Yifan Hong
bf7bf3ba0e
perfprofd: talk to health HAL.
...
am: 65c568d0dd
2018-07-17 13:24:23 -07:00
Yifan Hong
65c568d0dd
perfprofd: talk to health HAL.
...
Test: perfprofd tests
Bug: 110890430
Change-Id: I0f7476d76b8d35b6b48fe6b77544ca8ccc71534d
2018-07-17 11:37:26 -07:00
Jeff Vander Stoep
a0afe6eaf6
[automerger skipped] crash_dump: disallow ptrace of TCB components am: f0e6a70ab5 am: 7f6df93026 am: db8835e0c3 -s ours
...
am: a2bc6f8cfc
2018-07-13 21:47:05 -07:00
Jeff Vander Stoep
a2bc6f8cfc
[automerger skipped] crash_dump: disallow ptrace of TCB components am: f0e6a70ab5 am: 7f6df93026
...
am: db8835e0c3
2018-07-13 21:41:59 -07:00
Jeff Vander Stoep
db8835e0c3
crash_dump: disallow ptrace of TCB components am: f0e6a70ab5
...
am: 7f6df93026
2018-07-13 21:37:55 -07:00
Jeff Vander Stoep
3d4d8899d1
crash_dump: disallow ptrace of TCB components
...
am: 573d333589
2018-07-13 21:35:08 -07:00
Jeff Vander Stoep
7f6df93026
crash_dump: disallow ptrace of TCB components
...
am: f0e6a70ab5
2018-07-13 21:34:51 -07:00
Yifan Hong
b1b3a31e61
Merge changes from topic "coredomain_batteryinfo" am: 6397d7e0cb
...
am: c74c0fbb34
2018-07-13 13:08:55 -07:00
Yifan Hong
c74c0fbb34
Merge changes from topic "coredomain_batteryinfo"
...
am: 6397d7e0cb
2018-07-13 12:42:47 -07:00
Treehugger Robot
6397d7e0cb
Merge changes from topic "coredomain_batteryinfo"
...
* changes:
vold: not allowed to read sysfs_batteryinfo
full_treble: coredomain must not have access to sysfs_batteryinfo
2018-07-13 18:42:32 +00:00
Yifan Hong
711908e60b
vold: not allowed to read sysfs_batteryinfo
...
It doesn't need to read batteryinfo to function properly.
Bug: 110891415
Test: builds and boots
Change-Id: I7f388180a25101bfd0c088291ef03a9bf8ba2b2c
2018-07-12 11:45:28 -07:00
Yifan Hong
b5f7f28c26
full_treble: coredomain must not have access to sysfs_batteryinfo
...
... but should do it via health HAL and healthd.
Bug: 110891415
Test: builds
Change-Id: Ib124f82d31f1dfbe99a56475dba04a37f81bdca3
2018-07-12 11:45:28 -07:00
Jeff Vander Stoep
573d333589
crash_dump: disallow ptrace of TCB components
...
Remove permissions.
Bug: 110107376
Test: kill -6 <components excluded from ptrace>
Change-Id: If8b9c932af03a551e40e786d591544ecdd4e5c98
Merged-In: If8b9c932af03a551e40e786d591544ecdd4e5c98
(cherry picked from commit f1554f1588
2018-07-12 11:33:30 -07:00
Jeff Vander Stoep
f0e6a70ab5
crash_dump: disallow ptrace of TCB components
...
Remove permissions and add neverallow assertion.
Bug: 110107376
Test: kill -6 <components excluded from ptrace>
Change-Id: If8b9c932af03a551e40e786d591544ecdd4e5c98
Merged-In: If8b9c932af03a551e40e786d591544ecdd4e5c98
(cherry picked from commit f1554f1588
2018-07-12 17:30:25 +00:00
Aalique Grahame
c1e84a6ac5
Merge "sepolicy: create rules for system properties" am: 280c6afab2
...
am: 5626ee67a9
2018-07-10 21:45:02 -07:00
Aalique Grahame
5626ee67a9
Merge "sepolicy: create rules for system properties"
...
am: 280c6afab2
2018-07-10 21:40:58 -07:00
Florian Mayer
9d144e1f00
Merge "Allow to read events/header_page with debugfs_tracing" am: 7d7328b807
...
am: 139bb3f279
2018-07-10 21:38:01 -07:00
Treehugger Robot
280c6afab2
Merge "sepolicy: create rules for system properties"
2018-07-11 04:36:36 +00:00
Florian Mayer
139bb3f279
Merge "Allow to read events/header_page with debugfs_tracing"
...
am: 7d7328b807
2018-07-10 21:35:06 -07:00
Treehugger Robot
7d7328b807
Merge "Allow to read events/header_page with debugfs_tracing"
2018-07-11 04:28:23 +00:00
Aalique Grahame
2fc89a71f7
sepolicy: create rules for system properties
...
