Skip to content
Snippets Groups Projects
  1. Jan 25, 2019
    • Jeff Vander Stoep's avatar
      Properly Treble-ize tmpfs access · e16fb910
      Jeff Vander Stoep authored
      This is being done in preparation for the migration from ashmem to
      memfd. In order for tmpfs objects to be usable across the Treble
      boundary, they need to be declared in public policy whereas, they're
      currently all declared in private policy as part of the
      tmpfs_domain() macro. Remove the type declaration from the
      macro, and remove tmpfs_domain() from the init_daemon_domain() macro
      to avoid having to declare the *_tmpfs types for all init launched
      domains. tmpfs is mostly used by apps and the media frameworks.
      
      Bug: 122854450
      Test: Boot Taimen and blueline. Watch videos, make phone calls, browse
      internet, send text, install angry birds...play angry birds, keep
      playing angry birds...
      
      Change-Id: I20a47d2bb22e61b16187015c7bc7ca10accf6358
      e16fb910
  2. Mar 24, 2017
    • Alex Klyubin's avatar
      Vendor domains must not use Binder · f5446eb1
      Alex Klyubin authored
      On PRODUCT_FULL_TREBLE devices, non-vendor domains (except vendor
      apps) are not permitted to use Binder. This commit thus:
      * groups non-vendor domains using the new "coredomain" attribute,
      * adds neverallow rules restricting Binder use to coredomain and
        appdomain only, and
      * temporarily exempts the domains which are currently violating this
        rule from this restriction. These domains are grouped using the new
        "binder_in_vendor_violators" attribute. The attribute is needed
        because the types corresponding to violators are not exposed to the
        public policy where the neverallow rules are.
      
      Test: mmm system/sepolicy
      Test: Device boots, no new denials
      Test: In Chrome, navigate to ip6.me, play a YouTube video
      Test: YouTube: play a video
      Test: Netflix: play a movie
      Test: Google Camera: take a photo, take an HDR+ photo, record video with
            sound, record slow motion video with sound. Confirm videos play
            back fine and with sound.
      Bug: 35870313
      Change-Id: I0cd1a80b60bcbde358ce0f7a47b90f4435a45c95
      f5446eb1
  3. Jan 31, 2017
    • Mark Salyzyn's avatar
      logd: add getEventTag command and service · 384ce662
      Mark Salyzyn authored
      The event log tag service uses /dev/event-log-tags, pstore and
      /data/misc/logd/event-log-tags as sticky storage for the invented
      log tags.
      
      Test: gTest liblog-unit-tests, logd-unit-tests & logcat-unit-tests
      Bug: 31456426
      Change-Id: Iacc8f36f4a716d4da8dca78a4a54600ad2a288dd
      384ce662
    • Mark Salyzyn's avatar
      logd: restrict access to /dev/event-log-tags · d33a9a19
      Mark Salyzyn authored
      Create an event_log_tags_file label and use it for
      /dev/event-log-tags.  Only trusted system log readers are allowed
      direct read access to this file, no write access.  Untrusted domain
      requests lack direct access, and are thus checked for credentials via
      the "plan b" long path socket to the event log tag service.
      
      Test: gTest logd-unit-tests, liblog-unit-tests and logcat-unit-tests
      Bug: 31456426
      Bug: 30566487
      Change-Id: Ib9b71ca225d4436d764c9bc340ff7b1c9c252a9e
      d33a9a19
  4. Dec 20, 2016
    • Mark Salyzyn's avatar
      logcat: introduce split to logd and logpersist domains · da62cb4d
      Mark Salyzyn authored
      - transition to logpersist from init
      - sort some overlapping negative references
      - intention is to allow logpersist to be used by vendor
        userdebug logging
      
      Test: gTest liblog-unit-tests, logd-unit-tests & logcat-unit-tests
      Bug: 30566487
      Change-Id: I7806f5a2548cbe0c1f257a0ba2855f2eb69d8e7c
      da62cb4d
  5. Dec 06, 2016
    • dcashman's avatar
      sepolicy: add version_policy tool and version non-platform policy. · 2e00e637
      dcashman authored
      In order to support platform changes without simultaneous updates from
      non-platform components, the platform and non-platform policies must be
      split.  In order to provide a guarantee that policy written for
      non-platform objects continues to provide the same access, all types
      exposed to non-platform policy are versioned by converting them and the
      policy using them into attributes.
      
      This change performs that split, the subsequent versioning and also
      generates a mapping file to glue the different policy components
      together.
      
      Test: Device boots and runs.
      Bug: 31369363
      Change-Id: Ibfd3eb077bd9b8e2ff3b2e6a0ca87e44d78b1317
      2e00e637
  6. Oct 06, 2016
    • dcashman's avatar
      Split general policy into public and private components. · cc39f637
      dcashman authored
      Divide policy into public and private components.  This is the first
      step in splitting the policy creation for platform and non-platform
      policies.  The policy in the public directory will be exported for use
      in non-platform policy creation.  Backwards compatibility with it will
      be achieved by converting the exported policy into attribute-based
      policy when included as part of the non-platform policy and a mapping
      file will be maintained to be included with the platform policy that
      maps exported attributes of previous versions to the current platform
      version.
      
      Eventually we would like to create a clear interface between the
      platform and non-platform device components so that the exported policy,
      and the need for attributes is minimal.  For now, almost all types and
      avrules are left in public.
      
      Test: Tested by building policy and running on device.
      
      Change-Id: Idef796c9ec169259787c3f9d8f423edf4ce27f8c
      cc39f637
Loading