- Mar 12, 2018
-
-
Bowgo Tsai authored/odm partition isn't mandatory and the following symlinks will exist on a device without /odm partition. /odm/app ->/vendor/odm/app /odm/bin ->/vendor/odm/bin /odm/etc ->/vendor/odm/etc /odm/firmware ->/vendor/odm/firmware /odm/framework ->/vendor/odm/framework /odm/lib -> /vendor/odm/lib /odm/lib64 -> /vendor/odm/lib64 /odm/overlay -> /vendor/odm/overlay /odm/priv-app -> /vendor/odm/priv-app This CL allows all domains to access the symlinks, also removes the Treble compliance neverallows on them because the actual restrictions should apply to the real path directly. Bug: 70678783 Test: boot a device Change-Id: If1522780a13710d8a592272dc688685cbae29f52 (cherry picked from commit dd6efea2)
-
- Mar 08, 2018
-
-
TreeHugger Robot authored
-
TreeHugger Robot authored
-
TreeHugger Robot authored
-
Jaekyun Seok authored
For now, persist.rcs.supported has only vendor-init-settable, but it turned out that the property should be read by vendor components in some devices including 2018 Pixels. Bug: 74266614 Test: succeeded building and tested on a blueline device with PRODUCT_COMPATIBLE_PROPERTY_OVERRIDE=true Change-Id: I926eb4316c178a39693300fe983176acfb9cabec
-
Jong Wook Kim authored
-
- Mar 07, 2018
-
-
Joel Galenson authored
When building userdebug or eng builds, we still want to build the user policy when checking neverallow rules so that we can catch compile errors. Commit c0713e86 split out a helper function but lost one instance of using user instead of the real variant. This restores that one and adds it to the neverallow check. Bug: 74344625 Test: Added a rule that referred to a type defined only in userdebug and eng and ensure we throw a compile error when building userdebug mode. Change-Id: I1a6ffbb36dbeeb880852f9cbac880f923370c2ae
-
TreeHugger Robot authored
-
Ruchi Kandoi authored
Test: eSE initializes at boot Bug: 64881253 Change-Id: Ib2388b7368c790c402c000adddf1488bee492cce (cherry picked from commit ea3cf000)
-
Kweku Adams authored
Bug: 72177715 Bug: 72384374 Test: flash device and make sure incidentd is getting data without SELinux denials Change-Id: I684fe014e19c936017a466ec2d6cd2e1f03022c0 (cherry picked from commit 06ac7dba)
-
TreeHugger Robot authored
-
Joel Galenson authored
Remove a fixed bug from bug_map. Bug: 62140539 Test: Built policy. Change-Id: I2ce9e48de92975b6e37ca4a3a4c53f9478b006ef
-
Joel Galenson authored
This should fix presubmit tests. Bug: 74331887 Test: Built policy. Change-Id: Ie9ef75a7f9eaebf1103e3d2f3b4521e9abaf2fe7
-
Chenbo Feng authored
With the new patches backported to 4.9 kernels, the bpf file system now take the same file open flag as bpf_obj_get. So system server now need read permission only for both bpf map and fs_bpf since we do not need system server to edit the map. Also, the netd will always pass stdin stdout fd to the process forked by it and do allow it will cause the fork and execev fail. We just allow it pass the fd to bpfloader for now until we have a better option. Test: bpfloader start successful on devices with 4.9 kernel. run cts -m CtsNetTestCases -t android.net.cts.TrafficStatsTest Bug: 74096311 Bug: 30950746 Change-Id: I747a51cb05ae495c155e7625a3021fc77f921e0d
-
- Mar 05, 2018
-
-
Daichi Ueura authored
