Commits · 8d614b3f8191ece8a8ce5002949a0fe54e009177 · Werner Sembach / AndroidSystemSEPolicy

Sep 25, 2017
- Move python sepolicy tests to embedded launcher · 8d614b3f
  Jeff Vander Stoep authored 7 years ago
  
  This is a necessary for enforcing these tests in CTS. Bug: 37008075 Test: build Change-Id: I36b4ce71c26a0ba01cd0289fe363f0a9f7db1214
  8d614b3f
- Revert "Move python sepolicy tests to embedded launcher" · b33f117f
  Jeff Vander Stoep authored 7 years ago
  
  This reverts commit 0b4edc4e. Bug: 66912095 Test: build
  b33f117f
Sep 24, 2017

Move python sepolicy tests to embedded launcher · 0b4edc4e

This is a necessary for enforcing these tests in CTS.

Bug: 37008075
Test: build
Change-Id: If6c045270d2a4e17f20bf59cc86ac074479346b3

0b4edc4e

Sep 23, 2017

Remove mini_parser target · b67c757c

Jeff Vander Stoep authored 7 years ago

It's already included in srcs for treble_sepolicy_tests.

Bug: 65263013
Test: build
Change-Id: I208ec6a864127a059fb389417a9c6b259d7474cb

b67c757c

Move python scripts to python_binary_host build rule · 5c5e79cd
Jeff Vander Stoep authored 7 years ago
```
Fixes: 65263013
Test: build
Change-Id: I0ec412481c5990927fcbee7c4303bee2da876210
```
5c5e79cd

Sep 21, 2017
- Selinux: Give runas permission to read system_data_file links am: 4481b885 ... · f71f0c94
  Andreas Gampe authored 7 years ago
  
  Selinux: Give runas permission to read system_data_file links am: 4481b885 am: 16efc04d am: e9354cda am: a28ad688 Change-Id: Ib55ee766b488ce1b73f7fc6b04111ace0c5000ba
  f71f0c94
- Selinux: Give runas permission to read system_data_file links am: 4481b885 am: 16efc04d · a28ad688
  Andreas Gampe authored 7 years ago
  
  am: e9354cda Change-Id: I330100bace90ebf5c4859c6577bf43ede1185b59
  a28ad688
- Selinux: Give runas permission to read system_data_file links am: 4481b885 · e9354cda
  Andreas Gampe authored 7 years ago
  
  am: 16efc04d Change-Id: I9615973f5b9eef7810c3cfb5469bd3ce8797c939
  e9354cda
- Selinux: Give runas permission to read system_data_file links · 16efc04d
  Andreas Gampe authored 7 years ago
  
  am: 4481b885 Change-Id: I3763d7f5ce22ff43e2adb8f7125e789f2c061e9e
  16efc04d
- Merge "Explicitly label filesystem files in /proc" · 01c57421
  Tri Vo authored 7 years ago
  
  01c57421
- Selinux: Give runas permission to read system_data_file links · 4481b885
  Andreas Gampe authored 7 years ago
  
  Run-as is running a command under an app's uid and in its data directory. That data directory may be accessed through a symlink from /data/user. So give runas rights to read such a symlink. Bug: 66292688 Test: manual Test: CTS JVMTI tests Change-Id: I0e0a40d11bc00d3ec1eee561b6223732a0d2eeb6
  4481b885
Sep 20, 2017
- Merge "lowpan: Added support for LoWPAN Service and android.hardware.lowpan" · 3093ba28
  Robert Quattlebaum authored 7 years ago
  
  3093ba28
- Explicitly label filesystem files in /proc · 62f2842c
  Tri Vo authored 7 years ago
  
  proc files needed by fwk that were labeled: /proc/filesystems -> proc_filesystems /proc/mounts -> proc_mounts /proc/swaps -> proc_mounts Removed access to proc label from these domains: e2fs, fsck, fsck_untrusted, sdcardd e2fs: added access to proc_filesystems, proc_mounts, proc_swaps fsck: added access to proc_mounts, proc_swaps fsck_untrusted: added access to proc_mounts sdcardd: added access to proc_filesystems vold: added access to proc_filesystems, proc_mounts Bug: 66199084 Test: device boots without selinux denials to new labels or proc label. Change-Id: If0f19e22074419dab0b3a0c6f3a300ea8cb94523
  62f2842c
- lowpan: Added support for LoWPAN Service and android.hardware.lowpan · acfd25ca
  Robert Quattlebaum authored 7 years ago
  
