- Mar 13, 2018
-
-
Jaekyun Seok authoredvendor-init-settable should be allowed to ro.enable_boot_charger_mode so that SoC vendors can set its default value. Bug: 74421250 Test: succeeded building and tested with taimen Change-Id: I2859aab29fefb7882989413a089b0de55142d2f1 Merged-In: I2859aab29fefb7882989413a089b0de55142d2f1 (cherry picked from commit 46bc518c)
-
TreeHugger Robot authored
-
Jakub Pawlowski authored
Bug: 69623109 Change-Id: I7d194a3489fc5ff278cef7bebe9bfe6c39d3b2b8 (cherry-picked from 4a40c592404bdc2032067f4a3fac2f33b9246aa0)
-
Petri Gynther authored
-
Petri Gynther authored
-
- Mar 12, 2018
-
-
TreeHugger Robot authored
-
Joel Galenson authored
It should instead write to /data/vendor/wifi. Bug: 36645291 Test: Built policy. Change-Id: Ib7ba3477fbc03ebf07b886c60bcf4a64b954934a (cherry picked from commit cc9b30a1)
-
TreeHugger Robot authored
-
TreeHugger Robot authored
-
TreeHugger Robot authored
-
Sunny Kapdi authored
Add rule to allow Binder call from Bluetooth process to Bluetooth audio HIDL interface running in audio HAL service process. Bug: 63932139 Bug: 72242910 Test: Manual; TestTracker/148125 Change-Id: I1981a78bece10b8e516f218d3edde8b77943d130 (cherry picked from commit e8cfac90e8bf14466b6431a21bc5ccd4bf6ca3ea)
-
Aniket Kumar Lata authored
Provide read/write access to audioserver for Bluetooth properties used with A2DP offload. Bug: 63932139 Bug: 68824150 Test: Manual; TestTracker/148125 Change-Id: I40c932d085ac55bc45e6654f966b2c9d244263d0 (cherry picked from commit 041049bc7a4e29dcca48e2c068b92aa8a8157d90)
-
Amit Mahajan authored
This reverts commit 016f0a58. Reason for revert: Was temporarily reverted, merging back in with fix. Bug: 74486619 Bug: 36427227 Change-Id: Ide68726a90d5485c2758673079427407aee1e4f2
-
Bowgo Tsai authored
/odm partition isn't mandatory and the following symlinks will exist on a device without /odm partition. /odm/app ->/vendor/odm/app /odm/bin ->/vendor/odm/bin /odm/etc ->/vendor/odm/etc /odm/firmware ->/vendor/odm/firmware /odm/framework ->/vendor/odm/framework /odm/lib -> /vendor/odm/lib /odm/lib64 -> /vendor/odm/lib64 /odm/overlay -> /vendor/odm/overlay /odm/priv-app -> /vendor/odm/priv-app This CL allows all domains to access the symlinks, also removes the Treble compliance neverallows on them because the actual restrictions should apply to the real path directly. Bug: 70678783 Test: boot a device Change-Id: If1522780a13710d8a592272dc688685cbae29f52 (cherry picked from commit dd6efea2)
-
TreeHugger Robot authored
-
TreeHugger Robot authored
-
- Mar 11, 2018
-
-
Jeffrey Vander Stoep authored
This reverts commit eeda6c61. Reason for revert: broken presubmit tests Bug: 74486619 Change-Id: I103c3faa1604fddc27b3b4602b587f2d733827b1
-
- Mar 09, 2018
-
-
TreeHugger Robot authored
-
- Mar 08, 2018
-
-
TreeHugger Robot authored
-
Amit Mahajan authored
Also change the neverallow exceptions to be for hal_telephony_server instead of rild. Test: Basic telephony sanity, treehugger Bug: 36427227 Change-Id: If892b28416d98ca1f9c241c5fcec70fbae35c82e
-
TreeHugger Robot authored
-
TreeHugger Robot authored
-
Jaekyun Seok authored
For now, persist.rcs.supported has only vendor-init-settable, but it turned out that the property should be read by vendor components in some devices including 2018 Pixels. Bug: 74266614 Test: succeeded building and tested on a blueline device with PRODUCT_COMPATIBLE_PROPERTY_OVERRIDE=true Change-Id: I926eb4316c178a39693300fe983176acfb9cabec
-
Joel Galenson authored
This commit adds new SELinux permissions and neverallow rules so that taking a bugreport does not produce any denials. Bug: 73256908 Test: Captured bugreports on Sailfish and Walleye and verified that there were no denials. Merged-In: If3f2093a2b51934938e3d7e5c42036b2e2bf6de9 Change-Id: If3f2093a2b51934938e3d7e5c42036b2e2bf6de9 (cherry picked from commit daf1cdfa5ac7eca95f3b21034174a495a6760e47)
-
Jiyong Park authored
