Commit: 86cb521502 gave /dev/memcg a
new label, but also explicitly prohibited access to vendor domains.
Add the type to the 'new types' and don't map it to any other type
for backwards compatibility.
Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: I8902716830b162ead69834544ace9e02a94c65b4
Commit: 38f0928fb0 added a type for a
new system service. This service did not exist previously, so mark
the type as not needing any compat entry.
Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: I52d8e144c614b27f5c52fa99be6cfac87159bbcd
Commit: 78e595deab added a new hwservice,
which replaced a previous system service. This effectively means we are
deleting one object and creating a new one, so no compatibility mapping
should be necessary since previous vendor processes trying to access the
service will not be able to find it now independent of policy.
Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: I6882d968dccb55561379e940f6ecb62902bb1659
Commit: b8f7a40833 removed three
attributes from public policy. These attributes could be assigned
to vendor types, and so need to be kept in policy when combined with
vendor policy of that version.
Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: I7d71ef7795f8b82c214c2ef72478c3ca84d1869c
Commit: 4dc88795d0 changed the label of
uid_time_in_state from proc to proc_uid_time_in_state. This file
could have been used by vendor services. Add a compat mapping.
Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: I2e5222c4d4fe12cb0bbc4e85ba53c1f59b714d61
Commits 7fa51593c8 and
92fdd8954f removed the
tracing_shell_writable and tracing_shell_writable_debug types, and
relabeled the files with debugfs_tracing and debugfs_tracing_debug,
respectively. Record this in the compatibility file so that vendor
policy using these types will still work.
Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: Ic6573518035514a86abe2081483431427612699e
Commit: abb1ba6532 added policy for a
new property, which was not present in O. This policy introduced a
new type. Record it as such.
Bug: 62573845
Test: None, prebuilt change only.
Change-Id: I7d90cd69a5e6e29677598cc109676d5b1ce5ba05
Commit: bde5c8013d added a new type,
mediaprovider, which is being applied to an object (process) formerly
labeled as priv_app. Add the new type to the versioned attribute for
priv_app so that any vendor policy written for interaction with
mediaprovider continues to work.
Bug: 62573845
Test: None. Prebuilt-only change.
Change-Id: Id98293369401a2af23c2328a1cb4a5bb2258aac8
Commit: 50889ce0eb added policy for a
new service, which was not present in O. This policy introduced a
new type. Record it as such.
Bug: 62573845
Test: None, prebuilt change only.
Change-Id: If9cfaff813c47d3b1c8374e8abfb4aedb902d486
Commit: 11bfcc1e96 added policy for
a new socket which was not present in O. This socket has a new
type associated with it. Record the type as a new type so that
compatibility testing will not complain.
Bug: 62573845
Test: None, prebuilt change only.
Change-Id: I375fc9ca0bd201e277a0302d9b34c0da0eb40fbd
Commit 5f573ab2aa added policy for
the additions of upstream fs tools. Make sure the new types are
denoted as such (no object relabeling needs to be done) and that
objects which are relabeled are.
Bug: 35219933
Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: I6515e05ebc60ca08e98029f471cf2861826036fc
domain_deprecated is a private attribute, which means that none of
its rules will be copied to vendor policy. Unfortunately, this
means that any public type that used the attribute now loses policy
rules on which a vendor may have been relying unknowingly. Add the
domain back in the compatiblity file so that O vendor policy remains
sufficient.
Bug: 62573845
Test: None, prebuilt change and prebuilt tests not in yet.
Change-Id: I2c4ce00ecb102f087472e183fa52d072fe6eb398
This was marked deprecated in 2014 and removed in 2015, let's remove
the sepolicy now too.
(Originally submitted in commit: 8c60f74dcc)
Bug: 38242876
Test: Builds and boots.
Change-Id: I4caa0dbf77956fcbc61a07897242b951c275b502
Add /dev/kmsg_debug on userdebug devices, to allow crash_dump to log
crashes to dmesg when logd isn't up yet (or is the one crashing).
(Originally commited in a015186fab)
Bug: 36574794
Bug: 62101480
Test: Builds and boots.
Change-Id: I249e11291c58fee77098dec3fd3271ea23363ac9
More changes went into oc-dev after the freeze-date. Reflect them.
Bug: 37896931
Test: prebuilts - none.
Change-Id: I3300751ea7362d5d96b327138544be65eb9fc483
commit: 5c6a227ebb added the oc-dev
sepolicy prebuilts (api 26.0), but did not include the corresponding
base mapping file, which is to be maintained along with current
platform development in order to ensure backwards compatibility.
Bug: 37896931
Test: none, this just copies the old mapping file to prebuilts.
Change-Id: Ia5c36ddab036352845878178fa9c6a9d649d238f
Copy the final system sepolicy from oc-dev to its prebuilt dir
corresponding to its version (26.0) so that we can uprev policy and
start maintaining compatibility files, as well as use it for CTS
tests targeting future platforms.
Bug: 37896931
Test: none, this just copies the old policy.
Change-Id: Ib069d505e42595c467e5d1164fb16fcb0286ab93