  Bug: b/64090883 Bug: b/33073713 Test: Manual Change-Id: I7aa23c31b1fccae56c1a0e0bd4cfe370aeb911dd
  acfd25ca
- Merge "Explicitly label system_server's dependencies in /proc" · 6928dd3b
  Tri Vo authored 7 years ago
  
  6928dd3b
- Merge "Fix possible memory leak warning." am: 3b24ce50 am: dfdb9628 am: dfea667d · 82627cb5
  Jeffrey Vander Stoep authored 7 years ago
  
  am: 59005d37 Change-Id: I04cb9566dd20d968ea16a79ae7241009068822c9
  82627cb5
- Merge "Fix possible memory leak warning." am: 3b24ce50 am: dfdb9628 · 59005d37
  Jeffrey Vander Stoep authored 7 years ago
  
  am: dfea667d Change-Id: Ic835bf45ab8a2334bdeec6540678d73dddfffa6d
  59005d37
- Merge "Fix possible memory leak warning." am: 3b24ce50 · dfea667d
  Jeffrey Vander Stoep authored 7 years ago
  
  am: dfdb9628 Change-Id: I2abe6f86bbb099e044fa49074fa28260c3e5f8ba
  dfea667d
- Merge "Fix possible memory leak warning." · dfdb9628
  Jeffrey Vander Stoep authored 7 years ago
  
  am: 3b24ce50 Change-Id: Ibfe45f0105811e120f4e83a52f3ba8e4d6b2fb10
  dfdb9628
- Merge "Fix possible memory leak warning." · 3b24ce50
  Jeffrey Vander Stoep authored 7 years ago
  
  3b24ce50
Sep 19, 2017

Bug revert AOSP cherry-picks to enable big diff. am: am: ... · 3609ed64

Daniel Cashman authored 7 years ago

Bug revert AOSP cherry-picks to enable big diff. am: 46f41134 am: bbd7ddaf am: 1373b2fe  -s ours
am: feef1427

Change-Id: I168f6e61a31b047a3f7a858edbcdbaefef30ff24

3609ed64

Bug revert AOSP cherry-picks to enable big diff. am: 46f41134 am: bbd7ddaf · feef1427
Daniel Cashman authored 7 years ago
```
am: 1373b2fe  -s ours

Change-Id: I5f6baddfe13696b4cb088f5ede32032d86705727
```
feef1427
Bug revert AOSP cherry-picks to enable big diff. am: 46f41134 · 1373b2fe
Daniel Cashman authored 7 years ago
```
am: bbd7ddaf

Change-Id: I60b634911abc7598141cbe4a3cd913b6ba832b5c
```
1373b2fe
Bug revert AOSP cherry-picks to enable big diff. · bbd7ddaf
Daniel Cashman authored 7 years ago
```
am: 46f41134

Change-Id: Idfb71caeb839cce156bfa181fa53339e2e791e4b
```
bbd7ddaf

Explicitly label system_server's dependencies in /proc · 8c2323d3

Tri Vo authored 7 years ago

Labeled:
/proc/asound/cards -> proc_asound_cards
/proc/loadavg -> proc_loadavg
/proc/pagetypeinfo -> proc_pagetypeinfo
/proc/version -> proc_version
/proc/vmallocinfo -> proc_vmallocinfo

system_server: added access to all new types  and removed access to proc label.
init: added access to proc_version.
dumpstate: added access to proc_pagetypeinfo, proc_version,
proc_vmallocinfo.
hal_audio: added access to proc_asound_cards.
all_untrusted_apps: extended neverallow rule to include new labels.

