Skip to content
Snippets Groups Projects
Select Git revision
  • android-7.1.2_r28_klist
  • master default protected
  • pie-cts-release
  • pie-vts-release
  • pie-cts-dev
  • oreo-mr1-iot-release
  • sdk-release
  • oreo-m6-s4-release
  • oreo-m4-s12-release
  • pie-release
  • pie-r2-release
  • pie-r2-s1-release
  • oreo-vts-release
  • oreo-cts-release
  • oreo-dev
  • oreo-mr1-dev
  • pie-gsi
  • pie-platform-release
  • pie-dev
  • oreo-cts-dev
  • android-o-mr1-iot-release-1.0.4
  • android-9.0.0_r8
  • android-9.0.0_r7
  • android-9.0.0_r6
  • android-9.0.0_r5
  • android-8.1.0_r46
  • android-8.1.0_r45
  • android-n-iot-release-smart-display-r2
  • android-vts-8.1_r5
  • android-cts-8.1_r8
  • android-cts-8.0_r12
  • android-cts-7.1_r20
  • android-cts-7.0_r24
  • android-o-mr1-iot-release-1.0.3
  • android-cts-9.0_r1
  • android-8.1.0_r43
  • android-8.1.0_r42
  • android-n-iot-release-smart-display
  • android-p-preview-5
  • android-9.0.0_r3
40 results
Search by author
  • Any Author
  • Werner Sembach Matombo
  • dex dex dex
2 authors
  1. Dec 29, 2016
  3. Dec 28, 2016
    • Ashutosh Joshi's avatar
      Add sepolicy for contexthub HAL · e8d0bdae
      Ashutosh Joshi authored 
      Adding sepolicty for contexthub service.

Test: GTS tests pass.
Change-Id: I2576b8028d12a31151d7b7869679b853eb16c75e
      e8d0bdae
    • Alex Klyubin's avatar
      Restrict access to Bluetooth system properties · 6e4508e6
      Alex Klyubin authored 
      This removes access to Bluetooth system properties from arbitrary
SELinux domains. Access remains granted to init, bluetooth, and
system_app domains. neverallow rules / CTS enforce that access is not
granted to Zygote and processes spawned from Zygote expcept for
system_app and bluetooth.

The reason is that some of these properties may leak persistent
identifiers not resettable by the user.

Test: Bluetooth pairing and data transfer works
Bug: 33700679
Change-Id: Icdcb3927a423c4011a62942340a498cc1b302472
      6e4508e6
    • Treehugger Robot's avatar
      Merge "SEPolicy changes for BT SAP hal." · 0555222d
      Treehugger Robot authored
      0555222d
  5. Dec 27, 2016
  7. Dec 22, 2016
    • Treehugger Robot's avatar
      Merge "Sepolicy for allocator hal." · b8bb1d4c
      Treehugger Robot authored
      b8bb1d4c
    • Steven Moreland's avatar
      Sepolicy for allocator hal. · 72d18125
      Steven Moreland authored 
      Bug: 32123421
Test: full build/test of allocator hal using hidl_test
Change-Id: I253b4599b6fe6e7f4a2f5f55b34cdeed9e5d769b
      72d18125
    • Alex Klyubin's avatar
      Restrict access to ro.serialno and ro.boot.serialno · 20151072
      Alex Klyubin authored 
      This restricts access to ro.serialno and ro.boot.serialno, the two
system properties which contain the device's serial number, to a
select few SELinux domains which need the access. In particular, this
removes access to these properties from Android apps. Apps can access
the serial number via the public android.os.Build API. System
properties are not public API for apps.

The reason for the restriction is that serial number is a globally
unique identifier which cannot be reset by the user. Thus, it can be
used as a super-cookie by apps. Apps need to wean themselves off of
identifiers not resettable by the user.

Test: Set up fresh GMS device, install some apps via Play, update some apps, use Chrome
Test: Access the device via ADB (ADBD exposes serial number)
Test: Enable MTP over USB, use mtp-detect to confirm that serial number is reported in MTP DeviceInfo
Bug: 31402365
Bug: 33700679
Change-Id: I4713133b8d78dbc63d8272503e80cd2ffd63a2a7
      20151072
    • Mikhail Naganov's avatar
      Allow hal_audio to set scheduling policy for its threads · e91740a5
      Mikhail Naganov authored 
      Audio HAL server needs to set SCHED_FIFO scheduling policy
for its threads that communicate with FastMixer threads of
AudioFlinger that use the same scheduler.

Bug: 30222631
Change-Id: I405a69d097a6bfed455e3483365b27c4004e1063
      e91740a5
  9. Dec 21, 2016
  11. Dec 20, 2016
  13. Dec 19, 2016
    • Nick Kralevich's avatar
      priv_app.te: drop app_data_file:file execute_no_trans; · 8fb4cb8b
      Nick Kralevich authored 
      auditallow (added in commit 758e6b36)
has been in place for about 2 weeks now, and no hits. Remove
execute_no_trans.

The net effect of this change is that priv_apps won't be able to exec()
a file from their home directory, but dlopen() and friends will still
work.

Test: Compiles and boots successfully.
Test: No auditallow messages received via SELinux denial collection.
Change-Id: I60fcdc260d12e1bcc2355ca4dd912de7e6d0a145
      8fb4cb8b
    • Alex Klyubin's avatar
      Clarify what determines precedence rules in seapp_contexts · e392020b
      Alex Klyubin authored 
      Test: It's a comment -- no impact on build
Change-Id: Ibd7ff0dcd9d4c3d526ca20ab35dd4bac70d14f0a
      e392020b
    • Allen Hair's avatar
      Add coverage service. · 2328fec7
      Allen Hair authored 
      Bug: 31077138
Test: Device boots, coverage service works when tested manually.
Change-Id: Ia855cfefd5c25be5d1d8db48908c04b3616b5504
      2328fec7
  15. Dec 17, 2016
  17. Dec 16, 2016