- Feb 05, 2018
-
-
Jaekyun Seok authoredThe feature of compatible property has its own neverallow rules and it is enforced on devices launchig with Android P. This CL changes hal_nfc to hal_nfc_server in neverallow rules because sepolicy-analyze doesn't recognize it. Additionally one more neverallow rule is added to restrict reading nfc_prop. Bug: 72013705 Bug: 72678352 Test: 'run cts -m CtsSecurityHostTestCases' on walleye with ro.product.first_api_level=28 Change-Id: I753cc81f7ca0e4ad6a2434b2a047052678f57671
-
Treehugger Robot authored
* changes: Using a python script to build sepolicy Renames nonplat_* to vendor_*
-
Andrew Scull authored
-
Andrew Scull authored
Bug: 71527305 Test: compile and boot Change-Id: I91097bd62d99b8dd9eb6f53060badbaf0f4b8b4a (cherry picked from commit 1aedf4b5)
-
Bowgo Tsai authored
Current sepolicy CIL files are built by several command-line tools in Android.mk. This change extracts some of the build logic into a python script to relief the effort in Android.mk. The first command is `build_sepolicy build_cil`. It's possible to add more sub-commands under the build_sepolicy script in the future. Bug: 64240127 Test: build bullhead/taimen Change-Id: Ie0ae4fc5256a550c72954cde5d5dd213a22d159a
-
Bowgo Tsai authored
This change renames the non-platform sepolicy files on a DUT from nonplat_* to vendor_*. It also splits the versioned platform sepolicy from vendor_sepolicy.cil to a new file /vendor/etc/selinux/plat_pub_versioned.cil. And only keeps vendor customizations in vendor_sepolicy.cil. Build variable BOARD_SEPOLICY_DIRS is also renamed to BOARD_VENDOR_SEPOLICY_DIRS. Bug: 64240127 Test: boot bullhead/taimen Change-Id: Iea2210c9c8ab30c9ecbcd8146f074e76e90e6943
-
- Feb 03, 2018
-
-
Treehugger Robot authored
* changes: Revert "Renames nonplat_* to vendor_*" Revert "Using a python script to build sepolicy"
-
- Feb 02, 2018
-
-
Treehugger Robot authored
-
Treehugger Robot authored
-
Tri Vo authored
-
Joel Galenson authored
This should fix presubmit tests. Bug: 72749888 Test: Built policy. Change-Id: Ie55127f1b570832c03878d1c697262239ac14003
-
Jeff Vander Stoep authored
aosp/605217 adds the following lines: genfscon tracefs /options/print-tgid u:object_r:debugfs_tracing:s0 genfscon debugfs /tracing/options/print-tgid u:object_r:debugfs_tracing:s0 However, the m4 pre-processing step of selinux policy compilation outputs: genfscon tracefs /options/-tgid u:object_r:debugfs_tracing:s0 genfscon debugfs /tracing/options/-tgid u:object_r:debugfs_tracing:s0 And as a result of the "print" it prints: m4: system/sepolicy/private/genfs_contexts: 177: m4: system/sepolicy/private/genfs_contexts: 203: Due to the following macro: https://android.googlesource.com/platform/system/sepolicy/+/oreo-mr1-dev/public/te_macros#580 This change removes the now-deprecated print macro to unblock aosp/605217. Bug: 72862003 Test: verify that the m4 output for aosp/605217 is correct. Change-Id: Ia4ec96e16b98e8df241cceb64e3f3b7bea9a7f3d
-
Treehugger Robot authored
-
Bowgo Tsai authored
This reverts commit 9aa8496f. Fix angler/bullhead boot failure. Bug: 72787689 Test: build Change-Id: I77671a74cd952544a1dbb3daabc2bb449a7c2cf2
-
Bowgo Tsai authored
This reverts commit 3506ad3f. Fix angler/bullhead boot failure. Bug: 72787689 Test: build
-
- Feb 01, 2018
-
-
Paul Crowley authored
Bug: 63927601 Test: Enable metadata encryption in fstab on Taimen, check boot success. Change-Id: Iddbcd05501d360d2adc4edf8ea7ed89816642d26
-
Treehugger Robot authored
-
Treehugger Robot authored
Merge "Add this rule allows incidentd CTS tests be able to use incident command to fetch data from shell."
