- May 18, 2018
-
-
Paul Crowley authored
Test: booted metadata-encrypted device Bug: 79781913 Change-Id: Ib4cb4a04145e5619994083da055f06fe7ae0137a
-
- May 16, 2018
-
-
TreeHugger Robot authored
-
Yongqin Liu authored
to workaround some VTS VtsKernelLtp failures introduced by change on vfs_iter_write here: https://android.googlesource.com/kernel/hikey-linaro/+/abbb65899aecfc97bda64b6816d1e501754cfe1f%5E%21/#F3 for discussion please check threads here: https://www.mail-archive.com/seandroid-list@tycho.nsa.gov/msg03348.html Sandeep suggest to re-order the events in that thread, that should be the right solution, this change is only a tempory workaround before that change. Bug: 79528964 Test: manually with -m VtsKernelLtp -t VtsKernelLtp#fs.fs_fill_64bit Change-Id: I3f46ff874d3dbcc556cfbeb27be21878574877d1 Signed-off-by:
Yongqin Liu <yongqin.liu@linaro.org> (cherry picked from commit 64ff9e95) Merged-In: I3f46ff874d3dbcc556cfbeb27be21878574877d1
-
Logan Chien authored
-
- May 15, 2018
-
-
Pavel Maltsev authored
For automotive (and I assume for other verticals) it make sense to keep vertical-specific policies outside of /system/sepolicy as those not used by the phones. However, there's no way to do it rather than using BOARD_PLAT_{PUBLIC|PRIVATE}_SEPOLICY_DIR build variables. Bug: 70637118 Test: lunch bat_land-userdebug && m Test: verify it builds, boots and logs seems to be reasonable Test: enable full treble for aosp_car_x86 - verify it builds, boots and no denials in the logs Change-Id: Ia5fd847f7a6152ff6cf99bbbc12e1e322f7946ab
-
Jerry Zhang authored
-
Jerry Zhang authored
Mtp needs access to this path in order to change files on an sdcard. Fixes denial: 05-14 17:40:58.803 3004 3004 W MtpServer: type=1400 audit(0.0:46): avc: denied { search } for name="media_rw" dev="tmpfs" ino=10113 scontext=u:r:mediaprovider:s0:c512,c768 tcontext=u:object_r:mnt_media_rw_file:s0 tclass=dir permissive=0 b/77925342 app=com.android.providers.media Bug: 77849654 Test: no denials using mtp with emulated sdcard Change-Id: I27b5294fa211bb1eff6d011638b5fdc90334bc80
-
TreeHugger Robot authored
-
- May 14, 2018
-
-
TreeHugger Robot authored
-
Pavel Maltsev authored
Add an exemption to neverallow rule to use sockets from HAL servers only for automotive build Bug: 78901167 Test: assign this attribute to hal_vehicle_default and try to open socket from HAL implementation Test: verify that new CTS test will fail for non-automotive build with this attribute buing used Test: make cts && cts-tradefed run singleCommand cts --skip-device-info --skip-preconditions --abi arm64-v8a --module CtsSecurityHostTestCases -t android.security.cts.SELinuxHostTest Change-Id: I27976443dad4fc5b7425c089512cac65bb54d6d9
-
Joel Galenson authored
This relaxes the neverallow rule blocking vendor_init from doing anything to vold_metadata_file. The rules above it still prevent it from doing anything other than relabelto and getattr. Bug: 79681561 Test: Boot device and see no denials. Change-Id: I1beb25bb9f8d69323c9fee53a140c2a084b12124
-
TreeHugger Robot authored
-
Logan Chien authored
Bug: 78605339 Test: aosp_walleye-userdebug builds Change-Id: I37c84e20f2284d50cbe29bfa1b7597dd2c01fb4b
-
- May 12, 2018
-
-
TreeHugger Robot authored
-
Kourosh Derakshan authored
Test: camera operation Bug: 73173997 Change-Id: I17668a2e4cc56499bc837920e2cdcfd96d608153
-
Calin Juravle authored
The property is set on builds which profile the boot image. Test: m Bug: 73313191 (cherry-pick form commit d99f4acf2ddaeede543eba6fb78fe7931318d652) Merged-In: Ie0cd54f23250df02850c38bb14e92d4b1fa04f16 Change-Id: Ie0cd54f23250df02850c38bb14e92d4b1fa04f16
-
- May 11, 2018
-
-
TreeHugger Robot authored
-
Max Bires authored
