- May 25, 2017
-
-
-
-
Andy Hung authored
-
Sandeep Patil authored
am: 3abc81ce Change-Id: If6350ea61bd6447af7913a7b474e719e0f7707d3
-
Sandeep Patil authored
am: d5a2f3e2 Change-Id: Ie35b0b80c929066186c35d31b8f8d803f374d969
-
TreeHugger Robot authored
-
TreeHugger Robot authored
-
-
-
Josh Gao authored
-
- May 24, 2017
-
-
Sandeep Patil authored
vendor implementations need to be able to run modprobe as part of init.rc scripts. They cannot do so because of the strict neverallow currently in place that disallows all coredomains (including init) to execute vendor toybox. Fix this by adding init to the exception list for the neverallow so vendors can then run modprobe from .rc scripts and also add the rule to allow init to transition to modprobe domain using vendor_toolbox. Bug: b/38212864 Test: Boot sailfish Change-Id: Ib839246954e9002859f3ba986094f206bfead137 Signed-off-by:
Sandeep Patil <sspatil@google.com> -
Michael Schwartz authored
am: aa15c0af Change-Id: I2472fae6dec8202842dc35d36eb03248256dcd45
-
Michael Schwartz authored
am: 1c8e8e0e Change-Id: I45c6a937eea4a110c0137d1e1573fe50fd71f4cd
-
-
Michael Schwartz authored
-
-
-
-
Josh Gao authored
Fix the following denial: avc: denied { append } for pid=1093 comm="mediaextractor" path="pipe:[68438]" dev="pipefs" ino=68438 scontext=u:r:mediaextractor:s0 tcontext=u:r:dumpstate:s0 tclass=fifo_file permissive=1 ppid=1 pcomm="init" pgid=1 pgcomm="init" Bug: http://b/38444258 Test: none Change-Id: I58162e3a28b744a58396e77d6b0e2becb5633d6a (cherry picked from commit 5efadd91) -
Andy Hung authored
Needed to allow lower power Play Music of downloaded files. 05-24 10:12:49.331 24025 24025 W generic : type=1400 audit(0.0:1259): avc: denied { read } for path="/data/data/com.google.android.music/files/music/925.mp3" dev="sda35" ino=2179256 scontext=u:r:mediaextractor:s0 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file permissive=0 Test: Play Music Bug: 62059834 Change-Id: I97bdb1d175dba8f7a8ec6cd9084323cfcd3660bd -
Treehugger Robot authored
-
Josh Gao authored
Fix the following denial: avc: denied { append } for pid=1093 comm="mediaextractor" path="pipe:[68438]" dev="pipefs" ino=68438 scontext=u:r:mediaextractor:s0 tcontext=u:r:dumpstate:s0 tclass=fifo_file permissive=1 ppid=1 pcomm="init" pgid=1 pgcomm="init" Bug: http://b/38444258 Test: none Change-Id: I58162e3a28b744a58396e77d6b0e2becb5633d6a -
-
-
- May 23, 2017
-
-
-
Pankaj Kanwar authored
-
Dan Cashman authored
These directories were added to allow for partner extensions to the android framework without needing to add changes to the AOSP global sepolicy. There should only ever be one owner of the framework and corresponding updates, so enforce this restriction to prevent accidental accrual of policy in the system image. Bug: 36467375 Test: Add public and private files to policy and verify that they are added to the appropriate policy files. Also test that specifying multiple directories for public or private results in an error. Change-Id: I397ca4e7d6c8233d1aefb2a23e7b44315052678f
-
pkanwar authored
Update SE Policy to allow calls to and callbacks for the Tether Offload HAL HIDL binderized service. Bug: 38417260 Test: New functionality. So we don't have any tests. Change-Id: I2c95b290523c55c081afa1bca091f368559c9125
-
Marc Hittinger authored
-
- May 22, 2017
-
-
-
Jason Monk authored
am: a2c24197 Change-Id: I126a9e8f6015083515f2c85ac42f0c14f6c47f88
-
-
-
Jason Monk authored
am: 69bb06e5 Change-Id: Ia87985dca88d3f5ebf8db51b7a27bc44e6090538
-
-
Jason Monk authored
am: ca7d90ca Change-Id: Ibe4770026852338dcfde327857ccffb1fc91a5a0
-
-
-
Jason Monk authored
am: de5db3ab Change-Id: If61aa850ab0f6060ec7a863cc0107f68f1db9400
-
Nick Kralevich authored
am: 6b3ef921 Change-Id: Iefc3436c532f5f291345e3d01a1cbe175d69e619
-