-
Joel Galenson authored
This should fix presubmit tests. Bug: 72811052 Test: Built policy. Change-Id: Ifcfe71c717a3b1e59cd1810c7f9be588d48c99a5
-
Bowgo Tsai authored
Need use 'nonplat_service_contexts_file' as the file context for /vendor_service_context on non full-treble device. Otherwise, servicemanager can't read the file. Bug: 72787689 Test: build Change-Id: Ib54e4f2501c7bbf8b397eacf4afadfae344ddd03
-
Treehugger Robot authored
-
Treehugger Robot authored
-
Tri Vo authored
This file is /vendor/etc/selinux/nonplat_sepolicy.cil from aosp_arm64-eng from mr1-dev Bug: 69390067 Test: prebuilt only change Change-Id: I717513ae66e806afe0071cf5b42e9f709264d0b6
-
- Jan 31, 2018
-
-
Yin-Chia Yeh authored
-
Treehugger Robot authored
-
Yi Jin authored
command to fetch data from shell. Bug: 72502621 Test: N/A Change-Id: I5b581f647c2f2932f0e3711965b98351ef7e6063
-
Joel Galenson authored
This should fix presubmit tests. Bug: 72749888 Test: Built policy. Change-Id: I588bba52d26bcc7d93ebb16e28458d9125f73108
-
Ruchi Kandoi authored
Bug: 72746517 Test: Boot a device and check NFC 1.1 service loads Change-Id: Ia281af8add0371525971f076bf513c694e7ea912
-
Treehugger Robot authored
-
Joel Galenson authored
Instead of getting these permissions, it is better to add the process to a group or change the permissions of the files it tries to access. Test: Built the policy for many devices. Change-Id: If023d98bcc479bebbedeedf525965ffb17a0e331
-
Bowgo Tsai authored
Current sepolicy CIL files are built by several command-line tools in Android.mk. This change extracts some of the build logic into a python script to relief the effort in Android.mk. The first command is `build_sepolicy build_cil`. It's possible to add more sub-commands under the build_sepolicy script in the future. Bug: 64240127 Test: build and boot a device Test: checks the content of $OUT/vendor/etc/selinux/vendor_sepolicy.cil is the same as before Change-Id: I0b64f1088f413172e97b579b4f7799fa392762df -
Bowgo Tsai authored
This change renames the non-platform sepolicy files on a DUT from nonplat_* to vendor_*. It also splits the versioned platform sepolicy from vendor_sepolicy.cil to a new file /vendor/etc/selinux/plat_pub_versioned.cil. And only keeps vendor customizations in vendor_sepolicy.cil. Build variable BOARD_SEPOLICY_DIRS is also renamed to BOARD_VENDOR_SEPOLICY_DIRS. Bug: 64240127 Test: boot an existing device Change-Id: Iea87a502bc6191cfaf8a2201f29e4a2add4ba7bf
-
Treehugger Robot authored
-
Jaekyun Seok authored
This CL will allow only specific components to read radio_prop. Bug: 72459527 Test: tested with walleye Change-Id: I6b6c90870987de976187ff675005c5d964b48cda
-
Treehugger Robot authored
* changes: Correctly label data types Test that /data is properly labeled
-
Siarhei Vishniakou authored
Bug: 62940136 Test: read /dev/v4l-touchX from inputflinger Change-Id: Ifcece4192c567e0cbaba1b7ad40d25c8f34f8e40
-
Yin-Chia Yeh authored
Allow external camera HAL to monitor video device add/removal. Bug: 64874137 Change-Id: I1a3116a220df63c0aabb3c9afd7450552e6cd417
-
- Jan 30, 2018
-
-
Joel Galenson authored
Remove bugs that have been fixed, re-map duped bugs, and alphabetize the list. Test: Booted Walleye and Sailfish, tested wifi and camera, and observed no new denials. Change-Id: I94627d532ea13f623fe29cf259dd404bfd850c13
-
Chenbo Feng authored
Remove the untrusted apps and priviledged apps from the group that can directly access xt_qtaguid module related file. All apps that need to access app network usage data need to use the public API provided in framework. Test: Flashed with master branch on marlin, verified phone boot, can browse web, watch youtube video, make phone call and use google map for navigation with either wifi is on or off. run cts -m CtsNetTestCases -t android.net.cts.TrafficStatsTest run cts -m CtsNativeNetTestCases Bug: 68774956 30950746 Change-Id: I9b3db819d6622611d5b512ef821abb4c28d6c9eb -
Jeff Vander Stoep authored
Data outside /data/vendor must have the core_data_file_type attribute. Test: build (this is a build time test) Bug: 34980020 Change-Id: Ia727fcad813d5fcfbe8f714246364bae0bda43bd Merged-In: Ibacfcc938deab40096b54b8d0e608d53ca91b947
-