Skip to content
Snippets Groups Projects
  1. Sep 24, 2019
    • Tri Vo's avatar
      Label /product/lib(64)/* as system_lib_file · 1d833eb6
      Tri Vo authored
      Bug: 138545724
      Test: n/a
      
      (cherry picked from commit 3d58603623dd67b181fb965f437c552428c979bc)
      
      Change-Id: I03c2430778f1112679090bb7aad234c907384ea1
      CRs-Fixed: 2491659
      1d833eb6
  2. Sep 13, 2019
    • Roland Levillain's avatar
      Allow dexoptanalyzer to mmap files with Linux 4.14+ that it can already access. · d8a9a493
      Roland Levillain authored
      SELinux has a separate file mmap permission in 4.14+ kernels. Add this
      to dexoptanalyzer(d) in cases where it could already access files (in
      particular, secondary dex files).
      
      Addresses denials of the form:
      
        avc: denied { map } for […] path="/data/data/[…]" […]
        scontext=u:r:dexoptanalyzer:s0 tcontext=u:object_r:app_data_file:s0
      
      (cherry picked from commit c72b7d17310499f6bd6545e0e509fd603045d329)
      
      Test: Reproduce steps in bug 138683603 on a device with a 4.14+ kernel
            and check the absence of SELinux denials
      Bug: 138683603
      
      Change-Id: Ieba53eb431c0ba3914dcb5e5abdae667bd063555
      d8a9a493
  3. Aug 13, 2019
    • Carmen Jackson's avatar
      Allow Traceur to record the suspend_resume trace event · afac97a1
      Carmen Jackson authored
      This should be available in user and userdebug builds.
      
      Bug: 137289935
      Test: Alongside atrace changes, recorded a trace using Traceur and
      verified that the tracepoints were included in the recorded trace in
      both user and userdebug builds.
      
      Change-Id: I6131557bdd0a298be9e75b39759599b189b9b988
      Merged-In: I6131557bdd0a298be9e75b39759599b189b9b988
      afac97a1
  4. Jul 16, 2019
  5. Jul 12, 2019
  6. Jun 28, 2019
    • Sidath Senanayake's avatar
      Allow perfetto to access gpu_frequency tracepoint in user · 9bfaa1c4
      Sidath Senanayake authored
      This will allow Perfetto to capture GPU frequency changes
      on the target, which is useful to graphics developers
      using Perfetto to profile graphics HW usage.
      
      This change also updates the private prebuilt at version
      29.0 to match the update.
      
      Bug: 136062452
      Merged-In: Idb7870b2f674f1359ef3b4487dbeff190b394248
      Change-Id: Ib98ba10d96caa199d7030be3a17148045576a80c
      9bfaa1c4
  7. Jun 27, 2019
    • Todd Kennedy's avatar
      Allow rule to let settings access apex files · 9067699d
      Todd Kennedy authored
      In order to show licensing information, we need to read it from
      an asset stored in the .apex file.
      
      Bug: 135183006
      Test: Manual; settings can access apex files stored on /data
      Change-Id: I71fbde6e295d9c890c9b9b0449e5150834a6680e
      Merged-In: I71fbde6e295d9c890c9b9b0449e5150834a6680e
      9067699d
  8. Jun 19, 2019
    • Pirama Arumuga Nainar's avatar
      In native coverage builds, allow all domains to access /data/misc/trace · b6582464
      Pirama Arumuga Nainar authored
      Bug: http://b/135139675
      
      Coverage files are written to /data/misc/trace (governed by the
      method_trace_data_file selinux type).  Allow all domains to access
      (create directories, access files) this directory when native coverage
      is enabled (by setting NATIVE_COVERAGE to true) in an userdebug or eng
      build.
      
      Also relax neverallow constraints to allow access to
      method_trace_data_file for native coverage builds.
      
      Test: Build 32-bit cuttlefish with coverage:
                m NATIVE_COVERAGE=true COVERAGE_PATHS="*"
            and verify that there are no selinux denials in kernel log and
            logcat.
      
