Commits · b8874e8cc1acf7a35ccd6bd08f714c883399230c · Werner Sembach / AndroidSystemSEPolicy

Jun 22, 2017
- Merge "Add SEPolicy for new Java-based Broadcast Radio service." · b8874e8c
  Tomasz Wasilczyk authored 7 years ago
  
  b8874e8c
- Merge "Fix SELinux "could not set" errors." · 91e166bb
  TreeHugger Robot authored 7 years ago
  
  91e166bb
- Merge "Add rules for vfat for sdcardfs" am: b9bba83a am: f26d79c5 am: 4e65fed1 · a1d4d05d
  Daniel Rosenberg authored 7 years ago
  
  am: 3f7f66b0 Change-Id: I3fc0cac7fdeab40bfa61f465a6d01d1d8c0c8d01
  a1d4d05d
- Merge "Add rules for vfat for sdcardfs" am: b9bba83a am: f26d79c5 · 3f7f66b0
  Daniel Rosenberg authored 7 years ago
  
  am: 4e65fed1 Change-Id: I9fd1ef32fde011d00e96555501f7665baf99fc26
  3f7f66b0
- Merge "Add rules for vfat for sdcardfs" am: b9bba83a · 4e65fed1
  Daniel Rosenberg authored 7 years ago
  
  am: f26d79c5 Change-Id: I0c1a79082955faeebe8cf70bb408928479117aad
  4e65fed1
- Merge "Add rules for vfat for sdcardfs" · f26d79c5
  Daniel Rosenberg authored 7 years ago
  
  am: b9bba83a Change-Id: I2fb029b770d53bacbe8dd11a69cee5e70b6ef2e9
  f26d79c5
- Merge "Add rules for vfat for sdcardfs" · b9bba83a
  Treehugger Robot authored 7 years ago
  
  b9bba83a
- Fix SELinux "could not set" errors. · ec22dad6
  Joel Galenson authored 7 years ago
  
  A previous commit reverted us back to using file_contexts instead of genfs_contexts but did not remove the new genfs_contexts rules, which caused this problem. Bug: 62901680 Test: Verified that the errors do not apepar and that wifi and traceur work. Change-Id: Ic0078dc3a2a9d3d35a10599239fdf9fa478f1e2b
  ec22dad6
- Merge "Revert "Remove neverallow preventing hwservice access for apps."" · 1b5504b2
  TreeHugger Robot authored 7 years ago
  
  1b5504b2
- Merge "Add sepolicy for hal_wifi to access /proc/modules" am: 6acd70b9 am:... · f707bda8
  Tomonori Nanbu authored 7 years ago
  
  Merge "Add sepolicy for hal_wifi to access /proc/modules" am: 6acd70b9 am: ded0b58d am: 9d86e622 am: b9621bba Change-Id: I001be0f05e59e55dcedb159ec86a5bf386fa89c7
  f707bda8
- Merge "Add sepolicy for hal_wifi to access /proc/modules" am: 6acd70b9 am: ded0b58d · b9621bba
  Tomonori Nanbu authored 7 years ago
  
  am: 9d86e622 Change-Id: Ib83f52f4dae096d42dedf17898cf20d8c3923f2e
  b9621bba
- Merge "Add sepolicy for hal_wifi to access /proc/modules" am: 6acd70b9 · 9d86e622
  Tomonori Nanbu authored 7 years ago
  
  am: ded0b58d Change-Id: I574e60486bb12214e33a8e9aabf7794d4ebc0b1a
  9d86e622
- Merge "Add sepolicy for hal_wifi to access /proc/modules" · ded0b58d
  Tomonori Nanbu authored 7 years ago
  
  am: 6acd70b9 Change-Id: Ia4a4ffdf43cb1641785e18f9aad7ca96b5d45ab9
  ded0b58d
- Merge "Add sepolicy for hal_wifi to access /proc/modules" · 6acd70b9
  Treehugger Robot authored 7 years ago
  
  6acd70b9
- Add SEPolicy for new Java-based Broadcast Radio service. · 38f0928f
  Tomasz Wasilczyk authored 7 years ago
  