Bug: 65980789
Test: device boots without selinux denials to the newly introduced
labels.
Test: "adb shell dumpstate" throws no violations to new labels.
Change-Id: Ic60facd3d4776e38d5e3ba003d06ada4e52c7dca

8c2323d3

Bug revert AOSP cherry-picks to enable big diff. · 46f41134

Daniel Cashman authored 7 years ago

The following commits were cherry-picked from internal master to AOSP,
but to avoid merge-conflicts we'll do a large diff instead of individual
cherry-picks:
521742e9
9aefc916
3686efca
de51e7de
fff3fe2f

Bug: 37916906
Test: angler builds and boots.
Merged-In: Ie010cc12ae866dbb97c387471f433158d3b699f3
Change-Id: I5126ebe88b9c76a74690ecf95851d389cfc22d1f

46f41134

Merge "Remove bootanim access to sysfs and cgroup label." am: am:... · 9f36e10d

Tri Vo authored 7 years ago

Merge "Remove bootanim access to sysfs and cgroup label." am: 76d77fd5 am: 3b8163bf am: 164cb1af
am: dfc6f1bb

Change-Id: I80024cf1886a36d4f73bf285cb77ae68c0455ede

9f36e10d

Merge "Remove bootanim access to sysfs and cgroup label." am: 76d77fd5 am: 3b8163bf · dfc6f1bb
Tri Vo authored 7 years ago
```
am: 164cb1af

Change-Id: I500845c5846a144942f1d331447f395f52d30aa0
```
dfc6f1bb
Merge "Remove bootanim access to sysfs and cgroup label." am: 76d77fd5 · 164cb1af
Tri Vo authored 7 years ago
```
am: 3b8163bf

Change-Id: I7399449691e69bdb9ce5d5fd16aa6cb45fd7da9e
```
164cb1af
Merge "Remove bootanim access to sysfs and cgroup label." · 3b8163bf
Tri Vo authored 7 years ago
```
am: 76d77fd5

Change-Id: I87ce89ce4642116264624288bf367a9ec3087034
```
3b8163bf
Merge "Remove bootanim access to sysfs and cgroup label." · 76d77fd5
Treehugger Robot authored 7 years ago

76d77fd5
Merge "Remove rild access to proc label." am: b842836f am: 29f2e953 am: cf79ab6c · cf050cab
Tri Vo authored 7 years ago
```
am: c0e7f41f

Change-Id: I9dc5d4dfe7f8a4baf39a8d7a602137965531f968
```
cf050cab
Merge "Remove rild access to proc label." am: b842836f am: 29f2e953 · c0e7f41f
Tri Vo authored 7 years ago
```
am: cf79ab6c

Change-Id: I7248edaa6637001c059fb3b7627c5f8d6d6d739d
```
c0e7f41f
Merge "Remove rild access to proc label." am: b842836f · cf79ab6c
Tri Vo authored 7 years ago
```
am: 29f2e953

Change-Id: Icdce6dc5026da58beee8f218008d09dd39878f39
```
cf79ab6c
Merge "Remove rild access to proc label." · 29f2e953
Tri Vo authored 7 years ago
```
am: b842836f

Change-Id: If6c0db7fb4838140347a68c39dec9f10b4c298d7
```
29f2e953
Merge "Remove rild access to proc label." · b842836f
Tri Vo authored 7 years ago

b842836f

Remove bootanim access to sysfs and cgroup label. · d7ae84ae

Tri Vo authored 7 years ago

Bug: 65643247
Test: device boots without denials from bootanim to sysfs and cgroup.
Change-Id: Icf8c45906cb83e1b0a60737d67ae584b9d1b34aa

d7ae84ae

Bulk-revert changes caused by AOSP cherry-picks. · c3f9ebda

Dan Cashman authored 7 years ago

In order to bring AOSP development back in-line with master development,
some CLs were cherry-picked individually from internal master to AOSP,
which were then merged back into internal master (MERGED-IN was missing).
Due to merge-conflict pain, these are being reverted in favor of one
big diff.  This CL reverts the changes that were auto-merged in as a result,
and can be used as the target of MERGED-IN when reverting the individual
cherry-picks in AOSP.

This reverts commit a08fe91e, reversing
changes made to 11481d1d.

This reverts commit 7ec5ecfb, reversing
changes made to 6fecbbb2.

Bug: 37916906
Test: Builds 'n' boots.

c3f9ebda

Merge "Destroy vold socket interface completely." · 09c93f4b
Jeff Sharkey authored 7 years ago

09c93f4b

Sep 18, 2017

Remove rild access to proc label. · 393d548c

Tri Vo authored 7 years ago

Bug: 65643247
Test: device boots without denials from rild to proc.
Change-Id: I142a228347ef07266cb612e99c90fb5ec187988a

393d548c