      Change-Id: I3fe7c77612854b9de7de7a0ddd5cbf44a2f5c21e
      (cherry picked from commit ce9c0c5a5fbd3fda8e1fd102d2bf1ca6afebbdf9)
      b6582464
    • Kevin Chyn's avatar
      Add rules to dump hal traces · 6d976f4d
      Kevin Chyn authored
      Test: manual
      Bug: 126802513
      
      Change-Id: If037483f305e161a158e30f6322d5e25b7770952
      6d976f4d
    • Benjamin Schwartz's avatar
      Add power stats HAL to ANR list · 8273f191
      Benjamin Schwartz authored
      Bug: 135111122
      Test: Ran "adb shell am hang" and verified that power.stats HAL
      information is in /data/anr/<anr_file>
      Change-Id: I60a6191626a20c737124033e8ad453fa91425e39
      8273f191
  9. Jun 17, 2019
    • Tao Bao's avatar
      Add persist.sys.theme. · 75182a1e
      Tao Bao authored
      This property will be set by system_server (to indicate the currently
      selected theme for device), and can be accessed by vendor init.rc.
      
      avc:  denied  { read } for property=persist.sys.theme pid=0 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:theme_prop:s0 tclass=file
      
      Bug: 113028175
      Test: Set a vendor init trigger that waits on `persist.sys.theme`. Check
            that the trigger fires without denial.
      Change-Id: Ibb4e392d5059b76059f36f7d11ba82cd65cbe970
      75182a1e
  10. Jun 14, 2019
    • Jeff Vander Stoep's avatar
      system_server_startup: allow SIGCHLD to zygote · e0d9e50c
      Jeff Vander Stoep authored
      avc: denied { sigchld } for comm="main"
      scontext=u:r:system_server_startup:s0 tcontext=u:r:zygote:s0
      tclass=process permissive=0
      
      Test: build
      Bug: 134496658
      Change-Id: I98c106b17ba1740f953c3108bd0fc927c150096f
      (cherry picked from commit 67dc274f87b25b80d507f8ad8263648f5f9a1dd1)
      e0d9e50c
  11. Jun 07, 2019
    • Ryan Savitski's avatar
      userdebug: support perfetto traces as a section in incident reports · 72f247f5
      Ryan Savitski authored
      This set of patches adds a way for the perfetto command line client to
      save a trace to a hardcoded location,
      /data/misc/perfetto-traces/incident-trace, and call into incidentd to
      start a report, which will include said trace in a new section.
      
      This is not a long-term solution, and is structured to minimize changes
      to perfetto and incidentd. The latter is currently architected in a way
      where it can only pull pre-defined information out of the system, so
      we're resorting to persisting the intermediate results in a hardcoded
      location.
      
      This will introduce at most two more linked files at the same time.
      
      Bug: 130543265
      Bug: 134706389
      Tested: manually on crosshatch-userdebug
      Merged-In: I2aa27e25f0209b3a5cdf5d550d0312693932b808
      Change-Id: I2aa27e25f0209b3a5cdf5d550d0312693932b808
      (cherry picked from commit ce3a33ff182ce49cf91091cea553a3003d2c20f6)
      72f247f5
  12. May 29, 2019
  13. May 28, 2019
  14. May 23, 2019
  15. May 21, 2019
    • Tao Bao's avatar
      Add vendor_misc_writer change to API 29 prebuilts. · e6188741
      Tao Bao authored
      This is a matching change for commit 8f39cce7 ("Add
      vendor_misc_writer."), which updates the prebuilts for API 29.
      
      Bug: 132906936
      Test: Build crosshatch that includes misc_writer module. Invoke
            /vendor/bin/misc_writer to write data to /misc.
      Change-Id: Id12a1ed45c8cef6e4039a9dda6a1fb41f9e014de
      e6188741
  16. May 19, 2019
    • Ryan Savitski's avatar
      atrace: debug: allow notifying camera HAL of a change in sysprops · 37f06624
      Ryan Savitski authored
      Similar to aosp/961857, but enables the logging of atrace events from
      the camera HAL (primarily HIDL interactions, but also a couple of ION
      events).
      
