- Apr 19, 2017
-
-
Jack He authoredBug: 37476041 Test: make, pair and connect to HID device Change-Id: Ic7e81382994769e3f3a91255dcf3624edeaf6bfd
-
- Apr 18, 2017
-
-
Dan Cashman authored
This could be useful in diffs between policy versions. Bug: 37357742 Test: sepolicy-analyze lists all attributes in precompiled_policy. Change-Id: I6532a93d4102cf9cb12b73ee8ed86ece368f9131
-
- Apr 17, 2017
-
-
Jerry Zhang authored
MediaProvider requires permissions that diverge from those of a typical priv_app. This create a new domain and removes Mtp related permissions from priv_app. Bug: 33574909 Test: Connect with MTP, download apps and files, select ringtones Test: DownloadProvider instrument tests, CtsProviderTestCases Change-Id: I950dc11f21048c34af639cb3ab81873d2a6730a9
-
- Apr 15, 2017
-
-
Treehugger Robot authored
-
- Apr 14, 2017
-
-
Tianjie Xu authored
Encountered more denials on sailfish: avc: denied { read } for pid=439 comm="recovery" name="thermal" dev="sysfs" ino=28516 scontext=u:r:recovery:s0 tcontext=u:object_r:sysfs_thermal:s0 tclass=dir permissive=0 avc: denied { read } for pid=441 comm="recovery" name="thermal_zone9" dev="sysfs" ino=40364 scontext=u:r:recovery:s0 tcontext=u:object_r:sysfs_thermal:s0 tclass=lnk_file permissive=0 Bug: 36920500 Test: sideload a package in sailfish Change-Id: Ib4e89ba48cdc383318e5f3b7b15f542434e43564 -
Treehugger Robot authored
-
- Apr 13, 2017
-
-
Jeff Vander Stoep authored
Remove domain_deprecated from bluetooth. This removes some unnecessarily permissive rules. Bug: 25433265 Test: All of the permissions being removed were being audited. Verify that no audited (granted) avc messages for bluetooth exist in in the logs. Change-Id: Ifa12a0f1533edcb623bbb9631f88f1ff1d6d7085 -
Jerry Zhang authored
These were previously in device specific sepolicies. They should be in core sepolicy to reflect their use by a core init file, init.usb.configfs.rc. Addresses denial: init : type=1400 audit(0.0:135): avc: denied { unlink } for name="f1" dev="configfs" ino=10923 scontext=u:r:init:s0 tcontext=u:object_r:configfs:s0 tclass=lnk_file permissive=0 Test: denial addressed Change-Id: I869892f9d0c311b727462fb380f4160feb986215
-
- Apr 12, 2017
-
-
Treehugger Robot authored
-
Treehugger Robot authored
-
Treehugger Robot authored
-
- Apr 11, 2017
-
-
Tom Cherry authored
This was marked deprecated in 2014 and removed in 2015, let's remove the sepolicy now too. Test: see that logging still works on bullhead Change-Id: I4caa0dbf77956fcbc61a07897242b951c275b502
-
Jorge Lucangeli Obes authored
With build/core eaa9d88cf, system_server should not be loading code from /data. Add an auditallow rule to report violations. Bug: 37214733 Test: Boot marlin, no SELinux audit lines for system_server. Change-Id: I2e25eb144503274025bd4fc9bb519555851f6521
-
Dan Cashman authored
Create PLATFORM_SEPOLICY_VERSION, which is a version string to represent the platform sepolicy of the form "NN.m" where "NN" mirrors the PLATFORM_SDK_VERSION and "m" is a policy-based minor version that is incremented with every policy change that requires a new backward-compatible mapping file to be added to allow for future-proofing vendor policy against future platform policy. (cherry-pick of commit 6f14f6b7) Bug: 36783775 Test: Device boots when sha256 doesn't match and compilation is forced. Change-Id: I4edb29824f2050a5a6e1bc078c100cf42e45c303
-
Sandeep Patil authored
The sepolicy version takes SDK_INT.<minor> format. Make sure our 'current' policy version reflects the format and make it '100000.0'. This ensures any vendor.img compiled with this will never work with a production framework image either. Make version_policy replace the '.' in version by '_' so secilc is happy too. This unblocks libvintf from giving out a runtme API to check vendor's sepolicy version. The PLAT_PUBLIC_SEPOLICY_CURRENT_VERSION will eventually be picked up from the build system. (cherry-pick of commit 42f95984) Bug: 35217573 Test: Build and boot sailfish. Boot sailfish with sepolicy compilation on device. Signed-off-by:
Sandeep Patil <sspatil@google.com>
Change-Id: Ic8b6687c4e71227bf9090018999149cd9e11d63b
-
- Apr 10, 2017
-
-
Josh Gao authored
-
- Apr 07, 2017
-
-
Tianjie Xu authored
-
- Apr 06, 2017
-
-
Dan Cashman authored
This is a necessary first step to finalizing the SELinux policy build process. The mapping_sepolicy.cil file is required to provide backward compatibility with the indicated vendor-targeted version. This still needs to be extended to provide N mapping files and corresponding SHA256 outputs, one for each of the N previous platform versions with which we're backward-compatible. (cherry-pick of commit: 0e9c47c0) Bug: 36783775 Test: boot device with matching sha256 and non-matching and verify that device boots and uses either precompiled or compiled policy as needed. Also verify that mapping_sepolicy.cil has moved. Change-Id: I5692fb87c7ec0f3ae9ca611f76847ccff9182375
-
Josh Gao authored
Add /dev/kmsg_debug on userdebug devices, to allow crash_dump to log crashes to dmesg when logd isn't up yet (or is the one crashing). Bug: http://b/36574794 Test: stop tombstoned; crasher; dmesg Change-Id: I249e11291c58fee77098dec3fd3271ea23363ac9