Keymaster hal needs to be able to read the vendor SPL for purposes of rollback protection. Bug: 76428542 Test: Keymaster can access the hal_keymaster_default property Change-Id: Ifa53adb23f6ab79346e9dd9616b34d8b24395a0a
-
- May 10, 2018
-
-
Mark Salyzyn authored
-
Chris Fries authored
-
- May 09, 2018
-
-
Calin Juravle authored
-
Paul Crowley authored
Bug: 79228237 Test: audit2allow finds no relevant denials on boot Change-Id: Ia80b77ba9a1ec2354127cd0ef68d50ebcf593fb0
-
Calin Juravle authored
The goal is to allow creating profile snapshots from the shell command in order to be able to write CTS tests. The system server will dump profiles for debuggable in /data/misc/profman from where they will be pulled and verified by CTS tests. Test: adb shell cmd package snapshot-profile com.android.vending Bug: 74081010 Change-Id: I54690305284b92c0e759538303cb98c93ce92dd5
-
Mark Salyzyn authored
com.android.server.power.PowerManagerServiceTest#testGetLastShutdownReasonInternal due to "RuntimeException: failed to set system property" W/roidJUnitRunner: type=1400 audit(0.0:6): avc: denied { write } for name="property_service" dev="tmpfs" ino=13178 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=0 W/libc : Unable to set property "test.sys.boot.reason" to "shutdown,thermal": connection failed; errno=13 (Permission denied) Had to use precise property definition as com.android.phone accesses test properties as well. Test: compile Bug: 78245377 Change-Id: I2cc810846f8615f2a2fae8e0d4f41de585b7abd7
-
Joel Galenson authored
This should help fix presubmit tests. Bug: 79414024 Test: Built policy. Change-Id: Ic840150767ff6c2799ac3b5ef22ba139108c94dd (cherry picked from commit 06e09abd)
-
- May 08, 2018
-
-
android-build-team Robot authored
-
- May 07, 2018
-
-
android-build-team Robot authored
-
Jean-Michel Trivi authored
Bug: 71430241 Test: build/flash, grep for "avc: denied { read }" for mediacodec, should be empty on walleye Change-Id: I12e1b11a969d3f979ca0cfbe4ca7db2bc5e46165
-
Ray Essick authored
Let the audioserver record metrics with media.metrics service. This is for 'audiopolicy' metrics. Bug: 78595399 Test: record from different apps, see records in 'dumpsys media.metrics' Change-Id: I63f9d4ad2d2b08eb98a49b8de5f86b6797ba2995
-
- May 04, 2018
-
-
android-build-team Robot authored
-
Josh Gao authored
* changes: Update sepolicy prebuilts for tombstoned. tombstoned: allow linking tombstones.
-
Calin Juravle authored
On userdebug builds we can now profile system server without disabling selinux. This is the final piece, and allows the system server to save its own profile. Test: manual, on a device with system server profiling enabled Bug: 73313191 (cherry picked from commit 71d8467b) Change-Id: I93e7e01bfbd3146a8cfd26a1f6e88b640e9c4e0f
-
- May 03, 2018
-
-
Yao Chen authored
Bug: 78603347 Test: build and locally tested Change-Id: I7e4eb8ebb2c1a0b7d684b471141da991a19bc98d
-
Josh Gao authored
Bug: http://b/77729983 Test: treehugger Change-Id: Ic8ce31396e5cad2e9b1f7aab2ace2f6c8e962d6d
-
android-build-team Robot authored
-
Pavel Maltsev authored
-
Alan Stokes authored
This is needed for interface configuration - see e.g. nl80211_configure_data_frame_filters. Bug: 77903086 Test: Device boots, denial not seen, wifi works (cherry picked from commit 72ed6152) Change-Id: Ia781e7c56f6e8e77e654cd28ca34de09180e2213 Merged-In: Ia55c4af1fcee75ada0e67a162fdb92ecc0089312
-
android-build-team Robot authored
-
- May 02, 2018
-
-
Jeff Vander Stoep authored
It's used in build-time tests and in CTS. Bug: 78898770 Test: build user-build Change-Id: I254bf4d7ed0c0cb029b55110ceec982b84e4a91b (cherry picked from commit beeb122405070a5b4cee326a0cdae92a1a791fbc)
-
Josh Gao authored
Bug: http://b/77729983 Test: debuggerd_test Test: adb shell 'for x in `seq 0 50`; do crasher; done' Change-Id: I1d86d04047240a85b2e987116efd9be59607b766 (cherry picked from commit a7bf5810)
-