Age | Commit message (Collapse) | Author |
|
[WIP] It would be better to find a regex to capture all variants
Bug: 203136531
Signed-off-by: Steve Pfetsch <spfetsch@google.com>
Change-Id: I6a3d438b611223d30bc472a3f283d6e016e14479
|
|
Bug: 187654303
Bug: 187795940
Bug: 198755236
Test: twoshay works on B5, R4, B3, P7; reflector works on O6
Change-Id: I04b98c3b42e886b1900150c175318095e559fa25
Merged-In: I04b98c3b42e886b1900150c175318095e559fa25
|
|
Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/15615939
Change-Id: If9496eaefe99eb977f95fe7ab0781c73848601fb
|
|
Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/15615939
Change-Id: Ie72f1cb2264010cb6f2322e84d49b8747709bd50
|
|
Bug: 196058977
Test: Check ownership of smp_affinity handles
Change-Id: Idf2235882ba4eb714edc4634e32acce86fc92585
|
|
8071c23842
Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/15583518
Change-Id: I70c4b38e90bbdfcf2c6ee6d625434003f28f2025
|
|
Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/15583518
Change-Id: I4288e2383379d084c007677db9c0f0051dd506fe
|
|
The following patch introduces code that iterates over all block
devices:
https://android-review.googlesource.com/c/platform/system/core/+/1783847/9
The following patch grants 'init' and 'apexd' permission to iterate over
all block devices:
https://android-review.googlesource.com/c/platform/system/sepolicy/+/1783947
The above SELinux policy change requires to add the 'bdev_type'
attribute to all block devices. Hence this patch.
Bug: 194450129
Test: Built Android images and installed these on a test device.
Change-Id: Ie76b00aa51e696508b9471dbd34f96dad5aa3240
Signed-off-by: Bart Van Assche <bvanassche@google.com>
|
|
Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/15445355
Change-Id: I3670751a5827df678f6daa3c134790e3186b8ccc
|
|
Bug: 194730972
Signed-off-by: Oleg Matcovschi <omatcovschi@google.com>
Change-Id: Iec80b0b9e0a99875dcae478a5e63d94caae86767
|
|
Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/15422191
Change-Id: I6b084357d3b8be0847954cbb59302a678bc2b0ae
|
|
system_server also creates UI sometimes.
Ex: ANR Dialog, the Pointer Location in developer options.
Bug: 194775170
Test: build and enable Pointer Location debug option
Merged-In: Ife50e90d2899623d8a482ca79ae7c74aafae9a49
Change-Id: Ife50e90d2899623d8a482ca79ae7c74aafae9a49
|
|
Bug: 192901277
Test: build pass, no avc logs
Signed-off-by: chasewu <chasewu@google.com>
Change-Id: Ia75db8ec3c3cd52b23118da5f638055209563595
|
|
Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/15311533
Change-Id: I608637e96433a725662f79264618de1bb074eb17
|
|
Bug: 191531000
Test: TreeHugger, built and booted to home, check factory cgroup
Change-Id: Id9faa3b4b9662f23dc56d8bd3a027aaeb6315fa5
|
|
Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/15171196
Change-Id: Id322857f562fe9853ae3dab0deea2f5e8aa15147
|
|
Bug 177481425 requires a dedicated file type for fscontext to mount
fusefs. To reduce code changes difference between sc-dev and master,
create file_type 'ramdump_vendor_fs' for both as base. Later it will be
revised to 'fusefs_type' on master branch only.
Bug: 177481425
Merged-In: I6bd07933e4a24835c3ad3b7afb8c9619651bff18
Change-Id: I6bd07933e4a24835c3ad3b7afb8c9619651bff18
|
|
Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/15105325
Change-Id: I769efade03d6d021bc8e660b9840ae97e84d5ffd
|
|
Bug: 191925901
Test: Build
Signed-off-by: Wei Wang <wvw@google.com>
Change-Id: I68126a1e1ae6193c85f6e0d9baf92a83023f436f
|
|
Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/14934442
Change-Id: Ibef8fac35db9ada218ee7b4eb6e2dd586679d262
|
|
Bug: 190571517
Bug: 189938926
Bug: 190732106
Signed-off-by: Martin Liu <liumartin@google.com>
Change-Id: Id5c39f45b0dd88e4c7c972fa60f416c715d6f34d
Merged-In: Id5c39f45b0dd88e4c7c972fa60f416c715d6f34d
|
|
Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/14491664
Change-Id: I01e5f99c48e1018a83e5aeb190301b862cd054b1
|
|
If needed, the initialization must be done from dumpstate HAL instead.
Test: build
Bug: 186500818
Change-Id: Ib38878acffb472f89ff54747f070a949feab0130
|
|
Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/14660575
Change-Id: Ic5cf8ccc1d0a78b849c02b8f39b61add3dc2fefb
|
|
Bug: 188728065
Change-Id: Icdbea8dcd84bfe25105c16027d5e32958bd1f31b
|
|
Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/14603580
Change-Id: I841ca2b8ec67c7179a386b4555076fa34071b079
|
|
|
|
Add policies to allow vibrator HAL to search on audio_device dir.
