Commits · 08a04202d656729a0edb64484039be35df70fafe · Werner Sembach / AndroidSystemSEPolicy

Jun 03, 2017
- crash_dump_fallback: allow dumpstate:fd use. am: 17885f14 am: a3a8a3a0 am: 8714f9e0 · 08a04202
  Josh Gao authored 7 years ago
  
  am: bef02a9e Change-Id: Ibf9d8b3ec662bebc625cefe9380ef33c345b95fb
  08a04202
- crash_dump_fallback: allow dumpstate:fd use. am: 17885f14 am: a3a8a3a0 · bef02a9e
  Josh Gao authored 7 years ago
  
  am: 8714f9e0 Change-Id: I669acdf32d54f9456268d3bfe43e1a114f3b96fd
  bef02a9e
- Merge "crash_dump_fallback: allow dumpstate:fd use." into oc-dev am: f378708c · a1cb00cc
  Josh Gao authored 7 years ago
  
  am: dbf8d028 Change-Id: Ic7504601de554becfefe1639b5f891079d24ff65
  a1cb00cc
- Merge "crash_dump_fallback: allow dumpstate:fd use." into oc-dev · dbf8d028
  Josh Gao authored 7 years ago
  
  am: f378708c Change-Id: Ia51ea7ccf0974ed1bacfea950571c6e10ed2b1bf
  dbf8d028
- crash_dump_fallback: allow dumpstate:fd use. am: 17885f14 · 8714f9e0
  Josh Gao authored 7 years ago
  
  am: a3a8a3a0 Change-Id: I63084a04ffe9d88aa6aadf5fbb9b7baa98ff3e35
  8714f9e0
- Merge "crash_dump_fallback: allow dumpstate:fd use." into oc-dev · f378708c
  Josh Gao authored 7 years ago
  
  f378708c
Jun 02, 2017

crash_dump_fallback: allow dumpstate:fd use. · a3a8a3a0
Josh Gao authored 7 years ago
```
am: 17885f14

Change-Id: I46546950720c4d3fa907f32a2af9ab42caa448ba
```
a3a8a3a0

crash_dump_fallback: allow dumpstate:fd use. · 2a00056a

Josh Gao authored 7 years ago

Bug: http://b/62297059
Test: mma
Merged-In: Ibcd93e5554a9c2dd75fbfb42294fbc9b96ebc8cc
Change-Id: Ibcd93e5554a9c2dd75fbfb42294fbc9b96ebc8cc
(cherry picked from commit 17885f14)

2a00056a

crash_dump_fallback: allow dumpstate:fd use. · 17885f14
Josh Gao authored 7 years ago
```
Bug: http://b/62297059
Test: mma
Change-Id: Ibcd93e5554a9c2dd75fbfb42294fbc9b96ebc8cc
```
17885f14

Jun 01, 2017
- Merge "Add missing sepolicies for OemLock HAL." into oc-dev am: 60e4fd9d · f387ecf3
  Andrew Scull authored 7 years ago
  
  am: 39a81fd5 Change-Id: I0e7a02ff77ef0e6490a481229e042145c9dfb89a
  f387ecf3
- Merge "Add missing sepolicies for the Weaver HAL." into oc-dev am: cd267450 · 69367b37
  Andrew Scull authored 7 years ago
  
  am: e8d4bec7 Change-Id: I14ea238856a8401427b02747ebb2c5750cc5e85f
  69367b37
- Merge "Add missing sepolicies for OemLock HAL." into oc-dev · 39a81fd5
  Andrew Scull authored 7 years ago
  
  am: 60e4fd9d Change-Id: I1628907aeb743c3cb0938e7993237206523fdeb5
  39a81fd5
- Merge "Add missing sepolicies for the Weaver HAL." into oc-dev · e8d4bec7
  Andrew Scull authored 7 years ago
  
  am: cd267450 Change-Id: I20479829d542df345275c0c2b4512788a30fba4c
  e8d4bec7
- Merge "Add missing sepolicies for OemLock HAL." into oc-dev · 60e4fd9d
  TreeHugger Robot authored 7 years ago
  
