Commits · 9c820a11a9071981c559bcb0fb6c9286028c6edc · Werner Sembach / AndroidSystemSEPolicy

Jun 06, 2016

audit domain_deprecated perms for removal · 9c820a11
Jeff Vander Stoep authored 8 years ago
```
Grant permissions observed.

Bug: 28760354
Change-Id: Ifdead51f873eb587556309c48fb84ff1542ae303
```
9c820a11

Merge "Merge "sepolicy: broaden system_server access to... · b555ddc4

Narayan Kamath authored 8 years ago

Merge "Merge "sepolicy: broaden system_server access to foreign_dex_data_file." into nyc-dev am: ed413a82 am: 80fc2927" into nyc-mr1-dev-plus-aosp
am: 302251cd

* commit '302251cd':

Change-Id: Idcd722f34483aa71d00e939b2ac8594e20596299

b555ddc4

Merge "sepolicy: broaden system_server access to foreign_dex_data_file." into... · 5fdc3248

Narayan Kamath authored 8 years ago

Merge "sepolicy: broaden system_server access to foreign_dex_data_file." into nyc-dev am: ed413a82 am: a6f1e6c5
am: 9b0aeda0

* commit '9b0aeda0':
  sepolicy: broaden system_server access to foreign_dex_data_file.

Change-Id: I46b327a9effcb1bad1be498d2ed088df096f593a

5fdc3248

Merge "Merge "sepolicy: broaden system_server access to... · 302251cd

Android Build Merger (Role) authored 8 years ago

Merge "Merge "sepolicy: broaden system_server access to foreign_dex_data_file." into nyc-dev am: ed413a82 am: 80fc2927" into nyc-mr1-dev-plus-aosp

302251cd

Merge "sepolicy: broaden system_server access to foreign_dex_data_file." into... · 9b0aeda0

Narayan Kamath authored 8 years ago

Merge "sepolicy: broaden system_server access to foreign_dex_data_file." into nyc-dev am: ed413a82
am: a6f1e6c5

* commit 'a6f1e6c5':
  sepolicy: broaden system_server access to foreign_dex_data_file.

Change-Id: Id3742ffeb275db5a2dfe3136b515d26718e1116b

9b0aeda0

Merge "sepolicy: broaden system_server access to foreign_dex_data_file." into... · e8f9621d

Narayan Kamath authored 8 years ago

Merge "sepolicy: broaden system_server access to foreign_dex_data_file." into nyc-dev am: ed413a82
am: 80fc2927

* commit '80fc2927':
  sepolicy: broaden system_server access to foreign_dex_data_file.

Change-Id: Ib83dedaab25850dac45a296b809aa84be3d95562

e8f9621d

Merge "sepolicy: broaden system_server access to foreign_dex_data_file." into nyc-dev · a6f1e6c5

Narayan Kamath authored 8 years ago

am: ed413a82

* commit 'ed413a82':
  sepolicy: broaden system_server access to foreign_dex_data_file.

Change-Id: If6ef21fdca0da453a6bbf2093c2704a3e72c9bcf

a6f1e6c5

Merge "sepolicy: broaden system_server access to foreign_dex_data_file." into nyc-dev · 80fc2927

Narayan Kamath authored 8 years ago

am: ed413a82

* commit 'ed413a82':
  sepolicy: broaden system_server access to foreign_dex_data_file.

Change-Id: Ibd428847a8292cdb47a03aadba133705f653447b

80fc2927

Merge "sepolicy: broaden system_server access to foreign_dex_data_file." into nyc-dev · ed413a82
Narayan Kamath authored 8 years ago

ed413a82

Jun 03, 2016

Merge "Merge "Allow shell to set log.tag.* properties" into nyc-dev am:... · 9584c6ca

Jeff Vander Stoep authored 8 years ago

Merge "Merge "Allow shell to set log.tag.* properties" into nyc-dev am: a34afee0 am: 39423a91" into nyc-mr1-dev-plus-aosp
am: 3936efc1

* commit '3936efc1':

Change-Id: Iddf4994f8d8434637cd045c151c453409478b2e4

9584c6ca

Merge "Allow shell to set log.tag.* properties" into nyc-dev am: a34afee0 am: dd579f9c · bb9cc817
Jeff Vander Stoep authored 8 years ago
```
am: 434384db

* commit '434384db':
  Allow shell to set log.tag.* properties

Change-Id: I13e240a00517296ba7e335301648885808480cd0
```
bb9cc817
Merge "Merge "Allow shell to set log.tag.* properties" into nyc-dev am:... · 3936efc1
Android Build Merger (Role) authored 8 years ago
```
Merge "Merge "Allow shell to set log.tag.* properties" into nyc-dev am: a34afee0 am: 39423a91" into nyc-mr1-dev-plus-aosp
```
3936efc1

