Bowgo Tsai
c89e08733b
Merge "Moving adbd from rootdir to system/bin" into oc-mr1-dev
...
am: cf627a49b6
2017-08-18 06:06:54 +00:00
TreeHugger Robot
cf627a49b6
Merge "Moving adbd from rootdir to system/bin" into oc-mr1-dev
2017-08-18 03:52:37 +00:00
Tianjie Xu
3799e3848a
Merge "Allow update_verifier to write to kmsg" am: d90d976e45 am: ced80e801b am: 9be883b8fd
...
am: 9d974c1fae
2017-08-17 19:30:05 +00:00
Tianjie Xu
9d974c1fae
Merge "Allow update_verifier to write to kmsg" am: d90d976e45 am: ced80e801b
...
am: 9be883b8fd
2017-08-17 19:26:51 +00:00
Tianjie Xu
9be883b8fd
Merge "Allow update_verifier to write to kmsg" am: d90d976e45
...
am: ced80e801b
2017-08-17 19:23:05 +00:00
Tianjie Xu
ced80e801b
Merge "Allow update_verifier to write to kmsg"
...
am: d90d976e45
2017-08-17 19:19:40 +00:00
Tianjie Xu
d90d976e45
Merge "Allow update_verifier to write to kmsg"
2017-08-17 19:16:11 +00:00
Sandeep Patil
a250cf6a55
Merge changes from topic "app_visible_hals" into oc-mr1-dev
...
am: c5bdf47c9c
2017-08-17 18:01:19 +00:00
TreeHugger Robot
c5bdf47c9c
Merge changes from topic "app_visible_hals" into oc-mr1-dev
...
* changes:
DO NOT MERGE: use 'expandattribute' for untrusted_app_visible_hwservice
DO NOT MERGE: Add a way to allow untrusted_apps to talk to halserver domains
DO NOT MERGE: Revert "Revert "Remove neverallow preventing hwservice access for apps.""
2017-08-17 17:50:05 +00:00
Sandeep Patil
1f525e23fd
DO NOT MERGE: use 'expandattribute' for untrusted_app_visible_hwservice
...
Bug: 62658302
Test: Boot device and observe no new denials
Change-Id: If9a21610897b14a419f276289818127412c29c55
Signed-off-by: Sandeep Patil <sspatil@google.com>
2017-08-17 10:49:19 -07:00
Sandeep Patil
b96864eb9b
DO NOT MERGE: Add a way to allow untrusted_apps to talk to halserver domains
...
Vendor HAL extentsions are currently allowed to discover hardware
services that are labelled with 'untrusted_app_visible_hwservice'.
However, the policy doesn't allow these apps to talk to these services.
This CL makes sure that is now possible via the
'untrusted_app_visible_halserver' attribute for vendor domains that host
such a service.
Bug: 64382381
Test: Boot device and observe no new denials.
Change-Id: I1ffc1a62bdf7506a311f5a19acdab8c7caec902b
Signed-off-by: Sandeep Patil <sspatil@google.com>
2017-08-17 10:49:08 -07:00
Martijn Coenen
ed6b007455
Merge "Remove display.qservice from service_contexts." am: 109ee5f99c am: 333808edf5 am: f564672689
...
am: 891f78e0aa
2017-08-17 07:54:29 +00:00
Martijn Coenen
891f78e0aa
Merge "Remove display.qservice from service_contexts." am: 109ee5f99c am: 333808edf5
...
am: f564672689
2017-08-17 07:51:13 +00:00
Martijn Coenen
f564672689
Merge "Remove display.qservice from service_contexts." am: 109ee5f99c
...
am: 333808edf5
2017-08-17 07:48:43 +00:00
Martijn Coenen
333808edf5
Merge "Remove display.qservice from service_contexts."
...
am: 109ee5f99c
2017-08-17 07:46:07 +00:00
Martijn Coenen
109ee5f99c
Merge "Remove display.qservice from service_contexts."