-
Tianjie Xu authored
We want to track temperature metrics during an OTA update. denial message: denied { search } for pid=349 comm="recovery" name="thermal" dev="sysfs" ino=18029 scontext=u:r:recovery:s0 tcontext=u:object_r:sysfs_thermal:s0 tclass=dir permissive=0 denied { read } for pid=326 comm="recovery" name="temp" dev="sysfs" ino=18479 scontext=u:r:recovery:s0 tcontext=u:object_r:sysfs_thermal:s0 tclass=file permissive=0 Bug: 36920500 Bug: 32518487 Test: temperature logs on angler Change-Id: Ib70c1c7b4e05f91a6360ff134a11c80537d6015e
-
- Apr 04, 2017
-
-
Treehugger Robot authored
-
Tianjie Xu authored
-
Treehugger Robot authored
-
Tianjie Xu authored
Currently update_verifier only verifies the blocks when dm-verity is in 'enforcing' mode; and dm-verity will reboot the device upon detection of errors. However, sometimes the verity mode is not guaranteed to be correct. When mode is 'eio' for example, dm-verity will not trigger a reboot but rather fail the read. So update_verifier need to take the responsibility to reboot the device. Otherwise the device will continue to boot without setting the flag "isSlotMarkedSuccessful". Denial message: update_verifier: type=1400 audit(0.0:18): avc: denied { write } for name="property_service" dev="tmpfs" ino=14678 scontext=u:r:update_verifier:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=0 Bug: 36260064 Test: powerctl property sets successfully Change-Id: I7431f87e2d61be1425397732aebb369d4ad4c26c -
Steven Moreland authored
Test: works on internal marlin Bug: 34274385 Change-Id: Idd35e5cdccb595b4e5994eb1d78fdeece0aec0a6
-
- Apr 03, 2017
-
-
Mark Salyzyn authored
logcatd is the same as logcat, except that the -L flag, if supplied, runs once, then the command re-runs itself without the -L flag with the same argument set. By introducing a logcatd daemon executable we can solve the problem of the longish reads from pstore that sometimes occur when the system is excessively busy spinning in a foreground task starving this daemon as we absorb the delay in an init service, rather than in an init exec. This would not have been efficiently possible without the introduction of liblogcat. Test: gTest logcat-unit-tests Test: Manual check logpersist operations Bug: 28788401 Bug: 30041146 Bug: 30612424 Bug: 35326290 Change-Id: I3454bad666c66663f59ae03bcd72e0fe8426bb0a
-
- Mar 31, 2017
-
-
Daniel Cashman authored
am: cb6f8f02 Change-Id: I47b6a0362f268ba1a599ab2354f72357fc7b79cc
-
Daniel Cashman authored
-
Tom Cherry authored
am: 6b92e26a Change-Id: Ie76aa1f95e72b6183c13be4f9dc86481a2d63077
-
Vishwath Mohan authored
am: a2e9664c Change-Id: I184d353b6ca0c8e5b712da11b4de777e04a5b79f
-
Tom Cherry authored
-
Treehugger Robot authored
-
Dan Cashman authored
sepolicy-analyze allows users to see all types that have a given attribute, but not the reverse case: all attributes of a given type. Add a '--reverse' option which enables this, but keeps the previous interface. Usage: sepolicy-analyze sepolicy attribute -r init Bug: 36508258 Test: Build and run against current policy. Change-Id: Ice6893cf7aa2ec4706a7411645a8e0a8a3ad01eb
-
-
Treehugger Robot authored
-
- Mar 30, 2017
-
-
Jin Qian authored
Test: adb kill-server && adb shell dumpsys storaged Bug: 36492915 Change-Id: I3a1a2ad2f016ddd5770d585cae82c8be69001df9
-
Myles Watson authored
am: 02d9d21d Change-Id: I29861f9cc52001f2968c2313f48031dd01afe8c7
-
Tom Cherry authored
Init is no longer calling vdc with logwrapper, so it must take care of logging to kmsg directly. Change-Id: I529f5a95e19c08ef75e0da9a02bae1cb7187eec0 avc: denied { write } for pid=367 comm="vdc" name="kmsg" dev="tmpfs" ino=11056 scontext=u:r:vdc:s0 tcontext=u:object_r:kmsg_device:s0 tclass=chr_file permissive=0 Test: observe vdc logging in kmsg on boot and stderr on normal usage Change-Id: Ie3678509d360f19b95cb03aeea75f29843728203 -
Myles Watson authored
Devices that store their BT MAC address in /data/misc/bluedroid/ need to find another place for that file. Bug: 36602160 Test: Restart Bluetooth, check for selinux denials/files in /data/misc Change-Id: Ib8d610f201a8c35f95b464c24857c6639205bc66 Merged-In: Ib8d610f201a8c35f95b464c24857c6639205bc66
-
Vishwath Mohan authored
This CL changes the policy for ASAN files on-disk to support the changes made by the following CLs - https://android-review.googlesource.com/#/c/359087/ https://android-review.googlesource.com/#/c/359389/ which refactor the on-disk layout of sanitized libraries in the following manner - /data/lib* --> /data/asan/system/lib* /data/vendor/* --> /data/asan/vendor/* There are a couple of advantages to this, including better isolation from other components, and more transparent linker renaming and SELinux policies. Bug: 36574794 Bug: 36674745 Test: m -j40 && SANITIZE_TARGET="address" m -j40 and the device boots. All sanitized libraries are correctly located in /data/asan/*, and have the right SELinux permissions. Change-Id: Ib08e360cecc8d77754a768a9af0f7db35d6921a9
-