Merge "Allow shell to set log.tag.* properties" into nyc-dev am: · 434384db

Jeff Vander Stoep authored 8 years ago

am: dd579f9c

* commit 'dd579f9c':
  Allow shell to set log.tag.* properties

Change-Id: Ia91078ee69563148a778be66a3af7884b137d82b

434384db

Merge "Allow shell to set log.tag.* properties" into nyc-dev am: · f99a300d

Jeff Vander Stoep authored 8 years ago

am: 39423a91

* commit '39423a91':
  Allow shell to set log.tag.* properties

Change-Id: I6a48cccb6584ef146904b0648fa6b79e30006408

f99a300d

Merge "Allow shell to set log.tag.* properties" into nyc-dev · 39423a91

Jeff Vander Stoep authored 8 years ago

am: a34afee0

* commit 'a34afee0':
  Allow shell to set log.tag.* properties

Change-Id: Id898bf9b62dc87cf884021150d29eefb4f703042

39423a91

Merge "Allow shell to set log.tag.* properties" into nyc-dev · dd579f9c

Jeff Vander Stoep authored 8 years ago

am: a34afee0

* commit 'a34afee0':
  Allow shell to set log.tag.* properties

Change-Id: Ic716c9b5b90883c2be5a7ec2a88aa0cfbb31ce5e

dd579f9c

Merge "Allow shell to set log.tag.* properties" into nyc-dev · a34afee0
TreeHugger Robot authored 8 years ago

a34afee0

Allow shell to set log.tag.* properties · d38962bf

Jeff Vander Stoep authored 8 years ago

Also allow shell to set persist.log.tag.*

Bug: 28942894
Change-Id: Ifdb2c87871f159dd15338db372921297aea3bc6b

d38962bf

Jun 02, 2016

sepolicy: broaden system_server access to foreign_dex_data_file. · d82df3bd

Narayan Kamath authored 8 years ago

The system_server needs to rename these files when an app is upgraded.

bug: 28998083
Change-Id: Idb0c1ae774228faaecc359e4e35603dbb534592a

d82df3bd

Merge "expose control over unpriv perf access to shell am: am:... · 453141ce

Daniel Micay authored 8 years ago

Merge "expose control over unpriv perf access to shell am: 7005e25e am: c66f13af" into nyc-mr1-dev-plus-aosp
am: 9daf92ca

* commit '9daf92ca':

Change-Id: Id7948e96d548e63c8b5c1bbd0ad5fe5abde81207

453141ce

expose control over unpriv perf access to shell am: am: · 071fba10

Daniel Micay authored 8 years ago

am: 56cdd2df

* commit '56cdd2df':
  expose control over unpriv perf access to shell

Change-Id: I7b145238ef1b3fbbf9c7427627856b24112fbe72

071fba10

Merge "expose control over unpriv perf access to shell am: 7005e25e am:... · 9daf92ca
Android Build Merger (Role) authored 8 years ago
```
Merge "expose control over unpriv perf access to shell am: 7005e25e am: c66f13af" into nyc-mr1-dev-plus-aosp
```
9daf92ca