  60e4fd9d
- Merge "Add missing sepolicies for the Weaver HAL." into oc-dev · cd267450
  TreeHugger Robot authored 7 years ago
  
  cd267450
- resolve merge conflicts of e664e80a to oc-dev-plus-aosp · 8cb67753
  Neil Fuller authored 7 years ago
  
  am: 911e236a -s ours Change-Id: I0a1cf351e40f81c1ee26bc5b722f99ae4e242b7e
  8cb67753
- resolve merge conflicts of e664e80a to oc-dev-plus-aosp · 911e236a
  Neil Fuller authored 7 years ago
  
  Test: I solemnly swear I tested this conflict resolution. Change-Id: Icadf7c72ad173c134d3e95bb5b93c2b54b1b703e
  911e236a
- Merge "allow modprobe to load signed kernel modules" into oc-dev am: fc1d8d99 · f64e4df3
  Steve Muckle authored 7 years ago
  
  am: 06a4b61b Change-Id: I50d8c90eaba6161e839ceb9fc87a41540e15eead
  f64e4df3
- Merge "allow modprobe to load signed kernel modules" into oc-dev · 06a4b61b
  Steve Muckle authored 7 years ago
  
  am: fc1d8d99 Change-Id: Id41f7097fd0a48739293d4f8f06f296d0f189684
  06a4b61b
- Merge "allow modprobe to load signed kernel modules" into oc-dev · fc1d8d99
  TreeHugger Robot authored 7 years ago
  
  fc1d8d99
- Allow bootctl HAL to access misc block device. am: b0d59450 · b17b7637
  Andrew Scull authored 7 years ago
  
  am: 7c4f46b5 Change-Id: I88aa64b8847456f66310d632ee86929a76dfaf7b
  b17b7637
- Allow bootctl HAL to access misc block device. · 7c4f46b5
  Andrew Scull authored 7 years ago
  
  am: b0d59450 Change-Id: If85613b84aecf43b0519bb933d925eb1829e3d5e
  7c4f46b5
- Merge "Enable the TimeZoneManagerService" am: 34b4b737 · e664e80a
  Neil Fuller authored 7 years ago
  
  am: 2ff75628 Change-Id: I66cf4111e4d17e698cea7c8dc44d3294ce20a4ac
  e664e80a
- Merge "Enable the TimeZoneManagerService" · 2ff75628
  Neil Fuller authored 7 years ago
  
  am: 34b4b737 Change-Id: If25147ce3439abd0ab4a3abc1e330b373e43d9cb
  2ff75628
- allow modprobe to load signed kernel modules · 53add31a
  Steve Muckle authored 7 years ago
  
  Modprobe requires this permission or the following denial will prevent loading of signed kernel modules: audit: type=1400 audit(27331649.656:4): avc: denied { search } for pid=448 comm="modprobe" scontext=u:r:modprobe:s0 tcontext=u:r:kernel:s0 tclass=key permissive=0 Bug: 62256697 Test: Verified signed module loading on sailfish. Change-Id: Idde41d1ab58e760398190d6686665a252f1823bb
  53add31a
- Merge "Enable the TimeZoneManagerService" · 34b4b737
  Treehugger Robot authored 7 years ago
  
  View commits for tag android-o-preview-3 android-o-preview-3
  
  34b4b737
- Enable the TimeZoneManagerService · ca595e11
  Neil Fuller authored 8 years ago
  
  Add policy changes to enable a new service. The service is currently switched off in config, but this change is needed before it could be enabled. Bug: 31008728 Test: make droid Merged-In: I29c4509304978afb2187fe2e7f401144c6c3b4c6 Change-Id: I29c4509304978afb2187fe2e7f401144c6c3b4c6
  ca595e11
- Merge "Enable the TimeZoneManagerService" · 0a0b6a60
  TreeHugger Robot authored 7 years ago
  
  0a0b6a60
May 31, 2017

Merge "Verify correct application of labels and attributes" · f137fab5
TreeHugger Robot authored 7 years ago

f137fab5

Verify correct application of labels and attributes · 0366afdf

Jeff Vander Stoep authored 7 years ago

With project Treble, we're relying heavily on attributes for
permission inheritance and enforcement of separation between
platform and vendor components.

