tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
12018 commits 1 branch 0 tags 50 MiB
Commit graph

1812 commits

Author SHA1 Message Date
Jeff Vander Stoep
ece21859fc create separate usermodehelper type for sysfs 
Prevent files in /proc from incorrectly having sysfs_type attribute.

Rework neverallows so that ueventd has write access to all of
/sys which it needs to handle uevents.

Bug: 63147833
Test: Build. Flash angler, verify files are correctly labeled and no
    new denials are in the logs.

Change-Id: Ib94d44e78cee0e83e2ac924f1c72e611e8e73558
 2017-07-12 12:26:12 -07:00
Jeff Vander Stoep
dff3f37693 Revert "ueventd: Grant write access to all files in /sys" 
This reverts commit 5bf94cafdd.

Remove this temporary workaround.

Bug: 63147833
Test: Build policy
 2017-07-12 10:32:04 -07:00
Jeff Vander Stoep
dc67168021 Merge "ueventd: Grant write access to all files in /sys" into oc-dr1-dev am: f6be4b6680 
am: 36bcc9011a

Change-Id: I0aafa7c4750c96e4dc872602a748b4bf211ee6e1
 2017-07-12 05:43:10 +00:00
Jeff Vander Stoep
36bcc9011a Merge "ueventd: Grant write access to all files in /sys" into oc-dr1-dev 
am: f6be4b6680

Change-Id: I75c575577e7a7c99c140b092d3b490bd086de2db
 2017-07-12 05:39:12 +00:00
TreeHugger Robot
f6be4b6680 Merge "ueventd: Grant write access to all files in /sys" into oc-dr1-dev 2017-07-12 05:33:37 +00:00
Lorenzo Colitti
8358215dc8 Merge "Temporarily revert the SELinux policy for persist.netd.stable_secret." am: c501c34523 am: 9822937597 
am: f1d85fc146

Change-Id: I818d200c6e95d7f28fae70ca6dfc3ea994f91239
 2017-07-12 00:25:45 +00:00
Lorenzo Colitti
f1d85fc146 Merge "Temporarily revert the SELinux policy for persist.netd.stable_secret." am: c501c34523 
am: 9822937597

Change-Id: I5e41b34370f507214d3dcdcedf16f3c29be77f65
 2017-07-12 00:22:44 +00:00
Lorenzo Colitti
9822937597 Merge "Temporarily revert the SELinux policy for persist.netd.stable_secret." 
am: c501c34523

Change-Id: I1b62a13240b49654fe8667909d23989d4651b37a
 2017-07-12 00:19:41 +00:00
Lorenzo Colitti
c501c34523 Merge "Temporarily revert the SELinux policy for persist.netd.stable_secret." 2017-07-12 00:11:20 +00:00
Lorenzo Colitti
591f9f237a Merge changes I1234326d,Idffcf784 
* changes:
  Temporarily remove netd_stable_secret_prop from compat infra.
  Temporarily revert the SELinux policy for persist.netd.stable_secret.
 2017-07-12 00:10:35 +00:00
Robert Benea
93166cefce resolve merge conflicts of 0040d6f0 to master 
Test: I solemnly swear I tested this conflict resolution.
Change-Id: Icf1e8ad95c40f497c731fa03dfd09d8b2c132aca
 2017-07-11 12:55:12 -07:00
Jeff Vander Stoep
5bf94cafdd ueventd: Grant write access to all files in /sys 
Ueventd needs write access to all files in /sys to generate uevents.

Bug: 63147833
Test: build. Verify no ueventd denials in the logs.
Change-Id: I89d33aab158dd192e761f14eff8afa1c71594bca
 2017-07-11 10:56:24 -07:00
Jeff Vander Stoep
148de9f5a8 domain_deprecated: remove rootfs access am: a12aad45b6 am: 7297ea2a55 am: 1f284f4b65 
am: 53b987aaea

Change-Id: I3813dfca0efb4c933881b9f5ddddb5bc033c4cf1
 2017-07-11 16:51:17 +00:00
Jeff Vander Stoep
53b987aaea domain_deprecated: remove rootfs access am: a12aad45b6 am: 7297ea2a55 
am: 1f284f4b65

Change-Id: Ic767b5bc0320faed4733be10ff09103dccf4e929
 2017-07-11 16:48:17 +00:00
Jeff Vander Stoep
1f284f4b65 domain_deprecated: remove rootfs access am: a12aad45b6 
am: 7297ea2a55

