Commits · 43397420b98748dcab04d9d10f14d8f590f48ca5 · CodeLinaro / public-release-test / platform / system / sepolicy

Apr 29, 2017
- Merge "Allow mediaserver to access fd allocated by hal_graphics_composer" into oc-dev · 43397420
  Hassan Shojania authored 7 years ago
```
am: 5fe8881b

Change-Id: Iad652a00f3f963668cda1a6c2e2cf79d351a042c
```
  43397420
- Merge "Allow mediaserver to access fd allocated by hal_graphics_composer" into oc-dev · 5fe8881b
  Hassan Shojania authored 7 years ago
  
  5fe8881b
- Merge "allow surfaceflinger to use socket from adbd" into oc-dev · ebcb5806
  Chris Forbes authored 7 years ago
```
am: 8027f979

Change-Id: I51f5c7186619238cb82b04d3db26b961d0c361a4
```
  ebcb5806
- Merge "allow surfaceflinger to use socket from adbd" into oc-dev · 8027f979
  Chris Forbes authored 7 years ago
  
  8027f979
- Merge "Add default label and mapping for vendor services" into oc-dev · ea9d1b1f
  Jeff Vander Stoep authored 7 years ago
```
am: 74a96734

Change-Id: Id1a20ebb9c2bd1dfa6edcb11354bcb3e525e3f04
```
  ea9d1b1f
- Merge "Add default label and mapping for vendor services" into oc-dev · 74a96734
  TreeHugger Robot authored 7 years ago
  
  74a96734
- Merge "untrusted_apps: allow untrusted_apps to execute from /vendor/app" into oc-dev · b525fd0b
  Sandeep Patil authored 7 years ago
```
am: 11772818

Change-Id: Ia8e5462edc9038be7142331cfb524efd4f0e2edf
```
  b525fd0b
- Merge "untrusted_apps: allow untrusted_apps to execute from /vendor/app" into oc-dev · 11772818
  TreeHugger Robot authored 7 years ago
  
  11772818
- Merge "Enable the use of IOmxStore service" into oc-dev · f7e9cee6
  Pawin Vongmasa authored 7 years ago
```
am: d8112255

Change-Id: I2b30d171bbce0013b4f63fd3639747936d6674df
```
  f7e9cee6
- Merge "Enable the use of IOmxStore service" into oc-dev · d8112255
  TreeHugger Robot authored 7 years ago
  
  d8112255
- Sepolicy: Fix new access from the linker for postinstall · 72a8d918
  Andreas Gampe authored 7 years ago
```
am: bddd1893

Change-Id: I9c312bd8203cb859bb5bc6f2604d17bbc812a1a6
```
  72a8d918
- Allow mediaserver to access fd allocated by hal_graphics_composer · a91e3e82
  Hassan Shojania authored 7 years ago
```
Bug:  37713584
Test: With GtsMediaTestCases.apk installed, try:
      adb shell am instrument -w
      -e class 'com.google.android.media.gts.MediaPlayerTest#testLLAMA_H264_BASELINE_240P_800_DOWNLOADED_V0_SYNC'
      'com.google.android.media.gts/android.support.test.runner.AndroidJUnitRunner'

Change-Id: Icc2066e9d9bbc5c020b6d694e9627487771ef35e
```
  a91e3e82
- Sepolicy: Fix new access from the linker for postinstall · bddd1893
  Andreas Gampe authored 7 years ago
```
The linker now requires getattr rights for the filesystem. Otherwise
linking otapreopt and patchoat/dex2oat will fail.

Bug: 37776530
Test: m
Test: manual OTA
Change-Id: I1351fbfa101beca4ba80f84b0dd9dbcabe2c9d39
```
  bddd1893
Apr 28, 2017

Enable the use of IOmxStore service · 98b7f66d

Pawin Vongmasa authored 7 years ago

Test: Manual use of Camera app
Test: lshal shows IOmxStore

Bug: 37657124
Bug: 37726880
Change-Id: I5459d992c2feb14bd26765673864e583d48e3ba4

98b7f66d

allow surfaceflinger to use socket from adbd · 676003cf

Chris Forbes authored 7 years ago

Fixes `adb shell cmd gpu vkjson`, which was previously failing due to
surfaceflinger not being able to use the socket passed to it by adbd.