Sub directories under /odm (or /vendor/odm when there isn't an odm partition) are labeled so that artifacts under the sub directories are treated the same as their counterpart in the vendor partition. For example, /odm/app/* is labeled as vendor_app_file just like /vendor/app/*. Bug: 71366495 Test: m -j Merged-In: I72a14fd55672cd2867edd88ced9828ea49726694 Change-Id: I72a14fd55672cd2867edd88ced9828ea49726694 (cherry picked from commit 2f101551)
-
Jong Wook Kim authored
-
- Mar 07, 2018
-
-
Joel Galenson authored
When building userdebug or eng builds, we still want to build the user policy when checking neverallow rules so that we can catch compile errors. Commit c0713e86 split out a helper function but lost one instance of using user instead of the real variant. This restores that one and adds it to the neverallow check. Bug: 74344625 Test: Added a rule that referred to a type defined only in userdebug and eng and ensure we throw a compile error when building userdebug mode. Change-Id: I1a6ffbb36dbeeb880852f9cbac880f923370c2ae
-
TreeHugger Robot authored
-
Ruchi Kandoi authored
Test: eSE initializes at boot Bug: 64881253 Change-Id: Ib2388b7368c790c402c000adddf1488bee492cce (cherry picked from commit ea3cf000)
-
Kweku Adams authored
Bug: 72177715 Bug: 72384374 Test: flash device and make sure incidentd is getting data without SELinux denials Change-Id: I684fe014e19c936017a466ec2d6cd2e1f03022c0 (cherry picked from commit 06ac7dba)
-
TreeHugger Robot authored
-
Joel Galenson authored
Remove a fixed bug from bug_map. Bug: 62140539 Test: Built policy. Change-Id: I2ce9e48de92975b6e37ca4a3a4c53f9478b006ef
-
Joel Galenson authored
This should fix presubmit tests. Bug: 74331887 Test: Built policy. Change-Id: Ie9ef75a7f9eaebf1103e3d2f3b4521e9abaf2fe7
-
Chenbo Feng authored
With the new patches backported to 4.9 kernels, the bpf file system now take the same file open flag as bpf_obj_get. So system server now need read permission only for both bpf map and fs_bpf since we do not need system server to edit the map. Also, the netd will always pass stdin stdout fd to the process forked by it and do allow it will cause the fork and execev fail. We just allow it pass the fd to bpfloader for now until we have a better option. Test: bpfloader start successful on devices with 4.9 kernel. run cts -m CtsNetTestCases -t android.net.cts.TrafficStatsTest Bug: 74096311 Bug: 30950746 Change-Id: I747a51cb05ae495c155e7625a3021fc77f921e0d
-
- Mar 05, 2018
-
-
Daichi Ueura authored
Update sepolicy permission to allow hostapd to setup socket for socket based control interface. Sepolicy denial for accessing /data/vendor/wifi/hostapd/ctrl: 02-23 12:32:06.186 3068 3068 I hostapd : type=1400 audit(0.0:36): avc: denied { create } for name="ctrl" scontext=u:r:hal_wifi_hostapd_default:s0 tcontext=u:object_r:hostapd_data_file:s0 tclass=dir permissive=1 02-23 12:32:06.186 3068 3068 I hostapd : type=1400 audit(0.0:37): avc: denied { setattr } for name="ctrl" dev="sda35" ino=131410 scontext=u:r:hal_wifi_hostapd_default:s0 tcontext=u:object_r:hostapd_data_file:s0 tclass=dir permissive=1 02-23 12:32:06.190 3068 3068 I hostapd : type=1400 audit(0.0:38): avc: denied { create } for name="wlan0" scontext=u:r:hal_wifi_hostapd_default:s0 tcontext=u:object_r:hostapd_data_file:s0 tclass=sock_file permissive=1 02-23 12:32:06.190 3068 3068 I hostapd : type=1400 audit(0.0:39): avc: denied { setattr } for name="wlan0" dev="sda35" ino=131411 scontext=u:r:hal_wifi_hostapd_default:s0 tcontext=u:object_r:hostapd_data_file:s0 tclass=sock_file permissive=1 Bug: 73419160 Test: Manual check that softAp works Change-Id: I2e733e168feceeab2d557f7704832c143e352375
-
- Mar 02, 2018
-
-
Jerry Zhang authored
am: 66adf0cd Change-Id: I88a90ad2fc9243724e4ddb6f9da469857ffd115b
-
Jerry Zhang authored
am: caf0139b Change-Id: I874a41e0072352f5b8a0fc2b0080913c206520e1
-
Jerry Zhang authored
am: 1d401545 Change-Id: I7502e6ff1e45c12340b9f830bcc245fd2c80996e
-
- Mar 01, 2018
-
-