Change-Id: I37c6c64905e01ff4bf8d7a72c05fac3912dea793
 2017-07-11 16:45:16 +00:00
Jeff Vander Stoep
7297ea2a55 domain_deprecated: remove rootfs access 
am: a12aad45b6

Change-Id: I0cc33674afefeb455bd53702c304d9317ae2e937
 2017-07-11 16:41:46 +00:00
Lorenzo Colitti
9fa11b771b Temporarily revert the SELinux policy for persist.netd.stable_secret. 
This change did not make it into core sepolicy in time for O.
The revert allows devices to define these selinux policies in
vendor-specific sepolicy instead of core sepolicy. It is
necessary because:

1. It is too late to change property_contexts in O.
2. Adding the netd_stable_secret prop to vendor sepolicy results
   in a duplicate definition error at compile time.
3. Defining a new vendor-specific context (such as
   net_stable_secret_vendor_prop) and applying it to
   persist.netd.stable_secret results in the device not booting
   due to attempting to apply two different contexts to the same
   property.

Lack of the sepolicy no longer breaks wifi connectivity now that
IpManager no longer considers failure to set the stable secret to
be a fatal error.

Once all interested devices have adopted the vendor sepolicy,
this policy can safely be reinstated by reverting said vendor
sepolicies in internal master.

This reverts commit abb1ba6532.

Bug: 17613910
Test: bullhead builds, boots, connects to wifi
Change-Id: Idffcf78491171c54bca9f93cb920eab9b1c47709
 2017-07-11 23:38:27 +09:00
Jeff Vander Stoep
a12aad45b6 domain_deprecated: remove rootfs access 
Grant audited permissions collected in logs.

tcontext=platform_app
avc: granted { getattr } for comm=496E666C6174657254687265616420
path="/" dev="dm-0" ino=2 scontext=u:r:platform_app:s0:c512,c768
tcontext=u:object_r:rootfs:s0 tclass=dir

tcontext=system_app
avc: granted { getattr } for comm="android:ui" path="/" dev="dm-0"
scontext=u:r:system_app:s0 tcontext=u:object_r:rootfs:s0 tclass=dir
avc: granted { getattr } for comm="android:ui" path="/" dev="dm-0"
scontext=u:r:system_app:s0 tcontext=u:object_r:rootfs:s0 tclass=dir

tcontext=update_engine
avc: granted { getattr } for comm="update_engine" path="/" dev="dm-0"
ino=2 scontext=u:r:update_engine:s0 tcontext=u:object_r:rootfs:s0
tclass=dir
avc: granted { getattr } for comm="update_engine" path="/fstab.foo"
dev="dm-0" ino=25 scontext=u:r:update_engine:s0
tcontext=u:object_r:rootfs:s0 tclass=file
avc: granted { read open } for comm="update_engine" path="/fstab.foo"
dev="dm-0" ino=25 scontext=u:r:update_engine:s0
tcontext=u:object_r:rootfs:s0 tclass=file

Bug: 28760354
Test: build
Change-Id: I6135eea1d10b903a4a7e69da468097f495484665
 2017-07-10 21:21:48 -07:00
Jeff Vander Stoep
0ba84942ab domain_deprecated: remove cache access am: 790f4c7e20 am: 3ca774762b 
am: 664743bddf

Change-Id: I0f802840891ff66eb74aeaed602f791412d07ffb
 2017-07-10 23:33:46 +00:00
Jeff Vander Stoep
664743bddf domain_deprecated: remove cache access am: 790f4c7e20 
am: 3ca774762b

Change-Id: Ie9ebd530b380bd61fd62bb3cab171f0f7e27156e
 2017-07-10 23:31:16 +00:00
Jeff Vander Stoep
3ca774762b domain_deprecated: remove cache access 
am: 790f4c7e20

Change-Id: I0dcc870c1280baf37e03b66b244e2ff046fad35d
 2017-07-10 23:28:15 +00:00
Jeff Vander Stoep
72b265473e domain_deprecated: remove cgroup access 
Logs indicate that all processes that require read access
have already been granted it.

