- Apr 05, 2017
-
-
Andreas Gampe authoredAdd selinux policies for init script and shell script to unzip a tar containing ASAN libraries on boot. Bug: 36458146 Test: m && m SANITIZE_TARGET=address Test: manual (build steps for tar missing) Change-Id: I5c3cb233aae93ee9985431090af902b0e3c1b0a7 (cherry picked from commit 0b743050) Merged-In: I5c3cb233aae93ee9985431090af902b0e3c1b0a7
-
- Apr 01, 2017
-
-
Vishwath Mohan authored
This CL changes the policy for ASAN files on-disk to support the changes made by the following CLs - https://android-review.googlesource.com/#/c/359087/ https://android-review.googlesource.com/#/c/359389/ which refactor the on-disk layout of sanitized libraries in the following manner - /data/lib* --> /data/asan/system/lib* /data/vendor/* --> /data/asan/vendor/* There are a couple of advantages to this, including better isolation from other components, and more transparent linker renaming and SELinux policies. (cherry picked from commit 33ebdda8) Bug: 36574794 Bug: 36674745 Test: m -j40 && SANITIZE_TARGET="address" m -j40 and the device boots. All sanitized libraries are correctly located in /data/asan/*, and have the right SELinux permissions. Change-Id: Ib08e360cecc8d77754a768a9af0f7db35d6921a9
-
- Oct 06, 2016
-
-
dcashman authored
Divide policy into public and private components. This is the first step in splitting the policy creation for platform and non-platform policies. The policy in the public directory will be exported for use in non-platform policy creation. Backwards compatibility with it will be achieved by converting the exported policy into attribute-based policy when included as part of the non-platform policy and a mapping file will be maintained to be included with the platform policy that maps exported attributes of previous versions to the current platform version. Eventually we would like to create a clear interface between the platform and non-platform device components so that the exported policy, and the need for attributes is minimal. For now, almost all types and avrules are left in public. Test: Tested by building policy and running on device. Change-Id: Idef796c9ec169259787c3f9d8f423edf4ce27f8c
-
- May 10, 2016
-
-
Evgenii Stepanov authored
This policy takes effect only when building with SANITIZE_TARGET=address and allows the Zygote to load libraries from /data. That's where ASan-instrumented copies of system libraries are located. 32-bit library directories have been added a while back; this CL extends the same policy to 64-bit directories. Bug: 25751174 Bug: 28680288 (cherry picked from commit dda55908) Change-Id: Ieb4701b78db9649ec8563f2962a69db537ae61b3
-
- Mar 16, 2016
-
-
Evgenii Stepanov authored
This policy takes effect only when building with SANITIZE_TARGET=address and allows the Zygote to load libraries from /data. That's where ASan-instrumented copies of system libraries are located. 32-bit library directories have been added a while back; this CL extends the same policy to 64-bit directories. Bug: 25751174 Change-Id: Ieb4701b78db9649ec8563f2962a69db537ae61b3
-
- Jul 14, 2015
-
-
Evgenii Stepanov authored
This is in addition to /data/lib. Only affects SANITIZE_TARGET=address builds. Bug: 21785137 Change-Id: Id1983cabb9479ae2d38fb23691de3eba236fe9cb
-
- Jun 13, 2015
-
-
Evgenii Stepanov authored
SANITIZE_TARGET adds shared libraries in /data/lib. Bug: 21785137 Change-Id: I8ac3d059d88d57d24ed762ffc6202a4ce5a42333
-