Skip to content
Snippets Groups Projects
Select Git revision
0 results
Search by author
  • Any Author
0 authors
  1. Apr 21, 2017
    • Chia-I Wu's avatar
      Allow dumping hal_graphics_composer_server and fix watchdog · e4d21465
      Chia-I Wu authored 
      Bug: 37152880
Bug: 37554633
Test: adb shell am hang --allow-restart
Test: adb shell dumpstate
Change-Id: Ie68607f3e3245a40056bdde7dd810ddf212b4295
      e4d21465
    • Alex Klyubin's avatar
      Merge "Grant dumpstate hwservermanager list permission" into oc-dev · 8d567da2
      Alex Klyubin authored
      8d567da2
    • Alex Klyubin's avatar
      Merge "Restrict access to hwservicemanager" into oc-dev · 7dace9ae
      Alex Klyubin authored
      7dace9ae
    • TreeHugger Robot's avatar
      Merge "Fix build time warning" into oc-dev · 5b8e9f55
      TreeHugger Robot authored
      5b8e9f55
    • TreeHugger Robot's avatar
      Merge "Let shell and bugreport read logging related properties." into oc-dev · 97903c05
      TreeHugger Robot authored
      97903c05
    • Alex Klyubin's avatar
      Grant dumpstate hwservermanager list permission · 09423b50
      Alex Klyubin authored 
      This lets dumpstate obtain the list of currently registered HwBinder
services.

Test: adb bugreport -- no denials to do with dumpstate access to
      hwservicemanager list functionality.
Bug: 37554633

Change-Id: I95512168948ca45a0dd830c20922e3c776ffaf41
      09423b50
    • Alex Klyubin's avatar
      Restrict access to hwservicemanager · 53656c17
      Alex Klyubin authored 
      This adds fine-grained policy about who can register and find which
HwBinder services in hwservicemanager.

Test: Play movie in Netflix and Google Play Movies
Test: Play video in YouTube app and YouTube web page
Test: In Google Camera app, take photo (HDR+ and conventional),
      record video (slow motion and normal), and check that photos
      look fine and videos play back with sound.
Test: Cast screen to a Google Cast device
Test: Get location fix in Google Maps
Test: Make and receive a phone call, check that sound works both ways
      and that disconnecting the call frome either end works fine.
Test: Run RsHelloCompute RenderScript demo app
Test: Run fast subset of media CTS tests:
      make and install CtsMediaTestCases.apk
      adb shell am instrument -e size small \
          -w 'android.media.cts/android.support.test.runner.AndroidJUnitRunner'
Test: Play music using Google Play music
Test: Adjust screen brightness via the slider in Quick Settings
Test: adb bugreport
Test: Enroll in fingerprint screen unlock, unlock screen using
      fingerprint
Test: Apply OTA update:
      Make some visible change, e.g., rename Settings app.
      make otatools && \
      make dist
      Ensure device has network connectivity
      ota_call.py -s <serial here> --file out/dist/sailfish-ota-*.zip
      Confirm the change is now live on the device
Bug: 34454312
(cherry picked from commit 632bc494)
Merged-In: Iecf74000e6c68f01299667486f3c767912c076d3
Change-Id: I7a9a487beaf6f30c52ce08e04d415624da49dd31
      53656c17
    • Jeff Vander Stoep's avatar
      Fix build time warning · 2db1cd48
      Jeff Vander Stoep authored 
      Fixes warning:
system/sepolicy/public/install_recovery.te:14:WARNING 'unrecognized character' at token ''' on line 13335:
allow install_recovery vendor_file:file { { getattr open read ioctl lock } { getattr execute execute_no_trans } };'

Bug: 37105075
Test: Fugu policy builds without this warning.
Change-Id: I8f417c51a816f3983a918c7e36dd804c5b85543f
      2db1cd48
    • Chia-I Wu's avatar
      Merge "dumpstate is a client of graphics allocator" into oc-dev · 4d294e66
      Chia-I Wu authored
      4d294e66
    • Pavel Grafov's avatar
      Let shell and bugreport read logging related properties. · a283ac71
      Pavel Grafov authored 
      Currently ro.device_owner and persist.logd.security aren't accessible
without root, so "adb shell getprop" returns empty reply which is
confusing. Also these properties aren't seen from bugreport unless
their change happened recently.