We neead tests that verify those attributes are correctly applied.
This change adds the framework for those tests including a wrapper
around libsepol for loading and querying policy, and a python module
for running tests on policy and file_contexts.

Included with the testing framework is a test asserting that the
coredomain attribute is only applied to core processes. This
verification is done using the following rules:
1. Domain's entrypoint is on /system - coredomain
2. Domain's entrypoint is on /vendor - not coredomain
3. Domain belongs to a whitelist of known coredomains - coredomain

In a subsequent commit these tests will be applied at build time.
However, I first need to fix existing Treble violations exposed by
this test. These tests will also be applied during CTS.

Test: LD_PRELOAD=$ANDROID_HOST_OUT/lib64/libsepolwrap.so python \
    treble.py -p $OUT/vendor/etc/selinux/precompiled_sepolicy \
    -f $OUT/vendor/etc/selinux/nonplat_file_contexts \
    -f $OUT/system/etc/selinux/plat_file_contexts
Bug: 37008075
Change-Id: I7825f5c2909a5801deaccf2bef2bfd227adb0ae9

0366afdf

Enable the TimeZoneManagerService · 50889ce0

Neil Fuller authored 8 years ago

Add policy changes to enable a new service. The service
is currently switched off in config, but this change is
needed before it could be enabled.

Bug: 31008728
Test: make droid
Change-Id: I29c4509304978afb2187fe2e7f401144c6c3b4c6

50889ce0

Allow bootctl HAL to access misc block device. · b0d59450

Andrew Scull authored 7 years ago

This is sometimes used for communication with the bootloader.

Bug: 62052545
Test: Build
Change-Id: I3ae37793407719e55ab0830129aa569c9018f7da

b0d59450

Add missing sepolicies for OemLock HAL. · 475954da
Andrew Scull authored 7 years ago
```
Bug: 38232801
Test: Build

Change-Id: Iccc16430e7502bb317f95bb2a5e2f021d8239a00
```
475954da
Add missing sepolicies for the Weaver HAL. · a939c432
Andrew Scull authored 7 years ago
```
Bug: 38233550
Test: Build
Change-Id: I7c2105d5f215a60a611110640afff25fc3403559
```
a939c432

SEPolicy: Allow app / system_server to write to dumpstate pipes. am:... · ab41aec8

Narayan Kamath authored 7 years ago

SEPolicy: Allow app / system_server to write to dumpstate pipes. am: a34781ae am: 32c7000e am: b25e8823
am: bf7a5bd6

Change-Id: I13dfde61b2d69ba690fbb6a1bf5aab76f990dbf9

ab41aec8

SEPolicy: Allow app / system_server to write to dumpstate pipes. am: a34781ae am: 32c7000e · bf7a5bd6
Narayan Kamath authored 7 years ago
```
am: b25e8823

Change-Id: I778011a48800ace4d865813b148efcdd88d166bb
```
bf7a5bd6
SEPolicy: Allow app / system_server to write to dumpstate pipes. am: a34781ae · b25e8823
Narayan Kamath authored 7 years ago
```
am: 32c7000e

Change-Id: I57d3af7a930f77be74feba88d9875c9b5b90ab7c
```
b25e8823
SEPolicy: Allow app / system_server to write to dumpstate pipes. · 32c7000e
Narayan Kamath authored 7 years ago
```
am: a34781ae

Change-Id: Ic4103ff418e69f000198bb588f0cfccc578ba324
```
32c7000e
Merge "SEPolicy: Changes for new stack dumping scheme." into oc-dev-plus-aosp · 66911735
Narayan Kamath authored 7 years ago
```
am: 6d9f42f0

Change-Id: I1894493c01399348bf0d83679bc119d00acc149e
```
66911735
Merge "SEPolicy: Changes for new stack dumping scheme." into oc-dev-plus-aosp · 6d9f42f0
TreeHugger Robot authored 7 years ago

6d9f42f0