Commits · 400266bfae150a41847e55d3271c278770ecbc2c · Werner Sembach / AndroidSystemSEPolicy

Jan 26, 2016

Allow "soundtrigger" system service to run. · 400266bf

Arunesh Mishra authored 9 years ago

In the same process as voiceinteraction.

Please see related CL ag/852049

Bug: 22860713
Change-Id: I43ebfdba2aafb151dd7db0814570027e1164508a

400266bf

Jan 16, 2016

Merge "domain_deprecated.te: drop cache_recovery_file access" am: 8632b9e4 · 44df6a7e
Nick Kralevich authored 9 years ago
```
am: 563b2bfc

* commit '563b2bfc':
  domain_deprecated.te: drop cache_recovery_file access
```
44df6a7e
Merge "domain_deprecated.te: drop cache_recovery_file access" · 563b2bfc
Nick Kralevich authored 9 years ago
```
am: 8632b9e4

* commit '8632b9e4':
  domain_deprecated.te: drop cache_recovery_file access
```
563b2bfc
Merge "domain_deprecated.te: drop cache_recovery_file access" · 8632b9e4
Nick Kralevich authored 9 years ago

8632b9e4
Merge "priv_app.te: drop auditallows on cache_recovery_file" am: 4cd2f530 · 1d221c16
Nick Kralevich authored 9 years ago
```
am: 7a8631c2

* commit '7a8631c2':
  priv_app.te: drop auditallows on cache_recovery_file
```
1d221c16
Merge "kernel.te: drop allow kernel untrusted_app:fd use;" am: 527d29a8 · 52d0a9d8
Nick Kralevich authored 9 years ago
```
am: e5005549

* commit 'e5005549':
  kernel.te: drop allow kernel untrusted_app:fd use;
```
52d0a9d8
Merge "priv_app.te: drop auditallows on cache_recovery_file" · 7a8631c2
Nick Kralevich authored 9 years ago
```
am: 4cd2f530

* commit '4cd2f530':
  priv_app.te: drop auditallows on cache_recovery_file
```
7a8631c2
Merge "kernel.te: drop allow kernel untrusted_app:fd use;" · e5005549
Nick Kralevich authored 9 years ago
```
am: 527d29a8

* commit '527d29a8':
  kernel.te: drop allow kernel untrusted_app:fd use;
```
e5005549
Merge "priv_app.te: drop auditallows on cache_recovery_file" · 4cd2f530
Nick Kralevich authored 9 years ago

4cd2f530
Merge "kernel.te: drop allow kernel untrusted_app:fd use;" · 527d29a8
Nick Kralevich authored 9 years ago

527d29a8
vold.te: drop allow vold toolbox_exec:file rx_file_perms; am: 2309ef8f · 330fffab
Nick Kralevich authored 9 years ago
```
am: eb8f8768

* commit 'eb8f8768':
  vold.te: drop allow vold toolbox_exec:file rx_file_perms;
```
330fffab
vold.te: drop allow vold toolbox_exec:file rx_file_perms; · eb8f8768
Nick Kralevich authored 9 years ago
```
am: 2309ef8f

* commit '2309ef8f':
  vold.te: drop allow vold toolbox_exec:file rx_file_perms;
```
eb8f8768
vold.te: drop allow vold toolbox_exec:file rx_file_perms; · 2309ef8f
Nick Kralevich authored 9 years ago
```
auditallow says not needed.

Change-Id: Iafa048377e159ca3c7cc1f31653002c41ef9ef2b
```
2309ef8f
domain_deprecated.te: drop cache_recovery_file access · d5464736
Nick Kralevich authored 9 years ago
```
auditallow says not needed.

Change-Id: If44f64aeb5d0be78fd166d1b3eee298c5f7c860d
```
d5464736

priv_app.te: drop auditallows on cache_recovery_file · b8d794a1

Nick Kralevich authored 9 years ago

This is actually used. Addresses the following SELinux audit logs:

avc: granted { create } for comm="Thread-157" name="uncrypt_file" scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:cache_recovery_file:s0:c512,c768 tclass=file
avc: granted { add_name } for comm="Thread-157" name="uncrypt_file" scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:cache_recovery_file:s0 tclass=dir
avc: granted { write } for comm="Thread-157" path="/cache/recovery/uncrypt_file" dev="mmcblk0p38" ino=22 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:cache_recovery_file:s0:c512,c768 tclass=file
avc: granted { write } for comm="Thread-157" path="/cache/recovery/command" dev="mmcblk0p38" ino=23 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:cache_recovery_file:s0:c512,c768 tclass=file
avc: granted { setattr } for comm="Thread-157" name="uncrypt_file" dev="mmcblk0p38" ino=22 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:cache_recovery_file:s0:c512,c768 tclass=file

Change-Id: Idab00ebc8eacd7d8bb793b9342249227f91986a1

b8d794a1

kernel.te: drop allow kernel untrusted_app:fd use; · 52e9d047
Nick Kralevich authored 9 years ago
```
auditallow says it's not used.

Bug: 25331459
Change-Id: Ic414efcd0a3be6d744ab66382c20f0ea4c9ea116
```
52e9d047

Jan 15, 2016
- camera_device: remove type · 6730c591
  Jeff Vander Stoep authored 9 years ago
  
  camera_device didn't really offer much in terms of control considering that most domains that need camera_device, also need video_device and vice versa. Thus, drop camera_device from the policy. Change-Id: If438610ac6998399719ab375210c023320d0b7ed
  6730c591
- Merge "camera_device: remove type and add typealias" am: c15e1036 · 4c265740
  Jeffrey Vander Stoep authored 9 years ago
  
  am: 1ac35736 * commit '1ac35736': camera_device: remove type and add typealias
  4c265740
- Merge changes from topic \'fc_sort-2\' am: 87a73f19 · 7a294027
  Jeffrey Vander Stoep authored 9 years ago
  
  am: af77ab6b * commit 'af77ab6b': fc_sort: initial commit checkfc: do not die on 0 length fc's
  7a294027
- Merge "camera_device: remove type and add typealias" · 1ac35736
  Jeffrey Vander Stoep authored 9 years ago
  
  am: c15e1036 * commit 'c15e1036': camera_device: remove type and add typealias
  1ac35736
- Merge changes from topic \'fc_sort-2\' · af77ab6b
  Jeffrey Vander Stoep authored 9 years ago
  
  am: 87a73f19 * commit '87a73f19': fc_sort: initial commit checkfc: do not die on 0 length fc's
  af77ab6b
- Merge "camera_device: remove type and add typealias" · c15e1036
  Jeffrey Vander Stoep authored 9 years ago
  
  c15e1036
- Merge changes from topic 'fc_sort-2' · 87a73f19
  Jeffrey Vander Stoep authored 9 years ago
  
  * changes: fc_sort: initial commit checkfc: do not die on 0 length fc's
  87a73f19
- Merge "adbd.te: remove allow adbd toolbox_exec:file rx_file_perms" am: eed6bbdc · 693791c0
  Nick Kralevich authored 9 years ago
  
  am: 3920e7af * commit '3920e7af': adbd.te: remove allow adbd toolbox_exec:file rx_file_perms
  693791c0
- Merge "ppp.te: Remove allow ppp toolbox_exec:file rx_file_perms;" am: bc301caa · fe4a9f74
  Nick Kralevich authored 9 years ago
  
  am: c4180ccf * commit 'c4180ccf': ppp.te: Remove allow ppp toolbox_exec:file rx_file_perms;
  fe4a9f74
- Merge "netd.te: Remove allow netd toolbox_exec:file rx_file_perms;" am: 24739a6a · 2d529b15
  Nick Kralevich authored 9 years ago
  
  am: 92e7d68a * commit '92e7d68a': netd.te: Remove allow netd toolbox_exec:file rx_file_perms;
  2d529b15
- Merge "adbd.te: remove allow adbd toolbox_exec:file rx_file_perms" · 3920e7af
  Nick Kralevich authored 9 years ago
  