Bug: 28760354
Test: build policy
Merged-In: I5826c45f54af32e3d4296df904c8523bb5df5e62
Change-Id: I5826c45f54af32e3d4296df904c8523bb5df5e62
 2017-07-10 22:07:00 +00:00
Jeff Vander Stoep
790f4c7e20 domain_deprecated: remove cache access 
Address the "granted" permissions observed in the logs including:

tcontext=uncrypt
avc: granted { search } for comm="uncrypt" name="/" dev="mmcblk0p40"
ino=2 scontext=u:r:uncrypt:s0 tcontext=u:object_r:cache_file:s0
tclass=dir

tcontext=install_recovery
avc: granted { search } for comm="applypatch" name="saved.file"
scontext=u:r:install_recovery:s0 tcontext=u:object_r:cache_file:s0
tclass=dir
avc: granted { read } for comm="applypatch" name="saved.file"
dev="mmcblk0p6" ino=14 scontext=u:r:install_recovery:s0
tcontext=u:object_r:cache_file:s0 tclass=file
avc: granted { getattr } for comm="applypatch" path="/cache/saved.file"
dev="mmcblk0p6" ino=14 scontext=u:r:install_recovery:s0
tcontext=u:object_r:cache_file:s0 tclass=file

tcontext=update_engine
avc: granted { search } for comm="update_engine" name="cache"
dev="sda35" ino=1409025 scontext=u:r:update_engine:s0
tcontext=u:object_r:cache_file:s0 tclass=dir"
avc: granted { read } for comm="update_engine" name="update.zip"
dev="sda35" ino=1409037 scontext=u:r:update_engine:s0
tcontext=u:object_r:cache_file:s0:c512,c768 tclass=file
avc: granted { read } for comm="update_engine" name="cache" dev="dm-0"
ino=16 scontext=u:r:update_engine:s0 tcontext=u:object_r:cache_file:s0
tclass=lnk_file

Bug: 28760354
Test: build policy.
Merged-In: Ia13fe47268df904bd4f815c429a0acac961aed1e
Change-Id: Ia13fe47268df904bd4f815c429a0acac961aed1e
 2017-07-10 22:06:33 +00:00
TreeHugger Robot
bb11437420 Merge "domain_deprecated: remove cache access" 2017-07-10 21:46:47 +00:00
TreeHugger Robot
eea658fdae Merge "Split mediaprovider from priv_app." 2017-07-10 21:22:39 +00:00
Dan Cashman
5637587d37 Split mediaprovider from priv_app. 
This CL was accidentally reverted a second time by commit:
cb5129f9de.  Submit it for the third,
and final, time.

Bug: 62102757
Test: Builds and boots.
 2017-07-10 11:17:18 -07:00
Jeff Vander Stoep
1c54ec45ed domain_deprecated: remove cache access 
Address the "granted" permissions observed in the logs including:

tcontext=uncrypt
avc: granted { search } for comm="uncrypt" name="/" dev="mmcblk0p40"
ino=2 scontext=u:r:uncrypt:s0 tcontext=u:object_r:cache_file:s0
tclass=dir

tcontext=install_recovery
avc: granted { search } for comm="applypatch" name="saved.file"
scontext=u:r:install_recovery:s0 tcontext=u:object_r:cache_file:s0
tclass=dir
avc: granted { read } for comm="applypatch" name="saved.file"
dev="mmcblk0p6" ino=14 scontext=u:r:install_recovery:s0
tcontext=u:object_r:cache_file:s0 tclass=file
avc: granted { getattr } for comm="applypatch" path="/cache/saved.file"
dev="mmcblk0p6" ino=14 scontext=u:r:install_recovery:s0
tcontext=u:object_r:cache_file:s0 tclass=file

tcontext=update_engine
avc: granted { search } for comm="update_engine" name="cache"
dev="sda35" ino=1409025 scontext=u:r:update_engine:s0
tcontext=u:object_r:cache_file:s0 tclass=dir"
avc: granted { read } for comm="update_engine" name="update.zip"
dev="sda35" ino=1409037 scontext=u:r:update_engine:s0
tcontext=u:object_r:cache_file:s0:c512,c768 tclass=file
avc: granted { read } for comm="update_engine" name="cache" dev="dm-0"
ino=16 scontext=u:r:update_engine:s0 tcontext=u:object_r:cache_file:s0
tclass=lnk_file

Bug: 28760354
Test: build policy.

Change-Id: Ia13fe47268df904bd4f815c429a0acac961aed1e
(cherry picked from commit 5fd60597d7d04c1861e7d8f3938384efb0384386)
 2017-07-10 10:56:15 -07:00
Lorenzo Colitti
07e631d2e0 Temporarily revert the SELinux policy for persist.netd.stable_secret. 
This change did not make it into core sepolicy in time for O.
The revert allows devices to define these selinux policies in
vendor-specific sepolicy instead of core sepolicy. It is
necessary because:

1. It is too late to change property_contexts in O.
2. Adding the netd_stable_secret prop to vendor sepolicy results
   in a duplicate definition error at compile time.
3. Defining a new vendor-specific context (such as
   net_stable_secret_vendor_prop) and applying it to
   persist.netd.stable_secret results in the device not booting
   due to attempting to apply two different contexts to the same
   property.

