tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
14884 commits 1 branch 0 tags 50 MiB
Commit graph

14884 commits

This branch
This branch
All branches
Author SHA1 Message Date
huans
5083087127 Add shell:fifo_file permission for cameraserver am: a6acef9a9e 
am: 42756b7628

Change-Id: Ia8e879b894c75a28461bd90e86888703c20a604a
 2018-03-01 02:34:20 +00:00
huans
42756b7628 Add shell:fifo_file permission for cameraserver 
am: a6acef9a9e

Change-Id: I4a6816ae90ced3afb04f8d40afb2267f3a2994cf
 2018-03-01 02:29:45 +00:00
huans
a6acef9a9e Add shell:fifo_file permission for cameraserver 
Bug: 73952536
Test: run cts -m CtsCameraTestCases -t android.hardware.camera2.cts.IdleUidTest#testCameraAccessBecomingInactiveUid
Change-Id: I508352671367dfa106e80108c3a5c0255b5273b2
 2018-02-28 16:12:40 -08:00
Jeff Vander Stoep
cb33022b26 Merge "kernel: exempt from vendor_file restrictions" am: 609aa6b83a am: 7a22490cb7 
am: 426f78ca04

Change-Id: I4f1983feed32c668d723932c61a6f51692c61f53
 2018-02-28 20:59:51 +00:00
Jeff Vander Stoep
426f78ca04 Merge "kernel: exempt from vendor_file restrictions" am: 609aa6b83a 
am: 7a22490cb7

Change-Id: I3e6731b04314f9c54c016c1c7584242cdd12e75f
 2018-02-28 20:46:44 +00:00
Jeff Vander Stoep
7a22490cb7 Merge "kernel: exempt from vendor_file restrictions" 
am: 609aa6b83a

Change-Id: I261753961c59527061254f0b1c7adca50a7c2bce
 2018-02-28 20:40:11 +00:00
Treehugger Robot
609aa6b83a Merge "kernel: exempt from vendor_file restrictions" 2018-02-28 20:30:36 +00:00
Jeff Vander Stoep
a5b5ab2657 Merge "system_server: grant read access to vendor/framework" am: 5b1c3b690d am: d69acbbfb6 
am: e39ba338c0

Change-Id: I56e9182157c8de6c3135ae8a33962bca46c405dd
 2018-02-28 20:08:11 +00:00
Jeff Vander Stoep
e39ba338c0 Merge "system_server: grant read access to vendor/framework" am: 5b1c3b690d 
am: d69acbbfb6

Change-Id: Id2e01070d5669362b78f4adc865c4ff358711e60
 2018-02-28 20:02:04 +00:00
Haynes Mathew George
a9d3fd90d8 audio: Enable vndbinder use from hal_audio am: ebc7b434e2 am: 5d3e4f0c3b 
am: 142bb78cda

Change-Id: I1e721f2bfb59d2510769b7ddae9c22d5c8ae7dba
 2018-02-28 20:01:53 +00:00
Jeff Vander Stoep
d69acbbfb6 Merge "system_server: grant read access to vendor/framework" 
am: 5b1c3b690d

Change-Id: I8808fd94c8130a551803b2ed184c325d3dad86cb
 2018-02-28 19:55:35 +00:00
Haynes Mathew George
142bb78cda audio: Enable vndbinder use from hal_audio am: ebc7b434e2 
am: 5d3e4f0c3b

Change-Id: I56412b40f7f306ac32b588aba8de9a48a4f16c00
 2018-02-28 19:55:20 +00:00
Haynes Mathew George
5d3e4f0c3b audio: Enable vndbinder use from hal_audio 
am: ebc7b434e2

Change-Id: If7f94440e35ad5a009ac6fa9d1cda3cb4fc17825
 2018-02-28 19:49:15 +00:00
Treehugger Robot
5b1c3b690d Merge "system_server: grant read access to vendor/framework" 2018-02-28 19:47:35 +00:00
Jeff Vander Stoep
1242c940ef kernel: exempt from vendor_file restrictions 
The kernel is unusual in that it's both a core process, but vendor
provided. Exempt it from the restriction against accessing files from
on /vendor. Also, rework the neverallow rule so that it disallows
opening/modifying files, but allows reading files passed over IPC.