expose control over unpriv perf access to shell am: · b685eb71

Daniel Micay authored 8 years ago

am: c66f13af

* commit 'c66f13af':
  expose control over unpriv perf access to shell

Change-Id: I3654c8352ec79c7f4ad6d58adaf7798aed16af42

b685eb71

expose control over unpriv perf access to shell am: · 56cdd2df

Daniel Micay authored 8 years ago

am: c1350181

* commit 'c1350181':
  expose control over unpriv perf access to shell

Change-Id: Ic81044579ac69efc5c7aef3a34248c6bdfa917d5

56cdd2df

expose control over unpriv perf access to shell · c66f13af

Daniel Micay authored 8 years ago

am: 7005e25e

* commit '7005e25e':
  expose control over unpriv perf access to shell

Change-Id: Ic14de78aab253b9e59135adde8d6ece536434624

c66f13af

expose control over unpriv perf access to shell · c1350181

Daniel Micay authored 8 years ago

am: 7005e25e

* commit '7005e25e':
  expose control over unpriv perf access to shell

Change-Id: I2ea512b705a480da5c7818601c584f696c7ba3b7

c1350181

resolve merge conflicts of to nyc-dev-plus-aosp am: · 3ec557c8

Jeff Vander Stoep authored 8 years ago

am: bd5e74bb

* commit 'bd5e74bb':
  expose control over unpriv perf access to shell

Change-Id: I987bc536270fcab5530604bf4d4a0f74f528bc29

3ec557c8

resolve merge conflicts of to nyc-dev-plus-aosp · bd5e74bb

Daniel Micay authored 8 years ago

am: 1fcd8095

* commit '1fcd8095':
  expose control over unpriv perf access to shell

Change-Id: I96514ce5be1df668e86d745084a2a025adfdae28

bd5e74bb

resolve merge conflicts of bc0e1136 to nyc-dev-plus-aosp · 1fcd8095
Jeff Vander Stoep authored 8 years ago
```
Change-Id: I35015c89b3b036816665deccc5e20cd2e90ca208
```
1fcd8095

expose control over unpriv perf access to shell · 7005e25e

Daniel Micay authored 8 years ago

(Cherry picked from commit 38ac77e4)

This allows the shell user to control whether unprivileged access to
perf events is allowed.

To enable unprivileged access to perf:

    adb shell setprop security.perf_harden 0

To disable it again:

    adb shell setprop security.perf_harden 1

This allows Android to disable this kernel attack surface by default,
while still allowing profiling tools to work automatically. It can also
be manually toggled, but most developers won't ever need to do that if
tools end up incorporating this.

Bug: 29054680

Change-Id: Idcf6a2f6cbb35b405587deced7da1f6749b16a5f

7005e25e

Jun 01, 2016

expose control over unpriv perf access to shell · bc0e1136

Daniel Micay authored 8 years ago

am: 38ac77e4

* commit '38ac77e4':
  expose control over unpriv perf access to shell

Change-Id: I3fb4eb3edfcf68ce678e8cf1566a29e70d6cf1c3

bc0e1136

SELinux policy for /data/misc/profman am: a5d07925 am: 90b00895 · a12cde1c
David Sehr authored 8 years ago
```
am: 2d759f50

* commit '2d759f50':

Change-Id: Id5733bace310d6615e5cf0eedca1aedf1990b805
```
a12cde1c

SELinux policy for /data/misc/profman am: am: · 38561149

David Sehr authored 8 years ago

am: c6138575

* commit 'c6138575':
  SELinux policy for /data/misc/profman

Change-Id: If6d0fd15fdba2b880bedcde2c6194aa0feb559e2

38561149

SELinux policy for /data/misc/profman am: a5d07925 · 2d759f50
David Sehr authored 8 years ago
```
am: 90b00895

* commit '90b00895':

Change-Id: Icf7020f3af736ace01ab6e63c0a6be1a01397a07
```
2d759f50

SELinux policy for /data/misc/profman am: · c6138575

David Sehr authored 8 years ago

am: b8097f05

* commit 'b8097f05':
  SELinux policy for /data/misc/profman

Change-Id: Ic2060d7a1caeb8c25c99f1dd369e80decb154ab5

c6138575

SELinux policy for /data/misc/profman · 90b00895

David Sehr authored 8 years ago

am: a5d07925

* commit 'a5d07925':
  SELinux policy for /data/misc/profman

Change-Id: I1329afb3191abaa1b08ce9a706228a02a0c53a47

90b00895

SELinux policy for /data/misc/profman · b8097f05

David Sehr authored 8 years ago

am: a5d07925

* commit 'a5d07925':
  SELinux policy for /data/misc/profman

Change-Id: I323b969ba609518da59880e47d6e13686e1203e8

b8097f05

SELinux policy for /data/misc/profman · a5d07925
David Sehr authored 8 years ago
```
Bug: 28748264
Change-Id: I872c25666707beb737f3ce7a4f706c0135df7ad5
```
a5d07925

May 31, 2016

expose control over unpriv perf access to shell · 38ac77e4

Daniel Micay authored 8 years ago

This allows the shell user to control whether unprivileged access to
perf events is allowed.

To enable unprivileged access to perf:

    adb shell setprop security.perf_harden 0

To disable it again:

    adb shell setprop security.perf_harden 1

This allows Android to disable this kernel attack surface by default,
while still allowing profiling tools to work automatically. It can also
be manually toggled, but most developers won't ever need to do that if
tools end up incorporating this.

Bug: 29054680

Change-Id: Idcf6a2f6cbb35b405587deced7da1f6749b16a5f

38ac77e4

May 27, 2016
- Merge "Remove tee_device access from mediaserver" into nyc-dev am: 0e1153ec am: d06a58d3 · dcf83c44
  Marco Nelissen authored 8 years ago
  
  am: 178e7960 * commit '178e7960': Change-Id: I65d074fbb98350e7633593338e04ada32510dea9
  dcf83c44