Skip to content
Snippets Groups Projects
Select Git revision
1 result
Search by author
  • Any Author
  • Admin, Lime Admin, Lime lime_admin
  • CodeLinaro CodeLinaro codelinaro
  • CodeLinaro Hoperun CodeLinaro Hoperun hoperun
  • Joshua S. (Stage) Joshua S. (Stage) joshua.sickmeyer
  • Park, Jae Woo Park, Jae Woo jaewpark
5 authors
  1. Oct 25, 2019
  3. Sep 30, 2019
  5. Sep 24, 2019
    • Tri Vo's avatar
      Label /product/lib(64)/* as system_lib_file · 1d833eb6
      Tri Vo authored 
      Bug: 138545724
Test: n/a

(cherry picked from commit 3d58603623dd67b181fb965f437c552428c979bc)

Change-Id: I03c2430778f1112679090bb7aad234c907384ea1
CRs-Fixed: 2491659
      1d833eb6
  7. Aug 27, 2019
  9. Aug 20, 2019
  11. Aug 12, 2019
    • ji, zhenlong z's avatar
      sepolicy: Allow apps to get info from priv_app by ashmem · 05f6da55
      ji, zhenlong z authored 
      This is used to address a CTS testcase failure. This CTS
testcase need to access the content of Contact, some data
from ContactProvider is transfered through ashmem.

Currently ashmem is backed by the tmpfs filesystem, ContactProvider
in android run as a priv_app, so the file context of the ashmem
created by ContactProvider is priv_app_tmpfs. CTS runs as an
untrusted_app, need to be granted the read permission to the
priv_app_tmpfs files.

RESTRICT AUTOMERGE

Bug: 117961216

[Android Version]:
android_p_mr0_r0

[Kernel Version]:
4.19.0-rc8

[CTS Version]:
cts-9.0_r1

[Failed Testcase]:
com.android.cts.devicepolicy.ManagedProfileTest#testManagedContactsPolicies

[Error Log]:
11-11 11:15:50.479 12611 12611 W AndroidTestSuit: type=1400 audit(0.0:811):
avc: denied { read } for path=2F6465762F6173686D656D202864656C6574656429
dev="tmpfs" ino=174636 scontext=u:r:untrusted_app:s0:c113,c256,c522,c768
tcontext=u:object_r:priv_app_tmpfs:s0:c522,c768 tclass=file permissive=0

[Test Result With This Patch]:
PASS

(cherry picked from fdfa42bf)

(cherry picked from commit e4ccef0f35a86d5f7ee9732a296bc1864105308c)
CRs-Fixed:2491460
Change-Id: I45efacabe64af36912a53df60ac059889fde1629
      05f6da55
    • Benjamin Gordon's avatar
      sepolicy: Allow apps to read ashmem fds from system_server · 0161c3a2
      Benjamin Gordon authored 
      Kernel commit 8a2af06415ef0fc922162503dd18da0d9be7771f (ashmem: switch
to ->read_iter) switched ashmem from using __vfs_read to vfs_iter_read
to read the backing shmem file.  Prior to this, reading from an ashmem
fd that was passed between processes didn't hit any permission checks;
now SELinux checks that the receiver can read from the creator's file
context.

Some apps receive buffers through ashmem from system_server, e.g., the
settings app reads battery stats from system_server through ashmem when
an app details page is opened.  Restore this ability by giving apps read
access to system_server_tmpfs.  system_server is still responsible for
creating and passing across the ashmem buffers, so this doesn't give
apps the ability to read anything system_server isn't willing to give
them.

Bug: 112987536
Bug: 111381531
Test: atest android.appsecurity.cts.PermissionsHostTest on kernel 4.14
(cherry picked from 360559e7)

(cherry picked from commit 7e799f995abfb2dd2cb8708db3b0042b73476ef3)

CRs-Fixed:2491460

Change-Id: Ice5e25f55bc409e91ad7e8c7ea8b28ae213191a3
      0161c3a2
  13. Aug 08, 2019
  15. Jul 17, 2019
  17. Jul 16, 2019
  19. Jul 09, 2019
  21. Jul 03, 2019
  23. Jul 01, 2019
  25. Jun 29, 2019
  27. Jun 28, 2019
    • Sidath Senanayake's avatar
      Allow perfetto to access gpu_frequency tracepoint in user · 9bfaa1c4
      Sidath Senanayake authored 
      This will allow Perfetto to capture GPU frequency changes
on the target, which is useful to graphics developers
using Perfetto to profile graphics HW usage.

This change also updates the private prebuilt at version
29.0 to match the update.

Bug: 136062452
Merged-In: Idb7870b2f674f1359ef3b4487dbeff190b394248
Change-Id: Ib98ba10d96caa199d7030be3a17148045576a80c
      9bfaa1c4
  29. Jun 27, 2019
    • Todd Kennedy's avatar
      Allow rule to let settings access apex files · 9067699d
      Todd Kennedy authored 
      In order to show licensing information, we need to read it from
an asset stored in the .apex file.

Bug: 135183006
Test: Manual; settings can access apex files stored on /data
Change-Id: I71fbde6e295d9c890c9b9b0449e5150834a6680e
Merged-In: I71fbde6e295d9c890c9b9b0449e5150834a6680e
      9067699d
  31. Jun 26, 2019
  33. Jun 25, 2019
  35. Jun 22, 2019
  37. Jun 21, 2019
  39. Jun 20, 2019
  41. Jun 19, 2019
  43. Jun 17, 2019
    • Hridya Valsaraju's avatar
      Add permission required by libdm_test · 9bb71537
      Hridya Valsaraju authored 
      This CL fixes the following denials during libdm_test
that is part of VTS.

avc: denied { read } for comm="loop1" path=2F6D656D66643A66696C655F32202864656C6574656429
dev="tmpfs" ino=97742 scontext=u:r:kernel:s0 tcontext=u:object_r:appdomain_tmpfs:s0
tclass=file permissive=0
W loop1   : type=1400 audit(0.0:371): avc: denied { read } for
path=2F6D656D66643A66696C655F32202864656C6574656429 dev="tmpfs" ino=97742 scontext=u:r:kernel:s0
tcontext=u:object_r:appdomain_tmpfs:s0 tclass=file permissive=0

Bug: 135004816
Test: adb shell libdm_test
Change-Id: Ifb6d58ee6f032cdf3952a05667aa8696d6e2a2fa
      9bb71537
    • Tao Bao's avatar
      Add persist.sys.theme. · 75182a1e
      Tao Bao authored 
      This property will be set by system_server (to indicate the currently
selected theme for device), and can be accessed by vendor init.rc.

avc:  denied  { read } for property=persist.sys.theme pid=0 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:theme_prop:s0 tclass=file

Bug: 113028175
Test: Set a vendor init trigger that waits on `persist.sys.theme`. Check
      that the trigger fires without denial.
Change-Id: Ibb4e392d5059b76059f36f7d11ba82cd65cbe970
      75182a1e
  45. Jun 16, 2019
  47. Jun 15, 2019
  49. Jun 14, 2019