Mikhail Naganov
9f90cadc1d
Update SELinux policy for audiohal
...
am: 2ff6b4da73
Change-Id: I10765cef79fa42538e5987985de24de1c0090396
2016-10-21 19:08:08 +00:00
Mikhail Naganov
2ff6b4da73
Update SELinux policy for audiohal
...
Change-Id: Iaa9907ed516c947175a59bf49938c0ee03b4f6d1
2016-10-21 09:53:15 -07:00
Felipe Leme
d8dc4b8042
Merge "Creates an autofill system service." am: f5312f8e81
am: ce4c82a8c2
...
am: 908aeba743
Change-Id: I047518d8183b6fe90e40ab62bdbdaecdab82e67a
2016-10-21 16:36:32 +00:00
Felipe Leme
ce4c82a8c2
Merge "Creates an autofill system service."
...
am: f5312f8e81
Change-Id: I6472e55c079805a97bd3f60800331ace7b3959a5
2016-10-21 16:19:26 +00:00
Jeff Vander Stoep
ce4b5eeaee
isolated_app: no sdcard access
...
Remove and neverallow isolated_app access to external storage and
USB accessories.
Test: aosp_angler-userdebug builds
Bug: 21643067
Change-Id: Ie912706a954a38610f2afd742b1ab4b8cd4b1f36
2016-10-21 09:15:48 -07:00
Treehugger Robot
f5312f8e81
Merge "Creates an autofill system service."
2016-10-21 16:09:31 +00:00
Craig Donner
3c6c4d2df2
sepolicy: Add policy for VR HIDL service. am: 7ba0485665
am: 8bae22ecea
...
am: ac775e3d0a
Change-Id: Iae2c060ad326a328a2e37bd39fe33d0d662cc2f8
2016-10-21 03:02:59 +00:00
Craig Donner
8bae22ecea
sepolicy: Add policy for VR HIDL service.
...
am: 7ba0485665
Change-Id: I5ab2f5a0924715128420ba7edf877ee2ed3d2bc0
2016-10-21 02:47:31 +00:00
Felipe Leme
8221d59711
Creates an autofill system service.
...
BUG: 31001899
Test: manual
Change-Id: I8d462b40d931310eab26bafa09645ac88f13fc97
2016-10-20 17:33:27 -07:00
Craig Donner
7ba0485665
sepolicy: Add policy for VR HIDL service.
...
Test: built and ran on device.
Bug: 31442830
Change-Id: Idd7870b4dd70eed8cd4dc55e292be39ff703edd2
2016-10-20 17:03:54 -07:00
Prashant Malani
8d9f4a62c4
Merge "Cleanup and renaming of vibrator HAL sepolicy" am: fe360ad6bd
am: 566ffd0252
...
am: 120cfb275e
Change-Id: Id8f9674e30e452a38541645899e537236d633048
2016-10-20 22:15:14 +00:00
Prashant Malani
566ffd0252
Merge "Cleanup and renaming of vibrator HAL sepolicy"
...
am: fe360ad6bd
Change-Id: I880c24b3b566e8566b5cb3ececbe27ddd513a4e4
2016-10-20 21:53:31 +00:00
Treehugger Robot
fe360ad6bd
Merge "Cleanup and renaming of vibrator HAL sepolicy"
2016-10-20 21:42:19 +00:00
Jeff Vander Stoep
288483de90
Merge "racoon: remove domain_deprecated attribute" am: 41c727bce8
am: 9ec8d943c1
...
am: f13610c69a
Change-Id: Id08061d282cda1060017d047e4a8a838475ff346
2016-10-20 02:53:13 +00:00
Jeff Vander Stoep
9ec8d943c1
Merge "racoon: remove domain_deprecated attribute"
...
am: 41c727bce8
Change-Id: I2b8992af4e888d1f16996509f13f4ef17dc2d7c7
2016-10-20 02:34:04 +00:00
Treehugger Robot
41c727bce8
Merge "racoon: remove domain_deprecated attribute"
2016-10-20 02:27:39 +00:00
Jeff Vander Stoep
1b1745672b
Merge "racoon: allow setting options on tun interface" am: 76b467aedb
am: 4692d61295
...
am: bed45e739c
Change-Id: If49afbd2040349e7c08f66e361b025d9ccd59db0
2016-10-20 00:50:07 +00:00
Jeff Vander Stoep
4692d61295
Merge "racoon: allow setting options on tun interface"
...
am: 76b467aedb
Change-Id: Ifc036b3562fbc6b925b64272c4e75795504993eb
2016-10-20 00:33:20 +00:00
Treehugger Robot
76b467aedb
Merge "racoon: allow setting options on tun interface"
2016-10-20 00:22:52 +00:00
Jeff Vander Stoep
d733d161cf
Add macros for treble and non-treble only policy
...
