Skip to content
Snippets Groups Projects
Select Git revision
  • android-7.1.2_r28_klist
  • master default protected
  • pie-cts-release
  • pie-vts-release
  • pie-cts-dev
  • oreo-mr1-iot-release
  • sdk-release
  • oreo-m6-s4-release
  • oreo-m4-s12-release
  • pie-release
  • pie-r2-release
  • pie-r2-s1-release
  • oreo-vts-release
  • oreo-cts-release
  • oreo-dev
  • oreo-mr1-dev
  • pie-gsi
  • pie-platform-release
  • pie-dev
  • oreo-cts-dev
  • android-o-mr1-iot-release-1.0.4
  • android-9.0.0_r8
  • android-9.0.0_r7
  • android-9.0.0_r6
  • android-9.0.0_r5
  • android-8.1.0_r46
  • android-8.1.0_r45
  • android-n-iot-release-smart-display-r2
  • android-vts-8.1_r5
  • android-cts-8.1_r8
  • android-cts-8.0_r12
  • android-cts-7.1_r20
  • android-cts-7.0_r24
  • android-o-mr1-iot-release-1.0.3
  • android-cts-9.0_r1
  • android-8.1.0_r43
  • android-8.1.0_r42
  • android-n-iot-release-smart-display
  • android-p-preview-5
  • android-9.0.0_r3
40 results
Search by author
  • Any Author
  • Werner Sembach Matombo
  • dex dex dex
2 authors
  1. Jan 06, 2017
  3. Jan 05, 2017
    • Alex Klyubin's avatar
      Move priv_app policy to private · 92295ef8
      Alex Klyubin authored 
      This leaves the existence of priv_app domain as public API. All other
rules are implementation details of this domain's policy and are thus
now private.

Test: No change to policy according to sesearch, except for
      disappearance of all allow rules from priv_app_current
      attribute (as expected) except for
      allow priv_app_current update_engine_current:binder transfer;
      which is caused by public update_engine.te rules and will go
      away once update_engine rules go private.
Bug: 31364497

Change-Id: Iea583127fbf0a19c37dd42bf1ef2ae0454793391
      92295ef8
    • Alex Klyubin's avatar
      Move untrusted_app policy to private · fce60d3d
      Alex Klyubin authored 
      This leaves only the existence of untrusted_app domain as public API.
All other rules are implementation details of this domain's policy and
are thus now private.

Test: No change to policy according to sesearch, except for
      disappearance of all allow rules from untrusted_domain_current
      attribute (as expected).
Bug: 31364497

Change-Id: Ief71fa16cfc38437cbe5c58100bba48b9a497c92
      fce60d3d
    • Nick Kralevich's avatar
      Drop auditallow radio net_radio_prop:property_service set; · 030188f3
      Nick Kralevich authored 
      Commit fee49159 introduced the net_radio_prop and system_radio_prop
properties, and added allow rules for backwards compatibility. In
addition, auditallow rules were added to see if the allow rules were
necessary.

The auditallow rules for radio net_radio_prop are triggering, so it's
clear these properties are being set by the radio process. Drop the
auditallow statement.

Test: policy compiles.
Change-Id: I7fa6df18ed4dd4cb8e0c9098373cc28134615330
      030188f3
    • dcashman's avatar
      Split file_contexts for on-device compilation. · d225b697
      dcashman authored 
      
Simulate platform and non-platform split by compiling two different
file_contexts files and loading them together on-device.  Leave the existing
file_contexts.bin in place until we're ready to build images based on the new
files.

Bug: 31363362
Test: Builds and boots without additional denials.
Change-Id: I7248f876e2230cee3b3cbf386422063da1e3dde0

Bring back file_contexts.bin.

Change-Id: Ifec2c363579151080fdec48e8bc46bbbc8c97674
Signed-off-by: default avatarSandeep Patil <sspatil@google.com>
      d225b697
  5. Jan 04, 2017
    • Nick Kralevich's avatar
      untrusted_app: allow access to /proc/tty/drivers · e427a2b2
      Nick Kralevich authored 
      /proc/tty/drivers is read by applications to figure out if they are
running in an emulated environment. Specifically, they look for the
string "goldfish" within that file.

