- May 24, 2017
-
-
Michael Schwartz authoredam: aa15c0af Change-Id: I2472fae6dec8202842dc35d36eb03248256dcd45
-
Michael Schwartz authored
am: 1c8e8e0e Change-Id: I45c6a937eea4a110c0137d1e1573fe50fd71f4cd
-
-
Michael Schwartz authored
-
-
-
-
Treehugger Robot authored
-
Josh Gao authored
Fix the following denial: avc: denied { append } for pid=1093 comm="mediaextractor" path="pipe:[68438]" dev="pipefs" ino=68438 scontext=u:r:mediaextractor:s0 tcontext=u:r:dumpstate:s0 tclass=fifo_file permissive=1 ppid=1 pcomm="init" pgid=1 pgcomm="init" Bug: http://b/38444258 Test: none Change-Id: I58162e3a28b744a58396e77d6b0e2becb5633d6a -
-
-
- May 23, 2017
-
-
-
Pankaj Kanwar authored
-
pkanwar authored
Update SE Policy to allow calls to and callbacks for the Tether Offload HAL HIDL binderized service. Bug: 38417260 Test: New functionality. So we don't have any tests. Change-Id: I2c95b290523c55c081afa1bca091f368559c9125
-
Marc Hittinger authored
-
- May 22, 2017
-
-
-
Jason Monk authored
am: a2c24197 Change-Id: I126a9e8f6015083515f2c85ac42f0c14f6c47f88
-
-
-
Jason Monk authored
am: 69bb06e5 Change-Id: Ia87985dca88d3f5ebf8db51b7a27bc44e6090538
-
-
Jason Monk authored
am: ca7d90ca Change-Id: Ibe4770026852338dcfde327857ccffb1fc91a5a0
-
-
-
Jason Monk authored
am: de5db3ab Change-Id: If61aa850ab0f6060ec7a863cc0107f68f1db9400
-
Nick Kralevich authored
am: 6b3ef921 Change-Id: Iefc3436c532f5f291345e3d01a1cbe175d69e619
-
Nick Kralevich authored
am: 5ee08053 Change-Id: I530872c3d9a8ddf5a03353b27e75ea1043cd2ab2
-
Nick Kralevich authored
am: dddbd2f3 Change-Id: I517d7bbd415e28d2ba7719f17c1ddcc7c28f20a0
-
Nick Kralevich authored
am: 3d8dde0e Change-Id: I19cb50ee62d217f025bb7fcf535257dac3b3610e
-
Nick Kralevich authored
Commit https://android.googlesource.com/kernel/common/+/f0ce0eee added CAP_SYS_RESOURCE as a capability check which would allow access to sensitive /proc/PID files. However, in an SELinux based world, allowing this access causes CAP_SYS_RESOURCE to duplicate what CAP_SYS_PTRACE (without :process ptrace) already provides. Use CAP_SYS_PTRACE instead of CAP_SYS_RESOURCE. Test: Device boots, functionality remains identical, no sys_resource denials from system_server. Bug: 34951864 Bug: 38496951 Change-Id: I04d745b436ad75ee1ebecf0a61c6891858022e34 (cherry picked from commit 44866954)
-
Jason Monk authored
Test: manual Bug: 37014702 Change-Id: Id43dc7a8506fe60015c2f82242ba45cf85d3e74b
-
Michael Schwartz authored
Test: Boot sailfish with shared system image Bug: 36814984 Change-Id: I2937c20c3b6ca7bf4edab66a74742c48e76c7687
-
Steven Moreland authored
am: e8cd8fe7 Change-Id: I739f3edb772b497566f0ce3e83505ecdf97b02a7
-
Steven Moreland authored
am: 7eeded9e Change-Id: I9fc8f229d3f03a3850819664a71edc8d418259d9
-
TreeHugger Robot authored
-
- May 19, 2017
-
-
Marc Hittinger authored
Enable writing of events/lowmemorykiller/enable. Bug: 38457440 Test: Tested writability of flag via Traceur apk Change-Id: Ic138062e9667aa66412388046dea37236a7efd49
-
Steven Moreland authored
Right now, the hwcomposer hidl hal is unable to figure out where to get the hidl mapper implementation. It is expected that all graphics composer objects will need this permission. The interfaces are written to work together with the "IMapper" being the same-process ("sphal") component and the "IComposer" interface being the binderized compoenent. 10-09 00:24:38.900 457 457 E SELinux : avc: denied { find } for interface=android.hardware.graphics.mapper::IMapper pid=495 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:hal_graphics_mapper_hwservice:s0 tclass=hwservice_manager Test: boot marlin, denial no longer present. Bug: 38415912 Change-Id: I1b274be10e115fa7b53fb81e85be8827da05997e -
Wyatt Riley authored
am: 84d81690 Change-Id: Ia1a35f5608169d6c54e27836dbadd75b8f6ec361
-
Wyatt Riley authored
am: effa2dad Change-Id: Ic21e6dcaaa0bbf13b6eb8f3fc82303b227d61d35
-
TreeHugger Robot authored
-