Tao Bao
d9992f9aa8
Merge "Allow init to relabelto to misc_block_device." am: fdedacd629 am: 89a09b36db
...
am: 92bd7e3527
2017-09-11 16:49:08 +00:00
Tao Bao
92bd7e3527
Merge "Allow init to relabelto to misc_block_device." am: fdedacd629
...
am: 89a09b36db
2017-09-11 16:45:08 +00:00
Tao Bao
89a09b36db
Merge "Allow init to relabelto to misc_block_device."
...
am: fdedacd629
2017-09-11 16:41:37 +00:00
Peter Enderborg
9d24568d32
Merge "Only allow init to start vold" am: 3b29076c7d am: cf39c11606
...
am: a42786f94e
2017-09-11 16:38:36 +00:00
Tao Bao
fdedacd629
Merge "Allow init to relabelto to misc_block_device."
2017-09-11 16:35:27 +00:00
Peter Enderborg
a42786f94e
Merge "Only allow init to start vold" am: 3b29076c7d
...
am: cf39c11606
2017-09-11 16:34:36 +00:00
Peter Enderborg
cf39c11606
Merge "Only allow init to start vold"
...
am: 3b29076c7d
2017-09-11 16:31:36 +00:00
Treehugger Robot
3b29076c7d
Merge "Only allow init to start vold"
2017-09-11 16:24:40 +00:00
Josh Gao
313a472d85
Add /dev/kmsg_debug. am: 521742e979 am: 1176de8e70
...
am: b9eba1d022
2017-09-09 01:45:07 +00:00
Josh Gao
b9eba1d022
Add /dev/kmsg_debug. am: 521742e979
...
am: 1176de8e70
2017-09-09 01:41:31 +00:00
Josh Gao
1176de8e70
Add /dev/kmsg_debug.
...
am: 521742e979
2017-09-09 01:37:59 +00:00
Dan Cashman
8c7ad767bc
Update sepolicy 26.0 prebuilts again, again. am: 9aefc916f5 am: b1a8aa4feb
...
am: 83732d2ede
2017-09-09 01:32:49 +00:00
Dan Cashman
83732d2ede
Update sepolicy 26.0 prebuilts again, again. am: 9aefc916f5
...
am: b1a8aa4feb
2017-09-09 01:30:46 +00:00
Dan Cashman
b1a8aa4feb
Update sepolicy 26.0 prebuilts again, again.
...
am: 9aefc916f5
2017-09-09 01:29:20 +00:00
Dan Cashman
460e3caf60
Update 26.0 SELinux prebuilts. am: 3686efcadb am: 39029b26e6
...
am: d440cea118
2017-09-09 00:04:30 +00:00
Dan Cashman
df7e9eb74c
Add mapping compatibility file for sepolicy api lvl 26.0 am: de51e7dece am: 97cfd1fded
...
am: 1b29c5bb67
2017-09-09 00:04:26 +00:00
Dan Cashman
7bcd8d5bcb
Commit oc-dev sepolicy to prebuilts. am: fff3fe2f08 am: 0989692ef5
...
am: a3d02508f8
2017-09-09 00:04:23 +00:00
Dan Cashman
d440cea118
Update 26.0 SELinux prebuilts. am: 3686efcadb
...
am: 39029b26e6
2017-09-09 00:01:08 +00:00
Dan Cashman
1b29c5bb67
Add mapping compatibility file for sepolicy api lvl 26.0 am: de51e7dece
...
am: 97cfd1fded
2017-09-09 00:01:04 +00:00
Dan Cashman
a3d02508f8
Commit oc-dev sepolicy to prebuilts. am: fff3fe2f08
...
am: 0989692ef5
2017-09-09 00:00:53 +00:00
Dan Cashman
39029b26e6
Update 26.0 SELinux prebuilts.
...
am: 3686efcadb
2017-09-08 23:57:04 +00:00
Dan Cashman
97cfd1fded
Add mapping compatibility file for sepolicy api lvl 26.0
...
am: de51e7dece
2017-09-08 23:57:01 +00:00
Dan Cashman
0989692ef5
Commit oc-dev sepolicy to prebuilts.
...
am: fff3fe2f08
2017-09-08 23:56:58 +00:00
Josh Gao
521742e979
Add /dev/kmsg_debug.
...
Add /dev/kmsg_debug on userdebug devices, to allow crash_dump to log
crashes to dmesg when logd isn't up yet (or is the one crashing).
(Originally commited in a015186fab3458ec135e
2017-09-08 15:43:31 -07:00
Dan Cashman
9aefc916f5
Update sepolicy 26.0 prebuilts again, again.
...
(cherry-pick of commit: 55c7750482
2017-09-08 15:35:55 -07:00
Dan Cashman
3686efcadb
Update 26.0 SELinux prebuilts.
...
More changes went into oc-dev after the freeze-date. Reflect them.
(cherry-pick of commit: 148578a623
2017-09-08 15:30:38 -07:00
Dan Cashman
de51e7dece
Add mapping compatibility file for sepolicy api lvl 26.0
...
commit: 5c6a227ebb5e4e0d7fba
2017-09-08 15:25:49 -07:00
Dan Cashman
fff3fe2f08
Commit oc-dev sepolicy to prebuilts.
...
Copy the final system sepolicy from oc-dev to its prebuilt dir
corresponding to its version (26.0) so that we can uprev policy and
start maintaining compatibility files, as well as use it for CTS
tests targeting future platforms.
