- May 12, 2018
-
-
Calin Juravle authored
The property is set on builds which profile the boot image. Test: m Bug: 73313191 (cherry-pick form commit d99f4acf) Merged-In: Ie0cd54f23250df02850c38bb14e92d4b1fa04f16 Change-Id: Ie0cd54f23250df02850c38bb14e92d4b1fa04f16
-
- May 09, 2018
-
-
Calin Juravle authored
The goal is to allow creating profile snapshots from the shell command in order to be able to write CTS tests. The system server will dump profiles for debuggable in /data/misc/profman from where they will be pulled and verified by CTS tests. Test: adb shell cmd package snapshot-profile com.android.vending Bug: 74081010 Change-Id: I54690305284b92c0e759538303cb98c93ce92dd5
-
- May 07, 2018
-
-
Jean-Michel Trivi authored
Bug: 71430241 Test: build/flash, grep for "avc: denied { read }" for mediacodec, should be empty on walleye Change-Id: I12e1b11a969d3f979ca0cfbe4ca7db2bc5e46165
-
- May 02, 2018
-
-
Jeff Vander Stoep authored
It's used in build-time tests and in CTS. Bug: 78898770 Test: build user-build Change-Id: I254bf4d7ed0c0cb029b55110ceec982b84e4a91b (cherry picked from commit beeb122405070a5b4cee326a0cdae92a1a791fbc)
-
Josh Gao authored
Bug: http://b/77729983 Test: debuggerd_test Test: adb shell 'for x in `seq 0 50`; do crasher; done' Change-Id: I1d86d04047240a85b2e987116efd9be59607b766 (cherry picked from commit a7bf5810)
-
Andrew Sapperstein authored
vendor-init-settable|public-readable Change-Id: I8262cc03150931080c0982350cd990ee8f5422bc Fixes: 78636965 Test: adb shell getprop ro.oem.key1
-
Pavel Maltsev authored
Bug: 70637118 Test: m && emulator ; also verified on bat_land Change-Id: I39dd17d20acc8d380f36e207679b8b1eba63a72e
-
- May 01, 2018
-
-
Jaekyun Seok authored
The following properties will be whitelisted. - ro.hdmi.device_type, ro.hdmi.wake_on_hotplug and persist.sys.hdmi.keep_awake for hdmi - ro.sf.disable_triple_buffer for SurfaceFlinger - media.stagefright.cache-params and persist.sys.media.avsync for nuplayer Bug: 78205669 Bug: 78430613 Test: succeeded building Change-Id: I5ee1a1de72c265bca87aa041c6acd9554f5f8c07 Merged-In: I5ee1a1de72c265bca87aa041c6acd9554f5f8c07 (cherry picked from commit 18aaaad9)
-
Dongwon Kang authored
Test: pass Multimedia File Compatibility test Test: time to start playing mid file with GPM: ~10s => ~1.2s Bug: 76422052, Bug: 67480585, Bug: 30751071 Change-Id: I4e9824b21dab1dafdcca5824367a7fe39a37e2f7
-
Pavel Maltsev authored
This reverts commit aa38ce72. Reason for revert: broken build Change-Id: Ib6ca328576ef180fd1150ae6d6b3f90e928a07ac
-
Andreas Gampe authored
Grant fsetid as it was done for installd. Suppress write to profile files. (cherry picked from commit 006e160b) Bug: 77958490 Test: m Test: manual Merged-In: I33f47db7c16f0eda41ffdb526cf43f8fa9484c62 Change-Id: I33f47db7c16f0eda41ffdb526cf43f8fa9484c62
-
- Apr 30, 2018
-
-
Calin Juravle authored
When opening the dex files we sometime need to check for the real location of the file (even if it was open via an fd). Denial example: avc: denied { getattr } for comm="profman" path="/data/app" dev="sda13" ino=1048577 scontext=u:r:profman:s0 tcontext=u:object_r:apk_data_file:s0 tclass=dir permissive=0 Test: verify we get no denials when taking a profile snapshot. Bug: 77922323 Change-Id: Ifa5570656c644819d14f46af74e4c15e903a8a54
-
- Apr 29, 2018
-
-
Pavel Maltsev authored
Bug: 70637118 Test: m && emulator ; also verified on bat_land Change-Id: I5d78eaf53f7df32837f113c14786f483955a8ac2
-
- Apr 26, 2018
-
-
- Apr 25, 2018
-
-
Chia-I Wu authored
This allows for more native modes. Bug: 73824924 Test: adb shell setprop persist.sys.sf.native_mode 2 Change-Id: Iffdeadc8dc260de4b0c7f2b46aab08d64d25e3b1 Merged-In: Iffdeadc8dc260de4b0c7f2b46aab08d64d25e3b1
-
- Apr 23, 2018
-
-
Pavel Maltsev authored
Bug: 70637118 Test: build, flash and boot bat_land and owl automotive builds Change-Id: I6db23258de30174d6db09d241e91b08aa5afedef
-
Wei Wang authored
