- Jun 06, 2016
-
-
Narayan Kamath authoredam: ed413a82 * commit 'ed413a82': sepolicy: broaden system_server access to foreign_dex_data_file. Change-Id: Ibd428847a8292cdb47a03aadba133705f653447b
-
Narayan Kamath authored
-
- Jun 03, 2016
-
-
Jeff Vander Stoep authored
am: a34afee0 * commit 'a34afee0': Allow shell to set log.tag.* properties Change-Id: Id898bf9b62dc87cf884021150d29eefb4f703042
-
TreeHugger Robot authored
-
Jeff Vander Stoep authored
Also allow shell to set persist.log.tag.* Bug: 28942894 Change-Id: Ifdb2c87871f159dd15338db372921297aea3bc6b
-
- Jun 02, 2016
-
-
Narayan Kamath authored
The system_server needs to rename these files when an app is upgraded. bug: 28998083 Change-Id: Idb0c1ae774228faaecc359e4e35603dbb534592a
-
Daniel Micay authored
am: 7005e25e * commit '7005e25e': expose control over unpriv perf access to shell Change-Id: Ic14de78aab253b9e59135adde8d6ece536434624
-
Jeff Vander Stoep authored
Change-Id: I35015c89b3b036816665deccc5e20cd2e90ca208
-
Daniel Micay authored
(Cherry picked from commit 38ac77e4) This allows the shell user to control whether unprivileged access to perf events is allowed. To enable unprivileged access to perf: adb shell setprop security.perf_harden 0 To disable it again: adb shell setprop security.perf_harden 1 This allows Android to disable this kernel attack surface by default, while still allowing profiling tools to work automatically. It can also be manually toggled, but most developers won't ever need to do that if tools end up incorporating this. Bug: 29054680 Change-Id: Idcf6a2f6cbb35b405587deced7da1f6749b16a5f
-
- Jun 01, 2016
-
-
Daniel Micay authored
am: 38ac77e4 * commit '38ac77e4': expose control over unpriv perf access to shell Change-Id: I3fb4eb3edfcf68ce678e8cf1566a29e70d6cf1c3
-
David Sehr authored
am: a5d07925 * commit 'a5d07925': SELinux policy for /data/misc/profman Change-Id: I1329afb3191abaa1b08ce9a706228a02a0c53a47
-
David Sehr authored
Bug: 28748264 Change-Id: I872c25666707beb737f3ce7a4f706c0135df7ad5
-
- May 31, 2016
-
-
Daniel Micay authored
This allows the shell user to control whether unprivileged access to perf events is allowed. To enable unprivileged access to perf: adb shell setprop security.perf_harden 0 To disable it again: adb shell setprop security.perf_harden 1 This allows Android to disable this kernel attack surface by default, while still allowing profiling tools to work automatically. It can also be manually toggled, but most developers won't ever need to do that if tools end up incorporating this. Bug: 29054680 Change-Id: Idcf6a2f6cbb35b405587deced7da1f6749b16a5f
-
- May 27, 2016
-
-
Marco Nelissen authored
am: 0e1153ec * commit '0e1153ec': Remove tee_device access from mediaserver Change-Id: I38716b448cd4a2429797bba1c420558fb7b5a64e
-
Marco Nelissen authored
-
- May 26, 2016
-
-
Fyodor Kupolov authored
am: d875ab61 * commit 'd875ab61': Allow mediaserver to read preloads_data_file Change-Id: Ib34a273c717498542d8dd197f9a2f20e674d3ce9
-
Fyodor Kupolov authored
SetupWizard initiates video playback using MediaPlayer API. Media server should be able to handle preloads file descriptors Bug: 28855287 Change-Id: I529dd39b25b852787b3d1708a853980cf382f045
-
Marco Nelissen authored
Bug: 22775369 Change-Id: Iae362fcc371bab1455dda733f408f005c7eec3f8
-
- May 24, 2016
-
-
Fyodor Kupolov authored
am: 49ac2a3d * commit '49ac2a3d': SELinux policies for /data/preloads directory Change-Id: Ib928cda316ef31f361ad09ef29b264eb9df754d5
-
Fyodor Kupolov authored
A new directory is created in user data partition that contains preloaded content such as a retail mode demo video and pre-loaded APKs. The new directory is writable/deletable by system server. It can only be readable (including directory list) by privileged or platform apps Bug: 28855287 Change-Id: I3816cd3a1ed5b9a030965698a66265057214f037
-
- May 17, 2016
-
-
