- Jun 22, 2017
-
-
Tomonori Nanbu authoredam: 9d86e622 Change-Id: Ib83f52f4dae096d42dedf17898cf20d8c3923f2e
-
Tomonori Nanbu authored
am: ded0b58d Change-Id: I574e60486bb12214e33a8e9aabf7794d4ebc0b1a
-
Tomonori Nanbu authored
am: 6acd70b9 Change-Id: Ia4a4ffdf43cb1641785e18f9aad7ca96b5d45ab9
-
Treehugger Robot authored
-
Sandeep Patil authored
Merge "Revert "Annotate rild with socket_between_core_and_vendor_violators"" into oc-dev am: 0e0ed156 am: 65ffb065 Change-Id: I4b3f0207400200d19f8e055ec35d518f0951d235
-
Sandeep Patil authored
Merge "Revert "Annotate rild with socket_between_core_and_vendor_violators"" into oc-dev am: 0e0ed156 am: ed27bec5 Change-Id: Idac884677a3304144801a4929651c1ba1199a8b8
-
Sandeep Patil authored
am: 0e0ed156 Change-Id: I8ec0c46355507e8c1a7d10c53805eb350ebbe6a5
-
Sandeep Patil authored
am: 0e0ed156 Change-Id: Ic73d84dacc95d5b902dc6c9530b98e53d71574f1
-
TreeHugger Robot authored
-
- Jun 21, 2017
-
-
Jeff Vander Stoep authored
am: 319d7099 Change-Id: Ifcb3c7111dbb840041d1244caa6afebfbeb1cde7
-
Jeff Vander Stoep authored
am: d9301ac6 Change-Id: I4b272a59a7e48e1f0f15ddd1acb7e8f6b836ca40
-
Jeff Vander Stoep authored
am: 6351c374 Change-Id: I6e661aa37702c36e9003dcf41dbed4b754122c87
-
Jeff Vander Stoep authored
am: 6351c374 Change-Id: I16cbe7b654532367829a0df2dcfa929c38e547fd
-
TreeHugger Robot authored
-
Sandeep Patil authored
This reverts commit 57e9946f. Bug: 62616897 Test: choosecombo 1 aosp_arm64_ab userdebug; m -j 80 The build should not break. Signed-off-by:
Sandeep Patil <sspatil@google.com> -
Dan Cashman authored
am: 317c4171 Change-Id: I418cc929f8e0a698220e0b8b1c51314ef9ea52a8
-
Dan Cashman authored
am: 044d2072 Change-Id: Ia6f8a806adae230df50f8d06edcf4ba9d2ae4352
-
Dan Cashman authored
am: 3e307a4d Change-Id: Ic144d924948d7b8e73939806d761d27337dbebef
-
Dan Cashman authored
am: 3e307a4d Change-Id: I90e567c8138fa75bf792af181890d0af627b6f48
-
Jeff Vander Stoep authored
The tetheroffload hal must be able to use network sockets as part of its job. Bug: 62870833 Test: neverallow-only change builds. Change-Id: I630b36340796a5ecb5db08e732b0978dd82835c7
-
Dan Cashman authored
Same-process HALs are forbidden except for very specific HALs that have been provided and whitelisted by AOSP. As a result, a vendor extension HAL may have a need to be accessed by untrusted_app. This is still discouraged, and the existing AOSP hwservices are still forbidden, but remove the blanket prohibition. Also indicate that this is temporary, and that partners should expect to get exceptions to the rule into AOSP in the future. Bug: 62806062 Test: neverallow-only change builds. Verify new attribute is in policy. Change-Id: I6d3e659147d509a3503c2c9e0b6bb9016cc75832
-
- Jun 20, 2017
-
-
-
-
-
-
Yabin Cui authored
This is to Allow commands like `adb shell run-as ...`. Bug: http://b/62358246 Test: run commands manually. Change-Id: I7bb6c79a6e27ff1224a80c6ddeffb7f27f492bb2 (cherry picked from commit 1847a38b)
-
-
-
-
- Jun 19, 2017
-
-
Yabin Cui authored
run-as uses file descriptor created by adbd when running `adb shell -t run-as xxx`. It produces audit warnings like below: [ 2036.555371] c1 509 type=1400 audit(1497910817.864:238): avc: granted { use } for pid=4945 comm="run-as" path="/dev/pts/0" dev="devpts" ino=3 scontext=u:r:runas:s0 tcontext=u:r:adbd:s0 tclass=fd Bug: http://b/62358246 Test: test manually that the warning disappears. Change-Id: I19023ac876e03ce2afe18982fe753b07e4c876bb -
Tom Cherry authored
am: 0e6a3d87 Change-Id: I3af30f8f65918e273f634a9aa120c5cbeefd3a65
-
Tom Cherry authored
-
Tom Cherry authored
In libprocessgroup, we want to only send signals once to processes, particularly for SIGTERM. We must send the signal both to all processes within a POSIX process group and a cgroup. To ensure that we do not duplicate the signals being sent, we check the processes in the cgroup to see if they're in the POSIX process groups that we're killing. If they are, we skip sending a second signal. This requires getpgid permissions, hence this SELinux change. avc: denied { getpgid } for pid=797 comm="ActivityManager" scontext=u:r:system_server:s0 tcontext=u:r:untrusted_app_25:s0:c512,c768 tclass=process permissive=1 avc: denied { getpgid } for pid=797 comm="ActivityManager" scontext=u:r:system_server:s0 tcontext=u:r:untrusted_app_25:s0:c512,c768 tclass=process permissive=1 avc: denied { getpgid } for pid=797 comm="ActivityManager" scontext=u:r:system_server:s0 tcontext=u:r:system_app:s0 tclass=process permissive=1 avc: denied { getpgid } for pid=797 comm="ActivityManager" scontext=u:r:system_server:s0 tcontext=u:r:system_app:s0 tclass=process permissive=1 avc: denied { getpgid } for pid=1 comm="init" scontext=u:r:init:s0 tcontext=u:r:zygote:s0 tclass=process permissive=1 avc: denied { getpgid } for pid=1 comm="init" scontext=u:r:init:s0 tcontext=u:r:zygote:s0 tclass=process permissive=1 avc: denied { getpgid } for pid=1 comm="init" scontext=u:r:init:s0 tcontext=u:r:system_server:s0 tclass=process permissive=1 avc: denied { getpgid } for pid=1 comm="init" scontext=u:r:init:s0 tcontext=u:r:system_server:s0 tclass=process permissive=1 Bug: 37853905 Bug: 62418791 Test: Boot, kill zygote, reboot Change-Id: Ib6c265dbaac8833c47145ae28fb6594ca8545570 (cherry picked from commit c59eb4d8)
-
- Jun 16, 2017
-
-
Jeff Vander Stoep authored
am: 1468f85f Change-Id: Idd803017a8087ac9e9221c0ca6ac5893391db6de
-
Daniel Rosenberg authored
am: 29713c8d Change-Id: I7089b62f8c54e24af47263325e085f092231f29d
-
TreeHugger Robot authored
-
Daniel Rosenberg authored
am: 39c4f76b Change-Id: I54b821fa20f428eaad1c8ab934a7e479664a6038
-
Daniel Rosenberg authored
am: 58d0d1e4 Change-Id: I1a2207be3509ec5bc7797b906e15da16099190ad
-
Daniel Rosenberg authored
am: 58d0d1e4 Change-Id: Ia53beb365c39d501c9d6cd53a4cb72dec14b610b
-
TreeHugger Robot authored
-