Skip to content
Snippets Groups Projects
Select Git revision
  • android-7.1.2_r28_klist
  • master default protected
  • pie-cts-release
  • pie-vts-release
  • pie-cts-dev
  • oreo-mr1-iot-release
  • sdk-release
  • oreo-m6-s4-release
  • oreo-m4-s12-release
  • pie-release
  • pie-r2-release
  • pie-r2-s1-release
  • oreo-vts-release
  • oreo-cts-release
  • oreo-dev
  • oreo-mr1-dev
  • pie-gsi
  • pie-platform-release
  • pie-dev
  • oreo-cts-dev
  • android-o-mr1-iot-release-1.0.4
  • android-9.0.0_r8
  • android-9.0.0_r7
  • android-9.0.0_r6
  • android-9.0.0_r5
  • android-8.1.0_r46
  • android-8.1.0_r45
  • android-n-iot-release-smart-display-r2
  • android-vts-8.1_r5
  • android-cts-8.1_r8
  • android-cts-8.0_r12
  • android-cts-7.1_r20
  • android-cts-7.0_r24
  • android-o-mr1-iot-release-1.0.3
  • android-cts-9.0_r1
  • android-8.1.0_r43
  • android-8.1.0_r42
  • android-n-iot-release-smart-display
  • android-p-preview-5
  • android-9.0.0_r3
40 results
Search by author
  • Any Author
  • Werner Sembach Matombo
  • dex dex dex
2 authors
  1. Apr 11, 2017
    • Dan Cashman's avatar
      Add PLATFORM_SEPOLICY_VERSION. · bec5e57e
      Dan Cashman authored 
      Create PLATFORM_SEPOLICY_VERSION, which is a version string to represent
the platform sepolicy of the form "NN.m" where "NN" mirrors the
PLATFORM_SDK_VERSION and "m" is a policy-based minor version that is
incremented with every policy change that requires a new backward-compatible
mapping file to be added to allow for future-proofing vendor policy against
future platform policy.

(cherry-pick of commit 6f14f6b7)

Bug: 36783775
Test: Device boots when sha256 doesn't match and compilation is forced.
Change-Id: I4edb29824f2050a5a6e1bc078c100cf42e45c303
      bec5e57e
    • Sandeep Patil's avatar
      sepolicy_version: change current version to NN.m format · 9a3a6a81
      Sandeep Patil authored 
      
The sepolicy version takes SDK_INT.<minor> format. Make sure our
'current' policy version reflects the format and make it '100000.0'.
This ensures any vendor.img compiled with this will never work with
a production framework image either.

Make version_policy replace the '.' in version by '_' so secilc is
happy too.

This unblocks libvintf from giving out a runtme API to check vendor's
sepolicy version. The PLAT_PUBLIC_SEPOLICY_CURRENT_VERSION will
eventually be picked up from the build system.

(cherry-pick of commit 42f95984)

Bug: 35217573
Test: Build and boot sailfish.
      Boot sailfish with sepolicy compilation on device.
Signed-off-by: default avatarSandeep Patil <sspatil@google.com>

Change-Id: Ic8b6687c4e71227bf9090018999149cd9e11d63b
      9a3a6a81
  3. Apr 10, 2017
  5. Apr 07, 2017
  7. Apr 06, 2017
    • Dan Cashman's avatar
      Move mapping_sepolicy.cil to /system partition. · 04ef57bf
      Dan Cashman authored 
      This is a necessary first step to finalizing the SELinux policy build
process.  The mapping_sepolicy.cil file is required to provide backward
compatibility with the indicated vendor-targeted version.

This still needs to be extended to provide N mapping files and corresponding
SHA256 outputs, one for each of the N previous platform versions with which
we're backward-compatible.

(cherry-pick of commit: 0e9c47c0)

Bug: 36783775
Test: boot device with matching sha256 and non-matching and verify that
device boots and uses either precompiled or compiled policy as needed. Also
verify that mapping_sepolicy.cil has moved.

Change-Id: I5692fb87c7ec0f3ae9ca611f76847ccff9182375
      04ef57bf
    • Josh Gao's avatar
      Add /dev/kmsg_debug. · a015186f
      Josh Gao authored 
      Add /dev/kmsg_debug on userdebug devices, to allow crash_dump to log
crashes to dmesg when logd isn't up yet (or is the one crashing).