Bug: 77489941 Test: simulate delay in dumpstate HAL and get BR, see below from dumpstate_log.txt dumpstateBoard timed out after 10s, killing dumpstate vendor HAL dumpstateBoard failed: Status(EX_TRANSACTION_FAILED): 'DEAD_OBJECT: ' Change-Id: I90ed5cb8fe8da8ad21ae77676433936cb12d9d04 -
Lalit Maganti authored
This is to fix the CTS failures given by the bugs below where devices where traced is not enabled by default causes test failures. (cherry picked from commit 673b4db7) Bug: 78215159 Bug: 78347829 Change-Id: Ib0f6a1cdb770528dbbeb857368534ff5040e464e
-
- Apr 20, 2018
-
-
Petri Gynther authored
Bug: 63932139 Bug: 76201991 Test: Manual A2DP testing (A2DP offload enabled and disabled) Change-Id: Icebb4a84cf241b3b6bc52e4826fdedd5a73d796a Merged-In: Icebb4a84cf241b3b6bc52e4826fdedd5a73d796a
-
Jeff Vander Stoep authored
avc: denied { getattr } for path="/data" scontext=u:r:vendor_init:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=1 Bug: 78345561 Test: build/boot device. Denial is gone. Change-Id: Ie858f1fe65aeb1845b00a5143c345e81aa2ec632 -
Paul Crowley authored
Bug: 77335096 Test: booted device with metadata encryption and without Change-Id: I5bc5d46deb4e91912725c4887fde0c3a41c9fc91
-
Tianjie Xu authored
Denial message: avc: denied { read } for pid=2775 comm="dumpstate" name="update_engine_log" dev="sda35" ino=3850274 scontext=u:r:dumpstate:s0 tcontext=u:object_r:update_engine_log_data_file:s0 tclass=dir permissive=0 Bug: 78201703 Test: take a bugreport Change-Id: I2c788c1211812aa0fcf58cee37a6e8f955424849 (cherry picked from commit 7d474279)
-
- Apr 19, 2018
-
-
Jaekyun Seok authored
And this CL will remove unnecessary vendor-init exceptions for nfc_prop and radio_prop as well. Bug: 77633703 Test: succeeded building and tested with Pixels Change-Id: I468b8fd907c6408f51419cfb58eb2b8da29118ae Merged-In: I468b8fd907c6408f51419cfb58eb2b8da29118ae (cherry picked from commit 41e42d63)
-
- Apr 17, 2018
-
-
Tom Cherry authored
FBE needs to access these files to set up or verify encryption for directories during mkdir. Bug: 77850279 Test: walleye + more restrictions continues to have FBE work Change-Id: I84e201436ce4531d36d1257d932c3e2e772ea05e
-
Mark Salyzyn authored
The out-of-tree keychord driver is only intended for use by init. Test: build Bug: 64114943 Bug: 78174219 Change-Id: I96a7fbcd9a54a38625063606f5c4ab6d40d701f6
-
Suren Baghdasaryan authored
Allow lmkd read access to /proc/meminfo for retrieving information on memory state. Bug: 75322373 Change-Id: I7cf685813a5a49893c8f9a6ac4b5f6619f3c18aa Merged-In: I7cf685813a5a49893c8f9a6ac4b5f6619f3c18aa Signed-off-by:
Suren Baghdasaryan <surenb@google.com> (cherry picked from commit 76384b3e)
-
- Apr 16, 2018
-
-
Joel Galenson authored
After adding a new user, deleting it, and rebooting, some of the user's data still remained. This adds the SELinux permissions necessary to remove all of the data. It fixes the followign denials: avc: denied { rmdir } for scontext=u:r:vold_prepare_subdirs:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir avc: denied { unlink } for scontext=u:r:vold_prepare_subdirs:s0 tcontext=u:object_r:system_data_file:s0 tclass=file Bug: 74866238 Test: Create user, delete user, reboot user, see no denials or leftover data. Change-Id: Ibc43bd2552b388a9708bf781b5ad206f21df62dc (cherry picked from commit 254a872c) -
Jaekyun Seok authored
dumpstate needs to read all the system properties for debugging. Bug: 77277669 Test: succeeded building and tested with taimen Change-Id: I3603854b3be67d4fc55d74f7925a21bfa59c81ee Merged-In: I3603854b3be67d4fc55d74f7925a21bfa59c81ee (cherry picked from commit 4de238e9)
-
Jeff Sharkey authored
We're adding support for OEMs to ship exFAT, which behaves identical to vfat. Some rules have been manually enumerating labels related to these "public" volumes, so unify them all behind "sdcard_type". Test: atest Bug: 67822822 Change-Id: I09157fd1fc666ec5d98082c6e2cefce7c8d3ae56
-
Tri Vo authored
Bug: 64905218 Test: device boots with /mnt/vendor present and selinux label mnt_vendor_file applied correctly. Change-Id: Ib34e2859948019d237cf2fe8f71845ef2533ae27
