Commits · 30e10aa86a037d36e7708c06511922eefd14339b · Werner Sembach / AndroidSystemSEPolicy

Feb 17, 2017

android.hidl.memory -> android.hidl.allocator · 30e10aa8

Steven Moreland authored 8 years ago

Test: hidl_test, device boots with allocator
Bug: 35327976
Change-Id: I6232a2823ff16058c70f173ec2332772048563f4

30e10aa8

Switch Camera HAL policy to _client/_server am: 3a8426bf am: 205d5cec am: 0aa2046d · d48016e0
Alex Klyubin authored 8 years ago
```
am: ac6081e7

Change-Id: Iadd638f507171153a63972537bc66576f4194971
```
d48016e0
Switch Camera HAL policy to _client/_server am: 3a8426bf am: 205d5cec · ac6081e7
Alex Klyubin authored 8 years ago
```
am: 0aa2046d

Change-Id: I82458248ea9873dda5574de3287ce92eb29fbb75
```
ac6081e7
Switch Camera HAL policy to _client/_server am: 3a8426bf · 0aa2046d
Alex Klyubin authored 8 years ago
```
am: 205d5cec

Change-Id: If3be3ae7ec1640ae9b417ec16f0a9f12396bb20d
```
0aa2046d
Switch Camera HAL policy to _client/_server · 205d5cec
Alex Klyubin authored 8 years ago
```
am: 3a8426bf

Change-Id: I03b6277ec93b56d9aa079add503effa9ebc7df26
```
205d5cec

Switch Camera HAL policy to _client/_server · 3a8426bf

Alex Klyubin authored 8 years ago

This switches Camera HAL policy to the design which enables us to
conditionally remove unnecessary rules from domains which are clients
of Camera HAL.

Domains which are clients of Camera HAL, such as cameraserver domain,
are granted rules targeting hal_camera only when the Camera HAL runs
in passthrough mode (i.e., inside the client's process). When the HAL
runs in binderized mode (i.e., in another process/domain, with clients
talking to the HAL over HwBinder IPC), rules targeting hal_camera are
not granted to client domains.

Domains which offer a binderized implementation of Camera HAL, such
as hal_camera_default domain, are always granted rules targeting
hal_camera.

Test: Take non-HDR photo using Google Camera app
Test: Take HDR photo using Google Camera app
Test: Record video using Google Camera app
Bug: 34170079
Change-Id: I463646cf79fede57f11ccd4ec2cbc37a4fff141e

3a8426bf

Feb 16, 2017
- Merge "Label /vendor/bin/hw on devices without vendor partition" am:... · 729e8fb5
  Alex Klyubin authored 8 years ago
  
  Merge "Label /vendor/bin/hw on devices without vendor partition" am: e7f923f0 am: ed1813fa am: beac41dd am: 1476d0cf Change-Id: I7f0bbda231b8f760a12d56f637ccea386def5735
  729e8fb5
- Merge "Label /vendor/bin/hw on devices without vendor partition" am: e7f923f0 am: ed1813fa · 1476d0cf
  Alex Klyubin authored 8 years ago
  
  am: beac41dd Change-Id: If3d34503993e9f808f82f6ae8f59481b6deb81bc
  1476d0cf
- Merge "Label /vendor/bin/hw on devices without vendor partition" am: e7f923f0 · beac41dd
  Alex Klyubin authored 8 years ago
  
  am: ed1813fa Change-Id: I887df6cd21809c0001b06987d1645affc351022c
  beac41dd
- Merge "Label /vendor/bin/hw on devices without vendor partition" · ed1813fa
  Alex Klyubin authored 8 years ago
  
  am: e7f923f0 Change-Id: I3cee3aa452b0914f70bf3a0c5bf45f20c25c5a01
  ed1813fa
- Merge "Label /vendor/bin/hw on devices without vendor partition" · e7f923f0
  Treehugger Robot authored 8 years ago
  
  e7f923f0
- Merge changes from topic 'crash_dump_append' am: cce8513c am: 6a25a388 am: 3766ef05 · 6e2f89dc
  Josh Gao authored 8 years ago
  