Arguably this is not an Android API, and really shouldn't be exposed to
applications, but:

1) A largish number of applications break if they can't read this file;
2) The information here isn't particularly sensitive

While we could spend a bunch of time trying to get applications fixed,
there are bigger fish to fry. It's not worth the battle.

Test: "ls -laZ /proc/tty/drivers" is labeled properly.
Bug: 33214085
Bug: 33814662
Bug: 33791054
Bug: 33211769
Bug: 26813932
Change-Id: Icc05bdc1c917547a6dca7d76636a1009369bde49
      e427a2b2
  7. Jan 03, 2017
  9. Dec 29, 2016
  11. Dec 28, 2016
    • Ashutosh Joshi's avatar
      Add sepolicy for contexthub HAL · e8d0bdae
      Ashutosh Joshi authored 
      Adding sepolicty for contexthub service.

Test: GTS tests pass.
Change-Id: I2576b8028d12a31151d7b7869679b853eb16c75e
      e8d0bdae
    • Richard Uhler's avatar
      Remove option for non-pic dex preopt. · c5c3abc6
      Richard Uhler authored 
      Test: make checkbuild, aosp_bullhead-userdebug boots.
Bug: 33192586

Change-Id: I386df8b6c04fb162f79a4409801ce3e882026ea8
      c5c3abc6
    • Alex Klyubin's avatar
      Restrict access to Bluetooth system properties · 6e4508e6
      Alex Klyubin authored 
      This removes access to Bluetooth system properties from arbitrary
SELinux domains. Access remains granted to init, bluetooth, and
system_app domains. neverallow rules / CTS enforce that access is not
granted to Zygote and processes spawned from Zygote expcept for
system_app and bluetooth.

The reason is that some of these properties may leak persistent
identifiers not resettable by the user.

Test: Bluetooth pairing and data transfer works
Bug: 33700679
Change-Id: Icdcb3927a423c4011a62942340a498cc1b302472
      6e4508e6
    • Treehugger Robot's avatar
      Merge "SEPolicy changes for BT SAP hal." · 0555222d
      Treehugger Robot authored
      0555222d
  13. Dec 27, 2016
  15. Dec 22, 2016
    • Treehugger Robot's avatar
      Merge "Sepolicy for allocator hal." · b8bb1d4c
      Treehugger Robot authored
      b8bb1d4c
    • Steven Moreland's avatar
      Sepolicy for allocator hal. · 72d18125
      Steven Moreland authored 
      Bug: 32123421
Test: full build/test of allocator hal using hidl_test
Change-Id: I253b4599b6fe6e7f4a2f5f55b34cdeed9e5d769b
      72d18125
    • Alex Klyubin's avatar
      Restrict access to ro.serialno and ro.boot.serialno · 20151072
      Alex Klyubin authored 
      This restricts access to ro.serialno and ro.boot.serialno, the two
system properties which contain the device's serial number, to a
select few SELinux domains which need the access. In particular, this
removes access to these properties from Android apps. Apps can access
the serial number via the public android.os.Build API. System
properties are not public API for apps.

The reason for the restriction is that serial number is a globally
unique identifier which cannot be reset by the user. Thus, it can be
used as a super-cookie by apps. Apps need to wean themselves off of
identifiers not resettable by the user.

Test: Set up fresh GMS device, install some apps via Play, update some apps, use Chrome
Test: Access the device via ADB (ADBD exposes serial number)
Test: Enable MTP over USB, use mtp-detect to confirm that serial number is reported in MTP DeviceInfo
Bug: 31402365
Bug: 33700679
Change-Id: I4713133b8d78dbc63d8272503e80cd2ffd63a2a7
      20151072
    • Mikhail Naganov's avatar
      Allow hal_audio to set scheduling policy for its threads · e91740a5
      Mikhail Naganov authored 
      Audio HAL server needs to set SCHED_FIFO scheduling policy
for its threads that communicate with FastMixer threads of
AudioFlinger that use the same scheduler.

Bug: 30222631
Change-Id: I405a69d097a6bfed455e3483365b27c4004e1063
      e91740a5