  Bug: b/36863239 Test: manual Change-Id: I7e929926efbb1570ea9723ef3810a511c71dc11a
  38f0928f
- Merge "Revert "Annotate rild with socket_between_core_and_vendor_violators""... · 0d477e3d
  Sandeep Patil authored 7 years ago
  
  Merge "Revert "Annotate rild with socket_between_core_and_vendor_violators"" into oc-dev am: 0e0ed156 am: 65ffb065 am: bc6271bc Change-Id: I2915ce7ffa3f11d07c26a32b2d9b2d463a3c21f4
  0d477e3d
- Merge "Revert "Annotate rild with socket_between_core_and_vendor_violators""... · 63475b08
  Sandeep Patil authored 7 years ago
  
  Merge "Revert "Annotate rild with socket_between_core_and_vendor_violators"" into oc-dev am: 0e0ed156 am: ed27bec5 am: 9f5801de Change-Id: I5861f5464762ddea8c6a39cb3968d73017d9767d
  63475b08
- Merge "Revert "Annotate rild with socket_between_core_and_vendor_violators""... · bc6271bc
  Sandeep Patil authored 7 years ago
  
  Merge "Revert "Annotate rild with socket_between_core_and_vendor_violators"" into oc-dev am: 0e0ed156 am: 65ffb065 Change-Id: I4b3f0207400200d19f8e055ec35d518f0951d235
  bc6271bc
- Merge "Revert "Annotate rild with socket_between_core_and_vendor_violators""... · 9f5801de
  Sandeep Patil authored 7 years ago
  
  Merge "Revert "Annotate rild with socket_between_core_and_vendor_violators"" into oc-dev am: 0e0ed156 am: ed27bec5 Change-Id: Idac884677a3304144801a4929651c1ba1199a8b8
  9f5801de
- Merge "Revert "Annotate rild with socket_between_core_and_vendor_violators"" into oc-dev · ed27bec5
  Sandeep Patil authored 7 years ago
  
  am: 0e0ed156 Change-Id: I8ec0c46355507e8c1a7d10c53805eb350ebbe6a5
  ed27bec5
- Merge "Revert "Annotate rild with socket_between_core_and_vendor_violators"" into oc-dev · 65ffb065
  Sandeep Patil authored 7 years ago
  
  am: 0e0ed156 Change-Id: Ic73d84dacc95d5b902dc6c9530b98e53d71574f1
  65ffb065
- Merge "Revert "Annotate rild with socket_between_core_and_vendor_violators"" into oc-dev · 0e0ed156
  TreeHugger Robot authored 7 years ago
  
  0e0ed156
- Add rules for vfat for sdcardfs · 8a65aeca
  Daniel Rosenberg authored 7 years ago
  
  This adds parellel rules to the ones added for media_rw_data_file to allow apps to access vfat under sdcardfs. This should be reverted if sdcardfs is modified to alter the secontext it used for access to the lower filesystem Change-Id: Idb123206ed2fac3ead88b0c1ed0b66952597ac65 Bug: 62584229 Test: Run android.appsecurity.cts.ExternalStorageHostTest with an external card formated as vfat Signed-off-by: Daniel Rosenberg <drosen@google.com>
  8a65aeca
Jun 21, 2017

Revert "Remove neverallow preventing hwservice access for apps." · ceed7204

Dan Cashman authored 7 years ago

This reverts commit 3e307a4d.

Test: Builds - neverallow change only.
Bug: 62806062
Change-Id: Id3aa1b425cf48fc8586890c9850a74594584922d

ceed7204

Merge "Exempt tetheroffload hal from network socket restrictions" into oc-dev... · 8bc3ab47

Jeff Vander Stoep authored 7 years ago

Merge "Exempt tetheroffload hal from network socket restrictions" into oc-dev am: 6351c374 am: 319d7099
am: b24567f4

Change-Id: Ib51077433505dfb09c9a4519235ab3b51f22d149

8bc3ab47

Merge "Exempt tetheroffload hal from network socket restrictions" into oc-dev... · fa50e80b

Jeff Vander Stoep authored 7 years ago

Merge "Exempt tetheroffload hal from network socket restrictions" into oc-dev am: 6351c374 am: d9301ac6
am: aae5c4c8