Lack of the sepolicy no longer breaks wifi connectivity now that
IpManager no longer considers failure to set the stable secret to
be a fatal error.

Once all interested devices have adopted the vendor sepolicy,
this policy can safely be reinstated by reverting said vendor
sepolicies in internal master.

This reverts commit abb1ba6532.

Bug: 17613910
Test: bullhead builds, boots, connects to wifi
Change-Id: Idffcf78491171c54bca9f93cb920eab9b1c47709
 2017-07-11 02:46:40 +09:00
Jeff Vander Stoep
3e5bb807fc domain_deprecated: remove access to /proc/meminfo 
Logs indicate that all processes that require access already have it.

Bug: 28760354
Test: build
Merged-In: I3dfa16bf4fba7f653c5f8525e8c565e9e24334a8
Change-Id: I3dfa16bf4fba7f653c5f8525e8c565e9e24334a8
 2017-07-10 17:27:57 +00:00
Jeff Vander Stoep
278146f29f dumpstate: remove domain_deprecated attribute am: 90ae4f6b93 am: 772857373b am: d5d98a4dbf 
am: fcfeb3e0d0

Change-Id: Ib50c35e368764f7acb87e23c1a0091ad7eeb1fd4
 2017-07-10 16:57:10 +00:00
Jeff Vander Stoep
fcfeb3e0d0 dumpstate: remove domain_deprecated attribute am: 90ae4f6b93 am: 772857373b 
am: d5d98a4dbf

Change-Id: I1dbcbcbb940fdcf94e2634f43d933c91bb13ce41
 2017-07-10 16:52:29 +00:00
Jeff Vander Stoep
e0e2b35ba7 Remove dumpstate selinux spam from logs am: f4ce8f6c06 am: 4e6f67fb37 
am: 55efefc33c

Change-Id: Ib67a9685e41019a290c903dc5b733d405ddddf61
 2017-07-10 16:52:16 +00:00
Jeff Vander Stoep
d5d98a4dbf dumpstate: remove domain_deprecated attribute am: 90ae4f6b93 
am: 772857373b

Change-Id: I19c2b7107293fbe903cd6601f36b85aa3d099f80
 2017-07-10 16:47:59 +00:00
Jeff Vander Stoep
55efefc33c Remove dumpstate selinux spam from logs am: f4ce8f6c06 
am: 4e6f67fb37

Change-Id: Ia3fe7f33ca0dc2f18040d3128ce84f0878fc8d63
 2017-07-10 16:47:45 +00:00
Jeff Vander Stoep
772857373b dumpstate: remove domain_deprecated attribute 
am: 90ae4f6b93

Change-Id: Ia793ed369cc05c123fb013fd10e8b19f006d92ff
 2017-07-10 16:44:05 +00:00
Jeff Vander Stoep
4e6f67fb37 Remove dumpstate selinux spam from logs 
am: f4ce8f6c06

Change-Id: Ie0bc01a5b8acc6b79a3a31d5807f46f1e1df8c6c
 2017-07-10 16:43:47 +00:00
Jeff Vander Stoep
90ae4f6b93 dumpstate: remove domain_deprecated attribute 
Clean up "granted" logspam. Grant the observered audited permissions
including:

tcontext=cache_file
avc: granted { getattr } for comm="df" path="/cache" dev="mmcblk0p9"
ino=2 scontext=u:r:dumpstate:s0 tcontext=u:object_r:cache_file:s0
tclass=dir
avc: granted { search } for comm="Binder:8559_2" name="cache"
dev="sda13" ino=1654785 scontext=u:r:dumpstate:s0
tcontext=u:object_r:cache_file:s0 tclass=dir
avc: granted { read } for comm="Binder:8559_2" name="cache" dev="dm-0"
ino=23 scontext=u:r:dumpstate:s0 tcontext=u:object_r:cache_file:s0
tclass=lnk_file

