Skip to content
Snippets Groups Projects
Select Git revision
  • android-7.1.2_r28_klist
  • master default protected
  • pie-cts-release
  • pie-vts-release
  • pie-cts-dev
  • oreo-mr1-iot-release
  • sdk-release
  • oreo-m6-s4-release
  • oreo-m4-s12-release
  • pie-release
  • pie-r2-release
  • pie-r2-s1-release
  • oreo-vts-release
  • oreo-cts-release
  • oreo-dev
  • oreo-mr1-dev
  • pie-gsi
  • pie-platform-release
  • pie-dev
  • oreo-cts-dev
  • android-o-mr1-iot-release-1.0.4
  • android-9.0.0_r8
  • android-9.0.0_r7
  • android-9.0.0_r6
  • android-9.0.0_r5
  • android-8.1.0_r46
  • android-8.1.0_r45
  • android-n-iot-release-smart-display-r2
  • android-vts-8.1_r5
  • android-cts-8.1_r8
  • android-cts-8.0_r12
  • android-cts-7.1_r20
  • android-cts-7.0_r24
  • android-o-mr1-iot-release-1.0.3
  • android-cts-9.0_r1
  • android-8.1.0_r43
  • android-8.1.0_r42
  • android-n-iot-release-smart-display
  • android-p-preview-5
  • android-9.0.0_r3
40 results
Search by author
  • Any Author
  • Werner Sembach Matombo
  • dex dex dex
2 authors
  1. Jul 07, 2017
    • Dan Cashman's avatar
      Update 26.0 prebuilts. · 30a29946
      Dan Cashman authored 
      Bug: 37896931
Test: none, just update prebuilt.
Change-Id: Id940d1c2bc46deab1eb49bacebbb41069e2034e4
      30a29946
  3. Jun 22, 2017
  5. Jun 06, 2017
    • Dan Cashman's avatar
      Commit oc-dev sepolicy to prebuilts. · 5c6a227e
      Dan Cashman authored 
      Copy the final system sepolicy from oc-dev to its prebuilt dir
corresponding to its version (26.0) so that we can uprev policy and
start maintaining compatibility files, as well as use it for CTS
tests targeting future platforms.

Bug: 37896931
Test: none, this just copies the old policy.
Change-Id: Ib069d505e42595c467e5d1164fb16fcb0286ab93
      5c6a227e
  7. May 18, 2017
    • Wyatt Riley's avatar
      Removing UDP access for hal_gnss · 799c2349
      Wyatt Riley authored 
      Underlying data services setup no longer needs this

Bug: 35757613
Bug: 36085168
Test: GPS, XTRA & avc denial checks
Change-Id: I679ee70f65f34d5a7d1fc1f1fe92af6a92ec92c5
      799c2349
  9. Mar 21, 2017
    • Jeff Vander Stoep's avatar
      Enforce one HAL per domain. · 84b96a6b
      Jeff Vander Stoep authored 
      HALs are intended to be limited responsibility and thus limited
permission. In order to enforce this, place limitations on:
1. What processes may transition into a HAL - currently only init
2. What methods may be used to transition into a HAL - no using
   seclabel
3. When HALs exec - only allow exec with a domain transition.

Bug: 36376258
Test: Build aosp_marlin, aosp_bullhead, aosp_dragon. Neverallow rules
      are compile time assertions, so building is a sufficient test.

Change-Id: If4df19ced730324cf1079f7a86ceba7c71374131
      84b96a6b
  11. Mar 14, 2017
    • Jeff Vander Stoep's avatar
      Restrict HAL network access to HALS that manage network hardware · f9be765d
      Jeff Vander Stoep authored 
      Only HALs that manage networks need network capabilities and network
sockets.

Test: aosp_marlin and aosp_bullhead policy builds. Note: neverallow
      rules are compile time assertions and do not change the
      on-device policy.
Bug: 36185625

Change-Id: Id64846eac24cf72ed91ce775cecb2c75f11b78df
      f9be765d