Change-Id: Id94e113b5a5621b39420294eec1e7fd9e1bc1c42

fa50e80b

Merge "Exempt tetheroffload hal from network socket restrictions" into oc-dev am: 6351c374 · b24567f4
Jeff Vander Stoep authored 7 years ago
```
am: 319d7099

Change-Id: Ifcb3c7111dbb840041d1244caa6afebfbeb1cde7
```
b24567f4
Merge "Exempt tetheroffload hal from network socket restrictions" into oc-dev am: 6351c374 · aae5c4c8
Jeff Vander Stoep authored 7 years ago
```
am: d9301ac6

Change-Id: I4b272a59a7e48e1f0f15ddd1acb7e8f6b836ca40
```
aae5c4c8
Merge "Exempt tetheroffload hal from network socket restrictions" into oc-dev · d9301ac6
Jeff Vander Stoep authored 7 years ago
```
am: 6351c374

Change-Id: I6e661aa37702c36e9003dcf41dbed4b754122c87
```
d9301ac6
Merge "Exempt tetheroffload hal from network socket restrictions" into oc-dev · 319d7099
Jeff Vander Stoep authored 7 years ago
```
am: 6351c374

Change-Id: I16cbe7b654532367829a0df2dcfa929c38e547fd
```
319d7099
Merge "Exempt tetheroffload hal from network socket restrictions" into oc-dev · 6351c374
TreeHugger Robot authored 7 years ago

6351c374

Revert "Annotate rild with socket_between_core_and_vendor_violators" · 3a939115

Sandeep Patil authored 7 years ago


This reverts commit 57e9946f.

Bug: 62616897
Test: choosecombo 1 aosp_arm64_ab userdebug; m -j 80 The build should
    not break.

Signed-off-by: Sandeep Patil <sspatil@google.com>

3a939115

Remove neverallow preventing hwservice access for apps. am: 3e307a4d am: 317c4171 · a503819d
Dan Cashman authored 7 years ago
```
am: e51e6131

Change-Id: I153a14af008e52fbe6677007e0e1ad4e472be3da
```
a503819d
Remove neverallow preventing hwservice access for apps. am: 3e307a4d am: 044d2072 · a030f3e2
Dan Cashman authored 7 years ago
```
am: 11dcf197

Change-Id: I96b2af315b4c35ddd47315f3ca4a9b098eab1d59
```
a030f3e2
Remove neverallow preventing hwservice access for apps. am: 3e307a4d · e51e6131
Dan Cashman authored 7 years ago
```
am: 317c4171

Change-Id: I418cc929f8e0a698220e0b8b1c51314ef9ea52a8
```
e51e6131
Remove neverallow preventing hwservice access for apps. am: 3e307a4d · 11dcf197
Dan Cashman authored 7 years ago
```
am: 044d2072

Change-Id: Ia6f8a806adae230df50f8d06edcf4ba9d2ae4352
```
11dcf197
Remove neverallow preventing hwservice access for apps. · 044d2072
Dan Cashman authored 7 years ago
```
am: 3e307a4d

Change-Id: Ic144d924948d7b8e73939806d761d27337dbebef
```
044d2072
Remove neverallow preventing hwservice access for apps. · 317c4171
Dan Cashman authored 7 years ago
```
am: 3e307a4d

Change-Id: I90e567c8138fa75bf792af181890d0af627b6f48
```
317c4171

Exempt tetheroffload hal from network socket restrictions · d75a2c0c

Jeff Vander Stoep authored 7 years ago

The tetheroffload hal must be able to use network sockets as part of
its job.

Bug: 62870833
Test: neverallow-only change builds.
Change-Id: I630b36340796a5ecb5db08e732b0978dd82835c7

d75a2c0c

Remove neverallow preventing hwservice access for apps. · 3e307a4d

Dan Cashman authored 7 years ago

Same-process HALs are forbidden except for very specific HALs that have
been provided and whitelisted by AOSP.  As a result, a vendor extension
HAL may have a need to be accessed by untrusted_app.  This is still
discouraged, and the existing AOSP hwservices are still forbidden, but
remove the blanket prohibition.  Also indicate that this is temporary,
and that partners should expect to get exceptions to the rule into AOSP
in the future.

Bug: 62806062
Test: neverallow-only change builds.  Verify new attribute is in policy.
Change-Id: I6d3e659147d509a3503c2c9e0b6bb9016cc75832

3e307a4d