  am: b569f770 Change-Id: Id1a8279bbf42a22bc4283b17d20b0e8ceca38795
  6e2f89dc
- Merge "crash_dump: allow read of APK files." am: e1101287 am: c3358ae3 am: 8852f147 · 0ddf8a95
  Josh Gao authored 8 years ago
  
  am: 56e6b9e0 Change-Id: Ieb4d7a134b91b95be23704bec06e0ac69eec3fa3
  0ddf8a95
- Merge changes from topic 'crash_dump_append' am: cce8513c am: 6a25a388 · b569f770
  Josh Gao authored 8 years ago
  
  am: 3766ef05 Change-Id: Idddf42b0f333c6f94559ed848505c0890fd30847
  b569f770
- Merge "crash_dump: allow read of APK files." am: e1101287 am: c3358ae3 · 56e6b9e0
  Josh Gao authored 8 years ago
  
  am: 8852f147 Change-Id: I606e7143adb4f3a20e089bb014f07366ad4de736
  56e6b9e0
- Merge changes from topic 'crash_dump_append' am: cce8513c · 3766ef05
  Josh Gao authored 8 years ago
  
  am: 6a25a388 Change-Id: Iad2bd4dc9ac64ac9a41800ff96dd9b6da358a77c
  3766ef05
- Merge "crash_dump: allow read of APK files." am: e1101287 · 8852f147
  Josh Gao authored 8 years ago
  
  am: c3358ae3 Change-Id: Idf3912a1324840ebc850c5da616580f8508ea7f1
  8852f147
- Merge changes from topic 'crash_dump_append' · 6a25a388
  Josh Gao authored 8 years ago
  
  am: cce8513c Change-Id: I4fa0bca933289c60894403cfb70650608da5cee0
  6a25a388
- Merge "crash_dump: allow read of APK files." · c3358ae3
  Josh Gao authored 8 years ago
  
  am: e1101287 Change-Id: Id6e6c7b7571b6d2a5dd7fdfed524a5685333082f
  c3358ae3
- Merge changes from topic 'crash_dump_append' · cce8513c
  Josh Gao authored 8 years ago
  
  * changes: crash_dump: allow appending to pipes. Revert "crash_dump: temporarily make permissive."
  cce8513c
- Merge "crash_dump: allow read of APK files." · e1101287
  Treehugger Robot authored 8 years ago
  
  e1101287
- Label /proc/config.gz am: 929da014 am: 8f09aac3 am: 0f9b2a94 · 389d4abc
  Nick Kralevich authored 8 years ago
  
  am: 8d20cbb7 Change-Id: Ib17bf510dcd792578bbe4794e443fd4d3adb0f86
  389d4abc
- Label /proc/config.gz am: 929da014 am: 8f09aac3 · 8d20cbb7
  Nick Kralevich authored 8 years ago
  
  am: 0f9b2a94 Change-Id: Iccd8aa9c5f8d045b947f6db06c1c0bf581e09e95
  8d20cbb7
- Label /proc/config.gz am: 929da014 · 0f9b2a94
  Nick Kralevich authored 8 years ago
  
  am: 8f09aac3 Change-Id: I94be261e024e57a33ea74d640a4a4c26ffbcf380
  0f9b2a94
- Label /proc/config.gz · 8f09aac3
  Nick Kralevich authored 8 years ago
  
  am: 929da014 Change-Id: I899820e782722b61b94306532e81e3d3445ee631
  8f09aac3
- Label /vendor/bin/hw on devices without vendor partition · 3001d5a3
  Alex Klyubin authored 8 years ago
  
