Commits · d8b864cb4106e951f570fcc6a11f0d217abc3408 · Werner Sembach / AndroidSystemSEPolicy

Nov 22, 2017

Revert "Move platform/vendor data violations to device policy" · d8b864cb

Michael Wright authored 7 years ago

This reverts commit ba2130a8.

Test: lunch elfin-userdebug && m -j
Change-Id: I83e8a37cac97e2f994fd2defb94888ec73b41f3b

d8b864cb

Merge "Label /vendor/priv-app as vendor_app_file" am: 5086506a am: 07d9f7e0 · 04489c6e
Jiyong Park authored 7 years ago
```
am: 7fdcf323

Change-Id: Ie897222e6b3fd0ef04dd253e17a65646f399c6af
```
04489c6e
Merge "Label /vendor/priv-app as vendor_app_file" am: 5086506a · 7fdcf323
Jiyong Park authored 7 years ago
```
am: 07d9f7e0

Change-Id: Ide0eeeffeee3e6081e2f46f04eb837cdc50ab643
```
7fdcf323
Merge "Label /vendor/priv-app as vendor_app_file" · 07d9f7e0
Jiyong Park authored 7 years ago
```
am: 5086506a

Change-Id: Icf4ba89621620ac7c624dc1d680bf61f807e163e
```
07d9f7e0
Merge "Label /vendor/priv-app as vendor_app_file" · 5086506a
Treehugger Robot authored 7 years ago

5086506a
Fix CTS regressions am: 6a28b68d am: 7dc46564 · 6828bb1d
Jeff Vander Stoep authored 7 years ago
```
am: d5931d97

Change-Id: Ic4eb8ed411864915d479c8a520a14119c818f196
```
6828bb1d
Fix CTS regressions am: 6a28b68d · d5931d97
Jeff Vander Stoep authored 7 years ago
```
am: 7dc46564

Change-Id: I104adbce8a2392377b18f1ffc24d591724d5d3db
```
d5931d97
Fix CTS regressions · 7dc46564
Jeff Vander Stoep authored 7 years ago
```
am: 6a28b68d

Change-Id: I774787b48c0b5f6f20313ee6f9c8062db4072e84
```
7dc46564
Merge "Move platform/vendor data violations to device policy" · 69420280
Jeffrey Vander Stoep authored 7 years ago

69420280

Fix CTS regressions · 6a28b68d

Jeff Vander Stoep authored 7 years ago

Commit 7688161c "hal_*_(client|server) => hal(client|server)domain"
added neverallow rules on hal_*_client attributes while simultaneously
expanding these attribute which causes them to fail CTS neverallow
tests. Remove these neverallow rules as they do not impose specific
security properties that we want to enforce.

Modify Other neverallow failures which were imposed on hal_foo
attributes and should have been enforced on hal_foo_server attributes
instead.

Bug: 69566734
Test: cts-tradefed run cts -m CtsSecurityHostTestCases -t \
    android.cts.security.SELinuxNeverallowRulesTest

    CtsSecurityHostTestCases completed in 7s. 627 passed, 1 failed
    remaining failure appears to be caused by b/68133473
Test: build taimen-user/userdebug

Change-Id: I619e71529e078235ed30dc06c60e6e448310fdbc

6a28b68d

Label /vendor/priv-app as vendor_app_file · 76311578

Jiyong Park authored 7 years ago

In P, we will be supporting privileged apps in vendor partition, thus
need to label /vendor/priv-app as vendor_app_file so that apps can exist
under the dir.

Bug: 35301609
Test: N/A since there is no /vendor/priv-app yet. Framework change
which is currently in the internal is required.

