Commits · 4e941ebbb061fd0c17931d6fcef6429d80c5f1fd · Werner Sembach / AndroidSystemSEPolicy

Apr 20, 2017
- Allow the shell user to run tzdatacheck am: 5684f61f am: 072f3865 · 4e941ebb
  Neil Fuller authored 7 years ago
  
  am: 162319d0 Change-Id: Ifc803d7d645be1ec7bd1d34f05e821a522f797e2
  4e941ebb
- Allow the shell user to run tzdatacheck am: 5684f61f · 162319d0
  Neil Fuller authored 7 years ago
  
  am: 072f3865 Change-Id: Id583a952f22f4f70d9d9c27572ce0da692ec2688
  162319d0
- Allow the shell user to run tzdatacheck · 072f3865
  Neil Fuller authored 7 years ago
  
  am: 5684f61f Change-Id: Ib0a65258afbe3828cd9d5e9921fc42893c729a5e
  072f3865
- Allow the shell user to run tzdatacheck · 5684f61f
  Neil Fuller authored 8 years ago
  
  Allow the shell user to run tzdatacheck, which is required to enable a new host side test. This change also adds some additional checks to tzdatacheck.te to ensure that OEMs opening up permissions further don't accidentally create a security hole. Bug: 31008728 Test: Ran CTS Change-Id: I6ebfb467526b6b2ea08f891420eea24c81ed1e36
  5684f61f
- Merge "Remove vndservice_manager object classes." into oc-dev · b4f62b04
  Dan Cashman authored 7 years ago
  
  am: f8a18d47 Change-Id: Iba5fd78ab1d578878cde958b489c57959ac6a290
  b4f62b04
- Merge "Remove vndservice_manager object classes." into oc-dev · f8a18d47
  TreeHugger Robot authored 7 years ago
  
  f8a18d47
Apr 19, 2017
- Merge "sepolicy: allow audioserver to use ALSA MMAP FDs" into oc-dev · 14bb96f2
  Phil Burk authored 7 years ago
  
  am: 4f1763ef Change-Id: I33c0dcab70613c0f0a669d0443332f204b92d55b
  14bb96f2
- Merge "sepolicy: allow audioserver to use ALSA MMAP FDs" into oc-dev · 4f1763ef
  TreeHugger Robot authored 7 years ago
  
  4f1763ef
- Merge "Allow access to /proc/config.gz for priv_app and recovery" into oc-dev · 7f0c18b4
  Sandeep Patil authored 7 years ago
  
  am: 456fa279 Change-Id: I440a08708ee39cd1c9f69432ca63e3b256e4f189
  7f0c18b4
- Merge "Allow access to /proc/config.gz for priv_app and recovery" into oc-dev · 456fa279
  TreeHugger Robot authored 7 years ago
  
  456fa279
- Merge "Add dex2oat permissions to open and read the tmp apk." into oc-dev · d250a336
  Jeff Hao authored 7 years ago
  
  am: 67f40ec5 Change-Id: I9e364dd0493d8262739d255b4652a27bc313ede4
  d250a336
- sepolicy: allow audioserver to use ALSA MMAP FDs · 2b7f74e2
  Phil Burk authored 7 years ago
  
  Bug: 37504387 Test: aaudio example write_sine, needs MMAP support Change-Id: I7fbd87ad4803e8edbde4ba79220cb5c0bd6e85a0 Signed-off-by: Phil Burk <philburk@google.com>
  2b7f74e2
- Merge "Add dex2oat permissions to open and read the tmp apk." into oc-dev · 67f40ec5
  Jeff Hao authored 7 years ago
  
  67f40ec5
- Allow access to /proc/config.gz for priv_app and recovery · 04654427
  Sandeep Patil authored 7 years ago
  