Bug: b/37157136
Test: run above command, verified on marlin + bullhead
Change-Id: I57fa7e99d5c3dc7bc7d033b83f8ce6032162d7d3

676003cf

untrusted_apps: allow untrusted_apps to execute from /vendor/app · ef7b2109

Sandeep Patil authored 7 years ago


The typical use case is where vendor apps which run as untrusted apps
use libraries that are packaged withing the apk

Bug: 37753883
Test: Tested by runnig pre-installed app that packages a library from
      /vendor/app

Change-Id: I445144e37e49e531f4f43b13f34d6f2e78d7a3cf
Signed-off-by: Sandeep Patil <sspatil@google.com>

ef7b2109

Add default label and mapping for vendor services · 082eae4e

Jeff Vander Stoep authored 7 years ago

Adding the default label/mapping is important because:
1.  Lookups of services without an selinux label should generate
    a denial.
2.  In permissive mode, lookups of a service without a label should be
    be allowed, without the default label service manager disallows
    access.
3.  We can neverallow use of the default label.

Bug: 37762790
Test: Build and flash policy onto Marlin with unlabeled vendor services.
    Add/find of unlabeled vendor services generate a denial.

Change-Id: I66531deedc3f9b79616f5d0681c87ed66aca5b80
(cherry picked from commit 639a2b84)

082eae4e

Sepolicy-Analyze: Plug leak am: ee8b67df am: 4a318ad6 · a1ccbd3d
Andreas Gampe authored 7 years ago
```
am: 4c1385a6

Change-Id: I4da23806c532acfaaa1535ee87b25383a99723d7
```
a1ccbd3d
Sepolicy-Analyze: Plug leak am: ee8b67df · 4c1385a6
Andreas Gampe authored 7 years ago
```
am: 4a318ad6

Change-Id: Iffd30a9cfee48626dc01635877b90ef7a1e8f9b0
```
4c1385a6
Sepolicy-Analyze: Plug leak · 4a318ad6
Andreas Gampe authored 7 years ago
```
am: ee8b67df

Change-Id: Ic2fe390f95f0be43ad39a50366e0300a398aa0ad
```
4a318ad6
Merge "Correct documentation in untrusted_app_all" into oc-dev · 3644d0f5
Nick Kralevich authored 7 years ago
```
am: 89671020

Change-Id: Icbb3d5a87181e65d574007764d69c766d7b31e57
```
3644d0f5
Merge "Correct documentation in untrusted_app_all" into oc-dev · 89671020
Nick Kralevich authored 7 years ago

89671020
Merge "Allow vr_hwc and virtual_touchpad to query for permissions" into oc-dev · c9e21b60
Daniel Nicoara authored 7 years ago
```
am: 22ebf24e

Change-Id: If8dc1ae0d2269cbe70617748fded75b5162780b8
```
c9e21b60
Merge "Allow vr_hwc and virtual_touchpad to query for permissions" into oc-dev · 22ebf24e
Daniel Nicoara authored 7 years ago

22ebf24e

Sepolicy-Analyze: Plug leak · ee8b67df

Andreas Gampe authored 7 years ago

Destroy the policy before exiting (for successful = expected runs).