Add new sepolicy rules to support audio system properties
Bug: 110564278
Change-Id: If774a40b50e56f9e83bcb4ab8a84581dc03058ad
2018-07-03 08:54:04 -07:00
Anton Hansson
64bcf9ddda
Merge "Split selinux_policy module into two." am: 43a0a8e10c
...
am: 72a3251989
2018-07-03 06:31:11 -07:00
Anton Hansson
72a3251989
Merge "Split selinux_policy module into two."
...
am: 43a0a8e10c
2018-07-03 06:27:44 -07:00
Anton Hansson
43a0a8e10c
Merge "Split selinux_policy module into two."
2018-07-03 13:19:35 +00:00
Anton Hansson
8cfe1e6128
Split selinux_policy module into two.
...
Create one _system and one _nonsystem target, which together contains
the same artifacts as before, just split by whether they go on the
system partition or not.
The product build hierarchy is being refactored to be split by
partition, so these targets facilitate inclusion of just the
system parts where necessary. Also keep the selinux_policy target
around for products that don't need the split.
Bug: 80410283
Test: for t in eng userdebug user; do lunch mainline_arm64-${t}; m nothing; done
Test: verified walleye /system and /vendor identical before and after, via:
Test: /google/data/rw/users/cc/ccross/bin/compare-target-files.sh P6259983 walleye-userdebug "SYSTEM/*" "VENDOR/*"
Test: only diffs are in build.prop files (timestamps and the like)
Change-Id: I0f5d8a1558a164ce5cfb7d521f34b431855ac260
2018-07-03 14:04:20 +01:00
Florian Mayer
a62ce04a8c
Allow to read events/header_page with debugfs_tracing
...
Bug: 110900684
Change-Id: I9fd141e0d56d0135c563467b7ca2f08b6af6700b`
2018-07-03 09:36:42 +00:00
Bowgo Tsai
6e5e109333
Merge "Sepolicy for rw mount point for product extensions." am: 589dbe1429
...
am: dc7e8d3de5
2018-07-02 19:06:48 -07:00
Pawin Vongmasa
6dea29712a
Merge "Allow surfaceflinger to call into mediacodec" am: 48f1c4ce22
...
am: 35f9e08bcd
2018-07-02 19:06:08 -07:00
Bowgo Tsai
dc7e8d3de5
Merge "Sepolicy for rw mount point for product extensions."
...
am: 589dbe1429
2018-07-02 19:03:52 -07:00
Pawin Vongmasa
35f9e08bcd
Merge "Allow surfaceflinger to call into mediacodec"
...
am: 48f1c4ce22
2018-07-02 19:03:07 -07:00
Treehugger Robot
589dbe1429
Merge "Sepolicy for rw mount point for product extensions."
2018-07-03 00:21:01 +00:00
Treehugger Robot
48f1c4ce22
Merge "Allow surfaceflinger to call into mediacodec"
2018-07-03 00:19:50 +00:00
Yabin Cui
474389dfb4
Merge "Export more files in proc_perf." am: 74f86551af
...
am: ca685e9e91
2018-07-02 15:22:27 -07:00
Yabin Cui
ca685e9e91
Merge "Export more files in proc_perf."
...
am: 74f86551af
2018-07-02 15:18:49 -07:00
Yabin Cui
74f86551af
Merge "Export more files in proc_perf."
2018-07-02 22:12:03 +00:00
Yongqin Liu
cb7a9e8aae
public/netd.te: allow netd to operate icmp_socket that passed to it am: 8a8d4ef532
...
am: 29ed5f16ed
2018-07-02 14:59:46 -07:00
Yongqin Liu
29ed5f16ed
public/netd.te: allow netd to operate icmp_socket that passed to it
...
am: 8a8d4ef532
2018-07-02 14:55:41 -07:00
Yabin Cui
09464811ca
Export more files in proc_perf.
...
Export /proc/sys/kernel/perf_cpu_time_max_percent and
/proc/sys/kernel/perf_event_mlock_kb in proc_perf. So
they can be read in shell and written by init.
This is needed by simpleperf to control cpu percent and
memory used for profiling.
Bug: 110706031
Test: build and boot hikey960 successfully.