  Bug: 37485771 Test: sideloaded OTA through recovery on sailfish Change-Id: I98bb4e0e919db585131391f57545f1a9a0096701 Signed-off-by: Sandeep Patil <sspatil@google.com>
  04654427
- Merge "grant mediadrmserver permission to read dir from /system/*" into oc-dev · 0189fb53
  Chong Zhang authored 7 years ago
  
  am: 5f22a4dd Change-Id: I2e6160a22c850ddbf3fef6d1e3e6a82dcf18db89
  0189fb53
- Merge "restore permissions to /vendor for non-treble devices" into oc-dev · 4a55eada
  Jeff Vander Stoep authored 7 years ago
  
  am: 0b999249 Change-Id: I8ddae2a19e54d8dc896ea9efc1355019599ca4cb
  4a55eada
- Merge "grant mediadrmserver permission to read dir from /system/*" into oc-dev · 5f22a4dd
  Chong Zhang authored 7 years ago
  
  5f22a4dd
- Merge "restore permissions to /vendor for non-treble devices" into oc-dev · 0b999249
  TreeHugger Robot authored 7 years ago
  
  0b999249
- Add dex2oat permissions to open and read the tmp apk. · 37f5c2d9
  Jeff Hao authored 7 years ago
  
  The PackageManager now passes previous code paths to dex2oat as shared libraries. dex2oat needs extra permissions in order to access and open the oat files of these libraries (if they were compiled). Part of a multi-project change. Bug: 34169257 Test: cts-tradefed run singleCommand cts -d --module CtsAppSecurityHostTestCases -t android.appsecurity.cts.SplitTests (cherry-picked from commit 1103f963) Change-Id: I3cf810ef5f4f4462f6082dc30d3a7b144dcce0d9
  37f5c2d9
- grant mediadrmserver permission to read dir from /system/* · 492dab2a
  Chong Zhang authored 7 years ago
  
  hal_client_domain no longer allows read dir permission, in order to load .so from /system/lib, we have to add this permission ourselves. bug: 37476803 Change-Id: I1711d158c2f4580f50ac244da10c489df003cc18
  492dab2a
- Merge "Add dex2oat permissions to open and read the tmp apk." am: 47061e59 am: 70269b78 · 78a5ffd3
  Jeff Hao authored 7 years ago
  
  am: 24409c36 Change-Id: I213a2aaca2c4fe4e7b1eac0971b99517dab2bb6f
  78a5ffd3
- Merge "Add dex2oat permissions to open and read the tmp apk." am: 47061e59 · 24409c36
  Jeff Hao authored 7 years ago
  
  am: 70269b78 Change-Id: I9fb2b4fc6b5664ac90e922a1253445cc51b16462
  24409c36
- Merge "Add dex2oat permissions to open and read the tmp apk." · 70269b78
  Jeff Hao authored 7 years ago
  
  am: 47061e59 Change-Id: I924bfbc908321e321ca464adf8017bd3e212450f
  70269b78
- Merge "Add dex2oat permissions to open and read the tmp apk." · 47061e59
  Treehugger Robot authored 7 years ago
  
  47061e59
- Allow Bluetooth process to access /dev/uhid in SELinux Policy · a242ee6f
  Jack He authored 7 years ago
  
  am: 6c80fcba Change-Id: Id265afd1eab295e5a3bd33b05e820e6eaa8fc6ff
  a242ee6f
- Allow Bluetooth process to access /dev/uhid in SELinux Policy · 6c80fcba
  Jack He authored 7 years ago
  
  Bug: 37476041 Test: make, pair and connect to HID device Change-Id: Ic7e81382994769e3f3a91255dcf3624edeaf6bfd (cherry picked from commit a61f7f60)
  6c80fcba
- Allow Bluetooth process to access /dev/uhid in SELinux Policy am: a61f7f60 am: ae709241 · 23ca0826
  Jack He authored 7 years ago
  
  am: a8af61f0 Change-Id: I9c49e79fd976c9c4bf37d79102d22d1e4c350a40
  23ca0826
- Allow Bluetooth process to access /dev/uhid in SELinux Policy am: a61f7f60 · a8af61f0
  Jack He authored 7 years ago
  
  am: ae709241 Change-Id: Ia52cb0d049a82b2ce682243ff1fbe90ebd0a4614
  a8af61f0
- Allow Bluetooth process to access /dev/uhid in SELinux Policy · ae709241
  Jack He authored 7 years ago
  