tcontext=proc
avc: granted { getattr } for comm="Binder:14529_2"
path="/proc/sys/fs/pipe-max-size" dev="proc" ino=247742
scontext=u:r:dumpstate:s0 tcontext=u:object_r:proc:s0
tclass=file
avc: granted { read } for comm="Binder:22671_2" name="cmdline"
dev="proc" ino=4026532100 scontext=u:r:dumpstate:s0
tcontext=u:object_r:proc:s0 tclass=file
avc: granted { read open } for comm="dumpstate"
path="/proc/sys/fs/pipe-max-size" dev="proc" ino=105621
scontext=u:r:dumpstate:s0 tcontext=u:object_r:proc:s0
tclass=file

tcontext=sysfs
avc: granted { read open } for comm="Binder:14459_2"
path="/sys/devices/virtual/block/md0/stat" dev="sysfs" ino=51101
scontext=u:r:dumpstate:s0 tcontext=u:object_r:sysfs:s0 tclass=file
avc: granted { read open } for comm="Binder:21377_2"
path="/sys/devices/soc/1da4000.ufshc/host0/target0:0:0/0:0:0:1/block/sdb/sdb1"
dev="sysfs" ino=40888 scontext=u:r:dumpstate:s0
tcontext=u:object_r:sysfs:s0 tclass=dir
avc: granted { getattr } for comm="dumpstate" dev="sysfs" ino=40456
scontext=u:r:dumpstate:s0 tcontext=u:object_r:sysfs:s0 tclass=file

tcontext=proc_meminfo
avc: granted { read } for comm="top" name="meminfo" dev="proc"
ino=4026532106 scontext=u:r:dumpstate:s0
tcontext=u:object_r:proc_meminfo:s0 tclass=file
avc: granted { read open } for comm="top" path="/proc/meminfo"
dev="proc" ino=4026532106 scontext=u:r:dumpstate:s0
tcontext=u:object_r:proc_meminfo:s0 tclass=file

tcontext=rootfs
avc: granted { getattr } for comm="df" path="/" dev="dm-0" ino=2
scontext=u:r:dumpstate:s0 tcontext=u:object_r:rootfs:s0 tclass=dir
avc: granted { getattr } for comm="ip" path="/vendor" dev="rootfs"
ino=99 scontext=u:r:dumpstate:s0 tcontext=u:object_r:rootfs:s0
tclass=lnk_file

tcontext=selinuxfs
avc: granted { getattr } for comm="df" path="/sys/fs/selinux"
dev="selinuxfs" ino=1 scontext=u:r:dumpstate:s0
tcontext=u:object_r:selinuxfs:s0 tclass=dir

tcontext=system_file
avc: granted { read open } for comm="dumpstate" path="/system/lib64/hw"
dev="dm-0" ino=1947 scontext=u:r:dumpstate:s0
tcontext=u:object_r:system_file:s0 tclass=dir

tcontext=system_data_file
avc: granted { read } for comm="ip" path="/data/misc/net/rt_tables"
dev="sda10" ino=1458261 scontext=u:r:dumpstate:s0
tcontext=u:object_r:system_data_file:s0 tclass=file
avc: granted { getattr } for comm="ip" path="/data/misc/net/rt_tables"
scontext=u:r:dumpstate:s0 tcontext=u:object_r:system_data_file:s0
tclass=file

Bug: 28760354
Test: Build policy
Change-Id: Iae69f710d6b6dc6158cf6bb6ff61168c8df11263
 2017-07-09 21:28:45 -07:00
Jeff Vander Stoep
f4ce8f6c06 Remove dumpstate selinux spam from logs 
Addresses:
avc: granted { read } for name="pipe-max-size" dev="proc" ino=470942 scontext=u:r:dumpstate:s0 tcontext=u:object_r:proc:s0 tclass=file
avc: granted { read open } for path="/proc/sys/fs/pipe-max-size" dev="proc" ino=470942 scontext=u:r:dumpstate:s0 tcontext=u:object_r:proc:s0 tclass=file

Test: build policy
Change-Id: I7d8721c73c4f3c51b3885a97c697510e61d1221b
(cherry picked from commit f44002b378)
 2017-07-09 21:24:16 -07:00
Jeff Vander Stoep
1167f56f1a domain_deprecated: remove tmpfs dir access am: ca5bb3371d am: 453f4a51c6 am: 407e9457b2 
am: 8b0f89e45b

Change-Id: I02aefb28ad044dc7d85956156fde638c101bdbe5
 2017-07-06 17:06:49 +00:00
Jeff Vander Stoep
8b0f89e45b domain_deprecated: remove tmpfs dir access am: ca5bb3371d am: 453f4a51c6 
am: 407e9457b2

