Skip to content
Snippets Groups Projects
Select Git revision
  • android-7.1.2_r28_klist
  • master default protected
  • pie-cts-release
  • pie-vts-release
  • pie-cts-dev
  • oreo-mr1-iot-release
  • sdk-release
  • oreo-m6-s4-release
  • oreo-m4-s12-release
  • pie-release
  • pie-r2-release
  • pie-r2-s1-release
  • oreo-vts-release
  • oreo-cts-release
  • oreo-dev
  • oreo-mr1-dev
  • pie-gsi
  • pie-platform-release
  • pie-dev
  • oreo-cts-dev
  • android-o-mr1-iot-release-1.0.4
  • android-9.0.0_r8
  • android-9.0.0_r7
  • android-9.0.0_r6
  • android-9.0.0_r5
  • android-8.1.0_r46
  • android-8.1.0_r45
  • android-n-iot-release-smart-display-r2
  • android-vts-8.1_r5
  • android-cts-8.1_r8
  • android-cts-8.0_r12
  • android-cts-7.1_r20
  • android-cts-7.0_r24
  • android-o-mr1-iot-release-1.0.3
  • android-cts-9.0_r1
  • android-8.1.0_r43
  • android-8.1.0_r42
  • android-n-iot-release-smart-display
  • android-p-preview-5
  • android-9.0.0_r3
40 results
Search by author
  • Any Author
  • Werner Sembach Matombo
  • dex dex dex
2 authors
  1. Jul 13, 2016
    • Christopher Wiley's avatar
      SEPolicy to start hostapd via init · 8a6c5f85
      Christopher Wiley authored 
      While here, remove a lot of extra permissions that we apparently
had because hostapd was inheriting fds from netd.

Bug: 30041118
Test: netd can request init to start/stop hostapd without denials.

Change-Id: Ia777497443a4226a201030eccb9dfc5a40f015dd
      8a6c5f85
  3. Jul 12, 2016
  5. Jul 11, 2016
  7. Jul 08, 2016
  9. Jul 07, 2016
  11. Jul 06, 2016
  13. Jul 02, 2016
  15. Jul 01, 2016
    • Christopher Wiley's avatar
      Allow system_server to call wificond via Binder · 71fb20be
      Christopher Wiley authored 
      WifiStateMachin: type=1400 audit(0.0:24): avc: denied { call } for
scontext=u:r:system_server:s0 tcontext=u:r:wificond:s0 tclass=binder
permissive=0

Bug: 29607308
Test: Above denial disapears

Change-Id: I9b5cfe414683991ffb6308eea612ca6750f1b8ec
      71fb20be
    • Christopher Wiley's avatar
      Allow wificond to mark interfaces up and down · b6a6561d
      Christopher Wiley authored 
      avc: denied { create } for scontext=u:r:wificond:s0
tcontext=u:r:wificond:s0 tclass=udp_socket permissive=0

avc: denied { net_raw } for capability=13 scontext=u:r:wificond:s0
tcontext=u:r:wificond:s0 tclass=capability permissive=0

avc: denied { read } for name="psched" dev="proc" ino=4026535377
scontext=u:r:wificond:s0 tcontext=u:object_r:proc_net:s0 tclass=file
permissive=0

Test: fixes above avc denials
Bug: 29579539

Change-Id: Ie1dff80103e81cfba8064a22b5dd3e1e8f29471b
      b6a6561d
    • Christopher Wiley's avatar
      Separate permissions to set WiFi related properties · 1ebfdd6a
      Christopher Wiley authored 
      wificond would like to be able to set WiFi related properties
without access to the rest of the system properties.  Today,
this only involves marking the driver as loaded or unloaded.

avc: denied { write } for name="property_service" dev="tmpfs" ino=10100
scontext=u:r:wificond:s0 tcontext=u:object_r:property_socket:s0
tclass=sock_file permissive=0

Bug: 29579539
Test: No avc denials related to system properties across
      various WiFi events.

Change-Id: I6d9f1de3fbef04cb7750cc3753634f9e02fdb71f
      1ebfdd6a
    • Christopher Wiley's avatar
      Define explicit label for wlan sysfs fwpath · 7d13dd80
      Christopher Wiley authored 
      avc: denied { write } for name="fwpath" dev="sysfs" ino=6863
scontext=u:r:wificond:s0 tcontext=u:object_r:sysfs_wlan_fwpath:s0
tclass=file permissive=0

Test: wificond and netd can write to this path, wifi works
Test: `runtest frameworks-wifi` passes

Bug: 29579539

Change-Id: Ia21c654b00b09b9fe3e50d564b82966c9c8e6994
      7d13dd80
  17. Jun 30, 2016
    • Roshan Pius's avatar
      Merge "sepolicy: Add permissions for wpa_supplicant binder" · bcd838eb
      Roshan Pius authored
      bcd838eb
    • Roshan Pius's avatar
      sepolicy: Add permissions for wpa_supplicant binder · 18883a93
      Roshan Pius authored 
      Add the necessary permissions for |wpa_supplicant| to expose a binder
interface. This binder interface will be used by the newly added
|wificond| service (and potentially system_server).
|wpa_supplicant| also needs to invoke binder callbacks on |wificond|.

Changes in the CL:
1. Allow |wpa_supplicant| to register binder service.
2. Allow |wpa_supplicant| to invoke binder calls on |wificond|.
3. Allow |wificond| to invoke binder calls on |wpa_supplicant|

Denials:
06-30 08:14:42.788   400   400 E SELinux : avc:  denied  { add } for
service=wpa_supplicant pid=20756 uid=1010 scontext=u:r:wpa:s0
tcontext=u:object_r:default_android_service:s0 tclass=service_manager
permissive=1

BUG:29877467
TEST: Compiled and ensured that the selinux denials are no longer
present in logs.
TEST: Ran integration test to find the service.

Change-Id: Ib78d8e820fc81b2c3d9260e1c877c5faa9f1f662
      18883a93
  19. Jun 29, 2016
  21. Jun 28, 2016