2017-08-17 07:39:29 +00:00
Corey Tabaka
e598802851
Merge "Enable performanced to talk to the permission service." into oc-mr1-dev
...
am: 282d599fec
2017-08-17 04:05:28 +00:00
TreeHugger Robot
282d599fec
Merge "Enable performanced to talk to the permission service." into oc-mr1-dev
2017-08-17 03:56:29 +00:00
Dan Cashman
79fc8a43b4
Merge "treble sepolicy tests: Add removed attribute check." into oc-mr1-dev
...
am: 5157213785
2017-08-17 01:02:36 +00:00
Yifan Hong
43473a00e1
Merge "Make sepolicy-analyze for GTS." into oc-mr1-dev
...
am: 7c55e171de
2017-08-17 01:01:28 +00:00
TreeHugger Robot
5157213785
Merge "treble sepolicy tests: Add removed attribute check." into oc-mr1-dev
2017-08-17 00:25:27 +00:00
Corey Tabaka
030a7ef69c
Enable performanced to talk to the permission service.
...
Performanced needs to talk to the permission service to verify
permissions of clients to access certain restricted scheduler
policies.
Bug: 64337476
Test: performance_service_tests passes; logs do not contain avc
denials for performanced -> permission service.
Change-Id: I31618ab1d3e79c3c10138d567b0f5606527020f9
2017-08-16 15:10:20 -07:00
Yifan Hong
7c55e171de
Merge "Make sepolicy-analyze for GTS." into oc-mr1-dev
2017-08-16 21:46:10 +00:00
Sandeep Patil
c9d4a86d0a
DO NOT MERGE: Revert "Revert "Remove neverallow preventing hwservice access for apps.""
...
This reverts commit ceed720415
2017-08-16 14:29:17 -07:00
Tianjie Xu
d499e9145a
Allow update_verifier to write to kmsg
...
Denial message:
avc: denied { write } for pid=640 comm="update_verifier" name="kmsg"
dev="tmpfs" ino=13951 scontext=u:r:update_verifier:s0
tcontext=u:object_r:kmsg_device:s0 tclass=chr_file permissive=0
Bug: 64713327
Test: update_verifier logs successfully during boot time.
Change-Id: I421b1e6660239e5ffc624e504f5945d400510407
2017-08-16 13:09:56 -07:00
Dan Cashman
1c56a76bb6
treble sepolicy tests: Add removed attribute check.
...
Make sure that any attributes removed from policy are declared
in the mapping file, in case they are relied upon by vendor
policy.
Bug: 36899958
Test: Builds successfull, but not with removed attribute not
in mapping file.
Change-Id: I25526cd88a50e90513ae298ccf4f2660e4627fb4
2017-08-16 12:34:15 -07:00
Martijn Coenen
e18873591d
Remove display.qservice from service_contexts.
...
This is a Qualcomm proprietary service,
and does not belong here.
Test: boot Marlin
Bug: 63391760
Merged-In: If7469051f6cef3e2440f7021ae26c9815ff54820
Change-Id: If7469051f6cef3e2440f7021ae26c9815ff54820
2017-08-16 10:11:53 +02:00
Bowgo Tsai
e2423d149b
Moving adbd from rootdir to system/bin
...
Bug: 63910933
Test: boot sailfish in normal mode, checks adbd is started
Test: boot sailfish in recovery mode, checks adbd is started
Test: boot bullhead in normal mode, checks adbd is started
Test: boot bullhead in recovery mode, checks adbd is started
Change-Id: I35ed78a15a34626fbd3c21d030e2bf51033f7b79
2017-08-16 10:03:51 +08:00
Yifan Hong
9ffea2f94b
Make sepolicy-analyze for GTS.
...
Test: gts-tradefed run gts-dev --module=GtsSecurityHostTestCases
Bug: 64127136
Change-Id: Ib50294488bb1a5d46faed00d6954db64648fed20
2017-08-15 15:26:07 -07:00
Dan Cashman
fa78c14425
Merge "treble compat: Add test for removed public types without compat entry." into oc-mr1-dev
...
am: 1d5131e91d
2017-08-15 19:13:04 +00:00
TreeHugger Robot
1d5131e91d
Merge "treble compat: Add test for removed public types without compat entry." into oc-mr1-dev
2017-08-15 18:59:30 +00:00
Steven Moreland
e44c624b08
Merge "Add screencap domain." into stage-aosp-master am: 09d37ab90b -s ours am: 091d3fcc29 -s ours
...
am: 407cf0880e
2017-08-14 19:39:08 +00:00
Steven Moreland
407cf0880e
Merge "Add screencap domain." into stage-aosp-master am: 09d37ab90b -s ours
...
am: 091d3fcc29
2017-08-14 19:34:36 +00:00
Steven Moreland
091d3fcc29
Merge "Add screencap domain." into stage-aosp-master
...
am: 09d37ab90b
2017-08-14 19:30:37 +00:00
TreeHugger Robot
09d37ab90b
Merge "Add screencap domain." into stage-aosp-master
2017-08-14 19:26:41 +00:00
Dan Cashman
43c8ea3b4d
Move compatibility files out of prebuilts dir.
