887137
Test: Flash new system policy onto a device with vendor policy that uses
untrusted_app_visible_* attributes, and check that old and new attributes
are applied to exactly same types.
Change-Id: Ibee0ec645878fcc8c93cd0fbd169a8d45129d79e
Merged-In: Ibee0ec645878fcc8c93cd0fbd169a8d45129d79e
(cherry picked from commit 7abca51d19
2018-08-21 21:32:41 +00:00
Benjamin Gordon
e1b7ebcb49
sepolicy: Fix references to self:capability am: 7ed266c678 am: 80c68620eb
...
am: bf9e2f05f9
2018-08-21 14:27:23 -07:00
Benjamin Gordon
80c68620eb
sepolicy: Fix references to self:capability
...
am: 7ed266c678
2018-08-21 13:15:55 -07:00
Benjamin Gordon
7ed266c678
sepolicy: Fix references to self:capability
...
commit 9b2e0cbeea
2018-08-21 15:55:23 +00:00
Hridya Valsaraju
01ddd0c909
Merge "Define 'super_block_device' type" am: 6fc083693a am: 3e700650a4
...
am: 0e70b2a271
2018-08-20 14:30:10 -07:00
Hridya Valsaraju
3e700650a4
Merge "Define 'super_block_device' type"
...
am: 6fc083693a
2018-08-20 14:18:58 -07:00