      Keeping it confined to userdebug_or_eng. Longer-term planning belongs on
      b/78136428.
      
      Not adding fwk_camera_hwservice, as it is a HIDL interface to
      cameraserver (which is already covered above).
      
      Plus slight reorganization of existing atrace.te contents, and donaudits
      to reduce logspam from denials (including pre-existing ones that were
      hitting the rate limiter).
      
      Specific denials addressed (listing HALs, finding camera HAL, notifying it):
      05-15 18:07:19.684   618   618 E SELinux : avc:  denied  { list } for  scontext=u:r:atrace:s0 tcontext=u:r:hwservicemanager:s0 tclass=hwservice_manager permissive=1
      05-15 18:07:19.701   618   618 E SELinux : avc:  denied  { find } for interface=android.hardware.camera.provider::ICameraProvider sid=u:r:atrace:s0 pid=10137 scontext=u:r:atrace:s0 tcontext=u:object_r:hal_camera_hwservice:s0 tclass=hwservice_manager permissive=1
      05-15 18:07:19.698 10137 10137 I atrace  : type=1400 audit(0.0:273): avc: denied { call } for scontext=u:r:atrace:s0 tcontext=u:r:hal_camera_default:s0 tclass=binder permissive=1
      
      Bug: 130543265
      Tested: flashed blueline-userdebug, took a trace with perfetto, confirmed HIDL atrace slices present in camera hal trace.
      Merged-In: I0f8ce989355603e41d6c05c3de07e7dd615555eb
      Change-Id: I0f8ce989355603e41d6c05c3de07e7dd615555eb
      (cherry picked from commit 19459a38026f89e266a07cbed88a586f95830ca5)
      37f06624
  17. May 16, 2019
    • Ryan Savitski's avatar
      atrace.te: allow notifying cameraserver of a change in sysprops · fb897428
      Ryan Savitski authored
      This allows the atrace cmd to notify cameraserver (the host of
      media.camera service) that the set of tracing-related system properties
      have changed. This allows the cameraserver to notice that it might need
      to enable its trace events.
      
      The atrace cmd has the necessary permission when running as shell, but
      not when it is running as the "atrace" domain (notably when exec'd by
      perfetto's traced_probes).
      
      We're adding cameraserver to the whitelist as it contains important
      events for investigating the camera stack.
      
      Example denial:
      05-14 22:29:43.501  8648  8648 W atrace  : type=1400 audit(0.0:389): avc: denied { call } for scontext=u:r:atrace:s0 tcontext=u:r:cameraserver:s0 tclass=binder permissive=0
      
      Tested: flashed blueline-userdebug, captured a perfetto trace with "camera" atrace category, confirmed that userspace atrace events are included in the trace.
      Bug: 130543265
      Merged-In: Ifd3fd5fd3a737c7618960343b9f89d3bf7141c94
      Change-Id: Ifd3fd5fd3a737c7618960343b9f89d3bf7141c94
      (cherry picked from commit 232295e8dbb25017676e8a68daabc4457addbe31)
      fb897428
  18. May 15, 2019
    • Ian Pedowitz's avatar
      DO NOT SUBMIT: SEPolicy Prebuilts for Q · 869e4905
      Ian Pedowitz authored
      This is a hacked version of ag/7282335 as qt-release is behind qt-dev
      
      Bug: 129943426
      Test: Build
      Change-Id: I5863d433668b90a641d07fdbcd30ed82b28c9c1a
      (cherry picked from commit 8d411adea3eba1e943e45e104113f4efbc3d5d65)
      869e4905
    • Ian Pedowitz's avatar
      SEPolicy Prebuilts for Q · 94b73725
      Ian Pedowitz authored
      Bug: 129943426
      Test: Build
      Change-Id: I3e091652fa8d1757b1f71f7559186d5b32f000d5
      94b73725
Loading