we are aiming to improve logging performance by having wifi hal
directly write to the flash.
Wifi hal need to be able to create, write, and delete files in
a directory. This will be restricted to userdebug and eng builds only.
Bug: 70170285
Test: compile, run on device
Change-Id: Id0cd317411f4c393d7529aa31b501046d7350edb
Many processes including third party apps are expected to
access /proc/net/xt_qtaguid/stats. Give this file a new label
to avoid spamming the logs and temporarily grant read access to
all processes.
Read-only permission is adequate for all processes based on unix
permissions.
sailfish:/ # ls -laZ /proc/net/xt_qtaguid/stats
-r--r--r-- 1 root net_bw_stats u:object_r:proc_net_xt_qtaguid_stats:s0 stats
Bug: 9496886
Bug: 68016944
Bug: 70722355
Test: Build/flash Sailfish. Browse in Chrome and watch videos in youtube.
No "denied" or "granted" selinux messages observed in the logs.
Change-Id: I29f1ee806c8149988b9b93a950790d14754927ef
Since /odm is an extension of /vendor, libs in /odm should be treated
just like the ones in /vendor.
Bug: 67890517
Test: none as we don't yet have /odm partition.
Change-Id: I5232baef769c7fa8c7641b462cfa1d7537d3cfdf
Bug: 70275668
Test: walleye builds, boots.
This change only expands the existing permissions, so shouldn't regress
runtime behavior.
Change-Id: I36e63f11d78998a88e3f8d1e6913e20762a359af
Allow init to create a serialized property_info file and allow all
processes to read it.
Bug: 36001741
Test: boot bullhead, walleye using property_info
Change-Id: Ie51d4c0f0221b128dd087029c811fda15b4d7093
Do not let apps read uid_concurrent_active_time and
uid_concurrent_policy_time.
b/68399339
Test: Check that they can't be read from the shell
without root permissions and system_server was able
to read them
Change-Id: I6f09ef608607cb9f4084ba403a1e7254b8c49a06
This will allow bionic cts test to list network interfaces in
/sys/class/net.
Bug: 70537905
Test: adb shell /data/nativetest/bionic-unit-tests/bionic-unit-tests
--gtest_filter=ifaddrs.getifaddrs_interfaces
Change-Id: Ie07425fc54f9101e911962142824697e64d2bc45
/odm partition is the extension of /vendor partition, so we should not
use system_file for it. Currently there is no ABI between vendor and
odm. We can use 'odm_file' when needed in the future.
Bug: 64240127
Test: boot a device
Change-Id: I4e8300d597aeeba60a255c8d114a54b24bc39470
Commit b8b4f5d6 'Clean up old file-based OTA SELinux rules' removed
many permissions from recovery, a few of which are still required.
Restore these.
[ 2918.409108] type=1400 audit(2327427.540:159): avc: denied
{ search } for pid=339 comm="recovery" name="/" dev="mmcblk0p38"
ino=2 scontext=u:r:recovery:s0 tcontext=u:object_r:unlabeled:s0
tclass=dir permissive=0
[ 2586.563071] E:Failed to mount / create /cache/recovery: Permission
denied
[ 2586.780320] E:Can't open /cache/recovery/log: Permission denied
[ 2586.850399] E:Can't open /cache/recovery/last_log: Permission
denied
[ 2586.918979] E:Can't open /cache/recovery/last_install: Permission
denied
[ 54.035867] type=1400 audit(59206654.526:12): avc: denied { chown }
for pid=330 comm="recovery" capability=0 scontext=u:r:recovery:s0
tcontext=u:r:recovery:s0 tclass=capability permissive=0a
Bug: 70350029
Test: xunchang to test
Change-Id: I46ab049b8eb600b44c84a61777fade150cadd197
We rely on vendors to label all dependencies of healthd/charger under
/sys/class/power_supply with sysfs_batteryinfo type.
Bug: 65643247
Bug: 32659667
Test: boots without denials from healthd, to sysfs_batteryinfo or to
sysfs_msm_subsys.
Test: charging with device turned off works without /sys denials.
Change-Id: I893f309ecad8a0caf7d0b81f5f945725907255c2