Bug: 178431048
Test: manually verify audio-coupled-haptics is working for Pixel
ringtones on P21 devices
Change-Id: If9e8833dcbe50024587347abbea3bbb978a08a76
|
|
Add rebalance_interrupts sepolicy to allow
rebalance_interrupts to modify smp_affinity for IRQs.
Example denials w/o this:
[ 43.144107] type=1400 audit(1621271039.800:58): avc: denied { read } for comm="rebalance_inter" name="irq" dev="sysfs" ino=15875 scontext=u:r:rebalance_interrupts_vendor:s0 tcontext=u:object_r:sysfs_irq:s0 tclass=dir permissive=1
[ 43.144306] type=1400 audit(1621271039.800:59): avc: denied { open } for comm="rebalance_inter" path="/sys/kernel/irq" dev="sysfs" ino=15875 scontext=u:r:rebalance_interrupts_vendor:s0 tcontext=u:object_r:sysfs_irq:s0 tclass=dir permissive=1
[ 43.144452] type=1400 audit(1621271039.800:60): avc: denied { search } for comm="rebalance_inter" name="irq" dev="sysfs" ino=15875 scontext=u:r:rebalance_interrupts_vendor:s0 tcontext=u:object_r:sysfs_irq:s0 tclass=dir permissive=1
[ 43.159532] type=1400 audit(1621271039.816:61): avc: denied { search } for comm="rebalance_inter" name="irq" dev="proc" ino=4026531868 scontext=u:r:rebalance_interrupts_vendor:s0 tcontext=u:object_r:proc_irq:s0 tclass=dir permissive=1
Bug: 148403062
Change-Id: I0cf7e163d8436f428a53bbb96ff2949753004ac1
|
|
Add policies to allow access to audio devices required for audio haptics
channel.
Bug: 178431048
Test: manually verify audio-coupled-haptics is working for Pixel
ringtones on P21 devices
Change-Id: I8e481ba65b5a713bcc2e25fdf4727ad68ba7f721
|
|
Now that these statistics have been moved to sysfs and b/185589010 is
fixed, remove these permission.
Test: build
Bug: 186500818
Change-Id: I2860564b3fe3710d85a104e4907a515d6beb8eca
|
|
This commit include 2 changes:
1. Remove Qcom platform rule to generalize the rule in pixel-sepolicy
2. Add tcpdump rule for Pixel Logger to access tcpdump folder
Bug: 186069127
Test: Pixel Logger app can start sniffer logger
Change-Id: I171a773fe658384d5ccb163ff1d6686a2665c808
|
|
|
|
|
|
Bug: 179459878
Change-Id: I7b32b49d3eafaceda1ef494bc2ef2a2e5feffd26
|
|
5c75973039 am: 0ff4e5096e am: 753bd0744a
Original change: https://android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/1680045
Change-Id: I2851d5158c260a819e03caecde710dacd5ac95ac
|
|
5c75973039 am: 0ff4e5096e
Original change: https://android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/1680045
Change-Id: I33e46b006ea21f6a410dc131781722da36e9eb25
|
|
Original change: https://android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/1680045
Change-Id: I43f460c8f02ccfbba11aaf5f055ce1cab4edff10
|
|
The IStats HIDL service is still in use in rvc-qpr-dev-plus-aosp branch
Since the sepolicy located at AOSP is shared betweed sc-dev and
other branches - need to keep allow rules for the AIDL & HIDL version
Bug: 185607559
Test: Build, flash, and logcat for sepolicies messages
Change-Id: I5437178feff7efdab25423ec7e63a8d8e9312c29
|
|
|
|
Bug: 184610991
Test: Service and HAL can init properly from rc
Signed-off-by: Tai Kuo <taikuo@google.com>
Change-Id: I9d72f564688f56f7415d7398b032df375d86e37c
|
|
|
|
This reverts commit 6f660acb3f43dd5e994a5b8e226fa64d2bc3f2a5.
Reason for revert: http://b/185462725
Change-Id: Iea1ba0835a684721789cd068c87a13b1d56aa847
|
|
am: a08704c2c4 am: c1baf4906d -s ours
am skip reason: skip tag Change-Id I8a3da90860a32b8f883d2769d195fdfb48627127 with SHA-1 726f7b060a is already in history
Original change: https://android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/1675959
Change-Id: Iefccc4db2255f53db5774d21a13629212549b032
|
|
Original change: https://android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/1675959
Change-Id: I1e0443e33e9d15e67a3c0bbc72e87c83f2feb708
|
|
Original change: https://android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/1675959
Change-Id: I10e7ed93b57d0d21df443185663be8762e501dbc
|
|
Bug: 185440155
Bug: 185480917
Test: Build, flash, and logcat for sepolicies messages
Change-Id: Ia0dfe5c9e50a18993cf075eb1ee198f78fb2b839
Merged-In: I8a3da90860a32b8f883d2769d195fdfb48627127
|
|
Bug: 185440155
Test: Build, flash, and logcat for sepolicies messages
Change-Id: I8a3da90860a32b8f883d2769d195fdfb48627127
|
|
|
|
|