Change-Id: If277928809ec2bcaf7f72ef9cba5dd5d45d333ca
 2017-07-06 16:45:09 +00:00
Jeff Vander Stoep
407e9457b2 domain_deprecated: remove tmpfs dir access am: ca5bb3371d 
am: 453f4a51c6

Change-Id: Iff9292a4a92fdd78eebdf2ec5fab8d571fc755f6
 2017-07-06 16:43:10 +00:00
Jeff Vander Stoep
453f4a51c6 domain_deprecated: remove tmpfs dir access 
am: ca5bb3371d

Change-Id: I185d127216ee72821c64daf31601fdcbe1a9c069
 2017-07-06 16:41:20 +00:00
Jeff Vander Stoep
d006aea03f Merge "Preserve attributes needed for CTS" into oc-dr1-dev 
am: 1eff641730

Change-Id: I095df5cbd680d495fac54186ab16e2287d454c3a
 2017-07-06 16:38:13 +00:00
Jeff Vander Stoep
ca5bb3371d domain_deprecated: remove tmpfs dir access 
Address "granted" audit messages for dumpstate use of df.

avc: granted { getattr } for comm="df" path="/mnt" dev="tmpfs"
scontext=u:r:dumpstate:s0 tcontext=u:object_r:tmpfs:s0
tclass=dir
avc: granted { search } for comm="df" name="/" dev="tmpfs"
scontext=u:r:dumpstate:s0 tcontext=u:object_r:tmpfs:s0
tclass=dir

Bug: 28760354
Test: Build, check logs.
Change-Id: I920948a5f0bce1b4bd2f15779730df8b3b1fea5a
 2017-07-05 22:44:21 -07:00
Jeff Vander Stoep
5f5aa96286 Preserve attributes needed for CTS 
Change fb889f23d "Force expand all hal_* attributes" annotated all
hal_* attributes to be expanded to their associated types. However
some of these attributes are used in CTS for neverallow checking.
Mark these attributes to be preserved.

In addition, remove the hacky workaround introduced in oc-dev
for b/62658302 where extraneous neverallow rules were introduced
to prevent unused or negated attributes from being auto-expanded
from policy.

Bug: 62658302
Bug: 63135903
Test: cts-tradefed run cts -m CtsSecurityHostTestCases -t \
    android.cts.security.SELinuxNeverallowRulesTest

    armeabi-v7a CtsSecurityHostTestCases completed in 4s.
    501 passed, 0 failed, 0 not executed
Merged-In: I989def70a16f66e7a18bef1191510793fbe9cb8c
Change-Id: I989def70a16f66e7a18bef1191510793fbe9cb8c
 2017-07-05 23:06:35 +00:00
Jeff Vander Stoep
bf8ed096e3 Preserve attributes needed for CTS 
Change fb889f23d "Force expand all hal_* attributes" annotated all
hal_* attributes to be expanded to their associated types. However
some of these attributes are used in CTS for neverallow checking.
Mark these attributes to be preserved.

In addition, remove the hacky workaround introduced in oc-dev
for b/62658302 where extraneous neverallow rules were introduced
to prevent unused or negated attributes from being auto-expanded
from policy.

Bug: 62658302
Bug: 63135903
Test: cts-tradefed run cts -m CtsSecurityHostTestCases -t \
    android.cts.security.SELinuxNeverallowRulesTest

    armeabi-v7a CtsSecurityHostTestCases completed in 4s.
    501 passed, 0 failed, 0 not executed
Change-Id: I989def70a16f66e7a18bef1191510793fbe9cb8c
 2017-07-05 16:04:44 -07:00
TreeHugger Robot
cdb2c66e4f Merge "Revert "allow recovery to run mke2fs tools"" 2017-07-05 21:07:17 +00:00
Jin Qian
0e479700b5 Revert "allow recovery to run mke2fs tools" 
This reverts commit 7e57731898.
 2017-07-05 12:11:48 -07:00
Nick Kralevich
46f2dcb18e resolve merge conflicts of a92d3135 to stage-aosp-master am: b748e652e9 
am: aa33afc90d

Change-Id: I39b6028f7960b13af1fd83cbfa0f7fec4cac1bab
 2017-07-03 07:23:47 +00:00
Nick Kralevich
aa33afc90d resolve merge conflicts of a92d3135 to stage-aosp-master 
am: b748e652e9

Change-Id: I4cd3587232e426b2684c77a7cb548b006f6f8647
 2017-07-03 07:20:17 +00:00