Change-Id: I2a01f583508003ab73427bab30a7982a27dfa677
2018-07-02 11:39:40 -07:00
Yongqin Liu
8a8d4ef532
public/netd.te: allow netd to operate icmp_socket that passed to it
...
This should be supplement for the change here:
https://android-review.googlesource.com/c/platform/system/sepolicy/+/708638
When test the cts libcore.libcore.io.OsTest#test_socketPing test case, it will fail
with avc denial message like following:
[ 1906.617027] type=1400 audit(1530527518.195:10496): avc: denied { read write } for comm="netd" path="socket:[32066]" dev="sockfs" ino=32066 scontext=u:r:netd:s0 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=icmp_socket permissive=1
[ 1906.617189] type=1400 audit(1530527518.195:10496): avc: denied { read write } for comm="netd" path="socket:[32066]" dev="sockfs" ino=32066 scontext=u:r:netd:s0 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=icmp_socket permissive=1
[ 1906.617206] type=1400 audit(1530527518.195:10497): avc: denied { getopt } for comm="netd" lport=2 scontext=u:r:netd:s0 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=icmp_socket permissive=1
[ 1906.617313] type=1400 audit(1530527518.195:10497): avc: denied { getopt } for comm="netd" lport=2 scontext=u:r:netd:s0 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=icmp_socket permissive=1
[ 1906.617330] type=1400 audit(1530527518.195:10498): avc: denied { setopt } for comm="netd" lport=2 scontext=u:r:netd:s0 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=icmp_socket permissive=1
[ 1907.832425] type=1400 audit(1530527518.195:10498): avc: denied { setopt } for comm="netd" lport=2 scontext=u:r:netd:s0 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=icmp_socket permissive=1
Test: run cts -m CtsLibcoreTestCases -t libcore.libcore.io.OsTest#test_socketPing
Change-Id: If41cb804292834b8994333f170d1f7f837bcd7df
Signed-off-by: Yongqin Liu <yongqin.liu@linaro.org>
2018-07-02 18:34:18 +08:00
Pawin Vongmasa
ff2dccaf38
Allow surfaceflinger to call into mediacodec
...
Test: adb logcat | grep "Wrong interface type."
Bug: 77924251
Change-Id: Idf9d7ae6db0d41bb0c2f94b2183bfe23f0c21155
2018-07-01 19:04:03 -07:00
Todd Poynor
c66af8944e
[automerger skipped] remove thermalcallback_hwservice am: c6afcb7fc0 -s ours
...
am: 29e292e9d2
2018-06-29 19:19:11 -07:00
Todd Poynor
29e292e9d2
[automerger skipped] remove thermalcallback_hwservice
...
am: c6afcb7fc0
2018-06-29 19:14:10 -07:00
Todd Poynor
c6afcb7fc0
remove thermalcallback_hwservice
...
This hwservice isn't registered with hwservicemanager but rather passed
to the thermal hal, so it doesn't need sepolicy associated with it to
do so.
Test: manual: boot, inspect logs
Test: VtsHalThermalV1_1TargetTest
Bug: 109802374
Change-Id: Ifb727572bf8eebddc58deba6c0ce513008e01861
Merged-In: Ifb727572bf8eebddc58deba6c0ce513008e01861
2018-06-29 23:01:43 +00:00
Jeff Vander Stoep
cdc79fd4f2
Merge "priv_app: dontaudit read access to default sysfs label" am: 05fc3f2526
...
am: 9256ec00b8
2018-06-29 15:03:31 -07:00
Jeff Vander Stoep
9256ec00b8
Merge "priv_app: dontaudit read access to default sysfs label"
...
am: 05fc3f2526
2018-06-29 14:41:05 -07:00
Treehugger Robot
05fc3f2526
Merge "priv_app: dontaudit read access to default sysfs label"
2018-06-29 20:43:53 +00:00
Jeff Vander Stoep
4894d9fde8
priv_app: dontaudit read access to default sysfs label
...
Suppress selinux logspam for non-API files in /sys.
Bug: 110914297
Test: build
Change-Id: I9b3bcf2dbf80f282ae5c74b61df360c85d02483c
2018-06-29 11:06:10 -07:00
John Reck
ca5028a56c
Merge "Add record-tgid tracefs support" am: d6c47bc1b5
...
am: 10caa0c412
2018-06-29 10:59:03 -07:00
John Reck
10caa0c412
Merge "Add record-tgid tracefs support"
...
am: d6c47bc1b5
2018-06-29 10:54:55 -07:00
Treehugger Robot
d6c47bc1b5
Merge "Add record-tgid tracefs support"
2018-06-29 17:51:07 +00:00