Bug: http://b/36574794
Test: stop tombstoned; crasher; dmesg
Change-Id: I249e11291c58fee77098dec3fd3271ea23363ac9
      a015186f
    • Tianjie Xu's avatar
      Allow recovery to read thermal info · 3da2f21f
      Tianjie Xu authored 
      We want to track temperature metrics during an OTA update.

denial message:
denied  { search } for  pid=349 comm="recovery" name="thermal"
dev="sysfs" ino=18029 scontext=u:r:recovery:s0
tcontext=u:object_r:sysfs_thermal:s0 tclass=dir permissive=0

denied  { read } for  pid=326 comm="recovery" name="temp"
dev="sysfs" ino=18479 scontext=u:r:recovery:s0
tcontext=u:object_r:sysfs_thermal:s0 tclass=file permissive=0

Bug: 36920500
Bug: 32518487
Test: temperature logs on angler
Change-Id: Ib70c1c7b4e05f91a6360ff134a11c80537d6015e
      3da2f21f
  9. Apr 04, 2017
    • Treehugger Robot's avatar
      Merge "logcatd: introduce logcatd executable" · b5b6e0c5
      Treehugger Robot authored
      b5b6e0c5
    • Tianjie Xu's avatar
      Merge "Allow update_verifier to reboot the device" · fde87a96
      Tianjie Xu authored
      fde87a96
    • Treehugger Robot's avatar
      Merge "Remove hal_binderization_prop" · 1871fc0a
      Treehugger Robot authored
      1871fc0a
    • Tianjie Xu's avatar
      Allow update_verifier to reboot the device · 1a60998a
      Tianjie Xu authored 
      Currently update_verifier only verifies the blocks when dm-verity is in
'enforcing' mode; and dm-verity will reboot the device upon detection of
errors. However, sometimes the verity mode is not guaranteed to be
correct. When mode is 'eio' for example, dm-verity will not trigger
a reboot but rather fail the read. So update_verifier need to take the
responsibility to reboot the device. Otherwise the device will continue
to boot without setting the flag "isSlotMarkedSuccessful".

Denial message:
update_verifier: type=1400 audit(0.0:18): avc: denied { write } for
name="property_service" dev="tmpfs" ino=14678 scontext=u:r:update_verifier:s0
tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=0

Bug: 36260064
Test: powerctl property sets successfully
Change-Id: I7431f87e2d61be1425397732aebb369d4ad4c26c
      1a60998a
    • Steven Moreland's avatar
      Remove hal_binderization_prop · d40474ec
      Steven Moreland authored 
      Test: works on internal marlin
Bug: 34274385
Change-Id: Idd35e5cdccb595b4e5994eb1d78fdeece0aec0a6
      d40474ec
  11. Apr 03, 2017
    • Mark Salyzyn's avatar
      logcatd: introduce logcatd executable · 88cdd71d
      Mark Salyzyn authored 
      logcatd is the same as logcat, except that the -L flag, if supplied,
runs once, then the command re-runs itself without the -L flag with
the same argument set.  By introducing a logcatd daemon executable
we can solve the problem of the longish reads from pstore that
sometimes occur when the system is excessively busy spinning in a
foreground task starving this daemon as we absorb the delay in
an init service, rather than in an init exec.  This would not have
been efficiently possible without the introduction of liblogcat.

Test: gTest logcat-unit-tests
Test: Manual check logpersist operations
Bug: 28788401
Bug: 30041146
Bug: 30612424
Bug: 35326290
Change-Id: I3454bad666c66663f59ae03bcd72e0fe8426bb0a
      88cdd71d
  13. Mar 31, 2017
  15. Mar 30, 2017
    • Jin Qian's avatar
      storaged: allow shell to call dumpsys storaged · af3eaf0d
      Jin Qian authored 
      Test: adb kill-server && adb shell dumpsys storaged
Bug: 36492915
Change-Id: I3a1a2ad2f016ddd5770d585cae82c8be69001df9
      af3eaf0d
    • Myles Watson's avatar
      Disallow HAL access to Bluetooth data files · 6f700ae5
      Myles Watson authored 
      am: 02d9d21d

Change-Id: I29861f9cc52001f2968c2313f48031dd01afe8c7
      6f700ae5
    • Tom Cherry's avatar
      Grant vdc access to kmsg · bc4d3630
      Tom Cherry authored 
      Init is no longer calling vdc with logwrapper, so it must take care of
logging to kmsg directly.