Test: builds
Change-Id: Idd1d90a89a9ecbb2738d6b483af0e8479e87aa15
2016-10-19 15:05:05 -07:00
Prashant Malani
2d9d3e6de3
Cleanup and renaming of vibrator HAL sepolicy
...
Renaming vibrator sepolicy to remove the version number.
Also moving the related binder_call() to maintain alphabetical order.
Bug: 32123421
Change-Id: I2bfa835085519ed10f61ddf74e7e668dd12bda04
Test: booted, and checked vibrate on keypress on bullhead
2016-10-19 09:54:20 -07:00
Prashant Malani
c026f5ef0f
Add sysfs rule for vibrator in system_server am: c86eb96f45
am: bd1d36de60
...
am: 5d1524c867
Change-Id: I9167441ca2aac0fb2e44d541691dd59578a1bb7e
2016-10-18 22:05:38 +00:00
Prashant Malani
bd1d36de60
Add sysfs rule for vibrator in system_server
...
am: c86eb96f45
Change-Id: Ibf07cf30cccc798699be28156f50bbca55df5db7
2016-10-18 21:51:20 +00:00
Prashant Malani
c86eb96f45
Add sysfs rule for vibrator in system_server
...
Helps fix vibrator HAL open issue
avc: denied { write } for pid=907 comm="system_server" name="enable" dev="sysfs" ino=20423 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs_vibrator:s0 tclass=file permissive=0
Bug: 32209928
Bug: 32225232
Test: m, booted, tested keypad to make sure vibrator works
Change-Id: I4977c42b7fac0c9503be04b6520487f2d6cbc903
2016-10-18 12:59:20 -07:00
Jeff Vander Stoep
d7a64e4e8b
racoon: remove domain_deprecated attribute
...
Test: builds/boots on Angler. No "granted" messages for the removed
permissions observed in three months of log audits.
Bug: 28760354
Change-Id: Ib6da57f6249a5571015b649bae843590229be714
2016-10-15 17:15:25 -07:00
Jeff Vander Stoep
d063d23032
racoon: allow setting options on tun interface
...
Fixes failure in VPN connection
avc: denied { ioctl } for pid=2870 comm="ip-up-vpn" ioctlcmd=8914
scontext=u:r:racoon:s0 tcontext=u:r:racoon:s0 tclass=udp_socket
avc: denied { ioctl } for pid=2870 comm="ip-up-vpn" ioctlcmd=8916
scontext=u:r:racoon:s0 tcontext=u:r:racoon:s0 tclass=udp_socket
Test: VPN works
Bug: 32011648
Change-Id: I28c4dc7ffbf7e35ef582176674c4e9764719a2a9
2016-10-15 14:09:45 -07:00
Daniel Micay
d84440d914
remove unnecessary dalvik rules from recovery am: 510771ff92
am: 1573f55bdd
...
am: a85cca8fd7
Change-Id: I8e6121e387c19646072da14c5f47093fec738dc3
2016-10-15 00:05:22 +00:00
Daniel Micay
1573f55bdd
remove unnecessary dalvik rules from recovery
...
am: 510771ff92
Change-Id: I13496eb190ff2c611f87d2ee6b81978f09f6f2a3
2016-10-14 23:53:48 +00:00
Daniel Micay
510771ff92
remove unnecessary dalvik rules from recovery
...
Change-Id: Ic0dd1162e268ce54e11de08b18dd7df47ab12147
2016-10-14 02:27:31 -04:00
Prashant Malani
55cf83525c
sepolicy: Add policy for vibrator HIDL service am: b32b4a112f
am: d55ef92371
am: 5b87c66933
...
am: d7cbaf298e
Change-Id: I8604b86eaa8e68ff14267d6f099c81ad53809dac
2016-10-13 21:03:34 +00:00
Prashant Malani
d7cbaf298e
sepolicy: Add policy for vibrator HIDL service am: b32b4a112f
am: d55ef92371
...
am: 5b87c66933
Change-Id: I964fcb218f92c6f74dbff5f551229956abe01b68
2016-10-13 21:01:40 +00:00
Prashant Malani
5b87c66933
sepolicy: Add policy for vibrator HIDL service am: b32b4a112f
...
am: d55ef92371
Change-Id: I02d9c27f40cdd32596521a3e01c81fe2fdc4b6a1
2016-10-13 20:54:33 +00:00
Prashant Malani
b32b4a112f
sepolicy: Add policy for vibrator HIDL service
...