Bug: 68213100
Test: build (this is a build-time test)
Change-Id: I2f6b2698ec45d2e8480dc1de47bf12b9b53c4446
 2018-02-28 18:06:37 +00:00
Jeff Vander Stoep
9e33565cf0 system_server: grant read access to vendor/framework 
avc: denied { getattr } for path="/vendor/framework"
scontext=u:r:system_server:s0 tcontext=u:object_r:vendor_framework_file:s0
tclass=dir

Bug: 68826235
Test: boot Taimen, verify denials no longer occur.
Change-Id: Id4b311fd423342c8d6399c3b724417aff9d1cd88
 2018-02-28 17:59:22 +00:00
Haynes Mathew George
ebc7b434e2 audio: Enable vndbinder use from hal_audio 
Allow hal audio to use vndbinder

Change-Id: I83fc8d5b873bfc4e36f44e423d5740cb5e9739ee
 2018-02-28 08:56:56 -08:00
Ajay Panicker
76b64a5ff7 Allow audioserver to access Bluetooth Properties am: e32d94064f am: 1be44b83b1 
am: 6e056dd675

Change-Id: Iead5e09dc52386aa88e6f2f4fd8df862f71e98f5
 2018-02-28 07:36:05 +00:00
Ajay Panicker
6e056dd675 Allow audioserver to access Bluetooth Properties am: e32d94064f 
am: 1be44b83b1

Change-Id: Idc0e47c8644e5fcc93c04eca7bba7c0023c49c24
 2018-02-28 07:30:30 +00:00
Ajay Panicker
1be44b83b1 Allow audioserver to access Bluetooth Properties 
am: e32d94064f

Change-Id: I92c156c14675d82d8678df545a168d1a74774cac
 2018-02-28 07:23:58 +00:00
Ajay Panicker
e32d94064f Allow audioserver to access Bluetooth Properties 
Now that Bluetooth supports delay reporting, audioserver needs
access to Bluetooth Properties in order to determine whether the
feature is enabled or disabled.

Bug: 32755225
Test: Enable the property and see that there was no error accessing it
Change-Id: I519d49deb2df4efb3cc2cce9c6d497db18b50c13
 2018-02-28 04:09:33 +00:00
Tri Vo
2aa8fbc1d2 Merge "Silence expandtypeattribute build-time warning." am: 969d8cc4dd am: e5017318c6 
am: 067bc406fa

Change-Id: I3c71ec9699fae580c374c6e22eb2eae62a2d49b1
 2018-02-28 02:08:11 +00:00
Tri Vo
a9d3532baf Merge changes from topic "27_mapping_test" am: a6c6c046b8 am: f706684512 
am: 4d168f1ace

Change-Id: Ide10d23eafbb249e0ef5d264d956ce74af38d847
 2018-02-28 02:07:51 +00:00
Joel Galenson
c5199d053d Merge "Clean up bug_map." am: 40a8bce69d am: e31157d96b 
am: 641608a9c6

Change-Id: I82643e6e2f8eb626f1644efe94a89529c396b3a2
 2018-02-28 01:58:20 +00:00
Tri Vo
067bc406fa Merge "Silence expandtypeattribute build-time warning." am: 969d8cc4dd 
am: e5017318c6

Change-Id: I8fd310b4b3ba5da15826245b63276612cf5cbcfc
 2018-02-28 01:54:31 +00:00
Tri Vo
4d168f1ace Merge changes from topic "27_mapping_test" am: a6c6c046b8 
am: f706684512

Change-Id: I209563c2eeb181452e0ef196f7a8bcff1d4ce3dc
 2018-02-28 01:54:01 +00:00
Joel Galenson
641608a9c6 Merge "Clean up bug_map." am: 40a8bce69d 
am: e31157d96b

Change-Id: Ib843d139377ebcaf716d54108a2197ccc14b25bb
 2018-02-28 01:53:34 +00:00
Jaekyun Seok
e57289cacb Allow vendor-init-settable to persist.sys.zram_enabled am: b47efe346e am: 8ce9b83fed 
am: d647799d94

Change-Id: Ic463f569bfe91dde1981168fb81654855ca6dc01
 2018-02-28 01:51:47 +00:00
Jaekyun Seok
d647799d94 Allow vendor-init-settable to persist.sys.zram_enabled am: b47efe346e 
am: 8ce9b83fed

Change-Id: I403a4bfdb235629105ff5e33dff1930100551ad2
 2018-02-28 01:45:39 +00:00
Tri Vo
e5017318c6 Merge "Silence expandtypeattribute build-time warning." 
am: 969d8cc4dd

Change-Id: I31f387a654065d5311a3f7b484a9833c0d5ba973
 2018-02-28 01:44:04 +00:00
Tri Vo
f706684512 Merge changes from topic "27_mapping_test" 
am: a6c6c046b8

Change-Id: I3e584da883f26d70b5269c101bd83afbf54bee10
 2018-02-28 01:43:42 +00:00
Joel Galenson
e31157d96b Merge "Clean up bug_map." 
am: 40a8bce69d

Change-Id: I8946fbe77bcec0a30aa68752c38d1b49423b659d
 2018-02-28 01:43:00 +00:00
Jaekyun Seok
8ce9b83fed Allow vendor-init-settable to persist.sys.zram_enabled 
am: b47efe346e