Bug: 37757759
Test: ASAN_OPTIONS= SANITIZE_HOST=address m
Change-Id: I67e35fbede696ec020a53b69a6cef9f374fae167

ee8b67df

Merge changes Ia9960af9,I6987d60c into oc-dev · d792de48
Ruchi Kandoi authored 7 years ago
```
am: b9d5d5cc

Change-Id: Ie43b0d5ad797501a965ff6f69c37ba619fb5f588
```
d792de48

Apr 27, 2017
- Merge changes Ia9960af9,I6987d60c into oc-dev · b9d5d5cc
  TreeHugger Robot authored 7 years ago
```
* changes:
  NFC HAL no longer violates socket access restrictions
  Remove access to sock_file for hal_nfc
```
  b9d5d5cc
- SELinux configuration for TextClassifier model updates. · f0226fd3
  Abodunrinwa Toki authored 7 years ago
```
am: adfc5db0

Change-Id: Id0f7e56ee0473a2cf8bc04e4d1d02d6fa23d649c
```
  f0226fd3
- SELinux configuration for TextClassifier model updates. · adfc5db0
  Abodunrinwa Toki authored 7 years ago
```
Test: bit FrameworksCoreTests:android.view.textclassifier.TextClassificationManagerTest
Bug: 34780396
Change-Id: I8b98fef913df571e55474ea2529f71750874941c
```
  adfc5db0
- NFC HAL no longer violates socket access restrictions · 688a7667
  Ruchi Kandoi authored 7 years ago
```
Test: compiles
Bug: 37640900
Change-Id: Ia9960af9da880fd130b5fb211a054689e2353f1d
Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com>
```
  688a7667
- Remove access to sock_file for hal_nfc · 468eabb1
  Ruchi Kandoi authored 7 years ago
```
Test: manual
Bug: 37640900
Change-Id: I6987d60c1eb1578134b51f4e7417700fd462ba4d
Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com>
(cherry picked from commit ad41fa8d)
```
  468eabb1
- Merge "Remove access to sock_file for hal_nfc" am: 608969b3 am: 8ad09d93 · fff27185
  Ruchi Kandoi authored 7 years ago
```
am: 3259f98c

Change-Id: I9c4cea46a1b5272974b484eeaa01a87ac41a8bdf
```
  fff27185
- Merge "Remove access to sock_file for hal_nfc" am: 608969b3 · 3259f98c
  Ruchi Kandoi authored 7 years ago
```
am: 8ad09d93

Change-Id: I745c85dd761cc68e0301a7a3fa32b29269c624d2
```
  3259f98c
- Merge "Remove access to sock_file for hal_nfc" · 8ad09d93
  Ruchi Kandoi authored 7 years ago
```
am: 608969b3

Change-Id: I99225c48524600248d3d76a56368dc96da67caa0
```
  8ad09d93
- Merge "Remove access to sock_file for hal_nfc" · 608969b3
  Treehugger Robot authored 7 years ago
  
  608969b3
- Add untrusted_v2_app to all_untrusted_apps am: db5962ce am: eb710332 · bd64d7fb
  Nick Kralevich authored 7 years ago
```
am: 16eb632a

Change-Id: Ifb5f7fd54973cf1de256404344bd8690a4f13c02
```
  bd64d7fb
- Add untrusted_v2_app to all_untrusted_apps am: db5962ce · 16eb632a
  Nick Kralevich authored 7 years ago
```
am: eb710332

Change-Id: I15f27cd755e5a8556e189af50b8bca52f050ad8f
```
  16eb632a
- Add untrusted_v2_app to all_untrusted_apps · eb710332
  Nick Kralevich authored 7 years ago
```
am: db5962ce

Change-Id: I4ce4248dd0f780c1d466a7798a159d854d30a09a
```
  eb710332
Apr 26, 2017

Add untrusted_v2_app to all_untrusted_apps · db5962ce

Nick Kralevich authored 7 years ago

This was accidentally omitted from all_untrusted_app

While I'm here, split across mutiple lines and alphabetize.

Test: policy compiles.
Change-Id: I7fe1d1d0a4ef2ed3ab010931ee2ba15637c2be51

db5962ce

Merge "Allow installd to read vendor_overlay_file" into oc-dev · 59be4ad5
Jaekyun Seok authored 7 years ago
```
am: 9829506c

Change-Id: I7a05cbb58ebbe4d23c9fc13ef429b444301a912e
```
59be4ad5