-
Jeff Vander Stoep authored
Tombstoned unlinks "trace_XX" files if there are too many of them. avc: denied { unlink } for comm="tombstoned" name="trace_12" scontext=u:r:tombstoned:s0 tcontext=u:object_r:anr_data_file:s0 tclass=file Bug: 77970585 Test: Build/boot taimen. adb root; sigquit an app. (cherry picked from commit eb8f938f) Change-Id: I2f29d12f747d688f8f4e06b48cf72c5109adc2ae
-
- Apr 13, 2018
-
-
Tom Cherry authored
Vendors may use this to write custom messages to their bootloader, and as the bootloader is under vendor control, this makes sense to allow. Bug: 77881566 Test: build Merged-In: I78f80400e5f386cad1327a9209ee1afc8e334e56 Change-Id: I78f80400e5f386cad1327a9209ee1afc8e334e56 (cherry picked from commit db465285)
-
Jaekyun Seok authored
Values of the following properties are set by SoC vendors on some devices including Pixels. - persist.bluetooth.a2dp_offload.cap - persist.bluetooth.a2dp_offload.enable - persist.vendor.bluetooth.a2dp_offload.enable - ro.bt.bdaddr_path - wlan.driver.status So they should be whitelisted for compatibility. Bug: 77633703 Test: succeeded building and tested with Pixels Change-Id: Ib2b81bcc1fd70ddd571dc7fb2b923b576d62b7d5 Merged-In: Ib2b81bcc1fd70ddd571dc7fb2b923b576d62b7d5 (cherry picked from commit 224921d1)
-
- Apr 12, 2018
-
-
Florian Mayer authored
Denials: 04-12 12:42:47.795 903 903 W traced_probes: type=1400 audit(0.0:5684): avc: denied { search } for name="1376" dev="proc" ino=204553 scontext=u:r:traced_probes:s0 tcontext=u:r:untrusted_app_27:s0:c512,c768 tclass=dir permissive=0 04-12 12:42:47.795 903 903 W traced_probes: type=1400 audit(0.0:5685): avc: denied { search } for name="1402" dev="proc" ino=204554 scontext=u:r:traced_probes:s0 tcontext=u:r:platform_app:s0:c512,c768 tclass=dir permissive=0 04-12 12:42:47.801 903 903 W traced_probes: type=1400 audit(0.0:5686): avc: denied { search } for name="1496" dev="proc" ino=204557 scontext=u:r:traced_probes:s0 tcontext=u:r:untrusted_app:s0:c85,c256,c512,c768 tclass=dir permissive=0 04-12 12:42:47.805 903 903 W traced_probes: type=1400 audit(0.0:5687): avc: denied { search } for name="1758" dev="proc" ino=204563 scontext=u:r:traced_probes:s0 tcontext=u:r:priv_app:s0:c512,c768 tclass=dir permissive=0 Bug: 77955286 Change-Id: If0985d3ddd7d14c2b139be1c842c9c8df99b90db
-
- Apr 11, 2018
-
-
Jaekyun Seok authored
Bug: 75987246 Test: succeeded builing and tested with taimen Change-Id: I2d8bc91c305e665ed9c69459e51204117afb3eee
-
Joel Galenson authored
We have seen crash_dump denials for radio_data_file, shared_relro_file, shell_data_file, and vendor_app_file. This commit widens an existing dontaudit to include them as well as others that we might see. Bug: 77908066 Test: Boot device. Change-Id: I9ad2a2dafa8e73b13c08d0cc6886274a7c0e3bac (cherry picked from commit a3b3bdbb)
-
Joel Galenson authored
We often see the following denials: avc: denied { sys_rawio } for comm="update_engine" capability=17 scontext=u:r:update_engine:s0 tcontext=u:r:update_engine:s0 tclass=capability permissive=0 avc: denied { sys_rawio } for comm="boot@1.0-servic" capability=17 scontext=u:r:hal_bootctl_default:s0 tcontext=u:r:hal_bootctl_default:s0 tclass=capability permissive=0 These are benign, so we are hiding them. Bug: 37778617 Test: Boot device. Change-Id: Iac196653933d79aa9cdeef7670076f0efc97b44a (cherry picked from commit bf4afae1)
-
- Apr 06, 2018
-
-
Yifan Hong authored
This is originally allowed in healthd but the permission was not transfered to health HAL. A typical health HAL implementation is likely to write battery info to kernel logs. Test: device has battery kernel logs with health HAL but without healthd Bug: 77661605 Change-Id: Ib3b5d3fe6bdb3df2a240c85f9d27b863153805d2 -
Alan Stokes authored
cgroupfs doesn't allow files to be created, so this can't be needed. Also remove redundant neverallow and dontaudit rules. These are now more broadly handled by domain.te. Bug: 74182216 Test: Denials remain silenced. Change-Id: If7eb0e59f567695d987272a2fd36dbc251516e9f
-