...
am: 78b3d573da
2017-08-14 19:17:58 +00:00
Steven Moreland
3998fe0884
Add screencap domain. am: 6b780b358f -s ours am: 0bf4d0db05 am: b190016b25
...
am: acbaa3ae4e
2017-08-14 19:02:43 +00:00
Steven Moreland
acbaa3ae4e
Add screencap domain. am: 6b780b358f -s ours am: 0bf4d0db05
...
am: b190016b25
2017-08-14 18:58:25 +00:00
Steven Moreland
b190016b25
Add screencap domain. am: 6b780b358f -s ours
...
am: 0bf4d0db05
2017-08-14 18:54:51 +00:00
Steven Moreland
0bf4d0db05
Add screencap domain.
...
am: 6b780b358f
2017-08-14 18:49:35 +00:00
Steven Moreland
9216a6adc9
Add screencap domain.
...
Only seeing this denial in permissive:
allow shell screencap_exec:file getattr;
Bug: 37565047
Test: adb shell screencap w/o root
Test: cts-tradefed run cts-dev --module CtsAadbHostTestCases
Merged-In: I9f31d2067e002e7042646ee38dbfc06687481ac7
Change-Id: I9f31d2067e002e7042646ee38dbfc06687481ac7
2017-08-14 11:46:08 -07:00
Steven Moreland
6b780b358f
Add screencap domain.
...
Only seeing this denial in permissive:
allow shell screencap_exec:file getattr;
Bug: 37565047
Test: adb shell screencap w/o root
Test: cts-tradefed run cts-dev --module CtsAadbHostTestCases
Merged-In: I9f31d2067e002e7042646ee38dbfc06687481ac7
Change-Id: I9f31d2067e002e7042646ee38dbfc06687481ac7
2017-08-14 17:19:40 +00:00
Dan Cashman
78b3d573da
Move compatibility files out of prebuilts dir.
...
The treble compatibility tests check for policy differences between old
and new policy. To do this correctly, we must not modify the policy which
represents the older policies. Move the files meant to be changed to a
different location from the ones that are not meant to be touched to avoid
any undesired changes to old policy, e.g. commit:
2bdefd65078d890889672938c6f0d2accdd25bc5
Bug: 36899958
Test: Build-time tests build.
Change-Id: I8fa3947cfae756f37556fb34e1654382e2e48372
2017-08-14 09:47:37 -07:00
Jin Qian
d3543981ea
Merge "move e2fs rules from private to public" into oc-mr1-dev
...
am: 124e1f6575
2017-08-14 04:22:39 +00:00
TreeHugger Robot
124e1f6575
Merge "move e2fs rules from private to public" into oc-mr1-dev
2017-08-14 04:19:23 +00:00
Martijn Coenen
f7942eb3b2
Merge "Prevent access to nonplat_service_contexts on full_treble." into oc-mr1-dev
...
am: 346a913c34
2017-08-12 12:19:42 +00:00
Martijn Coenen
346a913c34
Merge "Prevent access to nonplat_service_contexts on full_treble." into oc-mr1-dev
2017-08-12 12:14:08 +00:00
Dan Cashman
7b2fb8c8db
Merge "Add missing attribute to compatibility file." into oc-mr1-dev
...
am: 12d1c4f757
2017-08-11 23:53:49 +00:00
Josh Gao
28d6e8d4b5
Add /dev/kmsg_debug. am: 94e2a921cb am: 530e168c67 am: 751a627cd3
...
am: 040e9794f8
2017-08-11 23:00:16 +00:00
Josh Gao
040e9794f8
Add /dev/kmsg_debug. am: 94e2a921cb am: 530e168c67
...
am: 751a627cd3
2017-08-11 22:58:15 +00:00