Fixes the following denials:
avc: denied { open } for pid=7530 comm="android.hardwar" path="/sys/devices/virtual/timed_output/vibrator/enable" dev="sysfs" ino=20519 scontext=u:r:android_hardware_vibrator_1_0_service:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
avc: denied { call } for pid=9173 comm="Binder:7735_C" scontext=u:r:system_server:s0 tcontext=u:r:android_hardware_vibrator_1_0_service:s0 tclass=binder permissive=1
Test: m
Bug: 32021191
Change-Id: I243a86b449794e3c2f0abf91ddcf405eff548d0c
2016-10-13 11:41:30 -07:00
Chad Brubaker
d6f929ca88
Rename autoplay_app to ephemeral_app am: 06cf31eb63
am: 90b552d941
am: 83ad69b11c
...
am: c5ef0152ed
Change-Id: I1ff31269ef18117e833711f333fa8fd505a5c694
2016-10-07 19:54:34 +00:00
Chad Brubaker
c5ef0152ed
Rename autoplay_app to ephemeral_app am: 06cf31eb63
am: 90b552d941
...
am: 83ad69b11c
Change-Id: I0f0cfda4783df19ddd13ed7a07d8fa3717b85fc3
2016-10-07 19:46:10 +00:00
Chad Brubaker
83ad69b11c
Rename autoplay_app to ephemeral_app am: 06cf31eb63
...
am: 90b552d941
Change-Id: I663aa76bf477fcc9311078e0f9dab72fdae7a76e
2016-10-07 19:41:10 +00:00
Prashant Malani
c541bb6814
system_server: Allow hwservicemanager to make binder calls am: abb5c72b8b
am: f8ac3b7cab
am: 15d439b8c2
...
am: 95b0515b4b
Change-Id: Ia7eefe1a8735e84d79be9d6c47feb81d28bc1147
2016-10-07 16:57:55 +00:00
Chad Brubaker
06cf31eb63
Rename autoplay_app to ephemeral_app
...
Test: Builds and boots
Change-Id: I3db64e12f0390c6940f5745eae83ce7efa7d65a9
2016-10-07 09:52:31 -07:00
Prashant Malani
95b0515b4b
system_server: Allow hwservicemanager to make binder calls am: abb5c72b8b
am: f8ac3b7cab
...
am: 15d439b8c2
Change-Id: I01eca0746c00940f58fd6e92cc6b1b7649659680
2016-10-07 05:06:17 +00:00
Prashant Malani
15d439b8c2
system_server: Allow hwservicemanager to make binder calls am: abb5c72b8b
...
am: f8ac3b7cab
Change-Id: Ifdc91982a3672447e9e07b51a94a79aa465dea73
2016-10-07 05:02:47 +00:00
Prashant Malani
abb5c72b8b
system_server: Allow hwservicemanager to make binder calls
...
Fixes the following denial:
avc: denied { call } for pid=791 comm="system_server" scontext=u:r:system_server:s0 tcontext=u:r:hwservicemanager:s0 tclass=binder permissive=1
Test: Builds, boots, vibrator works on bullhead
Change-Id: I56a0a86b64f5d46dc490f6f3255009c40e6e3f8f
2016-10-06 14:41:49 -07:00
dcashman
7cfa40594c
Split general policy into public and private components. am: cc39f63773
am: 1d233a6328
am: e8647916b8
...
am: 360da5bc47
Change-Id: Id1c6c6168b7deb7b45b51514ee6df889966bd3dc
2016-10-06 20:30:01 +00:00
dcashman
360da5bc47
Split general policy into public and private components. am: cc39f63773
am: 1d233a6328
...
am: e8647916b8
Change-Id: Ic200ac0d2169ac5b183d9aab101c5715856f1bac
2016-10-06 20:23:15 +00:00
dcashman
e8647916b8
Split general policy into public and private components. am: cc39f63773
...
am: 1d233a6328
Change-Id: I09f67daa9459fcb8fa37df9129df589ae180a5bc
2016-10-06 20:20:15 +00:00
dcashman
cc39f63773
Split general policy into public and private components.
...
Divide policy into public and private components. This is the first
step in splitting the policy creation for platform and non-platform
policies. The policy in the public directory will be exported for use
in non-platform policy creation. Backwards compatibility with it will
be achieved by converting the exported policy into attribute-based
policy when included as part of the non-platform policy and a mapping
file will be maintained to be included with the platform policy that
maps exported attributes of previous versions to the current platform
version.
Eventually we would like to create a clear interface between the
platform and non-platform device components so that the exported policy,
and the need for attributes is minimal. For now, almost all types and
avrules are left in public.
Test: Tested by building policy and running on device.
Change-Id: Idef796c9ec169259787c3f9d8f423edf4ce27f8c
2016-10-06 13:09:06 -07:00