  am: a61f7f60 Change-Id: I5a0ff1b9233deb5ab7a6f4eb63498bbbefc169b3
  ae709241
- Merge "surfaceflinger and apps are clients of Configstore HAL" into oc-dev · dc8a278a
  Alex Klyubin authored 7 years ago
  
  am: ec470829 Change-Id: Ic6f08b67da93f015e9561c52311e0b1c3b610446
  dc8a278a
- Merge "surfaceflinger and apps are clients of Configstore HAL" into oc-dev · ec470829
  TreeHugger Robot authored 7 years ago
  
  ec470829
- Allow Bluetooth process to access /dev/uhid in SELinux Policy · a61f7f60
  Jack He authored 7 years ago
  
  Bug: 37476041 Test: make, pair and connect to HID device Change-Id: Ic7e81382994769e3f3a91255dcf3624edeaf6bfd
  a61f7f60
- Add dex2oat permissions to open and read the tmp apk. · 66191064
  Jeff Hao authored 7 years ago
  
  The PackageManager now passes previous code paths to dex2oat as shared libraries. dex2oat needs extra permissions in order to access and open the oat files of these libraries (if they were compiled). Part of a multi-project change. Bug: 34169257 Test: cts-tradefed run singleCommand cts -d --module CtsAppSecurityHostTestCases -t android.appsecurity.cts.SplitTests Merged-In: I7b9cfd7f3c3509f3e41f0590ab650bd85faab340 (cherry-picked from commit 1103f963) Change-Id: I6d69d463af7a0a93391dd4b7edd5b700012ba58c
  66191064
Apr 18, 2017

Merge "Add selinux rules for additional file contexts in userdebug" into oc-dev · d648b5a7
Carmen Jackson authored 7 years ago
```
am: 557d1916

Change-Id: I8f5bc75892aca2132d15a3b38d79dcf195119b01
```
d648b5a7
Merge "Add selinux rules for additional file contexts in userdebug" into oc-dev · 557d1916
Carmen Jackson authored 7 years ago

557d1916
sepolicy-analyze: Add ability to list all attributes. am: 9d46f9b4 am: fdb9c018 · c787f547
Dan Cashman authored 7 years ago
```
am: c45e9b9a

Change-Id: I6af916d823b983581c5f7b33858364af6b2e4456
```
c787f547
sepolicy-analyze: Add ability to list all attributes. am: 9d46f9b4 · c45e9b9a
Dan Cashman authored 7 years ago
```
am: fdb9c018

Change-Id: I97a63c04df7a70822015d99eb619b4ae0147241f
```
c45e9b9a
sepolicy-analyze: Add ability to list all attributes. · fdb9c018
Dan Cashman authored 7 years ago
```
am: 9d46f9b4

Change-Id: Id3bd7d69bd07fafdf76453e52de01b2b5bb67472
```
fdb9c018

Add selinux rules for additional file contexts in userdebug · 25788df1

Carmen Jackson authored 7 years ago

These rules allow the additional tracepoints we need for running traceur
in userdebug builds to be writeable.

Bug: 37110010
Test: I'm testing by running atrace -l and confirming that the
tracepoints that I'm attempting to enable are available.

Change-Id: Ia352100ed67819ae5acca2aad803fa392d8b80fd

25788df1

Remove vndservice_manager object classes. · 2f1c7ba7

Dan Cashman authored 7 years ago

vndservicemanager is a copy of servicemanager, and so has the exact
same properties.  This should be reflected in the sharing of an object
manager in SELinux policy, rather than creating a second one, which is
effectively an attempt at namespacing based on object rather than type
labels.  hwservicemanager, however, provides different and additional
functionality that may be reflected in changed permissions, though they
currently map to the existing servicemanager permissions.  Keep the new
hwservice_manager object manager but remove the vndservice_manager one.

Bug: 34454312
Bug: 36052864
Test: policy builds and device boots.
Change-Id: I9e0c2757be4026101e32ba780f1fa67130cfa14e

2f1c7ba7