Skip to content
Snippets Groups Projects
Select Git revision
  • test default
1 result
Search by author
  • Any Author
  • Admin, Lime Admin, Lime lime_admin
  • CodeLinaro CodeLinaro codelinaro
  • CodeLinaro Hoperun CodeLinaro Hoperun hoperun
  • Joshua S. (Stage) Joshua S. (Stage) joshua.sickmeyer
  • Park, Jae Woo Park, Jae Woo jaewpark
5 authors
  1. Dec 15, 2017
  3. Sep 26, 2017
  5. Apr 19, 2017
    • Andreas Gampe's avatar
      Sepolicy: Fix asanwrapper · c848d37d
      Andreas Gampe authored 
      Add asanwrapper support for system server under sanitization.

Bug: 36138508
Test: m && m SANITIZE_TARGET=address SANITIZE_LITE=true
Test: adb root && adb shell setprop wrap.system_server asanwrapper
Change-Id: Id930690d2cfd8334c933e0ec5ac62f88850331d0
      c848d37d
  7. Apr 05, 2017
    • Andreas Gampe's avatar
      Sepolicy: Add ASAN-Extract · 82071b68
      Andreas Gampe authored 
      Add selinux policies for init script and shell script to unzip a tar
containing ASAN libraries on boot.

Bug: 36458146
Test: m && m SANITIZE_TARGET=address
Test: manual (build steps for tar missing)
Change-Id: I5c3cb233aae93ee9985431090af902b0e3c1b0a7
(cherry picked from commit 0b743050)
Merged-In: I5c3cb233aae93ee9985431090af902b0e3c1b0a7
      82071b68
  9. Apr 01, 2017
    • Andreas Gampe's avatar
      Sepolicy: Add ASAN-Extract · 0b743050
      Andreas Gampe authored 
      Add selinux policies for init script and shell script to unzip a tar
containing ASAN libraries on boot.

Bug: 36458146
Test: m && m SANITIZE_TARGET=address
Test: manual (build steps for tar missing)
Change-Id: I5c3cb233aae93ee9985431090af902b0e3c1b0a7
      0b743050
    • Vishwath Mohan's avatar
      Refactor sanitized library on-disk layout - SELinux. · 063de1e0
      Vishwath Mohan authored 
      This CL changes the policy for ASAN files on-disk to support the
changes made by the following CLs -
https://android-review.googlesource.com/#/c/359087/
https://android-review.googlesource.com/#/c/359389/

which refactor the on-disk layout of sanitized libraries in the following
manner -
/data/lib* --> /data/asan/system/lib*
/data/vendor/* --> /data/asan/vendor/*

There are a couple of advantages to this, including better isolation
from other components, and more transparent linker renaming and
SELinux policies.

(cherry picked from commit 33ebdda8)

Bug: 36574794
Bug: 36674745
Test: m -j40 && SANITIZE_TARGET="address" m -j40 and the device
boots. All sanitized libraries are correctly located in /data/asan/*,
and have the right SELinux permissions.

Change-Id: Ib08e360cecc8d77754a768a9af0f7db35d6921a9
      063de1e0
  11. Mar 30, 2017
    • Vishwath Mohan's avatar
      Refactor sanitized library on-disk layout - SELinux. · 33ebdda8
      Vishwath Mohan authored 
      This CL changes the policy for ASAN files on-disk to support the
changes made by the following CLs -
https://android-review.googlesource.com/#/c/359087/
https://android-review.googlesource.com/#/c/359389/

which refactor the on-disk layout of sanitized libraries in the following
manner -
/data/lib* --> /data/asan/system/lib*
/data/vendor/* --> /data/asan/vendor/*

There are a couple of advantages to this, including better isolation
from other components, and more transparent linker renaming and
SELinux policies.

Bug: 36574794
Bug: 36674745
Test: m -j40 && SANITIZE_TARGET="address" m -j40 and the device
boots. All sanitized libraries are correctly located in /data/asan/*,
and have the right SELinux permissions.

Change-Id: Ib08e360cecc8d77754a768a9af0f7db35d6921a9
      33ebdda8
  13. Oct 06, 2016
    • dcashman's avatar
      Split general policy into public and private components. · cc39f637
      dcashman authored 
      Divide policy into public and private components.  This is the first
step in splitting the policy creation for platform and non-platform
policies.  The policy in the public directory will be exported for use
in non-platform policy creation.  Backwards compatibility with it will
be achieved by converting the exported policy into attribute-based
policy when included as part of the non-platform policy and a mapping
file will be maintained to be included with the platform policy that
maps exported attributes of previous versions to the current platform
version.

Eventually we would like to create a clear interface between the
platform and non-platform device components so that the exported policy,
and the need for attributes is minimal.  For now, almost all types and
avrules are left in public.

Test: Tested by building policy and running on device.

Change-Id: Idef796c9ec169259787c3f9d8f423edf4ce27f8c
      cc39f637
  15. May 10, 2016
    • Evgenii Stepanov's avatar
      Add /data/lib64, /data/vendor/lib64 to ASan sepolicy. · 1cfdb12a
      Evgenii Stepanov authored 
      This policy takes effect only when building with
SANITIZE_TARGET=address and allows the Zygote to load libraries from
/data. That's where ASan-instrumented copies of system libraries are
located. 32-bit library directories have been added a while back;
this CL extends the same policy to 64-bit directories.

Bug: 25751174
Bug: 28680288

(cherry picked from commit dda55908)

Change-Id: Ieb4701b78db9649ec8563f2962a69db537ae61b3
      1cfdb12a
  17. Mar 16, 2016
    • Evgenii Stepanov's avatar
      Add /data/lib64, /data/vendor/lib64 to ASan sepolicy. · dda55908
      Evgenii Stepanov authored 
      This policy takes effect only when building with
SANITIZE_TARGET=address and allows the Zygote to load libraries from
/data. That's where ASan-instrumented copies of system libraries are
located. 32-bit library directories have been added a while back;
this CL extends the same policy to 64-bit directories.

Bug: 25751174

Change-Id: Ieb4701b78db9649ec8563f2962a69db537ae61b3
      dda55908
  19. Jul 14, 2015
  21. Jun 13, 2015