  SELinux labeling of filesystem files ignores symlinks. Unfortunately, /vendor is a symlink on devices without vendor partition (e.g., hikey). Thus, policy in directories which are used both for devices with vendor partition and for devices without vendor partition must be adjusted to match both /vendor and /system/vendor. It is assumed that the /vendor symlink, if it exists at all, always points to /system/vendor. The alternative solution of adjusting vendor policy file labelling rules at vendor policy build time, when the actual on-device paths are known, was considered to make it harder to see how files are labelled by looking solely at the source tree. Test: Files under /vendor/bin/hw correctly labelled on sailfish, angler, and a device which uses the /vendor symlink. Bug: 35431549 Change-Id: If6ccb2c9cb85b0589db03ab86de8071e15d5366f
  3001d5a3
- Remove crash_dump from sys_ptrace neverallow exception am: d419ed8f am: 9de07e51 am: b4936339 · 95884d95
  Nick Kralevich authored 8 years ago
  
  am: d15ca85e Change-Id: I0ab56652fec10b5efe547ab48d8f20337c8be208
  95884d95
- Remove crash_dump from sys_ptrace neverallow exception am: d419ed8f am: 9de07e51 · d15ca85e
  Nick Kralevich authored 8 years ago
  
  am: b4936339 Change-Id: Ied3c0d7f56e78fec1388ee384fb123abb0ffee2d
  d15ca85e
- Label /proc/config.gz · 929da014
  Nick Kralevich authored 8 years ago
  
  Add a label to /proc/config.gz, so we can distinguish this file from other /proc files in security policy. For now, only init is allowed read access. All others are denied. TODO: clarify exactly who needs access. Further access will be granted in a future commit. Bug: 35126415 Test: policy compiles and no device boot problems. Change-Id: I8b480890495ce5b8aa3f8c7eb00e14159f177860
  929da014
- Remove crash_dump from sys_ptrace neverallow exception am: d419ed8f · b4936339
  Nick Kralevich authored 8 years ago
  
  am: 9de07e51 Change-Id: I29d46d9314fa9aeca36f9ee354f17d08467f8062
  b4936339
- Remove crash_dump from sys_ptrace neverallow exception · 9de07e51
  Nick Kralevich authored 8 years ago
  
  am: d419ed8f Change-Id: I0a449ac49e026c36fe6ca2ec05350cb10e63b097
  9de07e51
- Merge "system_server: replace sys_resource with sys_ptrace" · b299e593
  Nick Kralevich authored 8 years ago
  
  b299e593
- Remove crash_dump from sys_ptrace neverallow exception · d419ed8f
  Nick Kralevich authored 8 years ago
  
  CAP_SYS_PTRACE is no longer used by crash_dump. There's no reason to exclude it from the neverallow compile time assertion. Test: policy compiles. Change-Id: Ib2dced19091406553c16e6ce538cfb68bbc1e5aa
  d419ed8f
- Merge "Use _client and _server for Audio HAL policy" am: ca5b5351 am: 7f125557 am: 762ed72f · fcec2a8f
  Alex Klyubin authored 8 years ago
  
  am: fe50f731 Change-Id: I726a205ac8443ead251329c6637a9a410718dbe7
  fcec2a8f
- Merge "Use _client and _server for Audio HAL policy" am: ca5b5351 am: 7f125557 · fe50f731
  Alex Klyubin authored 8 years ago
  
  am: 762ed72f Change-Id: I0da8029cee9fb3e47a1b454df544d0d59781a7be
  fe50f731
- Merge "Use _client and _server for Audio HAL policy" am: ca5b5351 · 762ed72f
  Alex Klyubin authored 8 years ago
  
  am: 7f125557 Change-Id: Ib3ff74a30e1ce356de43c66d2b6b6146eb078409
  762ed72f
- Merge "Use _client and _server for Audio HAL policy" · 7f125557
  Alex Klyubin authored 8 years ago
  
  am: ca5b5351 Change-Id: I39a5f0d5ce23af56cbc4e02d8da5ffd895ac496a
  7f125557
- Merge "Use _client and _server for Audio HAL policy" · ca5b5351
  Treehugger Robot authored 8 years ago
  
  ca5b5351
- Merge "Add SELinux policies for vr_window_manager" · 4217740a
  TreeHugger Robot authored 8 years ago
  
  4217740a
- System server: Allow get/setsched to hal_camera domain. am: 6d9be831 am:... · e9d69776
  Eino-Ville Talvala authored 8 years ago
  
  System server: Allow get/setsched to hal_camera domain. am: 6d9be831 am: 02dd665d am: 288e3941 am: 02b87a8d Change-Id: If95377cb995acb9b2e7491c3282e405cf6be29a3
  e9d69776