(cherry-pick of commit: 5c6a227ebb
2017-09-08 15:19:30 -07:00
Hung-ying Tyan
f3a6adfd49
Don't create nonplat_service_contexts on full_treble devices am: e83f1e5609 am: 0d5bca443a
...
am: e06f443c59
2017-09-07 16:44:14 +00:00
Hung-ying Tyan
e06f443c59
Don't create nonplat_service_contexts on full_treble devices am: e83f1e5609
...
am: 0d5bca443a
2017-09-07 16:42:15 +00:00
Hung-ying Tyan
0d5bca443a
Don't create nonplat_service_contexts on full_treble devices
...
am: e83f1e5609
2017-09-07 16:40:14 +00:00
Tao Bao
28fde2322f
Allow init to relabelto to misc_block_device.
...
avc: denied { relabelto } for pid=1 comm="init" name="misc" dev="tmpfs" ino=3855 scontext=u:r:init:s0 tcontext=u:object_r:misc_block_device:s0 tclass=lnk_file
If misc partition is used during early mount, it will carry a label of
tmpfs (instead of block_device), which will fail restorecon with the
above denial.
Bug: 65378733
Test: Build and flash a target that uses misc in early mount. No longer
observe the above denial.
Change-Id: I44cd43dbd2a8a4f9f423ebc8ac0dd046b167ef72
2017-09-06 14:32:10 -07:00
Hung-ying Tyan
e83f1e5609
Don't create nonplat_service_contexts on full_treble devices
...
On full Treble devices, servicemanager should only host services
served from processes on /system; nonplat_service_contexts
should not be created at all in this case.
Bug: 36866029
Test: Build marlin and make sure nonplat_service_contexts is not
created.
Change-Id: Id02c314abbb98fc69884198779488c52231d22c3
Merged-In: Id02c314abbb98fc69884198779488c52231d22c3
2017-09-06 22:15:43 +08:00
Steven Moreland
d79a822f20
Revert "Add screencap domain." am: 5b2ebd3b25 am: 8b6ceed078
...
am: 59f2365065
2017-09-05 18:58:22 +00:00
Steven Moreland
59f2365065
Revert "Add screencap domain." am: 5b2ebd3b25
...
am: 8b6ceed078
2017-09-05 18:56:19 +00:00
Steven Moreland
8b6ceed078
Revert "Add screencap domain."
...
am: 5b2ebd3b25
2017-09-05 18:53:23 +00:00
Steven Moreland
5b2ebd3b25
Revert "Add screencap domain."
...
This reverts commit 9216a6adc9
2017-09-05 10:08:09 -07:00
Peter Enderborg
acb4871ff3
Only allow init to start vold
...
Hardening vold. Vold has much rights to system sensitive parts and
are started by init. Enforce this security.
Bug: 64791922
Test: Manual
Change-Id: I077d251d1eb7b7292e1a4a785093cb7bf5524a83
2017-09-05 16:27:32 +02:00
Dan Willemsen
e92b7f1604
Merge "Fix libsepolwrap with SANITIZE_HOST=address" am: cdaf97bfbf am: 4deeab5cde
...
am: a30b6a5c08
2017-09-01 23:56:06 +00:00
Dan Willemsen
a30b6a5c08
Merge "Fix libsepolwrap with SANITIZE_HOST=address" am: cdaf97bfbf
...
am: 4deeab5cde
2017-09-01 23:51:26 +00:00
Dan Willemsen
4deeab5cde
Merge "Fix libsepolwrap with SANITIZE_HOST=address"
...
am: cdaf97bfbf
2017-09-01 23:38:16 +00:00
Treehugger Robot
cdaf97bfbf
Merge "Fix libsepolwrap with SANITIZE_HOST=address"
2017-09-01 23:21:39 +00:00
Ray Essick
91306800e7
Merge "Give media.metrics service access to uid/pkg info" into oc-mr1-dev
...
am: 123cf237b7
2017-09-01 23:13:07 +00:00
Ray Essick
123cf237b7
Merge "Give media.metrics service access to uid/pkg info" into oc-mr1-dev
2017-09-01 22:29:11 +00:00
Dan Willemsen
948354abb9
Fix libsepolwrap with SANITIZE_HOST=address
...
Test: SANITIZE_HOST=true m treble_sepolicy_tests
Change-Id: I9190dc06715bbbac8a267a143801f99f911decf3
2017-09-01 14:08:46 -07:00
Robert Benea
6be79378c8
Merge "Allow lmkd read memcg stats." am: b22278e4a7 am: adf685701b
...
am: fa85fac771
2017-09-01 21:05:50 +00:00
Robert Benea
fa85fac771
Merge "Allow lmkd read memcg stats." am: b22278e4a7
...
am: adf685701b
2017-09-01 21:01:19 +00:00
Robert Benea
adf685701b
Merge "Allow lmkd read memcg stats."
...
am: b22278e4a7
2017-09-01 20:54:49 +00:00
Robert Benea
b22278e4a7
Merge "Allow lmkd read memcg stats."
2017-09-01 20:45:01 +00:00
Jeff Vander Stoep
b10d590fd4
Merge "cgroup: allow associate to tmpfs" into oc-mr1-dev
...
am: 15f9d05273
2017-09-01 20:13:35 +00:00