Christopher Wiley authored
am: d5bfe93e * commit 'd5bfe93e': Fix rild policy to accomodate minijail Change-Id: Id65ff798b13903242446c27406cda10f3e02dd99
-
Christopher Wiley authored
am: e3327427 * commit 'e3327427': Fix rild policy to accomodate minijail Change-Id: I6d4e487c07f9de821d11ebee8988fa6f79ff1b27
-
Christopher Wiley authored
Fix denials related to lack of setgid and setpcap priviledges. These were introduced when minijail was used to do sandboxing. Bug: 28178548 Change-Id: I85fd4abbe55258de61d20d827baf59bbca0679e7 Test: rild no longer crash loops
-
Narayan Kamath authored
am: 13bdd39c * commit '13bdd39c': sepolicy: broaden system_server access to foreign_dex_data_file{dir}. Change-Id: I9e41715e443f233275252c6a4cb5cce904c45f9c
-
Shinichiro Hamaji authored
am: a8f65aa1 * commit 'a8f65aa1': Add keys to prerequisites of mac_permissions.xml Change-Id: I9b6f11e61f31ec6c11ec35283eff4936b66497f9
-
Shinichiro Hamaji authored
am: d1eb0ede * commit 'd1eb0ede': Add keys to prerequisites of mac_permissions.xml Change-Id: Iaaee3bfdb9d44bb1fd63f08a1c3f12c52ec9cefe
-
Shinichiro Hamaji authored
-
- May 16, 2016
-
-
Narayan Kamath authored
The system_server needs to clear these markers along with other app data that it's responsible for clearing. bug: 28510916 Change-Id: If9ba8b5b372cccefffd03ffddc51acac8e0b4649
-
Chih-hung Hsieh authored
am: ebb3dc9e * commit 'ebb3dc9e': Fix misc-macro-parentheses warnings. Change-Id: Id9658183b6cec0e5725c800d8939e57bf181c9e4
-
Chih-Hung Hsieh authored
am: d62aa0b1 * commit 'd62aa0b1': Fix misc-macro-parentheses warnings. Change-Id: I0bdc69d777044b2119cfc2677c28841b4314efc7
-
Chih-hung Hsieh authored
-
- May 14, 2016
-
-
Patrick Tjin authored
am: ad7a0ad2 * commit 'ad7a0ad2': sepolicy: add support for devices without cache partition Change-Id: I0a81cd1aafb01cd722e5cf452cd8dd2e3b136bd4
-
- May 13, 2016
-
-
Patrick Tjin authored
Adds the rules for /data/cache used for devices which do not have a cache partition. Bug: 28747374 Change-Id: I7c749e7692c9b8eab02029bbae5a3c78585030da
-
Christian Poetzsch authored
am: 26e675c6 * commit '26e675c6': sepolicy: add support for new tracefs Change-Id: I8983a35deeb30f97c64ae86edefd0cc2760749ec
-
TreeHugger Robot authored
-
Andreas Gampe authored
am: 50c2909f * commit '50c2909f': Sepolicy: Allow debuggerd to dump backtraces of Bluetooth Sepolicy: Refactor long lines for debuggerd backtraces Change-Id: I0d3f68a422a4d8b14148343983f1d6a8a85ac268
-
Andreas Gampe authored
* changes: Sepolicy: Allow debuggerd to dump backtraces of Bluetooth Sepolicy: Refactor long lines for debuggerd backtraces
-
Christian Poetzsch authored
Since kernel 4.1 ftrace is supported as a new separate filesystem. It gets automatically mounted by the kernel under the old path /sys/kernel/debug/tracing. Because it lives now on a separate device some sepolicy rules need to be updated. This patch is doing that. Most of the rules are created based on a conversation happened on the SELinux Android mailing list: http://comments.gmane.org/gmane.comp.security.seandroid/2799 Note, that this also needs 3a343a1 from the 4.4 branch in kernel/common. Also note that when tracefs is auto mounted by the kernel, the kernel does not use the "mode" parameter specified to mount debugfs for tracefs. So an extra line like chmod 0755 /sys/kernel/debug/tracing is necessary in init.${ro.hardware}.rc after debugfs was mounted. Signed-off-by:
Christian Poetzsch <christian.potzsch@imgtec.com>
(cherry picked from commit 4dafa72a)
Change-Id: I75738c756b49da4ac109ae442ee37c1e2844ff0a -
Christian Poetzsch authored
am: 0b26e99b * commit '0b26e99b': sepolicy: add support for new tracefs Change-Id: I9189f98cb7cff87c412c7b3e09030c723b70abd7
-
Christian Poetzsch authored
am: 4dafa72a * commit '4dafa72a': sepolicy: add support for new tracefs Change-Id: If0a800d94d573a6178c43315b931b8b74406d0ff
-