Change-Id: I86a765ef9da5267113e64a7cbb38ba0abf5c2835

76311578

Merge "Clean up old file-based OTA SELinux rules" am: 4fbbd147 am: 5a30dc36 · 6edd55d4
Nick Kralevich authored 7 years ago
```
am: da071ea1

Change-Id: I6b400fd0996c103c98bb6f6c00c6ef58cd83d566
```
6edd55d4
Merge "Clean up old file-based OTA SELinux rules" am: 4fbbd147 · da071ea1
Nick Kralevich authored 7 years ago
```
am: 5a30dc36

Change-Id: I5e5a7d55814a03d9e4cd8da851856be2bbbb14f0
```
da071ea1
Merge "Clean up old file-based OTA SELinux rules" · 5a30dc36
Nick Kralevich authored 7 years ago
```
am: 4fbbd147

Change-Id: I304c54a480b150a8c910f268ccf84869dfb7e3f5
```
5a30dc36
Merge "Clean up old file-based OTA SELinux rules" · 4fbbd147
Treehugger Robot authored 7 years ago

4fbbd147

Nov 21, 2017

Merge "Add support for updated HW composer interface" am: 0629dedc am: 4fb7f127 · c6a4cf19
Courtney Goeltzenleuchter authored 7 years ago
```
am: c151962e

Change-Id: I819cbfdc586651c5f7ba64aedb6a66432ad174da
```
c6a4cf19
Merge "Add support for updated HW composer interface" am: 0629dedc · c151962e
Courtney Goeltzenleuchter authored 7 years ago
```
am: 4fb7f127

Change-Id: Id5194fd7303fbc43d9139fd56d438b66805f3ab4
```
c151962e
Merge "Add support for updated HW composer interface" · 4fb7f127
Courtney Goeltzenleuchter authored 7 years ago
```
am: 0629dedc

Change-Id: I576b7b98ba147c97a992ea3c65239060c4cec51e
```
4fb7f127
Merge "Add support for updated HW composer interface" · 0629dedc
Courtney Goeltzenleuchter authored 7 years ago

0629dedc

Clean up old file-based OTA SELinux rules · 73885755

Nick Kralevich authored 7 years ago

Remove a number of SELinux rules which were required to support file
based OTA. After this, we can have a much stronger assertion that files
on /system are immutable. Tighten up the neverallow rules at the same
time.

Bug: 35853185
Bug: 15575013
Test: adb reboot recovery && adb sideload [file]
Change-Id: I4238d17808bed6a81f47e14eb1797496c07642e2

73885755

Merge "Prepare treble_sepolicy_tests for inclusion in CTS" am: 18cb4dae am: 54242ffa · f3d30273
Jeffrey Vander Stoep authored 7 years ago
```
am: 5b295d30

Change-Id: I0f18c8fd43bfbce55c883f35ef27499c840e0ca0
```
f3d30273
Merge "Prepare treble_sepolicy_tests for inclusion in CTS" am: 18cb4dae · 5b295d30
Jeffrey Vander Stoep authored 7 years ago
```
am: 54242ffa

Change-Id: I3879dd096cddf7dbf8e3a83b2a708ed14ff334b5
```
5b295d30
Merge "Prepare treble_sepolicy_tests for inclusion in CTS" · 54242ffa
Jeffrey Vander Stoep authored 7 years ago
```
am: 18cb4dae

Change-Id: Ibbaef489e45195aa105b6df09bb7378481ab2d06
```
54242ffa
Merge "Prepare treble_sepolicy_tests for inclusion in CTS" · 18cb4dae
Jeffrey Vander Stoep authored 7 years ago

18cb4dae
Revert "Fix CTS regressions" am: cd69bebf am: 51aba79e · 45f7f00c
Jeffrey Vander Stoep authored 7 years ago
```
am: 7a1af958

Change-Id: I19c63133e7ecf5dbbb9feeac9efc72d627448af2
```
45f7f00c
Revert "Fix CTS regressions" am: cd69bebf · 7a1af958
Jeffrey Vander Stoep authored 7 years ago
```
am: 51aba79e

Change-Id: If96c3cc3609531b26fd08eeccfd270c0aaf9400c
```
7a1af958
Revert "Fix CTS regressions" · 51aba79e
Jeffrey Vander Stoep authored 7 years ago
```
am: cd69bebf

Change-Id: I6f3c20144c971d5040ee325e8bc0e9cff70085a0
```
51aba79e

Revert "Fix CTS regressions" · cd69bebf

Jeffrey Vander Stoep authored 7 years ago

This reverts commit ed876a5e.