Bug: 37053313
Test: manual, took bugreport and ran getprop after "adb unroot".
Change-Id: Id41cdabc282f2ebcdfc0ac7fe9df756322a0863d
      a283ac71
  3. Apr 20, 2017
  5. Apr 19, 2017
  7. Apr 18, 2017
    • Carmen Jackson's avatar
      Merge "Add selinux rules for additional file contexts in userdebug" into oc-dev · 557d1916
      Carmen Jackson authored
      557d1916
    • Carmen Jackson's avatar
      Add selinux rules for additional file contexts in userdebug · 25788df1
      Carmen Jackson authored 
      These rules allow the additional tracepoints we need for running traceur
in userdebug builds to be writeable.

Bug: 37110010
Test: I'm testing by running atrace -l and confirming that the
tracepoints that I'm attempting to enable are available.

Change-Id: Ia352100ed67819ae5acca2aad803fa392d8b80fd
      25788df1
    • Dan Cashman's avatar
      Remove vndservice_manager object classes. · 2f1c7ba7
      Dan Cashman authored 
      vndservicemanager is a copy of servicemanager, and so has the exact
same properties.  This should be reflected in the sharing of an object
manager in SELinux policy, rather than creating a second one, which is
effectively an attempt at namespacing based on object rather than type
labels.  hwservicemanager, however, provides different and additional
functionality that may be reflected in changed permissions, though they
currently map to the existing servicemanager permissions.  Keep the new
hwservice_manager object manager but remove the vndservice_manager one.

Bug: 34454312
Bug: 36052864
Test: policy builds and device boots.
Change-Id: I9e0c2757be4026101e32ba780f1fa67130cfa14e
      2f1c7ba7
    • Alex Klyubin's avatar
      surfaceflinger and apps are clients of Configstore HAL · 75ca4832
      Alex Klyubin authored 
      This commit marks surfaceflinger and app domain (except isolated_app)
as clients of Configstore HAL. This cleans up the policy and will make
it easier to restrict access to HwBinder services later.

Test: Play YouTube clip in YouTube app and YouTube web page in Chrome
Test: Take an HDR+ photo, a normal photo, a video, and slow motion
      video in Google Camera app. Check that photos show up fine and
      that videos play back with sound.
Test: Play movie using Google Play Movies
Test: Google Maps app displays the Android's correct location
Bug: 34454312
Change-Id: I0f468a4289132f4eaacfb1d13ce4e61604c2a371
      75ca4832
  9. Apr 17, 2017
    • Alex Klyubin's avatar
      Apps and system_server are gralloc HAL clients · 5007c10a
      Alex Klyubin authored 
      This commit marks system_server and app domains (except isolated_app)
as clients of Graphics Allocator HAL. This makes the policy cleaner
and prepares ground for restricting access to HwBinder services.

Test: Play video in YouTube app and in Google Chrome YouTube web page
Test: Using Google Camera app, take an HDR+ photo, a conventional
      photo, record a video with sound and a slow motion video with
      sound, then check that photos look good and videos play back
      fine, including sound.
Bug: 34454312
Change-Id: Iea04d38fa5520432f06af94570fa6ce16ed7979a
      5007c10a
    • TreeHugger Robot's avatar
      Merge "Allow mediadrmserver to call mediacodec." into oc-dev · 0d1b2ce1
      TreeHugger Robot authored
      0d1b2ce1
  11. Apr 16, 2017
  13. Apr 15, 2017