Update sepolicy permission to allow hostapd to setup socket for socket based control interface. Sepolicy denial for accessing /data/vendor/wifi/hostapd/ctrl: 02-23 12:32:06.186 3068 3068 I hostapd : type=1400 audit(0.0:36): avc: denied { create } for name="ctrl" scontext=u:r:hal_wifi_hostapd_default:s0 tcontext=u:object_r:hostapd_data_file:s0 tclass=dir permissive=1 02-23 12:32:06.186 3068 3068 I hostapd : type=1400 audit(0.0:37): avc: denied { setattr } for name="ctrl" dev="sda35" ino=131410 scontext=u:r:hal_wifi_hostapd_default:s0 tcontext=u:object_r:hostapd_data_file:s0 tclass=dir permissive=1 02-23 12:32:06.190 3068 3068 I hostapd : type=1400 audit(0.0:38): avc: denied { create } for name="wlan0" scontext=u:r:hal_wifi_hostapd_default:s0 tcontext=u:object_r:hostapd_data_file:s0 tclass=sock_file permissive=1 02-23 12:32:06.190 3068 3068 I hostapd : type=1400 audit(0.0:39): avc: denied { setattr } for name="wlan0" dev="sda35" ino=131411 scontext=u:r:hal_wifi_hostapd_default:s0 tcontext=u:object_r:hostapd_data_file:s0 tclass=sock_file permissive=1 Bug: 73419160 Test: Manual check that softAp works Change-Id: I2e733e168feceeab2d557f7704832c143e352375
-
- Mar 02, 2018
-
-
Jerry Zhang authored
am: 66adf0cd Change-Id: I88a90ad2fc9243724e4ddb6f9da469857ffd115b
-
Jerry Zhang authored
am: caf0139b Change-Id: I874a41e0072352f5b8a0fc2b0080913c206520e1
-
Jerry Zhang authored
am: 1d401545 Change-Id: I7502e6ff1e45c12340b9f830bcc245fd2c80996e
-
- Mar 01, 2018
-
-
-
-
Ryan Longair authored
am: 1ee556ed -s ours Change-Id: I3cc14d0b4d61136651c89671d2b134a86fc9450f
-
-
-
Ryan Longair authored
am: b7602d76 Change-Id: Ic731e6165c89f205bce4c96fbf760454550acd81
-
Jerry Zhang authored
UsbDeviceManager in system_server now helps set up the endpoint files. Bug: 72877174 Test: No selinux denials Change-Id: I96b11ee68799ac29b756d2034e7f5e4660dbed98
-
Ryan Longair authored
Bug:74022614 Test: `sts-tradefed run sts -m CtsSecurityHostTestCases -t android.cts.security.SELinuxNeverallowRulesTest` Merged-In: I53f7bef927bcefdbe0edd0b919f11bdaa134a48b Change-Id: I53f7bef927bcefdbe0edd0b919f11bdaa134a48b
-
Ryan Longair authored
Bug:74022614 Test: `sts-tradefed run sts -m CtsSecurityHostTestCases -t android.cts.security.SELinuxNeverallowRulesTest` Change-Id: I53f7bef927bcefdbe0edd0b919f11bdaa134a48b
-
-
Android Build Merger (Role) authored
[automerger] Fix sepolicy-analyze makefile so it is included in STS builds am: 7dab0f94 am: fa412d2d am: e9a260bb am: 89455f2e Change-Id: Ic7c0f37773c22bd11e9b48e07bc46766d053da58
-
Android Build Merger (Role) authored
[automerger] Fix sepolicy-analyze makefile so it is included in STS builds am: 7dab0f94 am: fa412d2d am: e9a260bb Change-Id: Id65e91d0c3bdced074a6aa99902fcdfc0d97628c
-
Android Build Merger (Role) authored
[automerger] Fix sepolicy-analyze makefile so it is included in STS builds am: 7dab0f94 am: fa412d2d Change-Id: I5ae440fe30e214250bf66ea023104ab383700a54
-
Android Build Merger (Role) authored
Change-Id: I9a4944f131547c11329167bc327c0de2c08e1f20
-
Ryan Longair authored
Bug:74022614 Test: `sts-tradefed run sts -m CtsSecurityHostTestCases -t android.cts.security.SELinuxNeverallowRulesTest` Merged-In: I53f7bef927bcefdbe0edd0b919f11bdaa134a48b Change-Id: I53f7bef927bcefdbe0edd0b919f11bdaa134a48b
-
Alan Stokes authored
am: 0d12c356 Change-Id: I245c2914f51f317758148123dc1368c326f562f1
-
Alan Stokes authored
am: 324e6ef5 Change-Id: I6ed15ce344d61eab4d81928b09020d7fb0fb757a
-
Alan Stokes authored
am: 17d008ae Change-Id: Ib6305067a4f3bf30df918c63a049b7d689f9c255
-
Alan Stokes authored
We already grant rw file access, but without dir search it's not much use. denied { search } for name="vibrator" dev="sysfs" ino=49606 scontext=u:r:hal_vibrator_default:s0 tcontext=u:object_r:sysfs_vibrator:s0 tclass=dir permissive=0 Bug: 72643420 Test: Builds, denial gone Change-Id: I3513c0a14f0ac1e60517009046e2654f1fc45c66 -
-
-
-