Change-Id: Ida8efdbc56d4f1827a5b2e84122164d5ec1ee68f
 2018-02-28 01:42:07 +00:00
Treehugger Robot
969d8cc4dd Merge "Silence expandtypeattribute build-time warning." 2018-02-28 00:30:19 +00:00
Treehugger Robot
a6c6c046b8 Merge changes from topic "27_mapping_test" 
* changes:
  Enable treble_sepolicy_tests against 27.0 release.
  Refactor build rule for treble sepolicy tests.
 2018-02-28 00:30:19 +00:00
Treehugger Robot
40a8bce69d Merge "Clean up bug_map." 2018-02-28 00:03:27 +00:00
Jaekyun Seok
1037f4637c Merge "Allow vendor-init-settable for ro.radio.noril" am: d5996eca28 am: 2a48370665 
am: a84c15fd8d

Change-Id: I19b9fd4b0b629650199d3306ea0d576f716128c9
 2018-02-27 23:45:18 +00:00
Jaekyun Seok
a84c15fd8d Merge "Allow vendor-init-settable for ro.radio.noril" am: d5996eca28 
am: 2a48370665

Change-Id: I5ae3137f68621e9d6f26932ace4553ec16167e8a
 2018-02-27 23:40:13 +00:00
Jaekyun Seok
2a48370665 Merge "Allow vendor-init-settable for ro.radio.noril" 
am: d5996eca28

Change-Id: Ib0325c335e18ef1ed7d9986bdf64771862b5bce3
 2018-02-27 23:36:08 +00:00
Jaekyun Seok
b47efe346e Allow vendor-init-settable to persist.sys.zram_enabled 
persist.sys.zram_enabled is set in vendor/build.prop in taimen and walleye,
which was added after the initial whitelist.
go/treble-sysprop-compatibility requires whitelisting such a property to
allow it to be overridden by vendor/{default|build}.prop.

Bug: 73905119
Test: succeeded building and test with taimen
Change-Id: I931182aa05eb90c14df6e2c7cc26913f3874fa18
 2018-02-27 23:22:32 +00:00
Treehugger Robot
d5996eca28 Merge "Allow vendor-init-settable for ro.radio.noril" 2018-02-27 23:18:41 +00:00
Tri Vo
9299d93942 Enable treble_sepolicy_tests against 27.0 release. 
Bug: 69390067
Test: build sepolicy
Change-Id: I4fc7438e4f825281d93a2849be9d2db819bea4ca
 2018-02-27 14:26:48 -08:00
Tri Vo
1406926d09 Refactor build rule for treble sepolicy tests. 
Bug: 69390067
Test: policy builds
Change-Id: I9b29a88ec071a17fc429892b5a8720b15fcbcf32
 2018-02-27 14:26:31 -08:00
Joel Galenson
40c112c859 Clean up bug_map. 
Remove a fixed bug from bug_map.

Bug: 73068008
Test: Built policy.
Change-Id: Id0072788953cb6b939a11caace0158da7799f540
 2018-02-27 14:17:48 -08:00
Alan Stokes
6c467309f1 Merge "Allow init to create & write to vibrator/trigger." am: 6ffa76ea78 am: 04b800ed7e 
am: 523c49139d

Change-Id: I77376c86b0fc38c5214fb26fa6c13339e3646dc9
 2018-02-27 15:52:40 +00:00
Alan Stokes
396c362e59 Suppress noisy performanced denials in permissive mode. am: cf71a5ae60 am: 5df3c8d6fc 
am: 4c63cd4c2a

Change-Id: I801c367ef298445f5567f2c0441953872a697e82
 2018-02-27 15:52:16 +00:00
Alan Stokes
523c49139d Merge "Allow init to create & write to vibrator/trigger." am: 6ffa76ea78 
am: 04b800ed7e

Change-Id: Ic4fb65cc9c3a566b9b89c5b6e245c4d40e0fc3fa
 2018-02-27 15:45:09 +00:00
Alan Stokes
4c63cd4c2a Suppress noisy performanced denials in permissive mode. am: cf71a5ae60 
am: 5df3c8d6fc

Change-Id: I6ec0f1d5753c76116a4a11a9186771d6add777c2
 2018-02-27 15:44:42 +00:00
Alan Stokes
04b800ed7e Merge "Allow init to create & write to vibrator/trigger." 
am: 6ffa76ea78

Change-Id: I65c993eaf9e48d857a13b37dfc9b7a710c767043
 2018-02-27 15:38:57 +00:00
Alan Stokes
5df3c8d6fc Suppress noisy performanced denials in permissive mode. 
am: cf71a5ae60

Change-Id: Ic897e65ef5d020c7d2b69ad29837b82bff155e8a
 2018-02-27 15:38:37 +00:00