- Sep 11, 2017
-
-
Peter Enderborg authoredam: dedf970d Change-Id: I630cb1b58ffdc2cd3a3c5ba5ffefdec89aa0aa5e
-
Peter Enderborg authored
am: 8a441b6a Change-Id: I89376d2a0a34496ec5f2e816c94b3d185ba7570d
-
Treehugger Robot authored
-
-
-
Tao Bao authored
-
Peter Enderborg authored
am: cf39c116 Change-Id: Ib3d86424bb8115aa1ec7d8304a1557f91023a9c4
-
Peter Enderborg authored
am: 3b29076c Change-Id: I33053991b71945ab16c6f2d390ed62ae81ce6643
-
Treehugger Robot authored
-
- Sep 09, 2017
-
-
-
-
Dan Cashman authored
am: b1a8aa4f Change-Id: Idcf01bfbe16e7237a60975004905b9cd79421972
-
Dan Cashman authored
am: 9aefc916 Change-Id: I460f3869954b78fa7cb5532cfd8fe9c3eec40402
-
Dan Cashman authored
am: 39029b26 Change-Id: Iee265fd34d2951d2e6c42729a81238f489651b0b
-
Dan Cashman authored
am: 97cfd1fd Change-Id: Ia5edfdfc346029d8126a64b3a1402ce1aff03c73
-
Dan Cashman authored
am: 0989692e Change-Id: I438b17d057a299dab2a32ec9a4247838efeec4c5
-
- Sep 08, 2017
-
-
Dan Cashman authored
am: 3686efca Change-Id: Id89ed4bbb4ff2391dbce3f4ac18bfa5da6289891
-
Dan Cashman authored
am: de51e7de Change-Id: Iaa0ce172ecde91c9ade7a04843bba27f4b0b3fb5
-
Dan Cashman authored
am: fff3fe2f Change-Id: I90fbe24c3e2f7c6d62234e49026b59064b156cbf
-
Josh Gao authored
Add /dev/kmsg_debug on userdebug devices, to allow crash_dump to log crashes to dmesg when logd isn't up yet (or is the one crashing). (Originally commited in a015186f) (cherry-pick of commit: 3458ec13) Bug: 37916906 Bug: 36574794 Bug: 62101480 Test: Builds and boots. Change-Id: I83aa392f49bb412d96534925fb02921a8f4731fa
-
Dan Cashman authored
(cherry-pick of commit: 55c77504) Bug: 37916906 Bug: 37896931 Test: none, just prebuilt update. Change-Id: I55b5179f98703026699a59cce4b2e1afb166fd1d
-
Dan Cashman authored
More changes went into oc-dev after the freeze-date. Reflect them. (cherry-pick of commit: 148578a6) Bug: 37916906 Bug: 37896931 Test: prebuilts - none. Change-Id: I3300751ea7362d5d96b327138544be65eb9fc483
-
Dan Cashman authored
commit: 5c6a227e added the oc-dev sepolicy prebuilts (api 26.0), but did not include the corresponding base mapping file, which is to be maintained along with current platform development in order to ensure backwards compatibility. (cherry-pick of commit: 5e4e0d7f) Bug: 37916906 Bug: 37896931 Test: none, this just copies the old mapping file to prebuilts. Change-Id: Ia5c36ddab036352845878178fa9c6a9d649d238f
-
Dan Cashman authored
Copy the final system sepolicy from oc-dev to its prebuilt dir corresponding to its version (26.0) so that we can uprev policy and start maintaining compatibility files, as well as use it for CTS tests targeting future platforms. (cherry-pick of commit: 5c6a227e) Bug: 37896931 Bug: 37916906 Test: none, this just copies the old policy. Change-Id: Ib069d505e42595c467e5d1164fb16fcb0286ab93
-
- Sep 07, 2017
-
-
Hung-ying Tyan authored
am: 0d5bca44 Change-Id: I31b9e976864301454fd82108d51f2ac9cda34578
-
Hung-ying Tyan authored
am: e83f1e56 Change-Id: I6c7a9a6c52f670a8f18240def3b0b1f416001236
-
- Sep 06, 2017
-
-
Tao Bao authored
avc: denied { relabelto } for pid=1 comm="init" name="misc" dev="tmpfs" ino=3855 scontext=u:r:init:s0 tcontext=u:object_r:misc_block_device:s0 tclass=lnk_file If misc partition is used during early mount, it will carry a label of tmpfs (instead of block_device), which will fail restorecon with the above denial. Bug: 65378733 Test: Build and flash a target that uses misc in early mount. No longer observe the above denial. Change-Id: I44cd43dbd2a8a4f9f423ebc8ac0dd046b167ef72 -
Hung-ying Tyan authored
On full Treble devices, servicemanager should only host services served from processes on /system; nonplat_service_contexts should not be created at all in this case. Bug: 36866029 Test: Build marlin and make sure nonplat_service_contexts is not created. Change-Id: Id02c314abbb98fc69884198779488c52231d22c3 Merged-In: Id02c314abbb98fc69884198779488c52231d22c3
-
- Sep 05, 2017
-
-
Steven Moreland authored
am: 8b6ceed0 Change-Id: I39a8c2a75f646f3943d925adc4444777a90b9076
-
Steven Moreland authored
am: 5b2ebd3b Change-Id: I74209b877fdacaa485798b393678989029835924
-
Steven Moreland authored
This reverts commit 9216a6ad. Bug: 65206688 Merged-In: I8e61b77a1abe9543e4fba77defb8062407676fcf Change-Id: I8e61b77a1abe9543e4fba77defb8062407676fcf
-
Peter Enderborg authored
Raw sockets usually imply advanced parsers that might have flaws. If vold need such odd thing, force it to have that in a other domain like filesystem checks. Debug features like ptrace does not belong to vold. Bug: 64791922 Test: Manual Change-Id: I75c62d13f998621f80b2049bce0505442862bf0b
-
Peter Enderborg authored
Hardening vold. Vold has much rights to system sensitive parts and are started by init. Enforce this security. Bug: 64791922 Test: Manual Change-Id: I077d251d1eb7b7292e1a4a785093cb7bf5524a83
-
- Sep 01, 2017
-
-
Dan Willemsen authored
am: 4deeab5c Change-Id: I74319e51a152ba35fdf076a4dffdeeb0dc69763b
-
Dan Willemsen authored
am: cdaf97bf Change-Id: Ibcb3d728c233530f7354b409bf3849a021532b5d
-
Treehugger Robot authored
-
Dan Willemsen authored
Test: SANITIZE_HOST=true m treble_sepolicy_tests Change-Id: I9190dc06715bbbac8a267a143801f99f911decf3
-
Robert Benea authored
am: adf68570 Change-Id: Ida2b4c0d8f400c753566861bd48bcf5459fc40b7
-
Robert Benea authored
am: b22278e4 Change-Id: Id1c46283531412a75ffe46f1beb26d5cdc732b8f
-
Robert Benea authored
-