Fixes user builds.
libsepol.report_failure: neverallow on line 513 of system/sepolicy/public/domain.te (or line 9149 of policy.conf) violated by allow update_verifier misc_block_device:blk_file { ioctl read write lock append open }; 
libsepol.check_assertions: 1 neverallow failures occurred 
Error while expanding policy
Bug: 69566734
Test: build taimen-user
Change-Id: I969b7539dce547f020918ddc3e17208fc98385c4

cd69bebf

Fix CTS regressions am: ed876a5e am: c76a25c1 · 989f6b0e
Jeff Vander Stoep authored 7 years ago
```
am: 32663d46

Change-Id: I17de5133481362dc5d8d102745c31fc8b0e797cd
```
989f6b0e
Fix CTS regressions am: ed876a5e · 32663d46
Jeff Vander Stoep authored 7 years ago
```
am: c76a25c1

Change-Id: Id19c777177f6fa76ced96986017aa83000bca002
```
32663d46
Fix CTS regressions · c76a25c1
Jeff Vander Stoep authored 7 years ago
```
am: ed876a5e

Change-Id: Ic41e1b997968acfd68ade6e9b9901a4dd9b8d2d2
```
c76a25c1

Fix CTS regressions · ed876a5e

Jeff Vander Stoep authored 7 years ago

Commit 7688161c "hal_*_(client|server) => hal(client|server)domain"
added neverallow rules on hal_*_client attributes while simultaneously
expanding these attribute which causes them to fail CTS neverallow
tests. Remove these neverallow rules as they do not impose specific
security properties that we want to enforce.

Modify Other neverallow failures which were imposed on hal_foo
attributes and should have been enforced on hal_foo_server attributes
instead.

Bug: 69566734
Test: cts-tradefed run cts -m CtsSecurityHostTestCases -t \
    android.cts.security.SELinuxNeverallowRulesTest

    CtsSecurityHostTestCases completed in 7s. 627 passed, 1 failed
    remaining failure appears to be caused by b/68133473
Change-Id: I83dcb33c3a057f126428f88a90b95f3f129d9f0e

ed876a5e

Merge "sepolicy: Add rules for non-init namespaces" am: b9ea282c am: d41e6161 · 65214c68
Benjamin Gordon authored 7 years ago
```
am: 44957a90

Change-Id: I363639d2cdf70b1772da3d6c7f7c814554063dfc
```
65214c68
Merge "sepolicy: Add rules for non-init namespaces" am: b9ea282c · 44957a90
Benjamin Gordon authored 7 years ago
```
am: d41e6161

Change-Id: I334e4579f1ca0543a2f98b60537afa4325d3ab6f
```
44957a90
Merge "sepolicy: Add rules for non-init namespaces" · d41e6161
Benjamin Gordon authored 7 years ago
```
am: b9ea282c

Change-Id: I77676d7adb39747b9195489ef83d72e57cdb3b59
```
d41e6161
Merge "sepolicy: Add rules for non-init namespaces" · b9ea282c
Benjamin Gordon authored 7 years ago

b9ea282c
Add support for updated HW composer interface · 68f24388
Courtney Goeltzenleuchter authored 7 years ago
```
Test: build
Bug: 63710530
Change-Id: I85cddfaf3ec004165040935f8723e9eed0ef7900
```
68f24388
Merge "Remove tracking bugs that have been resolved" am: 11c5700f am: 246b8071 · ecc0f22f
Jeff Vander Stoep authored 7 years ago
```
am: 496f9461

Change-Id: I9b2548e2116deac8960b57878b41ad14aea05523
```
ecc0f22f
Merge "Remove tracking bugs that have been resolved" am: 11c5700f · 496f9461
Jeff Vander Stoep authored 7 years ago
```
am: 246b8071

Change-Id: I24fc854f684cc19a2af7fef367970f6dd7be6d3b
```
496f9461
Merge "Remove tracking bugs that have been resolved" · 246b8071
Jeff Vander Stoep authored 7 years ago
```
am: 11c5700f

Change-Id: I10a19ad706d053e1a7a8e9f5d07d7c30aad0a053
```
246b8071