Change-Id: I529f5a95e19c08ef75e0da9a02bae1cb7187eec0
avc: denied { write } for pid=367 comm="vdc" name="kmsg" dev="tmpfs" ino=11056 scontext=u:r:vdc:s0 tcontext=u:object_r:kmsg_device:s0 tclass=chr_file permissive=0

Test: observe vdc logging in kmsg on boot and stderr on normal usage

Change-Id: Ie3678509d360f19b95cb03aeea75f29843728203
      bc4d3630
    • Myles Watson's avatar
      Disallow HAL access to Bluetooth data files · 02d9d21d
      Myles Watson authored 
      Devices that store their BT MAC address in /data/misc/bluedroid/ need
to find another place for that file.

Bug: 36602160
Test: Restart Bluetooth, check for selinux denials/files in /data/misc
Change-Id: Ib8d610f201a8c35f95b464c24857c6639205bc66
Merged-In: Ib8d610f201a8c35f95b464c24857c6639205bc66
      02d9d21d
    • Vishwath Mohan's avatar
      Refactor sanitized library on-disk layout - SELinux. · 33ebdda8
      Vishwath Mohan authored 
      This CL changes the policy for ASAN files on-disk to support the
changes made by the following CLs -
https://android-review.googlesource.com/#/c/359087/
https://android-review.googlesource.com/#/c/359389/

which refactor the on-disk layout of sanitized libraries in the following
manner -
/data/lib* --> /data/asan/system/lib*
/data/vendor/* --> /data/asan/vendor/*

There are a couple of advantages to this, including better isolation
from other components, and more transparent linker renaming and
SELinux policies.

Bug: 36574794
Bug: 36674745
Test: m -j40 && SANITIZE_TARGET="address" m -j40 and the device
boots. All sanitized libraries are correctly located in /data/asan/*,
and have the right SELinux permissions.

Change-Id: Ib08e360cecc8d77754a768a9af0f7db35d6921a9
      33ebdda8
  17. Mar 29, 2017
  19. Mar 28, 2017
  21. Mar 27, 2017
  23. Mar 26, 2017
    • Jeff Sharkey's avatar
      Grant kernel access to new "virtual_disk" file. · 92229884
      Jeff Sharkey authored 
      am: 3f724c95

Change-Id: Ia390c3537b7efe897154380ee836dbb7ac0ed742
      92229884
    • Jeff Sharkey's avatar
      Grant kernel access to new "virtual_disk" file. · 3f724c95
      Jeff Sharkey authored 
      This is a special file that can be mounted as a loopback device to
exercise adoptable storage code on devices that don't have valid
physical media.  For example, they may only support storage media
through a USB OTG port that is being used for an adb connection.

avc: denied { read } for path="/data/misc/vold/virtual_disk" dev="sda35" ino=508695 scontext=u:r:kernel:s0 tcontext=u:object_r:vold_data_file:s0 tclass=file permissive=0

Bug: 34903607
Change-Id: I84721ec0e9495189a7d850461875df1839826212
      3f724c95
    • Jeff Vander Stoep's avatar
      Create selinux_policy phony target · d4a3e9dd
      Jeff Vander Stoep authored 
      Moves selinux policy build decisions to system/sepolicy/Android.mk.
This is done because the PRODUCT_FULL_TREBLE variable isn't available
in embedded.mk and TARGET_SANITIZE isn't available to dependencies of
init.

Test: Build/boot Bullhead PRODUCT_FULL_TREBLE=false
Test: Build/boot Marlin PRODUCT_FULL_TREBLE=true
Test: Build Marlin TARGET_SANITIZE=address. Verify asan rules are
      included in policy output.
Bug: 36138508
Change-Id: I20a25ffdfbe2b28e7e0f3e090a4df321e85e1235
      d4a3e9dd
    • Jeff Sharkey's avatar
      Merge "Define policy for "loop-control" device." · a6152592
      Jeff Sharkey authored 
      am: 2224f30a

Change-Id: I184272269fed360807e41a1cac1fe099477685e6
      a6152592