Skip to content
Snippets Groups Projects
Select Git revision
  • android-7.1.2_r28_klist
  • master default protected
  • pie-cts-release
  • pie-vts-release
  • pie-cts-dev
  • oreo-mr1-iot-release
  • sdk-release
  • oreo-m6-s4-release
  • oreo-m4-s12-release
  • pie-release
  • pie-r2-release
  • pie-r2-s1-release
  • oreo-vts-release
  • oreo-cts-release
  • oreo-dev
  • oreo-mr1-dev
  • pie-gsi
  • pie-platform-release
  • pie-dev
  • oreo-cts-dev
  • android-o-mr1-iot-release-1.0.4
  • android-9.0.0_r8
  • android-9.0.0_r7
  • android-9.0.0_r6
  • android-9.0.0_r5
  • android-8.1.0_r46
  • android-8.1.0_r45
  • android-n-iot-release-smart-display-r2
  • android-vts-8.1_r5
  • android-cts-8.1_r8
  • android-cts-8.0_r12
  • android-cts-7.1_r20
  • android-cts-7.0_r24
  • android-o-mr1-iot-release-1.0.3
  • android-cts-9.0_r1
  • android-8.1.0_r43
  • android-8.1.0_r42
  • android-n-iot-release-smart-display
  • android-p-preview-5
  • android-9.0.0_r3
40 results
Search by author
  • Any Author
  • Werner Sembach Matombo
  • dex dex dex
2 authors
  1. Oct 06, 2016
  3. Jun 23, 2016
  5. Jun 21, 2016
  7. Jun 16, 2016
  9. Jun 15, 2016
    • Amith Yamasani's avatar
      Allow installd to delete the foreign-dex folder · a4e2aa13
      Amith Yamasani authored 
      Grant installd the policies to recursively delete
the foreign-dex folder when removing a user. Otherwise
the user cleanup will partially fail and cause a boot loop
when the userId is reused as some later point.

Bug: 29285673
Change-Id: I023f150cffbeb10b6014f48bca9eb0922c2d630a
      a4e2aa13
  11. Jun 14, 2016
    • dcashman's avatar
      Keep pre-existing sysfs write permissions. · 17cfd3fc
      dcashman authored 
      Commit: b144ebab added the sysfs_usb
type and granted the read perms globally, but did not add write
permissions for all domains that previously had them.  Add the ability
to write to sysfs_usb for all domains that had the ability to write to
those files previously (sysfs).

Address denials such as:
type=1400 audit(1904.070:4): avc:  denied  { write } for  pid=321 comm="ueventd" name="uevent" dev="sysfs" ino=1742 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_usb:s0 tclass=file permissive=0

Bug: 28417852
Change-Id: I4562ea73f2158ebefba74b58ca572f2176d1b849
      17cfd3fc
    • Nick Kralevich's avatar
      Add SIOCGSTAMP SIOCGSTAMPNS to unpriv_sock_ioctls · 92e79e22
      Nick Kralevich authored 
      Per "man socket":

  SIOCGSTAMP
  Return a struct timeval with the receive timestamp of the last packet
  passed to the user. This is useful for accurate round trip time
  measurements. See setitimer(2) for a description of struct timeval.
  This ioctl should only be used if the socket option SO_TIMESTAMP is
  not set on the socket. Otherwise, it returns the timestamp of the last
  packet that was received while SO_TIMESTAMP was not set, or it fails
  if no such packet has been received, (i.e., ioctl(2) returns -1 with
  errno set to ENOENT).

Addresses the following denial:

avc: denied { ioctl } for comm=6E6574776F726B5F74687265616420
path="socket:[42934]" dev="sockfs" ino=42934 ioctlcmd=8906
scontext=u:r:untrusted_app:s0:c512,c768
tcontext=u:r:untrusted_app:s0:c512,c768 tclass=udp_socket permissive=0

Bug: 29333189
Change-Id: I916a695fa362cf1cf6759629c7f6101e9f657e7d
      92e79e22
  13. Jun 13, 2016
  15. Jun 10, 2016
    • Marco Nelissen's avatar
      reduce mediaserver permissions · f8f4d3e1
      Marco Nelissen authored 
      It no longer needs access to audio and camera

Bug: 22775369
Change-Id: I1de1f0e3504b214d6943733bf60eb83654b71048
      f8f4d3e1
    • dcashman's avatar
      Allow access to sysfs usb nodes. · b144ebab
      dcashman authored 
      Some legitimate functionality currently requires direct sysfs access
that is not otherwise possible via the android APIs.  Specifically,
isochronous USB transfers require this direct access, without which USB
audio applications would noticibly suffer.

Grant read access to the usb files under /sys/devices to prevent this
regression.

Bug: 28417852
Change-Id: I3424bf3498ffa0eb647a54cc962ab8c54f291728
      b144ebab
  17. Jun 09, 2016
  19. Jun 08, 2016
  21. Jun 07, 2016
  23. Jun 06, 2016
  25. Jun 03, 2016
  27. Jun 02, 2016
    • Narayan Kamath's avatar
      sepolicy: broaden system_server access to foreign_dex_data_file. · d82df3bd
      Narayan Kamath authored 
      The system_server needs to rename these files when an app is upgraded.

bug: 28998083
Change-Id: Idb0c1ae774228faaecc359e4e35603dbb534592a
      d82df3bd
    • Daniel Micay's avatar
      expose control over unpriv perf access to shell · 7005e25e
      Daniel Micay authored 
      (Cherry picked from commit 38ac77e4)

This allows the shell user to control whether unprivileged access to
perf events is allowed.

To enable unprivileged access to perf:

    adb shell setprop security.perf_harden 0

To disable it again:

    adb shell setprop security.perf_harden 1

This allows Android to disable this kernel attack surface by default,
while still allowing profiling tools to work automatically. It can also
be manually toggled, but most developers won't ever need to do that if
tools end up incorporating this.

Bug: 29054680

Change-Id: Idcf6a2f6cbb35b405587deced7da1f6749b16a5f
      7005e25e
  29. Jun 01, 2016
  31. May 27, 2016
  33. May 26, 2016
  35. May 24, 2016
    • Fyodor Kupolov's avatar
      SELinux policies for /data/preloads directory · 49ac2a3d
      Fyodor Kupolov authored 
      A new directory is created in user data partition that contains preloaded
content such as a retail mode demo video and pre-loaded APKs.

The new directory is writable/deletable by system server. It can only be
readable (including directory list) by privileged or platform apps

Bug: 28855287
Change-Id: I3816cd3a1ed5b9a030965698a66265057214f037
      49ac2a3d
  37. May 16, 2016
  39. May 13, 2016
  41. May 12, 2016