  am: eed6bbdc * commit 'eed6bbdc': adbd.te: remove allow adbd toolbox_exec:file rx_file_perms
  3920e7af
- Merge "ppp.te: Remove allow ppp toolbox_exec:file rx_file_perms;" · c4180ccf
  Nick Kralevich authored 9 years ago
  
  am: bc301caa * commit 'bc301caa': ppp.te: Remove allow ppp toolbox_exec:file rx_file_perms;
  c4180ccf
- racoon.te: Remove allow racoon toolbox_exec:file rx_file_perms; am: 2c109405 · cde60b10
  Nick Kralevich authored 9 years ago
  
  am: 362cc6ef * commit '362cc6ef': racoon.te: Remove allow racoon toolbox_exec:file rx_file_perms;
  cde60b10
- Merge "netd.te: Remove allow netd toolbox_exec:file rx_file_perms;" · 92e7d68a
  Nick Kralevich authored 9 years ago
  
  am: 24739a6a * commit '24739a6a': netd.te: Remove allow netd toolbox_exec:file rx_file_perms;
  92e7d68a
- racoon.te: Remove allow racoon toolbox_exec:file rx_file_perms; · 362cc6ef
  Nick Kralevich authored 9 years ago
  
  am: 2c109405 * commit '2c109405': racoon.te: Remove allow racoon toolbox_exec:file rx_file_perms;
  362cc6ef
- Merge "adbd.te: remove allow adbd toolbox_exec:file rx_file_perms" · eed6bbdc
  Nick Kralevich authored 9 years ago
  
  eed6bbdc
- Merge "ppp.te: Remove allow ppp toolbox_exec:file rx_file_perms;" · bc301caa
  Nick Kralevich authored 9 years ago
  
  bc301caa
- Merge "netd.te: Remove allow netd toolbox_exec:file rx_file_perms;" · 24739a6a
  Nick Kralevich authored 9 years ago
  
  24739a6a
- racoon.te: Remove allow racoon toolbox_exec:file rx_file_perms; · 2c109405
  Nick Kralevich authored 9 years ago
  
  auditallow says never used. Change-Id: I789f32bd7d2bbfc583a12bf8a05662e812f09a38
  2c109405
- netd.te: Remove allow netd toolbox_exec:file rx_file_perms; · 3351122e
  Nick Kralevich authored 9 years ago
  
  no SELinux denials from auditallow Change-Id: Ied61f7f97b148b1c10d0f71e9ab30c136a123738
  3351122e
- ppp.te: Remove allow ppp toolbox_exec:file rx_file_perms; · 815d3c56
  Nick Kralevich authored 9 years ago
  
  auditallow says no denials. Change-Id: Ib4e38f5393d3f3ba67277017abc848f5e7c04efd
  815d3c56
- adbd.te: remove allow adbd toolbox_exec:file rx_file_perms · 155e7108
  Nick Kralevich authored 9 years ago
  
  auditallow says never used. Change-Id: I6a3f82740bfecf483e0ccbb528b7218af36d37b8
  155e7108
- fc_sort: initial commit · 49693f1b
  William Roberts authored 9 years ago
  
  Ordering matters in fc files; the last match wins. In builds where many BOARD_SEPOLICY_DIRS are set, the order of that list becomes increasingly important in order to maintain a cohesive built file_contexts. To correct this, we sort the device specific file_contexts entries with the upstream fc_sort tool. Change-Id: I3775eae11bfa5905cad0d02a0bf26c76ac03437c Signed-off-by: William Roberts <william.c.roberts@intel.com>
  49693f1b
- checkfc: do not die on 0 length fc's · 922b4e95
  William Roberts authored 9 years ago
  
  Checkfc was treating 0 size fc files as a fatal error. An empty fc file should be treated as "nothing to check" so long as the -e option is passed. We add this option, so we don't allow empty file_context files to pass CTS checking. Change-Id: Ibca6bd948a13389e10c605d613acc48c5504443e Signed-off-by: William Roberts <william.c.roberts@intel.com>
  922b4e95